Defining a sec protocl that fails but then following it with one that succeeds ends up with xrootd failing initialization:
190807 17:22:08 590 secgsi_InitOpts: *** ------------------------------------------------------------ ***
INFO in xrootd-lcmaps config: XrdLcmaps: Setting LCMAPS config file to /etc/lcmaps.db.
INFO in xrootd-lcmaps config: XrdLcmaps: Setting LCMAPS log level to 0.
INFO in xrootd-lcmaps config: XrdLcmaps: Using LCMAPS policy name xrootd_policy.
lcmaps[590] LOG_ERR: 2019-08-07.17:22:08Z: /etc/lcmaps.db:165: [warning] expecting rule definitions.
lcmaps[590] LOG_ERR: 2019-08-07.17:22:08Z: /etc/lcmaps.db:165: [warning] no rules specified for policy: 'glexec' at line 153.
lcmaps[590] LOG_ERR: 2019-08-07.17:22:08Z: lcmaps.mod-PluginInit(): plugin lcmaps_gums_client.mod not found (arguments: -resourcetype ce -actiontype execute-now -capath /etc/grid-security/certificates -cert /etc/grid-security/hostcert.pem -key /etc/grid-security/hostkey.pem --cert-owner root --endpoint https://yourgums.yourdomain:8443/gums/services/GUMSXACMLAuthorizationServicePort)
lcmaps[590] LOG_ERR: 2019-08-07.17:22:08Z: lcmaps.mod-lcmaps_startPluginManager(): error initializing plugin: lcmaps_gums_client.mod
lcmaps[590] LOG_ERR: 2019-08-07.17:22:08Z: lcmaps_init() error: could not start plugin manager
ERROR in xrootd-lcmaps config: Failed to initialize LCMAPS
190807 17:22:08 590 secgsi_LoadAuthzFun: problems executing 'XrdSecgsiAuthzInit()' (rc: -1)
190807 17:22:08 590 secgsi_Init: Secgsi: ErrError: Authz plug-in could not be loaded: libXrdLcmaps.so
Secgsi: ErrError: Authz plug-in could not be loaded: libXrdLcmaps.so
=====> sec.protocol /usr/lib64 gsi -certdir:/etc/grid-security/certificates -cert:/etc/grid-security/xrd/xrdcert.pem -key:/etc/grid-security/xrd/xrdkey.pem -crl:1 -authzfun:libXrdLcmaps.so -authzfunparms:lcmapscfg=/etc/lcmaps.db,loglevel=0,policy=authorize_only -gmapopt:10 -gmapto:0
This is despite being overwritten in the configuration lateR:
Config continuing with file /etc/xrootd/config.d/50-cms-xcache-authz.cfg ...
Plugin loaded
190807 17:22:08 590 secgsi_InitOpts: *** ------------------------------------------------------------ ***
190807 17:22:08 590 secgsi_InitOpts: Mode: server
190807 17:22:08 590 secgsi_InitOpts: Debug: -1
190807 17:22:08 590 secgsi_InitOpts: CA dir: /etc/grid-security/certificates
190807 17:22:08 590 secgsi_InitOpts: CA verification level: 1
190807 17:22:08 590 secgsi_InitOpts: CRL dir: ,/etc/grid-security/certificates/
190807 17:22:08 590 secgsi_InitOpts: CRL extension: .r0
190807 17:22:08 590 secgsi_InitOpts: CRL check level: 1
190807 17:22:08 590 secgsi_InitOpts: CRL refresh time: 86400
190807 17:22:08 590 secgsi_InitOpts: Certificate: /etc/grid-security/xrd/xrdcert.pem
190807 17:22:08 590 secgsi_InitOpts: Key: /etc/grid-security/xrd/xrdkey.pem
190807 17:22:08 590 secgsi_InitOpts: Proxy delegation option: 0
190807 17:22:08 590 secgsi_InitOpts: GRIDmap file: /etc/grid-security/grid-mapfile
190807 17:22:08 590 secgsi_InitOpts: GRIDmap option: 10
190807 17:22:08 590 secgsi_InitOpts: GRIDmap cache entries expiration (secs): 0
190807 17:22:08 590 secgsi_InitOpts: Authorization function: libXrdLcmaps.so
190807 17:22:08 590 secgsi_InitOpts: Authorization function parms: lcmapscfg=/etc/xrootd/lcmaps.cfg,loglevel=1,no-authz
190807 17:22:08 590 secgsi_InitOpts: Authorization cache entries expiration (secs): -1
190807 17:22:08 590 secgsi_InitOpts: Client proxy availability in XrdSecEntity.endorsement: 0
190807 17:22:08 590 secgsi_InitOpts: VOMS option: 1
190807 17:22:08 590 secgsi_InitOpts: MonInfo option: 0
190807 17:22:08 590 secgsi_InitOpts: Crypto modules: ssl
190807 17:22:08 590 secgsi_InitOpts: Ciphers: aes-128-cbc:bf-cbc:des-ede3-cbc
190807 17:22:08 590 secgsi_InitOpts: MDigests: sha1:md5
190807 17:22:08 590 secgsi_InitOpts: Trusting DNS for hostname checking
190807 17:22:08 590 secgsi_InitOpts: *** ------------------------------------------------------------ ***
INFO in xrootd-lcmaps config: XrdLcmaps: Setting LCMAPS config file to /etc/xrootd/lcmaps.cfg.
INFO in xrootd-lcmaps config: XrdLcmaps: Setting LCMAPS log level to 1.
190807 17:22:08 590 secgsi_LoadAuthzFun: using 'XrdSecgsiAuthzFun()' from libXrdLcmaps.so
=====> sec.protocol /usr/lib64 gsi -certdir:/etc/grid-security/certificates -cert:/etc/grid-security/xrd/xrdcert.pem -key:/etc/grid-security/xrd/xrdkey.pem -crl:1 -authzfun:libXrdLcmaps.so -authzfunparms:lcmapscfg=/etc/xrootd/lcmaps.cfg,loglevel=1,no-authz -gmapopt:10 -gmapto:0
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.
Use REPLY-ALL to reply to list
To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1