 |
 |
Ciao, a small update. With the invaluable help of CERN IT (Michal Simon, Elvin Alin Sindrilaru, Panos Paparrigopoulos, Luca Mascetti, Fabrizio Furano + others I might be forgetting) we were able to find and compile a tsocks version (from Debian), and indeed now we can use xrdcp over a ssh -D socks connection and preloading tsocks. So there is nothing in XrootD preventing the mechanism to work. ciao ciao tom On Wed, Aug 5, 2020 at 9:25 AM Tommaso Boccali <[log in to unmask]> wrote: > > a small correction: the "failing" xrootd connection is indeed > > xrdcp -d 3 root:// stormgf1.pi.infn.it//store/mc/SAM/GenericTTbar/AODSIM/CMSSW_9_0_0_90X_mcRun1_realistic_v4-v1/10000/28B9D1FB-8B31-E711-AA4E-0025905B85B2.root . > > from inside the tsocks I can open the connection > > telnet stormgf1.pi.infn.it 1094 > Trying 193.205.76.72... > Connected to stormgf1.pi.infn.it. > Escape character is '^]'. > > but xrdcp still says > > [2020-08-05 09:24:19.816284 +0200][Debug ][PostMaster ] [ stormgf1.pi.infn.it:1094] Found 1 address(es): [::ffff:193.205.76.72]:1094 > [2020-08-05 09:24:19.816563 +0200][Debug ][AsyncSock ] [ stormgf1.pi.infn.it:1094 #0.0] Attempting connection to [::ffff:193.205.76.72]:1094 > [2020-08-05 09:24:19.817298 +0200][Debug ][Poller ] Adding socket 0x15eac50 to the poller > [2020-08-05 09:24:19.817925 +0200][Debug ][AsyncSock ] [ stormgf1.pi.infn.it:1094 #0.0] Async connection call returned > [2020-08-05 09:24:19.818836 +0200][Debug ][XRootDTransport ] [ stormgf1.pi.infn.it:1094 #0.0] Sending out the initial hand shake + kXR_protocol > [2020-08-05 09:24:19.819392 +0200][Dump ][AsyncSock ] [ stormgf1.pi.infn.it:1094 #0.0] Wrote a message: (0xcc000a00), 44 bytes > [2020-08-05 09:24:19.820072 +0200][Error ][AsyncSock ] [ stormgf1.pi.infn.it:1094 #0.0] Socket error while handshaking: [ERROR] Socket error > [2020-08-05 09:24:19.820170 +0200][Debug ][AsyncSock ] [ stormgf1.pi.infn.it:1094 #0.0] Closing the socket > > On Tue, Aug 4, 2020 at 4:47 PM Tommaso Boccali <[log in to unmask]> wrote: >> >> >> Ciao. >> >> In order to try and find a (user allowed) way to overcome network limitations in HPC sites, we were trying to use tsocks. In this way, we can ~ establish a VPN without the need to be root or such. >> >> The system used "ssh -D" (today) or "openconnect" (tomorrow) to establish the connection, and it seems transparent to most (!) of the user commands we tried. >> >> For example, the machine we are on has no connectivity to PISA, but a >> "tsocks ssh [log in to unmask]" (or the bare command with a proper LD_PRELOAD) works just fine. >> >> So, we are confident the basic routing table works (wget is ok, scp is ok, etc etc etc). >> >> BUT: xrdcp does not like it, and a command like >> >> xrdcp -d 3 root:// stormfe1.pi.infn.it//store/mc/SAM/GenericTTbar/AODSIM/CMSSW_9_0_0_90X_mcRun1_realistic_v4-v1/10000/28B9D1FB-8B31-E711-AA4E-0025905B85B2.root . >> >> stops with >> >> [2020-08-04 16:19:56.308921 +0200][Error ][AsyncSock ] [ stormfe1.pi.infn.it:1094 #0.0] Socket error while handshaking: [ERROR] Socket error >> [2020-08-04 16:19:56.309017 +0200][Debug ][AsyncSock ] [ stormfe1.pi.infn.it:1094 #0.0] Closing the socket >> [2020-08-04 16:19:56.309228 +0200][Debug ][Poller ] <[::ffff:127.0.0.1]:30547><--><[::ffff:127.0.0.1]:5555> Removing socket from the poller >> >> >> So question is: is there any trivial reason why XrootD protocol should not be able to route via a tsocks? >> >> thanks a lot >> >> mirko, daniele, tom >> >> -- >> Tommaso Boccali >> INFN Pisa >> >> ________________________________ >> >> Use REPLY-ALL to reply to list >> >> To unsubscribe from the XROOTD-L list, click the following link: >> https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-L&A=1 > > > > -- > Tommaso Boccali > INFN Pisa > > ________________________________ > > Use REPLY-ALL to reply to list > > To unsubscribe from the XROOTD-L list, click the following link: > https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-L&A=1 -- Tommaso Boccali INFN Pisa ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-L list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-L&A=1