 |
 |
Hi Bockjoo, Thank you for reporting this problem and sorry for the late response. Indeed there used to be a bug until 5.3.1 in the VectorRead implementation that made it not workable with TLS. It has been fixed in 5.4.0 in the following patch: https://github.com/xrootd/xrootd/commit/38180cc51af29b7209b1d4af2820c8ce3bf133b0 <https://github.com/xrootd/xrootd/commit/38180cc51af29b7209b1d4af2820c8ce3bf133b0> Cheers, Michal > On 9 Feb 2022, at 16:55, Bockjoo Kim <[log in to unmask]> wrote: > > I built the xrootd out of xrootd github to use it as the CMSSW_12_3_0_pre4 external. > With this one, CMSSW reading an xrootd file worked fine with the x509 and the token. > So 5.3.1 has the problem with TLS. > > Bockjoo > > On 2/8/22 14:34, Bockjoo Kim wrote: >> Hi, >> >> I am testing the CMS framework, CMSSW_12_3_0_pre4, with the xrootd 5.3.1 as the external library. >> >> When I configured tls in the xrootd server like so: >> >> xrd.tls /etc/grid-security/xrd/xrdcert.pem /etc/grid-security/xrd/xrdkey.pem >> xrd.tlsca certdir /etc/grid-security/certificates >> xrootd.tls capable all >> sec.protocol /usr/lib64 ztn >> >> to test token with the CMSSW_12_3_0_pre4, the x509 authorization also gets stuck in the readv (Vector Read) of the root file on the xrootd server: >> >> %MSG-w XrdAdaptorInternal: AfterFile 08-Feb-2022 12:51:22 EST pre-events >> Bockjoo readv IOPosBuffer before readv_result.first.get() 0 >> %MSG >> [2022-02-08 12:54:23.117531 -0500][Error ][XRootD ][2571135] [cmsio2.rc.ufl.edu:1094] Unable to get the response to request kXR_readv (handle: 0x00000000, chunks: 2, total size: 224380) >> >> So, I can not even test the token. >> >> If I turn off the TLS configuration in the xrootd server, reading the root file on the xrootd server works fine with the x509 authorization. >> >> By the way xrdcp from xrootd 5.3.1 in the CMSSW_12_3_0_pre4 works without the readv issue with the TLS configuration on the server: >> >> [bockjoo@cms runAnalysis]$ which xrdcp >> /opt/cms/services/aaa/CMSSWTokenTest/CMSSW_12_3_0_pre3/external/slc7_amd64_gcc10/bin/xrdcp >> [bockjoo@cms runAnalysis]$ xrdcp -d 1 -f root://cmsio2.rc.ufl.edu//store/mc/RunIIAutumn18MiniAOD/ZToMuMu_NNPDF31_13TeV-powheg_M_4500_6000/MINIAODSIM/102X_upgrade2018_realistic_v15-v2/120000/CFAA5B09-4746-594F-9B1C-5F415F673C4E_Florida.root /dev/null >> [2022-02-08 14:31:42.233334 -0500][Info ][AsyncSock ] [cmsio2.rc.ufl.edu:1094.0] TLS hand-shake done. >> [144MB/378.8MB][ 38%][===================> ][144MB/s][378.8MB/378.8MB][100%][==================================================][378.8MB/s] [2022-02-08 14:31:43.488218 -0500][Error ][PostMaster ] Unable to get transport handler for file protocol >> [378.8MB/378.8MB][100%][==================================================][378.8MB/s] >> >> Will xrootd 5.4 client help with the issue with the TLS configured xrootd server? >> >> Why is the readv behaving differently with the TLS configuration? >> >> Thanks, >> >> Bockjoo >> >> >> On 1/13/22 15:33, Bockjoo Kim wrote: >>> Hi, >>> >>> I am testing a token that I requested. >>> >>> How do I send a token using the xrdcp command or any xrd* command? >>> >>> Thanks, >>> >>> Bockjoo >>> >> ######################################################################## >> Use REPLY-ALL to reply to list >> >> To unsubscribe from the XROOTD-L list, click the following link: >> https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-L&A=1 > > ######################################################################## > Use REPLY-ALL to reply to list > > To unsubscribe from the XROOTD-L list, click the following link: > https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-L&A=1 ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-L list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-L&A=1