LISTSERV 16.5 - XROOTD-L Archives

Dear Bockjoo,

On Sat, Aug 26, 2023 at 04:14:28PM -0400, Bockjoo Kim wrote:
> Hi,
> 
> I am seeing a python XRootD file open issue for the 5.6.1 client with a 
> 5.5.5 server :
> 
> =============================================================
> 
> XRootD Client Versin 5.6.1
> XRootD Server Version v5.5.5
> 
> open(root://cmsio2.rc.ufl.edu:1094//store/mc/SAM/GenericTTbar/AODSIM/CMSSW_9_2_6_91X_mcRun1_realistic_v2-v1/00000/A64CCCF2-5C76-E711-B359-0CC47A78A3F8.root, 
> flags=OpenFlags.READ, timeout=90)
> XRootDStatus.code=110 "[FATAL] TLS error: resource temporarily 
> unavailable: Unable to connect to cmsio2.rc.ufl.edu; error_ssl"
> 
> ---------------------------------------------------------------------------
> ValueError                                Traceback (most recent call last)
> /tmp/ipykernel_4179061/812350213.py in <module>
>       40                           status.message.replace("\n", "")))
>       41                 #pass
> ---> 42             status, data = f.read(offset=0, size=65536, timeout=90)
>       43             if ( not status.ok ):
>       44                 print(("\n%s\nread(offset=0, size=65536, 
> timeout=90)\n" + \
> 
> /opt/cms/services/anaconda3/lib/python3.9/site-packages/XRootD/client/file.py 
> in read(self, offset, size, timeout, callback)
>      124       return XRootDStatus(self.__file.read(offset, size, 
> timeout, callback))
>      125
> --> 126     status, response = self.__file.read(offset, size, timeout)
>      127     return XRootDStatus(status), response
>      128
> 
> ValueError: I/O operation on closed file
> 
> ===============================================================
> 
> Here, XRootD Server is configured with TLS.
> 
> If I remove TLS configuration of the 5.5.5 server, there is no issue.
> 
> If I switch to 5.5.5 client, there is no issue.
> 
> Is this expected?

It may or may not be. When I wrote the patch, I tested several scenarios
(see https://github.com/xrootd/xrootd/pull/2031#issuecomment-1589380486).
The error message that you see is likely caused by a client that cannot
validate the server with TLS (because it does not have the proper CA
certificates installed locally). So I suggest you to try with xrdcp
--notlsok option, or export X509_CERT_DIR=/dev/null to force the client
into not being able to do TLS at all. If the directory /etc/grid-security
exists on your machine, but the client cannot verify the server, and TLS
is enforced, then this behavior is expected. Otherwise, please export
XRD_LOGLEVEL=Dump, re-run the command and send us the output so I can
investigate this issue further. You may also want to install the proper
certificates to let the client validate the server to be able to use
TLS.

Best regards,
-Guilherme

########################################################################
Use REPLY-ALL to reply to list

To unsubscribe from the XROOTD-L list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-L&A=1