dirac-configure problem
140 views
Skip to first unread message
Luisa Arrabito
Sep 1, 2014, 7:46:29 AM9/1/14
to diracgr...@googlegroups.com
Dear all,
We have a user using the CTA instance, having some problem when running dirac-configure.
Here below the output of its commands:
It seems that the error is:
2014-08-20 14:19:31 UTC dirac-configure WARN: Error while handshaking [("Remote certificate hasn't been accepted", 'SSL routines', 'SSL3_READ_BYTES', 'tlsv1 alert unknown ca')]
However it's quite strange, since we had already another user with a certificate issued by the same CA that succeeded to install the DIRAC client.
I've also checked the directory:
/opt/dirac/etc/grid-security/certificates
on the DIRAC server and it seems to be updated.
I'm not sure how to verify that the issuer CA is known, if this is the problem.
Finally, another strange thing is that the user gets 2 different DN when doing:
We have a user using the CTA instance, having some problem when running dirac-configure.
Here below the output of its commands:
$ python dirac-install -V CTA
2014-08-18 19:00:21 UTC dirac-install [NOTICE] Processing installation requirements
2014-08-18
19:00:22 UTC dirac-install [NOTICE] Destination path for installation
is /nfs/farm/g/agis/u01/hughd/software/dirac/versions/v1r21p2_1408388422
2014-08-18 19:00:24 UTC dirac-install [NOTICE] Discovering modules to install
2014-08-18 19:00:24 UTC dirac-install [NOTICE] Installing modules...
2014-08-18 19:00:24 UTC dirac-install [NOTICE] Installing DIRAC:v6r11p4
2014-08-18 19:00:24 UTC dirac-install [NOTICE] Retrieving http://lhcbproject.web.cern.ch/lhcbproject/dist/DIRAC3/installSource/DIRAC-v6r11p4.tar.gz
2014-08-18 19:00:29 UTC dirac-install [NOTICE] Retrieving http://lhcbproject.web.cern.ch/lhcbproject/dist/DIRAC3/installSource/DIRAC-v6r11p4.md5
2014-08-18 19:01:25 UTC dirac-install [NOTICE] Installing CTADIRAC:v1r21p2
2014-08-18 19:01:25 UTC dirac-install [NOTICE] Retrieving http://lappctagw01.in2p3.fr/sites/default/files/public/software/data_management/DIRAC/tars/CTADIRAC-v1r21p2.tar.gz
2014-08-18 19:01:34 UTC dirac-install [NOTICE] Retrieving http://lappctagw01.in2p3.fr/sites/default/files/public/software/data_management/DIRAC/tars/CTADIRAC-v1r21p2.md5
2014-08-18 19:01:57 UTC dirac-install [NOTICE] Deploying scripts...
Scripts will be deployed at /nfs/farm/g/agis/u01/hughd/software/dirac/versions/v1r21p2_1408388422/scripts
Inspecting DIRAC module
Inspecting CTADIRAC module
2014-08-18 19:02:06 UTC dirac-install [NOTICE] Installing client externals...
2014-08-18 19:02:06 UTC dirac-install [NOTICE] Retrieving http://lhcbproject.web.cern.ch/lhcbproject/dist/DIRAC3/installSource/Externals-client-v6r1-Linux_x86_64_glibc-2.12-python26.tar.gz
2014-08-18 19:02:32 UTC dirac-install [NOTICE] Retrieving http://lhcbproject.web.cern.ch/lhcbproject/dist/DIRAC3/installSource/Externals-client-v6r1-Linux_x86_64_glibc-2.12-python26.md5
2014-08-18 19:03:48 UTC dirac-install [NOTICE] Fixing externals paths...
2014-08-18 19:03:53 UTC dirac-install [NOTICE] Running externals post install...
2014-08-18 19:03:53 UTC dirac-install [NOTICE] Retrieving http://lhcbproject.web.cern.ch/lhcbproject/dist/DIRAC3/installSource/../lcgBundles/DIRAC-lcg-2012-02-20-Linux_x86_64_glibc-2.12-python26.tar.gz
2014-08-18
19:04:22 UTC dirac-install [NOTICE] Executing
/nfs/farm/g/agis/u01/hughd/software/dirac/versions/v1r21p2_1408388422/scripts/dirac-fix-mysql-script...
2014-08-18 19:04:30 UTC dirac-install [NOTICE] Creating /nfs/farm/g/agis/u01/hughd/software/dirac/bashrc
2014-08-18 19:04:30 UTC dirac-install [NOTICE] Creating /nfs/farm/g/agis/u01/hughd/software/dirac/cshrc
2014-08-18 19:04:30 UTC dirac-install [NOTICE] Defaults written to defaults-CTA.cfg
2014-08-18
19:04:30 UTC dirac-install [NOTICE] Executing
/nfs/farm/g/agis/u01/hughd/software/dirac/versions/v1r21p2_1408388422/scripts/dirac-externals-requirements...
2014-08-18 19:04:42 UTC dirac-install [NOTICE] CTA properly installed$ dirac-proxy-init -x
Generating proxy...
Enter Certificate password:
Proxy generated:
subject : /DC=com/DC=DigiCert-Grid/O=Open Science Grid/OU=People/CN=Hugh Dickinson 2723/CN=proxy
issuer : /DC=com/DC=DigiCert-Grid/O=Open Science Grid/OU=People/CN=Hugh Dickinson 2723
identity : /DC=com/DC=DigiCert-Grid/O=Open Science Grid/OU=People/CN=Hugh Dickinson 2723
timeleft : 23:59:59
path : /tmp/x509up_u12941
$ dirac-configure -dd defaults-CTA.cfg
2014-08-20
14:19:24 UTC dirac-configure NOTICE: Executing:
/nfs/farm/g/agis/u01/hughd/software/dirac/versions/v1r21p2_1408544047/DIRAC/Core/scripts/dirac-configure.py
-dd defaults-CTA.cfg
2014-08-20
14:19:24 UTC dirac-configure NOTICE: Checking DIRAC installation at
"/nfs/farm/g/agis/u01/hughd/software/dirac/versions/v1r21p2_1408544047"
2014-08-20 14:19:24 UTC dirac-configure VERB: /DIRAC/Setup = CTA
2014-08-20 14:19:24 UTC dirac-configure VERB: /DIRAC/VirtualOrganization = vo.cta.in2p3.fr
2014-08-20 14:19:24 UTC dirac-configure VERB: /DIRAC/Configuration/Servers = dips://dcta-servers.pic.es:9135/Configuration/Server, dips://ccdcta-server01.in2p3.fr:9135/Configuration/Server, dips://dcta-web.pic.es:9135/Configuration/Server, dips://dcta-agents.pic.es:9135/Configuration/Server
2014-08-20 14:19:24 UTC dirac-configure VERB: /DIRAC/Security/UseServerCertificate = no
2014-08-20 14:19:24 UTC dirac-configure VERB: /DIRAC/Security/SkipCAChecks = yes
2014-08-20
14:19:24 UTC dirac-configure WARN: Error while handshaking [("Remote
certificate hasn't been accepted", 'SSL routines', 'SSL3_READ_BYTES',
'tlsv1 alert unknown ca')]
2014-08-20
14:19:25 UTC dirac-configure WARN: Error while handshaking [("Remote
certificate hasn't been accepted", 'SSL routines', 'SSL3_READ_BYTES',
'tlsv1 alert unknown ca')]
2014-08-20
14:19:25 UTC dirac-configure WARN: Error while handshaking [("Remote
certificate hasn't been accepted", 'SSL routines', 'SSL3_READ_BYTES',
'tlsv1 alert unknown ca')]
2014-08-20 14:19:25 UTC dirac-configure WARN: Can't update from server Error while updating from dips://dcta-agents.pic.es:9135/Configuration/Server: Can't connect to dips://dcta-agents.pic.es:9135/Configuration/Server: {'Message': 'Error while handshaking', 'OK': False}
2014-08-20
14:19:26 UTC dirac-configure WARN: Error while handshaking [("Remote
certificate hasn't been accepted", 'SSL routines', 'SSL3_READ_BYTES',
'tlsv1 alert unknown ca')]
2014-08-20
14:19:27 UTC dirac-configure WARN: Error while handshaking [("Remote
certificate hasn't been accepted", 'SSL routines', 'SSL3_READ_BYTES',
'tlsv1 alert unknown ca')]
2014-08-20
14:19:27 UTC dirac-configure WARN: Error while handshaking [("Remote
certificate hasn't been accepted", 'SSL routines', 'SSL3_READ_BYTES',
'tlsv1 alert unknown ca')]
2014-08-20 14:19:27 UTC dirac-configure WARN: Can't update from server Error while updating from dips://ccdcta-server01.in2p3.fr:9135/Configuration/Server: Can't connect to dips://ccdcta-server01.in2p3.fr:9135/Configuration/Server: {'Message': 'Error while handshaking', 'OK': False}
2014-08-20
14:19:28 UTC dirac-configure WARN: Error while handshaking [("Remote
certificate hasn't been accepted", 'SSL routines', 'SSL3_READ_BYTES',
'tlsv1 alert unknown ca')]
2014-08-20
14:19:29 UTC dirac-configure WARN: Error while handshaking [("Remote
certificate hasn't been accepted", 'SSL routines', 'SSL3_READ_BYTES',
'tlsv1 alert unknown ca')]
2014-08-20
14:19:29 UTC dirac-configure WARN: Error while handshaking [("Remote
certificate hasn't been accepted", 'SSL routines', 'SSL3_READ_BYTES',
'tlsv1 alert unknown ca')]
2014-08-20 14:19:29 UTC dirac-configure WARN: Can't update from server Error while updating from dips://dcta-web.pic.es:9135/Configuration/Server: Can't connect to dips://dcta-web.pic.es:9135/Configuration/Server: {'Message': 'Error while handshaking', 'OK': False}
2014-08-20
14:19:30 UTC dirac-configure WARN: Error while handshaking [("Remote
certificate hasn't been accepted", 'SSL routines', 'SSL3_READ_BYTES',
'tlsv1 alert unknown ca')]
2014-08-20
14:19:30 UTC dirac-configure WARN: Error while handshaking [("Remote
certificate hasn't been accepted", 'SSL routines', 'SSL3_READ_BYTES',
'tlsv1 alert unknown ca')]
2014-08-20
14:19:31 UTC dirac-configure WARN: Error while handshaking [("Remote
certificate hasn't been accepted", 'SSL routines', 'SSL3_READ_BYTES',
'tlsv1 alert unknown ca')]
2014-08-20 14:19:31 UTC dirac-configure WARN: Can't update from server Error while updating from dips://dcta-servers.pic.es:9135/Configuration/Server: Can't connect to dips://dcta-servers.pic.es:9135/Configuration/Server: {'Message': 'Error while handshaking', 'OK': False}
2014-08-20
14:19:31 UTC dirac-configure/BundleDelivery INFO: Current hash for
bundle CAs in dir
/nfs/farm/g/agis/u01/hughd/software/dirac/versions/v1r21p2_1408544047/etc/grid-security/certificates
is ''
2014-08-20
14:19:31 UTC dirac-configure/BundleDelivery ERROR: Could not sync dir
Cannot get URL for Framework/BundleDelivery in setup CTA: Option
/DIRAC/Setups/CTA/Framework is not defined
2014-08-20 14:19:31 UTC dirac-configure WARN: Error while handshaking [("Remote certificate hasn't been accepted", 'SSL routines', 'SSL3_READ_BYTES', 'tlsv1 alert unknown ca')]
However it's quite strange, since we had already another user with a certificate issued by the same CA that succeeded to install the DIRAC client.
I've also checked the directory:
/opt/dirac/etc/grid-security/certificates
on the DIRAC server and it seems to be updated.
I'm not sure how to verify that the issuer CA is known, if this is the problem.
Finally, another strange thing is that the user gets 2 different DN when doing:
$ dirac-proxy-init
Generating proxy...
Enter Certificate password:
DN /DC=com/DC=DigiCert-Grid/O=DigiCert Grid/CN=DigiCert Grid Root CA is not registered
and:
$ dirac-proxy-init -x
In the CS the user is registered as:
and:
$ dirac-proxy-init -x
Generating proxy...
Enter Certificate password:
Proxy generated:
subject : /DC=com/DC=DigiCert-Grid/O=Open Science Grid/OU=People/CN=Hugh Dickinson 2723/CN=proxy
issuer : /DC=com/DC=DigiCert-Grid/O=Open Science Grid/OU=People/CN=Hugh Dickinson 2723
identity : /DC=com/DC=DigiCert-Grid/O=Open Science Grid/OU=People/CN=Hugh Dickinson 2723
timeleft : 23:59:59
path : /tmp/x509up_u12941
In the CS the user is registered as:
hughd
{
DN = /DC=com/DC=DigiCert-Grid/O=Open Science Grid/OU=People/CN=Hugh Dickinson 2723
CA = /DC=com/DC=DigiCert-Grid/O=DigiCert Grid/CN=DigiCert Grid CA-1
The same DN is also the one registered in the VOMS server.
I don't know where this inconsistency comes from.
Any idea about this issue?
Thanks in advance,
Luisa
Luisa Arrabito
Sep 1, 2014, 7:52:27 AM9/1/14
to diracgr...@googlegroups.com
One further precision is that user is able to connect to the DIRAC web portal.
Regards,
Luisa
Regards,
Luisa
Reply all
Reply to author
Forward
0 new messages