[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Condor-users] question about GSI authentication



Hi all
I run condor and stork on the same machine(pragma001)
the versions are 
=======================================================================
[lyho@pragma001 etc]$ condor_version 
$CondorVersion: 6.6.9 Mar 10 2005 $
$CondorPlatform: I386-LINUX_RH9 $

[lyho@pragma001 etc]$ stork_version 
$CondorVersion: 6.9.0 Oct 18 2004 TRUNK-PRE-RELEASE stork-0.9.1$
$CondorPlatform: I386-LINUX-RH9 $
=======================================================================

I meet a problem about stork and didn't know how to solve it !

I have tested stork the file-file and file-ftp transfer jobs and both work fine.
but when I test file-gsiftp , it failed.
The stork job :
[
        dap_type = "transfer";
        src_url  = "file:/home/lyho/swissprot";
        dest_url = "gsiftp://rocks-52.sdsc.edu/home/lyho/swissprot";;
]


and resulted in

===========================================================================
Sending request to server <140.109.98.21:34048>
===============
status history:
===============


    [
        dest_url = "gsiftp://rocks-52.sdsc.edu/home/lyho/swissprot";; 
        src_url = "file:/home/lyho/swissprot"; 
        status = "request_rescheduled"; 
        dap_id = 24; 
        use_protocol = 0; 
        dap_type = "transfer"; 
        error_code = "GLOBUS error: "; 
        num_attempts = 3; 
        owner = "lyho@xxxxxxxxxxxxxxxxxx"; 
        timestamp = absTime("2005-05-12T14:31:04+0800")
    ]

===============

=====================================================================


and final
======================================================================
[lyho@pragma001 test]$ stork_status pragma001 24
Sending request to server <140.109.98.21:34048>
===============
status history:
===============


    [
        status = request_failed;
        dap_id = 24; 
        error_code = "GLOBUS error: " ;
        timestamp = absTime("2005-05-12T14:31:15+0800")
    ]

===============

===========================================================================
I have initial my proxy with grid-proxy-init 
and the command is working
================================================================
[lyho@pragma001 test]$ globus-url-copy file:/home/lyho/swissprot
gsiftp://rocks-52.sdsc.edu/home/lyho/swissprot
=================================================================
So far , I didn't set any "SEC_XXXXXX" security entry in condor_config file

so I set

SEC_DEFAULT_AUTHENTICATION = REQUIRED
SEC_DEFAULT_AUTHENTICATION_METHODS = GSI
SEC_CLIENT_AUTHENTICATION_METHODS = GSI

in my condor_config file and reconfig all
and it appears error
=======================================================================
[lyho@pragma001 etc]$ condor_reconfig -all
AUTHENTICATE:1003:Failed to authenticate with any method
AUTHENTICATE:1004:Failed to authenticate using GSI
GSI:5004:Failed to get authorization from server.  Either the server does not
trust your certificate, or you are not in the server's authorization file
(grid-mapfile)
ERROR: can't connect to local collector
Can't find addresses for master's for -all
Perhaps you need to query another pool.

====================================================================

something wrong in MasterLog
--------------------------------------------------------
5/12 20:46:18 DC_AUTHENTICATE: attempt to open invalid session
pragma001:22054:1115901919:139, failing.
---------------------------------------------------------
and the StorkLog file

----------------------------------------------------------
5/12 22:25:55 This process has a valid certificate & key
5/12 22:25:55 AUTHENTICATE: no available authentication methods succeeded,
failing!
5/12 22:25:55 DC_AUTHENTICATE: authenticate failed: AUTHENTICATE:1003:Failed
to authenticate with any method|AUTHENTICATE:1004:Failed to authenticate using
GSI|GSI:5004:Failed to map /C=TW/O=AS/OU=CC/CN=Li-Yung
Ho/Email=liyungho@xxxxxxxxxxxxxxxxxx to a local user.  Check the grid-mapfile.
5/12 22:26:02 This process has a valid certificate & key
5/12 22:26:02 AUTHENTICATE: no available authentication methods succeeded,
failing!
5/12 22:26:02 DC_AUTHENTICATE: authenticate failed: AUTHENTICATE:1003:Failed
to authenticate with any method|AUTHENTICATE:1004:Failed to authenticate using
GSI|GSI:5004:Failed to map /C=TW/O=AS/OU=CC/CN=Li-Yung
Ho/Email=liyungho@xxxxxxxxxxx
 to a local user.  Check the grid-mapfile.
5/12 22:29:37 Got SIGHUP.  Re-reading config files.
5/12 22:29:37 RECONFIGURING ......
5/12 22:29:38 DaemonCore: in SendAliveToParent()
5/12 22:29:38 DaemonCore: attempting to connect to '<140.109.98.21:52393>'
5/12 22:29:38 STORK_TIMEOUT_MULTIPLIER is undefined, using default value of 0
5/12 22:29:38 SEC_DEBUG_PRINT_KEYS is undefined, using default value of False
5/12 22:30:54 AUTHENTICATE_FS: used file /tmp/qmgr_ikxuB4, status: 1
5/12 22:30:54 New Request => 
    [
        dest_url = "gsiftp://rocks-52.sdsc.edu/home/lyho/swissprot";; 
        src_url = "file:/home/lyho/swissprot"; 
        status = "request_received"; 
        dap_id = 24; 
        use_protocol = 0; 
        dap_type = "transfer"; 
        owner = "lyho@xxxxxxxxxxxxxxxxxx"; 
        timestamp = absTime("2005-05-12T14:30:54+0800")
    ]
5/12 22:30:55 Switching to user lyho@xxxxxxxxxxxxxxxxxx, result = 1
5/12 22:30:55 Using user credential 
5/12 22:30:55 Add request 24 to the queue
5/12 22:30:55 ============================
5/12 22:30:55 * Number of jobs running: 1
5/12 22:30:55 ->dap_id:24, pid:5463
5/12 22:30:55 ============================
5/12 22:30:56 DaemonCore: No more children processes to reap.
5/12 22:30:56 Process 5463 terminated with exit status 256 
5/12 22:30:56 Remove request 24 from queue
5/12 22:30:56 ============================
5/12 22:30:56 * Number of jobs running: 0
5/12 22:30:56 ============================
5/12 22:30:56 number of attempts = 0
5/12 22:30:58 Switching to user lyho@xxxxxxxxxxxxxxxxxx, result = 1
5/12 22:30:58 Using user credential 
5/12 22:30:58 Add request 24 to the queue
5/12 22:30:58 ============================
5/12 22:30:58 * Number of jobs running: 1
5/12 22:30:58 ->dap_id:24, pid:5468
5/12 22:30:58 ============================
5/12 22:30:58 Error in parsing the attribute: diffseconds
5/12 22:30:59 DaemonCore: No more children processes to reap.
5/12 22:30:59 Process 5468 terminated with exit status 256 
5/12 22:30:59 Remove request 24 from queue
5/12 22:30:59 ============================
5/12 22:30:59 * Number of jobs running: 0
5/12 22:30:59 ============================
5/12 22:30:59 number of attempts = 1
5/12 22:31:03 Switching to user lyho@xxxxxxxxxxxxxxxxxx, result = 1
5/12 22:31:03 Using user credential 
5/12 22:31:03 Add request 24 to the queue
5/12 22:31:03 ============================
5/12 22:31:03 * Number of jobs running: 1
5/12 22:31:03 ->dap_id:24, pid:5470
5/12 22:31:03 ============================
5/12 22:31:04 DaemonCore: No more children processes to reap.
5/12 22:31:04 Process 5470 terminated with exit status 256 
5/12 22:31:04 Remove request 24 from queue
5/12 22:31:04 ============================
5/12 22:31:04 * Number of jobs running: 0
5/12 22:31:04 ============================
5/12 22:31:04 number of attempts = 2
5/12 22:31:07 AUTHENTICATE_FS: used file /tmp/qmgr_u1Wox0, status: 1
5/12 22:31:07 status report for the job with dap_id: 24 ==>
[ dest_url = "gsiftp://rocks-52.sdsc.edu/home/lyho/swissprot";; src_url =
"file:/home/lyho/swissprot"; status = "request_rescheduled"; dap_id = 24;
use_protocol
= 0; dap_type = "transfer"; error_code = "GLOBUS error: "; num_attempts = 3;
owner = "lyho@xxxxxxxxxxxxxxxxxx"; timestamp =
absTime("2005-05-12T14:31:04+0800") ]
5/12 22:31:08 Switching to user lyho@xxxxxxxxxxxxxxxxxx, result = 1
5/12 22:31:08 Using user credential 
5/12 22:31:08 Add request 24 to the queue
5/12 22:31:08 ============================
5/12 22:31:08 * Number of jobs running: 1
5/12 22:31:08 ->dap_id:24, pid:5473
5/12 22:31:08 ============================
5/12 22:31:09 DaemonCore: No more children processes to reap.
5/12 22:31:09 Process 5473 terminated with exit status 256 
5/12 22:31:09 Remove request 24 from queue
5/12 22:31:09 ============================
5/12 22:31:09 * Number of jobs running: 0
5/12 22:31:09 ============================
5/12 22:31:09 number of attempts = 3
5/12 22:31:13 Switching to user lyho@xxxxxxxxxxxxxxxxxx, result = 1
5/12 22:31:13 Using user credential 
5/12 22:31:13 Add request 24 to the queue
5/12 22:31:13 ============================
5/12 22:31:13 * Number of jobs running: 15/12 22:31:13 ->dap_id:24, pid:5475
5/12 22:31:13 ============================
5/12 22:31:14 DaemonCore: No more children processes to reap.
5/12 22:31:14 Process 5475 terminated with exit status 256 
5/12 22:31:14 Remove request 24 from queue
5/12 22:31:14 ============================
5/12 22:31:14 * Number of jobs running: 0
5/12 22:31:14 ============================
5/12 22:31:14 number of attempts = 4
5/12 22:31:40 AUTHENTICATE_FS: used file /tmp/qmgr_mwfk4i, status: 1
5/12 22:31:40 status report for the job with dap_id: 24 ==>
[ status = request_failed; dap_id = 24; error_code = "GLOBUS error: ";
timestamp = absTime("2005-05-12T14:31:15+0800") ]
5/12 22:49:08 DaemonCore: in SendAliveToParent()
5/12 22:49:08 DaemonCore: attempting to connect to '<140.109.98.21:52393>'
5/12 22:49:08 STORK_TIMEOUT_MULTIPLIER is undefined, using default value of 0
--------------------------------------------------------------------------

it said that"
5/12 22:25:55 DC_AUTHENTICATE: authenticate failed: AUTHENTICATE:1003:Failed
to authenticate with any method|AUTHENTICATE:1004:Failed to authenticate using
GSI|GSI:5004:Failed to map /C=TW/O=AS/OU=CC/CN=Li-Yung
Ho/Email=liyungho@xxxxxxxxxxxxxxxxxx to a local user.  Check the grid-mapfile.
"
but I am sure that I am in the grid-mapfile
I can execute "globus-url-copy" to copy file from pragma001.grid.sinica.edu.tw
 to rocks-52.sdsc.edu


I use my account to run condor and stork , not root
Is this possible a privilege problem ? 
or I have set something correct in my condor_config file ??


Thanks for any help !!