Re: [Condor-users] Default area for globus certificates

[Steven Timm <timm@xxxxxxxx>]

Would it be possible to make a feature request for condor_config_val,
namely that it would take wild cards?

e.g.

condor_config_val GSI*

would return the values of all GSI variables that are set?

I am doing strace on the various processes that you would think would
be in charge of looking at the certificate files and I don't
see any place that is actually going after /etc/grid-security.
According to the strace it appears to be picking up the right
location for the cert dirs.  Nevertheless, I bet if I change
it around so /etc/grid-security is up to date, everything is
going to be OK then.  will try it and see what happens.

Steve







On Tue, 14 Feb 2006, Erik Paulson wrote:

> On Tue, Feb 14, 2006 at 11:39:38AM -0600, Steven Timm wrote:
> > Is there anywhere, hardwired in Condor, where it is looking
> > for Certificate Authority certificates?
>
> Yes, the GSI library itself goes looking for certificates in some default
> locations.
>
> > When I initially installed condor on one of my machines, the
> > certificates were in /etc/grid-security/certificates. They have now
> > expired.
> > A later reinstallation of the globus toolkit moved them to
> > $GLOBUS_LOCATION/share/certificates.  Now we face the problem that
> > outbound globus-job-run from this machine is OK but
> > outbound condor_submit to other condor_g resources is not OK, failing
> > to submit.
> >
> > Error in condor log is:
> >
> > 000 (1045.000.000) 02/13 16:51:33 Job submitted from host:
> > <131.225.107.31:62037
> > >
> > ...
> > 020 (1045.000.000) 02/13 16:51:41 Detected Down Globus Resource
> >      RM-Contact: fngp-osg.fnal.gov/jobmanager-condor
> > ...
> >
> >
> > and on remote host gatekeeper says:
> >
> > Feb 13 16:51:37 fngp-osg GRAM gatekeeper[2786]: GSS failed Major:01090000
> > Minor:00000000 Token:00000003
> >
> >
> > Could it be that condor is somehow wired to look at
> > /etc/grid-security/certificates?
>
> That's one of the places GSI will look, probably before
> $(GLOBUS_LOCATION)/share/certificates
>
> > I don't see anyplace in the condor config file where it would say
> > where to get them from.
>
> http://www.cs.wisc.edu/condor/manual/v6.7/3_3Configuration.html#12646
>
> It doesn't look like we have the default search path that GSI will use
> listed in our manual anywhere.
>
> -Erik
>
> > Steve Timm
> >
> >
> > --
> > ------------------------------------------------------------------
> > Steven C. Timm, Ph.D  (630) 840-8525  timm@xxxxxxxx  http://home.fnal.gov/~timm/
> > Fermilab Computing Div/Core Support Services Dept./Scientific Computing Section
> > Assistant Group Leader, Farms and Clustered Systems Group
> > Lead of Computing Farms Team
> > _______________________________________________
> > Condor-users mailing list
> > Condor-users@xxxxxxxxxxx
> > https://lists.cs.wisc.edu/mailman/listinfo/condor-users
> _______________________________________________
> Condor-users mailing list
> Condor-users@xxxxxxxxxxx
> https://lists.cs.wisc.edu/mailman/listinfo/condor-users

--
------------------------------------------------------------------
Steven C. Timm, Ph.D  (630) 840-8525  timm@xxxxxxxx  http://home.fnal.gov/~timm/
Fermilab Computing Div/Core Support Services Dept./Scientific Computing Section
Assistant Group Leader, Farms and Clustered Systems Group
Lead of Computing Farms Team