Mailing List Archives Public Access	UW Madison Computer Sciences Department Computer Systems Lab

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Condor-users] GAHP and proxy

Date: Thu, 15 May 2008 13:20:17 -0700 (PDT)
From: "Barnett P. Chiu" <thiaoouban@xxxxxxxxx>
Subject: Re: [Condor-users] GAHP and proxy

Hi, Jan,

     Thanks for the reply.

     I ran strace -f to condor_submit command and condor_gridmanager seemed to have opened the right proxy as show on the first line below:

15104 open("/tmp/x509up_u9653", O_RDONLY|O_LARGEFILE) = 6
15104 fstat64(6, {st_mode=S_IFREG|0600, st_size=2966, ...}) = 0
15104 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb75dc000
15104 read(6, "-----BEGIN CERTIFICATE-----\nMIIC"..., 4096) = 2966
15104 read(6, "", 4096)                 = 0
15104 stat64("/afs/usatlas.bnl.gov/Grid/vdt/1.3.10-RHEL3/globus/TRUSTED_CA", {st_mode=S_IFDIR|0755, st_size=16384, ...}) = 0
15104 close(6)                          = 0
15104 munmap(0xb75dc000, 4096)          = 0
15104 time(NULL)                        = 1210880482
15104 open("/tmp/x509up_u9653", O_RDONLY) = 6

However, I couldn't open scratch directory (i.e. /tmp/condor_g_scratch.0xxxxx) to compare the proxy because that directory disappeared very quickly.

Looking at the GridmanagerLog again, I do see a return code 7, which indicates
a failure of activating globus module in the process of search for CA?

[15106] GAHP[15127] <- 'INITIALIZE_FROM_FILE /tmp/condor_g_scratch.0x85e3250.1860/master_proxy.2'
[15106] GAHP[15127] -> 'F' '7' 'Failed to activate Globus' 'modules'
[15106] GAHP command 'INITIALIZE_FROM_FILE' failed: 7
[15106] GAHP: Failed to initialize from file

From the same machine, when I log in as another user (say, B) and strace-compare the same condor_submit command (which always succeeds as opposed to the Condor-G in my own login), I only found two differences:

(1) size of proxy (character counts)
(2) path to trusted CA in stat64 system call

However, running diff against user A and B's CA directory, there is essentially no difference.

I guess, as long as condor_gridmanager reads the proxy from the correct path, then proxy should be fine (even though again, I couldn't open the proxy in the scratch directory and compare) ... So, I am still not sure why Condor keeps reporting INITIALIZE_FROM_FILE failure.

Anyway to intercept the proxy in the scratch directory before it disappear?

Thank you,

~Barnett

Jan Ploski <Jan.Ploski@xxxxxxxx> wrote:

condor-users-bounces@xxxxxxxxxxx schrieb am 05/15/2008 01:09:29 AM:

> Dear Condor Team:
>
> I am experiencing a problem with Condor-G submission. Below is
> a segment copied from GrimanagerLog that explained the issue. My
> question is that where exactly does GAHP server copy the proxy
> certificate from?

>From the usual location (/tmp/x509up_uXXXX), but you can tell it to pick
it up from elsewhere (see 5.3.2.2 in the manual). The copying is done not
by the GAHP server, but by the condor_gridmanager process. You can strace
it to find out what it is doing with files.

> I have tried generating new proxy and restarting
> Condor before resubmitting another job but nothing worked. Also,
> globus-job-run command was successful so I really don't see why
> proxy is problematic. It's been forever that I keep getting stuck
> with INITIALIZE_FROM_FILE failure ... :(
>
> 5/14 18:23:10 [7388] GAHP[7414] <- 'INITIALIZE_FROM_FILE
> /tmp/condor_g_scratch.0x85c5e48.23467/master_proxy.2'
> 5/14 18:23:10 [7388] GAHP[7414] -> 'F' '7' 'Failed to activate
> Globus' 'modules'
> 5/14 18:23:10 [7388] GAHP command 'INITIALIZE_FROM_FILE' failed: 7
> 5/14 18:23:10 [7388] GAHP: Failed to initialize from file
> 5/14 18:23:10 [7388] (11.0) Error initializing GAHP

Did you check that the file reported in the GridmanagerLog:
/tmp/condor_g_scratch.0x85c5e48.23467/master_proxy.2 is readable to the
user running the GAHP java process and contains the same content as
/tmp/x509up_uXXXX)?

This Globus bug report (allegedly fixed) indicates that access rights to
other directories may be causing problems, too:

http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=4116

Maybe you should also strace the GAHP process to see whether it is getting
EACCES somewhere.

Regards,
Jan Ploski
_______________________________________________
Condor-users mailing list
To unsubscribe, send a message to condor-users-request@xxxxxxxxxxx with a
subject: Unsubscribe
You can also unsubscribe by visiting
https://lists.cs.wisc.edu/mailman/listinfo/condor-users

The archives can be found at:
https://lists.cs.wisc.edu/archive/condor-users/

Follow-Ups:
- Re: [Condor-users] GAHP and proxy
  - From: Jan Ploski

References:
- Re: [Condor-users] GAHP and proxy
  - From: Jan Ploski

Prev by Date: Re: [Condor-users] Problems submitting jobs from windows to Linux and vice versa
Next by Date: [Condor-users] jobs don't run in parallel when submited using condor_submit
Previous by thread: Re: [Condor-users] GAHP and proxy
Next by thread: Re: [Condor-users] GAHP and proxy
Index(es):
- Date
- Thread

Mailing List Archives

Public Access

Re: [Condor-users] GAHP and proxy