[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Condor-users] GAHP and proxy

Hi, Jan,

     Thanks for the reply.
     I ran strace -f to condor_submit command and condor_gridmanager seemed to have opened the right proxy as show on the first line below:

15104 open("/tmp/x509up_u9653", O_RDONLY|O_LARGEFILE) = 6
15104 fstat64(6, {st_mode=S_IFREG|0600, st_size=2966, ...}) = 0
15104 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb75dc000
15104 read(6, "-----BEGIN CERTIFICATE-----\nMIIC"..., 4096) = 2966
15104 read(6, "", 4096)                 = 0
15104 stat64("/afs/usatlas.bnl.gov/Grid/vdt/1.3.10-RHEL3/globus/TRUSTED_CA", {st_mode=S_IFDIR|0755, st_size=16384, ...}) = 0
15104 close(6)                          = 0
15104 munmap(0xb75dc000, 4096)          = 0
15104 time(NULL)                        = 1210880482
15104 open("/tmp/x509up_u9653", O_RDONLY) = 6

However, I couldn't open scratch directory (i.e. /tmp/condor_g_scratch.0xxxxx) to compare the proxy because that directory disappeared very quickly.

Looking at the GridmanagerLog again, I do see a return code 7, which indicates
a failure of activating globus module in the process of search for CA?

[15106] GAHP[15127] <- 'INITIALIZE_FROM_FILE /tmp/condor_g_scratch.0x85e3250.1860/master_proxy.2'
[15106] GAHP[15127] -> 'F' '7' 'Failed to activate Globus' 'modules'
[15106] GAHP command 'INITIALIZE_FROM_FILE' failed: 7
[15106] GAHP: Failed to initialize from file

From the same machine, when I log in as another user (say, B) and strace-compare the same condor_submit command (which always succeeds as opposed to the Condor-G in my own login), I only found two differences:

(1) size of proxy (character counts)
(2) path to trusted CA in stat64 system call

However, running diff against user A and B's CA directory, there is essentially no difference.

I guess, as long as condor_gridmanager reads the proxy from the correct path, then proxy should be fine (even though again, I couldn't open the proxy in the scratch directory and compare) ... So, I am still not sure why Condor keeps reporting INITIALIZE_FROM_FILE  failure.

Anyway to intercept the proxy in the scratch directory before it disappear?

Thank you,


Jan Ploski <Jan.Ploski@xxxxxxxx> wrote:
condor-users-bounces@xxxxxxxxxxx schrieb am 05/15/2008 01:09:29 AM:

> Dear Condor Team:
> I am experiencing a problem with Condor-G submission. Below is
> a segment copied from GrimanagerLog that explained the issue. My
> question is that where exactly does GAHP server copy the proxy
> certificate from?

>From the usual location (/tmp/x509up_uXXXX), but you can tell it to pick
it up from elsewhere (see in the manual). The copying is done not
by the GAHP server, but by the condor_gridmanager process. You can strace
it to find out what it is doing with files.

> I have tried generating new proxy and restarting
> Condor before resubmitting another job but nothing worked. Also,
> globus-job-run command was successful so I really don't see why
> proxy is problematic. It's been forever that I keep getting stuck
> with INITIALIZE_FROM_FILE failure ... :(
> 5/14 18:23:10 [7388] GAHP[7414] <- 'INITIALIZE_FROM_FILE
> /tmp/condor_g_scratch.0x85c5e48.23467/master_proxy.2'
> 5/14 18:23:10 [7388] GAHP[7414] -> 'F' '7' 'Failed to activate
> Globus' 'modules'
> 5/14 18:23:10 [7388] GAHP command 'INITIALIZE_FROM_FILE' failed: 7
> 5/14 18:23:10 [7388] GAHP: Failed to initialize from file
> 5/14 18:23:10 [7388] (11.0) Error initializing GAHP

Did you check that the file reported in the GridmanagerLog:
/tmp/condor_g_scratch.0x85c5e48.23467/master_proxy.2 is readable to the
user running the GAHP java process and contains the same content as

This Globus bug report (allegedly fixed) indicates that access rights to
other directories may be causing problems, too:


Maybe you should also strace the GAHP process to see whether it is getting
EACCES somewhere.

Jan Ploski
Condor-users mailing list
To unsubscribe, send a message to condor-users-request@xxxxxxxxxxx with a
subject: Unsubscribe
You can also unsubscribe by visiting

The archives can be found at: