[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [HTCondor-users] GSI_ASSIST_GRIDMAP not calling out



Hi Stephen,

The lines to focus on are these:

12/20/18 17:14:03 ZKM: 2: mapret: 0 included_voms: 1 canonical_user: GSS_ASSIST_GRIDMAP
12/20/18 17:14:03 Globus-based mapping failed; will use gsi@unmapped.

This means that it tried to invoke Globus and something failed along the lines.

Given you say it never makes it Args:

1.  Any sign it makes it to Globus libraries?
2.  Any sign it Globus successfully handed off to libgsi_pep_callout.so?
3.  Any sign the PEP callout did anything?

For (3), I believe there's a way (environment variable?  PEP config? ... I forget) to increase the logging verbosity.  That said, sometimes I find "strace" the easiest way to determine some of these things.

Once we know where the ball gets dropped, we can target the debugging further.

Brian

> On Dec 20, 2018, at 11:21 AM, Stephen Jones <sjones@xxxxxxxxxxxxxxxx> wrote:
> 
> Hi all,
> 
> I have a HTCondor-CE that contains a condor-mapfile that has GSS_ASSIST_GRIDMAP, to make a callout to ARGUS.
> 
> # cd /etc/condor-ce/
> # cat condor_mapfile
> GSI (.*) GSS_ASSIST_GRIDMAP
> 
> ...
> 
> I've set the GSI_AUTHZ_CONF value to be right:
> 
> # echo $GSI_AUTHZ_CONF
> /etc/grid-security/gsi-authz.conf
> 
> And the conf file file looks OK:
> 
> # cat /etc/grid-security/gsi-authz.conf
> globus_mapping /usr/lib64/libgsi_pep_callout.so argus_pep_callout
> 
> And the library is installed:
> 
> # ls -lrt /usr/lib64/libgsi_pep_callout.so
> lrwxrwxrwx 1 root root 27 Dec 20 16:22 /usr/lib64/libgsi_pep_callout.so -> libgsi_pep_callout.so.1.0.1
> 
> Yet, when I try it out, it never calls out to my ARGUS server:
> 
> 12/20/18 17:14:03 ZKM: setting default map to gsi@unmapped
> 12/20/18 17:14:03 ZKM: name to map is '/C=UK/O=eScience/OU=Liverpool/L=CSD/CN=stephen jones'
> 12/20/18 17:14:03 ZKM: pre-map: current user is 'gsi'
> 12/20/18 17:14:03 ZKM: pre-map: current domain is 'unmapped'
> 12/20/18 17:14:03 ZKM: map file already loaded.
> 12/20/18 17:14:03 ZKM: attempting to map '/C=UK/O=eScience/OU=Liverpool/L=CSD/CN=stephen jones'
> 12/20/18 17:14:03 ZKM: GSI was used, and FQAN is present.
> 12/20/18 17:14:03 ZKM: 1: attempting to map '/C=UK/O=eScience/OU=Liverpool/L=CSD/CN=stephen jones,/dteam/Role=NULL/Capability=NULL,/dteam/NGI_UK/Role=NULL/Capability=NULL'
> 12/20/18 17:14:03 ZKM: 2: mapret: 0 included_voms: 1 canonical_user: GSS_ASSIST_GRIDMAP
> 12/20/18 17:14:03 Globus-based mapping failed; will use gsi@unmapped.
> 12/20/18 17:14:03 ZKM: post-map: current user is 'gsi'
> 12/20/18 17:14:03 ZKM: post-map: current domain is 'unmapped'
> 12/20/18 17:14:03 ZKM: post-map: current FQU is 'gsi@unmapped'
> 12/20/18 17:14:03 AUTHENTICATE: Exchanging keys with remote side.
> 12/20/18 17:14:03 AUTHENTICATE: Result of end of authenticate is 1.
> 12/20/18 17:14:03 DC_AUTHENTICATE: authentication of <138.253.178.91:13663> did not result in a valid mapped user name, which is required for this command (1112 QMGMT_WRITE_CMD), so aborting.
> 
> Does anyone know what might be stopping it?
> 
> Cheers,
> 
> Ste
> 
> -- 
> Steve Jones                             sjones@xxxxxxxxxxxxxxxx
> Grid System Administrator               office: 220
> High Energy Physics Division            tel (int): 43396
> Oliver Lodge Laboratory                 tel (ext): +44 (0)151 794 3396
> University of Liverpool                 http://www.liv.ac.uk/physics/hep/
> 
> _______________________________________________
> HTCondor-users mailing list
> To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a
> subject: Unsubscribe
> You can also unsubscribe by visiting
> https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users
> 
> The archives can be found at:
> https://lists.cs.wisc.edu/archive/htcondor-users/