[gin-auth] The new VOMS Server for GIN is active from now
Vincenzo Ciaschini
vincenzo.ciaschini at cnaf.infn.it
Tue Mar 14 07:16:48 CST 2006
Hi Cindy,
This explains everything.
Let me guess, you downloaded the source with
cvs co -r glite-security-voms_branch_1_6_0 org.glite.security.voms
right?
But that way you get the head of the branch, not a tagged version. This
means that it is a work in progress and nothing more.
To get 1.6.20, you should have use the tag, doing:
cvs co -r glite-security-voms_R_1_6_20 org.glite.security.voms
And you will see that this does not have this problem.
Bye,
Vincenzo
Cindy Zheng wrote:
> Hi, Vincenzo, I'm attaching the file. ...Cindy
>
>
>>-----Original Message-----
>>From: Vincenzo Ciaschini [mailto:vincenzo.ciaschini at cnaf.infn.it]
>>Sent: Monday, March 13, 2006 1:04 AM
>>To: Cindy Zheng
>>Cc: 'Yusuke Tanimura'; 'Oscar Koeroo'; gin-auth at ggf.org;
>>'Olivier van der Aa'; 'Philip Papadopoulos'; 'Catlett
>>Charlie'; 'David Colling'; m.aggarwal at imperial.ac.uk;
>>yoshio.tanaka at aist.go.jp; 'Dane Skow'; 'JP Navarro';
>>'Arzberger Peter'; fplin at nchc.org.tw; 'mason j. katz'
>>Subject: Re: [gin-auth] The new VOMS Server for GIN is active from now
>>
>>
>>Cindy Zheng wrote:
>>
>>
>>>Ooops, sorry, Vincenzo. I just realized that I forgot to
>>>append the error message. Here it is:
>>>
>>>[zhengc at rocks-52 ~]$ voms-proxy-init --debug --voms GIN-GGF-ORG
>>>Detected Globus version: 22
>>>Unspecified proxy version, settling on Globus version: 2
>>>Number of bits in key :512
>>>Using configuration file /opt/glite/etc/vomses
>>>Using configuration file /opt/glite/etc/vomses
>>>voms-proxy-init: vomsclient.cc:1406: bool
>>
>>Client::pcdInit(): Assertion
>>
>>>`stat("/data/valerio/.globus/usercert.pem", &stats) == 0' failed.
>>>Aborted
>>>
>>
>>Actually, this meand that there is something strange with your
>>environment, since I just recompiled VOMS 1.6.20 and didn't have any
>>such problems. Maybe you have your HOME variable erroneously set to
>>"/data/valerio"?
>>
>>This is especially strange, since line 1046 in vomsclient.cc
>>is just an
>>output command, and so simply cannot fail an assertion. The whole
>>routine did not actually call assert() at all, and if it were used by
>>one of the called functions, then that function name should appear.
>>
>>Can you send me the complete (unmodified) copy of
>>vomsclient.cc that is
>>causing you problems?
>>
>>Bye,
>> Vincenzo
>>
>>
>>
>>>Thanks,
>>>
>>>Cindy
>>>
>>>
>>>
>>>>-----Original Message-----
>>>>From: owner-gin-auth at ggf.org [mailto:owner-gin-auth at ggf.org]
>>>>On Behalf Of Cindy Zheng
>>>>Sent: Friday, March 10, 2006 3:42 PM
>>>>To: 'Vincenzo Ciaschini'
>>>>Cc: 'Yusuke Tanimura'; 'Oscar Koeroo'; gin-auth at ggf.org;
>>>>'Olivier van der Aa'; 'Philip Papadopoulos'; 'Catlett
>>>>Charlie'; 'David Colling'; m.aggarwal at imperial.ac.uk;
>>>>yoshio.tanaka at aist.go.jp; 'Dane Skow'; 'JP Navarro';
>>>>'Arzberger Peter'; fplin at nchc.org.tw; 'mason j. katz'
>>>>Subject: RE: [gin-auth] The new VOMS Server for GIN is
>>
>>active from now
>>
>>>>
>>>>Hi, Vincenzo,
>>>>
>>>>As I figured out the post installation tasks and be able
>>>>to run voms-proxy-init, I encountered another error.
>>>>I believe that Yusuke also encountered the same error
>>>>and made some code change in client.cc to get by. Since
>>>>you mensioned that you are getting ready to release 1.6.21,
>>>>I want to alert you to this. Whence you make the change,
>>>>please let me know and I'll test it again.
>>>>
>>>>Thanks for all your help,
>>>>
>>>>Cindy
>>>>
>>>>
>>>>
>>>>>-----Original Message-----
>>>>>From: owner-gin-auth at ggf.org [mailto:owner-gin-auth at ggf.org]
>>>>>On Behalf Of Vincenzo Ciaschini
>>>>>Sent: Thursday, March 09, 2006 10:45 PM
>>>>>To: Cindy Zheng
>>>>>Cc: 'Yusuke Tanimura'; 'Oscar Koeroo'; gin-auth at ggf.org;
>>>>>'Olivier van der Aa'; 'Philip Papadopoulos'; 'Catlett
>>>>>Charlie'; 'David Colling'; m.aggarwal at imperial.ac.uk;
>>>>>yoshio.tanaka at aist.go.jp; 'Dane Skow'; 'JP Navarro';
>>>>>'Arzberger Peter'; fplin at nchc.org.tw; 'mason j. katz'
>>>>>Subject: Re: [gin-auth] The new VOMS Server for GIN is
>>>>
>>>>active from now
>>>>
>>>>
>>>>>Cindy Zheng wrote:
>>>>>
>>>>>
>>>>>>Thank you, Vincenzo! These are very helpful
>>>>>>requirement info. Perhaps can be included in
>>>>>>the INSTALL file in the voms package?
>>>>>>
>>>>>
>>>>>Yes.
>>>>>
>>>>>
>>>>>
>>>>>>Now I have finished make and make install.
>>>>>
>>>>>So, you can confirm that now building worked? If so, I
>>
>>will commit
>>
>>>>>1.6.21, which will remove the need for the workaround during
>>>>>compilation. I will announce here once it is done.
>>>>>
>>>>>
>>>>>
>>>>>>What do I need to do with the server pem file,
>>>>>>mkgridmap.conf etc.? Is there an url for such
>>>>>>instructions?
>>>>>>
>>>>>
>>>>>You need to do nothing special with the server certificate
>>>>
>>>>other than
>>>>
>>>>
>>>>>installing it (along with the key) in /etc/grid-security.
>>>>>
>>>>>Also, there is no need of having a gridmapfile in the VOMS
>>>>
>>>>server, so
>>>>
>>>>
>>>>>there is no need to do anything special. If you instead
>>>>>meant what to
>>>>>do on other sites to get a gridmapfile from VOMS, then the
>>>>>exact format
>>>>>depends on how you configure VOMS, so instructions are
>>>>>provided by voms
>>>>>itself, at the page of the admin interface. See the
>>
>>"configuration
>>
>>>>>info" link.
>>>>>
>>>>>Bye,
>>>>> Vincenzo
>>>>>
>>>>>
>>>>>
>>>>>>Dear all, I'm thinking that this may be a good
>>>>>>opportunity to find out what info we need to
>>>>>>provide to Other grid admins and users to make
>>>>>>Grid interopration easier. Perhaps through our
>>>>>>experiment, we can jot down a step by step
>>>>>>interoperation guide for each grid?
>>>>>>
>>>>>>Welcome thoughts and suggestions from everyone!
>>>>>>
>>>>>>Thanks,
>>>>>>
>>>>>>Cindy
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>>-----Original Message-----
>>>>>>>From: Vincenzo Ciaschini
>>
>>[mailto:vincenzo.ciaschini at cnaf.infn.it]
>>
>>>>>>>Sent: Thursday, March 09, 2006 12:24 PM
>>>>>>>To: mason j. katz
>>>>>>>Cc: Cindy Zheng; 'Yusuke Tanimura'; 'Oscar Koeroo';
>>>>>>>gin-auth at ggf.org; 'Olivier van der Aa'; 'Philip
>>>>>>>Papadopoulos'; 'Catlett Charlie'; 'David Colling';
>>>>>>>m.aggarwal at imperial.ac.uk; yoshio.tanaka at aist.go.jp; 'Dane
>>>>>>>Skow'; 'JP Navarro'; 'Arzberger Peter'; fplin at nchc.org.tw
>>>>>>>Subject: Re: [gin-auth] The new VOMS Server for GIN is
>>>>>
>>>>>active from now
>>>>>
>>>>>
>>>>>>>doxygen is only a requirement if you want documentation.
>>>>>>>Otherwise, you
>>>>>>>can disable doc generation with the --enable-docs=no option
>>>>>>>to configure.
>>>>>>>
>>>>>>>Anywya, the software requirements are the following:
>>>>>>>
>>>>>>>Globus Version 2.0 and up.
>>>>>>>expat (both libraries and includes) from 1.95.5 and up. Not
>>>>>>> tested with prevoius version, but it should work.
>>>>>>>
>>>>>>>doxygen Tested with 1.3.5, should work with earlier versions.
>>>>>>>latex
>>>>>>>sgml tools.
>>>>>>>
>>>>>>>Note that the need for doxygen, latex and the sgml tools
>>>>>>>disappears if
>>>>>>>--enable-docs=no is specified.
>>>>>>>
>>>>>>>
>>>>>>>Finally, at least one of:
>>>>>>>mysql include and libraries from 4.0.14 and up
>>>>>>>Oracle include and libraries, tested with 10, should also
>>>>>>> work with 9.
>>>>>>>
>>>>>>>Bye,
>>>>>>> Vincenzo
>>>>>>>
>>>>>>>mason j. katz wrote:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>>In addition to doxygen are there any other requirements
>>>>>>>
>>>>>>>that systems
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>>may not typically have installed?
>>>>>>>>
>>>>>>>>Cindy - look in
>>>>>
>>>>>(/home/install/rocks-dist/lan/i386/RedHat/RPMS) on
>>>>>
>>>>>
>>>>>>>>crayon and you will see all the OS RPMs, you can install
>>>>>>>
>>>>>>>the doxygen on
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>>one the frontend and try the compilation again.
>>>>>>>>
>>>>>>>> -mjk
>>>>>>>>
>>>>>>>>On Mar 9, 2006, at 1:01 AM, Cindy Zheng wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>>Hi, Vincenzo,
>>>>>>>>>
>>>>>>>>>I don't see any rpm bearing name with doxygen, but did find
>>>>>>>>>some files named with doxygen. Since this is rocks cluster,
>>>>>>>>>it came with a lot of software build in, I'll check with our
>>>>>>>>>Rocks developers to be sure. What version of Doxygen does
>>>>>>>>>voms require?
>>>>>>>>>
>>>>>>>>>Thanks,
>>>>>>>>>
>>>>>>>>>Cindy
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>>-----Original Message-----
>>>>>>>>>>From: Vincenzo Ciaschini
>>>>
>>>>[mailto:vincenzo.ciaschini at cnaf.infn.it]
>>>>
>>>>
>>>>>>>>>>Sent: Wednesday, March 08, 2006 11:14 PM
>>>>>>>>>>To: zhengc at sdsc.edu
>>>>>>>>>>Cc: 'Mason Katz'; 'Yusuke Tanimura'; 'Oscar Koeroo';
>>>>>>>>>>gin-auth at ggf.org; 'Olivier van der Aa'; 'Philip
>>>>>>>>>>Papadopoulos'; 'Catlett Charlie'; 'David Colling';
>>>>>>>>>>m.aggarwal at imperial.ac.uk; yoshio.tanaka at aist.go.jp; 'Dane
>>>>>>>>>>Skow'; 'JP Navarro'; 'Arzberger Peter'; fplin at nchc.org.tw
>>>>>>>>>>Subject: Re: [gin-auth] The new VOMS Server for GIN is
>>>>>>>
>>>>>>>active from now
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>>>>Cindy Zheng wrote:
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>>Thank you, Vincenzo, for your help!
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>Hi Cindy,
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>>The work-around got me a lot further along.
>>>>>>>>>>>But I encountered another error during make.
>>>>>>>>>>>Since Yusuke was able to install with GT 2.4.3 without
>>>>>>>>>>>much problem, I wonder if this is because that we are
>>>>>>>>>>>running GT4?
>>>>>>>>>>>
>>>>>>>>>>>I'm attaching the log files (unix text files).
>>>>>>>>>>
>>>>>>>>>>What exactly the error was is uncertain since you only sent
>>>>>>>>>>me stdout,
>>>>>>>>>>but not stderr, so the actual error message is not present in
>>>>>>>>>>the dump.
>>>>>>>>>>
>>>>>>>>>>However, judging from where compilation stopped, you had
>>>>>>>>>>problems with
>>>>>>>>>>doxygen during the generation of the documentation.
>>>>>>>>>>
>>>>>>>>>>Can you tell me what version of doxygen you have installed?
>>>>>>>>>>
>>>>>>>>>>Bye,
>>>>>>>>>> Vincenzo
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>>Thanks again!
>>>>>>>>>>>
>>>>>>>>>>>Cindy
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>>-----Original Message-----
>>>>>>>>>>>>From: Vincenzo Ciaschini
>>>>>>>
>>>>>>>[mailto:vincenzo.ciaschini at cnaf.infn.it]
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>>>>>>Sent: Wednesday, March 08, 2006 4:30 AM
>>>>>>>>>>>>To: Cindy Zheng
>>>>>>>>>>>>Cc: 'Mason Katz'; 'Yusuke Tanimura'; 'Oscar Koeroo';
>>>>>>>>>>>>gin-auth at ggf.org; 'Olivier van der Aa'; 'Philip
>>>>>>>>>>>>Papadopoulos'; 'Catlett Charlie'; 'David Colling';
>>>>>>>>>>>>m.aggarwal at imperial.ac.uk; yoshio.tanaka at aist.go.jp; 'Dane
>>>>>>>>>>>>Skow'; 'JP Navarro'; 'Arzberger Peter'; fplin at nchc.org.tw
>>>>>>>>>>>>Subject: Re: [gin-auth] The new VOMS Server for GIN is
>>>>>>>>>>
>>>>>>>>>>active from now
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>>>Cindy Zheng wrote:
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>>Thank you, Vincenzo, for your reply!
>>>>>>>>>>>>>We are running Rocks which has GT4 already build-in.
>>>>>>>>>>>>>I believe it's NMI distribution. To be sure, better
>>>>>>>>>>>>>have our Rocks expert, Mason, to answer your questions.
>>>>>>>>>>>>>Mason, could you answer Vincenzo's questions?
>>>>>>>>>>>>>
>>>>>>>>>>>>>Thanks,
>>>>>>>>>>>>>
>>>>>>>>>>>>>Cindy
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>Hi Cindy,
>>>>>>>>>>>>
>>>>>>>>>>>> I think I have a pretty good understanding of what the
>>>>>>>>>>>>problem is,
>>>>>>>>>>>>and of a solution to it, along with a (admittedly ugly)
>>>>>>>>>>>>workaround while
>>>>>>>>>>>>we commit the solution.
>>>>>>>>>>>>
>>>>>>>>>>>>Explanation:
>>>>>>>>>>>> Normally, the $GLOBUS_LOCATION/include/ directory
>>>>
>>>>contains a
>>>>
>>>>
>>>>>>>>>>>>subdirectory for each globus flavor. No packaging of globus
>>>>>>>>>>>>we tested
>>>>>>>>>>>>had the ldap_backend directory there. The ./configure
>>>>>>>
>>>>>>>script takes
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>>>>>>advantage of this to discover what flavors are present.
>>>>>>>>>>
>>>>>>>>>>Clearly, the
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>>>presence of ldap_backend messes things up.
>>>>>>>>>>>>
>>>>>>>>>>>>The solution:
>>>>>>>>>>>> We will rewrite the configure.ac script to take into
>>>>>>>>>>
>>>>>>>>>>account the
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>>>possible presence of the ldap_backend directory.
>>>>>>>>>>>>
>>>>>>>>>>>>The workaround:
>>>>>>>>>>>> While waiting for the new release, you can do the
>>>>>>>
>>>>>>>following to
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>>>>>>compile anyway:
>>>>>>>>>>>>
>>>>>>>>>>>>1) mv $GLOBUS_LOCATION/include/ldap_backend
>>
>>$GLOBUS_LOCATION/
>>
>>>>>>>>>>>>2) do the normal build cycle (configure/make/make install)
>>>>>>>>>>>>3) mv $GLOBUS_LOCATION/ldap_backend
>>
>>£GLOBUS_LOCATION/include/
>>
>>>>>>>>>>>>Bye,
>>>>>>>>>>>> Vincenzo
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>>>-----Original Message-----
>>>>>>>>>>>>>>From: Vincenzo Ciaschini
>>>>>>>
>>>>>>>[mailto:vincenzo.ciaschini at cnaf.infn.it]
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>>>>>>>>Sent: Wednesday, March 08, 2006 12:01 AM
>>>>>>>>>>>>>>To: zhengc at sdsc.edu
>>>>>>>>>>>>>>Cc: 'Yusuke Tanimura'; 'Oscar Koeroo'; gin-auth at ggf.org;
>>>>>>>>>>>>>>'Olivier van der Aa'; 'Philip Papadopoulos'; 'Catlett
>>>>>>>>>>>>>>Charlie'; 'David Colling'; m.aggarwal at imperial.ac.uk;
>>>>>>>>>>>>>>yoshio.tanaka at aist.go.jp; 'Dane Skow'; 'JP Navarro';
>>>>>>>>>>>>>>'Arzberger Peter'; fplin at nchc.org.tw; 'Mason Katz'
>>>>>>>>>>>>>>Subject: Re: [gin-auth] The new VOMS Server for GIN is
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>active from now
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>>>Cindy Zheng wrote:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>Hi, Vincenzo,
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>Hi Cindy,
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>Following you and Yusuke's discussion, I downloaded
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>http://glite.web.cern.ch/glite/packages/R1.5/N2006030
>>>>>
>>>>>3/src/gli
>>>>>
>>>>>
>>>>>>>>>>>>>te-security-vo
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>>ms-1.6.20_src.tar.gz
>>>>>>>>>>>>>>ran configure and make, then encountered an error (below)
>>>>>>>>>>>>>>with make. I'm also attaching the full log with command
>>>>>>>>>>>>>>lines. The target cluster is a rocks 4.1 cluster, running
>>>>>>>>>>>>>>GT4. Appreciate any help. Let me know if you need
>>>>
>>>>more info.
>>>>
>>>>
>>>>>>>>>>>>>>Cindy
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>Here is the problem, taken from the output of configure:
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>>checking for GLOBUS flavors... found gcc32dbg
>>
>>gcc32dbgpthr
>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>ldap_backend (gcc32dbg selected)
>>>>>>>>>>>>>
>>>>>>>>>>>>>As you can see, ldap_backend is discovered as a flavor even
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>though it
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>>obviously is not one. I'd have to say this is the first
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>time something
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>>like this happens. What version of globus have you
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>installed ? And was
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>>it taken from the globus site or from some other packaging?
>>>>>>>>>>>>>
>>>>>>>>>>>>>Bye,
>>>>>>>>>>>>> Vincenzo
>>>>>>>>>>>>>
>>>>>>>>>>>>
More information about the gin-auth
mailing list