Colin, UC/ANL TeraGrid GT4 client software and our services use GLOBUS_TCP_PORT_RANGE of "50000,51000". What range does the firewall that your clients are sitting behind have open? The GLOBUS_TCP_PORT_RANGE on your clients should be set to that open range. JP On Dec 5, 2006, at 1:01 AM, Colin Enticott wrote:
Hi Terrence,
Some success. I can submit from uaf-1.t2.ucsd.edu to all sites using both with a generated proxy and the proxy I was trying everywhere else.
The machines I was trying from are: 130.194.70.23 131.170.184.61 198.202.88.52
I know the first machine has no firewall as I have exempted the host.
When we run the experiment, we will be running it from 130.194.70.23. I guess it comes down to an IP firewall issue, or our servers not trusting the host cert. I have added to my server all the CA here, am I missing one?: http://goc.pragma-grid.net/gin/gin-resources.html
Thanks, Colin
--- Colin Enticott, Research Scientist, Ph: +61 03 9903 2215 Room H7.26, Level 7, Building H, Monash University Caulfield 3145, Australia
-----Original Message----- From: Terrence Martin [mailto:tmartin@physics.ucsd.edu] Sent: Tuesday, 5 December 2006 5:47 PM To: Colin Enticott Cc: 'Yoshio Tanaka'; D.Bannon@vpac.org; navarro@mcs.anl.gov; gin- auth@ggf.org; gin-ops@ggf.org Subject: Re: [gin-ops] [gin-auth] start Savannah run
Just to make sure I am not missing you in the log, what IP are you coming from?
Terrence
Colin Enticott wrote:
Thanks Yoshio,
So it looks like authentication issues as I can connect to port 2119 on both hosts:
cme@edda$ globusrun -a -r tg-grid1.uc.teragrid.org
GRAM Authentication test failure: connecting to the job manager failed. Possible reasons: job terminated, invalid job contact, network problems, ... cme@edda$ globusrun -a -r osg-gw-2.t2.ucsd.edu
GRAM Authentication test failure: connecting to the job manager failed. Possible reasons: job terminated, invalid job contact, network problems, ...
Regards, Colin
--- Colin Enticott, Research Scientist, Ph: +61 03 9903 2215 Room H7.26, Level 7, Building H, Monash University Caulfield 3145, Australia
-----Original Message----- From: Yoshio Tanaka [mailto:yoshio.tanaka@aist.go.jp] Sent: Tuesday, 5 December 2006 12:21 PM To: Colin.Enticott@csse.monash.edu.au Cc: D.Bannon@vpac.org; tmartin@physics.ucsd.edu; navarro@mcs.anl.gov; gin- auth@ggf.org; gin-ops@ggf.org; yoshio.tanaka@aist.go.jp Subject: Re: [gin-ops] [gin-auth] start Savannah run
Hi Colin,
Please test the authentication by the following command:
% globusrun -a -r osg-gw-2.t2.ucsd.edu
% globusrun -a -r tg-grid1.uc.teragrid.org
Thanks,
-- Yoshio Tanaka (yoshio.tanaka@aist.go.jp) http://ninf.apgrid.org/ http://www.apgridpma.org/
From: Colin Enticott <Colin.Enticott@csse.monash.edu.au> Subject: Re: [gin-ops] [gin-auth] start Savannah run Date: Tue, 05 Dec 2006 11:44:05 +1100 Message-ID: <017401c71806$77cf6760$1e46c282@nail>
Thanks David,
But still the same problem. As you can see, my certificate still works
on
the vpac host and there is definitely no firewall in the way:
cme@edda$ grid-proxy-init -cert usercert.pem.APACGrid -key userkey.pem.APACGrid Your identity: /C=AU/O=APACGrid/OU=Monash University/CN=Colin Enticott Enter GRID pass phrase for this identity: Creating proxy ................................... Done Your proxy is valid until: Tue Dec 5 23:28:47 2006 cme@edda$ globus-job-run osg-gw-2.t2.ucsd.edu/jobmanager-fork /bin/uname
-a
GRAM Job submission failed because the connection to the server failed (check host and port) (error code 12) cme@edda$ globus-job-run tg-grid1.uc.teragrid.org/jobmanager-fork
/bin/uname
-a GRAM Job submission failed because the connection to the server failed (check host and port) (error code 12) cme@edda$ globus-job-run ng1.vpac.org/jobmanager-fork /bin/ uname -a Linux ng1.vpac.org 2.6.16.29-xen #4 SMP Sun Oct 15 13:20:46 BST 2006
i686
i686 i386 GNU/Linux cme@edda$ telnet tg-grid1.uc.teragrid.org 2119 Trying 192.5.198.225... Connected to tg-grid1.uc.teragrid.org. Escape character is '^]'.
Connection closed by foreign host. cme@edda$ telnet osg-gw-2.t2.ucsd.edu 2119 Trying 137.110.141.17... Connected to osg-gw-2.t2.ucsd.edu. Escape character is '^]'.
Connection closed by foreign host.
Any other thoughts from anyone?
Thanks, Colin
--- Colin Enticott, Research Scientist, Ph: +61 03 9903 2215 Room H7.26, Level 7, Building H, Monash University Caulfield 3145,
Australia
-----Original Message----- From: David Bannon [mailto:D.Bannon@vpac.org] Sent: Monday, 4 December 2006 6:08 PM To: JP Navarro Cc: Colin Enticott; gin-auth@ggf.org; gin-ops@ggf.org; 'Terrence
Martin'
Subject: Re: [gin-auth] start Savannah run
Colin, you can run as a Gin user on any of the VPAC machines, my be easier to debug....
David
On Fri, 2006-12-01 at 12:34 -0600, JP Navarro wrote:
> Colin, > > The error in the logs is below. Not sure what it means. > Could you > try this > test again from your SDSC TeraGrid account so we can rule out > software and > firewall issues? > > Thanks, > > JP > > TIME: Thu Nov 30 18:49:42 2006 > PID: 9608 -- Notice: 0: GATEKEEPER_ACCT_FD=5 (/var/globus/ > prews- > gram-4.0.1-r3-i1/log/globus-gatekeeper.log) > TIME: Thu Nov 30 18:49:42 2006 > PID: 9608 -- Notice: 6: Got connection 198.202.88.52 at Thu > Nov 30 > 18:49:42 2006 > > Failed reading length 0 > GSS authentication failure > globus_gss_assist token :3: read failure: Connection closed > Failure: GSS failed Major:01090000 Minor:00000000 Token:00000003 > > TIME: Thu Nov 30 18:49:42 2006 > PID: 9608 -- Failure: GSS failed Major:01090000 Minor:00000000 > Token:00000003 > > > > On Nov 30, 2006, at 7:05 PM, Colin Enticott wrote: > > >> Thanks JP, >> >> But I am running into some problems. I've tried both from our >> server and >> rocks-52 and this is what I get: >> [cme@rocks-52 ~]$ globus-job-run tg-grid1.uc.teragrid.org/ >> jobmanager-fork >> /bin/uname -a >> GRAM Job submission failed because the connection to the server >> failed
>> (check host and port) (error code 12) >> [cme@rocks-52 ~]$ grid-proxy-info >> subject : /C=AU/O=APACGrid/OU=Monash University/CN=Colin >> Enticott/CN=1087048434 >> issuer : /C=AU/O=APACGrid/OU=Monash University/CN=Colin >> Enticott >> identity : /C=AU/O=APACGrid/OU=Monash University/CN=Colin >> Enticott >> type : Proxy draft (pre-RFC) compliant impersonation proxy >> strength : 512 bits >> path : /home/cme/globus_proxy.APACGrid >> timeleft : 836:30:26 (34.8 days) >> [cme@rocks-52 ~]$ ssh tg-grid1.uc.teragrid.org >> Warning: Permanently added 'tg-grid1.uc.teragrid.org' (RSA) >> to the >> list of >> known hosts. >> Permission denied (external- >> keyx,gssapi,publickey,gssapi,hostbased).
>> [cme@rocks-52 ~]$ >> >> That is the certificate that I registered with. I also >> tried the >> ssh key >> pair I put up on the pragma wiki. >> >> Any thoughts? >> >> Thanks, >> Colin >> >> --- >> Colin Enticott, Research Scientist, Ph: +61 03 9903 2215 >> Room H7.26, Level 7, Building H, Monash University Caulfield >> 3145, >> Australia >> >> >> >>> -----Original Message----- >>> From: JP Navarro [mailto:navarro@mcs.anl.gov] >>> Sent: Friday, 1 December 2006 2:47 AM >>> To: Colin Enticott >>> Cc: zhengc@sdsc.edu; 'Terrence Martin'; gin-ops@ggf.org; >>> 'Oscar >>> Koeroo'; >>> gin-auth@ggf.org >>> Subject: Re: start Savannah run >>> >>> Colin, >>> >>> You should be set to go on the UC/ANL TeraGrid cluster. >>> >>> GT4 Pre-WS GRAM: tg-grid1.uc.teragrid.org:2119 >>> GT4 WS GRAM: tg-grid1.uc.teragrid.org:8443 (FORK, PBS) >>> GT4 GridFTP: tg-gridftp.uc.teragrid.org:2811 >>> >>> Regards, >>> >>> JP >>> >>> On Nov 30, 2006, at 2:43 AM, Colin Enticott wrote: >>> >>> >>>> Thankyou everyone. >>>> >>>> I am now registered on the GIN VO (well, I appear here: >>>> http://kuiken.nikhef.nl/gin.ggf.org/grid-mapfile). >>>> >>>> What is my next step? >>>> >>>> Thanks, >>>> Colin >>>> >>>> --- >>>> Colin Enticott, Research Scientist, Ph: +61 03 9903 2215 >>>> Room H7.26, Level 7, Building H, Monash University Caulfield >>>> 3145,
>>>> Australia >>>> >>>> >>>> >>>>> -----Original Message----- >>>>> From: Cindy Zheng [mailto:zhengc@sdsc.edu] >>>>> Sent: Thursday, 30 November 2006 11:59 AM >>>>> To: 'Terrence Martin' >>>>> Cc: 'JP Navarro'; gin-ops@ggf.org; 'Oscar Koeroo'; 'Colin >>>>> Enticott'; gin- >>>>> auth@ggf.org >>>>> Subject: RE: FW: start Savannah run >>>>> >>>>> Thank you, Terrence! >>>>> We'll wait to hear from Colin when Colin finishes >>>>> registering to gin vo. >>>>> Cindy >>>>> >>>>> >>>>>> -----Original Message----- >>>>>> From: Terrence Martin [mailto:tmartin@physics.ucsd.edu] >>>>>> Sent: Wednesday, November 29, 2006 11:36 AM >>>>>> To: Oscar Koeroo >>>>>> Cc: zhengc@sdsc.edu; 'JP Navarro'; gin-ops@ggf.org; 'Colin >>>>>> Enticott'; gin-auth@ggf.org >>>>>> Subject: Re: FW: start Savannah run >>>>>> >>>>>> >>>>>> Oscar Koeroo wrote: >>>>>> >>>>>>> Hi Terrence and Cindy, >>>>>>> >>>>>>> Getting new users up for registration on the GIN VO is >>>>>>> easy. >>>>>>> To be >>>>>>> able to access the secured website and for authentication >>>>>>> reasons
>>>>>>> during the registration process new users must have their >>>>>>> >>>>>> certificate >>>>>> >>>>>>> loaded and ready in their webbrowser. The VOMS server is >>>>>>> >>>>>> loaded with >>>>>> >>>>>>> all IGTF accredited CAs including the Fermilab kCA. >>>>>>> >>>>>>> Go to the website: >>>>>>> >>>>>> https://kuiken.nikhef.nl:8443/voms/gin.ggf.org/ and >>>>>> >>>>>>> apply for a "New user registration". >>>>>>> >>>>>>> >>>>>>> The usual VOMS configuration info is also available. I >>>>>>> >>>>>> don't know what >>>>>> >>>>>>> you'll need to populate a GUMS server. This VOMS server >>>>>>> is as >>>>>>> any
>>>>>>> other so I guess you can use your regular setup. >>>>>>> In addition to the secured interface I've also made >>>>>>> available >>>>>>> a
>>>>>>> non-secured way of grabbing a grid-mapfile. >>>>>>> http://kuiken.nikhef.nl/gin.ggf.org/grid-mapfile >>>>>>> There is also an RSS-feed pointing to the grid-mapfile and >>>>>>> >>>>>> the secured >>>>>> >>>>>>> interface at >>>>>>> >>>>>> http://kuiken.nikhef.nl/gin.ggf.org/feed-gin.ggf.org.xml >>>>>> >>>>>>> Unfortunately I'm not aware of a clear guide. I do know a >>>>>>> guide for >>>>>>> creating the packed certificate files that go into your >>>>>>> >>>>>> browser if you >>>>>> >>>>>>> start from a two PEM formated files (certificate file + >>>>>>> private key >>>>>>> file) that's at http://certificate.nikhef.nl/info/browser >>>>>>> Once a user has passed that stage, the registration for >>>>>>> the >>>>>>> >>>>>> VO is as >>>>>> >>>>>>> trivial as any web-forum account registration. >>>>>>> >>>>>>> >>>>>> I am assuming this user already has a grid cert since they >>>>>> list a DN so >>>>>> only VOMS registration is required. Once that is done >>>>>> either I >>>>>> run my >>>>>> update of GUMS manually or in 720/2 minutes on average the >>>>>> user will be >>>>>> automatically downloaded into my GUMS database. I >>>>>> actually do >>>>>> not have >>>>>> to do anything, but I can speed things up ever so >>>>>> slightly if >>>>>> I
>>>>>> am in >>>>>> the office and someone asks me to try refreshing gums. >>>>>> >>>>>> Terrence >>>>>> >>>>>> >>>>>> >>>>>>> Oscar >>>>>>> >>>>>>> >>>>>>> >>>>>>> Cindy Zheng wrote: >>>>>>> >>>>>>>> Sounds right, Terrence. Let me ask Oscar who has >>>>>>>> helped me >>>>>>>> >>>>>> with GIN >>>>>> >>>>>>>> VO before. >>>>>>>> >>>>>>>> Hi, Oscar, >>>>>>>> Could you advise Colin what need to be done to be >>>>>>>> added in GIN VO? >>>>>>>> I'm also cc'ing to gin-auth list. >>>>>>>> If there is a guide for potential GIN users, please >>>>>>>> let me know the url and I can link it to our GINOPS >>>>>>>> page. >>>>>>>> >>>>>>>> Thanks, >>>>>>>> >>>>>>>> Cindy >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>> -----Original Message----- >>>>>>>>> From: Terrence Martin [mailto:tmartin@physics.ucsd.edu] >>>>>>>>> Sent:
>>>>>>>>> Tuesday, November 28, 2006 3:24 PM >>>>>>>>> To: zhengc@sdsc.edu >>>>>>>>> Cc: 'JP Navarro'; gin-ops@ggf.org; 'Colin Enticott' >>>>>>>>> Subject: Re: FW: start Savannah run >>>>>>>>> >>>>>>>>> >>>>>>>>> The quickest and easiest way for me is to have him >>>>>>>>> added to >>>>>>>>> a VO. >>>>>>>>> How easy is it to add him to the GIN VO? One in there I >>>>>>>>> >>>>>> can hit my >>>>>> >>>>>>>>> gums reload and he will be able to access UCSD as a GIN >>>>>>>>> user. Any >>>>>>>>> other approach requires me hacking his DN into my local >>>>>>>>> >>>>>> VO which I >>>>>> >>>>>>>>> prefer to avoid and does not help him with any other >>>>>>>>> site. >>>>>>>>> >>>>>>>>> Terrence >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> Cindy Zheng wrote: >>>>>>>>> >>>>>>>>> >>>>>>>>>> Thanks, Terrence, for the quick reply! >>>>>>>>>> Colin has not been a GIN user. >>>>>>>>>> What do you think it's the best way to get colin >>>>>>>>>> access? >>>>>>>>>> Cindy >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>>> -----Original Message----- >>>>>>>>>>> From: Terrence Martin >>>>>>>>>>> [mailto:tmartin@physics.ucsd.edu] >>>>>>>>>>> Sent:
>>>>>>>>>>> Tuesday, November 28, 2006 2:53 PM >>>>>>>>>>> To: zhengc@sdsc.edu >>>>>>>>>>> Cc: 'JP Navarro'; gin-ops@ggf.org >>>>>>>>>>> Subject: Re: FW: start Savannah run >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> We only have a production cluster, but I should still >>>>>>>>>>> >>>>>> be >>>>>> >>>>>>>>> able to help. >>>>>>>>> >>>>>>>>> >>>>>>>>>>> I do not seem to have Colin in my GUMS database though >>>>>>>>>>> >>>>>> for >>>>>> >>>>>>>>> GIN or any >>>>>>>>> >>>>>>>>>>> other VO. Should he be downloaded with GIN's users? >>>>>>>>>>> >>>>>>>>>>> Terrence >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Cindy Zheng wrote: >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>>> Hi, JP and Terrence, >>>>>>>>>>>> >>>>>>>>>>>> Could you help Colin to get ready to run Savannah >>>>>>>>>>>> application on your GIN testbed clusters? >>>>>>>>>>>> You can find Colin's user info at >>>>>>>>>>>> http://wiki.pragma-grid.net/index.php? >>>>>>>>>>>> title=ColinDetails >>>>>>>>>>>> If you need more info or action from Colin, or have >>>>>>>>>>>> >>>>>> any questions >>>>>> >>>>>>>>>>>> for Colin or me, please let us know. >>>>>>>>>>>> >>>>>>>>>>>> Thank you very much! >>>>>>>>>>>> >>>>>>>>>>>> Cindy >>>>>>>>>>>> >>>>>>>>>>>> -----Original Message----- >>>>>>>>>>>> From: Cindy Zheng [mailto:zhengc@sdsc.edu] Sent: >>>>>>>>>>>> Tuesday,
>>>>>>>>>>>> November 28, 2006 2:31 PM >>>>>>>>>>>> To: 'gin-ops@ggf.org' >>>>>>>>>>>> Subject: start Savannah run >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> Dear all, >>>>>>>>>>>> >>>>>>>>>>>> Thanks for all the people involved to help make >>>>>>>>>>>> TDDFT application run and GIN testbed monitoring >>>>>>>>>>>> very fruitful experiments! We have learned a lot and >>>>>>>>>>>> have
>>>>>>>>>>>> presented our learnings at OGF and SC06. >>>>>>>>>>>> >>>>>>>>>>>> Let's continue our collaborative effort with our plan >>>>>>>>>>>> >>>>>> - start our >>>>>> >>>>>>>>>>>> next experiment with Savannah >>>>>>>>>>>> fire simulation - a data-intensive application, to >>>>>>>>>>>> >>>>>> explore data >>>>>> >>>>>>>>>>>> related interoperation issues. >>>>>>>>>>>> >>>>>>>>>>>> Colin Enticott at Monash University of Australia >>>>>>>>>>>> is the lead driver. Colin has documented the >>>>>>>>>>>> introduction and requirements of this application at >>>>>>>>>>>> http://wiki.pragma-grid.net/index.php?title=Savannah >>>>>>>>>>>> or go to >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>> http://forge.gridforum.org/sf/wiki/do/viewPage/ >>>>>>>>>>> projects.gin/wi >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> ki/GinOps >>>>>>>>>> >>>>>>>>>> >>>>>>>>>>> click "Savannah" under "Applications", >>>>>>>>>>> where "first Savannah experiment" is refering to >>>>>>>>>>> a previous experiment in PRAGMA testbed. The >>>>>>>>>>> "second Savannah experiment" is the one for GIN >>>>>>>>>>> testbed. >>>>>>>>>>> >>>>>>>>>>> We like to run this application on all Grids in GIN >>>>>>>>>>> >>>>>> testbed, but >>>>>> >>>>>>>>>>> in 2 steps. First, we will run it on >>>>>>>>>>> >>>>>> PRAGMA/TeraGrid/OSG - since >>>>>> >>>>>>>>>>> these should be relatively easier to do. We like to >>>>>>>>>>> get >>>>>>>>>>> >>>>>> this done >>>>>> >>>>>>>>>>> before the year end. >>>>>>>>>>> The next step, Colin will work with EGEE and Nordugrid >>>>>>>>>>> to develop possible solutions, to enable >>>>>>>>>>> interoperation >>>>>>>>>>> and to include all 5 Grids in the run. >>>>>>>>>>> >>>>>>>>>>> Thanks in advance for your continued help with this! >>>>>>>>>>> >>>>>>>>>>> Cindy >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> > -- > gin-auth mailing list > gin-auth@ogf.org > http://www.ogf.org/mailman/listinfo/gin-auth > -- gin-ops mailing list gin-ops@ogf.org http://www.ogf.org/mailman/listinfo/gin-ops