Hi Terrence, Some success. I can submit from uaf-1.t2.ucsd.edu to all sites using both with a generated proxy and the proxy I was trying everywhere else. The machines I was trying from are: 130.194.70.23 131.170.184.61 198.202.88.52 I know the first machine has no firewall as I have exempted the host. When we run the experiment, we will be running it from 130.194.70.23. I guess it comes down to an IP firewall issue, or our servers not trusting the host cert. I have added to my server all the CA here, am I missing one?: http://goc.pragma-grid.net/gin/gin-resources.html Thanks, Colin --- Colin Enticott, Research Scientist, Ph: +61 03 9903 2215 Room H7.26, Level 7, Building H, Monash University Caulfield 3145, Australia
-----Original Message----- From: Terrence Martin [mailto:tmartin@physics.ucsd.edu] Sent: Tuesday, 5 December 2006 5:47 PM To: Colin Enticott Cc: 'Yoshio Tanaka'; D.Bannon@vpac.org; navarro@mcs.anl.gov; gin- auth@ggf.org; gin-ops@ggf.org Subject: Re: [gin-ops] [gin-auth] start Savannah run
Just to make sure I am not missing you in the log, what IP are you coming from?
Terrence
Colin Enticott wrote:
Thanks Yoshio,
So it looks like authentication issues as I can connect to port 2119 on both hosts:
cme@edda$ globusrun -a -r tg-grid1.uc.teragrid.org
GRAM Authentication test failure: connecting to the job manager failed. Possible reasons: job terminated, invalid job contact, network problems, ... cme@edda$ globusrun -a -r osg-gw-2.t2.ucsd.edu
GRAM Authentication test failure: connecting to the job manager failed. Possible reasons: job terminated, invalid job contact, network problems, ...
Regards, Colin
--- Colin Enticott, Research Scientist, Ph: +61 03 9903 2215 Room H7.26, Level 7, Building H, Monash University Caulfield 3145, Australia
-----Original Message----- From: Yoshio Tanaka [mailto:yoshio.tanaka@aist.go.jp] Sent: Tuesday, 5 December 2006 12:21 PM To: Colin.Enticott@csse.monash.edu.au Cc: D.Bannon@vpac.org; tmartin@physics.ucsd.edu; navarro@mcs.anl.gov; gin- auth@ggf.org; gin-ops@ggf.org; yoshio.tanaka@aist.go.jp Subject: Re: [gin-ops] [gin-auth] start Savannah run
Hi Colin,
Please test the authentication by the following command:
% globusrun -a -r osg-gw-2.t2.ucsd.edu
% globusrun -a -r tg-grid1.uc.teragrid.org
Thanks,
-- Yoshio Tanaka (yoshio.tanaka@aist.go.jp) http://ninf.apgrid.org/ http://www.apgridpma.org/
From: Colin Enticott <Colin.Enticott@csse.monash.edu.au> Subject: Re: [gin-ops] [gin-auth] start Savannah run Date: Tue, 05 Dec 2006 11:44:05 +1100 Message-ID: <017401c71806$77cf6760$1e46c282@nail>
Thanks David,
But still the same problem. As you can see, my certificate still works
on
the vpac host and there is definitely no firewall in the way:
cme@edda$ grid-proxy-init -cert usercert.pem.APACGrid -key userkey.pem.APACGrid Your identity: /C=AU/O=APACGrid/OU=Monash University/CN=Colin Enticott Enter GRID pass phrase for this identity: Creating proxy ................................... Done Your proxy is valid until: Tue Dec 5 23:28:47 2006 cme@edda$ globus-job-run osg-gw-2.t2.ucsd.edu/jobmanager-fork /bin/uname
-a
GRAM Job submission failed because the connection to the server failed (check host and port) (error code 12) cme@edda$ globus-job-run tg-grid1.uc.teragrid.org/jobmanager-fork
/bin/uname
-a GRAM Job submission failed because the connection to the server failed (check host and port) (error code 12) cme@edda$ globus-job-run ng1.vpac.org/jobmanager-fork /bin/uname -a Linux ng1.vpac.org 2.6.16.29-xen #4 SMP Sun Oct 15 13:20:46 BST 2006
i686
i686 i386 GNU/Linux cme@edda$ telnet tg-grid1.uc.teragrid.org 2119 Trying 192.5.198.225... Connected to tg-grid1.uc.teragrid.org. Escape character is '^]'.
Connection closed by foreign host. cme@edda$ telnet osg-gw-2.t2.ucsd.edu 2119 Trying 137.110.141.17... Connected to osg-gw-2.t2.ucsd.edu. Escape character is '^]'.
Connection closed by foreign host.
Any other thoughts from anyone?
Thanks, Colin
--- Colin Enticott, Research Scientist, Ph: +61 03 9903 2215 Room H7.26, Level 7, Building H, Monash University Caulfield 3145,
Australia
-----Original Message----- From: David Bannon [mailto:D.Bannon@vpac.org] Sent: Monday, 4 December 2006 6:08 PM To: JP Navarro Cc: Colin Enticott; gin-auth@ggf.org; gin-ops@ggf.org; 'Terrence
Martin'
Subject: Re: [gin-auth] start Savannah run
Colin, you can run as a Gin user on any of the VPAC machines, my be easier to debug....
David
On Fri, 2006-12-01 at 12:34 -0600, JP Navarro wrote:
Colin,
The error in the logs is below. Not sure what it means. Could you try this test again from your SDSC TeraGrid account so we can rule out software and firewall issues?
Thanks,
JP
TIME: Thu Nov 30 18:49:42 2006 PID: 9608 -- Notice: 0: GATEKEEPER_ACCT_FD=5 (/var/globus/prews- gram-4.0.1-r3-i1/log/globus-gatekeeper.log) TIME: Thu Nov 30 18:49:42 2006 PID: 9608 -- Notice: 6: Got connection 198.202.88.52 at Thu Nov 30 18:49:42 2006
Failed reading length 0 GSS authentication failure globus_gss_assist token :3: read failure: Connection closed Failure: GSS failed Major:01090000 Minor:00000000 Token:00000003
TIME: Thu Nov 30 18:49:42 2006 PID: 9608 -- Failure: GSS failed Major:01090000 Minor:00000000 Token:00000003
On Nov 30, 2006, at 7:05 PM, Colin Enticott wrote:
> Thanks JP, > > But I am running into some problems. I've tried both from our > server and > rocks-52 and this is what I get: > [cme@rocks-52 ~]$ globus-job-run tg-grid1.uc.teragrid.org/ > jobmanager-fork > /bin/uname -a > GRAM Job submission failed because the connection to the server > failed
> (check host and port) (error code 12) > [cme@rocks-52 ~]$ grid-proxy-info > subject : /C=AU/O=APACGrid/OU=Monash University/CN=Colin > Enticott/CN=1087048434 > issuer : /C=AU/O=APACGrid/OU=Monash University/CN=Colin Enticott > identity : /C=AU/O=APACGrid/OU=Monash University/CN=Colin Enticott > type : Proxy draft (pre-RFC) compliant impersonation proxy > strength : 512 bits > path : /home/cme/globus_proxy.APACGrid > timeleft : 836:30:26 (34.8 days) > [cme@rocks-52 ~]$ ssh tg-grid1.uc.teragrid.org > Warning: Permanently added 'tg-grid1.uc.teragrid.org' (RSA) to the > list of > known hosts. > Permission denied (external- > keyx,gssapi,publickey,gssapi,hostbased).
> [cme@rocks-52 ~]$ > > That is the certificate that I registered with. I also tried the > ssh key > pair I put up on the pragma wiki. > > Any thoughts? > > Thanks, > Colin > > --- > Colin Enticott, Research Scientist, Ph: +61 03 9903 2215 > Room H7.26, Level 7, Building H, Monash University Caulfield 3145, > Australia > > > >> -----Original Message----- >> From: JP Navarro [mailto:navarro@mcs.anl.gov] >> Sent: Friday, 1 December 2006 2:47 AM >> To: Colin Enticott >> Cc: zhengc@sdsc.edu; 'Terrence Martin'; gin-ops@ggf.org; 'Oscar >> Koeroo'; >> gin-auth@ggf.org >> Subject: Re: start Savannah run >> >> Colin, >> >> You should be set to go on the UC/ANL TeraGrid cluster. >> >> GT4 Pre-WS GRAM: tg-grid1.uc.teragrid.org:2119 >> GT4 WS GRAM: tg-grid1.uc.teragrid.org:8443 (FORK, PBS) >> GT4 GridFTP: tg-gridftp.uc.teragrid.org:2811 >> >> Regards, >> >> JP >> >> On Nov 30, 2006, at 2:43 AM, Colin Enticott wrote: >> >> >>> Thankyou everyone. >>> >>> I am now registered on the GIN VO (well, I appear here: >>> http://kuiken.nikhef.nl/gin.ggf.org/grid-mapfile). >>> >>> What is my next step? >>> >>> Thanks, >>> Colin >>> >>> --- >>> Colin Enticott, Research Scientist, Ph: +61 03 9903 2215 >>> Room H7.26, Level 7, Building H, Monash University Caulfield >>> 3145,
>>> Australia >>> >>> >>> >>>> -----Original Message----- >>>> From: Cindy Zheng [mailto:zhengc@sdsc.edu] >>>> Sent: Thursday, 30 November 2006 11:59 AM >>>> To: 'Terrence Martin' >>>> Cc: 'JP Navarro'; gin-ops@ggf.org; 'Oscar Koeroo'; 'Colin >>>> Enticott'; gin- >>>> auth@ggf.org >>>> Subject: RE: FW: start Savannah run >>>> >>>> Thank you, Terrence! >>>> We'll wait to hear from Colin when Colin finishes >>>> registering to gin vo. >>>> Cindy >>>> >>>> >>>>> -----Original Message----- >>>>> From: Terrence Martin [mailto:tmartin@physics.ucsd.edu] >>>>> Sent: Wednesday, November 29, 2006 11:36 AM >>>>> To: Oscar Koeroo >>>>> Cc: zhengc@sdsc.edu; 'JP Navarro'; gin-ops@ggf.org; 'Colin >>>>> Enticott'; gin-auth@ggf.org >>>>> Subject: Re: FW: start Savannah run >>>>> >>>>> >>>>> Oscar Koeroo wrote: >>>>> >>>>>> Hi Terrence and Cindy, >>>>>> >>>>>> Getting new users up for registration on the GIN VO is easy. >>>>>> To be >>>>>> able to access the secured website and for authentication >>>>>> reasons
>>>>>> during the registration process new users must have their >>>>>> >>>>> certificate >>>>> >>>>>> loaded and ready in their webbrowser. The VOMS server is >>>>>> >>>>> loaded with >>>>> >>>>>> all IGTF accredited CAs including the Fermilab kCA. >>>>>> >>>>>> Go to the website: >>>>>> >>>>> https://kuiken.nikhef.nl:8443/voms/gin.ggf.org/ and >>>>> >>>>>> apply for a "New user registration". >>>>>> >>>>>> >>>>>> The usual VOMS configuration info is also available. I >>>>>> >>>>> don't know what >>>>> >>>>>> you'll need to populate a GUMS server. This VOMS server is as >>>>>> any
>>>>>> other so I guess you can use your regular setup. >>>>>> In addition to the secured interface I've also made available >>>>>> a
>>>>>> non-secured way of grabbing a grid-mapfile. >>>>>> http://kuiken.nikhef.nl/gin.ggf.org/grid-mapfile >>>>>> There is also an RSS-feed pointing to the grid-mapfile and >>>>>> >>>>> the secured >>>>> >>>>>> interface at >>>>>> >>>>> http://kuiken.nikhef.nl/gin.ggf.org/feed-gin.ggf.org.xml >>>>> >>>>>> Unfortunately I'm not aware of a clear guide. I do know a >>>>>> guide for >>>>>> creating the packed certificate files that go into your >>>>>> >>>>> browser if you >>>>> >>>>>> start from a two PEM formated files (certificate file + >>>>>> private key >>>>>> file) that's at http://certificate.nikhef.nl/info/browser >>>>>> Once a user has passed that stage, the registration for the >>>>>> >>>>> VO is as >>>>> >>>>>> trivial as any web-forum account registration. >>>>>> >>>>>> >>>>> I am assuming this user already has a grid cert since they >>>>> list a DN so >>>>> only VOMS registration is required. Once that is done either I >>>>> run my >>>>> update of GUMS manually or in 720/2 minutes on average the >>>>> user will be >>>>> automatically downloaded into my GUMS database. I actually do >>>>> not have >>>>> to do anything, but I can speed things up ever so slightly if >>>>> I
>>>>> am in >>>>> the office and someone asks me to try refreshing gums. >>>>> >>>>> Terrence >>>>> >>>>> >>>>> >>>>>> Oscar >>>>>> >>>>>> >>>>>> >>>>>> Cindy Zheng wrote: >>>>>> >>>>>>> Sounds right, Terrence. Let me ask Oscar who has helped me >>>>>>> >>>>> with GIN >>>>> >>>>>>> VO before. >>>>>>> >>>>>>> Hi, Oscar, >>>>>>> Could you advise Colin what need to be done to be >>>>>>> added in GIN VO? >>>>>>> I'm also cc'ing to gin-auth list. >>>>>>> If there is a guide for potential GIN users, please >>>>>>> let me know the url and I can link it to our GINOPS >>>>>>> page. >>>>>>> >>>>>>> Thanks, >>>>>>> >>>>>>> Cindy >>>>>>> >>>>>>> >>>>>>> >>>>>>>> -----Original Message----- >>>>>>>> From: Terrence Martin [mailto:tmartin@physics.ucsd.edu] >>>>>>>> Sent:
>>>>>>>> Tuesday, November 28, 2006 3:24 PM >>>>>>>> To: zhengc@sdsc.edu >>>>>>>> Cc: 'JP Navarro'; gin-ops@ggf.org; 'Colin Enticott' >>>>>>>> Subject: Re: FW: start Savannah run >>>>>>>> >>>>>>>> >>>>>>>> The quickest and easiest way for me is to have him added to >>>>>>>> a VO. >>>>>>>> How easy is it to add him to the GIN VO? One in there I >>>>>>>> >>>>> can hit my >>>>> >>>>>>>> gums reload and he will be able to access UCSD as a GIN >>>>>>>> user. Any >>>>>>>> other approach requires me hacking his DN into my local >>>>>>>> >>>>> VO which I >>>>> >>>>>>>> prefer to avoid and does not help him with any other site. >>>>>>>> >>>>>>>> Terrence >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> Cindy Zheng wrote: >>>>>>>> >>>>>>>> >>>>>>>>> Thanks, Terrence, for the quick reply! >>>>>>>>> Colin has not been a GIN user. >>>>>>>>> What do you think it's the best way to get colin access? >>>>>>>>> Cindy >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>>> -----Original Message----- >>>>>>>>>> From: Terrence Martin [mailto:tmartin@physics.ucsd.edu] >>>>>>>>>> Sent:
>>>>>>>>>> Tuesday, November 28, 2006 2:53 PM >>>>>>>>>> To: zhengc@sdsc.edu >>>>>>>>>> Cc: 'JP Navarro'; gin-ops@ggf.org >>>>>>>>>> Subject: Re: FW: start Savannah run >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> We only have a production cluster, but I should still >>>>>>>>>> >>>>> be >>>>> >>>>>>>> able to help. >>>>>>>> >>>>>>>> >>>>>>>>>> I do not seem to have Colin in my GUMS database though >>>>>>>>>> >>>>> for >>>>> >>>>>>>> GIN or any >>>>>>>> >>>>>>>>>> other VO. Should he be downloaded with GIN's users? >>>>>>>>>> >>>>>>>>>> Terrence >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Cindy Zheng wrote: >>>>>>>>>> >>>>>>>>>> >>>>>>>>>>> Hi, JP and Terrence, >>>>>>>>>>> >>>>>>>>>>> Could you help Colin to get ready to run Savannah >>>>>>>>>>> application on your GIN testbed clusters? >>>>>>>>>>> You can find Colin's user info at >>>>>>>>>>> http://wiki.pragma-grid.net/index.php?title=ColinDetails >>>>>>>>>>> If you need more info or action from Colin, or have >>>>>>>>>>> >>>>> any questions >>>>> >>>>>>>>>>> for Colin or me, please let us know. >>>>>>>>>>> >>>>>>>>>>> Thank you very much! >>>>>>>>>>> >>>>>>>>>>> Cindy >>>>>>>>>>> >>>>>>>>>>> -----Original Message----- >>>>>>>>>>> From: Cindy Zheng [mailto:zhengc@sdsc.edu] Sent: >>>>>>>>>>> Tuesday,
>>>>>>>>>>> November 28, 2006 2:31 PM >>>>>>>>>>> To: 'gin-ops@ggf.org' >>>>>>>>>>> Subject: start Savannah run >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Dear all, >>>>>>>>>>> >>>>>>>>>>> Thanks for all the people involved to help make >>>>>>>>>>> TDDFT application run and GIN testbed monitoring >>>>>>>>>>> very fruitful experiments! We have learned a lot and >>>>>>>>>>> have
>>>>>>>>>>> presented our learnings at OGF and SC06. >>>>>>>>>>> >>>>>>>>>>> Let's continue our collaborative effort with our plan >>>>>>>>>>> >>>>> - start our >>>>> >>>>>>>>>>> next experiment with Savannah >>>>>>>>>>> fire simulation - a data-intensive application, to >>>>>>>>>>> >>>>> explore data >>>>> >>>>>>>>>>> related interoperation issues. >>>>>>>>>>> >>>>>>>>>>> Colin Enticott at Monash University of Australia >>>>>>>>>>> is the lead driver. Colin has documented the >>>>>>>>>>> introduction and requirements of this application at >>>>>>>>>>> http://wiki.pragma-grid.net/index.php?title=Savannah >>>>>>>>>>> or go to >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> http://forge.gridforum.org/sf/wiki/do/viewPage/ >>>>>>>>>> projects.gin/wi >>>>>>>>>> >>>>>>>>>> >>>>>>>>> ki/GinOps >>>>>>>>> >>>>>>>>> >>>>>>>>>> click "Savannah" under "Applications", >>>>>>>>>> where "first Savannah experiment" is refering to >>>>>>>>>> a previous experiment in PRAGMA testbed. The >>>>>>>>>> "second Savannah experiment" is the one for GIN testbed. >>>>>>>>>> >>>>>>>>>> We like to run this application on all Grids in GIN >>>>>>>>>> >>>>> testbed, but >>>>> >>>>>>>>>> in 2 steps. First, we will run it on >>>>>>>>>> >>>>> PRAGMA/TeraGrid/OSG - since >>>>> >>>>>>>>>> these should be relatively easier to do. We like to get >>>>>>>>>> >>>>> this done >>>>> >>>>>>>>>> before the year end. >>>>>>>>>> The next step, Colin will work with EGEE and Nordugrid >>>>>>>>>> to develop possible solutions, to enable interoperation >>>>>>>>>> and to include all 5 Grids in the run. >>>>>>>>>> >>>>>>>>>> Thanks in advance for your continued help with this! >>>>>>>>>> >>>>>>>>>> Cindy >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -- gin-auth mailing list gin-auth@ogf.org http://www.ogf.org/mailman/listinfo/gin-auth
-- gin-ops mailing list gin-ops@ogf.org http://www.ogf.org/mailman/listinfo/gin-ops