Problem Solving
o cert.fusiongrid.org down
o ==============================================
Script myproxy-get-delegation fails
Solution is to reference roam.fusiongrid.org
myproxy-get-delegation -s roam.fusiongrid.org
o roam.fusiongrid.org down
o ==============================================
Authentication and authorization used by globus
server and mdsplus server will fail.
Must update servers to use cert.fusiongrid.org
File to update is on portal
# On sunfire01; MUST be root
cd /usr/pppl/fusiongrid/1.0-2/fusiongrid/local
/bin/cp roam.env-mirror roam.env
o PPPL mail server not accessable
o ==============================================
----------------------------------------
Error message will be:
Sent to:
fusiongrid_support@pppl.gov
Subject of message:
Cron cd /var/www/cgi-bin ; /usr/bin/python loadCert.py
Error in message:
Traceback (most recent call last):
File "loadCert.py", line 28, in ?
i = imaplib.IMAP4_SSL( 'mail.pppl.gov' )
File "/usr/lib/python2.3/imaplib.py", line 1073, in __init__
IMAP4.__init__(self, host, port)
File "/usr/lib/python2.3/imaplib.py", line 157, in __init__
self.open(host, port)
File "/usr/lib/python2.3/imaplib.py", line 1085, in open
self.sock.connect((host, port))
###############################################################
File "", line 1, in connect
socket.error: (111, 'Connection refused')
----------------------------------------
o FGCM@pppl.gov mailbox password has expired
o ==============================================
-------------------------------------------
Error message will be:
Sent to:
fusiongrid_support@pppl.gov
Subject will be: (could also refer to loadCert.py)
Cron cd /var/www/cgi-bin ; /usr/bin/python renewalMail.py
Error in message:
error checking fgcm mailbox
-------------------------------------------
Cert.fusiongrid.org (blackbird.pppl.gov) can not read
certificate requests or renewal mail from FGCM@pppl.gov
Must request Lena Scimeca update password
o FusionGrid certificate on blackbird expires
o ==============================================
----------------------------------------
Error message is in log file but will be relayed
via logwatch.
From: root@pppl.gov
Subject: LogWatch for blackbird.pppl.gov
Date: August 1, 2008 4:02:03 AM EDT
To: fusiongrid_support@pppl.gov
Sent to:
fusiongrid_support@pppl.gov
Subject of message:
LogWatch for blackbird.pppl.gov
Error in message:
A total of 2 unidentified 'other' records logged
GET /cgi-bin/renew-Cert.py?cn=FusionGrid%20Certificate%20Manager%2010200 HTTP/1.1 with response code(s) 404 1 responses
GET /cgi-bin/renewCert.py?cn=FusionGrid%20Certificate%20Manager%2010200 HTTP/1.1 with response code(s) 200 1 responses
----------------------------------------
cert.fusiongrid.org can not enter user information into
roam.fusiongrid.org
This is the certificate in
blackbird.pppl.gov:/var/www/Users/fgcm_cert.pem
See "Updating Certificates" on getting replacement
certificate.
o Expired user cannot renew certificate.
o ==============================================
User gets a message that this username already taken.
Solution is for user to get a new username or
for us to remove the old username.
See
https://w3.pppl.gov/transp/FusionGridCertificateManager/fusiongrid_internals.html
o User gets failure while renewing interactively
o ==============================================
Have not completly resolved this. This seems to be
related to DOEgrids no longer giving a thirty day
slack in renewing certificates. Solution is to
treat it as an expired user.