hi, Yu
it is the real IP in
$GLOBUS_LOCATION/etc/metascheduler/metascheduler-config.xml
i'm confused.cause i can use RFT, why i can't use CFS
Best regards!
======= 2007-08-31 19:17:47 您在来信中写道:=======
>I try to installed CSF and do the test, it is ok for the example about
>job create,submit and status. The command executed like this:
>
>[EMAIL PROTECTED] ~]$ csf-job-create -rsl
>/usr/local/gt4.0.2/docs/metascheduler/examples/gram_job.xml -name
>job2
>Service location:
>https://192.168.0.106:8443/wsrf/services/metascheduler/JobService
>CreateJob Successfully: job2
>[EMAIL PROTECTED] ~]$ csf-job-submit job2 submit() =>
>https://zhcy.bme.xjtu.edu.cn:8443/wsrf/services/metascheduler/JobService
>[EMAIL PROTECTED] ~]$ csf-job-status job2 getStatus() => Sched
>[EMAIL PROTECTED] ~]$ csf-job-status job2
>getStatus() => PExit
>
>What is your $GLOBUS_LOCATION/etc/metascheduler/metascheduler-config.xml
> file look like? Dose it have the content like this:
> <global:CommunityGISHandle
>value="https://127.0.0.1:8443/wsrf/services/DefaultIndexService"/>
>
>If it is, try to modified it to your real IP address.
> <global:CommunityGISHandle
>value="https://202.112.9.201:8443/wsrf/services/DefaultIndexService"/>
>
>
>在 07-8-31,丁涛<[EMAIL PROTECTED]> 写道:
>> [EMAIL PROTECTED] ~]$ csf-job-create rsl
>> $GLOBUS_LOCATION/docs/metascheduler/examples/gram_job.xml job1
>> Service
>> location:https://202.112.9.201:8443/wsrf/services/metascheduler/JobService
>> CreateJob Successfully: job1
>>
>>
>> [EMAIL PROTECTED] ~]$ csf-job-submit job1
>> submit() => https://202.112.9.201:8443/wsrf/services/metascheduler/JobService
>>
>>
>> [EMAIL PROTECTED] ~]$ csf-job-status job1
>> Job fault type: ; nested exception is:
>> javax.xml.rpc.soap.SOAPFaultException: ; nested exception is:
>> org.globus.common.ChainedIOException: Authentication failed [Caused
>> by: Operation unauthorized (Mechanism level: Authorization failed. Expected
>> "/CN=host/node1" target but received
>> "/O=Grid/OU=GlobusTest/OU=simpleCA-node1/CN=leo")]
>>
>>
>> in container log file it seems that CSF didn't submit job.the output is
>> below.
>>
>> 2007-08-31 17:46:33,873 ERROR impl.JobGramTask [JobGramTask,init:209] Error
>> subm
>> itting job request: ; nested exception is:
>> org.globus.common.ChainedIOException: Authentication failed [Caused
>> by:
>> Operation unauthorized (Mechanism level: Authorization failed. Expected
>> "/CN=hos
>> t/node1" target but received
>> "/O=Grid/OU=GlobusTest/OU=simpleCA-node1/CN=leo")]
>> 2007-08-31 17:46:34,654 ERROR impl.JobGramTask [JobGramTask,init:214] Error
>> dest
>> roying job
>>
>> here are other files
>> [EMAIL PROTECTED] ~]$ cat
>> /usr/local/globus-4.0.4/etc/globus_delegation_service/factory-security-config.xml
>> <securityConfig xmlns="http://www.globus.org";>
>> <method name="requestSecurityToken">
>> <auth-method>
>> <GSITransport/>
>> <GSISecureMessage/>
>> <GSISecureConversation/>
>> </auth-method>
>> </method>
>> <auth-method>
>> <none/>
>> </auth-method>
>> <authz value="gridmap"/>
>> </securityConfig>
>>
>>
>> [EMAIL PROTECTED] ~]$ cat
>> /usr/local/globus-4.0.4/etc/globus_delegation_service/service-security-config.xml
>> <securityConfig xmlns="http://www.globus.org";>
>> <auth-method>
>> <GSITransport/>
>> <GSISecureMessage/>
>> <GSISecureConversation/>
>> </auth-method>
>> <authz value="gridmap"/>
>> </securityConfig>
>>
>> [EMAIL PROTECTED] ~]$ cat
>> /usr/local/globus-4.0.4/etc/globus_wsrf_core/global_security_descriptor.xml
>> <?xml version="1.0" encoding="UTF-8"?>
>> <securityConfig xmlns="http://www.globus.org";>
>> <credential>
>> <key-file value="/etc/grid-security/containerkey.pem"/>
>> <cert-file value="/etc/grid-security/containercert.pem"/>
>> </credential>
>> <gridmap value="/etc/grid-security/grid-mapfile"/>
>>
>>
>> [EMAIL PROTECTED] ~]$ cat /etc/grid-security/grid-mapfile
>> "/O=Grid/OU=GlobusTest/OU=simpleCA-node1/CN=leo" guser
>> "guser" guser
>>
>>
>>
>> thank you very much for your help
>>
>> Best regards!
>>
>> ======= 2007-08-31 11:22:24 您在来信中写道:=======
>>
>> >Sorry for my late reply......I am confused too...
>> >From your first question, it sames like a "host"mode authorization
>> >problem.Maybe the CSF client's default authorization is "host".(and I
>> >think it should have the option to change this.....)
>> >But now it sames that "gridmap" authorization still works.
>> >
>> >Maybe you should retry the test from the beginning and keep all the
>> >configuration as its original status. and print the following message:
>> >the error message,
>> >the contents of /etc/host file,
>> >$GLOBUS_LOCATION/etc/metascheduler/*security-config.xml ,
>> >$GLOBUS_LOCATION/etc/globus_delegation_service/*security-config.xml.
>> >$GLOBUS_LOCATION/etc/globus_wsrf_core/global_security_descriptor.xml
>> >and your /etc/grid-security/grid-mapfile
>> >
>> >If the CSF use the delegation servcie, this service's authorization
>> >mechanism can still affect the whole procdure.
>> >
>> >在 07-8-30,丁涛<[EMAIL PROTECTED]> 写道:
>> >> Hi, Yu
>> >>
>> >> the content of
>> >> $GLOBUS_LOCATION/etc/metascheduler/ms-security-config.xml file is
>> >> <securityConfig xmlns="http://www.globus.org";>
>> >> <auth-method>
>> >> <GSISecureConversation/>
>> >> </auth-method>
>> >> <authz value="gridmap"/>
>> >> <gridmap value="/etc/grid-security/grid-mapfile"/>
>> >> </securityConfig>
>> >>
>> >> and if i change <authz value="gridmap"/> to <authz value="self"/>
>> >> when i run CSF, the output will be like this
>> >>
>> >> [EMAIL PROTECTED] ~]$ csf-job-create rsl
>> >> $GLOBUS_LOCATION/docs/metascheduler/examples/gram_job.xml job1
>> >> RemoteEx catched! Create Job error!
>> >> org.globus.wsrf.impl.security.authorization.exceptions.AuthorizationException:
>> >> "/O=Grid/OU=GlobusTest/OU=simpleCA-node1/CN=leo" is not authorized to
>> >> use operation:
>> >> {http://www.platform.com/namespaces/2003/05/metascheduler/job}createResource
>> >> on this service
>> >>
>> >> so how can i configure the file? thanks a lot.
>> >>
>> >>
>> >> Best regards!
>> >>
>> >> ======= 2007-08-30 17:49:34 您在来信中写道:=======
>> >>
>> >> >I didn't use CSF before, from globus document, it same that CSF is a
>> >> >kind of service provide task schedular function. So if you can find
>> >> >the file security-config.xml under the directory
>> >> >$GLOBUS_LOCATION/etc/metascheduler or some others related with CSF.
>> >> >Edit security-config.xml for your will. For examples,if you want a
>> >> >"self" mode authorization
>> >> >add a line or change a line like this:
>> >> ><authz value="self">
>> >> >and do not forget to have a copy before your modification:)
>> >> >It same like this, Try.
>> >> >
>> >> >在 07-8-30,丁涛<[EMAIL PROTECTED]> 写道:
>> >> >> hi,Yu
>> >> >>
>> >> >> actually i run "rft" locally.
>> >> >> i changed /etc/hosts like "127.0.0.1 node1" and execute "rft -h
>> >> >> node1 -f /tmp/rft.xfr" it's OK!
>> >> >> and if i changed /etc/hosts like "202.112.9.201 node1" and
>> >> >> execute "rft -h node1 -f /tmp/rft.xfr -z self" it's OK too!
>> >> >> but for CSF i can't find a argument like "-z self" to tell the
>> >> >> command to expect my own identity.
>> >> >> anyway thanks Yu and Charles, you both help me.
>> >> >>
>> >> >>
>> >> >> Best regards!
>> >> >>
>> >> >>
>> >> >> >Is 202.112.9.201 your local IP address? and do you exectue the "rft"
>> >> >> >command locally? If it is, try to delete the line "202.112.9.201
>> >> >> >node1" in your /etc/hosts and maybe write an other line "127.0.0.1
>> >> >> >localhost ". This maybe function....
>> >> >> >
>> >> >> >I meet this kind of problem before,but dose not remember the detail
>> >> >> >solution for every kind. This kind of problem occured often by two
>> >> >> >kinds of aspects: one is about server-side authorization
>> >> >> >mode(self,host or identity), the other is the conversion between IP
>> >> >> >and Domain Name problem.
>> >> >> >
>> >> >> >
>> >> >> >在 07-8-29,丁涛<[EMAIL PROTECTED]> 写道:
>> >> >> >> hi, Charles
>> >> >> >>
>> >> >> >>
>> >> >> >> in my /etc/hosts file, there is nothing but the real IP address
>> >> >> >> and node1.
>> >> >> >> like
>> >> >> >> 202.112.9.201 node1
>> >> >> >>
>> >> >> >>
>> >> >> >>
>> >> >> >> Best regards!
>> >> >> >>
>> >> >> >> ======= 2007-08-29 22:49:38 您在来信中写道:=======
>> >> >> >>
>> >> >> >> >In your first example, it looks like you started the container as
>> >> >> >> >yourself by hand. Now it looks like you started the container with
>> >> >> >> >the host certificates. The trouble now is that a reverse lookup on
>> >> >> >> >node1's IP address is returning localhost. Make sure your
>> >> >> >> >/etc/hosts
>> >> >> >> >file doesn't have any entries like:
>> >> >> >> >127.0.0.1 node1
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >Charles
>> >> >> >> >
>> >> >> >> >On Aug 29, 2007, at 5:29 AM, 丁涛 wrote:
>> >> >> >> >
>> >> >> >> >> hi,Charles
>> >> >> >> >>
>> >> >> >> >> thanks for your reply. but it didn't work.and the output
>> >> >> >> >> below
>> >> >> >> >> isn't like before.
>> >> >> >> >> and csf still didn't work. why this happen?
>> >> >> >> >>
>> >> >> >> >> [EMAIL PROTECTED] ~]$ rft -h node1 -f /tmp/rft.xfr -z self
>> >> >> >> >> Number of transfers in this request: 1
>> >> >> >> >> Subscribed for overall status
>> >> >> >> >> Termination time to set: 60 minutes
>> >> >> >> >>
>> >> >> >> >> Overall status of transfer:
>> >> >> >> >> Finished/Active/Failed/Retrying/Pending
>> >> >> >> >> 0/0/1/0/0
>> >> >> >> >> Error:Error authenticating user at source/dest hostAuthentication
>> >> >> >> >> failed [Caused by: Operation unauthorized (Mechanism level:
>> >> >> >> >> Authorization failed. Expected "/CN=host/localhost" target but
>> >> >> >> >> received
>> >> >> >> >> "/O=Grid/OU=GlobusTest/OU=simpleCA-node1/CN=host/node1")]
>> >> >> >> >> [Caused by: Authentication failed [Caused by: Operation
>> >> >> >> >> unauthorized (Mechanism level: Authorization failed. Expected "/
>> >> >> >> >> CN=host/localhost" target but received "/O=Grid/OU=GlobusTest/
>> >> >> >> >> OU=simpleCA-node1/CN=host/node1")]]
>> >> >> >> >> All Transfers failed
>> >> >> >> >>
>> >> >> >> >> Best regards!
>> >> >> >> >>
>> >> >> >> >> ======= 2007-08-28 23:03:24 您在来信中写道:=======
>> >> >> >> >>
>> >> >> >> >>> For the rft -h node1, you'll need to add something telling the
>> >> >> >> >>> command to expect your own identity.
>> >> >> >> >>>
>> >> >> >> >>> $ rfh -h node1 -f /tmp/rft.xfr -z self
>> >> >> >> >>>
>> >> >> >> >>> should work. For globusrun-ws, try -self.
>> >> >> >> >>>
>> >> >> >> >>>
>> >> >> >> >>> Charles
>> >> >> >> >>>
>> >> >> >> >>> On Aug 28, 2007, at 4:42 AM, Ding Tao wrote:
>> >> >> >> >>>
>> >> >> >> >>>> hi, all
>> >> >> >> >>>>
>> >> >> >> >>>> when i rum $rft -h node1 -f /tmp/rft.xfr and
>> >> >> >> >>>> $csf-job-status
>> >> >> >> >>>> job1, i meet the same problem which shows below.
>> >> >> >> >>>>
>> >> >> >> >>>> 2007-09-04 09:46:49,378 ERROR delegation.DelegationUtil
>> >> >> >> >>>> [main,getCertificateChainRP:558]
>> >> >> >> >>>> org.globus.common.ChainedIOException: Authentication failed
>> >> >> >> >>>> [Caused
>> >> >> >> >>>> by: Operation unauthorized (Mechanism level: Authorization
>> >> >> >> >>>> failed.
>> >> >> >> >>>> Expected "/CN=host/node1" target but received "/O=Grid/
>> >> >> >> >>>> OU=GlobusTest/OU=simpleCA-node1/CN=leo")]
>> >> >> >> >>>>
>> >> >> >> >>>> my /etc/grid-security/grid-mapfile is "/O=Grid/OU=GlobusTest/
>> >> >> >> >>>> OU=simpleCA-node1/CN=leo" guser
>> >> >> >> >>>>
>> >> >> >> >>>> these are output of grid-proxy-info
>> >> >> >> >>>> [EMAIL PROTECTED] ~]$ grid-proxy-info
>> >> >> >> >>>> subject : /O=Grid/OU=GlobusTest/OU=simpleCA-node1/CN=leo/
>> >> >> >> >>>> CN=1342777527
>> >> >> >> >>>> issuer : /O=Grid/OU=GlobusTest/OU=simpleCA-node1/CN=leo
>> >> >> >> >>>> identity : /O=Grid/OU=GlobusTest/OU=simpleCA-node1/CN=leo
>> >> >> >> >>>> type : Proxy draft (pre-RFC) compliant impersonation proxy
>> >> >> >> >>>> strength : 512 bits
>> >> >> >> >>>> path : /tmp/x509up_u505
>> >> >> >> >>>> timeleft : 11:59:49
>> >> >> >> >>>>
>> >> >> >> >>>> and i comfirm that i set PATH JAVA_HOME ANT_HOME and run
>> >> >> >> >>>> `source
>> >> >> >> >>>> $GLOBUS_LOCATION/etc/globus-user-env.sh & source
>> >> >> >> >>>> $GLOBUS_LOCATION/
>> >> >> >> >>>> etc/globus-devel-env.sh `
>> >> >> >> >>>>
>> >> >> >> >>>> i know there are sth wrong with authentication but how can i
>> >> >> >> >>>> solve
>> >> >> >> >>>> this problem.
>> >> >> >> >>>>
>> >> >> >> >>>> Best regards!
>> >> >> >> >>>>
>> >> >> >> >>>> -------------------------------------------------------
>> >> >> >> >>>> Ding Tao
>> >> >> >> >>>> 丁涛
>> >> >> >> >>>>
>> >> >> >> >>>> Network Information Center,
>> >> >> >> >>>> Beijing University of Posts & Telecommunications (BUPT),
>> >> >> >> >>>> 10 Xi Tu Cheng Rd.,Beijing,100876,
>> >> >> >> >>>> P.R.China
>> >> >> >> >>>>
>> >> >> >> >>>> 北京邮电大学信息网络中心 邮编100876
>> >> >> >> >>>>
>> >> >> >> >>>> E-Mail: [EMAIL PROTECTED]
>> >> >> >> >>>> -------------------------------------------------------
>> >> >> >> >>>>
>> >> >> >> >>>> 2007-08-28
>> >> >> >> >>
>> >> >> >> >> = = = = = = = = = = = = = = = = = = = =
>> >> >> >> >>
>> >> >> >> >> -------------------------------------------------------
>> >> >> >> >> Ding Tao
>> >> >> >> >> 丁涛
>> >> >> >> >>
>> >> >> >> >> Network Information Center,
>> >> >> >> >> Beijing University of Posts & Telecommunications (BUPT),
>> >> >> >> >> 10 Xi Tu Cheng Rd.,Beijing,100876,
>> >> >> >> >> P.R.China
>> >> >> >> >>
>> >> >> >> >> 北京邮电大学信息网络中心 邮编100876
>> >> >> >> >>
>> >> >> >> >> E-Mail: [EMAIL PROTECTED]
>> >> >> >> >> -------------------------------------------------------
>> >> >> >> >>
>> >> >> >> >> 2007-08-29
>> >> >> >>
>> >> >> >> = = = = = = = = = = = = = = = = = = = =
>> >> >> >>
>> >> >> >> -------------------------------------------------------
>> >> >> >> Ding Tao
>> >> >> >> 丁涛
>> >> >> >>
>> >> >> >> Network Information Center,
>> >> >> >> Beijing University of Posts & Telecommunications (BUPT),
>> >> >> >> 10 Xi Tu Cheng Rd.,Beijing,100876,
>> >> >> >> P.R.China
>> >> >> >>
>> >> >> >> 北京邮电大学信息网络中心 邮编100876
>> >> >> >>
>> >> >> >> E-Mail: [EMAIL PROTECTED]
>> >> >> >> -------------------------------------------------------
>> >> >> >>
>> >> >> >> 2007-08-29
>> >> >> >>
>> >> >>
>> >> >> = = = = = = = = = = = = = = = = = = = =
>> >> >>
>> >> >> -------------------------------------------------------
>> >> >> Ding Tao
>> >> >> 丁涛
>> >> >>
>> >> >> Network Information Center,
>> >> >> Beijing University of Posts & Telecommunications (BUPT),
>> >> >> 10 Xi Tu Cheng Rd.,Beijing,100876,
>> >> >> P.R.China
>> >> >>
>> >> >> 北京邮电大学信息网络中心 邮编100876
>> >> >>
>> >> >> E-Mail: [EMAIL PROTECTED]
>> >> >> -------------------------------------------------------
>> >> >>
>> >> >> 2007-08-30
>> >> >>
>> >>
>> >> = = = = = = = = = = = = = = = = = = = =
>> >>
>> >> -------------------------------------------------------
>> >> Ding Tao
>> >> 丁涛
>> >>
>> >> Network Information Center,
>> >> Beijing University of Posts & Telecommunications (BUPT),
>> >> 10 Xi Tu Cheng Rd.,Beijing,100876,
>> >> P.R.China
>> >>
>> >> 北京邮电大学信息网络中心 邮编100876
>> >>
>> >> E-Mail: [EMAIL PROTECTED]
>> >> -------------------------------------------------------
>> >>
>> >> 2007-08-30
>> >>
>>
>> = = = = = = = = = = = = = = = = = = = =
>>
>> -------------------------------------------------------
>> Ding Tao
>> 丁涛
>>
>> Network Information Center,
>> Beijing University of Posts & Telecommunications (BUPT),
>> 10 Xi Tu Cheng Rd.,Beijing,100876,
>> P.R.China
>>
>> 北京邮电大学信息网络中心 邮编100876
>>
>> E-Mail: [EMAIL PROTECTED]
>> -------------------------------------------------------
>>
>> 2007-08-31
>>
= = = = = = = = = = = = = = = = = = = =
-------------------------------------------------------
Ding Tao
丁涛
Network Information Center,
Beijing University of Posts & Telecommunications (BUPT),
10 Xi Tu Cheng Rd.,Beijing,100876,
P.R.China
北京邮电大学信息网络中心 邮编100876
E-Mail: [EMAIL PROTECTED]
-------------------------------------------------------
2007-08-31
