It looks like your host doesn't trust its own host certificate.
One of the first things the container does is contact the
ContainerRegistryService to print out the list of services being
hosted. From the GSI errors, it looks like you don't have the CA
installed that signed your host certificate.
Charles
On Jan 14, 2009, at 9:32 AM, Jan Muhammad wrote:
Hi,
Can any one help me in figuring out the problem with globus-
container. Interestingly, couple of weeks ago it was working fine,
but due to recent tests/experiments using PERMIS protected services
(although have un-deployed those now) the trouble started.
So now I try to run container with (globus-start-container -nosec),
there is no problem and services start normally. But when I try to
run it with Full-Security (globus-start-container ) I get the
following error. Although I have valid proxy-certificates,user and
host-certificate. My guess is that I might have corrupted
certificates which are no longer trusted by the 'globus-
conatiner'.....
One thing more, I use the same user-certificates on another machine,
there is no any problem and containers running fine.
I also googled to check this issue but could not get relevant to my
issue. Specifically this One:-
"Failed to obtain a list of services from 'https://130.209.58.58:8443/wsrf/services/ContainerRegistryService'
service: ; nested exception is:
org.globus.common.ChainedIOException: Authentication failed
[Caused by: Failure unspecified at GSS-API level [Caused by: Unknown
CA]]"
Thanks in advance for help
Regards
-Jan
--------------------------------------------------------------------------------------
$ globus-start-container -debug
2009-01-14 15:13:24,420 ERROR service.ReliableFileTransferImpl
[main,<init>:69] Unable to setup database driver with
pooling.Connection refused. Check that the hostname and port are
correct and that the postmaster is accepting TCP/IP connections.
2009-01-14 15:13:27,015 WARN service.ReliableFileTransferHome
[main,initialize:97] All RFT requests will fail and all GRAM jobs
that require file staging will fail.Connection refused. Check that
the hostname and port are correct and that the postmaster is
accepting TCP/IP connections.
2009-01-14 15:13:30,736 ERROR container.GSIServiceThread
[ServiceThread-9,process:141] Error processing request
java.net.SocketException: Connection reset
at java.net.SocketInputStream.read(SocketInputStream.java:168)
at org.globus.gsi.gssapi.SSLUtil.read(SSLUtil.java:37)
at
org
.globus
.gsi
.gssapi.net.impl.GSIGssInputStream.readToken(GSIGssInputStream.java:
64)
at
org
.globus
.gsi
.gssapi
.net
.impl.GSIGssInputStream.readHandshakeToken(GSIGssInputStream.java:54)
at
org
.globus.gsi.gssapi.net.impl.GSIGssSocket.readToken(GSIGssSocket.java:
60)
at
org
.globus.gsi.gssapi.net.GssSocket.authenticateServer(GssSocket.java:
122)
at
org.globus.gsi.gssapi.net.GssSocket.startHandshake(GssSocket.java:142)
at
org.globus.gsi.gssapi.net.GssSocket.getOutputStream(GssSocket.java:
161)
at
org
.globus
.wsrf.container.GSIServiceThread.process(GSIServiceThread.java:98)
at
org.globus.wsrf.container.ServiceThread.run(ServiceThread.java:291)
AxisFault
faultCode: {http://schemas.xmlsoap.org/soap/
envelope/}Server.userException
faultSubcode:
faultString: org.globus.common.ChainedIOException: Authentication
failed [Caused by: Failure unspecified at GSS-API level [Caused by:
Unknown CA]]
faultActor:
faultNode:
faultDetail:
{http://xml.apache.org/axis/}stackTrace:Authentication
failed. Caused by Failure unspecified at GSS-API level. Caused by
COM.claymoresystems.ptls.SSLThrewAlertException: Unknown CA
at COM.claymoresystems.ptls.SSLConn.alert(SSLConn.java:235)
at
COM
.claymoresystems.ptls.SSLHandshake.recvCertificate(SSLHandshake.java:
304)
at
COM
.claymoresystems
.ptls.SSLHandshakeClient.processTokens(SSLHandshakeClient.java:128)
at
COM
.claymoresystems
.ptls.SSLHandshake.processHandshake(SSLHandshake.java:135)
at
org
.globus
.gsi
.gssapi
.GlobusGSSContextImpl.initSecContext(GlobusGSSContextImpl.java:483)
at
org
.globus.gsi.gssapi.net.GssSocket.authenticateClient(GssSocket.java:
102)
at
org.globus.gsi.gssapi.net.GssSocket.startHandshake(GssSocket.java:140)
at
org.globus.gsi.gssapi.net.GssSocket.getOutputStream(GssSocket.java:
161)
at
org
.apache.axis.transport.http.HTTPSender.writeToSocket(HTTPSender.java:
433)
at
org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:135)
at
org
.apache
.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:
118)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
at org.apache.axis.client.AxisClient.invoke(AxisClient.java:
165)
at org.apache.axis.client.Call.invokeEngine(Call.java:2727)
at org.apache.axis.client.Call.invoke(Call.java:2710)
at org.apache.axis.client.Call.invoke(Call.java:2386)
at org.apache.axis.client.Call.invoke(Call.java:2309)
at org.apache.axis.client.Call.invoke(Call.java:1766)
at
org
.oasis
.wsrf
.properties
.GetResourcePropertySOAPBindingStub
.getResourceProperty(GetResourcePropertySOAPBindingStub.java:397)
at
org
.globus
.wsrf.container.ServiceContainer.listServices(ServiceContainer.java:
492)
at
org
.globus.wsrf.container.ServiceContainer.main(ServiceContainer.java:
424)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun
.reflect
.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun
.reflect
.DelegatingMethodAccessorImpl
.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at
org.globus.bootstrap.BootstrapBase.launch(BootstrapBase.java:95)
at org.globus.bootstrap.Bootstrap.main(Bootstrap.java:37)
{http://xml.apache.org/axis/}hostname:callisto.nesc.gla.ac.uk
org.globus.common.ChainedIOException: Authentication failed [Caused
by: Failure unspecified at GSS-API level [Caused by: Unknown CA]]
at org.apache.axis.AxisFault.makeFault(AxisFault.java:101)
at
org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:144)
at
org
.apache
.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:
118)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
at org.apache.axis.client.AxisClient.invoke(AxisClient.java:
165)
at org.apache.axis.client.Call.invokeEngine(Call.java:2727)
at org.apache.axis.client.Call.invoke(Call.java:2710)
at org.apache.axis.client.Call.invoke(Call.java:2386)
at org.apache.axis.client.Call.invoke(Call.java:2309)
at org.apache.axis.client.Call.invoke(Call.java:1766)
at
org
.oasis
.wsrf
.properties
.GetResourcePropertySOAPBindingStub
.getResourceProperty(GetResourcePropertySOAPBindingStub.java:397)
at
org
.globus
.wsrf.container.ServiceContainer.listServices(ServiceContainer.java:
492)
at
org
.globus.wsrf.container.ServiceContainer.main(ServiceContainer.java:
424)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun
.reflect
.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun
.reflect
.DelegatingMethodAccessorImpl
.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at
org.globus.bootstrap.BootstrapBase.launch(BootstrapBase.java:95)
at org.globus.bootstrap.Bootstrap.main(Bootstrap.java:37)
Caused by: org.globus.common.ChainedIOException: Authentication
failed [Caused by: Failure unspecified at GSS-API level [Caused by:
Unknown CA]]
at
org.globus.gsi.gssapi.net.GssSocket.startHandshake(GssSocket.java:145)
at
org.globus.gsi.gssapi.net.GssSocket.getOutputStream(GssSocket.java:
161)
at
org
.apache.axis.transport.http.HTTPSender.writeToSocket(HTTPSender.java:
433)
at
org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:135)
... 18 more
Failed to obtain a list of services from 'https://130.209.58.58:8443/wsrf/services/ContainerRegistryService'
service: ; nested exception is:
org.globus.common.ChainedIOException: Authentication failed
[Caused by: Failure unspecified at GSS-API level [Caused by: Unknown
CA]]
