Hi Stephen,
The lines to focus on are these:
12/20/18 17:14:03 ZKM: 2: mapret: 0 included_voms: 1 canonical_user:
GSS_ASSIST_GRIDMAP
12/20/18 17:14:03 Globus-based mapping failed; will use gsi@unmapped.
This means that it tried to invoke Globus and something failed along
the lines.
Given you say it never makes it Args:
1. Any sign it makes it to Globus libraries?
2. Any sign it Globus successfully handed off to
libgsi_pep_callout.so?
3. Any sign the PEP callout did anything?
For (3), I believe there's a way (environment variable? PEP config?
... I forget) to increase the logging verbosity. That said, sometimes
I find "strace" the easiest way to determine some of these things.
Once we know where the ball gets dropped, we can target the debugging
further.
Brian
On Dec 20, 2018, at 11:21 AM, Stephen Jones <sjones@xxxxxxxxxxxxxxxx>
wrote:
Hi all,
I have a HTCondor-CE that contains a condor-mapfile that has
GSS_ASSIST_GRIDMAP, to make a callout to ARGUS.
# cd /etc/condor-ce/
# cat condor_mapfile
GSI (.*) GSS_ASSIST_GRIDMAP
...
I've set the GSI_AUTHZ_CONF value to be right:
# echo $GSI_AUTHZ_CONF
/etc/grid-security/gsi-authz.conf
And the conf file file looks OK:
# cat /etc/grid-security/gsi-authz.conf
globus_mapping /usr/lib64/libgsi_pep_callout.so argus_pep_callout
And the library is installed:
# ls -lrt /usr/lib64/libgsi_pep_callout.so
lrwxrwxrwx 1 root root 27 Dec 20 16:22
/usr/lib64/libgsi_pep_callout.so -> libgsi_pep_callout.so.1.0.1
Yet, when I try it out, it never calls out to my ARGUS server:
12/20/18 17:14:03 ZKM: setting default map to gsi@unmapped
12/20/18 17:14:03 ZKM: name to map is
'/C=UK/O=eScience/OU=Liverpool/L=CSD/CN=stephen jones'
12/20/18 17:14:03 ZKM: pre-map: current user is 'gsi'
12/20/18 17:14:03 ZKM: pre-map: current domain is 'unmapped'
12/20/18 17:14:03 ZKM: map file already loaded.
12/20/18 17:14:03 ZKM: attempting to map
'/C=UK/O=eScience/OU=Liverpool/L=CSD/CN=stephen jones'
12/20/18 17:14:03 ZKM: GSI was used, and FQAN is present.
12/20/18 17:14:03 ZKM: 1: attempting to map
'/C=UK/O=eScience/OU=Liverpool/L=CSD/CN=stephen
jones,/dteam/Role=NULL/Capability=NULL,/dteam/NGI_UK/Role=NULL/Capability=NULL'
12/20/18 17:14:03 ZKM: 2: mapret: 0 included_voms: 1 canonical_user:
GSS_ASSIST_GRIDMAP
12/20/18 17:14:03 Globus-based mapping failed; will use gsi@unmapped.
12/20/18 17:14:03 ZKM: post-map: current user is 'gsi'
12/20/18 17:14:03 ZKM: post-map: current domain is 'unmapped'
12/20/18 17:14:03 ZKM: post-map: current FQU is 'gsi@unmapped'
12/20/18 17:14:03 AUTHENTICATE: Exchanging keys with remote side.
12/20/18 17:14:03 AUTHENTICATE: Result of end of authenticate is 1.
12/20/18 17:14:03 DC_AUTHENTICATE: authentication of
<138.253.178.91:13663> did not result in a valid mapped user name,
which is required for this command (1112 QMGMT_WRITE_CMD), so
aborting.
Does anyone know what might be stopping it?
Cheers,
Ste
--
Steve Jones sjones@xxxxxxxxxxxxxxxx
Grid System Administrator office: 220
High Energy Physics Division tel (int): 43396
Oliver Lodge Laboratory tel (ext): +44 (0)151 794 3396
University of Liverpool
http://www.liv.ac.uk/physics/hep/
_______________________________________________
HTCondor-users mailing list
To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx
with a
subject: Unsubscribe
You can also unsubscribe by visiting
https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users
The archives can be found at:
https://lists.cs.wisc.edu/archive/htcondor-users/
_______________________________________________
HTCondor-users mailing list
To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx
with a
subject: Unsubscribe
You can also unsubscribe by visiting
https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users
The archives can be found at:
https://lists.cs.wisc.edu/archive/htcondor-users/
![[Computer Systems Lab]](http://www.cs.wisc.edu/pics/csl_logo.gif){kind=logo}