Mailing List Archives Authenticated access	UW Madison Computer Sciences Department Computer Systems Lab

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [HTCondor-users] condor_ce_host_network_check says host certificate does not matc h

Date: Wed, 22 Mar 2023 11:41:02 +0100
From: Thomas Hartmann <thomas.hartmann@xxxxxxx>
Subject: Re: [HTCondor-users] condor_ce_host_network_check says host certificate does not matc h

Hi Chun-yu,

does the VM has more IPs or does it have a private IP while the publicIP is a floating one from OpenStack?As far as I see, `condor_ce_host_network_check` does a DNS lookup and areverse lookup (which look both fine to me [1]) - but probably it istaking the internal private IP for the reverse lookup, and gets confusedby another name?


Cheers,
  Thomas


[1]
> dig +short A ui.grid.nchc.org.tw
140.110.26.138
> dig +short -x  140.110.26.138
ui.grid.nchc.org.tw.


On 22/03/2023 05.17, Chun-Yu Lin wrote:

Dear all,

I try to install CE / condor custer on the virtual cluster (on ourprivate OpenStack).

The CE is the only node reachable from outside.

Strangely, "condor_ce_host_network_check" complains the hostname doesn'tmatch with the certificate.

Yet everything looks fine.
Below are four basic tests contradict with the errors. Anything I miss ?

# condor_ce_host_network_check
Starting analysis of host networking for HTCondor-CE
System hostname: ui.grid.nchc.org.tw
FQDN matches hostname

Host certificate (subject=C = TW, O = NCHC, OU = GRID, CN =ui.grid.nchc.org.tw) does not match HTCondor-CE hostname ui.grid.nchc.org.tw

Host network configuration not expected to work with HTCondor-CE.

# openssl x509 -in /etc/grid-security/hostcert.pem -text | grep Subject:
 Â Â Â Â Subject: C = TW, O = NCHC, OU = GRID, CN = ui.grid.nchc.org.tw

# nslookup ui.grid.nchc.org.tw
Name:Â Âui.grid.NCHC.org.tw
Address: 140.110.26.138

# nslookup 140.110.26.138
138.26.110.140.in-addr.arpaÂ Â Âname = ui.grid.nchc.org.tw.

Many thanks,
Chun-yu

_______________________________________________
HTCondor-users mailing list
To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a
subject: Unsubscribe
You can also unsubscribe by visiting
https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users

The archives can be found at:
https://lists.cs.wisc.edu/archive/htcondor-users/

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Follow-Ups:
- Re: [HTCondor-users] condor_ce_host_network_check says host cert ificate does not match
  - From: Chun-Yu Lin

References:
- [HTCondor-users] token authorized grid universe submission
  - From: Thomas Hartmann
- Re: [HTCondor-users] token authorized grid universe submission
  - From: Stefano Dal Pra
- Re: [HTCondor-users] token authorized grid universe submission
  - From: Thomas Hartmann
- Re: [HTCondor-users] token authorized grid universe submission
  - From: Thomas Hartmann
- [HTCondor-users] condor_ce_host_network_check says host certificate does not matc h
  - From: Chun-Yu Lin

Prev by Date: [HTCondor-users] Call For Nominations: HPDC'23 Achievement Award
Next by Date: [HTCondor-users] Limit no of jobs submitted by users
Previous by thread: [HTCondor-users] condor_ce_host_network_check says host certificate does not matc h
Next by thread: Re: [HTCondor-users] condor_ce_host_network_check says host cert ificate does not match
Index(es):
- Date
- Thread

Mailing List Archives

Authenticated access

Re: [HTCondor-users] condor_ce_host_network_check says host certificate does not matc h