change in behavior for (some) clients after jobsub server updated hostcerts
We have a quick workaround that I will be putting into a test version in ups shortly
#2 Updated by Steven Timm 5 months ago
If you use the new test version with an expired cert you can get the following error:
<dunegpvm01> export GROUP=fermilab
<dunegpvm01> source /grid/fermiapp/products/common/etc/setups
<dunegpvm01> setup jobsub_client v1_3_rc2
<dunegpvm01> jobsub_submit --group=fermilab --memory=500MB --disk=1GB --expected-lifetime=172800s --jobsub-server=https://fifebatch.fnal.gov:8443 --resource-provides=usage_model="DEDICATED" --append_condor_requirements='(stringlistmember(\"BAREMETAL\",HTC_LABELS))' file://gridsleep.sh
HTTP response:0 PyCurl Error 56: SSL read: errno -12195
but once I get a clean cert then it is fine on dunegpvm01.. will try a few other hosts shortly.
Would be nice to know why it worked on certain hosts and not others before.
#4 Updated by Steven Timm 5 months ago
I get the same problem with the dune managed proxy. (which really is a proxy).
The test version as cut, removes the proxy code which would be used to process a proxy.
the underlying bug, it would seem, is that somehow the individual user certs gotten by kx509/cigetcert were being treated as proxies when they ought not to have been.
We still don't understand why that happened on some but not all machines.