Bug #22399
change in behavior for (some) clients after jobsub server updated hostcerts
0%
Description
see INC000001053014
We have a quick workaround that I will be putting into a test version in ups shortly
History
#1 Updated by Dennis Box 5 months ago
- Status changed from New to Feedback
There is a 'test' release of jobsub_client v1_3_rc2 on /grid/fermiapp that fixes the issue in all of my tests. Please confirm that it works for you as well.
#2 Updated by Steven Timm 5 months ago
If you use the new test version with an expired cert you can get the following error:
<dunegpvm01> export GROUP=fermilab
<dunegpvm01> source /grid/fermiapp/products/common/etc/setups
<dunegpvm01> setup jobsub_client v1_3_rc2
<dunegpvm01> jobsub_submit --group=fermilab --memory=500MB --disk=1GB --expected-lifetime=172800s --jobsub-server=https://fifebatch.fnal.gov:8443 --resource-provides=usage_model="DEDICATED" --append_condor_requirements='(stringlistmember(\"BAREMETAL\",HTC_LABELS))' file://gridsleep.sh
HTTP response:0 PyCurl Error 56: SSL read: errno -12195
but once I get a clean cert then it is fine on dunegpvm01.. will try a few other hosts shortly.
Would be nice to know why it worked on certain hosts and not others before.
Steve
#3 Updated by Kenneth Herner 5 months ago
When using a managed proxy on des40, I get the error Steve described.
#4 Updated by Steven Timm 5 months ago
I get the same problem with the dune managed proxy. (which really is a proxy).
The test version as cut, removes the proxy code which would be used to process a proxy.
the underlying bug, it would seem, is that somehow the individual user certs gotten by kx509/cigetcert were being treated as proxies when they ought not to have been.
We still don't understand why that happened on some but not all machines.
#5 Updated by Dennis Box 5 months ago
- Status changed from Feedback to Closed