Project

General

Profile

Bug #9857

Remove voms.fnal.gov from the fermigrid16 LVS and set it as a VIP on voms1.fnal.gov

Added by Gerard Bernabeu Altayo about 4 years ago.

Status:
New
Priority:
Normal
Start date:
08/20/2015
Due date:
% Done:

0%

Estimated time:
8.00 h
Duration:

Description

voms.fnal.gov is not used by the voms-proxy-init daemons anymore, we should remove it from the LVS to get rid of the 'fake errors' in the VOMS logs:

[root@voms1 ~]# tail /var/log/voms/voms_fermilab_log
Thu Aug 20 17:52:25 2015:voms1.fnal.gov:vomsd24198: msg="LOG_INFO:REQUEST:Run (vomsd.cc:738):Started child executor with pid = 31553"
Thu Aug 20 17:52:25 2015:voms1.fnal.gov:vomsd31553: msg="LOG_INFO:REQUEST:AcceptGSIAuthentication (Server.cpp:431):Error enstabilishing SSL context."
Thu Aug 20 17:52:25 2015:voms1.fnal.gov:vomsd31553: msg="LOG_INFO:REQUEST:Run (vomsd.cc:746):Failed to authenticate peer."
Thu Aug 20 17:52:25 2015:voms1.fnal.gov:vomsd31553: msg="LOG_INFO:REQUEST:Run (vomsd.cc:747):OpenSSL error: SSL Handshake error:"
Thu Aug 20 17:52:31 2015:voms1.fnal.gov:vomsd24198: msg="LOG_INFO:REQUEST:logconnection (ipv6sock.cc:127):Received connection from: fermigrid16.fnal.gov (131.225.153.75):37964."
Thu Aug 20 17:52:31 2015:voms1.fnal.gov:vomsd24198: msg="LOG_INFO:REQUEST:Run (vomsd.cc:723):Reached number of maximum active requests: 100. Waiting for some children process to finish."
Thu Aug 20 17:52:31 2015:voms1.fnal.gov:vomsd24198: msg="LOG_INFO:REQUEST:Run (vomsd.cc:738):Started child executor with pid = 31569"
Thu Aug 20 17:52:31 2015:voms1.fnal.gov:vomsd31569: msg="LOG_INFO:REQUEST:AcceptGSIAuthentication (Server.cpp:431):Error enstabilishing SSL context."
Thu Aug 20 17:52:31 2015:voms1.fnal.gov:vomsd31569: msg="LOG_INFO:REQUEST:Run (vomsd.cc:746):Failed to authenticate peer."
Thu Aug 20 17:52:31 2015:voms1.fnal.gov:vomsd31569: msg="LOG_INFO:REQUEST:Run (vomsd.cc:747):OpenSSL error: SSL Handshake error:"
[root@voms1 ~]#

Optionally we could set voms.fnal.gov in the new loadbalancer that networking MAY buy... But this is not doable until the HW is purchased...



Also available in: Atom PDF