Uploaded image for project: 'FTS'
  1. FTS
  2. FTS-162

curl using proxies do not work from lxplus

    XMLWordPrintable

Details

    • Task
    • Status: Closed
    • Minor
    • Resolution: Not a Bug
    • None
    • None
    • REST API
    • None

    Description

      C&P from my last mail

      I have been able to reproduce with my proxy doing the command inside lxplus. I was trying from a different machine and there it was working
      For instance, in Ubuntu 12.04 and SL6 with epel it works, but not in lxplus

      What really puzzles me a lot is the following:

      aalvarez@farnsworth:~/Source/fts3/test/stress$ md5sum  $X509_USER_PROXY
fff57ad7fb80af77daad0b0c59cf753b  /tmp/x509up_u32489

aalvarez@pc-hermes:~/Source/fts3/test/stress$ curl --capath /etc/grid-security/certificates/ -E $X509_USER_PROXY --cacert $X509_USER_PROXY  https://fts104.cern.ch:8446/whoami
{
  "delegation_id": "47b51410fec1faf8",
  "dn": [
    "/DC=ch/DC=cern/OU=Organic Units/OU=Users/CN=aalvarez/CN=678984/CN=Alejandro Alvarez Ayllon",
    "/DC=ch/DC=cern/OU=Organic Units/OU=Users/CN=aalvarez/CN=678984/CN=Alejandro Alvarez Ayllon/CN=1509675715"
  ],
  "level": {
    "transfer": "vo"
  },
  "method": "certificate",
  "roles": [],
  "user_dn": "/DC=ch/DC=cern/OU=Organic Units/OU=Users/CN=aalvarez/CN=678984/CN=Alejandro Alvarez Ayllon",
  "voms_cred": [
    "/dteam/Role=NULL/Capability=NULL"
  ],
  "vos": [
    "dteam"
  ]
}

      Note the checksum. Now in lxplus

      aalvarez@lxplus0048:~$ md5sum  $X509_USER_PROXY
fff57ad7fb80af77daad0b0c59cf753b  /tmp/x509up_u32489 # Very same file!!

aalvarez@lxplus0048:~$ curl --capath /etc/grid-security/certificates -k --cert $X509_USER_PROXY --key $X509_USER_PROXY --cacert $X509_USER_PROXY https://fts3-pilot.cern.ch:8446/whoami
{
  "delegation_id": "aa7994e138952c5e",
  "dn": [
    "/DC=ch/DC=cern/OU=Organic Units/OU=Users/CN=aalvarez/CN=678984/CN=Alejandro Alvarez Ayllon/CN=1509675715"
  ],
  "level": {
    "config": "all",
    "transfer": "vo"
  },
  "method": "certificate",
  "roles": [],
  "user_dn": "/DC=ch/DC=cern/OU=Organic Units/OU=Users/CN=aalvarez/CN=678984/CN=Alejandro Alvarez Ayllon/CN=1509675715",
  "voms_cred": [],
  "vos": [
    "1509675715@cern.ch"
  ]
}

      Broken.

      I would very much appreciate if you could confirm this behaviour: in an lxplus node verify that the behaviour is indeed broken (you will see that cms does not appear in vos regardless of your proxy),
      copy that very same proxy to some other non-lxplus machine, and try again.
      If you indeed see cms in this case, this would confirm there is an issue client side, not server side (which corresponds with what I was seeing on the logs: the full chain is not being sent for some reason)

      I will try to figure out what's the difference...

      Attachments

        Activity

          People

            aalvarez Alejandro Alvarez Ayllon (Inactive)
            aalvarez Alejandro Alvarez Ayllon (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: