[GE users] csp problem

Co Thai Ngo cngo at nmsu.edu
Fri Oct 15 22:10:22 BST 2004


    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "ISO-8859-10" character set.  ]
    [ Some special characters may be displayed incorrectly. ]

Hi Andre, 
 
Sorry for late response. I was busy with somethings else. I've just tried to 
change the files as your advice and IT WORKS. Thank you very much for your 
help. 
 
Co  
 
Quoting Andre Alefeld <Andre.Alefeld at Sun.COM>: 
 
> Hi, 
>  
> the NetBSD packages seem to contain either the wrong openssl version or 
> the wrong scripts. 
> To fix you issue you have to edit the following three files and replace all 
> occurences of 
> userId with uniqueIdentifier: 
>  
> $SGE_ROOT/util/sgeCA/sge_ca 
>  
> $SGE_ROOT/util/sgeCA/sge_ssl.cnf 
>  
> $SGE_ROOT/util/sgeCA/sge_ssl_template.cnf 
>  
> Check if everything has been replaced with: 
> grep userId $SGE_ROOT/util/sgeCA/* 
>  
> Then retry the installation. 
>  
>  
> Andre 
>  
> Co Thai Ngo wrote: 
> > Andre,  
> >   
> > Here are the output of openssl:  
> >   
> > acacia# /usr/bin/openssl version  
> > OpenSSL 0.9.6g 9 Aug 2002  
> >   
> > acacia# /usr/pkg/sge/utilbin/nbsd-i386/openssl version  
> > OpenSSL 0.9.6m 17 Mar 2004  
> >   
> > Thank you,  
> >   
> > Co  
> >   
> > Quoting Andre Alefeld <Andre.Alefeld at Sun.COM>:  
> >   
> >  
> >>Hi,  
> >>  
> >>can you send me the output of:  
> >>  
> >>$SGE_ROOT/utilbin/<arch>/openssl version  
> >>  
> >>and  
> >>  
> >>/usr/bin/openssl version  
> >>  
> >>As I mentioned already there had been a change during 5.3 patch releases, 
>  
> >>where uniqueIdentifier had been replaced with userId. If the wrong openssl 
>  
> >>binary is called accidentally by the sge_ca script it cannot work  
> >>correctly.  
> >>  
> >>Andre  
> >>  
> >>Co Thai Ngo wrote:  
> >> 
> >>>Andre,   
> >>>   
> >>>I've tried both install_qmaster -csp and sge_ca -init on the master node 
> as  
> >> 
> >>  
> >> 
> >>>described in the webpage you mentioned. Anh both of them gave the same  
> >> 
> >>output:   
> >> 
> >>>   
> >>>---------------   
> >>>   
> >>>Initializing Certificate Authority (CA) for OpenSSL security framework   
> >>>----------------------------------------------------------------------   
> >>>   
> >>>   
> >>>Creating CA certificate and private key   
> >>>---------------------------------------   
> >>>Please give some basic parameters to create the distinguished name (DN)  
>  
> >>>   
> >>>You selected the following basic data for the distinguished name of   
> >>>your certificates:   
> >>>   
> >>>Country code:         C=US   
> >>>State:                ST=NM   
> >>>Location:             L=LC   
> >>>Organization:         O=NMSU   
> >>>Organizational unit:  OU=Biology   
> >>>CA email address:     emailAddress=cngo at nmsu.edu   
> >>>   
> >>>Do you want to use these data (y/n) [y] >> y   
> >>>   
> >>>Creating RANDFILE in >/var/sgeCA/sge_commd/default/private/rand.seed<   
> >>>Creating CA certificate and private key   
> >>>Using configuration from /tmp/sge_ca121018.tmp   
> >>>Generating a 1024 bit RSA private key   
> >>>....................++++++   
> >>>...............++++++   
> >>>writing new private key to 
> '/var/sgeCA/sge_commd/default/private/cakey.pem'  
> >> 
> >>  
> >> 
> >>>-----   
> >>>problems making Certificate Request   
> >>>11222:error:0B083077:x509 certificate   
> >>>routines:X509_NAME_ENTRY_create_by_txt:invalid field nam                   
>   
> >> 
> >>                            
> >> 
> >>>e:x509name.c:285:name=userId   
> >>>   
> >>>Command failed: /usr/pkg/sge/utilbin/nbsd-i386/openssl req -md5 -nodes  
> >> 
> >>-config   
> >> 
> >>>/tmp/sge_ca1210                                              18.tmp -new 
>  
> >> 
> >>-x509   
> >> 
> >>>-keyout /var/sgeCA/sge_commd/default/private/cakey.pem -out  
> >> 
> >>/usr/pkg/sge/def                                                
> >> 
> >>>ault/common/sgeCA/cacert.pem   
> >>>   
> >>>Probably a permission problem. Please check file access permissions.   
> >>>Check root read/write permission. Check if SGE daemons are running.   
> >>>   
> >>>---------------   
> >>>   
> >>>Here is the files created by sgeCA:   
> >>>   
> >>>---------   
> >>>   
> >>>acacia# pwd   
> >>>/usr/pkg/sge/default/common/sgeCA   
> >>>acacia# ll   
> >>>total 5   
> >>>drwxr-xr-x  2 sgeadmin  sgeadmin  512 Oct  6 09:14 certs   
> >>>drwxr-xr-x  2 sgeadmin  sgeadmin  512 Oct  6 09:14 crl   
> >>>-rw-r--r--  1 sgeadmin  sgeadmin   34 Oct  6 09:15 dn.info   
> >>>-rw-r--r--  1 sgeadmin  sgeadmin    0 Oct  6 09:14 index.txt   
> >>>drwxr-xr-x  2 sgeadmin  sgeadmin  512 Oct  6 09:14 newcerts   
> >>>-rw-r--r--  1 sgeadmin  sgeadmin    3 Oct  6 09:14 serial   
> >>>acacia#   
> >>>   
> >>>acacia# pwd   
> >>>/var/sgeCA/sge_commd/default/private   
> >>>acacia# ll   
> >>>total 2   
> >>>-rw-------  1 sgeadmin  wheel   887 Oct  6 09:15 cakey.pem   
> >>>-rw-------  1 sgeadmin  wheel  1024 Oct  6 09:15 rand.seed   
> >>>acacia#   
> >>>   
> >>>--------------   
> >>>   
> >>>Thank you,   
> >>>   
> >>>Co   
> >>>   
> >>>Quoting Andre Alefeld <Andre.Alefeld at Sun.COM>:   
> >>>   
> >>>  
> >>> 
> >>>>Hi,   
> >>>>  
> >>>>Can you send me the requested output as well ;)   
> >>>>The error you get might be related to openssl-0.9.6m. There had been   
> >>>>an upgrade to openssl-0.9.7x that required a change in the sgeCA/*   
> >>>>files. There had been renamings of some cert fields between these   
> >>>>versions.   
> >>>>Have you tried to follow the descriptions under:   
> >>>> 
> >>> 
> >>>  
> >>> 
> >> 
> > 
> 
http://gridengine.sunsource.net/unbranded-source/browse/%7Echeckout%7E/gridengine/source/security/sec/csp.html 
>  
> >  
> >>  
> >> 
> >>>  
> >>> 
> >>>>  
> >>>>You can run the cert generation script also standalone.   
> >>>>  
> >>>>On master host as root do:   
> >>>>  
> >>>>root % cd $SGE_ROOT   
> >>>>root % source default/common/settings.csh   
> >>>>root % util/sgeCA/sge_ca -init   
> >>>>  
> >>>>Please send me the output of this command. It should use the openssl    
> >>>>command that is shipped with GE.   
> >>>>  
> >>>>Andre   
> >>>>  
> >>>>On Tue, 2004-10-05 at 17:05, Co Thai Ngo wrote:   
> >>>> 
> >>>> 
> >>>>>Hi,    
> >>>>>   
> >>>>>The version of openssl that I'm using is openssl-0.9.6m and here is the  
>  
> >>>> 
> >>>>output    
> >>>> 
> >>>> 
> >>>>>of ldd:    
> >>>>>   
> >>>>>------------    
> >>>>>acacia: {9} ldd openssl    
> >>>>>openssl:    
> >>>>>        -lc.12 => /usr/lib/libc.so.12    
> >>>>>        -lcrypto.300 => /usr/pkg/lib/libcrypto.so.300    
> >>>>>        -lssl.300 => /usr/pkg/lib/libssl.so.300    
> >>>>>acacia: {10}    
> >>>>>--------------    
> >>>>>   
> >>>>>Thank you very much for your help,    
> >>>>>   
> >>>>>Co    
> >>>>>   
> >>>>>Quoting Andre Alefeld <Andre.Alefeld at Sun.COM>:    
> >>>>>   
> >>>>> 
> >>>>> 
> >>>>>>Hi,    
> >>>>>>   
> >>>>>>is it possible that a wrong openssl library is used ?    
> >>>>>>Can you do a ldd $SGE_ROOT/utilbin/<arch>/openssl and    
> >>>>>>$SGE_ROOT/utilbin/<arch>/openssl version    
> >>>>>>and send me the output ?    
> >>>>>>   
> >>>>>>Andre    
> >>>>>>   
> >>>>>>Co Thai Ngo wrote:    
> >>>>>> 
> >>>>>> 
> >>>>>>>Yes, I'm using the SGE 5.3 package for NetBSD. When I run   
> >>>> 
> >>>>install_qmaster    
> >>>> 
> >>>> 
> >>>>>>   
> >>>>>> 
> >>>>>> 
> >>>>>>>without csp option, I've got no problem. The problem comes when I run  
>  
> >> 
> >>  
> >> 
> >>>>  
> >>>> 
> >>>> 
> >>>>>>>install_qmater with csp.     
> >>>>>>>Thank you,     
> >>>>>>>    
> >>>>>>>Co      
> >>>>>>>     
> >>>>>>>Quoting Rayson Ho <raysonho at eseenet.com>:     
> >>>>>>>    
> >>>>>>>   
> >>>>>>> 
> >>>>>>> 
> >>>>>>>>>if you used the Sun pkgadd packages did you make sure to install all 
>   
> >> 
> >>  
> >> 
> >>>>  
> >>>> 
> >>>> 
> >>>>>>>>>patches as well?     
> >>>>>>>> 
> >>>>>>>>  
> >>>>>>>>   
> >>>>>>>>He is using the package for NetBSD, not the one for Solaris...     
> >>>>>>>>   
> >>>>>>>>  
> >>>>>>>> 
> >>>>>>>> 
> >>>>>>>>>We have both, SGE 5.3 and SGE 6.0 available for download - I      
> >>>>>>>>>suggest using 6.0 unless there is a specific reason to stay with     
>  
> >>>>>>>>>5.3.     
> >>>>>>>> 
> >>>>>>>>  
> >>>>>>>>   
> >>>>>>>>SGE 6.0 isn't ready for *BSD yet :(      
> >>>>>>>>   
> >>>>>>>>Rayson     
> >>>>>>>>   
> >>>>>>>>   
> >>>>>>>>  
> >>>>>>>> 
> >>>>>>>> 
> >>>>>>>>>Andy     
> >>>>>>>> 
> >>>>>>>>  
> >>>>>>>>---------------------------------------------------------     
> >>>>>>>>Get your FREE E-mail account at http://www.eseenet.com !     
> >>>>>>>>   
> >>>>>>>>--------------------------------------------------------------------- 
>   
> >> 
> >>  
> >> 
> >>>>  
> >>>> 
> >>>> 
> >>>>>>>>To unsubscribe, e-mail: users-unsubscribe at gridengine.sunsource.net    
>  
> >>>>>>>>For additional commands, e-mail: users-help at gridengine.sunsource.net  
>  
> >> 
> >>  
> >> 
> >>>>  
> >>>> 
> >>>> 
> >>>>>>>>   
> >>>>>>>>   
> >>>>>>> 
> >>>>>>>   
> >>>>>>>    
> >>>>>>>    
> >>>>>>>--      
> >>>>>>>Co Thai Ngo      
> >>>>>>>Dept. of Biology       
> >>>>>>>New Mexico State University       
> >>>>>>>   
> >>>>>>>---------------------------------------------------------------------  
>  
> >>>> 
> >>>>  
> >>>> 
> >>>> 
> >>>>>>>To unsubscribe, e-mail: users-unsubscribe at gridengine.sunsource.net   
>  
> >>>>>>>For additional commands, e-mail: users-help at gridengine.sunsource.net   
>  
> >>>>>>>   
> >>>>>> 
> >>>>>>   
> >>>>>>--     
> >>>>>>- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 
> -  
> >> 
> >>  
> >> 
> >>>>-    
> >>>> 
> >>>> 
> >>>>>>Andre Alefeld                Phone: ++49 (0)941 3075-255    
> >>>>>>Software Engineering         Fax:   ++49 (0)941 3075-222    
> >>>>>>Sun Microsystems GmbH    
> >>>>>>Dr.-Leo-Ritter-Str. 7	     mailto: andre.alefeld at sun.com    
> >>>>>>D-93049 Regensburg           http://www.sun.com/grid   
> >>>>>>   
> >>>>>>   
> >>>>>>---------------------------------------------------------------------   
>  
> >>>>>>To unsubscribe, e-mail: users-unsubscribe at gridengine.sunsource.net    
> >>>>>>For additional commands, e-mail: users-help at gridengine.sunsource.net   
>  
> >>>>>>   
> >>>>>>   
> >>>>> 
> >>>>>  
> >>>>>---------------------------------------------------------------------  
>  
> >>>>>To unsubscribe, e-mail: users-unsubscribe at gridengine.sunsource.net   
> >>>>>For additional commands, e-mail: users-help at gridengine.sunsource.net   
> >>>>>  
> >>>> 
> >>>>  
> >>>>  
> >>>>---------------------------------------------------------------------   
> >>>>To unsubscribe, e-mail: users-unsubscribe at gridengine.sunsource.net   
> >>>>For additional commands, e-mail: users-help at gridengine.sunsource.net   
> >>>>  
> >>>>  
> >>> 
> >>>  
> >>>   
> >>>   
> >>>  
> >>>---------------------------------------------------------------------  
> >>>To unsubscribe, e-mail: users-unsubscribe at gridengine.sunsource.net  
> >>>For additional commands, e-mail: users-help at gridengine.sunsource.net  
> >>>  
> >> 
> >>  
> >>--   
> >>- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 
>  
> >>Andre Alefeld                Phone: ++49 (0)941 3075-255  
> >>Software Engineering         Fax:   ++49 (0)941 3075-222  
> >>Sun Microsystems GmbH  
> >>Dr.-Leo-Ritter-Str. 7	     mailto: andre.alefeld at sun.com  
> >>D-93049 Regensburg           http://www.sun.com/grid  
> >>  
> >>  
> >>---------------------------------------------------------------------  
> >>To unsubscribe, e-mail: users-unsubscribe at gridengine.sunsource.net  
> >>For additional commands, e-mail: users-help at gridengine.sunsource.net  
> >>  
> >>  
> >  
> >  
> > --------------------------------------------------------------------- 
> > To unsubscribe, e-mail: users-unsubscribe at gridengine.sunsource.net 
> > For additional commands, e-mail: users-help at gridengine.sunsource.net 
> >  
>  
> --  
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 
> Andre Alefeld                Phone: ++49 (0)941 3075-255 
> Software Engineering         Fax:   ++49 (0)941 3075-222 
> Sun Microsystems GmbH 
> Dr.-Leo-Ritter-Str. 7	     mailto: andre.alefeld at sun.com 
> D-93049 Regensburg           http://www.sun.com/grid 
>  
>  
> --------------------------------------------------------------------- 
> To unsubscribe, e-mail: users-unsubscribe at gridengine.sunsource.net 
> For additional commands, e-mail: users-help at gridengine.sunsource.net 
>  
>  
 
 
--  
Co Thai Ngo  
Dept. of Biology   
New Mexico State University   

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe at gridengine.sunsource.net
For additional commands, e-mail: users-help at gridengine.sunsource.net




More information about the gridengine-users mailing list