[GE issues] [Issue 2826] New - Renaming the certificate directories during execd installation on Windows is problematic

roland roland.dittel at sun.com
Thu Dec 11 13:09:40 GMT 2008

                 Issue #|2826
                 Summary|Renaming the certificate directories during execd inst
                        |allation on Windows is problematic
       Status whiteboard|
              Issue type|DEFECT
             Assigned to|dom
             Reported by|roland

------- Additional comments from roland at sunsource.net Thu Dec 11 05:09:40 -0800 2008 -------
During the execd installation on Windows the root user certificates are moved
from '<certdir>/userkeys/root' to '<certdir>/userkeys/HOSTNAME+Administrator'
because that's the privileged username on Windows. The old directorys with root
are later no longer available. This fact leads to two issues.

1) When the certificates expires or revocated new ones need to be created and
distributed to all execution nodes. Normally they are created on master side as
user root. For every windows host a special care is necessary to move them into
the new directory.

2) Because the original directory is destroyed a second try of a execd
installation fails because for savety reasons the 'HOSTNAME+Administrator'
directory gets deleted at first and then the move from the non-existing root
directory fails. The error printed later in the installation is:

   error: commlib error: can't set CA chain file
error: commlib error: ssl error ([ID=33558530] in module "system library": "No
such file or directory")
ERROR: unable to send message to qmaster using port 798 on host "hostname":
can't set CA chain file


To unsubscribe from this discussion, e-mail: [issues-unsubscribe at gridengine.sunsource.net].

More information about the gridengine-users mailing list