egi-federation / ansible-role-voms-client Goto Github PK
View Code? Open in Web Editor NEWAn Ansible role for adding a VOMS client capability to your favourite machine
License: Apache License 2.0
An Ansible role for adding a VOMS client capability to your favourite machine
License: Apache License 2.0
Hi,
During the creation of a proxy (with any VO) I have the following error message:
org.italigrid.voms.VOMSError: LSC fiel parsing error: Malformed LSC file (vo=vo.grif.fr, host=grid12.lal.in2p3.fr): No distinguished name entries found
Thabn you.
Cheers, Giuseppe
There is not a 1-1 mapping between VOs and their VOMS servers. Sometimes VOs have no VOMS server, and sometimes they have more than 1. Currently, the task which configures the vomses file for the VO has a loop over VO, and has two issues:
This should be fixed by having an outer loop over VOs and an inner loop over VOMSes.
Good luck ๐ค
Allow to configure only specific VO, saving lots of time when setting up the env.
Some VOs do not have vomses.
The json array passed by lavoisier contains all VOs, some of which we know the task will fail on, since they have a nonstandard structure - this causes the json_query
lookup to fail.
At the moment (pre v0.1.0), we have a dirty hack to run the configure tasks across known-good slices of the array. It would be nice to pass known-bad items to the query in order to exclude them.
Since Ansible-2.6, reported in ansible/ansible#42162 the pip module docker-py
should be replaced with docker
. This is causing builds from 31 to fail.
In order to install the voms clients for debian, we would need to build them from source using https://github.com/italiangrid/voms-clients.git
This can be done quite easily, but care should be taken to reduce the size of the container or VM that results, since a full-blown build environment with Java, git, etc is required.
OCD striking...
It may be appropriate to rename the project to ansible-* something to remain aligned with the usual naming scheme we are using and that was used for all the other ansible-related components.
We may or may not also want to use some specific casing.
The voms servers at Padova have recently had a host certificate upgrade - see
https://operations-portal.egi.eu/broadcast/archive/2275
Update data.yml
A branch has been created for release v0.1.0-rc.
We need to check the following before merging it into master and tagging the release:
The task currently creates a "TBD" content only.
The VOMS certs json given by http://cclavoisier01.in2p3.fr:8080/lavoisier/voms-certificates?accept=json has some entries which do not follow the general structure:
{
"expiry": "Sat May 04 22:57:06 CEST 2019",
"host": "voms.fnal.gov",
"X509Cert": [{
"DN": ["/DC=org/DC=opensciencegrid/O=Open Science Grid/OU=Services/CN=voms1.fnal.gov"]
}, {
"CA_DN": ["/DC=org/DC=cilogon/C=US/O=CILogon/CN=CILogon OSG CA 1"]
}, {
"X509PublicKey": ["-----BEGIN CERTIFICATE-----\nMIIEQDCCAyigAwIBAgIFAQAAwo0wDQYJKoZIhvcNAQELBQAwaDETMBEGCgmSJomT8ixkARkWA29y\nZzEXMBUGCgmSJomT8ixkARkWB2NpbG9nb24xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdDSUxvZ29u\nMRkwFwYDVQQDExBDSUxvZ29uIE9TRyBDQSAxMB4XDTE4MDQwNDIwNTIwNloXDTE5MDUwNDIwNTcw\nNlowfjETMBEGCgmSJomT8ixkARkWA29yZzEfMB0GCgmSJomT8ixkARkWD29wZW5zY2llbmNlZ3Jp\nZDEaMBgGA1UEChMRT3BlbiBTY2llbmNlIEdyaWQxETAPBgNVBAsTCFNlcnZpY2VzMRcwFQYDVQQD\nEw52b21zMS5mbmFsLmdvdjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANrCRdvstr6i\nc7JWeH9v9pTl9TWcNnhjUsqpmfLDsdHnmoW1JYC6JFXCZTpFbS2Fz0c9Q7xgP2M9/WBgHzauHdIN\nwLqJy3oxVa0KIN+gt/NxfwxO5Jy76zY1eg8esI0ZilQjT13GOJsyxNr+0CmP9+I+WOgTXTd/RVG5\njpZyNO7+tH+uUuuIR/hXJyWPxd7xqhxOJ1A9IK3N34WR2p2lQD7nXz2AogFFULmh0EV/xftzkk4G\nRixKU7SZtCd+rYI1Z9NvQosrISm0mOXWORRC/bfovKwLWWmibeWXMbJd+8mC53mQFZRuaLd4m7ph\nKqkkXH/3/RIUZy5qCnJb5UBtuPECAwEAAaOB2jCB1zAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQE\nAwIEsDAmBgNVHSAEHzAdMA0GCysGAQQBgpE2AQYCMAwGCiqGSIb3TAUCAgEwNwYDVR0fBDAwLjAs\noCqgKIYmaHR0cDovL2NybC5jaWxvZ29uLm9yZy9jaWxvZ29uLW9zZy5jcmwwHQYDVR0lBBYwFAYI\nKwYBBQUHAwIGCCsGAQUFBwMBMDcGA1UdEQQwMC6CDnZvbXMxLmZuYWwuZ292gg12b21zLmZuYWwu\nZ292gQ10aW1tQGZuYWwuZ292MA0GCSqGSIb3DQEBCwUAA4IBAQCSSCQ3ptGUM+j5Cp/AHJu0Cw1v\nJQp+eVJGjdShCdm/HK6jaqbNmNggqU2uurcGplnZEON4iaKVuT6vFEWbG0O2yluMCAdaqSJBws5m\ni55kuja4IbsJ8KeSjQlTkrszU3VNQofa4gcNWSql+VYjxggDrnsAunL8lG6CfSHXFDX23zx1yfEk\nw8syQXYZevUq8dky1tNMHCspMY7g9cA+UOCbHvE0xBMdQOU08R4PFpNMP4/AskCadui+ObFqomzB\nVDr5D3FGurRSVNyHXm5FAiIxQcf2sDf9jZRk11jCyjOigZzOoMNOHDHzFlrmCl2NVxklAfEyq6rU\nt2CVYeQq3CJN\n-----END CERTIFICATE-----\n"]
}, {
"SerialNumber": ["4295017101"]
}]
}
Instead, they have errors:
{
"entries": [{
"key": "key",
"entry": ["glow-voms.cs.wisc.edu"]
}, {
"key": "ERROR",
"entry": ["fr.in2p3.lavoisier.interfaces.error.InitializationException: Exception raised for view 'voms-certificate-url' [java.net.SocketTimeoutException: connect timed out]"]
}]
}
This causes a task which asks for X509Cert
to fail.
I could implement a little filter to exclude entries which do not follow the right structure, but I was wondering whether this data can be cleaned by passing different options to lavoisier.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.