Open JamesAnstey opened 1 year ago
Hi @JamesAnstey yes to publish to production at LLNL, you'll still need a certificate. The myproxy-logon
command is correct. There is a Python equivalent that can be installed that should take the same options: https://pypi.org/project/MyProxyClient/ you can write the file anywhere, then reference either in the command
The --noauth
arg is for our test node. Use --cert <filename>
or you can add it to the new esg.ini or esg.yaml file (if you upgraded)
Ok great, thanks for confirming @sashakames. I've been trying this:
myproxyclient logon -s esgf-node.llnl.gov -l acrnpub -b -t 72 -o $HOME/.globus/certificate-file
resulting in:
Enter password for user 'acrnpub' on MyProxy server 'esgf-node.llnl.gov':
Error retrieving credentials: [Errno 111] Connection refused
I've tried it many times, and also with another registered openid, so I think it's not just that I'm making password typos... Is the above myproxyclient command what you would use/recommend? I'm doing this in my esgf-pub
env (still esgpublish version v5.1.0b11) with myproxyclient version 2.1.0.
If I can get the above myproxyclient command to work, then I would use --cert $HOME/.globus/certificate-file
in my esgpublish
command?
Is port 7512 open to egress? This should work:
(base) pro9919288:metagrid ames4$ openssl s_client -connect esgf-node.llnl.gov:7512
CONNECTED(00000005)
depth=1 C = US, O = ESGF, OU = ANL, CN = Root Certificate Authority
verify error:num=19:self-signed certificate in certificate chain
verify return:1
depth=1 C = US, O = ESGF, OU = ANL, CN = Root Certificate Authority
verify return:1
depth=0 O = ESGF, OU = ESGF.ORG, CN = esgf-node.llnl.gov
verify return:1
---
I'm trying to publish using v5.1.0b11 of the publisher. My publishing command is:
It results in this error:
For the much older version of the publisher we were previously using, prior to running the publishing commands I did this:
Is this step still required for publishing? Or is the "not authorized" message due to something else?
Some extra info: I saw that another open issue also mentions error code 401, and in contrast to my error output, the output there refers to an openid. The openid referenced in the above myproxy-logon command (https://esgf-node.llnl.gov/esgf-idp/openid/acrnpub) is registered for publishing. The
esg.ini
file also had a[myproxy]
section with info on this openid, but our updatedesg.ini
(made withesgmigrate
I believe) doesn't have this.