Tuesday, September 22, 2009

wms myproxy renewal wobbles

During our recent reconfiguration to SL5 we also re-wrote our user account generation script from perl to python. Well Graeme did actually. So now its very easy to understand and extend. A consequence of this was that we created a new directory in /home for each user to keep things neat and tidy. This necessitated the recreation of all home directories across the cluster. A task fraught with danger.

However, we managed it except that I blew away the glite user from the WMS in the process and the .certs and .globus certificates required to run the WMS. After replacing them everything worked fine or so I thought. Recently we received reports that the myproxy renewal was not working and as it transpired the /home/glite/.certs/hostkey.pem and /home/glite/.certs/hostcert.pem must be owned by the glite user and not root for the renewal process to work! One to watch!

No comments: