Re: [gt-user] globusrun-ws -monitor fails

Thu, 31 Jul 2008 11:28:44 -0700 


On Jul 28, 2008, at 7:59 AM, Tatsuhiko Inoue wrote:


Hello

I have a trouble in WS GRAM of GT4.2.0.
globusrun-ws is failed on using -monitor option.

$ globusrun-ws -submit -batch -c /bin/hostname > epr
Submitting job...Done.
Job ID: uuid:bbc7380e-5c96-11dd-ac75-000a9595eb52
Termination time: 07/28/3008 11:17 GMT
$ globusrun-ws -monitor -j epr
globusrun-ws: Error subscribing
globus_xio_gsi: gss_init_sec_context failed.
GSS Major Status: Unexpected Gatekeeper or Service Name
globus_gsi_gssapi: Authorization denied: The name of the remote host (example.org), and the expected name for the remote host (192.168.0.100) do not match. This happens when the name in the host certificate does not match the information obtained from DNS and is often a DNS configuration problem. 
$ cat epr
<ns00:EndpointReference xmlns:ns00="http://www.w3.org/2005/08/addressing "> <ns00:Address>https://192.168.0.100:8443/wsrf/services/ManagedExecutableJobService </ns00:Address> <ns00:ReferenceParameters><ResourceID xmlns="http://www.globus.org/namespaces/2008/03/gram/job ">bbf49100-5c96-11dd-84e4-f814b61841c8</ResourceID></ ns00:ReferenceParameters> 
</ns00:EndpointReference>

(example.org and 192.168.0.100 actually are another values).

This trouble does not occur if I add the following lines to
${GLOBUS_LOCATION}/etc/globus_wsrf_core/server-config.wsdd.

<globalConfiguration>
+     <parameter name="logicalHost" value="example.org"/>
+     <parameter name="publishHostName" value="true"/>

    <parameter name="usageStatisticsTargets"
                      value="usage-stats.globus.org:4810"/>
This setting is not necessary for running globusrun-ws with -monitor in GT4.0.x. 
Why is this setting necessary in GT4.2.0?

I use MacOS X 10.4(pcc) and I builded GT4.2.0 from source code.
In 4.2, globusrun-ws doesn't rely on DNS lookups for determining the hostname to use for authorization decisions in the mutual authentication from client to service and from service to notification consumer. Instead, the host information provided on the command-line (or in the EPR) is used.
Since the epr contains only an ip address (and not the hostname) globusrun-ws is failing to authenticate the connection because it doesn't know what name should be used. I'll file a bug to add DNS resolution in the case where the address is an IPv4 or IPV6 address and not a host name to catch this issue, but in general, using logicalHost is a good option in the meantime. 

Joe

Reply via email to