Opened 12 years ago
Closed 12 years ago
#1027 closed (fixed)
use a cert with the correct URN
Reported by: | Aaron Helsinger | Owned by: | Aaron Helsinger |
---|---|---|---|
Priority: | major | Milestone: | |
Component: | I2AM | Version: | SPIRAL5 |
Keywords: | Cc: | tlehman@maxgigapop.net, ckotil@grnoc.iu.edu, Aaron Helsinger, xyang@maxgigapop.net | |
Dependencies: |
Description
PG cares that the ION AMs urn says 'ionpl+authority+sa' instead of 'ion.internet2.edu+authority+am' and wants this changed.
Work on regenerating the correct self signed certificate and using that instead.
Tony Mack says:
You can use the following commands to regenerate your registry certs and maintain the existing keys: $ sfaadmin registry nuke --certs $ sfaadmin registry import_registry
Attachments (1)
Change History (8)
comment:1 Changed 12 years ago by
comment:2 Changed 12 years ago by
Cc: | Aaron Helsinger xyang@maxgigapop.net added |
---|---|
Owner: | changed from xyang@maxgigapop.net to ckotil@grnoc.iu.edu |
Reassign to Chad.
Do the following steps to updates SFA on ION AM.
- sfa-nuke-plc.py
- find /var/lib/sfa/ -name *.gid |xargs rm -rf
find /var/lib/sfa/ -name *.cert |xargs rm -rf find /var/lib/sfa/ -name *.cred |xargs rm -rf
- grep -r ionpl /etc/sfa |cut -d: -f1 | xargs sed -i "s/ionpl/ion.internet2.edu/g"
- apply the attached sfa-2.0-9-patch-7.diff
- service sfa restart
- sfa-import-plc.py
- service sfa restart
Note: This is only for network-only aggregates that have no MyPLC hosts to allocate. Otherwise, simply replace the hrn may break MyPLC functions.
comment:3 Changed 12 years ago by
The wiki text was a bit messy in comment#2. Reformat the steps below:
- sfa-nuke-plc.py
- find /var/lib/sfa/ -name *.gid |xargs rm -rf; find /var/lib/sfa/ -name *.cert |xargs rm -rf; find /var/lib/sfa/ -name *.cred |xargs rm -rf
- grep -r ionpl /etc/sfa |cut -d: -f1 | xargs sed -i "s/ionpl/ion.internet2.edu/g"
- apply the attached sfa-2.0-9-patch-7.diff
- service sfa restart
- sfa-import-plc.py
- service sfa restart
Changed 12 years ago by
Attachment: | sfa-2.0-9-patch-7.diff added |
---|
comment:4 Changed 12 years ago by
Status: | new → assigned |
---|
I've applied the patch and followed the steps before restarting sfa. Then reimported the certs and restarted sfa.
comment:5 Changed 12 years ago by
Owner: | changed from ckotil@grnoc.iu.edu to Aaron Helsinger |
---|---|
Status: | assigned → new |
comment:6 Changed 12 years ago by
Status: | new → assigned |
---|
I confirmed the fix. Just waiting now to ensure the PG folks are happy.
comment:7 Changed 12 years ago by
Resolution: | → fixed |
---|---|
Status: | assigned → closed |
But given that this system's SFA is old, Tony says: