Ken,
On July 11, 2016 at 7:42:18 AM, Ken McDonell (kenj@xxxxxxxxxxxxxxxx) wrote:
> On one host (vm04, centos 5) I'm seeing failures of the form
>
> kenj@vm04:~/src/pcp/qa$ show-me 713
> 713:
> *** 713.out 2015-03-21 01:08:15.000000000 +1100
> --- 713.out.bad 2016-07-10 18:56:34.000000000 +1000
> ***************
> *** 1,24 ****
> QA output created by 713
> Waiting for pmcd to terminate ...
> == Creating empty certificate DB
> == Creating local certificates
> == Certificate DB and local certificates created
> Start pmcd, modified $PCP_PMCDOPTIONS_PATH (pmcd.options):
> Starting pmcd ...
> Checking pmcd.log for unexpected messages
> Checking pmproxy.log for unexpected messages
> checking client, server certificate only. should prompt and fail...
> ! WARNING: issuer of certificate received from host HOST is not trusted.
> ! Do you want to accept and save this certificate locally anyway? (no)
> ! pminfo: Cannot connect to PMCD on host "HOST": Peer's Certificate issuer
> is not recognized.
> checking client, user certificate only. should pass...
> !
> ! hinv.ncpu
> ! value NUMBER
> checking client, user certificate only, second time. should pass...
> !
> ! hinv.ncpu
> ! value NUMBER
> Waiting for pmcd to terminate ...
> Starting pmcd ...
> Starting pmlogger ...
> --- 1,23 ----
> QA output created by 713
> Waiting for pmcd to terminate ...
> == Creating empty certificate DB
> + certutil: function failed: SEC_ERROR_LEGACY_DATABASE: The certificate/key
> database is in an old, unsupported format.
> == Creating local certificates
> == Certificate DB and local certificates created
> + certutil: function failed: SEC_ERROR_LEGACY_DATABASE: The certificate/key
> database is in an old, unsupported format.
> Start pmcd, modified $PCP_PMCDOPTIONS_PATH (pmcd.options):
> Starting pmcd ...
> Checking pmcd.log for unexpected messages
> Checking pmproxy.log for unexpected messages
> + certutil: function failed: SEC_ERROR_LEGACY_DATABASE: The certificate/key
> database is in an old, unsupported format.
> checking client, server certificate only. should prompt and fail...
> ! pminfo: Cannot connect to PMCD on host "HOST": Operation not supported
> checking client, user certificate only. should pass...
> ! certutil: function failed: SEC_ERROR_LEGACY_DATABASE: The certificate/key
> database is in an old, unsupported format.
> ! certutil: function failed: SEC_ERROR_LEGACY_DATABASE: The certificate/key
> database is in an old, unsupported format.
> ! pminfo: Cannot connect to PMCD on host "HOST": Network file descriptor is
> not connected
> checking client, user certificate only, second time. should pass...
> ! pminfo: Cannot connect to PMCD on host "HOST": Network file descriptor is
> not connected
> Waiting for pmcd to terminate ...
> Starting pmcd ...
> Starting pmlogger ...
>
> Does this ring any bells?
I would assume this is due to my recent client certificate changes, but canât
immediately see how. ÂThis either looks like $PCP_SECURE_DB_METHOD isnât being
set properly, or the QA test isnât starting with a clean nssdb.
>
> Interestingly, only a couple of days ago the failure was:
>
> --- 713.out 2016-07-08 15:17:05.340461838 +1000
> +++ 713.out.bad 2016-07-08 15:17:04.988469960 +1000
> @@ -12,13 +12,9 @@
> Do you want to accept and save this certificate locally anyway? (no)
> pminfo: Cannot connect to PMCD on host "HOST": Peer's Certificate issuer is
> not recognized.
> checking client, user certificate only. should pass...
> -
> -hinv.ncpu
> - value NUMBER
> +pminfo: Cannot connect to PMCD on host "HOST": SSL peer cannot verify your
> certificate.
> checking client, user certificate only, second time. should pass...
> -
> -hinv.ncpu
> - value NUMBER
> +pminfo: Cannot connect to PMCD on host "HOST": SSL peer cannot verify your
> certificate.
> Waiting for pmcd to terminate ...
> Starting pmcd ...
> Starting pmlogger ...
>
This should have been fixed here:
http://oss.sgi.com/pipermail/pcp/2016-May/010641.html
Let me know if you see that again.
Thanks
Martins
|