hostcert/key auto renew in dCache 7.2.3

[qiulan2021]

We found our the hostcert/key auto renew mechanism in dCache cluster does not work after we upgraded to dCache 7.2.3.

The issue was that the cert were properly renewed, but the service was not aware so it needed to be restarted by hand.

Now we use the following check command at lxplus.cern.ch

gfal-ls -vvv davs://dcdoor11.usatlas.bnl.gov:2881//pnfs/usatlas.bnl.gov

gfal-ls -vvv gsiftp://dcdoor11.usatlas.bnl.gov//pnfs/usatlas.bnl.gov

[paulmillar]

Hi @qiulan2021,

Thanks for reporting this issue.

Could you confirm with which doors you observed this problem?

Cheers, Paul.

[qiulan2021]

Hello Paul,

Doug first got this issue on dcdoor12.

Then we check the cert is renewed by puppet, but dcache service was not aware.

It works by restarting the dcache service.

Best Regards, Qiulan

[paulmillar]

Hi Qiulan,

Do you happen to know which protocol Doug was using when he discovered the problem? Perhaps GridFTP, xroot, HTTP/WebDAV, ... ?

Cheers, Paul.

[qiulan2021]

Hi Paul,

I checked the chat logs again, it was from Atlas client side reported from Vincent. But no protocol was indicated.

The certificate has expired: Credential with subject: /DC=org/DC=incommon/C=US/ST=New York/L=Upton/O=Brookhaven National Laboratory/OU=SDCC/CN=dcdoor11.usatlas.bnl.gov has expired. The certificate has expired: Credential with subject: /DC=org/DC=incommon/C=US/ST=New York/L=Upton/O=Brookhaven National Laboratory/OU=SDCC/CN=dcdoor12.usatlas.bnl.gov has expired.

Regards, Qiulan