Comments (5)
You say you can "run icommands inside davrods"...
can you confirm you're using the same /etc/apache2/irods/irods_environment.json
file?
Is there a set of errors in the rodsLog on the iRODS server that can help?
from davrods.
Thanks for the fast response. For the icommands I used the irods_environment.json
generated by iinit
. For davrods I use the one which was provided. A quick swap of does two didn't solve the issue.
$ cat /root/.irods/irods_environment.json
{
"irods_host": "irods",
"irods_port": 1247,
"irods_user_name": "rods",
"irods_zone_name": "zone_1"
}
$ cat /etc/apache2/irods/irods_environment.json
{
"irods_client_server_negotiation": "request_server_negotiation",
"irods_client_server_policy": "CS_NEG_DONT_CARE",
"irods_encryption_key_size": 32,
"irods_encryption_salt_size": 8,
"irods_encryption_num_hash_rounds": 16,
"irods_encryption_algorithm": "AES-256-CBC",
"irods_ssl_verify_server": "hostname"
}
The rodsLog on the iRODS server has the following entry. I havn't had time to investigate this further.
Feb 16 19:56:58 pid:614 remote addresses: 172.21.0.2, 172.21.0.4 ERROR: sslInit: couldn't read certificate chain file. SSL error: error:02001002:system library:fopen:No such file or directory
Feb 16 19:56:58 pid:614 remote addresses: 172.21.0.2, 172.21.0.4 ERROR: sslInit: couldn't read certificate chain file. SSL error: error:20074002:BIO routines:file_ctrl:system lib
Feb 16 19:56:58 pid:614 remote addresses: 172.21.0.2, 172.21.0.4 ERROR: sslInit: couldn't read certificate chain file. SSL error: error:140DC002:SSL routines:use_certificate_chain_file:system lib
Feb 16 19:56:58 pid:614 remote addresses: 172.21.0.2, 172.21.0.4 ERROR: [-] /repos/irods/server/core/src/rodsAgent.cpp:556:int runIrodsAgentFactory(sockaddr_un) : status [SSL_INIT_ERROR] errno [] -- message [failed to call 'agent start']
[-] /repos/irods/lib/core/src/sockComm.cpp:129:irods::error sockAgentStart(irods::network_object_ptr) : status [SSL_INIT_ERROR] errno [] -- message [failed to call 'agent start']
[-] /repos/irods/plugins/network/ssl/libssl.cpp:827:irods::error ssl_agent_start(irods::plugin_context &) : status [SSL_INIT_ERROR] errno [] -- message [couldn't initialize SSL context]
Feb 16 19:56:58 pid:70 ERROR: Agent process [614] exited with status [16]
from davrods.
Okay, the SSL error is quite clear in those logs. If you've got SSL CS_NEG_REQUIRE
set somewhere, and the certs aren't available, then this is the problem. I expect this is a configuration issue between davrods and the iRODS server... especially since you say that iinit
worked (without using the davrods credentials or environment file).
from davrods.
Hey,
took me a while to get back on this, but I found the issue. Both sides had CS_NEG_DONT_CARE
configured.
- iRODS server in
/etc/irods/core.re
- davrods in
/etc/apache2/irods/irods_environment.json
Changing one of does to CS_NEG_REFUSE
disabled SSL and now its working
from davrods.
Ah, very good. Glad you figured it out.
from davrods.
Related Issues (20)
- davrods_merge_dir_config does not set exposed_root HOT 1
- Compatibility with iRODS 4.2.6 HOT 1
- Regarding use of irods_server_control_plane_key HOT 3
- Timeout with iRODS and Davrods. HOT 3
- iRODS 4.x dynamic PEP 'put' not being triggered HOT 3
- Paths in multistatus PROPFIND response document have double slash (//) HOT 4
- Add Content-Location header to requests made using collection URLs missing trailing slash.
- support for user impersonation by service account
- Using mod_cache: unexpected 304 (NOT MODIFIED) on unconditional GET of valid, expired, cached file HOT 1
- Support for mounted tar files
- davrods on iRODS 4.2.9 HOT 2
- DavRODS 4.2.9_1.5.0 .deb HOT 7
- uploading large files via davrods HOT 1
- SegFault when DavrodsExposedRoot is not provided
- Can Davrods be used with SSO (SAML/OpenID Connect) HOT 1
- Compute checksums on upload? HOT 2
- Does DavRODS support quota requests? HOT 3
- Is a package for debian 12 planned ? HOT 2
- PAM auth not working since irods upgrade to 4.3.X HOT 7
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from davrods.