Comments (5)
trel
commented on June 2, 2024
You say you can "run icommands inside davrods"...
can you confirm you're using the same /etc/apache2/irods/irods_environment.json file?
Is there a set of errors in the rodsLog on the iRODS server that can help?
from davrods.
smoehrle
commented on June 2, 2024
Thanks for the fast response. For the icommands I used the irods_environment.json generated by iinit. For davrods I use the one which was provided. A quick swap of does two didn't solve the issue.
$ cat /root/.irods/irods_environment.json
{
"irods_host": "irods",
"irods_port": 1247,
"irods_user_name": "rods",
"irods_zone_name": "zone_1"
}
$ cat /etc/apache2/irods/irods_environment.json
{
"irods_client_server_negotiation": "request_server_negotiation",
"irods_client_server_policy": "CS_NEG_DONT_CARE",
"irods_encryption_key_size": 32,
"irods_encryption_salt_size": 8,
"irods_encryption_num_hash_rounds": 16,
"irods_encryption_algorithm": "AES-256-CBC",
"irods_ssl_verify_server": "hostname"
}The rodsLog on the iRODS server has the following entry. I havn't had time to investigate this further.
Feb 16 19:56:58 pid:614 remote addresses: 172.21.0.2, 172.21.0.4 ERROR: sslInit: couldn't read certificate chain file. SSL error: error:02001002:system library:fopen:No such file or directory
Feb 16 19:56:58 pid:614 remote addresses: 172.21.0.2, 172.21.0.4 ERROR: sslInit: couldn't read certificate chain file. SSL error: error:20074002:BIO routines:file_ctrl:system lib
Feb 16 19:56:58 pid:614 remote addresses: 172.21.0.2, 172.21.0.4 ERROR: sslInit: couldn't read certificate chain file. SSL error: error:140DC002:SSL routines:use_certificate_chain_file:system lib
Feb 16 19:56:58 pid:614 remote addresses: 172.21.0.2, 172.21.0.4 ERROR: [-] /repos/irods/server/core/src/rodsAgent.cpp:556:int runIrodsAgentFactory(sockaddr_un) : status [SSL_INIT_ERROR] errno [] -- message [failed to call 'agent start']
[-] /repos/irods/lib/core/src/sockComm.cpp:129:irods::error sockAgentStart(irods::network_object_ptr) : status [SSL_INIT_ERROR] errno [] -- message [failed to call 'agent start']
[-] /repos/irods/plugins/network/ssl/libssl.cpp:827:irods::error ssl_agent_start(irods::plugin_context &) : status [SSL_INIT_ERROR] errno [] -- message [couldn't initialize SSL context]
Feb 16 19:56:58 pid:70 ERROR: Agent process [614] exited with status [16]
from davrods.
trel
commented on June 2, 2024
Okay, the SSL error is quite clear in those logs. If you've got SSL CS_NEG_REQUIRE set somewhere, and the certs aren't available, then this is the problem. I expect this is a configuration issue between davrods and the iRODS server... especially since you say that iinit worked (without using the davrods credentials or environment file).
from davrods.
smoehrle
commented on June 2, 2024
Hey,
took me a while to get back on this, but I found the issue. Both sides had CS_NEG_DONT_CARE configured.
- iRODS server in
/etc/irods/core.re - davrods in
/etc/apache2/irods/irods_environment.json
Changing one of does to CS_NEG_REFUSE disabled SSL and now its working
from davrods.
trel
commented on June 2, 2024
Ah, very good. Glad you figured it out.
from davrods.
Related Issues (20)
- davrods_merge_dir_config does not set exposed_root HOT 1
- Compatibility with iRODS 4.2.6 HOT 1
- Regarding use of irods_server_control_plane_key HOT 3
- Timeout with iRODS and Davrods. HOT 3
- iRODS 4.x dynamic PEP 'put' not being triggered HOT 3
- Paths in multistatus PROPFIND response document have double slash (//) HOT 4
- Add Content-Location header to requests made using collection URLs missing trailing slash.
- support for user impersonation by service account
- Using mod_cache: unexpected 304 (NOT MODIFIED) on unconditional GET of valid, expired, cached file HOT 1
- Support for mounted tar files
- davrods on iRODS 4.2.9 HOT 2
- DavRODS 4.2.9_1.5.0 .deb HOT 7
- uploading large files via davrods HOT 1
- SegFault when DavrodsExposedRoot is not provided
- Can Davrods be used with SSO (SAML/OpenID Connect) HOT 1
- Compute checksums on upload? HOT 2
- Does DavRODS support quota requests? HOT 3
- Is a package for debian 12 planned ? HOT 2
- PAM auth not working since irods upgrade to 4.3.X HOT 7
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from davrods.