[gridengine users] setting up Son of Grid Engine on CentOS 7

William Hay w.hay at ucl.ac.uk
Tue Jul 7 08:44:40 UTC 2015


On Fri, 3 Jul 2015 17:22:26 +0000
Tomas Vaisar <tvaisar at u.washington.edu> wrote:

> William,
> 
> Thanks a lot for your response.  We've tried the two qconf commands
> you suggested and we get error on both: error: commlib error: ssl
> connect error (SSL handshake error) error: commlib error: ssl error
> ([ID=336151579] in module "SSL routines": "tlsv1 alert decrypt
> error") ERROR: unable to contact qmaster using port 6444 on host
> "proton"
> 
> That would suggest that you are right that there is an issue with the
> SSL setup. I do not think this is an old SSL.  We just installed it -

There have been a few ssl security holes recently and the fixes have
AIUI involved disabling some older insecure features.  It might be worth
restarting the qmaster if you've applied any patches since it last
started (probably not the issue but fairly simple to do).
 
> Open SSL ver. 1.0.1 (this is a brand new computer we are setting
> up) , and we currently have only the SGE master on the grid (there
> will be 3 more boxes added to it). Could this have something to do
> with firewall ports on CentOS?  We have made sure 6444 port (and
> 6445) is open.
> 
> firewall-cmd --permanent --zone=public --add-port=6444/tcp
> 
> firewall-cmd --permanent --zone=public --add-port=6444/udp
> firewall-cmd --permanent --zone=public --add-port=6445/tcp
> firewall-cmd --permanent --zone=public --add-port=6445/udp

It looks more like the other way around to me.  SSL problems prevent a
connection which qconf reports.  However to be sure I'd check:

telnet proton 6444 #Should tell you if a tcp connection can be
established alternatively use netcat

openssl s_client -connect proton:6444 #Should tell you whats going on
with ssl negotiation

qping -ssl proton 6444 qmaster 1 #Minimal does it speak grid engine
check

  

I'd give
> 
> Cheers,
> 
> Tomas

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://gridengine.org/pipermail/users/attachments/20150707/2ee73475/attachment.sig>


More information about the users mailing list