<html><body><p><font size="2">Hi Eric,</font><br><br><font size="2">Please help me to understand your question. You have Spectrum Archive and Spectrum Scale in your system, and both of them are connected to IBM SKLM for encryption. Now you got lots of error/warning message from SKLM log. Now you want to understand which component, Scale or Archive, makes the SKLM print those error message, right?</font><br><br><font size="2">Regards, The Spectrum Scale (GPFS) team<br><br>------------------------------------------------------------------------------------------------------------------<br>If you feel that your question can benefit other users of Spectrum Scale (GPFS), then please post it to the public IBM developerWroks Forum at <a href="https://www.ibm.com/developerworks/community/forums/html/forum?id=11111111-0000-0000-0000-000000000479">https://www.ibm.com/developerworks/community/forums/html/forum?id=11111111-0000-0000-0000-000000000479</a>. <br><br>If your query concerns a potential software error in Spectrum Scale (GPFS) and you have an IBM software maintenance contract please contact 1-800-237-5511 in the United States or your local IBM Service Center in other countries. <br><br>The forum is informally monitored as time permits and should not be used for priority messages to the Spectrum Scale (GPFS) team.</font><br><br><img width="16" height="16" src="cid:1__=C7BB0F70DF8E38C28f9e8a93df938690918cC7B@" border="0" alt="Inactive hide details for "J. Eric Wonderley" ---2020/09/12 02:47:35---We have spectrum archive with encryption on disk and tap"><font size="2" color="#424282">"J. Eric Wonderley" ---2020/09/12 02:47:35---We have spectrum archive with encryption on disk and tape. We get maybe a 100 or so messages like</font><br><br><font size="2" color="#5F5F5F">From: </font><font size="2">"J. Eric Wonderley" <eric.wonderley@vt.edu></font><br><font size="2" color="#5F5F5F">To: </font><font size="2">gpfsug main discussion list <gpfsug-discuss@spectrumscale.org></font><br><font size="2" color="#5F5F5F">Date: </font><font size="2">2020/09/12 02:47</font><br><font size="2" color="#5F5F5F">Subject: </font><font size="2">[EXTERNAL] Re: [gpfsug-discuss] Request for folks using encryption on SKLM, run a word count</font><br><font size="2" color="#5F5F5F">Sent by: </font><font size="2">gpfsug-discuss-bounces@spectrumscale.org</font><br><hr width="100%" size="2" align="left" noshade style="color:#8091A5; "><br><br><br>We have spectrum archive with encryption on disk and tape. We get maybe a 100 or so messages like this daily. It would be nice if message had some information about which client is the issue.<br><br>We have had client certs expire in the past. The root cause of the outage was a network outage...iirc the certs are cached in the clients.<br><br>I don't know what to make of these messages...they do concern me. I don't have a very good opinion of the sklm code...key replication between the key servers has never worked as expected.<br><br><br>Eric Wonderley<br><br><br>On Tue, Sep 8, 2020 at 7:10 PM Wahl, Edward <<a href="mailto:ewahl@osc.edu"><u><font color="#0000FF">ewahl@osc.edu</font></u></a>> wrote:
<ul><font face="Calibri"> Ran into something a good while back and I'm curious how many others this affects. If folks with encryption enabled could run a quick word count on their SKLM server and reply with a rough count I'd appreciate it. </font><br><font face="Calibri">I've gone round and round with IBM SKLM support over the last year on this and it just has me wondering. This is one of those "morbidly curious about making the sausage" things.</font><br><br><font face="Calibri">Looking to see if this is a normal error message folks are seeing. Just find your daily, rotating audit log and search it. I'll trust most folks to figure this out, but let me know if you need help.</font><br><font face="Calibri">Normal location is /opt/IBM/WebSphere/AppServer/products/sklm/logs/audit If you are on a normal linux box try something like: "locate sklm_audit.log |head -1 |xargs -i grep "Server does not trust the client certificate" {} |wc " or whatever works for you. If your audit log is fairly fresh, you might want to check the previous one. I do NOT need exact information, just 'yeah we get 12million out a 500MB file' or ' we get zero', or something like that. </font><br><br><font face="Calibri"> Mostly I'm curious if folks get zero, or a large number. I've got my logs adjusted to 500MB and I get 8 digit numbers out of the previous log. Yet things work perfectly. I've talked to two other SS sites I know the admins personally, and they get larger numbers than I do. But it's such a tiny sample size! LOL </font><br><br><font face="Calibri">Ed Wahl</font><br><font face="Calibri">Ohio Supercomputer Center</font><br><br><font face="Calibri">Apologies for the message formatting issues. Outlook fought tooth and nail against sending it with the path as is, and kept breaking my paragraphs. </font><br>_______________________________________________<br>gpfsug-discuss mailing list<br>gpfsug-discuss at <a href="http://spectrumscale.org" target="_blank"><u><font color="#0000FF">spectrumscale.org</font></u></a><u><font color="#0000FF"><br></font></u><a href="http://gpfsug.org/mailman/listinfo/gpfsug-discuss" target="_blank"><u><font color="#0000FF">http://gpfsug.org/mailman/listinfo/gpfsug-discuss</font></u></a><tt><font size="2">_______________________________________________<br>gpfsug-discuss mailing list<br>gpfsug-discuss at spectrumscale.org<br></font></tt><tt><font size="2"><a href="http://gpfsug.org/mailman/listinfo/gpfsug-discuss">http://gpfsug.org/mailman/listinfo/gpfsug-discuss</a></font></tt><tt><font size="2"> <br></font></tt><br><br></ul><BR>
</body></html>