[gpfsug-discuss] Request for folks using encryption on SKLM, run a word count
J. Eric Wonderley
eric.wonderley at vt.edu
Fri Sep 11 19:47:52 BST 2020
We have spectrum archive with encryption on disk and tape. We get maybe a
100 or so messages like this daily. It would be nice if message had some
information about which client is the issue.
We have had client certs expire in the past. The root cause of the outage
was a network outage...iirc the certs are cached in the clients.
I don't know what to make of these messages...they do concern me. I don't
have a very good opinion of the sklm code...key replication between the key
servers has never worked as expected.
Eric Wonderley
On Tue, Sep 8, 2020 at 7:10 PM Wahl, Edward <ewahl at osc.edu> wrote:
> Ran into something a good while back and I'm curious how many others this
> affects. If folks with encryption enabled could run a quick word count on
> their SKLM server and reply with a rough count I'd appreciate it.
> I've gone round and round with IBM SKLM support over the last year on this
> and it just has me wondering. This is one of those "morbidly curious about
> making the sausage" things.
>
> Looking to see if this is a normal error message folks are seeing. Just
> find your daily, rotating audit log and search it. I'll trust most folks
> to figure this out, but let me know if you need help.
> Normal location is /opt/IBM/WebSphere/AppServer/products/sklm/logs/audit
> If you are on a normal linux box try something like: "locate
> sklm_audit.log |head -1 |xargs -i grep "Server does not trust the client
> certificate" {} |wc " or whatever works for you. If your audit log is
> fairly fresh, you might want to check the previous one. I do NOT need
> exact information, just 'yeah we get 12million out a 500MB file' or ' we
> get zero', or something like that.
>
> Mostly I'm curious if folks get zero, or a large number. I've got my
> logs adjusted to 500MB and I get 8 digit numbers out of the previous log.
> Yet things work perfectly. I've talked to two other SS sites I know the
> admins personally, and they get larger numbers than I do. But it's such a
> tiny sample size! LOL
>
> Ed Wahl
> Ohio Supercomputer Center
>
> Apologies for the message formatting issues. Outlook fought tooth and
> nail against sending it with the path as is, and kept breaking my
> paragraphs.
> _______________________________________________
> gpfsug-discuss mailing list
> gpfsug-discuss at spectrumscale.org
> http://gpfsug.org/mailman/listinfo/gpfsug-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gpfsug.org/pipermail/gpfsug-discuss_gpfsug.org/attachments/20200911/ad87789d/attachment-0002.htm>
More information about the gpfsug-discuss
mailing list