Pelican Platform
Is there a way to skip TLS verification for pelican client requests? #2313
-
|
Hi, I want to test a basic pelican set-up. I am running registry, director, and origin servers on a single VM. The VM is Ubuntu 24.04, and I'm using pelican 7.9.9-1 (arm64) as this is what was compatible with the xrootd version on apt. I'm running the registry and director using the pelican-server commandline interface (v 7.9.9) and I'm running the origin via the docker container due to the complicated xrootd set-up otherwise (hub.opensciencegrid.org/pelican_platform/origin:latest). I've run the docker container following instructions from the origin-training git repo. As I'm only running everything locally at the moment and only want to test data transfer between 2 VMs on my laptop I was trying to avoid all X509 certificate set-up for now. I have TLSSkipVerify: true in each configuration file and have similarly followed instructions in the docs to disable oidc. The point I reach is that the web services are up and I can access the web UI's of each component, but trying to call a pelican-client get operation raises certificate errors - both locally on the server VM and on a separate client VM (also using pelican v7.9.9-1). registry config: Server:
ExternalWebURL: "https://<IP-address>:8444"
Logging:
LogLocation: <home>/pelican/logs/pelican-registry.log
Federation:
Hostname: "<IP-address>"
TLSSkipVerify: truedirector config: Server:
ExternalWebURL: "https://<IP-address>:8555"
Logging:
LogLocation: <home>/pelican/logs/pelican-director.log
Director:
MaxMindKeyFile: <home>/pelican/GeoIP.conf
Federation:
RegistryUrl: "https://<IP-address>:8444"
Hostname: "<IP-address>"
TLSSkipVerify: trueorigin config Server:
ExternalWebURL: "https://<IP-address>:8666"
Federation:
DiscoveryUrl: "https://<IP-address>:8555"
RegistryUrl: "https://<IP-address>:8444"
Hostname: "<IP-address>"
Origin:
StorageType: "posix"
EnableDirectReads: true
Exports:
- StoragePrefix: "/data"
FederationPrefix: "/test-01"
Capabilities: ["Reads", "PublicReads", "DirectReads", "Listings"]
TLSSkipVerify: trueCan you see any obvious errors in my configurations? Or provide any advice on how to proceed? Many thanks, |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 2 replies
-
|
Hey Stephen, we have seen your request and are taking a look and will get back to you! |
Beta Was this translation helpful? Give feedback.
-
|
@stephen-dixon Do you have a yaml file set up in your client vm? You need to have |
Beta Was this translation helpful? Give feedback.
-
|
Yes this works perfectly now 🤦♂️. Thanks for your help! |
Beta Was this translation helpful? Give feedback.
-
|
Great! Glad to hear it worked! |
Beta Was this translation helpful? Give feedback.
@stephen-dixon Do you have a yaml file set up in your client vm? You need to have
TLSSkipVerify: truethere as well.