[gpfsug-discuss] Request for folks using encryption on SKLM, run a word count

IBM Spectrum Scale scale at us.ibm.com
Mon Sep 14 06:27:58 BST 2020 

Hi Eric,

Please help me to understand your question. You have Spectrum Archive and
Spectrum Scale in your system, and both of them are connected to IBM SKLM
for encryption. Now you got lots of error/warning message from SKLM log.
Now you want to understand which component, Scale or Archive, makes the
SKLM print those error message, right?

Regards, The Spectrum Scale (GPFS) team

------------------------------------------------------------------------------------------------------------------

If you feel that your question can benefit other users of  Spectrum Scale
(GPFS), then please post it to the public IBM developerWroks Forum at
https://www.ibm.com/developerworks/community/forums/html/forum?id=11111111-0000-0000-0000-000000000479.


If your query concerns a potential software error in Spectrum Scale (GPFS)
and you have an IBM software maintenance contract please contact
1-800-237-5511 in the United States or your local IBM Service Center in
other countries.

The forum is informally monitored as time permits and should not be used
for priority messages to the Spectrum Scale (GPFS) team.



From:	"J. Eric Wonderley" <eric.wonderley at vt.edu>
To:	gpfsug main discussion list <gpfsug-discuss at spectrumscale.org>
Date:	2020/09/12 02:47
Subject:	[EXTERNAL] Re: [gpfsug-discuss] Request for folks using
            encryption on SKLM, run a word count
Sent by:	gpfsug-discuss-bounces at spectrumscale.org



We have spectrum archive with encryption on disk and tape.   We get maybe a
100 or so messages like this daily.  It would be nice if message had some
information about which client is the issue.

We have had client certs expire in the past.  The root cause of the outage
was a network outage...iirc the certs are cached in the clients.

I don't know what to make of these messages...they do concern me.  I don't
have a very good opinion of the sklm code...key replication between the key
servers has never worked as expected.


Eric Wonderley


On Tue, Sep 8, 2020 at 7:10 PM Wahl, Edward <ewahl at osc.edu> wrote:
   Ran into something a good while back and I'm curious how many others
  this affects.   If folks with encryption enabled could run a quick word
  count on their SKLM server and reply with a rough count I'd
  appreciate it.
  I've gone round and round with IBM SKLM support over the last year on
  this and it just has me wondering.  This is one of those "morbidly
  curious about making the sausage" things.

  Looking to see if this is a normal error message folks are seeing.  Just
  find your daily, rotating audit log and search it.  I'll trust most folks
  to figure this out, but let me know if you need help.
  Normal location is /opt/IBM/WebSphere/AppServer/products/sklm/logs/audit
  If you are on a normal linux box try something like:  "locate
  sklm_audit.log |head -1 |xargs -i grep "Server does not trust the client
  certificate" {} |wc "  or whatever works for you.   If your audit log is
  fairly fresh, you might want to check the previous one.   I do NOT need
  exact information, just 'yeah we get 12million out a 500MB file' or ' we
  get zero', or something like that.

   Mostly I'm curious if folks get zero, or a large number.  I've got my
  logs adjusted to 500MB and I get 8 digit numbers out of the previous
  log.   Yet things work perfectly.    I've talked to two other SS sites I
  know the admins personally, and they get larger numbers than I do. But
  it's such a tiny sample size! LOL

  Ed Wahl
  Ohio Supercomputer Center

  Apologies for the message formatting issues.  Outlook fought tooth and
  nail against sending it with the path as is, and kept breaking my
  paragraphs.
  _______________________________________________
  gpfsug-discuss mailing list
  gpfsug-discuss at spectrumscale.org
  http://gpfsug.org/mailman/listinfo/gpfsug-discuss
  _______________________________________________
  gpfsug-discuss mailing list
  gpfsug-discuss at spectrumscale.org
  http://gpfsug.org/mailman/listinfo/gpfsug-discuss



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gpfsug.org/pipermail/gpfsug-discuss_gpfsug.org/attachments/20200914/bb6b23fc/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: graycol.gif
Type: image/gif
Size: 105 bytes
Desc: not available
URL: <http://gpfsug.org/pipermail/gpfsug-discuss_gpfsug.org/attachments/20200914/bb6b23fc/attachment.gif>

More information about the gpfsug-discuss mailing list