rucio upload fails due to authentication issue with xrootd

[maxnoe]

The commands here seem to be missing the crucial step of creating an authentication proxy for xrootd.

Checking the test setup in the main rucio repository, it creates the proxy like this:
https://github.com/rucio/rucio/blob/788a0d43fa1caa141efcaaa2780765913a8a49be/tools/docker_activate_rses.sh#L35

Calling this line first make upload / download succeed.

[rdimaio]

I was not able to reproduce this issue - Following the commands, both upload and download work for me:

[user@client ~]$ rucio upload --rse XRD1 --scope test file1
2024-09-25 15:40:27,941	INFO	Preparing upload for file file1
2024-09-25 15:40:28,047	INFO	Successfully added replica in Rucio catalogue at XRD1
2024-09-25 15:40:28,144	INFO	Successfully added replication rule at XRD1
240925 15:40:28 091 cryptossl_X509CreateProxy: Your identity: /CN=Rucio User
2024-09-25 15:40:28,838	INFO	Trying upload with root to XRD1
2024-09-25 15:40:29,181	INFO	Successful upload of temporary file. root://xrd1:1094//rucio/test/80/25/file1.rucio.upload
2024-09-25 15:40:29,220	INFO	Successfully uploaded file file1

[user@client ~]$ rucio download test:file1
2024-09-25 15:43:20,755	INFO	Processing 1 item(s) for input
2024-09-25 15:43:20,911	INFO	No preferred protocol impl in rucio.cfg: No section: 'download'
2024-09-25 15:43:20,912	INFO	Using main thread to download 1 file(s)
2024-09-25 15:43:20,912	INFO	Preparing download of test:file1
2024-09-25 15:43:20,925	INFO	Trying to download with root and timeout of 80s from XRD1: test:file1
2024-09-25 15:43:20,985	INFO	Using PFN: root://xrd1:1094//rucio/test/80/25/file1
TLS: Unable to create TLS context; invalid private key.
TLS: 4006980C107F0000:error:05800074:x509 certificate routines:X509_check_private_key:key values mismatch:crypto/x509/x509_cmp.c:405:

2024-09-25 15:43:21,308	INFO	File test:file1 successfully downloaded. 10.486 MB in 0.31 seconds = 33.83 MBps
----------------------------------
Download summary
----------------------------------------
DID test:file1
Total files (DID):                            1
Total files (filtered):                       1
Downloaded files:                             1
Files already found locally:                  0
Files that cannot be downloaded:              0

The only suspicious log is:

TLS: Unable to create TLS context; invalid private key.
TLS: 4006980C107F0000:error:05800074:x509 certificate routines:X509_check_private_key:key values mismatch:crypto/x509/x509_cmp.c:405:

Even after creating the proxy via:

(KEY=$(mktemp); cat /opt/rucio/etc/userkey.pem > "$KEY"; voms-proxy-init -valid 9999:00 -cert /opt/rucio/etc/usercert.pem -key "$KEY"; rm -f "$KEY")

If I retry to upload/download, it succeeds, but it outputs that TLS message. Not sure if it's an issue - @bari12 what do you think?

[bari12]

I think this is fine. @maxnoe can you try again with the latest main branch?

[maxnoe]

@bari12 I still don't see voms-proxy-init being mentioned anywhere in this repository, neither in the README for manually following the steps, nor in the automated scripts.

So XROOTD authentication will not work as descriped in the issue. Only the xrootd-noauth variant will work.