perfsonar-user - Re: [perfsonar-user] New Central MA
Subject: perfSONAR User Q&A and Other Discussion
List archive
- From: Casey Russell <>
- To: "" <>
- Subject: Re: [perfsonar-user] New Central MA
- Date: Tue, 3 Oct 2017 16:23:15 -0500
- Ironport-phdr: 9a23:xQh4fBzLjRSKtP3XCy+O+j09IxM/srCxBDY+r6Qd0uoWL/ad9pjvdHbS+e9qxAeQG96Ku7Qc06L/iOPJYSQ4+5GPsXQPItRndiQuroEopTEmG9OPEkbhLfTnPGQQFcVGU0J5rTngaRAGUMnxaEfPrXKs8DUcBgvwNRZvJuTyB4Xek9m72/q89pDXYAhEniaxba9vJxiqsAvdsdUbj5F/Iagr0BvJpXVIe+VSxWx2IF+Yggjx6MSt8pN96ipco/0u+dJOXqX8ZKQ4UKdXDC86PGAv5c3krgfMQA2S7XYBSGoWkx5IAw/Y7BHmW5r6ryX3uvZh1CScIMb7S60/Vza/4KdxUBLniikHOT43/m/Ul8J+kr5UrQm7qBBj2YPZep2ZOOZ8c67bYNgURXBBXsFUVyFZHI6zdZAPAPQBPO1Fs4f9ukAOrQCgCgmoAOPk1zhFiWPs3a0nyOQhCh/J3AgkH98Vs3TbttP1NL0MXuCz1qXIyyvMb+9P1Dr79YPGfBchofSWUrJxd8rc0U0vFwLDjlWTt4PqIjKV1uIXv2eH6OpgUPqji3IpqgFwvjiv2tkjipPTio0JzVDE8D11wIkyJd2/R057ZcCrHIFMuCGdMot6Wt4uTmBntSog17EKpJC2cDIWxJg92xLTc/2KfoyS7h/hVuudOyt0iGh5dL6nmhq/8EetxvfhWsWp3ltGtCVIn9rWunwQ1hHf8tWLR/9+80u7xzqC2APe5vtYLUwuiabXM50hzaQ2lpoJr0vDGDX6mEPog6+KcEgv5+um6/z/b7n4p5KQK415hwTwMqktgcOzHeE1PwcSU2SH9+mx0aHs8VH4TbhPi/A6jKfUvI7cKM8GvKC2GRVV3Zwm6xunDzepztAYnX4fIVJAYh2HjozpN0jJIPD5EfuzmlutnCllyvzYJLHhDZLNLn/MkLflY7lx8VJTyA02zdxH5pJUDK8OIO7rV0PvtdHUEh00Pgm6w+vkE9pxyoYTVG2TDqOFPq7ftEOH6v4uLuSJYYIZpjjwJ+Y96/7rl3A5mFsdfaez3ZsQbXC1BuhpI1+EYXr3mdcOD2MKvg4lQezpklKCVyRTaGi0X64m4DE0Fp6mAZ/ZRo+xmLyBwDu7HppOa2BeFF+MC3nod56DW/cKci2SONZtkiEfVbe/UY8szhWutA7hy7p7NerY5DcUtZPl1Nhp+eLTjxcy+iJoD8iDyW2CUXx7nn5bDwMxiepnrFZz0VCF2LI9nudVD/RS4e9ESAE3KcSawuBnQZimQg/bcMyOTl+8B8i9DCsZT9QtzsUIblonXdiuk0aQ8TCtBuo+nqeGFdQO77nH0nz1b5J20Wvdz6Qli3ElS81VOGvggKNjoVuAT7XVmlmUwv75PZ8X2zTAoT+O
Ivan,When I set up the new MA, I did (per the examples) use a single identifier, with multiple IP blocks, for exampleAre you saying you've had better luck breaking those up into 3 different entries with 3 different ids like so?python esmond/manage.py add_user_ip_address kanren_1 164.113.0.0/16python esmond/manage.py add_user_ip_address kanren_2 198.248.0.0/16python esmond/manage.py add_user_ip_address kanren_3 69.77.0.0/17
On Tue, Oct 3, 2017 at 12:14 AM, Garnizov, Ivan (RRZE) <> wrote:Hello Casey,
Could it be the case, that you are using one and the same identifier for all IP registrations?
In my procedures dating back from 3.5.1 I had to generate different ID for every IP added, unless you add them in network groups.
Please note, this might have changed with the upgrades of pS, but it makes also perfect sense, if it is the case to get these messages on your attempts for subsequent IP authorizations and still get denied on service requests from “authorized” systems.
I believe it would be quite easy to check this suggestion for a single IP and then later consider a more global approach.
Regards,
Ivan Garnizov
From: [mailto:] On Behalf Of Casey Russell
Sent: Freitag, 29. September 2017 23:41
To:
Subject: [perfsonar-user] New Central MA
Group,
I've recently activated my new central MA, but posts to the esmond database seem to be failing.
2001:49d0:23c0:1003::2 - - [29/Sep/2017:16:33:37 -0500] "POST /esmond/perfsonar/archive/ HTTP/1.1" 401 27 "-" "python-requests/2.6.0 CPython/2.6.6 Linux/2.6.32-696.6.3.el6.x86_6
4" 2001:49d0:23c0:1003::2 - - [29/Sep/2017:16:33:37 -0500] "POST /esmond/perfsonar/archive/ HTTP/1.1" 401 27 "-" "python-requests/2.6.0 CPython/2.6.6 Linux/2.6.32-696.6.3.el6.x86_6
4" 2001:49d0:23c0:1003::2 - - [29/Sep/2017:16:33:38 -0500] "POST /esmond/perfsonar/archive/ HTTP/1.1" 401 27 "-" "python-requests/2.6.0 CPython/2.6.6 Linux/2.6.32-696.6.3.el6.x86_6
4" 2001:49d0:23c0:1003::2 - - [29/Sep/2017:16:33:38 -0500] "POST /esmond/perfsonar/archive/ HTTP/1.1" 401 27 "-" "python-requests/2.6.0 CPython/2.6.6 Linux/2.6.32-696.6.3.el6.x86_6
4" 2001:49d0:23c0:1003::2 - - [29/Sep/2017:16:33:38 -0500] "POST /esmond/perfsonar/archive/ HTTP/1.1" 401 27 "-" "python-requests/2.6.0 CPython/2.6.6 Linux/2.6.32-696.6.3.el6.x86_6
4"
The 401 would indicate that they're "unauthorized" although they should be allowed by IP (v6)
(esmond)[root@ps-dashboard esmond]# python esmond/manage.py add_user_ip_address kanren_v6 2001:49d0::/32
<clipping some stuff here for brevity>
Setting timeseries permissions.
IP 2001:49d0::/32 already assigned to kanren_v6, skipping creation
My reading of the documentation indicates if these testing hosts in the mesh are trying to submit an old API key and username, when that fails, it will fall back to IP authorization. Is that correct? Is this 401 caused by something in the httpd configs and not esmond specifically?
I'm open to any guidance here.
- RE: [perfsonar-user] New Central MA, Garnizov, Ivan (RRZE), 10/03/2017
- Re: [perfsonar-user] New Central MA, Casey Russell, 10/03/2017
- Re: [perfsonar-user] New Central MA, Casey Russell, 10/03/2017
- RE: [perfsonar-user] New Central MA, Garnizov, Ivan (RRZE), 10/04/2017
- RE: [perfsonar-user] New Central MA, Andrew Lake, 10/04/2017
- Re: [perfsonar-user] New Central MA, Casey Russell, 10/04/2017
- RE: [perfsonar-user] New Central MA, Andrew Lake, 10/04/2017
- RE: [perfsonar-user] New Central MA, Garnizov, Ivan (RRZE), 10/04/2017
- Re: [perfsonar-user] New Central MA, Casey Russell, 10/03/2017
- Re: [perfsonar-user] New Central MA, Casey Russell, 10/03/2017
Archive powered by MHonArc 2.6.19.