perfsonar-user - Re: [perfsonar-user] PerfSonar limits file and perfSonar toolkit
Subject: perfSONAR User Q&A and Other Discussion
List archive
- From: Mark Feit <>
- To: "" <>, "" <>
- Subject: Re: [perfsonar-user] PerfSonar limits file and perfSonar toolkit
- Date: Fri, 19 Jul 2019 15:33:14 +0000
- Arc-authentication-results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=internet2.edu;dmarc=pass action=none header.from=internet2.edu;dkim=pass header.d=internet2.edu;arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=IBRJ9DBQB+cKu9e3uDGCGmvu//Zoi68mmi7R4WxC0Mc=; b=gbSkm1km5KZhko4ST/zNUn3FVm4k4H3Tci0Tji0QLplvqX6G7SHtKmLhRxwjhVlvL08ed0eFpc3bX4OqpL6KRlB5+FD9P6IDAf/EcONOJ57xhH2zJ4AjjxV8pARwWMQ3yWpromo0NgeSAaca8iM6ycOE9SeZxxkZudKXtsqt4UQcaLFLVGMlph69ha2TW+niF7qv3JN+A/8Rjv2QRTONU9SoZz9PvA5OG4+qVS7lp+cAQE2MR+0UicCtw/MMXyXrrzcdqborb0XaDcEWpf8VLVAc9vb6QdfzOl0yQIplGg8RTk3ZolT5Xbg4oHwP09Li1kvBnogADYfF9VRwmxXu6g==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=oTZdeh1++sA55QAmd7+lHDZS33hb5I+kHvgqb2jXgPpM6wIwUpmA+pSlgG+IkMaakC2a5HrXgevIiuqSD/uvdeMg7Css4fkbz9FDkoRD4glF0qwnIspfHv79Ef942ap7FOimynjb7pIWaHS8nfnYhxOsjUlmDe9HCrdG2FQEYHZqI+KnwifHbDS9TRT0fv2y3BOnxmg4tj9WWuaZH/Koe0EENxpPMx7HqgX3+4Y47QMM31CIA9FnV0YVi/Wnw1JBEkftg1AGU6qjOqMINk1/SA1C+32OGZoE5hj3VkVfh4FnRsG3g2M1Jdgg/5hh/+rvqySVL4eIfIL/RhOoihbL4w==
Tadeja Saje writes:
Hi!
We would like to allow doing test by certain IPs on our testpoint by ,
and we do not allow others doing tests.
Debbuging by schedular:
Hints:
requester: 127.0.0.1
server: 12.34.56.78
Identified as local-interfaces
Classified as friendlies
Application: Hosts we trust to do everything
Group 1: Limit 'always' passed
Group 1: Want all, 1/1 passed, 0/1 failed: PASS
Application PASSES
Proposal meets limits
Correct, because 127.0.0.1 is identified as "local-interfaces," which is
classified under "friendlies," which is allowed to do anything.
For task starting at 2019-09-12T05:12:56 lasting PT30S:
Hints:
requester: 9.0.9.0
server: 12.34.56.78
Made no identifications.
Not knowing what the actual requester IP was, I can't say much more than it
didn't match anything the identifiers look for. That's a quick path to
denial.
If I understand your policy correctly, you'd like to allow selected IPs to do
testing and deny it to all others. You're mostly on the right track; all
that's missing is an identifier for the IP(s) you'd like to let through.
Create that (perhaps as an ip-cidr-list), add it to the "friendlies"
classifier and you'll be all set.
The limit configuration we ship with the toolkit has an identifier called
"everybody" that always identifies no matter what, and that forces evaluation
of the rest of the configuration. Using no matching identifiers as a way to
short-cut denials is a workable strategy if that's the route you want to go.
The configuration we ship with the toolkit has an "everybody" identifier that
always matches and is used for applying defaults to requests that aren't
given elevated status by being considered friendly.
We also installed perfsonar toolkit.
We configured tests in web interface. Is possible configure test between
two different host or just between toolkit and other host?
The web interface is only for configuring tests that run on the local system.
If you're looking to coordinate activities among multiple systems,
consider using pSConfig and, optionally, PWA
(https://docs.perfsonar.net/pwa.html).
--Mark
- [perfsonar-user] PerfSonar limits file and perfSonar toolkit, Tadeja Saje, 07/19/2019
- Re: [perfsonar-user] PerfSonar limits file and perfSonar toolkit, Mark Feit, 07/19/2019
Archive powered by MHonArc 2.6.19.