perfsonar-user - Re: [perfsonar-user] Make toolkit results private
Subject: perfSONAR User Q&A and Other Discussion
List archive
- From: Michael Johnson <>
- To: Ignacio Peluaga Lozada <>
- Cc: "" <>
- Subject: Re: [perfsonar-user] Make toolkit results private
- Date: Tue, 2 Feb 2021 10:48:21 -0500
Hi Ignacio,
Indeed, Esmond does need to be reachable by all the hosts that you're testing
to, at the very least. You could probably hack something together with
iptables and apache directives to restrict access further, but I wouldn't
have a high degree of confidence that that would be effective.
Esmond does offer several authentication methods, explained here:
https://docs.perfsonar.net/multi_ma_install.html
I'm not sure whether there is a way to lock down Esmond "reads." And keep in
mind that pscheduler also stores test results for 24-48 hours, so the test data would
still be there temporarily.
If you did want to just "hide" the test result listing, restricting access to
/perfsonar-graphs/ to authenticated users would effectively break the test listing on
the toolkit home page, I think. so that would be one way of hiding those pieces. You
might get a basic auth prompt when loading the toolkit then. Again, Esmond would still
be open.
I'm not sure what your deployment looks like, but I think that you might be
better served by using a Central MA that's separate from your
toolkits/testpoints. This way, all your test results go to the central MA,
and you have some more options for how to lock that down; however, if you do
this, you lose the ability to configure your tests using the Toolkit GUI. (It
might still work, if you manually added the central archive to the test
points.)
If you think a configuration option would be helpful (either in a config file
or in the toolkit GUI) to hide the test results panel on the Toolkit home
page, let me know. I could create a a feature request in our tracker for that
for future development.
Thanks,
Michael
On Tue, Feb 02, 2021 at 10:44:30AM +0000, Ignacio Peluaga Lozada wrote:
Hi Michael,
thank you for your message.
It would be ideal if the data was completely inaccessible to non
authenticated users.
But I am assuming that is not possible without lots of modifications,
considering there has to be open communication between perfSONAR components,
right?
I managed to make the toolkit private by editing
/etc/httpd/conf.d/apache-toolkit_web_gui.conf to move the password protection
from '/toolkit/auth' to '/toolkit'.
But that applies only to the toolkit so as you pointed out, I can still
access the measurement archive of the host in an incognito window for example.
Also I tried setting the password protection to '/' and that indeed makes everything
private. Tests run (apparently) with no problem, I can see them with 'pscheduler
monitor' but the Toolkit shows "Error loading test listing; measurement archive
unreachable" and hence the graphs are not updated...
Should I give up and rely on toolkit privacy?
Thanks.
Regards,
Ignacio
________________________________________
From: Michael Johnson []
Sent: 01 February 2021 20:07
To: Ignacio Peluaga Lozada
Cc:
Subject: Re: [perfsonar-user] Make toolkit results private
Hi Ignacio,
We don't have a way of doing this at the moment.
We could add an option to hide the test results, but the data would still be
accessible via pscheduler and esmond, so I'm not sure how useful that would
really be.
Are you wanting to ensure the data is inaccessible, or just hide the display
on the Toolkit page?
Thanks,
Michael
On Fri, Jan 29, 2021 at 09:39:16AM +0000, Ignacio Peluaga Lozada wrote:
Hello all,
Is it possible to hide the "Test Results" section in the toolkit web
interface so only authenticated users can see the results and graphs?
Thanks.
Regards,
Ignacio
--
To unsubscribe from this list:
https://lists.internet2.edu/sympa/signoff/perfsonar-user
--
To unsubscribe from this list:
https://lists.internet2.edu/sympa/signoff/perfsonar-user
- Re: [perfsonar-user] Make toolkit results private, Michael Johnson, 02/01/2021
- RE: [perfsonar-user] Make toolkit results private, Ignacio Peluaga Lozada, 02/02/2021
- Re: [perfsonar-user] Make toolkit results private, Michael Johnson, 02/02/2021
- RE: [perfsonar-user] Make toolkit results private, Ignacio Peluaga Lozada, 02/02/2021
Archive powered by MHonArc 2.6.24.