perfSONAR User Q&A and Other Discussion

[Andreas Haupt <>]

Hi Andrew,

On Tue, 2023-06-06 at 05:33 -0700, Andrew Lake wrote:
> Hi,
> 
> Would it be possible to try a clean install on the SL box? I suspect there
> is a partial setup which is not triggering the desired scripts. You could
> also just do a “yum remove perfsonar-toolkit perfsonar-archive perfsonar-
> logstash perfsonar-logstash-output-plugin opensearch” followed by a “yum
> install perfsonar-toolkit”.

Still same issue, but now I see the problem. I think the order of the OS
checks is just wrong. This patch would fix it:

---
/usr/lib/perfsonar/logstash/scripts/install_logstash_sysconfig.sh.orig  202
3-06-06 15:32:29.274094862 +0200
+++
/usr/lib/perfsonar/logstash/scripts/install_logstash_sysconfig.sh       
2023-06-0615:32:44.382677776+0200
@@ -1,9 +1,9 @@
 #!/bin/bash
 
-if command -v lsb_release &> /dev/null; then 
-    OS=$(lsb_release -si)
-elif [ -e '/etc/redhat-release' ]; then
+if [ -e '/etc/redhat-release' ]; then
     OS="redhat"
+elif command -v lsb_release &> /dev/null; then 
+    OS=$(lsb_release -si)
 else
     OS="Unknown"
 fi
@@ -21,4 +21,4 @@
 else
     echo "$0 - [ERROR]: Unknown operating system"
     exit 1
-fi
\ No newline at end of file
+fi


Same patch needs to be applied to
/usr/lib/perfsonar/archive/perfsonar-scripts/pselastic_secure_pre.sh

Otherwise the installations ends up this way:

[...]
Running transaction
  Installing : opensearch-2.6.0-1.x86_64                                      
                     1/7 
### NOT starting on installation, please execute the following statements to 
configure opensearch service to start automatically using systemd
 sudo systemctl daemon-reload
 sudo systemctl enable opensearch.service
### You can start opensearch service by executing
 sudo systemctl start opensearch.service
### Create opensearch demo certificates in /etc/opensearch/
 See demo certs creation log in 
/var/log/opensearch/install_demo_configuration.log
  Installing : perfsonar-logstash-output-plugin-5.0.2-1.el7.noarch            
                     2/7 
Using bundled JDK: /usr/share/logstash/jdk
OpenJDK 64-Bit Server VM warning: Option UseConcMarkSweepGC was deprecated in 
version 9.0 and will likely be removed in a future release.
Installing file: 
/usr/lib/perfsonar//logstash/plugin/logstash-output-plugin-offline-7.17.9.zip
Resolving 
dependencies................................................................................................
Install successful
  Installing : perfsonar-logstash-5.0.2-1.el7.noarch                          
                     3/7 
/usr/lib/perfsonar/logstash/scripts/install_logstash_sysconfig.sh - [ERROR]: 
Unknown operating system
Created symlink from 
/etc/systemd/system/multi-user.target.wants/logstash.service to 
/etc/systemd/system/logstash.service.
  Installing : perfsonar-archive-5.0.2-1.el7.noarch                           
                     4/7 
Created symlink from 
/etc/systemd/system/multi-user.target.wants/opensearch.service to 
/usr/lib/systemd/system/opensearch.service.
Created symlink from 
/etc/systemd/system/multi-user.target.wants/logstash.service to 
/etc/systemd/system/logstash.service.
/usr/lib/perfsonar/archive/perfsonar-scripts/pselastic_secure_pre.sh - 
[ERROR]: Unknown operating system
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to localhost:9200 ... done
ERR: An unexpected IllegalArgumentException occured: Could not find 
certificate file /etc/opensearch/admin.pem
Trace:
java.lang.IllegalArgumentException: Could not find certificate file 
/etc/opensearch/admin.pem
        at 
org.opensearch.security.tools.SecurityAdmin.sslContext(SecurityAdmin.java:1476)
        at 
org.opensearch.security.tools.SecurityAdmin.execute(SecurityAdmin.java:458)
        at 
org.opensearch.security.tools.SecurityAdmin.main(SecurityAdmin.java:159)
Caused by: java.io.FileNotFoundException: /etc/opensearch/admin.pem (No such 
file or directory)
        at java.base/java.io.FileInputStream.open0(Native Method)
        at java.base/java.io.FileInputStream.open(FileInputStream.java:216)
        at java.base/java.io.FileInputStream.<init>(FileInputStream.java:157)
        at 
org.opensearch.security.tools.SecurityAdmin.sslContext(SecurityAdmin.java:1473)
        ... 2 more


grep: /etc/perfsonar/opensearch/auth_setup.out: No such file or directory
Unable to find admin password in /etc/perfsonar/opensearch/auth_setup.out. 
Exiting.
grep: /etc/perfsonar/opensearch/auth_setup.out: No such file or directory
  Installing : perfsonar-toolkit-archive-utils-5.0.2-1.el7.noarch             
                     5/7 
  Installing : perfsonar-core-5.0.2-1.el7.noarch                              
                     6/7 
  Installing : perfsonar-toolkit-5.0.2-1.el7.noarch                           
                     7/7 
Note: Forwarding request to 'systemctl enable httpd.service'.
  Verifying  : perfsonar-core-5.0.2-1.el7.noarch                              
                     1/7 
  Verifying  : perfsonar-logstash-5.0.2-1.el7.noarch                          
                     2/7 
  Verifying  : perfsonar-logstash-output-plugin-5.0.2-1.el7.noarch            
                     3/7 
  Verifying  : perfsonar-toolkit-archive-utils-5.0.2-1.el7.noarch             
                     4/7 
  Verifying  : perfsonar-toolkit-5.0.2-1.el7.noarch                           
                     5/7 
  Verifying  : perfsonar-archive-5.0.2-1.el7.noarch                           
                     6/7 
  Verifying  : opensearch-2.6.0-1.x86_64                                      
                     7/7 

Installed:
  perfsonar-toolkit.noarch 0:5.0.2-1.el7                                      
                         
[...]


Same should actually apply for CentOS systems as the check is
"lsb_release -si" by default. The later check

if [[ $OS == "redhat" ]]; then

does not work on CentOS, either ... I find this indeed strange that it
works at so many other sites. Just for reference: this would be the output
of "$OS" without the above check on CentOS nodes:

[pal51] ~ % lsb_release -si
CentOS

And on my SL7 test system:

[gordo-vm33] /root # lsb_release -si
Scientific


Nevertheless, even after running patched
/usr/lib/perfsonar/logstash/scripts/install_logstash_sysconfig.sh &
/usr/lib/perfsonar/archive/perfsonar-scripts/pselastic_secure_pre.sh all
this does not get the archive configuration right, although many of the
errors vanish. Still "elasticsearch.exceptions.AuthenticationException"
shows up.

Cheers,
Andreas
-- 
| Andreas Haupt            | E-Mail: 
|  DESY Zeuthen            | WWW:    http://www.zeuthen.desy.de/~ahaupt
|  Platanenallee 6         | Phone:  +49/33762/7-7359
|  D-15738 Zeuthen         | Fax:    +49/33762/7-7216

Attachment: smime.p7s
Description: S/MIME cryptographic signature