perfsonar-user - Re: [perfsonar-user] Comments and tips on the new beta PS5.1
Subject: perfSONAR User Q&A and Other Discussion
List archive
- From: Phil Reese <>
- To: Andrew Lake <>, Tim Chown <>, Tim Chown <>
- Subject: Re: [perfsonar-user] Comments and tips on the new beta PS5.1
- Date: Fri, 26 Apr 2024 14:46:53 -0700
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=stanford.edu; dmarc=pass action=none header.from=stanford.edu; dkim=pass header.d=stanford.edu; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Bum9Vw8gHqaPNIk8tOpVfppwze6+WU2/itPbNC6C134=; b=UlaEE2l3wRhhOFPjTXmMSrvmXQzaG7nbkFFVdvz2NEw+s4SJPLyc1EVFNn7X3X/2Cb6ZBMt7lLJh38KNjDGWo7ZCBiAALdWWaMZHRuQSHGcd/pEQFePUx4RpD5PknWqSKVyqIgYNae5O7ffWt+lb06errc/kUweWcMHAV7Rtk7dDIqSgMll9ru6lOqeWceh4ghYt/PuQFNuREiMq8yKe6BpHPXMKCe8ZuP/XTobInqO7wKA9f67e7iyttG8dLiUA/94uE//OdSSCKKwtkUhKsS5rb0oF1fXWySxJkrg8PEZyXtw7DL3aorG/l91UizxkDqnGfcHFgDhDWTi3lieEpw==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=LvGkTK1WR9DDDcuGY9A8PqHvw/HoEDYJMJJuBPyP17aRbTEu6MBBOIWP+5ztT8XQkaLb1nZgC/6EZQrCGfmFR2Gk7Sc/z8MtsS5qWE9PCME/qZnK/wpEANy26hrxWze5Mg6VRKNjdODscD/s4Gev+7tyjd+0U0U0104yi1nFmHzREt7X7s/eiOlLU/fQn6/2v5B6npa3HN+mYwdlvvIJyUi1miwPQE4SrxEu1YLJqc8GLU6R98JVS+fMmc+NwnNa9GKX0+ARMbwCm2NSDJLp7BmqTZWXMUWnRYsa7HhMdPgQE+w6tvnWBzmedlg7aI6pdp+fgM2FN2zsmNAdRC5CZA==
Hi Andy and Tim,
Thanks for the comments in my note below from earlier in the week.
I've built and destroyed quite a number of 3x3 grids and archive hosts since then, all using Rocky9 so far.
I used vagrant to create the testpoint hosts and then used the new script to complete the testpoint build. I've done the same thing with Cockpit VMs.
I've honestly never had things work with the self certs.
I've come up with a few data points that might be of troubleshooting help:
1. The majority of the builds were done from home on a 192.168.x.x network range behind a pfSense firewall. pfSense served as the DHCP server and name resolver. I have a registered domain name, 'ufixu.com' which I use for all the hosts on the 192.168.0.0 net. (I used the FQDN in the json! Using just the domain name didn't produce results either, but I was aware that SSL certs must use the FQDN to work.)
2. I was never able to get 'curl https://hostname.ufiixu.com/psconfig/3-3.json' to work with the default self signed certs. Does the https curl work for you in your test enviro? Is that a valid test for setup issues, like pscheduler troubleshoot is?
3. I've put together a 3x3 setup and archive on the Stanford net. With self signed certs I couldn't get things working to populate grafana. However switching to http, everything started working.
4. At home I'm struggling to get things to populate on the 'All perfSONAR Measurements' dashboard, though data is being collected and showing on the 'perfSONAR Main' dashboard. (I mentioned in an earlier note that trying to update my long standing MaDDash grid to v5.1 worked but the hosts don't show on the 'All perfSONAR Measurements' page at all.)
Thanks for any pointers and I hope this beta feedback is helpful.
Phil
This is my cookbook for system installs:
Setting up Archive host:
sudo -s
curl -s https://raw.githubusercontent.com/perfsonar/project/installation-script/install-perfsonar | sh -s - --repo staging archive
psarchive troubleshoot --skip-opensearch-data
add ip range to: /etc/httpd/conf.d/apache-logstash.conf
systemctl restart httpd
dnf -y install perfsonar-grafana perfsonar-grafana-toolkit perfsonar-psconfig-hostmetrics perfsonar-psconfig-publisher
develop .json file
psconfig validate <xxxx.json>
psconfig publish <xxxx.json>
psconfig remote add "https://hostname.local/psconfig/<xxxx.json>"
sudo -s
curl -s https://raw.githubusercontent.com/perfsonar/project/installation-script/install-perfsonar | sh -s - --repo staging archive
psarchive troubleshoot --skip-opensearch-data
add ip range to: /etc/httpd/conf.d/apache-logstash.conf
systemctl restart httpd
dnf -y install perfsonar-grafana perfsonar-grafana-toolkit perfsonar-psconfig-hostmetrics perfsonar-psconfig-publisher
develop .json file
psconfig validate <xxxx.json>
psconfig publish <xxxx.json>
psconfig remote add "https://hostname.local/psconfig/<xxxx.json>"
open firewall port: sudo firewall-cmd --perm
--add-service=https And maybe http
sudo firewall-cmd --reload
vist this URL to populate Grafana Dashboards
https://archive.local/grafana/dashboards
Testpoint host:
sudo -s
curl -s https://raw.githubusercontent.com/perfsonar/project/installation-script/install-perfsonar | sh -s - --repo staging testpoint
pscheduler troubleshoot
use line from above: "psconfig remote add "https://hostname.local/psconfig/<xxxx.json>"
vist this URL to populate Grafana Dashboards
https://archive.local/grafana/dashboards
Testpoint host:
sudo -s
curl -s https://raw.githubusercontent.com/perfsonar/project/installation-script/install-perfsonar | sh -s - --repo staging testpoint
pscheduler troubleshoot
use line from above: "psconfig remote add "https://hostname.local/psconfig/<xxxx.json>"
On 4/24/24 6:29 AM, Andrew Lake wrote:
"> >
> 2. The Testpoint and Archive installs, appropriately, don't install any firewall rules. Testpoint has the option to install the additional 'dnf install perfsonar-toolkit-security' and '/usr/lib/perfsonar/scripts/configure_firewall install', you probably want to run both. For Archive, open at least 'HTTPS' and maybe 'HTTP'
Is plain http needed?No, plain HTTP is not needed, no one needs to open that. If you run into something you think requires it, let us know.
> 3. If you are setting up something like the diagram on this page: https://docs.perfsonar.net/release_candidates/5.1.0/cookbook_central_archive.html, if the Archive host has appropriate SSL Certs, things go smoother, though HTTP use can be made to work with appropriate mods to the generated 'psconfig publish' URL. (though results have varied)
>
> Hope these help, if this is too much, let me know.All steps should work if you run the commands as given using the default self-signed certificates, did you run into a command that didn’t work for you?
- [perfsonar-user] Comments and tips on the new beta PS5.1, Phil Reese, 04/23/2024
- Re: [perfsonar-user] Comments and tips on the new beta PS5.1, Tim Chown, 04/24/2024
- Re: [perfsonar-user] Comments and tips on the new beta PS5.1, Andrew Lake, 04/24/2024
- Re: [perfsonar-user] Comments and tips on the new beta PS5.1, Phil Reese, 04/26/2024
- Re: [perfsonar-user] Comments and tips on the new beta PS5.1, Andrew Lake, 04/24/2024
- Re: [perfsonar-user] Comments and tips on the new beta PS5.1, Tim Chown, 04/24/2024
Archive powered by MHonArc 2.6.24.