perfSONAR User Q&A and Other Discussion

[Phil Reese <>]

    Hi Andy and Tim,
    
    Thanks for the comments in my note below from earlier in the week.
    
    I've built and destroyed quite a number of 3x3 grids and archive
    hosts since then, all using Rocky9 so far.
    
    I used vagrant to create the testpoint hosts and then used the new
    script to complete the testpoint build.  I've done the same thing
    with Cockpit VMs.  
    
    I've honestly never had things work with the self certs.
    
    I've come up with a few data points that might be of troubleshooting
    help:
    1. The majority of the builds were done from home on a 192.168.x.x
    network range behind a pfSense firewall.  pfSense served as the DHCP
    server and name resolver.  I have a registered domain name,
    'ufixu.com' which I use for all the hosts on the 192.168.0.0 net. 
    (I used the FQDN in the json!  Using just the domain name didn't
    produce results either, but I was aware that SSL certs must use the
    FQDN to work.)
    
    2. I was never able to get  'curl
    https://hostname.ufiixu.com/psconfig/3-3.json' to work with the
    default self signed certs.  Does the https curl work for you in your
    test enviro?  Is that a valid test for setup issues, like pscheduler
    troubleshoot is?
    
    3. I've put together a 3x3 setup and archive on the Stanford net. 
    With self signed certs I couldn't get things working to populate
    grafana.  However switching to http, everything started working.
    
    4. At home I'm struggling to get things to populate on the 'All
    perfSONAR Measurements' dashboard, though data is being collected
    and showing on the 'perfSONAR Main' dashboard.  (I mentioned in an
    earlier note that trying to update my long standing MaDDash grid to
    v5.1 worked but the hosts don't show on the 'All perfSONAR
    Measurements' page at all.)
    
    Thanks for any pointers and I hope this beta feedback is helpful.
    
    Phil
    
      This is my cookbook for system installs:

Setting up Archive host:
sudo -s
curl -s https://raw.githubusercontent.com/perfsonar/project/installation-script/install-perfsonar | sh -s - --repo staging archive
psarchive troubleshoot --skip-opensearch-data
add ip range to: /etc/httpd/conf.d/apache-logstash.conf
systemctl restart httpd
dnf -y install perfsonar-grafana perfsonar-grafana-toolkit perfsonar-psconfig-hostmetrics perfsonar-psconfig-publisher
develop .json file
psconfig validate <xxxx.json>
psconfig publish <xxxx.json>
psconfig remote add "https://hostname.local/psconfig/<xxxx.json>"

open firewall port:  sudo firewall-cmd --perm --add-service=https  And maybe http

sudo firewall-cmd --reload
vist this URL to populate Grafana Dashboards
  https://archive.local/grafana/dashboards
 
 
Testpoint host:
sudo -s
curl -s https://raw.githubusercontent.com/perfsonar/project/installation-script/install-perfsonar | sh -s - --repo staging testpoint
pscheduler troubleshoot
  use line from above: "psconfig remote add "https://hostname.local/psconfig/<xxxx.json>"

On 4/24/24 6:29 AM, Andrew Lake wrote:

"> > 

> 2. The Testpoint and Archive installs, appropriately, don't install any firewall rules. Testpoint has the option to install the additional 'dnf install perfsonar-toolkit-security' and '/usr/lib/perfsonar/scripts/configure_firewall install', you probably want to run both. For Archive, open at least 'HTTPS' and maybe 'HTTP' 

Is plain http needed? 

No, plain HTTP is not needed, no one needs to open that. If you run into something you think requires it, let us know.

> 3. If you are setting up something like the diagram on this page: https://docs.perfsonar.net/release_candidates/5.1.0/cookbook_central_archive.html, if the Archive host has appropriate SSL Certs, things go smoother, though HTTP use can be made to work with appropriate mods to the generated 'psconfig publish' URL. (though results have varied) 
> 
> Hope these help, if this is too much, let me know. 

All steps should work if you run the commands as given using the default self-signed certificates, did you run into a command that didn’t work for you?