Skip to Content.
Sympa Menu

perfsonar-user - Re: [perfsonar-user] Comments and tips on the new beta PS5.1

Subject: perfSONAR User Q&A and Other Discussion

List archive

Re: [perfsonar-user] Comments and tips on the new beta PS5.1


Chronological Thread 
  • From: Andrew Lake <>
  • To: Phil Reese <>, Tim Chown <>, Tim Chown <>
  • Subject: Re: [perfsonar-user] Comments and tips on the new beta PS5.1
  • Date: Wed, 1 May 2024 05:36:21 -0700


A a few comments inline:

On April 26, 2024 at 5:46:59 PM, Phil Reese () wrote:

Hi Andy and Tim,

Thanks for the comments in my note below from earlier in the week.

I've built and destroyed quite a number of 3x3 grids and archive hosts since then, all using Rocky9 so far.

I used vagrant to create the testpoint hosts and then used the new script to complete the testpoint build.  I've done the same thing with Cockpit VMs.  

I've honestly never had things work with the self certs.

I've come up with a few data points that might be of troubleshooting help:
1. The majority of the builds were done from home on a 192.168.x.x network range behind a pfSense firewall.  pfSense served as the DHCP server and name resolver.  I have a registered domain name, 'ufixu.com' which I use for all the hosts on the 192.168.0.0 net.  (I used the FQDN in the json!  Using just the domain name didn't produce results either, but I was aware that SSL certs must use the FQDN to work.)

2. I was never able to get  'curl https://hostname.ufiixu.com/psconfig/3-3.json' to work with the default self signed certs.  Does the https curl work for you in your test enviro?  Is that a valid test for setup issues, like pscheduler troubleshoot is?

You need use “-k” to get curl to work with self-signed certs. AFAIK anywhere in our docs where we tell people to use curl against their perfSONAR host for verification reasons we include this option. 



3. I've put together a 3x3 setup and archive on the Stanford net.  With self signed certs I couldn't get things working to populate grafana.  However switching to http, everything started working.

You should never have to do this. Things like psconfig will let you know in the logs if they are having trouble with certs, but by default they will not complain about self-signed certificates. I am guessing something else is at play here, but may be wrong. My test environment uses the default certificates generated by the package install without issue. Is you firewall setup treating 443 traffic different that 80 possibly?



4. At home I'm struggling to get things to populate on the 'All perfSONAR Measurements' dashboard, though data is being collected and showing on the 'perfSONAR Main' dashboard.  (I mentioned in an earlier note that trying to update my long standing MaDDash grid to v5.1 worked but the hosts don't show on the 'All perfSONAR Measurements' page at all.)

I am guessing this is also not certificate related. Do the hosts not show or do you have a dashboard with labelled rows and columns but no results? It might be having trouble mapping your names and IPs for some reason when querying. If you use just the IPs on your pSConfig json file does that make a difference?




Thanks for any pointers and I hope this beta feedback is helpful.

Phil

This is my cookbook for system installs:

Setting up Archive host:
sudo -s
curl -s https://raw.githubusercontent.com/perfsonar/project/installation-script/install-perfsonar | sh -s - --repo staging archive
psarchive troubleshoot --skip-opensearch-data
add ip range to: /etc/httpd/conf.d/apache-logstash.conf
systemctl restart httpd
dnf -y install perfsonar-grafana perfsonar-grafana-toolkit perfsonar-psconfig-hostmetrics perfsonar-psconfig-publisher
develop .json file
psconfig validate <xxxx.json>
psconfig publish <xxxx.json>
psconfig remote add "https://hostname.local/psconfig/<xxxx.json>"
open firewall port:  sudo firewall-cmd --perm --add-service=https  And maybe http
sudo firewall-cmd --reload
vist this URL to populate Grafana Dashboards
  https://archive.local/grafana/dashboards
 
 
Testpoint host:
sudo -s
curl -s https://raw.githubusercontent.com/perfsonar/project/installation-script/install-perfsonar | sh -s - --repo staging testpoint
pscheduler troubleshoot
  use line from above: "psconfig remote add "https://hostname.local/psconfig/<xxxx.json>"


On 4/24/24 6:29 AM, Andrew Lake wrote:
> 
> 2. The Testpoint and Archive installs, appropriately, don't install any firewall rules. Testpoint has the option to install the additional 'dnf install perfsonar-toolkit-security' and '/usr/lib/perfsonar/scripts/configure_firewall install', you probably want to run both. For Archive, open at least 'HTTPS' and maybe 'HTTP' 

Is plain http needed? 

No, plain HTTP is not needed, no one needs to open that. If you run into something you think requires it, let us know. 

> 3. If you are setting up something like the diagram on this page: https://docs.perfsonar.net/release_candidates/5.1.0/cookbook_central_archive.html, if the Archive host has appropriate SSL Certs, things go smoother, though HTTP use can be made to work with appropriate mods to the generated 'psconfig publish' URL. (though results have varied) 
> 
> Hope these help, if this is too much, let me know. 

All steps should work if you run the commands as given using the default self-signed certificates, did you run into a command that didn’t work for you? 



  • Re: [perfsonar-user] Comments and tips on the new beta PS5.1, Andrew Lake, 05/01/2024

Archive powered by MHonArc 2.6.24.

Top of Page