Context Navigation

Changes between Version 3 and Version 4 of NagiosProbes

Timestamp:: 04/11/13 21:13:10 (11 years ago)
Author:: piontek
Comment:: --

Legend:

: Unmodified
: Added
: Removed
: Modified

NagiosProbes

v3	v4
1		= QCG Broker Nagios Probe Installation =
	1	= QCG-Broker Nagios Probe Installation =
2	2
3	3	[[PageOutline]]
4	4
	5	'''The guide describe how to deploy and use the Nagios Probe for the QCG-Broker service'''
	6
	7
5	8	= Requirements =
6		* '''Packages requirements'''.
7		All packages required by QCG-Broker client will be automatically instaled by YUM during the installation of qcg-broker-client package.
8		* '''Java (>= 1.5)'''\\
9		{{{
10		#!div style="font-size: 90%"
11		For SL5.x
12		{{{#!sh
13		yum install java-1.6.0-sun-compat.x86_64
14		}}}
15		}}}
16		* '''Apache Ant''' (>= 1.6) ("Optional tasks for ant" are required. For SL5.x the ''ant-nodeps.x86_64'' package must be installed)
17		{{{
18		#!div style="font-size: 90%"
19		For SL5.x
20		{{{#!sh
21		yum install ant.x86_64 ant-nodeps.x86_64
22		}}}
23		}}}
24		* '''xml-commons-apis''' - installation of this package is not mandatory, but is recommended to avoid confusing information about not important errors.
25		{{{
26		#!div style="font-size: 90%"
27		For SL5.x
28		{{{#!sh
29		yum install xml-commons.x86_64 xml-commons-apis.x86_64
30		}}}
31		}}}
32		* '''trusted CA certificates'''
33		To enable secure communication between client and QCG-Broker service set of trusted CA certificates must be copied either into `/etc/grid-security/certificates` directory or configured for every user.
34
35		For the PL-Grid project: Install Polish Grid and PL-Grid Simpla-CA certificates:
36		{{{
37		#!div style="font-size: 90%"
38		{{{#!sh
39		wget https://dist.eugridpma.info/distribution/igtf/current/accredited/RPMS/ca_PolishGrid-1.42-1.noarch.rpm
40		wget http://software.plgrid.pl/packages/general/ca_PLGRID-SimpleCA-1.0-2.noarch.rpm
41		wget https://dist.eugridpma.info/distribution/util/fetch-crl/fetch-crl-2.8.5-1.noarch.rpm
42
43		rpm -i ca_PolishGrid-1.40-1.noarch.rpm
44		rpm -i ca_PLGRID-SimpleCA-1.0-2.noarch.rpm
45
46		#install certificate revocation list fetching utility
47		rpm -i fetch-crl-2.8.5-1.noarch.rpm
48
49		#get fresh CRLs now
	9	* '''Packages requirements''' - all packages required by the QCG-Broker Nagios probe will be automatically installed by the YUM during the installation of qcg-broker-nagios-probe package.
	10	* ''qcg-broker-client'' - the probe depends on the qcg-broker client
	11
	12	= Mandatory steps =
	13	The installation and configuration of the Nagios probe consists of two mandatory steps:
	14	* installation of the set of trusted Certificate Authorities certificates,
	15	* installation of the probe itself and all packages it depends on.
	16
	17	== Certificate authorities ==
	18	To enable mutual authentication and secure communication between the client (which is used by the probe) and the QCG-Broker service set of trusted CA certificates must be copied either into the /etc/grid-security/certificates directory or configured individually for the test user.
	19
	20	=== EGI IGTF CAs ===
	21	Install EGI Accepted CA certificates (this also install the Polish Grid CA)
	22	* Add appropriate YUM repository
	23	{{{
	24	#!div style="font-size: 90%"
	25	{{{#!sh
	26	cat > /etc/yum.repos.d/egi-trustanchors.repo << EOF
	27	[EGI-trustanchors]
	28	name=EGI-trustanchors
	29	baseurl=http://repository.egi.eu/sw/production/cas/1/current/
	30	gpgkey=http://repository.egi.eu/sw/production/cas/1/GPG-KEY-EUGridPMA-RPM-3
	31	gpgcheck=1
	32	enabled=1
	33	EOF
	34	}}}
	35	}}}
	36
	37	* Install certificates
	38	{{{
	39	#!div style="font-size: 90%"
	40	{{{#!sh
	41	yum install ca-policy-egi-core
	42	}}}
	43	}}}
	44
	45	The above instruction is based on this [https://wiki.egi.eu/wiki/EGI_IGTF_Release manual]
	46
	47	=== PL-Grid Simpla-CA certificate (PL-Grid only) ===
	48	* Add appropriate YUM repository
	49	{{{
	50	#!div style="font-size: 90%"
	51	{{{#!sh
	52	cat > /etc/yum.repos.d/plgrid.repo << EOF
	53	[PLGRID-general]
	54	name=PLGRID general packages repository
	55	baseurl=http://software.plgrid.pl/packages/general/
	56	enabled=1
	57	metadata_expire=300
	58	gpgcheck=0
	59	EOF
	60	}}}
	61	}}}
	62
	63	* Install certificates
	64	{{{
	65	#!div style="font-size: 90%"
	66	{{{#!sh
	67	yum install ca_PLGRID-SimpleCA
	68	}}}
	69	}}}
	70
	71
	72	=== Certificate Revocation List - CLR ===
	73	Configure the system to periodically update the information about revoked certificates.
	74
	75	* Add appropriate YUM repository
	76	{{{
	77	#!div style="font-size: 90%"
	78	{{{#!sh
	79	cat > /etc/yum.repos.d/fetch-crl.repo << EOF
	80	[EUGRIDPMA-fetch-crl]
	81	name=EUGRIDPMA fetch-crl repository
	82	baseurl=https://dist.eugridpma.info/distribution/util/fetch-crl3/
	83	enabled=1
	84	metadata_expire=300
	85	gpgcheck=0
	86	EOF
	87	}}}
	88	}}}
	89
	90	* Install certificate revocation list fetching utility
	91	{{{
	92	#!div style="font-size: 90%"
	93	{{{#!sh
	94	yum install fetch-crl
	95	}}}
	96	}}}
	97
	98	* Get fresh CRLs now
	99	{{{
	100	#!div style="font-size: 90%"
	101	{{{#!sh
50	102	/usr/sbin/fetch-crl
51
52		#install cron job for it
	103	}}}
	104	}}}
	105
	106	* Install cron job for fetching CRLs
	107	{{{
	108	#!div style="font-size: 90%"
	109	{{{#!sh
53	110	cat > /etc/cron.daily/fetch-crl.cron << EOF
54	111	#!/bin/sh
55	112	/usr/sbin/fetch-crl
56	113	EOF
57
	114	}}}
	115	}}}
	116
	117	{{{
	118	#!div style="font-size: 90%"
	119	{{{#!sh
58	120	chmod a+x /etc/cron.daily/fetch-crl.cron
59	121	}}}
60	122	}}}
61		* '''Proxy credential'''
62
63		= Installation =
64		The package is designed for Scientific Linux 5.x (recommended and tested version is 5.5).
	123
	124
	125
	126
	127
	128	== QCG-Broker Nagios Probe ==
	129
	130	=== Software repositories ===
	131	'''The packages are designed for Scientific Linux 5.x
	132
65	133	The installation process requires root privileges.
66
67		* Install PL-Grid or/and QCG repositories:
68		* Official PL-Grid repository
	134	'''
	135
	136	* Add PL-Grid or/and QCG repositories:
	137	* Official PL-Grid repository (recommended)
69	138	{{{
70	139	#!div style="font-size: 90%"
…	…
73	142	}}}
74	143	}}}
75		* ~~!QosCosGrid testing~~ repository
	144	* Official !QosCosGrid repository
76	145	{{{
77	146	#!div style="font-size: 90%"
…	…
80	149	[qcg]
81	150	name=QosCosGrid YUM repository
82		baseurl=http://fury.man.poznan.pl/qcg-packages/sl/x86_64/
	151	baseurl=http://www.qoscosgrid.org/qcg-packages/sl5/x86_64
	152	enabled=1
	153	gpgcheck=1
	154	EOF
	155	}}}
	156	{{{
	157	#Import the QCG public key
	158	rpm -import http://www.qoscosgrid.org/qcg-packages/sl5/RPM-GPG-KEY-QCG
	159	}}}
	160	}}}
	161	* !QosCosGrid developing repository (not recommended - mainly for developers and testers)
	162	{{{
	163	#!div style="font-size: 90%"
	164	{{{#!sh
	165	cat > /etc/yum.repos.d/qcg.repo << EOF
	166	[qcg-develop]
	167	name=QosCosGrid Developer YUM repository
	168	baseurl=http://grass1.man.poznan.pl/qcg-rpms/sl5/x86_64/
83	169	enabled=1
84	170	gpgcheck=0
…	…
86	172	}}}
87	173	}}}
88		* install QCG-Broker Nagios Probe YUM Package Manager:
89		{{{
90		#!div style="font-size: 90%"
91		{{{#!sh
92		yum install nagios-plugins-qcg-broker
93		}}}
94		}}}
95
	174
	175	=== Installation ===
	176	* install QCG-Broker Nagios Probe using YUM Package Manager:
	177	{{{
	178	#!div style="font-size: 90%"
	179	{{{#!sh
	180	yum install qcg-broker-nagios-probe
	181	}}}
	182	}}}
96	183
97	184	= Usage =
98
99		'''qcg-nagios -H host [-p port] -n dn -x proxy [-t timeout -v -V -j jobdesc]'''
100		'''qcg-nagios -u url -n dn -x proxy [-t timeout -v -V -j jobdesc]'''
101
102		'''-v - verbose'''
103
104		'''-V - help'''
	185	{{{#!sh
	186	USAGE:
	187
	188	qcg-broker-probe [-H host] [-p port] [-l url] -n dn -x proxy [-m max] [-i interval] [-t type] [-j jobdesc] [-v] [-V]
	189	-H host - QCG-Broker host
	190	-p port - port which QCG-Broker is listening on (default 8443)
	191	-l url - full URL to the QCG-Broker. If set overwrites the HOST and PORT settings. If not set is build based on HOST and PORT
	192	-n dn - Distinguished Name of the QCG-Broker
	193	-x proxy - path to the proxy certificate
	194	-m max - maximum number of status checks (default 5)
	195	-i interval - time interval in seconds between next status checks (default 10)
	196	-j jobdesc - path to the job description (default /usr/libexec/grid-monitoring/probes/org.qoscosgrid/broker/nagios-test.qcg)
	197	-t type - type of the job description: S for qcg Simple, J for JSDL, X for QCG-JobProfile (default X)
	198	-v - verbose
	199	-V - help
	200
	201	}}}
105	202
106	203	== Usage example ==
107	204	{{{#!sh
108		/usr/libexec/grid-monitoring/probes/pl.plgrid/QCG-Broker-probes/qcg-nagios \
109		-H elder7.man.poznan.pl \
110		-p 8443 \
111		-n /C=PL/O=GRID/O=PSNC/CN=qcg-broker/hostname.domain \
112		-x /tmp/x509up_u500 \
113		/usr/libexec/grid-monitoring/probes/pl.plgrid/QCG-Broker-probes/examples/example1.xml
114
115		}}}
116
117		{{{#!sh
118		/usr/libexec/grid-monitoring/probes/pl.plgrid/QCG-Broker-probes/qcg-nagios \
119		-u https://hostname.domain:8443/qcg/services/JobFactory \
120		-n /C=PL/O=GRID/O=PSNC/CN=qcg-broker/hostname.domain \
121		-x /tmp/x509up_u500 \
122		/usr/libexec/grid-monitoring/probes/pl.plgrid/QCG-Broker-probes/examples/example1.xml
123
	205	Usage example:
	206	/usr/libexec/grid-monitoring/probes/org.qoscosgrid/broker/qcg-broker-probe \\
	207	-H qcg-broker.man.poznan.pl \\
	208	-p 8443 \\
	209	-n /C=PL/O=GRID/O=PSNC/CN=qcg-broker/qcg-broker.man.poznan.pl \\
	210	-x /tmp/x509up_u500
124	211	}}}
125	212