= QCG-Broker Nagios Probe = [[PageOutline]] '''The guide describes how to deploy and use the Nagios Probe for the QCG-Broker service''' = Requirements = * '''Packages requirements''' - all packages required by the QCG-Broker Nagios probe will be automatically installed by the YUM during the installation of qcg-broker-nagios-probe package. * ''qcg-broker-client'' - the probe depends on the qcg-broker client * '''Test User proxy certificate accepted by QCG services''' = Mandatory steps = The installation and configuration of the Nagios probe consists of two mandatory steps: * installation of the set of trusted Certificate Authorities certificates, * installation of the probe and all packages it depends on. == Certificate authorities == To enable mutual authentication and secure communication between the client (which is used by the probe) and the QCG-Broker service set of trusted CA certificates must be copied either into the /etc/grid-security/certificates directory or configured individually for the test user. === EGI IGTF CAs === Install EGI Accepted CA certificates (this also install the Polish Grid CA) * Add appropriate YUM repository {{{ #!div style="font-size: 90%" {{{#!sh cat > /etc/yum.repos.d/egi-trustanchors.repo << EOF [EGI-trustanchors] name=EGI-trustanchors baseurl=http://repository.egi.eu/sw/production/cas/1/current/ gpgkey=http://repository.egi.eu/sw/production/cas/1/GPG-KEY-EUGridPMA-RPM-3 gpgcheck=1 enabled=1 EOF }}} }}} * Install certificates {{{ #!div style="font-size: 90%" {{{#!sh yum install ca-policy-egi-core }}} }}} The above instruction is based on this [https://wiki.egi.eu/wiki/EGI_IGTF_Release manual] === PL-Grid Simpla-CA certificate (PL-Grid only) === * Add appropriate YUM repository {{{ #!div style="font-size: 90%" {{{#!sh cat > /etc/yum.repos.d/plgrid.repo << EOF [PLGRID-general] name=PLGRID general packages repository baseurl=http://software.plgrid.pl/packages/general/ enabled=1 metadata_expire=300 gpgcheck=0 EOF }}} }}} * Install certificates {{{ #!div style="font-size: 90%" {{{#!sh yum install ca_PLGRID-SimpleCA }}} }}} === Certificate Revocation List - CLR === Configure the system to periodically update the information about revoked certificates. * Add appropriate YUM repository {{{ #!div style="font-size: 90%" {{{#!sh cat > /etc/yum.repos.d/fetch-crl.repo << EOF [EUGRIDPMA-fetch-crl] name=EUGRIDPMA fetch-crl repository baseurl=https://dist.eugridpma.info/distribution/util/fetch-crl3/ enabled=1 metadata_expire=300 gpgcheck=0 EOF }}} }}} * Install certificate revocation list fetching utility {{{ #!div style="font-size: 90%" {{{#!sh yum install fetch-crl }}} }}} * Get fresh CRLs now {{{ #!div style="font-size: 90%" {{{#!sh /usr/sbin/fetch-crl }}} }}} * Install cron job for fetching CRLs {{{ #!div style="font-size: 90%" {{{#!sh cat > /etc/cron.daily/fetch-crl.cron << EOF #!/bin/sh /usr/sbin/fetch-crl EOF }}} }}} {{{ #!div style="font-size: 90%" {{{#!sh chmod a+x /etc/cron.daily/fetch-crl.cron }}} }}} == QCG-Broker Nagios Probe Installation == === Software repositories === '''The packages are designed for Scientific Linux 5.x The installation process requires root privileges. ''' * Add PL-Grid or/and QCG repositories: * Official PL-Grid repository (recommended) {{{ #!div style="font-size: 90%" {{{#!sh rpm -Uvh http://software.plgrid.pl/packages/repos/plgrid-repos-2010-2.noarch.rpm }}} }}} * Official !QosCosGrid repository {{{ #!div style="font-size: 90%" {{{#!sh cat > /etc/yum.repos.d/qcg.repo << EOF [qcg] name=QosCosGrid YUM repository baseurl=http://www.qoscosgrid.org/qcg-packages/sl5/x86_64 enabled=1 gpgcheck=1 EOF }}} {{{ #Import the QCG public key rpm -import http://www.qoscosgrid.org/qcg-packages/sl5/RPM-GPG-KEY-QCG }}} }}} * !QosCosGrid developing repository (not recommended - mainly for developers and testers) {{{ #!div style="font-size: 90%" {{{#!sh cat > /etc/yum.repos.d/qcg.repo << EOF [qcg-develop] name=QosCosGrid Developer YUM repository baseurl=http://grass1.man.poznan.pl/qcg-rpms/sl5/x86_64/ enabled=1 gpgcheck=0 EOF }}} }}} === Installation === * install QCG-Broker Nagios Probe using YUM Package Manager: {{{ #!div style="font-size: 90%" {{{#!sh yum install qcg-broker-nagios-probe }}} }}} = Usage = {{{#!sh USAGE: qcg-broker-probe [-H host] [-p port] [-l url] -n dn -x proxy [-m max] [-i interval] [-t type] [-j jobdesc] [-v] [-V] -H host - QCG-Broker host -p port - port which QCG-Broker is listening on (default 8443) -l url - full URL to the QCG-Broker. If set overwrites the HOST and PORT settings. If not set is build based on HOST and PORT -n dn - Distinguished Name of the QCG-Broker -x proxy - path to the proxy certificate -m max - maximum number of status checks (default 5) -i interval - time interval in seconds between next status checks (default 10) -j jobdesc - path to the job description (default /usr/libexec/grid-monitoring/probes/org.qoscosgrid/broker/nagios-test.qcg) -t type - type of the job description: S for qcg Simple, J for JSDL, X for QCG-JobProfile (default X) -v - verbose -V - help }}} == Usage example == {{{#!sh Usage example: /usr/libexec/grid-monitoring/probes/org.qoscosgrid/broker/qcg-broker-probe \\ -H qcg-broker.man.poznan.pl \\ -p 8443 \\ -n /C=PL/O=GRID/O=PSNC/CN=qcg-broker/qcg-broker.man.poznan.pl \\ -x /tmp/x509up_u500 }}} = Exit Codes = * '''STATUS_OK''' - 0 - Task finished successfully * '''STATUS_WARNING''' - 1 - Task neither finished successfully nor failed in requested time (still active) * '''STATUS_CRITICAL''' - 2 - Task failed. * '''STATUS_UNKNOWN''' - 3 - The probe internal or configuration error.