Version 8 (modified by piontek, 12 years ago) (diff)

--

QCG-Broker Nagios Probe

  1. QCG-Broker Nagios Probe
  2. Requirements
  3. Mandatory steps
    1. Certificate authorities
      1. EGI IGTF CAs
      2. PL-Grid Simpla-CA certificate (PL-Grid only)
      3. Certificate Revocation List - CLR
    2. QCG-Broker Nagios Probe
      1. Software repositories
      2. Installation
  4. Usage
    1. Usage example
  5. Exit Codes

The guide describes how to deploy and use the Nagios Probe for the QCG-Broker service

Requirements

  • Packages requirements - all packages required by the QCG-Broker Nagios probe will be automatically installed by the YUM during the installation of qcg-broker-nagios-probe package.
    • qcg-broker-client - the probe depends on the qcg-broker client
  • Test User proxy certificate accepted by QCG services

Mandatory steps

The installation and configuration of the Nagios probe consists of two mandatory steps:

  • installation of the set of trusted Certificate Authorities certificates,
  • installation of the probe and all packages it depends on.

Certificate authorities

To enable mutual authentication and secure communication between the client (which is used by the probe) and the QCG-Broker service set of trusted CA certificates must be copied either into the /etc/grid-security/certificates directory or configured individually for the test user.

EGI IGTF CAs

Install EGI Accepted CA certificates (this also install the Polish Grid CA)

  • Add appropriate YUM repository 
    cat > /etc/yum.repos.d/egi-trustanchors.repo << EOF
[EGI-trustanchors]
name=EGI-trustanchors
baseurl=http://repository.egi.eu/sw/production/cas/1/current/
gpgkey=http://repository.egi.eu/sw/production/cas/1/GPG-KEY-EUGridPMA-RPM-3
gpgcheck=1
enabled=1
EOF
  • Install certificates 
    yum install ca-policy-egi-core

The above instruction is based on this  manual

PL-Grid Simpla-CA certificate (PL-Grid only)

  • Add appropriate YUM repository 
    cat > /etc/yum.repos.d/plgrid.repo << EOF
[PLGRID-general]
name=PLGRID general packages repository
baseurl=http://software.plgrid.pl/packages/general/
enabled=1
metadata_expire=300
gpgcheck=0
EOF
  • Install certificates 
    yum install ca_PLGRID-SimpleCA

Certificate Revocation List - CLR

Configure the system to periodically update the information about revoked certificates.

  • Add appropriate YUM repository 
    cat > /etc/yum.repos.d/fetch-crl.repo << EOF
[EUGRIDPMA-fetch-crl]
name=EUGRIDPMA fetch-crl repository
baseurl=https://dist.eugridpma.info/distribution/util/fetch-crl3/
enabled=1
metadata_expire=300
gpgcheck=0
EOF
  • Install certificate revocation list fetching utility 
    yum install fetch-crl
  • Get fresh CRLs now 
    /usr/sbin/fetch-crl
  • Install cron job for fetching CRLs 
    cat > /etc/cron.daily/fetch-crl.cron << EOF
#!/bin/sh 
/usr/sbin/fetch-crl
EOF

chmod a+x /etc/cron.daily/fetch-crl.cron

QCG-Broker Nagios Probe

Software repositories

The packages are designed for Scientific Linux 5.x

The installation process requires root privileges.

  • Add PL-Grid or/and QCG repositories:
    • Official PL-Grid repository (recommended) 
      rpm -Uvh http://software.plgrid.pl/packages/repos/plgrid-repos-2010-2.noarch.rpm
    • Official QosCosGrid repository 
      cat > /etc/yum.repos.d/qcg.repo << EOF
[qcg]
name=QosCosGrid YUM repository
baseurl=http://www.qoscosgrid.org/qcg-packages/sl5/x86_64
enabled=1
gpgcheck=1
EOF

      #Import the QCG public key
rpm -import http://www.qoscosgrid.org/qcg-packages/sl5/RPM-GPG-KEY-QCG
    • QosCosGrid developing repository (not recommended - mainly for developers and testers) 
      cat > /etc/yum.repos.d/qcg.repo << EOF
[qcg-develop]
name=QosCosGrid Developer YUM repository
baseurl=http://grass1.man.poznan.pl/qcg-rpms/sl5/x86_64/
enabled=1
gpgcheck=0
EOF

Installation

  • install QCG-Broker Nagios Probe using YUM Package Manager: 
    yum install qcg-broker-nagios-probe

Usage

USAGE:

qcg-broker-probe [-H host] [-p port] [-l url] -n dn -x proxy [-m max] [-i interval] [-t type] [-j jobdesc] [-v] [-V]
-H host     - QCG-Broker host
-p port     - port which QCG-Broker is listening on (default 8443)
-l url      - full URL to the QCG-Broker. If set overwrites the HOST and PORT settings. If not set is build based on HOST and PORT
-n dn       - Distinguished Name of the QCG-Broker
-x proxy    - path to the proxy certificate
-m max      - maximum number of status checks (default 5)
-i interval - time interval in seconds between next status checks (default 10)
-j jobdesc  - path to the job description (default /usr/libexec/grid-monitoring/probes/org.qoscosgrid/broker/nagios-test.qcg)
-t type     - type of the job description: S for qcg Simple, J for JSDL, X for QCG-JobProfile (default X)
-v          - verbose
-V          - help

Usage example

Usage example:
/usr/libexec/grid-monitoring/probes/org.qoscosgrid/broker/qcg-broker-probe \\
                  -H qcg-broker.man.poznan.pl \\
                  -p 8443 \\
                  -n /C=PL/O=GRID/O=PSNC/CN=qcg-broker/qcg-broker.man.poznan.pl \\
                  -x /tmp/x509up_u500

Exit Codes

  • STATUS_OK - 0 - Task finished successfully
  • STATUS_WARNING - 1 - Task neither finished successfully nor failed in requested time (still active)
  • STATUS_CRITICAL - 2 - Task failed.
  • STATUS_UNKNOWN - 3 - The probe internal or configuration error.