[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[LDM #NXJ-554265]: LDM setup questions
- Subject: [LDM #NXJ-554265]: LDM setup questions
- Date: Thu, 26 Apr 2007 18:49:57 -0600
Hi Yoori,
OK. Our quick shutting down of your firewall allowed me to SSH to your machine.
As I mentioned on the phone, I immediately became 'root' and then restarted
the firewall. The total time the firewall was off was on the order of 15
seconds
so I think we are OK securitywise.
The first thing I did was to tweek the firewall settings in
/etc/sysconfig/iptables.
After making the changes that you can see, I restarted the firewall using:
/etc/init.d/iptables restart
I then verified that I could create another SSH login to your machine.
Since I want to make absolutely sure that your machine is secure, I am running
'nmap -sS nopp.cae.drexel.edu' from a Linux machine here at Unidata. This
probes your
machine to see what ports are open.
This returned the following:
[root@yakov sysconfig]# nmap -sS nopp.cae.drexel.edu
Starting Nmap 4.03 ( http://www.insecure.org/nmap/ ) at 2007-04-26 17:59 MDT
Interesting ports on nopp.cae.drexel.edu (129.25.60.58):
(The 1671 ports scanned but not shown below are in state: filtered)
PORT STATE SERVICE
22/tcp open ssh
112/tcp closed mcidas
388/tcp closed unidata-ldm
Nmap finished: 1 IP address (1 host up) scanned in 1704.146 seconds
This list matches what we would expect from the settings in
/etc/sysconfig/iptables,
so there are no security holes! We can adjust your firewall setup as needed
after the
LDM installation is finished.
While continuing as 'root', I decided to check on the configuration settings for
/etc/syslog.conf, /etc/rpc, and /etc/services. I found that you had configured
/etc/syslog.conf correctly, but you had not yet done /etc/rpc or /etc/services.
I went ahead and configured these for you:
/etc/services:
# Local services
ldm 388/tcp ldmd # Unidata LDM-6
/etc/rpc:
ldm 300029 ldmd
As for your LDM installation... here is what I found:
1) you correctly created a runtime link in /usr/local/ldm pointing at your LDM
installation:
ls -alt ~ldm/runtime
lrwxrwxrwx 1 ldm ldm 9 Apr 25 14:48 /usr/local/ldm/runtime -> ldm-6.6.3
Missing, however, was the runtime links for bin, src, etc. I found that
there was an extraneous soft link in the ~ldm/ldm-6.6.3 directory:
[ldm@nopp runtime]$ ls -alt
total 60
drwx------ 19 ldm ldm 4096 Apr 26 19:28 ..
drwxrwxr-x 7 ldm ldm 4096 Apr 26 11:25 .
lrwxrwxrwx 1 ldm ldm 9 Apr 26 11:25 ldm-6.6.3 -> ldm-6.6.3
drwxr-xr-x 29 ldm ldm 4096 Apr 26 11:19 src
drwxrwxr-x 2 ldm ldm 4096 Apr 26 11:19 bin
drwxrwxr-x 2 ldm ldm 4096 Apr 24 14:05 include
drwxrwxr-x 4 ldm ldm 4096 Apr 24 14:05 man
drwxrwxr-x 2 ldm ldm 4096 Apr 24 14:05 lib
I removed this bad link and then made the needed runtime links from the ~ldm
directory:
cd ~ldm/runtime
rm ldm-6.6.3
cd ~ldm
ln -s runtime/* .
Now, you have a full and proper set of soft links in the ~ldm directory:
[ldm@nopp ~]$ ls -alt
total 988
drwxrwxr-x 7 ldm ldm 4096 Apr 26 19:28 ldm-6.6.3
drwx------ 19 ldm ldm 4096 Apr 26 19:28 .
lrwxrwxrwx 1 ldm ldm 11 Apr 26 19:28 bin -> runtime/bin
lrwxrwxrwx 1 ldm ldm 15 Apr 26 19:28 include -> runtime/include
lrwxrwxrwx 1 ldm ldm 11 Apr 26 19:28 lib -> runtime/lib
lrwxrwxrwx 1 ldm ldm 11 Apr 26 19:28 man -> runtime/man
lrwxrwxrwx 1 ldm ldm 11 Apr 26 19:28 src -> runtime/src
And, after making these links, 'ldmadmin can be found':
[ldm@nopp ~]$ which ldmadmin
~/bin/ldmadmin
2) I see that you created 'data' and 'logs' subdirectories of /usr/local/ldm,
good. In order to make your setup a bit more like most, I make the following
change:
[ldm@nopp ~]$ rmdir logs
[ldm@nopp ~]$ mkdir data/logs
[ldm@nopp ~]$ ln -s data/logs logs
[ldm@nopp ~]$ touch logs/ldmd.log
3) I reviewed your configuration of ~ldm/etc/ldmd.conf. Even though everything
was correct, I moved your request lines from just after the EXEC of pqact
to the section of the file where example REQUEST lines are kept. This
was _not_ needed, but it made the contents of the file more readable (i.e.,
put all EXEC actions in one place; all REQUEST actions in one place; and
all ALLOW actions in one place).
4) I notice that you do not have any actions in ~ldm/etc/pqact.conf that will
process the NEXRAD4 data you will be requesting from
mapserver.unidata.ucar.edu.
5) I took the liberty of increasing the size of your LDM queue from the default
400 MB (400M) to 1 Gb (1G) in ~ldm/etc/ldmadmin-pl.conf
After making the above changes, I created the LDM product queue:
[ldm@nopp ~]$ ldmadmin mkqueue -f
I then checked the LDM configuration:
[ldm@nopp ~]$ ldmadmin config
hostname: nopp.cae.drexel.edu
os: Linux
release: 2.6.9-42.0.10.ELsmp
ldmhome: /usr/local/ldm
bin path: /usr/local/ldm/bin
conf file: /usr/local/ldm/etc/ldmd.conf
log file: /usr/local/ldm/logs/ldmd.log
numlogs: 7
log_rotate: 1
data path: /usr/local/ldm/data
product queue: /usr/local/ldm/data/ldm.pq
queue size: 1G bytes
queue slots: default
IP address: all
port: 388
PID file: /usr/local/ldm/ldmd.pid
LDMHOSTNAME: nopp.cae.drexel.edu
PATH:
/usr/local/ldm/bin:/bin:/usr/bin:/usr/sbin:/sbin:/usr/ucb:/usr/usb:/usr/etc:/etc:/usr/kerberos/bin:/usr/local/bin:/bin:/usr/bin:/usr/X11R6/bin:/usr/local/ldm/bin
So far, everything looks good!
Next, I started the LDM ingesting data from mapserver.unidata.ucar.edu:
[ldm@nopp ~]$ ldmadmin start
The product-queue is OK.
/usr/local/ldm/etc/pqact.conf is syntactically correct
Starting the LDM server...
Next, I verified that you are receiving data:
[ldm@nopp ~]$ ldmadmin watch
(Type ^D when finished)
Apr 27 01:11:46 pqutil INFO: 194560 20070427001303.222 EXP 000
NEXRAD4_KAKQ_2007_04_27_000641.tar
Apr 27 01:11:46 pqutil INFO: 266240 20070427001303.878 EXP 000
NEXRAD4_KAPX_2007_04_27_000717.tar
Apr 27 01:11:46 pqutil INFO: 256000 20070427001304.531 EXP 000
NEXRAD4_KBGM_2007_04_27_000638.tar
Apr 27 01:11:47 pqutil INFO: 256000 20070427001305.184 EXP 000
NEXRAD4_KBIS_2007_04_27_000636.tar
^C
And that your system is logging to ~ldm/logs/ldmd.log:
[ldm@nopp ~]$ less ~ldm/logs/ldmd.log
Since the log file was empty, I knew that something was not working with
respect to logging.
To reverify this, I used the 'logger' system command:
logger -p local0.debug 'test of ldm logging'
If logging using syslog was working, this would have written 'test of ldm
logging' into
/usr/local/ldm/logs/ldmd.log; it did not.
I then checked to see if you had disabled SELINUX; you had. Strange... Is it
possible
that you did _not_ reboot after modifying /etc/selinux/config? This would
explain why
logging is not yet working. To test this I rebooted your machine... After it
came back
up, LDM logging works which implies that the machine had not been rebooted
after the
change to /etc/selinux/config.
Aside: Just so you know, before rebooting I tried modifying slightly the
/etc/syslog.conf
entry for LDM logging and moving it up in the file just to make sure that this
was not
the problem. My changes did not have any effect.
The next (and last) thing I did was investigate why you couldn't create a cron
file.
Since I am used to using the 'vi' editor, I defined the EDITOR environment
variable
in the ~ldm/.bash_profile file:
EDITOR=vi
export EDITOR
After logging off and then back on, I was able to create a cron file using
crontab -e
So, you are now in a position to create your crontab entries as per the LDM
instructions.
Comment: I see that your machine is quite capable: 8 64-bit processors; or 4
dual core
64-bit processors; or 4 processors with hyperthreading. Very nice!
Work left to be done:
1) setup automatic start of the LDM at boot time (follow the instructions in
the LDM webpages)
2) setup your pqact.conf to process the data you are ingesting
Please let me know if you would like help on setting up automatic LDM start on
(re)boot.
Cheers,
Tom
****************************************************************************
Unidata User Support UCAR Unidata Program
(303) 497-8642 P.O. Box 3000
address@hidden Boulder, CO 80307
----------------------------------------------------------------------------
Unidata HomePage http://www.unidata.ucar.edu
****************************************************************************
Ticket Details
===================
Ticket ID: NXJ-554265
Department: Support LDM
Priority: Normal
Status: Closed