[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[LDM #NXJ-554265]: LDM setup questions

This archive contains answers to questions sent to Unidata support through mid-2025. Note that the archive is no longer being updated. We provide the archive for reference; many of the answers presented here remain technically correct, even if somewhat outdated. For the most up-to-date information on the use of NSF Unidata software and data services, please consult the Software Documentation first.
Subject: [LDM #NXJ-554265]: LDM setup questions
Date: Thu, 26 Apr 2007 18:49:57 -0600
Hi Yoori,

OK.  Our quick shutting down of your firewall allowed me to SSH to your machine.
As I mentioned on the phone, I immediately became 'root' and then restarted
the firewall.  The total time the firewall was off was on the order of 15 
seconds
so I think we are OK securitywise.

The first thing I did was to tweek the firewall settings in 
/etc/sysconfig/iptables.
After making the changes that you can see, I restarted the firewall using:

/etc/init.d/iptables restart

I then verified that I could create another SSH login to your machine.

Since I want to make absolutely sure that your machine is secure, I am running
'nmap -sS nopp.cae.drexel.edu' from a Linux machine here at Unidata.  This 
probes your
machine to see what ports are open.

This returned the following:

[root@yakov sysconfig]# nmap -sS nopp.cae.drexel.edu

Starting Nmap 4.03 ( http://www.insecure.org/nmap/ ) at 2007-04-26 17:59 MDT
Interesting ports on nopp.cae.drexel.edu (129.25.60.58):
(The 1671 ports scanned but not shown below are in state: filtered)
PORT    STATE  SERVICE
22/tcp  open   ssh
112/tcp closed mcidas
388/tcp closed unidata-ldm

Nmap finished: 1 IP address (1 host up) scanned in 1704.146 seconds

This list matches what we would expect from the settings in 
/etc/sysconfig/iptables,
so there are no security holes! We can adjust your firewall setup as needed 
after the
LDM installation is finished.

While continuing as 'root', I decided to check on the configuration settings for
/etc/syslog.conf, /etc/rpc, and /etc/services.  I found that you had configured
/etc/syslog.conf correctly, but you had not yet done /etc/rpc or /etc/services.
I went ahead and configured these for you:

/etc/services:
# Local services
ldm             388/tcp         ldmd            # Unidata LDM-6

/etc/rpc:
ldm             300029  ldmd


As for your LDM installation... here is what I found:

1) you correctly created a runtime link in /usr/local/ldm pointing at your LDM
   installation:

ls -alt ~ldm/runtime
lrwxrwxrwx  1 ldm ldm 9 Apr 25 14:48 /usr/local/ldm/runtime -> ldm-6.6.3

   Missing, however, was the runtime links for bin, src, etc.  I found that
   there was an extraneous soft link in the ~ldm/ldm-6.6.3 directory:

[ldm@nopp runtime]$ ls -alt
total 60
drwx------  19 ldm ldm 4096 Apr 26 19:28 ..
drwxrwxr-x   7 ldm ldm 4096 Apr 26 11:25 .
lrwxrwxrwx   1 ldm ldm    9 Apr 26 11:25 ldm-6.6.3 -> ldm-6.6.3
drwxr-xr-x  29 ldm ldm 4096 Apr 26 11:19 src
drwxrwxr-x   2 ldm ldm 4096 Apr 26 11:19 bin
drwxrwxr-x   2 ldm ldm 4096 Apr 24 14:05 include
drwxrwxr-x   4 ldm ldm 4096 Apr 24 14:05 man
drwxrwxr-x   2 ldm ldm 4096 Apr 24 14:05 lib

   I removed this bad link and then made the needed runtime links from the ~ldm 
directory:

cd ~ldm/runtime
rm ldm-6.6.3

cd ~ldm
ln -s runtime/* .

   Now, you have a full and proper set of soft links in the ~ldm directory:

[ldm@nopp ~]$ ls -alt
total 988
drwxrwxr-x   7 ldm  ldm    4096 Apr 26 19:28 ldm-6.6.3
drwx------  19 ldm  ldm    4096 Apr 26 19:28 .
lrwxrwxrwx   1 ldm  ldm      11 Apr 26 19:28 bin -> runtime/bin
lrwxrwxrwx   1 ldm  ldm      15 Apr 26 19:28 include -> runtime/include
lrwxrwxrwx   1 ldm  ldm      11 Apr 26 19:28 lib -> runtime/lib
lrwxrwxrwx   1 ldm  ldm      11 Apr 26 19:28 man -> runtime/man
lrwxrwxrwx   1 ldm  ldm      11 Apr 26 19:28 src -> runtime/src

   And, after making these links, 'ldmadmin can be found':

[ldm@nopp ~]$ which ldmadmin
~/bin/ldmadmin

2) I see that you created 'data' and 'logs' subdirectories of /usr/local/ldm,
   good.  In order to make your setup a bit more like most, I make the following
   change:

[ldm@nopp ~]$ rmdir logs
[ldm@nopp ~]$ mkdir data/logs
[ldm@nopp ~]$ ln -s data/logs logs
[ldm@nopp ~]$ touch logs/ldmd.log

3) I reviewed your configuration of ~ldm/etc/ldmd.conf.  Even though everything
   was correct, I moved your request lines from just after the EXEC of pqact
   to the section of the file where example REQUEST lines are kept.  This
   was _not_ needed, but it made the contents of the file more readable (i.e.,
   put all EXEC actions in one place; all REQUEST actions in one place; and
   all ALLOW actions in one place).

4) I notice that you do not have any actions in ~ldm/etc/pqact.conf that will
   process the NEXRAD4 data you will be requesting from 
mapserver.unidata.ucar.edu.

5) I took the liberty of increasing the size of your LDM queue from the default
   400 MB (400M) to 1 Gb (1G) in ~ldm/etc/ldmadmin-pl.conf

After making the above changes, I created the LDM product queue:

[ldm@nopp ~]$ ldmadmin mkqueue -f

I then checked the LDM configuration:

[ldm@nopp ~]$ ldmadmin config

hostname:      nopp.cae.drexel.edu
os:            Linux
release:       2.6.9-42.0.10.ELsmp
ldmhome:       /usr/local/ldm
bin path:      /usr/local/ldm/bin
conf file:     /usr/local/ldm/etc/ldmd.conf
log file:      /usr/local/ldm/logs/ldmd.log
numlogs:       7
log_rotate:    1
data path:     /usr/local/ldm/data
product queue: /usr/local/ldm/data/ldm.pq
queue size:    1G bytes
queue slots:   default
IP address:    all
port:          388
PID file:      /usr/local/ldm/ldmd.pid
LDMHOSTNAME:   nopp.cae.drexel.edu
PATH:          
/usr/local/ldm/bin:/bin:/usr/bin:/usr/sbin:/sbin:/usr/ucb:/usr/usb:/usr/etc:/etc:/usr/kerberos/bin:/usr/local/bin:/bin:/usr/bin:/usr/X11R6/bin:/usr/local/ldm/bin

So far, everything looks good!

Next, I started the LDM ingesting data from mapserver.unidata.ucar.edu:

[ldm@nopp ~]$ ldmadmin start
The product-queue is OK.
/usr/local/ldm/etc/pqact.conf is syntactically correct
Starting the LDM server...

Next, I verified that you are receiving data:

[ldm@nopp ~]$ ldmadmin watch
(Type ^D when finished)
Apr 27 01:11:46 pqutil INFO:   194560 20070427001303.222     EXP 000  
NEXRAD4_KAKQ_2007_04_27_000641.tar
Apr 27 01:11:46 pqutil INFO:   266240 20070427001303.878     EXP 000  
NEXRAD4_KAPX_2007_04_27_000717.tar
Apr 27 01:11:46 pqutil INFO:   256000 20070427001304.531     EXP 000  
NEXRAD4_KBGM_2007_04_27_000638.tar
Apr 27 01:11:47 pqutil INFO:   256000 20070427001305.184     EXP 000  
NEXRAD4_KBIS_2007_04_27_000636.tar
^C

And that your system is logging to ~ldm/logs/ldmd.log:
[ldm@nopp ~]$ less ~ldm/logs/ldmd.log

Since the log file was empty, I knew that something was not working with 
respect to logging.
To reverify this, I used the 'logger' system command:

logger -p local0.debug 'test of ldm logging'

If logging using syslog was working, this would have written 'test of ldm 
logging' into
/usr/local/ldm/logs/ldmd.log; it did not.

I then checked to see if you had disabled SELINUX; you had.  Strange...  Is it 
possible
that you did _not_ reboot after modifying /etc/selinux/config?  This would 
explain why
logging is not yet working.  To test this I rebooted your machine...  After it 
came back
up, LDM logging works which implies that the machine had not been rebooted 
after the
change to /etc/selinux/config.

Aside: Just so you know, before rebooting I tried modifying slightly the 
/etc/syslog.conf
entry for LDM logging and moving it up in the file just to make sure that this 
was not
the problem.  My changes did not have any effect.


The next (and last) thing I did was investigate why you couldn't create a cron 
file.
Since I am used to using the 'vi' editor, I defined the EDITOR environment 
variable
in the ~ldm/.bash_profile file:

EDITOR=vi
export EDITOR

After logging off and then back on, I was able to create a cron file using

crontab -e

So, you are now in a position to create your crontab entries as per the LDM 
instructions.

Comment:  I see that your machine is quite capable: 8 64-bit processors; or 4 
dual core
64-bit processors; or 4 processors with hyperthreading.  Very nice!

Work left to be done:

1) setup automatic start of the LDM at boot time (follow the instructions in 
the LDM webpages)
2) setup your pqact.conf to process the data you are ingesting

Please let me know if you would like help on setting up automatic LDM start on 
(re)boot.

Cheers,

Tom
****************************************************************************
Unidata User Support                                    UCAR Unidata Program
(303) 497-8642                                                 P.O. Box 3000
address@hidden                                   Boulder, CO 80307
----------------------------------------------------------------------------
Unidata HomePage                       http://www.unidata.ucar.edu
****************************************************************************


Ticket Details
===================
Ticket ID: NXJ-554265
Department: Support LDM
Priority: Normal
Status: Closed
Prev by Date: [LDM #FBV-178390]: LDM not talking
Next by Date: [LDM #FBV-178390]: LDM not talking
Previous by thread: [LDM #NXJ-554265]: LDM setup questions
Next by thread: [LDM #NXJ-554265]: LDM setup questions
Index(es):
- Date
- Thread