== Verification of oneacct.centos7.x86_64-0.4.6 == === Ticket assigned === * [https://rt.egi.eu/rt/Ticket/Display.html?id=12887] === Install UMD4 repos === NOTE: EPEL already installed {{{ [root@fedcloud-services yum.repos.d]# pwd /etc/yum.repos.d [root@fedcloud-services yum.repos.d]# wget http://repository.egi.eu/sw/production/umd/4/repofiles/sl6/UMD-4-base.repo [root@fedcloud-services yum.repos.d]# wget http://repository.egi.eu/sw/production/umd/4/repofiles/sl6/UMD-4-updates.repo [root@fedcloud-services yum.repos.d]# wget http://repository.egi.eu/sw/production/cas/1/current/repo-files/EGI-trustanchors.repo [root@fedcloud-services ~]# rpm --import http://download.nordugrid.org/RPM-GPG-KEY-nordugrid [root@fedcloud-services ~]# rpm --import http://repository.egi.eu/sw/production/umd/UMD-RPM-PGP-KEY }}} === Oneacct repo and instalation === [root@fedcloud-services yum.repos.d]# pwd /etc/yum.repos.d [root@fedcloud-services yum.repos.d]# wget http://admin-repo.egi.eu/sw/unverified/cmd-one-1.cesnet.oneacct.centos7.x86_64/0/4/6/repofiles/CESNET.oneacct.centos7.x86_64.repo [root@fedcloud-services yum.repos.d]# cat CESNET.oneacct.centos7.x86_64.repo {{{ # EGI Software Repository - REPO META (releaseId,repositoryId,repofileId) - (12887,2370,2324) [CESNET.oneacct.centos7.x86_64] name=CESNET.oneacct.centos7.x86_64 baseurl=http://admin-repo.egi.eu/sw/unverified/cmd-one-1.cesnet.oneacct.centos7.x86_64/0/4/6/ enabled=1 protect=1 priority=1 gpgcheck=1 gpgkey=http://repository.egi.eu/sw/production/umd/UMD-RPM-PGP-KEY }}} {{{ [root@fedcloud-services ~]# yum clean all; yum install oneacct-export [.....] Complete! }}} === Oneacct configuration === {{{ [root@fedcloud-services ~]# cat /etc/oneacct-export/conf.yml --- defaults: &defaults output: output_dir: /var/spool/apel/outgoing/00000000 # Directory for outgoing messages output_type: apel-0.4 # Format of outgoing messages. Choices are: apel-0.2, apel-0.4, pbs-0.1, logstash-0.1 num_of_vms_per_file: 500 # Maximum number of virtual machine records per one output file apel: # Options for apel output format site_name: CESGA # Usually a short provider name, e.g. CESNET cloud_type: OpenNebula # CMF type, only OpenNebula is supported endpoint: https://fedcloud-services.egi.cesga.es:11443/ # URL of your OCCI endpoint, e.g. https://fqdn.example.com:11443/ # cloud_compute_service: # Name identifying cloud resource within the site. Allows multiple cloud resources within a site. i.e. a level of granularity. pbs: # Options for pbs output format realm: REALM # Owner's realm, e.g. META queue: cloud # Queue name scratch_type: local # Data store type host_identifier: fedcloud-one.egi.cesga.es # Identifier for host OpenNebula is running on logstash: # Options for logstash output format host: fedcloud-one.egi.cesga.es # Host OpenNebula is running on port: 11443 # Port OpenNebula's RPC is listening on logging: log_type: file # Two options: file, syslog. Defaults to stdout log_file: /var/log/oneacct-export/oneacct-export.log # Used when type file selected xml_rpc: secret: oneadmin:macetasobrepinoverde # If not specified looking for secret in ONE_AUTH and ~/.one/one_auth endpoint: http://fedcloud-one.egi.cesga.es:2633/RPC2 # Defaults to content of ONE_XMLRPC or content of ~/.one/one_endpoint or http://localhost:2633/RPC2 redis: namespace: oneacct_export # Namespace used by redis for sidekiq jobs url: redis://localhost:6379 # URL of redis server, defaults to redis://localhost:6379 password: # Password to access redis server if needed sidekiq: queue: oneacct_export # Name of the redis queue used by sidekiq, must match sidekiq.yml configuration ############################################### ####### DO NOT EDIT AFTER THIS POINT ######## ############################################### [.....] }}} (!) A little hack is necessary: {{{ [root@fedcloud-services ~]# diff /etc/rc.d/init.d/oneacct-export-sidekiq /etc/rc.d/init.d/oneacct-export-sidekiq.original 57,58d56 < ## line added RDIEZ < mkdir -p "$run_dir" }}} {{{ [root@fedcloud-services ~]# chkconfig --add oneacct-export-sidekiq [root@fedcloud-services ~]# chkconfig --add oneacct-export-cron [root@fedcloud-services ~]# systemctl enable redis [root@fedcloud-services ~]# systemctl start redis [root@fedcloud-services ~]# /etc/init.d/oneacct-export-sidekiq start [root@fedcloud-services ~]# /etc/init.d/oneacct-export-cron start [root@fedcloud-services ~]# systemctl status redis ● redis.service - Redis persistent key-value database Loaded: loaded (/usr/lib/systemd/system/redis.service; enabled; vendor preset: disabled) Drop-In: /etc/systemd/system/redis.service.d └─limit.conf Active: active (running) since lun 2017-03-20 16:16:37 CET; 1 weeks 3 days ago Main PID: 1111 (redis-server) CGroup: /system.slice/redis.service └─1111 /usr/bin/redis-server 127.0.0.1:6379 }}} === Testing === Let see if accounting data is producced without errors: {{{ [root@fedcloud-services ~]# ls /var/spool/apel/outgoing/00000000/ [root@fedcloud-services ~]# sudo -u apel /usr/bin/oneacct-export-cron [root@fedcloud-services ~]# ls /var/spool/apel/outgoing/00000000/ 00000000000001 00000000000002 00000000000003 }}} === Finding world-writable files in the packages contents === {{{ [root@fedcloud-services ~]# rpm -qalv | egrep "^[-d]([-r][-w][-xs]){2}[-r]w" drwxrwxrwt 2 root root 0 nov 5 2016 /tmp drwxrwxrwt 2 root root 0 nov 5 2016 /var/tmp }}}