== Verification of apel-ssm.centos7.x86_64-2.1.7 == === Ticket assigned === * [https://rt.egi.eu/rt/Ticket/Display.html?id=13175] === Install UMD4 repos === NOTE: EPEL already installed {{{ [root@fedcloud-services yum.repos.d]# pwd /etc/yum.repos.d [root@fedcloud-services yum.repos.d]# wget http://repository.egi.eu/sw/production/umd/4/repofiles/sl6/UMD-4-base.repo [root@fedcloud-services yum.repos.d]# wget http://repository.egi.eu/sw/production/umd/4/repofiles/sl6/UMD-4-updates.repo [root@fedcloud-services yum.repos.d]# wget http://repository.egi.eu/sw/production/cas/1/current/repo-files/EGI-trustanchors.repo [root@fedcloud-services ~]# rpm --import http://download.nordugrid.org/RPM-GPG-KEY-nordugrid [root@fedcloud-services ~]# rpm --import http://repository.egi.eu/sw/production/umd/UMD-RPM-PGP-KEY }}} === apel-ssm repo and instalation === {{{ [root@fedcloud-services yum.repos.d]# pwd /etc/yum.repos.d [root@fedcloud-services yum.repos.d]# wget http://admin-repo.egi.eu/sw/unverified/cmd-one-1.apel.apel-ssm.centos7.x86_64/2/1/7/repofiles/APEL.apel-ssm.centos7.x86_64.repo [root@fedcloud-services yum.repos.d]# cat APEL.apel-ssm.centos7.x86_64.repo # EGI Software Repository - REPO META (releaseId,repositoryId,repofileId) - (13175,2423,2378) [APEL.apel-ssm.centos7.x86_64] name=APEL.apel-ssm.centos7.x86_64 baseurl=http://admin-repo.egi.eu/sw/unverified/cmd-one-1.apel.apel-ssm.centos7.x86_64/2/1/7/ enabled=1 protect=1 priority=1 gpgcheck=1 gpgkey=http://repository.egi.eu/sw/production/umd/UMD-RPM-PGP-KEY }}} {{{ [root@fedcloud-services yum.repos.d]# LC_ALL=C yum install apel-ssm [.....] Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: apel-ssm noarch 2.1.7-1.el7 APEL.apel-ssm.centos7.x86_64 31 k Installing for dependencies: python-daemon noarch 1.6-4.el7 epel 26 k python-dirq noarch 1.7.1-1.el7 epel 50 k python-lockfile noarch 1:0.9.1-4.el7.centos extras 28 k stomppy noarch 3.1.6-2.el7 epel 48 k Transaction Summary ================================================================================ Install 1 Package (+4 Dependent packages) Total download size: 183 k Installed size: 586 k Is this ok [y/d/N]: y [.....] Complete! }}} === apel-ssm configuration === {{{ [root@fedcloud-services ~]# cat /etc/apel/sender.cfg ################################################################################ # Required: broker configuration options # [broker] # The SSM will query a BDII to find brokers available. These details are for the # EGI production broker network bdii: ldap://lcg-bdii.cern.ch:2170 network: PROD # OR (these details will only be used if the broker network settings aren't used) #host: test-msg01.afroditi.hellasgrid.gr #port: 6163 # broker authentication. If use_ssl is set, the certificates configured # in the mandatory [certificates] section will be used. #RDIEZ # use_ssl: true use_ssl: false ################################################################################ # Required: Certificate configuration [certificates] certificate: /etc/grid-security/hostcert.pem key: /etc/grid-security/hostkey-apel.pem capath: /etc/grid-security/certificates # If this is supplied, outgoing messages will be encrypted # using this certificate #server_cert: /etc/grid-security/servercert.pem ################################################################################ # Messaging configuration. # [messaging] # Queue to which SSM will send messages ##RDIEZ# destination: destination: /queue/global.accounting.test.cloud.central # Outgoing messages will be read and removed from this directory. path: /var/spool/apel/outgoing [logging] logfile: /var/log/apel/ssmsend.log # Available logging levels: # DEBUG, INFO, WARN, ERROR, CRITICAL level: INFO console: true }}} (!) be careful and check the permissions and filenames for your server certificate Create a cron job for sending: {{{ [root@fedcloud-services ~]# cat /etc/cron.d/ssmsend ## for apel-ssm service: ### sugerido Por Boris para la nueva version: */30 * * * * apel /usr/bin/ssmsend }}} Finally, some permissions and owners must be fixed: {{{ [root@fedcloud-services ~]# chmod 755 /var/lib/apel; chown apel.apel /var/lib/apel [root@fedcloud-services ~]# ls -ld /var/lib/apel drwxr-xr-x. 2 apel apel 4096 mar 20 15:50 /var/lib/apel [root@fedcloud-services ~]# touch /var/log/apel/ssmsend.log [root@fedcloud-services ~]# chown apel. /var/log/apel/ssmsend.log }}} === Testing === First, lets produce accountig data: {{{ [root@fedcloud-services ~]# ls /var/spool/apel/outgoing/00000000/ [root@fedcloud-services ~]# sudo -u apel /usr/bin/oneacct-export-cron [root@fedcloud-services ~]# ls /var/spool/apel/outgoing/00000000/ 00000000000001 00000000000002 00000000000003 00000000000004 00000000000005 }}} And now we can try to send accounting data: {{{ [root@fedcloud-services ~]# sudo -u apel /usr/bin/ssmsend 2017-07-07 14:41:42,641 - ssmsend - INFO - ======================================== 2017-07-07 14:41:42,641 - ssmsend - INFO - Starting sending SSM version 2.1.7. 2017-07-07 14:41:42,641 - ssmsend - INFO - Retrieving broker details from ldap://lcg-bdii.cern.ch:2170 ... 2017-07-07 14:41:42,900 - ssmsend - INFO - Found 2 brokers. 2017-07-07 14:41:42,901 - ssmsend - INFO - No server certificate supplied. Will not encrypt messages. 2017-07-07 14:41:42,996 - stomp.py - INFO - Established connection to host mq.cro-ngi.hr, port 6163 2017-07-07 14:41:43,056 - ssm.ssm2 - INFO - Connected. 2017-07-07 14:41:43,057 - ssm.ssm2 - INFO - Will send messages to: /queue/global.accounting.test.cloud.central 2017-07-07 14:41:43,057 - ssm.ssm2 - INFO - Found 5 messages. 2017-07-07 14:41:43,057 - ssm.ssm2 - INFO - Sending message: 00000000/00000000000001 2017-07-07 14:41:43,070 - ssm.ssm2 - INFO - Waiting for broker to accept message. 2017-07-07 14:41:43,129 - ssm.ssm2 - INFO - Broker received message: 00000000/00000000000001 2017-07-07 14:41:43,171 - ssm.ssm2 - INFO - Sending message: 00000000/00000000000002 2017-07-07 14:41:43,185 - ssm.ssm2 - INFO - Waiting for broker to accept message. 2017-07-07 14:41:43,244 - ssm.ssm2 - INFO - Broker received message: 00000000/00000000000002 2017-07-07 14:41:43,286 - ssm.ssm2 - INFO - Sending message: 00000000/00000000000003 2017-07-07 14:41:43,418 - ssm.ssm2 - INFO - Waiting for broker to accept message. 2017-07-07 14:41:43,536 - ssm.ssm2 - INFO - Broker received message: 00000000/00000000000003 2017-07-07 14:41:43,619 - ssm.ssm2 - INFO - Sending message: 00000000/00000000000004 2017-07-07 14:41:43,700 - ssm.ssm2 - INFO - Waiting for broker to accept message. 2017-07-07 14:41:44,050 - ssm.ssm2 - INFO - Broker received message: 00000000/00000000000004 2017-07-07 14:41:44,102 - ssm.ssm2 - INFO - Sending message: 00000000/00000000000005 2017-07-07 14:41:44,122 - ssm.ssm2 - INFO - Waiting for broker to accept message. 2017-07-07 14:41:44,471 - ssm.ssm2 - INFO - Broker received message: 00000000/00000000000005 2017-07-07 14:41:44,524 - ssm.ssm2 - INFO - Tidying message directory. 2017-07-07 14:41:44,524 - ssmsend - INFO - SSM run has finished. 2017-07-07 14:41:44,525 - ssm.ssm2 - INFO - SSM connection ended. 2017-07-07 14:41:44,525 - ssmsend - INFO - SSM has shut down. 2017-07-07 14:41:44,525 - ssmsend - INFO - ======================================== [root@fedcloud-services ~]# ls /var/spool/apel/outgoing/00000000/ }}} === Finding world-writable files in the packages contents === {{{ [root@fedcloud-services ~]# rpm -qalv | egrep "^[-d]([-r][-w][-xs]){2}[-r]w" drwxrwxrwt 2 root root 0 nov 5 2016 /tmp drwxrwxrwt 2 root root 0 nov 5 2016 /var/tmp }}}