Background

It is a requirement of SLAC's security policy to keep as little number of ports open as possible on its perfSONAR machines. Therefore a group of XML based services can be instructed to listen on one port only instead of using a separate port for each. Services and ports in original configuration:

  • snmp-MA uses port 8065
  • PingER uses port 8075
  • perfSONARBUOY (pSB) uses 8085
  • LookupService (hLS) uses 8095

Services and ports in modified configuration:

  • snmp-MA, PingER, pSB and hLS should all listen on lets say 8075

The steps to do so are described below:

Step 1. Create an init script

Browse to /etc/init.d/ and copy an existing script (say snmpMA.sh) to ps-universal.sh. That init script will be responsible for starting up a single instance of the daemon that will handle all the services. Open the script and modify the TOOL_EXE to be something like:

TOOL_EXE="perl -I /usr/local/perfSONAR-PS/perfSONAR_PS-PingER/lib -I /usr/local/perfSONAR-PS/perfSONAR_PS-perfSONARBUOY/lib -I /usr/local/perfSONAR-PS/perfSONAR_PS-SNMPMA/lib -I /usr/local/perfSONAR-PS/perfSONAR_PS-LookupService/lib /usr/local/perfSONAR-PS/Shared/scripts/perfsonar-daemon.pl"

Also change TOOL_CONF and TOOL_LOGGER to tell the init script to point to the "combined.conf" and "combined_logger.conf" files.

/etc/init.d/ps-universal.sh
TOOL_CONF=${CONF_PREFIX}/combined.conf
TOOL_LOGGER=${CONF_PREFIX}/combined_logger.conf

And change TOOL for message display purposes:

/etc/init.d/ps-universal.sh
TOOL="Services"

Sample ps-universal.sh script attached.

Step 2. Creating conf files

Browse now to /usr/local/etc/perfSONAR/ and do a concatenate to merge all conf files into one so that the script can read configurations for all four services from a single file:

/usr/local/etc/perfSONAR/combined.conf
cat /usr/local/etc/perfSONAR/*conf > /usr/local/etc/perfSONAR/combined.conf

Then go through and remove duplicate entries at the top-level, e.g. you'll have "disable_echo 0" in there repeatedly. Note: this does not apply to anything inside an <endpoint> block. Also, remove the extraneous <port> entries so that all the endpoint elements are under a single port entry. Modify the <port> tag so that it now reads <port 8075> or whatever port number you may want to use. Also change ls_instance port to the port number you are using (8075 in this case). Since this can be confusing, I am attaching a working sample for combined.conf.

One more conf file defined in the ps-universal.sh was the logger configuration file (also attaching) combined_logger.conf.

Step 3. Test run the script

Make sure that the services aren't already started. If so then stop them using the following commands:

/etc/init.d
/etc/init.d/PingER.sh stop
/etc/init.d/snmpMA.sh stop
/etc/init.d/pSB.sh stop
/etc/init.d/hLS.sh stop

Once done see whether any services running on 8065, 8075, 8085 and 8095 (just to make sure) using netstat or telnet. Resume testing by executing the services using the following command:

/etc/init.d
/etc/init.d/ps-universal.sh start

Step 4. Make changes stick after reboot.

Making changes stick after reboot is a bit tricky. Not only you want to start services but you shall also be able to stop the startup of services on other ports. The default behavior of services returns on each reboot since the Knoppix disk reloads part of the scripts and data. Thus we have to disable such behavior.

Since these scripts (PingER.sh, snmpMA.sh, etc) use conf files on reboot and Knoppix disk replaces these conf files, we just have to make sure we replace these conf files once more after the disk does. The hack is to copy pre-edited conf files into the "/usr/local/etc/perfSONAR" so that when services try to start, they simply can't. And these pre-edited conf files shall all have the same single port number as you want (8075 in this case).

So first create a file "knoppix.local.sh" if already not created in "/mnt/store" and add the following lines. The script is also attached knoppix.local.sh

/mnt/store/knoppix.local.sh
#!/bin/bash

# symbolic link to perfSONAR universal script
ln -s /etc/init.d/ps-universal.sh /etc/rc3.d/S18perfsonar.sh
ln -s /etc/init.d/mysql /etc/rc3.d/S17mysq.sh

# copy "port 8075" conf files to /usr/local/etc/perfSONAR
# so that services deliberately fail to launch
# since we have already launched these
cp /mnt/store/ps-confs/*.conf /usr/local/etc/perfSONAR/

Now create a directory "/mnt/store/ps-confs" and copy all modified conf files (with all port and arguments as 8075 and ls_instance value 8075).

/mnt/store/ps-confs/PingER.conf or pSB_MA.conf or SNMP_MA.conf or hLS.conf
..
<port 8075>
..
  ..
    ..
      ls_instance     http://localhost:8075/perfSONAR_PS/services/hLS
    ..
  ..
..
</port>
..
ls_instance     http://locahost:8075/perfSONAR_PS/services/hLS
..

Samples attached: PingER.sh, pSB.conf, hLS.conf and SNMP_MA.conf

To test reboot the system and try netstat or telnet to see whether this works.

Step 5. Credits.

I can't thank Aaron Brown (of Internet2) enough for continuous support and help! Thanks Aaron. (smile)

  • No labels