Warden FAQ¶

Table of contents
Warden FAQ

Toto FAQ byl vytvořeno pro pomoc uživatelům se systémem Warden. Informace v něm jsou poskytovány uživateli a vývojáři na principu best effort. Nemusejí být tedy vždy nejaktuálnější, nebo se nemusejí vztahovat k nejnovějším verzím operačních systémů. Pokud můžete FAQ jakkoliv doplnit, prosím, kontaktujte nás na emailu:

Jakub Cegan <cegan@ics.muni.cz>
Tomas Plesnik <plesnik@ics.muni.cz>
Jan Soukal <soukal@ics.muni.cz>

Upgrade systemu Warden na produkcnim serveru warden.cesnet.cz¶

Tento postup je sepsan pro upgrade z verze 2.0 na 2.1. Pred samotnym upgrade byl na produkcni server nainstalovan Warden 2.1 do adresare /opt/warden-server-2.1/warden-server, spusten na portu 4443 a napojen na separatni databazi warden21. Nove nasinstalovany server byl otestovan zdali funguje.

Postup pro upgrade serveru:¶

vypnuti Apache serveru
```
# /etc/init.d/apache2 stop
```

upravit konfiguraci Warden serveru 2.1 na databazi 'warden' z 'warden21'

# vim /opt/warden-server-2.1/warden-server/etc/warden-server.conf

     $DB_NAME = "warden";

přehození portu pro verzi 2.1 z 4443 na 443 a zrušení virtuálu 2.0 na 443

záloha tabulek v databazi warden

mysql> use warden;
mysql> create table events20 select * from warden.events;
mysql> create table clients20 select * from warden.clients;

upgrade databazoveho schematu

$ mysql -h localhost -u root -p warden < /opt/warden-server-2.1/warden-server/doc/warden20to21.patch

spusteni Apache serveru
```
# /etc/init.d/apache2 start
```
nastaveni symlinku pro skripty z /opt/warden-server-2.1/warden-server/bin do /usr/local/bin

Postup pro rollback v pripade selhani updatu¶

vypnuti Apache serveru
```
# /etc/init.d/apache2 stop
```

obnoveni puvodnich tabulek ze zalohy

mysql> use warden;
mysql> drop table events;
mysql> drop table clients;
mysql> create table events select * from warden.events20;
mysql> create table clients select * from warden.clients20;

přehození portu verze 2.1 zpátky z 443 na 4443, povolení virtuálu 2.0 na 443
spusteni Apache serveru
```
# /etc/init.d/apache2 start
```

Instalace systemu Warden pod systémem Debian¶

Instalace Warden klienta¶

1. Instalace zavislosti

$ sudo apt-get install libsoap-lite-perl libio-socket-ssl-perl perl-modules libdatetime-perl

2. Instalace Warden klienta

$ wget https://homeproj.cesnet.cz/projects/warden/repository/revisions/master/changes/packages/warden-client-1.0.0.tar.gz
$ wget https://homeproj.cesnet.cz/projects/warden/repository/revisions/master/changes/packages/warden-client-1.0.0.tar.gz.sig

$ sha1sum -c warden-client-1.0.0.tar.gz.sig
$ tar xzvf warden-client-1.0.0.tar.gz

$ cd warden-client-1.0.0
# ./install.sh -d /opt -u <user> -k <path_to_ssl_key_file>/server.key -c <path_to_ssl_certificate>/server.pem -a <path_to_ca_certificate>/ca.pem

3. Update Warden klienta

$ wget https://homeproj.cesnet.cz/projects/warden/repository/revisions/master/changes/packages/warden-client-1.1.0.tar.gz
$ wget https://homeproj.cesnet.cz/projects/warden/repository/revisions/master/changes/packages/warden-client-1.1.0.tar.gz.sig

$ sha1sum -c warden-client-1.1.0.tar.gz.sig
$ tar xzvf warden-client-1.1.0.tar.gz

$ cd warden-client-1.1.0
# ./update.sh -d /opt

4. Odinstalace Warden klienta

# /opt/warden-client/uninstall.sh -d /opt

Instalace Warden serveru¶

1. Instalace pomocnych baliku

$ sudo apt-get install libsoap-lite-perl libio-socket-ssl-perl perl-modules libfile-pid-perl libdbi-perl sqlite3 libdbd-sqlite3-perl libformat-human-bytes-perl libnet-cidr-lite-perl libdatetime-perl libsys-syslog-perl

2. Instalace Warden serveru

$ wget https://homeproj.cesnet.cz/projects/warden/repository/revisions/master/changes/packages/warden-server-1.0.0.tar.gz
$ wget https://homeproj.cesnet.cz/projects/warden/repository/revisions/master/changes/packages/warden-server-1.0.0.tar.gz.sig

$ sha1sum -c warden-server-1.0.0.tar.gz.sig
$ tar xzvf warden-server-1.0.0.tar.gz

$ cd warden-server-1.0.0
# ./install.sh -d /opt -k <path_to_ssl_key_file>/server.key -c <path_to_ssl_certificate>/server.pem -a <path_to_ca_certificate>/ca.pem

3. Update Warden serveru

$ wget https://homeproj.cesnet.cz/projects/warden/repository/revisions/master/changes/packages/warden-server-1.1.0.tar.gz
$ wget https://homeproj.cesnet.cz/projects/warden/repository/revisions/master/changes/packages/warden-server-1.1.0.tar.gz.sig

$ sha1sum -c warden-server-1.1.0.tar.gz.sig
$ tar xzvf warden-server-1.1.0.tar.gz

$ cd warden-server-1.1.0
# ./update.sh -d /opt -- JESTE NENI

4. Odinstalace Warden serveru

# /opt/warden-server/uninstall.sh -d /opt

Instalace Warden klienta pod systémem CentOS¶

Provoz Warden serveru¶

Pristup do MySQL databaze Warden server¶

$ mysql -u root -h localhost -p

mysql> use warden;

heslo je k nalezeni v konfiguracnim souboru /opt/warden-server/etc/warden-server.conf

Ovladani warden serveru¶

$ sudo /etc/init.d/apache2 {start|stop|graceful-stop|restart|reload|force-reload|start-htcacheclean|stop-htcacheclean|status}

Seznam prihlasenych klientu¶

$ sudo /opt/warden-server/bin/getClients.pl

Zjisteni stavu serveru¶

$ sudo /opt/warden-server/bin/getStatus.pl

Registrace odesilajiciho klienta¶

$ sudo /opt/warden-server/bin/registerSender.pl -n <hostname> -r <requestor> -s <service_name> -d <description_tags> -i <IP or subnet>

Registrace prijimajiciho klienta¶

$ sudo /opt/warden-server/bin/registerReceiver.pl -n <hostname> -r <requestor> -t <events_type> -o -i <IP or subnet>

-o -> enable receiving of own events

Zruseni registrace klienta¶

$ sudo /opt/warden-server/bin/unregisterClient.pl -i <id>

Pocet prijatych udalosti za sekundu¶

sqlite3 warden/warden-server/var/warden.db 'select received from events;' | sort | uniq -c | sort -n -r | less

Seznam a pocet prijatych typu udalosti¶

sqlite3 /opt/warden-server/var/warden.db "select type, count(type) from events group by type"

Nagios plugin¶

Skript kontrolujici beh Warden serveru pro system Nagios.

#!/usr/bin/perl

my $rv =  `ps aux | grep "/usr/bin/perl -w /opt/warden-server/bin/warden-server.pl" | grep -v grep | grep -v process-alive | wc -l`;
if ($rv) {
    print "WARDEN OK: Warden server is running\n";
}
else {
    print "WARDEN CRITICAL: Warden server is not running\n";
};

Zjisteni verze Perl baliku¶

perl -MSOAP::Lite -e 'print "$SOAP::Lite::VERSION\n"'

Převod času do formátu UTC¶

Převod z Unix time do UTC¶

use DateTime;
my $dt = DateTime->from_epoch(epoch => $epoch);

Tipy, triky a prusery¶

Nastaveni GIT klienta¶

Nataveni klienta se provadi pomoci editace souboru /home/user/.gitconfig

$ git config --global user.name "Jmeno a Prijmeni" 
$ git config --global user.email <prijmeni>@ics.muni.cz

$ git config --global color.diff auto
$ git config --global color.status auto
$ git config --global color.branch auto

Stazeni Warden GITu¶

$ git clone [username]@homeproj.cesnet.cz:warden

[username] je Váš cesnetí login. Autentizace je v případě SSH obrácená proti cesnetímu LDAPu, případně můžete na mail <jan.mach@cesnet.cz> poslat veřejnou část svého SSH klíče.

not well-formed (invalid token) at line 1, column 3, byte 3 at /usr/lib/perl5/XML/Parser.pm line 187¶

Tento problem je zpusoben tim, ze klient nema pravo ke cteni SSL certifikatu nebo klice. Reseni problemu spociva ve spravnem nastaveni prav pro pristup k SSL certifikatu a klici.

$ ./sender.pl

not well-formed (invalid token) at line 1, column 3, byte 3 at /usr/lib/perl5/XML/Parser.pm line 187
Received data: Can't connect to warden-dev.cesnet.cz:443

Illegal field name 'APR::Table=HASH' at /usr/share/perl5/SOAP/Transport/HTTP.pm line 799¶

Tento problem je zpusobovan novou verzi modulu HTTP::Headers (6.05), pri ktere server vraci '500 - Internal server
error' a v ssl logu '/var/log/apache2/error_ssl.log' se objevuje chybova hlaska:

Illegal field name 'APR::Table=HASH(0x2b37b2768718)' at /usr/share/perl5/SOAP/Transport/HTTP.pm line 799

Informace o modulu HTTP::Headers (6.05):

cpan[1]> i HTTP::Headers
CPAN: Storable loaded ok (v2.20)
Going to read '/root/.cpan/Metadata'
  Database was generated on Wed, 12 Dec 2012 14:07:03 GMT
Module id = HTTP::Headers
    DESCRIPTION  Class encapsulating HTTP Message headers
    CPAN_USERID  LWWWP (The libwww-perl mailing list <libwww@perl.org>)
    CPAN_VERSION 6.05
    CPAN_FILE    G/GA/GAAS/HTTP-Message-6.06.tar.gz
    UPLOAD_DATE  2012-10-20
    DSLIP_STATUS RmpO? (released,mailing-list,perl,object-oriented,)
    MANPAGE      HTTP::Headers - Class encapsulating HTTP Message headers
    INST_FILE    /usr/local/share/perl/5.10.1/HTTP/Headers.pm
    INST_VERSION 6.04

pro opravu problemu provedte downgrade na posledni funkcni verzi 6.04:

cpan[2]> force install G/GA/GAAS/HTTP-Message-6.04.tar.gz

Incorrect parameter at /usr/lib/perl5/site_perl/5.8.8/SOAP/Lite.pm
line 1993.¶

Tento problem zpusobuje chybny prikaz na radku 1993 v modulu SOAP::Lite od verze 0.715:

die "Incorrect parameter" unless $itself =~/^\d$/;

ktery ma byt spravne napsan jako:

die "Incorrect parameter" unless $itself =~/^\d*$/;

tak jak je tomu ve verzi 0.714. Pro vyrezeni problemu provedte downgrade modulu SOAP::Lite na verzi 0.714:

cpan> install M/MK/MKUTTER/SOAP-Lite-0.714.tar.gz

Pro vice informaci viz http://sourceforge.net/tracker/?func=detail&aid=3547564&group_id=66000&atid=513017

Jak zjistit nainstalovane verze Perl modulu na serveru¶

 $ instmodsh 
Available commands are:
   l            - List all installed modules
   m <module>   - Select a module
   q            - Quit the program
cmd? l
Installed modules are:
   Compress::Raw::Bzip2
   Compress::Raw::Zlib
   Encode::Locale
   File::Listing
   HTTP::Cookies
   HTTP::Daemon
   HTTP::Date
   HTTP::Message
   HTTP::Negotiate
   IO::Compress
   IO::Socket::SSL
   LWP
   LWP::MediaTypes
   LWP::Protocol::https
   Mozilla::CA
   Net::HTTP
   Perl
   SOAP
   SOAP::Lite
   WWW::RobotRules
   mod_perl
cmd?

Jak zjistit verze Perl modulu¶

$perl -MMODULE -e 'print $MODULE::VERSION';

Jak premigrovat data z SQLite do MySQL¶

1. dump tabulky z SQLite databaze do CSV formatu

$ sqlite3 -csv /opt/warden-server/var/warden.db "select * from clients;" > clients.db

2. zmena separatoru CSV souboru z "," na ";"

sed '%s/,/;/g' clients.db

3. zmena oznaceni typu 'NULL' pro MySQL databazi

sed '%s/null/\\N/g' clients.db

4. import upraveny dat do MySQL databaze

$ mysql -u root -h localhost -p

mysql> use warden;
mysql> load data local infile '/home/plesnik/clients.db' into table clients fields terminated by ';' lines terminated by '\n';
Query OK, 21 rows affected (0.00 sec)
Records: 21  Deleted: 0  Skipped: 0  Warnings: 0

Jak zjistit verze aktualne nainstalovanych Perlovych baliku na serveru:¶

k tomuto ucelu slouzi skript chck_modules_version.sh (source:packages/chck_modules_version.sh)
skriptu staci pouze predat nazev adresare ve kterem ma automaticky zjistit vsechny zavisle perlove moduly a vypsat jejich verze

$ ./chck_modules_version.sh 
Usage: chck_modules_version.sh <directory>

Example: chck_modules_version.sh ../src/warden-server/

a spustit skipt:

$ ./chck_modules_version.sh ../src/warden-server/
Carp >= 1.11
Crypt::X509 >= 0.40
Data::Dumper >= 2.124
DateTime >= 0.61
DBD::mysql >= 4.016
DBI >= 1.612
Email::Simple >= 2.100
File::Basename >= 2.77
FindBin >= 1.50
Format::Human::Bytes >= 0.05
Getopt::Long >= 2.38
Getopt::Std >= 1.06
MIME::Base64 >= 3.08
Net::CIDR::Lite >= 0.21
SOAP::Lite >= 0.715
SOAP::Transport::HTTP >= 0.715
Switch >= 2.14
Sys::Hostname >= 1.11
Sys::Syslog >= 0.27
Test::Exception >= 0.29
Test::MockModule >= 0.05
Test::More >= 0.94

Can't locate object method "ssl_opts" via package "SOAP::Transport::HTTP::Client"¶

Pokud se pri odesilani/prijmu udalosti zobrazi nasledujici hlaska:

$ perl warden-client.pl 
Can't locate object method "ssl_opts" via package "SOAP::Transport::HTTP::Client" at /opt/warden-client/lib/WardenClientSend.pm line 48.

je nutne na server doinstalovat modul LWP::Protocol::https

# cpan 
cpan> install LWP::Protocol::https

Server sent error message:: Bad mask at /usr/share/perl5/Net/CIDR/Lite.pm line 39¶