Re: [Ganglia-general] per-cluster authorization

2015-09-24 Thread Alexis Huxley 
In case anybody else gets caught by this ...

>   From the 'grid --> choose a source' pulldown menu I select one of my two 
> clusters
> but get a simple page stating "Sorry, you do not have access to this 
> resource."

After an eventual visit to #apache, I replaced the suggested  with
 and it now works. My 
/etc/httpd/conf.d/ganglia.conf now
contains:

 Alias /ganglia /usr/share/ganglia

 SetEnv ganglia_secret x

 
   Require all granted
 

 #  Last match is used, so important that restricted page is
 #  placed after unrestricted pages. See
 
   AuthType Basic
   AuthName "Ganglia Access"
   AuthUserFile /var/lib/ganglia/htpasswd
   Require valid-user
 

Credit to Unbeliever and Spiceman on Freenode's #apache.

Alexis

--
Monitor Your Dynamic Infrastructure at Any Scale With Datadog!
Get real-time metrics from all of your servers, apps and tools
in one place.
SourceForge users - Click here to start your Free Trial of Datadog now!
http://pubads.g.doubleclick.net/gampad/clk?id=241902991=/4140
___
Ganglia-general mailing list
Ganglia-general@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ganglia-general

Re: [Ganglia-general] per-cluster authorization

2015-09-24 Thread Bostjan Skufca 
Hi Alexis,

this is my take on the issue:

Since each cluster has its own headnode(s) and clusters are not shared
among clients, when I need to provide access to metric  charts to client, I
set up separate instance of gmetad+webui for given client, on their
infrastructure, and point it to their headnodes.

For combined view over all managed infrastructure, I use dedicated (owned)
gmetad instance that polls all clients' headnodes and combines data from
all clusters.

Note: when I last checked the webui code it was still version 1.x, so
things might have changed since then.
Note2: I have seen that there is some federation implemented (multi-grid),
but I have not seen it in action yet.

b.

PS: Using client's infrastructure for their viewing has an added benefit of
restricting resource usage - if multiple people have open webui page with
many charts which autorefresh, this puts significant load on central webui
node.


On 24 September 2015 at 11:08, Alexis Huxley  wrote:

> In case anybody else gets caught by this ...
>
> >   From the 'grid --> choose a source' pulldown menu I select one of my
> two clusters
> > but get a simple page stating "Sorry, you do not have access to this
> resource."
>
> After an eventual visit to #apache, I replaced the suggested  "login.php"> with
>  and it now works. My
> /etc/httpd/conf.d/ganglia.conf now
> contains:
>
>  Alias /ganglia /usr/share/ganglia
>
>  SetEnv ganglia_secret x
>
>  
>Require all granted
>  
>
>  #  Last match is used, so important that restricted page is
>  #  placed after unrestricted pages. See
>  
>AuthType Basic
>AuthName "Ganglia Access"
>AuthUserFile /var/lib/ganglia/htpasswd
>Require valid-user
>  
>
> Credit to Unbeliever and Spiceman on Freenode's #apache.
>
> Alexis
>
>
> --
> Monitor Your Dynamic Infrastructure at Any Scale With Datadog!
> Get real-time metrics from all of your servers, apps and tools
> in one place.
> SourceForge users - Click here to start your Free Trial of Datadog now!
> http://pubads.g.doubleclick.net/gampad/clk?id=241902991=/4140
> ___
> Ganglia-general mailing list
> Ganglia-general@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/ganglia-general
>
--
Monitor Your Dynamic Infrastructure at Any Scale With Datadog!
Get real-time metrics from all of your servers, apps and tools
in one place.
SourceForge users - Click here to start your Free Trial of Datadog now!
http://pubads.g.doubleclick.net/gampad/clk?id=241902991=/4140___
Ganglia-general mailing list
Ganglia-general@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ganglia-general

[Ganglia-general] per-cluster authorization

2015-09-23 Thread Alexis Huxley 
Hi, I want to allow users to access Ganglia for some clusters but not for
other clusters. Following the instructions at
https://github.com/ganglia/ganglia-web/wiki/Authorization-System, I have:

- added stuff to Apache's ganglia.conf:

 Alias /ganglia /usr/share/ganglia
 
   Options Indexes MultiViews FollowSymLinks
   AllowOverride None
   Allow from all
   Require all granted
 
 SetEnv ganglia_secret xx
 
   AuthType Basic
   AuthName "Ganglia Access"
   AuthUserFile /var/lib/ganglia/htpasswd
   Require valid-user
 

  - added stuff Ganglia's conf.php, intended to make myself an admin and
to make (my only) two clusters private:

 addPrivateCluster( '' );
 $acl->addPrivateCluster( '' );
 $acl->addRole( 'alexis', GangliaAcl::ADMIN );
 ?>

- created an htpasswd file in the right place with an entry for myself.

Now I go to http://my-site/ganglia. At this grid level, I see the basic graphs
for the 'unspecified grid' and, listed underneath, are two private clusters.
Okay so far.

 From the 'grid --> choose a source' pulldown menu I select one of my two 
clusters
but get a simple page stating "Sorry, you do not have access to this resource."

Apache's access_log shows just:

..."GET 
/ganglia/?r=hour===load_one=by+name==m==false 
HTTP/1.1" 403 116 
"http://my-site/ganglia/?m=load_one=hour=by%20name=4=2; ...

This is SL7 with Ganglia from EPEL, versions:

ganglia-web-3.7.0-3.el7.x86_64
ganglia-3.7.1-3.el7.x86_64
ganglia-gmetad-3.7.1-3.el7.x86_64

I've done plenty of googling, but not found anything. Has anybody any ideas why
this is not working? Thanks!

Alexis

--
Monitor Your Dynamic Infrastructure at Any Scale With Datadog!
Get real-time metrics from all of your servers, apps and tools
in one place.
SourceForge users - Click here to start your Free Trial of Datadog now!
http://pubads.g.doubleclick.net/gampad/clk?id=241902991=/4140
___
Ganglia-general mailing list
Ganglia-general@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ganglia-general