Re: [Ganglia-general] per-cluster authorization
Hi Alexis, this is my take on the issue: Since each cluster has its own headnode(s) and clusters are not shared among clients, when I need to provide access to metric charts to client, I set up separate instance of gmetad+webui for given client, on their infrastructure, and point it to their headnodes. For combined view over all managed infrastructure, I use dedicated (owned) gmetad instance that polls all clients' headnodes and combines data from all clusters. Note: when I last checked the webui code it was still version 1.x, so things might have changed since then. Note2: I have seen that there is some federation implemented (multi-grid), but I have not seen it in action yet. b. PS: Using client's infrastructure for their viewing has an added benefit of restricting resource usage - if multiple people have open webui page with many charts which autorefresh, this puts significant load on central webui node. On 24 September 2015 at 11:08, Alexis Huxley wrote: > In case anybody else gets caught by this ... > > > From the 'grid --> choose a source' pulldown menu I select one of my > two clusters > > but get a simple page stating "Sorry, you do not have access to this > resource." > > After an eventual visit to #apache, I replaced the suggested "login.php"> with > and it now works. My > /etc/httpd/conf.d/ganglia.conf now > contains: > > Alias /ganglia /usr/share/ganglia > > SetEnv ganglia_secret x > > >Require all granted > > > # Last match is used, so important that restricted page is > # placed after unrestricted pages. See > >AuthType Basic >AuthName "Ganglia Access" >AuthUserFile /var/lib/ganglia/htpasswd >Require valid-user > > > Credit to Unbeliever and Spiceman on Freenode's #apache. > > Alexis > > > -- > Monitor Your Dynamic Infrastructure at Any Scale With Datadog! > Get real-time metrics from all of your servers, apps and tools > in one place. > SourceForge users - Click here to start your Free Trial of Datadog now! > http://pubads.g.doubleclick.net/gampad/clk?id=241902991&iu=/4140 > ___ > Ganglia-general mailing list > Ganglia-general@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/ganglia-general > -- Monitor Your Dynamic Infrastructure at Any Scale With Datadog! Get real-time metrics from all of your servers, apps and tools in one place. SourceForge users - Click here to start your Free Trial of Datadog now! http://pubads.g.doubleclick.net/gampad/clk?id=241902991&iu=/4140___ Ganglia-general mailing list Ganglia-general@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ganglia-general
Re: [Ganglia-general] per-cluster authorization
In case anybody else gets caught by this ... > From the 'grid --> choose a source' pulldown menu I select one of my two > clusters > but get a simple page stating "Sorry, you do not have access to this > resource." After an eventual visit to #apache, I replaced the suggested with and it now works. My /etc/httpd/conf.d/ganglia.conf now contains: Alias /ganglia /usr/share/ganglia SetEnv ganglia_secret x Require all granted # Last match is used, so important that restricted page is # placed after unrestricted pages. See AuthType Basic AuthName "Ganglia Access" AuthUserFile /var/lib/ganglia/htpasswd Require valid-user Credit to Unbeliever and Spiceman on Freenode's #apache. Alexis -- Monitor Your Dynamic Infrastructure at Any Scale With Datadog! Get real-time metrics from all of your servers, apps and tools in one place. SourceForge users - Click here to start your Free Trial of Datadog now! http://pubads.g.doubleclick.net/gampad/clk?id=241902991&iu=/4140 ___ Ganglia-general mailing list Ganglia-general@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ganglia-general
[Ganglia-general] per-cluster authorization
Hi, I want to allow users to access Ganglia for some clusters but not for other clusters. Following the instructions at https://github.com/ganglia/ganglia-web/wiki/Authorization-System, I have: - added stuff to Apache's ganglia.conf: Alias /ganglia /usr/share/ganglia Options Indexes MultiViews FollowSymLinks AllowOverride None Allow from all Require all granted SetEnv ganglia_secret xx AuthType Basic AuthName "Ganglia Access" AuthUserFile /var/lib/ganglia/htpasswd Require valid-user - added stuff Ganglia's conf.php, intended to make myself an admin and to make (my only) two clusters private: addPrivateCluster( '' ); $acl->addPrivateCluster( '' ); $acl->addRole( 'alexis', GangliaAcl::ADMIN ); ?> - created an htpasswd file in the right place with an entry for myself. Now I go to http://my-site/ganglia. At this grid level, I see the basic graphs for the 'unspecified grid' and, listed underneath, are two private clusters. Okay so far. From the 'grid --> choose a source' pulldown menu I select one of my two clusters but get a simple page stating "Sorry, you do not have access to this resource." Apache's access_log shows just: ..."GET /ganglia/?r=hour&cs=&ce=&m=load_one&s=by+name&c=&tab=m&vn=&hide-hf=false HTTP/1.1" 403 116 "http://my-site/ganglia/?m=load_one&r=hour&s=by%20name&hc=4&mc=2"; ... This is SL7 with Ganglia from EPEL, versions: ganglia-web-3.7.0-3.el7.x86_64 ganglia-3.7.1-3.el7.x86_64 ganglia-gmetad-3.7.1-3.el7.x86_64 I've done plenty of googling, but not found anything. Has anybody any ideas why this is not working? Thanks! Alexis -- Monitor Your Dynamic Infrastructure at Any Scale With Datadog! Get real-time metrics from all of your servers, apps and tools in one place. SourceForge users - Click here to start your Free Trial of Datadog now! http://pubads.g.doubleclick.net/gampad/clk?id=241902991&iu=/4140 ___ Ganglia-general mailing list Ganglia-general@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ganglia-general