[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[LDM #HFI-513438]: 20151202: LDM issues at GMU



Hi Jia,

re:
> Thank you for your the pretty detailed reply.

No worries.

re:
> I really would like you to login our system to take a look at the
> configurations. But it is pity that George Mason University firewall
> will block the SSH connection coming from off-campus.

Wow!  That must make working from anywhere but on campus very difficult!

re:
> But I think we can set up a teleconference. and I can share my screen
> to operate the server machine. You can instantly give me useful information.

OK, that will work.

re:
> So can I have your available time?

The best days/times for me this coming week will be Monday-Friday
mornings and afternoons on Monday, Tuesday and Friday:

08:00 - 10:00 MST
12:00 - 16:00 MST on Tuesday and Friday;  Monday I may have to be
                  out of the office between 12:00 and 15:00

re:
> According to your message. I did the following things:
> 1) changed <pqact>/<datadir-path> into 
> <pqact><datadir-path>/home/ldm</datadir-path></pqact>

Very good.

Please remember that when you make a change to either ldmd.conf or
registry.xml, you will need to stop and restart the LDM for the
change to take effect.

re:
> 2) removed the default port:388 inside the file ldmd.conf.
>    REQUEST WMO ".*" idd.unidata.ucar.edu

OK.  Just so you know, this was not absolutely needed because outbound
access to port 388 is the default.  It does, however, help to clean-up
your ldmd.conf file entries.

re:
> 3) made sure the whitespace exists in pqact.conf
> WMO <tab>^([^H][A-Z])([A-Z][A-Z])([0-9][0-9]) (....) ([0-3][0-9])([0-2][0-9])
> <tab>FILE\2/\4/\6/\1\3.wmo

Your attached pqact.conf file showed that there were tabs where needed.
This does not resolve the fact that the output file pathname does not
specify that the sub-directories that will be created should be under
~ldm/data.

> 4) we have insured that the user running your LDM has write access to
>    the directory(ies) the FILE products store into.

Very good.

re:
> 5) we have granted 'root' privilege into the bin/ldmd and bin/hupsyslog.
>    The below is the screen copy of the two programs's privileges

Very good.

re:
> Questions:
> (1) Regarding SELINUX ? I am not very clear about it. Can you tell me how to 
> check it is disabled or not

Whether or not SELINUX is active on your machine depends on what OS you are
running on the machine.  RedHat OS variants (e.g., RHEL, CentOS, Fedora and 
others)
have SELINUX setup by default, and the default configuration will prevent LDM
from using the system logging daemon for its logging.

So, if you are running a RedHat variant OS, check to see what the
settings are in /etc/selinux/config.  The default setup will look
like:

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted 

We recommend changing the SELINUX line to either:

SELINUX=disabled

or

SELINUX=permissive

The SELINUX 'permissive' setting will allow the LDM the use the
system logging daemon (which will be rsyslogd on current RedHat
variant versions of Linux), but the LDM log messages will also
be written to the system /var/log/messages.

The SELINUX 'disabled' setting will also allow the LDM to use the
system logging daemon, but it should prevent duplicate LDM log
messages from being written to /var/log/messages.  We like this
option best on our systems.

Comment:

- getting LDM logging working correctly is very important as it
  makes it much easier to troubleshoot other problems that might
  arise

re:
> (2) Regarding Log file , the log file you mentioned exists and is
> owned by 'ldm'

  Excellent!

re:
> and has zero length.

This shows that logging is not setup correctly.

re:
> I attached the file rsyslog.conf in this mail. you mentioned it is incorrect 
> probably.

We have not received a attachment of rsyslog.conf in any email from you.

re:
> I tried to activate LDM , but it still shows some errors below.

I don't see any messages (error or not) from your attempt(s) to start
the LDM.  Can you resend the messages you are seeing?

Cheers,

Tom
--
****************************************************************************
Unidata User Support                                    UCAR Unidata Program
(303) 497-8642                                                 P.O. Box 3000
address@hidden                                   Boulder, CO 80307
----------------------------------------------------------------------------
Unidata HomePage                       http://www.unidata.ucar.edu
****************************************************************************


Ticket Details
===================
Ticket ID: HFI-513438
Department: Support LDM
Priority: Normal
Status: Closed