[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: GEM distribution



On Wed, 27 May 2009, Beaubien,Anne-Marie [CMC] wrote:

> Hi Jeff,
>       The entry  "ALLOW   ANY     ^[a-z].*\.unidata\.ucar\.edu\.?$        .* 
> "  was already existant on our servers before you sent your request.  So I 
> didn`t make any changes there.
>
>       As I asked before...  Is the entry "|([a-z].*\.unidata\.ucar\.edu\.?$)" 
> found at the end of "ALLOW   ANY     
> ^((localhost|loopback)|(127\.0\.0\.1\.?$))" necessary?
>
>       Currently I have:
> "ALLOW   ANY     ^((localhost|loopback)|(127\.0\.0\.1\.?$))      .*"
>
>       must this be changed to:
> "allow   ANY  
> ^((localhost|loopback)|(127\.0\.0\.1\.?$)|([a-z].*\.unidata\.ucar\.edu\.?$))" 
>     ?
>

It can, and is usually (per standard install) appended as indicated above.
It can stand alone, it just needs to be there in one method or another.


>       I was waiting for your response to the above (and below) question
> before adding the configuration of idd.cise-nsf.gov but I just did that
> now.  A request was just sent to my network group to allow access for
> idd.cise-nsf.gov, this may take a few days though.

Great, appreciate that, it helps us balance our load geographically.

>
>       Is the access problem you are reporting related to the missing
> idd.cise-nsf.gov configuration?

Not completely, that certainly is part of it, but our unidata machines
could not "see" your machine via "notifyme" or "ldmping"..so either the
allow was not in place, or a firewall is stopping our traffic.

  If not, are you (unidata) requiring new
> accesses that you did not use before?

Perhaps, I ~believe all we had in the past was an allow for "shemp" or
"newshemp" as that has been the only machine we have actually gotten CMC
GEM output on. We now run a cluster with multiple accumulators as front
ends, hence the desire to have the:

ALLOW   ANY     ^[a-z].*\.unidata\.ucar\.edu\.?$


Please let us know if you have any questions, we greatly appreciate
this service to the community.


Cheers,


Jeff


>
> Anne-Marie
>
> -----Original Message-----
> From: Jeff Weber [mailto:address@hidden]
> Sent: 27 May, 2009 13:15
> To: Beaubien,Anne-Marie [CMC]
> Cc: Grenier,Michel [CMC]; Mike Schmidt; address@hidden
> Subject: RE: GEM distribution
>
> Bonjour Anne-Marie and Michel,
>
> We, Unidata, are being denied access to:
>
> ldm-wxo.cmc.ec.gc.ca
>
> 199.212.17.24
>
> Did you execute a "ldmadmin restart" after making the changes in ldmd.conf 
> for us to gain access?
>
> Could there be firewall issues at play?
>
> Thanks for your efforts, it is appreciated!
>
> Jeff
> ---------------------------------------------------------------------
> Jeff Weber                                    address@hidden        :
> Unidata Program Center                        PH:303-497-8676        :
> University Corp for Atmospheric Research      3300 Mitchell Ln       :
> http://www.unidata.ucar.edu/staff/jweber      Boulder,Co 80307-3000  :
> ---------------------------------------------------------------------
>
> On Thu, 21 May 2009, Beaubien,Anne-Marie [CMC] wrote:
>
> > Hi Jeff,
> >
> >     The following is what we currently have configured:
> >
> > -------------------
> >  # The LDM will NOT start if the entry is commented-out.
> > ALLOW   ANY     ^((localhost|loopback)|(127\.0\.0\.1\.?$))      .*
> > #
> > # Give permission to the Unidata Program Center
> > ALLOW   ANY     ^[a-z].*\.unidata\.ucar\.edu\.?$        .*
> > --------------------
> >
> >
> >     I notice that our first allow, above, does not end with 
> > "|([a-z].*\.unidata\.ucar\.edu\.?$)" as in your example below.  Is this a 
> > problem?
> >
> >     I will add an allow ANY for idd.cise-nsf.gov as requested...
> >
> > Anne-Marie Beaubien
> > Environment Canada
> > Meteorological Service of Canada
> > CMC Informatics Branch / Data Acquisition and Distribution Services
> > Tél:  (514) 421-4778           Fax: (514) 421-4703
> > email:    address@hidden
> >
> >
> >
> >
> >
> > -----Original Message-----
> > From: Jeff Weber [mailto:address@hidden]
> > Sent: 20 May, 2009 17:37
> > To: Grenier,Michel [CMC]
> > Cc: Beaubien,Anne-Marie [CMC]; address@hidden
> > Subject: RE: GEM distribution
> >
> > Bonjour Michel and Anne Marie,
> >
> > Can you please add an "allow" in your ldmd.conf file, located in ~ldm/etc 
> > (in theory) and make sure you have:
> >
> >
> > allow       ANY     ^[a-z].*\.unidata\.ucar\.edu\.?$
> >
> > [note, use tabs and not white space] :)
> >
> > ..this is what we would like to see implemented, and is probably already in 
> > your ldmd.conf file, but perhaps it is commented out. The original allow 
> > line looked like this:
> >
> > ######################################################################
> > #########
> > # Allow Entries
> > ######################################################################
> > #########
> > #
> > # Giving permission for a Data Sink to perform a request to your LDM # # 
> > allow <feedset> <hostname pattern> # # Giving permission to your own 
> > machine and Unidata # # Under no circumstances comment out the next allow 
> > entry to localhost # The LDM will NOT start if the lines are commented out.
> > allow   ANY 
> > ^((localhost|loopback)|(127\.0\.0\.1\.?$)|([a-z].*\.unidata\.ucar\.edu\.?$))
> > allow   ANY     ^([a-z].*\.ucar\.edu\.?$)
> > #
> > ######################################################################
> > ########
> >
> >
> > To better serve folks on the east coast we also request an allow for:
> >
> > idd.cise-nsf.gov
> >
> >
> > Thanks for working with us on this, and after this config (since we
> > are now allowed to fan out this feed) it may be the last time needed
> > :)
> >
> >
> > Cheers,
> >
> > Jeff
> > ---------------------------------------------------------------------
> > Jeff Weber                                    address@hidden        :
> > Unidata Program Center                        PH:303-497-8676        :
> > University Corp for Atmospheric Research      3300 Mitchell Ln       :
> > http://www.unidata.ucar.edu/staff/jweber      Boulder,Co 80307-3000  :
> > ---------------------------------------------------------------------
> >
> > On Tue, 19 May 2009, Yves Pelletier wrote:
> >
> > > Hi Jeff,
> > >
> > > Sorry for the slow response on this.  We discussed this with our
> > > colleagues of the Data Acquisition and Dissemination Systems section
> > > and agreed it would be a good idea.
> > >
> > > If any action is required on our part, please coordinate with
> > > Anne-Marie Beaubien and Michel Grenier.
> > >
> > > With my best regards
> > >
> > > Yves Pelletier
> > > Chief, Implementation and Operational Services Section National
> > > Prediction Operations Meteorological Service of Canada
> > >
> > > On Tue, 2009-05-19 at 14:23 -0600, Jeff Weber wrote:
> > >
> > > > Bonjour Yves,
> > > >
> > > > I am hopeful that we can discuss the option of having Unidata "fan out"
> > > > the CMC GEM model output.
> > > >
> > > > To refresh our memories, currently CMC delivers all GEM output
> > > > "point-to-point". Unidata would like to have the permission to
> > > > relay the data within our IDD topology. This would ease the use of
> > > > your bandwidth AND reduce time and effort to maintain your ldmd.conf 
> > > > files for "allow"
> > > > capabilities. We recently were successful doing this with
> > > > FNMOC/NRL and the NOGAPS/COAMPS model ouput. The benefit to the
> > > > Unidata community would be multiple points of access.
> > > >
> > > > Thank you for considering this request.
> > > >
> > > > Jeff
> > > > ---------------------------------------------------------------------
> > > > Jeff Weber                                    address@hidden        :
> > > > Unidata Program Center                        PH:303-497-8676        :
> > > > University Corp for Atmospheric Research      3300 Mitchell Ln       :
> > > > http://www.unidata.ucar.edu/staff/jweber      Boulder,Co 80307-3000  :
> > > > ------------------------------------------------------------------
> > > > --
> > > > -
> > > >
> > > > On Tue, 28 Apr 2009, Hogue,Richard [CMC] wrote:
> > > >
> > > > > Hi Linda,
> > > > >
> > > > > Nice to hear from you.  Yes I'm still around !
> > > > >
> > > > > I have copied Yves Pelletier on this reply.  Yves leads our
> > > > > Implementation and Operational Services Section here at CMC.  He
> > > > > will gladly follow up with you and Jeff on this.
> > > > >
> > > > > Kind regards,
> > > > >
> > > > > Richard.
> > >
> >
>