[RADIATOR] Farmsize and Monitor fix

Kiernan McColl kiernan at staff.iinet.net.au
Mon Aug 30 00:29:42 CDT 2010


Never mind, RTFM ;)

-----Original Message-----
From: Kiernan McColl 
Sent: Monday, August 30, 2010 1:26 PM
To: 'radiator at open.com.au'
Subject: Farmsize and Monitor fix

Hi,

I'd like to test this solution but I'm having trouble locating the SNMP_util.pm (SNMP_Session.pm?) module that it needs. Is this supposed to be part of the Radiator package or some other package? There's an SNMP::Util on CPAN but I doubt that's what I'm after.

Using Radiator version 4.5 at the moment.

Regards,
Kiernan
iiNet

-----Original Message-----
From: radiator-bounces at open.com.au [mailto:radiator-bounces at open.com.au] On Behalf Of Hugh Irvine
Sent: Friday, April 23, 2010 2:44 PM
To: Ivan Brawley
Cc: radiator at open.com.au
Subject: Re: [RADIATOR] Issue with FarmSize and Monitor in version 4.6


Hello Ivan -

Thanks for your mail.

This is a known issue and there is a hook to deal with it in "goodies/hooks.txt".

Here is the item from Radiator 4.6 for your convenience:


----------------------------------------------------------------------


When using FarmSize n to enable multiple children, clauses like Monitor and SNMPAgent incorrectly share their Port with the parent process.

This hook runs in each child and closes the Monitor and SNMPAgent ports and reopens them on a different port number.

Requires Radiator 4.4 plus patches (September 22, 2009).

Add Identifier's to both clauses together with appropriate Port's (%O is the child number)  and a FarmChildHook:


.....

FarmSize 2
FarmChildHook file:"%D/etc/scripts/child-hook.pl"

<Monitor>
       Identifier MyMonitor
       Port 907%O
</Monitor>

<SNMPAgent>
       Identifier MySNMPAgent
       Port 908%O
       ROCommunity blahblah
</SNMPAgent>

......


Here is the hook code:


# child-hook.pl
# Hugh Irvine, Open System Consultants, 20090922

sub
{
       my $monitor = Radius::Configurable::find('Monitor', 'MyMonitor');
       if (defined $monitor)
       {
               $monitor->destroy();
               $monitor->activate();
       }

       my $snmpagent = Radius::Configurable::find('SNMPAgent', 'MySNMPAgent');
       if (defined $snmpagent)
       {
               $snmpagent->reinitialize();
               $snmpagent->activate();
       }

       return;
}


Here is the result:

-bash-3.2$ netstat -na
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address               Foreign Address             State
.....
tcp        0      0 0.0.0.0:9070                0.0.0.0:*                   LISTEN
tcp        0      0 0.0.0.0:9071                0.0.0.0:*                   LISTEN
tcp        0      0 0.0.0.0:9072                0.0.0.0:*                   LISTEN
.....
udp        0      0 0.0.0.0:9080                0.0.0.0:*
udp        0      0 0.0.0.0:9081                0.0.0.0:*
udp        0      0 0.0.0.0:9082                0.0.0.0:*


----------------------------------------------------------------------

hope that helps

regards

Hugh


On 23 Apr 2010, at 11:05, Ivan Brawley wrote:

> Greetings,
> 
> I have found a rather interesting issue with using Monitor module with
> FarmSize set to a number greater then 1.
> 
> With FarmSize, Radiator does the right thing in spawning multiple children
> processes. And with Monitor configured, the parent is the process that is
> listening on the Monitor port.
> 
> However, when you connect to the Monitor port, the parent will palm the
> handling of the connection to one of the children.
> 
> Which then means that Monitor connection will ever see traffic for that child
> and not the others.
> 
> We are using the Monitor feature of Radiator for our internal tools to watch
> people when they log onto our services.
> 
> The config looks something like this:
> 
> Trace 1
> FarmSize 3
> .....
> <Monitor>
>  Port 9048
>  Username XXXXX
>  Password XXXXX
>  TraceOnly
> </Monitor>
> 
> Anyone else noticed this? Did you find a fix or write your own Monitor module
> that could be shared?
> 
> I have a few ideas on how to fix this but I'm interested in other people's
> thoughts to it too.
> 
> Thanks.
> 
> ivan.
> --
> Ivan Brawley
> Systems Engineer
> Internode.
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator



NB: 

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets), 
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.



_______________________________________________
radiator mailing list
radiator at open.com.au
http://www.open.com.au/mailman/listinfo/radiator


More information about the radiator mailing list