A Rocks cluster presents a set of web pages to monitor its activities and configuration. The "frontend" node of the cluster serves these pages using its built in Apache webserver. This section describes the web-based monitoring tools available out of the box on all Rocks clusters.
For security, web access is restricted to only the internal cluster network by default. However, since usually only frontend and compute nodes (which have no monitors) reside on this network, some extra effort is required to view the monitoring web pages.
The easiest method of viewing the cluster pages is to attach a monitor, keyboard, and mouse to the frontend node of your cluster and configure its X window system.
# system-config-display # startx |
Once this is done, a standard RedHat desktop environment will appear. Point a web browser at the URL http://localhost/ to view the cluster site.
The first method of viewing webpages involves sending a web browser screen over a secure, encrypted SSH channel. To do this, follow the steps below.
Log into the cluster's frontend node, and supply your password when requested.
$ ssh mycluster
Ensure you have an X server running on your local machine. Start a browser on the cluster with the following command. The ssh process will setup an encrypted channel for the browser to operate through.
$ firefox --no-remote &
Wait until the browser window appears on your local machine. The the URL http://localhost/ should appear with the cluster home page.
To permenantly enable selected web access to the cluster from other machines on the public network, follow the steps below. Apache's access control directives will provide protection for the most sensitive parts of the cluster web site, however some effort will be necessary to make effective use of them.
HTTP (web access protocol) is a clear-text channel into your cluster. Although the Apache webserver is mature and well tested, security holes in the PHP engine have been found and exploited. Opening web access to the outside world by following the instructions below will make your cluster more prone to malicious attacks and breakins. |
Edit the /etc/sysconfig/iptables file. Uncomment the line as indicated in the file.
... # Uncomment the lines below to activate web access to the cluster. #-A INPUT -m state --state NEW -p tcp --dport https -j ACCEPT #-A INPUT -m state --state NEW -p tcp --dport www -j ACCEPT ... other firewall directives ... |
Restart the iptables service. You must execute this command as the root user.
$ service iptables restart
Test your changes by pointing a web browser to http://my.cluster.org/, where "my.cluster.org" is the DNS name of your frontend machine.
If you cannot connect to this address, the problem is most likely in your network connectivity between your web browser and the cluster. Check that you can ping the frontend machine from the machine running the web browser, that you can ssh into it, etc. |
If you can successfully connect to the cluster's web server, you will be greeted with the Rocks Table of Contents page. This simple page has links to the monitoring services available for this cluster.