# Jibe and Nasuni AMQP (in development)

Jibe is able to pull Nasuni audit events from an AMQP queue to sync files and folders
that have been modified outside the Access Anywhere. This feature is in development. 

For Nasuni the [[/jibe/smb-notify|SMB Source]] should be used.

For general information on Jibe see [[/jibe]].
## Nasuni Architecture

The Jibe Nasuni Source connects to an AMQP queue to retrieve audit events created by Nasuni filers.
Jibe includes a RabbitMQ container that can be used and can auto-configure both the RabbitMQ and Nasuni servers.

Sequence:

1. **File/Folder Operation** - File server client may create, update or delete files or folders via standard APIs
1. **Audit Event** - Nasuni sends an audit event to an AMQP queue, running on a RabbitMQ server.
1. **Retrieve Message** - Jibe consumes the audit events from the AMQP queue.
1. **Sync Provider Event** - Jibe asks the Access Anywhere server to resync the file or folder based on the event.
1. **List File** - The Access Anywhere verifies the file or folder status with Nasuni and updates its metadata.


#### Jibe Sync with Nasuni Audit Events
{{ :jibe:nasuni-amqp:nasuni-amqp-arch.png?600 |}}


## Getting Started

### RabbitMQ Server

Events are consumed from an AMQP queue. Jibe has been developed and tested with RabbitMQ.
Other AMQP supported platforms may work as well.
If you are using RabbitMQ Jibe will be able to auto-configure Nasuni NMC auditing.

Follow the [[/jibe/docker|Jibe Installation]] setup to set up a RabbitMQ container.

### Configuration File

Add the Nasuni source information to your jibe-config.json file.

    "sources": [
        {
            "name": "Nasuni",
            "provider": "Nasuni files",
            "flavor": "Nasuni",
            "share": "US West",
            "nasuni_server" : "nasuni.example.com",
            "nasuni_username" : "nasuni-storage",
            "nasuni_password" : "password",
            "ampq_host": "myhostname.com",
            "queue_name": "jibe-source-activity",
            "rabbitmq_management_username": "admin", 
            "rabbitmq_management_password": "Jib46Bun1",
            "rabbitmq_management_port": 15671,
            "ampq_jibe_username": "jibe",
            "ampq_jibe_password": "ChngMe23",
            "ampq_source_username": "nasuni",
            "ampq_source_password": "ChngMe29",
            "ampq_port": 5671,
            "ampq_vhost": "/",
            "auto_configure": true
        }
    ]

Include the name of your existing Nasuni provider.
Both the Single User SMB and Nasuni providers are supported.

 * `name` - The name of the Source (for Jibe alerts and reports)
 * `provider` - The name of the provider within the Access Anywhere (if different to `name`)
 * `share` -  The name of the Nasuni Filer
 * `flavor` - Required to be `"Nasuni"`

If auto-configuring Filer auditing provide the address and credentials for the 
Nasuni Management Console API.
This will be the address of your Nasuni Management console and a user with
administrator access to the Filer.
 
  * `nasuni_server` - FQDN for Nasuni Management console 
  * `nasuni_username` - Nasuni username
  * `nasuni_password` - Nasuni password
  * `nasuni_settings` - Settings to use when creating an AMQP Destination

These settings provide Jibe access to the AMQP server:

  * `ssl_cacertfile` - File containing the public key of the host
  * `ampq_host` - Domain name of server
  * `ampq_port` - Nasuni requires SSL connection. Default 5671
  * `ampq_jibe_username` - Username Jibe uses to connect
  * `ampq_jibe_password` - Password Jibe uses
  * `ampq_vhost` - virtual host for Jibe queue

In addition, if auto-configuring, additional settings are used.
You can override defaults with these setttings:

 * `rabbitmq_management_username` - A user with admin access to create new users 
 * `rabbitmq_management_password` - Password used by Jibe config
 * `ampq_source_username` - User used by Nasuni auditing
 * `ampq_source_password` - Password used by Nasuni auditing
 * `rabbitmq_management_port` - Management port for RabbitMQ Management API

For Auto-Conf

 * `auto_configure` - Set flag to True

## Auto-Configure

If `auto_configure` is enabled on startup Jibe runs through a configuration phase.

    "auto_configure" : True

The configuration steps are:

 1. RabbitMQ
     1. Connects to the server using SSL and AMQP port.
     2. Creates user for source with "write" permission (via Management SSL port).
     3. Creates user for jibe with "read" permission.
     4. Creates durable queue - `queue_name`.

 2. Nasuni
     1. Lookup Nasuni Filer by name (using `share`)
     2. Create a named Audit Destination (unless already created)
     3. Set Nasunu Filer Auditing to named Audit Destination 

Auto configure uses the following settings (defaults) which can be
changed in the configuration file. They can be removed after 
auto configuration is complete.

    ampq_jibe_username 
    ampq_jibe_password": "XXX",
    rabbitmq_management_username": "admin", 
    rabbitmq_management_password": Default is "Jib46Bun1",
    rabbitmq_management_port": 15671,
    ampq_source_username": "guest",
    ampq_source_password": "guest",


## Self Test

A Self-test is available that makes changes through the SMB protocol. That is, the operations are
made against a Nasuni Edge appliance directly and then the self-test validates that corresponding
events are received and will update the Access Anywhere metadata.

The self-test requires the following settings:

        "share" : "ExampleShare",
        "smb_server" : "smb.example.com",
        "smb_username" : "smbuser",
        "smb_password" : "smbpass"

These settings are optional:
        "smb_dir" : "",
        "smb_port" : 445

For more information see (self-test.md).

## Implementation Notes

See AMQP and Auditing portions of the NMC API at http://docs.api.nasuni.com/nmc/api/1.1.0/index.html
Particularly: http://docs.api.nasuni.com/nmc/api/1.1.0/index.html#create-an-amqp-destination which specifies the server where the events will be sent
Then you need to define the audit policy for the volumes that you're interested:  http://docs.api.nasuni.com/nmc/api/1.1.0/index.html#tocsvolumefilersetting

Nasuni Audit Messages are skipped if they have an IP Address associated with the Access Anywhere endpoint or apiendpoints as configured in Jibe.

## Troubleshooting

### Nasuni Management Console

Check the Volune 

    "nasuni_server" : "nmc.company.com",
    "nasuni_username" : "youruser",
    "nasuni_password" : "yourpassword",

#### Volumes

Select "Volumes" from the top menu 

#### Audit Destination Status

Select "Filers" from the top menu.

From the left menu, under "Filer Status" select "Audit Destinations".

    FILER:  fmt-nasuni
    TYPE:   AMQP
    DESTINATION-NAME: jibe-source-activity
    CONNECTION: Connected
        Host: demo.nasunilabs.com
        Connection established: December 18 2021, 11:10:33 PM PST
        Connection uptime: 3.0 weeks, 2.0 days  
        Latest update at: January 11 2022, 10:24:47 AM PST


## RabbitMQ Server

Check RabbitMQ Server. It will be accessible from:

    https://<hostname>:15671/

The admin credentials can be found in the docker-compose.yml file. For example,

    environment:
       - 'RABBITMQ_CONFIG_FILE=/var/lib/rabbitmq/mnesia/rabbit@my-rabbit/rabbitmq.conf'
       - 'RABBITMQ_DEFAULT_USER=admin'
       - 'RABBITMQ_DEFAULT_PASS=Jib46Bun1'