Jibe and Nasuni AMQP (in development)

Jibe is able to pull Nasuni audit events from an AMQP queue to sync files and folders that have been modified outside the Access Anywhere. This feature is in development.

For Nasuni the SMB Source should be used.

For general information on Jibe see Jibe Documentation.

The Jibe Nasuni Source connects to an AMQP queue to retrieve audit events created by Nasuni filers. Jibe includes a RabbitMQ container that can be used and can auto-configure both the RabbitMQ and Nasuni servers.

Sequence:

1. File/Folder Operation - File server client may create, update or delete files or folders via standard APIs
2. Audit Event - Nasuni sends an audit event to an AMQP queue, running on a RabbitMQ server.
3. Retrieve Message - Jibe consumes the audit events from the AMQP queue.
4. Sync Provider Event - Jibe asks the Access Anywhere server to resync the file or folder based on the event.
5. List File - The Access Anywhere verifies the file or folder status with Nasuni and updates its metadata.

Events are consumed from an AMQP queue. Jibe has been developed and tested with RabbitMQ. Other AMQP supported platforms may work as well. If you are using RabbitMQ Jibe will be able to auto-configure Nasuni NMC auditing.

Follow the Jibe Installation setup to set up a RabbitMQ container.

Add the Nasuni source information to your jibe-config.json file.

"sources": [
    {
        "name": "Nasuni",
        "provider": "Nasuni files",
        "flavor": "Nasuni",
        "share": "US West",
        "nasuni_server" : "nasuni.example.com",
        "nasuni_username" : "nasuni-storage",
        "nasuni_password" : "password",
        "ampq_host": "myhostname.com",
        "queue_name": "jibe-source-activity",
        "rabbitmq_management_username": "admin", 
        "rabbitmq_management_password": "Jib46Bun1",
        "rabbitmq_management_port": 15671,
        "ampq_jibe_username": "jibe",
        "ampq_jibe_password": "ChngMe23",
        "ampq_source_username": "nasuni",
        "ampq_source_password": "ChngMe29",
        "ampq_port": 5671,
        "ampq_vhost": "/",
        "auto_configure": true
    }
]

Include the name of your existing Nasuni provider. Both the Single User SMB and Nasuni providers are supported.

• name - The name of the Source (for Jibe alerts and reports)
• provider - The name of the provider within the Access Anywhere (if different to name)
• share - The name of the Nasuni Filer
• flavor - Required to be "Nasuni"

If auto-configuring Filer auditing provide the address and credentials for the Nasuni Management Console API. This will be the address of your Nasuni Management console and a user with administrator access to the Filer.

• nasuni_server - FQDN for Nasuni Management console
• nasuni_username - Nasuni username
• nasuni_password - Nasuni password
• nasuni_settings - Settings to use when creating an AMQP Destination

These settings provide Jibe access to the AMQP server:

• ssl_cacertfile - File containing the public key of the host
• ampq_host - Domain name of server
• ampq_port - Nasuni requires SSL connection. Default 5671
• ampq_jibe_username - Username Jibe uses to connect
• ampq_jibe_password - Password Jibe uses
• ampq_vhost - virtual host for Jibe queue

In addition, if auto-configuring, additional settings are used. You can override defaults with these setttings:

• rabbitmq_management_username - A user with admin access to create new users
• rabbitmq_management_password - Password used by Jibe config
• ampq_source_username - User used by Nasuni auditing
• ampq_source_password - Password used by Nasuni auditing
• rabbitmq_management_port - Management port for RabbitMQ Management API

For Auto-Conf

• auto_configure - Set flag to True

If auto_configure is enabled on startup Jibe runs through a configuration phase.

"auto_configure" : True

The configuration steps are:

1. RabbitMQ
   1. Connects to the server using SSL and AMQP port.
   2. Creates user for source with “write” permission (via Management SSL port).
   3. Creates user for jibe with “read” permission.
   4. Creates durable queue - queue_name.
2. Nasuni
   1. Lookup Nasuni Filer by name (using share)
   2. Create a named Audit Destination (unless already created)
   3. Set Nasunu Filer Auditing to named Audit Destination

Auto configure uses the following settings (defaults) which can be changed in the configuration file. They can be removed after auto configuration is complete.

ampq_jibe_username 
ampq_jibe_password": "XXX",
rabbitmq_management_username": "admin", 
rabbitmq_management_password": Default is "Jib46Bun1",
rabbitmq_management_port": 15671,
ampq_source_username": "guest",
ampq_source_password": "guest",

A Self-test is available that makes changes through the SMB protocol. That is, the operations are made against a Nasuni Edge appliance directly and then the self-test validates that corresponding events are received and will update the Access Anywhere metadata.

The self-test requires the following settings:

    "share" : "ExampleShare",
    "smb_server" : "smb.example.com",
    "smb_username" : "smbuser",
    "smb_password" : "smbpass"

These settings are optional:

      "smb_dir" : "",
      "smb_port" : 445

For more information see (self-test.md).

See AMQP and Auditing portions of the NMC API at http://docs.api.nasuni.com/nmc/api/1.1.0/index.html Particularly: http://docs.api.nasuni.com/nmc/api/1.1.0/index.html#create-an-amqp-destination which specifies the server where the events will be sent Then you need to define the audit policy for the volumes that you're interested: http://docs.api.nasuni.com/nmc/api/1.1.0/index.html#tocsvolumefilersetting

Nasuni Audit Messages are skipped if they have an IP Address associated with the Access Anywhere endpoint or apiendpoints as configured in Jibe.

Check the Volune

"nasuni_server" : "nmc.company.com",
"nasuni_username" : "youruser",
"nasuni_password" : "yourpassword",

Select “Volumes” from the top menu

Select “Filers” from the top menu.

From the left menu, under “Filer Status” select “Audit Destinations”.

FILER:  fmt-nasuni
TYPE:   AMQP
DESTINATION-NAME: jibe-source-activity
CONNECTION: Connected
    Host: demo.nasunilabs.com
    Connection established: December 18 2021, 11:10:33 PM PST
    Connection uptime: 3.0 weeks, 2.0 days  
    Latest update at: January 11 2022, 10:24:47 AM PST

Check RabbitMQ Server. It will be accessible from:

https://<hostname>:15671/

The admin credentials can be found in the docker-compose.yml file. For example,

environment:
   - 'RABBITMQ_CONFIG_FILE=/var/lib/rabbitmq/mnesia/rabbit@my-rabbit/rabbitmq.conf'
   - 'RABBITMQ_DEFAULT_USER=admin'
   - 'RABBITMQ_DEFAULT_PASS=Jib46Bun1'