gLite Logging and Bookkeeping Service

Functional description

The Logging and Bookkeeping service (LB) tracks jobs in terms of events (important points of job life, e.g. submission, finding a matching CE, starting execution etc.) gathered from various WMS components as well as CEs (all those have to be instrumented with LB calls).

The events are passed to a physically close component of the LB infrastructure (locallogger) in order to avoid network problems. This component stores them in a local disk file and takes over the responsibility to deliver them further.

Released version

gLite LB has been released for the gLite 3.1 release series. You can find the latest released version together with the installation instructions and repositories at the gLite LB release pages.

Daemons running

The following daemons need to be running:

For gLite:

• /etc/init.d/gLite

starting the following services:

• /opt/glite/etc/init.d/glite-lb-bkserverd
• /opt/glite/etc/init.d/glite-lb-locallogger

For the MySQL server:

• /etc/init.d/mysqld

Init scripts and options (start|stop|restart|...)

• /etc/init.d/gLite
• /etc/init.d/mysqld

Configuration files location with example or template

The configuration file for the LB service is

• /opt/glite/etc/LB-super-users

and contains the DNs of users and WMS nodes allowed to access all information from the LB DB. The LB host itself always has access.

Logfile locations (and management) and other useful audit information

The log information of the LB service can be found in:

• /var/log/messages

Open ports

• 2170 : standard BDII
• 9000 : job status and logging-info queries
• 9001 : event gathering from LB loggers (WMS, CE)
• 9003 : WS client queries

Possible unit test of the service

Where is service state held (and can it be rebuilt)

State is hold in MySQL database.

Cron jobs

The cron jobs can be found in:

• /etc/cron.d/

and are:

• fetch-crl
• bdii-proxy
• lcg-mon-job-status-proxy
• glite-lb-purge.cron

Security information

Access control Mechanism description (authentication & authorization)

The authentication method is based on trusted digital certificates. Depending on the server configuration and action requested, the users may be required to present VOMS attributes in their proxy certificates.

The L&B version 2.0 server has introduced an authorization mechanism to control the originators of events and allows to make use standard LCAS plugins.

How to block/ban a user

Banning users isn't possible in LB.

Network Usage

By default L&B server listens on port 9000 for incoming queries, 9001 for events, and 9003 for WS interface queries. The glite-lb-logd daemon listens on port 9002.

L&B proxy communicates on two UNIX sockets: /tmp/lb_proxy_server.sock (queries) and /tmp/lb_proxy_store.sock (incoming events).

Firewall configuration

The firewall configuration should allow the access to these ports:

• 9000/TCP, 9001/TCP and 9003/TCP.
• 2170/TCP for the resource BDII service.

Security recommendations

None

Security incompatibilities

None currently known

List of externals (packages are NOT maintained by Red Hat or by gLite)

None

Other security relevant comments

None

Utility scripts

The wms scripts/binaries can be found in

• /opt/glite/bin

and are:

• glite-lb-bkserverd
• glite-lb-interlogd
• glite-lb-logevent
• glite-lb-notif-interlogd

Documentation:

• Logging and Bookkeeping Documentation

Links:

• Logging and Bookkeeping homepage