gLite Monitoring System Collector Server

Functional description

gLite-MON: gLite Monitoring System Collector Server

Description of RGMA-based monitoring system collector server.

R-GMA [Relational Grid Monotoring Architecture] is an information system very similar to a standard relation database.

The R-GMA server is a Java servlet-based web application which provides the Consumer, Producer, Registry and Schema services for the R-GMA distributed information and monitoring system.

There are different components of this: - R-GMA Server - R-GMA Client - R-GMA Flexible Archiver - R-GMA Glue Data Archiver - R-GMA Service Publisher - R-GMA Site Publisher - RGMA Gadget IN

Released Version

Latest released version can be found at this link: gLite MON Released Page

Daemons running

The following daemons need to be running:

  • /etc/init.d/tomcat5
  • mysql

Init scripts and options (start|stop|restart|...)

  • /opt/glite/etc/init.d/rgma-gin
  • /opt/glite/etc/init.d/rgma-glue-archiver
  • /opt/glite/etc/init.d/rgma-servicetool

Configuration files location with example or template

Ensure that the environment variable RGMA_HOME is set to the prefix of your local R-GMA installation:

  • export RGMA_HOME=/opt/glite

Command line tool is:

  • $RGMA_HOME/bin/rgma

The rgma-gin script uses the following config file:

  • ${RGMA_HOME}/etc/rgma-gin/gin.conf

The rgma-glue-archiver script uses the following config file:

  • ${RGMA_HOME}/etc/rgma-glue-archiver/glue.config

The rgma-servicetool script uses the following config file:

  • ${RGMA_HOME}/etc/rgma-servicetool/servicetool.conf

The example for the configuration of various services can be found in:

  • /opt/glite/share/doc/glite-rgma-api-java/
  • /opt/glite/share/doc/glite-rgma-stubs-servlet-java/
  • /opt/glite/share/doc/rgma-base/
  • /opt/glite/share/doc/rgma-gin/
  • /opt/glite/share/doc/rgma-server/
  • /opt/glite/share/doc/rgma-servicetool/
  • /opt/glite/share/doc/rgma-standard-tables/

Logfile locations (and management) and other useful audit information

The log file can be found in:

  • /var/log/glite

specifying in:

  • /var/log/glite/rgma-gin.log
  • /var/log/glite/rgma-servicetool.log

Open ports

The open ports used are: 8080 - 8088 - 8443

Secure mode:

  • 8088 and 8443

Insecure mode:

  • 8088 and 8080

Possible unit test of the service

R-GMA comes with two testing scripts.

  • ${RGMA_HOME}/bin/rgma-client-check
  • ${RGMA_HOME}/bin/rgma-server-check

The rgma-server-check script is run on the machine hosting the servlets.

  • Checks that the Tomcat container is running.
  • Checks that the servlets are up by tying to connect to the servlets.
  • Checks the communication with the Registry and Schema.
  • Checks that the correct ports are open.
  • Compares the time on the server to that on the registry.

The rgma-client-check script can be run on all nodes.

  • Checks the overall functionality of R-GMA.
  • Tries to publish data using the different APIs.
  • Verifies that the data has been published correctly.

The components should be tested in the following order.

  • Check the Schema and Registry.
  • Check the other servlets.
  • Check the client.

Where is service state held (and can it be rebuilt)

  • Nothing.

Cron jobs

The cron jobs can be found in:

  • /etc/cron.d/rgma-gin-monitor.cron
  • /etc/cron.d/rgma-gip-proxy.cron

Security information

Access control Mechanism description (authentication & authorization)

No AUTHn or AUTHz mechanism is needed at this service. Users have no interaction with this node.

How to block/ban a user

Users have no interaction with this node.

Network Usage

Three services are running that need network access on this node-type.
  • the MySQL server service. The server binds to the 3306/tcp port.
  • the Resources BDII service. As (almost) all gLite services MON has a resource BDII to advertise its endpoint and its capabilities. The resource BDII binds to the 2170/tcp port.
  • the R-GMA webapp on a TomCat server at ports 8088/tcp and 8443/tcp

Firewall configuration

The proposed firewall configuration is to deny access to anyhost/anyport and allow:
  • 3306/tcp limited to the site LAN (CEs are connecting to the MySQL database to store accounting data)
  • 8088/tcp and 8443/tcp from everyone need the RGMA services from this node
  • 2170/tcp from the local site-BDII service
  • Any other administration required port for the administration subnet/interface (i.e. 22/tcp (ssh))

Security recommendations

No stipulation.

Security incompatibilities

No stipulation.

List of externals (packages are NOT maintained by Red Hat or by gLite)

Maintained by JPackage repository maintainers
  • bcel
  • bea-stax
  • bea-stax-api
  • bouncycastle
  • dom4j
  • ecj
  • geronimo-j2ee-1.4-apis
  • geronimo-jaf-1.0.2-api
  • geronimo-javamail-1.4-api
  • geronimo-specs-poms
  • geronimo-stax-1.0-api
  • glassfish-jaf
  • glassfish-jaxb
  • icu4j
  • isorelax
  • jakarta-commons-beanutils
  • jakarta-commons-collections
  • jakarta-commons-collections-tomcat5
  • jakarta-commons-daemon
  • jakarta-commons-dbcp-tomcat5
  • jakarta-commons-digester
  • jakarta-commons-el
  • jakarta-commons-launcher
  • jakarta-commons-logging
  • jakarta-commons-modeler
  • jakarta-commons-pool-tomcat5
  • jaxen
  • jdom
  • jpackage-utils
  • log4j
  • msv
  • msv-xsdlib
  • mx4j
  • regexp
  • relaxngDatatype
  • saxon
  • tomcat5
  • tomcat5-common-lib
  • tomcat5-jasper
  • tomcat5-jsp-2.0-api
  • tomcat5-server-lib
  • tomcat5-servlet-2.4-api
  • ws-jaxme
  • xalan-j2
  • xerces-j2
  • xml-commons
  • xml-commons-jaxp-1.2-apis
  • xml-commons-jaxp-1.3-apis
  • xml-commons-resolver11
  • xom
  • xpp2
  • xpp3

Other security relevant comments

This node (if it is not collocated with other node-types) should not allow access to users. Any connection other than the ones described above should be treated as suspicious.

Utility scripts

The MON scripts/binaries can be found in

  • /opt/glite/bin

and are:

  • rgma
  • rgma-client-check
  • rgma-flexible-archiver
  • rgma-gin
  • rgma-gin-config
  • rgma-glue-archiver-config
  • rgma-server-check
  • rgma-server-setup
  • rgma-servicetool-daemon
  • rgma-setup

Location of reference documentation for users

The documentation for users can be found:

Location of reference documentation for administrators

See the previous documentation and this:

Edit | Attach | Watch | Print version | History: r11 < r10 < r9 < r8 < r7 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r11 - 2009-05-06 - unknown
 
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    EGEE All webs login

This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright & by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Ask a support question or Send feedback