Disk Pool Manager

Functional description

See DPM General Description

Daemons running

See DPM Daemon Description

Command line arguments can be found on the documentation

On the DPNS server machine :

• /opt/lcg/bin/dpnsdaemon

On each disk server managed by the DPM :

• /opt/lcg/bin/rfiod

On the DPM and SRM server machine(s) :

• /opt/lcg/bin/dpm
• /opt/lcg/bin/srmv1
• /opt/lcg/bin/srmv2
• /opt/lcg/bin/srmv2.2

On each disk server managed by the DPM :

• /opt/globus/sbin/globus-gridftp-server

If Xrootd is configured:

• /opt/lcg/bin/dpm-manager-xrootd
• /opt/lcg/bin/dpm-manager-olbd
• /opt/lcg/bin/dpm-xrootd
• /opt/lcg/bin/dpm-olbd

WebAccess:

• dpm-http

Init scripts and options (start|stop|restart|...)

• /etc/init.d/dpnsdaemon {start|stop|status|restart|condrestart}
• /etc/init.d/rfiod {start|stop|status|restart|condrestart}
• /etc/init.d/dpm {start|stop|status|restart|condrestart}
• /etc/init.d/srmv1 {start|stop|status|restart|condrestart}
• /etc/init.d/srmv2 {start|stop|status|restart|condrestart}
• /etc/init.d/srmv2.2 {start|stop|status|restart|condrestart}
• /etc/init.d/dpm-gsiftp {start|stop|restart|reload|condrestart|status}
• Xrootd disk server:
• service dpm-xrd <start|status|stop...>
• service dpm-olb <start|status|stop...>
• Xrootd head node:
• service dpm-manager-xrd
• service dpm-manager-olb
• To start the DPM apache service run o /etc/init.d/dpm-httpd start
• To stop the DPM apache service run o /etc/init.d/dpm-httpd stop
• To check the status run o /etc/init.d/dpm-httpd status
• To restart the DPM apache service o /etc/init.d/dpm/httpd restart

Configuration files location with example or template

See DPM Configuration

By default, the database configuration files are :

• /opt/lcg/etc/NSCONFIG
• /opt/lcg/etc/DPMCONFIG

Configuration:

• /etc/sysconfig/dpnsdaemon
• /etc/sysconfig/rfiod
• /etc/sysconfig/srmv1
• /etc/sysconfig/srmv2.2
• /etc/sysconfig/srmv2
• /etc/sysconfig/dpm-gsiftp
• /etc/sysconfig/dpm
• /etc/sysconfig/dpm-xrd
• lcgdm-mapfile

Xrootd:

• /etc/shift.conf
• /etc/sysconfig/dpm-xrd

WebAccess:

• Run the configuration script depending if you have a single head/disk-node or a seperate head- and seperate disk-nodes o /opt/lcg/etc/dpm/https/conf/dpm-https-conf.sh --type sor o /opt/lcg/etc/dpm/https/conf/dpm-https-conf.sh --type head-node o /opt/lcg/etc/dpm/https/conf/dpm-https-conf.sh --type disk-node
• Whenever you add or remove disks to a DPM pool, you have to run on the disk node o /opt/lcg/etc/dpm/https/conf/dpm-https-conf.sh --pools

Logfile locations (and management) and other useful

By default, the log files are :

• /var/log/dpns/log
• /var/log/dpm/log
• /var/log/srmv1/log
• /var/log/srmv2/log
• /var/log/rfiod/log
• /var/log/messages (Griftp server)
• /var/log/xroot/
• /var/log/dpm-httpd/access
• /var/log/dpm-httpd/errors # The redirection CGI script writes a special log file under /var/log/dpm-httpd/cgilog. Errors are logged also in syslog

Open ports

• DPM server: port 5015/tcp must be open locally at your site at least (can be incoming access as well)
• DPNS server: port 5010/tcp must be open locally at your site at least (can be incoming access as well)
• SRM servers: ports 8443/tcp (SRMv1), 8444/tcp (SRMv2) and 8446/tcp (SRMv2.2) must be opened to the outside world (incoming access)
• RFIO server: port 5001/tcp and data ports 20000-25000/tcp must be open to the outside world (incoming access), in the case your site wants to allow RFIO access from outside
• Gridftp server: control port 2811/tcp and data ports 20000-25000/tcp (or any range specified by GLOBUS TCP PORT RANGE) must be opened to the outside world (incoming access)
• Xrootd: The manager xrootd listens by default on port 1094. The diskserver xrootd port listens by default on port 1095. You have to allow incoming access towards this ports from expected client machines. All transfers run via port 1095 - there is no need for an open high port range.
• WebAccess:
• Head-Node o Virtual Host Port 443 + main entrance point for web file access to a DPM 'https://<dpm-headnode>/dpm/cern.ch/filename' with default redirection to HTTP transport o Virtual Host Port 883 + main entrance point for web file access to a DPM with forced redirection to HTTPS transport ( slower )
• Disk-Server o Virtual Host Port 777 + tranpsport endpoint for HTTP web file access with redirector authorization o Virtual Host Port 884 + tranpsport endpoint for HTTPS web file access with redirector authorization

Possible unit test of the service

UI , WN and from itself

Where is service state held (and can it be rebuilt)

Cron jobs

None

Security information

• This section contains information on security service about DPM.

Access control Mechanism description (authentication & authorization)

Be filled by OSCT team

How to block/ban a user

• If it is necessary to ban a user on a CE, the following step:

• In the file: /opt/edg/etc/grid-mapfile-local or /opt/lcg/etc/lcgdm-mapfile-local, map the user's DN to a non-exist local account, such as:

        "banned_user_DN" nonexist001
        e.g.
        "/DC=org/DC=doegrids/OU=People/CN=XXX" nonexist001
     

• Then rebuild the grid-mapfile by execute:
  • /opt/edg/sbin/edg-mkgridmap --output=/etc/grid-security/grid-mapfile --safe

• Or alternatively, to map a user to a non-exist VO, in the file: /opt/lcg/etc/lcgdm-mapfile-local, map the user's DN to a non-exist VO, such as:

        "banned_user_DN" nonexistVO
        e.g.
        "/DC=org/DC=doegrids/OU=People/CN=XXX" nonexistVO
     

• and then rebuilding the lcgdm-mapfile by running:
  • /opt/edg/libexec/edg-mkgridmap/edg-mkgridmap.pl --conf=/opt/lcg/etc/lcgdm-mkgridmap.conf --output=/opt/lcg/etc/lcgdm-mapfile --safe

Network Usage

Be filled by OSCT team

Firewall configuration

Be filled by OSCT team

Security recommendations

Be filled by OSCT team

Security incompatibilities

Be filled by OSCT team

List of externals (packages are NOT maintained by Red Hat or by gLite)

Be filled by OSCT team

Other security relevant comments

Be filled by OSCT team

Utility scripts

GridPP DPM administation toolkit

Monitoring

GridPP DPM monitoring system

Location of reference documentation for users

See DPM Documentation

Location of reference documentation for administrators

See DPM Documentation

See Xrootd Documentation

See web access on DPM Documentation