glite-WN
- glite-WN
- Functional description
- Daemons running
- Init scripts and options (start|stop|restart|...)
- Configuration files location with example or template
- Logfile locations (and management) and other useful audit information
- Open ports
- Possible unit test of the service
- Where is service state held (and can it be rebuilt)
- Cron jobs
- Security information
- Utility scripts
- Location of reference documentation for users
- Location of reference documentation for administrators
- Developer Information
Functional description
The Worker Node (WN) is the computing node inside the Grid where the user’s jobs are finally executed at a site, the job having been submitted to the Computing Element and the Batch System. On the WN the necessary middleware components such as the Logging and Bookkeeping, Replica manager, File and Storage clients need to be installed. Additional software components may be necessary according to the requirements of the site supported VOs.Daemons running
Depending on the batch system used.Init scripts and options (start|stop|restart|...)
Depending on the batch system used.Configuration files location with example or template
- /etc/profile.d/a1_grid_env.sh
- /etc/profile.d/grid-env.sh
- /etc/profile.d/grid-env.csh
- /opt/glite/etc/
Logfile locations (and management) and other useful audit information
- /opt/glite/var
- /var/log
- Batch system specific logfiles (varies)
Open ports
Possible unit test of the service
Where is service state held (and can it be rebuilt)
Cron jobs
- cleanup-grid-accounts
- fetch-crl
Security information
Access control Mechanism description (authentication & authorization)
Nothing reportedHow to block/ban a user
There is no way to block/ban a user on a single Worker Node. The access must be handled at the level of the CE (see LCG-CE)Network Usage
Worker Nodes should normally be configured to have outbound connectivity only to the world. There is no need for the WN to be reached from the outside.Firewall configuration
See above "Network Usage". Moreover:- SCP access with HostBasedAuthentication must be granted to the Computing Element
- Ports used by the batch system server must be opened for access on the WN. ie:
- 15001 - 15004 (TCP/UDP) for Torque
Security recommendations
- Disable all unneeded services and daemons.
- Use private IP addresses.
- Verify that al grid accounts are "cron" and "at" denied.
- Verify that fetch-crl and cleanup-grid-accounts cron scripts are in place and working.
- Consider to use some script to periodically check for processes escaping the batch system control (see Processes On Batch Nodes
)
Security incompatibilities
Nothing reportedList of externals (packages are NOT maintained by Red Hat or by gLite)
- Packages implementing the client side of the batch system, ie:
- torque
- torque-client
- torque-mom
Other security relevant comments
Nothing reportedUtility scripts
Location of reference documentation for users
Location of reference documentation for administrators
Developer Information
Source code / Build
ETICS metapackage configuration is under org.glite.node.glite-WNRecent Changes
These are tracked on IntegratedClients#glite_WN
- EGEE Web
- EGEE Web Home
- gLite
- ProductTeams
- SA3
- JRA1
- TMB
- EMT
- SA1
- SA2
- NA2
- NA4
- EGEE-UIG
- List of registered projects
- List of EGEE-RP interactions
- Changes
- Index
- Search
Main.WebList
 |
|
Copyright &© by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding TWiki? Ask a support question or Send feedback