glite-WN

Functional description

The Worker Node (WN) is the computing node inside the Grid where the userís jobs are finally executed at a site, the job having been submitted to the Computing Element and the Batch System. On the WN the necessary middleware components such as the Logging and Bookkeeping, Replica manager, File and Storage clients need to be installed. Additional software components may be necessary according to the requirements of the site supported VOs.

Daemons running

Depending on the batch system used.

Init scripts and options (start|stop|restart|...)

Depending on the batch system used.

Configuration files location with example or template

  • /etc/profile.d/a1_grid_env.sh
  • /etc/profile.d/grid-env.sh
  • /etc/profile.d/grid-env.csh
  • /opt/glite/etc/

Logfile locations (and management) and other useful audit information

  • /opt/glite/var
  • /var/log
  • Batch system specific logfiles (varies)

Open ports

Possible unit test of the service

Where is service state held (and can it be rebuilt)

Cron jobs

  • cleanup-grid-accounts
  • fetch-crl

Security information

Access control Mechanism description (authentication & authorization)

Nothing reported

How to block/ban a user

There is no way to block/ban a user on a single Worker Node. The access must be handled at the level of the CE (see LCG-CE)

Network Usage

Worker Nodes should normally be configured to have outbound connectivity only to the world. There is no need for the WN to be reached from the outside.

Firewall configuration

See above "Network Usage". Moreover:
  • SCP access with HostBasedAuthentication must be granted to the Computing Element
  • Ports used by the batch system server must be opened for access on the WN. ie:
    • 15001 - 15004 (TCP/UDP) for Torque

Security recommendations

  • Disable all unneeded services and daemons.
  • Use private IP addresses.
  • Verify that al grid accounts are "cron" and "at" denied.
  • Verify that fetch-crl and cleanup-grid-accounts cron scripts are in place and working.
  • Consider to use some script to periodically check for processes escaping the batch system control (see Processes On Batch Nodes)

Security incompatibilities

Nothing reported

List of externals (packages are NOT maintained by Red Hat or by gLite)

  • Packages implementing the client side of the batch system, ie:
    • torque
    • torque-client
    • torque-mom

Other security relevant comments

Nothing reported

Utility scripts

Location of reference documentation for users

Location of reference documentation for administrators

Developer Information

Source code / Build

ETICS metapackage configuration is under org.glite.node.glite-WN

Recent Changes

These are tracked on IntegratedClients#glite_WN
Edit | Attach | Watch | Print version | History: r13 < r12 < r11 < r10 < r9 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r13 - 2010-11-22 - unknown
 
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    EGEE All webs login

This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright &© by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Ask a support question or Send feedback