ARC gridftp (Classic SE) Product Team

Product

The ARC Classic Storage Element (SE) implements GridFTP server with virtual file system back-ends. The ARC Classic SE consists of following components:

  • gridftpd - standalone daemon and framework for pluggable back-end
  • File plugin for accessing POSIX file system
  • GACL plugin for storing and accessing local file system with per-file access control based on X.509 identity if the client and access policy expressed in GACL language
  • In cooperation with ARC CE PT job management plugin is provided

The ARC Classic SE belongs to Data Technical Area

Service Reference Card

  • Functional description: Provision of simple GridFTP based storage service
  • Daemons running:
    • gridftpd
  • Init scripts and options (start|stop|restart|...):
    • gridftpd - starts gridftpd daemon
  • Configuration files location with example or template:
    • /etc/arc.conf - default location of configuration file
    • /usr/share/arc/examples/arc.conf.reference - Explanation and examples of configuration options
  • Logfile locations (and management) and other useful audit information:
    • /var/log/arc/gridftpd.log - default location of log file of gridftpd daemon
  • Open ports:
    • GridFTP communication (gridftpd daemon) - listening on 2811 TCP, listening on range of TCP ports for data communication (configurable in configuration file), outgoing TCP connections from arbitrary ports.
  • Possible unit test of the service: (not unit tests, but service functionality tests):
    • no specialized testing tools developed
    • Any GridFTP capable client can be used to access and modify served content.
  • Where is service state held (and can it be rebuilt):
    • Service is stateless.
    • Content of served files is stored on filesystem. They persistency is handled by filesystem itself.
  • Cron jobs:
    • none
  • Security information
    • Access control Mechanism description (authentication & authorization): GSIFTP, TLS, VOMS, LCAS/LCMAPS, GACL
      • Authentication is based on Subject Name of client's X.509 certificate and other attributes of credentials
      • Authentication mapping (from Grid identity to local identity) happens through various options:
        • grid-mapfile
        • embedded configurable algorithms
        • LCMAPS
        • external generic executables
      • Authorization happens through various options:
        • grid-mapfile
        • embedded configurable algorithms
        • LCAS
        • external generic executables
    • How to block/ban a user:
      • Revoke user's certificate
      • Exclude user from grid-mapfile by changing configuration of nordugridmap
      • Changing configuration of gridftpd/a-rex to exclude specific user. Alternatively configuration can be crafted in a way to allow adding banned users to some local list dynamically
      • Through external plugin - LCAS or generic one
    • Network Usage: multiple incoming and outgoing connections, see section "Open ports"
    • Firewall configuration: see section "Open ports". Support for NAT based filrewalls.
    • Security recommendations: be careful; as much as possible deploy services as a non-privileged user
    • Security incompatibilities: undefined
    • List of externals (packages are NOT maintained by Red Hat):
      • none
    • Other security relevant comments: see documentation
  • Utility scripts:
    • none
  • Location of reference documentation for users: not applicable
  • Location of reference documentation for administrators: http://www.nordugrid.org/documents

Members

  • UiO: Aleksandr Konstantinov (PT leader)

Release notes for EMI-1

Enhancements introduced since October 2010

* Removed code providing duplicate functionality and replaced with HED one

Problems fixed since October 2010

* Numerous code fixes to comply with more strict compilers

* Information about root of virtual file system was not reported properly

* Fixing code to work on non-Linux systems

* Fix for building without GACL

* Fixes for startup script to fit Fedora

Known problems

None so far

Installation

ARC Classic SE (gridftpd) is installed as part of ARC Software installation procedure with package name nordugrid-arc-gridftpd

Configuration

ARC Classic SE (gridftpd) configuration is explained in documents found at http://www.nordugrid.org/documents/. Examples and configuration reference can be found at /usr/share/arc/examples/arc.conf.reference

-- AleksandrKonstantinov - 18-Feb-2011

Edit | Attach | Watch | Print version | History: r7 < r6 < r5 < r4 < r3 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r7 - 2013-04-01 - OxanaSmirnova
 
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    EMI All webs login

This site is powered by the TWiki collaboration platform Powered by PerlCopyright & 2008-2020 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback