ARC Classic SE Product Team
Product
The ARC Classic Storage Element (SE) implements GridFTP server with virtual file system back-ends. The ARC Classic SE consists of following componets:- gridftpd - standalone daemon and framework for pluggable back-end
- File plugin for accessing POSIX file system
- GACL plugin for storing and accessing local file system with per-file access control based on X.509 identity if the client and access policy expressed in GACL language
- In cooperation with ARC CE PT job management plugin is provided
Service Reference Card
- Functional description: Provision of simple GridFTP based storage service
- Daemons running:
- gridftpd
- Init scripts and options (start|stop|restart|...):
- gridftpd - starts gridftpd daemon
- Configuration files location with example or template:
- /etc/arc.conf - default location of configuration file
- Examples of configuration options can be found in template at http://svn.nordugrid.org/trac/nordugrid/browser/arc0/trunk/doc/arc.conf.template
- Logfile locations (and management) and other useful audit information:
- /var/log/gridftpd.log - default location of log file of gridftpd daemon
- Open ports:
- GridFTP communication (gridftpd daemon) - listening on 2811 TCP, listening on range of TCP ports for data communication (configurable in configuration file), outgoing TCP connections from arbitrary ports.
- Possible unit test of the service: (not unit tests, but service functionality tests):
- no specialized testing tools developed
- Any GridFTP capable client can be used to access and modify served content.
- Where is service state held (and can it be rebuilt):
- Service is stateless.
- Content of served files is stored on filesystem. They persistency is handled by filesystem itself.
- Cron jobs:
- none
- Security information
- Access control Mechanism description (authentication & authorization): GSIFTP, TLS, VOMS, LCAS/LCMAPS, GACL
- Authentication is based on Subject Name of client's X.509 certificate and other attributes of credentials
- Authentication mapping (from Grid identity to local identity) happens through various options:
- grid-mapfile
- embedded configurable algorithms
- LCMAPS
- external generic executables
- Authorization happens through various options:
- grid-mapfile
- embedded configurable algorithms
- LCAS
- external generic executables
- How to block/ban a user:
- Revoke user's certificate
- Exclude user from grid-mapfile by changing configuration of nordugridmap
- Changing configuration of gridftpd/a-rex to exclude specific user. Alternatively configuration can be crafted in a way to allow adding banned users to some local list dynamically
- Through external plugin - LCAS or generic one
- Network Usage: multiple incoming and outgoing connections, see section "Open ports"
- Firewall configuration: see section "Open ports". Support for NAT based filrewalls.
- Security recommendations: be careful; as much as possible deploy services as a non-privileged user
- Security incompatibilities: undefined
- List of externals (packages are NOT maintained by Red Hat):
- none
- Other security relevant comments: see documentation
- Access control Mechanism description (authentication & authorization): GSIFTP, TLS, VOMS, LCAS/LCMAPS, GACL
- Utility scripts:
- none
- Location of reference documentation for users: not applicable
- Location of reference documentation for administrators: http://www.nordugrid.org/documents
Members
- UiO: Aleksandr Konstantinov (PT leader)
Release notes for EMI-1
Enhancements introduced since October 2010
* Removed code providing duplicate functionality and replaced with HED oneProblems fixed since October 2010
* Numerous code fixes to comply with more strict compilers * Information about root of virtual file system was not reported properly * Fixing code to work on non-Linux systems * Fix for building without GACL * Fixes for startup script to fit FedoraKnown problems
None so farInstallation
ARC Calssic SE (gridftpd) is installed as part of ARC Software insallation procedure. Please see http://blalalalala for more information.
Configuration
ARC Calssic SE (gridftpd) configuration is part of configuration propedure for ARC Services and Client Utilities. Please see http://blalalalala for more information.
-- AleksandrKonstantinov - 18-Feb-2011 
EMI Web
News
Events
Procedures and Tools
Mailing Lists
Documents
Project Structure
Create New Topic
Index
Search
Changes
Statistics
- ABATBEA
- ACPP
- ADCgroup
- AEGIS
- AfricaMap
- AgileInfrastructure
- ALICE
- AliceEbyE
- AliceSPD
- AliceSSD
- AliceTOF
- AliFemto
- ALPHA
- ArdaGrid
- ASACUSA
- AthenaFCalTBAna
- Atlas
- AtlasLBNL
- AXIALPET
- CAE
- CALICE
- CDS
- CENF
- CERNSearch
- CLIC
- Cloud
- CloudServices
- CMS
- Controls
- CTA
- CvmFS
- DB
- DefaultWeb
- DESgroup
- DPHEP
- DM-LHC
- DSSGroup
- EGEE
- EgeePtf
- ELFms
- EMI
- ETICS
- FIOgroup
- FlukaTeam
- Frontier
- Gaudi
- GeneratorServices
- GuidesInfo
- HardwareLabs
- HCC
- HEPIX
- ILCBDSColl
- ILCTPC
- IMWG
- Inspire
- IPv6
- IT
- ItCommTeam
- ITCoord
- ITdeptTechForum
- ITDRP
- ITGT
- ITSDC
- LAr
- LCG
- LCGAAWorkbook
- Leade
- LHCAccess
- LHCAtHome
- LHCb
- LHCgas
- LHCONE
- LHCOPN
- LinuxSupport
- Main
- Medipix
- Messaging
- MPGD
- NA49
- NA61
- NA62
- NTOF
- Openlab
- PDBService
- Persistency
- PESgroup
- Plugins
- PSAccess
- PSBUpgrade
- R2Eproject
- RCTF
- RD42
- RFCond12
- RFLowLevel
- ROXIE
- Sandbox
- SocialActivities
- SPI
- SRMDev
- SSM
- Student
- SuperComputing
- Support
- SwfCatalogue
- TMVA
- TOTEM
- TWiki
- UNOSAT
- Virtualization
- VOBox
- WITCH
- XTCA
 |
|
Copyright &© 2008-2021 by the contributing authors. All material on this collaboration platform is the property of the contributing authors. or Ideas, requests, problems regarding TWiki? use Discourse or Send feedback