ARC CE Service Reference Card

  • Functional description: Provision of Grid execution service, including interfacing to various flavours of underlying LRMS, data staging and caching, application environment management and usage record publishing
  • Daemons running:
    • gridftpd (to be phased out)
    • arched
  • Init scripts and options (start|stop|restart|...):
    • gridftpd - starts a-rex gridftpd daemon
    • a-rex - starts arched daemon - container for ARC services - with A-REX service
  • Configuration files location with example or template:
    • /etc/arc.conf - default location of configuration file
    • /usr/share/arc/examples/arc.conf.reference - explanation and examples of configuration options
  • Logfile locations (and management) and other useful audit information:
    • /var/log/arc/gridftpd.log - default location of log file of gridftpd daemon
    • /var/log/arc/grid-manager.log - default location of grid-manager daemon and of arched daemon started through a-rex script
    • /var/log/arc/infoprovider.log - default location of log file for scripts providing job and service information to information system
    • /var/log/arc/cache-clean.log - information from automatic CE cache management
  • Open ports:
    • GridFTP communication (gridftpd daemon) - listening on 2811 TCP, listening on range of TCP ports for data communication (configurable in configuration file), outgoing TCP connections from arbitrary ports.
    • WS communication (a-rex) - listening on 443 TCP (configurable), outgoing connections to arbitrary ports for various authentication/authorization services.
    • Job processing - outgoing connections to arbitrary ports for data staging, job usage reporting and other possible plugins. In case of FTP-like connection incoming connection on range of pre-configurable TCP ports may be needed.
  • Possible unit test of the service: (not unit tests, but service functionality tests):
    • Standard ARC-CE SAM tests and their Nagios analogs
    • For ARC CE, arctest utility is distributed with ARC clients
    • An arbitrary test job can be submitted directly to any ARC CE from an ARC-compatible client (native ARC client or any tool built on ARC client libraries)
  • Where is service state held (and can it be rebuilt): Services are mostly stateless. Jobs handled by A-REX have their states stored on local filesystem. Those are continuously synchronized with in-memory states. In case of service restart states are read from filesystem.
  • Cron jobs:
    • fetch-crl - (3rd party) periodically updates CRLs of installed CAs
    • nordugridmap - periodically updates grid-mapfile for sites which base their authorization on that technique
  • Security information
    • Access control Mechanism description (authentication & authorization): GSIFTP, TLS, VOMS, LCAS/LCMAPS, GACL
      • Authentication is based on Subject Name of client's X.509 certificate and other attributes of credentials
      • Authentication mapping (from Grid identity to local identity) happens through various options:
        • grid-mapfile
        • embedded configurable algorithms
        • LCMAPS
        • external generic executables
      • Authorization happens through various options:
        • grid-mapfile
        • embedded configurable algorithms
        • LCAS
        • external generic executables
    • How to block/ban a user:
      • Revoke user's certificate
      • Exclude user from grid-mapfile by changing configuration of nordugridmap
      • Changing configuration of gridftpd/a-rex to exclude specific user. Alternatively configuration can be crafted in a way to allow adding banned users to some local list dynamically
      • Through external plugin - LCAS or generic one
      • More detailed information is provided in the System Administrator Guide found at http://www.nordugrid.org/documents/
    • Network Usage: multiple incoming and outgoing connections, see section "Open ports"
    • Firewall configuration: see section "Open ports"
    • Security recommendations: be careful; as much as possible deploy services as a non-privileged user
    • Security incompatibilities: undefined
    • List of externals (packages are NOT maintained by Red Hat): none
    • Other security relevant comments: see documentation
  • Utility scripts:
    • Not exactly script but utility - gm-jobs - if run on front-end prints managed jobs and statistics
    • cache-clean - run automatically by A-REX to keep CE cache within configured size limits, but may be run interactively to clean cache or display statistics
    • cache-list - lists files in CE cache
  • Location of reference documentation for users: not applicable
  • Location of reference documentation for administrators: http://www.nordugrid.org/documents
  • Location of reference documentation for developers: http://www.nordugrid.org/documents/code

Service Reference Cards Links

Reference Link Service Name
AMGA AMGA Metadata Catalog
glite-APEL
APEL parsers
APEL Accounting Service
ARC-CE ARC Computing Element
ARC-classicSE ARC Classic Storage Element
ARC-LDAP ARC LDAP-based InfoSystem
ARGUS ARGUS Authorization Service
BDII Berkeley Database Information Index - gLite InformationSystem
creamCE CREAM ComputingElement - gLiteJobManagement
- dCache (?)
DGAS DGAS Client
gliteDPM Disk Pool Manager - CERN DataManagement
GLexec gLExec - gLite Security
gliteFTS File Transfer Service - CERN DataManagement
gliteLFC LCG File Catalog - CERN DataManagement
gliteLB Logging and Bookkeeping service
- StoRM
UNICORE gateway UNICORE gateway
UNICORE/X server UNICORE/X server
UNICORE TSI UNICORE TSI
UNICORE XUUDB UNICORE XUUDB
VOMS Virtual Organisation Membership System - VOMS
WMS Workload Management Service - gLiteJobManagement

-- DoinaCristinaAiftimiei - 13-Aug-2010

Edit | Attach | Watch | Print version | History: r8 < r7 < r6 < r5 < r4 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r8 - 2013-02-12 - DavidCameron
 
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    EMI All webs login

This site is powered by the TWiki collaboration platform Powered by PerlCopyright & 2008-2020 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback