EMIRSRC < EMI

EMI Web>EmiProjectStructure>EmiProductTeams>EMIRegistry>EMIRSRC (2011-11-16, AhmedShirazMemonExCern) (raw view)

---+ EMI Registry (EMIR) Service Reference Card

---++ Functional Description
EMI Registry(EMIR) is a federated service registry aimed at discovering the services in a robust, scalable, and secure manner. The clients and external service providers can use the REST API to register and discover the service endpoints.

---++ Daemons Running
N/A
---++ Init Scripts And Options (start|stop|restart|...)
The EMIR server can be started/stopped through the shell scripts, which are being included in the binary and source distribution. The location of these scripts varies depending on type of to-be-installed bundle. If using the RPM distribution, the emir server can be started or stopped with "/etc/init.d/emi-emir" script.
---++ Configuration Files Location With Example Or Template
The configuration files can be found under the "conf" directory, the files are:

   * dsr.config: main configuration of the server port, acl, and scope
   * certs: includes the demo server and user certificates
   * log4j.properties: logging configuration
   * emir.acl: contains pairs of X500 principal and the associated role
   * inputfilters: containing a set of attributes which will be matched against every incoming registration request to the server, thus rejects if matched successfully
   * outputfilters: containing a set of attributes, which prevents synchronization of matching service endpoint information with other registry nodes
   * xacml2Policies: Containing a collection of XACML 2.0 compliant policy files, 
   * xacml2.config: configuration for setting up the XACML 2.0 engine
   * users: Have XML files containing users' attributes


In Linux distribution, e.g. RPM or .deb, the configuration files can be located in /etc/emi/emir.
---++ Log File Locations (And Management) And Other Useful Audit Information
The default log files can be located inside logs folder. The logs normally get appended on daily basis, however, the behavior can be controlled/changed by editing the log4j.properties file (see the previous section). In case of Linux, the logs can be found under /var/lib/emi/emir.
---++ Open Ports
The default opened port is 54321, the property can be found and changed in dsr.config file.
---++ Possible Unit Test Of The Service
The test run internally while building with maven, thus can be executed with "mvn test" command
---++ Where Is Service State Held (And Can It Be Rebuilt)
The state is being maintained in MongoDB and embedded SQL datasore. Therefore, while installing it is essential pre-requisite to setup the MongoDB (v2.x.x), the configuration for setting up the database is mentioned in the dsr.config file
---++ CRON Jobs
N/A
---++ Security Information
---+++ Access Control Mechanism Description
The access control mechanism in EMIR is decentralized, implying every EMIR server node has its own access control policies. There are two alternatives to perform access control, which can be used exclusively, i.e. ACL, XACML
---+++ How To Block/Ban A User
By removing the entry (X500 principal) from acl file will prevent the client from registering the service endpoint information, though the client with valid X.509 will still be able to access the query interface.
---+++ Network Usage
EMIR requires a single port to server the client requests
---+++ Firewall Configuration
N/A
---+++ Security Recommendations
Avoid running as root user
---+++ Security Incompatibilities
N/A
---++ List Of External Packages That Are Not Maintained By The Supported OS
N/A
---++ Utility Scripts
N/A
-- Main.ShirazMemon - 16-Nov-2011

Topic revision: r1 - 2011-11-16 - AhmedShirazMemonExCern

Public webs

- Cern Search
- TWiki Search
- Google Search
EMI All webs

Copyright &© 2008-2022 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
or Ideas, requests, problems regarding TWiki? use Discourse or Send feedback