TWiki> EMI Web>EmiProjectStructure>EmiProductTeams>GLiteInformationSystem (2013-01-30, MariaALANDESPRADILLO) EditAttachPDF

gLite Information System

For up to date documentation, please refer to the IS web page

Products

The gLite Information System Product Team is responsible for the following EMI products:

  • BDII
  • Glue model
  • Service info provider
  • Site info provider
  • lcg-info and lcg-infosites clients

BDII site and top Service Reference Card

Daemons running

  • BDII site: /usr/sbin/slapd -f /etc/bdii/bdii-slapd.conf -h ldap://0.0.0.0:2170 -u ldap
  • BDII top: /usr/sbin/slapd -f /etc/bdii/bdii-top-slapd.conf -h ldap://0.0.0.0:2170 -u ldap
  • Both: /usr/bin/python /usr/sbin/bdii-update -c /opt/bdii/etc/bdii.conf -d

Init scripts and options (start|stop|restart|...)

  • /etc/init.d/bdii (start|stop|restart|condrestart|status)

Configuration files location with example or template

  • Both: /etc/bdii/bdii.conf : general bdii configuration file. 
         BDII_LOG_FILE=/var/log/bdii/bdii-update.log
     BDII_PID_FILE=/var/run/bdii/bdii-update.pid
     BDII_LOG_LEVEL=ERROR
     BDII_LDIF_DIR=/var/lib/bdii/gip/ldif
     BDII_PROVIDER_DIR=/var/lib/bdii/gip/provider
     BDII_PLUGIN_DIR=/var/lib/bdii/gip/plugin
     BDII_PORT=2170
     BDII_BREATHE_TIME=120
     BDII_READ_TIMEOUT=300
     BDII_ARCHIVE_SIZE=0
     BDII_DELETE_DELAY=43200
     BDII_USER=ldap
     BDII_VAR_DIR=/var/lib/bdii
  • BDII top:
    • /etc/bdii/bdii-top-slapd.conf: LDAP configuration file. Check LDAP documentation for more details.
    • /etc/glite/glite-info-update-endpoints.conf: configuration file defining the endpoints to download the list of site BDIIs to be published in the top level BDII. 
               [configuration]
         EGI  = True
         OSG = True
         manual = False
         manual_file =
         output_file = /var/cache/glite/top-urls.conf
         cache_dir = /var/cache/glite/glite-info-update-endpoints
  • BDII site:
    • /etc/bdii/bdii-slapd.conf: LDAP configuration file. Check LDAP documentation for more details.
    • /etc/glite-info-static/site/site.cfg: configuration file defining the site attributes. 
              # Site name, a domain name.
        SITE_NAME = bdii-site-emi1-site

        # Optional description of the site
        SITE_DESC = A long format description

        # Optional web address in full URL format. E.g.: http://www.cern.ch/gridinfo
        SITE_WEB = site-web-url

        # New optional GLUE 2.0 parameter to identify if the site is geographically distributed
        # true or false
        SITE_DISTRIBUTED = no

        # Location of the site
        SITE_LOC = City, Country
        SITE_COUNTRY =  Country

        # Latitude
        SITE_LAT = 46.20

        # Longitude
        SITE_LONG = 6.1

        # Contact email
        SITE_EMAIL = yaim-contact@cern.ch,admin-yaim@cern.ch

        # Security email
       SITE_SECURITY_EMAIL = sec@site.mail

        # User support email
        SITE_SUPPORT_EMAIL = support@site.mail

        # Other info
        OTHERINFO = CONFIG=yaim
        OTHERINFO = GRID=WLCG
        OTHERINFO = GRID=EGI
    • /etc/bdii/gip/site-urls.conf: configuration file containing the list of Resource level BDIIs of the services published by the site BDII. The syntax is a list of service name-URL pairs.

Logfile locations (and management) and other useful audit information

  • /var/log/bdii/bdii-update.log, the verbosity is set using a configuration parameter. See the Configuration section in the BDII Documentation.

Open ports

  • 2170

Possible unit test of the service

  • Unit tests and functionality tests are available. See the BDII Tests.

Where is service state held (and can it be rebuilt)

  • /etc/init.d/bdii status
  • For more detailed metrics on the status of the BDII: ldapsearch -LLL -x -h localhost -p 2170 -b o=Infosys

Cron jobs

  • BDII top:
    • generate-fcr-exclude-file: cron job that generates the file for the FCR mechanism.
    • glite-info-update-endpoints: cron job that updates the URLs of the site BDIIs that are being published by the top level BDII.

Security information

Access control Mechanism description (authentication & authorization)

  • The database is world readable but only the root user can make modifications.

How to block/ban a user

* The database is world readable. All users can be blocked/banned by stopping the service.

Network Usage

  • The slapd service running requires network access. The service can have a high network usage, due to the amount of information about the infrastructure they keep and provide.

Firewall configuration

  • Port 2170/TCP port needs to be open. The firewall configuration should allow to access this port from everywhere in the Internet. A example for IPTABLES configuration is:
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 2170 -j ACCEPT

Security recommendations

Security incompatibilities

None currently known

List of externals packages that are not maintained by the supported OS.

None

Members

Edit | Attach | Watch | Print version | History: r5 < r4 < r3 < r2 < r1 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r5 - 2013-01-30 - MariaALANDESPRADILLO
 
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    EMI All webs login

This site is powered by the TWiki collaboration platform Powered by PerlCopyright &© 2008-2023 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
or Ideas, requests, problems regarding TWiki? use Discourse or Send feedback