gLite Information System

For up to date documentation, please refer to the IS web page

Products

The gLite Information System Product Team is responsible for the following EMI products:

  • BDII
  • Glue model
  • Service info provider
  • Site info provider
  • lcg-info and lcg-infosites clients

BDII site and top Service Reference Card

Daemons running

  • BDII site: /usr/sbin/slapd -f /etc/bdii/bdii-slapd.conf -h ldap://0.0.0.0:2170 -u ldap
  • BDII top: /usr/sbin/slapd -f /etc/bdii/bdii-top-slapd.conf -h ldap://0.0.0.0:2170 -u ldap
  • Both: /usr/bin/python /usr/sbin/bdii-update -c /opt/bdii/etc/bdii.conf -d

Init scripts and options (start|stop|restart|...)

  • /etc/init.d/bdii (start|stop|restart|condrestart|status)

Configuration files location with example or template

  • Both: /etc/bdii/bdii.conf : general bdii configuration file.
         BDII_LOG_FILE=/var/log/bdii/bdii-update.log
         BDII_PID_FILE=/var/run/bdii/bdii-update.pid
         BDII_LOG_LEVEL=ERROR
         BDII_LDIF_DIR=/var/lib/bdii/gip/ldif
         BDII_PROVIDER_DIR=/var/lib/bdii/gip/provider
         BDII_PLUGIN_DIR=/var/lib/bdii/gip/plugin
         BDII_PORT=2170
         BDII_BREATHE_TIME=120
         BDII_READ_TIMEOUT=300
         BDII_ARCHIVE_SIZE=0
         BDII_DELETE_DELAY=43200
         BDII_USER=ldap
         BDII_VAR_DIR=/var/lib/bdii
    
  • BDII top:
    • /etc/bdii/bdii-top-slapd.conf: LDAP configuration file. Check LDAP documentation for more details.
    • /etc/glite/glite-info-update-endpoints.conf: configuration file defining the endpoints to download the list of site BDIIs to be published in the top level BDII.
               [configuration]
               EGI  = True
               OSG = True
               manual = False
               manual_file =
               output_file = /var/cache/glite/top-urls.conf
               cache_dir = /var/cache/glite/glite-info-update-endpoints
               
  • BDII site:
    • /etc/bdii/bdii-slapd.conf: LDAP configuration file. Check LDAP documentation for more details.
    • /etc/glite-info-static/site/site.cfg: configuration file defining the site attributes.
              # Site name, a domain name.
              SITE_NAME = bdii-site-emi1-site
      
              # Optional description of the site
              SITE_DESC = A long format description
      
              # Optional web address in full URL format. E.g.: http://www.cern.ch/gridinfo
              SITE_WEB = site-web-url
      
              # New optional GLUE 2.0 parameter to identify if the site is geographically distributed
              # true or false
              SITE_DISTRIBUTED = no
      
              # Location of the site
              SITE_LOC = City, Country
              SITE_COUNTRY =  Country
      
              # Latitude
              SITE_LAT = 46.20
      
              # Longitude
              SITE_LONG = 6.1
      
              # Contact email
              SITE_EMAIL = yaim-contact@cern.ch,admin-yaim@cern.ch
      
              # Security email
             SITE_SECURITY_EMAIL = sec@site.mail
      
              # User support email
              SITE_SUPPORT_EMAIL = support@site.mail
      
              # Other info
              OTHERINFO = CONFIG=yaim
              OTHERINFO = GRID=WLCG
              OTHERINFO = GRID=EGI
              
    • /etc/bdii/gip/site-urls.conf: configuration file containing the list of Resource level BDIIs of the services published by the site BDII. The syntax is a list of service name-URL pairs.

Logfile locations (and management) and other useful audit information

  • /var/log/bdii/bdii-update.log, the verbosity is set using a configuration parameter. See the Configuration section in the BDII Documentation.

Open ports

  • 2170

Possible unit test of the service

  • Unit tests and functionality tests are available. See the BDII Tests.

Where is service state held (and can it be rebuilt)

  • /etc/init.d/bdii status
  • For more detailed metrics on the status of the BDII: ldapsearch -LLL -x -h localhost -p 2170 -b o=Infosys

Cron jobs

  • BDII top:
    • generate-fcr-exclude-file: cron job that generates the file for the FCR mechanism.
    • glite-info-update-endpoints: cron job that updates the URLs of the site BDIIs that are being published by the top level BDII.

Security information

Access control Mechanism description (authentication & authorization)

  • The database is world readable but only the root user can make modifications.

How to block/ban a user

* The database is world readable. All users can be blocked/banned by stopping the service.

Network Usage

  • The slapd service running requires network access. The service can have a high network usage, due to the amount of information about the infrastructure they keep and provide.

Firewall configuration

  • Port 2170/TCP port needs to be open. The firewall configuration should allow to access this port from everywhere in the Internet. A example for IPTABLES configuration is:
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 2170 -j ACCEPT

Security recommendations

Security incompatibilities

None currently known

List of externals packages that are not maintained by the supported OS.

None

Members

Edit | Attach | Watch | Print version | History: r5 < r4 < r3 < r2 < r1 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r5 - 2013-01-30 - MariaALANDESPRADILLO
 
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    EMI All webs login

This site is powered by the TWiki collaboration platform Powered by PerlCopyright & 2008-2019 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback