gLite Information System

For up to date documentation, please refer to the IS web page


The gLite Information System Product Team is responsible for the following EMI products:

  • BDII
  • Glue model
  • Service info provider
  • Site info provider
  • lcg-info and lcg-infosites clients

BDII site and top Service Reference Card

Daemons running

  • BDII site: /usr/sbin/slapd -f /etc/bdii/bdii-slapd.conf -h ldap:// -u ldap
  • BDII top: /usr/sbin/slapd -f /etc/bdii/bdii-top-slapd.conf -h ldap:// -u ldap
  • Both: /usr/bin/python /usr/sbin/bdii-update -c /opt/bdii/etc/bdii.conf -d

Init scripts and options (start|stop|restart|...)

  • /etc/init.d/bdii (start|stop|restart|condrestart|status)

Configuration files location with example or template

  • Both: /etc/bdii/bdii.conf : general bdii configuration file.
  • BDII top:
    • /etc/bdii/bdii-top-slapd.conf: LDAP configuration file. Check LDAP documentation for more details.
    • /etc/glite/glite-info-update-endpoints.conf: configuration file defining the endpoints to download the list of site BDIIs to be published in the top level BDII.
               EGI  = True
               OSG = True
               manual = False
               manual_file =
               output_file = /var/cache/glite/top-urls.conf
               cache_dir = /var/cache/glite/glite-info-update-endpoints
  • BDII site:
    • /etc/bdii/bdii-slapd.conf: LDAP configuration file. Check LDAP documentation for more details.
    • /etc/glite-info-static/site/site.cfg: configuration file defining the site attributes.
              # Site name, a domain name.
              SITE_NAME = bdii-site-emi1-site
              # Optional description of the site
              SITE_DESC = A long format description
              # Optional web address in full URL format. E.g.:
              SITE_WEB = site-web-url
              # New optional GLUE 2.0 parameter to identify if the site is geographically distributed
              # true or false
              SITE_DISTRIBUTED = no
              # Location of the site
              SITE_LOC = City, Country
              SITE_COUNTRY =  Country
              # Latitude
              SITE_LAT = 46.20
              # Longitude
              SITE_LONG = 6.1
              # Contact email
              SITE_EMAIL =,
              # Security email
             SITE_SECURITY_EMAIL = sec@site.mail
              # User support email
              SITE_SUPPORT_EMAIL = support@site.mail
              # Other info
              OTHERINFO = CONFIG=yaim
              OTHERINFO = GRID=WLCG
              OTHERINFO = GRID=EGI
    • /etc/bdii/gip/site-urls.conf: configuration file containing the list of Resource level BDIIs of the services published by the site BDII. The syntax is a list of service name-URL pairs.

Logfile locations (and management) and other useful audit information

  • /var/log/bdii/bdii-update.log, the verbosity is set using a configuration parameter. See the Configuration section in the BDII Documentation.

Open ports

  • 2170

Possible unit test of the service

  • Unit tests and functionality tests are available. See the BDII Tests.

Where is service state held (and can it be rebuilt)

  • /etc/init.d/bdii status
  • For more detailed metrics on the status of the BDII: ldapsearch -LLL -x -h localhost -p 2170 -b o=Infosys

Cron jobs

  • BDII top:
    • generate-fcr-exclude-file: cron job that generates the file for the FCR mechanism.
    • glite-info-update-endpoints: cron job that updates the URLs of the site BDIIs that are being published by the top level BDII.

Security information

Access control Mechanism description (authentication & authorization)

  • The database is world readable but only the root user can make modifications.

How to block/ban a user

* The database is world readable. All users can be blocked/banned by stopping the service.

Network Usage

  • The slapd service running requires network access. The service can have a high network usage, due to the amount of information about the infrastructure they keep and provide.

Firewall configuration

  • Port 2170/TCP port needs to be open. The firewall configuration should allow to access this port from everywhere in the Internet. A example for IPTABLES configuration is:
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 2170 -j ACCEPT

Security recommendations

Security incompatibilities

None currently known

List of externals packages that are not maintained by the supported OS.



Edit | Attach | Watch | Print version | History: r5 < r4 < r3 < r2 < r1 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r5 - 2013-01-30 - MariaALANDESPRADILLO
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    EMI All webs login

This site is powered by the TWiki collaboration platform Powered by PerlCopyright & 2008-2023 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
or Ideas, requests, problems regarding TWiki? use Discourse or Send feedback