gLite Logging and Bookkeeping Service

Daemons running

The following daemons need to be running:

For gLite:

  • /etc/init.d/gLite

starting the following services:

  • /opt/glite/etc/init.d/glite-lb-bkserverd
  • /opt/glite/etc/init.d/glite-lb-locallogger

For the MySQL server:

  • /etc/init.d/mysqld

Init scripts and how to use them

  • /etc/init.d/gLite
  • /etc/init.d/mysqld

Location and description of configuration files

The configuration file for the LB service is

  • /opt/glite/etc/LB-super-users

and contains the DNs of users and WMS nodes allowed to access all information from the LB DB. The LB host itself always has access.

Location and description of log files.

The log information of the LB service can be found in:

  • /var/log/messages

Open ports

  • 2170 : standard BDII
  • 9000 : job status and logging-info queries
  • 9001 : event gathering from LB loggers (WMS, CE)
  • 9003 : WS client queries

Description of existing cron jobs

  • glite-lb-purge.cron
  • locallogger.cron
  • bdii-proxy
  • fetch-crl

Description of existing utility scripts

The wms scripts/binaries can be found in

  • /opt/glite/bin

and are:

  • glite-lb-bkserverd
  • glite-lb-interlogd
  • glite-lb-logevent
  • glite-lb-notif-interlogd

Security information

Access control Mechanism description (authentication & authorization)

The authentication method is based on trusted digital certificates. Depending on the server configuration and action requested, the users may be required to present VOMS attributes in their proxy certificates.

The L&B version 2.0 server has introduced an authorization mechanism to control the originators of events and allows to make use standard LCAS plugins.

How to block/ban a user

Banning users isn't possible in LB.

Network Usage

By default L&B server listens on port 9000 for incoming queries, 9001 for events, and 9003 for WS interface queries. The glite-lb-logd daemon listens on port 9002.

L&B proxy communicates on two UNIX sockets: /tmp/lb_proxy_server.sock (queries) and /tmp/lb_proxy_store.sock (incoming events).

Firewall configuration

The firewall configuration should allow the access to these ports:

  • 9000/TCP, 9001/TCP and 9003/TCP.
  • 2170/TCP for the resource BDII service.

Security recommendations


Security incompatibilities

None currently known

List of externals packages that are not maintained by the supported OS.

-- ZdenekSustr - 19-Apr-2011

Edit | Attach | Watch | Print version | History: r5 | r4 < r3 < r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions...
Topic revision: r1 - 2011-04-19 - ZdenekSustr
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    EMI All webs login

This site is powered by the TWiki collaboration platform Powered by PerlCopyright & 2008-2020 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback