Service Reference Card (EMI-3)

  • Functional description:
  • Services running:
    • FE: (C/C++ application)
    • BE: (Java application)
    • GridHTTPS: (Java servlet)
    • GridFTP: (C/C++ application)
  • Init scripts and options:
    • FE: /etc/init.d/storm-frontend-server {start|stop|status|restart}
    • BE: /etc/init.d/storm-backend-server {start|stop|restart|force-reload|status}
    • GridHTTPS: /etc/init.d/storm-gridhttps-server {start|stop|status}
    • GridFTP: /etc/init.d/storm-globus-gridftp {start|stop|status|restart|condrestart|try-restart|reload|force-reload}
  • Configuration files location with example:
    • FE:
      • Config directory: /etc/storm/frontend-server/
      • Examples:
        • storm-frontend-server.conf
    • BE:
      • Config directory: /etc/storm/backend-server/
      • Examples:
        • storm.properties
        • logging.xml
        • namespace.xml
        • path-authz.db
    • GridHTTPS:
      • Config directory: /etc/storm/gridhttps-server/
      • Examples:
        • server.ini
      • Config directory: /etc/storm/gridhttps-plugin/
      • Examples:
        • storm.gridhttps.plugin.properties
    • GridFTP:
      • Config directory: /etc/grid-security/
      • Examples:
        • gridftp.conf
  • Logfile locations (and management) and other useful audit information:
    • FE:
      • Logging directory: =/var/log/storm/
      • Logging configuration: = /etc/storm/frontend-server/storm-frontend-server.conf
        • log.debuglevel= [ERROR | WARN | INFO | DEBUG | DEBUG2]
      • Logging configuration: = /etc/storm/frontend-server/monitoring.log
        • monitoring.enabled = [true | false]
        • monitoring.detailed = [true | false]
        • monitoring.timeInterval = <number of seconds>
    • BE:
      • Logging directory: =/var/log/storm/
      • Logging configuration: = /etc/storm/backend-server/logging.xml
        • < logger name="it.grid.storm">
            <level value="[ERROR | WARN | INFO | DEBUG | TRACE]" />            
          </logger>
        • <logger name="it.grid.storm">
            <level value="[ERROR | WARN | INFO | DEBUG | TRACE]" />            
          </logger>
        • <logger name="health">
            <level value="[ERROR | WARN | INFO | DEBUG | TRACE]" />            
          </logger>
        • <logger name="bookkeeping">
            <level value="[ERROR | WARN | INFO | DEBUG | TRACE]" />            
          </logger>
        • <logger name="system.out">
            <level value="[ERROR | WARN | INFO | DEBUG | TRACE]" />            
          </logger>
        • <logger name="system.err">
            <level value="[ERROR | WARN | INFO | DEBUG | TRACE]" />            
          </logger>
    • GridHTTPS:
      • Logging directory: =/var/log/storm/
      • Logging configuration: = /etc/storm/gridhttps-server/logback.xml
        • <logger name="it.grid.storm" level="[FATAL | ERROR | WARN | INFO | DEBUG | TRACE]"> 
    • GridFTP:
      • Logging directory: =/var/log/storm/
      • Logging configuration: = /etc/globus-gridftp-server/gridftp.gfork
        • log_level = [ERROR | WARN | INFO | DUMP | ALL]
  • Open ports:
    • FE:
      • Service port: *:8444
    • BE:
      • xmlrpc port: localhost:8080
      • restful admin service port: localhost:9998
      • Admin port: localhost:4444
    • GridHTTPS:
      • Service http port: localhost:8085
      • Service https port: localhost:8443
    • GridFTP:
      • Service port: localhost:2811
  • Possible unit test of the service:
  • Where is service state held (and can it be rebuilt): The services (FE, BE, GridFTP, GridHHTTPS) are stateless.
  • Cron jobs:
  • Security information
    • Access control mechanism (authentication & authorization):
      • Authentication:
        • SSL/TLS client authentication on the service ports
      • Authorization:
        • BE uses access control list to authorize actions on managed Storage Areas
        • GridHTTPS behaves as a PEP (Policy Enforcement Point) using BE component ad PDP (Policy Decision Point) to authorize actions on files
    • How to block/ban a user
      • To ban an user use ARGUS service and the chosen StoRM resource (default "storm")
    • Network Usage
    • Firewall configuration
      • All the ports reported on Open ports section must be opend on the respective host
    • Security recommendations
    • Security incompatibilities
    • List of externals (packages are NOT maintained by Red Hat)
      • xmlrpc-c
      • xmlrpc-c-devel
      • xmlrpc-c-c++
      • xmlrpc-c-client
      • xmlrpc-c-client++
    • Other security relevant comments
  • Utility scripts:
  • Location of reference documentation for users: Not applicable
  • Location of reference documentation for administrators:
  • General documentation:
Edit | Attach | Watch | Print version | History: r8 < r7 < r6 < r5 < r4 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r8 - 2013-01-15 - unknown
 
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    EMI All webs login

This site is powered by the TWiki collaboration platform Powered by PerlCopyright & 2008-2019 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback