Difference: NGI_ITCentralBanning (4 vs. 5)

Revision 52014-01-20 - GiuseppeMisurelli

Line: 1 to 1
 
META TOPICPARENT name="WebHome"

EGI central banning setup for NGI_IT sites

Line: 35 to 35
  pap-admin set-paps-order ngi_it default
Changed:
<
<
Set polling interval to 1 hour
>
>
Set polling interval to 1 hour (Please carefully consider this operation since can influence your Argus performances)
 
Changed:
<
<
pap-admin set-polling-interval 3600
>
>
pap-admin set-polling-interval 600
 
Added:
>
>
Reload policy and clear cache
/etc/init.d/argus-pdp reloadpolicy
/etc/init.d/argus-pepd clearcache
 Verify new remote policy by using --all option with pap-admin client

pap-admin lp --all

Line: 49 to 54
 

Site without Argus

Changed:
<
<
Site without Argus server can download the ban policy file publicly available here and integrate it with local site policy.
>
>
Site without Argus server can download the ban policy file publicly available here and integrate it with local site policy.
  Such file will comprise the list of EGI and/or NGI banned DNs and needs to be stored in the CREAM CE ban file located at /etc/lcas/ban_users.db
Changed:
<
<
Site can cron the download to have it schedelued in the background. For instance you can place in cron.d the following snippet:
>
>
Site can cron the download to have it schedelued in the background. The following snippet can be considered as a proof of concept of the cron:
 
cat /etc/cron.d/fetch-banlist 
Added:
>
>
 # Fetch ban list from central NGI repository # and add DNs to ban_users.db file
Line: 58 to 65
 # Fetch ban list from central NGI repository # and add DNs to ban_users.db file
Changed:
<
<
* */1 * * * root (sleep $(($RANDOM\%40+10))) && wget http://repo-cnaf.cnaf.infn.it/pub/banlist/ban_users.db -O - > /etc/lcas/ban_users.db
>
>
0 * * * * root (sleep $(($RANDOM\%40+10))) && http_status=$(curl -sL -w '\%{http_code}' --connect-timeout 60 --capath /etc/grid-security/certificates/ --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem https://repo-cnaf.cnaf.infn.it/pub/banlist/ban_users.db -o /dev/null); [ $http_status -eq 200 ] && (curl -s --connect-timeout 60 --capath /etc/grid-security/certificates/ --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem https://repo-cnaf.cnaf.infn.it/pub/banlist/ban_users.db -o /etc/lcas/ban_users.db)
  \ No newline at end of file
 
This site is powered by the TWiki collaboration platformCopyright © 2008-2022 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback