Tags:
, view all tags

Service Reference Card

Daemons running

The following processes should run on a CREAM CE:

  • tomcat ( /usr/lib/jvm/java/bin/java -server -Xms128m -Xmx512m -Dglite.log.path=/var/log/cream -Dcatalina.ext.dirs=/usr/share/tomcat5/shared/lib:/usr/share/tomcat5/common/lib -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSource)

  • blahpd ( /usr/bin/blahpd). This is automatically started by starting tomcat

  • resource BDII ( /usr/sbin/slapd -f /etc/bdii/bdii-slapd.conf -h ldap://0.0.0.0:2170 -u ldap, /usr/bin/python /usr/sbin/bdii-update -c /etc/bdii/bdii.conf -d)

  • gridftp server ( /usr/sbin/globus-gridftp-server)

  • LB locallogger ( /usr/bin/glite-lb-logd, /usr/bin/glite-lb-interlogd)

  • mysqld ( /usr/libexec/mysqld). Actually mysqld could be deployed and run in another machine different than the CREAM CE)

  • new blparser daemons ( /usr/bin/BNotifier, /usr/bin/BUpdaterxxx) if the new BLAH blparser is used. They are automatically started by blahpd, which is started by tomcat

  • old blparser daemon (xxx) if the old BLAH blparser is used. xxx runs where the batch system log files are available (which can be the CREAM CE node or a different node)

Init scripts and options (start|stop|restart|...)

  • Init script for tomcat: /etc/init.d/tomcat5 {start|stop|restart|condrestart|try-restart|reload|force-reload|status|version}

  • Init script for resource BDII: /etc/init.d/bdii {start|stop|restart|condrestart|status}

  • Init script for gridftp server: /etc/init.d/globus-gridftp {start|stop|restart|status}

  • Init script for LB locallogger: /opt/glite/etc/init.d/glite-lb-locallogger {start,stop,restart,status}

  • Init script for mysql: /etc/init.d/mysqld {start|stop|status|condrestart|restart}

  • Init script for old blparser: /etc/init.d/glite-ce-blparser {start|stop|restart|status}

  • Init script for new blparser: /etc/init.d/glite-ce-blahparser {start|stop|restart|status}. Actually the new blparser is automatically started by blahpd, which is started by tomcat

Configuration files location with example or template

  • CREAM configuration file ( /etc/glite-ce-cream/cream-config.xml). This file is created by yaim-cream-ce. A template is installed as /etc/glite-ce-cream/cream-config.xml.template. An example of this configuration file is available here

  • BLAH configuration file ( /etc/blah.config). This file is created by yaim-cream-ce. A template is installed as /etc/blah.config.template. An example of this configuration file is available here

  • BLparser configuration file ( /etc/blparser.conf) only for the old blparser. This file is created by yaim-cream-ce. A template is installed as /etc/blparser.conf.template). An example of this configuration file is available xxx.

  • glexec configuration file ( /etc/glexec.conf). This file is created by yaim-cream-ce. An example of this configuration file is available here

  • LCAS configuration file for glexec ( /etc/lcas/lcas-glexec.db). This file is created by yaim-cream-ce. An example of this configuration file is available here

  • LCMAPS configuration file for glexec ( /etc/lcmaps/lcmaps-glexec.db). This file is created by yaim-cream-ce. An example of this configuration file is available here

  • LCAS configuration file for gridftpd ( /etc/lcas/lcas.db). This file is created by yaim-core (only when Argus is not used). An example of this configuration file is available xxx

  • LCMAPS configuration file for gridftpd ( /etc/lcmaps/lcmaps.db). This file is created by yaim-core (only when Argus is not used). An example of this configuration file is available xxx

  • ARGUS configuration file for gridftpd ( xxx) only when the CREAM CE is configured to use ARGUS. This file is created by yaim-cream-ce. An example of this configuration file is available here

Logfile locations (and management) and other useful audit information

The relevant log files are:

  • The tomcat log file ( /usr/share/tomcat5/logs/catalina.out)

  • The trustmanager log file ( /usr/share/tomcat5/logs/trustmanager.log)

  • The CREAM log file ( /var/log/cream/glite-ce-cream.log). The verbosity of this file can be increased modifying the file /etc/glite-ce-cream/log4j.properties replacing:

      log4j.logger.org.glite=info, fileout 

 
with:

      log4j.logger.org.glite=debug, fileout

 
You may also change the attributes log4j.appender.fileout.MaxFileSize and log4j.appender.fileout.MaxBackupIndex to change the maximum file size and the maximum number of log files to be kept.

  • The glexec log files. glexec by default logs on syslog but it is also possible to log on file instead. Check the meaning of the variables GLEXEC_CREAM_LOG_DESTINATION, GLEXEC_CREAM_LOG_FILE, GLEXEC_CREAM_LCASLCMAPS_LOG in the yaim reference guide. The verbosity can be changed editing the glexec configuration file /etc/glexec.conf.

  • The new BLAH blparser log files (/var/log/cream/glite-ce-bnotifier.log and /var/log/cream/glite-ce-bupdater.log) if the new blparser is used

* The gridftp log files (globus-gridftp.log and gridftp-session.log)

Open ports

Service From node From port To node To port Other info
CREAM Service {UI, WMS} * CREAM-CE 8443  
Gridftp control {{UI, WMS, WN} C CREAM-CE 2811  
Gridftp data {UI, WMS, WN} C CREAM-CE C  
Notifications by BLparser and JobWrapper {WN, Blparser host} * CREAM-CE 9091 Specified by LRMS_EVENT_LISTENER_PORT in CREAM conf file
CREAM job sensor CEMon host * CREAM-CE 9909 Specified by CREAM_JOB_SENSOR_PORT in CREAM conf file. CEMON Host is usually the CREAM CE
LB locallogger WN C CREAM-CE 9002  
LB locallogger CREAM-CE C LB server 9001
mysql CREAM-CE * mysql server 3306 By default the mysql server is the CREAM CE
BDII Site BDII * CREAM-CE 2170
Old BLparser listening port CREAM-CE * Blparser host 33333 Specified by yaim variable BLP_PORT
Old BLparser CREAM listening port CREAM-CE * BLparser host 56565 Specified by yaim variable CREAM_PORT

C: Controllable Ephemeral range (e.g. 20000-25000). Note: In practice, although this port-range is locally configurable using the GLOBUS_TCP_PORT_RANGE environment variable, the values applying at a remote service cannot be predicted. Consequently reliable connection can only be established if all ports >1023 are left open for outbound connections.

Possible unit test of the service

TBD

Where is service state held (and can it be rebuilt)

CREAM job related information are kept in the CREAM DB and in the filesystem in the directory referred by CREAM_SANDBOX_DIR (default /var/glite/cream_sandbox) in the CREAM configuration file (/etc/glite-ce-cream/cream-config.xml).

Cron jobs

Security information

Access control Mechanism description (authentication & authorization)

How to block/ban a user

Network Usage

Firewall configuration

Security recommendations

Security incompatibilities

List of externals (packages are NOT maintained by Red Hat)

Other security relevant comments

Utility scripts

-- MassimoSgaravatto - 2011-04-07

Topic attachments
I Attachment Action Size Date Who Comment
Unknown file formatconfig blah.config manage 3.1 K 2011-04-12 - 19:56 MassimoSgaravatto  
XMLxml cream-config.xml manage 4.0 K 2011-04-12 - 19:56 MassimoSgaravatto  
Unknown file formatconf glexec.conf manage 0.5 K 2011-04-12 - 19:56 MassimoSgaravatto  
Unknown file formatconf gsi-pep-callout.conf manage 0.3 K 2011-04-12 - 19:56 MassimoSgaravatto  
Unknown file formatdb lcas-glexec.db manage 0.3 K 2011-04-12 - 19:56 MassimoSgaravatto  
Unknown file formatdb lcmaps-glexec.db manage 1.3 K 2011-04-12 - 19:56 MassimoSgaravatto  
Edit | Attach | PDF | History: r7 < r6 < r5 < r4 < r3 | Backlinks | Raw View | More topic actions...
Topic revision: r4 - 2011-04-13 - MassimoSgaravatto
 

  • Edit
  • Attach
This site is powered by the TWiki collaboration platformCopyright © 2008-2021 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback