TWiki> EMI Web>EmiProjectStructure>EmiProductTeams>CesnetSecurity>GLitePXServiceReferenceCard (2012-12-21, FrantisekDvorak) EditAttachPDF

emi-px and gLite ProxyRenewal Service Reference Card

Functional description

  • emi-px installs the MyProxy server and client packages and yaim configuration files specific to gLite. There is no additional service code or utilities.
  • ProxyRenewal (package emi-px-proxyrenewal) is responsible for secure and controlled way of periodical renewal of user proxy certificates. Its primary goal is to support long-time jobs running on the grid.

Daemons running

  • myproxy-server (MyProxy)
  • glite-proxy-renewd (ProxyRenewal)

Init scripts and options (start|stop|restart|...)

  • /etc/init.d/myproxy-server {start|stop|status|restart|reload|try-restart|force-reload} (MyProxy)
  • /etc/init.d/glite-proxy-renewald {start|stop|restart|status} (ProxyRenewal)

Configuration files location with example or template

  • /etc/myproxy-server.config (MyProxy only)

Logfile locations (and management) and other useful audit information

  • /var/log/messages (Both)

Open ports

  • TCP port 7512, open by myproxy-server (MyProxy)

Possible unit test of the service

N/A

Where is service state held (and can it be rebuilt)

N/A

Cron jobs

None

Security information

Access control Mechanism description (authentication & authorization)

N/A

How to block/ban a user

N/A

Network Usage

Yes

Firewall configuration

  • Allow access to port 7512 for MyProxy

Security recommendations

N/A

Security incompatibilities

N/A

List of externals (packages are NOT maintained by Red Hat)

None

Other security relevant comments

Change of certificates 

cp /etc/grid-security/hostcert.pem ~glite/.certs/
cp /etc/grid-security/hostkey.pem ~glite/.certs/
chown glite:glite ~glite/.certs/host*.pem

/etc/init.d/glite-px-proxyrenewald restart

Note, glite user and its home directory is created in post-installation scripts of glite-lb-server, glite-lb-logger, glite-lb-harvester or glite-px-proxyrenewal. Home directory location had been changed in EMI, but it remains the same across upgrades. Home directory locations for glite user can be:

  • /home/glite (in pre-EMI or glite user created by yaim befor installaiton of L&B and later upgrades)
  • /var/glite (in EMI-2 and later upgrades)
  • /var/lib/glite (in EMI-3)

Utility scripts

  • Standard set for MyProxy

-- ZdenekSustr - 17-Mar-2011

Edit | Attach | Watch | Print version | History: r6 < r5 < r4 < r3 < r2 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r6 - 2012-12-21 - FrantisekDvorak
 
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    EMI All webs login

This site is powered by the TWiki collaboration platform Powered by PerlCopyright &© 2008-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
or Ideas, requests, problems regarding TWiki? use Discourse or Send feedback