NDPF GS environment
From PDP/Grid Wiki
Revision as of 17:40, 12 April 2007 by Davidg@nikhef.nl (talk | contribs)
The Grid Services environment
The "Grid Service" environment contains nodes and virtual machines that run special or dedicated services that are not under regular (Quattor) control. They live on a separate network (194.171.96.64/28). The following services are provided:
Services
A note on web servers
All web servers share a similar layout. All stuff related to the web service is contained in
/project/srv/www
and uses the standard httpd as shipped with the OS. To get that far, we move the httpd.conf in /etc/httpd/conf/httpd.conf out of the way and make a symlink there to /project/srv/www/conf/httpd.conf.
The .../www/conf/httpd.conf file contains only generic configuration, and then includes one config file per virtual host to add and remove web sites. Each virtual web site is self-contained in a directory with the following structure
/project/srv/www/site/webname/webname.conf /project/srv/www/site/webname/html /project/srv/www/site/webname/cgi /project/srv/www/site/webname/...
All certificates are stored in .../www/conf/... and the shared scripts and php includes (such as genpg) are in .../www/share/....
List of Services
- Web site www.dutchgrid.nl
- on host beerput.nikhef.nl as a standard virtual web site, aliases www.dutchgrid.(com,net,org)
- Web site www.biggrid.nl
- on host beerput.nikhef.nl as a standard virtual web site (both plain and SSL). Note that the main page http://www.biggrid.nl/ is redirected in the site-local httpd.conf file to point to http://www.nikhef.nl/grid/biggrid, but that the /twiki link is actually hosted there, and contains some magic in the conf file for client-side authentication
- Web site internal.vl-e.nl
- on host beerput.nikhef.nl as a standard virtual web site
- Web site www.eugridpma.org
- on host beerput.nikhef.nl as a virtual web site with it's own IP address (aliases are www.eugridpma.info and www.gridpma.eu). This is the PHP enabled web site with the agenda and such: note that the distribution server advertised to the public is https://dist.eugridpma.info/, although this site does contain a local (unreachable) copy of this as well. This sites runs with a separate host certificate, issues by the GlobalSign SureServer EDU CA
- VO LDAP service grid-vo.nikhef.nl
- on host beerput.nikhef.nl, as part of the one and only LDAP service running on this host. The same LDAP server hosts the obsolete and outdated CA LDAP server for issued certificates up till approx. 2003.
- RSync Backup Server
- a rsync-based backup system that periodically (once per day) obtains a copy of the filesystems of designated clients, and puts the stuff on beerput for further secondary backup via ASDM to SARA.
- Beerput CVS service
- hosted on beerput, is used as a CVS repository for the EUGridPMA (distribution service, utilities, web site), DutchGrid CA public web site, and the NDPF Quattor configuation, system utilities, and the configuration of deel. Data is contained in /project/srv/cvs, with a symlink "/cvs" thereto. Account management via unix on beerput itself.
- Beerput TFTP service
- hosted on beerput, used to upload configuration and firmware into deel for emergency cases.
- Deel master configuration
- hosted on beerput in /tftpboot/deel.src, which is a symlink to a file under CVS, checked out as davidg on deel. Please edit the master "deel.src" file, su to davidg and commit changes to CVS there. Then, copy deel.src to deel in /tftpboot if needed. Otherwise, keep the running-config and this file in sync manually by editing according to the live changes on deel.
Hosts
- Host dist.eugridpma.info
- HIGH QOS SERVICE! A vmware guest (sikkel.nikhef.nl) on rooier.nikhef.nl, CentOS 4/i686. It serves the EUGridPMA/IGTF trust anchor distribution from a web server with only static content. A GlobalSign SureSever EDU certificate has been issues to this host.
- Host rooier.nikhef.nl
- VMware hosting system. A "HA-GRID" PowerEdge 1950 8GB/dual Woodcrest system that runs CentOS4 x86_64 and whose sole purpose is hosting VMs. The services on this system are limites to SSH from within trusted NIKEHF internal networks, and the VMware server management port from these same networks. No other services are (to be) run on this system!
- Host beerput.nikhef.nl
- The central web, LDAP, rsync-backup and CVS hosting server. It is a dual-Xeon system with a 3ware SATA RAID-1 card and 2x250GByte +1x500 SATA disks. The 500 GB SATA disk contains only the backups of the other hosts in transit to ADSM, and the mirror of external web sites. Note that the hardware is identical to gierput, which can be canabalized for parts if needed.
- Host gierput.nikhef.nl
- warm spare for beerput. Takes a nightly mirror of all data on the /project disk of beerput, using rsync from cron.
- Host hek.nikhef.nl
- DutchGrid CA online-protected system for CA operations (alias: ra.dutchgrid.nl)
- Host TRIANGEL
- This host is NOT connected to any network, and only bears "triangel" on the case to identify it. It is the off-line CA signing system, without a hard disk, but with a CD-ROM tray to put the Knoppix CD from the CA safe into. Can be replaced with any system, as long as the replacement similarly has no disk and no network, and is booted from the trusted Knoppix CD.
