The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.
Difference between revisions of "MW SAM tests"
Jump to navigation
Jump to search
| Line 38: | Line 38: | ||
|- | |- | ||
| align="center" | eu.egi.sec.Site-BDII-EMI-1 | | align="center" | eu.egi.sec.Site-BDII-EMI-1 | ||
| Test checks if Site-BDII is using EMI 1 middleware.<BR> Test queries site BDII with base DN of GLUE2GroupID=resource,O=glue for the following pattern: <BR>"<nowiki>(&( | | Test checks if Site-BDII is using EMI 1 middleware.<BR> Test queries site BDII with base DN of GLUE2GroupID=resource,O=glue for the following pattern: <BR>"<nowiki>(&(objectclass=GLUE2Endpoint)(GLUE2EndpointInterfaceName=bdii_site)(\\!(GLUE2EntityOtherInfo=MiddlewareVersion=2.*))(GLUE2EndpointURL=*$HOSTNAME$*))</nowiki>". Returns WARNING if query returns any results. | ||
|- | |- | ||
| align="center" | eu.egi.sec.StoRM-EMI-1 | | align="center" | eu.egi.sec.StoRM-EMI-1 | ||
| Test checks if SRM (StorRM) is using EMI 1 middleware.<BR> Test queries site BDII with base DN of O=grid for the following pattern: <BR>"<nowiki>(&( | | Test checks if SRM (StorRM) is using EMI 1 middleware.<BR> Test queries site BDII with base DN of O=grid for the following pattern: <BR>"<nowiki>(&(GlueSEImplementationName=StoRM)(|(GlueSEImplementationVersion=1.7.*)(GlueSEImplementationVersion=1.8.*))(GlueSEUniqueID=*$HOSTNAME$*))</nowiki>". Returns WARNING if query returns any results. | ||
|- | |- | ||
| align="center" | eu.egi.sec.Top-BDII-EMI-1 | | align="center" | eu.egi.sec.Top-BDII-EMI-1 | ||
Revision as of 20:12, 22 February 2013
| Main | EGI.eu operations services | Support | Documentation | Tools | Activities | Performance | Technology | Catch-all Services | Resource Allocation | Security |
| Tools menu: | • Main page | • Instructions for developers | • AAI Proxy | • Accounting Portal | • Accounting Repository | • AppDB | • ARGO | • GGUS | • GOCDB |
| • Message brokers | • Licenses | • OTAGs | • Operations Portal | • Perun | • EGI Collaboration tools | • LToS | • EGI Workload Manager |
Middleware monitoring SAM instance
This table lists tests used for tracking installed MW versions on EGI sites. All tests except eu.egi.sec.WN are executed every 24h and extract product version information from BDII. Test eu.egi.sec.WN is executed every 6h via SAM CE probe.
Tests are executed on the new central SAM instance: https://midmon.egi.eu/nagios. Alarms for these tests are opened directly in the Operations Portal Dashboard. POEM profile used on this instance is MW_MONITOR.
| Nagios test | Description |
|---|---|
| eu.egi.sec.dCache-EMI-1 | Test checks if SRM (dCache) is using EMI 1 middleware. Test queries site BDII with base DN of O=grid for the following pattern: "(&(GlueSEImplementationName=dCache)(GlueSEImplementationVersion=*1.9.12*)(GlueSEUniqueID=*$HOSTNAME$*))". Returns WARNING if query returns any results. |
| eu.egi.sec.DPM | Test checks if SRM service endpoint is using gLite 3.2 middleware. Test queries site BDII for the following pattern "(&(GlueSEImplementationName=DPM)(|(GlueSEImplementationVersion=1.7.*)(GlueSEImplementationVersion=1.8.0)(GlueSEImplementationVersion=1.8.1)(GlueSEImplementationVersion=1.8.2))(GlueSEUniqueID=*$HOSTNAME$*))". Returns CRITICAL if query returns any results. |
| eu.egi.sec.DPM-EMI-1 | Test checks if SRM (DPM) is using EMI 1 middleware. Test queries site BDII with base DN of O=grid for the following pattern: "(&(GlueSEImplementationName=DPM)(|(GlueSEImplementationVersion=unset)(GlueSEImplementationVersion=1.8.1)(GlueSEImplementationVersion=1.8.2))(GlueSEUniqueID=*$HOSTNAME$*))". Returns WARNING if query returns any results. WARNING: This test will raise warning on gLite 3.2 DPM instances using DPM 1.8.2. |
| eu.egi.sec.EMI-1 | Test checks if service endpoint is using EMI 1 middleware. Test queries site BDII with base DN of o=glue for the following pattern: "(&(objectclass=GLUE2Endpoint)(GLUE2EntityOtherInfo=MiddlewareVersion=1.*)(GLUE2EndpointURL=*$HOSTNAME$*))". Returns WARNING if query returns any results. |
| eu.egi.sec.FTS-EMI-1 | Test checks if FTS is using EMI 1 middleware. Test queries site BDII with base DN of O=glue for the following pattern: "(&(objectclass=GLUE2Endpoint)(GLUE2EndpointInterfaceName=org.glite.FileTransfer)(!(GLUE2EntityOtherInfo=MiddlewareVersion=2.*))(GLUE2EndpointURL=*$HOSTNAME$*))". Returns WARNING if query returns any results. |
| eu.egi.sec.LB-EMI-1 | Test checks if LB is using EMI 1 middleware. Test queries site BDII with base DN of O=glue for the following pattern: "(&(objectclass=GLUE2Endpoint)(GLUE2EndpointInterfaceName=org.glite.lb.Server)(!(GLUE2EntityOtherInfo=MiddlewareVersion=2.*))(GLUE2EndpointURL=*$HOSTNAME$*))". Returns WARNING if query returns any results. |
| eu.egi.sec.LFC | Test checks if LFC service endpoint is using gLite 3.2 middleware. Test queries site BDII for the following pattern "(&(objectclass=GlueService)(|(GlueServiceType=lcg*-file-catalog)(GlueServiceType=*data-location-interface))(GlueServiceEndpoint=*$HOSTNAME$*))". Returns CRITICAL if query returns any results. |
| eu.egi.sec.Site-BDII-EMI-1 | Test checks if Site-BDII is using EMI 1 middleware. Test queries site BDII with base DN of GLUE2GroupID=resource,O=glue for the following pattern: "(&(objectclass=GLUE2Endpoint)(GLUE2EndpointInterfaceName=bdii_site)(\\!(GLUE2EntityOtherInfo=MiddlewareVersion=2.*))(GLUE2EndpointURL=*$HOSTNAME$*))". Returns WARNING if query returns any results. |
| eu.egi.sec.StoRM-EMI-1 | Test checks if SRM (StorRM) is using EMI 1 middleware. Test queries site BDII with base DN of O=grid for the following pattern: "(&(GlueSEImplementationName=StoRM)(|(GlueSEImplementationVersion=1.7.*)(GlueSEImplementationVersion=1.8.*))(GlueSEUniqueID=*$HOSTNAME$*))". Returns WARNING if query returns any results. |
| eu.egi.sec.Top-BDII-EMI-1 | Test checks if Top-BDII is using EMI 1 middleware. Test queries top BDII with base DN of GLUE2GroupID=resource,O=glue for the following pattern: "(&(objectclass=GLUE2Endpoint)(GLUE2EndpointInterfaceName=bdii_top)(!(GLUE2EntityOtherInfo=MiddlewareVersion=2.*))(GLUE2EndpointURL=*$HOSTNAME$*))". Returns WARNING if query returns any results. |
| eu.egi.sec.WN | Test checks if WN is using gLite 3.2 (or older) middleware. Test checks if lcg-version or glite-version programs exist. |
| org.nagios.GLUE2-Check | Test checks if the site BDII is publishing GLUE2 information. Test queries a base DN of GLUE2DomainID=<site-name>,o=glue for the pattern "(&(objectClass=GLUE2Domain)(GLUE2DomainID=<site-name>))". In case that base DN or object is missing test will return CRITICAL. In case BDII returns more than 1 object test will return CRITICAL. In case BDII is down test will return UNKNOWN. |
Security SAM instance
This table lists tests being used to date for tracking installed MW versions on EGI sites. All tests are executed every 24h and extract product version information from BDII. Accuracy of the probes depends on the software version being published. Services that do not publish correctly may not be detected; false positives may also be possible in case of products that erroneously publish gLite3.1/3.2 information. Additionally, end-points associated to retired service types in GOCDB are detected; the retired service types being checked are Classic-SE, MON, RB.
Tests are executed on the security SAM instance: https://secmon.egi.eu/nagios. Alarms for these tests are opened in the Operations Portal Security Dashboard.
| Nagios test | Description |
|---|---|
| eu.egi.sec.Classic-SE | Test is associated to Classic-CE service endpoints in the GOC DB and it always returns CRITICAL. This service type has been obsoleted for a while and it should be removed from all sites. |
| eu.egi.sec.CREAMCE-gLite-32 | Test queries site BDII for the following pattern "(&(GlueServiceType=org.glite.ce.CREAM)(GlueServiceVersion=1.12.*)(GlueServiceEndpoint=*$HOSTNAME$*))". Returns CRITICAL if query returns any results. |
| eu.egi.sec.dCache | Test queries site BDII for the following pattern "(&(GlueSEImplementationName=dCache)(|(GlueSEImplementationVersion=1.8.*)(GlueSEImplementationVersion=1.9.1-*)(GlueSEImplementationVersion=1.9.5)(GlueSEImplementationVersion=1.9.5-*)(GlueSEImplementationVersion=1.9.8-*)(GlueSEImplementationVersion=1.9.10-*)(GlueSEImplementationVersion=production-1.9.5-*)(GlueSEImplementationVersion=cells))(GlueSEUniqueID=*$HOSTNAME$*))". Returns CRITICAL if query returns any results. |
| eu.egi.sec.gLite-CE | Test is associated to gLite-CE service endpoints in the GOC DB and it always returns CRITICAL. This service type has been obsoleted for a while and it should be removed from all sites. |
| eu.egi.sec.gLite-31 | Test queries site BDII for the following pattern "(&(GlueServiceDataValue=3.1.0)(GlueChunkKey=*$HOSTNAME$*))". Returns CRITICAL if query returns any results. |
| eu.egi.sec.gLite-32 | Test queries site BDII for the following pattern "(&(GlueServiceDataValue=3.2.0)(GlueChunkKey=*$HOSTNAME$*))". Returns CRITICAL if query returns any results. |
| eu.egi.sec.gLite-32-sup | Test queries site BDII for the following pattern "(&(GlueServiceDataValue=3.2.0)(GlueChunkKey=*$HOSTNAME$*))". Returns WARNING if query returns any results. This query is used for gLite 3.2 service types which are supported til the end of November 2012 (see the gLite 3.2 support calendar). |
| eu.egi.sec.LCG-CE | Test is associated to CE service endpoints in the GOC DB and it always returns CRITICAL. LCG-CE is unsupported (see the gLite 3.2 support calendar). |
| eu.egi.sec.MON | Test is associated to MON service endpoints in the GOC DB and it always returns CRITICAL. This service type has been obsoleted for a while and it should be removed from all sites. |
| eu.egi.sec.RB | Test is associated to RB service endpoints in the GOC DB and it always returns CRITICAL. This service type has been obsoleted for a while and it should be removed from all sites. |
| eu.egi.sec.Total-gLite-31 | Test queries site BDII for the following pattern "(GlueServiceDataValue=3.1.0)". Returns CRITICAL if query returns any results. At this point query does not create alarm in Dashboard and it is used only as a counter of service endpoint with gLite 3.1 available on site. |
| eu.egi.sec.Total-gLite-32 | Test queries site BDII for the following pattern "(GlueServiceDataValue=3.2.0)". Returns WARNING if query returns any results. At this point query does not create alarm in Dashboard and it is used only as a counter of service endpoint with gLite 3.2 available on site. |
| eu.egi.sec.WMS-gLite-31 | Test queries site BDII for the following pattern "(&(GlueServiceType=org.glite.wms.WMProxy)(GlueServiceVersion=3.2*)(GlueServiceEndpoint=*$HOSTNAME$*))". Returns CRITICAL if query returns any results. |
Table below defines mappings between MW tests and service types.
| Service type | Nagios test | Comment |
|---|---|---|
| CE | eu.egi.sec.LCG-CE | |
| Central-LFC | eu.egi.sec.gLite-31 | |
| eu.egi.sec.gLite-32-sup | ||
| Classic-SE | eu.egi.sec.Classic-SE | |
| FTS | eu.egi.sec.gLite-31 | |
| eu.egi.sec.gLite-32-sup | ||
| gLite-CE | eu.egi.sec.gLite-CE | |
| Local-LFC | eu.egi.sec.gLite-31 | |
| eu.egi.sec.gLite-32-sup | ||
| MON | eu.egi.sec.MON | |
| MyProxy | eu.egi.sec.gLite-31 | |
| eu.egi.sec.gLite-32 | ||
| RB | eu.egi.sec.RB | |
| Site-BDII | eu.egi.sec.gLite-31 | |
| eu.egi.sec.gLite-32 | ||
| eu.egi.sec.Total-gLite-31 | ||
| eu.egi.sec.Total-gLite-32 | ||
| SRM | eu.egi.sec.gLite-31 | |
| eu.egi.sec.gLite-32-sup | ||
| eu.egi.sec.dCache | ||
| Top-BDII | eu.egi.sec.gLite-31 | |
| eu.egi.sec.gLite-32 | ||
| VO-box | eu.egi.sec.gLite-31 | |
| VOMS | eu.egi.sec.gLite-31 | |
| eu.egi.sec.gLite-32 | ||
| WMS | eu.egi.sec.WMS-gLite-31 |