Difference between revisions of "DPM Argus Integration"

From GridPP Wiki
Jump to: navigation, search
(Created page with "While compute systems perform regular callouts to ARGUS for security purposes, DPM's architecture is not well suited to the same process. DPM can be integrated with a site ARG...")
 
 
Line 5: Line 5:
 
  dpns-arguspoll TAG https://MY-ARGUS-SERVER:8154/authz  
 
  dpns-arguspoll TAG https://MY-ARGUS-SERVER:8154/authz  
  
where TAG is an arbitrary name which is appended to the call to ARGUS so it can be tracked in logs, and you should appropriately replace "YOUR-ARGUS-SERVER" with the right hostname.  
+
where TAG is an arbitrary name which is appended to the call to ARGUS so it can be tracked in logs, and you should appropriately replace "MY-ARGUS-SERVER" with the right hostname.  
  
 
In order to have useful integration, it is advisable to poll ARGUS fairly frequently (the lookup is not trivial, but is relatively light). For example, you can set up an hourly cron job like:
 
In order to have useful integration, it is advisable to poll ARGUS fairly frequently (the lookup is not trivial, but is relatively light). For example, you can set up an hourly cron job like:

Latest revision as of 13:32, 8 June 2016

While compute systems perform regular callouts to ARGUS for security purposes, DPM's architecture is not well suited to the same process. DPM can be integrated with a site ARGUS, using the dpm-argus package. Essentially, this package provides a single tool, dpns-arguspoll, which calls out to a specified ARGUS server, and retrieves the ban list from it, adding it to DPM's internal list of "banned DNs".

dpns-arguspoll can be called (once) by invoking it (on the DPM head node, or any other node with sufficient database and security permissions with respect to DPM and $DPNS_HOST set to point at the DPM head):

dpns-arguspoll TAG https://MY-ARGUS-SERVER:8154/authz 

where TAG is an arbitrary name which is appended to the call to ARGUS so it can be tracked in logs, and you should appropriately replace "MY-ARGUS-SERVER" with the right hostname.

In order to have useful integration, it is advisable to poll ARGUS fairly frequently (the lookup is not trivial, but is relatively light). For example, you can set up an hourly cron job like:

  1. cat /etc/cron.hourly/poll-argus
#!/bin/sh
# Sync DPM's internal user banning states from argus

export DPNS_HOST=MYDPMHEADNODE
dpns-arguspoll TAG https://MY-ARGUS-SERVER:8154/authz 2>/dev/null