DPM Argus Integration

From GridPP Wiki
Revision as of 13:32, 8 June 2016 by Samuel Skipsey 7438f7b3c0 (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

While compute systems perform regular callouts to ARGUS for security purposes, DPM's architecture is not well suited to the same process. DPM can be integrated with a site ARGUS, using the dpm-argus package. Essentially, this package provides a single tool, dpns-arguspoll, which calls out to a specified ARGUS server, and retrieves the ban list from it, adding it to DPM's internal list of "banned DNs".

dpns-arguspoll can be called (once) by invoking it (on the DPM head node, or any other node with sufficient database and security permissions with respect to DPM and $DPNS_HOST set to point at the DPM head):

dpns-arguspoll TAG https://MY-ARGUS-SERVER:8154/authz 

where TAG is an arbitrary name which is appended to the call to ARGUS so it can be tracked in logs, and you should appropriately replace "MY-ARGUS-SERVER" with the right hostname.

In order to have useful integration, it is advisable to poll ARGUS fairly frequently (the lookup is not trivial, but is relatively light). For example, you can set up an hourly cron job like:

  1. cat /etc/cron.hourly/poll-argus
# Sync DPM's internal user banning states from argus

dpns-arguspoll TAG https://MY-ARGUS-SERVER:8154/authz 2>/dev/null