Note Interne CCR 2014
CCR-51/2014/P: Aspetti di sicurezza nella gestione di siti web in ambiente accademico
Michele Michelotto (INFN-Padova) e Dario Vettore (GARR)
L’obiettivo di questa guida è fornire un supporto da un punto di vista sistemistico per la configurazione di Web Server in ambito accademico. Si intende seguire l’amministratore nella configurazione e installazione offrendogli dei consigli nel caso in cui ci possano essere dubbi ed evidenziando i punti più critici.
CCR-50/2014/P: Aspetti di sicurezza nella programmazione di siti web in ambiente accademico
Michele Michelotto (INFN-Padova) e Dario Vettore (GARR)
L’obiettivo di questa guida è fornire un supporto a chi deve gestire un server web in ambito accademico e deve sviluppare codice per il server web. Dopo aver installato un server web è importante anche mettere in sicurezza il codice per evitare attacchi da malintenzionati.
CCR-49/2014/P: in preparazione
S. Dal Pra (INFN-CNAF)
The default behaviour of a batch system is to dispatch jobs to nodes having the lower value of some load index. Whilst this causes jobs to be equally distributed among all the nodes in the farm, there are cases when different types of behaviour may be desirable, such as having a completely full node before dispatching jobs to another one, or having similar jobs dispatched to nodes already running jobs of the same kind. This work defines the packing concept, different packing policies and useful metrics to evaluate how good the policy is. A simple farm simulator has been written to evaluate the expected impact on a farm of different packing policy. The simulator is run against a sequence of real jobs, whose parameters have been taken from the accounting database of INFN-Tier1. The effectiveness of two packing policies of interest, namely relaxed and exclusive, are compared. The exclusive policy proves to be better, at the cost of unused cores in the farm, whose number is estimated. The possibility of implementing the exclusive policy on a specific batch system, LSF 7.06, is exploited. Relevant configurations are shown and an overall description of the mechanism is presented.
CCR-48/2014/P: Accounting Data Recovery. A Case Report from INFN-T1
S. Dal Pra (INFN-CNAF)
Starting from summer 2013, the amount of computational activity of the INFN-T1 centre reported by the official accounting web portal of the EGI community accounting.egi.eu, was found to be much lower than the real value. Deep investigation on the accounting system pointed out a number of subtle concurrent causes, whose effects dated back from May and were responsible for a loss of collected data records over a period of about 130 days. The ordinary recovery method would have required about one hundred days. A different solution had thus to be designed and implemented. Applying it on the involved set of raw log files (records, for an average production rate of jobs/day) required less than 4 hours to reconstruct the Grid accounting records. The propagation of these records through the usual dataflow up to the EGI portal was then a matter of a few days. This report describes the work done at INFN–T1 to achieve the aforementioned result. The procedure was then adopted to solve a similar problem affecting another site, INFN–PISA. This solution suggests a possible alternative accounting model and provided us with a deep insight on the most subtle aspects of this delicate subject.
CCR-47/2014/P: Integrazione Single Sign On su Jasperserver per INFN AAI
M. Canaparo (INFN-CNAF), F. Serafini (INFN-AC)
Il presente documento descrive come implementare il Single Sign On tramite Shibboleth con JasperServer 4.5.
Lo scopo di questa attività è stato di integrare nel servizio di Business Intelligence dell'INFN, l'autenticazione gestita con AAI e Single Sign On in modo tale da rendere questo servizio accessibile con le stesso modalità degli altri offerti dal INFN.
CCR-46/2014/P: in preparazione
M. Canaparo (INFN-CNAF), F. Serafini (INFN-AC)