Version 3 (modified by mmamonski, 11 years ago) (diff) |
---|
Since QCG-Computing 2.6.5 (QCG-Core >= 2.6.2) it is possible to run the service on privileged ports (i.e. <1024) e.g. the 443 (HTTPS port). This functionality required reordering of the ECM (External Communication Module) setup and privilege dropping operations. This change has one important implication (even if you do no plan to configure service to use lower ports numbers): The service X509 certificate and key must be since now owned by root (compering to qcg-comp user in older versions)
An example configuration of service that listen on two ports:
- 443 - using GSI protocol but with HTTPS Compatibility turned on (note <sm:SSLCompatibility>true</sm:SSLCompatibility>) - this port is supposed to be used by the QCG-Icon GUI clients
- 19000 - using GSI protocol with delegation support - used by QCG-Broker metascheduler
is shown below:
<sm:Transport> <sm:Module xsi:type="sm:ecm_gsoap.service"> <sm:Host>grass1.man.poznan.pl</sm:Host> <sm:Port>443</sm:Port> <sm:Authentication> <sm:Module xsi:type="sm:atc_transport_gsi.service"> <sm:X509CertFile>/etc/grid-security/hostcert.pem</sm:X509CertFile> <sm:X509KeyFile>/etc/grid-security/hostkey.pem</sm:X509KeyFile> <sm:SSLCompatibility>true</sm:SSLCompatibility> </sm:Module> </sm:Authentication> </sm:Module> <sm:Module xsi:type="sm:ecm_gsoap.service"> <sm:Host>grass1.man.poznan.pl</sm:Host> <sm:Port>19000</sm:Port> <sm:Authentication> <sm:Module xsi:type="sm:atc_transport_gsi.service"> <sm:X509CertFile>/etc/grid-security/hostcert.pem</sm:X509CertFile> <sm:X509KeyFile>/etc/grid-security/hostkey.pem</sm:X509KeyFile> </sm:Module> </sm:Authentication> </sm:Module> <sm:Module xsi:type="smc:qcg-comp-service"/> </sm:Transport>