WaTTS - Service Reference Card

  • Daemons running:
    • watts - The INDIGO Token Translation service
      • run_erl
      • beam.smp (can be multiple, usually #cores + 1)
    • epmd - erlang distribution daemon
  • Init scripts and options:
    • watts start - starts WaTTS
    • watts stop - stops WaTTS
    • watts restart - restarts WaTTS
    • watts ping - check if WaTTS is up and running, prints "pong" if up
    • watts getpid - prints the pid of WaTTS
    • watts version - prints out the verison of WaTTS
    • watts console - starts WaTTS in forground mode, e.g. for debugging
    • watts attach - connects to the shell of a running WaTTS, use with caution
  • Configuration files location:
    • /etc/watts/watts.conf - the main configuration file
  • Logfile locations (and management) and other useful audit information:
    • /var/log/watts/* - all differnet logs
  • Open ports:
    • 8080 - in default config
    • 4369 - epmd, can be blocked by firewall
    • In a production setup this usually changes to
      • 8080 - http redirection to the SSL secured connection
      • 8443 - https web interface and api
      • the above ports get redirected by iptables to the specified ports (see Server Settings)
  • Possible unit test of the service:
    • configure at least one OpenID Connect Provider
    • configure the info service
    • login to WaTTS and request the Info credentials
    • a list of informations should be shown
    • revoke the credential
    • the screen should look like in the beginning
  • Where is service state held (and can it be rebuilt):
    • /var/lib/watts - this directory contains all data/state
    • /etc/watts - this directory contains all settings
  • Cron jobs:
    • none
  • Security information:
    • Access control Mechanism description (authentication & authorization):
      • done via OpenID Connect library, oidcc
    • How to block/ban a user:
      • either configuer the service authz (see configuration documentation)
      • or done in the plugins (see developer documentation)
    • Network Usage:
      • http connections for the REST/Web interface
      • outgoing https connections to OpenId Connect Provider
      • other outgoing connections depend upon services/plugins in use
    • Firewall configuration:
      • only open listen_port and redirect_port configured in watts.conf, in default config port 8080
    • Security recommendations:
      • run as a dedicated, non-root user
      • set up SSL before running in production
      • do not use self-signed certificates in production

results matching ""

    No results matching ""