Securing the Grid Services
XAP security is enabled by setting a system property.
Append the following system property to
This property affects the GSA, GSM, GSC. Actually it affects also a standalone PU instance (with a space).
The Grid Service Agent (GSA) acts as a process manager that can spawn and manage Service Grid processes (GSM, GSC, etc.). When GSA is secured, a spawned GSM/GSC will also be secured. To start, kill, restart a process you need Manage Grid privileges.
The Grid Service Manager (GSM) is responsible for managing Processing Units and Grid Service Containers. The GSM accepts deployment and un-deployment requests of Processing Units, and provisions them to GSCs. To deploy, un-deploy you need Provision PU privileges.
A secured GSM can only connect to another secured GSM. This means that a Processing Unit managed by a secured GSM can be recoverable upon failover only by another secured GSM.
The XAP Manager is a component which stacks together the LUS and GSM along with ZooKeeper and a RESTful Management API. The privileges of the GSM are the same as if it were standalone. For each REST operation, we list the required privilege in the yaml file, also viewable in the Swagger tool (see RESTful API). For example, starting a container would require Manage Grid privileges. Deploying a Space or a Processing Unit would require Provision PU privileges. For more information about using the RESTful API with security, refer to REST Manager API - Security.
When an Elastic Processing Unit is deployed, the GSM performs the initial provisioning and the ESM monitors it to ensure the elastic requirements are met. This means that when the service grid is secured, the ESM requires credentials with Manage PU and Manage Grid permissions to monitor and manage the elastic processing units. This is done using the
com.gs.esm.password system properties.
A Grid Service Container (GSC) is a container which hosts deployed Processing Unit Instances, and reports its status to the GSM. In general, operations on the GSC are routed to the managing GSM of the processing unit. To scale up/down, relocate, restart PU instance, destroy PU instance you need Manage PU privileges.
A secured GSC can only connect to a secured GSM. This means that a Processing Unit managed by a secured GSM can only be provisioned to a secured GSC.
Security of a GSC does not enforce any security on the deployed Processing Unit. i.e., a secured GSC can contain a Processing unit with a non-secured space, and a non-secured GSC can contain a Processing Unit with a secured space.