WaTTS - Service Reference Card
- Daemons running:
- watts - The INDIGO Token Translation service
- run_erl
- beam.smp (can be multiple, usually #cores + 1)
- epmd - erlang distribution daemon
- Init scripts and options:
- watts start - starts WaTTS
- watts stop - stops WaTTS
- watts restart - restarts WaTTS
- watts ping - check if WaTTS is up and running, prints "pong" if up
- watts getpid - prints the pid of WaTTS
- watts version - prints out the verison of WaTTS
- watts console - starts WaTTS in forground mode, e.g. for debugging
- watts attach - connects to the shell of a running WaTTS, use with caution
- Configuration files location:
- /etc/watts/watts.conf - the main configuration file
- Logfile locations (and management) and other useful audit information:
- /var/log/watts/* - all differnet logs
- Open ports:
- 8080 - in default config
- 4369 - epmd, can be blocked by firewall
- In a production setup this usually changes to
- 8080 - http redirection to the SSL secured connection
- 8443 - https web interface and api
- the above ports get redirected by iptables to the specified ports (see Server Settings)
- Possible unit test of the service:
- configure at least one OpenID Connect Provider
- configure the info service
- login to WaTTS and request the Info credentials
- a list of informations should be shown
- revoke the credential
- the screen should look like in the beginning
- Where is service state held (and can it be rebuilt):
- /var/lib/watts - this directory contains all data/state
- /etc/watts - this directory contains all settings
- Cron jobs:
- Security information:
- Access control Mechanism description (authentication & authorization):
- done via OpenID Connect library, oidcc
- How to block/ban a user:
- either configuer the service authz (see configuration documentation)
- or done in the plugins (see developer documentation)
- Network Usage:
- http connections for the REST/Web interface
- outgoing https connections to OpenId Connect Provider
- other outgoing connections depend upon services/plugins in use
- Firewall configuration:
- only open listen_port and redirect_port configured in watts.conf, in default config port 8080
- Security recommendations:
- run as a dedicated, non-root user
- set up SSL before running in production
- do not use self-signed certificates in production