WaTTS - Service Reference Card
Daemons running:
watts - The INDIGO Token Translation service
run_erl
beam.smp (can be multiple, usually #cores + 1)
epmd - erlang distribution daemon
Init scripts and options:
watts start - starts WaTTS
watts stop - stops WaTTS
watts restart - restarts WaTTS
watts ping - check if WaTTS is up and running, prints "pong" if up
watts getpid - prints the pid of WaTTS
watts version - prints out the verison of WaTTS
watts console - starts WaTTS in forground mode, e.g. for debugging
watts attach - connects to the shell of a running WaTTS, use with caution
Configuration files location:
/etc/watts/watts.conf - the main configuration file
Logfile locations (and management) and other useful audit information:
/var/log/watts/* - all differnet logs
Open ports:
8080 - in default config
4369 - epmd, can be blocked by firewall
In a production setup this usually changes to
8080 - http redirection to the SSL secured connection
8443 - https web interface and api
the above ports get redirected by iptables to the specified ports (see Server Settings)
Possible unit test of the service:
configure at least one OpenID Connect Provider
configure the info service
login to WaTTS and request the Info credentials
a list of informations should be shown
revoke the credential
the screen should look like in the beginning
Where is service state held (and can it be rebuilt):
/var/lib/watts - this directory contains all data/state
/etc/watts - this directory contains all settings
Cron jobs:
none
Security information:
Access control Mechanism description (authentication & authorization):
done via OpenID Connect library, oidcc
How to block/ban a user:
either configuer the service authz (see configuration documentation)
or done in the plugins (see developer documentation)
Network Usage:
http connections for the REST/Web interface
outgoing https connections to OpenId Connect Provider
other outgoing connections depend upon services/plugins in use
Firewall configuration:
only open listen_port and redirect_port configured in watts.conf, in default config port 8080
Security recommendations:
run as a dedicated, non-root user
set up SSL before running in production
do not use self-signed certificates in production
Last updated