forked from mdoidge/lancsxroot
-
Notifications
You must be signed in to change notification settings - Fork 0
/
xrootd-cluster.cfg
121 lines (87 loc) · 3.24 KB
/
xrootd-cluster.cfg
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
###
#cluster config
###
##basics
#cmsd
all.manager xgate.hec.lancs.ac.uk:3121
all.role server
#all
all.export /cephfs/grid
all.sitename UKI_NORTHGRID_LANCS_HEP
all.adminpath /var/spool/xrootd
all.pidpath /var/run/xrootd
xrd.port 1095
xrootd.port 1095
#checksum - prob safe
xrootd.chksum max 32 adler32
#checksum size -default 64m
ofs.cksrdsz 512m
#logging
#all.trace all
#try setting explicitly
#xrd.trace all -debug
#xrootd.trace all -debug
#ofs.trace all -debug
#sec.trace all -debug
#http.trace all -debug
#cms.trace all -debug
xrootd.trace emsg login stall redirect
cms.trace emsg login stall redirect
#report sending
xrd.report 10.41.5.42:9485 every 5m all
## auth stuff
#largely from Sam
xrootd.seclib /usr/lib64/libXrdSec.so
sec.protocol /usr/lib64 gsi -certdir:/etc/grid-security/certificates \
-cert:/etc/grid-security/xrdcert.pem \
-key:/etc/grid-security/xrdkey.pem \
-crl:1 \
-authzfun:libXrdSecgsiAUTHZVO.so \
-gmapopt:10 -gmapto:0 \
-dlgpxy:2 -exppxy:=creds \
-vomsat:extract -vomsfun:libXrdVoms.so
#point to our authdb
acc.authdb /etc/grid-security/authdb
ofs.authorize
# Config TLS
#from https://xrootd-howto.readthedocs.io/en/latest/tpc/#an-example-of-wlcg-tpc-configuration-with-x509-authentication
xrd.tls /etc/grid-security/xrdcert.pem /etc/grid-security/xrdkey.pem
xrd.tlsca certdir /etc/grid-security/certificates
xrootd.tls capable all
#xrd tpc
ofs.tpc fcreds ?gsi =X509_USER_PROXY ttl 60 70 xfr 100 autorm pgm /usr/bin/xrdcp -f
#ofs.tpc fcreds ?gsi =X509_USER_PROXY ttl 60 70 xfr 100 autorm pgm /etc/xrootd/xrdcp-lancs-tpc.sh
## http stuff
if exec xrootd
#kick off xroot http, on 1095
xrd.protocol http:1095 /usr/lib64/libXrdHttp.so
http.selfhttps2http no
#from James
http.staticpreload http://static/robots.txt /etc/xrootd/robots.txt
# Require the use of the xrd.tls certificates (alternative is to use manual)
http.httpsmode auto
##old way from first config, if above set to manual
#http.cadir /etc/grid-security/certificates
#http.cert /etc/grid-security/xrdcert.pem
#http.key /etc/grid-security/xrdkey.pem
# HTTP TPC, see https://twiki.cern.ch/twiki/bin/view/Main/XRootDoverHTTP#Enable_Third_Party_Copy
http.secxtractor libXrdVoms.so
http.exthandler xrdtpc libXrdHttpTPC.so
http.header2cgi Authorization authz
# Please install libmacaroons rpm from EPEL.
# Macaroons support, see: https://twiki.cern.ch/twiki/bin/view/Main/XRootDoverHTTP#Macaroons_Support
http.exthandler xrdmacaroons libXrdMacaroons.so
# secret generated using openssl rand -base64 -out /etc/xrootd/macaroon-secret 64, owned xroot, chown 440
macaroons.secretkey /etc/xrootd/macaroon-secret
## token stuff
ofs.authlib ++ libXrdAccSciTokens.so config=/etc/xrootd/scitokens.cfg
ofs.authlib ++ libXrdMacaroons.so
fi
# CMS perf
#[0] https://xrootd.slac.stanford.edu/doc/dev54/cms_config.htm#_Toc53611073
#[1] https://github.com/xrootd/xrootd/blob/master/utils/cms_monPerf
#[2] https://cms-perf.readthedocs.io/en/latest/
if exec cmsd
# call preinstall script every minute
cms.perf int 1m pgm /usr/share/xrootd/utils/cms_monPerf 60
fi