diff --git a/etc/xrootd/Authfile b/etc/xrootd/Authfile index f449f67..f72a965 100644 --- a/etc/xrootd/Authfile +++ b/etc/xrootd/Authfile @@ -11,7 +11,8 @@ ## under /xrootd. ## There must be at least one such user in order to create the ## private dirs for users willing to store their data in the facility -u xrootd /xrootd/ a +u xrootd /xrootd/ a \ + /store/ a ############################################################################################### ### alice @@ -101,9 +102,9 @@ x cmssgm /xrootd/cms/store/user/sam/ a \ # CMS users have full access to their own directory and temp, and read for CMS # While xrootd allows the user to *attempt* any operation - even in other user's # home directories -g /cms /xrootd/cms/store/user/ a \ +g /cms /xrootd/cms/store/user a \ /xrootd/cms/store/temp/ a \ - /store/user/ a \ + /store/user a \ /store/temp/ a \ readcmsdata diff --git a/etc/xrootd/config.d/10-file-catalog.cfg b/etc/xrootd/config.d/10-file-catalog.cfg index d2827fb..557e08e 100644 --- a/etc/xrootd/config.d/10-file-catalog.cfg +++ b/etc/xrootd/config.d/10-file-catalog.cfg @@ -1,3 +1 @@ -if $(xrdr) oss.namelib libXrdCmsTfc.so file:/cvmfs/cms.cern.ch/SITECONF/local/PhEDEx/storage.xml?protocol=direct -fi diff --git a/etc/xrootd/config.d/20-https.cfg b/etc/xrootd/config.d/20-https.cfg index de6bd6d..b9bc6d5 100644 --- a/etc/xrootd/config.d/20-https.cfg +++ b/etc/xrootd/config.d/20-https.cfg @@ -1,10 +1,10 @@ # # Configure HTTPS access and security # -http.cadir /etc/grid-security/certificates -http.cert /etc/grid-security/xrd/hostcert.pem -http.key /etc/grid-security/xrd/hostkey.pem - +# http.cadir /etc/grid-security/certificates +# http.cert /etc/grid-security/xrd/hostcert.pem +# http.key /etc/grid-security/xrd/hostkey.pem +http.httpsmode auto http.desthttps yes if exec xrootd @@ -13,19 +13,19 @@ if exec xrootd xrd.protocol http:$(httpsPort) /usr/lib64/libXrdHttp.so xrd.protocol http:$(httpsPort) +port http.selfhttps2http yes - + # Enable third-party-copy http.exthandler xrdtpc libXrdHttpTPC.so - + # Pass the bearer token to the Xrootd authorization framework. http.header2cgi Authorization authz fi # just to note that there can be differences: https://github.com/xrootd/xrootd/issues/1369 # Full extraction gives something like: -# sec.vorg="cms cms cms cms cms" sec.grps="/cms /cms/ALARM /cms/GGUSExpert /cms /cms/TEAM" sec.role="production NULL NULL NULL NULL" +# sec.vorg="cms cms cms cms cms" sec.grps="/cms /cms/ALARM /cms/GGUSExpert /cms /cms/TEAM" sec.role="production NULL NULL NULL NULL" # where the first and 4th entries are identical except for the role. The latter role seems to have fewer permissions. # http.secxtractor /usr/lib64/libXrdVoms.so certfmt=raw|grpopt=usefirst|vos=atlas,cms,dteam,dune,gridpp,lz,mu3e.org,ops,wlcg|grps=/atlas,/cms,/dteam,/dune,/gridpp,/lz,/mu3e,/ops,/wlcg|dbg http.secxtractor /usr/lib64/libXrdVoms.so certfmt=raw|grpopt=useall|vos=atlas,cms,dteam,dune,gridpp,lz,mu3e.org,ops,wlcg|grps=/atlas,/cms,/dteam,/dune,/gridpp,/lz,/mu3e,/ops,/wlcg|dbg http.selfhttps2http no -http.tlsreuse on +http.tlsreuse off diff --git a/etc/xrootd/xrootd-clustered.cfg b/etc/xrootd/xrootd-clustered.cfg index eec307f..22e2420 100644 --- a/etc/xrootd/xrootd-clustered.cfg +++ b/etc/xrootd/xrootd-clustered.cfg @@ -12,7 +12,8 @@ all.sitename $(resourcename) all.export / nostage all.manager $(xrdr):3121 cms.allow host * -xrootd.chksum max 2 adler32 crc32 md5 +# num Maximum number of checksum calculations that may run at the same time +xrootd.chksum max 62 adler32 crc32 md5 # Disable OSG monitoring @@ -45,16 +46,18 @@ all.adminpath /var/spool/xrootd all.pidpath /var/run/xrootd # default: startup=90, lookup=5 -cms.delay startup 10 lookup 10 +cms.delay startup 10 lookup 5 # Set the time file existence information is to be cached in memory. # Setting the cache time too low will substantially increase overhead. # default: 8h # cannot be less than 60s -cms.fxhold noloc 60s 60s +# cms.fxhold noloc 60s 60s # from https://github.com/xrootd/xrootd/issues/1703 -cms.dfs lookup central redirect immed +if $(xrdr) + cms.dfs lookup central redirect immed retries 2 +fi # More configuration files can be added in /etc/xrootd/config.d/ # For example /etc/xrootd/config.d/10-mygrid.cfg and