Created
April 14, 2023 18:10
-
-
Save PerilousApricot/91b522f65792fed2ffcf1b03b106f99c to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# | |
# MANAGED BY CFENGINE | |
# | |
set EnableVoms = 1 | |
# Data node | |
all.sitename T2_US_Vanderbilt | |
all.manager xrootd-vanderbilt.sites.opensciencegrid.org+ 1213 | |
all.manager meta all cmsxrootd.fnal.gov+ 1213 | |
all.role manager | |
# Set port | |
xrd.port 1094 if exec xrootd | |
cmsd.port 1213 if exec cmsd | |
# Logging verbosity | |
xrootd.trace emsg login stall redirect | |
# Hosts allowed to use this xrootd cluster | |
cms.allow host * | |
# Export all of /store | |
all.export /store | |
###Standard directives | |
# Simple sites probably don't need to touch these. | |
ofs.trace conn | |
# Security configuration | |
sec.protocol /usr/lib64 gsi -certdir:/etc/grid-security/certificates \ | |
-cert:/etc/grid-security/hostcert-xrootd.pem \ | |
-key:/etc/grid-security/hostkey-xrootd.pem \ | |
-crl:1 \ | |
-gmapopt:trymap \ | |
-gridmap:/etc/grid-security/grid-mapfile \ | |
-vomsfun:default | |
if exec xrootd | |
xrd.protocol http:1094 /usr/lib64/libXrdHttp-5.so | |
http.cadir /etc/grid-security/certificates | |
http.cert /etc/grid-security/hostcert-xrootd-https.pem | |
http.key /etc/grid-security/hostkey-xrootd-https.pem | |
http.listingdeny yes | |
http.staticpreload http://static/robots.txt /etc/xrootd/robots.txt | |
http.desthttps yes | |
http.secxtractor /usr/lib64/libXrdHttpVOMS.so | |
http.exthandler xrdtpc libXrdHttpTPC.so | |
http.header2cgi Authorization authz | |
fi | |
http.gridmap /etc/grid-security/grid-mapfile | |
voms.mapfile /etc/grid-security/voms-mapfile | |
http.exthandler xrdmacaroons libXrdMacaroons.so | |
macaroons.secretkey /etc/xrootd/macaroon-secret | |
ofs.authlib libXrdMacaroons.so | |
# Turn on authorization | |
ofs.authorize 1 | |
acc.authdb /etc/xrootd/Authfile | |
acc.audit deny grant | |
# Enable multiuser plugin | |
ofs.osslib ++ libXrdMultiuser.so | |
# Enable the checksum wrapper | |
ofs.ckslib * libXrdMultiuser.so | |
xrootd.chksum max 8 adler32 | |
# The cheksumwrapper is necessary so the checksumming happens on the fly | |
multiuser.checksumonwrite on | |
multiuser.umask 0002 | |
xrootd.seclib /usr/lib64/libXrdSec.so | |
# Cargo culted from Nebraska | |
cms.dfs limit 0 lookup central redirect verify retries 20 mdhold 20m | |
cms.delay startup 10 lookup 1 qdl 30 qdn 2 servers 1 | |
cms.fxhold 10m | |
cms.sched io 30 mem 35 cpu 35 fuzz 10 | |
xrd.sched mint 40 maxt 204800 avlt 512 idle 780 | |
xrd.network keepalive kaparms 5m,5s,5 | |
xrd.timeout idle 30m | |
#cms.perf int 30s pgm /usr/bin/XrdOlbMonPerf 30 | |
xrd.report xrd-report.osgstorage.org:9931 | |
xrootd.monitor all \ | |
auth \ | |
flush 30s \ | |
window 5s fstat 60 lfn ops xfr 5 \ | |
dest redir fstat info user xrd-report.osgstorage.org:9930 \ | |
dest fstat info files user pfc tcpmon ccm localhost:9993 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment