Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Globus Connect Server config file, for creating a GridFTP Globus endpoint using University of Michigan CiLogin for OAuth.
;----------------------------------------------------------------------------;
; Globus User Configuration
;----------------------------------------------------------------------------;
; These settings configure how to contact Globus when
; creating or modifying an endpoint.
[Globus]
; Globus user name. If not set, or left at its default, then the
; value of GLOBUS_USER environment variable is used, falling back to
; prompting if it is not present.
User = %(GLOBUS_USER)s
; Globus login password. If not set, or left at its default, then the
; value of the GLOBUS_PASSWORD environment variable is used, falling back
; to prompting if it is not present.
Password = %(GLOBUS_PASSWORD)s
;----------------------------------------------------------------------------;
; Globus Endpoint Configuration ;
;----------------------------------------------------------------------------;
; Set these if you want to add or modify the core attributes of the endpoint.
[Endpoint]
; Name of the endpoint. Can be either user#name or name, but if the former,
; the user must match [Globus] User above
; The special value %(SHORT_HOSTNAME)s will substitute the non-qualified
; portion of an ec2 instance's public hostname, falling back to the
; non-qualified hostname portion of the machine's nodename
Name = %(SHORT_HOSTNAME)s
; True or False, determining if the endpoint will be public or private.
; If not specified, this will default to False (non-public).
Public = True
; Default directory when users login to this endpoint (optional).
; If not specified, this will default to /~/.
DefaultDirectory = /~/
;----------------------------------------------------------------------------;
; Security Configuration ;
;----------------------------------------------------------------------------;
; These are the default service security settings, for services which will be
; accessed from Globus (GridFTP and MyProxy).
; There can be an override in the GridFTP or MyProxy sections below.
[Security]
; If this is true, then use the relay.globusonline.org to generate
; a random service credential so that Globus can access this service.
; Otherwise, Globus Connect Server will assume the Certificate and Key have
; been generated by some other method.
; Note that FetchCredentialFromRelay will only work if the key and certificate
FetchCredentialFromRelay = True
; Path to the certificate.
; If FetchCredentialsFromRelay is True, and the fetch conditions are met,
; this CertificateFile value will be overwritten.
; If not specified, this will default to
; /var/lib/globus-connect-server/grid-security/hostcert.pem
;; CertificateFile =
;
; Path to the private key.
; If FetchCredentialsFromRelay is True, and the fetch conditions are met,
; this KeyFile value will be overwritten.
; If not specified, this will default to
; /var/lib/globus-connect-server/grid-security/hostkey.pem
;; KeyFile =
; Path to where the trusted certificate directory. The
; Globus Relay CA will be installed there, as well as the MyProxy
; trust roots and CA if the MyProxy server is running elsewhere.
; If not specified, this will default to
; /var/lib/globus-connect-server/grid-security/certificates/
;; TrustedCertificateDirectory =
; Type of identity provider for the Globus service to use. This may
; be one of the following values:
; MyProxy
; Use the MyProxy server defined in the [MyProxy] section of this
; configuration file
; OAuth
; Use the OAuth server defined in the [OAuth] section of this
; configuration file
; CILogon
; Use the CILogon OAuth server
IdentityMethod = CILogon
; Authorization method for mapping the grid credential to a local username,
; by default, this is inferred from the IdentityMethod above. If using MyProxy,
; the MyProxyGridmapCallout is used; if using CILogon, the CILogon method
; is used. If the CILogon provides certificates that don't match local policy,
; you might need to use Gridmap to explicitly map the credentials to local
; accounts
;; AuthorizationMethod = MyProxyGridmapCallout | CILogon | Gridmap
; Path to a grid-mapfile to use with the Gridmap authorization method. The
; default is shown below
;; Gridmap = /etc/grid-security/grid-mapfile
; The name of the identity provider (see https://cilogon.org/ for a list
; of valid names)
CILogonIdentityProvider = University of Michigan
;----------------------------------------------------------------------------;
; GridFTP Configuration ;
;----------------------------------------------------------------------------;
; This section configures a GridFTP server. It can be processed on the
; GridFTP server host to generate a GridFTP configuration file, and on
; that or any other host to add a GridFTP server to an endpoint
[GridFTP]
; The host name (and optional port) to contact this GridFTP Server, in the form
; host[:port]. If not set, no gridftp server will be configured. The default
; pulls the server name from EC2 metadata if present, falling back to the local hostname and uses the default port 2811.
Server = %(HOSTNAME)s
; If this is set to True, then assume the Server name is the current machine
; and configure a GridFTP server on this machine, even if it the Server doesn't
; match the current hostname. Also, if ServerBehindNAT is set to True, the
; DataInterface will be set to the Server string automatically.
; If False, globus-connect-server-setup will only configure the gridftp
; server if the Server above matches the local machine's hostname. The default
; is False.
ServerBehindNAT = True
; Port range to use for incoming connections. The format is
; "startport,endport". If not set, this will default to 50000,51000
IncomingPortRange = 50000,53000
; Port range to use for outgoing connections. The format is
; "startport,endport". Only use this if your firewall restricts outgoing
; ports and gridftp won't work otherwise. The default is not restrict outgoing
; TCP ports
;; OutgoingPortRange = 50000,51000
; Hostname or IP address of the interface to use for data connections. If not
; set in this file, then the default behavior is:
; - When run on an EC2 instance, the data interface will be automatically
; configured to use the public ipv4 address of the instance.
; - When run on a non-EC2 instance, if ServerBehindNAT is True, then
; the hostname of the Server string is used. If this resolves to a private
; IP adddress, a warning will be issued.
; - Otherwise, this will not be set, and the gridftp server will tell clients
; to connect to the IP address that the control connection was established
; on.
;; DataInterface =
; Restricted path configuration.
; A comma separated list of full paths that clients may access. Each path may
; be prefixed by R and/or W, denoting read or write access, or N to explicitly
; deny access to a path. If a given path is a directory, all contents and
; subdirectories will be given the same access. Order of paths does not matter
; -- the permissions on the longest matching path will apply. The special
; character '~' will be replaced by the authenticated user's home directory,
; and * may be used for simple wildcard matching.
; By default all paths are allowed, and access control is handled by the OS.
; Examples:
; Allow read access to /data and full access to the user's home directory:
; RestrictPaths = RW~,R/data
; Allow full access to the home directory, but deny hidden files there:
; RestrictPaths = RW~,N~/.*
RestrictPaths =
;
; Enable sharing with Globus for this server.
; If not specified, this will default to False.
Sharing = True
; ------------------------
; ADVANCED SHARING OPTIONS
; ------------------------
; Using the same syntax as RestrictPaths above, this defines additional
; restrictions which paths that sharing clients may access.
;; SharingRestrictPaths =
; Path of a directory where GridFTP will store files used to control
; sharing access to individual accounts. The variables $USER and $HOME
; should be used in order to define a unique path per user.
; If not specified, this will default to "$HOME/.globus/sharing".
;
; For instance, with SharingStateDir = "/var/globusonline/sharing/$USER",
; user "bob" would be enabled for sharing only if a path exists with the
; name "/var/globusonline/sharing/bob/" and is writable by bob.
;
;;SharingStateDir =
;-----------------------------------------------------------------------------
; MyProxy Configuration ;
;-----------------------------------------------------------------------------
; This section configures a MyProxy server. It can be processed on the
; MyProxy server host to generate myproxy-server configuration files and
; a MyProxy CA, or can be used on a GridFTP server host to determine how
; to fetch trust roots, or to associate the MyProxy server with a
; Globus endpoint
[MyProxy]
; The contact URI of the MyProxy server. The format is host[:port], with
; a default port of 7512 if not present
; If not set, then no myproxy server will be configured. The special value
; %(HOSTNAME)s will substitute an ec2 instance's public hostname, falling back
; to the machine's nodename
;;Server = %(HOSTNAME)s
; If this is set to True, then assume the Server name is the current machine
; and configure a MyProxy server on this machine, even if it the Server doesn't
; match the current hostname.
; If False, globus-connect-server-setup will only configure the MyProxy
; server if the Server above matches the local machine's hostname. The default
; is False.
;;ServerBehindNAT = True
; Directory in which to place the MyProxy CA files,
; including the cacert and key, and the set of signed certificates.
; If not present, the default is /var/lib/globus-connect-server/myproxy-ca
;
;; CADirectory = /var/lib/globus-connect-server/myproxy-ca
; Path to store the myproxy service configuration file.
; If not specified, the default is
; /var/lib/globus-connect-server/myproxy-server.conf
;
;; ConfigFile = /var/lib/globus-connect-server/myproxy-server.conf
[OAuth]
; The public host name of the MyProxy OAuth server.
; If not set, then no MyProxy Oauth server will be configured. The special value
; %(HOSTNAME)s will substitute an ec2 instance's public hostname, falling back
; to the machine's nodename
;; Server = %(HOSTNAME)s
; If this is set to True, then assume the Server name is the current machine
; and configure a OAuth server on this machine, even if it the Server doesn't
; match the current hostname.
; If False, globus-connect-server-setup will only configure the OAuth
; server if the Server above matches the local machine's hostname. The default
; is False.
;;ServerBehindNAT = True
; A cascading stylesheet file to use with OAuth server web pages. The
; stylesheet will be used to style the MyProxy OAuth web interface. If not set,
; then the default Globus-look web style will be used.
;; Stylesheet =
;
; An image file to use as the logo of the MyProxy OAuth server. If not set,
; the Globus logo image is used.
;; Logo =
; vim: filetype=dosini : nospell :
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment