Merge branch '2.8' into stable

apx-contact.rst

@@ -9,10 +9,8 @@ a CERN account, you can register yourself for an
 Together with bug reports, please attach a "bugreport tarball", which is created
 with ``sudo cvmfs_config bugreport``.
 
-Mailing Lists
--------------
+Discourse Forum
+---------------
 
-The ``cvmfs-talk@cern.ch`` mailing list is used for general discussions about
-CernVM-FS. The ``cvmfs-announce@cern.ch`` mailing list is a low-volume list used
-for important news such as new releases. The ``cvmfs-testing@cern.ch`` mailing
-list is used to announce new releases in pre-production state.
+For announcements, discussions, and support please join us in the
+`CernVM Forum <https://cernvm-forum.cern.ch>`_.

apx-parameters.rst

@@ -117,6 +117,8 @@ CVMFS_USYSLOG                   | All messages that normally are logged to syslo
                                 | This file can grow up to 500kB and there is one step of log rotation.
                                 | Required for $\mu$CernVM.
 CVMFS_WORKSPACE                 Set the local directory for storing special files (defaults to the cache directory).
+CVMFS_USE_SSL_SYSTEM_CA         | When connecting to an HTTPS endpoints,
+                                | it will load the certificates provided by the system.
 =============================== ========================================================================================
 
 
@@ -155,15 +157,15 @@ CVMFS_DONT_CHECK_OVERLAYFS_VERSION  | Disable checking of OverlayFS version befo
                                     | (see :ref:`sct_reporequirements`)
 CVMFS_ENFORCE_LIMITS                | Set to *true* to cause exceeding \*LIMIT variables to be fatal to a publish
                                     | instead of a warning
+CVMFS_EXTENDED_GC_STATS             | Set to *true* to keep track of the volume of garbage collected files (increases GC running time)
 CVMFS_EXTERNAL_DATA                 | Set to *true* to mark repository to contain external data
                                     | that is served from an external HTTP server
 CVMFS_FILE_MBYTE_LIMIT              | Maximum number of megabytes for a published file, default value: 1024
                                     | (see also *CVMFS_ENFORCE_LIMITS*)
 CVMFS_FORCE_REMOUNT_WARNING         | Enable/disable warning through ``wall`` and grace period before forcefully
                                     | remounting a CernVM-FS repository on the release managere machine.
 CVMFS_GARBAGE_COLLECTION            Enables repository garbage collection |br| (Stratum~0 only | if set to *true*)
-CVMFS_GENERATE_LEGACY_BULK_CHUNKS   | Set to *false* to disable generation of whole-file objects for large files.
-                                    | Requires clients >= 2.1.7.
+CVMFS_GENERATE_LEGACY_BULK_CHUNKS   | Deprecated, set to *true* to enable generation of whole-file objects for large files.
 CVMFS_GC_DELETION_LOG               | Log file path to track all garbage collected objects during sweeping
                                     | for bookkeeping or debugging
 CVMFS_GEO_DB_FILE                   Path to externally updated location of geolite2 city database, or 'None' for no database.
@@ -172,7 +174,7 @@ CVMFS_GID_MAP                       Path of a file for the mapping of file owner
 CVMFS_HASH_ALGORITHM                | Define which secure hash algorithm should be used by CernVM-FS for CAS objects
                                     | (supported are: *sha1*, *rmd160* and *shake128*)
 CVMFS_IGNORE_SPECIAL_FILES          Set to *true* to skip special files during publish without aborting.
-CVMFS_IGNORE_XDIR_HARDLINKS         | If set to *true*, do not abort the publish operation when cross-directory
+CVMFS_IGNORE_XDIR_HARDLINKS         | Deprecated, defaults to *true*
                                     | hardlinks are found. Instead automatically break the hardlinks across directories.
 CVMFS_INCLUDE_XATTRS                Set to *true* to process extended attributes
 CVMFS_MAX_CHUNK_SIZE                Maximal size of a file chunk in bytes (see also *CVMFS_USE_FILE_CHUNKING*)
@@ -185,6 +187,7 @@ CVMFS_NUM_UPLOAD_TASKS              | Number of threads used to commit data to s
 CVMFS_NUM_WORKERS                   | Maximal number of concurrently downloaded files during a Stratum1 pull operation
                                     | (Stratum~1 only).
 CVMFS_PUBLIC_KEY                    Colon-separated path to the public key file(s) or directory(ies) of the repository to be replicated. (Stratum 1 only).
+CVMFS_PRINT_STATISTICS              | Set to *true* to show publisher statistics on the console
 CVMFS_REPLICA_ACTIVE                | Stratum1-only: Set to *no* to skip this repository when executing
                                     | ``cvmfs_server snapshot -a``
 CVMFS_REPOSITORY_NAME               The fully qualified name of the specific repository.
@@ -197,6 +200,8 @@ CVMFS_SNAPSHOT_GROUP                | Group name for subset of repositories used
                                     | Added with ``cvmfs_server add-replica -g``.
 CVMFS_SPOOL_DIR                     | Location of the upstream spooler scratch directories;
                                     | the read-only CernVM-FS moint point and copy-on-write storage reside here.
+CVMFS_STATISTICS_DB                 | Set a custom path for the publisher statistics database
+CVMFS_STATS_DB_DAYS_TO_KEEP         | Sets the pruning interval for the publisher statistics database
 CVMFS_STRATUM0                      URL of the master copy (*stratum0*) of this specific repository.
 CVMFS_STRATUM1                      URL of the Stratum1 HTTP server for this specific repository.
 CVMFS_SYNCFS_LEVEL                  | Controls how often ``sync`` will by called by ``cvmfs_server`` operations.
@@ -207,6 +212,7 @@ CVMFS_UNION_DIR                     | Mount point of the union file system for c
                                     | (see :ref:`sct_repocreation_update`).
 CVMFS_UNION_FS_TYPE                 | Defines the union file system to be used for the repository.
                                     | (currently `aufs` and `overlayfs` are fully supported)
+CVMFS_UPLOAD_STATS_DB               | Publish repository staticis plots to the Stratum 0 /stats location
 CVMFS_UPSTREAM_STORAGE              | Upstream spooler description defining the basic upstream storage type
                                     | and configuration.
 CVMFS_USE_FILE_CHUNKING             Allows backend to split big files into small chunks (*true* | *false*)

apx-security.rst

@@ -90,6 +90,8 @@ system initialization.  The client RPM package installs SElinux rules for RHEL6
 and RHEL7.  The cache directory should be labeled as ``cvmfs_cache_t``.
 
 
+.. _sct_running_client_as_normal_user:
+
 Running the client as a normal user
 -----------------------------------
 
@@ -99,12 +101,22 @@ either performed by fuse's ``fusermount`` utility or through a pre-mounted file
 descriptor. On newer Linux kernels, the client can mount as an unprivileged
 user in a user namespace with a detached mount namespace.
 
-The easiest way to run the client as a normal user is with the 
+The easiest way to run the client as a normal user is with the
 `cvmfsexec <https://github.com/cvmfs/cvmfsexec>`_ package.  It supports
 four ways to run cvmfs as an unprivileged user, depending on the
 capabilities available on the host.  See the README there for details.
 
 
+SETUID bit and file capabilities
+--------------------------------
+
+By default, CernVM-FS repositories are mounted with the ``nosuid`` option.
+Therefore, file capabilities and the setuid bit of files in the repository
+are ignored. The root user can decide to mount a CernVM-FS repository with the
+``cvmfs_suid`` option, in which case the original behavior of the suid flag
+and file capabilities is restored.
+
+
 CernVM-FS Software Distribution
 -------------------------------
 

apx-serverinfra.rst

@@ -22,8 +22,6 @@ setup and tools to be in place:
 
    -   kernel 4.2.x or later.
    -   RHEL7.3 kernel (for OverlayFS)
-   -   Custom kernel compilation with `aufs` support the kernel (see
-       Section :ref:`sct_customkernelinstall`)
 
 -  Backend storage location available through HTTP
 

conf.py

@@ -57,9 +57,9 @@
 # built documents.
 #
 # The short X.Y version.
-version = u'2.7'
+version = u'2.8'
 # The full version, including alpha/beta/rc tags.
-release = u'2.7.5'
+release = u'2.8.0'
 
 # The language for content autogenerated by Sphinx. Refer to documentation
 # for a list of supported languages.

cpt-configure.rst

@@ -73,6 +73,34 @@ cvmfs-config.cern.ch.
 The ``CVMFS_CONFIG_REPO_REQUIRED`` parameter can be used to force availability
 of the config repository in order for other repositories to get mounted.
 
+The config repository is a very convenient method for updating the
+configuration on a lot of CernVM-FS clients at once.  This also means
+that it is very easy to break configurations on a lot of clients at
+once.  Also note that only one config repository may be used per client,
+and this is a technical limitation that is not expected to change.  For
+these reasons, it makes the most sense to reserve the use of this
+feature for large groups of sites that share a common infrastructure
+with trusted people that maintain the configuration repository.  In
+order to facilitate sharing of configurations between the
+infrastructures, a
+`github repository <https://github.com/cvmfs-contrib/config-repo>`_
+has been set up.  Infrastructure maintainers are invited to collaborate
+there.
+
+Some large sites that prefer to maintain control over their own client
+configurations publish their own config repository but have automated
+processes to compare it to a repository from a larger infrastructure.
+They then quickly update their own config repository with whatever
+changes have been made to the infrastructure's config repository.
+
+Exchanges of configurations between limited numbers of sites that are
+also depending separately on a configuration repository is encouraged to
+be done by making rpm and/or dpkg packages and distributing them through 
+`cvmfs-contrib package repositories <https://cvmfs-contrib.github.io>`_.
+Keeping configurations up to date through packages is less convenient
+than the configuration repository but better than manually maintaining
+configuration files.
+
 Mounting
 --------
 
@@ -810,6 +838,8 @@ The example configuration for the in-memory cache plugin in
     CVMFS_CACHE_PLUGIN_SIZE=2000
 
 
+.. _sct_nfs_server_mode:
+
 NFS Server Mode
 ---------------