skel/share/defaults/pool.properties

#  -----------------------------------------------------------------------
#     Default values for pools
#  -----------------------------------------------------------------------
@DEFAULTS_HEADER@

# Pool name
#
# Must be unique within this dCache instance
pool.name =

# Path to pool directory
pool.path =

#  ---- Mover queues to create on a pool
#
#   Mover queues schedule and execute transfers on a pool. Each mover
#   queue can have individual limits and timeouts. These are
#   configured at runtime through the admin interface.
#
#   Doors can be configured to submit transfers to named queues.
#
#   This property takes a comma separated list of named mover queues.
#   The default mover queue is called 'regular' and is always created.
#   The 'regular' mover queue must not be defined in this property.
#
#   Named queues with names that begin with a hyphen are processed in
#   FIFO order; all other queues are processed in LIFO order. Although
#   LIFO is unfair, it tends to provide better behaviour in periods of
#   overload. Neither queueing discipline can magically resolve sustained
#   overload.
#
#   This property is deprecated. It is preferred to create movers dynamically
#   through the admin shell 'mover queue create' command.
#
(deprecated)pool.queues =

#  ---- Large File Store
#
#   Legacy option for disk only pools. There is usually no need to
#   change this setting as the choice whether to write a file to tape
#   is now controlled by the retention policy of each file.
#
(one-of?|volatile|transient|precious|none)pool.lfs=none

#  ---- Maximum amount of space to be used by a pool
#
#   In bytes. May also be configured at runtime through
#   the admin interface. If not set, the pool size is
#   determined from the size of the file system.
#
pool.size =

#  ---- Pool tags
#
#   White space separated list of key value pairs to associate with a
#   pool.
#
pool.tags = hostname=${host.name}

#  ---- Command to execute periodically to check pool health
#
#   If defined and if pool.enable.repository-check is set to true, the
#   command is executed once a minute. The command is usually a script
#   that checks file system, disk array and host health. Any arguments
#   are passed along.
#
#   As the command is executed frequently, it should not perform any
#   expensive checks, nor should the check take longer than at most a
#   few seconds.
#
#   If the exit code is 0, the pool is assumed to be okay. If the exit
#   code is 1, the pool is marked read-only. Any other exit code will
#   disabled the pool.
#
#   Once marked read-only or disabled, the pool will not reenable
#   itself, even if subsequent invocations exit with 0. The pool can
#   manually be reenabled using the 'pool enable' admin shell command.
#
#   stdout and stderr of the command are written to the domain's log
#   file.
#
pool.check-health-command=

#  ---- Whether to monitor pool health
#
#   If true, then the pool periodically performs a number of health
#   checks and disables itself if an error is detected.
#
#   The health check also involves checking the amount of free space
#   in the file system and adjusting the pool size if the amount of
#   free space in the file system is less than the free space of the pool.
#
(one-of?true|false)pool.enable.repository-check = true

# ---- Allow pool to remove precious files on request from cleaner.
#
#   This option is respected only when ${pool.lfs} is 'none'. If
#   ${pool.lfs} is 'precious' then removal of precious files is always
#   allowed.
#
(one-of?true|false)pool.enable.remove-precious-files-on-delete = true

# ---- Record pool's HSM conectivity in the namespace
#
# If true, then pool will update file's 'h' flag in the namespace with value
# "yes", when pool expected to be connected to HSM, e.g. pool.lfs=precious, and
# with "no" otherwise.
#
# The flags are stored in the file's in the name space. Most dCache installations
# do not require this functionality.
#
(one-of?true|false)pool.enable.hsm-flag = false

# Worker thread pool size. Used by migration module, for pool to pool transfers,
# and for processing requests from cleaner.
pool.limits.worker-threads=5

# Nearline storage thread pool size. Used for blocking nearline storage operations,
# e.g. name space operations or callouts into installed nearline storage providers.
pool.limits.nearline-threads=30

# Pool cell name. Currently this has to be the same as the pool name.
pool.cell.name=${pool.name}

#  ---- Named queues to consume from
#
#   A service can consume messages from named queues. Other services can
#   write messages to such queues. A named queue has an unqualified cell
#   address, that is, an address without a domain name.
#
#   This property contains a comma separated list of named queues to
#   consume from.
#
pool.cell.consume = ${pool.cell.name}

# Cell message processing limits
(obsolete)pool.cell.limits.message.threads.min=
(obsolete)pool.cell.limits.message.threads.max-idle-time=
(obsolete)pool.cell.limits.message.threads.max-idle-time.unit=

(obsolete)pool.cell.limits.message.threads.max = See pool.cell.max-message-threads
(obsolete)pool.cell.limits.message.queue.max = See pool.cell.max-messages-queued

pool.cell.max-message-threads = 50
pool.cell.max-messages-queued = 1000


#  ---- Do not start the pool until specified paths exists.
#
#   If specified then pool startup procedure will block as long as
#   specified paths does not exists. This is useful to delay pool startup
#   until repository's directory is available.
#
#   Format: [path1][:path2]...[:pathN]
#   For example:
#      pool.wait-for-files=${pool.path}/data
#
pool.wait-for-files=

#  ---- Which meta data repository implementation to use.
#
#   This selects which meta data repository implementation to use.
#   This is essentially a choice between storing meta data in a large
#   number of small files in the control/ directory, or to use the
#   embedded Berkeley database stored in the meta/ directory.  Both
#   directories are within the pool directory.
#
(one-of?org.dcache.pool.repository.meta.file.FileMetaDataRepository|\
        org.dcache.pool.repository.meta.db.BerkeleyDBMetaDataRepository|\
        org.dcache.pool.repository.meta.mongo.MongoDbMetadataRepository)\
pool.plugins.meta = org.dcache.pool.repository.meta.file.FileMetaDataRepository

#  ---- Garbage collector used when the pool runs out of space
pool.plugins.sweeper = org.dcache.pool.classic.SpaceSweeper2

#  ---- Configuration properties for Berkeley DB Java meta data repository
#
#   Berkeley DB Java edition is used by one of the available meta data
#   repository plugins. The database provides a large number of tuning
#   options. These are mapped to the pool.plugins.meta.db prefix.
#
#   Consult the Oracle Berkeley DB Java Edition documentation at
#
#       http://docs.oracle.com/cd/E17277_02/html/java/com/sleepycat/je/EnvironmentConfig.html
#
#   for details.
#
#   WARNING: Be aware that these settings may influence the consistency
#   of the data.
#
(prefix)pool.plugins.meta.db = Configuration for the meta data database

pool.plugins.meta.db!je.maxMemoryPercent = 20
pool.plugins.meta.db!je.stats.collect = false
pool.plugins.meta.db!je.lock.nLockTables = 5
pool.plugins.meta.db!je.lock.timeout = 60 s

#
# Configuration options for MongoDB backend
#
pool.plugins.meta.mongo.url=mongodb://localhost:27017
pool.plugins.meta.mongo.db=pdm
pool.plugins.meta.mongo.collection=poolMetadata

#
# Whether to enable RPCSEC_GSS for NFS mover
#
(one-of?true|false)pool.mover.nfs.rpcsec_gss = false

#  ---- NFS mover port range
#
# This option controls TCP port range used by NFS mover. In most
# cases we would like to reduce the range to a single port to
# let client to reconnect. If client failed to reconnect to the
# mover, then a RPC request may stay in clients task queue in a
# 'D' state and increase CPU load by one.
#
# If range configured to have more than one port, pool will
# randomly select one and and reuse it after restart.
pool.mover.nfs.port.min = ${dcache.net.lan.port.min}
pool.mover.nfs.port.max = ${dcache.net.lan.port.max}

#  ---- NFS mover's request processing policy ----
#
# When a NFS request received over the network there are two
# possible ways to process it - to use the same thread, which received the
# request, called SAME_THREAD, or to use a pool of worker threads,
# called WORKER_THREAD. WORKER_THREAD typically gives better throughput with
# the risk that more aggressive clients can degrade the performance of less
# aggressive clients.  SAME_THREAD limits the impact of aggressive clients on
# less aggressive clients but also reduces the maximum throughput of any one client.
(one-of?SAME_THREAD|WORKER_THREAD)pool.mover.nfs.thread-policy = SAME_THREAD

#  ---- Port used for passive DCAP movers
#
#   When zero then a random port from the LAN port range is used.
#
pool.mover.dcap.port = 0

#  ----- Whether to use memory mapping in FTP mover
#
#   If true, the FTP mover utilizes memory mapping for checksum
#   verification. This potentially improves performance, but may cause
#   compatibility issues on some platforms.
#
(one-of?true|false)pool.mover.ftp.mmap = false


#  ----- Whether to log incomplete transfers
#
#   The following property controls whether the FTP mover will log
#   statistics about transfers aborted by the client.  This mover is
#   responsible for direct uploads and downloads, and for third-party
#   transfers initiated with the FTP protocol.
#
#   It is not always possible for the pool to detect incomplete
#   transfers; for example, if the transfer uses mode S and dCache
#   accepts data then the pool cannot know if that transfer is
#   incomplete.  The pool can detect incomplete transfers if dCache is
#   supplying data, or if the transfer uses mode E.
#
#   An incomplete transfer may be due to the pool detecting a problem
#   (e.g., unable to connect to the target TCP port) or from the
#   client detecting some problem (e.g., insufficient progress).
#   Logging the statistics when that transfer is aborted may yield
#   information that helps diagnose such problems.
#
(one-of?true|false)pool.mover.ftp.enable.log-aborted-transfers = false


#  ----- Distance between transfer and checksum computation in FTP mover
#
#   When the checksum is computed on the fly, the FTP mover performs
#   the checksum calculation in a separate thread. This property
#   indicates the maximum distance in bytes between the transfer and
#   the checksum calculation. If too small then the transfer may be
#   throttled by a slow checksum calculation. If too large then data
#   may have to be read back from disk rather than read from the
#   cache.
#
pool.mover.ftp.read-ahead = 16777216

# Whether the FTP mover may accept incoming connections. If not, passive
# FTP connections will use the door as a proxy.
(one-of?true|false)pool.mover.ftp.allow-incoming-connections=true

#  ---- Thread pool size for xrootd disk IO threads
pool.mover.xrootd.threads = 20

#  ---- Maximum size of an xrootd frame
#
#   Specified in bytes.
#
pool.mover.xrootd.frame-size = 2097152

#  ---- Xrootd plugins
#
#   Comma separated list of plugins to inject into the xrootd
#   request processing chain.
#
#   dCache ships with a few plugins:
#
#    authn:gsi  - any xrootd request to the door will use a key-exchange
#                 process to identify the end-user (pool only).
#
#    authz:alice-token - ALICE token based authorization plugin.
#
#   No plugins are required. If an authentication plugin is
#   specified, then note that the subject will *not* be mapped by
#   gPlazma.
#
#   Pools authorize access using a one-time token generated by the door
#   when redirecting the client to the pool. For this reason an
#   authentication or authorization plugin is usually *not* needed
#   on pools.
#
#   Third party plugins can be used by adding the plugin to the plugin
#   directory of dCache and specifying the plugin name here. Authentication
#   and authorization plugins can be loaded as authn:<plugin> and
#   authz:<plugin> respectively.
#
#   NOTE:  the access-log plugin, which generates a dCache style access log
#          using the NetLogger format, is now added automatically.
#
pool.mover.xrootd.plugins=

#  ---- Xrootd third-party client authentication plugins
#
#   Comma separated list of plugins to inject into the xrootd tpc client
#   request processing chain.
#
#   Currently xrootd servers require an authentication step between them
#   during third-party transfer.  When dCache is the destination, it uses
#   a client to read the data, piping it to a mover which then writes it
#   to the selected pool.  The client needs to authenticate, and this
#   is handled by these plugin implementations, named by protocol.
#
#   No plugins means dCache can be used as third party destination only
#   with xrootd servers that require no authentication.
#
#   dCache ships with:
#
#        gsi   - request to the source server from dcache will
#                use a key-exchange process to identify the end-user.
#
#        unix  - request to the source server from dcache will
#                use unix authentication.
#
#                NOTE: third-party copying between dCache instances or doors
#                requires this plugin on destination pools in addition to
#                any other auth plugins, if hash signing is enforced on
#                the pools (see pool.xrootd.security.force-signing).
#
pool.mover.xrootd.tpc-authn-plugins=

#  ---- Xrootd mover-idle timeout
#
#   Specifies the timeout before clients that connect to the
#   pool request handler but don't open any files will be disconnected.
#
pool.mover.xrootd.timeout.idle = 300000
(one-of?MILLISECONDS|SECONDS|MINUTES|HOURS|DAYS)pool.mover.xrootd.timeout.idle.unit=MILLISECONDS

#  ---- Xrootd connect timeout
#
#   Timeout that the mover will wait for a client connection before
#   shutting down.
#
pool.mover.xrootd.timeout.connect = 300
(one-of?MILLISECONDS|SECONDS|MINUTES|HOURS|DAYS)pool.mover.xrootd.timeout.connect.unit = SECONDS

#  ---- Xrootd mover port range
pool.mover.xrootd.port.min = ${dcache.net.lan.port.min}
pool.mover.xrootd.port.max = ${dcache.net.lan.port.max}

#  ----- Custom kXR_Qconfig responses
#
#   xrootd clients may query the server configuration using a kXR_Qconfig request.
#   These key value pairs can be queried. Additional key value pairs may be added as
#   needed, see the xrootd protocol specification at http://xrootd.org/ for details.
#
(prefix)pool.mover.xrootd.query-config = kXR_Qconfig responses
pool.mover.xrootd.query-config!version = dCache ${dcache.version}
pool.mover.xrootd.query-config!sitename = ${dcache.description}
pool.mover.xrootd.query-config!role = none

#
#  Signed hash verification ----- see dcache.properties
#
pool.mover.xrootd.security.level=${dcache.xrootd.security.level}
pool.mover.xrootd.security.force-signing=${dcache.xrootd.security.force-signing}


#  ---- Thread pool size for http disk IO threads
pool.mover.http.threads = 20


#  ----- IO chunk size in bytes used by HTTP mover to sent or received data.
#
# This options controls the IO block size used to read/write data from/to
# backend storage, like file system or ceph.
pool.mover.http.chunk-size = 8192


#   Custom HTTP headers in response
#
#   The following configuration prefix is used to add custom headers
#   to dCache responses.  The key part (after the prefix) is used as
#   the header; the value is the header's value.  For example, specifying
#
#       pool.mover.http.custom-response-header!Foo = bar
#
#   ensures that HTTP responses will include the line:
#
#       Foo: bar
#
#   The webdav.custom-response-header property has a similar effect
#   for the webdav door.
#
(prefix)pool.mover.http.custom-response-header = HTTP headers that are always included in dCache responses
pool.mover.http.custom-response-header!Server = dCache/${dcache.version}

#  ---- HTTP client timeout
#
#   Period after which a client will be disconnected if the
#   connection is idle (not reading or writing)
#
pool.mover.http.timeout.idle = 300
(one-of?MILLISECONDS|SECONDS|MINUTES|HOURS|DAYS)pool.mover.http.timeout.idle.unit = SECONDS

#  ---- HTTP connect timeout
#
#   Timeout that the mover will wait for a client connection before
#   shutting down
#
pool.mover.http.timeout.connect = 300
(one-of?MILLISECONDS|SECONDS|MINUTES|HOURS|DAYS)pool.mover.http.timeout.connect.unit = SECONDS

#  ---- HTTP mover port range
pool.mover.http.port.min = ${dcache.net.wan.port.min}
pool.mover.http.port.max = ${dcache.net.wan.port.max}

#  ---- FTP data channel port range
#
#  Currently only used by remote FTP mover
#
pool.mover.ftp.port.min = ${dcache.net.wan.port.min}
pool.mover.ftp.port.max = ${dcache.net.wan.port.max}

#  ---- Directory containing trusted CA certificates
#
#   The directory containing the certificate authority (CA)
#   certificates that the pool should trust when accepting or making
#   remote connections.  Currently only secure HTTP (https)
#   connections react to this property.
#
pool.authn.capath = ${dcache.authn.capath}

# How often to check the CA certificates for updates
pool.authn.capath.refresh=${dcache.authn.capath.refresh}
(one-of?MILLISECONDS|\
	SECONDS|\
	MINUTES|\
	HOURS|\
	DAYS|\
	${dcache.authn.capath.refresh.unit})\
pool.authn.capath.refresh.unit=${dcache.authn.capath.refresh.unit}

# ---- Certificate Authority Namespace usage mode
(one-of?GLOBUS_EUGRIDPMA|EUGRIDPMA_GLOBUS|GLOBUS|EUGRIDPMA|GLOBUS_EUGRIDPMA_REQUIRE|EUGRIDPMA_GLOBUS_REQUIRE|GLOBUS_REQUIRE|EUGRIDPMA_REQUIRE|EUGRIDPMA_AND_GLOBUS|EUGRIDPMA_AND_GLOBUS_REQUIRE|IGNORE|${dcache.authn.namespace-mode})\
pool.authn.namespace-mode=${dcache.authn.namespace-mode}

# ---- Certificate Revocation List usage mode
(one-of?REQUIRE|IF_VALID|IGNORE|${dcache.authn.crl-mode})\
pool.authn.crl-mode=${dcache.authn.crl-mode}

# ---- On-line Certificate Status Protocol usage mode
(one-of?REQUIRE|IF_AVAILABLE|IGNORE|${dcache.authn.ocsp-mode})\
pool.authn.ocsp-mode=${dcache.authn.ocsp-mode}

(any-of?DISABLE_EC|DISABLE_RC4|${dcache.authn.ciphers})pool.authn.ciphers = ${dcache.authn.ciphers}

# Cell address of pnfsmanager service
pool.service.pnfsmanager=${dcache.service.pnfsmanager}

# Timeout for pnfsmanager requests
pool.service.pnfsmanager.timeout=300
(one-of?MILLISECONDS|SECONDS|MINUTES|HOURS|DAYS)pool.service.pnfsmanager.timeout.unit=SECONDS

# Cell address of billing service
pool.service.billing=${dcache.topic.billing}

# Timeout for requests to other pools
pool.service.pool.timeout=60
(one-of?MILLISECONDS|SECONDS|MINUTES|HOURS|DAYS)pool.service.pool.timeout.unit=SECONDS

# Maximum number of pnfs manager requests per second
pool.service.pnfsmanager.rate=250

# Cell address of poolmanager service
pool.service.poolmanager=${dcache.service.poolmanager}

# Timeout for poolmanager requests
pool.service.poolmanager.timeout=120
(one-of?MILLISECONDS|SECONDS|MINUTES|HOURS|DAYS)pool.service.poolmanager.timeout.unit=SECONDS

# Cell address of pinmanager service
pool.service.pinmanager=${dcache.service.pinmanager}

# Timeout for pinmanager requests
pool.service.pinmanager.timeout=120
(one-of?MILLISECONDS|SECONDS|MINUTES|HOURS|DAYS)pool.service.pinmanager.timeout.unit=SECONDS

# Timeout for requests to sent to doors
pool.service.door.timeout=3
(one-of?MILLISECONDS|SECONDS|MINUTES|HOURS|DAYS)pool.service.door.timeout.unit=SECONDS

# Cell address to which to send poolup messages
pool.destination.heartbeat = ${dcache.topic.pool-heartbeat}

# Address of cell to notify with a replication request on arrival of new files
#
# This will typically be PoolManager or HoppingManager. Leave empty to disable the
# notification.
pool.destination.replicate =

# IP address to include in replication requests
#
# This will typically be an IP address of a worker node or some other client machine.
#
pool.destination.replicate.ip=

##
#  ------------------------------ Resilience ---------------------------------
##

# Cell address to which to send corrupt file messages
#
pool.destination.corrupt-file=CorruptFileTopic

#  ---- Number of threads processing request coming from the resilience system.
#
pool.resilience.request-threads=10


## ---- Number of threads processing requests coming from frontend services.
#
pool.info-request-handler.threads=4


# Pool's file store backend type.
#
# currently supported types: CEPH or a POSIX file system
(one-of?ceph|posix)pool.backend = posix

# -------- CEPH backend for pools ----
#
# CEPH cluster name
pool.backend.ceph.cluster = admin

# path to ceph config file
pool.backend.ceph.config = /etc/ceph/ceph.conf

# ceph pool name
pool.backend.ceph.pool-name = ${pool.name}

#
#   Document which TCP ports are opened
#
(immutable)pool.net.ports.tcp=${dcache.net.wan.port.min}-${dcache.net.wan.port.max} ${dcache.net.lan.port.min}-${dcache.net.lan.port.max}

# Obsolete properties
(obsolete)pool.cell.export = See pool.cell.consume


#  ---- Kafka service enabled
#
(one-of?true|false|${dcache.enable.kafka})pool.enable.kafka = ${dcache.enable.kafka}
pool.kafka.maximum-block = ${dcache.kafka.maximum-block}
(one-of?MILLISECONDS|SECONDS|MINUTES|HOURS|DAYS|${dcache.kafka.maximum-block.unit})\
pool.kafka.maximum-block.unit = ${dcache.kafka.maximum-block.unit}

# A list of host/port pairs (brokers) host1:port1,host2:port2,....
pool.kafka.bootstrap-servers = ${dcache.kafka.bootstrap-servers}

# Kafka topic name
pool.kafka.topic = ${dcache.kafka.topic}

# Support for encrypted transfers.
#
# HTTPS is currently the only supported encrypted transfer.

# 1. It's https connections that are encrypted.
# 2. internal transfers (pool-to-pool and proxied transfers) are not encrypted.
# 3. enabling HTTPS support requires the pool to have a valid X.509 credential.
#
(one-of?true|false)pool.enable.encrypted-transfers=false

# Host (server) certificate for https authentication
pool.mover.https.hostcert.cert=${dcache.authn.hostcert.cert}

# Host (server) key for https authentication
pool.mover.https.hostcert.key=${dcache.authn.hostcert.key}

#  ---- Directory containing trusted CA certificates
#
#   The directory containing the certificate authority (CA)
#   certificates that the pool should trust when accepting or making
#   remote connections.  Currently only secure HTTP (https)
#   connections react to this property.
#
pool.mover.https.capath=${dcache.authn.capath}