/
dcap.batch
129 lines (121 loc) · 6.22 KB
/
dcap.batch
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
#
# dCap D o o r
#
onerror shutdown
check -strong dcap.limits.clients
check -strong dcap.net.port
check -strong dcap.cell.name
check -strong dcap.cell.name.dir
check dcap.cell.consume
check dcap.cell.subscribe
check -strong dcap.service.poolmanager
check -strong dcap.service.pnfsmanager
check -strong dcap.service.gplazma
check -strong dcap.service.billing
check -strong dcap.service.pinmanager
check dcap.loginbroker.update-topic
check dcap.loginbroker.tags
check -strong dcap.loginbroker.family
check -strong dcap.loginbroker.version
check -strong dcap.loginbroker.update-period
check -strong dcap.loginbroker.update-period.unit
check -strong dcap.loginbroker.update-threshold
check -strong dcap.loginbroker.address
check -strong dcap.loginbroker.port
check -strong dcap.authn.protocol
check dcap.authn.capath
check dcap.authn.hostcert.cert
check dcap.authn.hostcert.key
check dcap.authn.namespace-mode
check dcap.authn.crl-mode
check dcap.authn.ocsp-mode
check dcap.authn.passwd
check dcap.authn.ciphers
check dcap.authn.gsi.delegation.cache.lifetime
check dcap.authn.gsi.delegation.cache.lifetime.unit
check -strong dcap.authz.truncate
check -strong dcap.authz.readonly
check -strong dcap.authz.anonymous-operations
check -strong dcap.authz.mover-queue-overwrite
check dcap.mover.queue
check dcap.net.listen
check -strong dcache.paths.share
check dcap.limits.client-version
exec file:${dcache.paths.share}/cells/stage.fragment dcap doors
# Starts an embedded dir cell if one does not exist in the domain already
define env startDir.exe enddefine
onerror shutdown
create diskCacheV111.pools.DirectoryLookUpPool ${dcap.cell.name.dir} \
"-pnfsManager=\"${dcap.service.pnfsmanager}\""
enddefine
onerror continue
test -i ${dcap.cell.name.dir}
exec env startDir.exe -ifnotok
onerror shutdown
set env plain-paths-when-anonymous-access-is-NONE "-brokerReadPaths= -brokerWritePaths="
set env plain-paths-when-anonymous-access-is-READONLY "-brokerReadPaths=/ -brokerWritePaths="
set env plain-paths-when-anonymous-access-is-FULL "${paths-when-readonly-is-${dcap.authz.readonly}}"
set env paths-when-readonly-is-true "-brokerReadPaths=/ -brokerWritePaths="
set env paths-when-readonly-is-false "-brokerReadPaths=/ -brokerWritePaths=/"
set env arguments-plain "${plain-paths-when-anonymous-access-is-${dcap.authz.anonymous-operations}} -localOk"
set env arguments-auth "${paths-when-readonly-is-${dcap.authz.readonly}} -pswdfile=${dcap.authn.passwd} -authorization=required"
set env arguments-gsi "${paths-when-readonly-is-${dcap.authz.readonly}} -localOk -authorization=strong \
-socketfactory=\\\"javatunnel.DssServerSocketCreator org.dcache.dss.ServerGsiEngineDssContextFactory \
-service_key='${dcap.authn.hostcert.key}' \
-service_cert='${dcap.authn.hostcert.cert}' \
-service_trusted_certs='${dcap.authn.capath}' \
-ciphers='${dcap.authn.ciphers}' \
-namespace-mode='${dcap.authn.namespace-mode}' \
-crl-mode='${dcap.authn.crl-mode}' \
-ocsp-mode='${dcap.authn.ocsp-mode}' \
-key-cache-lifetime='${dcap.authn.gsi.delegation.cache.lifetime}' \
-key-cache-lifetime-unit='${dcap.authn.gsi.delegation.cache.lifetime.unit}' \
\\\""
set env arguments-kerberos "${paths-when-readonly-is-${dcap.authz.readonly}} -localOk -authorization=strong \
-socketfactory=\\\"javatunnel.DssServerSocketCreator org.dcache.dss.KerberosDssContextFactory \
'${dcap.authn.kerberos.service-principle-name}'\\\""
create dmg.cells.services.login.LoginManager ${dcap.cell.name} \
"${dcap.net.port} diskCacheV111.doors.DcapInterpreterFactory \
-listen=${dcap.net.listen} \
-consume=${dcap.cell.consume} \
-lookupPool=${dcap.cell.name.dir} \
-subscribe=${dcap.cell.subscribe} \
-acceptErrorWait=60000 \
-keepAlive=300 \
-poolRetry=2700 \
-prot=telnet \
-keepPrincipal \
-root=/ \
-read-only=${dcap.authz.readonly} \
-truncate=${dcap.authz.truncate} \
-maxLogin=${dcap.limits.clients} \
-brokerTopic=${dcap.loginbroker.update-topic} \
-brokerTags=${dcap.loginbroker.tags} \
-brokerUpdateTime=${dcap.loginbroker.update-period} \
-brokerUpdateTimeUnit=${dcap.loginbroker.update-period.unit} \
-brokerUpdateOffset=${dcap.loginbroker.update-threshold} \
-brokerAddress=${dcap.loginbroker.address} \
-brokerPort=${dcap.loginbroker.port} \
-protocolFamily=${dcap.loginbroker.family} \
-protocolVersion=${dcap.loginbroker.version} \
-loginBroker=${dcap.service.loginbroker} \
-pnfsManager=${dcap.service.pnfsmanager} \
-poolManager=${dcap.service.poolmanager} \
-pinManager=${dcap.service.pinmanager} \
-gplazma=\"${dcap.service.gplazma}\" \
-billing=\"${dcap.service.billing}\" \
-kafka=\"${dcacp.enable.kafka}\" \
-bootstrap-server-kafka=\"${dcap.kafka.bootstrap-servers}\" \
-kafka-topic=\"{dcap.kafka.topic}\" \
-kafka-max-block=${dcap.kafka.maximum-block}\
-kafka-max-block-units=${dcap.kafka.maximum-block.unit}\
-retries-kafka=0 \
-stageConfigurationFilePath=\"${dcap.authz.staging}\" \
-allowAnonymousStaging=\"${dcap.authz.anonymous-staging}\" \
-io-queue=${dcap.mover.queue} \
-io-queue-overwrite=${dcap.authz.mover-queue-overwrite} \
-anonymous-access=${dcap.authz.anonymous-operations} \
-clientVersion=\"${dcap.limits.client-version}\" \
-netmask=\"${dcap.net.allowed-subnets}\" \
${arguments-${dcap.authn.protocol}} \
"