-
Notifications
You must be signed in to change notification settings - Fork 0
Conversation
Make my fork up to date.
@efajardo - can you squash out the merge commit, rewrite the commit message to be more descriptive, and provide a description in the PR? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's a good start (based on the XrootdHTTP document, right?). However, I think we need to refine it a bit to integrate it better in the OSG docs.
docs/data/install-xrootd.md
Outdated
1. Modify `/etc/xrootd/xrootd-clustered.cfg` and add the following lines: | ||
|
||
:::file | ||
sec.protocol /usr/lib64 gsi \ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This line is correct for enabling authorization, but is unrelated to HTTP / HTTPS. We should find the xrootd-lcmaps documentation and reference that -- make sure that doc uses the same line too!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
sure
docs/data/install-xrootd.md
Outdated
if exec xrootd | ||
xrd.protocol http:1094 libXrdHttp.so | ||
http.cadir /etc/grid-security/certificates | ||
http.cert /etc/grid-security/xrd/xrdcert.pem |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Note the hostcert path doesn't match the documentation earlier in the page. Which one do we suggest in the shipping configs?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good catch I will make it match
User-agent: * | ||
Disallow: / | ||
|
||
1. Testing the configuration |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Start the service, of course!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good catch, I will link to the manage services
docs/data/install-xrootd.md
Outdated
-authzfunparms:--lcmapscfg,/etc/xrootd/lcmaps.cfg,--loglevel,4 \ | ||
-gmapopt:10 \ | ||
-gmapto:0 | ||
if exec xrootd |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What happens if if exec xrootd
is left out? Does it mess up the cmsd
? Or is this a line we've been copy/pasting for years and never was really required?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yep it does:
180802 14:15:02 27686 Meter: Write access and staging prohibited.
------ server@gftp-2.t2.ucsd.edu phase 2 server initialization completed.
180802 14:15:02 27686 XrdOpen: Unable to bind socket to port 1094; address already in use
------ cmsd server@gftp-2.t2.ucsd.edu:1094 initialization failed.````
docs/data/install-xrootd.md
Outdated
|
||
#### (Optional) Enable HTTP based Writes | ||
|
||
The primary changes are to the Authfile; you will need to add several a (all) authorizations to where users need to be able to write. Here's an example: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is all about authorization, which probably belongs to a different section in the documentation.
The CMS doc made this a separate section because so many CMS T2s had authorization completely disabled (which didn't matter that much when it was read-only).
docs/data/install-xrootd.md
Outdated
|
||
The [upstream documentation](http://xrootd.org/doc/dev49/sec_config.htm#_Toc517294132) has further information on the Authfile format. | ||
|
||
!!! warning |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is a useful warning to keep around in the HTTP section.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I still think of this as a good start, but not completing the ticket. I plan to merge this but make notes in the ticket that it should be one of several topical XRootD documents.
Adding the HTTP documentation as optional part of the XRootD configuration without the specific CMS parts.