Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WebDAV TPC issue with 4.10.0rc1 #988

Closed
olifre opened this issue May 15, 2019 · 4 comments · Fixed by #989
Closed

WebDAV TPC issue with 4.10.0rc1 #988

olifre opened this issue May 15, 2019 · 4 comments · Fixed by #989

Comments

@olifre
Copy link
Contributor

olifre commented May 15, 2019

Trying 4.10.0-rc1, we do now finally see WebDAV TPC pull requests in our logs. However, all of them fail like:

190515 16:30:45 3510148 sysProcessReq: Pull request from https://dcgftp.usatlas.bnl.gov:443/pnfs/usatlas.bnl.gov/BNLT0D1/rucio/mc16_13TeV/4f/88/DAOD_HIGG4D3.17227694._000758.pool.root.1
190515 16:30:45 3510148 ofs_open:  Unable to create /cephfs/grid/atlas/atlaslocalgroupdisk/rucio/mc16_13TeV/4f/88/DAOD_HIGG4D3.17227694._000758.pool.root.1?authz=Bearer VERY_LONG_BEARER_TOKEN_....._VERY_LONG; file name too long

i.e. the file name xrootd tries to create seems to include the URI parameters (in this case the bearer token, which is very long.

Since previous versions do not work for us due to #968 , I can not tell if this issue is new.
@bbockelm
Copy link
Contributor

This might be related to #970

Basically, instead of forcing the client to repeat the Authorization header when redirected (fewer and fewer clients elect to do this anymore), include the information as part of the opaque string.

I would be curious:

(a) How long is the entire string?
(b) Does this happen in the redirector or data server?

@bbockelm bbockelm mentioned this issue May 15, 2019
Closed
@olifre
Copy link
Contributor Author

olifre commented May 15, 2019

I can confirm we have http.header2cgi Authorization authz in our config (both on redirector and data server).

(a) How long is the entire string?

Starting from the path /cephfs, and ending at the ; before the message (i.e. up to the end of the bearer token), it's the full glory of 794 characters.

(b) Does this happen in the redirector or data server?

The error was seen on the data server.

@bbockelm bbockelm mentioned this issue May 16, 2019
Merged
@abh3 abh3 closed this as completed in #989 May 16, 2019
@bbockelm
Copy link
Contributor

I should mention that, before #989, I see:

190516 07:54:20 3966443  ofs_open: 201-644 fn=/home/cse496/bbockelm/tmp/xrootd_export/foo.google?authz=Bearer baz

With #989, I see:

190515 22:35:08 3867622 unknown.1:31@hcc-briantest7 ofs_open: 0-600 fn=/home/cse496/bbockelm/tmp/xrootd_export/foo

It's not logged, but stepping through with a debugger, I verified that the authz header is copied to the separate internal structure for authorization.

@olifre
Copy link
Contributor Author

olifre commented May 16, 2019

@bbockelm Many thanks for the quick patch!
I'll also give it a go in our production setup with the next RC for sure and report back 😄

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Do not include authz header in the filename. bbockelm/xrootd
2 participants
@olifre @bbockelm