Default ctafrontend rpm xrootd configuration file is CI ready. No more...

Default ctafrontend rpm xrootd configuration file is CI ready. No more duplicate in the continuousintegration tree.

Default ctafrontend rpm xrootd configuration file is CI ready. No more...
Default ctafrontend rpm xrootd configuration file is CI ready. No more duplicate in the continuousintegration tree.
4510aa36 · Julien Leduc · b921538b · 4510aa36 · 4510aa36 · 4510aa36
Commit 4510aa36 authored Nov 14, 2017 by Julien Leduc
--- a/continuousintegration/docker/ctafrontend/cc7/opt/run/bin/ctafrontend.sh
+++ b/continuousintegration/docker/ctafrontend/cc7/opt/run/bin/ctafrontend.sh
@@ -11,9 +11,8 @@ yum-config-manager --enable ceph
 yum -y install cta-frontend cta-debuginfo cta-catalogueutils ceph-common
 fi

-# just to get the ctafrontend xrootd configuration file in /etc/cta/cta-frontend-xrootd.conf
-# can be removed when taking config file from rpm
-yes | cp -r /opt/ci/ctafrontend/etc / 
+# /etc/cta/cta-frontend-xrootd.conf is now provided by ctafrontend rpm and comes with
+# CI ready content

 /opt/run/bin/init_objectstore.sh
 . /tmp/objectstore-rc.sh

--- a/cta.spec.in
+++ b/cta.spec.in
@@ -161,7 +161,7 @@ The xroot plugin
 %{_libdir}/libXrdSsiCta.so*
 %attr(0755,cta,cta) %dir /var/log/cta
 %attr(0644,root,root) %config(noreplace) /etc/logrotate.d/cta-frontend
-%attr(0644,root,root) %config(noreplace) /etc/xrootd/xrootd-cta.cfg
+%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/cta/cta-frontend-xrootd.conf
 %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/cta/cta-frontend.conf
 %attr(0644,cta,cta) /etc/systemd/system/cta-frontend.service


--- a/doc/latex/CTA_Admin_Install.tex
+++ b/doc/latex/CTA_Admin_Install.tex
@@ -393,7 +393,7 @@ The EOS XRoot daemons (\texttt{fst}, \texttt{mgm}, \texttt{mq}) have their confi
 instead they are under \texttt{/etc/xrootd/<daemon>.cfg}.
 \end{alertbox}

-Edit \texttt{/etc/xrootd/xrootd-cta.cfg} and ensure that both Kerberos and SSS are enabled and using the correct keys.
+Edit \texttt{/etc/cta/cta-frontend-xrootd.conf} and ensure that both Kerberos and SSS are enabled and using the correct keys.
 This is specified using the \texttt{sec.protocol} and \texttt{sec.protbind} configuration lines. The file should finish
 looking something like this:
 \begin{lstlisting}
@@ -545,7 +545,7 @@ log file (\texttt{-l})\footnote{For full documentation of command line options,
 \href{http://xrootd.org/doc/dev44/xrd_config.htm\#_Toc98765632}{http://xrootd.org/doc/dev44/xrd\_config.htm}}:
 \begin{lstlisting}
 # su - cta
-[~]$ xrootd -n cta -c /etc/xrootd/xrootd-cta.cfg -I v4 -b -l /tmp/ctafrontend.log
+[~]$ xrootd -n cta -c /etc/cta/cta-frontend-xrootd.conf -I v4 -b -l /tmp/ctafrontend.log
 \end{lstlisting}
 Once the XRoot daemon is running, the CTA CLI will be able to send commands and receive results (See
 Chapters~\ref{admin_commands} and~\ref{user_commands}).

--- a/xroot_plugins/CMakeLists.txt
+++ b/xroot_plugins/CMakeLists.txt
@@ -53,7 +53,7 @@ endif (OCCI_SUPPORT)

 install (TARGETS XrdCtaOfs DESTINATION usr/${CMAKE_INSTALL_LIBDIR})
 install (TARGETS XrdSsiCta DESTINATION usr/${CMAKE_INSTALL_LIBDIR})
-install (FILES xrootd-cta.cfg DESTINATION /etc/xrootd/)
+install (FILES cta-frontend-xrootd.conf DESTINATION ${CMAKE_INSTALL_SYSCONFDIR}/cta)
 install (FILES cta-frontend.conf DESTINATION ${CMAKE_INSTALL_SYSCONFDIR}/cta)
 install (FILES cta-frontend.logrotate DESTINATION /etc/logrotate.d RENAME cta-frontend)
 install (FILES cta-frontend.service DESTINATION /etc/systemd/system)
--- a/continuousintegration/docker/ctafrontend/cc7/config/ctafrontend/etc/cta/cta-frontend-xrootd.conf
+++ b/continuousintegration/docker/ctafrontend/cc7/config/ctafrontend/etc/cta/cta-frontend-xrootd.conf
@@ -3,6 +3,9 @@ xrootd.fslib libXrdSsi.so libXrdCtaOfs.so

 # Specify which paths are handled by the OFS plugin
 #
+# The "old" cta command will continue to use OFS. The "new" eoscta_stub and
+# cta_admin binaries use SSI.
+#
 # Y3Rh is the Base64 encoding of cta, so this string appears at the beginning
 # of all cta admin commands
 ssi.fspath /Y3Rh
@@ -20,7 +23,6 @@ xrootd.seclib libXrdSec.so
 # The xroot server process needs to be able to read the keytab file
 sec.protocol krb5 /etc/cta/cta-frontend.krb5.keytab cta/cta-frontend@TEST.CTA
 sec.protocol sss -s /etc/cta/cta-cli.sss.keytab
-#sec.protocol unix

 # Only Kerberos 5 and sss are allowed
 sec.protbind * only sss krb5

--- a/xroot_plugins/xrootd-cta.cfg
+++ b/xroot_plugins/xrootd-cta.cfg
-# Load the CTA SSI and OFS plugins
-xrootd.fslib libXrdSsi.so libXrdCtaOfs.so
-
-# Specify which paths should be routed to the OFS plugin
-#
-# The "old" cta command will continue to use OFS. The "new" eoscta_stub and
-# cta_admin binaries use SSI.
-#
-# Y3Rh is the Base64 encoding of cta, so this string appears at the beginning
-# of all cta admin commands
-ssi.fspath /Y3Rh
-# L3Vzci9iaW4vY3Rh is Base64 encoding of /usr/bin/cta which appears at the
-# beginning of commands called from the EOS WFE bash script
-ssi.fspath /L3Vzci9iaW4vY3Rh
-
-# Load the SSI module
-ssi.svclib libXrdSsiCta.so
-
-# Use the security module
-xrootd.seclib libXrdSec.so
-
-# Protocol specification
-# The xroot server process needs to be able to read the keytab file
-sec.protocol krb5 /etc/krb5.keytab.cta host/<host>@CERN.CH
-sec.protocol sss -s /var/spool/xrootd/.xrd/sss.keytab -c /tmp/sss.keytab
-
-# Only Kerberos 5 and sss are allowed
-sec.protbind * only sss
-sec.protbind tpsrv* only krb5
-
-# Export the SSI resource
-all.export /ctafrontend nolock r/w
-
-# Export the OFS resource, specified in ssi.fspath above.
-#
-# There can be more than one of these; anything that starts with the prefix
-# will go to the the underlying file system. Note that this prefix cannot be
-# a substring of '/ctafrontend', so it is not possible to simply export '/'.
-all.export /Y3Rh
-all.export /L3Vzci9iaW4vY3Rh
-
-# Turn off asynchronous i/o
-xrootd.async off
-
-# Use a port other than 1094, already used by EOS xroot server
-xrd.port 10955
-