Commit 4510aa36 authored by Julien Leduc's avatar Julien Leduc
Browse files

Default ctafrontend rpm xrootd configuration file is CI ready. No more...

Default ctafrontend rpm xrootd configuration file is CI ready. No more duplicate in the continuousintegration tree.
parent b921538b
......@@ -11,9 +11,8 @@ yum-config-manager --enable ceph
yum -y install cta-frontend cta-debuginfo cta-catalogueutils ceph-common
fi
# just to get the ctafrontend xrootd configuration file in /etc/cta/cta-frontend-xrootd.conf
# can be removed when taking config file from rpm
yes | cp -r /opt/ci/ctafrontend/etc /
# /etc/cta/cta-frontend-xrootd.conf is now provided by ctafrontend rpm and comes with
# CI ready content
/opt/run/bin/init_objectstore.sh
. /tmp/objectstore-rc.sh
......
......@@ -161,7 +161,7 @@ The xroot plugin
%{_libdir}/libXrdSsiCta.so*
%attr(0755,cta,cta) %dir /var/log/cta
%attr(0644,root,root) %config(noreplace) /etc/logrotate.d/cta-frontend
%attr(0644,root,root) %config(noreplace) /etc/xrootd/xrootd-cta.cfg
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/cta/cta-frontend-xrootd.conf
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/cta/cta-frontend.conf
%attr(0644,cta,cta) /etc/systemd/system/cta-frontend.service
......
......@@ -393,7 +393,7 @@ The EOS XRoot daemons (\texttt{fst}, \texttt{mgm}, \texttt{mq}) have their confi
instead they are under \texttt{/etc/xrootd/<daemon>.cfg}.
\end{alertbox}
Edit \texttt{/etc/xrootd/xrootd-cta.cfg} and ensure that both Kerberos and SSS are enabled and using the correct keys.
Edit \texttt{/etc/cta/cta-frontend-xrootd.conf} and ensure that both Kerberos and SSS are enabled and using the correct keys.
This is specified using the \texttt{sec.protocol} and \texttt{sec.protbind} configuration lines. The file should finish
looking something like this:
\begin{lstlisting}
......@@ -545,7 +545,7 @@ log file (\texttt{-l})\footnote{For full documentation of command line options,
\href{http://xrootd.org/doc/dev44/xrd_config.htm\#_Toc98765632}{http://xrootd.org/doc/dev44/xrd\_config.htm}}:
\begin{lstlisting}
# su - cta
[~]$ xrootd -n cta -c /etc/xrootd/xrootd-cta.cfg -I v4 -b -l /tmp/ctafrontend.log
[~]$ xrootd -n cta -c /etc/cta/cta-frontend-xrootd.conf -I v4 -b -l /tmp/ctafrontend.log
\end{lstlisting}
Once the XRoot daemon is running, the CTA CLI will be able to send commands and receive results (See
Chapters~\ref{admin_commands} and~\ref{user_commands}).
......
......@@ -53,7 +53,7 @@ endif (OCCI_SUPPORT)
install (TARGETS XrdCtaOfs DESTINATION usr/${CMAKE_INSTALL_LIBDIR})
install (TARGETS XrdSsiCta DESTINATION usr/${CMAKE_INSTALL_LIBDIR})
install (FILES xrootd-cta.cfg DESTINATION /etc/xrootd/)
install (FILES cta-frontend-xrootd.conf DESTINATION ${CMAKE_INSTALL_SYSCONFDIR}/cta)
install (FILES cta-frontend.conf DESTINATION ${CMAKE_INSTALL_SYSCONFDIR}/cta)
install (FILES cta-frontend.logrotate DESTINATION /etc/logrotate.d RENAME cta-frontend)
install (FILES cta-frontend.service DESTINATION /etc/systemd/system)
......@@ -3,6 +3,9 @@ xrootd.fslib libXrdSsi.so libXrdCtaOfs.so
# Specify which paths are handled by the OFS plugin
#
# The "old" cta command will continue to use OFS. The "new" eoscta_stub and
# cta_admin binaries use SSI.
#
# Y3Rh is the Base64 encoding of cta, so this string appears at the beginning
# of all cta admin commands
ssi.fspath /Y3Rh
......@@ -20,7 +23,6 @@ xrootd.seclib libXrdSec.so
# The xroot server process needs to be able to read the keytab file
sec.protocol krb5 /etc/cta/cta-frontend.krb5.keytab cta/cta-frontend@TEST.CTA
sec.protocol sss -s /etc/cta/cta-cli.sss.keytab
#sec.protocol unix
# Only Kerberos 5 and sss are allowed
sec.protbind * only sss krb5
......
# Load the CTA SSI and OFS plugins
xrootd.fslib libXrdSsi.so libXrdCtaOfs.so
# Specify which paths should be routed to the OFS plugin
#
# The "old" cta command will continue to use OFS. The "new" eoscta_stub and
# cta_admin binaries use SSI.
#
# Y3Rh is the Base64 encoding of cta, so this string appears at the beginning
# of all cta admin commands
ssi.fspath /Y3Rh
# L3Vzci9iaW4vY3Rh is Base64 encoding of /usr/bin/cta which appears at the
# beginning of commands called from the EOS WFE bash script
ssi.fspath /L3Vzci9iaW4vY3Rh
# Load the SSI module
ssi.svclib libXrdSsiCta.so
# Use the security module
xrootd.seclib libXrdSec.so
# Protocol specification
# The xroot server process needs to be able to read the keytab file
sec.protocol krb5 /etc/krb5.keytab.cta host/<host>@CERN.CH
sec.protocol sss -s /var/spool/xrootd/.xrd/sss.keytab -c /tmp/sss.keytab
# Only Kerberos 5 and sss are allowed
sec.protbind * only sss
sec.protbind tpsrv* only krb5
# Export the SSI resource
all.export /ctafrontend nolock r/w
# Export the OFS resource, specified in ssi.fspath above.
#
# There can be more than one of these; anything that starts with the prefix
# will go to the the underlying file system. Note that this prefix cannot be
# a substring of '/ctafrontend', so it is not possible to simply export '/'.
all.export /Y3Rh
all.export /L3Vzci9iaW4vY3Rh
# Turn off asynchronous i/o
xrootd.async off
# Use a port other than 1094, already used by EOS xroot server
xrd.port 10955
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment