EOS config for ALICE


Can you please paste the contents of the /etc/xrd.cf.mgm and /etc/xrd.cf.fst of
the ALICE EOSCTA instance at CERN?

Many thanks,


Hi George,

Julien can send you some details but the instance is standard, apart from the token auth config which is common to all Alice xrootd instances (and which I assume they’ve documented somewhere).


Hi Oliver,

Thanks for this. I will also need a clue about what EOS vid mappings need to be in place as well.


Here is the information I just sent by email:

Alice specific authentication plugin

install this rpm on the mgm: xrootd-alicetokenacc and then load it on the mgm config:

mgmofs.authlib  /usr/lib64/libXrdAliceTokenAcc.so
alicetokenacc.noauthzhost  localhost
alicetokenacc.noauthzhost  localhost.localdomain
alicetokenacc.truncateprefix  /eos/alice/grid

Then you will have to create a few links to your standard directories and add some rules to /etc/grid-security/xrootd/TkAuthz.Authorization

Example here with inline documentation:

Specific support TkAuthz goes to EOS community: for example see this thread: Install eod :: mgm configuration - Site Administrators - EOS Community
It can be tricky mixing other authentication protocols and Alice token and this is not something we do on the CERN ALICE EOSCTA instance.

I created the base dirs using symlinks to higher up directory (for /00 → /15) as I prefer to have all the production tape backed files higher in the EOS directory structure: in /eos//archive prefix but this is up to you to decide where you prefer to structure your directories.

Something like this then finished the specific vid setup:

  eos vid set map -unix \<pwd\> vuid:${aliprod_ID}
  eos vid set map -unix \<pwd\> vgid:${aliprod_GID}
  seq -f "%02g" 0 15 | xargs -itoto eos ln -s /toto ${THE_PLACE_FOR_THESE_DIRS}/toto

TkAuthz.Authorization is where you may feel the pain but it should not be any different than the syntax and directory structure you already have at RAL on your xrootd ALICE endpoint.

Only mgm config is Alice specific: FSTs are using SSS for redirection authentication as on any other eoscta instance.

Hi Julien,

Many thanks for the very comprehensive reply!
The config is in place and all ALICE tests are green,