Hello,
Can you please paste the contents of the /etc/xrd.cf.mgm and /etc/xrd.cf.fst of
the ALICE EOSCTA instance at CERN?
Many thanks,
George
Hello,
Can you please paste the contents of the /etc/xrd.cf.mgm and /etc/xrd.cf.fst of
the ALICE EOSCTA instance at CERN?
Many thanks,
George
Hi George,
Julien can send you some details but the instance is standard, apart from the token auth config which is common to all Alice xrootd instances (and which I assume they’ve documented somewhere).
Oliver.
Hi Oliver,
Thanks for this. I will also need a clue about what EOS vid mappings need to be in place as well.
George
Here is the information I just sent by email:
install this rpm on the mgm: xrootd-alicetokenacc
and then load it on the mgm config:
mgmofs.authlib /usr/lib64/libXrdAliceTokenAcc.so
...
alicetokenacc.noauthzhost localhost
alicetokenacc.noauthzhost localhost.localdomain
alicetokenacc.truncateprefix /eos/alice/grid
Then you will have to create a few links to your standard directories and add some rules to /etc/grid-security/xrootd/TkAuthz.Authorization
Example here with inline documentation:
Specific support TkAuthz goes to EOS community: for example see this thread: Install eod :: mgm configuration - Site Administrators - EOS Community
It can be tricky mixing other authentication protocols and Alice token and this is not something we do on the CERN ALICE EOSCTA instance.
I created the base dirs using symlinks to higher up directory (for /00 → /15) as I prefer to have all the production tape backed files higher in the EOS directory structure: in /eos//archive prefix but this is up to you to decide where you prefer to structure your directories.
Something like this then finished the specific vid setup:
eos vid set map -unix \<pwd\> vuid:${aliprod_ID}
eos vid set map -unix \<pwd\> vgid:${aliprod_GID}
seq -f "%02g" 0 15 | xargs -itoto eos ln -s /toto ${THE_PLACE_FOR_THESE_DIRS}/toto
TkAuthz.Authorization is where you may feel the pain but it should not be any different than the syntax and directory structure you already have at RAL on your xrootd ALICE endpoint.
Only mgm config is Alice specific: FSTs are using SSS for redirection authentication as on any other eoscta instance.
Hi Julien,
Many thanks for the very comprehensive reply!
The config is in place and all ALICE tests are green,
Best,
George