CERN Accelerating science

EOS instance which support dteam VO

Dear all
do you know a working test ( or production) eos system
which support xrootd/https and TPC for the dteam VO ( X509 cert and/or tokens)
in order to make few functional tests
thank you in advance
best
ev.
ps.
I need the service endpoint urls and the eos namespace path for the dteam VO

Hi Emmanouil,

The eospps.cern.ch (xrootd:1094/https:443) is the instance used for such tests and accepts the dteam VO. You can use this path as destination which is accessible by the user dteam001

eos ls -rlta /eos/opstest/dteam/
drwxrwxr-+   1 dteam001 cg        45199361826 Aug  9 14:34 .

And the vid mapping for the VO is:

[root@eospps-fe1 (mgm:master mq:master) ~]$ eos vid ls | grep dteam
voms:"/dteam:":gid => cg
voms:"/dteam:":uid => dteam001

The https endpoint does not work correcty for the moment since this instance is using XRootD5/EOS5 and there are some changes necessary for the token support. I will let you know once the instance is updated with these modidications.

Cheers,
Elvin

hello Elvin
thank you for the infomation
with x509 looks that https 443 it works for me
but I would like also to test token and tpc
therefore I will wait for the update
best
e.v.

hello Elvin
as I understand the nginx + microhttpd lib do not support X509 with voms attributes
and the mapping is done via grid-map file only ?
please could you confirm this

in addition , there are exposed ( to admins) parameters in order to configure the microhttpd runtime server or the parameter are hard copied to the eos code
thank you in advance
best
e.v.

Hi Emmanouil,

Yes, the nginx + microhttpd supports only X509 DN mapping using the gridmap-file. Concerning libmicrohttpd there no configuration parameters or files that we use when starting it as part of the EOS service, everything is inside the eos code. There are a couple of parameters that you can modify in /etc/sysconfig/eos, for example:

EOS_HTTP_CONNECTION_MEMORY_LIMIT="65536"
EOS_HTTP_THREADPOOL="epoll"
EOS_HTTP_THREADPOOL_SIZE="32"

but that is basically it.

Cheers,
Elvin

hello Elvin
the http access on 8000 port with microhttp lib
and https acess on 9000 port with xrdhtpd lib
they can coexist on same configuration ?

I see this comment on mini guide

’ [Service]
Environment=EOS_FST_HTTP_PORT=9001
After starting the EOS service, one can check for the actual value of the HTTP port advertised by the individual FSTs by executing the following command:
eos fs status 1 | grep http
stat.http.port 9001’

from which I understood that on FST we can have only one http port

than you in advance
best
e.v.

Hi Emmanouil,

Yes, the FST can advertise only one HTTP port to the MGM and this is the port used in turn by the MGM to redirect the clients. Therefore, you can configure the FST to support both XrdHttp and libmicrohttp but only one will be actually used. When both are configured on the same port XrdHttp takes precedence over libmicrohttpd. If they are on different ports then libmicrohttpd wins.

Cheers,
Elvin