do you know a working test ( or production) eos system
which support xrootd/https and TPC for the dteam VO ( X509 cert and/or tokens)
in order to make few functional tests
thank you in advance
I need the service endpoint urls and the eos namespace path for the dteam VO
The eospps.cern.ch (xrootd:1094/https:443) is the instance used for such tests and accepts the dteam VO. You can use this path as destination which is accessible by the user dteam001
eos ls -rlta /eos/opstest/dteam/ drwxrwxr-+ 1 dteam001 cg 45199361826 Aug 9 14:34 .
And the vid mapping for the VO is:
[root@eospps-fe1 (mgm:master mq:master) ~]$ eos vid ls | grep dteam voms:"/dteam:":gid => cg voms:"/dteam:":uid => dteam001
The https endpoint does not work correcty for the moment since this instance is using XRootD5/EOS5 and there are some changes necessary for the token support. I will let you know once the instance is updated with these modidications.
thank you for the infomation
with x509 looks that https 443 it works for me
but I would like also to test token and tpc
therefore I will wait for the update
as I understand the nginx + microhttpd lib do not support X509 with voms attributes
and the mapping is done via grid-map file only ?
please could you confirm this
in addition , there are exposed ( to admins) parameters in order to configure the microhttpd runtime server or the parameter are hard copied to the eos code
thank you in advance
Yes, the nginx + microhttpd supports only X509 DN mapping using the gridmap-file. Concerning libmicrohttpd there no configuration parameters or files that we use when starting it as part of the EOS service, everything is inside the eos code. There are a couple of parameters that you can modify in
/etc/sysconfig/eos, for example:
EOS_HTTP_CONNECTION_MEMORY_LIMIT="65536" EOS_HTTP_THREADPOOL="epoll" EOS_HTTP_THREADPOOL_SIZE="32"
but that is basically it.
the http access on 8000 port with microhttp lib
and https acess on 9000 port with xrdhtpd lib
they can coexist on same configuration ?
I see this comment on mini guide
After starting the EOS service, one can check for the actual value of the HTTP port advertised by the individual FSTs by executing the following command:
eos fs status 1 | grep http
from which I understood that on FST we can have only one http port
than you in advance
Yes, the FST can advertise only one HTTP port to the MGM and this is the port used in turn by the MGM to redirect the clients. Therefore, you can configure the FST to support both XrdHttp and libmicrohttp but only one will be actually used. When both are configured on the same port XrdHttp takes precedence over libmicrohttpd. If they are on different ports then libmicrohttpd wins.