I would like to ask particularly for “XRootD TPC with delegated credentials” and PSS node

• Do you have Alice instance that they use this gateway?

• How do you configure a load balancer for this node and how many know you use?

• The redirect-gateway on MGMs ( e.g. ofs.tpc redirect delegated eos-gateway-node.cern.ch:1094 )

can be a round-robin alias over N nodes ?

• The pss.origin eos-target-instance.cern.ch:1094 on PSS should be to the master MGM?

• Could the PSS component be co-install in a Fst node?

thank you in advance

best regards

e.v.

Hi Emmanouil,

ALICE does not use delegated credentials, they only use their authz token which is embedded in the URL. For ALICE you need to disable the SSS enforcement on the FST side:
EOS_FST_NO_SSS_ENFORCEMENT="1"
and this allows TPC transfers between your instance and any other instance.

For other use-cases, yes the redirection endpoint can be a round-robin alias. Yes, you can install the PSS gateways on the FSTs if you want and indeed the pss.origin needs to point to the MGM node.

Cheers,
Elvin

hello Elvin
thank you for your reply
at CERN do you use PSS on production?
thank you in advance
best
e.v.

Hi Emmanouil,

Yes, we use such “PSS delegation gateways” for ATLAS and CMS. They use a round-robin alias.

Cheers,
Elvin