Hello @esindril & EOS community,
I’m also in the need to support “XRootD TPC with delegated credentials” (I think) for CMS for RUCIO transfers
I’m currently running EOS 5.2.22 in production.
I read in XRootD TPC with EOS - #2 by esindril that if I setup a proxy as explained in 4.7. Protocols & APIs — EOS DIOPSIDE documentation then I don’t need to set EOS_FST_NO_SSS_ENFORCEMENT=1 in my FSTs. Right ?
I currently have EOS_FST_NO_SSS_ENFORCEMENT=1 set in my /etc/eos/config/fst/fst FSTs config file
and on my MGM I have :
[root@lyoeosmgm1 ~]# grep tpc /etc/eos/config/mgm/mgm |sed -e "/^#/d"
http.exthandler xrdtpc libXrdHttpTPC.so
ofs.tpc redirect delegated lyoeos-gw.in2p3.fr:1094
on my vanilla XRootD PSS gateway lyoeos-gw.in2p3.fr, I have :
[root@lyoeos-gw ~]# cat /etc/xrootd/xrootd-eos-gw.cfg
ofs.osslib libXrdPss.so
ofs.ckslib * libXrdPss.so
xrootd.chksum adler32
xrootd.seclib libXrdSec.so
pss.origin lyoeos.in2p3.fr:1094
all.export /eos/
all.adminpath /var/spool/xrootd
all.pidpath /var/run/xrootd
sec.protocol gsi -dlgpxy:1 -exppxy:=creds -crl:1 -moninfo:1 -cert:/etc/grid-security/hostcert.pem -key:/etc/grid-security/hostkey.pem -gridmap:/etc/grid-security/grid-mapfile -d:1 -gmapopt:2
sec.protbind * gsi
ofs.tpc autorm fcreds gsi =X509_USER_PROXY ttl 60 60 xfr 9 pgm /usr/bin/xrootd-third-party-copy.sh
[root@lyoeos-gw ~]# cat /usr/bin/xrootd-third-party-copy.sh
#!/bin/bash
dst='root://'$XRDXROOTD_ORIGIN'/'$2
/usr/bin/xrdcp --server -d 3 $1 $dst
[root@lyoeos-gw ~]# rpm -qf /usr/bin/xrdcp
xrootd-client-5.4.2-1.el7.x86_64
The command :
XrdSecPROTOCOL=gsi,unix xrdcp --tpc delegate only root://sbgdcache.in2p3.fr:1094///store/mc/Run3Summer22EENanoAODv12/WpWpJJ_EWK-QCD_TuneCP5_13p6TeV_madgraph-pythia8/NANOAODSIM/130X_mcRun3_2022_realistic_postEE_v6-v2/50000/28268227-06eb-41ef-998a-48f90ffaeeeb.root \
root://lyoeos.in2p3.fr//eos/lyoeos.in2p3.fr/home/pugnere/toto
Gives an error :
Run: [ERROR] Server responded with an error: [3000] [[x]root[s]://<host>[:<port>]/]<path> | -
I don’t know what is wrong In my config.
Best regards,
Denis