For information about the DPM-xrootd version 2.1.x (for DPM >= 1.7.0) please see: https://twiki.cern.ch/twiki/bin/view/LCG/DpmXrootAccess21
The information on the page below relates to the older, 2.0.x version.

Configuring 'xroot' Protocol on DPM

QUICK INSTALLATION SCRIPT FOR THE IMPATIENT


su - root
cd
wget http://project-arda-dev.web.cern.ch/project-arda-dev/xrootd/tarballs/installbox/xrd-installer
chmod u+x ./xrd-installer
./xrd-installer --version dpm --prefix /opt/lcg/ -p xrdbase --install
wget http://project-arda-dev.web.cern.ch/project-arda-dev/xrootd/tarballs/installbox/dpm-config.tgz
tar xvzf dpm-config.tgz
chmod u+x ./conf.xrootd
./conf.xrootd

INSTALLATION with RPMs

Binary RPMs for the plugin, base and alice specific packages can be found here:
http://project-arda-dev.web.cern.ch/project-arda-dev/alice/xrootd-dpm/
For non-ALICE setups you need only xrootd-dpm & xrootd itself.

STEP BY STEP INSTALLATION

INSTALLATION OF THE BASE PACKAGE

Only the xroot DPM-plugin is packaged and distributed as LCG software. Therefore it is necessary to install the missing client-server software in a second installation step after the yum installation of the plugin. The current plugin was compiled for Scalla(xroot) XrdVERSION "20070827-0600". You can download an installation script 'xrd-installer' for source-installation/compilation of the base package here. You need a working g++ compilation environment for this to work.

To install the base package execute as root on every DPM node (head+disk server):

 chmod u+x xrd-installer

 ./xrd-installer --version dpm --prefix /opt/lcg/ -p xrdbase --install
If the procedure was successful you should find an executable /opt/lcg/bin/xrootd on your machine.

ALICE SPECIFIC INSTALLATION OF ADDITIONAL PACKAGES

If you install a DPM for the ALICE VO you need additional xroot plugins. To install the ALICE specific environment you can skip the previous step and do directly:
 ./xrd-installer --version dpm --prefix /opt/lcg/ --install

YAIM CONFIGURATION

xroot Protocol is enabled in your site-info.def file using the switch "DPM_XROOTD=yes". You can disable GSI authentication in the site-info.def file for xroot using the switch 'DPM_XROOTD_NOGSI=yes". Currently there are problems with certain certificates and GSI authentication in xroot so it is necessary to switch off GSI authentication.
The startup and xroot configuration is defined by a main configuration file under '/etc/sysconfig/dpm-xrd'. If you don't provide this file (e.g. it does not exist), the yaim script will build the file (with or without GSI authentication) from a template DPM configuration file. Unless you have special requirements this should be sufficient for most installations. In any case verify that the file is readable for all (644 permission on /etc/sysconfig/dpm-xrd).
Warning: by default the basic configuration exports the complete '/dpm' namespace with public read-/write access to all dpm files stored in this DPM. You can restrict the public name space by changing the export statement in '/etc/xrd.dpm.config'
 export /dpm/myhost/public-dir/
After proper definition of variables run the yaim configuration function for xrootd.

NON-YAIM CONFIGURATION

If you miss the yaim scripts in your release version download this file. Extract the tgz file and execute the script 'conf.xrootd'. This executes the identical YAIM function for xroot configuration as above.

Firewall Port Settings

The manager xrootd listens by default on port 1094. The diskserver xrootd port listensby default on port 1095. You have to allow incoming access towards this ports from expected client machines. All transfers run via port 1095 - there is no need for an open high port range.

CHECKS AFTER CONFIGURATION

The head node needs the following in /etc/shift.conf :

DPNS TRUST <headnode> <diskserverA> <diskserverB> ...
DPM TRUST <headnode> <diskserverA> <diskserverB> ...
DPM PROTOCOLS ..... xroot

In addition the following lines should be added to /etc/sysconfig/dpm-xrd
export DPNS_HOST=node.name
export DPM_HOST=node.name
Where node.name is the name of the DPM head node.

xroot runs 2 services for the head node and 2 services for each disk server. The log files of
the two service daemons 'xrootd' + 'olbd' can be found under
/var/log/xroot/<xxx>/<a>log and are deleted automatic after 2 weeks by
logrotate.d

The services are handled by typical scripts:

        service dpm-xrd <start|status|stop...>
        service dpm-olb <start|status|stop...>

and on the head node also:

        service dpm-manager-xrd ...
        service dpm-manager-olb ...

ALICE SPECIFIC CONFIGURATION SETTINGS

ALICE uses a special security (authorization) plugin which needs some extra configuration parameters.
To restrict access you have to enable the ALICE plugin by editing '/etc/sysconfig/dpm-xrd'

uncomment #XRDOFS="TokenAuthzOfs" and comment XRDOFS="XrdOfs"

Then edit '/opt/lcg/etc/xrootd/authz.cf' - adjust the key location and specify the DPM path which should be exported:
# adjust the key location (they are under /opt/lcg ....)
KEY VO:*       PRIVKEY:/opt/lcg/etc/xrootd/pvkey.pem PUBKEY:/opt/lcg/etc/xrootd/pkey.pem
# export the path where you want to allow xrootd to write and read to/from f.e.
EXPORT PATH:/dpm/cern.ch/home/alice/ VO:*     ACCESS:ALLOW CERT:*
# we require strong authorization for deletion,write while for read it is not
RULE PATH:/ AUTHZ:delete|write|write-once| NOAUTHZ:read| VO:*| CERT:*

Files are still owned by uid=0 gid=0 in DPM, but the access is restricted
to the exported path. Deletion or writing is only possible with an ALICE token while
read is still open (possible witnout token) in this configuration example.

After change of the two configuration files re-run the YAIM xroot function script or the NON-YAIM xroot function script 'config.xroot'.

TEST

After the execution of installation scripts you should see 2/4 service processes as shown here:

dpmmgr    8677  0.0  0.3 134524 24836 ?      Sl   Oct16   0:16 /opt/lcg/bin/dpm-manager-xrootd -d -b -n manager -c /opt/lcg/etc/xrd.dpm.cf -l /var/log/xroot//xrdlog
dpmmgr   10768  0.0  0.1 82236 10468 ?       Sl   Oct24   5:32 /opt/lcg/bin/dpm-xrootd -d -b -n server -c /opt/lcg/etc/xrd.dpm.cf -l /var/log/xroot//xrdlog
dpmmgr   10928  0.0  0.0 29652 1712 ?        Sl   Oct24   0:00 /opt/lcg/bin/dpm-olbd -d -b -n server -c /opt/lcg/etc/xrd.dpm.cf -l /var/log/xroot//olblog
dpmmgr   28952  0.0  0.0 43380 4776 ?        Sl   Oct04   0:25 /opt/lcg/bin/dpm-manager-olbd -d -b -n manager -c /opt/lcg/etc/xrd.dpm.cf -l /var/log/xroot//olblog
The manager processes run only on the DPM head node.

Try to upload a file to DPM with xrootd protocol:
/opt/lcg/bin/xrdcp /etc/groups root://<mydpm-headnode>//dpm/<mydomain>/xroot/test1 -d 10

Then try do download a file from DPM with xrootd protocol:
/opt/lcg/bin/xrdcp root://<mydpm-headnode>//dpm/<mydomain>/xroot/test1 /tmp -d 10

The '-d 10' can be skipped to avoid the detailed xroot debug output.

In case of problems try to check the log files of dpm/dpnsdaemon/xrootd/olbd under /var/log.

Expert Configuration to use non-default space

Find out your config file:
source /etc/sysconfig/dpm-xrd; echo $XRDCONFIG 
The configuration file in use is '/etc/$XRDCONFIG'. If you are not happy with that fact, that files put by xrootd are account to root on the default space, add a space token configuration to the xrd config file. Add a line at the end of the file
dpm.putstoken <your space token>

Restart the services on the head node.


Configuration to use a specific storage type when storing files

Files added to the DPM via xroot will be stored by the DPM with its default storage type, which is Volatile. That means the DPM system is free at some point to remove the file. Users can override this with each specific xroot request, but if you would like to change the default add
dpm.putfiletype X

at the end of the '/etc/$XRDCONFIG' config file. Where X can be V, D or P.
P (for permanent) is required for LHC experiment usage. Restart the services on the head node.





-- AndreasPeters - 12 Nov 2007

Edit | Attach | Watch | Print version | History: r7 < r6 < r5 < r4 < r3 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r7 - 2010-01-06 - DavidSmith
 
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    LCG All webs login

This site is powered by the TWiki collaboration platform Powered by PerlCopyright & 2008-2019 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback