Potential Issues Observed with Xrootd

This page keeps a laundry list of potential issues with Xrootd. I have tried to keep this in order of importance:

  1. Namespace throttling: The cmsd that acts as a proxy between the global/regional redirector and the local (non-xrootd) filesystem can query the namespace at a far higher rate than many filesystems can support. We need a mechanism to throttle the rate of incoming queries to something acceptable to sites.
  2. Redirects: The client currently tosses an error and dies at the first authentication issue. This means the client will give up after the first "bad site" it encounters. It should try a different cluster or try a different server by default until it runs out of possible sources.
  3. User experience / Improved console messages for client: Users have complained that, by default, Xrootd gives no feedback about its activities - this can be very frustrating if the remote server asks the client to delay for 10 minutes, for example. The first level of debug info provides too much information - typically, only experts can read it. CMS users need a "happy medium".
  4. Query rate monitoring for cmsd: We would like to have better monitoring about the cmsd activity.
  5. Monitoring for client: We have no clue when a client encounters an error (login denied, unable to access server, file-not-found); we'd like to be able to record this in a manner similar to the existing monitoring infrastructure.
  6. CA Certs for client: CMS would like to explore/understand the security implications of not having clients validate CA certificates when reading. It appears skipping this step adds little risk and potential for reward.

Other

These things appear interesting, but are not on the critical path.

  1. Authentication/authorization of caches: What's the best way to handle the authentication/authorization of cache servers? The suggestion was to have the cache servers themselves authenticate using their host certs. How possible is it to do this within CMS? There are lots of unanswered questions in this arena right now.
  2. Unable to download directories: We are unable to download entire directories using the redirector. It's not entirely obvious whether this is a well-defined action or not.
Edit | Attach | Watch | Print version | History: r2 < r1 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r2 - 2011-02-09 - BrianBockelman
 
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    Main All webs login

This site is powered by the TWiki collaboration platform Powered by PerlCopyright & 2008-2019 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback