forked from DIRACGrid/DIRAC
-
Notifications
You must be signed in to change notification settings - Fork 0
/
dirac.cfg
974 lines (853 loc) · 33.5 KB
/
dirac.cfg
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
# The "DIRAC" section contains general parameters needed in most installation types.
DIRAC
{
# The name of the Virtual Organization of the installation User Community.
# The option is defined in a single VO installation.
#VirtualOrganization = myVO
# The name of the DIRAC installation Setup. This option is defined in the client
# installations to define which subset of DIRAC Systems the client will work with.
Setup = mySetup
# The list of extensions to the Core DIRAC software used by the given installation
#Extensions = WebApp
# The Configuration subsection defines several options to discover and use the configuration data
Configuration
{
# This option defines a list of configuration servers, both master and slaves,
# from which clients can obtain the configuration data.
Servers = https://server:8443/Configuration/Server
#Servers +=
# The URL of the Master Configuration Server.
# This server is used for updating the Configuration Service
MasterServer = https://server:8443/Configuration/Server
# Enables automatic merging of the modifications done in parallel by several clients.
# Takes a boolean value. By default false.
#EnableAutoMerge = false
# This subsection is used to configure the Configuration Servers attributes.
# It should not edited by hand since it is upated by the Master Configuration Server
# to reflect the current situation of the system. Takes a boolean value. By default true.
#AutoPublish = true
# Name of Configuration file
Name = Dirac-Prod
# Set propagation time, by default 300 seconds.
#PropagationTime = 300
# How many time the secondary servers are going to refresh configuration from master.
# Expressed as Integer and seconds as unit. By default 300.
#RefreshTime = 300
# Set slaves grace time in a seconds. By default 600.
#SlavesGraceTime = 600
# CS configuration version used by DIRAC services as indicator when they need to reload the
# configuration. Expressed using date format. By default 0.
#Version = 2011-02-22 15:17:41.811223
}
# This subsection defines several options related to the DIRAC security framework.
# WARNING: This section should only appear in the local dirac.cfg file of each installation,
# never in the central configuration.
Security
{
# Flag to use server certificates and not user proxies.
# This is typically true for the server installations. By default false.
#UseServerCertificate = true
# Flag to skip the server identity by the client.
# The flag is usually defined in the client installations. By default false.
#SkipCAChecks = false
# Path where the host certificate is located on the server.
# If not specified, DIRAC will try to find it.
#CertFile = /opt/dirac/etc/grid-security/hostcert.pem
# Path where the host key is located on the server.
# If not specified, DIRAC will try to find it.
#KeyFile = /opt/dirac/etc/grid-security/hostkey.pem
# Flag to use access tokens and not user proxies. This is typically false.
#UseTokens = true
# Section that describes OAuth 2.0 authorization settings and metadata,
# it is required to interact with the DIRAC Authorization Server.
# Please see https://datatracker.ietf.org/doc/html/rfc8414 for more details.
Authorization
{
# The authorization server's issuer identifier,
# which is a URL that uses the "https" scheme and has no query or fragment components.
# Please see https://datatracker.ietf.org/doc/html/rfc8414#section-2.
# This option must be defined in the client installations and on the DIRAC Authorization Server host.
#issuer = https://server/auth
# Section that describe DIRAC Authorization Server OAuth 2.0 clients metadata.
Clients
{
# Subsection name is a client name. Options are the client metadata,
# please see https://datatracker.ietf.org/doc/html/rfc7591#section-2.
#MyApp
#{
# client_id = MY_CLIENT_ID
# client_secret = MY_CLIENT_SECRET
# scope = supported scopes separated by a space
# response_types = device,
# grant_types = refresh_token,
#}
}
}
}
# The subsection defines the names of different DIRAC Setups.
Setups
{
# For each Setup known to the installation, there must be a subsection with the appropriate name.
# In each subsection of the Setup section the names of corresponding system instances are defined.
# In the example below "Production" instances of the Configuration
# and Framework systems are defined as part of the "Dirac-Production" setup.
Dirac-Production
{
# Each option represents a DIRAC System available in the Setup
# and the Value is the instance of System that is used in that setup.
# For instance, since the Configuration is unique for the whole installation,
# all setups should have the same instance for the Configuration systems.
Configuration = Production
Framework = Production
}
}
}
### Registry section:
# Sections to register VOs, groups, users and hosts
# https://dirac.readthedocs.org/en/latest/AdministratorGuide/UserManagement.html
Registry
{
## Registry options:
# Default user group to be used:
DefaultGroup = lhcb_user
# Querantine user group is usually to be used in case you want to set
# users in groups by hand as a "punishment" for a certain period of time:
QuarantineGroup = lowPriority_user
# Default proxy time expressed in seconds:
DefaultProxyTime = 4000
##
# Trusted hosts section, subsections represents host name of the DIRAC secondary servers
Hosts
{
dirac.host.com
{
# Host distinguish name obtained from host certificate
DN = /O=MyOrg/OU=Unity/CN=dirac.host.com
# Properties associated with the host
Properties = JobAdministrator
Properties += FullDelegation
Properties += Operator
Properties += CSAdministrator
Properties += ProductionManagement
Properties += AlarmsManagement
Properties += ProxyManagement
Properties += TrustedHost
}
}
## VOs:
# DIRAC VOs section, subsections represents name of the DIRAC VO or alias name of the real VOMS VO
VO
{
# It is not mandatory for the DIRAC VO to have the same name as the corresponding VOMS VO
lhcb
{
# VO administrator user name, that also MUST be registered(/Registry/Users section)
VOAdmin = lhcbadmin
# VO administrator group used for querying VOMS server.
# If not specified, the VO "DefaultGroup" will be used
VOAdminGroup = lhcb_admin
# Real VOMS VO name, if this VO is associated with VOMS VO
VOMSName = lhcb
# Registered identity provider associated with VO
IdP = CheckIn
# Section to describe all the VOMS servers that can be used with the given VOMS VO
VOMSServers
{
# The host name of the VOMS server
cclcgvomsli01.in2p3.fr
{
# DN of the VOMS server certificate
DN = /O=GRID-FR/C=FR/O=CNRS/OU=CC-IN2P3/CN=cclcgvomsli01.in2p3.fr
# The VOMS server port
Port = 15003
# CA that issued the VOMS server certificate
CA = /C=FR/O=CNRS/CN=GRID2-FR
}
}
}
}
##
## Groups:
# DIRAC groups section, subsections represents the name of the group
Groups
{
# Group for the common user
lhcb_user
{
# DIRAC users logins than belongs to the group
Users = lhcbuser1
# Group properties(set permissions of the group users)
Properties = NormalUser # Normal user operations
# Permission to download proxy with this group, by default: True
DownloadableProxy = False
# Role of the users in the VO
VOMSRole = /lhcb
# Scope associated with a role of the user in the VO
IdPRole = some_special_scope
# Virtual organization associated with the group
VOMSVO = lhcb
# Just for normal users:
JobShare = 200
# Controls automatic Proxy upload:
AutoUploadProxy = True
# Controls automatic Proxy upload for Pilot groups:
AutoUploadPilotProxy = True
# Controls automatic addition of VOMS extension:
AutoAddVOMS = True
}
# Group to submit pilot jobs
lhcb_pilot
{
Properties = GenericPilot # Generic pilot
Properties += LimitedDelegation # Allow getting only limited proxies (ie. pilots)
Properties += Pilot # Private pilot
}
# Admin group
lhcb_admin
{
Properties = AlarmsManagement # Allow to set notifications and manage alarms
Properties += ServiceAdministrator # DIRAC Service Administrator
Properties += CSAdministrator # possibility to edit the Configuration Service
Properties += JobAdministrator # Job Administrator can manipulate everybody's jobs
Properties += FullDelegation # Allow getting full delegated proxies
Properties += ProxyManagement # Allow managing proxies
Properties += Operator # Operator
}
}
##
## Users:
# DIRAC users section, subsections represents the name of the user
Users
{
lhcbuser1
{
# Distinguish name obtained from user certificate (Mandatory)
DN = /O=My organisation/C=FR/OU=Unit/CN=My Name
# User e-mail (Mandatory)
Email = [email protected]
# Cellular phone number
mobile = +030621555555
# Quota assigned to the user. Expressed in MBs.
Quota = 300
# This subsection describes the properties associated with each DN attribute (optional)
DNProperties
{
# Arbitrary section name
DNSubsection
{
# Distinguish name obtained from user certificate (Mandatory)
DN = /O=My organisation/C=FR/OU=Unit/CN=My Name
# Proxy provider that can generate the proxy certificate with DN in DN attribute.
ProxyProviders = MY_DIRACCA
}
}
}
}
##
}
###
# the systems section is automatically obtained from the ConfigTemplate.cfg files and can be found at
# https://dirac.readthedocs.org/en/latest/AdministratorGuide/Configuration/ExampleConfig.html
Systems
{
DataManagementSystem
{
Agents
{
# http://dirac.readthedocs.io/en/latest/AdministratorGuide/Systems/DataManagement/fts3.html#fts3agent
FTS3Agent
{
OperationBulkSize = 20 # How many Operation we will treat in one loop
JobBulkSize = 20 # How many Job we will monitor in one loop
MaxFilesPerJob = 100 # Max number of files to go in a single job
MaxAttemptsPerFile = 256 # Max number of attempt per file
DeleteGraceDays = 180 # days before removing jobs
DeleteLimitPerCycle = 100 # Max number of deletes per cycle
KickAssignedHours = 1 # hours before kicking jobs with old assignment tag
KickLimitPerCycle = 100 # Max number of kicks per cycle
}
}
Services
{
# http://dirac.readthedocs.io/en/latest/AdministratorGuide/Systems/DataManagement/dfc.html#filecataloghandler
FileCatalogHandler
{
Port = 9197
DatasetManager = DatasetManager
DefaultUmask = 0775
DirectoryManager = DirectoryLevelTree
DirectoryMetadata = DirectoryMetadata
FileManager = FileManager
FileMetadata = FileMetadata
GlobalReadAccess = True
LFNPFNConvention = Strong
ResolvePFN = True
SecurityManager = NoSecurityManager
SEManager = SEManagerDB
UniqueGUID = False
UserGroupManager = UserAndGroupManagerDB
ValidFileStatus = [AprioriGoodTrashRemovingProbing]
ValidReplicaStatus = [AprioriGoodTrashRemovingProbing]
VisibleFileStatus = [AprioriGood]
VisibleReplicaStatus = [AprioriGood]
}
# http://dirac.readthedocs.io/en/latest/AdministratorGuide/Systems/DataManagement/fts.html#ftsmanager
FTS3ManagerHandler
{
# No specific configuration
Port = 9193
}
}
Databases
{
# http://dirac.readthedocs.io/en/latest/AdministratorGuide/Systems/DataManagement/dfc.html#filecatalogdb
FileCatalogDB
{
# No specific configuration
DBName = FileCatalogDB
}
FTS3DB
{
# No specific configuration
DBName = FTS3DB
}
}
}
RequestManagementSystem
{
Agents
{
# http://dirac.readthedocs.io/en/latest/AdministratorGuide/Systems/RequestManagement/rmsComponents.html#cleanreqdbagent
CleanReqDBAgent
{
DeleteGraceDays = 60 # Delay after which Requests are removed
DeleteLimit = 100 # Maximum number of Requests to remove per cycle
DeleteFailed = False # Whether to delete also Failed request
KickGraceHours = 1 # After how long we should kick the Requests in `Assigned`
KickLimit = 10000 # Maximum number of requests kicked by cycle
}
# http://dirac.readthedocs.io/en/latest/AdministratorGuide/Systems/RequestManagement/rmsComponents.html#requestexecutingagent
RequestExecutingAgent
{
BulkRequest = 0
MinProcess = 1
MaxProcess = 8
ProcessPoolQueueSize = 25
ProcessPoolTimeout = 900
ProcessTaskTimeout = 900
ProcessPoolSleep = 4
RequestsPerCycle = 50
# Define the different Operation types
# see http://dirac.readthedocs.io/en/latest/AdministratorGuide/Systems/RequestManagement/rmsObjects.html#operation-types
OperationHandlers
{
DummyOperation
{
# These parameters can be defined for all handlers
# The location of the python file, without .py, is mandatory
Location = DIRAC/DataManagementSystem/Agent/RequestOperations/DummyHandler # Mandatory
LogLevel = DEBUG # self explanatory
MaxAttemts = 256 # Maximum attempts per file
TimeOut = 300 # Timeout in seconds of the operation
TimeOutPerFile = 40 # Additional delay per file
}
ForwardDISET{
Location = DIRAC/RequestManagementSystem/Agent/RequestOperations/ForwardDISET
}
MoveReplica
{
Location = DIRAC/DataManagementSystem/Agent/RequestOperations/MoveReplica
}
PutAndRegister
{
Location = DIRAC/DataManagementSystem/Agent/RequestOperations/PutAndRegister
}
RegisterFile
{
Location = DIRAC/DataManagementSystem/Agent/RequestOperations/RegisterFile
}
RegisterReplica
{
Location = DIRAC/DataManagementSystem/Agent/RequestOperations/RegisterReplica
}
RemoveFile
{
Location = DIRAC/DataManagementSystem/Agent/RequestOperations/RemoveFile
}
RemoveReplica
{
Location = DIRAC/DataManagementSystem/Agent/RequestOperations/RemoveReplica
}
ReplicateAndRegister
{
Location = DIRAC/DataManagementSystem/Agent/RequestOperations/ReplicateAndRegister
FTSMode = True # If True, will use FTS to transfer files
FTSBannedGroups = lhcb_user # list of groups for which not to use FTS
}
SetFileStatus
{
Location = DIRAC/TransformationSystem/Agent/RequestOperations/SetFileStatus
}
}
}
}
Databases
{
# http://dirac.readthedocs.io/en/latest/AdministratorGuide/Systems/RequestManagement/rmsComponents.html#requestdb
RequestDB
{
# No specific configuration
DBName = RequestDB
}
}
Services
{
# http://dirac.readthedocs.io/en/latest/AdministratorGuide/Systems/RequestManagement/rmsComponents.html#reqmanager
ReqManager
{
Port = 9140
constantRequestDelay = 0 # Constant delay when retrying a request
}
# http://dirac.readthedocs.io/en/latest/AdministratorGuide/Systems/RequestManagement/rmsComponents.html#reqproxy
ReqProxy
{
Port = 9161
}
}
URLs
{
# Yes.... it is ReqProxyURLs, and not ReqProxy...
# http://dirac.readthedocs.io/en/latest/AdministratorGuide/Systems/RequestManagement/rmsComponents.html#reqproxy
ReqProxyURLs = dips://server1:9161/RequestManagement/ReqProxy, dips://server2:9161/RequestManagement/ReqProxy
}
}
TransformationSystem
{
Agents
{
##BEGIN TransformationCleaningAgent
TransformationCleaningAgent
{
# MetaData key to use to identify output data
TransfIDMeta=TransformationID
# Location of the OutputData, if the OutputDirectories parameter is not set for
# transformations only 'MetadataCatalog has to be used
DirectoryLocations=TransformationDB,MetadataCatalog
# Enable or disable, default enabled
EnableFlag=True
# How many days to wait before archiving transformations
ArchiveAfter=7
# Shifter to use for removal operations, default is empty and
# using the transformation owner for cleanup
shifterProxy=
# Which transformation types to clean
# If not filled, transformation types are taken from
# Operations/Transformations/DataManipulation
# and Operations/Transformations/DataProcessing
TransformationTypes=
# Time between cycles in seconds
PollingTime = 3600
}
##END
}
}
Framework
{
Services
{
ComponentMonitoring
{
Port = 9190
# This enables ES monitoring only for this particular service.
EnableActivityMonitoring = no
Authorization
{
Default = ServiceAdministrator
componentExists = authenticated
getComponents = authenticated
hostExists = authenticated
getHosts = authenticated
installationExists = authenticated
getInstallations = authenticated
updateLog = Operator
}
}
}
}
}
Resources
{
# Section for identity providers, subsections is the names of the identity providers
# https://dirac.readthedocs.org/en/latest/AdministratorGuide/Resources/identityprovider.html
IdProviders
{
## EGI Checkin type:
EGI_Checkin
{
# What supported type of provider does it belong to
ProviderType = CheckIn
# Description of the client parameters registered on the identity provider side.
# Look here for information about client parameters description https://tools.ietf.org/html/rfc8414#section-2
issuer = https://issuer
client_id = type_client_id_here_receved_after_client_registration
client_secret = type_client_secret_here_receved_after_client_registration
# Scopes that will be used by default
scope = openid, profile, offline_access, eduperson_entitlement, cert_entitlement
}
##
## WLCG IAM type:
WLCG_IAM
{
ProviderType = IAM
issuer = https://issuer
client_id = type_client_id_here_receved_after_client_registration
client_secret = type_client_secret_here_receved_after_client_registration
scope = openid, profile, offline_access, eduperson_entitlement, cert_entitlement
}
##
}
# Section for setting options for ComputingElements
Computing
{
# ComputingElement options can be set with different degrees of specialization:
#
# /Resources/Computing/CEDefaults* for all computing elements
# /Resources/Computing/<CEType>* for CEs of a given type, e.g., HTCondorCE or ARC
# /Resources/Sites/<grid>/<site>/CEs* for all CEs at a given site
# /Resources/Sites/<grid>/<site>/CEs/<CEName>* for a specific CE
#
# Values are overwritten by the most specialized option.
# The options below can be valid for all computing element types
CEDefaults
{
# Default environment file sourced before calling rid commands, without extension '.sh'
GridEnv = /opt/dirac/gridenv
# Will be added to the pilot configuration as /LocalSite/SharedArea
SharedArea = /cvmfs/lhcb.cern.ch/lib
# or adding some generic pilot options (only for pilots submitted by SiteDirectors)
# the example below will add the environment variable DIRACSYSCONFIG (see :ref:`bashrc_variables`)
ExtraPilotOptions = --userEnvVariables DIRACSYSCONFIG:::pilot.cfg
# for adding the --modules=value option to dirac-pilot
Modules =
# for adding the --pipInstallOptions=value to dirac-pilot
PipInstallOptions = --index-url https://lhcb-repository.web.cern.ch/repository/pypi/simple
# The upper limit for the NumberOfProcessors queue parameter set by the :mod:`~DIRAC.ConfigurationSystem.Agent.Bdii2CSAgent`
GLUE2ComputingShareMaxSlotsPerJob_limit = 8
}
Singularity
{
# The root image location for the container to use
# Default: /cvmfs/cernvm-prod.cern.ch/cvm4
ContainerRoot = /cvmfs/cernvm-prod.cern.ch/cvm4
# The binary to start the container
# default: singularity
ContainerBin = /opt/extras/bin/singularity
# List of directories to bind
ContainerBind = /etc/grid-security,someDir:::BoundHere
# Extra options for starting the container
ContainerOptions=--cleanenv
# Flag for re-installing, or not, DIRAC in the container (default: True)
InstallDIRACInContainer = False
# If set to True container work area won't be deleted at end of job (default: False)
KeepWorkArea = True
}
ARC
{
# For the options for the ARC Computing Element see :mod:`~DIRAC.Resources.Computing.ARCComputingElement`
}
HTCondor
{
# For the options for the HTCondorCEs see :mod:`~DIRAC.Resources.Computing.HTCondorCEComputingElement`
}
}
# This section is used to define a compatibility matrix between dirac platforms (:ref:`admin_dirac-platform`) and OS versions.
OSCompatibility
{
# What's on the left is an example of a dirac platform as determined the dirac-platform script (:ref:`admin_dirac-platform`).
# This platform is declared to be compatible with a list of "OS" strings.
# These strings are identifying the architectures of computing elements.
# This list of strings can be constructed from the "Architecture" + "OS" fields
# that can be found in the CEs description in the CS (:ref:`cs-site`).
# This compatibility is, by default, used by the SiteDirector when deciding if to send a pilot or not to a certain CE:
# The SiteDirector matches "TaskQueues" to Computing Element capabilities
Linux_x86_64_glibc-2.17 = ...
}
# Section for proxy providers, subsections is the names of the proxy providers
# https://dirac.readthedocs.org/en/latest/AdministratorGuide/Resources/proxyprovider.html
ProxyProviders
{
## DIRACCA type:
MY_DIRACCA
{
# Main option, to show which proxy provider type you want to register.
ProviderType = DIRACCA
# The path to the CA certificate. This option is required.
CertFile = /opt/dirac/etc/grid-security/DIRACCA-EOSH/cert.pem
# The path to the CA key. This option is required.
KeyFile = /opt/dirac/etc/grid-security/DIRACCA-EOSH/key.pem
# The distinguished name fields that must contain the exact same contents as that field in the CA's
# DN. If this parameter is not specified, the default value will be a empty list.
Match = O, OU
# The distinguished name fields list that must be present. If this parameter is not specified, the
# default value will be a "CN".
Supplied = C, CN
# The distinguished name fields list that are allowed, but not required. If this parameter is not
# specified, the default value will be a "C, O, OU, emailAddress"
Optional = emailAddress
# Order of the distinguished name fields in a created user certificate. If this parameter is not
# specified, the default value will be a "C, O, OU, CN, emailAddress"
DNOrder = C, O, OU, emailAddress, CN
# To set default value for distinguished name field.
C = FR
O = DIRAC
OU = DIRAC TEST
# The path to the openssl configuration file. This is optional and not recomended to use.
# But if you choose to use this option, it is recommended to use a relatively simple configuration.
# All required parameters will be taken from the configuration file, except "DNOrder".
CAConfigFile = /opt/dirac/pro/etc/openssl_config_ca.cnf
}
##
## PUSP type:
MY_PUSP
{
ProviderType = DIRACCA
# PUSP service URL
ServiceURL = https://mypuspserver.com/
}
##
## OAuth2 type:
MY_OAuth2
{
ProviderType = OAuth2
# Authorization server's issuer identifier URL
issuer = https://masterportal-pilot.aai.egi.eu/mp-oa2-server
# Identifier of OAuth client
client_id = myproxy:oa4mp,2012:/client_id/aca7c8dfh439fewjb298fdb
# Secret key of OAuth client
client_secret = ISh-Q32bkXRf-HD2hdh93d-hd20DH2-wqedwiU@S22
# OAuth2 parameter specified in https://tools.ietf.org/html/rfc6749
prompt = consent
# Some specific parameter for specific proxy provider
max_proxylifetime = 864000
proxy_endpoint = https://masterportal-pilot.aai.egi.eu/mp-oa2-server/getproxy
}
##
}
# Where all your Catalogs are defined
FileCatalogs
{
# There is one section per catalog
# See http://dirac.readthedocs.io/en/latest/AdministratorGuide/Resources/Catalog/index.html
<MyCatalog>
{
CatalogType = <myCatalogType> # used for plugin selection
CatalogURL = <myCatalogURL> # used for DISET URL
}
}
# FTS endpoint definition http://dirac.readthedocs.io/en/latest/AdministratorGuide/Systems/DataManagement/fts.htmlfts-servers-definition
<anyOptions> # Passed to the constructor of the pluginFTSEndpoints
{
FTS3
{
CERN-FTS3 = https://fts3.cern.ch:8446
}
}
# Abstract definition of storage elements, used to be inherited.
# see http://dirac.readthedocs.io/en/latest/AdministratorGuide/Resources/Storages/index.html#storageelementbases
StorageElementBases
{
# The base SE definition can contain all the options of a normal SE
# http://dirac.readthedocs.io/en/latest/AdministratorGuide/Resources/Storages/index.html#storageelements
CERN-EOS
{
BackendType = eos # backend type of storage element
SEType = T0D1 # Tape or Disk SE
UseCatalogURL = True # used the stored url or generate it (default False)
ReadAccess = True # Allowed for Read if no RSS enabled
WriteAccess = True # Allowed for Write if no RSS enabled
CheckAccess = True # Allowed for Check if no RSS enabled
RemoveAccess = True # Allowed for Remove if no RSS enabled
OccupancyLFN = /lhcb/storageDetails.json # Json containing occupancy details
SpaceReservation = LHCb-EOS # Space reservation name if any. Concept like SpaceToken
ArchiveTimeout = 84600 # Timeout for the FTS archiving
BringOnlineTimeout = 84600 # Timeout for the bring online operation used by FTS
# Protocol section, see http://dirac.readthedocs.io/en/latest/AdministratorGuide/Resources/Storages/index.html#available-protocol-plugins
GFAL2_SRM2
{
Host = srm-eoslhcb.cern.ch
Port = 8443
PluginName = GFAL2_SRM2 # If different from the section name
Protocol = srm # primary protocol
Path = /eos/lhcb/grid/prod # base path
Access = remote
SpaceToken = LHCb-EOS
WSUrl = /srm/v2/server?SFN=
InputProtocols = file, https, root, srm, gsiftp # Allow to overwrite the list of protocols understood as input
OutputProtocols = file, https, root, srm, gsiftp # Allow to overwrite the list of protocols that can be generated
}
}
}
# http://dirac.readthedocs.io/en/latest/AdministratorGuide/Resources/Storages/index.html#storageelements
StorageElements
{
# Just inherit everything from CERN-EOS, without change
CERN-DST-EOS
{
BaseSE = CERN-EOS
}
# inherit from CERN-EOS
CERN-USER
{
BaseSE = CERN-EOS
# Modify the options for Gfal2
GFAL2_SRM2
{
Path = /eos/lhcb/grid/user
SpaceToken = LHCb_USER
}
# Add an extra protocol
GFAL2_XROOT
{
Host = eoslhcb.cern.ch
Port = 8443
Protocol = root
Path = /eos/lhcb/grid/user
Access = remote
SpaceToken = LHCb-EOS
WSUrl = /srm/v2/server?SFN=
}
}
CERN-ALIAS
{
Alias = CERN-USER # Use CERN-USER when instanciating CERN-ALIAS
}
}
# See http://dirac.readthedocs.io/en/latest/AdministratorGuide/Resources/Storages/index.html#storageelementgroups
StorageElementGroups
{
CERN-Storages = CERN-DST-EOS, CERN-USER
}
}
Operations
{
MonitoringBackends
{
# This flag will globally enable Accounting and ES based monitoring of all types in DIRAC.
# `Accounting` is the default value, and `Monitoring` should be added if you wish to have both.
# If you want to override it and have a specific backend for a monitoring type, you should add a flag for it.
# For more info https://dirac.readthedocs.io/en/integration/AdministratorGuide/Systems/MonitoringSystem/index.html
Default = Accounting
# WMSHistory = Monitoring
# DataOperation = Accounting, Monitoring
# PilotSubmissionMonitoring = Accounting
# AgentMonitoring = ...
# ServiceMonitoring = ...
# RMSMonitoring = ...
}
# This is the default section of operations.
# Any value here can be overwriten in the setup specific section
Defaults
{
# Flag for globally disabling the use of the SecurityLogging service
EnableSecurityLogging = False
DataManagement
{
# see http://dirac.readthedocs.io/en/latest/AdministratorGuide/Resources/Catalog/index.html#multi-protocol
# for the next 4 options
AccessProtocols = srm
AccessProtocols += dips
RegistrationProtocols = srm
RegistrationProtocols += dips
#
StageProtocols = srm
ThirdPartyProtocols = srm
WriteProtocols = srm
WriteProtocols += dips
# FTS related options. See http://dirac.readthedocs.io/en/latest/AdministratorGuide/Systems/DataManagement/fts.html
FTSVersion = FTS3 # should only be that...
FTSPlacement
{
FTS3
{
ServerPolicy = Random # http://dirac.readthedocs.io/en/latest/AdministratorGuide/Systems/DataManagement/fts.html#ftsserver-policy
# Plugin to alter default TPC selection list
FTS3Plugin = Default # http://dirac.readthedocs.io/en/latest/AdministratorGuide/Systems/DataManagement/fts.html#fts3-plugins
}
}
# Matrix to define the multihop strategy.
# See http://dirac.readthedocs.io/en/latest/AdministratorGuide/Systems/DataManagement/fts3.html#multihop-support
MultiHopMatrixOfShame
{
# Used for any source which does not have a more specific rule
Default
{
# Default -> Default basically means "anything else than all the other defined routes"
Default = GlobalDefault
# Hop between "anything else" and IN3P3-DST
IN2P3-DST = DefaultToIN2P3-DST
# Hop between "anything else" and any SE inheriting from CNAF-Disk
CNAF-Disk = DefaultToCNAF-Disk
}
# Any transfer starting from CERN-RAW
CERN-RAW
{
# CERN-RAW -> anywhere else
Default = DefaultFromCERN-RAW
# Do not use multihop between CERN-RAW and SE inheriting from CERN-Disk
CERN-Disk = disabled
# CERN-RAW -> any SE inheriting from CNAF-Disk
CNAF-Disk = CERN-RAW-CNAF-Disk
# CERN-RAW->CNAF-DST (takes precedence over CERN-RAW -> CNAF-Disk)
CNAF-DST = CERN-RAW-CNAF-DST
# CERN-RAW -> IN2P3-DST
IN2P3-DST = disabled
}
}
}
# Options for the pilot3
# See https://dirac.readthedocs.io/en/latest/AdministratorGuide/Systems/WorkloadManagement/Pilots/Pilots3.html
Pilot
{
pilotRepo = https://github.com/DIRACGrid/Pilot.git # git repository of the pilot
pilotScriptsPath = Pilot # Path to the code, inside the Git repository
pilotRepoBranch = master # Branch to use
pilotVORepo = https://github.com/MyDIRAC/VOPilot.git # git repository of the pilot extension
pilotVOScriptsPath = VOPilot # Path to the code, inside the Git repository
pilotVORepoBranch = master # Branch to use
uploadToWebApp = True # Try to upload the files from the CS to the list of servers
workDir = /tmp/pilot3Files # Local work directory on the masterCS for synchronisation
}
Services
{
# See http://dirac.readthedocs.io/en/latest/AdministratorGuide/Resources/Catalog/index.html
Catalogs
{
CatalogList = Catalog1
CatalogList += Catalog2
CatalogList += etc # List of catalogs defined in Resources to use
# Each catalog defined in Resources should also contain some runtime options here
<MyCatalog>
{
Status = Active # enable the catalog or not (default Active)
AccessType = Read-Write # No default
AccessType += must be set
Master = True # See http://dirac.readthedocs.io/en/latest/AdministratorGuide/Resources/Catalog/index.html#master-catalog
# Dynamic conditions to enable or not the catalog
# See http://dirac.readthedocs.io/en/latest/AdministratorGuide/Resources/Catalog/index.htmlconditional-filecatalogs
Conditions
{
WRITE = <myWriteCondition>
READ = <myReadCondition>
ALL = <valid for all conditions>
<myMethod> = <myCondition valid only for myMethod>
}
}
}
}
}
# Options in this section will only be used when running with the
# <MySetup> setup
<MySetup>
{
}
}