1arc.conf(5) NorduGrid ARC arc.conf(5)
2
6 arc.conf - ARC configuration
7
10 /etc/arc.conf
11 ${ARC_LOCATION}/etc/arc.conf
13
16 ARC has two separate configuration files - one for client tools and
17 another for services. This document describes the services configura‐
18 tion file. For client configuration please see "ARC Clients User Man‐
19 ual" at http://www.nordugrid.org/documents/arc-ui.pdf
20 ARC configuration uses a plain-text "ini-style" format. It is also pos‐
22 sible to use an XML format, however that is outside the scope of this
23 document.
24 The configuration file consists of several configuration blocks. Each
26 configuration block is identified by a keyword and contains the config‐
27 uration options for a specific part of the ARC middleware.
28 Each configuration block starts with its identifying keyword inside
30 square brackets. Thereafter follows one or more attribute value pairs
31 written one on each line in the following format (note that the
32 attribute names are CASE-SENSITIVE):
33 [keyword1]
35 attribute1="value1"
36 attribute2="value2"
37 [keyword2]
39 attribute="value"
40 If the ARC_LOCATION environment variable is set the ARC configuration
42 file located at ${ARC_LOCATION}/etc/arc.conf is read first. If this
43 file is not present or the relevant configuration information is not
44 found in this file, the file at /etc/arc.conf is read.
45
48 The parameters set within this block are available for all the other
49 blocks. These are the configuration parameters shared by the different
50 components of ARC (e.g. grid-manager, infosys)
51 hostname
55 hostname - the FQDN of the frontend node, optional in the common
56 block but MUST be set in the cluster block
57 Example:
59 hostname="myhost.org"
60 x509_voms_dir
63 x509_voms_dir path - the path to the directory containing *.lsc
64 files needed for checking validity of VOMS extensions. If not
65 specified default value /etc/grid-security/vomsdir is used.
66 Example:
68 x509_voms_dir="/etc/grid-security/vomsdir"
69 lrms ARC supports various LRMS flavours, as listed in this section.
72 For detailed description of options please refer to ARC CE
73 sysadmin guide:
74 http://www.nordugrid.org/documents/arc-ce-sysadm-guide.pdf
76 ONLY ONE LRMS IS ALLOWED. MULTIPLE lrms ENTRIES WILL TRIGGER
78 UNEXPECTED BEHAVIOUR.
79 lrms sets the type of the Local Resource Management System
81 (queue system), and optionally - the default queue name, sepa‐
82 rated with a blank space: lrmstype queue_name. For lrmstype,
83 the following systems are supported and can be chosen (one per
84 server):
85 fork - simple forking of jobs to the same node as the
86 server
87 sge - (Sun/Oracle) Grid Engine
88 condor - Condor
89 pbs - PBS
90 lsf - LSF
91 ll - LoadLeveler
92 slurm - SLURM
93 dgbridge - Desktop Grid
94 PBS has many flavours, ARC currenly supports OpenPBS, PBSPro,
96 ScalablePBS and Torque (the official name for ScalablePBS).
97 There is no need to specify the flavour or the version number of
98 the PBS, simply write 'pbs'. Similarly, there is no need to
99 specify (Sun/Oracle) Grid Engine versions and flavours. "lrm‐
100 stype" MUST be set here, it is a MANDATORY parameter!
101 The optional queue parameter specifies the default Grid queue of
103 the LRMS. Jobs will be submitted to this queue if they do not
104 specify queue name in job description. Queue name must match one
105 of the [queue/queue_name] block labels, see below.
106 Example:
108 lrms="pbs gridlong"
109 lrms="pbs"
110
113 pbs_bin_path
114 the path to the qstat,pbsnodes,qmgr etc PBS binaries, no need to
115 set if PBS is not used
116 Example:
118 pbs_bin_path="/usr/bin"
119 pbs_log_path
122 the path of the PBS server logfiles which are used by A-REX to
123 determine whether a PBS job is completed. If not specified, A-
124 REX will use qstat for that.
125 Example:
127 pbs_log_path="/var/spool/pbs/server_logs"
128
131 condor_rank
132 condor_rank - If you are not happy with the way Condor picks
133 nodes when running jobs, you can define your own ranking algo‐
134 rithm by optionally setting the condor_rank attribute. con‐
135 dor_rank should be set to a ClassAd float expression that you
136 could use in the Rank attribute in a Condor job description.
137 Obviously no need to set if Condor is not used. An example:
138 Example:
140 condor_rank="(1-LoadAvg/2)*(1-LoadAvg/2)*Mem‐
141 ory/1000*KFlops/1000000"
142 condor_bin_path
145 condor_bin_path - Path to Condor binaries. Must be set if Condor
146 is used.
147 Example:
149 condor_bin_path=/opt/condor/bin
150 condor_config
153 condor_config - Path to Condor config file. Must be set if Con‐
154 dor is used and the config file is not in its default location
155 (/etc/condor/condir_config or ~/condor/condor_config). The full
156 path to the file should be given.
157 Example:
159 condor_config=/opt/condor/etc/condor_config
160
163 sge_bin_path
164 sge_bin_path - Path to Sun Grid Engine (SGE) binaries, MUST be
165 set if SGE is the LRMS used
166 Example:
168 sge_bin_path="/opt/n1ge6/bin/lx24-x86"
169 sge_root
172 sge_root - Path to SGE installation directory. MUST be set if
173 SGE is used.
174 Example:
176 sge_root="/opt/n1ge6"
177 sge_cell
180 sge_cell - The name of the SGE cell to use. This option is only
181 necessary in case SGE is set up with a cell name different from
182 'default'
183 Example:
185 sge_cell="default"
186 sge_qmaster_port
189 sge_qmaster_port, sge_execd_port - these options should be used
190 in case SGE command line clients require SGE_QMASTER_PORT and
191 SGE_EXECD_PORT environment variables to be set. Usually they are
192 not necessary.
193 Example:
195 sge_qmaster_port="536"
196 sge_execd_port="537"
197
200 slurm_bin_path
201 slurm_bin_path - Path to SLURM binaries, must be set if
202 installed outside of normal $PATH
203 Example:
205 slurm_bin_path="/usr/bin"
206 slurm_wakeupperiod
209 How long should infosys wait before querying SLURM for new data
210 (seconds)
211 Example:
213 slurm_wakeupperiod="15"
214 slurm_use_sacct
217 Should ARC use sacct instead of scontrol to get information on
218 finished jobs. Requires that accounting is turned on in SLURM.
219 Default is "no".
220 Example:
222 slurm_use_sacct="yes"
223
226 lsf_bin_path
227 the PATH to LSF bin folder no need to set if LSF is not used
228 Example:
230 lsf_bin_path="/usr/local/lsf/bin/"
231 lsf_profile_path
234 the PATH to profile.lsf no need to set if LSF is not used
235 Example:
237 lsf_profile_path="/usr/share/lsf/conf"
238
241 ll_bin_path
242 the PATH to the LoadLeveler bin folder no need to set if
243 LoadLeveler is not used
244 Example:
246 ll_bin_path="/opt/ibmll/LoadL/full/bin"
247 ll_consumable_resources
250 support for a LoadLeveler setup using Consumable Resources no
251 need to set if LoadLeveler is not used
252 Example:
254 ll_consumable_resources="yes"
255
258 dgbridge_stage_dir
259 Desktop Bridge www publish dir
260 Example:
262 dgbridge_stage_dir="/var/www/DGBridge"
263 dgbridge_stage_prepend
266 Desktop Bridge URL prefix pointing to dgbridge_stage_dir
267 Example:
269 dgbridge_stage_prepend="http://edgi-bridge.exam‐
270 ple.com/DGBridge/"
271
274 boinc_db_host boinc_db_port boinc_db_name boinc_db_user boinc_db_pass
275 Connection details for the Boinc database.
276 Example:
278 boinc_db_host="localhost"
279 boinc_db_port="3306"
280 boinc_db_name="myproject"
281 boinc_db_user="boinc"
282 boinc_db_pass="password"
283 boinc_app_id = id
286 ID of the app handled by this CE. Setting this option makes
287 database queries much faster in large projects with many apps.
288 Example:
290 boinc_app_id="1"
291
294 globus_tcp_port_range
295 globus_tcp_port_range, globus_udp_port_range - Firewall configu‐
296 ration In a firewalled environment the software which uses GSI
297 needs to know what ports are available. The full documentation
298 can be found at: http://dev.globus.org/wiki/FirewallHowTo These
299 variable are similar to the Globus environment variables:
300 GLOBUS_TCP_PORT_RANGE and GLOBUS_UDP_PORT_RANGE. These vari‐
301 ables are not limited to [common], but can be set individually
302 for each service in corresponding section: [grid-manager],
303 [gridftpd] Example:
304 Example:
306 globus_tcp_port_range="9000,12000"
307 globus_udp_port_range="9000,12000"
308 x509_user_key
311 x509_user_cert, x509_user_key - Server credentials location.
312 These variables are similar to the GSI environment variables:
313 X509_USER_KEY and X509_USER_CERT These variables are not limited
314 to [common], but can be set individually for each service in
315 corresponding section: [grid-manager], [gridftpd], [nor‐
316 dugridmap]
317 Example:
319 x509_user_key="/etc/grid-security/hostkey.pem"
320 x509_user_cert="/etc/grid-security/hostcert.pem"
321 x509_cert_dir
324 x509_cert_dir - Location of trusted CA certificates This vari‐
325 able is similar to the GSI environment variable: X509_CERT_DIR
326 This variable is not limited to [common], but can be set indi‐
327 vidually for each service in corresponding section: [grid-man‐
328 ager], [gridftpd]
329 Example:
331 x509_cert_dir="/etc/grid-security/certificates"
332 gridmap
335 gridmap - The gridmap file location This variable is similar to
336 the GSI environment variable: GRIDMAP This variable is not lim‐
337 ited to [common], but can be set individually for each service
338 in corresponding section: [grid-manager], [gridftpd] The default
339 is /etc/grid-security/grid-mapfile
340 Example:
342 gridmap="/etc/grid-security/grid-mapfile"
343 voms_processing
346 voms_processing - Defines how to behave if errors in VOMS AC
347 processing detected.
348 relaxed - use everything that passed validation.
349 standard - same as relaxed but fail if parsing errors took
350 place and VOMS extension is marked as critical. This is the
351 default.
352 strict - fail if any parsing error was discovered.
353 noerrors - fail if any parsing or validation error happened.
354 This command can also be used in [grid-manager] and [gridftpd]
355 blocks.
356 Example:
358 voms_processing="standard"
359 voms_trust_chain
362 voms_trust_chain - Define the DN chain that the host services
363 trust when the VOMS AC from peer VOMS proxy certificate is
364 parsed and validated. There can be multiple "voms_trust_chain"
365 existing, each one corresponds to a VOMS server. This variable
366 is similar to the information in *.lsc file, but with two dif‐
367 ferences:
368 1, You don't need to create a *.lsc file per VOMS server, but
369 create a chain per VOMS server;
370 2, Regular expressions are supported when matching the DNs.
371 This variable is not limited to [common], but can be used in
373 [grid-manager] and [gridftpd] blocks. This variable should be
374 used together with voms_processing. This variable will over‐
375 write the information in *.lsc if *.lsc exists.
376 Example:
378 voms_trust_chain = "/O=Grid/O=NorduGrid/CN=host/arthur.hep.lu.se" "/O=Grid/O=NorduGrid/CN=NorduGrid Certification Authority"
379 voms_trust_chain = "/O=Grid/O=NorduGrid/CN=host/emi-arc.eu" "/O=Grid/O=NorduGrid/CN=NorduGrid Certification Authority"
380 voms_trust_chain = "^/O=Grid/O=NorduGrid"
381 enable_perflog_reporting
384 enable_perflog_reporting expert-debug-on/no - Switch on or off
385 performance reporting. Default is no. Only switch on if you
386 specifically need it, and are aware of the possible local root
387 exploit due to permissive directory.
388 Example:
390 enable_perflog_reporting="expert-debug-on"
391 perflogdir
394 perflogdir logdir - Directory where performance logs should be
395 stored. Default is /var/log/arc/perflogs
396 Example:
398 perflogdir="/var/log/arc/perflogs"
399
404 [vo] block is used to define VOs and generate mapfiles from user list
405 maintained by VO databases. VO block is a configuration block for the
406 nordugridmap utility. Please note that [vo] block processing by nor‐
407 dugridmap utility depend on parameters defined in the [nordugridmap]
408 block.
409 [vo] block by itself does not affect authorization of client/user. For
411 that label defined by vo="" attribute may be used in [group] block with
412 with 'file' rule.
413 id id blockid - specifies the unique configuration block id (this
417 does not affect nordugridmap utility)
418 Example:
420 id="vo_1"
421 vo vo vo_name - specifies the VO name, this name can be used in
424 other blocks. MUST be given.
425 Example:
427 vo="nordugrid"
428 file file path - output gridmap-file where GENERATED mapping list
431 will be stored. See parameters below to define how to generate
432 this file. If the same file specified as output for different
433 [vo] blocks, nordugridmap will automatically merge entries in
434 given blocks order. Default is '/etc/grid-security/gridmap‐
435 file'.
436 Example:
438 file="/etc/grid-security/VOs/atlas-users"
439 source source URL - the URL of the VO database which is assigned to
442 this VO. The nordugridmap will use this URL to automatically
443 generate and keep up-to-date userlist (mapfile) specified by the
444 'file' attribute. URL is a multivalued attribute, several
445 sources can be specified for the [vo] block and all the users
446 from those sources will be merged into the same file. The source
447 URLs are processed in the given order. Currently supported URL
448 types are:
449 http(s):// - URL to plain text file. File should contain a
450 list
451 of DNs with optional issuer certificate author‐
452 ity DN
453 (see require_issuerdn): "user DN" ["issuer DN"]
454 voms(s):// - URL to VOMS-Admin interface
455 nordugrid - add NorduGrid VO members
456 ldap:// - expect LDAP-schema formatted VO Group
457 file:// - local file (stand-alone or dynamically generated
458 by
459 nordugridmap). File should contain a list of DNs
460 with
461 optional mapped unixid: "user DN" [mapped user
462 ID]
463 Result of optional mapped unixid processing
464 depend
465 on mapuser_processing option settings.
466 vo:// - reference to another [vo] configuration block
467 edg-mkgridmap://
468 - local configuration file used by edg-mkgridmap
469 tool.
470 nordugridmap will parse configuration from file
471 and
472 process it as additional [vo] block that will be
473 referred
474 authomatically in place URL specified. This
475 allow
476 easy migration from edg-mkgridmap solution with‐
477 out
478 rewriting your previous configuration (NOTE that
479 rarely
480 used 'auth' directive and 'AUTO' mapping options
481 are not
482 supported)
483 You can use either vo:// or file:// entries to specify dependen‐
485 cies between [vo] blocks, but using vo:// is a recommended way.
486 For each separate source URL it is possible to override some
487 parameters value. You can use the following syntax to perform
488 this:
489 source="URL < parameter1=value1 parameter2=value2"
490 You can override the following parameters:
492 mapped_unixid for http(s),voms(s),ldap and file URLs
493 cache_enable for http(s),voms(s),ldap and file URLs
494 voms_method for voms(s) URLs
495 mapuser_processing for file URLs with
496 mapped_unixid='<unixid>' overrides
497 (control mapped_unixid overriding behav‐
498 iour for URL)
499 Example:
501 source="vomss://voms.ndgf.org:8443/voms/nordugrid.org"
502 source="vomss://lcg-voms.cern.ch:8443/voms/atlas?/atlas/Role=VO-
503 Admin < mapped_unixid=atlasadmin"
504 source="vomss://kuiken.nikhef.nl:8443/voms/gin.ggf.org <
505 voms_method=get"
506 source="http://www.nordugrid.org/developers.dn"
507 source="ldap://grid-vo.nikhef.nl/ou=lcg1,o=atlas,dc=eu-data‐
508 grid,dc=org"
509 source="file:///etc/grid-security/priviliged_users.dn"
510 source="vo://nordugrid_community"
511 source="nordugrid"
512 mapped_unixid
515 mapped_unixid unixid - the local UNIXID which is used in the
516 generated grid-mapfile by the nordugridmap utility.
517 If any of the sources have already provided mapping information
519 (file:// or vo://) behaviour depends on 'mapuser_processing'
520 [nordugridmap] block configuration:
521 mapuser_processing = 'overwrite': ignore already provided
522 mapping and
523 apply mapped_unixid for all sources
524 mapuser_processing = 'keep': apply mapped_unixid only for
525 sources that
526 does not already has mapping information
527 [vo] block can only have one UNIXID. If 'mapped_unixid' is not
529 specified behaviour depends on 'allow_empty_unixid' [nor‐
530 dugridmap] block configuration value:
531 allow_empty_unixid = 'yes': empty value will be used for
532 mapped_unixid
533 which means that nordugridmap will gen‐
534 erate only
535 the list of DNs without mapping (con‐
536 sider using
537 mapuser_processing='overwrite' along
538 with this
539 option or sources that does not provide
540 previously
541 defined mapping information)
542 allow_empty_unixid = 'no': skip users without mapping infor‐
543 mation (if
544 no mapping information provided by
545 sources)
546 Example:
548 mapped_unixid="gridtest"
549 voms_fqan_map
552 voms_fqan_map fqan unixid - the local UNIXID which is used to
553 map voms(s) sources with specific FQAN given. Several
554 voms_fqan_map can be specified for a [vo] block. For each
555 voms(s) sources in [vo] block and every voms_fqan_map record
556 separate source record will be authomatically generated with
557 mapped_unixid overrided to specified one. Sources are generated
558 in a given voms_fqan_map order. Original voms(s) source URL are
559 processed LAST. This allows to simplify configuration, espe‐
560 cially in redundancy cases when several VOMS servers are used
561 for the same VO.
562 Example:
564 voms_fqan_map="/atlas/Role=VO-Admin atlasadmin"
565 voms_fqan_map="/atlas/Role=production atlasprod"
566 require_issuerdn
569 require_issuerdn yes/no - another nordugridmap option. YES would
570 map only those DNs obtained from the URLs which have the corre‐
571 sponding public CA packages installed. Default is 'no'. Note,
572 that some sources does not provide issuer information (like
573 voms(s):// or file://). If this sources are used within [vo]
574 block and require_issuerdn is set to 'yes' behaviour depends on
575 issuer_processing [nordugridmap] block configuration:
576 issuer_processing = 'relaxed': check only those records that
577 have issuer
578 information provided, allow other sources
579 issuer_processing = 'strict': if issuer information was not
580 found record
581 is filtered and will not be passed into
582 mapfile
583 Example:
585 require_issuerdn="no"
586 filter filter ACL string - An ACL filter for the nordugridmap utility.
589 Multiple allow/deny statements are possible. The fetched DNs are
590 filtered against the specified rules before they are added to
591 the generated mapfile. * can be used as a wildcard. You may run
592 the nordugridmap with the --test command line option to see how
593 the filters you specified work. If at least one allow filter is
594 specified implicit deny is used at the end of ACL. If only deny
595 filters are present - implicit allow used at the end.
596 Example:
598 filter="deny *infn*"
599 filter="allow *NorduGrid*"
600
603 These configuration blocks define rules used to define to which autho‐
604 rization group a user belongs. The group should not be mistaken for a
605 virtual organisation (VO). A group may match a single vo if only a sin‐
606 gle check (rule) on vo membership is performed. It is however more com‐
607 mon to allow multiple VOs in a single group. ARC also allows many other
608 ways to assign users to groups. Technically, permissions are only
609 granted to groups, not directly to VOs.
610 The block specifies single authorization group. There may be multiple
612 [group] blocks in configuration defining multiple authorization groups.
613 The block can be specified in two ways - either using [group/group1]
615 like subblock declaration per group or just [group]. The two formats
616 are equivalent. Every block (till the beginning of next block or the
617 end of the file) defines one authorization group.
618 IMPORTANT: Rules in a group are processed in their order of appearance.
620 The first matching rule decides the membership of a the user to a
621 group and the processing STOPS. There are positively and negatively
622 matching rules. If a rule is matched positively then the user tested is
623 accepted into the respective group and further processing is stopped.
624 Upon a negative match the user would be rejected for that group - pro‐
625 cessing stops too. The sign of rule is determined by prepending the
626 rule with be omitted. A rule may also be prepended with '!' to invert
627 result of rule, which will let the rule match the complement of users.
628 That complement operator ('!') may be combined with the operator for
629 positive or negative matching.
630 A group MUST be defined before it may be used. In this respect the
632 arc.conf is ORDER SENSITIVE.
633 The authorization groups can be used in [gridftpd] and in its sub-
635 blocks. The syntax of their specification varies with the service they
636 are used for. For using authorization groups and VO blocks in HED
637 framework please read "Security Framework of ARC" at http://www.nor‐
638 dugrid.org/documents/arc-security-documentation.pdf
639 name name group_name - Specify name of group. If there is no such
643 command in block, name of subblock is used instead (that is what
644 subblocks are used for). For example [group/users].
645 Example:
647 name="users"
648 subject
651 subject certificate_subject - Rule to match specific subject of
652 user's X.509 certificate. No masks, patterns and regular expres‐
653 sions are allowed. For more information about X.509 refer to
654 http://www.wikipedia.org/wiki/X509
655 Example:
657 subject="/O=Grid/O=Big VO/CN=Main Boss"
658 file file path - Start reading rules from another file. That file has
661 a bit different format. It can't contain blocks and commands are
662 separated from arguments by space. Also word "subject" in sub‐
663 ject command may be skipped. That makes it convenient to
664 directly add gridmap-like lists to authorization group.
665 Example:
667 file="/etc/grid-security/local_users"
668 voms voms vo group role capabilities - Match VOMS attribute in user's
671 credential. Use '*' to match any value. More information about
672 VOMS can be found at http://grid-auth.infn.it
673 Example:
675 voms="nordugrid /nordugrid/Guests * *"
676 group group group_name [group_name ...] - Match user already belonging
679 to one of specified groups. Groups refered here must be defined
680 earlier in configuration file. Multiple group names may be spec‐
681 ified for this rule. That allows creating hierarchical struc‐
682 ture of authorization groups like
683 Example:
685 group="local_admins"
686 plugin plugin timeout path [argument ...] - Run external executable or
689 function from shared library. Rule is matched if plugin returns
690 0. In arguments following substitutions are supported:
691 %D - subject of certificate
692 %P - path to proxy
693 For more about plugins read documentation.
695 Example:
697 plugin="10 /opt/external/bin/permis %P"
698 lcas lcas library directory database - Call LCAS functions to check
701 rule. Here library is path to shared library of LCAS, either
702 absolute or relative to directory; directory is path to LCAS
703 installation directory, equivalent of LCAS_DIR variable; data‐
704 base is path to LCAS database, equivalent to LCAS_DB_FILE vari‐
705 able. Each arguments except library is optional and may be
706 either skipped or replaced with ’*’.
707 Example:
709 lcas=""
710 remote remote URL ... - Check user's credentials against remote ser‐
713 vice. Only DN groups stored at LDAP directories are supported.
714 Multiple URLs are allowed in this rule.
715 Example:
717 remote="ldap://grid-vo.nordugrid.org/ou=People,dc=nor‐
718 dugrid,dc=org"
719 vo vo vo_name ... - Match user belonging to VO specified by
722 "vo=vo_name" as configured in one of PREVIOUSLY defined [vo]
723 blocks. Multiple VO names are allowed for this rule.
724 Example:
726 vo="nordugrid"
727 all all - Matches any user identity. This command requires no argu‐
730 ments but
731 still can be written as all="" or all= for consistency.
732 Example:
734 all=""
735
738 The [grid-manager] block configures the part of A-REX service hosted in
739 arched taking care of the grid tasks on the frontend (stagein/stageout,
740 LRMS job submission, caching, etc..). Name of this block is historical
741 and comes from times then this functionality was handled by separate
742 process called grid-manager. This section also configures WS interfaces
743 of A-REX service also hosted by same container.
744 controldir
748 controldir path - The directory of the A-REX's internal job log
749 files, not needed on the nodes. <must be set>
750 Example:
752 controldir="/var/spool/nordugrid/jobstatus"
753 sessiondir
756 sessiondir path [drain] - the directory which holds the ses‐
757 siondirs of the grid jobs. Multiple session directories may be
758 specified by specifying multiple sessiondir commands. In this
759 case jobs are spread evenly over the session directories. If
760 sessiondir="*" is set, the session directory will be spread over
761 the ${HOME}/.jobs directories of every locally mapped unix user.
762 It is preferred to use common session directories. The path may
763 be followed by "drain", in which case no new jobs will be
764 assigned to that sessiondir, but current jobs will still be pro‐
765 cessed and accessible. <sessiondir must be set>
766 Example:
768 sessiondir="/scratch/grid"
769 sessiondir="/mnt/grid drain"
770 runtimedir
773 runtimedir path - The directory which holds the runtimeenviron‐
774 ment scripts, should be available on the nodes as well! The run‐
775 timeenvironments are automatically detected and advertised in
776 the information system.
777 Example:
779 runtimedir="/SOFTWARE/runtime"
780 scratchdir
783 scratchdir path - path on computing node to move session direc‐
784 tory to before execution. If defined should contain the path to
785 the directory on the computing node which can be used to store a
786 jobs' files during execution. Sets the environment variable
787 RUNTIME_LOCAL_SCRATCH_DIR. Default is not to move session direc‐
788 tory before execution.
789 Example:
791 scratchdir="/local/scratch/"
792 shared_scratch
795 shared_scratch path - path on frontend where scratchdir can be
796 found. If defined should contain the path corresponding to that
797 set in scratchdir as seen on the frontend machine. Sets the
798 environment variable RUNTIME_FRONTEND_SEES_NODE.
799 Example:
801 shared_scratch="/mnt/scratch"
802 nodename
805 nodename path - command to obtain hostname of computing node.
806 Example:
808 nodename="/bin/hostname"
809 cachedir
812 cachedir cache_path [link_path] - specifies a directory to store
813 cached data. Multiple cache directories may be specified by
814 specifying multiple cachedir commands. Cached data will be dis‐
815 tributed evenly over the caches. Specifying no cachedir command
816 or commands with an empty path disables caching. Optional
817 link_path specifies the path at which the cache_path is accessi‐
818 ble on computing nodes, if it is different from the path on the
819 A-REX host. Example: cache="/shared/cache /frontend/jobcache"
820 If "link-path" is set to '.' files are not soft-linked, but
821 copied to session directory. If a cache directory needs to be
822 drained, then cachedir should specify "drain" as the link path,
823 in which case no new files will be added to the cache.
824 Example:
826 cachedir="/scratch/cache"
827 cachedir="/fs1/cache drain"
828 remotecachedir
831 remotecachedir cache_path [link_path] - specifies caches which
832 are under the control of other A-REXs, but which this A-REX can
833 have read-only access to. Multiple remote cache directories may
834 be specified by specifying multiple remotecachedir commands. If
835 a file is not available in paths specified by cachedir, A-REX
836 looks in remote caches. link_path has the same meaning as in
837 cachedir, but the special path ``replicate'' means files will be
838 replicated from remote caches to local caches when they are
839 requested.
840 Example:
842 remotecachedir="/mnt/fs1/cache replicate"
843 cachesize
846 cachesize max min - specifies high and low watermarks for space
847 used by cache, as a percentage of the space on the file system
848 on which the cache directory is located. When the max is
849 exceeded, files will be deleted to bring the used space down to
850 the min level. It is a good idea to have the cache on its own
851 separate file system. To turn off this feature "cachesize" with‐
852 out parameters can be specified.
853 Example:
855 cachesize="80 70"
856 cachelifetime
859 If cache cleaning is enabled, files accessed less recently than
860 the given time period will be deleted. Example values of this
861 option are 1800, 90s, 24h, 30d. When no suffix is given the unit
862 is seconds.
863 Example:
865 cachelifetime="30d"
866 cacheshared
869 cacheshared yes|no - specifies whether the caches share a
870 filesystem with other data. If set to yes then cache-clean cal‐
871 culates the size of the cache instead of using filesystem used
872 space.
873 Example:
875 cacheshared="yes"
876 cachespacetool
879 cachespacetool path [options] - specifies an alternative tool to
880 "df" that cache-clean should use to obtain space information on
881 the cache file system. The output of this command must be
882 "total_bytes used_bytes". The cache directory is passed as the
883 last argument to this command.
884 Example:
886 cachespacetool="/etc/getspace.sh"
887 cachelogfile
890 cachelogfile path - specifies the filename where output of the
891 cache-clean tool should be logged. Defaults to
892 /var/log/arc/cache-clean.log.
893 Example:
895 cachelogfile="/tmp/cache-clean.log"
896 cacheloglevel
899 cacheloglevel level - specifies the level of logging by the
900 cache-clean tool, between 0 (FATAL) and 5 (DEBUG). Defaults to 3
901 (INFO).
902 Example:
904 cacheloglevel="4"
905 cachecleantimeout
908 cachecleantimeout time - the timeout in seconds for running the
909 cache-clean tool. If using a large cache or slow file system
910 this value can be increased to allow the cleaning to complete.
911 Defaults to 3600 (1 hour).
912 Example:
914 cachecleantimeout="10000"
915 cacheaccess
918 cacheaccess rule - rules for allowing access to files in the
919 cache remotely through the A-REX web interface. A rule has three
920 parts:
921 1. Regular expression defining a URL pattern
922 2. Credential attribute to match against a client's credential
923 3. Regular expression defining a credential value to match
924 against a client's
925 credential A client is allowed to access the cached file if
926 a URL pattern matches the cached file URL and the client's cre‐
927 dential has the attribute and matches the value required for
928 that pattern. Possible values for credential attribute are dn,
929 voms:vo, voms:role and voms:group. Remote cache access requires
930 that the A-REX web interface is enabled via arex_mount_point.
931 Examples:
933 cacheaccess="gsiftp://host.org/private/data/.* voms:vo myvo:pro‐
934 duction"
935 cacheaccess="gsiftp://host.org/private/data/ng/.* dn
936 /O=Grid/O=NorduGrid/.*"
937 enable_cache_service
940 enable_cache_service yes|no - Turn on or off the cache service
941 interface. If turned on the cache service must be installed and
942 the A-REX WS interface must be enabled via arex_mount_point. The
943 interface is accessible at the same host and port as given inn
944 arex_mount_point with path /cacheservice. Default is off.
945 Example:
947 enable_cache_service="yes"
948 user user user[:group] - Switch to a non root user/group after
951 startup. Use with caution.
952 Example:
954 user="grid"
955 debug debug debuglevel - Set debug level of the arched daemon hosting
958 A-REX service, between 0 (FATAL) and 5 (DEBUG). Defaults to 3
959 (INFO).
960 Example:
962 debug="2"
963 logfile
966 logfile path - Specify log file location. If using an external
967 log rotation tool be careful to make sure it matches the path
968 specified here. Default log file is "/var/log/arc/grid-man‐
969 ager.log"
970 Example:
972 logfile="/var/log/arc/grid-manager.log"
973 wslogfile
976 wslogfile path - Specify log file location for WS-interface
977 operations. This file is only created if the WS-interface is
978 enabled through the arex_mount_point option. The logsize, logre‐
979 open and debug options also apply to this file. If using an
980 external log rotation tool be careful to make sure it matches
981 the path specified here. It is possible to specify the same file
982 as logfile to combine the logs. Default is /var/log/arc/ws-
983 interface.log.
984 Example:
986 wslogfile="/var/log/arc/ws-interface.log"
987 logsize
990 logsize size [number] - 'Size' specifies in bytes how big log
991 file is allowed to grow (approximately). If log file exceeds
992 specified size it is renamed into logfile.0. And logfile.0 is
993 renamed into logfile.1, etc. up to 'number' logfiles. Don't set
994 logsize if you don't want to enable the ARC logrotation because
995 another logrotation tool is used.
996 Example:
998 logsize="100000 2"
999 logreopen
1002 logreopen yes|no - Specifies if log file must be closed after
1003 each record is added. By default arched keeps log file open.
1004 This option can be used to make behaviour of arched compatible
1005 with external log rotation utilities.
1006 Example:
1008 logreopen="no"
1009 pidfile
1012 pidfile path - Specify location of file containing PID of daemon
1013 process. This is useful for automatic start/stop scripts.
1014 Example:
1016 pidfile="/var/run/arched-arex.pid"
1017 gnu_time
1020 the gnu time command, default /usr/bin/time
1021 Example:
1023 gnu_time="/usr/bin/time"
1024 shared_filesystem
1027 if computing node can access session directory at frontend,
1028 defaults to 'yes'
1029 Example:
1031 shared_filesystem="yes"
1032 mail specifies the email address from where the notification mails
1035 are sent, <must be specified>
1036 Example:
1038 mail="grid.support@somewhere.org"
1039 joblog joblog path - specifies where to store specialized log about
1042 started and finished jobs. If path is empty or no such command -
1043 log is not written. This log is not used by any other part of
1044 ARC, so keep it disabled unless needed.
1045 Example:
1047 joblog="/var/log/arc/gm-jobs.log"
1048 jobreport
1051 jobreport [URL ...] [timeout] - tells to report all started and
1052 finished jobs to logger service at 'URL'. Multiple URLs and mul‐
1053 tiple jobreport commands are allowed. In that case the job info
1054 will be sent to all of them. Timeout specifies how long (in
1055 days) to try to pass information before give up. Suggested value
1056 is 30 days.
1057 Example:
1059 jobreport="https://grid.uio.no:8001/logger"
1060 jobreport_publisher
1063 jobreport publisher - name of the accounting records publisher.
1064 Example:
1066 jobreport_publisher="jura"
1067 jobreport_credentials
1070 jobreport credentials path [key_file [cert_file [ca_dir]]] -
1071 specifies the credentials for accessing the accounting service.
1072 Example:
1074 jobreport_credentials="/etc/grid-security/hostkey.pem /etc/grid-
1075 security/hostcert.pem /etc/grid-security/certificates"
1076 jobreport_options
1079 jobreport options [name:value, ...]- specifies additional param‐
1080 eters for the jobreporter.
1081 Example:
1083 jobreport_options="urbatch:50,archiving:/tmp/ar‐
1084 chive,topic:/topic/global.accounting.cpu.central"
1085 jobreport_logfile
1088 jobreport logfile - name of the file to store stderr of the pub‐
1089 lisher executable.
1090 Example:
1092 jobreport_logfile="/var/log/arc/jura.log"
1093 max_job_control_requests
1096 max_job_control_requests number - max number of simultaneously
1097 processed job management requests over WS interface - like job
1098 submission, cancel, status check etc. Default value is 100.
1099 Example:
1101 max_job_control_requests="100"
1102 max_infosys_requests
1105 max_infosys_requests number - max number of simultaneously pro‐
1106 cessed resource info requests over WS interface. Default value
1107 is 1.
1108 Example:
1110 max_infosys_requests="1"
1111 max_data_transfer_requests
1114 max_data_transfer_requests number - max number of simultaneously
1115 processed data transfer requests over WS interface - like data
1116 staging. Default value is 100.
1117 Example:
1119 max_data_transfer_requests="100"
1120 maxjobs
1123 maxjobs number1 number2 number3 number4 - specifies maximum
1124 allowed number of jobs.
1125 number1 - jobs which are not in FINISHED state (jobs tracked in
1126 RAM)
1127 number2 - jobs being run (SUBMITTING, INLRMS states)
1128 number3 - jobs being processed per DN
1129 number4 - jobs in whole system
1130 number5 - LRMS scripts limit (jobs in SUBMITTING and CANCELING)
1131 Missing number or -1 means no limit.
1133 Example:
1135 maxjobs="10000 10 2000"
1136 wakeupperiod
1139 wakeupperiod time - specifies how often A-REX cheks for new jobs
1140 arrived, job state change requests, etc. That is resposivity of
1141 A-REX. 'time' is time period in seconds. Default is 3 minutes.
1142 Usually this command is not needed because important state
1143 changes are also trigering out-of-schedule checks.
1144 NOTE: This parameter does not affect responsivity of backend
1146 scripts - especially scan-*-job. That means that upper estima‐
1147 tion of time for detecting job finished executing is sum of
1148 responsivity of backend script + wakeupperiod.
1149 Example:
1151 wakeupperiod="180"
1152 defaultttl
1155 defaultttl [ttl [ttr]] - ttl is the time in seconds for how long
1156 a session directory will survive after job execution has fin‐
1157 ished. If not specified the default is 1 week. ttr is how long
1158 information about a job will be kept after the session directory
1159 is deleted. If not specified, the ttr default is one month.
1160 Example:
1162 defaultttl="259200"
1163 authplugin
1166 authplugin state options plugin_path - Every time job goes to
1167 'state' run 'plugin_path' executable. Options consist of
1168 key=value pairs separated by ','.
1169 Possible keys are
1171 timeout - wait for result no longer that 'value' seconds (time‐
1172 out= can be omitted).
1173 onsuccess,onfailure,ontimeout - what to do if plugin exited
1174 with exit code 0, not 0, timeout achieved.
1175 Possible actions are:
1176 pass - continue executing job,
1177 fail - cancel job,
1178 log - write to log fail about problem and continue executing
1179 job.
1180 Example:
1182 authplugin="ACCEPTED timeout=10 /usr/libexec/arc/bank
1183 %C/job.%I.local %S"
1184 authplugin
1187 ARC is distributed with the plugin "inputcheck". Its purpose is
1188 to check if input files requested in job's RSL are accessible
1189 from this machine. It is better to run it before job enters
1190 cluster. It accepts 2 arguments: names of files containing RSL
1191 and credentials' proxy. This plugin is only guaranteed to work
1192 for job submitted through the legacy GridFTP interface, as this
1193 is the only interface for which credentials in the form of proxy
1194 certificate files are guaranteed to exist.
1195 Example:
1197 authplugin="ACCEPTED 60 /usr/libexec/arc/inputcheck
1198 %C/job.%I.description %C/job.%I.proxy"
1199 authplugin
1202 ARC is distributed with the plugin "arc-vomsac-check". Its pur‐
1203 pose is to enforce per-queue access policies based on VOMS
1204 attributes present in user's proxy-certificate. Plugin should be
1205 run before job enters the cluster. It requires 2 argments: path
1206 to job information .local file and path to credentials file.
1207 Enforced per-queue access policies are configured with 'ac_pol‐
1208 icy' option in the [queue/name] configuration block.
1209 Example:
1211 authplugin="ACCEPTED 60 /usr/libexec/arc/arc-vomsac-check -L
1212 %C/job.%I.local -P %C/job.%I.proxy"
1213 localcred
1216 localcred timeout plugin_path - Every time an external exe‐
1217 cutable is run this plugin will be called. Its purpose is to set
1218 non-unix permissions/credentials on running tasks. Note: the
1219 process itself can still be run under the root account. If plug‐
1220 in_path looks like somename@somepath, then function 'somename'
1221 from the shared library located at 'somepath' will be called
1222 (timeout is not effective in that case). A-REX must be run as
1223 root to use this option. Comment it out unless you really know
1224 what you are doing.
1225 Example:
1227 localcred="0 acquire@/opt/nordugrid/lib/afs.so %C/job.%I.proxy"
1228 norootpower
1231 norootpower yes|no - if set to yes, all job management proc‐
1232 cesses will switch to mapped user's identity while accessing
1233 session directory. This is useful if session directory is on NFS
1234 root squashing turned on. Default is no.
1235 Example:
1237 norootpower="yes"
1238 allowsubmit
1241 allowsubmit [group ...] - list of authorization groups of users
1242 allowed to submit new jobs while "allownew=no" is active in job‐
1243 plugin configuration. Multiple commands are allowed.
1244 Example:
1246 allowsubmit="mygroup"
1247 allowsubmit="yourgroup"
1248 helper helper user executable arguments - associates an external pro‐
1251 gram with A-REX. This program will be kept running under the
1252 account of the user specified by username. Currently only ’.’ is
1253 supported as username, corresponding to the user running A-REX.
1254 Every time this executable finishes it will be started again.
1255 This helper plugin mechanism can be used as an alternative to
1256 /etc/init.d or cron to (re)start external processes.
1257 Example:
1259 helper=". /usr/local/bin/myutility"
1260 tmpdir tmpdir - used by the A-REX, default is /tmp
1263 Example:
1265 tmpdir="/tmp"
1266 maxrerun
1269 maxrerun - specifies how many times job can be rerun if it
1270 failed in LRMS. Default value is 5. This is only an upper
1271 limit, the actual rerun value is set by the user in his xrsl.
1272 Example:
1274 maxrerun="5"
1275 globus_tcp_port_range
1278 globus_tcp_port_range, globus_udp_port_range - Firewall configu‐
1279 ration.
1280 Example:
1282 globus_tcp_port_range="9000,12000"
1283 globus_udp_port_range="9000,12000"
1284 x509_user_key
1287 x509_user_cert, x509_user_key - Location of credentials for ser‐
1288 vice. These may be used by any module or external utility which
1289 need to contact another service not on behalf of user who sub‐
1290 mited job.
1291 Example:
1293 x509_user_key="/etc/grid-security/hostkey.pem"
1294 x509_user_cert="/etc/grid-security/hostcert.pem"
1295 x509_cert_dir
1298 x509_cert_dir - Location of trusted CA certificates
1299 Example:
1301 x509_cert_dir="/etc/grid-security/certificates"
1302 http_proxy
1305 http_proxy - http proxy server location
1306 Example:
1308 http_proxy="proxy.mydomain.org:3128"
1309 fixdirectories
1312 fixdirectories yes|missing|no - specifies during startup A-REX
1313 should create all directories needed for it operation and set
1314 suitable default permissions. If "no" is specified then A-REX
1315 does nothing to prepare its operational environment. In case of
1316 "missing" A-REX only creates and sets permissions for directo‐
1317 ries which are not present yet. For "yes" all directories are
1318 created and permisisons for all used directories are set to
1319 default safe values. Default behaviour is as if "yes" is speci‐
1320 fied.
1321 Example:
1323 fixdirectories="yes"
1324 arex_mount_point
1327 arex_mount_point - enables web services interfaces, including
1328 job execution and information system. The argument is an https
1329 URL defining the endpoint port and path:
1330 https://<hostname>:<port>/<path>
1332 In order to submit job a client must specify the exact published
1334 path. Make sure the chosen port is not blocked by firewall or
1335 other security rules.
1336 Example:
1338 arex_mount_point="https://piff.hep.lu.se:443/arex"
1339 enable_arc_interface
1342 enable_arc_interface yes|no - turns on or off the ARC own WS
1343 interface based on OGSA BES and WSRF. If enabled the interface
1344 can be accessed at the URL specified by arex_mount_point (this
1345 option must also be specified). Default is yes.
1346 Example:
1348 enable_arc_interface="yes"
1349 enable_emies_interface
1352 enable_emies_interface - enable the EMI Execution Service inter‐
1353 face. If enabled the interface can be accessed at the URL speci‐
1354 fied in arex_mount_point (this option must also be specified)
1355 Example:
1357 enable_emies_interface="yes"
1358 arguspep_endpoint
1361 arguspep_endpoint - specifies URL of Argus PEPD service (by
1362 default, the argus pepd service runs on port 8154 with path
1363 /authz) to use for authorization and user mapping. It is worth
1364 to mention that "requireClientCertAuthentication" (default is
1365 false) item of pepd.ini (configuration of Argus PEPD service) is
1366 set to be 'true', then https should be used, otherwise http is
1367 proper. If specified Argus is contacted for every operation
1368 requested through WS interface (see arex_mount_point).
1369 Example:
1371 arguspep_endpoint="https://somehost.somedomain:8154/authz"
1372 arguspep_profile
1375 arguspep_profile - defines which communication profile to use
1376 while communicationg with Argus PEPD service. Possible values
1377 are:
1378 direct - pass all authorization attributes (only for debugging)
1379 subject - pass only subject name of client
1380 cream - makes A-REX pretend it is gLite CREAM service. This is
1381 recommended profile for interoperability with gLite.
1382 emi - new profile devloped in EMI project. This is default
1383 option.
1384 Example:
1386 arguspep_profile="cream"
1387 arguspep_usermap
1390 arguspep_usermap - specifies either response from Argus servie
1391 may define mapping of client to local account. Possible values
1392 are 'yes' and 'no'. Default is 'no'. Argus is contacted after
1393 all other user mapping is performed. Hence it can overwrite all
1394 other decisions.
1395 Example:
1397 arguspep_usermap="no"
1398 arguspdp_endpoint
1401 arguspdp_endpoint - specifies URL of Argus PDP service (by
1402 default, the argus pepd service runs on port 8152 with path
1403 /authz) to use for authorization and user mapping. It is worth
1404 to mention that "requireClientCertAuthentication" (default is
1405 false) item of pdp.ini (configuration of Argus PDP service) is
1406 set to be 'true', then https should be used, otherwise http is
1407 proper. If specified Argus is contacted for every operation
1408 requested through WS interface (see arex_mount_point).
1409 Example:
1411 arguspdp_endpoint="https://somehost.somedomain:8152/authz"
1412 arguspdp_profile
1415 arguspdp_profile - defines which communication profile to use
1416 while communicationg with Argus PDP service. Possible values
1417 are:
1418 subject - pass only subject name of client
1419 cream - makes A-REX pretend it is gLite CREAM service. This is
1420 recommended profile for interoperability with gLite.
1421 emi - new profile devloped in EMI project. This is default
1422 option.
1423 Example:
1425 arguspdp_profile="cream"
1426 arguspdp_acceptnotapplicable
1429 arguspdp_accpetnotapplicable - specify if the "NotApplicable"
1430 decision returned by Argus PDP service is treated as reason to
1431 deny request. Default is no, which treats "NotApplicable" as
1432 reson to deny request.
1433 Example:
1435 arguspdp_acceptnotapplicable="no"
1436 watchdog
1439 watchdog - specifies if additinal watchdog processes is spawned
1440 to restart main process if it is stuck or dies. Possible values
1441 are 'yes' and 'no'. Default is 'no'.
1442 Example:
1444 watchdog="no"
1445 groupcfg
1448 groupcfg group_name [group_name ...] - specifies authorization
1449 groups for grid-manager to accept. The main location of this
1450 parameter is inside [gridftpd/jobs] block. The 'groupcfg'
1451 located here is only effective if computing service is config‐
1452 ured without GridFTP interface and hence [gridftpd/jobs] block
1453 is missing.
1454 Example:
1456 groupcfg="users"
1457 unixmap unixgroup unixvo
1460 unixmap [unixname][:unixgroup] rule - more sophisticated mapping
1461 to local account
1462 unixgroup group rule - more sophisticated mapping to local
1463 account for specific authorization groups.
1464 unixvo vo rule - more sophisticated mapping to local account for
1465 users belonging to specified VO.
1466 The main location for these parameters is [gridftpd] section. If
1467 located here they are only active if computing service is con‐
1468 figured without GridFTP interface and hence [gridftpd/jobs]
1469 block is missing. For more detailed information see section
1470 [gridftpd] and read "ARC Computing Element. System Administrator
1471 guide" manual.
1472 Example:
1474 unixmap="nobody:nogroup all"
1475 unixgroup="users simplepool /etc/grid-security/pool/users"
1476 unixvo="ATLAS unixuser atlas:atlas"
1477 allowunknown
1480 allowunknown yes|no - check user subject against grid-mapfile.
1481 The main location for this parameter is [gridftpd] section. If
1482 located here it is only active if computing service is config‐
1483 ured without GridFTP interface and hence [gridftpd/jobs] block
1484 is missing. For more detailed information see section
1485 [gridftpd].
1486 Example:
1488 allowunknown="no"
1489 delegationdb
1492 delegationdb db_name - specify which DB to use to store delega‐
1493 tions. Currently supported db_names are bdb and sqlite. Default
1494 is bdb.
1495 Example:
1497 delegationdb="bdb"
1498 forcedefaultvoms
1501 forcedefaultvoms VOMS_FQAN - specify VOMS FQAN which user will
1502 be assigned if his/her credentials contain no VOMS attributes.
1503 To assign different values to different queues put this command
1504 into [queue] block.
1505 Example:
1507 forcedefaultvoms="/vo/group/subgroup"
1508
1512 [data-staging] block configures DTR data staging parameters.
1513 debug debug - Log level for transfer logging in job.id.errors files,
1517 between 0 (FATAL) and 5 (DEBUG). Default is to use value set by
1518 debug option in [grid-manager] section.
1519 Example:
1521 debug="4"
1522 maxdelivery
1525 maxdelivery - Maximum number of concurrent file transfers, i.e.
1526 active transfers using network bandwidth. This is the total num‐
1527 ber for the whole system including any remote staging hosts.
1528 Default is 10.
1529 Example:
1531 maxdelivery="40"
1532 maxprocessor
1535 maxprocessor - Maximum number of concurrent files in each pre-
1536 and post- processing state, eg cache check or replica resolu‐
1537 tion. Default is 10.
1538 Example:
1540 maxprocessor="20"
1541 maxemergency
1544 maxemergency - Maximum "emergency" slots which can be assigned
1545 to transfer shares when all slots up to the limits configured by
1546 the above two options are used by other shares. This ensures
1547 shares cannot be blocked by others. Default is 1.
1548 Example:
1550 maxemergency="5"
1551 maxprepared
1554 maxprepared - Maximum number of files in a prepared state, i.e.
1555 pinned on a remote storage such as SRM for transfer. A good
1556 value is a small multiple of maxdelivery. Default is 200.
1557 Example:
1559 maxprepared="250"
1560 sharetype
1563 sharetype - Scheme to assign transfer shares. Possible values
1564 are dn, voms:vo, voms:role and voms:group.
1565 Example:
1567 sharetype="voms:role"
1568 definedshare
1571 definedshare - Defines a share with a fixed priority, different
1572 from the default (50). Priority is an integer between 1 (lowest)
1573 and 100 (highest).
1574 Example:
1576 definedshare="myvo:production 80"
1577 definedshare="myvo:student 20"
1578 dtrlog dtrlog - A file in which data staging state information (for
1581 monitoring and recovery purposes) is periodically dumped.
1582 Default is controldir/dtrstate.log
1583 Example:
1585 dtrlog="/tmp/dtrstate.log"
1586 central_logfile
1589 central_logfile - A file in which all data staging messages from
1590 every job will be logged (in addition to their job.id.errors
1591 files). If this option is not present or the path is empty the
1592 log file is not created. Note this file is not automatically
1593 controlled by logrotate.
1594 Example:
1596 central_logfile="/var/log/arc/datastaging.log"
1597 deliveryservice
1600 The following 4 options are used to configure multi-host data
1601 staging. deliveryservice - URL to a data delivery service which
1602 can perform remote data staging
1603 Example:
1605 deliveryservice="https://myhost.org:60003/datadeliveryservice"
1606 localdelivery
1609 localdelivery - If any deliveryservice is defined, this option
1610 determines whether local data transfer is also performed.
1611 Default is no.
1612 Example:
1614 localdelivery="yes"
1615 remotesizelimit
1618 remotesizelimit - Lower limit on file size (in bytes) of files
1619 that remote hosts should transfer. Can be used to increase per‐
1620 formance by transferring small files using local processes.
1621 Example:
1623 remotesizelimit="100000"
1624 usehostcert
1627 usehostcert - Whether the A-REX host certificate should be used
1628 for communication with remote hosts instead of the users' prox‐
1629 ies. Default is no.
1630 Example:
1632 usehostcert="yes"
1633 acix_endpoint
1636 acix_endpoint URL - the ARC Cache Index specified here will be
1637 queried for every input file specified in a job description and
1638 any replicas found in sites with accessible caches will be added
1639 to the replica list of the input file. The replicas will be
1640 tried in the order specified by preferredpattern.
1641 Example:
1643 acix_endpoint="https://cacheindex.ndgf.org:6443/data/index"
1644 securetransfer
1647 securetransfer yes|no - if data connection allows to choose use
1648 secure|non-secure data transfer. Currently only works for
1649 gridftp. default is no
1650 Example:
1652 securetransfer="no"
1653 passivetransfer
1656 passivetransfer yes|no - If yes, gridftp transfers are passive.
1657 Setting this option to yes can solve transfer problems caused by
1658 firewalls. default is no
1659 Example:
1661 passivetransfer="no"
1662 httpgetpartial
1665 httpgetpartial yes|no - If yes, HTTP GET transfers may transfer
1666 data in chunks/parts. If no - data is always transfered in one
1667 piece. Default is yes.
1668 Example:
1670 httpgetpartial="yes"
1671 speedcontrol
1674 speedcontrol min_speed min_time min_average_speed max_inactivity
1675 - specifies how slow data transfer must be to trigger error.
1676 Tranfer is canceled if speed is below min_speed bytes per second
1677 for at least min_time seconds, or if average rate is below
1678 min_average_speed bytes per second, or no data was transfered
1679 for longer than max_inactivity seconds. Value of zero turns fea‐
1680 ture off. Default is "0 300 0 300"
1681 Example:
1683 speedcontrol="0 300 0 300"
1684 preferredpattern
1687 preferredpattern pattern - specifies a preferred pattern on
1688 which to sort multiple replicas of an input file. It consists of
1689 one or more patterns separated by a pipe character (|) listed
1690 in order of preference. Replicas will be ordered by the earliest
1691 match. If the dollar character ($) is used at the end of a pat‐
1692 tern, the pattern will be matched to the end of the hostname of
1693 the replica. If an exclamation mark (!) is used at the beginning
1694 of a pattern, any replicas matching the pattern will be excluded
1695 from the sorted replicas.
1696 Example:
1698 preferredpattern="srm://myhost.ac.uk|.uk$|ndgf.org$|!bad‐
1699 host.org$"
1700 copyurl
1703 copyurl url_head local_path - specifies that URLs, starting from
1704 'url_head' should be accessed in a different way (most probaly
1705 unix open). The file from obtained path will be copied to the
1706 session directory. NOTE: 'local_path' can also be of URL type.
1707 you can have several copyurl lines
1708 Example:
1710 copyurl="gsiftp://example.org:2811/data/ gsiftp://exam‐
1711 ple.org/data/"
1712 copyurl="gsiftp://example2.org:2811/data/ gsiftp://exam‐
1713 ple2.org/data/"
1714 linkurl
1717 linkurl url_head local_path [node_path] - identical to 'copy‐
1718 url', only file won't be copied, but soft-link will be created.
1719 The 'local_path' specifies the way to access the file from the
1720 gatekeeper, and is used to check permissions. The 'node_path'
1721 specifies how the file can be accessed from computing nodes, and
1722 will be used for soft-link creation. If 'node_path' is missing
1723 - 'local_path' will be used. you can have multiple linkurl set‐
1724 tings
1725 Example:
1727 linkurl="gsiftp://somewhere.org/data /data"
1728 linkurl="gsiftp://example.org:2811/data/ /scratch/data/"
1729 maxtransfertries
1732 maxtransfertries - the maximum number of times download and
1733 upload will be attempted per job (retries are only performed if
1734 an error is judged to be temporary)
1735 Example:
1737 maxtransfertries="10"
1738
1741 The [gridftpd] block configures the gridftpd server
1742 user user user[:group] - Switch to a non root user/group after
1745 startup
1746 WARNING: Make sure that the certificate files are owned by the
1748 user/group specified by this option. Default value is root.
1749 Example:
1751 user="grid"
1752 debug debug debuglevel - Set debug level of the gridftpd daemon,
1755 between 0 (FATAL) and 5 (DEBUG). Default is 3 (INFO).
1756 Example:
1758 debug="2"
1759 daemon daemon yes|no - Whether GFS is run in daemon mode. Default is
1762 yes.
1763 Example:
1765 daemon="yes"
1766 logfile
1769 logfile path - Set logfile location
1770 Example:
1772 logfile="/var/log/arc/gridftpd.log"
1773 logsize
1776 logsize size [number] - 'Size' specifies in bytes how big log
1777 file is allowed to grow (approximately). If log file exceeds
1778 specified size it is renamed into logfile.0. And logfile.0 is
1779 renamed into logfile.1, etc. up to 'number' logfiles. Don't set
1780 logsize if you don't want to enable the ARC logrotation because
1781 another logrotation tool is used.
1782 Example:
1784 logsize="100000 2"
1785 pidfile
1788 pidfile path - Specify location of file containig PID of daemon
1789 process. This is useful for automatic star/stop scripts.
1790 Example:
1792 pidfile="/var/run/gridftpd.pid"
1793 port port bindport - Port to listen on (default 2811)
1796 Example:
1798 port="2811"
1799 pluginpath
1802 pluginpath - directory where the plugin libraries are installed,
1803 default is $ARC_LOCATION/lib(64)/arc
1804 Example:
1806 pluginpath="/usr/lib/arc/"
1807 encryption
1810 encryption yes|no - should data encryption be allowed, default
1811 is no, encryption is very heavy
1812 Example:
1814 encryption="no"
1815 include
1818 include - Include contents of another configuration file.
1819 Example:
1821 include="path"
1822 allowunknown
1825 allowunknown yes|no - if no, check user subject against grid-
1826 mapfile and reject if missing. By default unknown (not in the
1827 grid-mapfile) grid users are rejected
1828 Example:
1830 allowunknown="no"
1831 allowactivedata yes|no - if no, only passive data transfer is allowed.
1834 By default both passive and active data transfers are allowed.
1835 Example
1837 allowactivedata="yes"
1838 maxconnections
1841 maxconnections - maximum number of connections accepted by a
1842 gridftpd server. Default is 100.
1843 Example:
1845 maxconnections="200"
1846 defaultbuffer
1849 defaultbuffer size - defines size of every buffer for data read‐
1850 ing/writing. Default is 65536. The actual value may decrease
1851 if the cumulative size of all buffers exceeds value specified by
1852 maxbuffer.
1853 Example:
1855 defaultbuffer="65536"
1856 maxbuffer
1859 maxbuffer size - defines maximal amount of memory in bytes to be
1860 allocated for all data reading/writing buffers. Default is
1861 640kB. The number of buffers is (max {3, min {41, 2P + 1}}),
1862 where P is the parallelism level requested by the client.
1863 Hence, even without parallel streams enabled number of buffers
1864 will be 3.
1865 Example:
1867 maxbuffer="655360"
1868 globus_tcp_port_range
1871 globus_tcp_port_range, globus_udp_port_range - Firewall configu‐
1872 ration
1873 Example:
1875 globus_tcp_port_range="9000,12000"
1876 globus_udp_port_range="9000,12000"
1877 firewall
1880 firewall - hostname or IP addres to use in response to PASV com‐
1881 mand instead of IP address of a network interface of computer.
1882 Example:
1884 firewall="hostname"
1885 x509_user_key
1888 x509_user_cert, x509_user_key - Server credentials location
1889 Example:
1891 x509_user_key="/etc/grid-security/hostkey.pem"
1892 x509_user_cert="/etc/grid-security/hostcert.pem"
1893 x509_cert_dir
1896 x509_cert_dir - Location of trusted CA certificates
1897 Example:
1899 x509_cert_dir="/etc/grid-security/certificates"
1900 gridmap
1903 gridmap - The gridmap file location The default is /etc/grid-
1904 security/grid-mapfile
1905 Example:
1907 gridmap="/etc/grid-security/grid-mapfile"
1908 unixmap
1911 unixmap [unixname][:unixgroup] rule - more sophisticated way to
1912 map Grid identity of client to local account. If client matches
1913 'rule' it's assigned specified unix identity or one generated by
1914 rule. Mapping commands are processed sequentially and process‐
1915 ing stops at first successful one (like in [group] section). For
1916 possible rules read "ARC Computing Element. System Administrator
1917 guide" manual. All rules defined in [group] section canbe used.
1918 There are also additional rules which produce not only yes/no
1919 result but also give back user and group names to which mapping
1920 should happen. The way it works is quite complex so it is better
1921 to read full documentation.
1922 For safety reasons if sophisticated mapping is used it is better
1924 to finish mapping sequence with default mapping to nonexistent
1925 or safe account.
1926 Example:
1928 unixmap="nobody:nogroup all"
1929 unixgroup
1932 unixgroup group rule - do mapping only for users belonging to
1933 specified authorization 'group'. It is similar to an additional
1934 filter for unixmap command which filters out all users not
1935 belonging to specified authorization group. Only rules which
1936 generate unix user and group names may be used in this command.
1937 Please read "ARC Computing Element System Administrator Guide"
1938 for more information.
1939 Example:
1941 unixgroup="users simplepool /etc/grid-security/pool/users"
1942 unixvo unixvo vo rule - do mapping only for users belonging to speci‐
1945 fied VO. Only rules which generate unix identity name may be
1946 used in this command. Please read "ARC Computing Element. Sys‐
1947 tem Administrator Guide" for more information. This command is
1948 similar to 'unixgroup' described above and exists for conve‐
1949 nience for setups which base mapping on VOs users belong to.
1950 Example:
1952 unixvo="ATLAS unixuser atlas:atlas"
1953
1956 [gridftpd/filedir] "fileplugin" storage block subblock for "exporting"
1957 a directory using the gridftpd's fileplugin plugin. gridftp plugins
1958 are shared libraries. "filedir" is a unique label. The access control
1959 is set by using the "dir" configuration option
1960 plugin plugin name - specifies name of shared library to be loaded rel‐
1964 ative to "pluginpath". The next line is MUST for a gridftp file
1965 server with "fileplugin", don't change anything
1966 Example:
1968 plugin="fileplugin.so"
1969 groupcfg
1972 groupcfg group_name [group_name ...] - specifies authorization
1973 groups for which this plugin is activated. In case groupcfg is
1974 not used the plugin is loaded for every mapped grid user. Multi‐
1975 ple names were may be specified delimited by blank space. Group
1976 names are as specified in [group] sections.
1977 Example:
1979 groupcfg="users"
1980 path the name of the virtual directory served by the gridftp server,
1983 REQUIRED the exported storage area is accessible as
1984 gsiftp://my_server/topdir. "topdir" is just an example, call
1985 the virtual path anything you like, even "/" is a valid choice.
1986 Example:
1988 path="/topdir"
1989 mount the physical directory corresponding to the virtual one:
1992 gsiftp://my_server/topdir will give access to the /scratch/grid
1993 directory on my_server, REQUIRED
1994 Example:
1996 mount="/scratch/grid"
1997 dir dir - this is the access control parameter, you can have several
2000 "dir" lines controlling different directories within then same
2001 block
2002 dir path options - specifies access rules for accessing files
2004 in 'path' (relative to virtual and real path) and all the files
2005 and directories below.
2006 'options' are:
2007 nouser - do not use local file system rights, only use
2008 those
2009 specifies in this line
2010 owner - check only file owner access rights
2011 group - check only group access rights
2012 other - check only "others" access rights
2013 if none of the above specified usual unix access rights are
2014 applied.
2015 read - allow reading files
2016 delete - allow deleting files
2017 append - allow appending files (does not allow creation)
2018 overwrite - allow overwriting already existing files (does
2019 not
2020 allow creation, file attributes are not changed)
2021 dirlist - allow obtaining list of the files
2022 cd - allow to make this directory current
2023 create owner:group permissions_or:permissions_and - allow
2024 creating
2025 new files. File will be owned by 'owner' and
2026 owning group
2027 will be 'group'. If '*' is used, the user/group
2028 to which
2029 connected user is mapped will be used. The per‐
2030 missions
2031 will be set to permissions_or & permissions_and.
2032 (second
2033 number is reserved for the future usage).
2034 mkdir owner:group permissions_or:permissions_and - allow
2036 creating new directories.
2037 Example:
2039 Set permissions on mounted directory:
2040 dir="/ nouser read cd dirlist delete create *:* 664:664 mkdir
2041 *:* 775:775"
2042 Example:
2044 Adjust permissions on some subdirectories:
2045 dir="/section1 nouser read mkdir *:* 700:700 cd dirlist"
2046 dir="/section2 nouser read mkdir *:* 700:700 cd dirlist"
2047
2050 [gridftpd/jobs] subblock which creates the jobsubmission interface,
2051 using the jobplugin of the gridftpd service. gridftp plugins are
2052 shared libraries. 'jobs' is a unique label.
2053 path the path to the virtual gridftpd directory which is used during
2057 the job submission. MUST be set.
2058 Example:
2060 path="/jobs"
2061 plugin plugin name - specifies name of shared library to be loaded rel‐
2064 ative to "pluginpath". The next line is MUST for a job submis‐
2065 sion service via gridftpd "jobplugin", don't change anything!
2066 Example:
2068 plugin="jobplugin.so"
2069 groupcfg
2072 groupcfg group_name [group_name ...] - specifies authorization
2073 groups for which this plugin is activated. In case groupcfg is
2074 not used the plugin is loaded for every mapped grid user.
2075 Example:
2077 groupcfg="users"
2078 allownew
2081 The 'allownew' configuration parameter sets if the grid resource
2082 accepts submission of new jobs. This parameter can be used to
2083 close down a grid. The default is yes
2084 Example:
2086 allownew="yes"
2087 remotegmdirs
2090 remotegmdirs controldir sessiondir - Specifies control and ses‐
2091 sion directories to which jobs can be submitted but which are
2092 under the control of another A-REX. The corresponding controldir
2093 and sessiondir parameters must be defined in another A-REX's
2094 configuration. Multiple remotegmdirs can be specified.
2095 Example:
2097 remotegmdirs="/mnt/host1/control /mnt/host1/session"
2098 maxjobdesc
2101 maxjobdesc size - specifies maximal allowed size of job descrip‐
2102 tion in bytes. Default value is 5MB. If value is missing or 0
2103 size is not limited.
2104 Example:
2106 maxjobdesc="5242880"
2107 configfile
2110 configfile service_configuration_path - If [gridftpd] and [grid-
2111 manager] configuration parts are located in separate files this
2112 configuration option allows to link them. The service_configura‐
2113 tion_path points to configuration file containing [grid-manager]
2114 section. Use this option only if You really know what You are
2115 doing.
2116 Example:
2118 configfile="/etc/arc.conf"
2119
2122 [infosys] block configures the hosting environment of the Information
2123 services (Local Info Tree, Index Service, Registrations, see the Infor‐
2124 mation System manual) provided by the OpenLDAP slapd server.
2125 infosys_compat
2129 infosys_compat - Setting this variable will cause ARC to use the
2130 old infoproviders. Basically, the new version uses A-REX to
2131 create LDIF while the old version uses a BDII provider-script to
2132 do it. The new version is required for GLUE2 output.
2133 Example:
2135 infosys_compat="disable"
2136 infoproviders_timeout
2139 infoproviders_timeout - this only applies to new infoproviders.
2140 it changes A-REX behaviour with respect to a single infoprovider
2141 run. Increase this value if you have many jobs in the con‐
2142 troldir and infoproviders need more time to process. The value
2143 is in seconds. Default is 600 seconds.
2144 Example:
2146 infoproviders_timeout = "600"
2147 debug debug - sets the debug level/verbosity of the startup script {0
2150 or 1}. Default is 0.
2151 Example:
2153 debug="1"
2154 hostname
2157 hostname - the hostname of the machine running the slapd service
2158 will be the bind for slapd. If not present, will be taken from
2159 the [common] block or guessed
2160 Example:
2162 hostname="my.testbox"
2163 port port - the port where the slapd service runs. Default infosys
2166 port is 2135.
2167 Example:
2169 port="2135"
2170 slapd_loglevel
2173 slapd_loglevel - sets the native slapd loglevel (see man slapd).
2174 Slapd logs via syslog. The default is set to no-logging (0) and
2175 it is RECOMMENDED not to be changed in a production environment.
2176 Non-zero slap_loglevel value causes serious performance
2177 decrease.
2178 Example:
2180 slapd_loglevel="0"
2181 slapd_hostnamebind
2184 slapd_hostnamebind - may be used to set the hostname part of the
2185 network interface to which the slapd process will bind. Most of
2186 the cases no need to set since the hostname configuration param‐
2187 eter is already sufficient. The default is empty. The example
2188 below will bind the slapd process to all the network interfaces
2189 available on the server.
2190 Example:
2192 slapd_hostnamebind="*"
2193 threads
2196 threads - the native slapd threads parameter, default is 32. If
2197 you run an Index service too you should modify this value.
2198 Example:
2200 threads="128"
2201 timelimit
2204 timelimit - the native slapd timelimit parameter. Maximum number
2205 of seconds the slapd server will spend answering a search
2206 request. Default is 3600. You probably want a much lower value.
2207 Example:
2209 timelimit="1800"
2210 idletimeout
2213 idletimeout - the native slapd idletimeout parameter. Maximum
2214 number of seconds the slapd server will wait before forcibly
2215 closing idle client connections. Its value must be larger than
2216 the value of "timelimit" option. If not set, it defaults to
2217 timelimit + 1.
2218 Example:
2220 idletimeout="1800"
2221 ldap_schema_dir
2224 ldap_schema_dir - allows to explicitly specify a path to the
2225 schema files. Note that this doesn't override standard location,
2226 but adds the specified path to the standard locations /etc/ldap
2227 and /etc/openldap. If you plan to relocate Glue1 and GLUE2
2228 schemas, all these should be in the same directory that you
2229 specify here. this option does NOT apply to nordugrid.schema
2230 file. Such file has a release dependent location. Default is to
2231 use only standard locations described above.
2232 Example:
2234 ldap_schema_dir="/nfs/ldap/schema/"
2235 oldconfsuffix
2238 oldconfsuffix .suffix - sets the suffix of the backup files of
2239 the low-level slapd configuration files in case they are regen‐
2240 erated. Default is ".oldconfig".
2241 Example:
2243 oldconfsuffix=".oldconfig"
2244 overwrite_config
2247 overwrite_config yes|no - determines if the infosys startup
2248 scripts should generate new low-level slapd configuration files.
2249 By default the low-level configuration files are regenerated
2250 with every server startup making use of the values specified in
2251 the arc.conf.
2252 Example:
2254 overwrite_config="yes"
2255 registrationlog
2258 registrationlog path - specifies the logfile for the registra‐
2259 tion processes initiated by your machine. Default is
2260 "/var/log/arc/inforegistration.log"
2261 Example:
2263 registrationlog="/var/log/arc/inforegistration.log"
2264 providerlog
2267 providerlog path - Specifies log file location for the informa‐
2268 tion provider scripts. The feature is only available with >=
2269 0.5.26 tag. Default is "/var/log/arc/infoprovider.log"
2270 Example:
2272 providerlog="/var/log/arc/infoprovider.log"
2273 provider_loglevel
2276 provider_loglevel - loglevel for the infoprovider scripts (0-5).
2277 The default is 1 (critical errors are logged)
2278 Example:
2280 provider_loglevel="2"
2281 user user unix_user - the unix user running the infosys processes
2284 such as the slapd, the registrations and infoprovider scripts.
2285 By default the ldap-user is used, you can run it as root if you
2286 wish. In case of non-root value you must make sure that the A-
2287 REX directories and their content are readable by the 'user' and
2288 the 'user' has access to the full LRMS information including
2289 jobs submitted by other users. The A-REX directories (con‐
2290 troldir, sessiondir runtimedir, cachedir) are specified in the
2291 [grid-manager] block
2292 Example:
2294 user="root"
2295 giis_location
2298 giis_location - If giis_location is not set, ARC_LOCATION will
2299 be used instead.
2300 Example:
2302 giis_location="/usr/"
2303 infosys_nordugrid
2306 These three variables decide which schema should be used for
2307 publishing data. They can all be enabled at the same time.
2308 Default is to enable nordugrid mds and disable glue.
2309 infosys_nordugrid - Enables NorduGrid schema
2310 Example:
2312 infosys_nordugrid="enable"
2313 infosys_glue12
2316 infosys_glue12 - Enables glue1.2/1.3 schema If infosys_glue12 is
2317 enabled, then resource_location, resource_latitude and
2318 resource_longitude need to be set in the [infosys/glue12] block.
2319 These variables do not have default values. The rest of the
2320 variables defaults are showcased below.
2321 Example:
2323 infosys_glue12="disable"
2324 infosys_glue2_ldap
2327 infosys_glue2 - Enables GLUE2 schema
2328 Example:
2330 infosys_glue2_ldap="disable"
2331 infosys_glue2_ldap_showactivities
2334 infosys_glue2_ldap_showactivities - Enables GLUE2 ComputingAc‐
2335 tivities to appear in the LDAP rendering they're currently dis‐
2336 abled by default.
2337 Example:
2339 infosys_glue2_ldap_showactivities="disable"
2340 infosys_glue2_service_qualitylevel
2343 infosys_glue2_service_qualitylevel - Allows a sysadmin to define
2344 a different GLUE2 QualityLevel for A-REX. This can be used for
2345 operations. default: production Allowed value is one of: "pro‐
2346 duction", "pre-production", "testing", "development" Refer to
2347 GLUE2 documentation for the meaning of these strings.
2348 Example:
2350 infosys_glue2_service_qualitylevel="production"
2351 slapd slapd - Configure where the slapd command is located, default
2354 is: /usr/sbin/slapd
2355 Example:
2357 slapd="/usr/sbin/slapd"
2358 slapadd
2361 slapadd - Configure where the slapadd command is located,
2362 default is: /usr/sbin/slapadd
2363 Example:
2365 slapadd="/usr/sbin/slapadd"
2366
2369 Starting from 11.05, Nordugrid ARC only supports BDII5. These vari‐
2370 ables are usually automatically set by ARC, and are here mostly for
2371 debug purposes and to tweak exotic BDII5 installations. In general, a
2372 sysadmin should not set these.
2373 bdii_debug_level
2376 bdii_debug_level - set the following to DEBUG to check bdii
2377 errors in bdii-update.log useful not to enable slapd logs reduc‐
2378 ing performance issues.
2379 Example:
2381 bdii_debug_level="ERROR"
2382 provider_timeout
2385 provider_timeout - This variable allows a system administrator
2386 to modify the behaviour of bdii-update. This is the time BDII
2387 waits for the scripts generated by A-REX infoproviders to pro‐
2388 duce their output. Default is 300 seconds.
2389 Example:
2391 provider_timeout=300
2392 infosys_debug
2395 infosys_debug - This variable disables/enables an ldap-database
2396 containing information about the ldap database itself on
2397 "o=infosys" it is very useful for debugging. Default is enabled.
2398 Example:
2400 infosys_debug="disable"
2401 BDII5 uses the following variables. These might change depending on
2404 BDII version. ARC sets them by inspecting distributed bdii configura‐
2405 tion files. DO NOT CHANGE UNLESS YOU KNOW WHAT YOU'RE DOING
2406 bdii_location
2409 bdii_location - The installation directory for the BDII.
2410 Default is /usr
2411 Example:
2413 bdii_location="/usr"
2414 bdii_var_dir
2417 bdii_var_dir - Contains BDII pid files and slapd pid files
2418 Example:
2420 bdii_var_dir="/var/run/arc/bdii"
2421 bdii_log_dir
2424 bdii_log_dir - Contains infosys logs
2425 Example:
2427 bdii_log_dir="/var/log/arc/bdii"
2428 bdii_tmp_dir
2431 bdii_tmp_dir - Contains provider scripts
2432 Example:
2434 bdii_tmp_dir="/var/tmp/arc/bdii"
2435 bdii_lib_dir
2438 bdii_lib_dir - Contains slapd databases
2439 Example:
2441 bdii_lib_dir="/var/lib/arc/bdii"
2442 bdii_update_pid_file
2445 bdii_update_pid_file, slapd_pid_file - Allows to change bdii-
2446 update and slapd pidfiles filename and location
2447 Example:
2449 bdii_update_pid_file="/var/run/arc/bdii-update.pid"
2450 slapd_pid_file="$bdii_var_dir/db/slapd.pid"
2451 bdii_database
2454 bdii_database - Configure what ldap database backend should be
2455 used, default is: bdb
2456 Example:
2458 bdii_database="bdb"
2459 The following options are for tweaking only. Usually one should not
2462 configure them. They change the BDII configuration file generated by
2463 ARC. Please consult BDII manual for details.
2464 bdii_conf
2467 bdii_conf - Location of the bdii configuration file. ARC modi‐
2468 fies the original and sets it as default
2469 /var/run/arc/infosys/bdii.conf
2470 Example:
2472 bdii_conf="/var/run/arc/infosys/bdii.conf"
2473 Command line options used to run bdii-update. ARC finds it looking
2476 into bdii configuration. default: ${bdii_location}/sbin/bdii-update
2477 bdii_update_cmd
2479 bdii_archive_size
2480 bdii_db_config
2481 bdii_breathe_time
2482 bdii_delete_delay
2483 bdii_read_timeout
2484 bdii_run_dir
2485 bindmethod
2486 cachettl
2487 db_archive
2488 db_checkpoint
2489
2492 giis_fifo
2493 giis_fifo - path to fifo used by EGIIS. default is
2494 /var/run/arc/giis-fifo This file is automatically created by
2495 ARC, the option is only for tweaking.
2496 Example:
2498 giis_fifo=/var/run/arc/giis-fifo
2499 LDAP parameters of the cluster.pl (old) infoprovider, use the defaults,
2502 do NOT change them unless you know what you are doing
2503 cachetime
2506 cachetime affects old infoproviders, and forces the validity
2507 time of the record.
2508 Example:
2510 cachetime="30"
2511 sizelimit
2514 sizelimit affects registration to egiis
2515 Example:
2517 sizelimit="10"
2518 slapd_cron_checkpoint
2521 slapd_cron_checkpoint - LDAP checkpoint enable/disable This
2522 option was introduced to solve bug #2032, to reduce the number
2523 of log files produced by BDII. It is usually not needed, but if
2524 BDII produces large logs and huge number of files, should help
2525 solving the issues related to that.
2526 Example:
2528 slapd_cron_checkpoint="enable"
2529
2532 This block holds information that is needed by the glue 1.2 generation.
2533 This is only necessary if infosys_glue12 is enabled.
2534 resource_location
2538 These variables need to be set if infosys_glue12 is enabled.
2539 IMPORTANT: no slashes or backslashes here! Example: "Kastrup,
2540 Denmark"
2541 Example:
2543 resource_location=""
2544 resource_latitude
2547 Example: "55.75000"
2548 Example:
2550 resource_latitude=""
2551 resource_longitude
2554 Example: "12.41670"
2555 Example:
2557 resource_longitude=""
2558 cpu_scaling_reference_si00
2561 Example 2400
2562 Example:
2564 cpu_scaling_reference_si00=""
2565 processor_other_description
2568 Example Cores=3,Benchmark=9.8-HEP-SPEC06
2569 Example:
2571 processor_other_description=""
2572 glue_site_web
2575 Example http://www.ndgf.org
2576 Example:
2578 glue_site_web=""
2579 glue_site_unique_id
2582 Example NDGF-T1
2583 Example:
2585 glue_site_unique_id=""
2586 provide_glue_site_info
2589 This variable decides if the GlueSite should be published. In
2590 case you want to set up a more complicated setup with several
2591 publishers of data to a GlueSite, then you may wish to tweak
2592 this parameter.
2593 Example:
2595 provide_glue_site_info="true"
2596
2599 [infosys/site/sitename] Site BDII configuration block, this block is
2600 used to configure ARC to generate a site-bdii that can be registered in
2601 GOCDB etc to make it a part of a gLite network. The sitename part is to
2602 be declarative of the site-bdii being generated.
2603 unique_id
2607 The unique id used to identify this site, eg "NDGF-T1"
2608 Example:
2610 unique_id=""
2611 url The URL is of the format: ldap://host.domain:2170/mds-vo-
2614 name=something,o=grid and should point to the resource-bdii
2615 Example:
2617 url=""
2618
2621 [infosys/admindomain] GLUE2 AdminDomain configuration block, to config‐
2622 ure administrative items of the cluster. This values do not affect nei‐
2623 ther glue12 or nordugrid renderings. If the whole block is not speci‐
2624 fied, will default to an AdminDomain called UNDEFINEDVALUE.
2625 name name - the Name attribute for the domain. This will show in top-
2629 BDII to group the resources belonging to this cluster. to group
2630 a bunch of clusters under the same AdminDomain, just use the
2631 same name. If not specified, will default to UNDEFINEDVALUE.
2632 Example:
2634 name="ARC-TESTDOMAIN"
2635 description
2638 description - description of this domain. Not mandatory.
2639 Example:
2641 description="ARC test Domain"
2642 www www - URL pointing at a site holding information about the
2645 AdminDomain. Not mandatory.
2646 Example:
2648 www="http://www.nordugrid.org/"
2649 distributed
2652 distributed - set this to yes if the domain is distributed that
2653 means, if the resources belonging to the domain are considered
2654 geographically distributed.
2655 Example:
2657 distributed=yes
2658 owner owner - contact email of a responsible subject for the domain
2661 Example:
2663 owner=admin@nordugrid.org
2664 otherinfo
2667 otherinfo - fills the OtherInfo GLUE2 field. no need to set,
2668 used only for future development.
2669 Example:
2671 otherinfo=Test Other info
2672
2675 [infosys/index/indexname] Index Service block configures and enables an
2676 Information Index Service. A separate Index block is required for every
2677 Index Service you may run on the given machine. The 'indexname' con‐
2678 stitutes to the
2679 name name - The unique (within the hosting machine) name of the Index
2683 Service. Its value becomes part of the LDAP suffix of the Index
2684 Service: (mds-vo-name=value of the name attribute, o=grid)
2685 Example:
2687 name="indexname"
2688 allowreg
2691 allowregistration - Implements registration filtering within an
2692 Index Sevice Sets the Local Information Trees or lower level
2693 Index Services allowed to register to the Index Service. List
2694 each allowed registrants with the allowreg attribute.
2695 WARNING: specifying allowreg implies setting up a strict filter‐
2697 ing, only the matching registrants will be able to register to
2698 the Index. The wildcard * can be used in allowreg. Several
2699 allowreg lines can be used. Some examples:
2700 -All the Swedish machines can register regardless they are
2701 resources or Indices allowreg="*.se:2135"
2702 -Cluster resources from Denmark can register
2703 allowreg="*.dk:2135/nordugrid-cluster-name=*, Mds-Vo-name=local,
2704 o=grid"
2705 -Storage resources from HIP, Finland can register
2706 allowreg="*hip.fi:2135/nordugrid-se-name=*, Mds-Vo-name=local,
2707 o=grid"
2708 -The index1.sweden.se can register as a Sweden Index (and only
2709 as a Sweden Index) allowreg="index1.sweden.se:2135/Mds-vo-
2710 Name=Sweden,o=Grid"
2711 -Any Index Service can register allowreg="*:2135/Mds-vo-
2712 Name=*,o=Grid"
2713 Example:
2715 allowreg="trusted.host.org.se:2135/Mds-vo-Name=Trusted-
2716 Index,o=Grid"
2717
2720 [infosys/index/indexname/registration/registrationname] Index service
2721 registration block This block enables a registration process initiated
2722 by the to a target Index Service. NorduGrid maintains a webpage with
2723 information on major Index Services: http://www.nordugrid.org/Nor‐
2724 duGridMDS/index_service.html
2725 targethostname
2729 targethostname - the hostname of the machine running the regis‐
2730 tration target Index Service
2731 Example:
2733 targethostname="index.myinstitute.org"
2734 targetport
2737 targetport - the port on which the target Index Service is run‐
2738 ning. The default is the 2135 Infosys port.
2739 Example:
2741 targetport="2135"
2742 targetsuffix
2745 targetsuffix - the LDAP suffix of the target Index Service
2746 Example:
2748 targetsuffix="mds-vo-name=BigIndex,o=grid"
2749 regperiod
2752 regperiod - The registration period in seconds, the registration
2753 messages are continously sent according to the regperiod.
2754 Default is 120 sec.
2755 Example:
2757 regperiod="300"
2758 registranthostname
2761 registranthostname - the hostname of the machine sending the
2762 registrations. This attribute inherits its value from the [com‐
2763 mon] and [infosys] blocks, most cases no need to set.
2764 Example:
2766 registranthostname="myhost.org"
2767 registrantport
2770 registrantport - the port of the slapd service hosting the reg‐
2771 istrant Index Service. The attribute inherits its value from the
2772 [infosys] block (and therefore defaults to 2135)
2773 Example:
2775 registrantport="2135"
2776 registrantsuffix
2779 registrantsuffix - the LDAP suffix of the registrant Index Ser‐
2780 vice. It is automatically determined from the registration
2781 block name, therefore most of the cases no need to specify. In
2782 this case the default registrantsuffix will be:
2783 "Mds-Vo-name=indexname"
2784 please mind uppercase/lowercase characters in the above string
2786 when defining allowreg in an index! Don't set it unless you
2787 want to overwrite the default.
2788 Example:
2790 registrantsuffix="mds-vo-name=indexname,o=grid"
2791
2795 This block configures how your cluster is seen on the grid monitor
2796 (infosys point of view). Please consult the Infosys manual for detailed
2797 information on cluster attributes. If you want your cluster (config‐
2798 ured below) to appear in the infosys (on the monitor) you also need to
2799 create a cluster registration block (see the next block).
2800 hostname
2804 hostname - the FQDN of the frontend node, if the hostname is not
2805 set already in the common block then it MUST be set here
2806 Example:
2808 hostname="myhost.org"
2809 interactive_contactstring
2812 interactive_contactstring - the contact string for interactive
2813 logins, set this if the cluster supports some sort of grid-
2814 enabled interactive login (gsi-ssh), multivalued
2815 Example:
2817 interactive_contactstring="gsissh://frontend.cluster:2200"
2818 cluster_alias
2821 alias - an arbitrary alias name of the cluster, optional
2822 Example:
2824 cluster_alias="Big Blue Cluster in Nowhere"
2825 comment
2828 comment - a free text field for additional comments on the clus‐
2829 ter in a single line, no newline character is allowed!
2830 Example:
2832 comment="This cluster is specially designed for XYZ applica‐
2833 tions: www.xyz.org"
2834 cluster_location
2837 cluster_location - The geographical location of the cluster,
2838 preferably specified as a postal code with a two letter country
2839 prefix
2840 Example:
2842 cluster_location="DK-2100"
2843 cluster_owner
2846 cluster_owner - it can be used to indicate the owner of a
2847 resource, multiple entries can be used
2848 Example:
2850 cluster_owner="World Grid Project"
2851 cluster_owner="University of NeverLand"
2852 authorizedvo
2855 authorizedvo - this attribute is used to advertise which VOs are
2856 authorized on the cluster. Multiple entries are allowed. This
2857 entries will be shown in GLUE2 AccessPolicy and MappingPolicy
2858 objects.
2859 Example:
2861 authorizedvo="developer.nordugrid.org"
2862 authorizedvo="community.nordugrid.org"
2863 clustersupport
2866 clustersupport - this is the support email address of the
2867 resource, multiple entries can be used
2868 Example:
2870 clustersupport="grid.support@mysite.org"
2871 clustersupport="grid.support@myproject.org"
2872 lrmsconfig
2875 lrmsconfig - an optional free text field to describe the config‐
2876 uration of your Local Resource Management System (batch system).
2877 Example:
2879 lrmsconfig="single job per processor"
2880 homogeneity
2883 homogeneity - determines whether the cluster consists of identi‐
2884 cal NODES with respect to cputype, memory, installed software
2885 (opsys). The frontend is NOT needed to be homogeneous with the
2886 nodes. In case of inhomogeneous nodes, try to arrange the nodes
2887 into homogeneous groups assigned to a queue and use queue-level
2888 attributes. Possible values: True,False, the default is True.
2889 False will trigger multiple GLUE2 ExecutionEnvironments to be
2890 published if applicable.
2891 Example:
2893 homogeneity="True"
2894 architecture
2897 architecture - sets the hardware architecture of the NODES. The
2898 "architecture" is defined as the output of the "uname -m" (e.g.
2899 i686). Use this cluster attribute if only the NODES are homoge‐
2900 neous with respect to the architecture. Otherwise the queue-
2901 level attribute may be used for inhomogeneous nodes. If the
2902 frontend's architecture agrees to the nodes, the "adotf" (Auto‐
2903 matically Determine On The Frontend) can be used to request
2904 automatic determination.
2905 Example:
2907 architecture="adotf"
2908 opsys opsys - this multivalued attribute is meant to describe the
2911 operating system of the computing NODES. Set it to the opsys
2912 distribution of the NODES and not the frontend! opsys can also
2913 be used to describe the kernel or libc version in case those
2914 differ from the originally shipped ones. The distribution name
2915 should be given as distroname-version.number, where spaces are
2916 not allowed. Kernel version should come in the form kernelname-
2917 version.number. If the NODES are inhomogeneous with respect to
2918 this attribute do NOT set it on cluster level, arrange your
2919 nodes into homogeneous groups assigned to a queue and use queue-
2920 level attributes.
2921 Example:
2923 opsys="Linux-2.6.18"
2924 opsys="glibc-2.5.58"
2925 opsys="CentOS-5.6"
2926 nodecpu
2929 nodecpu - this is the cputype of the homogeneous nodes. The
2930 string is constructed from the /proc/cpuinfo as the value of
2931 "model name" and "@" and value of "cpu MHz". Do NOT set this
2932 attribute on cluster level if the NODES are inhomogeneous with
2933 respect to cputype, instead arrange the nodes into homogeneous
2934 groups assigned to a queue and use queue-level attributes. Set‐
2935 ting the nodecpu="adotf" will result in Automatic Determination
2936 On The Frontend, which should only be used if the frontend has
2937 the same cputype as the homogeneous nodes.
2938 Example:
2940 nodecpu="AMD Duron(tm) Processor @ 700 MHz"
2941 nodememory
2944 nodememory - this is the amount of memory (specified in MB) on
2945 the node which can be guaranteed to be available for the appli‐
2946 cation. Please note in most cases it is less than the physical
2947 memory installed in the nodes. Do NOT set this attribute on
2948 cluster level if the NODES are inhomogeneous with respect to
2949 their memories, instead arrange the nodes into homogeneous
2950 groups assigned to a queue and use queue-level attributes.
2951 Example:
2953 nodememory="512"
2954 defaultmemory
2957 defaultmemory - If a user submits a job without specifying how
2958 much memory should be used, this value will be taken first. The
2959 order is: xrsl -> defaultmemory -> nodememory -> 1GB. This is
2960 the amount of memory (specified in MB) that a job will
2961 request(per rank).
2962 Example:
2964 defaultmemory="512"
2965 benchmark
2968 benchmark name value - this optional multivalued attribute can
2969 be used to specify benchmark results on the cluster level. Use
2970 this cluster attribute if only the NODES are homogeneous with
2971 respect to the benchmark performance. Otherwise the similar
2972 queue-level attribute should be used. Please try to use one of
2973 standard benchmark names given below if possible.
2974 Example:
2976 benchmark="SPECINT2000 222"
2977 benchmark="SPECFP2000 333"
2978 middleware
2981 middleware - the multivalued attribute shows the installed grid
2982 software on the cluster, nordugrid and globus-ng is automati‐
2983 cally set, no need to specify middleware=nordugrid or middle‐
2984 ware=globus
2985 Example:
2987 middleware="my grid software"
2988 nodeaccess
2991 nodeaccess - determines how the nodes can connect to the inter‐
2992 net. Not setting anything means the nodes are sitting on a pri‐
2993 vate isolated network. "outbound" access means the nodes can
2994 connect to the outside world while "inbound" access means the
2995 nodes can be connected from outside. inbound & outbound access
2996 together means the nodes are sitting on a fully open network.
2997 Example:
2999 nodeaccess="inbound"
3000 nodeaccess="outbound"
3001 dedicated_node_string
3004 dedicated_node_string - the string which is used in the PBS node
3005 configuration to distinguish the grid nodes from the rest. Sup‐
3006 pose only a subset of nodes are available for grid jobs, and
3007 these nodes have a common "node property" string, this case the
3008 dedicated_node_string should be set to this value and only the
3009 nodes with the corresponding "pbs node property" are counted as
3010 grid enabled nodes. Setting the dedicated_node_string to the
3011 value of the "pbs node property" of the grid-enabled nodes will
3012 influence how the totalcpus, user freecpus is calculated. You
3013 don't need to set this attribute if your cluster is fully avail‐
3014 able for the grid and your cluster's PBS configuration does not
3015 use the "node property" method to assign certain nodes to grid
3016 queues. You shouldn't use this configuration option unless you
3017 make sure your PBS configuration makes use of the above
3018 described setup.
3019 Example:
3021 dedicated_node_string="gridnode"
3022 localse
3025 localse - this multivalued parameter tells the BROKER that cer‐
3026 tain URLs (and locations below that) should be considered
3027 "locally" available to the cluster.
3028 Example:
3030 localse="gsiftp://my.storage/data1/"
3031 localse="gsiftp://my.storage/data2/"
3032 gm_mount_point
3035 gm_mount_point - this is the same as the "path" from the
3036 [gridftpd/jobs] block. The default is "/jobs". Will be cleaned
3037 up later, do NOT touch it.
3038 Example:
3040 gm_mount_point="/jobs"
3041 gm_port
3044 gm_port - this is the same as the "port" from the [gridftpd]
3045 block. The default is "2811". Will be cleaned up later.
3046 Example:
3048 gm_port="2811"
3049 cpudistribution
3052 cpudistribution - this is the CPU distribution over nodes given
3053 in the form: ncpu:m where
3054 n is the number of CPUs per machine
3055 m is the number of such computers
3056 Example: 1cpu:3,2cpu:4,4cpu:1 represents a cluster with 3 single
3058 CPU machines, 4 dual CPU machines, one machine with 4 CPUs.
3059 This command is needed to tweak and overwrite the values
3060 returned by the underlying LRMS. In general there is no need to
3061 configure it.
3062 Example:
3064 cpudistribution=1cpu:3,2cpu:4,4cpu:1
3065
3068 Computing resource (cluster) registration block configures and enables
3069 the registration process of a computing resource to an Index Service.
3070 A cluster can register to several Index Services this case each regis‐
3071 tration process should have its own block. NorduGrid maintains a web‐
3072 page with information on major Index Services: http://www.nor‐
3073 dugrid.org/NorduGridMDS/index_service.html
3074 targethostname
3078 targethostname - see description earlier
3079 Example:
3081 targethostname="index.myinstitute.org"
3082 targetport
3085 targetport - see description earlier
3086 Example:
3088 targetport="2135"
3089 targetsuffix
3092 targetsuffix - see description earlier
3093 Example:
3095 targetsuffix="mds-vo-name=BigIndex,o=grid"
3096 regperiod
3099 regperiod - see description earlier
3100 Example:
3102 regperiod="300"
3103 registranthostname
3106 registranthostname - see description earlier
3107 Example:
3109 registranthostname="myhost.org"
3110 registrantport
3113 registrantport - see description earlier
3114 Example:
3116 registrantport="2135"
3117 registrantsuffix
3120 registrantsuffix - the LDAP suffix of the registrant cluster
3121 resource It is automatically determined from the [infosys] block
3122 and the registration blockname. In this case the default regis‐
3123 trantsuffix will be:
3124 "nordugrid-cluster-name=hostname,Mds-Vo-name=local,o=Grid"
3125 please mind uppercase/lowercase characters above if defining
3127 allowreg in an index! Don't set it unless you want to overwrite
3128 the default.
3129 Example:
3131 registrantsuffix="nordugrid-cluster-name=myhost.org,Mds-Vo-
3132 name=local,o=grid"
3133
3136 Each grid-enabled queue should have a separate queue block. The queue‐
3137 name should be used as a label in the block name. A queue can repre‐
3138 sent a PBS/LSF/SGE/SLURM/LL queue, a SGE pool, a Condor pool or a sin‐
3139 gle machine in case 'fork' type of LRMS is specified in the [common]
3140 block.
3141 Queues don't need to be registered (there is no queue registration
3143 block), once you configured your cluster to register to an Index Ser‐
3144 vice the queue entries (configured with this block) automatically will
3145 be there. Please consult the ARC Information System manual for
3146 detailed information on queue attributes:
3147 http://www.nordugrid.org/documents/arc_infosys.pdf
3148 use the queue_name for labeling the block. The special name 'fork'
3150 should be used for labeling the queue block in case you specified
3151 'fork' type of LRMS in the [common] block.
3152 name name sets the name of the grid-enabled queue. It MUST match the
3156 queue_name label of the corresponding queue block, see above.
3157 Use "fork" if you specified 'fork' type of LRMS in the [common]
3158 block. Queue name MUST be specified, even if the queue block is
3159 already correctly labeled.
3160 Example:
3162 name="gridlong"
3163 homogeneity
3166 homogeneity - determines whether the queue consists of identical
3167 NODES with respect to cputype, memory, installed software
3168 (opsys). In case of inhomogeneous nodes, try to arrange the
3169 nodes into homogeneous groups and assigned them to a queue.
3170 Possible values: True,False, the default is True.
3171 Example:
3173 homogeneity="True"
3174 scheduling_policy
3177 scheduling_policy - this optional parameter tells the
3178 schedulling policy of the queue, PBS by default offers the FIFO
3179 scheduller, many sites run the MAUI. At the moment FIFO & MAUI
3180 is supported. If you have a MAUI scheduller you should specify
3181 the "MAUI" value since it modifies the way the queue resources
3182 are calculated. BY default the "FIFO" sceduller is assumed.
3183 Example:
3185 scheduling_policy="FIFO"
3186 comment
3189 comment - a free text field for additional comments on the queue
3190 in a single line, no newline character is allowed!
3191 Example:
3193 comment="This queue is nothing more than a condor pool"
3194 maui_bin_path
3197 maui_bin_path - set this parameter for the path of the maui com‐
3198 mands like showbf in case you specified the "MAUI" schedul‐
3199 ing_policy above. This parameter can be set in the [common]
3200 block as well.
3201 Example:
3203 maui_bin_path="/usr/local/bin"
3204 queue_node_string
3207 queue_node_string - In PBS you can assign nodes to a queue (or a
3208 queue to nodes) by using the "node property" PBS node configura‐
3209 tion method and asssigning the marked nodes to the queue (set‐
3210 ting the resources_default.neednodes = queue_node_string for
3211 that queue). This parameter should contain the "node property"
3212 string of the queue-assigned nodes. Setting the
3213 queue_node_string changes how the queue-totalcpus, user freecpus
3214 are determined for this queue. Essentially, queue_node_string
3215 value is used to construct nodes= string in PBS script, such as
3216 nodes=count:queue_node_string where count is taken from the job
3217 description (1 if not specified). You shouldn't use this option
3218 unless you are sure that your PBS configuration makes use of the
3219 above configuration. Read NorduGrid PBS instructions for more
3220 information:
3221 http://www.nordugrid.org/documents/pbs-config.html
3222 Example:
3224 queue_node_string="gridlong_nodes"
3225 queue_node_string="ppn=4:ib"
3226 sge_jobopts
3229 sge_jobopts - additional SGE options to be used when submitting
3230 jobs to SGE from this queue. If in doubt, leave it commented
3231 out
3232 Example:
3234 sge_jobopts="-P atlas -r yes"
3235 condor_requirements
3238 condor_requirements - only needed if using Condor. It needs to
3239 be defined for each queue. Use this option to determine which
3240 nodes belong to the current queue. The value of 'con‐
3241 dor_requirements' must be a valid constraints string which is
3242 recognized by a condor_status -constraint '....' command. It can
3243 reference pre-defined ClassAd attributes (like Memory, Opsys,
3244 Arch, HasJava, etc) but also custom ClassAd attributes. To
3245 define a custom attribute on a condor node, just add two lines
3246 like the ones below in the `hostname`.local config file on the
3247 node:
3248 NORDUGRID_RESOURCE=TRUE
3249 STARTD_EXPRS = NORDUGRID_RESOURCE, $(STARTD_EXPRS)
3250 A job submitted to this queue is allowed to run on any node
3252 which satisfies the 'condor_requirements' constraint. If 'con‐
3253 dor_requirements' is not set, jobs will be allowed to run on any
3254 of the nodes in the pool. When configuring multiple queues, you
3255 can differentiate them based on memory size or disk space, for
3256 example:
3257 Example:
3259 condor_requirements="(OpSys == "linux" && NORDUGRID_RESOURCE &&
3260 Memory >= 1000 && Memory < 2000)"
3261 lsf_architecture
3264 CPU architecture to request when submitting jobs to LSF. Use
3265 only if you know what you are doing.
3266 Example:
3268 lsf_architecture="PowerPC"
3269 totalcpus
3272 totalcpus - manually sets the number of cpus assigned to the
3273 queue. No need to specify the parameter in case the
3274 queue_node_string method was used to assign nodes to the queue
3275 (this case it is dynamically calculated and the static value is
3276 overwritten) or when the queue have access to the entire cluster
3277 (this case the cluster level totalcpus is the relevant parame‐
3278 ter). Use this static parameter only if some special method is
3279 applied to assign a subset of totalcpus to the queue.
3280 Example:
3282 totalcpus="32"
3283 nodecpu
3286 queue-level configuration parameters: nodecpu, nodememory,
3287 architecture, opsys and benchmark should be set if they are
3288 homogeneous over the nodes assigned to the queue AND they are
3289 different from the cluster-level value. Their meanings are
3290 described in the cluster block. Usage: this queue collects nodes
3291 with "nodememory=512" while another queue has nodes with "node‐
3292 memory=256" -> don't set the cluster attributes but use the
3293 queue-level attributes. When the frontend's architecture or
3294 cputype agrees with the queue nodes, the "adotf" (Automatically
3295 Determine On The Frontend) can be used to request automatic
3296 determination of architecture or nodecpu.
3297 Example:
3299 nodecpu="adotf"
3300 nodememory="512"
3301 architecture="adotf"
3302 opsys="Fedora 16"
3303 opsys="Linux-3.0"
3304 benchmark="SPECINT2000 222"
3305 benchmark="SPECFP2000 333"
3306 ac_policy
3309 queue access policy rules based on VOMS attributes in user's
3310 proxy certificate (requires the arc-vomsac-check plugin to be
3311 enabled). Matching rules have the following format:
3312 ac_policy="[+/-]VOMS: <FQAN>"
3313 Please read arc-vomsac-check manual page for more information.
3315 Example:
3317 ac_policy="-VOMS: /badvo"
3318 ac_policy="VOMS: /.*/Role=production"
3319 authorizedvo
3322 authorizedvo - this attribute is used to advertise which VOs are
3323 authorized on the specific queue. Multiple entries are allowed.
3324 This entries will be shown in the MappingPolicy objects. If
3325 something is already defined in the [cluster] block, the shown
3326 VOs will be the union set of those defined in [cluster] with
3327 those specific to this [queue] block.
3328 Example:
3330 authorizedvo="LocalUsers"
3331 authorizedvo="atlas"
3332 authorizedvo="community.nordugrid.org"
3333 cachetime
3336 this affects old infoproviders, and forces the validity time of
3337 the record.
3338 Example:
3340 cachetime="30"
3341 sizelimit
3344 sizelimit affects registration to EGIIS
3345 Example:
3347 sizelimit="5000"
3348
3352 Services registration into EMIR block configures and enables the regis‐
3353 tration process of a services enabled in this configuration file into
3354 EMI indexing service (EMIR).
3355 emirurls
3359 List of URL separated by comma of EMIR services which are to
3360 accept registration. This is mandatory.
3361 Example:
3363 emirurls="https://somehost:60002/emir"
3364 validity
3367 Time in seconds for which registration records should stay
3368 valid.
3369 Example:
3371 validity=600
3372 period Time in seconds how othen registration record should be sent to
3375 the registration service.
3376 Example:
3378 period=60
3379 disablereg_xbes
3382 disablereg_xbes may be used to selectively disable registration
3383 of A-REX service. Possible values are yes and no. Default is no,
3384 Example:
3386 disablereg_xbes="no"
3387
3390 [nordugridmap] block configuration is used to fine-tune behaviour of
3391 the nordugridmap - an ARC tool used to generate grid-mapfiles. Please
3392 refer to [vo] block description to find information how to specify VO
3393 sources for mapfile generation. This section setup general VO-indepen‐
3394 dent parameters.
3395 x509_user_key
3399 x509_user_cert, x509_user_key - public certificate and privat
3400 key to be used when fetching sources over TLS (https:// and
3401 vomss:// sources retrieval rely on this parameter) If not speci‐
3402 fied, values defined in [common] section will be used. If there
3403 is also no [common] section, X509_USER_{CERT,KEY} variables are
3404 used. Default is '/etc/grid-security/host{cert,key}.pem'
3405 Example:
3407 x509_user_key="/etc/grid-security/hostkey.pem"
3408 x509_user_cert="/etc/grid-security/hostcert.pem"
3409 x509_cert_dir
3412 x509_cert_dir - the directory containing CA certificates. This
3413 information is needed by the 'require_issuerdn' [vo] block
3414 option. Default is '/etc/grid-security/certificates/'.
3415 Example:
3417 x509_cert_dir="/etc/grid-security/certificates/"
3418 generate_vomapfile
3421 generate_vomapfile - control is nordugridmap will generate vo-
3422 mapfile used by arc-ur-logger. Default is 'yes'.
3423 Example:
3425 generate_vomapfile="yes"
3426 vomapfile
3429 vomapfile - path to vo-mapfile location. Default is /etc/grid-
3430 security/grid-vo-mapfile
3431 Example:
3433 vomapfile="/etc/grid-security/grid-vo-mapfile"
3434 log_to_file
3437 log_to_file - control whether logging output of nordugridmap
3438 will be saved to file. Default is 'no' (STDERR is used).
3439 Example:
3441 log_to_file="yes"
3442 logfile
3445 logfile - specify the nordugridmap log file location when in
3446 use. Default is '/var/log/arc/nordugridmap.log'.
3447 Example:
3449 logfile="/var/log/arc/nordugridmap.log"
3450 cache_enable
3453 cache_enable - control whether caching of external sources will
3454 be used. Default is 'yes'.
3455 Example:
3457 cache_enable="yes"
3458 cachedir
3461 cachedir - specify the path where cached sources will be stored.
3462 Default is '/var/spool/nordugrid/gridmapcache/'
3463 Example:
3465 cachedir="/var/spool/nordugrid/gridmapcache/"
3466 cachetime
3469 cachetime - controls how many time (in seconds) cached informa‐
3470 tion remains valid. Default is 259200 (3 days).
3471 Example:
3473 cachetime="259200"
3474 issuer_processing
3477 issuer_processing - control the behaviour of [vo] block
3478 require_issuerdn parameter. Valid values are 'relaxed' and
3479 'strict'. Please see 'require_issuerdn' description in [vo]
3480 block for details. Default is 'relaxed'.
3481 Example:
3483 issuer_processing="relaxed"
3484 mapuser_processing
3487 mapuser_processing - control the behaviour of [vo] block
3488 mapped_unixid parameter usage. Valid values are 'overwrite' and
3489 'keep'. Please see 'mapped_unixid' description in [vo] block
3490 for details. Default is 'keep'.
3491 Example:
3493 mapuser_processing="keep"
3494 allow_empty_unixid
3497 allow_empty_unixid - control whether empty (or unspecified)
3498 Please see 'mapped_unixid' description of [vo] block for
3499 details. Default is 'no'
3500 Example:
3502 allow_empty_unixid="no"
3503 voms_method
3506 voms_method - control how to get information from voms(s)
3507 sources. Valid values are:
3508 soap - call SOAP method directly using SOAP::Lite
3509 get - use old implementation that manually parses XML
3510 response Default is 'soap'.
3511 Example:
3513 voms_method="soap"
3514 debug debug level - controls the verbosity of nordugridmap output.
3517 Valid values are:
3518 0 - FATAL - only critical fatal error shown
3519 1 - ERROR - errors, including non-critical are shown
3520 2 - WARNING (default) - configuration errors that can be
3521 ignored
3522 3 - INFO - processing information
3523 4 - VERBOSE - a bit more processing information
3524 5 - DEBUG - lot of processing information
3525 When test run is requested (--test command line option of the
3527 nordugridmap) debug level is automatically set to 5 (DEBUG).
3528 Default is 2 (WARNING)
3529 Example:
3531 debug="4"
3532 fetch_timeout
3535 fetch_timeout - control how many time (in seconds) nordugridmap
3536 will wait for external sources retrieval. Default is 15.
3537 Example:
3539 fetch_timeout="15"
3540
3543 The cache server component of ACIX runs alongside A-REX. It periodi‐
3544 cally scans the cache directories and composes a Bloom filter of cache
3545 content which can be pulled by an ACIX index server.
3546 hostname
3550 Hostname on which the cache server listens. Default is all
3551 available interfaces.
3552 Example:
3554 hostname="myhost.org"
3555 port Port on which the cache server listens. Default is 5443.
3558 Example:
3560 port="6000"
3561 logfile
3564 Log file location for the cache server. Default is
3565 /var/log/arc/acix-cache.log
3566 Example:
3568 logfile="/tmp/acix-cache.log"
3569 cachedump
3572 Whether to make a dump of the cache contents in a file at
3573 $TMP/ARC-ACIX/timestamp each time the cache server runs. Default
3574 is no.
3575 Example:
3577 cachedump="yes"
3578
3582 The index server component of ACIX collects cache content filters from
3583 a set of cache servers configured in this block. The index server can
3584 be queried for the location of cached files.
3585 cacheserver
3589 ACIX cache servers from which to pull information
3590 Example:
3592 cacheserver="https://some.host:5443/data/cache"
3593 cacheserver="https://another.host:5443/data/cache"
3594
3598 Gangliarc provides monitoring of ARC-specific metrics through ganglia.
3599 It can be run with zero configuration or customised with options in the
3600 [gangliarc] block.
3601 frequency
3604 The period between each information gathering cycle, in seconds.
3605 Default is 20.
3606 Example:
3608 frequency="30"
3609 gmetric_exec
3612 Path to gmetric executable. Default is /usr/bin/gmetric.
3613 Example:
3615 gmetric_exec="/usr/local/bin/gmetric"
3616 logfile
3619 log file of the daemon. Default is /var/log/arc/gangliarc.log.
3620 Example:
3622 logfile="/tmp/gangliarc.log"
3623 pidfile
3626 pid file of the daemon. Default is /var/run/gangliarc.pid.
3627 Example:
3629 pidfile="/tmp/gangliarc.pid"
3630 python_bin_path
3633 path to python executable. Default is /usr/bin/python.
3634 Example:
3636 python_bin_path="/usr/local/bin/python"
3637 metrics
3640 the metrics to be monitored. Default is "all". metrics takes a
3641 comma-separated list of one or more of the following metrics:
3642 - staging -- number of tasks in different data staging states
3643 - cache -- free cache space
3644 - session -- free session directory space
3645 - heartbeat -- last modification time of A-REX heartbeat
3646 - processingjobs -- the number of jobs currently being pro‐
3647 cessed by ARC (jobs
3648 between PREPARING and FINISHING states)
3649 - failedjobs -- the number of failed jobs per last 100 finished
3650 - jobstates -- number of jobs in different A-REX internal
3651 stages
3652 - all -- all of the above metrics
3653 Example:
3655 metrics="all"
3656NorduGrid ARC 5.4.4 2019-03-16 arc.conf(5)