1arc.conf(5) NorduGrid ARC arc.conf(5)
2
3
4
6 arc.conf - ARC configuration
7
8
10 /etc/arc.conf
11
12 ${ARC_LOCATION}/etc/arc.conf
13
14
16 ARC has two separate configuration files - one for client tools and
17 another for services. This document describes the services configura‐
18 tion file. For client configuration please see "ARC Clients User Man‐
19 ual" at http://www.nordugrid.org/documents/arc-ui.pdf
20
21 ARC configuration uses a plain-text "ini-style" format. It is also pos‐
22 sible to use an XML format, however that is outside the scope of this
23 document.
24
25 The configuration file consists of several configuration blocks. Each
26 configuration block is identified by a keyword and contains the config‐
27 uration options for a specific part of the ARC middleware.
28
29 Each configuration block starts with its identifying keyword inside
30 square brackets. Thereafter follows one or more attribute value pairs
31 written one on each line in the following format (note that the
32 attribute names are CASE-SENSITIVE):
33
34 [keyword1]
35 attribute1="value1"
36 attribute2="value2"
37
38 [keyword2]
39 attribute="value"
40
41 If the ARC_LOCATION environment variable is set the ARC configuration
42 file located at ${ARC_LOCATION}/etc/arc.conf is read first. If this
43 file is not present or the relevant configuration information is not
44 found in this file, the file at /etc/arc.conf is read.
45
46
48 The parameters set within this block are available for all the other
49 blocks. These are the configuration parameters shared by the different
50 components of ARC (e.g. grid-manager, infosys)
51
52
53
54 hostname
55 hostname - the FQDN of the frontend node, optional in the common
56 block but MUST be set in the cluster block
57
58 Example:
59 hostname="myhost.org"
60
61
62 x509_voms_dir
63 x509_voms_dir path - the path to the directory containing *.lsc
64 files needed for checking validity of VOMS extensions. If not
65 specified default value /etc/grid-security/vomsdir is used.
66
67 Example:
68 x509_voms_dir="/etc/grid-security/vomsdir"
69
70
71 lrms ARC supports various LRMS flavours, as listed in this section.
72 For detailed description of options please refer to ARC CE
73 sysadmin guide:
74
75 http://www.nordugrid.org/documents/arc-ce-sysadm-guide.pdf
76
77 ONLY ONE LRMS IS ALLOWED. MULTIPLE lrms ENTRIES WILL TRIGGER
78 UNEXPECTED BEHAVIOUR.
79
80 lrms sets the type of the Local Resource Management System
81 (queue system), and optionally - the default queue name, sepa‐
82 rated with a blank space: lrmstype queue_name. For lrmstype,
83 the following systems are supported and can be chosen (one per
84 server):
85 fork - simple forking of jobs to the same node as the
86 server
87 sge - (Sun/Oracle) Grid Engine
88 condor - Condor
89 pbs - PBS
90 lsf - LSF
91 ll - LoadLeveler
92 slurm - SLURM
93 dgbridge - Desktop Grid
94
95 PBS has many flavours, ARC currenly supports OpenPBS, PBSPro,
96 ScalablePBS and Torque (the official name for ScalablePBS).
97 There is no need to specify the flavour or the version number of
98 the PBS, simply write 'pbs'. Similarly, there is no need to
99 specify (Sun/Oracle) Grid Engine versions and flavours. "lrm‐
100 stype" MUST be set here, it is a MANDATORY parameter!
101
102 The optional queue parameter specifies the default Grid queue of
103 the LRMS. Jobs will be submitted to this queue if they do not
104 specify queue name in job description. Queue name must match one
105 of the [queue/queue_name] block labels, see below.
106
107 Example:
108 lrms="pbs gridlong"
109 lrms="pbs"
110
111
113 pbs_bin_path
114 the path to the qstat,pbsnodes,qmgr etc PBS binaries, no need to
115 set if PBS is not used
116
117 Example:
118 pbs_bin_path="/usr/bin"
119
120
121 pbs_log_path
122 the path of the PBS server logfiles which are used by A-REX to
123 determine whether a PBS job is completed. If not specified, A-
124 REX will use qstat for that.
125
126 Example:
127 pbs_log_path="/var/spool/pbs/server_logs"
128
129
131 condor_rank
132 condor_rank - If you are not happy with the way Condor picks
133 nodes when running jobs, you can define your own ranking algo‐
134 rithm by optionally setting the condor_rank attribute. con‐
135 dor_rank should be set to a ClassAd float expression that you
136 could use in the Rank attribute in a Condor job description.
137 Obviously no need to set if Condor is not used. An example:
138
139 Example:
140 condor_rank="(1-LoadAvg/2)*(1-LoadAvg/2)*Mem‐
141 ory/1000*KFlops/1000000"
142
143
144 condor_bin_path
145 condor_bin_path - Path to Condor binaries. Must be set if Condor
146 is used.
147
148 Example:
149 condor_bin_path=/opt/condor/bin
150
151
152 condor_config
153 condor_config - Path to Condor config file. Must be set if Con‐
154 dor is used and the config file is not in its default location
155 (/etc/condor/condir_config or ~/condor/condor_config). The full
156 path to the file should be given.
157
158 Example:
159 condor_config=/opt/condor/etc/condor_config
160
161
163 sge_bin_path
164 sge_bin_path - Path to Sun Grid Engine (SGE) binaries, MUST be
165 set if SGE is the LRMS used
166
167 Example:
168 sge_bin_path="/opt/n1ge6/bin/lx24-x86"
169
170
171 sge_root
172 sge_root - Path to SGE installation directory. MUST be set if
173 SGE is used.
174
175 Example:
176 sge_root="/opt/n1ge6"
177
178
179 sge_cell
180 sge_cell - The name of the SGE cell to use. This option is only
181 necessary in case SGE is set up with a cell name different from
182 'default'
183
184 Example:
185 sge_cell="default"
186
187
188 sge_qmaster_port
189 sge_qmaster_port, sge_execd_port - these options should be used
190 in case SGE command line clients require SGE_QMASTER_PORT and
191 SGE_EXECD_PORT environment variables to be set. Usually they are
192 not necessary.
193
194 Example:
195 sge_qmaster_port="536"
196 sge_execd_port="537"
197
198
200 slurm_bin_path
201 slurm_bin_path - Path to SLURM binaries, must be set if
202 installed outside of normal $PATH
203
204 Example:
205 slurm_bin_path="/usr/bin"
206
207
208 slurm_wakeupperiod
209 How long should infosys wait before querying SLURM for new data
210 (seconds)
211
212 Example:
213 slurm_wakeupperiod="15"
214
215
216 slurm_use_sacct
217 Should ARC use sacct instead of scontrol to get information on
218 finished jobs. Requires that accounting is turned on in SLURM.
219 Default is "no".
220
221 Example:
222 slurm_use_sacct="yes"
223
224
226 lsf_bin_path
227 the PATH to LSF bin folder no need to set if LSF is not used
228
229 Example:
230 lsf_bin_path="/usr/local/lsf/bin/"
231
232
233 lsf_profile_path
234 the PATH to profile.lsf no need to set if LSF is not used
235
236 Example:
237 lsf_profile_path="/usr/share/lsf/conf"
238
239
241 ll_bin_path
242 the PATH to the LoadLeveler bin folder no need to set if
243 LoadLeveler is not used
244
245 Example:
246 ll_bin_path="/opt/ibmll/LoadL/full/bin"
247
248
249 ll_consumable_resources
250 support for a LoadLeveler setup using Consumable Resources no
251 need to set if LoadLeveler is not used
252
253 Example:
254 ll_consumable_resources="yes"
255
256
258 dgbridge_stage_dir
259 Desktop Bridge www publish dir
260
261 Example:
262 dgbridge_stage_dir="/var/www/DGBridge"
263
264
265 dgbridge_stage_prepend
266 Desktop Bridge URL prefix pointing to dgbridge_stage_dir
267
268 Example:
269 dgbridge_stage_prepend="http://edgi-bridge.exam‐
270 ple.com/DGBridge/"
271
272
274 boinc_db_host boinc_db_port boinc_db_name boinc_db_user boinc_db_pass
275 Connection details for the Boinc database.
276
277 Example:
278 boinc_db_host="localhost"
279 boinc_db_port="3306"
280 boinc_db_name="myproject"
281 boinc_db_user="boinc"
282 boinc_db_pass="password"
283
284
285 boinc_app_id = id
286 ID of the app handled by this CE. Setting this option makes
287 database queries much faster in large projects with many apps.
288
289 Example:
290 boinc_app_id="1"
291
292
294 globus_tcp_port_range
295 globus_tcp_port_range, globus_udp_port_range - Firewall configu‐
296 ration In a firewalled environment the software which uses GSI
297 needs to know what ports are available. The full documentation
298 can be found at: http://dev.globus.org/wiki/FirewallHowTo These
299 variable are similar to the Globus environment variables:
300 GLOBUS_TCP_PORT_RANGE and GLOBUS_UDP_PORT_RANGE. These vari‐
301 ables are not limited to [common], but can be set individually
302 for each service in corresponding section: [grid-manager],
303 [gridftpd] Example:
304
305 Example:
306 globus_tcp_port_range="9000,12000"
307 globus_udp_port_range="9000,12000"
308
309
310 x509_user_key
311 x509_user_cert, x509_user_key - Server credentials location.
312 These variables are similar to the GSI environment variables:
313 X509_USER_KEY and X509_USER_CERT These variables are not limited
314 to [common], but can be set individually for each service in
315 corresponding section: [grid-manager], [gridftpd], [nor‐
316 dugridmap]
317
318 Example:
319 x509_user_key="/etc/grid-security/hostkey.pem"
320 x509_user_cert="/etc/grid-security/hostcert.pem"
321
322
323 x509_cert_dir
324 x509_cert_dir - Location of trusted CA certificates This vari‐
325 able is similar to the GSI environment variable: X509_CERT_DIR
326 This variable is not limited to [common], but can be set indi‐
327 vidually for each service in corresponding section: [grid-man‐
328 ager], [gridftpd]
329
330 Example:
331 x509_cert_dir="/etc/grid-security/certificates"
332
333
334 gridmap
335 gridmap - The gridmap file location This variable is similar to
336 the GSI environment variable: GRIDMAP This variable is not lim‐
337 ited to [common], but can be set individually for each service
338 in corresponding section: [grid-manager], [gridftpd] The default
339 is /etc/grid-security/grid-mapfile
340
341 Example:
342 gridmap="/etc/grid-security/grid-mapfile"
343
344
345 voms_processing
346 voms_processing - Defines how to behave if errors in VOMS AC
347 processing detected.
348 relaxed - use everything that passed validation.
349 standard - same as relaxed but fail if parsing errors took
350 place and VOMS extension is marked as critical. This is the
351 default.
352 strict - fail if any parsing error was discovered.
353 noerrors - fail if any parsing or validation error happened.
354 This command can also be used in [grid-manager] and [gridftpd]
355 blocks.
356
357 Example:
358 voms_processing="standard"
359
360
361 voms_trust_chain
362 voms_trust_chain - Define the DN chain that the host services
363 trust when the VOMS AC from peer VOMS proxy certificate is
364 parsed and validated. There can be multiple "voms_trust_chain"
365 existing, each one corresponds to a VOMS server. This variable
366 is similar to the information in *.lsc file, but with two dif‐
367 ferences:
368 1, You don't need to create a *.lsc file per VOMS server, but
369 create a chain per VOMS server;
370 2, Regular expressions are supported when matching the DNs.
371
372 This variable is not limited to [common], but can be used in
373 [grid-manager] and [gridftpd] blocks. This variable should be
374 used together with voms_processing. This variable will over‐
375 write the information in *.lsc if *.lsc exists.
376
377 Example:
378 voms_trust_chain = "/O=Grid/O=NorduGrid/CN=host/arthur.hep.lu.se" "/O=Grid/O=NorduGrid/CN=NorduGrid Certification Authority"
379 voms_trust_chain = "/O=Grid/O=NorduGrid/CN=host/emi-arc.eu" "/O=Grid/O=NorduGrid/CN=NorduGrid Certification Authority"
380 voms_trust_chain = "^/O=Grid/O=NorduGrid"
381
382
383 enable_perflog_reporting
384 enable_perflog_reporting expert-debug-on/no - Switch on or off
385 performance reporting. Default is no. Only switch on if you
386 specifically need it, and are aware of the possible local root
387 exploit due to permissive directory.
388
389 Example:
390 enable_perflog_reporting="expert-debug-on"
391
392
393 perflogdir
394 perflogdir logdir - Directory where performance logs should be
395 stored. Default is /var/log/arc/perflogs
396
397 Example:
398 perflogdir="/var/log/arc/perflogs"
399
400
401
402
404 [vo] block is used to define VOs and generate mapfiles from user list
405 maintained by VO databases. VO block is a configuration block for the
406 nordugridmap utility. Please note that [vo] block processing by nor‐
407 dugridmap utility depend on parameters defined in the [nordugridmap]
408 block.
409
410 [vo] block by itself does not affect authorization of client/user. For
411 that label defined by vo="" attribute may be used in [group] block with
412 with 'file' rule.
413
414
415
416 id id blockid - specifies the unique configuration block id (this
417 does not affect nordugridmap utility)
418
419 Example:
420 id="vo_1"
421
422
423 vo vo vo_name - specifies the VO name, this name can be used in
424 other blocks. MUST be given.
425
426 Example:
427 vo="nordugrid"
428
429
430 file file path - output gridmap-file where GENERATED mapping list
431 will be stored. See parameters below to define how to generate
432 this file. If the same file specified as output for different
433 [vo] blocks, nordugridmap will automatically merge entries in
434 given blocks order. Default is '/etc/grid-security/gridmap‐
435 file'.
436
437 Example:
438 file="/etc/grid-security/VOs/atlas-users"
439
440
441 source source URL - the URL of the VO database which is assigned to
442 this VO. The nordugridmap will use this URL to automatically
443 generate and keep up-to-date userlist (mapfile) specified by the
444 'file' attribute. URL is a multivalued attribute, several
445 sources can be specified for the [vo] block and all the users
446 from those sources will be merged into the same file. The source
447 URLs are processed in the given order. Currently supported URL
448 types are:
449 http(s):// - URL to plain text file. File should contain a
450 list
451 of DNs with optional issuer certificate author‐
452 ity DN
453 (see require_issuerdn): "user DN" ["issuer DN"]
454 voms(s):// - URL to VOMS-Admin interface
455 nordugrid - add NorduGrid VO members
456 ldap:// - expect LDAP-schema formatted VO Group
457 file:// - local file (stand-alone or dynamically generated
458 by
459 nordugridmap). File should contain a list of DNs
460 with
461 optional mapped unixid: "user DN" [mapped user
462 ID]
463 Result of optional mapped unixid processing
464 depend
465 on mapuser_processing option settings.
466 vo:// - reference to another [vo] configuration block
467 edg-mkgridmap://
468 - local configuration file used by edg-mkgridmap
469 tool.
470 nordugridmap will parse configuration from file
471 and
472 process it as additional [vo] block that will be
473 referred
474 authomatically in place URL specified. This
475 allow
476 easy migration from edg-mkgridmap solution with‐
477 out
478 rewriting your previous configuration (NOTE that
479 rarely
480 used 'auth' directive and 'AUTO' mapping options
481 are not
482 supported)
483
484 You can use either vo:// or file:// entries to specify dependen‐
485 cies between [vo] blocks, but using vo:// is a recommended way.
486 For each separate source URL it is possible to override some
487 parameters value. You can use the following syntax to perform
488 this:
489 source="URL < parameter1=value1 parameter2=value2"
490
491 You can override the following parameters:
492 mapped_unixid for http(s),voms(s),ldap and file URLs
493 cache_enable for http(s),voms(s),ldap and file URLs
494 voms_method for voms(s) URLs
495 mapuser_processing for file URLs with
496 mapped_unixid='<unixid>' overrides
497 (control mapped_unixid overriding behav‐
498 iour for URL)
499
500 Example:
501 source="vomss://voms.ndgf.org:8443/voms/nordugrid.org"
502 source="vomss://lcg-voms.cern.ch:8443/voms/atlas?/atlas/Role=VO-
503 Admin < mapped_unixid=atlasadmin"
504 source="vomss://kuiken.nikhef.nl:8443/voms/gin.ggf.org <
505 voms_method=get"
506 source="http://www.nordugrid.org/developers.dn"
507 source="ldap://grid-vo.nikhef.nl/ou=lcg1,o=atlas,dc=eu-data‐
508 grid,dc=org"
509 source="file:///etc/grid-security/priviliged_users.dn"
510 source="vo://nordugrid_community"
511 source="nordugrid"
512
513
514 mapped_unixid
515 mapped_unixid unixid - the local UNIXID which is used in the
516 generated grid-mapfile by the nordugridmap utility.
517
518 If any of the sources have already provided mapping information
519 (file:// or vo://) behaviour depends on 'mapuser_processing'
520 [nordugridmap] block configuration:
521 mapuser_processing = 'overwrite': ignore already provided
522 mapping and
523 apply mapped_unixid for all sources
524 mapuser_processing = 'keep': apply mapped_unixid only for
525 sources that
526 does not already has mapping information
527
528 [vo] block can only have one UNIXID. If 'mapped_unixid' is not
529 specified behaviour depends on 'allow_empty_unixid' [nor‐
530 dugridmap] block configuration value:
531 allow_empty_unixid = 'yes': empty value will be used for
532 mapped_unixid
533 which means that nordugridmap will gen‐
534 erate only
535 the list of DNs without mapping (con‐
536 sider using
537 mapuser_processing='overwrite' along
538 with this
539 option or sources that does not provide
540 previously
541 defined mapping information)
542 allow_empty_unixid = 'no': skip users without mapping infor‐
543 mation (if
544 no mapping information provided by
545 sources)
546
547 Example:
548 mapped_unixid="gridtest"
549
550
551 voms_fqan_map
552 voms_fqan_map fqan unixid - the local UNIXID which is used to
553 map voms(s) sources with specific FQAN given. Several
554 voms_fqan_map can be specified for a [vo] block. For each
555 voms(s) sources in [vo] block and every voms_fqan_map record
556 separate source record will be authomatically generated with
557 mapped_unixid overrided to specified one. Sources are generated
558 in a given voms_fqan_map order. Original voms(s) source URL are
559 processed LAST. This allows to simplify configuration, espe‐
560 cially in redundancy cases when several VOMS servers are used
561 for the same VO.
562
563 Example:
564 voms_fqan_map="/atlas/Role=VO-Admin atlasadmin"
565 voms_fqan_map="/atlas/Role=production atlasprod"
566
567
568 require_issuerdn
569 require_issuerdn yes/no - another nordugridmap option. YES would
570 map only those DNs obtained from the URLs which have the corre‐
571 sponding public CA packages installed. Default is 'no'. Note,
572 that some sources does not provide issuer information (like
573 voms(s):// or file://). If this sources are used within [vo]
574 block and require_issuerdn is set to 'yes' behaviour depends on
575 issuer_processing [nordugridmap] block configuration:
576 issuer_processing = 'relaxed': check only those records that
577 have issuer
578 information provided, allow other sources
579 issuer_processing = 'strict': if issuer information was not
580 found record
581 is filtered and will not be passed into
582 mapfile
583
584 Example:
585 require_issuerdn="no"
586
587
588 filter filter ACL string - An ACL filter for the nordugridmap utility.
589 Multiple allow/deny statements are possible. The fetched DNs are
590 filtered against the specified rules before they are added to
591 the generated mapfile. * can be used as a wildcard. You may run
592 the nordugridmap with the --test command line option to see how
593 the filters you specified work. If at least one allow filter is
594 specified implicit deny is used at the end of ACL. If only deny
595 filters are present - implicit allow used at the end.
596
597 Example:
598 filter="deny *infn*"
599 filter="allow *NorduGrid*"
600
601
603 These configuration blocks define rules used to define to which autho‐
604 rization group a user belongs. The group should not be mistaken for a
605 virtual organisation (VO). A group may match a single vo if only a sin‐
606 gle check (rule) on vo membership is performed. It is however more com‐
607 mon to allow multiple VOs in a single group. ARC also allows many other
608 ways to assign users to groups. Technically, permissions are only
609 granted to groups, not directly to VOs.
610
611 The block specifies single authorization group. There may be multiple
612 [group] blocks in configuration defining multiple authorization groups.
613
614 The block can be specified in two ways - either using [group/group1]
615 like subblock declaration per group or just [group]. The two formats
616 are equivalent. Every block (till the beginning of next block or the
617 end of the file) defines one authorization group.
618
619 IMPORTANT: Rules in a group are processed in their order of appearance.
620 The first matching rule decides the membership of a the user to a
621 group and the processing STOPS. There are positively and negatively
622 matching rules. If a rule is matched positively then the user tested is
623 accepted into the respective group and further processing is stopped.
624 Upon a negative match the user would be rejected for that group - pro‐
625 cessing stops too. The sign of rule is determined by prepending the
626 rule with be omitted. A rule may also be prepended with '!' to invert
627 result of rule, which will let the rule match the complement of users.
628 That complement operator ('!') may be combined with the operator for
629 positive or negative matching.
630
631 A group MUST be defined before it may be used. In this respect the
632 arc.conf is ORDER SENSITIVE.
633
634 The authorization groups can be used in [gridftpd] and in its sub-
635 blocks. The syntax of their specification varies with the service they
636 are used for. For using authorization groups and VO blocks in HED
637 framework please read "Security Framework of ARC" at http://www.nor‐
638 dugrid.org/documents/arc-security-documentation.pdf
639
640
641
642 name name group_name - Specify name of group. If there is no such
643 command in block, name of subblock is used instead (that is what
644 subblocks are used for). For example [group/users].
645
646 Example:
647 name="users"
648
649
650 subject
651 subject certificate_subject - Rule to match specific subject of
652 user's X.509 certificate. No masks, patterns and regular expres‐
653 sions are allowed. For more information about X.509 refer to
654 http://www.wikipedia.org/wiki/X509
655
656 Example:
657 subject="/O=Grid/O=Big VO/CN=Main Boss"
658
659
660 file file path - Start reading rules from another file. That file has
661 a bit different format. It can't contain blocks and commands are
662 separated from arguments by space. Also word "subject" in sub‐
663 ject command may be skipped. That makes it convenient to
664 directly add gridmap-like lists to authorization group.
665
666 Example:
667 file="/etc/grid-security/local_users"
668
669
670 voms voms vo group role capabilities - Match VOMS attribute in user's
671 credential. Use '*' to match any value. More information about
672 VOMS can be found at http://grid-auth.infn.it
673
674 Example:
675 voms="nordugrid /nordugrid/Guests * *"
676
677
678 group group group_name [group_name ...] - Match user already belonging
679 to one of specified groups. Groups refered here must be defined
680 earlier in configuration file. Multiple group names may be spec‐
681 ified for this rule. That allows creating hierarchical struc‐
682 ture of authorization groups like
683
684 Example:
685 group="local_admins"
686
687
688 plugin plugin timeout path [argument ...] - Run external executable or
689 function from shared library. Rule is matched if plugin returns
690 0. In arguments following substitutions are supported:
691 %D - subject of certificate
692 %P - path to proxy
693
694 For more about plugins read documentation.
695
696 Example:
697 plugin="10 /opt/external/bin/permis %P"
698
699
700 lcas lcas library directory database - Call LCAS functions to check
701 rule. Here library is path to shared library of LCAS, either
702 absolute or relative to directory; directory is path to LCAS
703 installation directory, equivalent of LCAS_DIR variable; data‐
704 base is path to LCAS database, equivalent to LCAS_DB_FILE vari‐
705 able. Each arguments except library is optional and may be
706 either skipped or replaced with ’*’.
707
708 Example:
709 lcas=""
710
711
712 remote remote URL ... - Check user's credentials against remote ser‐
713 vice. Only DN groups stored at LDAP directories are supported.
714 Multiple URLs are allowed in this rule.
715
716 Example:
717 remote="ldap://grid-vo.nordugrid.org/ou=People,dc=nor‐
718 dugrid,dc=org"
719
720
721 vo vo vo_name ... - Match user belonging to VO specified by
722 "vo=vo_name" as configured in one of PREVIOUSLY defined [vo]
723 blocks. Multiple VO names are allowed for this rule.
724
725 Example:
726 vo="nordugrid"
727
728
729 all all - Matches any user identity. This command requires no argu‐
730 ments but
731 still can be written as all="" or all= for consistency.
732
733 Example:
734 all=""
735
736
738 The [grid-manager] block configures the part of A-REX service hosted in
739 arched taking care of the grid tasks on the frontend (stagein/stageout,
740 LRMS job submission, caching, etc..). Name of this block is historical
741 and comes from times then this functionality was handled by separate
742 process called grid-manager. This section also configures WS interfaces
743 of A-REX service also hosted by same container.
744
745
746
747 controldir
748 controldir path - The directory of the A-REX's internal job log
749 files, not needed on the nodes. <must be set>
750
751 Example:
752 controldir="/var/spool/nordugrid/jobstatus"
753
754
755 sessiondir
756 sessiondir path [drain] - the directory which holds the ses‐
757 siondirs of the grid jobs. Multiple session directories may be
758 specified by specifying multiple sessiondir commands. In this
759 case jobs are spread evenly over the session directories. If
760 sessiondir="*" is set, the session directory will be spread over
761 the ${HOME}/.jobs directories of every locally mapped unix user.
762 It is preferred to use common session directories. The path may
763 be followed by "drain", in which case no new jobs will be
764 assigned to that sessiondir, but current jobs will still be pro‐
765 cessed and accessible. <sessiondir must be set>
766
767 Example:
768 sessiondir="/scratch/grid"
769 sessiondir="/mnt/grid drain"
770
771
772 runtimedir
773 runtimedir path - The directory which holds the runtimeenviron‐
774 ment scripts, should be available on the nodes as well! The run‐
775 timeenvironments are automatically detected and advertised in
776 the information system.
777
778 Example:
779 runtimedir="/SOFTWARE/runtime"
780
781
782 scratchdir
783 scratchdir path - path on computing node to move session direc‐
784 tory to before execution. If defined should contain the path to
785 the directory on the computing node which can be used to store a
786 jobs' files during execution. Sets the environment variable
787 RUNTIME_LOCAL_SCRATCH_DIR. Default is not to move session direc‐
788 tory before execution.
789
790 Example:
791 scratchdir="/local/scratch/"
792
793
794 shared_scratch
795 shared_scratch path - path on frontend where scratchdir can be
796 found. If defined should contain the path corresponding to that
797 set in scratchdir as seen on the frontend machine. Sets the
798 environment variable RUNTIME_FRONTEND_SEES_NODE.
799
800 Example:
801 shared_scratch="/mnt/scratch"
802
803
804 nodename
805 nodename path - command to obtain hostname of computing node.
806
807 Example:
808 nodename="/bin/hostname"
809
810
811 cachedir
812 cachedir cache_path [link_path] - specifies a directory to store
813 cached data. Multiple cache directories may be specified by
814 specifying multiple cachedir commands. Cached data will be dis‐
815 tributed evenly over the caches. Specifying no cachedir command
816 or commands with an empty path disables caching. Optional
817 link_path specifies the path at which the cache_path is accessi‐
818 ble on computing nodes, if it is different from the path on the
819 A-REX host. Example: cache="/shared/cache /frontend/jobcache"
820 If "link-path" is set to '.' files are not soft-linked, but
821 copied to session directory. If a cache directory needs to be
822 drained, then cachedir should specify "drain" as the link path,
823 in which case no new files will be added to the cache.
824
825 Example:
826 cachedir="/scratch/cache"
827 cachedir="/fs1/cache drain"
828
829
830 remotecachedir
831 remotecachedir cache_path [link_path] - specifies caches which
832 are under the control of other A-REXs, but which this A-REX can
833 have read-only access to. Multiple remote cache directories may
834 be specified by specifying multiple remotecachedir commands. If
835 a file is not available in paths specified by cachedir, A-REX
836 looks in remote caches. link_path has the same meaning as in
837 cachedir, but the special path ``replicate'' means files will be
838 replicated from remote caches to local caches when they are
839 requested.
840
841 Example:
842 remotecachedir="/mnt/fs1/cache replicate"
843
844
845 cachesize
846 cachesize max min - specifies high and low watermarks for space
847 used by cache, as a percentage of the space on the file system
848 on which the cache directory is located. When the max is
849 exceeded, files will be deleted to bring the used space down to
850 the min level. It is a good idea to have the cache on its own
851 separate file system. To turn off this feature "cachesize" with‐
852 out parameters can be specified.
853
854 Example:
855 cachesize="80 70"
856
857
858 cachelifetime
859 If cache cleaning is enabled, files accessed less recently than
860 the given time period will be deleted. Example values of this
861 option are 1800, 90s, 24h, 30d. When no suffix is given the unit
862 is seconds.
863
864 Example:
865 cachelifetime="30d"
866
867
868 cacheshared
869 cacheshared yes|no - specifies whether the caches share a
870 filesystem with other data. If set to yes then cache-clean cal‐
871 culates the size of the cache instead of using filesystem used
872 space.
873
874 Example:
875 cacheshared="yes"
876
877
878 cachespacetool
879 cachespacetool path [options] - specifies an alternative tool to
880 "df" that cache-clean should use to obtain space information on
881 the cache file system. The output of this command must be
882 "total_bytes used_bytes". The cache directory is passed as the
883 last argument to this command.
884
885 Example:
886 cachespacetool="/etc/getspace.sh"
887
888
889 cachelogfile
890 cachelogfile path - specifies the filename where output of the
891 cache-clean tool should be logged. Defaults to
892 /var/log/arc/cache-clean.log.
893
894 Example:
895 cachelogfile="/tmp/cache-clean.log"
896
897
898 cacheloglevel
899 cacheloglevel level - specifies the level of logging by the
900 cache-clean tool, between 0 (FATAL) and 5 (DEBUG). Defaults to 3
901 (INFO).
902
903 Example:
904 cacheloglevel="4"
905
906
907 cachecleantimeout
908 cachecleantimeout time - the timeout in seconds for running the
909 cache-clean tool. If using a large cache or slow file system
910 this value can be increased to allow the cleaning to complete.
911 Defaults to 3600 (1 hour).
912
913 Example:
914 cachecleantimeout="10000"
915
916
917 cacheaccess
918 cacheaccess rule - rules for allowing access to files in the
919 cache remotely through the A-REX web interface. A rule has three
920 parts:
921 1. Regular expression defining a URL pattern
922 2. Credential attribute to match against a client's credential
923 3. Regular expression defining a credential value to match
924 against a client's
925 credential A client is allowed to access the cached file if
926 a URL pattern matches the cached file URL and the client's cre‐
927 dential has the attribute and matches the value required for
928 that pattern. Possible values for credential attribute are dn,
929 voms:vo, voms:role and voms:group. Remote cache access requires
930 that the A-REX web interface is enabled via arex_mount_point.
931
932 Examples:
933 cacheaccess="gsiftp://host.org/private/data/.* voms:vo myvo:pro‐
934 duction"
935 cacheaccess="gsiftp://host.org/private/data/ng/.* dn
936 /O=Grid/O=NorduGrid/.*"
937
938
939 enable_cache_service
940 enable_cache_service yes|no - Turn on or off the cache service
941 interface. If turned on the cache service must be installed and
942 the A-REX WS interface must be enabled via arex_mount_point. The
943 interface is accessible at the same host and port as given inn
944 arex_mount_point with path /cacheservice. Default is off.
945
946 Example:
947 enable_cache_service="yes"
948
949
950 user user user[:group] - Switch to a non root user/group after
951 startup. Use with caution.
952
953 Example:
954 user="grid"
955
956
957 debug debug debuglevel - Set debug level of the arched daemon hosting
958 A-REX service, between 0 (FATAL) and 5 (DEBUG). Defaults to 3
959 (INFO).
960
961 Example:
962 debug="2"
963
964
965 logfile
966 logfile path - Specify log file location. If using an external
967 log rotation tool be careful to make sure it matches the path
968 specified here. Default log file is "/var/log/arc/grid-man‐
969 ager.log"
970
971 Example:
972 logfile="/var/log/arc/grid-manager.log"
973
974
975 wslogfile
976 wslogfile path - Specify log file location for WS-interface
977 operations. This file is only created if the WS-interface is
978 enabled through the arex_mount_point option. The logsize, logre‐
979 open and debug options also apply to this file. If using an
980 external log rotation tool be careful to make sure it matches
981 the path specified here. It is possible to specify the same file
982 as logfile to combine the logs. Default is /var/log/arc/ws-
983 interface.log.
984
985 Example:
986 wslogfile="/var/log/arc/ws-interface.log"
987
988
989 logsize
990 logsize size [number] - 'Size' specifies in bytes how big log
991 file is allowed to grow (approximately). If log file exceeds
992 specified size it is renamed into logfile.0. And logfile.0 is
993 renamed into logfile.1, etc. up to 'number' logfiles. Don't set
994 logsize if you don't want to enable the ARC logrotation because
995 another logrotation tool is used.
996
997 Example:
998 logsize="100000 2"
999
1000
1001 logreopen
1002 logreopen yes|no - Specifies if log file must be closed after
1003 each record is added. By default arched keeps log file open.
1004 This option can be used to make behaviour of arched compatible
1005 with external log rotation utilities.
1006
1007 Example:
1008 logreopen="no"
1009
1010
1011 pidfile
1012 pidfile path - Specify location of file containing PID of daemon
1013 process. This is useful for automatic start/stop scripts.
1014
1015 Example:
1016 pidfile="/var/run/arched-arex.pid"
1017
1018
1019 gnu_time
1020 the gnu time command, default /usr/bin/time
1021
1022 Example:
1023 gnu_time="/usr/bin/time"
1024
1025
1026 shared_filesystem
1027 if computing node can access session directory at frontend,
1028 defaults to 'yes'
1029
1030 Example:
1031 shared_filesystem="yes"
1032
1033
1034 mail specifies the email address from where the notification mails
1035 are sent, <must be specified>
1036
1037 Example:
1038 mail="grid.support@somewhere.org"
1039
1040
1041 joblog joblog path - specifies where to store specialized log about
1042 started and finished jobs. If path is empty or no such command -
1043 log is not written. This log is not used by any other part of
1044 ARC, so keep it disabled unless needed.
1045
1046 Example:
1047 joblog="/var/log/arc/gm-jobs.log"
1048
1049
1050 jobreport
1051 jobreport [URL ...] [timeout] - tells to report all started and
1052 finished jobs to logger service at 'URL'. Multiple URLs and mul‐
1053 tiple jobreport commands are allowed. In that case the job info
1054 will be sent to all of them. Timeout specifies how long (in
1055 days) to try to pass information before give up. Suggested value
1056 is 30 days.
1057
1058 Example:
1059 jobreport="https://grid.uio.no:8001/logger"
1060
1061
1062 jobreport_publisher
1063 jobreport publisher - name of the accounting records publisher.
1064
1065 Example:
1066 jobreport_publisher="jura"
1067
1068
1069 jobreport_credentials
1070 jobreport credentials path [key_file [cert_file [ca_dir]]] -
1071 specifies the credentials for accessing the accounting service.
1072
1073 Example:
1074 jobreport_credentials="/etc/grid-security/hostkey.pem /etc/grid-
1075 security/hostcert.pem /etc/grid-security/certificates"
1076
1077
1078 jobreport_options
1079 jobreport options [name:value, ...]- specifies additional param‐
1080 eters for the jobreporter.
1081
1082 Example:
1083 jobreport_options="urbatch:50,archiving:/tmp/ar‐
1084 chive,topic:/topic/global.accounting.cpu.central"
1085
1086
1087 jobreport_logfile
1088 jobreport logfile - name of the file to store stderr of the pub‐
1089 lisher executable.
1090
1091 Example:
1092 jobreport_logfile="/var/log/arc/jura.log"
1093
1094
1095 max_job_control_requests
1096 max_job_control_requests number - max number of simultaneously
1097 processed job management requests over WS interface - like job
1098 submission, cancel, status check etc. Default value is 100.
1099
1100 Example:
1101 max_job_control_requests="100"
1102
1103
1104 max_infosys_requests
1105 max_infosys_requests number - max number of simultaneously pro‐
1106 cessed resource info requests over WS interface. Default value
1107 is 1.
1108
1109 Example:
1110 max_infosys_requests="1"
1111
1112
1113 max_data_transfer_requests
1114 max_data_transfer_requests number - max number of simultaneously
1115 processed data transfer requests over WS interface - like data
1116 staging. Default value is 100.
1117
1118 Example:
1119 max_data_transfer_requests="100"
1120
1121
1122 maxjobs
1123 maxjobs number1 number2 number3 number4 - specifies maximum
1124 allowed number of jobs.
1125 number1 - jobs which are not in FINISHED state (jobs tracked in
1126 RAM)
1127 number2 - jobs being run (SUBMITTING, INLRMS states)
1128 number3 - jobs being processed per DN
1129 number4 - jobs in whole system
1130 number5 - LRMS scripts limit (jobs in SUBMITTING and CANCELING)
1131
1132 Missing number or -1 means no limit.
1133
1134 Example:
1135 maxjobs="10000 10 2000"
1136
1137
1138 wakeupperiod
1139 wakeupperiod time - specifies how often A-REX cheks for new jobs
1140 arrived, job state change requests, etc. That is resposivity of
1141 A-REX. 'time' is time period in seconds. Default is 3 minutes.
1142 Usually this command is not needed because important state
1143 changes are also trigering out-of-schedule checks.
1144
1145 NOTE: This parameter does not affect responsivity of backend
1146 scripts - especially scan-*-job. That means that upper estima‐
1147 tion of time for detecting job finished executing is sum of
1148 responsivity of backend script + wakeupperiod.
1149
1150 Example:
1151 wakeupperiod="180"
1152
1153
1154 defaultttl
1155 defaultttl [ttl [ttr]] - ttl is the time in seconds for how long
1156 a session directory will survive after job execution has fin‐
1157 ished. If not specified the default is 1 week. ttr is how long
1158 information about a job will be kept after the session directory
1159 is deleted. If not specified, the ttr default is one month.
1160
1161 Example:
1162 defaultttl="259200"
1163
1164
1165 authplugin
1166 authplugin state options plugin_path - Every time job goes to
1167 'state' run 'plugin_path' executable. Options consist of
1168 key=value pairs separated by ','.
1169
1170 Possible keys are
1171 timeout - wait for result no longer that 'value' seconds (time‐
1172 out= can be omitted).
1173 onsuccess,onfailure,ontimeout - what to do if plugin exited
1174 with exit code 0, not 0, timeout achieved.
1175 Possible actions are:
1176 pass - continue executing job,
1177 fail - cancel job,
1178 log - write to log fail about problem and continue executing
1179 job.
1180
1181 Example:
1182 authplugin="ACCEPTED timeout=10 /usr/libexec/arc/bank
1183 %C/job.%I.local %S"
1184
1185
1186 authplugin
1187 ARC is distributed with the plugin "inputcheck". Its purpose is
1188 to check if input files requested in job's RSL are accessible
1189 from this machine. It is better to run it before job enters
1190 cluster. It accepts 2 arguments: names of files containing RSL
1191 and credentials' proxy. This plugin is only guaranteed to work
1192 for job submitted through the legacy GridFTP interface, as this
1193 is the only interface for which credentials in the form of proxy
1194 certificate files are guaranteed to exist.
1195
1196 Example:
1197 authplugin="ACCEPTED 60 /usr/libexec/arc/inputcheck
1198 %C/job.%I.description %C/job.%I.proxy"
1199
1200
1201 authplugin
1202 ARC is distributed with the plugin "arc-vomsac-check". Its pur‐
1203 pose is to enforce per-queue access policies based on VOMS
1204 attributes present in user's proxy-certificate. Plugin should be
1205 run before job enters the cluster. It requires 2 argments: path
1206 to job information .local file and path to credentials file.
1207 Enforced per-queue access policies are configured with 'ac_pol‐
1208 icy' option in the [queue/name] configuration block.
1209
1210 Example:
1211 authplugin="ACCEPTED 60 /usr/libexec/arc/arc-vomsac-check -L
1212 %C/job.%I.local -P %C/job.%I.proxy"
1213
1214
1215 localcred
1216 localcred timeout plugin_path - Every time an external exe‐
1217 cutable is run this plugin will be called. Its purpose is to set
1218 non-unix permissions/credentials on running tasks. Note: the
1219 process itself can still be run under the root account. If plug‐
1220 in_path looks like somename@somepath, then function 'somename'
1221 from the shared library located at 'somepath' will be called
1222 (timeout is not effective in that case). A-REX must be run as
1223 root to use this option. Comment it out unless you really know
1224 what you are doing.
1225
1226 Example:
1227 localcred="0 acquire@/opt/nordugrid/lib/afs.so %C/job.%I.proxy"
1228
1229
1230 norootpower
1231 norootpower yes|no - if set to yes, all job management proc‐
1232 cesses will switch to mapped user's identity while accessing
1233 session directory. This is useful if session directory is on NFS
1234 root squashing turned on. Default is no.
1235
1236 Example:
1237 norootpower="yes"
1238
1239
1240 allowsubmit
1241 allowsubmit [group ...] - list of authorization groups of users
1242 allowed to submit new jobs while "allownew=no" is active in job‐
1243 plugin configuration. Multiple commands are allowed.
1244
1245 Example:
1246 allowsubmit="mygroup"
1247 allowsubmit="yourgroup"
1248
1249
1250 helper helper user executable arguments - associates an external pro‐
1251 gram with A-REX. This program will be kept running under the
1252 account of the user specified by username. Currently only ’.’ is
1253 supported as username, corresponding to the user running A-REX.
1254 Every time this executable finishes it will be started again.
1255 This helper plugin mechanism can be used as an alternative to
1256 /etc/init.d or cron to (re)start external processes.
1257
1258 Example:
1259 helper=". /usr/local/bin/myutility"
1260
1261
1262 tmpdir tmpdir - used by the A-REX, default is /tmp
1263
1264 Example:
1265 tmpdir="/tmp"
1266
1267
1268 maxrerun
1269 maxrerun - specifies how many times job can be rerun if it
1270 failed in LRMS. Default value is 5. This is only an upper
1271 limit, the actual rerun value is set by the user in his xrsl.
1272
1273 Example:
1274 maxrerun="5"
1275
1276
1277 globus_tcp_port_range
1278 globus_tcp_port_range, globus_udp_port_range - Firewall configu‐
1279 ration.
1280
1281 Example:
1282 globus_tcp_port_range="9000,12000"
1283 globus_udp_port_range="9000,12000"
1284
1285
1286 x509_user_key
1287 x509_user_cert, x509_user_key - Location of credentials for ser‐
1288 vice. These may be used by any module or external utility which
1289 need to contact another service not on behalf of user who sub‐
1290 mited job.
1291
1292 Example:
1293 x509_user_key="/etc/grid-security/hostkey.pem"
1294 x509_user_cert="/etc/grid-security/hostcert.pem"
1295
1296
1297 x509_cert_dir
1298 x509_cert_dir - Location of trusted CA certificates
1299
1300 Example:
1301 x509_cert_dir="/etc/grid-security/certificates"
1302
1303
1304 http_proxy
1305 http_proxy - http proxy server location
1306
1307 Example:
1308 http_proxy="proxy.mydomain.org:3128"
1309
1310
1311 fixdirectories
1312 fixdirectories yes|missing|no - specifies during startup A-REX
1313 should create all directories needed for it operation and set
1314 suitable default permissions. If "no" is specified then A-REX
1315 does nothing to prepare its operational environment. In case of
1316 "missing" A-REX only creates and sets permissions for directo‐
1317 ries which are not present yet. For "yes" all directories are
1318 created and permisisons for all used directories are set to
1319 default safe values. Default behaviour is as if "yes" is speci‐
1320 fied.
1321
1322 Example:
1323 fixdirectories="yes"
1324
1325
1326 arex_mount_point
1327 arex_mount_point - enables web services interfaces, including
1328 job execution and information system. The argument is an https
1329 URL defining the endpoint port and path:
1330
1331 https://<hostname>:<port>/<path>
1332
1333 In order to submit job a client must specify the exact published
1334 path. Make sure the chosen port is not blocked by firewall or
1335 other security rules.
1336
1337 Example:
1338 arex_mount_point="https://piff.hep.lu.se:443/arex"
1339
1340
1341 enable_arc_interface
1342 enable_arc_interface yes|no - turns on or off the ARC own WS
1343 interface based on OGSA BES and WSRF. If enabled the interface
1344 can be accessed at the URL specified by arex_mount_point (this
1345 option must also be specified). Default is yes.
1346
1347 Example:
1348 enable_arc_interface="yes"
1349
1350
1351 enable_emies_interface
1352 enable_emies_interface - enable the EMI Execution Service inter‐
1353 face. If enabled the interface can be accessed at the URL speci‐
1354 fied in arex_mount_point (this option must also be specified)
1355
1356 Example:
1357 enable_emies_interface="yes"
1358
1359
1360 arguspep_endpoint
1361 arguspep_endpoint - specifies URL of Argus PEPD service (by
1362 default, the argus pepd service runs on port 8154 with path
1363 /authz) to use for authorization and user mapping. It is worth
1364 to mention that "requireClientCertAuthentication" (default is
1365 false) item of pepd.ini (configuration of Argus PEPD service) is
1366 set to be 'true', then https should be used, otherwise http is
1367 proper. If specified Argus is contacted for every operation
1368 requested through WS interface (see arex_mount_point).
1369
1370 Example:
1371 arguspep_endpoint="https://somehost.somedomain:8154/authz"
1372
1373
1374 arguspep_profile
1375 arguspep_profile - defines which communication profile to use
1376 while communicationg with Argus PEPD service. Possible values
1377 are:
1378 direct - pass all authorization attributes (only for debugging)
1379 subject - pass only subject name of client
1380 cream - makes A-REX pretend it is gLite CREAM service. This is
1381 recommended profile for interoperability with gLite.
1382 emi - new profile devloped in EMI project. This is default
1383 option.
1384
1385 Example:
1386 arguspep_profile="cream"
1387
1388
1389 arguspep_usermap
1390 arguspep_usermap - specifies either response from Argus servie
1391 may define mapping of client to local account. Possible values
1392 are 'yes' and 'no'. Default is 'no'. Argus is contacted after
1393 all other user mapping is performed. Hence it can overwrite all
1394 other decisions.
1395
1396 Example:
1397 arguspep_usermap="no"
1398
1399
1400 arguspdp_endpoint
1401 arguspdp_endpoint - specifies URL of Argus PDP service (by
1402 default, the argus pepd service runs on port 8152 with path
1403 /authz) to use for authorization and user mapping. It is worth
1404 to mention that "requireClientCertAuthentication" (default is
1405 false) item of pdp.ini (configuration of Argus PDP service) is
1406 set to be 'true', then https should be used, otherwise http is
1407 proper. If specified Argus is contacted for every operation
1408 requested through WS interface (see arex_mount_point).
1409
1410 Example:
1411 arguspdp_endpoint="https://somehost.somedomain:8152/authz"
1412
1413
1414 arguspdp_profile
1415 arguspdp_profile - defines which communication profile to use
1416 while communicationg with Argus PDP service. Possible values
1417 are:
1418 subject - pass only subject name of client
1419 cream - makes A-REX pretend it is gLite CREAM service. This is
1420 recommended profile for interoperability with gLite.
1421 emi - new profile devloped in EMI project. This is default
1422 option.
1423
1424 Example:
1425 arguspdp_profile="cream"
1426
1427
1428 arguspdp_acceptnotapplicable
1429 arguspdp_accpetnotapplicable - specify if the "NotApplicable"
1430 decision returned by Argus PDP service is treated as reason to
1431 deny request. Default is no, which treats "NotApplicable" as
1432 reson to deny request.
1433
1434 Example:
1435 arguspdp_acceptnotapplicable="no"
1436
1437
1438 watchdog
1439 watchdog - specifies if additinal watchdog processes is spawned
1440 to restart main process if it is stuck or dies. Possible values
1441 are 'yes' and 'no'. Default is 'no'.
1442
1443 Example:
1444 watchdog="no"
1445
1446
1447 groupcfg
1448 groupcfg group_name [group_name ...] - specifies authorization
1449 groups for grid-manager to accept. The main location of this
1450 parameter is inside [gridftpd/jobs] block. The 'groupcfg'
1451 located here is only effective if computing service is config‐
1452 ured without GridFTP interface and hence [gridftpd/jobs] block
1453 is missing.
1454
1455 Example:
1456 groupcfg="users"
1457
1458
1459 unixmap unixgroup unixvo
1460 unixmap [unixname][:unixgroup] rule - more sophisticated mapping
1461 to local account
1462 unixgroup group rule - more sophisticated mapping to local
1463 account for specific authorization groups.
1464 unixvo vo rule - more sophisticated mapping to local account for
1465 users belonging to specified VO.
1466 The main location for these parameters is [gridftpd] section. If
1467 located here they are only active if computing service is con‐
1468 figured without GridFTP interface and hence [gridftpd/jobs]
1469 block is missing. For more detailed information see section
1470 [gridftpd] and read "ARC Computing Element. System Administrator
1471 guide" manual.
1472
1473 Example:
1474 unixmap="nobody:nogroup all"
1475 unixgroup="users simplepool /etc/grid-security/pool/users"
1476 unixvo="ATLAS unixuser atlas:atlas"
1477
1478
1479 allowunknown
1480 allowunknown yes|no - check user subject against grid-mapfile.
1481 The main location for this parameter is [gridftpd] section. If
1482 located here it is only active if computing service is config‐
1483 ured without GridFTP interface and hence [gridftpd/jobs] block
1484 is missing. For more detailed information see section
1485 [gridftpd].
1486
1487 Example:
1488 allowunknown="no"
1489
1490
1491 delegationdb
1492 delegationdb db_name - specify which DB to use to store delega‐
1493 tions. Currently supported db_names are bdb and sqlite. Default
1494 is bdb.
1495
1496 Example:
1497 delegationdb="bdb"
1498
1499
1500 forcedefaultvoms
1501 forcedefaultvoms VOMS_FQAN - specify VOMS FQAN which user will
1502 be assigned if his/her credentials contain no VOMS attributes.
1503 To assign different values to different queues put this command
1504 into [queue] block.
1505
1506 Example:
1507 forcedefaultvoms="/vo/group/subgroup"
1508
1509
1510
1512 [data-staging] block configures DTR data staging parameters.
1513
1514
1515
1516 debug debug - Log level for transfer logging in job.id.errors files,
1517 between 0 (FATAL) and 5 (DEBUG). Default is to use value set by
1518 debug option in [grid-manager] section.
1519
1520 Example:
1521 debug="4"
1522
1523
1524 maxdelivery
1525 maxdelivery - Maximum number of concurrent file transfers, i.e.
1526 active transfers using network bandwidth. This is the total num‐
1527 ber for the whole system including any remote staging hosts.
1528 Default is 10.
1529
1530 Example:
1531 maxdelivery="40"
1532
1533
1534 maxprocessor
1535 maxprocessor - Maximum number of concurrent files in each pre-
1536 and post- processing state, eg cache check or replica resolu‐
1537 tion. Default is 10.
1538
1539 Example:
1540 maxprocessor="20"
1541
1542
1543 maxemergency
1544 maxemergency - Maximum "emergency" slots which can be assigned
1545 to transfer shares when all slots up to the limits configured by
1546 the above two options are used by other shares. This ensures
1547 shares cannot be blocked by others. Default is 1.
1548
1549 Example:
1550 maxemergency="5"
1551
1552
1553 maxprepared
1554 maxprepared - Maximum number of files in a prepared state, i.e.
1555 pinned on a remote storage such as SRM for transfer. A good
1556 value is a small multiple of maxdelivery. Default is 200.
1557
1558 Example:
1559 maxprepared="250"
1560
1561
1562 sharetype
1563 sharetype - Scheme to assign transfer shares. Possible values
1564 are dn, voms:vo, voms:role and voms:group.
1565
1566 Example:
1567 sharetype="voms:role"
1568
1569
1570 definedshare
1571 definedshare - Defines a share with a fixed priority, different
1572 from the default (50). Priority is an integer between 1 (lowest)
1573 and 100 (highest).
1574
1575 Example:
1576 definedshare="myvo:production 80"
1577 definedshare="myvo:student 20"
1578
1579
1580 dtrlog dtrlog - A file in which data staging state information (for
1581 monitoring and recovery purposes) is periodically dumped.
1582 Default is controldir/dtrstate.log
1583
1584 Example:
1585 dtrlog="/tmp/dtrstate.log"
1586
1587
1588 central_logfile
1589 central_logfile - A file in which all data staging messages from
1590 every job will be logged (in addition to their job.id.errors
1591 files). If this option is not present or the path is empty the
1592 log file is not created. Note this file is not automatically
1593 controlled by logrotate.
1594
1595 Example:
1596 central_logfile="/var/log/arc/datastaging.log"
1597
1598
1599 deliveryservice
1600 The following 4 options are used to configure multi-host data
1601 staging. deliveryservice - URL to a data delivery service which
1602 can perform remote data staging
1603
1604 Example:
1605 deliveryservice="https://myhost.org:60003/datadeliveryservice"
1606
1607
1608 localdelivery
1609 localdelivery - If any deliveryservice is defined, this option
1610 determines whether local data transfer is also performed.
1611 Default is no.
1612
1613 Example:
1614 localdelivery="yes"
1615
1616
1617 remotesizelimit
1618 remotesizelimit - Lower limit on file size (in bytes) of files
1619 that remote hosts should transfer. Can be used to increase per‐
1620 formance by transferring small files using local processes.
1621
1622 Example:
1623 remotesizelimit="100000"
1624
1625
1626 usehostcert
1627 usehostcert - Whether the A-REX host certificate should be used
1628 for communication with remote hosts instead of the users' prox‐
1629 ies. Default is no.
1630
1631 Example:
1632 usehostcert="yes"
1633
1634
1635 acix_endpoint
1636 acix_endpoint URL - the ARC Cache Index specified here will be
1637 queried for every input file specified in a job description and
1638 any replicas found in sites with accessible caches will be added
1639 to the replica list of the input file. The replicas will be
1640 tried in the order specified by preferredpattern.
1641
1642 Example:
1643 acix_endpoint="https://cacheindex.ndgf.org:6443/data/index"
1644
1645
1646 securetransfer
1647 securetransfer yes|no - if data connection allows to choose use
1648 secure|non-secure data transfer. Currently only works for
1649 gridftp. default is no
1650
1651 Example:
1652 securetransfer="no"
1653
1654
1655 passivetransfer
1656 passivetransfer yes|no - If yes, gridftp transfers are passive.
1657 Setting this option to yes can solve transfer problems caused by
1658 firewalls. default is no
1659
1660 Example:
1661 passivetransfer="no"
1662
1663
1664 httpgetpartial
1665 httpgetpartial yes|no - If yes, HTTP GET transfers may transfer
1666 data in chunks/parts. If no - data is always transfered in one
1667 piece. Default is yes.
1668
1669 Example:
1670 httpgetpartial="yes"
1671
1672
1673 speedcontrol
1674 speedcontrol min_speed min_time min_average_speed max_inactivity
1675 - specifies how slow data transfer must be to trigger error.
1676 Tranfer is canceled if speed is below min_speed bytes per second
1677 for at least min_time seconds, or if average rate is below
1678 min_average_speed bytes per second, or no data was transfered
1679 for longer than max_inactivity seconds. Value of zero turns fea‐
1680 ture off. Default is "0 300 0 300"
1681
1682 Example:
1683 speedcontrol="0 300 0 300"
1684
1685
1686 preferredpattern
1687 preferredpattern pattern - specifies a preferred pattern on
1688 which to sort multiple replicas of an input file. It consists of
1689 one or more patterns separated by a pipe character (|) listed
1690 in order of preference. Replicas will be ordered by the earliest
1691 match. If the dollar character ($) is used at the end of a pat‐
1692 tern, the pattern will be matched to the end of the hostname of
1693 the replica. If an exclamation mark (!) is used at the beginning
1694 of a pattern, any replicas matching the pattern will be excluded
1695 from the sorted replicas.
1696
1697 Example:
1698 preferredpattern="srm://myhost.ac.uk|.uk$|ndgf.org$|!bad‐
1699 host.org$"
1700
1701
1702 copyurl
1703 copyurl url_head local_path - specifies that URLs, starting from
1704 'url_head' should be accessed in a different way (most probaly
1705 unix open). The file from obtained path will be copied to the
1706 session directory. NOTE: 'local_path' can also be of URL type.
1707 you can have several copyurl lines
1708
1709 Example:
1710 copyurl="gsiftp://example.org:2811/data/ gsiftp://exam‐
1711 ple.org/data/"
1712 copyurl="gsiftp://example2.org:2811/data/ gsiftp://exam‐
1713 ple2.org/data/"
1714
1715
1716 linkurl
1717 linkurl url_head local_path [node_path] - identical to 'copy‐
1718 url', only file won't be copied, but soft-link will be created.
1719 The 'local_path' specifies the way to access the file from the
1720 gatekeeper, and is used to check permissions. The 'node_path'
1721 specifies how the file can be accessed from computing nodes, and
1722 will be used for soft-link creation. If 'node_path' is missing
1723 - 'local_path' will be used. you can have multiple linkurl set‐
1724 tings
1725
1726 Example:
1727 linkurl="gsiftp://somewhere.org/data /data"
1728 linkurl="gsiftp://example.org:2811/data/ /scratch/data/"
1729
1730
1731 maxtransfertries
1732 maxtransfertries - the maximum number of times download and
1733 upload will be attempted per job (retries are only performed if
1734 an error is judged to be temporary)
1735
1736 Example:
1737 maxtransfertries="10"
1738
1739
1741 The [gridftpd] block configures the gridftpd server
1742
1743
1744 user user user[:group] - Switch to a non root user/group after
1745 startup
1746
1747 WARNING: Make sure that the certificate files are owned by the
1748 user/group specified by this option. Default value is root.
1749
1750 Example:
1751 user="grid"
1752
1753
1754 debug debug debuglevel - Set debug level of the gridftpd daemon,
1755 between 0 (FATAL) and 5 (DEBUG). Default is 3 (INFO).
1756
1757 Example:
1758 debug="2"
1759
1760
1761 daemon daemon yes|no - Whether GFS is run in daemon mode. Default is
1762 yes.
1763
1764 Example:
1765 daemon="yes"
1766
1767
1768 logfile
1769 logfile path - Set logfile location
1770
1771 Example:
1772 logfile="/var/log/arc/gridftpd.log"
1773
1774
1775 logsize
1776 logsize size [number] - 'Size' specifies in bytes how big log
1777 file is allowed to grow (approximately). If log file exceeds
1778 specified size it is renamed into logfile.0. And logfile.0 is
1779 renamed into logfile.1, etc. up to 'number' logfiles. Don't set
1780 logsize if you don't want to enable the ARC logrotation because
1781 another logrotation tool is used.
1782
1783 Example:
1784 logsize="100000 2"
1785
1786
1787 pidfile
1788 pidfile path - Specify location of file containig PID of daemon
1789 process. This is useful for automatic star/stop scripts.
1790
1791 Example:
1792 pidfile="/var/run/gridftpd.pid"
1793
1794
1795 port port bindport - Port to listen on (default 2811)
1796
1797 Example:
1798 port="2811"
1799
1800
1801 pluginpath
1802 pluginpath - directory where the plugin libraries are installed,
1803 default is $ARC_LOCATION/lib(64)/arc
1804
1805 Example:
1806 pluginpath="/usr/lib/arc/"
1807
1808
1809 encryption
1810 encryption yes|no - should data encryption be allowed, default
1811 is no, encryption is very heavy
1812
1813 Example:
1814 encryption="no"
1815
1816
1817 include
1818 include - Include contents of another configuration file.
1819
1820 Example:
1821 include="path"
1822
1823
1824 allowunknown
1825 allowunknown yes|no - if no, check user subject against grid-
1826 mapfile and reject if missing. By default unknown (not in the
1827 grid-mapfile) grid users are rejected
1828
1829 Example:
1830 allowunknown="no"
1831
1832
1833 allowactivedata yes|no - if no, only passive data transfer is allowed.
1834 By default both passive and active data transfers are allowed.
1835
1836 Example
1837 allowactivedata="yes"
1838
1839
1840 maxconnections
1841 maxconnections - maximum number of connections accepted by a
1842 gridftpd server. Default is 100.
1843
1844 Example:
1845 maxconnections="200"
1846
1847
1848 defaultbuffer
1849 defaultbuffer size - defines size of every buffer for data read‐
1850 ing/writing. Default is 65536. The actual value may decrease
1851 if the cumulative size of all buffers exceeds value specified by
1852 maxbuffer.
1853
1854 Example:
1855 defaultbuffer="65536"
1856
1857
1858 maxbuffer
1859 maxbuffer size - defines maximal amount of memory in bytes to be
1860 allocated for all data reading/writing buffers. Default is
1861 640kB. The number of buffers is (max {3, min {41, 2P + 1}}),
1862 where P is the parallelism level requested by the client.
1863 Hence, even without parallel streams enabled number of buffers
1864 will be 3.
1865
1866 Example:
1867 maxbuffer="655360"
1868
1869
1870 globus_tcp_port_range
1871 globus_tcp_port_range, globus_udp_port_range - Firewall configu‐
1872 ration
1873
1874 Example:
1875 globus_tcp_port_range="9000,12000"
1876 globus_udp_port_range="9000,12000"
1877
1878
1879 firewall
1880 firewall - hostname or IP addres to use in response to PASV com‐
1881 mand instead of IP address of a network interface of computer.
1882
1883 Example:
1884 firewall="hostname"
1885
1886
1887 x509_user_key
1888 x509_user_cert, x509_user_key - Server credentials location
1889
1890 Example:
1891 x509_user_key="/etc/grid-security/hostkey.pem"
1892 x509_user_cert="/etc/grid-security/hostcert.pem"
1893
1894
1895 x509_cert_dir
1896 x509_cert_dir - Location of trusted CA certificates
1897
1898 Example:
1899 x509_cert_dir="/etc/grid-security/certificates"
1900
1901
1902 gridmap
1903 gridmap - The gridmap file location The default is /etc/grid-
1904 security/grid-mapfile
1905
1906 Example:
1907 gridmap="/etc/grid-security/grid-mapfile"
1908
1909
1910 unixmap
1911 unixmap [unixname][:unixgroup] rule - more sophisticated way to
1912 map Grid identity of client to local account. If client matches
1913 'rule' it's assigned specified unix identity or one generated by
1914 rule. Mapping commands are processed sequentially and process‐
1915 ing stops at first successful one (like in [group] section). For
1916 possible rules read "ARC Computing Element. System Administrator
1917 guide" manual. All rules defined in [group] section canbe used.
1918 There are also additional rules which produce not only yes/no
1919 result but also give back user and group names to which mapping
1920 should happen. The way it works is quite complex so it is better
1921 to read full documentation.
1922
1923 For safety reasons if sophisticated mapping is used it is better
1924 to finish mapping sequence with default mapping to nonexistent
1925 or safe account.
1926
1927 Example:
1928 unixmap="nobody:nogroup all"
1929
1930
1931 unixgroup
1932 unixgroup group rule - do mapping only for users belonging to
1933 specified authorization 'group'. It is similar to an additional
1934 filter for unixmap command which filters out all users not
1935 belonging to specified authorization group. Only rules which
1936 generate unix user and group names may be used in this command.
1937 Please read "ARC Computing Element System Administrator Guide"
1938 for more information.
1939
1940 Example:
1941 unixgroup="users simplepool /etc/grid-security/pool/users"
1942
1943
1944 unixvo unixvo vo rule - do mapping only for users belonging to speci‐
1945 fied VO. Only rules which generate unix identity name may be
1946 used in this command. Please read "ARC Computing Element. Sys‐
1947 tem Administrator Guide" for more information. This command is
1948 similar to 'unixgroup' described above and exists for conve‐
1949 nience for setups which base mapping on VOs users belong to.
1950
1951 Example:
1952 unixvo="ATLAS unixuser atlas:atlas"
1953
1954
1956 [gridftpd/filedir] "fileplugin" storage block subblock for "exporting"
1957 a directory using the gridftpd's fileplugin plugin. gridftp plugins
1958 are shared libraries. "filedir" is a unique label. The access control
1959 is set by using the "dir" configuration option
1960
1961
1962
1963 plugin plugin name - specifies name of shared library to be loaded rel‐
1964 ative to "pluginpath". The next line is MUST for a gridftp file
1965 server with "fileplugin", don't change anything
1966
1967 Example:
1968 plugin="fileplugin.so"
1969
1970
1971 groupcfg
1972 groupcfg group_name [group_name ...] - specifies authorization
1973 groups for which this plugin is activated. In case groupcfg is
1974 not used the plugin is loaded for every mapped grid user. Multi‐
1975 ple names were may be specified delimited by blank space. Group
1976 names are as specified in [group] sections.
1977
1978 Example:
1979 groupcfg="users"
1980
1981
1982 path the name of the virtual directory served by the gridftp server,
1983 REQUIRED the exported storage area is accessible as
1984 gsiftp://my_server/topdir. "topdir" is just an example, call
1985 the virtual path anything you like, even "/" is a valid choice.
1986
1987 Example:
1988 path="/topdir"
1989
1990
1991 mount the physical directory corresponding to the virtual one:
1992 gsiftp://my_server/topdir will give access to the /scratch/grid
1993 directory on my_server, REQUIRED
1994
1995 Example:
1996 mount="/scratch/grid"
1997
1998
1999 dir dir - this is the access control parameter, you can have several
2000 "dir" lines controlling different directories within then same
2001 block
2002
2003 dir path options - specifies access rules for accessing files
2004 in 'path' (relative to virtual and real path) and all the files
2005 and directories below.
2006 'options' are:
2007 nouser - do not use local file system rights, only use
2008 those
2009 specifies in this line
2010 owner - check only file owner access rights
2011 group - check only group access rights
2012 other - check only "others" access rights
2013 if none of the above specified usual unix access rights are
2014 applied.
2015 read - allow reading files
2016 delete - allow deleting files
2017 append - allow appending files (does not allow creation)
2018 overwrite - allow overwriting already existing files (does
2019 not
2020 allow creation, file attributes are not changed)
2021 dirlist - allow obtaining list of the files
2022 cd - allow to make this directory current
2023 create owner:group permissions_or:permissions_and - allow
2024 creating
2025 new files. File will be owned by 'owner' and
2026 owning group
2027 will be 'group'. If '*' is used, the user/group
2028 to which
2029 connected user is mapped will be used. The per‐
2030 missions
2031 will be set to permissions_or & permissions_and.
2032 (second
2033 number is reserved for the future usage).
2034
2035 mkdir owner:group permissions_or:permissions_and - allow
2036 creating new directories.
2037
2038 Example:
2039 Set permissions on mounted directory:
2040 dir="/ nouser read cd dirlist delete create *:* 664:664 mkdir
2041 *:* 775:775"
2042
2043 Example:
2044 Adjust permissions on some subdirectories:
2045 dir="/section1 nouser read mkdir *:* 700:700 cd dirlist"
2046 dir="/section2 nouser read mkdir *:* 700:700 cd dirlist"
2047
2048
2050 [gridftpd/jobs] subblock which creates the jobsubmission interface,
2051 using the jobplugin of the gridftpd service. gridftp plugins are
2052 shared libraries. 'jobs' is a unique label.
2053
2054
2055
2056 path the path to the virtual gridftpd directory which is used during
2057 the job submission. MUST be set.
2058
2059 Example:
2060 path="/jobs"
2061
2062
2063 plugin plugin name - specifies name of shared library to be loaded rel‐
2064 ative to "pluginpath". The next line is MUST for a job submis‐
2065 sion service via gridftpd "jobplugin", don't change anything!
2066
2067 Example:
2068 plugin="jobplugin.so"
2069
2070
2071 groupcfg
2072 groupcfg group_name [group_name ...] - specifies authorization
2073 groups for which this plugin is activated. In case groupcfg is
2074 not used the plugin is loaded for every mapped grid user.
2075
2076 Example:
2077 groupcfg="users"
2078
2079
2080 allownew
2081 The 'allownew' configuration parameter sets if the grid resource
2082 accepts submission of new jobs. This parameter can be used to
2083 close down a grid. The default is yes
2084
2085 Example:
2086 allownew="yes"
2087
2088
2089 remotegmdirs
2090 remotegmdirs controldir sessiondir - Specifies control and ses‐
2091 sion directories to which jobs can be submitted but which are
2092 under the control of another A-REX. The corresponding controldir
2093 and sessiondir parameters must be defined in another A-REX's
2094 configuration. Multiple remotegmdirs can be specified.
2095
2096 Example:
2097 remotegmdirs="/mnt/host1/control /mnt/host1/session"
2098
2099
2100 maxjobdesc
2101 maxjobdesc size - specifies maximal allowed size of job descrip‐
2102 tion in bytes. Default value is 5MB. If value is missing or 0
2103 size is not limited.
2104
2105 Example:
2106 maxjobdesc="5242880"
2107
2108
2109 configfile
2110 configfile service_configuration_path - If [gridftpd] and [grid-
2111 manager] configuration parts are located in separate files this
2112 configuration option allows to link them. The service_configura‐
2113 tion_path points to configuration file containing [grid-manager]
2114 section. Use this option only if You really know what You are
2115 doing.
2116
2117 Example:
2118 configfile="/etc/arc.conf"
2119
2120
2122 [infosys] block configures the hosting environment of the Information
2123 services (Local Info Tree, Index Service, Registrations, see the Infor‐
2124 mation System manual) provided by the OpenLDAP slapd server.
2125
2126
2127
2128 infosys_compat
2129 infosys_compat - Setting this variable will cause ARC to use the
2130 old infoproviders. Basically, the new version uses A-REX to
2131 create LDIF while the old version uses a BDII provider-script to
2132 do it. The new version is required for GLUE2 output.
2133
2134 Example:
2135 infosys_compat="disable"
2136
2137
2138 infoproviders_timeout
2139 infoproviders_timeout - this only applies to new infoproviders.
2140 it changes A-REX behaviour with respect to a single infoprovider
2141 run. Increase this value if you have many jobs in the con‐
2142 troldir and infoproviders need more time to process. The value
2143 is in seconds. Default is 600 seconds.
2144
2145 Example:
2146 infoproviders_timeout = "600"
2147
2148
2149 debug debug - sets the debug level/verbosity of the startup script {0
2150 or 1}. Default is 0.
2151
2152 Example:
2153 debug="1"
2154
2155
2156 hostname
2157 hostname - the hostname of the machine running the slapd service
2158 will be the bind for slapd. If not present, will be taken from
2159 the [common] block or guessed
2160
2161 Example:
2162 hostname="my.testbox"
2163
2164
2165 port port - the port where the slapd service runs. Default infosys
2166 port is 2135.
2167
2168 Example:
2169 port="2135"
2170
2171
2172 slapd_loglevel
2173 slapd_loglevel - sets the native slapd loglevel (see man slapd).
2174 Slapd logs via syslog. The default is set to no-logging (0) and
2175 it is RECOMMENDED not to be changed in a production environment.
2176 Non-zero slap_loglevel value causes serious performance
2177 decrease.
2178
2179 Example:
2180 slapd_loglevel="0"
2181
2182
2183 slapd_hostnamebind
2184 slapd_hostnamebind - may be used to set the hostname part of the
2185 network interface to which the slapd process will bind. Most of
2186 the cases no need to set since the hostname configuration param‐
2187 eter is already sufficient. The default is empty. The example
2188 below will bind the slapd process to all the network interfaces
2189 available on the server.
2190
2191 Example:
2192 slapd_hostnamebind="*"
2193
2194
2195 threads
2196 threads - the native slapd threads parameter, default is 32. If
2197 you run an Index service too you should modify this value.
2198
2199 Example:
2200 threads="128"
2201
2202
2203 timelimit
2204 timelimit - the native slapd timelimit parameter. Maximum number
2205 of seconds the slapd server will spend answering a search
2206 request. Default is 3600. You probably want a much lower value.
2207
2208 Example:
2209 timelimit="1800"
2210
2211
2212 idletimeout
2213 idletimeout - the native slapd idletimeout parameter. Maximum
2214 number of seconds the slapd server will wait before forcibly
2215 closing idle client connections. Its value must be larger than
2216 the value of "timelimit" option. If not set, it defaults to
2217 timelimit + 1.
2218
2219 Example:
2220 idletimeout="1800"
2221
2222
2223 ldap_schema_dir
2224 ldap_schema_dir - allows to explicitly specify a path to the
2225 schema files. Note that this doesn't override standard location,
2226 but adds the specified path to the standard locations /etc/ldap
2227 and /etc/openldap. If you plan to relocate Glue1 and GLUE2
2228 schemas, all these should be in the same directory that you
2229 specify here. this option does NOT apply to nordugrid.schema
2230 file. Such file has a release dependent location. Default is to
2231 use only standard locations described above.
2232
2233 Example:
2234 ldap_schema_dir="/nfs/ldap/schema/"
2235
2236
2237 oldconfsuffix
2238 oldconfsuffix .suffix - sets the suffix of the backup files of
2239 the low-level slapd configuration files in case they are regen‐
2240 erated. Default is ".oldconfig".
2241
2242 Example:
2243 oldconfsuffix=".oldconfig"
2244
2245
2246 overwrite_config
2247 overwrite_config yes|no - determines if the infosys startup
2248 scripts should generate new low-level slapd configuration files.
2249 By default the low-level configuration files are regenerated
2250 with every server startup making use of the values specified in
2251 the arc.conf.
2252
2253 Example:
2254 overwrite_config="yes"
2255
2256
2257 registrationlog
2258 registrationlog path - specifies the logfile for the registra‐
2259 tion processes initiated by your machine. Default is
2260 "/var/log/arc/inforegistration.log"
2261
2262 Example:
2263 registrationlog="/var/log/arc/inforegistration.log"
2264
2265
2266 providerlog
2267 providerlog path - Specifies log file location for the informa‐
2268 tion provider scripts. The feature is only available with >=
2269 0.5.26 tag. Default is "/var/log/arc/infoprovider.log"
2270
2271 Example:
2272 providerlog="/var/log/arc/infoprovider.log"
2273
2274
2275 provider_loglevel
2276 provider_loglevel - loglevel for the infoprovider scripts (0-5).
2277 The default is 1 (critical errors are logged)
2278
2279 Example:
2280 provider_loglevel="2"
2281
2282
2283 user user unix_user - the unix user running the infosys processes
2284 such as the slapd, the registrations and infoprovider scripts.
2285 By default the ldap-user is used, you can run it as root if you
2286 wish. In case of non-root value you must make sure that the A-
2287 REX directories and their content are readable by the 'user' and
2288 the 'user' has access to the full LRMS information including
2289 jobs submitted by other users. The A-REX directories (con‐
2290 troldir, sessiondir runtimedir, cachedir) are specified in the
2291 [grid-manager] block
2292
2293 Example:
2294 user="root"
2295
2296
2297 giis_location
2298 giis_location - If giis_location is not set, ARC_LOCATION will
2299 be used instead.
2300
2301 Example:
2302 giis_location="/usr/"
2303
2304
2305 infosys_nordugrid
2306 These three variables decide which schema should be used for
2307 publishing data. They can all be enabled at the same time.
2308 Default is to enable nordugrid mds and disable glue.
2309 infosys_nordugrid - Enables NorduGrid schema
2310
2311 Example:
2312 infosys_nordugrid="enable"
2313
2314
2315 infosys_glue12
2316 infosys_glue12 - Enables glue1.2/1.3 schema If infosys_glue12 is
2317 enabled, then resource_location, resource_latitude and
2318 resource_longitude need to be set in the [infosys/glue12] block.
2319 These variables do not have default values. The rest of the
2320 variables defaults are showcased below.
2321
2322 Example:
2323 infosys_glue12="disable"
2324
2325
2326 infosys_glue2_ldap
2327 infosys_glue2 - Enables GLUE2 schema
2328
2329 Example:
2330 infosys_glue2_ldap="disable"
2331
2332
2333 infosys_glue2_ldap_showactivities
2334 infosys_glue2_ldap_showactivities - Enables GLUE2 ComputingAc‐
2335 tivities to appear in the LDAP rendering they're currently dis‐
2336 abled by default.
2337
2338 Example:
2339 infosys_glue2_ldap_showactivities="disable"
2340
2341
2342 infosys_glue2_service_qualitylevel
2343 infosys_glue2_service_qualitylevel - Allows a sysadmin to define
2344 a different GLUE2 QualityLevel for A-REX. This can be used for
2345 operations. default: production Allowed value is one of: "pro‐
2346 duction", "pre-production", "testing", "development" Refer to
2347 GLUE2 documentation for the meaning of these strings.
2348
2349 Example:
2350 infosys_glue2_service_qualitylevel="production"
2351
2352
2353 slapd slapd - Configure where the slapd command is located, default
2354 is: /usr/sbin/slapd
2355
2356 Example:
2357 slapd="/usr/sbin/slapd"
2358
2359
2360 slapadd
2361 slapadd - Configure where the slapadd command is located,
2362 default is: /usr/sbin/slapadd
2363
2364 Example:
2365 slapadd="/usr/sbin/slapadd"
2366
2367
2369 Starting from 11.05, Nordugrid ARC only supports BDII5. These vari‐
2370 ables are usually automatically set by ARC, and are here mostly for
2371 debug purposes and to tweak exotic BDII5 installations. In general, a
2372 sysadmin should not set these.
2373
2374
2375 bdii_debug_level
2376 bdii_debug_level - set the following to DEBUG to check bdii
2377 errors in bdii-update.log useful not to enable slapd logs reduc‐
2378 ing performance issues.
2379
2380 Example:
2381 bdii_debug_level="ERROR"
2382
2383
2384 provider_timeout
2385 provider_timeout - This variable allows a system administrator
2386 to modify the behaviour of bdii-update. This is the time BDII
2387 waits for the scripts generated by A-REX infoproviders to pro‐
2388 duce their output. Default is 300 seconds.
2389
2390 Example:
2391 provider_timeout=300
2392
2393
2394 infosys_debug
2395 infosys_debug - This variable disables/enables an ldap-database
2396 containing information about the ldap database itself on
2397 "o=infosys" it is very useful for debugging. Default is enabled.
2398
2399 Example:
2400 infosys_debug="disable"
2401
2402
2403 BDII5 uses the following variables. These might change depending on
2404 BDII version. ARC sets them by inspecting distributed bdii configura‐
2405 tion files. DO NOT CHANGE UNLESS YOU KNOW WHAT YOU'RE DOING
2406
2407
2408 bdii_location
2409 bdii_location - The installation directory for the BDII.
2410 Default is /usr
2411
2412 Example:
2413 bdii_location="/usr"
2414
2415
2416 bdii_var_dir
2417 bdii_var_dir - Contains BDII pid files and slapd pid files
2418
2419 Example:
2420 bdii_var_dir="/var/run/arc/bdii"
2421
2422
2423 bdii_log_dir
2424 bdii_log_dir - Contains infosys logs
2425
2426 Example:
2427 bdii_log_dir="/var/log/arc/bdii"
2428
2429
2430 bdii_tmp_dir
2431 bdii_tmp_dir - Contains provider scripts
2432
2433 Example:
2434 bdii_tmp_dir="/var/tmp/arc/bdii"
2435
2436
2437 bdii_lib_dir
2438 bdii_lib_dir - Contains slapd databases
2439
2440 Example:
2441 bdii_lib_dir="/var/lib/arc/bdii"
2442
2443
2444 bdii_update_pid_file
2445 bdii_update_pid_file, slapd_pid_file - Allows to change bdii-
2446 update and slapd pidfiles filename and location
2447
2448 Example:
2449 bdii_update_pid_file="/var/run/arc/bdii-update.pid"
2450 slapd_pid_file="$bdii_var_dir/db/slapd.pid"
2451
2452
2453 bdii_database
2454 bdii_database - Configure what ldap database backend should be
2455 used, default is: bdb
2456
2457 Example:
2458 bdii_database="bdb"
2459
2460
2461 The following options are for tweaking only. Usually one should not
2462 configure them. They change the BDII configuration file generated by
2463 ARC. Please consult BDII manual for details.
2464
2465
2466 bdii_conf
2467 bdii_conf - Location of the bdii configuration file. ARC modi‐
2468 fies the original and sets it as default
2469 /var/run/arc/infosys/bdii.conf
2470
2471 Example:
2472 bdii_conf="/var/run/arc/infosys/bdii.conf"
2473
2474
2475 Command line options used to run bdii-update. ARC finds it looking
2476 into bdii configuration. default: ${bdii_location}/sbin/bdii-update
2477
2478 bdii_update_cmd
2479 bdii_archive_size
2480 bdii_db_config
2481 bdii_breathe_time
2482 bdii_delete_delay
2483 bdii_read_timeout
2484 bdii_run_dir
2485 bindmethod
2486 cachettl
2487 db_archive
2488 db_checkpoint
2489
2490
2492 giis_fifo
2493 giis_fifo - path to fifo used by EGIIS. default is
2494 /var/run/arc/giis-fifo This file is automatically created by
2495 ARC, the option is only for tweaking.
2496
2497 Example:
2498 giis_fifo=/var/run/arc/giis-fifo
2499
2500
2501 LDAP parameters of the cluster.pl (old) infoprovider, use the defaults,
2502 do NOT change them unless you know what you are doing
2503
2504
2505 cachetime
2506 cachetime affects old infoproviders, and forces the validity
2507 time of the record.
2508
2509 Example:
2510 cachetime="30"
2511
2512
2513 sizelimit
2514 sizelimit affects registration to egiis
2515
2516 Example:
2517 sizelimit="10"
2518
2519
2520 slapd_cron_checkpoint
2521 slapd_cron_checkpoint - LDAP checkpoint enable/disable This
2522 option was introduced to solve bug #2032, to reduce the number
2523 of log files produced by BDII. It is usually not needed, but if
2524 BDII produces large logs and huge number of files, should help
2525 solving the issues related to that.
2526
2527 Example:
2528 slapd_cron_checkpoint="enable"
2529
2530
2532 This block holds information that is needed by the glue 1.2 generation.
2533 This is only necessary if infosys_glue12 is enabled.
2534
2535
2536
2537 resource_location
2538 These variables need to be set if infosys_glue12 is enabled.
2539 IMPORTANT: no slashes or backslashes here! Example: "Kastrup,
2540 Denmark"
2541
2542 Example:
2543 resource_location=""
2544
2545
2546 resource_latitude
2547 Example: "55.75000"
2548
2549 Example:
2550 resource_latitude=""
2551
2552
2553 resource_longitude
2554 Example: "12.41670"
2555
2556 Example:
2557 resource_longitude=""
2558
2559
2560 cpu_scaling_reference_si00
2561 Example 2400
2562
2563 Example:
2564 cpu_scaling_reference_si00=""
2565
2566
2567 processor_other_description
2568 Example Cores=3,Benchmark=9.8-HEP-SPEC06
2569
2570 Example:
2571 processor_other_description=""
2572
2573
2574 glue_site_web
2575 Example http://www.ndgf.org
2576
2577 Example:
2578 glue_site_web=""
2579
2580
2581 glue_site_unique_id
2582 Example NDGF-T1
2583
2584 Example:
2585 glue_site_unique_id=""
2586
2587
2588 provide_glue_site_info
2589 This variable decides if the GlueSite should be published. In
2590 case you want to set up a more complicated setup with several
2591 publishers of data to a GlueSite, then you may wish to tweak
2592 this parameter.
2593
2594 Example:
2595 provide_glue_site_info="true"
2596
2597
2599 [infosys/site/sitename] Site BDII configuration block, this block is
2600 used to configure ARC to generate a site-bdii that can be registered in
2601 GOCDB etc to make it a part of a gLite network. The sitename part is to
2602 be declarative of the site-bdii being generated.
2603
2604
2605
2606 unique_id
2607 The unique id used to identify this site, eg "NDGF-T1"
2608
2609 Example:
2610 unique_id=""
2611
2612
2613 url The URL is of the format: ldap://host.domain:2170/mds-vo-
2614 name=something,o=grid and should point to the resource-bdii
2615
2616 Example:
2617 url=""
2618
2619
2621 [infosys/admindomain] GLUE2 AdminDomain configuration block, to config‐
2622 ure administrative items of the cluster. This values do not affect nei‐
2623 ther glue12 or nordugrid renderings. If the whole block is not speci‐
2624 fied, will default to an AdminDomain called UNDEFINEDVALUE.
2625
2626
2627
2628 name name - the Name attribute for the domain. This will show in top-
2629 BDII to group the resources belonging to this cluster. to group
2630 a bunch of clusters under the same AdminDomain, just use the
2631 same name. If not specified, will default to UNDEFINEDVALUE.
2632
2633 Example:
2634 name="ARC-TESTDOMAIN"
2635
2636
2637 description
2638 description - description of this domain. Not mandatory.
2639
2640 Example:
2641 description="ARC test Domain"
2642
2643
2644 www www - URL pointing at a site holding information about the
2645 AdminDomain. Not mandatory.
2646
2647 Example:
2648 www="http://www.nordugrid.org/"
2649
2650
2651 distributed
2652 distributed - set this to yes if the domain is distributed that
2653 means, if the resources belonging to the domain are considered
2654 geographically distributed.
2655
2656 Example:
2657 distributed=yes
2658
2659
2660 owner owner - contact email of a responsible subject for the domain
2661
2662 Example:
2663 owner=admin@nordugrid.org
2664
2665
2666 otherinfo
2667 otherinfo - fills the OtherInfo GLUE2 field. no need to set,
2668 used only for future development.
2669
2670 Example:
2671 otherinfo=Test Other info
2672
2673
2675 [infosys/index/indexname] Index Service block configures and enables an
2676 Information Index Service. A separate Index block is required for every
2677 Index Service you may run on the given machine. The 'indexname' con‐
2678 stitutes to the
2679
2680
2681
2682 name name - The unique (within the hosting machine) name of the Index
2683 Service. Its value becomes part of the LDAP suffix of the Index
2684 Service: (mds-vo-name=value of the name attribute, o=grid)
2685
2686 Example:
2687 name="indexname"
2688
2689
2690 allowreg
2691 allowregistration - Implements registration filtering within an
2692 Index Sevice Sets the Local Information Trees or lower level
2693 Index Services allowed to register to the Index Service. List
2694 each allowed registrants with the allowreg attribute.
2695
2696 WARNING: specifying allowreg implies setting up a strict filter‐
2697 ing, only the matching registrants will be able to register to
2698 the Index. The wildcard * can be used in allowreg. Several
2699 allowreg lines can be used. Some examples:
2700 -All the Swedish machines can register regardless they are
2701 resources or Indices allowreg="*.se:2135"
2702 -Cluster resources from Denmark can register
2703 allowreg="*.dk:2135/nordugrid-cluster-name=*, Mds-Vo-name=local,
2704 o=grid"
2705 -Storage resources from HIP, Finland can register
2706 allowreg="*hip.fi:2135/nordugrid-se-name=*, Mds-Vo-name=local,
2707 o=grid"
2708 -The index1.sweden.se can register as a Sweden Index (and only
2709 as a Sweden Index) allowreg="index1.sweden.se:2135/Mds-vo-
2710 Name=Sweden,o=Grid"
2711 -Any Index Service can register allowreg="*:2135/Mds-vo-
2712 Name=*,o=Grid"
2713
2714 Example:
2715 allowreg="trusted.host.org.se:2135/Mds-vo-Name=Trusted-
2716 Index,o=Grid"
2717
2718
2720 [infosys/index/indexname/registration/registrationname] Index service
2721 registration block This block enables a registration process initiated
2722 by the to a target Index Service. NorduGrid maintains a webpage with
2723 information on major Index Services: http://www.nordugrid.org/Nor‐
2724 duGridMDS/index_service.html
2725
2726
2727
2728 targethostname
2729 targethostname - the hostname of the machine running the regis‐
2730 tration target Index Service
2731
2732 Example:
2733 targethostname="index.myinstitute.org"
2734
2735
2736 targetport
2737 targetport - the port on which the target Index Service is run‐
2738 ning. The default is the 2135 Infosys port.
2739
2740 Example:
2741 targetport="2135"
2742
2743
2744 targetsuffix
2745 targetsuffix - the LDAP suffix of the target Index Service
2746
2747 Example:
2748 targetsuffix="mds-vo-name=BigIndex,o=grid"
2749
2750
2751 regperiod
2752 regperiod - The registration period in seconds, the registration
2753 messages are continously sent according to the regperiod.
2754 Default is 120 sec.
2755
2756 Example:
2757 regperiod="300"
2758
2759
2760 registranthostname
2761 registranthostname - the hostname of the machine sending the
2762 registrations. This attribute inherits its value from the [com‐
2763 mon] and [infosys] blocks, most cases no need to set.
2764
2765 Example:
2766 registranthostname="myhost.org"
2767
2768
2769 registrantport
2770 registrantport - the port of the slapd service hosting the reg‐
2771 istrant Index Service. The attribute inherits its value from the
2772 [infosys] block (and therefore defaults to 2135)
2773
2774 Example:
2775 registrantport="2135"
2776
2777
2778 registrantsuffix
2779 registrantsuffix - the LDAP suffix of the registrant Index Ser‐
2780 vice. It is automatically determined from the registration
2781 block name, therefore most of the cases no need to specify. In
2782 this case the default registrantsuffix will be:
2783 "Mds-Vo-name=indexname"
2784
2785 please mind uppercase/lowercase characters in the above string
2786 when defining allowreg in an index! Don't set it unless you
2787 want to overwrite the default.
2788
2789 Example:
2790 registrantsuffix="mds-vo-name=indexname,o=grid"
2791
2792
2793
2795 This block configures how your cluster is seen on the grid monitor
2796 (infosys point of view). Please consult the Infosys manual for detailed
2797 information on cluster attributes. If you want your cluster (config‐
2798 ured below) to appear in the infosys (on the monitor) you also need to
2799 create a cluster registration block (see the next block).
2800
2801
2802
2803 hostname
2804 hostname - the FQDN of the frontend node, if the hostname is not
2805 set already in the common block then it MUST be set here
2806
2807 Example:
2808 hostname="myhost.org"
2809
2810
2811 interactive_contactstring
2812 interactive_contactstring - the contact string for interactive
2813 logins, set this if the cluster supports some sort of grid-
2814 enabled interactive login (gsi-ssh), multivalued
2815
2816 Example:
2817 interactive_contactstring="gsissh://frontend.cluster:2200"
2818
2819
2820 cluster_alias
2821 alias - an arbitrary alias name of the cluster, optional
2822
2823 Example:
2824 cluster_alias="Big Blue Cluster in Nowhere"
2825
2826
2827 comment
2828 comment - a free text field for additional comments on the clus‐
2829 ter in a single line, no newline character is allowed!
2830
2831 Example:
2832 comment="This cluster is specially designed for XYZ applica‐
2833 tions: www.xyz.org"
2834
2835
2836 cluster_location
2837 cluster_location - The geographical location of the cluster,
2838 preferably specified as a postal code with a two letter country
2839 prefix
2840
2841 Example:
2842 cluster_location="DK-2100"
2843
2844
2845 cluster_owner
2846 cluster_owner - it can be used to indicate the owner of a
2847 resource, multiple entries can be used
2848
2849 Example:
2850 cluster_owner="World Grid Project"
2851 cluster_owner="University of NeverLand"
2852
2853
2854 authorizedvo
2855 authorizedvo - this attribute is used to advertise which VOs are
2856 authorized on the cluster. Multiple entries are allowed. This
2857 entries will be shown in GLUE2 AccessPolicy and MappingPolicy
2858 objects.
2859
2860 Example:
2861 authorizedvo="developer.nordugrid.org"
2862 authorizedvo="community.nordugrid.org"
2863
2864
2865 clustersupport
2866 clustersupport - this is the support email address of the
2867 resource, multiple entries can be used
2868
2869 Example:
2870 clustersupport="grid.support@mysite.org"
2871 clustersupport="grid.support@myproject.org"
2872
2873
2874 lrmsconfig
2875 lrmsconfig - an optional free text field to describe the config‐
2876 uration of your Local Resource Management System (batch system).
2877
2878 Example:
2879 lrmsconfig="single job per processor"
2880
2881
2882 homogeneity
2883 homogeneity - determines whether the cluster consists of identi‐
2884 cal NODES with respect to cputype, memory, installed software
2885 (opsys). The frontend is NOT needed to be homogeneous with the
2886 nodes. In case of inhomogeneous nodes, try to arrange the nodes
2887 into homogeneous groups assigned to a queue and use queue-level
2888 attributes. Possible values: True,False, the default is True.
2889 False will trigger multiple GLUE2 ExecutionEnvironments to be
2890 published if applicable.
2891
2892 Example:
2893 homogeneity="True"
2894
2895
2896 architecture
2897 architecture - sets the hardware architecture of the NODES. The
2898 "architecture" is defined as the output of the "uname -m" (e.g.
2899 i686). Use this cluster attribute if only the NODES are homoge‐
2900 neous with respect to the architecture. Otherwise the queue-
2901 level attribute may be used for inhomogeneous nodes. If the
2902 frontend's architecture agrees to the nodes, the "adotf" (Auto‐
2903 matically Determine On The Frontend) can be used to request
2904 automatic determination.
2905
2906 Example:
2907 architecture="adotf"
2908
2909
2910 opsys opsys - this multivalued attribute is meant to describe the
2911 operating system of the computing NODES. Set it to the opsys
2912 distribution of the NODES and not the frontend! opsys can also
2913 be used to describe the kernel or libc version in case those
2914 differ from the originally shipped ones. The distribution name
2915 should be given as distroname-version.number, where spaces are
2916 not allowed. Kernel version should come in the form kernelname-
2917 version.number. If the NODES are inhomogeneous with respect to
2918 this attribute do NOT set it on cluster level, arrange your
2919 nodes into homogeneous groups assigned to a queue and use queue-
2920 level attributes.
2921
2922 Example:
2923 opsys="Linux-2.6.18"
2924 opsys="glibc-2.5.58"
2925 opsys="CentOS-5.6"
2926
2927
2928 nodecpu
2929 nodecpu - this is the cputype of the homogeneous nodes. The
2930 string is constructed from the /proc/cpuinfo as the value of
2931 "model name" and "@" and value of "cpu MHz". Do NOT set this
2932 attribute on cluster level if the NODES are inhomogeneous with
2933 respect to cputype, instead arrange the nodes into homogeneous
2934 groups assigned to a queue and use queue-level attributes. Set‐
2935 ting the nodecpu="adotf" will result in Automatic Determination
2936 On The Frontend, which should only be used if the frontend has
2937 the same cputype as the homogeneous nodes.
2938
2939 Example:
2940 nodecpu="AMD Duron(tm) Processor @ 700 MHz"
2941
2942
2943 nodememory
2944 nodememory - this is the amount of memory (specified in MB) on
2945 the node which can be guaranteed to be available for the appli‐
2946 cation. Please note in most cases it is less than the physical
2947 memory installed in the nodes. Do NOT set this attribute on
2948 cluster level if the NODES are inhomogeneous with respect to
2949 their memories, instead arrange the nodes into homogeneous
2950 groups assigned to a queue and use queue-level attributes.
2951
2952 Example:
2953 nodememory="512"
2954
2955
2956 defaultmemory
2957 defaultmemory - If a user submits a job without specifying how
2958 much memory should be used, this value will be taken first. The
2959 order is: xrsl -> defaultmemory -> nodememory -> 1GB. This is
2960 the amount of memory (specified in MB) that a job will
2961 request(per rank).
2962
2963 Example:
2964 defaultmemory="512"
2965
2966
2967 benchmark
2968 benchmark name value - this optional multivalued attribute can
2969 be used to specify benchmark results on the cluster level. Use
2970 this cluster attribute if only the NODES are homogeneous with
2971 respect to the benchmark performance. Otherwise the similar
2972 queue-level attribute should be used. Please try to use one of
2973 standard benchmark names given below if possible.
2974
2975 Example:
2976 benchmark="SPECINT2000 222"
2977 benchmark="SPECFP2000 333"
2978
2979
2980 middleware
2981 middleware - the multivalued attribute shows the installed grid
2982 software on the cluster, nordugrid and globus-ng is automati‐
2983 cally set, no need to specify middleware=nordugrid or middle‐
2984 ware=globus
2985
2986 Example:
2987 middleware="my grid software"
2988
2989
2990 nodeaccess
2991 nodeaccess - determines how the nodes can connect to the inter‐
2992 net. Not setting anything means the nodes are sitting on a pri‐
2993 vate isolated network. "outbound" access means the nodes can
2994 connect to the outside world while "inbound" access means the
2995 nodes can be connected from outside. inbound & outbound access
2996 together means the nodes are sitting on a fully open network.
2997
2998 Example:
2999 nodeaccess="inbound"
3000 nodeaccess="outbound"
3001
3002
3003 dedicated_node_string
3004 dedicated_node_string - the string which is used in the PBS node
3005 configuration to distinguish the grid nodes from the rest. Sup‐
3006 pose only a subset of nodes are available for grid jobs, and
3007 these nodes have a common "node property" string, this case the
3008 dedicated_node_string should be set to this value and only the
3009 nodes with the corresponding "pbs node property" are counted as
3010 grid enabled nodes. Setting the dedicated_node_string to the
3011 value of the "pbs node property" of the grid-enabled nodes will
3012 influence how the totalcpus, user freecpus is calculated. You
3013 don't need to set this attribute if your cluster is fully avail‐
3014 able for the grid and your cluster's PBS configuration does not
3015 use the "node property" method to assign certain nodes to grid
3016 queues. You shouldn't use this configuration option unless you
3017 make sure your PBS configuration makes use of the above
3018 described setup.
3019
3020 Example:
3021 dedicated_node_string="gridnode"
3022
3023
3024 localse
3025 localse - this multivalued parameter tells the BROKER that cer‐
3026 tain URLs (and locations below that) should be considered
3027 "locally" available to the cluster.
3028
3029 Example:
3030 localse="gsiftp://my.storage/data1/"
3031 localse="gsiftp://my.storage/data2/"
3032
3033
3034 gm_mount_point
3035 gm_mount_point - this is the same as the "path" from the
3036 [gridftpd/jobs] block. The default is "/jobs". Will be cleaned
3037 up later, do NOT touch it.
3038
3039 Example:
3040 gm_mount_point="/jobs"
3041
3042
3043 gm_port
3044 gm_port - this is the same as the "port" from the [gridftpd]
3045 block. The default is "2811". Will be cleaned up later.
3046
3047 Example:
3048 gm_port="2811"
3049
3050
3051 cpudistribution
3052 cpudistribution - this is the CPU distribution over nodes given
3053 in the form: ncpu:m where
3054 n is the number of CPUs per machine
3055 m is the number of such computers
3056
3057 Example: 1cpu:3,2cpu:4,4cpu:1 represents a cluster with 3 single
3058 CPU machines, 4 dual CPU machines, one machine with 4 CPUs.
3059 This command is needed to tweak and overwrite the values
3060 returned by the underlying LRMS. In general there is no need to
3061 configure it.
3062
3063 Example:
3064 cpudistribution=1cpu:3,2cpu:4,4cpu:1
3065
3066
3068 Computing resource (cluster) registration block configures and enables
3069 the registration process of a computing resource to an Index Service.
3070 A cluster can register to several Index Services this case each regis‐
3071 tration process should have its own block. NorduGrid maintains a web‐
3072 page with information on major Index Services: http://www.nor‐
3073 dugrid.org/NorduGridMDS/index_service.html
3074
3075
3076
3077 targethostname
3078 targethostname - see description earlier
3079
3080 Example:
3081 targethostname="index.myinstitute.org"
3082
3083
3084 targetport
3085 targetport - see description earlier
3086
3087 Example:
3088 targetport="2135"
3089
3090
3091 targetsuffix
3092 targetsuffix - see description earlier
3093
3094 Example:
3095 targetsuffix="mds-vo-name=BigIndex,o=grid"
3096
3097
3098 regperiod
3099 regperiod - see description earlier
3100
3101 Example:
3102 regperiod="300"
3103
3104
3105 registranthostname
3106 registranthostname - see description earlier
3107
3108 Example:
3109 registranthostname="myhost.org"
3110
3111
3112 registrantport
3113 registrantport - see description earlier
3114
3115 Example:
3116 registrantport="2135"
3117
3118
3119 registrantsuffix
3120 registrantsuffix - the LDAP suffix of the registrant cluster
3121 resource It is automatically determined from the [infosys] block
3122 and the registration blockname. In this case the default regis‐
3123 trantsuffix will be:
3124 "nordugrid-cluster-name=hostname,Mds-Vo-name=local,o=Grid"
3125
3126 please mind uppercase/lowercase characters above if defining
3127 allowreg in an index! Don't set it unless you want to overwrite
3128 the default.
3129
3130 Example:
3131 registrantsuffix="nordugrid-cluster-name=myhost.org,Mds-Vo-
3132 name=local,o=grid"
3133
3134
3136 Each grid-enabled queue should have a separate queue block. The queue‐
3137 name should be used as a label in the block name. A queue can repre‐
3138 sent a PBS/LSF/SGE/SLURM/LL queue, a SGE pool, a Condor pool or a sin‐
3139 gle machine in case 'fork' type of LRMS is specified in the [common]
3140 block.
3141
3142 Queues don't need to be registered (there is no queue registration
3143 block), once you configured your cluster to register to an Index Ser‐
3144 vice the queue entries (configured with this block) automatically will
3145 be there. Please consult the ARC Information System manual for
3146 detailed information on queue attributes:
3147 http://www.nordugrid.org/documents/arc_infosys.pdf
3148
3149 use the queue_name for labeling the block. The special name 'fork'
3150 should be used for labeling the queue block in case you specified
3151 'fork' type of LRMS in the [common] block.
3152
3153
3154
3155 name name sets the name of the grid-enabled queue. It MUST match the
3156 queue_name label of the corresponding queue block, see above.
3157 Use "fork" if you specified 'fork' type of LRMS in the [common]
3158 block. Queue name MUST be specified, even if the queue block is
3159 already correctly labeled.
3160
3161 Example:
3162 name="gridlong"
3163
3164
3165 homogeneity
3166 homogeneity - determines whether the queue consists of identical
3167 NODES with respect to cputype, memory, installed software
3168 (opsys). In case of inhomogeneous nodes, try to arrange the
3169 nodes into homogeneous groups and assigned them to a queue.
3170 Possible values: True,False, the default is True.
3171
3172 Example:
3173 homogeneity="True"
3174
3175
3176 scheduling_policy
3177 scheduling_policy - this optional parameter tells the
3178 schedulling policy of the queue, PBS by default offers the FIFO
3179 scheduller, many sites run the MAUI. At the moment FIFO & MAUI
3180 is supported. If you have a MAUI scheduller you should specify
3181 the "MAUI" value since it modifies the way the queue resources
3182 are calculated. BY default the "FIFO" sceduller is assumed.
3183
3184 Example:
3185 scheduling_policy="FIFO"
3186
3187
3188 comment
3189 comment - a free text field for additional comments on the queue
3190 in a single line, no newline character is allowed!
3191
3192 Example:
3193 comment="This queue is nothing more than a condor pool"
3194
3195
3196 maui_bin_path
3197 maui_bin_path - set this parameter for the path of the maui com‐
3198 mands like showbf in case you specified the "MAUI" schedul‐
3199 ing_policy above. This parameter can be set in the [common]
3200 block as well.
3201
3202 Example:
3203 maui_bin_path="/usr/local/bin"
3204
3205
3206 queue_node_string
3207 queue_node_string - In PBS you can assign nodes to a queue (or a
3208 queue to nodes) by using the "node property" PBS node configura‐
3209 tion method and asssigning the marked nodes to the queue (set‐
3210 ting the resources_default.neednodes = queue_node_string for
3211 that queue). This parameter should contain the "node property"
3212 string of the queue-assigned nodes. Setting the
3213 queue_node_string changes how the queue-totalcpus, user freecpus
3214 are determined for this queue. Essentially, queue_node_string
3215 value is used to construct nodes= string in PBS script, such as
3216 nodes=count:queue_node_string where count is taken from the job
3217 description (1 if not specified). You shouldn't use this option
3218 unless you are sure that your PBS configuration makes use of the
3219 above configuration. Read NorduGrid PBS instructions for more
3220 information:
3221 http://www.nordugrid.org/documents/pbs-config.html
3222
3223 Example:
3224 queue_node_string="gridlong_nodes"
3225 queue_node_string="ppn=4:ib"
3226
3227
3228 sge_jobopts
3229 sge_jobopts - additional SGE options to be used when submitting
3230 jobs to SGE from this queue. If in doubt, leave it commented
3231 out
3232
3233 Example:
3234 sge_jobopts="-P atlas -r yes"
3235
3236
3237 condor_requirements
3238 condor_requirements - only needed if using Condor. It needs to
3239 be defined for each queue. Use this option to determine which
3240 nodes belong to the current queue. The value of 'con‐
3241 dor_requirements' must be a valid constraints string which is
3242 recognized by a condor_status -constraint '....' command. It can
3243 reference pre-defined ClassAd attributes (like Memory, Opsys,
3244 Arch, HasJava, etc) but also custom ClassAd attributes. To
3245 define a custom attribute on a condor node, just add two lines
3246 like the ones below in the `hostname`.local config file on the
3247 node:
3248 NORDUGRID_RESOURCE=TRUE
3249 STARTD_EXPRS = NORDUGRID_RESOURCE, $(STARTD_EXPRS)
3250
3251 A job submitted to this queue is allowed to run on any node
3252 which satisfies the 'condor_requirements' constraint. If 'con‐
3253 dor_requirements' is not set, jobs will be allowed to run on any
3254 of the nodes in the pool. When configuring multiple queues, you
3255 can differentiate them based on memory size or disk space, for
3256 example:
3257
3258 Example:
3259 condor_requirements="(OpSys == "linux" && NORDUGRID_RESOURCE &&
3260 Memory >= 1000 && Memory < 2000)"
3261
3262
3263 lsf_architecture
3264 CPU architecture to request when submitting jobs to LSF. Use
3265 only if you know what you are doing.
3266
3267 Example:
3268 lsf_architecture="PowerPC"
3269
3270
3271 totalcpus
3272 totalcpus - manually sets the number of cpus assigned to the
3273 queue. No need to specify the parameter in case the
3274 queue_node_string method was used to assign nodes to the queue
3275 (this case it is dynamically calculated and the static value is
3276 overwritten) or when the queue have access to the entire cluster
3277 (this case the cluster level totalcpus is the relevant parame‐
3278 ter). Use this static parameter only if some special method is
3279 applied to assign a subset of totalcpus to the queue.
3280
3281 Example:
3282 totalcpus="32"
3283
3284
3285 nodecpu
3286 queue-level configuration parameters: nodecpu, nodememory,
3287 architecture, opsys and benchmark should be set if they are
3288 homogeneous over the nodes assigned to the queue AND they are
3289 different from the cluster-level value. Their meanings are
3290 described in the cluster block. Usage: this queue collects nodes
3291 with "nodememory=512" while another queue has nodes with "node‐
3292 memory=256" -> don't set the cluster attributes but use the
3293 queue-level attributes. When the frontend's architecture or
3294 cputype agrees with the queue nodes, the "adotf" (Automatically
3295 Determine On The Frontend) can be used to request automatic
3296 determination of architecture or nodecpu.
3297
3298 Example:
3299 nodecpu="adotf"
3300 nodememory="512"
3301 architecture="adotf"
3302 opsys="Fedora 16"
3303 opsys="Linux-3.0"
3304 benchmark="SPECINT2000 222"
3305 benchmark="SPECFP2000 333"
3306
3307
3308 ac_policy
3309 queue access policy rules based on VOMS attributes in user's
3310 proxy certificate (requires the arc-vomsac-check plugin to be
3311 enabled). Matching rules have the following format:
3312 ac_policy="[+/-]VOMS: <FQAN>"
3313
3314 Please read arc-vomsac-check manual page for more information.
3315
3316 Example:
3317 ac_policy="-VOMS: /badvo"
3318 ac_policy="VOMS: /.*/Role=production"
3319
3320
3321 authorizedvo
3322 authorizedvo - this attribute is used to advertise which VOs are
3323 authorized on the specific queue. Multiple entries are allowed.
3324 This entries will be shown in the MappingPolicy objects. If
3325 something is already defined in the [cluster] block, the shown
3326 VOs will be the union set of those defined in [cluster] with
3327 those specific to this [queue] block.
3328
3329 Example:
3330 authorizedvo="LocalUsers"
3331 authorizedvo="atlas"
3332 authorizedvo="community.nordugrid.org"
3333
3334
3335 cachetime
3336 this affects old infoproviders, and forces the validity time of
3337 the record.
3338
3339 Example:
3340 cachetime="30"
3341
3342
3343 sizelimit
3344 sizelimit affects registration to EGIIS
3345
3346 Example:
3347 sizelimit="5000"
3348
3349
3350
3352 Services registration into EMIR block configures and enables the regis‐
3353 tration process of a services enabled in this configuration file into
3354 EMI indexing service (EMIR).
3355
3356
3357
3358 emirurls
3359 List of URL separated by comma of EMIR services which are to
3360 accept registration. This is mandatory.
3361
3362 Example:
3363 emirurls="https://somehost:60002/emir"
3364
3365
3366 validity
3367 Time in seconds for which registration records should stay
3368 valid.
3369
3370 Example:
3371 validity=600
3372
3373
3374 period Time in seconds how othen registration record should be sent to
3375 the registration service.
3376
3377 Example:
3378 period=60
3379
3380
3381 disablereg_xbes
3382 disablereg_xbes may be used to selectively disable registration
3383 of A-REX service. Possible values are yes and no. Default is no,
3384
3385 Example:
3386 disablereg_xbes="no"
3387
3388
3390 [nordugridmap] block configuration is used to fine-tune behaviour of
3391 the nordugridmap - an ARC tool used to generate grid-mapfiles. Please
3392 refer to [vo] block description to find information how to specify VO
3393 sources for mapfile generation. This section setup general VO-indepen‐
3394 dent parameters.
3395
3396
3397
3398 x509_user_key
3399 x509_user_cert, x509_user_key - public certificate and privat
3400 key to be used when fetching sources over TLS (https:// and
3401 vomss:// sources retrieval rely on this parameter) If not speci‐
3402 fied, values defined in [common] section will be used. If there
3403 is also no [common] section, X509_USER_{CERT,KEY} variables are
3404 used. Default is '/etc/grid-security/host{cert,key}.pem'
3405
3406 Example:
3407 x509_user_key="/etc/grid-security/hostkey.pem"
3408 x509_user_cert="/etc/grid-security/hostcert.pem"
3409
3410
3411 x509_cert_dir
3412 x509_cert_dir - the directory containing CA certificates. This
3413 information is needed by the 'require_issuerdn' [vo] block
3414 option. Default is '/etc/grid-security/certificates/'.
3415
3416 Example:
3417 x509_cert_dir="/etc/grid-security/certificates/"
3418
3419
3420 generate_vomapfile
3421 generate_vomapfile - control is nordugridmap will generate vo-
3422 mapfile used by arc-ur-logger. Default is 'yes'.
3423
3424 Example:
3425 generate_vomapfile="yes"
3426
3427
3428 vomapfile
3429 vomapfile - path to vo-mapfile location. Default is /etc/grid-
3430 security/grid-vo-mapfile
3431
3432 Example:
3433 vomapfile="/etc/grid-security/grid-vo-mapfile"
3434
3435
3436 log_to_file
3437 log_to_file - control whether logging output of nordugridmap
3438 will be saved to file. Default is 'no' (STDERR is used).
3439
3440 Example:
3441 log_to_file="yes"
3442
3443
3444 logfile
3445 logfile - specify the nordugridmap log file location when in
3446 use. Default is '/var/log/arc/nordugridmap.log'.
3447
3448 Example:
3449 logfile="/var/log/arc/nordugridmap.log"
3450
3451
3452 cache_enable
3453 cache_enable - control whether caching of external sources will
3454 be used. Default is 'yes'.
3455
3456 Example:
3457 cache_enable="yes"
3458
3459
3460 cachedir
3461 cachedir - specify the path where cached sources will be stored.
3462 Default is '/var/spool/nordugrid/gridmapcache/'
3463
3464 Example:
3465 cachedir="/var/spool/nordugrid/gridmapcache/"
3466
3467
3468 cachetime
3469 cachetime - controls how many time (in seconds) cached informa‐
3470 tion remains valid. Default is 259200 (3 days).
3471
3472 Example:
3473 cachetime="259200"
3474
3475
3476 issuer_processing
3477 issuer_processing - control the behaviour of [vo] block
3478 require_issuerdn parameter. Valid values are 'relaxed' and
3479 'strict'. Please see 'require_issuerdn' description in [vo]
3480 block for details. Default is 'relaxed'.
3481
3482 Example:
3483 issuer_processing="relaxed"
3484
3485
3486 mapuser_processing
3487 mapuser_processing - control the behaviour of [vo] block
3488 mapped_unixid parameter usage. Valid values are 'overwrite' and
3489 'keep'. Please see 'mapped_unixid' description in [vo] block
3490 for details. Default is 'keep'.
3491
3492 Example:
3493 mapuser_processing="keep"
3494
3495
3496 allow_empty_unixid
3497 allow_empty_unixid - control whether empty (or unspecified)
3498 Please see 'mapped_unixid' description of [vo] block for
3499 details. Default is 'no'
3500
3501 Example:
3502 allow_empty_unixid="no"
3503
3504
3505 voms_method
3506 voms_method - control how to get information from voms(s)
3507 sources. Valid values are:
3508 soap - call SOAP method directly using SOAP::Lite
3509 get - use old implementation that manually parses XML
3510 response Default is 'soap'.
3511
3512 Example:
3513 voms_method="soap"
3514
3515
3516 debug debug level - controls the verbosity of nordugridmap output.
3517 Valid values are:
3518 0 - FATAL - only critical fatal error shown
3519 1 - ERROR - errors, including non-critical are shown
3520 2 - WARNING (default) - configuration errors that can be
3521 ignored
3522 3 - INFO - processing information
3523 4 - VERBOSE - a bit more processing information
3524 5 - DEBUG - lot of processing information
3525
3526 When test run is requested (--test command line option of the
3527 nordugridmap) debug level is automatically set to 5 (DEBUG).
3528 Default is 2 (WARNING)
3529
3530 Example:
3531 debug="4"
3532
3533
3534 fetch_timeout
3535 fetch_timeout - control how many time (in seconds) nordugridmap
3536 will wait for external sources retrieval. Default is 15.
3537
3538 Example:
3539 fetch_timeout="15"
3540
3541
3543 The cache server component of ACIX runs alongside A-REX. It periodi‐
3544 cally scans the cache directories and composes a Bloom filter of cache
3545 content which can be pulled by an ACIX index server.
3546
3547
3548
3549 hostname
3550 Hostname on which the cache server listens. Default is all
3551 available interfaces.
3552
3553 Example:
3554 hostname="myhost.org"
3555
3556
3557 port Port on which the cache server listens. Default is 5443.
3558
3559 Example:
3560 port="6000"
3561
3562
3563 logfile
3564 Log file location for the cache server. Default is
3565 /var/log/arc/acix-cache.log
3566
3567 Example:
3568 logfile="/tmp/acix-cache.log"
3569
3570
3571 cachedump
3572 Whether to make a dump of the cache contents in a file at
3573 $TMP/ARC-ACIX/timestamp each time the cache server runs. Default
3574 is no.
3575
3576 Example:
3577 cachedump="yes"
3578
3579
3580
3582 The index server component of ACIX collects cache content filters from
3583 a set of cache servers configured in this block. The index server can
3584 be queried for the location of cached files.
3585
3586
3587
3588 cacheserver
3589 ACIX cache servers from which to pull information
3590
3591 Example:
3592 cacheserver="https://some.host:5443/data/cache"
3593 cacheserver="https://another.host:5443/data/cache"
3594
3595
3596
3598 Gangliarc provides monitoring of ARC-specific metrics through ganglia.
3599 It can be run with zero configuration or customised with options in the
3600 [gangliarc] block.
3601
3602
3603 frequency
3604 The period between each information gathering cycle, in seconds.
3605 Default is 20.
3606
3607 Example:
3608 frequency="30"
3609
3610
3611 gmetric_exec
3612 Path to gmetric executable. Default is /usr/bin/gmetric.
3613
3614 Example:
3615 gmetric_exec="/usr/local/bin/gmetric"
3616
3617
3618 logfile
3619 log file of the daemon. Default is /var/log/arc/gangliarc.log.
3620
3621 Example:
3622 logfile="/tmp/gangliarc.log"
3623
3624
3625 pidfile
3626 pid file of the daemon. Default is /var/run/gangliarc.pid.
3627
3628 Example:
3629 pidfile="/tmp/gangliarc.pid"
3630
3631
3632 python_bin_path
3633 path to python executable. Default is /usr/bin/python.
3634
3635 Example:
3636 python_bin_path="/usr/local/bin/python"
3637
3638
3639 metrics
3640 the metrics to be monitored. Default is "all". metrics takes a
3641 comma-separated list of one or more of the following metrics:
3642 - staging -- number of tasks in different data staging states
3643 - cache -- free cache space
3644 - session -- free session directory space
3645 - heartbeat -- last modification time of A-REX heartbeat
3646 - processingjobs -- the number of jobs currently being pro‐
3647 cessed by ARC (jobs
3648 between PREPARING and FINISHING states)
3649 - failedjobs -- the number of failed jobs per last 100 finished
3650 - jobstates -- number of jobs in different A-REX internal
3651 stages
3652 - all -- all of the above metrics
3653
3654 Example:
3655 metrics="all"
3656
3657
3658
3659NorduGrid ARC 5.4.4 2019-03-16 arc.conf(5)