 |
 |
Hi, Brew, CAJ (Chris) wrote: > Hi, > > Thanks, adding the redirect to my .rootrc file worked but I believe that > Pete wants to disable the setting of variables like this in the > KanAccess.cfg files. > > You seem to suggest that this has been fixed in later versions: How new do > the versions have to be and do you know which BaBar release has the fixed > version? > Yes, the TXNetFile version inside ROOT (and the posix-like client too) works differently, allowing you to specify regular expressions to allow/deny connections/redirections to domains. So, when you will be using that, you will be able to let the clients interact only with the domains you want. And not opening to any domain different from the client's one. Fabrizio > Disallowing the WAN connects and redirects is done by default for a good > reason and I'd rather not bypass it unless we have to. > > Thanks, > Chris. > > >>-----Original Message----- >>From: Fabrizio Furano [mailto:[log in to unmask]] >>Sent: 25 October 2004 06:53 >>To: Stephen J. Gowdy >>Cc: Brew, CAJ (Chris); [log in to unmask] >>Subject: Re: "WAN" Connect problem for subdomain >> >> >>Hi all, >> >> that's a client side config issue, not server side. >> >>Those earlier versions of XTNetFile only allow/deny >>connections in the >>base of a pure equality of the domains. >> >>The client config fix you made setting the variable >> >>Root.XTNetFileAllowWanConnect >> >>disables this checking at the client side, but only for the >>connections, >>not for the redirection destinations. If you have a redirector node, >>this one will obviously redirect the incoming connections to other >>hosts. To fix that also, you need to set to a nonzero value >>also the var >> >>Root.XTNetFileAllowWanRedirect >> >>I also suggest you to put these variable settings in the >>KanAccess file, >>not in the .rootrc one. >> >>Fabrizio >> >> >> >>Stephen J. Gowdy wrote: >> >>>Hi Chris, >>> I think you can turn that check off in xrootd's config >> >>file. IN2P3 >> >>>had to do that due to a similar problem (although it might >> >>have been the >> >>>other way round, the server in the subdomain). >>> >>> regards, >>> >>> Stephen. >>> >>>On Mon, 25 Oct 2004, Brew, CAJ (Chris) wrote: >>> >>> >>> >>>>Hi, >>>> >>>>We have a problem with the way xrootd decides whether a >> >>connection is a WAN >> >>>>connection. >>>> >>>>Some of the worker nodes at RAL are in the gridpp.rl.ac.uk >> >>domain and our >> >>>>xrootd servers are in the higher level domain rl.ac.uk. >>>> >>>>Jobs running on the machines in the gridpp subdomain fail >> >>because the refuse >> >>>>to connect to the different domain. >>>> >>>>lcg0338 - ~/work/anal21 $ KanCollUtil >>>>/store/PRskims/R14/14.4.0d/BFourBody/02/BFourBody_0291.01.root >>>>041025 11:33:48 14069 Warn: XTNetConn::checkUrlDomain >> >>- Skipping url >> >>>>[root://csflnx108.rl.ac.uk///store/PRskims/R14/14.4.0d/BFour >> >>Body/02/BFourBod >> >>>>y_0291.01.root.01.root]. Its domain [.rl.ac.uk] differs >> >>from the client's >> >>>>one [.gridpp.rl.ac.uk]. >>>>041025 11:33:48 14069 Err : XTNetFile::CTOR >> >>- All server >> >>>>specified are out of the client's domain. Going into zombie state. >>>>ERR Could not open a file expected to contain the event header: >>>>ERR LFN = >>>>/store/PRskims/R14/14.4.0d/BFourBody/02/BFourBody_0291.01.ro >> >>ot.01.root >> >>>>ERR PFN = >>>>root://bbr-rdr01.rl.ac.uk//store/PRskims/R14/14.4.0d/BFourBo >> >>dy/02/BFourBody_ >> >>>>0291.01.root.01.root >>>>ERR Check collection name and access method... >>>> >>>>Trying to fix this by adding Root.XTNetFileAllowWanConnect: >> >> 1 to an >> >>>>.rootrc file changes the error but does not fix the problem. >>>> >>>>lcg0338 - ~/work/anal21 $ KanCollUtil >>>>/store/PRskims/R14/14.4.0d/BFourBody/02/BFourBody_0291.01.root >>>>041025 11:36:21 14080 Err : XTNetConn::handleServerError >> >>- Redirection to >> >>>>a server out-of-domain disallowed. Abort >>>>Aborted >>>> >>>>This is going to cause jobs to randomly fail at RAL, could >> >>the client be >> >>>>fixed to recognise that subdomains are not WAN connections. >>>> >>>>Thanks, >>>>Chris. >>>> >>>> >>> >>> >>>-- >>> /------------------------------------+-------------------------\ >>>|Stephen J. Gowdy | SLAC, MailStop 34, | >>>|http://www.slac.stanford.edu/~gowdy/ | 2575 Sand Hill Road, | >>>|http://calendar.yahoo.com/gowdy | Menlo Park CA 94025, USA | >>>|EMail: [log in to unmask] | Tel: +1 650 926 3144 | >>> \------------------------------------+-------------------------/ >>