Hi @bbockelm ,
I'll attach the config I used in June below (hooray for git-managed configuration management ;-) ). We have only tuned unrelated config parameters since then, but since we perform daily service restarts, the issue is completely gone for now.
For your original error message - what log does that come from?
That's straight from the xrootd.log
.
Cheers and thanks for looking into it,
Oliver
acc.authdb /etc/xrootd/auth_file-grid
acc.authrefresh 60
all.export /cephfs/grid/atlas/atlaslocalgroupdisk r/w
all.export /cephfs/grid/atlas/atlasscratchdisk r/w
all.export /cephfs/grid/atlas/user/scratch r/w
all.export /cephfs/grid/ops r/w
all.manager xrootd.physik.uni-bonn.de:1213
all.role server
all.role manager if xrootd.physik.uni-bonn.de
all.sitename UNI-BONN
cms.allow host xrootd.physik.uni-bonn.de
cms.allow host xrootd*.physik.uni-bonn.de
cms.dfs limit 0 lookup distrib mdhold 0 redirect immed retries 2
http.cadir /etc/grid-security/certificates
http.cert /etc/grid-security/hostcert.pem
http.key /etc/grid-security/hostkey.pem
http.secretkey REDACTEDHERE
http.secxtractor /usr/lib64/libXrdHttpVOMS.so
if exec xrootd
xrd.protocol XrdHttp /usr/lib64/libXrdHttp.so
fi
if xrootd.physik.uni-bonn.de
else
http.selfhttps2http no
fi
if xrootd.physik.uni-bonn.de
http.desthttps yes
fi
ofs.authorize
ofs.tpc autorm ttl 180 1800 pgm /usr/local/bin/xrdcp-voms --server
sec.protocol /usr/lib64 gsi -ca:1 -crl:3 -gridmap:/dev/null -cert:/etc/grid-security/hostcert.pem -key:/etc/grid-security/hostkey.pem -certdir:/etc/grid-security/certificates
sec.protparm gsi -vomsfun:/usr/lib64/libXrdSecgsiVOMS.so -vomsfunparms:certfmt=raw|vos=atlas,ops|grps=/atlas,/ops
xrd.port 1094
xrootd.chksum adler32 crc32 md5
xrootd.seclib /usr/lib64/libXrdSec.so
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.
{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/xrootd/xrootd","title":"xrootd/xrootd","subtitle":"GitHub repository","main_image_url":"https://assets-cdn.github.com/images/email/message_cards/header.png","avatar_image_url":"https://assets-cdn.github.com/images/email/message_cards/avatar.png","action":{"name":"Open in GitHub","url":"https://github.com/xrootd/xrootd"}},"updates":{"snippets":[{"icon":"PERSON","message":"@olifre in #750: Hi @bbockelm ,\r\n\r\nI'll attach the config I used in June below (hooray for git-managed configuration management ;-) ). We have only tuned unrelated config parameters since then, but since we perform daily service restarts, the issue is completely gone for now. \r\n\r\n\u003e For your original error message - what log does that come from?\r\n\r\nThat's straight from the `xrootd.log`. \r\n\r\nCheers and thanks for looking into it,\r\nOliver\r\n\r\n----------------------------------\r\n```\r\nacc.authdb /etc/xrootd/auth_file-grid\r\nacc.authrefresh 60\r\nall.export /cephfs/grid/atlas/atlaslocalgroupdisk r/w\r\nall.export /cephfs/grid/atlas/atlasscratchdisk r/w\r\nall.export /cephfs/grid/atlas/user/scratch r/w\r\nall.export /cephfs/grid/ops r/w\r\nall.manager xrootd.physik.uni-bonn.de:1213\r\nall.role server\r\nall.role manager if xrootd.physik.uni-bonn.de\r\nall.sitename UNI-BONN\r\ncms.allow host xrootd.physik.uni-bonn.de\r\ncms.allow host xrootd*.physik.uni-bonn.de\r\ncms.dfs limit 0 lookup distrib mdhold 0 redirect immed retries 2\r\nhttp.cadir /etc/grid-security/certificates\r\nhttp.cert /etc/grid-security/hostcert.pem\r\nhttp.key /etc/grid-security/hostkey.pem\r\nhttp.secretkey REDACTEDHERE\r\nhttp.secxtractor /usr/lib64/libXrdHttpVOMS.so\r\nif exec xrootd\r\nxrd.protocol XrdHttp /usr/lib64/libXrdHttp.so\r\nfi\r\nif xrootd.physik.uni-bonn.de\r\nelse\r\nhttp.selfhttps2http no\r\nfi\r\nif xrootd.physik.uni-bonn.de\r\nhttp.desthttps yes\r\nfi\r\nofs.authorize \r\nofs.tpc autorm ttl 180 1800 pgm /usr/local/bin/xrdcp-voms --server\r\nsec.protocol /usr/lib64 gsi -ca:1 -crl:3 -gridmap:/dev/null -cert:/etc/grid-security/hostcert.pem -key:/etc/grid-security/hostkey.pem -certdir:/etc/grid-security/certificates\r\nsec.protparm gsi -vomsfun:/usr/lib64/libXrdSecgsiVOMS.so -vomsfunparms:certfmt=raw|vos=atlas,ops|grps=/atlas,/ops\r\nxrd.port 1094\r\nxrootd.chksum adler32 crc32 md5\r\nxrootd.seclib /usr/lib64/libXrdSec.so\r\n```"}],"action":{"name":"View Issue","url":"https://github.com/xrootd/xrootd/issues/750#issuecomment-445425083"}}}
[
{
"@context": "http://schema.org",
"@type": "EmailMessage",
"potentialAction": {
"@type": "ViewAction",
"target": "https://github.com/xrootd/xrootd/issues/750#issuecomment-445425083",
"url": "https://github.com/xrootd/xrootd/issues/750#issuecomment-445425083",
"name": "View Issue"
},
"description": "View this Issue on GitHub",
"publisher": {
"@type": "Organization",
"name": "GitHub",
"url": "https://github.com"
}
},
{
"@type": "MessageCard",
"@context": "http://schema.org/extensions",
"hideOriginalBody": "false",
"originator": "AF6C5A86-E920-430C-9C59-A73278B5EFEB",
"title": "Re: [xrootd/xrootd] XrdHttp fails to refresh CRLs (#750)",
"sections": [
{
"text": "",
"activityTitle": "**Oliver Freyermuth**",
"activityImage": "https://assets-cdn.github.com/images/email/message_cards/avatar.png",
"activitySubtitle": "@olifre",
"facts": [
]
}
],
"potentialAction": [
{
"name": "Add a comment",
"@type": "ActionCard",
"inputs": [
{
"isMultiLine": true,
"@type": "TextInput",
"id": "IssueComment",
"isRequired": false
}
],
"actions": [
{
"name": "Comment",
"@type": "HttpPOST",
"target": "https://api.github.com",
"body": "{\n\"commandName\": \"IssueComment\",\n\"repositoryFullName\": \"xrootd/xrootd\",\n\"issueId\": 750,\n\"IssueComment\": \"{{IssueComment.value}}\"\n}"
}
]
},
{
"name": "Close issue",
"@type": "HttpPOST",
"target": "https://api.github.com",
"body": "{\n\"commandName\": \"IssueClose\",\n\"repositoryFullName\": \"xrootd/xrootd\",\n\"issueId\": 750\n}"
},
{
"targets": [
{
"os": "default",
"uri": "https://github.com/xrootd/xrootd/issues/750#issuecomment-445425083"
}
],
"@type": "OpenUri",
"name": "View on GitHub"
},
{
"name": "Unsubscribe",
"@type": "HttpPOST",
"target": "https://api.github.com",
"body": "{\n\"commandName\": \"MuteNotification\",\n\"threadId\": 347549194\n}"
}
],
"themeColor": "26292E"
}
]
Use REPLY-ALL to reply to list
To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1