That is, if the settings between the server and the DAVIX is the same (both on or both off) it all works.
No, what I am trying to say is that with session caching on server ON (or missing) AND DAVIX session on, things BREAK.
My manual tests only work if I disable DAVIX session cache. I have to retract my findings regarding DAVIX_DISABLE_SESSION_CACHING=false
and http.tlsreuse off
- it seems false
is still interpreted as "disable cache".
Only if DAVIX_DISABLE_SESSION_CACHING
is unset, I can reproduce the FTS issue.
In short: no setting of http.tlsreuse
(missing, on
, or off
) works if DAVIX session reuse is enabled.
Since it seems to work for other sites, I guess it is a problem with my config or xrootd installation.
acc.audit deny grant acc.authdb /etc/xrootd/Authfile acc.authrefresh 60 all.adminpath /var/spool/xrootd all.export / nostage all.manager meta all xrootd-cms.infn.it+ 1213 all.pidpath /var/run/xrootd all.role manager all.sitename UKI-SOUTHGRID-BRIS-HEP cms.allow host * cms.delay startup 10 servers 1 cms.dfs limit 0 lookup distrib mdhold 0 redirect immed retries 2 cms.fxhold 60s cms.trace all http.desthttps yes http.exthandler xrdtpc libXrdHttpTPC.so http.header2cgi Authorization authz http.listingdeny no http.secxtractor /usr/lib64/libXrdVoms.so certfmt=raw|grpopt=useall|vos=atlas,cms,dteam,dune,gridpp,lz,mu3e.org,ops,wlcg|grps=/atlas,/cms,/dteam,/dune,/gridpp,/lz,/mu3e,/ops,/wlcg|dbg http.staticpreload http://static/robots.txt /etc/xrootd/robots.txt http.tlsreuse off macaroons.secretkey /etc/xrootd/macaroon-secret ofs.authlib ++ libXrdMacaroons.so ofs.authorize 1 ofs.osslib /usr/lib64/libXrdHdfs.so ofs.trace none oss.namelib libXrdCmsTfc.so file:/etc/xrootd/storage.xml?protocol=direct sec.protocol /usr/lib64 gsi -dlgpxy:1 -exppxy:=creds -ca:1 -crl:3 -cert:/etc/grid-security/xrd/hostcert.pem -key:/etc/grid-security/xrd/hostkey.pem -certdir:/etc/grid-security/certificates -vomsfun:/usr/lib64/libXrdVoms.so -vomsfunparms:certfmt=raw|grpopt=useall|vos=atlas,cms,dteam,dune,gridpp,lz,mu3e.org,ops,wlcg|grps=/atlas,/cms,/dteam,/dune,/gridpp,/lz,/mu3e,/ops,/wlcg|dbg tpc.trace info voms.trace debug xrd.protocol http:1194 +port xrd.tls /etc/grid-security/xrd/hostcert.pem /etc/grid-security/xrd/hostkey.pem xrd.tlsca certdir /etc/grid-security/certificates refresh 8h xrd.trace conn xrootd.async off nosf xrootd.monitor all flush 30s ident 5m fstat 60 lfn ops ssq xfr 5 window 5s dest fstat info user redir CMS-AAA-EU-COLLECTOR.cern.ch:9330 dest fstat info user redir atlas-fax-eu-collector.cern.ch:9330 xrootd.seclib libXrdSec.so xrootd.tls capable all xrootd.trace all -debug -request -response -fsio -fsaio
acc.audit deny grant acc.authdb /etc/xrootd/Authfile acc.authrefresh 60 all.adminpath /var/spool/xrootd all.export / nostage all.manager xrootd.phy.bris.ac.uk:3121 all.pidpath /var/run/xrootd all.role server all.sitename UKI-SOUTHGRID-BRIS-HEP cms.allow host * cms.delay startup 10 servers 1 cms.dfs lookup central redirect verify cms.fxhold 60s cms.space min 2g 5g cms.trace all http.exthandler xrdmacaroons libXrdMacaroons.so http.header2cgi Authorization authz http.listingdeny no http.secxtractor /usr/lib64/libXrdVoms.so certfmt=raw|grpopt=useall|vos=atlas,cms,dteam,dune,gridpp,lz,mu3e.org,ops,wlcg|grps=/atlas,/cms,/dteam,/dune,/gridpp,/lz,/mu3e,/ops,/wlcg|dbg http.staticpreload http://static/robots.txt /etc/xrootd/robots.txt http.tlsreuse off macaroons.secretkey /etc/xrootd/macaroon-secret ofs.authlib ++ libXrdMacaroons.so ofs.authorize 1 ofs.osslib /usr/lib64/libXrdHdfs.so ofs.persist off ofs.trace none oss.namelib libXrdCmsTfc.so file:/etc/xrootd/storage.xml?protocol=direct sec.protocol /usr/lib64 gsi -dlgpxy:1 -exppxy:=creds -ca:1 -crl:3 -cert:/etc/grid-security/xrd/hostcert.pem -key:/etc/grid-security/xrd/hostkey.pem -certdir:/etc/grid-security/certificates -vomsfun:/usr/lib64/libXrdVoms.so -vomsfunparms:certfmt=raw|grpopt=useall|vos=atlas,cms,dteam,dune,gridpp,lz,mu3e.org,ops,wlcg|grps=/atlas,/cms,/dteam,/dune,/gridpp,/lz,/mu3e,/ops,/wlcg|dbg tpc.trace info voms.trace debug xrd.port 1194 xrd.protocol http:1194 +port xrd.tls /etc/grid-security/xrd/hostcert.pem /etc/grid-security/xrd/hostkey.pem xrd.tlsca certdir /etc/grid-security/certificates refresh 8h xrd.trace conn xrootd.async off nosf xrootd.chksum max 100 adler32 /etc/xrootd/xrdsum.sh xrootd.monitor all flush 30s ident 5m fstat 60 lfn ops ssq xfr 5 window 5s dest fstat info user redir CMS-AAA-EU-COLLECTOR.cern.ch:9330 dest fstat info user redir atlas-fax-eu-collector.cern.ch:9330 xrootd.seclib libXrdSec.so xrootd.tls capable all xrootd.trace all -debug -request -response -fsio -fsaio
client | server | works? |
---|---|---|
DAVIX_DISABLE_SESSION_CACHING=false |
http.tlsreuse missing |
no |
DAVIX_DISABLE_SESSION_CACHING=false |
http.tlsreuse on |
no |
DAVIX_DISABLE_SESSION_CACHING=true |
http.tlsreuse missing |
yes |
DAVIX_DISABLE_SESSION_CACHING=true |
http.tlsreuse on |
yes |
DAVIX_DISABLE_SESSION_CACHING=false |
http.tlsreuse off |
yes |
DAVIX_DISABLE_SESSION_CACHING unset |
http.tlsreuse off |
no |
—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you commented.
Use REPLY-ALL to reply to list
To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1