nordugrid-arc-hed 4.0.0-1 / usr / share / arc / profiles / dgbridge.xml

<?xml version="1.0"?>
<ArcConfig
  xmlns="http://www.nordugrid.org/schemas/arcconfig/2009/08"
  xmlns:loader="http://www.nordugrid.org/schemas/loader/2009/08"
  xmlns:tcp="http://www.nordugrid.org/schemas/tcp/2009/08"
  xmlns:tls="http://www.nordugrid.org/schemas/tls/2009/08"
  xmlns:authz="http://www.nordugrid.org/schemas/arcauthz/2009/08"
  xmlns:spdp="http://www.nordugrid.org/schemas/simplelistpdp/2009/08"
  xmlns:arex="http://www.nordugrid.org/schemas/a-rex/2009/08"
  xmlns:ip="http://www.nordugrid.org/schemas/a-rex/InfoProvider/2009/08"
  xmlns:lrms="http://www.nordugrid.org/schemas/a-rex/LRMS/2009/08"
  xmlns:infosys="http://www.nordugrid.org/schemas/InfoRegisterConfig/2008"
  xmlns:isis="http://www.nordugrid.org/schemas/isis/2009/08"
  xmlns:idmap="http://www.nordugrid.org/schemas/identitymap/2009/10"
  xmlns:pdp="http://www.nordugrid.org/schemas/arcpdp/2009/08"
>
  <Server>
    <PidFile inisections="common arex" initag="pidfile">/tmp/arex_arched.pid</PidFile>
    <Logger>
      <File inisections="common arex" initag="logfile">/tmp/arex_arched.log</File>
      <Level inisections="common arex" initag="loglevel">DEBUG</Level>
    </Logger>
  </Server>
  <loader:ModuleManager>
    <loader:Path>/usr/lib/arc/</loader:Path>
  </loader:ModuleManager>
  <loader:Plugins>
    <loader:Name>mcctcp</loader:Name>
    <loader:Name>mcctls</loader:Name>
    <loader:Name>mcchttp</loader:Name>
    <loader:Name>mccsoap</loader:Name>
    <loader:Name>arcshc</loader:Name>
    <loader:Name>identitymap</loader:Name>
    <loader:Name>arex</loader:Name>
  </loader:Plugins>
  <loader:Chain>
    <loader:Component name="tcp.service" id="tcp">
      <loader:next id="tls"/>
      <tcp:Listen>
        <tcp:Interface inisections="common" initag="interface">0.0.0.0</tcp:Interface>
        <tcp:Port inisections="common" initag="port">60000</tcp:Port>
        <tcp:Version inisections="common" initag="ipversion">4</tcp:Version>
      </tcp:Listen>
    </loader:Component>
    <loader:Component name="tls.service" id="tls">
      <loader:next id="http"/>
      <tls:KeyPath inisections="common" initag="x509_user_key">/etc/grid-security/hostkey.pem</tls:KeyPath>
      <tls:CertificatePath inisections="common" initag="x509_user_cert">/etc/grid-security/hostcert.pem</tls:CertificatePath>
      <tls:CACertificatesDir inisections="common" initag="x509_cert_dir">/etc/grid-security/certificates</tls:CACertificatesDir>

      <!-- DNs of acceptable VOMS ACs -->
      <tls:VOMSCertTrustDNChain>
        <!-- Accept VOMS attributes from all sources -->
        <tls:VOMSCertTrustRegex>^.*$</tls:VOMSCertTrustRegex>
      </tls:VOMSCertTrustDNChain>

<!-- Old grid-mapfile authorization -->

<!--
      <loader:SecHandler name="arc.authz" id="pdps" event="incoming">
        <authz:PDP name="simplelist.pdp" spdp:location="/etc/grid-security/grid-mapfile"><AttributeRepresentation id="location" inisections="common" initag="gridmap"/></authz:PDP>
      </loader:SecHandler>
-->

    </loader:Component>
    <loader:Component name="http.service" id="http">
      <loader:next id="soap">POST</loader:next>
      <loader:next id="plexer">GET</loader:next>
      <loader:next id="plexer">PUT</loader:next>
<!-- not supported in 1.2.0 it seems 
      <loader:next id="plexer">HEAD</loader:next>
-->
    </loader:Component>
    <loader:Component name="soap.service" id="soap">
      <loader:next id="plexer"/>
    </loader:Component>
    <loader:Plexer name="plexer.service" id="plexer">
      <loader:next id="a-rex">^/arex</loader:next>
    </loader:Plexer>
    <loader:Service name="a-rex" id="a-rex">

      <!-- Start VOMS -->

      <!-- Performing authorization. Also see security documentation. -->
      <loader:SecHandler name="arc.authz" event="incoming">
        <authz:PDP name="arc.pdp">

            <!-- Using only attributes comming from TLS (VOMS) and AREX (requested operations) -->

          <pdp:Filter>
            <pdp:Select>TLS</pdp:Select>
            <pdp:Select>AREX</pdp:Select>
          </pdp:Filter>

          <pdp:PolicyStore>
            <!-- Type is currently not used. Only file is supported -->
            <pdp:Type>file</pdp:Type>
            <!-- Read and process policy from file. See policy example in appendix. -->
            <pdp:Location>/etc/arc/arex_policy.xml</pdp:Location>
          </pdp:PolicyStore>
        </authz:PDP>
      </loader:SecHandler>
      <!-- Evaluate requestor's Grid identity into local identity. -->
      <loader:SecHandler name="identity.map" id="map" event="incoming">
        <!-- Old bad mapfile -->
        <idmap:PDP name="allow.pdp">
          <idmap:LocalList>/etc/grid-security/grid-mapfile</idmap:LocalList>
        </idmap:PDP>
        <!-- Safe choice if all other rules failed -->
        <idmap:PDP name="allow.pdp">
          <idmap:LocalName>nobody</idmap:LocalName>
        </idmap:PDP>
      </loader:SecHandler>

      <!-- End VOMS -->

      <arex:endpoint inisections="arex" initag="endpoint">https://localhost:60000/arex</arex:endpoint>
      <arex:usermap><arex:defaultLocalName inisections="arex" initag="usermap">nobody</arex:defaultLocalName></arex:usermap>

      <arex:gmrun>internal</arex:gmrun>
      <arex:commonName inisections="arex cluster" initag="common_name">Out-of-the-box CE</arex:commonName>
      <arex:longDescription inisections="arex cluster" initag="long_description">ARC execution service</arex:longDescription>
      <arex:LRMSName inisections="common arex" initag="lrms">DGBridge</arex:LRMSName>
      <arex:OperatingSystem inisections="arex cluster" initag="operating_system">LINUX</arex:OperatingSystem>
      <arex:serviceMail inisections="arex cluster" initag="service_mail">support@cluster.org</arex:serviceMail>
<!--      <arex:InfoproviderWakeupPeriod>10</arex:InfoproviderWakeupPeriod> -->
      <arex:debugLevel inisections="arex" initag="debug">VERBOSE</arex:debugLevel>
      <arex:loadLimits>
          <arex:maxJobsTracked inisections="arex" initag="jobs_tracked">1000</arex:maxJobsTracked>
          <arex:maxJobsRun inisections="arex" initag="max_jobs_run">100</arex:maxJobsRun>
          <arex:maxJobsTransfered inisections="arex" initag="max_jobs_transfered">20</arex:maxJobsTransfered>
          <arex:maxJobsTransferedAdditional inisections="arex" initag="max_jobs_transfered_additional">2</arex:maxJobsTransferedAdditional>
          <arex:maxFilesTransfered inisections="arex" initag="files_transfered">4</arex:maxFilesTransfered>
      </arex:loadLimits>
      <arex:dataTransfer>
          <arex:Globus>
              <arex:gridmapfile inisections="common" initag="gridmap">/etc/grid-security/grid-mapfile</arex:gridmapfile>
              <arex:cadir inisections="common" initag="x509_cert_dir">/etc/grid-security/certificates</arex:cadir>
              <arex:certpath inisections="common" initag="x509_user_cert">/etc/grid-security/hostcert.pem</arex:certpath>
              <arex:keypath inisections="common" initag="x509_user_key">/etc/grid-security/hostkey.pem</arex:keypath>
          </arex:Globus>
      </arex:dataTransfer>
      <arex:jobLogPath inisections="arex cluster" initag="joblog">/tmp/arex-jobs.log</arex:jobLogPath>
      <arex:control>
          <arex:username inisections="arex" initag="username">.</arex:username>
          <arex:controlDir inisections="arex" initag="controldir">/tmp/jobstatus</arex:controlDir>
          <arex:sessionRootDir inisections="arex" initag="sessiondir">/tmp/grid</arex:sessionRootDir>
          <arex:cache>
              <arex:location>
                  <arex:path inisections="arex" initag="cachedir">/tmp/cache</arex:path>
              </arex:location>
          </arex:cache>
      </arex:control>

      <arex:authPlugin timeout="600" onsuccess="log" onfailure="fail" ontimeout="fail">
        <arex:state>PREPARING</arex:state>
        <arex:command>/usr/share/arc/DGBridgeDataPlugin.py %C %I</arex:command>
      </arex:authPlugin>
      <arex:authPlugin timeout="600" onsuccess="log" onfailure="fail" ontimeout="fail">
        <arex:state>ACCEPTED</arex:state>
        <arex:command>/usr/share/arc/DGAuthplug.py %S %C /var/spool/nordugrid/runtime %I %U</arex:command>
      </arex:authPlugin>
      <arex:authPlugin timeout="600" onsuccess="log" onfailure="fail" ontimeout="fail">
        <arex:state>PREPARING</arex:state>
        <arex:command>/usr/share/arc/DGAuthplug.py %S %C /var/spool/nordugrid/runtime %I %U</arex:command>
      </arex:authPlugin>

      <arex:LRMS>
          <arex:type inisections="common arex" initag="lrms">DGBridge</arex:type>
          <arex:defaultShare inisections="common cluster" inidefaultvalue="DGQueue" initag="defaultshare">DGQueue</arex:defaultShare>
          <arex:runtimeDir inisections="arex" initag="runtimedir">/var/spool/nordugrid/runtime</arex:runtimeDir>


          <lrms:dg_stage_dir inisections="lrms/DG" initag="stage_path"/>
          <lrms:dg_stage_prepend inisections="lrms/DG" initag="stage_prepend"/>
      </arex:LRMS>

      <arex:InfoProvider>
          <arex:debugLevel inisections="cluster" initag="debug">INFO</arex:debugLevel>

          <ip:AdminDomain inisections="cluster" initag="admindomain">ORG/NORDUGRID</ip:AdminDomain>
          <ip:ClusterName inisections="cluster" initag="clustername">General</ip:ClusterName>
          <ip:OtherInfo inisections="cluster" initag="otherinfo">This cluster is specially designed for XYZ applications: www.xyz.org</ip:OtherInfo>

          <ip:Location>
              <ip:Name inisections="cluster" initag="location">City, World</ip:Name>
              <ip:Address inisections="cluster" initag="address">Street 1</ip:Address>
              <ip:Place inisections="cluster" initag="city">City</ip:Place>
              <ip:Country inisections="cluster" initag="country">World</ip:Country>
              <ip:PostCode inisections="cluster" initag="postcode">11111</ip:PostCode>
              <ip:Latitude inisections="cluster" initag="latitude">47.51</ip:Latitude>
              <ip:Longitude inisections="cluster" initag="longitude">19.05</ip:Longitude>
          </ip:Location>
          <ip:Contact>
              <ip:Name inisections="cluster" initag="contact_name">User Support</ip:Name>
              <ip:Detail inisections="cluster" initag="contact_detail">mailto:support@cluster.org</ip:Detail>
              <ip:Type inisections="cluster" initag="contact_type">usersupport</ip:Type>
          </ip:Contact>

          <ip:ExecutionEnvironment name="DGBridge">
              <ip:ConnectivityIn inisections="cluster" inidefaultvalue="false" initag="connectivityin"/>
              <ip:ConnectivityOut inisections="cluster" inidefaultvalue="false" initag="connectivityout"/>
          </ip:ExecutionEnvironment>


          <ip:ComputingShare name="DGQueue">
              <ip:Description inisections="queue/DGqueue" inidefaultvalue="Grid queue for 3GBridge"  initag="queue_description"/>
              <ip:ExecEnvName inisections="queue/DGqueue" inidefaultvalue="DGBridge" initag="exec_env_name"/>
              <ip:AuthorizedVO inisections="queue/DGqueue" inidefaultvalue="nordugrid.org" initag="authorized_vo"/>
              <ip:SchedulingPolicy inisections="queue/DGqueue" inidefaultvalue="fifo" initag="scheduling_policy"/>
          </ip:ComputingShare>
      </arex:InfoProvider>
    </loader:Service>

  
  </loader:Chain>
</ArcConfig>