create new tag
view all tags


lcgdm-dav is the front-end module for the federator (also used as a front-end for DPM). It passes queries and responses to the federator through a layer called "dmlite", which is a generic plugin-loading layer for implementing data management services, such as UGR.

Installation Guide

To install the Dynamic Federations packages, use the repositories mentioned here, then:

yum install dynafed dynafed-dmlite-frontend dynafed-dmlite-plugin dynafed-http-plugin
yum install httpd memcached neon GeoIP
wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz
gunzip GeoLiteCity.dat.gz
mv GeoLiteCity.dat /usr/share/GeoIP/

UGR Configuration

Create a .conf file in /etc/ugr.conf.d/ and add entries in it for each endpoint.

Apache Configuration

  • The federator itself does not need to serve pages via HTTPS (so does not need a host certificate). It simply redirects to the endpoints (which use HTTPS). Therefore, comment out the entire IfModule ssl_module stanza in /etc/httpd/conf.d/zlcgdm-ugr-dav.conf
  • Change NSType DPM to NSType lfc in /etc/httpd/conf.d/zlcgdm-ugr-dav.conf
  • If it exists, rm /etc/httpd/conf.d/zlcgdm-dav.conf
  • The following lines in /etc/httpd/conf/httpd.conf can be problematic so ensure they are commented out:
#LoadModule dav_module modules/mod_dav.so
#Module dav_module modules/mod_dav.so
  • Set ServerName in /etc/httpd/conf/httpd.conf to the FQDN of the system


This is needed to verify the identities of the storage endpoints.

Install CAs.

Also install fetch-crl:

  • Install the latest v3 RPM from https://dist.eugridpma.info/distribution/util/fetch-crl3/ or EPEL
  • Apply the following settings in /etc/fetch-crl.conf:
    verbosity = 1
  • /sbin/chkconfig fetch-crl-boot on
  • /sbin/chkconfig fetch-crl-cron on
  • /etc/init.d/fetch-crl-cron start


The log level can be set in /etc/ugr.conf, from level 1 to 9.
glb.debug: 1
The logs are located in /var/log/ugr/

Performance Tuning

  • Make sure the glb.locplugin lines in the endpoint configuration specify a concurrency of 10 as a reasonable default. Rules of thumb:
    • If the ping time to an endpoint is double, double the concurrency
    • If an endpoint is weak or overloaded, halve the concurrency
  • Create /etc/security/limits.d/99-federation.conf containing:
apache   soft   nofile   65000
apache   hard   nofile   65000
apache   soft   nproc   65000
apache   hard   nproc   65000
apache   soft   sigpending   65000
apache   hard   sigpending   65000
  • Modify /etc/sysconfig/httpd and set HTTPD=/usr/sbin/httpd.event so that Apache uses the mpm_event module.
  • In /etc/httpd/conf.d/event.conf, the mpm_event module should be tuned to have at most 2-4 slave Apache processes. (It should not be too high because every fork means multiplying the memory, threads and internal UGR communication paths that are used.) Here is a reference suitable for a system with 16 cores and 24 GB RAM:
<IfModule mpm_event_module>
     StartServers          4
     ServerLimit          16
     MinSpareThreads      16
     MaxSpareThreads     400
     ThreadLimit         400
     ThreadsPerChild     100
     MaxClients          400
     MaxRequestsPerChild 10000

VOMS Proxy Configuration

UGR can use a proxy with the necessary VO attributes to authenticate to the endpoints. Alternatively, a regular PKCS#12 format certificate can be used for UGR, and the DN will need to be explicitly allowed.

  • Install the EPEL repository (or UMD) ; then yum install voms-clients
  • Install the wlcg-voms-atlas RPM from http://linuxsoft.cern.ch/wlcg/ . This populates /etc/vomses and /etc/grid-security/vomsdir
  • Set up a cron job /etc/cron.daily/ugr-proxy to generate the proxy

Robot Exclusion

Ensure that myfederation.org/robots.txt contains:

User-agent: *
Disallow: /

Endpoint generation using AGIS

Use the ugrconfig_from_AGIS script (which comes in src/utils from the dynafed .src.rpm file) to query AGIS for all ATLAS https storage endpoints and generate the necessary UGR configuration to include them in the federation.

  • Prerequisite: yum install davix
  • Copy and chown /etc/grid-security/ugr/dynafed1.proxy for your own use, then export X509_USER_PROXY=dynafed1.proxyy
  • ./ugrconfig_from_AGIS  -e scratchdisk tape hotdisk HOTDISK -t 10  -P grid -k

Operating the Federation


Do sudo service httpd restart; sudo service memcached restart. Connect with a browser to http://servername/myfed and you should be able to browse the WebDav endpoints.

Changing endpoints

Update the configuration and then sudo service httpd restart; sudo service memcached restart


  • CLI download:
curl --show-error --connect-timeout 300 --max-time 3600 --cacert $X509_USER_PROXY --capath $X509_CERT_DIR --cert $X509_USER_PROXY --key $X509_USER_PROXY -L http://dynafed.heprc.uvic.ca/myfed/atlas/atlaslocalgroupdisk/rucio/data12_8TeV/0b/7e/AOD.01057594._000196.pool.root.1  -o /tmp/testfile.root -w "%{url_effective}\n"

-- RyanTaylor - 2013-10-31

Edit | Attach | Watch | Print version | History: r20 < r19 < r18 < r17 < r16 | Backlinks | Raw View | More topic actions
Topic revision: r20 - 2016-04-14 - rptaylor
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2022 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback