From: <n-...@us...> - 2008-12-17 18:46:31
|
Revision: 4026 http://gfarm.svn.sourceforge.net/gfarm/?rev=4026&view=rev Author: n-soda Date: 2008-12-17 18:46:23 +0000 (Wed, 17 Dec 2008) Log Message: ----------- regen Modified Paths: -------------- gfarm_v2/trunk/configure gfarm_v2/trunk/include/gfarm/gfarm_config.h.in gfarm_v2/trunk/man/ja/man5/gfarm2.conf.5 gfarm_v2/trunk/man/man5/gfarm2.conf.5 Added Paths: ----------- gfarm_v2/trunk/doc/html/en/ref/man5/gfarm2.conf.5.html gfarm_v2/trunk/doc/html/ja/ref/man5/gfarm2.conf.5.html Removed Paths: ------------- gfarm_v2/trunk/doc/html/en/ref/man5/gfarm.conf.5.html gfarm_v2/trunk/doc/html/ja/ref/man5/gfarm.conf.5.html Modified: gfarm_v2/trunk/configure =================================================================== --- gfarm_v2/trunk/configure 2008-12-17 18:45:03 UTC (rev 4025) +++ gfarm_v2/trunk/configure 2008-12-17 18:46:23 UTC (rev 4026) @@ -21497,6 +21497,86 @@ fi # AIX, to implement getloadavg() +# have pthread_attr_setstacksize(3)? +case ${ax_cv_have_pthread} in +yes) + echo "$as_me:$LINENO: checking for pthread_attr_setstacksize" >&5 +echo $ECHO_N "checking for pthread_attr_setstacksize... $ECHO_C" >&6 + CPPFLAGS_SAVE="$CPPFLAGS" + LIBS_SAVE="$LIBS" + CPPFLAGS="${pthread_includes} $CPPFLAGS" + LIBS="$LIBS ${pthread_libs}" + + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +# include <pthread.h> + + void test(void){} +int +main () +{ + + pthread_attr_t at; + if (pthread_attr_init(&at) == 0) + pthread_attr_setstacksize(&at, 64 * 1024); + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + + echo "$as_me:$LINENO: result: yes" >&5 +echo "${ECHO_T}yes" >&6 + +cat >>confdefs.h <<\_ACEOF +#define HAVE_PTHREAD_ATTR_SETSTACKSIZE 1 +_ACEOF + + +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 + +fi +rm -f conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + + CPPFLAGS="$CPPFLAGS_SAVE" + LIBS="$LIBS_SAVE" + ;; +esac + # Since gfarm-1.3, libgfarm calls pthread functions internally, # thus, we need to link ${pthread_libs}, unless libc supplies weak symbols. # e.g. using 3rd party pthread library, FreeBSD-4.x, or NetBSD-2.x Deleted: gfarm_v2/trunk/doc/html/en/ref/man5/gfarm.conf.5.html =================================================================== --- gfarm_v2/trunk/doc/html/en/ref/man5/gfarm.conf.5.html 2008-12-17 18:45:03 UTC (rev 4025) +++ gfarm_v2/trunk/doc/html/en/ref/man5/gfarm.conf.5.html 2008-12-17 18:46:23 UTC (rev 4026) @@ -1,1963 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/loose.dtd"> -<HTML -><HEAD -><TITLE ->gfarm.conf</TITLE -><META -NAME="GENERATOR" -CONTENT="Modular DocBook HTML Stylesheet Version 1.79"></HEAD -><BODY -CLASS="REFENTRY" -BGCOLOR="#FFFFFF" -TEXT="#000000" -LINK="#0000FF" -VLINK="#840084" -ALINK="#0000FF" -><H1 -><A -NAME="GFARM.CONF.5" -></A ->gfarm.conf</H1 -><DIV -CLASS="REFNAMEDIV" -><A -NAME="NAME" -></A -><H2 ->Name</H2 ->gfarm.conf -- Gfarm configuration file</DIV -><DIV -CLASS="REFSECT1" -><A -NAME="DESCRIPTION" -></A -><H2 ->DESCRIPTION</H2 -><P ->gfarm.conf is a text file that contains a Gfarm configuration. -Gfarm server processes, such as gfmd and gfsd, refer to %%SYSCONFDIR%%/gfarm.conf by default. Since this configuration file is only read at startup, it is necessary to restart servers when the contents of the configuration file are updated.</P -><P ->Application programs, such as gfls and gfhost, refer to both -%%SYSCONFDIR%%/gfarm.conf, and a file specified by an environment variable, -GFARM_CONFIG_FILE. If both configuration files exist, the file -specified by the environment variable, GFARM_CONFIG_FILE, is read -first. Both files have the same grammar. -If the environment variable GFARM_CONFIG_FILE doesn't exist, - ~/.gfarmrc in a user's home directory is used instead.</P -><P ->Each line of gfarm.conf consists of one statement. When the -line ends with the character ``\'', the line continues for the next -line. A word beginning with ``#'' causes that word and all remaining -characters on that line to be ignored.</P -></DIV -><DIV -CLASS="REFSECT1" -><A -NAME="HOSTSPECIFICATION" -></A -><H2 ->Host_specification</H2 -><P -><TT -CLASS="PARAMETER" -><I ->Host_specification</I -></TT -> has the following -forms.</P -><P -></P -><DIV -CLASS="VARIABLELIST" -><DL -><DT -><TT -CLASS="PARAMETER" -><I ->III.JJJ.KKK.LLL</I -></TT -></DT -><DD -><P ->Specifies an IP address with four octets from 0 to 255, separated -by ".".</P -></DD -><DT -><TT -CLASS="PARAMETER" -><I ->III.JJJ.KKK.LLL</I -></TT ->/<TT -CLASS="PARAMETER" -><I ->MM</I -></TT -></DT -><DD -><P ->Specifies a network address with an IP address and a netmask -from 0 to 31 separated by "/".</P -></DD -><DT -><TT -CLASS="PARAMETER" -><I ->domain.name</I -></TT -></DT -><DD -><P ->Specifies a host name.</P -></DD -><DT -><TT -CLASS="PARAMETER" -><I ->.domain.name</I -></TT -></DT -><DD -><P ->Specifies all hosts which belong to the domain.name.</P -></DD -><DT -><I -CLASS="EMPHASIS" ->*</I -></DT -><DD -><P ->Specifies all hosts.</P -></DD -></DL -></DIV -></DIV -><DIV -CLASS="REFSECT1" -><A -NAME="STATEMENT" -></A -><H2 ->Statement</H2 -><P ->The following statements are supported.</P -><P -></P -><DIV -CLASS="VARIABLELIST" -><DL -><DT -><SPAN -CLASS="TOKEN" ->spool</SPAN -> <TT -CLASS="PARAMETER" -><I ->directory</I -></TT -></DT -><DD -><P ->The <SPAN -CLASS="TOKEN" ->spool</SPAN -> statement specifies a spool directory -for a Gfarm filesystem on this filesystem node. On the filesystem -node, this statement should be specified.</P -><P ->For example,</P -><P -CLASS="LITERALLAYOUT" -> spool /var/spool/gfarm</P -></DD -><DT -><SPAN -CLASS="TOKEN" ->spool_server_listen_address</SPAN -> <TT -CLASS="PARAMETER" -><I ->IP-address</I -></TT -></DT -><DD -><P ->The <SPAN -CLASS="TOKEN" ->spool_server_listen_address</SPAN -> statement specifies -the IP address at which the gfsd accepts TCP and UDP requests. -The default address is all IP addresses of the host. -This option is useful when one wants to invoke multiple gfsd -to provide multiple spool directories on the host.</P -><P ->For example,</P -><P -CLASS="LITERALLAYOUT" -> spool_server_listen_address 192.168.121.1</P -></DD -><DT -><SPAN -CLASS="TOKEN" ->spool_serverport</SPAN -> <TT -CLASS="PARAMETER" -><I ->port</I -></TT -></DT -><DD -><P ->The <SPAN -CLASS="TOKEN" ->spool_serverport</SPAN -> statement specifies the tcp -and udp port number the gfsd is listening on. The default port number -is 600.</P -><P ->For example,</P -><P -CLASS="LITERALLAYOUT" -> spool_serverport 600</P -></DD -><DT -><SPAN -CLASS="TOKEN" ->spool_server_cred_type</SPAN -> <TT -CLASS="PARAMETER" -><I ->cred_type</I -></TT -></DT -><DD -><P ->This statement specifies the type of credential used by gfsd for GSI -authentication. -This is ignored when you are using <SPAN -CLASS="TOKEN" ->sharedsecret</SPAN -> -authentication.</P -><P ->If this statement isn't used on the server side, the server uses -a host certificate, if the server is invoked with root privileges. -Or, if the server is invoked as a non-privileged user, the server -uses the user's certificate. Thus, you usually don't need to use -this statement on the server side.</P -><P ->If this statement isn't used on the client side, the client assumes -that the server that the client is going to connect is using -a host certificate of the server host. Thus, if the server is not -invoked with root privileges, but invoked with user privileges where -the user is the same as the user who invoked the client, the client -side needs to specify the following one line.</P -><P ->Example:</P -><P -CLASS="LITERALLAYOUT" -> spool_server_cred_type self</P -><P ->The possible types of <TT -CLASS="PARAMETER" -><I ->cred_type</I -></TT -> are -``<SPAN -CLASS="TOKEN" ->self</SPAN ->'', -``<SPAN -CLASS="TOKEN" ->host</SPAN ->'', ``<SPAN -CLASS="TOKEN" ->user</SPAN ->'' and -``<SPAN -CLASS="TOKEN" ->mechanism-specific</SPAN ->''. -And those are used with the <SPAN -CLASS="TOKEN" ->spool_server_cred_service</SPAN -> -and <SPAN -CLASS="TOKEN" ->spool_server_cred_name</SPAN -> statements as follows:</P -><P -></P -><DIV -CLASS="VARIABLELIST" -><DL -><DT -><SPAN -CLASS="TOKEN" ->self</SPAN -></DT -><DD -><P ->This keyword specifies that the certificate that the user currently -has is used. -You must not use either the -<SPAN -CLASS="TOKEN" ->spool_server_cred_service</SPAN -> or -<SPAN -CLASS="TOKEN" ->spool_server_cred_name</SPAN -> statement, -if you are using this type.</P -></DD -><DT -><SPAN -CLASS="TOKEN" ->host</SPAN -></DT -><DD -><P ->This keyword specifies that a host certificate or a service certificate -is used. -To choose a service certificate, the name of the service may be specified -by the <SPAN -CLASS="TOKEN" ->spool_server_cred_service</SPAN -> statement. -If ``<SPAN -CLASS="TOKEN" ->host</SPAN ->'' is specified as the service name, a host certificate -in the file ``<TT -CLASS="FILENAME" ->/etc/grid-security/hostcert.pem</TT ->'' will -be used. -If any server name other than ``<SPAN -CLASS="TOKEN" ->host</SPAN ->'' is specified, -a service certificate in the file -``<TT -CLASS="FILENAME" ->/etc/grid-security/SERVICE/SERVICEcert.pem</TT ->'' -will be used. -If the service name is omitted, ``<SPAN -CLASS="TOKEN" ->host</SPAN ->'' will be used as -the service name by default. -Only the Common Name field of a certificate will be used to check -the server's identity for both a host certificate and a service certificate. -And the Common Name field must be in the ``CN=SERVERNAME/HOSTNAME'' format. -Also, the hostname must match the canonical name configured by -the <B -CLASS="COMMAND" ->gfhost</B -> command exactly. Alias hostnames are not allowed.</P -><P ->This feature corresponds to the GSS_C_NT_HOSTBASED_SERVICE feature in GSSAPI -(RFC2743/RFC2744).</P -><P ->Example:</P -><P -CLASS="LITERALLAYOUT" -> spool_server_cred_type host<br> - spool_server_cred_service host</P -></DD -><DT -><SPAN -CLASS="TOKEN" ->user</SPAN -></DT -><DD -><P ->This keyword specifies that a user certificate is used. -The account name of the user may be specified by the -<SPAN -CLASS="TOKEN" ->spool_server_cred_name</SPAN -> statement. -If the account name is omitted, the user who invoked the command -will be used by default. -You must not specify a service name using -the <SPAN -CLASS="TOKEN" ->spool_server_cred_service</SPAN -> statement, if you are using -a user certificate.</P -><P ->Currently, there are several implementation limitations in this feature. -First, the account name is interpreted as an account on the local host, -but this is a bug, and will be changed to a gfarm global user name -in the future. -Second, to map from the account name to a Distinguished Name of a certificate, -file ``<TT -CLASS="FILENAME" ->/etc/grid-security/grid-mapfile</TT ->'' is used. -Thus, if there isn't such a file, or if the user isn't specified in this file, -this feature cannot be used. -Third, if there are multiple Distinguished Names per one account in this file, -only the first Distinguished Name is used, and the rest of the Distinguished -Names for the account are ignored.</P -><P ->This feature corresponds to the GSS_C_NT_USER_NAME feature in GSSAPI -(RFC2743/RFC2744).</P -><P ->Example:</P -><P -CLASS="LITERALLAYOUT" -> spool_server_cred_type user<br> - spool_server_cred_name guest</P -></DD -><DT -><SPAN -CLASS="TOKEN" ->mechanism-specific</SPAN -></DT -><DD -><P ->This keyword specifies that <SPAN -CLASS="TOKEN" ->spool_server_cred_name</SPAN -> -is treated as a raw X.509 Distinguished Name serving as a server's -certificate. -You must not specify a service name using a -<SPAN -CLASS="TOKEN" ->spool_server_cred_service</SPAN -> statement, if you are using -this type.</P -><P ->This feature corresponds to a case where GSS_C_NO_OID is specified -as a Name Type in GSSAPI (RFC2743/RFC2744).</P -><P ->Example:</P -><P -CLASS="LITERALLAYOUT" -> spool_server_cred_type mechanism-specific<br> - spool_server_cred_name "/O=Grid/O=Globus/OU=example.com/CN=John Smith"</P -></DD -></DL -></DIV -></DD -><DT -><SPAN -CLASS="TOKEN" ->spool_server_cred_service</SPAN -> <TT -CLASS="PARAMETER" -><I ->cred_service</I -></TT -></DT -><DD -><P ->This statement specifies the service name of a service certificate -used by gfsd for GSI authentication, when ``<SPAN -CLASS="TOKEN" ->host</SPAN ->'' is specified -in <SPAN -CLASS="TOKEN" ->spool_server_cred_type</SPAN -> statement. -This is ignored when you are using <SPAN -CLASS="TOKEN" ->sharedsecret</SPAN -> -authentication. -Please read the description of the <SPAN -CLASS="TOKEN" ->spool_server_cred_type</SPAN -> -statement for details.</P -></DD -><DT -><SPAN -CLASS="TOKEN" ->spool_server_cred_name</SPAN -> <TT -CLASS="PARAMETER" -><I ->cred_name</I -></TT -></DT -><DD -><P ->This statement specifies the setting of a certificate used by gfsd -for GSI authentication. What this setting means depends on the type -specified in the <SPAN -CLASS="TOKEN" ->spool_server_cred_type</SPAN -> statement. -This is ignored when you are using <SPAN -CLASS="TOKEN" ->sharedsecret</SPAN -> -authentication. -Please read the description of the <SPAN -CLASS="TOKEN" ->spool_server_cred_type</SPAN -> -statement for details.</P -></DD -><DT -><SPAN -CLASS="TOKEN" ->metadb_serverhost</SPAN -> <TT -CLASS="PARAMETER" -><I ->hostname</I -></TT -></DT -><DD -><P ->The <SPAN -CLASS="TOKEN" ->metadb_serverhost</SPAN -> statement specifies the -host name on which gfmd is running.</P -><P ->This statement cannot be omitted.</P -><P ->For example,</P -><P -CLASS="LITERALLAYOUT" -> metadb_serverhost ldap.example.com</P -></DD -><DT -><SPAN -CLASS="TOKEN" ->metadb_serverport</SPAN -> <TT -CLASS="PARAMETER" -><I ->port</I -></TT -></DT -><DD -><P ->The <SPAN -CLASS="TOKEN" ->metadb_serverport</SPAN -> statement specifies the tcp -port number the gfmd is listening on. The default port number is -601.</P -><P ->For example,</P -><P -CLASS="LITERALLAYOUT" -> metadb_serverport 601</P -></DD -><DT -><SPAN -CLASS="TOKEN" ->metadb_server_cred_type</SPAN -> <TT -CLASS="PARAMETER" -><I ->cred_type</I -></TT -></DT -><DD -><P ->This statement specifies the type of credential used by gfmd -for GSI authentication. -This is ignored when you are using <SPAN -CLASS="TOKEN" ->sharedsecret</SPAN -> -authentication. -Please read the description of the <SPAN -CLASS="TOKEN" ->spool_server_cred_type</SPAN -> -statement on the configuration of this statement.</P -></DD -><DT -><SPAN -CLASS="TOKEN" ->metadb_server_cred_service</SPAN -> <TT -CLASS="PARAMETER" -><I ->cred_service</I -></TT -></DT -><DD -><P ->This statement specifies the service name of a service certificate -used by gfmd for GSI authentication, when ``<SPAN -CLASS="TOKEN" ->host</SPAN ->'' is specified -in <SPAN -CLASS="TOKEN" ->metadb_server_cred_type</SPAN -> statement. -This is ignored when you are using <SPAN -CLASS="TOKEN" ->sharedsecret</SPAN -> -authentication. -Please read the description of the <SPAN -CLASS="TOKEN" ->spool_server_cred_type</SPAN -> -statement on the configuration of this statement.</P -></DD -><DT -><SPAN -CLASS="TOKEN" ->metadb_server_cred_name</SPAN -> <TT -CLASS="PARAMETER" -><I ->cred_name</I -></TT -></DT -><DD -><P ->This statement specifies the setting of a certificate used by gfmd -for GSI authentication. What this setting means depends on the type -specified in the <SPAN -CLASS="TOKEN" ->metadb_server_cred_type</SPAN -> statement. -This is ignored when you are using <SPAN -CLASS="TOKEN" ->sharedsecret</SPAN -> -authentication. -Please read the description of the <SPAN -CLASS="TOKEN" ->spool_server_cred_type</SPAN -> -statement on the configuration of this statement.</P -></DD -><DT -><SPAN -CLASS="TOKEN" ->agent_serverhost</SPAN -> <TT -CLASS="PARAMETER" -><I ->hostname</I -></TT -></DT -><DD -><P ->The <SPAN -CLASS="TOKEN" ->agent_serverhost</SPAN -> statement specifies the -host name on which gfarm_agent is running.</P -><P ->For example,</P -><P -CLASS="LITERALLAYOUT" -> agent_serverhost ldap.example.com</P -></DD -><DT -><SPAN -CLASS="TOKEN" ->agent_serverport</SPAN -> <TT -CLASS="PARAMETER" -><I ->port</I -></TT -></DT -><DD -><P ->The <SPAN -CLASS="TOKEN" ->agent_serverport</SPAN -> statement specifies the tcp -port number the gfarm_agent is listening on.</P -><P ->For example,</P -><P -CLASS="LITERALLAYOUT" -> agent_serverport 603</P -></DD -><DT -><SPAN -CLASS="TOKEN" ->ldap_serverhost</SPAN -> <TT -CLASS="PARAMETER" -><I ->hostname</I -></TT -></DT -><DD -><P ->The <SPAN -CLASS="TOKEN" ->ldap_serverhost</SPAN -> statement specifies the host -name on which the LDAP server for filesystem metadata is running.</P -><P ->For example,</P -><P -CLASS="LITERALLAYOUT" -> ldap_serverhost ldap.example.com</P -></DD -><DT -><SPAN -CLASS="TOKEN" ->ldap_serverport</SPAN -> <TT -CLASS="PARAMETER" -><I ->port</I -></TT -></DT -><DD -><P ->The <SPAN -CLASS="TOKEN" ->ldap_serverport</SPAN -> statement specifies the tcp -port number of the LDAP server.</P -><P ->This statement cannot be omitted - if <SPAN -CLASS="TOKEN" ->ldap_serverhost</SPAN -> is specified.</P -><P ->For example,</P -><P -CLASS="LITERALLAYOUT" -> ldap_serverport 602</P -></DD -><DT -><SPAN -CLASS="TOKEN" ->ldap_base_dn</SPAN -> <TT -CLASS="PARAMETER" -><I ->LDAP_base_distinguished_name</I -></TT -></DT -><DD -><P ->The <SPAN -CLASS="TOKEN" ->ldap_base_dn</SPAN -> statement specifies the -base-distinguished name of the LDAP database.</P -><P ->This statement cannot be omitted - if <SPAN -CLASS="TOKEN" ->ldap_serverhost</SPAN -> is specified.</P -><P ->For example,</P -><P -CLASS="LITERALLAYOUT" -> ldap_base_dn "dc=example, dc=com"</P -></DD -><DT -><SPAN -CLASS="TOKEN" ->ldap_bind_dn</SPAN -> <TT -CLASS="PARAMETER" -><I ->LDAP_bind_distinguished_name</I -></TT -></DT -><DD -><P ->The <SPAN -CLASS="TOKEN" ->ldap_bind_dn</SPAN -> statement specifies the -distinguished name for the bind operation which is used for authentication -to the LDAP database.</P -><P ->For example,</P -><P -CLASS="LITERALLAYOUT" -> ldap_bind_dn "cn=gfarmuser, dc=example, dc=com"</P -></DD -><DT -><SPAN -CLASS="TOKEN" ->ldap_bind_password</SPAN -> <TT -CLASS="PARAMETER" -><I ->password</I -></TT -></DT -><DD -><P ->The <SPAN -CLASS="TOKEN" ->ldap_bind_password</SPAN -> statement specifies the -password for the bind operation which is used for authentication -to the LDAP database.</P -><P ->For example,</P -><P -CLASS="LITERALLAYOUT" -> ldap_bind_password "secret-ldap-password"</P -></DD -><DT -><SPAN -CLASS="TOKEN" ->postgresql_serverhost</SPAN -> <TT -CLASS="PARAMETER" -><I ->hostname</I -></TT -></DT -><DD -><P ->The <SPAN -CLASS="TOKEN" ->postgresql_serverhost</SPAN -> statement specifies the host -name on which the PostgreSQL server is running.</P -><P ->For example,</P -><P -CLASS="LITERALLAYOUT" -> postgresql_serverhost postgresql.example.com</P -></DD -><DT -><SPAN -CLASS="TOKEN" ->postgresql_serverport</SPAN -> <TT -CLASS="PARAMETER" -><I ->port</I -></TT -></DT -><DD -><P ->The <SPAN -CLASS="TOKEN" ->postgresql_serverport</SPAN -> statement specifies the tcp -port number of the PostgreSQL server.</P -><P ->This statement cannot be omitted - if <SPAN -CLASS="TOKEN" ->postgresql_serverhost</SPAN -> is specified.</P -><P ->For example,</P -><P -CLASS="LITERALLAYOUT" -> postgresql_serverport 602</P -></DD -><DT -><SPAN -CLASS="TOKEN" ->postgresql_dbname</SPAN -> <TT -CLASS="PARAMETER" -><I ->dbname</I -></TT -></DT -><DD -><P ->The <SPAN -CLASS="TOKEN" ->postgresql_dbname</SPAN -> statement specifies the - database name of the PostgreSQL database.</P -><P ->This statement cannot be omitted - if <SPAN -CLASS="TOKEN" ->postgresql_serverhost</SPAN -> is specified.</P -><P ->For example,</P -><P -CLASS="LITERALLAYOUT" -> postgresql_dbname gfarm</P -></DD -><DT -><SPAN -CLASS="TOKEN" ->postgresql_user</SPAN -> <TT -CLASS="PARAMETER" -><I ->user</I -></TT -></DT -><DD -><P ->The <SPAN -CLASS="TOKEN" ->postgresql_user</SPAN -> statement specifies the - username used to connect the PostgreSQL database.</P -><P ->For example,</P -><P -CLASS="LITERALLAYOUT" -> postgresql_user gfarm</P -></DD -><DT -><SPAN -CLASS="TOKEN" ->postgresql_password</SPAN -> <TT -CLASS="PARAMETER" -><I ->password</I -></TT -></DT -><DD -><P ->The <SPAN -CLASS="TOKEN" ->postgresql_password</SPAN -> statement specifies the - password used to connect the PostgreSQL database.</P -><P ->For example,</P -><P -CLASS="LITERALLAYOUT" -> postgresql_password gfarm</P -></DD -><DT -><SPAN -CLASS="TOKEN" ->postgresql_conninfo</SPAN -> <TT -CLASS="PARAMETER" -><I ->connection_info</I -></TT -></DT -><DD -><P ->The <SPAN -CLASS="TOKEN" ->postgresql_conninfo</SPAN -> statement specifies the - connection option used to connect the PostgreSQL database.</P -><P ->For example,</P -><P -CLASS="LITERALLAYOUT" -> postgresql_conninfo "sslmode=require connect_timeout=30"</P -></DD -><DT -><SPAN -CLASS="TOKEN" ->auth</SPAN -> <TT -CLASS="PARAMETER" -><I ->validity</I -></TT -> -<TT -CLASS="PARAMETER" -><I ->method</I -></TT -> <TT -CLASS="PARAMETER" -><I ->Host_specification</I -></TT -></DT -><DD -><P ->This statement specifies the authentication method when -communicating with the host(s) specified by the third argument.</P -><P ->The first argument should be either the <SPAN -CLASS="TOKEN" ->enable</SPAN -> or -<SPAN -CLASS="TOKEN" ->disable</SPAN -> keyword. -The second argument, <TT -CLASS="PARAMETER" -><I ->auth method</I -></TT ->, should be -the <SPAN -CLASS="TOKEN" ->gsi</SPAN ->, <SPAN -CLASS="TOKEN" ->gsi_auth</SPAN ->, or <SPAN -CLASS="TOKEN" ->sharedsecret</SPAN -> -keyword. -The third argument specifies the host(s) by using <TT -CLASS="PARAMETER" -><I ->Host -specification</I -></TT ->.</P -><P ->The <SPAN -CLASS="TOKEN" ->auth</SPAN -> statement may be specified any number of -times. For each authentication method, it becomes a candidate when -the first entry whose host_specification matches the target host has -the <SPAN -CLASS="TOKEN" ->enable</SPAN -> keyword. When there is no corresponding -entry, or when the first corresponding entry has the -<SPAN -CLASS="TOKEN" ->disable</SPAN -> keyword, the authentication method does not -become a candidate.</P -><P ->This process takes place on both client and server sides. -Candidates for authentication method on both sides will be -tried.</P -><P ->The order of statements with different authentication methods is -not relevant. When there are several candidates for the authentication -method for the host, the order of the authentication trial is -<SPAN -CLASS="TOKEN" ->sharedsecret</SPAN ->, <SPAN -CLASS="TOKEN" ->gsi_auth</SPAN ->, -and then <SPAN -CLASS="TOKEN" ->gsi</SPAN ->.</P -><P ->The GSI methods are available if and only if the ---with-globus option is specified at configuration. When the methods are -not available, an <SPAN -CLASS="TOKEN" ->auth</SPAN -> statement with -<SPAN -CLASS="TOKEN" ->gsi</SPAN -> or <SPAN -CLASS="TOKEN" ->gsi_auth</SPAN -> will be ignored.</P -><P ->This statement cannot be omitted.</P -><P ->For example,</P -><P -CLASS="LITERALLAYOUT" -> auth disable sharedsecret 192.168.0.100<br> - auth disable sharedsecret 192.168.0.101<br> - auth enable sharedsecret 192.168.0.0/24<br> - auth enable gsi_auth 10.0.0.0/8<br> - auth enable gsi *</P -><P ->In this example, all hosts which belong to the network address -192.168.0.0/24, except for two hosts, 192.168.0.100 and 192.168.0.101, -will be tested for authenticated by both <SPAN -CLASS="TOKEN" ->sharedsecret</SPAN -> -and <SPAN -CLASS="TOKEN" ->gsi</SPAN ->; -all hosts which belong to the network address 10.0.0.0/8 will be -tested for authentication by both -<SPAN -CLASS="TOKEN" ->gsi_auth</SPAN -> and <SPAN -CLASS="TOKEN" ->gsi</SPAN ->; -and all other hosts will be authenticated by -<SPAN -CLASS="TOKEN" ->gsi</SPAN ->. Note that two hosts, 192.168.0.100 and -192.168.0.101, will be tested for authentication by gsi only.</P -></DD -><DT -><SPAN -CLASS="TOKEN" ->netparam</SPAN -> <TT -CLASS="PARAMETER" -><I ->parameter</I -></TT -><I -CLASS="EMPHASIS" ->=</I -><TT -CLASS="PARAMETER" -><I ->value</I -></TT -> <I -CLASS="EMPHASIS" ->[</I -><TT -CLASS="PARAMETER" -><I ->Host_specification</I -></TT -><I -CLASS="EMPHASIS" ->]</I -></DT -><DD -><P ->The <SPAN -CLASS="TOKEN" ->netparam</SPAN -> statement specifies several -communication parameters listed below.</P -><P -><SPAN -CLASS="TOKEN" ->parallel_streams</SPAN ->. This parameter specifies the -number of tcp streams. The default is a single stream. The -<SPAN -CLASS="TOKEN" ->parallel_streams</SPAN -> parameter may improve the file -transfer performance, especially when connecting to a distant site -(i.e., a high bandwidth-delay product network) such that the tcp congestion -window size will not increase sufficiently. This parameter is only -effective on a client node where the gfrep(1) command is executed. -<TT -CLASS="PARAMETER" -><I ->Host_specification</I -></TT -> specifies the source host(s) -for file replication instead of the destination host(s).</P -><P -><SPAN -CLASS="TOKEN" ->stripe_unit_size</SPAN ->. This parameter specifies how -to divide the data when utilizing multiple tcp streams. Without this -parameter, the data will be divided into -<SPAN -CLASS="TOKEN" ->parallel_streams</SPAN -> of contiguous blocks with almost even -size. When this parameter is specified, the data is divided in -round-robin fashion with the specified block size in bytes. Generally -speaking, the performance of file transfer is improved using this -parameter.</P -><P ->This parameter is effective only when two or more is specified -as the <SPAN -CLASS="TOKEN" ->parallel_streams</SPAN -> parameter. This parameter is -only effective on a client node where the gfrep(1) command is executed. -<TT -CLASS="PARAMETER" -><I ->Host_specification</I -></TT -> specifies the source host(s) -for file replication instead of the destination host(s).</P -><P -><SPAN -CLASS="TOKEN" ->rate_limit</SPAN ->. This parameter specifies the maximum -transfer rate (bps; bit per second) for a single connection, and is -introduced experimentally. The parameter on a source filesystem node -is effective during parallel file replication. <TT -CLASS="PARAMETER" -><I ->Host -specification</I -></TT -> specifies the destination host(s) for file -replication. Note that this parameter has to be specified on a -source filesystem node, not on a client host, unlike the other -parameters.</P -><P ->For example,</P -><P -CLASS="LITERALLAYOUT" -> netparam parallel_streams=2 10.0.0.0/8<br> - netparam stripe_unit_size=8192 10.0.0.0/8<br> - netparam rate_limit=750000 192.168.0.0/24</P -></DD -><DT -><SPAN -CLASS="TOKEN" ->sockopt </SPAN -><TT -CLASS="PARAMETER" -><I ->option</I -></TT -><I -CLASS="EMPHASIS" ->[=</I -><TT -CLASS="PARAMETER" -><I ->value</I -></TT -><I -CLASS="EMPHASIS" ->] [<SPAN -CLASS="TOKEN" ->LISTENER</SPAN -> | <TT -CLASS="PARAMETER" -><I ->Host_specification</I -></TT ->]</I -></DT -><DD -><P ->The <SPAN -CLASS="TOKEN" ->sockopt</SPAN -> parameter specifies the socket option -<TT -CLASS="PARAMETER" -><I ->option</I -></TT -> via the setsockopt(2) system call.</P -><P ->When <SPAN -CLASS="TOKEN" ->LISTENER</SPAN -> (all capital letters) is specified -by the second argument, the socket option is applied to any socket -on the server side (accepting side).</P -><P ->When the host_specification is specified by the second argument, -the socket option is applied to sockets that connect to the specified host(s). -If the second argument is "*", the socket option is applied to any -hosts on the client side (connecting side).</P -><P ->If the second argument is omitted, the socket option is applied -to every socket.</P -><P ->The following socket options can be specified.</P -><P -><SPAN -CLASS="TOKEN" ->debug</SPAN ->. The <CODE -CLASS="CONSTANT" ->SO_DEBUG</CODE -> socket -option is specified. A <TT -CLASS="PARAMETER" -><I ->value</I -></TT -> is not -necessary.</P -><P -><SPAN -CLASS="TOKEN" ->keepalive</SPAN ->. The <CODE -CLASS="CONSTANT" ->SO_KEEPALIVE</CODE -> -socket option is specified. A <TT -CLASS="PARAMETER" -><I ->value</I -></TT -> is not -necessary.</P -><P -><SPAN -CLASS="TOKEN" ->sndbuf</SPAN ->. The <CODE -CLASS="CONSTANT" ->SO_SNDBUF</CODE -> socket -option is specified with a <TT -CLASS="PARAMETER" -><I ->value</I -></TT ->.</P -><P -><SPAN -CLASS="TOKEN" ->rcvbuf</SPAN ->. The <CODE -CLASS="CONSTANT" ->SO_RCVBUF</CODE -> socket -option is specified with a <TT -CLASS="PARAMETER" -><I ->value</I -></TT ->.</P -><P -><SPAN -CLASS="TOKEN" ->tcp_nodelay</SPAN ->. The <CODE -CLASS="CONSTANT" ->TCP_NODELAY</CODE -> -socket option is specified. A <TT -CLASS="PARAMETER" -><I ->value</I -></TT -> is not -necessary.</P -><P ->For example,</P -><P -CLASS="LITERALLAYOUT" -> sockopt tcp_nodelay 192.168.0.0/24<br> - sockopt sndbuf=1048576 10.0.0.0/8<br> - sockopt sndbuf=1048576 LISTENER<br> - sockopt rcvbuf=1048576 10.0.0.0/8<br> - sockopt rcvbuf=1048576 LISTENER</P -></DD -><DT -><SPAN -CLASS="TOKEN" ->address_use</SPAN -> <TT -CLASS="PARAMETER" -><I ->Host_specification</I -></TT -></DT -><DD -><P ->The <SPAN -CLASS="TOKEN" ->address_use</SPAN -> statement specifies an IP address -or a network address that is given preference for connection when the -target host has several IP addresses.</P -><P ->For example,</P -><P -CLASS="LITERALLAYOUT" -> address_use 192.168.0.0/24</P -></DD -><DT -><SPAN -CLASS="TOKEN" ->client_architecture</SPAN -> <TT -CLASS="PARAMETER" -><I ->architecture</I -></TT -> <TT -CLASS="PARAMETER" -><I ->Host_specification</I -></TT -></DT -><DD -><P ->This directive specifies the default architecture name that may be used -when a client node accesses an executable file. -This directive only affects client nodes. -For filesystem nodes, architecture names registered in -the metadata server are used.</P -><P ->On the other hand, the environment variable, GFARM_ARCHITECTURE, -which specifies the default architecture name, just as in this directive, -affects both client nodes and filesystem nodes.</P -><P ->Example:</P -><P -CLASS="LITERALLAYOUT" -> client_architecture i386-redhat8.0-linux linux-1.example.com<br> - client_architecture i386-redhat8.0-linux linux-2.example.com<br> - client_architecture sparc-sun-solaris8 solaris-1.example.com</P -></DD -><DT -><SPAN -CLASS="TOKEN" ->local_user_map</SPAN -> <TT -CLASS="PARAMETER" -><I ->user-map-file</I -></TT -></DT -><DD -><P ->This directive specifies a file name -<TT -CLASS="PARAMETER" -><I ->user-map-file</I -></TT -> for mapping global user names -to local user names</P -><P ->This directive is optional. -<TT -CLASS="PARAMETER" -><I ->user-map-file</I -></TT -> is needed when you have to use -the sharedsecret authentication method in the case where you have -different unix account names on different filesystem nodes. In such a -case, the <TT -CLASS="PARAMETER" -><I ->user-map-file</I -></TT -> on each filesystem node -should have an entry from a unique global user name to each local user -name.</P -><P ->Example:</P -><P -CLASS="LITERALLAYOUT" -> local_user_map /etc/gfarm/gfarm-usermap</P -><P ->Each line of the <TT -CLASS="PARAMETER" -><I ->user-map-file</I -></TT -> consists -of two fields separated by spaces; the first field is a global user -name, and the second field is a local user name.</P -><P ->Example of the user mapping file:</P -><P -CLASS="LITERALLAYOUT" -> foobar foo<br> - quux baz</P -><P ->According to the first line of this mapping file, a global user -name, "foobar", is mapped to a local user name, "foo", on this node.</P -></DD -><DT -><SPAN -CLASS="TOKEN" ->dir_cache_timeout</SPAN -> <TT -CLASS="PARAMETER" -><I ->seconds</I -></TT -></DT -><DD -><P ->This directive specifies the time (in seconds) until a directory cache -in the gfarm library expires. -The default time is 86,400 seconds, i.e. one day. -The time can be specified by an environment variable, -GFARM_DIRCACHE_TIMEOUT, too. -The environment variable takes precedence over the directive.</P -><P ->For example,</P -><P -CLASS="LITERALLAYOUT" -> dir_cache_timeout 60</P -></DD -><DT -><SPAN -CLASS="TOKEN" ->host_cache_timeout</SPAN -> <TT -CLASS="PARAMETER" -><I ->seconds</I -></TT -></DT -><DD -><P ->This directive specifies the time (in seconds) until the metadata cache -of the filesystem nodes in the gfarm library expires. -Newly added or removed hosts might not be seen until this timeout has -passed. -The default time is 600 seconds, i.e. ten minutes.</P -><P ->For example,</P -><P -CLASS="LITERALLAYOUT" -> host_cache_timeout 60</P -></DD -><DT -><SPAN -CLASS="TOKEN" ->schedule_cache_timeout</SPAN -> <TT -CLASS="PARAMETER" -><I ->seconds</I -></TT -></DT -><DD -><P ->This directive specifies the time (in seconds) until the cache used for -filesystem node scheduling expires. -The cache holds information on each filesystem node, e.g. load average, -disk free space, and whether authentication succeeds or not. -The default time is 600 seconds, i.e. ten minutes.</P -><P ->For example,</P -><P -CLASS="LITERALLAYOUT" -> schedule_cache_timeout 60</P -></DD -><DT -><SPAN -CLASS="TOKEN" ->write_local_priority</SPAN -> <TT -CLASS="PARAMETER" -><I ->validity</I -></TT -></DT -><DD -><P ->Gfarm nearly always chooses localhost, when it selects a filesystem -node to write a file. By specifing the <SPAN -CLASS="TOKEN" ->disable</SPAN -> keyword in -this directive, Gfarm handles localhost the same as other -filesystem nodes. -The same thing can be achieved by specifying <SPAN -CLASS="TOKEN" ->disable</SPAN -> -as the value of the GFARM_WRITE_LOCAL_PRIORITY environment variable. -When both this directive and the environment variable are specified, -the value specified by the environment variable will be used. -The default is <SPAN -CLASS="TOKEN" ->enable</SPAN ->.</P -><P ->For example,</P -><P -CLASS="LITERALLAYOUT" -> write_local_priority disable</P -></DD -><DT -><SPAN -CLASS="TOKEN" ->write_target_domain</SPAN -> <TT -CLASS="PARAMETER" -><I ->domain</I -></TT -></DT -><DD -><P ->Gfarm tries to choose a filesystem node in the domain specified by -this directive, when it selects a node to write a file. -If there is no suitable node for writing in this domain, or if this -directive is not specified, the filesystem node will be chosen from -among all nodes. -You can specify this domain with the GFARM_WRITE_TARGET_DOMAIN environment -variable too. -When both this directive and the environment variable are specified, -the value specified by the environment variable will be used. -Note that if you specify this directive more than once, only the first one -will be used and the others are ignored.</P -><P ->For example,</P -><P -CLASS="LITERALLAYOUT" -> write_target_domain example.org</P -></DD -><DT -><SPAN -CLASS="TOKEN" ->minimum_free_disk_space</SPAN -> <TT -CLASS="PARAMETER" -><I ->bytes</I -></TT -></DT -><DD -><P ->This directive specifies free disk space (in bytes) which is -required on filesystem nodes. The Gfarm scheduler excludes filesystem nodes -which have less free space than this parameter, when it -schedules nodes for jobs which may write files. -The free space value may have a suffix like ``k'' (kilo bytes), -``M'' (mega bytes), ``G'' (giga bytes) and ``T'' (tera bytes). -The default size is 128M bytes.</P -><P ->For example,</P -><P -CLASS="LITERALLAYOUT" -> minimum_free_disk_space 1G</P -></DD -><DT -><SPAN -CLASS="TOKEN" ->gfsd_connection_cache</SPAN -> <TT -CLASS="PARAMETER" -><I ->number</I -></TT -></DT -><DD -><P ->This directive specifies maximum number of cached gfsd connections. -The default is 16.</P -><P ->For example,</P -><P -CLASS="LITERALLAYOUT" -> gfsd_connection_cache 32</P -></DD -><DT -><SPAN -CLASS="TOKEN" ->log_level</SPAN -> <TT -CLASS="PARAMETER" -><I ->priority_level</I -></TT -></DT -><DD -><P ->This directive specifies a level of log priority. -The log output, which priority is inferior to this level, will not be -sent to syslog or standard error. -The priority levels are "emerg", "alert", "crit", "err", "warning", "notice", -"info" and "debug" in highest first order. -The default level is "info". -It's not recommended to specify a level higher or equal to "crit".</P -><P ->For example,</P -><P -CLASS="LITERALLAYOUT" -> log_level debug</P -></DD -><DT -><SPAN -CLASS="TOKEN" ->record_atime </SPAN -><TT -CLASS="PARAMETER" -><I ->validity</I -></TT -></DT -><DD -><P ->When "enabled" is specified, Gfarm records last access time strictly. -When "disabled" is specified, the access time becomes inaccurate, but -such setting reduces the load of metadata updates, and may improve -performance. -The "disable" setting corresponds to "noatime" setting in usual filesystem.</P -><P ->Example:</P -><P -CLASS="LITERALLAYOUT" -> record_atime disable</P -></DD -></DL -></DIV -></DIV -><DIV -CLASS="REFSECT1" -><A -NAME="GRAMMAR" -></A -><H2 ->GRAMMAR</H2 -><P ->This is a grammar for gfarm.conf described using BNF -notation.</P -><P -CLASS="LITERALLAYOUT" -> <statement> ::=<br> - \xA0\xA0<spool_statement> |<br> - \xA0\xA0<spool_server_listen_address_statement> |<br> - \xA0\xA0<spool_serverport_statement> |<br> - \xA0\xA0<spool_server_cred_type_statement> |<br> - \xA0\xA0<spool_server_cred_service_statement> |<br> - \xA0\xA0<spool_server_cred_name_statement> |<br> - \xA0\xA0<metadb_serverhost_statement> |<br> - \xA0\xA0<metadb_serverport_statement> |<br> - \xA0\xA0<metadb_server_cred_type_statement> |<br> - \xA0\xA0<metadb_server_cred_service_statement> |<br> - \xA0\xA0<metadb_server_cred_name_statement> |<br> - \xA0\xA0<agent_serverhost_statement> |<br> - \xA0\xA0<agent_serverport_statement> |<br> - \xA0\xA0<ldap_serverhost_statement> |<br> - \xA0\xA0<ldap_serverport_statement> |<br> - \xA0\xA0<ldap_base_dn_statement> |<br> - \xA0\xA0<ldap_bind_dn_statement> |<br> - \xA0\xA0<ldap_bind_password_statement> |<br> - \xA0\xA0<postgresql_serverhost_statement> |<br> - \xA0\xA0<postgresql_serverport_statement> |<br> - \xA0\xA0<postgresql_dbname_statement> |<br> - \xA0\xA0<postgresql_user_statement> |<br> - \xA0\xA0<postgresql_password_statement> |<br> - \xA0\xA0<postgresql_conninfo_statement> |<br> - \xA0\xA0<auth_statement> |<br> - \xA0\xA0<netparam_statement> |<br> - \xA0\xA0<sockopt_statement> |<br> - \xA0\xA0<address_use_statement> |<br> - \xA0\xA0<client_architecture_statement> |<br> - \xA0\xA0<option_statement> |<br> - \xA0\xA0<local_user_map_statement><br> - \xA0\xA0<dir_cache_timeout_statement> |<br> - \xA0\xA0<host_cache_timeout_statement> |<br> - \xA0\xA0<schedule_cache_timeout_statement> |<br> - \xA0\xA0<write_local_priority_statement> |<br> - \xA0\xA0<write_target_domain_statement> |<br> - \xA0\xA0<minimum_free_disk_space_statement> |<br> - \xA0\xA0<gfsd_connection_cache_statement> |<br> - \xA0\xA0<log_level_statement> |<br> - \xA0\xA0<record_atime_statement><br> - <spool_statement> ::= "spool" <pathname><br> - <spool_server_listen_address_statement> ::=<br> - \xA0\xA0"spool_server_listen_address" <ipv4_address><br> - <spool_serverport_statement> ::= "spool_serverport" <hostname><br> - <spool_server_cred_type_statement> ::=<br> - \xA0\xA0"spool_server_cred_type" <cred_type><br> - <spool_server_cred_service_statement> ::=<br> - \xA0\xA0"spool_server_cred_service" <cred_service><br> - <spool_server_cred_name_statement> ::=<br> - \xA0\xA0"spool_server_cred_name" <cred_name><br> - <metadb_serverhost_statement> ::= "metadb_serverhost" <hostname><br> - <metadb_serverport_statement> ::= "metadb_serverport" <portnumber><br> - <metadb_server_cred_type_statement> ::=<br> - \xA0\xA0"metadb_server_cred_type" <cred_type><br> - <metadb_server_cred_service_statement> ::=<br> - \xA0\xA0"metadb_server_cred_service" <cred_service><br> - <metadb_server_cred_name_statement> ::=<br> - \xA0\xA0"metadb_server_cred_name" <cred_name><br> - <agent_serverhost_statement> ::= "agent_serverhost" <hostname><br> - <agent_serverport_statement> ::= "agent_serverport" <portnumber><br> - <ldap_serverhost_statement> ::= "ldap_serverhost" <hostname><br> - <ldap_serverport_statement> ::= "ldap_serverport" <portnumber><br> - <ldap_base_dn_statement> ::= "ldap_base_dn" <string><br> - <ldap_bind_dn_statement> ::= "ldap_bind_dn" <string><br> - <ldap_bind_password_statement> ::= "ldap_bind_password" <string><br> - <postgresql_serverhost_statement> ::= "postgresql_serverhost" <hostname><br> - <postgresql_serverport_statement> ::= "postgresql_serverport" <portnumber><br> - <postgresql_dbname_statement> ::= "postgresql_dbname" <string><br> - <postgresql_user_statement> ::= "postgresql_user" <string><br> - <postgresql_password_statement> ::= "postgresql_password" <string><br> - <postgresql_conninfo_statement> ::= "postgresql_conninfo" <string><br> - <auth_statement> ::=<br> - \xA0\xA0"auth" <validity> <auth_method> <hostspec><br> - <auth_method> ::= "gsi" | "gsi_auth" | "sharedsecret"<br> - <netparam_statement> ::=<br> - \xA0\xA0"netparam" <netparam_option>=<number> [<hostspec>]<br> - <netparam_option> ::= "parallel_streams" | "stripe_unit_size" |<br> - \xA0\xA0"rate_limit"<br> - <sockopt_statement> ::=<br> - \xA0\xA0"sockopt" <socket_option>[=<number>] [""LISTENER" | <hostspec>]<br> - <socket_option> = "debug" | "keepalive" | "sndbuf" | "rcvbuf" |<br> - \xA0\xA0"tcp_nodelay"<br> - <address_use_statement> ::= "address_use" <hostspec><br> - <client_architecture_statement> ::=<br> - \xA0\xA0"client_architecture" <architecture> <hostspec><br> - <option_statement> ::= "option" <an_option><br> - <an_option> ::= "noatime"<br> - <local_user_map_statement> ::= "local_user_map" <pathname><br> - <dir_cache_timeout_statement> ::= "dir_cache_timeout" <number><br> - <host_cache_timeout_statement> ::= "host_cache_timeout" <number><br> - <schedule_cache_timeout_statement> ::= "schedule_cache_timeout" <number><br> - <write_local_priority_statement> ::= "write_local_priority" <validity><br> - <write_target_domain_statement> ::= "write_target_domain" <string><br> - <minimum_free_disk_space_statement> ::=<br> - \xA0\xA0"minimum_free_disk_space" <size><br> - <gfsd_connection_cache_statement> ::= "gfsd_connection_cache" <number><br> - <log_level_statement> ::= "log_level" <log_priority><br> - <record_atime_statement> ::= "record_atime" <validity><br> - <hostspec> ::= <ipv4_address> | <ipv4_address> "/" <address_mask> |<br> - \xA0\xA0<hostname> | "." <domain_name> | "*"<br> - <pathname> ::= <pathname_character> <pathname_character>*<br> - <pathname_character> ::= <hostname_character> | "," | "/" | "_"<br> - <hostname> ::= <hostname_character> <hostname_character>*<br> - <hostname_character> ::= <alphabet> | <digit> | "-" | "."<br> - <portnumber> ::= <number><br> - <size> ::= <number> [ "k" | "M" | "G" | "T" ]<br> - <number> ::= <digit> [<digit>*]<br> - <digit> ::= "0" | "1" | "2" | "3" | "4" | "5" | "6" | "7" | "8" | "9"<br> - <string> ::= """ <double_quoted_character>* """<br> - <double_quoted_character> ::=<br> - \xA0\xA0<any_character_except_backslash_and_double_quotation> |<br> - \xA0\xA0"\\" | "\""<br> - <validity> ::= "enable" | "disable"<br> - <log_priority> ::= "emerg" | "alert" | "crit" | "err" | "warning" |<br> - \xA0\xA0"notice" | "info" | "debug"</P -></DIV -><DIV -CLASS="REFSECT1" -><A -NAME="EXAMPLES" -></A -><H2 ->EXAMPLES</H2 -><P ->The following is an example usin PostgreSQL to store the metadata, -and to allow access from filesystem nodes and clients at IP address -192.168.0.0/24, via sharedsecret authentication.</P -><P -CLASS="LITERALLAYOUT" ->spool /var/spool/gfarm<br> -spool_serverport 600<br> -metadb_serverhost metadb.example.org<br> -metadb_serverport 601<br> -postgresql_serverhost metadb.example.org<br> -postgresql_serverport 5432<br> -postgresql_dbname gfarm<br> -postgresql_user gfarm<br> -postgresql_password "secret-postgresql-password"<br> -auth enable sharedsecret 192.168.0.0/24<br> -sockopt keepalive</P -><P ->The following is an example using LDAP to store the metadata, -and to allow access from filesystem nodes and clients at any IP address, -via GSI authentication.</P -><P -CLASS="LITERALLAYOUT" ->spool /var/spool/gfarm<br> -spool_serverport 600<br> -metadb_serverhost metadb.example.com<br> -metadb_serverport 601<br> -ldap_serverhost metadb.example.com<br> -ldap_serverport 389<br> -ldap_base_dn "dc=example, dc=com"<br> -ldap_bind_dn "cn=gfarmuser, dc=example, dc=com"<br> -ldap_bind_password "secret-ldap-password"<br> -auth enable gsi *<br> -sockopt keepalive</P -></DIV -><DIV -CLASS="REFSECT1" -><A -NAME="FILES" -></A -><H2 ->FILES</H2 -><P -></P -><DIV -CLASS="VARIABLELIST" -><DL -><DT -><TT -CLASS="FILENAME" ->%%SYSCONFDIR%%/gfarm.conf</TT -></DT -><DD -><P -></P -></DD -><DT -><TT -CLASS="FILENAME" ->$HOME/.gfarmrc</TT -></DT -><DD -><P -></P -></DD -></DL -></DIV -></DIV -><DIV -CLASS="REFSECT1" -><A -NAME="SEE-ALSO" -></A -><H2 ->SEE ALSO</H2 -><P -> <SPAN -CLASS="CITEREFENTRY" -><SPAN -CLASS="REFENTRYTITLE" ->gfmd</SPAN ->(8)</SPAN ->, - <SPAN -CLASS="CITEREFENTRY" -><SPAN -CLASS="REFENTRYTITLE" ->gfsd</SPAN ->(8)</SPAN ->, - <SPAN -CLASS="CITEREFENTRY" -><SPAN -CLASS="REFENTRYTITLE" ->gfarm_agent</SPAN ->(1)</SPAN ->, - <SPAN -CLASS="CITEREFENTRY" -><SPAN -CLASS="REFENTRYTITLE" ->setsockopt</SPAN ->(2)</SPAN -></P -></DIV -></BODY -></HTML -> Added: gfarm_v2/trunk/doc/html/en/ref/man5/gfarm2.conf.5.html =================================================================== --- gfarm_v2/trunk/doc/html/en/ref/man5/gfarm2.conf.5.html (rev 0) +++ gfarm_v2/trunk/doc/html/en/ref/man5/gfarm2.conf.5.html 2008-12-17 18:46:23 UTC (rev 4026) @@ -0,0 +1,1595 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<HTML +><HEAD +><TITLE +>gfarm2.conf</TITLE +><META +NAME="GENERATOR" +CONTENT="Modular DocBook HTML Stylesheet Version 1.79"></HEAD +><BODY +CLASS="REFENTRY" +BGCOLOR="#FFFFFF" +TEXT="#000000" +LINK="#0000FF" +VLINK="#840084" +ALINK="#0000FF" +><H1 +><A +NAME="GFARM2.CONF.5" +></A +>gfarm2.conf</H1 +><DIV +CLASS="REFNAMEDIV" +><A +NAME="NAME" +></A +><H2 +>Name</H2 +>gfarm2.conf -- Gfarm configuration file</DIV +><DIV +CLASS="REFSECT1" +><A +NAME="DESCRIPTION" +></A +><H2 +>DESCRIPTION</H2 +><P +>gfarm2.conf is a text file that contains a Gfarm configuration. +Gfarm server processes gfmd and gfsd refer to %%SYSCONFDIR%%/gfmd.conf +and %%SYSCONFDIR%%/gfarm2.conf, respectively, by default. +Since this configuration file is only read at startup, it is necessary +to restart servers when the contents of the configuration file are +updated.</P +><P +>Application programs, such as gfls and gfhost, refer to both +%%SYSCONFDIR%%/gfarm2.conf, and a file specified by an environment variable, +GFARM_CONFIG_FILE. If both configuration files exist, the file +specified by the environment variable, GFARM_CONFIG_FILE, is read +first. Both files have the same grammar. +If the environment variable GFARM_CONFIG_FILE doesn't exist, + ~/.gfarm2rc in a user's home directory is used instead.</P +><P +>Each line of gfarm2.conf consists of one statement. When the +line ends with the character ``\'', the line continues for the next +line. A word beginning with ``#'' causes that word and all remaining +characters on that line to be ignored.</P +></DIV +><DIV +CLASS="REFSECT1" +><A +NAME="HOSTSPECIFICATION" +></A +><H2 +>Host_specification</H2 +><P +><TT +CLASS="PARAMETER" +><I +>Host_specification</I +></TT +> has the following +forms.</P +><P +></P +><DIV +CLASS="VARIABLELIST" +><DL +><DT +><TT +CLASS="PARAMETER" +><I +>III.JJJ.KKK.LLL</I +></TT +></DT +><DD +><P +>Specifies an IP address with four octets from 0 to 255, separated +by ".".</P +></DD +><DT +><TT +CLASS="PARAMETER" +><I +>III.JJJ.KKK.LLL</I +></TT +>/<TT +CLASS="PARAMETER" +><I +>MM</I +></TT +></DT +><DD +><P +>Specifies a network address with an IP address and a netmask +from 0 to 31 separated by "/".</P +></DD +><DT +><TT +CLASS="PARAMETER" +><I +>domain.name</I +></TT +></DT +><DD +><P +>Specifies a host name.</P +></DD +><DT +><TT +CLASS="PARAMETER" +><I +>.domain.name</I +></TT +></DT +><DD +><P +>Specifies all hosts which belong to the domain.name.</P +></DD +><DT +><I +CLASS="EMPHASIS" +>*</I +></DT +><DD +><P +>Specifies all hosts.</P +></DD +></DL +></DIV +></DIV +><DIV +CLASS="REFSECT1" +><A +NAME="STATEMENT" +></A +><H2 +>Statement</H2 +><P +>The following statements are supported.</P +><P +></P +><DIV +CLASS="VARIABLELIST" +><DL +><DT +><SPAN +CLASS="TOKEN" +>spool</SPAN +> <TT +CLASS="PARAMETER" +><I +>directory</I +></TT +></DT +><DD +><P +>The <SPAN +CLASS="TOKEN" +>spool</SPAN +> statement specifies a spool directory +for a Gfarm filesystem on this filesystem node.</P +><P +>For example,</P +><P +CLASS="LITERALLAYOUT" +> spool /var/spool/gfarm</P +></DD +><DT +><SPAN +CLASS="TOKEN" +>spool_server_listen_address</SPAN +> <TT +CLASS="PARAMETER" +><I +>IP-address</I +></TT +></DT +><DD +><P +>The <SPAN +CLASS="TOKEN" +>spool_server_listen_address</SPAN +> statement specifies +the IP address at which the gfsd accepts TCP and UDP requests. +The default address is all IP addresses of the host. +This option is useful when one wants to invoke multiple gfsd +to provide multiple spool directories on the host.</P +><P +>For example,</P +><P +CLASS="LITERALLAYOUT" +> spool_server_listen_address 192.168.121.1</P +></DD +><DT +><SPAN +CLASS="TOKEN" +>spool_server_cred_type</SPAN +> <TT +CLASS="PARAMETER" +><I +>cred_type</I +></TT +></DT +><DD +><P +>This statement specifies the type of credential used by gfsd for GSI +authentication. +This is ignored when you are using <SPAN +CLASS="TOKEN" +>sharedsecret</SPAN +> +authentication.</P +><P +>If this statement isn't used on the server side, the server uses +a host certificate, if the server is invoked with root privileges. +Or, if the server is invoked as a non-privileged user, the server +uses the user's certificate.</P +><P +>If this statement isn't used on the client side, the client assumes +that the server that the client is going to connect is using +a host certificate of the server host. Thus, if the server is not +invoked with root privileges, but invoked with user privileges where +the user is the same as the user who invoked the client, the client +side needs to specify the following one line.</P +><P +>Example:</P +><P +CLASS="LITERALLAYOUT" +> spool_server_cred_type self</P +><P +>The possible types of <TT +CLASS="PARAMETER" +><I +>cred_type</I +></TT +> are +``<SPAN +CLASS="TOKEN" +>self</SPAN +>'', +``<SPAN +CLASS="TOKEN" +>host</SPAN +>'', ``<SPAN +CLASS="TOKEN" +>user</SPAN +>'' and +``<SPAN +CLASS="TOKEN" +>mechanism-specific</SPAN +>''. +And those are used with the <SPAN +CLASS="TOKEN" +>spool_server_cred_service</SPAN +> +and <SPAN +CLASS="TOKEN" +>spool_server_cred_name</SPAN +> statements as follows:</P +><P +></P +><DIV +CLASS="VARIABLELIST" +><DL +><DT +><SPAN +CLASS="TOKEN" +>self</SPAN +></DT +><DD +><P +>This keyword specifies that the certificate that the user currently +has is used. +You must not use either the +<SPAN +CLASS="TOKEN" +>spool_server_cred_service</SPAN +> or +<SPAN +CLASS="TOKEN" +>spool_server_cred_name</SPAN +> statement, +if you are using this type.</P +></DD +><DT +><SPAN +CLASS="TOKEN" +>host</SPAN +></DT +><DD +><P +>This keyword specifies that a host certificate or a service certificate +is used. +To choose a service certificate, the name of the service may be specified +by the <SPAN +CLASS="TOKEN" +>spool_server_cred_service</SPAN +> statement. +If ``<SPAN +CLASS="TOKEN" +>host</SPAN +>'' is specified as the service name, a host certificate +in the file ``<TT +CLASS="FILENAME" +>/etc/grid-security/hostcert.pem</TT +>'' will +be used. +If any server name other than ``<SPAN +CLASS="TOKEN" +>host</SPAN +>'' is specified, +a service certificate in the file +``<TT +CLASS="FILENAME" +>/etc/grid-security/SERVICE/SERVICEcert.pem</TT +>'' +will be used. +If the service name is omitted, ``<SPAN +CLASS="TOKEN" +>host</SPAN +>'' will be used as +the service name by default. +Only the Common Name field of a certificate will be used to check +the server's identity for both a host certificate and a service certificate. +And the Common Name field must be in the ``CN=SERVERNAME/HOSTNAME'' format. +Also, the hostname must match the canonical name configured by +the <B +CLASS="COMMAND" +>gfhost</B +> command exactly. Alias hostnames are not allowed.</P +><P +>This feature corresponds to the GSS_C_NT_HOSTBASED_SERVICE feature in GSSAPI +(RFC2743/RFC2744).</P +><P +>Example:</P +><P +CLASS="LITERALLAYOUT" +> spool_server_cred_type host<br> + spool_server_cred_service host</P +></DD +><DT +><SPAN +CLASS="TOKEN" +>user</SPAN +></DT +><DD +><P +>This keyword specifies that a user certificate is used. +The account name of the user may be specified by the +<SPAN +CLASS="TOKEN" +>spool_server_cred_name</SPAN +> statement. +If the account name is omitted, the user who invoked the command +will be used by default. +You must not specify a service name using +the <SPAN +CLASS="TOKEN" +>spool_server_cred_service</SPAN +> statement, if you are using +a user certificate.</P +><P +>To map from the account name to a Distinguished Name of a certificate, +file ``<TT +CLASS="FILENAME" +>/etc/grid-security/grid-mapfile</TT +>'' is used. +Thus, if there isn't such a file, or if the user isn't specified in this file, +this feature cannot be used.</P +><P +>This feature corresponds to the GSS_C_NT_USER_NAME feature in GSSAPI +(RFC2743/RFC2744).</P +><P +>Example:</P +><P +CLASS="LITERALLAYOUT" +> spool_server_cred_type user<br> + spool_server_cred_name guest</P +></DD +><DT +><SPAN +CLASS="TOKEN" +>mechanism-specific</SPAN +></DT +><DD +><P +>This keyword specifies that <SPAN +CLASS="TOKEN" +>spool_server_cred_name</SPAN +> +is treated as a raw X.509 Distinguished Name serving as a server's +certificate. +You must not specify a service name using a +<SPAN +CLASS="TOKEN" +>spool_server_cred_service</SPAN +> statement, if you are using +this type.</P +><P +>This feature corresponds to a case where GSS_C_NO_OID is specified +as a Name Type in GSSAPI (RFC2743/RFC2744).</P +><P +>Example:</P +><P +CLASS="LITERALLAYOUT" +> spool_server_cred_type mechanism-specific<br> + spool_server_cred_name "/O=Grid/O=Globus/OU=example.com/CN=John Smith"</P +></DD +></DL +></DIV +></DD +><DT +><SPAN +CLASS="TOKEN" +>spool_server_cred_service</SPAN +> <TT +CLASS="PARAMETER" +><I +>cred_service</I +></TT +></DT +><DD +><P +>This statement specifies the service name of a service certificate +used by gfsd for GSI authentication, when ``<SPAN +CLASS="TOKEN" +>host</SPAN +>'' is specified +in <SPAN +CLASS="TOKEN" +>spool_server_cred_type</SPAN +> statement. +This is ignored when you are using <SPAN +CLASS="TOKEN" +>sharedsecret</SPAN +> +authentication. +Please read the description of the <SPAN +CLASS="TOKEN" +>spool_server_cred_type</SPAN +> +statement for details.</P +></DD +><DT +><SPAN +CLASS="TOKEN" +>spool_server_cred_name</SPAN +> <TT +CLASS="PARAMETER" +><I +>cred_name</I +></TT +></DT +><DD +><P +>This statement specifies the setting of a certificate used by gfsd +for GSI authentication. What this setting means depends on the type +specified in the <SPAN +CLASS="TOKEN" +>spool_server_cred_type</SPAN +> statement. +This is ignored when you are using <SPAN +CLASS="TOKEN" +>sharedsecret</SPAN +> +authentication. +Please read the description of the <SPAN +CLASS="TOKEN" +>spool_server_cred_type</SPAN +> +statement for details.</P +></DD +><DT +><SPAN +CLASS="TOKEN" +>metadb_server_host</SPAN +> <TT +CLASS="PARAMETER" +><I +>hostname</I +></TT +></DT +><DD +><P +>The <SPAN +CLASS="TOKEN" +>metadb_server_host</SPAN +> statement specifies the +host name on which gfmd is running.</P +><P +>This statement cannot be omitted.</P +><P +>For example,</P +><P +CLASS="LITERALLAYOUT" +> metadb_server_host ldap.example.com</P +></DD +><DT +><SPAN +CLASS="TOKEN" +>metadb_server_port</SPAN +> <TT +CLASS="PARAMETER" +><I +>port</I +></TT +></DT +><DD +><P +>The <SPAN +CLASS="TOKEN" +>metadb_server_port</SPAN +> statement specifies the tcp +port number the gfmd is listening on. The default port number is +601.</P +><P +>For example,</P +><P +CLASS="LITERALLAYOUT" +> metadb_server_port 601</P +></DD +><DT +><SPAN +CLASS="TOKEN" +>metadb_server_cred_type</SPAN +> <TT +CLASS="PARAMETER" +><I +>cred_type</I +></TT +></DT +... [truncated message content] |