3
xmlns="http://www.nordugrid.org/schemas/arcconfig/2009/08"
4
xmlns:loader="http://www.nordugrid.org/schemas/loader/2009/08"
5
xmlns:tcp="http://www.nordugrid.org/schemas/tcp/2009/08"
6
xmlns:tls="http://www.nordugrid.org/schemas/tls/2009/08"
7
xmlns:authz="http://www.nordugrid.org/schemas/arcauthz/2009/08"
8
xmlns:idmap="http://www.nordugrid.org/schemas/identitymap/2009/10"
9
xmlns:spdp="http://www.nordugrid.org/schemas/simplelistpdp/2009/08"
10
xmlns:arex="http://www.nordugrid.org/schemas/a-rex/2009/08"
12
<!-- Common configuration of the daemon -->
14
<PidFile>/var/run/arched.pid</PidFile>
17
<File>/var/log/arc/arched.log</File>
20
<!-- Where to find plugins -->
21
<loader:ModuleManager>
22
<loader:Path>@prefix@/lib/arc/</loader:Path>
23
</loader:ModuleManager>
24
<!-- Simply load all needed plugins -->
26
<loader:Name>mcctcp</loader:Name>
27
<loader:Name>mcctls</loader:Name>
28
<loader:Name>mcchttp</loader:Name>
29
<loader:Name>mccsoap</loader:Name>
30
<loader:Name>arcshc</loader:Name>
31
<loader:Name>identitymap</loader:Name>
32
<loader:Name>arex</loader:Name>
34
<!-- Create a chain -->
36
<!-- TCP listening socket -->
37
<loader:Component name="tcp.service" id="tcp">
38
<loader:next id="tls"/>
39
<tcp:Listen><tcp:Port>60000</tcp:Port></tcp:Listen>
41
<!-- Transport-level security -->
42
<loader:Component name="tls.service" id="tls">
43
<loader:next id="http"/>
44
<!-- Location of server's security keys -->
45
<tls:KeyPath>/etc/grid-security/hostkey.pem</tls:KeyPath>
46
<tls:CertificatePath>/etc/grid-security/hostcert.pem</tls:CertificatePath>
47
<tls:CACertificatesDir>/etc/grid-security/certificates</tls:CACertificatesDir>
48
<tls:VOMSCertTrustDNChain>
49
<tls:VOMSCertTrustRegex>.*</tls:VOMSCertTrustRegex>
50
</tls:VOMSCertTrustDNChain>
51
<!-- SecHandler below calls specified Policy Decision Point components.
52
In this example only one PDP is defined - simplelist.pdp. This
53
PDP compares Distinguished Name of connecting client against
54
list of allowed DNs. DNs are stored in external file one per line.
55
They may be enclosed in '"'. -->
56
<loader:SecHandler name="arc.authz" id="pdps" event="incoming">
57
<authz:PDP name="simplelist.pdp" spdp:location="/etc/grid-security/grid-mapfile"/>
59
<!-- Evaluate requestor's identity into local identity.
60
Comment it if no user mapping is needed. -->
61
<loader:SecHandler name="identity.map" id="map" event="incoming">
62
<!-- Safe choice if all other rules failed -->
63
<idmap:PDP name="allow.pdp"><idmap:LocalName>nobody</idmap:LocalName></idmap:PDP>
66
<!-- HTTP processing is done here -->
67
<loader:Component name="http.service" id="http">
68
<loader:next id="soap">POST</loader:next>
69
<loader:next id="plexer">GET</loader:next>
70
<loader:next id="plexer">PUT</loader:next>
71
<loader:next id="plexer">HEAD</loader:next>
73
<!-- This one parses content into XML tree -->
74
<loader:Component name="soap.service" id="soap">
75
<loader:next id="plexer"/>
77
<!-- Directing messages to proper service -->
78
<loader:Plexer name="plexer.service" id="plexer">
79
<loader:next id="a-rex">^/arex</loader:next>
81
<!-- A-Rex service -->
82
<loader:Service name="a-rex" id="a-rex">
83
<!-- Optional endpoint element is advised in case of multiple IP adresses -->
84
<arex:endpoint>https://localhost:60000/arex</arex:endpoint>
85
<!-- Use information generated by identity.map plugin or default provided below -->
86
<arex:usermap><arex:defaultLocalName>nobody</arex:defaultLocalName></arex:usermap>
87
<!-- grid-manager part of a-rex requires legacy configuration file.
88
Use arc_arex.conf example or write own. -->
89
<arex:gmconfig>/etc/arc_arex.conf</arex:gmconfig>
added
removed
src/services/a-rex/arex_secure.xml.example.in
