forked from interTwin-eu/teapot
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathconfig.ini
More file actions
151 lines (144 loc) · 6.4 KB
/
config.ini
File metadata and controls
151 lines (144 loc) · 6.4 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
[Teapot]
# Here is the configuration for the Teapot server
APP_NAME = teapot
# One less than the first port that is going to be used by any storm webdav
STARTING_PORT = 32399
# instance timeout, Storm-webdav instances are automatically deleted after a period of inactivity specified here
# default: 10 minutes
INSTANCE_TIMEOUT_SEC = 600
# interval between instance timeout checks in stop_expired_instances
# default: 3 minutes
CHECK_INTERVAL_SEC = 180
# Hostname for the Teapot's uvicorn server (without the https:// part)
hostname = 0.0.0.0
# Port number Teapot is listening on
port = 8081
# List of trusted identity providers
trusted_OP = https://keycloak:8443/realms/test-realm, https://keycloak:8443/realms/alise-realm
# Path to the CA for the DNS certificate
Teapot_CA = /var/lib/teapot/webdav/Teapot-testing.crt
# Path to the certificate for the machine's DNS
Teapot_ssl_certificate = /var/lib/teapot/webdav/teapot.crt
# Path to the key for the machine's DNS
Teapot_ssl_key = /var/lib/teapot/webdav/teapot.key
# Path to the Teapot log file location
log_location = /var/log/teapot/teapot.log
# Toggle restarting Teapot without deleting saved state and without terminating running webdav instances
TEAPOT_RESTART = True
# Max amount of attempts for Teapot to reach a particular Storm-webdav server
STORM_WEBDAV_STARTUP_TIMEOUT = 60
# Path to a JSON file that stores Teapot's session state
sessions_path = /var/lib/teapot/webdav/teapot_sessions.json
# Teapot's log level
log_level = DEBUG
# User identity mapping method
# Teapot supports several options for mapping a federated user identity to a local identity:
# FILE - Mapping patterns are stored in a dedicated file
# (used to map the 'sub' claim to a local username).
# ALISE - Query a configured ALISE instance to resolve the user's local identity.
# VO - Map users based on their VO membership to a local group account.
# KEYCLOAK - For keycloak-issued tokens; maps the user's 'sub' claim to the 'preferred_username' claim
mapping =
# The file containg the mapping (used if 'FILE' option is chosen for mapping)
mapping_file = /etc/teapot/user-mapping.csv
[VO_enforcement]
# Optional – Fill this section only if using the "mapping = VO" option.
# Each mapping consists of two pieces of information. A pair of mappings should share the same suffix after "_".
# For example: "group_1" and "username_1" form a mapping pair.
# - "group_" defines the required group membership.
# - "username_" specifies the username that the group maps to.
# If a user matches multiple group mappings, the first matching pair in the list will be used.
# First mapping
# Required group membership
group_test1 = test-group1
# Username to map group members to
username_test1 = test-user1
# Second mapping
# Required group membership
group_test2 = test-group2
# Username to map group members to
username_test2 = test-user2
[ALISE]
# Optional - Fill this section only if using "mapping = ALISE option"
# URL for ALISE instance being used
INSTANCE = http://alise:8000
# ALISE's designation for the (internal) site that will use the mapping
COMPUTING_CENTRE = keycloak_test
# API key for ALISE to access COMPUTING_CENTRE mappings
APIKEY =
[Storm-webdav]
# Configuration for the Storm-Webdav servers
# General guide to Storm-webdav configuration:
# https://github.com/italiangrid/storm-webdav/blob/master/doc/storm-webdav-guide.md
# CA for Storm-webdav - in default setup Storm-webdav will use self-signed certificate
Storm-webdav_CA = /etc/storm/webdav/localhost.crt
# Memory allocation for Storm-webdav JVM
JVM_OPTS = -Xms2048m -Xmx2048m -Djava.security.egd=file:/dev/./urandom
# Hostname for Storm-webdav server
SERVER_ADDRESS = localhost
# Port number for the https port for Storm-webdav server
HTTPS_PORT = ${Current-user:port}
# Port number for the http port for Storm-webdav server
HTTP_PORT = ${Current-user:port1}
# Path to Storm-webdav server certificate
CERTIFICATE_PATH = /etc/storm/webdav/localhost.crt
# Path to Storm-webdav server key
PRIVATE_KEY_PATH = /etc/storm/webdav/localhost.key
# Path to the trust anchor directory
TRUST_ANCHORS_DIR = /etc/ssl/certs
# Trust anchors refresh interval
TRUST_ANCHORS_REFRESH_INTERVAL = 86400
# The size of the thread pool used to serve incoming requests
MAX_CONNECTIONS = 300
MAX_QUEUE_SIZE = 900
CONNECTOR_MAX_IDLE_TIME = 30000
# Path to storage areas configuration directories
SA_CONFIG_DIR = /var/lib/teapot/user-${Current-user:username}/sa.d
# Path to Storm-webdav jar file
JAR = /usr/share/java/storm-webdav/storm-webdav-server.jar
# Path to Storm-webdav log file
LOG = /var/log/teapot/storm-webdav-server-user-${Current-user:username}.log
# Path to Storm webdav output file
OUT = /var/log/teapot/storm-webdav-server-user-${Current-user:username}.out
# Path to Storm-webdav error file
ERR = /var/log/teapot/storm-webdav-server-user-${Current-user:username}.err
# Path to Storm-webdav log configuration file
LOG_CONFIGURATION = /etc/teapot/logback.xml
# Path to Storm-webdav access log configuration file
ACCESS_LOG_CONFIGURATION = /etc/teapot/logback-access.xml
# Storm-webdav VO files (disabled)
VO_MAP_FILES_ENABLE = false
# Refresh interval for the VO files (disabled)
VO_MAP_FILES_REFRESH_INTERVAL = 21600
# The size of the thread pool used to serve third-party copy requests
TPC_MAX_CONNECTIONS = 50
TPC_VERIFY_CHECKSUM = false
# Require client certificate is disabled as we use tokens instead
REQUIRE_CLIENT_CERT = false
TPC_USE_CONSCRYPT = true
# Information for configuration of Storage Areas.
# To create an additional storage area, just copy
[STORAGE_AREA_1]
# The name of the storage area
name = default
# Root path for the storage area. Files will be served from this path.
rootPath = /home/${Current-user:username}/interTwin/
# Comma separated list of storage area access points
accessPoint = /default
# An identity provider used for authentication to the specified storage area
IdP_name_test = testing
IdP_URL_test = https://keycloak:8443/realms/test-realm
IdP_name_Alise = ALISE
IdP_URL_Alise = https://keycloak:8443/realms/alise-realm
[STORAGE_AREA_2]
# The name of the storage area
name = data
# Root path for the storage area. Files will be served from this path.
rootPath = /data/
# Comma separated list of storage area access points
accessPoint = /data
# An identity provider used for authentication to the specified storage area
IdP_name_test = testing
IdP_URL_test = https://keycloak:8443/realms/test-realm
IdP_name_Alise = ALISE
IdP_URL_Alise = https://keycloak:8443/realms/alise-realm