.\" This manpage has been automatically generated by docbook2man
.\" from a DocBook document. This tool can be found at:
.\"
.\" Please send any bug reports, improvements, comments, patches,
.\" etc. to Steve Cheng .
.TH "GFARM2.CONF" "5" "30 December 2010" "Gfarm" ""
.SH NAME
gfarm2.conf \- Gfarm configuration file
.SH "DESCRIPTION"
.PP
gfarm2.conf is a text file that contains a Gfarm configuration.
Gfarm server processes gfmd and gfsd refer to %%SYSCONFDIR%%/gfmd.conf
and %%SYSCONFDIR%%/gfarm2.conf, respectively, by default.
Since this configuration file is only read at startup, it is necessary
to restart servers when the contents of the configuration file are
updated.
.PP
Application programs, such as gfls and gfhost, refer to both
%%SYSCONFDIR%%/gfarm2.conf, and a file specified by an environment variable,
GFARM_CONFIG_FILE. If both configuration files exist, the file
specified by the environment variable, GFARM_CONFIG_FILE, is read
first. Both files have the same grammar.
If the environment variable GFARM_CONFIG_FILE doesn't exist,
~/.gfarm2rc in a user's home directory is used instead.
.PP
Each line of gfarm2.conf consists of one statement. When the
line ends with the character ``\\'', the line continues for the next
line. A word beginning with ``#'' causes that word and all remaining
characters on that line to be ignored.
.SH "HOST_SPECIFICATION"
.PP
\fIHost_specification\fR has the following
forms.
.TP
\fB\fIIII.JJJ.KKK.LLL\fB\fR
Specifies an IP address with four octets from 0 to 255, separated
by ".".
.TP
\fB\fIIII.JJJ.KKK.LLL\fB/\fIMM\fB\fR
Specifies a network address with an IP address and a netmask
from 0 to 31 separated by "/".
.TP
\fB\fIdomain.name\fB\fR
Specifies a host name.
.TP
\fB \fI\&.domain.name\fB\fR
Specifies all hosts which belong to the domain.name.
.TP
\fB*\fR
Specifies all hosts.
.SH "STATEMENT"
.PP
The following statements are supported.
.TP
\fBspool \fIdirectory\fB\fR
The spool statement specifies a spool directory
for a Gfarm filesystem on this filesystem node.
For example,
.nf
spool /var/spool/gfarm
.fi
.TP
\fBspool_server_listen_address \fIIP-address\fB\fR
The spool_server_listen_address statement specifies
the IP address at which the gfsd accepts TCP and UDP requests.
The default address is all IP addresses of the host.
This option is useful when one wants to invoke multiple gfsd
to provide multiple spool directories on the host.
For example,
.nf
spool_server_listen_address 192.168.121.1
.fi
.TP
\fBspool_server_cred_type \fIcred_type\fB\fR
This statement specifies the type of credential used by gfsd for GSI
authentication.
This is ignored when you are using sharedsecret
authentication.
If this statement isn't used on the server side, the server uses
a host certificate, if the server is invoked with root privileges.
Or, if the server is invoked as a non-privileged user, the server
uses the user's certificate.
If this statement isn't used on the client side, the client assumes
that the server that the client is going to connect is using
a host certificate of the server host. Thus, if the server is not
invoked with root privileges, but invoked with user privileges where
the user is the same as the user who invoked the client, the client
side needs to specify the following one line.
Example:
.nf
spool_server_cred_type self
.fi
The possible types of \fIcred_type\fR are
``self\&'',
``host\&'', ``user\&'' and
``mechanism-specific\&''.
And those are used with the spool_server_cred_service
and spool_server_cred_name statements as follows:
.RS
.TP
\fBself\fR
This keyword specifies that the certificate that the user currently
has is used.
You must not use either the
spool_server_cred_service or
spool_server_cred_name statement,
if you are using this type.
.TP
\fBhost\fR
This keyword specifies that a host certificate or a service certificate
is used.
To choose a service certificate, the name of the service may be specified
by the spool_server_cred_service statement.
If ``host\&'' is specified as the service name, a host certificate
in the file ``\fI/etc/grid-security/hostcert.pem\fR\&'' will
be used.
If any server name other than ``host\&'' is specified,
a service certificate in the file
``\fI/etc/grid-security/SERVICE/SERVICEcert.pem\fR\&''
will be used.
If the service name is omitted, ``host\&'' will be used as
the service name by default.
Only the Common Name field of a certificate will be used to check
the server's identity for both a host certificate and a service certificate.
And the Common Name field must be in the ``CN=SERVERNAME/HOSTNAME'' format.
Also, the hostname must match the canonical name configured by
the \fBgfhost\fR command exactly. Alias hostnames are not allowed.
This feature corresponds to the GSS_C_NT_HOSTBASED_SERVICE feature in GSSAPI
(RFC2743/RFC2744).
Example:
.nf
spool_server_cred_type host
spool_server_cred_service host
.fi
.TP
\fBuser\fR
This keyword specifies that a user certificate is used.
The account name of the user may be specified by the
spool_server_cred_name statement.
If the account name is omitted, the user who invoked the command
will be used by default.
You must not specify a service name using
the spool_server_cred_service statement, if you are using
a user certificate.
To map from the account name to a Distinguished Name of a certificate,
file ``\fI/etc/grid-security/grid-mapfile\fR\&'' is used.
Thus, if there isn't such a file, or if the user isn't specified in this file,
this feature cannot be used.
This feature corresponds to the GSS_C_NT_USER_NAME feature in GSSAPI
(RFC2743/RFC2744).
Example:
.nf
spool_server_cred_type user
spool_server_cred_name guest
.fi
.TP
\fBmechanism-specific\fR
This keyword specifies that spool_server_cred_name
is treated as a raw X.509 Distinguished Name serving as a server's
certificate.
You must not specify a service name using a
spool_server_cred_service statement, if you are using
this type.
This feature corresponds to a case where GSS_C_NO_OID is specified
as a Name Type in GSSAPI (RFC2743/RFC2744).
Example:
.nf
spool_server_cred_type mechanism-specific
spool_server_cred_name "/O=Grid/O=Globus/OU=example.com/CN=John Smith"
.fi
.RE
.TP
\fBspool_server_cred_service \fIcred_service\fB\fR
This statement specifies the service name of a service certificate
used by gfsd for GSI authentication, when ``host\&'' is specified
in spool_server_cred_type statement.
This is ignored when you are using sharedsecret
authentication.
Please read the description of the spool_server_cred_type
statement for details.
.TP
\fBspool_server_cred_name \fIcred_name\fB\fR
This statement specifies the setting of a certificate used by gfsd
for GSI authentication. What this setting means depends on the type
specified in the spool_server_cred_type statement.
This is ignored when you are using sharedsecret
authentication.
Please read the description of the spool_server_cred_type
statement for details.
.TP
\fBmetadb_server_host \fIhostname\fB\fR
The metadb_server_host statement specifies the
host name on which gfmd is running.
This statement cannot be omitted.
For example,
.nf
metadb_server_host ldap.example.com
.fi
.TP
\fBmetadb_server_port \fIport\fB\fR
The metadb_server_port statement specifies the tcp
port number the gfmd is listening on. The default port number is
601.
For example,
.nf
metadb_server_port 601
.fi
.TP
\fBmetadb_server_cred_type \fIcred_type\fB\fR
This statement specifies the type of credential used by gfmd
for GSI authentication.
This is ignored when you are using sharedsecret
authentication.
Please read the description of the spool_server_cred_type
statement on the configuration of this statement.
.TP
\fBmetadb_server_cred_service \fIcred_service\fB\fR
This statement specifies the service name of a service certificate
used by gfmd for GSI authentication, when ``host\&'' is specified
in metadb_server_cred_type statement.
This is ignored when you are using sharedsecret
authentication.
Please read the description of the spool_server_cred_type
statement on the configuration of this statement.
.TP
\fBmetadb_server_cred_name \fIcred_name\fB\fR
This statement specifies the setting of a certificate used by gfmd
for GSI authentication. What this setting means depends on the type
specified in the metadb_server_cred_type statement.
This is ignored when you are using sharedsecret
authentication.
Please read the description of the spool_server_cred_type
statement on the configuration of this statement.
.TP
\fBmetadb_server_stack_size \fIbytes\fB\fR
This directive specifies the size of each thread in the gfmd
metadata server process. If not specified, the default size of the OS
is used.
This parameter is used to cut down the size of virtual memory space
used by gfmd.
For example, the default stack size on CentOS 5/i386 is 10MB, thus,
you can decrease the size of the virtual memory space of gfmd to 1/40,
by specifying 256KB as this parameter.
This parameter is only available in gfmd.conf, and ignored in gfarm2.conf.
For example,
.nf
metadb_server_stack_size 262144
.fi
.TP
\fBmetadb_server_thread_pool_size \fIsize\fB\fR
This directive specifies the maximum number of threads in a
thread pool in the gfmd. It is effective to specify around the
number of CPU cores of the metadata server node. Default is 16.
This parameter is only available in gfmd.conf, and ignored in gfarm2.conf.
For example,
.nf
metadb_server_thread_pool_size 16
.fi
.TP
\fBmetadb_server_job_queue_length \fIlength\fB\fR
This directive specifies the length of job queue in the gfmd.
It is effective to specify around the maximum number of clients that
access the Gfarm file system at the same time. Default is 16000.
This parameter is only available in gfmd.conf, and ignored in gfarm2.conf.
For example,
.nf
metadb_server_job_queue_length 160
.fi
.TP
\fBmetadb_server_heartbeat_interval \fIseconds\fB\fR
This directive specifies the interval of heartbeat in seconds
for gfmd to check availability of each gfsd. Default is 180 seconds.
Until gfarm-2.3.0, this parameter was only available in gfmd.conf,
and ignored in gfarm2.conf. But since gfarm-2.4.0, gfsd also uses
this parameter to detect whether gfmd is down or not, this parameter
has to be specified in both gfarm2.conf and gfmd.conf.
For example,
.nf
metadb_server_heartbeat_interval 180
.fi
.TP
\fBmetadb_server_dbq_size \fIsize\fB\fR
This directive specifies the queue length of metadata updates
for a backend database in gfmd. Longer queue length may avoid slow
down due to waiting backend database updates in case of frequent
metadata operations.
Default is 65536.
This parameter is only available in gfmd.conf, and ignored in gfarm2.conf.
For example,
.nf
metadb_server_dbq_size 65536
.fi
.TP
\fBldap_server_host \fIhostname\fB\fR
The ldap_server_host statement specifies the host
name on which an LDAP server is running. This statement is required
when the LDAP server is used for a backend database of gfmd. This
statement is used in gfmd.conf not gfarm2.conf.
For example,
.nf
ldap_server_host ldap.example.com
.fi
.TP
\fBldap_server_port \fIport\fB\fR
The ldap_server_port statement specifies the tcp
port number of the LDAP server.
This statement cannot be omitted
if ldap_server_host is specified.
For example,
.nf
ldap_server_port 602
.fi
.TP
\fBldap_base_dn \fILDAP_base_distinguished_name\fB\fR
The ldap_base_dn statement specifies the
base-distinguished name of the LDAP database.
This statement cannot be omitted
if ldap_server_host is specified.
For example,
.nf
ldap_base_dn "dc=example, dc=com"
.fi
.TP
\fBldap_bind_dn \fILDAP_bind_distinguished_name\fB\fR
The ldap_bind_dn statement specifies the
distinguished name for the bind operation which is used for authentication
to the LDAP database.
For example,
.nf
ldap_bind_dn "cn=gfarmuser, dc=example, dc=com"
.fi
.TP
\fBldap_bind_password \fIpassword\fB\fR
The ldap_bind_password statement specifies the
password for the bind operation which is used for authentication
to the LDAP database.
For example,
.nf
ldap_bind_password "secret-ldap-password"
.fi
.TP
\fBpostgresql_server_host \fIhostname\fB\fR
The postgresql_server_host statement specifies the host
name on which a PostgreSQL server is running. This statement is required
when the PostgreSQL server is used for a backend database of gfmd. This
statement is used in gfmd.conf not gfarm2.conf.
For example,
.nf
postgresql_server_host postgresql.example.com
.fi
.TP
\fBpostgresql_server_port \fIport\fB\fR
The postgresql_server_port statement specifies the tcp
port number of the PostgreSQL server.
This statement cannot be omitted
if postgresql_server_host is specified.
For example,
.nf
postgresql_server_port 602
.fi
.TP
\fBpostgresql_dbname \fIdbname\fB\fR
The postgresql_dbname statement specifies the
database name of the PostgreSQL database.
This statement cannot be omitted
if postgresql_server_host is specified.
For example,
.nf
postgresql_dbname gfarm
.fi
.TP
\fBpostgresql_user \fIuser\fB\fR
The postgresql_user statement specifies the
username used to connect the PostgreSQL database.
For example,
.nf
postgresql_user gfarm
.fi
.TP
\fBpostgresql_password \fIpassword\fB\fR
The postgresql_password statement specifies the
password used to connect the PostgreSQL database.
For example,
.nf
postgresql_password gfarm
.fi
.TP
\fBpostgresql_conninfo \fIconnection_info\fB\fR
The postgresql_conninfo statement specifies the
connection option used to connect the PostgreSQL database.
For example,
.nf
postgresql_conninfo "sslmode=require connect_timeout=30"
.fi
.TP
\fBauth \fIvalidity\fB \fImethod\fB \fIHost_specification\fB\fR
This statement specifies the authentication method when
communicating with the host(s) specified by the third argument.
The first argument should be either the enable or
disable keyword.
The second argument, \fIauth method\fR, should be
the gsi, gsi_auth, or sharedsecret
keyword.
The third argument specifies the host(s) by using \fIHost
specification\fR\&.
The auth statement may be specified any number of
times. For each authentication method, it becomes a candidate when
the first entry whose host_specification matches the target host has
the enable keyword. When there is no corresponding
entry, or when the first corresponding entry has the
disable keyword, the authentication method does not
become a candidate.
This process takes place on both client and server sides.
Candidates for authentication method on both sides will be
tried.
The order of statements with different authentication methods is
not relevant. When there are several candidates for the authentication
method for the host, the order of the authentication trial is
sharedsecret, gsi_auth,
and then gsi\&.
The GSI methods are available if and only if the
--with-globus option is specified at configuration. When the methods are
not available, an auth statement with
gsi or gsi_auth will be ignored.
This statement cannot be omitted.
For example,
.nf
auth disable sharedsecret 192.168.0.100
auth disable sharedsecret 192.168.0.101
auth enable sharedsecret 192.168.0.0/24
auth enable gsi_auth 10.0.0.0/8
auth enable gsi *
.fi
In this example, all hosts which belong to the network address
192.168.0.0/24, except for two hosts, 192.168.0.100 and 192.168.0.101,
will be tested for authenticated by both sharedsecret
and gsi;
all hosts which belong to the network address 10.0.0.0/8 will be
tested for authentication by both
gsi_auth and gsi;
and all other hosts will be authenticated by
gsi\&. Note that two hosts, 192.168.0.100 and
192.168.0.101, will be tested for authentication by gsi only.
.TP
\fBsockopt \fIoption\fB[=\fIvalue\fB] [LISTENER | \fIHost_specification\fB]\fR
The sockopt parameter specifies the socket option
\fIoption\fR via the setsockopt(2) system call.
When LISTENER (all capital letters) is specified
by the second argument, the socket option is applied to any socket
on the server side (accepting side).
When the host_specification is specified by the second argument,
the socket option is applied to sockets that connect to the specified host(s).
If the second argument is "*", the socket option is applied to any
hosts on the client side (connecting side).
If the second argument is omitted, the socket option is applied
to every socket.
The following socket options can be specified.
debug\&. The SO_DEBUG socket
option is specified. A \fIvalue\fR is not
necessary.
keepalive\&. The SO_KEEPALIVE
socket option is specified. A \fIvalue\fR is not
necessary.
sndbuf\&. The SO_SNDBUF socket
option is specified with a \fIvalue\fR\&.
rcvbuf\&. The SO_RCVBUF socket
option is specified with a \fIvalue\fR\&.
tcp_nodelay\&. The TCP_NODELAY
socket option is specified. A \fIvalue\fR is not
necessary.
For example,
.nf
sockopt tcp_nodelay 192.168.0.0/24
sockopt sndbuf=1048576 10.0.0.0/8
sockopt sndbuf=1048576 LISTENER
sockopt rcvbuf=1048576 10.0.0.0/8
sockopt rcvbuf=1048576 LISTENER
.fi
.TP
\fBknown_network \fIHost_specification\fB\fR
The known_network statement specifies a network
address for file system nodes. It is used to group file system nodes
at file systen node scheduling.
File system nodes that are not specified in this directive are assumed
to be in an IPv4 class C network.
For example,
.nf
known_network 192.168.0.0/24
.fi
.TP
\fBadmin_user \fIuser\fB\fR
This directive specifies an administrator user name, which is
specified in gfmd.conf.
.TP
\fBadmin_user_gsi_dn \fIuser_gsi_dn\fB\fR
This directive specifies a subject DN of an administrator, which is
specified in gfmd.conf.
.TP
\fBlocal_user_map \fIuser-map-file\fB\fR
This directive specifies a file name
\fIuser-map-file\fR for mapping local user names to
global user names. This map file is used only for sharedsecret
authentication. When this file is not specified, a global user name
is assumed to be same as the local user name.
\fIuser-map-file\fR is needed when you have to use
the sharedsecret authentication method in the case where you have
different unix account names on different filesystem nodes. In such a
case, the \fIuser-map-file\fR on each filesystem node
should have an entry from each local user name to a unique global user
name.
Example:
.nf
local_user_map /etc/gfarm/gfarm-usermap
.fi
Each line of the \fIuser-map-file\fR consists
of two fields separated by spaces; the first field is a global user
name, and the second field is a local user name.
Example of the user mapping file:
.nf
foobar foo
quux baz
.fi
According to the first line of this mapping file, a global user
name, "foobar", is mapped to a local user name, "foo", on this node.
.TP
\fBlocal_group_map \fIgroup-map-file\fB\fR
This directive specifies a file name
\fIgroup-map-file\fR for mapping global group names to
local group names. This map file is used by legacy clients that use
local group id such as gfarm2fs and gfarm dsi for Globus GridFTP to
display mapped local groups. When this file is not specified, a
local group name is assumed to be same as the global group
name.
Example:
.nf
local_group_map /etc/gfarm/gfarm-groupmap
.fi
Each line of the \fIgroup-map-file\fR consists
of two fields separated by spaces; the first field is a global group
name, and the second field is a local group name.
.TP
\fBschedule_cache_timeout \fIseconds\fB\fR
This directive specifies the time (in seconds) until the cache used for
filesystem node scheduling expires.
The cache holds information on each filesystem node, e.g. load average,
disk free space, and whether authentication succeeds or not.
The default time is 600 seconds, i.e. ten minutes.
For example,
.nf
schedule_cache_timeout 60
.fi
.TP
\fBschedule_idle_load_thresh \fIload-average\fB\fR
This directive specifies the threshold of CPU load average to be
considered idle. The file system nodes whose CPU load average
is equal to or below the specified CPU load average are to be
scheduled at first.
The default load average is 0.1.
For example,
.nf
schedule_idle_load_thresh 0.1
.fi
.TP
\fBschedule_busy_load_thresh \fIload-average\fB\fR
This directive specifies the threshold of CPU load average to be
considered busy. The file system nodes whose CPU load average
is above the specified CPU load average are to be scheduled lastly.
The default load average is 0.5.
For example,
.nf
schedule_busy_load_thresh 0.5
.fi
.TP
\fBschedule_virtual_load \fIload-average\fB\fR
This directive specifies the virtual CPU load average. The
virtual CPU load is added when the host is scheduled to avoid
scheduling the same host multiple times. The default load average is
0.3.
For example,
.nf
schedule_virtual_load 0.3
.fi
.TP
\fBminimum_free_disk_space \fIbytes\fB\fR
This directive specifies free disk space (in bytes) which is
required on filesystem nodes. The Gfarm scheduler excludes filesystem nodes
which have less free space than this parameter, when it
schedules nodes for jobs which may write files.
The free space value may have a suffix like ``k'' (kilo bytes),
``M'' (mega bytes), ``G'' (giga bytes) and ``T'' (tera bytes).
The default size is 128M bytes.
This directive has to be specified in both gfarm2.conf and gfmd.conf.
After restarting the gfmd and the Gfarm client, it is effective.
For example,
.nf
minimum_free_disk_space 1G
.fi
.TP
\fBsimultaneous_replication_receivers \fInumber\fB\fR
This directive specifies maximum number of simultaneous
gfmd-initiated replications to same host.
The default is 20.
For example,
.nf
simultaneous_replication_receivers 40
.fi
.TP
\fBgfsd_connection_cache \fInumber\fB\fR
This directive specifies maximum number of cached gfsd connections.
The default is 16.
For example,
.nf
gfsd_connection_cache 32
.fi
.TP
\fBattr_cache_limit \fInumber\fB\fR
This directive specifies maximum number of cached attributes in
gfarm library.
The default is 40000.
For example,
.nf
attr_cache_limit 100000
.fi
.TP
\fBattr_cache_timeout \fImilliseconds\fB\fR
This directive specifies maximum time until cached attributes expire
in milliseconds.
The default is 1000, i.e. 1 second.
For example,
.nf
attr_cache_timeout 3600000
.fi
.TP
\fBlog_level \fIpriority_level\fB\fR
This directive specifies a level of log priority.
The log output, which priority is inferior to this level, will not be
sent to syslog or standard error.
The priority levels are "emerg", "alert", "crit", "err", "warning", "notice",
"info" and "debug" in highest first order.
The default level is "info".
It's not recommended to specify a level higher or equal to "crit".
For example,
.nf
log_level debug
.fi
.TP
\fBlog_message_verbose_level \fIlevel\fB\fR
This directive specifies how verbose the log message is.
The default value is 0, which outputs the log message id. The level 1
additionally outputs the file name and the line of source code. The
level 2 additionally outputs the function name.
For example,
.nf
log_message_verbose_level 1
.fi
.TP
\fBno_file_system_node_timeout \fIseconds\fB\fR
If there is no file system node available,
Gfarm client library periodically tries to find a file system node.
This directive specifies the timeout to try in seconds.
The default is 30 seconds.
For example,
.nf
no_file_system_node_timeout 30
.fi
.TP
\fBgfmd_reconnection_timeout \fIseconds\fB\fR
If the connection to the metadata server is disconnected,
Gfarm client library periodically tries to reconnect.
This directive specifies the timeout to try in seconds.
The default is 30 seconds.
For example,
.nf
gfmd_reconnection_timeout 30
.fi
.SH "GRAMMAR"
.PP
This is a grammar of gfarm2.conf described by the BNF
notation.
.nf
::=
\~\~ |
\~\~ |
\~\~ |
\~\~ |
\~\~ |
\~\~ |
\~\~ |
\~\~ |
\~\~ |
\~\~ |
\~\~ |
\~\~ |
\~\~ |
\~\~ |
\~\~ |
\~\~ |
\~\~ |
\~\~ |
\~\~ |
\~\~ |
\~\~ |
\~\~ |
\~\~ |
\~\~ |
\~\~ |
\~\~ |
\~\~ |
\~\~ |
\~\~ |
\~\~ |
\~\~ |
\~\~ |
\~\~ |
\~\~ |
\~\~ |
\~\~ |
\~\~ |
\~\~ |
\~\~ |
\~\~ |
\~\~ |
\~\~ |
\~\~ |
\~\~
::= "spool"
::=
\~\~"spool_server_listen_address"
::=
\~\~"spool_server_cred_type"
::=
\~\~"spool_server_cred_service"
::=
\~\~"spool_server_cred_name"
::= "metadb_server_host"
::= "metadb_server_port"
::=
\~\~"metadb_server_cred_type"
::=
\~\~"metadb_server_cred_service"
::=
\~\~"metadb_server_cred_name"
::=
\~\~"metadb_server_stack_size"
::=
\~\~"metadb_server_thread_pool_size"
::=
\~\~"metadb_server_job_queue_length"
::=
\~\~"metadb_server_heartbeat_interval"
::=
\~\~"metadb_server_dbq_size"
::= "ldap_server_host"
::= "ldap_server_port"
::= "ldap_base_dn"
::= "ldap_bind_dn"
::= "ldap_bind_password"
::= "postgresql_server_host"
::= "postgresql_server_port"
::= "postgresql_dbname"
::= "postgresql_user"
::= "postgresql_password"
::= "postgresql_conninfo"
::=
\~\~"auth"
::= "enable" | "disable"
::= "gsi" | "gsi_auth" | "sharedsecret"
::=
\~\~"sockopt" [=] [""LISTENER" | ]
= "debug" | "keepalive" | "sndbuf" | "rcvbuf" |
\~\~"tcp_nodelay"
::= "known_network"
::= "admin_user"
::= "admin_user_gsi_dn"
::= "local_user_map"
::= "local_group_map"
::= "schedule_cache_timeout"
::= "schedule_idle_load_thresh"
::= "schedule_busy_load_thresh"
::= "schedule_virtual_load"
::=
\~\~"minimum_free_disk_space"
::= "simultaneous_replication_receivers"
::= "gfsd_connection_cache"
::= "attr_cache_limit"
::= "attr_cache_timeout"
::= "log_level"
::= "log_message_verbose_level"
::= "no_file_system_node_timeout"
::= "gfmd_reconnection_timeout"
::= | "/" |
\~\~ | "." | "*"
::= *
::= | "," | "/" | "_"
::= *
::= | | "-" | "."
::=
::= [ "k" | "M" | "G" | "T" ]
::= [*]
::= "0" | "1" | "2" | "3" | "4" | "5" | "6" | "7" | "8" | "9"
::= """ * """
::=
\~\~ |
\~\~"\\\\" | "\\""
::= "enable" | "disable"
::= "emerg" | "alert" | "crit" | "err" | "warning" |
\~\~"notice" | "info" | "debug"
.fi
.SH "EXAMPLES"
.PP
The following is an example usin PostgreSQL to store the metadata,
and to allow access from filesystem nodes and clients at IP address
192.168.0.0/24, via sharedsecret authentication.
.nf
spool /var/spool/gfarm
metadb_server_host metadb.example.org
metadb_server_port 601
postgresql_server_host metadb.example.org
postgresql_server_port 5432
postgresql_dbname gfarm
postgresql_user gfarm
postgresql_password "secret-postgresql-password"
auth enable sharedsecret 192.168.0.0/24
sockopt keepalive
.fi
.PP
The following is an example using LDAP to store the metadata,
and to allow access from filesystem nodes and clients at any IP address,
via GSI authentication.
.nf
spool /var/spool/gfarm
metadb_server_host metadb.example.com
metadb_server_port 601
ldap_server_host metadb.example.com
ldap_server_port 602
ldap_base_dn "dc=example, dc=com"
ldap_bind_dn "cn=gfarmuser, dc=example, dc=com"
ldap_bind_password "secret-ldap-password"
auth enable gsi *
sockopt keepalive
.fi
.SH "FILES"
.TP
\fB\fI%%SYSCONFDIR%%/gfarm2.conf\fB\fR
.TP
\fB\fI$HOME/.gfarm2rc\fB\fR
.SH "SEE ALSO"
.PP
\fBgfmd\fR(8),
\fBgfsd\fR(8),
\fBsetsockopt\fR(2)