###
### Example of simple xrootd config file.
###
### The first part enables a simple data server exposing to clients
### the root paths /tmp and /data1.
### The second part shows how to enable password-based strong
### authentication using the ROOT special password in $HOME/.rootdpass
### The third part shows how to concurrently enable the PROOF serving
### features
###
### To load this configuration file:
###
### ~> xrootd -c $ROOTSYS/etc/proof/xpd.cf
###
### See http://www.slac.stanford.edu/xrootd for more details on the
### data serving part.
###

###
### Part one: data serving
###
xrd.protocol xrootd *
xrootd.fslib libXrdOfs.so

### Specify a non-default port here:
###  - overwritten by -p <port> on the command line
# xrd.port 5151

### Export path directives, i.e. the root paths which can accessed
### by clients ('xrootd.export /' exports the whole file system).
### An arbitrary number of these can be defined. The default is
### to export /tmp.
### NB: specifying any of these directives removes the default /tmp
###     from the internal list; in such a case a directive needs to
###     be given explicitely if /tmp needs to be exposed.
xrootd.export /tmp
xrootd.export /pool/data

###
### Part two: security directives:
###

### Example: enable password-based strong authentication checking
### also the special ROOT password in $HOME/.rootdpass.
### NB: if the application complains about a missing password file in
###    $HOME/.xrd/ just create an empty one running 'xrdpwdadmin' and
###    replying to the questions
###    (<ROOT_sys> with the path to the ROOT distribution)
# xrootd.seclib <ROOT_sys>/lib/libXrdSec.so
# sec.protocol pwd -d:0 -a:1 -vc:1 -upwd:2 -cryptfile:.rootdpass

###
### Part three: enable PROOF serving
###

### Load the XrdProofd protocol:
### a) if the ROOT lib paths are known by the linker/loader 
xrd.protocol xproofd:1093 libXrdProofd.so
### b) using absolute paths (<ROOT_sys> with the path to the ROOT distribution)
# xrd.protocol xproofd:1093 <ROOT_sys>/lib/libXrdProofd.so
### NB: envs vars are not expanded here, i.e. $ROOTSYS/lib/libXrdProofd.so will
###     not work; they are supported for the remaining "xpd." directives

###
### Directives governing the behaviour of the XrdProofd plug-in.
### Except when explicitely indicated, all the following directives support
### an optional 'if <pattern>' condition at the end of the line, e.g.
###    xpd.rootsys /opt/root   if lxb*.cern.ch
###    xpd.rootsys /usr/local  if lxp*.cern.ch
### Patterns may contain any number of wild cards; the best match is retained
### (max number of matching chars; if two are equal, the last specified wins).
###
### Available ROOT versions: the first 'rootsys' defines the default one;
### specifying a tag is optional: if missing, the ROOT version tag is taken
### (however, the tag must be unique, the first occurence is retained).
### If no 'xpd.rootsys' valid directives are specified, $ROOTSYS is used as
### default ROOT version. 
# xpd.rootsys /opt/root [tag_for_default_version]
# xpd.rootsys /opt/root-dev [tag_for_an_alternative_version]
###
### Location of the temporary directory [/tmp]
# xpd.tmp /usr/tmp
###
### Internal wait timeout in secs [5]
# xpd.intwait 500
###
### Max number of PROOF sessions [-1, i.e. no limit]
# xpd.maxsessions 10
###
### Number of workers for local sessions [number of CPUs]
# xpd.localwrks 2
###
### Multiuser option
### Default 1 (==ON) when running as superuser, 0 (==OFF) when running as normal.
### user. In the case the daemon has normal privileges, all users run under the
### effective user starting the daemon and privacy of sandboxes is not ensured
# xpd.multiuser 1
###
### Defines what to do when no client sessions are attached to a client area.
# Format:
#          xpd.shutdown <opt> <delay>
# where:
#          <opt> is the type of action to be taken when a client completly
#                disconnets; the options are:
#                0  remain connected
#                1  terminate when idle
#                2  terminate no matter the processing state
#
#          <delay> is the delay after which the action for option 1 or 2
#                  is performed; in seconds; to indicate minutes or hours use
#                  the suffix 'm' or 'h', respectively; e.g. 5m for 5 minutes.
# default:
#          xpd.shutdown 1 0
# xpd.shutdown 1 1m
# xpd.shutdown 1 1s
###
### Image name of this server [node name]
# xpd.image <image>
###
### Working directory for sessions [<User_Home>/proof]
### If this directive is given, the user working directories will be in the
### form <work_dir>/<user_name>
# xpd.workdir <work_dir>
###
### Dataset root directory [<User_WorkDir>/dataset]
### If this directive is given, the user dataset directories will be in the
### form <dataset_dir>/<group>/<User>, with <group>="default" if <User>
### does not belongs to any of the defined groups.
# xpd.datasetdir <dataset_dir>
###
### Max number of old PROOF sessions for which the working directory
### is kept with all the relevant files in (logs, env, ...); non-positive
### values mean no limit [10]
# xpd.maxoldlogs 10
###
### Modify priority of sessions belonging to <user> by <delta_priority>
### If <user> is missing, apply the change to all sessions.
### This directive requires special privileges, so it may be ineffective
### if these are missing
# xpd.priority <delta_priority> [if <user>]
# xpd.priority 4
# xpd.priority 6 if thatuser
###
### Resource finder
### NB: 'if <pattern>' not supported for this directive.
# "static", i.e. using a config file
#   <cfg_file>          path alternative config file
#                       [$ROOTSYS/proof/etc/proof.conf]
#   <user_cfg_opt>      if "yes": enable user private config files at
#                       $HOME/.proof.conf or $HOME/.<usr_cfg>, where
#                       <usr_cfg> is the second argument to
#                       TProof::Open("<master>","<usr_cfg>") ["no"]
#   <max_workers>       Maximum number of workers to be assigned to user
#                       session [-1, i.e. all]
#   <selection_mode>    If <max_workers> != -1, specify the way workers
#                       are chosen:
#                       "roundrobin"  round-robin selection in bunches
#                                     of n(=<max_workers>) workers.
#                                     Example:
#                                     N = 10 (available workers), n = 4:
#                                     1st (session): 1-4, 2nd: 5-8,
#                                     3rd: 9,10,1,2, 4th: 3-6, ...
#                       "random"      random choice (a worker is not
#                                     assigned twice)
# xpd.resource static [<cfg_file>] [ucfg:<user_cfg_opt>]  [wmx:<max_workers>] [selopt:<selection_mode>]
# xpd.resource static ~/.proof.test.conf wmx:2 selopt:random
# xpd.resource static $ROOTSYS/etc/proof.conf

###
### Master(s) allowed to connect. Directive active only for Worker or
### Submaster session requests. Multiple 'allow' directives can
### be specified. By default all connections are allowed.
# xpd.allow lxb6041.cern.ch
###
### Server role (master, submaster, worker) [default: any]
### Allows to control the cluster structure.
### The following (commented) example will set lxb6041 as master, and all
### the others lxb* as workers 
# xpd.role worker if lxb*.cern.ch
# xpd.role master if lxb6041.cern.ch
###
### URL and namespace for the local storage if different from defaults.
### By the default it is assumed that the pool space on the cluster is
### accessed via a redirector running at the top master under the common
### namespace /proofpool.
# xpd.poolurl lxb0105.cern.ch
# xpd.namespace /store

###
### Specifies tracing options. Valid keywords are:
###   req            trace protocol requests             [on]*
###   login          trace details about login requests  [on]*
###   act            trace internal actions              [off]
###   rsp            trace server replies                [off]
###   fork           trace proofserv forks               [on]*
###   dbg            trace details about actions         [off]
###   hdbg           trace more details about actions    [off]
###   err            trace errors                        [on]
###   inflt          trace details about inflate factors [off]
###   all            trace everything
###
### Defaults are shown in brackets; '*' shows the default when the '-d'
### option is passed on the command line. Each option may be
### optionally prefixed by a minus sign to turn off the setting.
### Order matters: 'all' in last position enables everything; in first
### position is corrected by subsequent settings
###
# xpd.trace fork -err rsp

### Super-users directive: specify a comma-serarated list of users with
### special privileges; the effective user under which the daemon is run
### (-R option on the command line) is always privileged.
# xpd.superusers usr1,usr2

### User access control directive: specifies a comma-separated list
### of users allowed to connect to the cluster.
# xpd.allowedusers usr1,usr2,usr3

###
### Group information file
### Defines the file containing the information about the composition
### of the group and their properties. See example in xpd.groups.sample .
# xpd.groupfile $ROOTSYS/etc/proof/xpd.groups

### xproofd specific security directives, allowing for independent
### rules from the ones applying to data serving.
### NB: 'if <pattern>' not supported for these directives (protbind can
###     used for similar purposes).
### In the example, GSI authentication is required with no control on CRL.
### If this section is missing xproofd falls back to the security setup
### defined for data serving.
# xpd.seclib libXrdSec.so
# xpd.sec.protocol gsi -crl:0 -gmapopt:1 -dlgpxy:1

###
### This directive may be used to set additional environment variables
### for 'proofserv'. This is useful, for instance, to set client-side
### security options. It is possible to set some context depending
### keyworks which will be expanded before launching 'proofserv'; the
### syntax is <keyword>; keywords currently recognized are:
###            <workdir>  -->   expanded to workdir (see above)
###            <user>     -->   expanded to the user's username
### Example:
###
### xpd.putenv  MYENV=<workdir>/<user>/.creds
###
### with 'xpd.workdir /tmp/proof' will set MYENV to "/tmp/proof/minni/.creds"
### for user 'minni' and to "/tmp/proof/pippo/.creds" for user 'pippo'.
### There can be as 'putenv' directives as needed.
# xpd.putenv  XrdSecPWDSRVPUK=<workdir>/<user>/.creds/pwdsrvpuk

###
### This directive may be used to set additional rootrc-like variables
### for 'proofserv'. This allows to control everything from this configuration
### file. At start-up, 'proofserv' will read the additional directives
### from the file "session.rootrc" created in the session working dir
### by XProofd; "session.rootrc" is actually a symlink to the real file
### whose name is in the form
###     <node_type>-<ordinal>-<session_unique_tag>.rootrc
### Example:
###
### xpd.putrc  AName.AVar: AValue