Document the *.local files in the non-container cache/origin install …

…instructions
osg-htc · Dec 19, 2023 · ff39df1 · ff39df1
1 parent 0bf719f
commit ff39df1
Show file tree

Hide file tree

Showing 2 changed files with 34 additions and 0 deletions.
diff --git a/docs/data/stashcache/install-cache.md b/docs/data/stashcache/install-cache.md
@@ -273,6 +273,23 @@ In this case, you must manually tell the cache services which FQDN to use for to
 
 1.  Run `systemctl daemon-reload` after modifying the file.
 
+
+Making custom additions to authorization files (optional)
+---------------------------------------------------------
+
+The `stash-authfile` services on the cache generate files that configure authorization for XRootD.
+You can put local additions to this configuration into separate files, according to this table:
+
+| **Purpose**                                                   | **Generated file**                     | **Local additions file**                            |
+| :------------------------------------------------------------ | :------------------------------------- | :-------------------------------------------------- |
+| VOMS/SSL/X.509 auth config for unauthenticated cache instance | `/run/stash-cache/Authfile`            | `/etc/xrootd/stash-cache-Authfile.local`            |
+| VOMS/SSL/X.509 auth config for authenticated cache instance   | `/run/stash-cache-auth/Authfile`       | `/etc/xrootd/stash-cache-auth-Authfile.local`       |
+| SciTokens config for authenticated cache instance             | `/run/stash-cache-auth/scitokens.conf` | `/etc/xrootd/stash-cache-auth-scitokens.conf.local` |
+
+!!! note
+    These local additions files are only used in XCache 3.5.0 and newer.
+
+
 Managing OSDF services
 -------------------------------------------
 

diff --git a/docs/data/stashcache/install-origin.md b/docs/data/stashcache/install-origin.md
@@ -175,6 +175,23 @@ In addition, the origin service automatically uses the following SystemD units:
 | `[email protected]` | Updates the authorization files periodically (unauthenticated instance) |
 | `[email protected]` | Updates the authorization files periodically (authenticated instance) |
 
+
+Making custom additions to authorization files (optional)
+---------------------------------------------------------
+
+The `stash-authfile` services on the origin generate files that configure authorization for XRootD.
+You can put local additions to this configuration into separate files, according to this table:
+
+| **Purpose**                                                    | **Generated file**                      | **Local additions file**                             |
+| :------------------------------------------------------------- | :-------------------------------------- | :--------------------------------------------------- |
+| VOMS/SSL/X.509 auth config for unauthenticated origin instance | `/run/stash-origin/Authfile`            | `/etc/xrootd/stash-origin-Authfile.local`            |
+| VOMS/SSL/X.509 auth config for authenticated origin instance   | `/run/stash-origin-auth/Authfile`       | `/etc/xrootd/stash-origin-auth-Authfile.local`       |
+| SciTokens config for authenticated origin instance             | `/run/stash-origin-auth/scitokens.conf` | `/etc/xrootd/stash-origin-auth-scitokens.conf.local` |
+
+!!! note
+    These local additions files are only used in XCache 3.5.0 and newer.
+
+
 Verifying the Origin Server
 ---------------------------