arc.conf

#testing webhook2
[common]

#[authtokens]

[authgroup:testers]
file=/etc/grid-security/testCA.allowed-subjects                                          
subject=/DC=org/DC=terena/DC=tcs/C=NO/O=Universitetet i Oslo/CN=Maiken Pedersen maikenp@uio.no

[authgroup:ligo]
# capability based authorization that use compute.* scopes
authtokens = * https://scitokens.org/ligo https://arctestcluster-hackathon-slurm-el7-ce1.cern-test.uiocloud.no compute.create *
authtokens = * https://scitokens.org/ligo https://arctestcluster-hackathon-slurm-el7-ce1.cern-test.uiocloud.no compute.read *
authtokens = * https://scitokens.org/ligo https://arctestcluster-hackathon-slurm-el7-ce1.cern-test.uiocloud.no compute.modify *
authtokens = * https://scitokens.org/ligo https://arctestcluster-hackathon-slurm-el7-ce1.cern-test.uiocloud.no compute.cancel *

authtokens = * https://cilogon.org/ligo https://arctestcluster-hackathon-slurm-el7-ce1.cern-test.uiocloud.no read:/frames *

[authgroup: wlcg_iam]
# capability based authorization that use compute.* scopes
authtokens = * https://wlcg.cloud.cnaf.infn.it/ https://arctestcluster-hackathon-slurm-el7-ce1.cern-test.uiocloud.no compute.create *
authtokens = * https://wlcg.cloud.cnaf.infn.it/ https://arctestcluster-hackathon-slurm-el7-ce1.cern-test.uiocloud.no compute.read *
authtokens = * https://wlcg.cloud.cnaf.infn.it/ https://arctestcluster-hackathon-slurm-el7-ce1.cern-test.uiocloud.no compute.modify *
authtokens = * https://wlcg.cloud.cnaf.infn.it/ https://arctestcluster-hackathon-slurm-el7-ce1.cern-test.uiocloud.no compute.cancel *
# group based authorization that use /wlcg/pilots group (LHC experiments prefer capabilities)
authtokens = * https://wlcg.cloud.cnaf.infn.it/ https://arctestcluster-hackathon-slurm-el7-ce1.cern-test.uiocloud.no * /wlcg/pilots

# accept token issued by EGI Check-in for job submission (both old MitreID and new Keycloak issuer)
[authgroup: egi_aai]
# very rough / DANGEROUS configuration - accepting all tokens without restrictions
#authtokens = * https://aai.egi.eu/oidc/ * * *
#authtokens = * https://aai.egi.eu/auth/realms/egi * * *
# it is possible to restrict job submission to the specific EGI user
authtokens = 85ff127e07ea6660c727831b99e18e4e96b319283f8d2cc8113f405bad2ba261@egi.eu https://aai.egi.eu/oidc/ * * *
authtokens = 85ff127e07ea6660c727831b99e18e4e96b319283f8d2cc8113f405bad2ba261@egi.eu https://aai.egi.eu/auth/realms/egi * * *
authtokens = 2dee939532f16e482748b6c25f6ebbf2cac57abd28ca98bee06a114393d14a89@egi.eu https://aai.egi.eu/oidc/ * * *
authtokens = 2dee939532f16e482748b6c25f6ebbf2cac57abd28ca98bee06a114393d14a89@egi.eu https://aai.egi.eu/auth/realms/egi * * *



[mapping]
map_to_user=testers grid:grid
map_to_user = wlcg_iam grid:grid
map_to_user=ligo grid:grid
map_to_user=egi_aai grid:grid



[lrms]
lrms=slurm
benchmark=HEPSPEC:14.998

[arex]
loglevel=5
controldir=/grid/control
sessiondir=/grid/session1
runtimedir=/grid/runtime
scratchdir=/scratch


[arex/cache]
cachedir=/grid/cache1


[arex/data-staging]
logfile=/var/log/arc/datastaging.log
preferredpattern=pandaserver.cern.ch$|.ndgf.org$|.se$|.dk$|.si$
maxdelivery=10
maxprocessor=10
maxemergency=1
maxprepared=20

[arex/ws]
loglevel=5
[arex/ws/jobs]
allowaccess=testers
allowaccess=ligo
allowaccess=wlcg_iam
allowaccess=egi_aai
allownew=yes

[arex/ws/publicinfo]

[arex/jura]
logfile=/grid/log/jura.log

[arex/jura/sgas:ndgf_sgas]
targeturl=https://accounting.ndgf.org:6143/sgas
localid_prefix=UiO_ARCTEST_158.37.63.16






[infosys]
[infosys/glue2]


[infosys/cluster]
nodeaccess=outbound

[queue:main]