Xrootd Third Party Copy

Starting with dCache 4.2, native third-party transfers between dCache and another xrootd server (including another dCache door) are possible. These can be done either in unauthenticated mode, or with GSI (X509) authentication, using the client provided by SLAC (xrdcp or xrdcopy).

To enforce third-party copy, one must execute the transfer using

xrdcp --tpc only <source> <destination>

One can also try third party and fail over to one-hop two-party (through the client) by using

xrdcp --tpc first <source> <destination>

Changes to dCache configuration for authenticated (GSI) transfers

Because authentication is enforced between the source and destination servers (even though they are both holding a rendezvous token), the following must be done:

all dCache xrootd doors, but also write pools serving xrootd transfers, must have a valid host certificate and set of CA CRLS.
all dCache write pools serving xrootd transfers must be configured for the gsi client plugin; this means defining the following property, either in the dcache.conf or layout file:

pool.mover.xrootd.tpc-authn-plugins=gsi

a proxy certificate must be made available to any SLAC xrootd server being used (see the documentation at the XrootD site.

The dCache GSI xrootd plugin automatically generates a proxy from the host certificate, but the SLAC server (which uses the SLAC client to read-write the file from the source when it is destination) needs the certificate to be generated (and renewed) externally (a common solution for this is to set up a cron job).

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Xrootd Third Party Copy

Changes to dCache configuration for authenticated (GSI) transfers

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Clone this wiki locally