From 609f1fc93750d44fe297b626432975a898912238 Mon Sep 17 00:00:00 2001 From: Justin Hiemstra Date: Tue, 31 Mar 2026 19:10:10 +0000 Subject: [PATCH 1/3] Replace hardcoded monitoring path with MonitoringBaseNs constant Replace all scattered "/pelican/monitoring" string literals with the existing server_utils.MonitoringBaseNs constant so the monitoring base path is defined in exactly one place. --- cache/cache_api.go | 4 ++-- lotman/lotman_linux.go | 3 ++- origin/origin_api.go | 4 ++-- xrootd/authorization.go | 6 +++--- xrootd/self_monitor.go | 4 ++-- 5 files changed, 11 insertions(+), 10 deletions(-) diff --git a/cache/cache_api.go b/cache/cache_api.go index 96cc6e64c1..a136b87272 100644 --- a/cache/cache_api.go +++ b/cache/cache_api.go @@ -56,12 +56,12 @@ func CheckCacheSentinelLocation() error { // should have director-test- as the prefix func LaunchDirectorTestFileCleanup(ctx context.Context) { server_utils.LaunchWatcherMaintenance(ctx, - []string{filepath.Join(param.Cache_NamespaceLocation.GetString(), "pelican", "monitoring")}, + []string{filepath.Join(param.Cache_NamespaceLocation.GetString(), server_utils.MonitoringBaseNs)}, "cache director-based health test clean up", time.Minute, func(notifyEvent bool) error { // We run this function regardless of notifyEvent to do the cleanup - dirPath := filepath.Join(param.Cache_NamespaceLocation.GetString(), "pelican", "monitoring") + dirPath := filepath.Join(param.Cache_NamespaceLocation.GetString(), server_utils.MonitoringBaseNs) dirInfo, err := os.Stat(dirPath) if err != nil { return err diff --git a/lotman/lotman_linux.go b/lotman/lotman_linux.go index a235e37f34..796469ff2d 100644 --- a/lotman/lotman_linux.go +++ b/lotman/lotman_linux.go @@ -47,6 +47,7 @@ import ( "github.com/pelicanplatform/pelican/config" "github.com/pelicanplatform/pelican/param" "github.com/pelicanplatform/pelican/server_structs" + "github.com/pelicanplatform/pelican/server_utils" ) var ( @@ -752,7 +753,7 @@ func configLotsFromFedPrefixes(nsAds []server_structs.NamespaceAdV2) (map[string } for _, nsAd := range nsAds { // Skip monitoring namespaces - if strings.HasPrefix(nsAd.Path, "/pelican/monitoring") { + if strings.HasPrefix(nsAd.Path, server_utils.MonitoringBaseNs) { continue } var issuer string diff --git a/origin/origin_api.go b/origin/origin_api.go index 3b17e7171c..f2a47196a1 100644 --- a/origin/origin_api.go +++ b/origin/origin_api.go @@ -37,7 +37,7 @@ import ( // Configure XrootD directory for both self-based and director-based file transfer tests func ConfigureXrootdMonitoringDir() error { pelicanMonitoringPath := filepath.Join(param.Origin_RunLocation.GetString(), - "export", "pelican", "monitoring") + "export", server_utils.MonitoringBaseNs) uid, err := config.GetDaemonUID() if err != nil { @@ -69,7 +69,7 @@ func ConfigureXrootdMonitoringDir() error { // from diector-based/self tests. There could be dangling files due to // error in testing func LaunchOriginFileTestMaintenance(ctx context.Context) { - monitoringDir := filepath.Join(param.Origin_RunLocation.GetString(), "export", "pelican", "monitoring") + monitoringDir := filepath.Join(param.Origin_RunLocation.GetString(), "export", server_utils.MonitoringBaseNs) server_utils.LaunchWatcherMaintenance( ctx, diff --git a/xrootd/authorization.go b/xrootd/authorization.go index ff839668a3..a052a62822 100644 --- a/xrootd/authorization.go +++ b/xrootd/authorization.go @@ -1092,7 +1092,7 @@ func GenerateDirectorMonitoringIssuer() (issuer Issuer, err error) { } issuer.Name = "Federation-based Monitoring" issuer.Issuer = fedInfo.DiscoveryEndpoint - issuer.BasePaths = []string{"/pelican/monitoring"} + issuer.BasePaths = []string{server_utils.MonitoringBaseNs} issuer.DefaultUser = "xrootd" return @@ -1145,10 +1145,10 @@ func EmitScitokensConfig(server server_structs.XRootDServer) error { } cacheIssuer := server_structs.NamespaceAdV2{ Caps: server_structs.Capabilities{PublicReads: false, Reads: true, Writes: true}, - Path: "/pelican/monitoring", + Path: server_utils.MonitoringBaseNs, Issuer: []server_structs.TokenIssuer{ { - BasePaths: []string{"/pelican/monitoring"}, + BasePaths: []string{server_utils.MonitoringBaseNs}, IssuerUrl: *serverIssuer, }, }, diff --git a/xrootd/self_monitor.go b/xrootd/self_monitor.go index d0e0f02feb..2f6fb13dd7 100644 --- a/xrootd/self_monitor.go +++ b/xrootd/self_monitor.go @@ -45,7 +45,7 @@ import ( const ( selfTestBody string = "This object was created by the Pelican self-test functionality" - selfTestDir string = "/pelican/monitoring/selfTest" + selfTestDir string = server_utils.MonitoringBaseNs + "/selfTest" selfTestPrefix string = "self-test-" ) @@ -289,7 +289,7 @@ func generateFileTestScitoken() (string, error) { fTestTokenCfg.Lifetime = time.Minute fTestTokenCfg.Issuer = issuerUrl fTestTokenCfg.Subject = "cache" - fTestTokenCfg.AddResourceScopes(token_scopes.NewResourceScope(token_scopes.Wlcg_Storage_Read, "/pelican/monitoring/selfTest")) + fTestTokenCfg.AddResourceScopes(token_scopes.NewResourceScope(token_scopes.Wlcg_Storage_Read, selfTestDir)) // For self-tests, the audience is the server itself fTestTokenCfg.AddAudienceAny() From c0b239eea34970e0a172c4cb07a2179717779310 Mon Sep 17 00:00:00 2001 From: Justin Hiemstra Date: Tue, 31 Mar 2026 19:11:49 +0000 Subject: [PATCH 2/3] Add POSC bypass for Pelican monitoring paths The POSC (Persist on Successful Close) plugin uses rename(2) to atomically move files from a staging directory to their final location. This fails when the source and destination are on different filesystems, which is the case for monitoring paths in Kubernetes deployments where the Origin's run location is on a separate PVC from the storage exports. --- xrootd/resources/xrootd-origin.cfg | 7 ++++++- xrootd/xrootd_config.go | 2 ++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/xrootd/resources/xrootd-origin.cfg b/xrootd/resources/xrootd-origin.cfg index 0991aab7db..73b0e52ab7 100644 --- a/xrootd/resources/xrootd-origin.cfg +++ b/xrootd/resources/xrootd-origin.cfg @@ -79,6 +79,11 @@ posc.trace {{.Logging.OriginOss}} # We don't use the Origin.UploadTempLocation directly because # of the relative path semantics. posc.prefix /in-progress +{{- if or .Origin.SelfTest .Origin.DirectorTest}} +# Bypass POSC for monitoring paths so that self/director test files +# are written directly (they live on a different filesystem in K8s). +posc.bypass {{.Origin.MonitoringPrefix}} +{{- end}} {{end}} {{else if eq .Origin.StorageType "s3"}} ofs.osslib libXrdS3.so @@ -159,7 +164,7 @@ all.export {{.FederationPrefix}} {{- end}} {{- if or .Origin.SelfTest .Origin.DirectorTest }} # Note we don't want to export this via cmsd; only for self-test -xrootd.export /pelican/monitoring +xrootd.export {{.Origin.MonitoringPrefix}} xrootd.export /.well-known {{- end}} {{- if .Server.DropPrivileges}} diff --git a/xrootd/xrootd_config.go b/xrootd/xrootd_config.go index 578ed4f03e..ac298f4d53 100644 --- a/xrootd/xrootd_config.go +++ b/xrootd/xrootd_config.go @@ -104,6 +104,7 @@ type ( EnableListings bool EnableAtomicUploads bool SelfTest bool + MonitoringPrefix string Concurrency int Port int FederationPrefix string @@ -1174,6 +1175,7 @@ func ConfigXrootd(ctx context.Context, isOrigin bool) (string, error) { return "", errors.Wrap(err, "failed to generate Origin export list for xrootd config") } xrdConfig.Origin.Exports = originExports + xrdConfig.Origin.MonitoringPrefix = server_utils.MonitoringBaseNs switch xrdConfig.Origin.StorageType { case "https": From f8705597a619da92f2b07cd4b8c8c9bd81707029 Mon Sep 17 00:00:00 2001 From: Justin Hiemstra Date: Tue, 31 Mar 2026 19:14:29 +0000 Subject: [PATCH 3/3] Bump xrootd-s3-http to v0.6.6 --- github_scripts/osx_install.sh | 2 +- images/Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/github_scripts/osx_install.sh b/github_scripts/osx_install.sh index 7f9e14c981..47b6eec54f 100755 --- a/github_scripts/osx_install.sh +++ b/github_scripts/osx_install.sh @@ -90,7 +90,7 @@ sudo mkdir -p "$xrootd_libdir" sudo ln -s "$PWD/release_dir/lib/libXrdHttpPelican-5.so" "$xrootd_libdir" popd -git clone --recurse-submodules --branch v0.6.5 https://github.com/PelicanPlatform/xrootd-s3-http.git +git clone --recurse-submodules --branch v0.6.6 https://github.com/PelicanPlatform/xrootd-s3-http.git pushd xrootd-s3-http mkdir build cd build diff --git a/images/Dockerfile b/images/Dockerfile index 45a61c7423..873373708f 100644 --- a/images/Dockerfile +++ b/images/Dockerfile @@ -80,7 +80,7 @@ ARG XRDCL_PELICAN_VER=1.6.2 ARG XROOTD_LOTMAN_SRC_BUILD=false ARG XROOTD_LOTMAN_VER=0.0.5 ARG XROOTD_S3_HTTP_SRC_BUILD=true -ARG XROOTD_S3_HTTP_VER=0.6.5 +ARG XROOTD_S3_HTTP_VER=0.6.6 # Installed from Koji if not building it from source. ARG XRDHTTP_PELICAN_SRC_BUILD=false ARG XRDHTTP_PELICAN_VER=0.0.11