Greetings Roy,
Our documentation needs work, for sure, and I will look at improving things .
The TDS and TDM only communicate over http; this communication requires
authorization, as provided by tomcat (in the case of the example in the
documentation - I am not sure about other server containers). Locally, at a
minimum, the system user running the TDM needs to be able to read the
configuration catalog files used by the TDS (to know what collections to
index), and the system user running the TDS needs to be able to read the
index files written by the TDM. The system user running the tomcat process
can be the same system user running the TDM process, but it does not have
to be that way. In our configuration, the user running the ldm also runs
the TDM, but tomcat is running under a heavily restricted user on the
system. Also, the system user running the tdm jar is not connected to the
user name specified in tomcat-users.xml file.
In order for the TDM to talk to the TDS (that is, tell the TDS that new
files are available to serve and that the client catalogs need to be
refreshed), a Tomcat user needs to be configured such that it has the role
tdsTrigger in tomcat-users.xml. In the docs, we call that tomcat user tdm,
but it can be whatever you like (I think), and again, is not tied to the
system user running the tdm process. The user and password configured in
tomcat-users.xml is the user and password given to the TDM via the cred
flag, which is passed to the tdm jar.
As for trigger, I don’t think that works in the update element anymore. We
used to allow the TDS to try to update the collection index files
along-side the TDM, but now only the TDM can update index files. I would
leave it out all together. The trigger attribute in the TDM element
defaults to true, so you should be able to leave it out.
Cheers, and Happy Thanksgiving to you, too!
Sean
On Thu, Nov 23, 2017 at 3:53 PM Roy Mendelssohn - NOAA Federal <
roy.mendelssohn@xxxxxxxx> wrote:
> Hi All:
>
> I have always found the TDM documentation confusing, and the interplay
> between the TDM and TDS unclear. Anyway, I am working on setting this
> up, and I am looking at:
>
>
> https://www.unidata.ucar.edu/software/thredds/current/tds/reference/collections/TDM.html
>
> > Upon startup, if -tds was used, but -cred was not, you will be prompted
> for the password for the tdm user password. This allows you to start up the
> TDM without putting the password into a startup script. Note that user tdm
> should be given only the role of tdsTrigger, which only gives rights to
> trigger collection reloading
>
> So am I correct that the tdm should not be run by the user say "tomcat"
> that is running the TDS? And if that is so, why not set up the TDM user
> with no login, as is normally done for the TDS user, and in that case
> what to give when it asks for the password?
>
> Next, the docs say:
>
> > The TDM scans the files in the feature Collection, and when it detects
> that the collection has changed, rewrites the index files. If enabled, it
> will send a trigger message to the TDS, and the TDS will reload that
> dataset. To enable this, you must configure the TDS with the tdsTrigger
> role, and add the user tdm with that role. Typically you do that by editing
> the ${tomcat}/conf/tomcat-user.xml file, eg:
> >
> > <?xml version='1.0' encoding='utf-8'?>
> > <tomcat-users>
> > <role ... />
> > <role rolename="tdsTrigger"/>
> > <user ... />
> > <user username="tdm" password="secret" roles="tdsTrigger"/>
> > </tomcat-users>
> >
>
> Now is this password the same or different from the first password above?
> If it is set here, is that what I will be asked for on starting, or the
> user password
>
> Finally, if I put the lines:
>
> > <tdm rewrite="true" rescan="0 0/15 * * * ? *" trigger="allow"/>
> > <update startup="never" trigger="allow" />
> >
>
> as in the example in the webpage in a file that appears to be correct,
> and check in a parser, the "trigger" term throws an error. Is that the
> correct format, and should I just ignore the parser error?
>
> Thanks and Happy Thanksgiving.
>
> -Roy
>
> **********************
> "The contents of this message do not reflect any position of the U.S.
> Government or NOAA."
> **********************
> Roy Mendelssohn
> Supervisory Operations Research Analyst
> NOAA/NMFS
> Environmental Research Division
> Southwest Fisheries Science Center
> ***Note new street address***
> 110 McAllister Way
> Santa Cruz, CA 95060
> Phone: (831)-420-3666
> Fax: (831) 420-3980
> e-mail: Roy.Mendelssohn@xxxxxxxx www: http://www.pfeg.noaa.gov/
>
> "Old age and treachery will overcome youth and skill."
> "From those who have been given much, much will be expected"
> "the arc of the moral universe is long, but it bends toward justice" -MLK
> Jr.
>
> _______________________________________________
> NOTE: All exchanges posted to Unidata maintained email lists are
> recorded in the Unidata inquiry tracking system and made publicly
> available through the web. Users who post to any of the lists we
> maintain are reminded to remove any personal information that they
> do not want to be made public.
>
>
> thredds mailing list
> thredds@xxxxxxxxxxxxxxxx
> For list information or to unsubscribe, visit:
> http://www.unidata.ucar.edu/mailing_lists/
>
