Executive summary

Hightlights from this release:

  • New site description property to add local branding.

  • Admin shell supports Ctrl-C to interrupt commands.

  • Alarms service can share domains with other services.

  • Improved attribute handling in Chimera.

  • Shorter session identifiers.

  • FTP and DCAP cell names are unique across restarts.

  • Info provider publishes all global network interfaces.

  • Improved login broker registration and SRM door selection, including improved IPv6 support.

  • Improved and more robust NFS proxy mode.

  • On the fly checksum calculation for NFS and xrootd.

  • Improved nearline storage Service Provider Interface for more flexible drivers.

  • Precomputed repository statistics in pools.

  • HTTP and xrootd uploads block until post-processing completes.

  • Reduced memory consumption in pools using Berkeley DB.

  • Site specific srmPing attributes.

  • Parameterized WebDAV templates.

  • More uniform access logs.

  • Localized timestamps in pinboard.

  • Improved bash completion.


  • Java 8 is required for running dCache 2.12. Both the Oracle JDK and OpenJDK are supported.

  • The poolmanager.conf file should be regenerated using the save command before upgrading.

  • Instatiation of WAR files in the httpd service has changed. Custom httpd.conf configurations will have to be updated.

  • Local customizations to the WebDAV directory listing template will likely have to be updated.

  • Third party xrootd channel handler plugins from previous releases are not compatible with dCache 2.12. Contact the vendor for updates plugins.

  • Local modifications to logback.xml should be reapplied to the upstream version.

  • The authorization rules for space reservations without an owner has changed.

  • The webadmin interface no longer provides access to the info service. The same functionality is available through other httpd plugins.

  • The xrootd mover now uses ports from the LAN port range by default. Previous releases of dCache always used the WAN port range. Note that the xrootd mover port range is configurable with this release.

Release 2.12.41

Changes affecting multiple services

Fixed an issue with the dcache heap dump command when called with a simple file name as the output path. In this case the dump could in some cases be written to a different directory while the script claimed the dump had failed. The dcache dump heap command has a --force option for cases in which the JVM is unresponsive. This option was ignored for processes not running as root. This is fixed now.


A bouncing message bug in System cell is fixed.


Setting atime-gap to –1 (default value) should disable file’s last access time updates. Nevertheless, this was not the case and atime update was always enabled. This is fixed now and file’s last access time can be disabled as described in the documentation.


Fix race condition in request scheduler.


The ls -completed=n command has been observed to fail with SRMInvalidRequestException. This is fixed now and the output format of listing list requests has been changed to match that of other requests.

Changelog 2.12.40..2.12.41

[maven-release-plugin] prepare release 2.12.41
srm: Fix listing of completed list requests
dcache: fix heap dump to simple file names
script: Make dump heap –force work for non-root processes
srm: Do not expose TURL before request is ready
pool: Fix race condition in request scheduler
billing: additional fixes to insert triggers
system-test: update disposable-CA generated credentials
pnfsmanager: fix atime update regression
cells: Avoid bouncing message on no-route errors in System cell
[maven-release-plugin] prepare for next development iteration

Release 2.12.40


When representing checksums in the admin interface and configuration files, checksums are now presented in an improved format.

Changelog 2.12.39..2.12.40

[maven-release-plugin] prepare release 2.12.40
common: fix ChecksumType.toString()
[maven-release-plugin] prepare for next development iteration

Release 2.12.39


The nearline storage subsystem has a thread pool for various tasks. Some of these tasks are blocking. Since the thread pool is unlimited, a high inflow of new requests can cause the thread pool to grow rapidly and even exceed thread limitations. In that case the pool dies. In the current release a new pool.limits.nearline-threads property is introduced which allow to limit the number of threads used by the nearline storage subsystem. Note that, the default is 30 threads.

Changelog 2.12.38..2.12.39

[maven-release-plugin] prepare release 2.12.39
pool: Fix regression breaking hopping mananger
[maven-release-plugin] prepare for next development iteration

Release 2.12.38


LoginManager would occasionally generate error messages similar to “Discarding listening on $LOCATION 53684’ because its age of 18721640 ms exceeds its time to live of 4500 ms.”. This was due to erroneous reuse of old message envelopes in the internal messaging. This change fixes that problem.

This change addresses a potential problem in which messages sent between cells in the same domain could appear older than they are and thus would risk being discarded due to the time-to-live being expired.


A Tier–1 site reported problems with a major WLCG VO’s read requests. Investigating the source of the problems showed that the srm_ifce library, used by the (outdated) GFAL v1 and the (supported) GFAL v2 SRM libraries, drastically limits the permitted lifetime of requests without providing admins any way to configure this.

For sites seeing errors related to desiredTotalRequestTime being exceeded, this change provides the new configuration option srm.request.maximum-client-assumed-bandwidth in srm.properties as a work-around.

Sites not observing such errors do not need to change anything with regard to this value.

Changelog 2.12.37..2.12.38

[maven-release-plugin] prepare release 2.12.38
srm: add short request lifetime work-around
chimera: Fix regression in inheriting ACLs on directory creation (HSQLDB)
cells: Improve robustness of message time to live
cells: Fix erroneous reuse of message envelope in location manager registration
[maven-release-plugin] prepare for next development iteration

Release 2.12.37


Billing entries for SRM uploads recently lost the storage class part of the entry. This update fixes that issue.


This modification fixes a potential race condition in pool manager.


This modification corrects the error reporting under WebDAV. When attempting to delete a non-existing file, unauthenticated users receive a 401 Unauthorized response, while authenticated users receive a 404 Not Found response.

Changelog 2.12.36..2.12.37

[maven-release-plugin] prepare release 2.12.37
pnfsmanager: Fix regression in SRM billing entries
poolmanager: Fix race condition in pool selection unit
webdav: fix 404 error if attempting to delete a nonexistent file
[maven-release-plugin] prepare for next development iteration

Release 2.12.36


With this release, PnfsManager adds safety checks rejecting invalid upload paths that SRM might erroneously supply. This release hardens an installation against possible bugs triggering data loss.

This release adds a check that detects failed or incomplete SRM uploads and prevents the file from being committed to its final path. Common symptoms of this bug were zero sized files that experiment catalogues registered as successfully uploaded.


This release adds a check to detect broken uploads using SRM during the final stage of file transmission. While it causes transfers to take a little more time, resilience against upload failures is increased.

Changelog 2.12.35..2.12.36

[maven-release-plugin] prepare release 2.12.36
srm: Check for broken files during srmPutDone
pnfsmanager: Check file size and upload completion when committing temporary upload paths
pnfsmanager: Protect against erroneous upload paths
[maven-release-plugin] prepare for next development iteration

Release 2.12.35

Changes affecting multiple services

Several cases of slow performance were reported while deleting directory in Chimera. This is now fixed.


On heavily loaded systems creating alarms at very high frequencies and with comparatively slow databases for alarm logging, components ran out of memory and blocked. This release introduces a mechanism that will drop alarm messages that would cause the system to fail, ensuring continued operation. Note that no messages that are critical to system operation will ever be dropped by this change.


When command execution to migrate files between pools (e.g. migration concurrency or migration copy) is interrupted due to the failure to find migration job the returned error message is considered as a bug. This is now fixed so that a new message is returned indicating that the job being requested does not exist.


When file upload is cancelled the value of temporary upload path tracked by SRM could be a value different from a regular path, either because it was changed outside of dCache, or it contains entries from a very old version of dCache. This could result in data loss while canceling upload. The current release fixed a potential data loss scenario.


The statistics service creates static HTML pages that describe dCache usage over time as simple files that the webadmin service can serve. This includes information about pools and store-units. The problem is that the statistics webpages do not show information about any pool or store-unit that contains a / in the name. This is now fixed. A side-effect is that the history of any pool or store-unit containing a ^ in the name is lost.

Changelog 2.12.34..2.12.35

[maven-release-plugin] prepare release 2.12.35
chimera: Alter statistics target for t_tags(itagid)
srm: Add safe-guard against invalid file ID in put requests
pool: Don’t consider failure to find migration job a bug
statistics: encode ‘/’ in filenames
2.12 alarms: change executor to have bounded queue and discard events on overrun
[maven-release-plugin] prepare for next development iteration

Release 2.12.34


On heavily loaded systems creating alarms at very high frequencies and with comparatively slow databases for alarm logging, components ran out of memory and blocked. This release introduces a mechanism that will drop alarm messages that would cause the system to fail, ensuring continued operation. Note that no messages that are critical to system operation will ever be dropped by this change.


Pinning files is now a non-blocking operation. For files stored on tape, this should result in a more responsive system behaviour, avoiding NFS blocking in situations with many concurrent pin requests.

Changelog 2.12.33..2.12.34

[maven-release-plugin] prepare release 2.12.34
Revert “(2.12) alarms: change executor to have bounded queue and discard events on overrun”
(2.12) alarms: change executor to have bounded queue and discard events on overrun
adjust commit 5acde923f467ec3e391988ecd1dac05163dbbb1b to 2.12 branch code
nfs: use noitify instead of blocking sendAndWait when sending pin/unpin messages via touch “.(get)(<file_name>)(pin)” command
[maven-release-plugin] prepare for next development iteration

Release 2.12.33

Changes affecting multiple services

Sometimes when a cell start up was interrupted an error message was logged as a bug. This is now fixed.


The GLUE infomation provider supplies information about the dCache instance, which is important for the clients in WLCG area. Because in dCache different doors can have different roots, clients may need to adjust their path when accessing dCache through different doors. The info-provider is updated so that a new path root property is provided. This allows clients to modify paths, as necessary. Note that the SRM door already supports this translation when redirecting clients for transfers.

Changelog 2.12.32..2.12.33

[maven-release-plugin] prepare release 2.12.33
info-provider: publish door root path
cells: Suppress illegal state exception during initialization
[maven-release-plugin] prepare for next development iteration

Release 2.12.32


Spacemanager backs off when it encounters a problem writing to the database. Previously, if the problem was due to deadlocks then the two tasks involved are delayed by the same amount, which means it is possible that subsequent attempt will also deadlock. This release randomises the delay to reduce the likelihood of this problem occuring.

Changelog 2.12.31..2.12.32

[maven-release-plugin] prepare release 2.12.32
spacemanager: Randomize backoff in case of transient errors
[maven-release-plugin] prepare for next development iteration

Release 2.12.31


This release fixes a bug that caused the output of the rep ls -s admin command to contain negative values.


Fix dCache handling of open requests where uploads were considered downloads.

Changelog 2.12.30..2.12.31

[maven-release-plugin] prepare release 2.12.31
Revert “pool: Expose Berkeley DB configuration as dCache properties”
xrootd: Fix classification of uploads
pool: Expose Berkeley DB configuration as dCache properties
pool: Fix accounting error in repository statistics
[maven-release-plugin] prepare for next development iteration

Release 2.12.30

Changes affecting multiple services

Don’t log Error while reading from tunnel: java.nio.channels.AsynchronousCloseException when a domain shuts down.

Changelog 2.12.29..2.12.30

[maven-release-plugin] prepare release 2.12.30
cells: Don’t log AsynchronousCloseException when tunnel closes
[maven-release-plugin] prepare for next development iteration

Release 2.12.29

Changes affecting multiple services

Update the Spring, Milton, AspectJ, Jetty and DataNucleus-core libraries to latest version. All dCache services are affected.


If a 3rd-party transfer fails then the pool may log and report incomplete information on why this happened. This release fixes this problem.

Changelog 2.12.28..2.12.29

[maven-release-plugin] prepare release 2.12.29
2.12: upgrade third party dependencies
http–3rd-party: ensure IOException logged with toString
info: fix test to be less critical on timing
[maven-release-plugin] prepare for next development iteration

Release 2.12.28


Add new options to the rep set sticky command to allow filtering by access-latency, retention-policy, storage class and cache class.

Add an option to migration module to support filtering by cache class.

Add the -meta-only option to migration module. This limits the affected replicas to those where the file’s data is not transferred; i.e., the target is some existing replica of the file. Local replicas that do not exist on any other pool are skipped.

Extend the migration module’s -sticky option to allow negated selection. This is marked by prefixing the sticky owner with a -. For example, -sticky=-system selects replicas that do not have the system sticky.

Fix persistency of the sticky bits. Should a replica’s list of sticky bits be modified by either the rep set sticky command or the migration module modifying some existing replica then the sticky flags are held in memory but not written to the Berkeley DB. The next restart of the pool will loose that information, potentially resulting in data loss. Pools that store metadata as files are not affected.


Previous releases of dCache contained a bug where replicas generated by pool-to-pool copies failed to include the access latency and retention policy. While not directly affecting dCache operations, the result is that this information is no longer reliable.


Fix listing by PNFS-ID. Glob support is removed as it was non-functional.

Changelog 2.12.27..2.12.28

[maven-release-plugin] prepare release 2.12.28
pool: Do not output expired sticky flags
pool: Only save sticky bits if not already set
poolmanager: Fix missing access latency and retention policy on pool to pool copy
pool: Make bulk sticky bit operation robust against repository changes
pool: Throw IllegalArgumentException on rep set sticky errors
spacemanager: Fix listing by pnfs id
pool: Extend migration module with -meta-only option
pool: Add option to migration module to filter by cache class
pool: Add bulk mode for rep set sticky command
pool: Add migration option to filter by absense of sticky flags
pool: Fix persistence of sticky bits
[maven-release-plugin] prepare for next development iteration

Release 2.12.27

Changes affecting multiple services

This release fixes a caching issue where changes to inode metadata (e.g., ownership or permissions) for / (the root directory of Chimera) are not visible until the service is restarted. This affects NFS doors and pnfsmanager service.

Changelog 2.12.26..2.12.27

[maven-release-plugin] prepare release 2.12.27
chimera: Prevent filling of stat cache of root inode
[maven-release-plugin] prepare for next development iteration

Release 2.12.26

Changes affecting multiple services

The chimera library, used by PnfsManager and NFS, contains possible race conditions that can lead to a NullPointerException. These are updated so that Chimera gives the correct error message under these circumstances.

The chimera library, used by the pnfsmanager and nfs services, contains a bug where two near-simultaneous attempts to delete a hitherto empty directory and write a file into the same directory will both succeed but leave an orphaned file: it exists in the t_dirs table but the parent does not exist in t_inodes table. This seems to be triggered when an ftp door fails with no write pool configured. This release fixes this problem.


Fix the error message (logged by the domain hosting pnfsmanager) if an attempt to finalise an SRM upload fails within pnfsmanager, or if an attempt to cancel an SRM upload fails within pnfsmanager.


When reporting an alarm that a pool is declared DOWN, the message mistakenly omitted the name of the pool. This is now fixed.


Update to the latest version of milton.


Update the alice-token plugin to allow the host name check to succeed on dual-stack (IPv4 and IPv6) machines.

Fix door so that it no longer logs: An exceptionCaught() event was fired, and it reached at the tail of the pipeline. It usually means the last handler in the pipeline did not handle the exception.

Log initial response (usually that an asynchronous reply is forthcoming) when client attempts to open a file.

When authenticating with the GSI plugin, provide an informative message if the host private key file cannot be understood.

Changelog 2.12.25..2.12.26

[maven-release-plugin] prepare release 2.12.26
xrootd: Update alice token plugin to fix IPv6 compatibility
xrootd: Upgrade to xrootd4j 2.1.3
chimera: Detect races in directory deletion
chimera: Detect races during move
xrootd: Fix logging of Netty exceptions
webdav: update to latest milton
PnfsManager: remove copy-n-paste error in error message
(2.12) pool manager: add pool name to alarm
system-test: Fix grid-security settings
rpm: enforce SL5 compatibility when building RPM packages
[maven-release-plugin] prepare for next development iteration

Release 2.12.25

Changes affecting multiple services

Eliminate race condition that can lead to a NullPointerException if a cell does not shut down cleanly.

The dcache script no longer checks whether the hostkey.pem file is in PKCS#8 format when dcache stop is invoked. Previously this could lead to orphaned dCache domains; for example, when upgrading dCache RPM.


Fix potential IndexOutOfBoundsException should the response from the acm cell be malformed.


Update the text format of logged and emailed alarms so that messages include the type of alarm rather than simply the phrase ALARM [ ALARM_TYPE ]. Note that the alarms.email.encoding-pattern and alarms.history.encoding-pattern properties have been updated; sites that have modified either of these properties must review their configuration to take advantage of this update.


Fix an intended pool-to-pool transfer optimisation: the receiving pool failed to reuse a delayed mover, should the pool-to-pool request timeout and be retried.

Fix pools so that they do not log NullPointerException if a pool receives a request to restore a file from an HSM to which it has no access.


Fix how the writedata command in the chimera shell accepted data: the command-line argument was ignored if supplied and data was taken from stdin, if no argument was supplied then the command would fail with NullPointerException. Note: this command does NOT write data into dCache, but into Chimera.


Fix the context information included when logging failures to write job information to the database.

Changelog 2.12.24..2.12.25

[maven-release-plugin] prepare release 2.12.25
srm-client, dcache: fixed passing incompatible arguments to functions
dcache: removed unecessary use of non-short-circuit logic
(2.12) alarms: modify logback encoding to show actual alarm type
pool: Fix NPE when restoring file
scripts: do not check for PKCS#8 formatted hostkey.pem on shutdown
chimera: Null value passed to non-null parameter in org.dcache.chimera.cli.Shell$WriteCommand.call()
srm: Use correct logging context when saving jobs
cells: Fix NPE during shutdown
[maven-release-plugin] prepare for next development iteration

Release 2.12.24

Changes affecting multiple services

When starting up, all doors (dcap, ftp, nfs, srm, webdav, xrootd) and pools advertise their presence to other dCache components before they are able to handle incoming requests. This can lead to subsequent queries timing out as the service finishes starting up. With this version of dCache, doors and pools only advertise their presence once they can handle incoming requests.


This release updates how dCache configures the Berkeley DB when used for storing pool metadata. In addition, dCache will now no longer disable the pool when suffering a Berkeley DB-related problem if the Berkeley DB environment is still valid. Combined, these two changed should greatly reduce the occurances of pools disabling themselves when under heavy IO load.

Changelog 2.12.23..2.12.24

[maven-release-plugin] prepare release 2.12.24
pool: Refine Berkeley DB failure handling
Don’t announce cells to other services until they have started
[maven-release-plugin] prepare for next development iteration

Release 2.12.23

Changes affecting multiple services

The ftp, webdav and xrootd doors will delete the target file if an upload was unsuccessful. The copy manager (part of the transfermanagers service) has a similar behaviour if an internal copy is unsuccessful. If this delete was unsuccessful (e.g., the client deleted the file itself) previous dCache versions would log this at ERROR level. With this dCache version, such occurrences are logged at DEBUG level.


Fix race condition that can occur when a pool is first accepting pNFS transfers if multiple requests are processed almost simultaneously.


Adds support for the Robots Exclusion Standard (/robots.txt). The default advice is that web-crawlers should avoid indexing all content in dCache.

The webdav door has separate configuration allowing the admin to configure the door-local path that contains site-local files and the URI prefix to access those files. Earlier versions of dCache mistakenly used the former for the latter, which this release fixes.

Changelog 2.12.22..2.12.23

[maven-release-plugin] prepare release 2.12.23
webdav: Respect webdav.static-content.uri property
doors: Do not log failure to delete absent files on upload failures:
nfs4: fix race in request processing
webdav: Add robots.txt
[maven-release-plugin] prepare for next development iteration

Release 2.12.22

Changes affecting multiple services

In earlier versions of dCache, the code-base would always establish a node’s FQDN through a DNS query on start-up. For some services and for dCache scripts (for example, the chimera script), this information is not used. With this release, dCache only makes the DNS query when it is necessary, so domains hosting services that do not need this information and scripts will start faster.


Doors describe their root path to SRM so it can calculate appropriate TURLs. Previous versions of dCache had dcap doors register incorrect paths, which this release fixes.

dCache configuration allows an admin to control if certain ciphers are allowed. In particular, this allows sites to remove support for problematic ciphers or hashing algorithms. This release fixes a problem where the GSI-dcap door failed to honour such settings.


The replica-manager periodically requests a list of file replicas that a pool is hosting. In previous versions of dCache, if the pool finds a broken file then an error is returned to replica-manager. The replica-manager then considered the entire pool as being offline. With this version od dCache, such errors are logged on the pool. The replica-manager will not consider the pool as hosting that file’s data, but will otherwise consider the pool online.

The different HSM operations (flush, stage and remove) have internal timeouts after which the pool considers the request as failed. In previous versions of dCache, the default pool setup includes a four hour timeout for flush and stage but neglected to set a default for delete. This omission caused delete operations to time-out very quickly. With this release, delete operations also have a default of four hours.

Fix the Ruby implementation of the hsmcp script (hsmcp.rb) so it can parse new command-line arguments that include concurrency options.

The concurrency for active HSM operations is configurable and may be adjusted dynamically. In earlier versions of dCache, decreasing the concurrency only became effective when that operation started to idle. This has been fixed so the limits start to have an effect as operations complete.

Each movers can have one of three priority (LOW, MEDIUM, HIGH) and a selection discipline (FIFO or LIFO). The documented behaviour was for queue with names that start with - have LIFO discipline and those that start with any other character have FIFO discipline. Due to a bug, the order was wrong, with the priorities inverted and the two disciplines swapped, so LOW priority movers were started before MEDIUM level and MEDIUM were started before HIGH. This release fixes this so HIGH priority movers are selected preferentially over MEDIUM and, MEDIUM priority movers are chosen over LOW priority; however, it was decided to keep the disciplines as in previous versions and updated the documentation accordingly. There are several reasons for this: first, there is no difference between LIFO and FIFO when movers are not queued; second, neither discipline will help if the pool is persistently overloaded; third, LIFO discipline (although unfair) is documented as providing a better overall throughput during a time-limited overload; fourth, by default dCache has been running with LIFO discipline since v1.9.11 (released 2011–01–13) without any apparent problems.

HTTP third-party transfers report back if there was a problem verifying that the transfer was successful. One possible problem is that the remote server failed to supply checksum information. Reporting of such situations is now fixed.


The dCache alarms page in webadmin can be slow to respond when first visited. This is because the page attempts to load all alarm events when showing this page. With this version of dCache, the initial visit is limited to the most recent 100 events. The auto-refresh of this page has become an option shown within the page and is switched off by default.


In previous versions of dCache, should a user cancel a transfer shortly after a mover is created then there was a risk that the mover is abandoned. This is fixed with this release.


Fix race-condition that can lead to a stack-trace like:

Uncaught exception in thread xrootd-net-13 java.util.ConcurrentModificationException: null
        at java.util.HashMap$HashIterator.nextNode(HashMap.java:1429) ~[na:1.8.0_60]
        at java.util.HashMap$KeyIterator.next(HashMap.java:1453) ~[na:1.8.0_60]
        at org.dcache.xrootd.door.XrootdRedirectHandler.channelInactive(XrootdRedirectHandler.java:147) ~[dcache-xrootd-2.13.9.jar:2.13.9]

In earlier versions of dCache, if the xrootd door times out for a write request while waiting for the mover to send the redirection information then the mover is abandoned. This is fixed with this release.

Changelog 2.12.21..2.12.22

[maven-release-plugin] prepare release 2.12.22
hsmcp: update to match new HSM interface.
(2.12) webadmin: improve user-friendliness of alarms page on load
(2.12) old replica manager: prevent pool being listed as offline when there are files with corrupt metadata
webdav: Kill abandoned movers
xrootd: Kill mover on aborted write
pool: Fix transfer prioritization
pool: Add nearline storage default timeouts
xrootd: Fix race condition in request cancelation
pool: Let script nearline storage provider scale down when lowering limits
dcap: Fix broken argument parsing
dcap: Fix socket factory argument parsing
Fix build and startup regression
pool: Fix error reporting in remote HTTP mover
prepare for next development iteration

Release 2.12.21


Fix security vulnerability in srm EGI-SVG–2015–9495 (restricted).

Release 2.12.20

Changes affecting multiple services

In many cases, poolmanager would timeout after ten seconds when asked which pool to use for a transfer. This behaviour was not intended. The consequence of this bug is protocol specific: for some protocols, the door retries internally while other doors propagate this error to the client. Another consequence was the increased risk of the domain hosting poolmanager running out of memory, particularly when staging files. This release fixes the underlying problem. It is recommended that all doors be upgraded.

Fix a performance regression when deleting directories; the fix affects the pnfsmanager and nfs services.


Fix bug that can result in leaked entries in space-manager file management from failed uploads. The problem is most likely triggered when a client cancels an FTP upload at the same time as the correponding SRM upload request expires. The problem may also be triggered by communication failure with PnfsManager and the user deleting the failed upload before the pool retries.


Fix support for credential delegation if the credential’s certificate is sent over multiple SSL frames. This most likely happens when the certificate exceeds the maximum frame size.

Changelog 2.12.19..2.12.20

[maven-release-plugin] prepare release 2.12.20
spacemanager: Fix race condition leading to leaked reservation entries
chimera: Resolve performance regression in directory deletion
doors: Fix pool selection timeout handling
Fix timeout math to avoid overflow
srm: Fix credential delegation
Preparing for next release cycle

Release 2.12.19


Fix security vulnerability in gsi and kerberos authenticated ftp.

Release 2.12.18

Changes affecting multiple services

The System cell of each domain contains a version command that allows discovery of which dCache version is running. This release fixes this command. Note: there is no problem with the dcache script’s version command.


The NFS protocol provides access to additional infomation through dot commands. This release fixes the nameof and pathof commands for non-ASCII filenames.


Fix that dCache respects the setgid bit on a parent directory when the user uploads a file via the SRM protocol. Important: the srm node should be updated at the same time.


This release overhauls the srm service’s queuing behaviour. To reduce likelihood of bulk operations overwhelming dCache, the srm limits the number of requests it processes concurrently to some configurable maximum. It places any additional schedulable activity (LS, GET, PUT, BRING-ONLINE and RESERVE-SPACE) into queues; the next request from the queue is processed when a processing slot becomes available. Previously, the process of selecting which queued request to process next was both unfair and inefficent: as the queue size increased, the srm node consumed considerably more CPU effort and individuals experienced increased latency.

This release sees the introduction of a new queuing mechanism designed to overcome these problems. The queing strategy is both configurable and pluggable, allowing the admin to control the desired characteristics. Some of the queuing strategies shipped with dCache are designed to share the available processing slots fairly between users or between groups of users; this grouping of users is also both configurable and pluggable, with dCache shipping with many useful choices. See the srm default configuration properties file for further details.

Enforce authorisation of requests to finalise or cancel an upload. When initiating an upload, the user’s uid and primary gid are taken as the request owner-uid and owner-gid respectively. Only users that have the same uid as the request’s owner-uid or are a member of the request’s owner-gid are allowed to cancel or finalise an upload. Important: the srm must be updated if the pnfsmanager is updated.


This release fixes a bug with the periodic building of billing plots. Previously, if the billing service took too long to reply then there would be no further updates to the billing plots.

Changelog 2.12.17..2.12.18

[maven-release-plugin] prepare release 2.12.18
srm: Refactor scheduler to avoid unused queues and per user counters
srm: Reimplement scheduling policy to resolve scalability issues
rpm: remove “commented out” macros lines from spec file
chimera: fix nameof and pathof for paths containing unicode
chimera: Let SRM respect setgid on upload
srm: Add authorization to put done and abort requests
module: cells
(2.12) dcache-webadmin: add TimeoutCacheException to catch clause in billing service
[maven-release-plugin] prepare for next development iteration

Release 2.12.17

Changes affecting multiple services

Specifying the DISABLE_BROKEN_DH flag in the dcache.authn.ciphers configuration property disables all Diffie-Hellman ciphers if Java 7 is used; if dCache is run with Java 8 then this flag has no effect. Disabling DH ciphers is necessary because Java 7 contains a broken implementation of Diffie-Hellman, which was fixed with the release of Java 7 update 51. This dCache release updates the behaviour of the DISABLE_BROKEN_DH flag to allow Diffie-Hellman ciphers if dCache is run within Java 7 update 51 or later.

The description of the DISABLE_EC and DISABLE_RC4 flags have been expanded and updated.

This release updates advice on how the dcache.net.listen configuration property should be set when clients should use a DNS alias FQDN (a CNAME record) rather than the FQDN of one of the door’s public interfaces.


An earlier patch added support for publishing a single dCache instance with multiple SRM endpoints. This provided incompatible with sites that use a DNS alias for their official SRM endpoint, so that change is reverted with this release. Support for publishing multiple SRM endpoints is available with dCache v2.13.


Add support for the TEST_STATEID and FREE_STATEID RPC methods. These are used by the Linux kernel during recovery procedure. The previous lack of support for these methods can lead to the leaking of stateids, which can lead to NFS4ERR_RESOURCE : Too many states being logged.


Improve the error message (logged by the pool and in billing) should the FTP mover fail to connect to the client.

Changelog 2.12.16..2.12.17

[maven-release-plugin] prepare release 2.12.17
pool: fix ftp mover to provide better logging when failing to connect
properties: update description of dcache.net.listen
crypto: refine handling of broken ciphers
Revert “infoprovider: remove single SRM instance limitation”
libs: update to nfs4j–0.10.6
[maven-release-plugin] prepare for next development iteration

Release 2.12.16

Changes affecting multiple services

The event logger records when messages are received and sent by cells. Some cell messages send string commands; if so, the log entry contains that string. In previous releases, such string commands were mistakenly double-escaped. This is fixed with this release.


Fix debug output to include the flavour of GSS implementation; for example, GssFtpDoorV1::secure_reply: going to authorize using k5


When a user attempts to delete a symbolic link using a non-NFS door, previous versions of dCache would resolve the symbolic link to determine whether the user is allowed to delete the symblic link: only if the user is allowed to delete the symblic link’s target would the symbolic link be removed. With this release, the check verifies if the user is allowed to delete the symbolic link instead.


This release updates the JVM command-line to make it explicit that compressed object references are in use. This allows the Berkeley DB library to calculate a more accurate cache size, potentially improving pool performance.

In previuos releases, any attempt is made to query a pool’s info (e.g., via the admin interface) while the pool is initialising will block until the initialisation has completed. This has a knock-on effect of blocking all subsequent messages. With this release, requesting information about a pool will not block during initialisation.

Fix high memory usage during pool initialisation if pool has any precious files.


The access log for the domain hosting an xrootd door would contain incomplete information about xrootd interactions: certain responses were logged without the corresponding xrootd session. This is now fixed.

Earlier releases will record a stack-trace if xrootd recieves a malformed request. This is now fixed.

Changelog 2.12.15..2.12.16

[maven-release-plugin] prepare release 2.12.16
cell: Don’t quote string command in event logger
pool: Explicitly enable compressed oops to calculate correct cache size
pool: Fix locking bug causing high memory usage during pool initialization
chimera: Fix path resolution on delete
xrootd: Fix ‘xrootd logs stack-trace on malformed request’
move execution of the superclass method before any concrete class initializations
pool: do not list a repository during initialization
xrootd: Add session to access log
[maven-release-plugin] prepare for next development iteration

Release 2.12.15


This release fixes a regression where using the xacml gPlazma plugin would prevent gsiftp-based transfers from succeeding.


The Berkeley DB based metadata storage can sometimes fail. Should this happen, the pool must be restarted. In previously releases, such problems were logged with an unclear message and a stack-trace; the pool would continue to operate but would fail all subsequent transfers; nothing made it clear the pool must be restarted. With this release, such Berkeley DB problems will be logged with a concise error message and the pool will be disable, making the restart requirement explicit.

Fix regression in the migration module that could caused more replicas to be created than was desired and could cause replication to fail with a No targets error message.


In previous versions of dCache, the ls operation in SRM occationally returned incomplete or inconsistent results. This is now fixed.

Changelog 2.12.14..2.12.15

[maven-release-plugin] prepare release 2.12.15
pool: Fix race condition in migration module
srm: fix race condition in ls response
pool: Disable pool on meta data failures
(2.12) gplazma-xacml: add GlobusPrincipal (DN) to identified principals
[maven-release-plugin] prepare for next development iteration

Release 2.12.14

Changes affecting multiple services

In previous releases, dCache required a layout file be present, even if that file was empty. This has two negative impacts: the dcache stop (typically invoked automatically when updating a package) would not work, nodes where only scripts (e.g., info-provider) are used would require unecessary configuration. With this release, a missing file generates a warning but does not prevent the dcache stop command or scripts from working. This warning may be suppressed by setting dcache.layout.uri to an empty string.


The tape related queues (flush and restore) have no maximum limit, yet both the old web information and new webadmin show a dummy maximum value for these queues. This meaningless maximum value is no longer shown.


The info service collects information about, amongst other things, the interface(s) a door listens on. This is made available in different formats. The URL-formatted version, used by info-provider, always used an IP address even when a name was known. This is now fixed.


It is possible to run multiple SRM endpoints in dCache, provided certain restrictions are upheld. With this release, the info-provider publishes multiple SRM endpoints correctly.


Some shells, when attempt to overwrite a tag’s content using NFS, do so in a way that Chimera previously failed to support. This failure was reported back to the user as a remote I/O error. This release fixes this problem.

Log NFS clients that provide a stale client-ID.

When configured to support NFS v3, the nfs door will attempt to start the embedded portmap service if it cannot find the system portmap service. Previous releases of dCache would log a stack-trace if starting the embedded portmap service fails. With this release such failures are logged but no stack-trace is generated.


Reduce latency when a pool processes a request to start a read mover. This improves dCache responsiveness when a client opens a file for reading.

The NFS mover uses the file’s size when processing read and write requests. For read operations, the file size cannot change. This release takes advantage of this to reduce the load on the underlying filesystem.

Reduce memory churn on pool when processing NFS requests. With this release, fewer small objects are created, resulting in less pressure on Java’s memory garbage-collector and consequently reduced likelihood of latency spikes.


Poolmanager may attempt to create additional copies of a file, only to discover such attempts fail because of other constraints. This leads to the log file containing entries like P2P denied: already too many copies and P2P denied: No pool candidates available/configured/left for p2p or file already everywhere. With this release, such entries are logged at info level: they no longer appear in the log file, but are available via the poolmanager’s pinboard.

Changelog 2.12.13..2.12.14

[maven-release-plugin] prepare release 2.12.14
systemtest: fix install command in credentials command
chimera: throw FileExistChimeraException if tag already exists
infoprovider: remove single SRM instance limitation
(2.12) webadmin: do not display numerical value for max restores or stores
boot: Don’t fail on missing layout file
info: Publish host name rather than host address
httpd: Do now show maximum for restore and flush queues
poolmanager: Reduce log level of p2p denial
libs: update to nfs4j–0.10.5
pool: simplify duplicate request handling
pool: do not create new stateid in NfsMover#getStateId()
[maven-release-plugin] prepare for next development iteration
pool: reduce load on back-end file system

Release 2.12.13

Changes affecting multiple services

A new security configuration option allows the dCache admin to ban all SSL/TLS ciphers that use the RC4 cipher. RFC–7465 states services MUST NOT accept an RC4-based cipher suite. Adding the DISABLE_RC4 option to the dcache.authn.ciphers makes dCache compliant with RFC–7465. This option is not enabled by default to avoid possible regression with clients that require the RC4 cipher. This property affects dcap (with GSI), ftp (with GSI), srm, webadmin, webdav (with SSL/TLS), xrootd (GSI plugin) services.


Fixed ACL inheritance when uploading data through SRM. In earlier versions of dCache, a file uploaded through SRM failed to inherit any inheritable ACEs from the parent directory.

This release brings some modest performance improvements when creating upload directories. This improvement is available automatically only to sites that have not yet upgraded to 2.10 (or later). Sites already running 2.10 or later can enjoy the same improvements by deleting the upload directory (/upload by default) to allow dCache to recreate it. Important: deleting the upload directory will fail any current SRM uploads; it is recommended to do this during down-time.


The pool’s migration module may be invoked with different pool selection modes: the -select option. The random selection option (-select=random) excludes pools that are full, but mistakenly considers replicas that could be deleted (i.e., non-sticky cached replicas) as part of the used space; this treats a pool as full even when the pool has removable files. With this release, pools that are full but contain some cached files are potential targets for random pool selection.

In earlier releases of dCache, the save command failed to record the stage, flush and remove timeouts for nearline storage (rh set timeout, st set timeout, rm set timeout respectively). This is now fixed.

The pool’s NFS mover will remember the previous TCP port on which it listened and will attempt to reuse it after restarting.


Fix JAR selection when a short-lived java process is started. This is typically done when using one of the scripts.


Fix writing into a reservation when using a protocol that does not provide a username or FQAN; for example, when writing into dCache using NFS and with the WriteToken directory tag set. Previously writing would fail with a Message processing failed: null group message.


The srm service can generate RemoteException stack traces when dCache is behaving correctly. These are now logged at debug level and without a stack trace.

Changelog 2.12.12..2.12.13

[maven-release-plugin] prepare release 2.12.13
pool: introduce unique port number for nfs mover
pool: Store nearline storage timeouts to pool setup file
pnfsmanager: Create base upload directories without tags and acls
pnfsmanager: Inherit ACLs on upload with SRM
chimera: Add ACL insert triggers for HSQLDB
Fix limited class path generation
pool: Let random pool selection select pools with removable files
crypto: allow banning of RC4 cipher suites
spacemanager: Allow unowned files in reservations
srm: Don’t log erroneous stack trace
[maven-release-plugin] prepare for next development iteration

Release 2.12.12

Changes affecting multiple services

This release upgrades the BouncyCastle version from v1.45 to v1.46. The main motivation is to improve concurrency, so obtaining better performance on multi-core machines. The update affects the xacml and voms plugins to gPlazma and any door configured to use (or that always uses) GSI authentication: dcap, ftp and srm. There is no cross-dependency; domains hosting these service may be updated independently.


Fix the set timeout admin command so that dCache honours the supplied value.


Show additional information about proxied data transfers.

The info command no longer shows lists of clients, pools and transfers. Instead, that information is available via new admin commands: show clients, show pools and show transfers respectively.

Include the direction (READ or WRITE) when describing a transfer.


Fix possible leaked upload directory if PnfsManager takes too long to create the upload directory.


The chimera script provides both an interactive shell and the ability to run a Chimera operation as a single command-line invocation. This release fixes an problem where the single Chimera operation fails to provide the output if it is too short.


If a client releases a reservation using the SRM protocol while another SRM client is querying for information about that reservation then there is a risk that the reservation will appear to exist for some 30 seconds, despite the reservation being successfully released. This release fixes this problem.

Changelog 2.12.11..2.12.12

[maven-release-plugin] prepare release 2.12.12
nfs: include read/write information to transfers
admin: Respect user timeout
nfs: show mover info when proxy io is displayed
nfs-proxy: update proxy-io adapter interface to expose open-stateid
nfs: add new commands to admin interface
nfs-proxy: modify ProxyIOAdapter interface to provide forEach method
libs: Update to voms-api-java
srm: Fix cache invalidation of space meta data
libs: use bouncycastle–1.46
libs: update jglobus to
chimera: Fix single command invocation of chimera utility
pnfsmanager: Resolve upload directory leak caused by missing reply flag
[maven-release-plugin] prepare for next development iteration

Release 2.12.11

Changes affecting multiple services

dCache uses a standard format to monitor the performance of various components: in the srm door to record how quickly SRM requests are processed (print srm counters command), in the nfs door and pool to monitor NFS performance (stats and nfs stats commands, respectively), the generic cell message monitoring (monitoring info command), and pnfsmanager service (the “Statistics” section in info). This release fixes a rounding error that prevents these statistics from including long-lived requests.


The nfs door will proxy data for clients as a fall-back for 4.1/pNFS and for all 4.0 clients. To do this, the door uses a built-in NFS client to contact the pool directly. Previously, if this built-in NFS client fails to connect to the pool then a door leaks a file-descriptor. This is now fixed.

When attempting to proxy client IO requests, the door would make a single attempt to connect to the pool; if this fails, the door fails the client’s IO request. With this release, the door will attempt multiple times (initially waiting 100 ms between the first and second attempt and doubling the delay after each attempt) until 15 seconds has elapsed.


The pinmanager service has the ls command that allows the admin to limit the results to a specific pin or all pins against some PNFS-ID. This release fixes listing by pin id.


With this release, the path of automatically generated upload directories has changed slightly to improve SRM upload performance. Previously, these generated paths had the form <upload>/<unique-ID>, where <upload> is the value of the dcache.upload-directory configuration property (/upload by default) and <unique-ID> is some unique value (a UUID). With this release, these directories have the form <upload>/<processor-ID>/<unique-ID>, where <processor-ID> is some small integer value. Standard-conforming clients are unaffect by this change and no action are needed by the admin from this change.

Update pnfsmanager to avoid creating temporary directories if the srm has already discarded the request. This helps dCache recover more quickly when it is overloaded from SRM uploads.


This release introduces the pool.mover.nfs.port.min and pool.mover.nfs.port.max configuration properties. Previously, pools listened on a random port between dcache.net.lan.port.min and dcache.net.lan.port.max; the two new configuration properties take the two dcache... configuration properties as default values. If pool.mover.nfs.port.min and pool.mover.nfs.port.max have the same value, the pool will always listen on the same TCP port for NFS connections. Note that such a value must be unique across all pools hosted on the same node. Important: it is recommended to update pool configure so, after a restart, they always listen on the same TCP port for NFS; this is because a pool listening on a different port after a restart can trigger high load on the client machine.

This release updates the error the pool reports to an NFS client when the client attempts to read or write and the pool cannot find the mover. This situation is mostly likely caused by restarting the pool. When it receives the modified reponse, the client will fall back to using proxy-IO. This allows NFS clients that were reading a file to survive a pool restart.

Fixed pool’s erroneous interpretation of the HSM timeout (4 hours, by default) as being from when a staging request was initially received, rather than from when it started processing the request (by starting the HSM script or via the new plug-in mechanism).

This release fixes how a pool’s invokates the HSM script. Previously, the pool mistakely omitted the additional arguments that an admin may configure the pool to include.


This release fixes the Can't clear the tables error reported when starting replicamanager service with certain PosgreSQL versions.


Fix the update space admin command so it can remove any ownership from a reservation. The reservation’s owner is allowed to release the reservation via the SRM protocol. If the reservation has no owner, it may only be released through the admin interface.


The info admin command provides details about the srm service, including information specifically about SRM activity that can be processed synchronously or asynchronously: get, put, reserve-space, ls, and bring-onling. This information describes how many requests are in each of the possible states, one of which is Waiting for CPU. This release fixes the output of the info command to show the correct Waiting for CPU values.

This release drastically improve srm service performance when there are a large number (e.g., thousands) of queued requests; for example, this brings considerable improve for bulk bring-online requests.

This release also brings improved performance when the SRM has only a few queued requests; more specifically, when the number of queued requests is less than or equal the number of currently unoccupied max-inprogress slots. For example, if dCache is not processing any GET requests then the first srm.request.get.max-inprogress GET requests are processed more quickly.

Fix the srm service switching from synchronous to asynchronous processing when processing a bulk-requests with many files; in earlier releases, such large requests could prevent a request from falling back to asynchronous processing.

This release fixes the srm service so it cancels corresponding pinmanager requests when an SRM client aborts a bring-online request.

Changelog 2.12.10..2.12.11

[maven-release-plugin] prepare release 2.12.11
(2.12) replica manager: fix table truncation
pool: report IO error if we cant find NFS mover
pool: dedicated port range for nfs
common: Fix division by zero regression in gauges
common: Fix rounding error in request gauge
pnfsmanager: Discard upload path creation request on TTL expiration
nfs-proxy: introduce an exponential backoff when connecting to pools
nfs-proxy: close RPC client if we fail to connect
pnfsmanager: Use per-thread upload directory to reduce lock contention
srm: Optimize scheduler performance
srm: Further optimize SRM scheduler
srm: Abort pinning when cancelling bring-online requests
system-test: Enable MVCC and logging for HSQLDB
srm: Fix sync to async mode timeout
pinmanager: Fix listing by id
pool: Add HSM options to hsm script remove callout
srm: Fix queue size reporting
pool: Fix timeout behavior of HSM requests
spacemanager: Allow spaces to become unowned
[maven-release-plugin] prepare for next development iteration

Release 2.12.10


Update output of the predefined ls admin command.


There was an error in how ACLs were interpreted by the nfs door where multiple ACEs for the same user were compacted ignoring the flags. With this release, ACEs against the same user but with different flags are honoured.

Changelog 2.12.9..2.12.10

[maven-release-plugin] prepare release 2.12.10
cli: remove stray separator in predefined alarms printout
libs: update nfs4j to 0.10.4
[maven-release-plugin] prepare for next development iteration

Release 2.12.9


No longer log a stack-trace when transfering a file if the client is expected to connect to the pool (the “active client mode” option; the -A in the dccp command) and the pool is shutdown before the client connects.


With the 2.12 release, the internal representation of an incomplete file (one that is being uploaded) changed, so that a file’s size was not available. This had an unfortunate consequence in spacemanager, resulting in messages like IllegalStateException: Attribute is not defined: SIZE when a client creates an empty file. This is fixed when pnfsmanager is updated.


Some SRM requests support bulk requests, where multiple SURLs are processed in the same fashion. The assumption was that the SURLs in a bulk request are distinct. Bulkd requests have been observed that violate this assumption: a request with a SURL appears more than once. This causes problems when staging files from tape. With this release, a SURL that appears multiple times in a request is processed exactly once.

Changelog 2.12.8..2.12.9

[maven-release-plugin] prepare release 2.12.9
dcap: fix stack-trace when shutting down pool waiting for connection
srm: Remove duplicate SURLs in bringonline and get requests
chimera: Provide SIZE attribute if a file got any locations
system-test: add missing dCache disposible CA certificate
system-test: add regenerated host and user credentials
[maven-release-plugin] prepare for next development iteration

Release 2.12.8

Changes affecting multiple services

In previous versions of dCache deleting a directory with the last reference to a tag did not remove that tag. With the introduction of upload directories this problem became acute, as many such directories are created and deleted. With this release, deleting the directory with a tag’s last reference is very likely (but not guaranteed) to remove that tag’s inode. Further information about this will be made available via user-forum. The update affects both the nfs door and pnfsmanager; however, most sites will see the most benefit from updating pnfsmanager. Important #1 an updated nfs door will wait for database changes that updating pnfsmanager will enact. Important #2 the database changes enacted by pnfsmanager can take awhile (an hour or so for large dCache instances) as the change adds an index to the t_inodes database table.

Provide better logging of why NFS problems occurred. Use a hexadecimal number to log the NFS sesssion rather than the raw bytes, which are likely not a valid string. The pools accessible via the NFS protocol and the nfs door are affected; nodes hosting these services may updated independently.

The “standard” Linux flag to mark an ACE as inherit-only is i, yet previous versions of dCache accepted only ‘o’ as the inherit-only flag. With this release, both o and i are accepted. The chimera shell, pnfsmanager and nfs door are affected; nodes hosting these services and scripts may be updated independently.


Restore compatibility with loginbroker information for pcells; in particular, the problem affected information provided by the srm door.

Do not loop endlessly if the admin door was unable to send command output due to the client disconnecting.


Previously the dcap door provided the dcap client with the wrong errno (error number) should the client attempt to operate on a nonexisting file or directory: EIO was returned instead of ENOENT. This is now fixed.


Provide better diagnostic error messages should there be an unexpected problem.


Allow updates to file and directory ACLs even if ACLs are not enabled.


The file integrety checking (single file, entire pool one-off check and background checking) produced ambiguous output; for example, not being able to scan a file because it is still being uploaded counted towards an “error” count, but no corresponding log message is included. With this release, the output is less ambiguous and distinguishes between corruption, temporary and more permanent problems.

Fix error in checksum calculation code that resulted in logging an attempt to read a negative offset.


Added an admin command to query pool-manager for an updated list of pools that are a member of the resilient pool group. This allows adjustments to the set of pools participating in replication without restarting the replicamanager service.

Changelog 2.12.7..2.12.8

[maven-release-plugin] prepare release 2.12.8
ChecksumChannelTest: refactor and active ignored tests
ChecksumChannel: fix int overrun bug on filling up gaps > Integer.MAX_VALUE
acl: fix compatibility with linux ace
nfs: make use of chained exceptions
chimera: Delete unreferences tag inodes
libs: update to nfs4j–0.10.3
replicamanager: add an admin command to re-fetch resilient pool group
admin: Restore pcells compatibility with loginrbroker
admin: Avoid endless exception loop upon client disconnect
chimera-provider: allow to set acl even if ACL is not enabled.
pool: update scrubber messages to be less ambigous
dcap: fileAttributesNotAvailable must set pass ENOENT to the client
[maven-release-plugin] prepare for next development iteration

Release 2.12.7

Changes affecting multiple services

In prior versions of dCache, the path field that billing logs for transfers contained the actual transfer path; i.e., for SRM-initiated uploads this was the auto-generated path from the TURL and not the user-supplied path from the SURL. This proved confusing so, with this release, the path field now has the user-supplied path (i.e., from the SURL). An additional field (transferPath) has the transfer path. While this is not logged by default, billing configuration (the billing.text.format.mover-info-message and similar properties) may be updated to include it. All doors used by srm clients and the billing service should be updated.

Update chimera to allow a user to specify AUDIT and ALARM types of ACEs. These currently have no effect in dCache, but it is now legal to specify them. The node hosting the nfs door needs to be updated for NFS protocol support and pnfsmanager need to be updated for other protocols and the admin interface to support these ACE types.


This release fixes the the legacy admin mode (available by specifying -s legacy to the OpenSSH client). This was not compatible with earlier dCache versions if no TTY was provided.


This version of dCache uses the connected socket when discovering the IP address of the client for “channel binding”, rather than a constant value. This is important for dual-stack machines (with both IPv4 and IPv6 addresses) that host dcap doors with either gsi- or kerberos-based authentication.


When the nfs door acts as a proxy between the client and the pool (e.g., should a pNFS transfers fail), a slow pool response can result in the client retrying the request. Repeated retrying can result in a denial-of-service, in which the nfs door stops responding to additional NFS requests from clients. This is fixed with this release.


Fix parsing of certain HSM-related error messages that would previously have failed with an index out of bounds error.


In earlier versions of dCache, if a file is deleted while being uploaded the space-manager will consider the transfer as successful (and so using some of the reservation’s capacity) whereas the pool would delete the file immediately after the upload is complete. Such “leaks” results in a reservation being reported as having more used capacity and less free capacity than it should.


Fix reloading of SRM jobs if srm.persistence.enable.store-transient-state is set to false (the default value); in previous versions no jobs were reloaded.

The srm service maintains a counter of the number of requests for each different type. With earlier versions of dCache, if the srm encounters jobs that have timed out while the service was no running, these counters became inaccurate. This is now fixed.

When an srm request times out, dCache may need to take some action to “clean up”; for example, removing the upload directory. If srm is configured to discard all requests on start-up these cleanup operations did not happen. This is fixed with this release. As a consequence, startup times will be longer.

If srm.persistence.enable.store-transient-state is set to false (the default value) then transfer requests do not survive an srm service restart if the limit on concurrent transfers prevented handing out the TURLs. With this release, such requests survive an srm restart.

Previously, if srm.persistence.enable.store-transient-state is set to false (as is the default) then information needed to clean up a job might not be stored in the database. If, after restarting the srm, the job times out or is aborted then there is insufficient information to clean up, resulting in upload directories not being cleaned, pins (for bring-online requests) not being cleared, copy requests not being cancelled and lifetime extensions being lost. These problems are fixed with this release.

Changelog 2.12.5..2.12.7

[maven-release-plugin] prepare release 2.12.7
all: Fix several NPEs when submitting billing messages
[maven-release-plugin] prepare for next development iteration
[maven-release-plugin] prepare release 2.12.6
nfs-proxy: do not block forever on proxy requests
srmclient: consider copyjobfile when deciding whether to delegate
srm: Fix scheduler counter initialization on restart
doors: Log real path in billing
srm: Allow the SRM to take action upon cleaned requests
srm: Fix loading of jobs during restart
srm: Force save jobs when adding information needed for cancellation
srm: Force save when job becomes RQUEUED
pools: fix parsing error in HsmRunSystem
acl: accept AUDIT and ALARM ace types
javatunnel: use connected socket to discover local inet address
admin: Avoid line breaks when not connection from a TTY
spacemanager: Fix race condition leading to leaked files
[maven-release-plugin] prepare for next development iteration

Release 2.12.5

Changes affecting multiple services

When dCache suffers a sufficiently high inrush of requests that a cell’s request queue is exhausted, new requests to that cell are rejected. While overall dCache handles this situation correctly (degrading gracefully), the internal message counting and event logging were not updated correctly. This is now fixed.

Add support for a client opening a file twice and sharing the LAYOUTGET. The Linux kernel may do this if a file is opened more than once concurrently. In previous versions of dCache, should this happen the pool rejects the subsequent READ operations. The resulting client-driven recovery procedure then exhausts the set of available stateids. With this dCache version, overlapping opens from the same client will share the same mover and READ requests will be satisfied. This fix is only available if the nfs door and all pools accessible via NFS are updated.

Fix a bug that triggers a NullPointerException in webadmin. Although the problem is logged in webadmin, the cause is in the doors supplying the information. Therefore, the dcap and ftp doors are to be updated.

When publishing an IPv6 interface, do not include the zone information. Zone information is an extension to IPv6, which appends a ‘%’ plus some opaque identifier to the regular address. Not all clients understand this extension and reject the address as invalid. As zone information is not useful anyway, with this release zones are no longer published. This update is for all doors.

Fix possible NullPointerException in httpd and admin services.

In most cases dCache will publish door URLs with a hostname; if the address cannot be resolved then the address is used instead. Previously IPv6 addresses were written incorrectly: without the square brackets. This is now fixed if the info service and the info-provider scripts are updated.

The ftp and dcap doors create a new cell when a client connects. These child cells have an auto-generated name. Tunnel cells, which transport messages between domains also have auto-generated names. In previous versions of dCache, these names could contain a forward-slash character, which makes the cell name invalid. With this release, such auto-generated cell names never contain a slash.


Ensure that the admin shell sends all the output from the last command, even if the input stream closes before the last command completes.

Fix division-by-zero error when the SSH client reports zero width or height. This happens forcing allocation of a pseudo TTY without having a real TTY (see the -t option to OpenSSH client).


Fix pinmanager so it does not log a stack-trace if it failed to fetch fresh pool status information from poolmanager while unpinning a file.


Previously, the metadata reconstruction for files where the upload was not completed and written without the client specifying a retention policy would trigger a stack-trace java.lang.IllegalStateException: Attribute is not defined: RETENTION_POLICY. This is now fixed.


A number of sites have reported problems with the database resolving deadlocks. While such reports are expected and dCache behaves correctly when they happen, this release should reduce the likelihood of them appearing.

Changelog 2.12.4..2.12.5

[maven-release-plugin] prepare release 2.12.5
info/info-provider: publish valid IPv6 addresses
loginbroker: strip off zone off published interface name
admin: Avoid division by zero when the client reports a zero sized terminal
admin: Fix connection shutdown
spacemanager: Optimize space record deletion
dcache: Make cell communication use the correct timeout
nfs: share mover for the same client
nfs: use NFSv4MoverHandler instead of Map in embedded NFS server
httpd,admin: Fix NPE in transfer collectors
doors: Fix race condition that causes NPE in webadmin
cells: Fix event queue counting bug
cells: Avoid slash in cell names
pinmanager: Don’t log stack trace when unable to fetch pool monitor
pool: Fix meta data reconstruction
[maven-release-plugin] prepare for next development iteration

Release 2.12.4

Changes affecting multiple services

Avoid potential message loop when both sender and receipient domains are restarted while the message is in-flight.

The access log records the mapped dCache user in terms of uid and gid(s). The format was broken if the user has multiple gids. This is now fixed.


The tab-completion feature of admin parses the help-hint to discover what expansions are available. This has been updated to support more commands.


Fix compatibility with pcells. This requires a corresponding update to pcells.

Changelog 2.12.3..2.12.4

[maven-release-plugin] prepare release 2.12.4
admin: Fix command completion
cells: Restore CellExceptionMessage encoding
httpd: Fix pcells compatibility
access log: better fix for logging secondary gids
[maven-release-plugin] prepare for next development iteration

Release 2.12.3


Restore support for pcells to gracefully handle timeouts.

Restore compatibility for pcells when querying space-manager.


Fix bug reported as java.lang.ClassCastException: java.lang.String cannot be cast to [Ljava.lang.String;.


Restore compatibility with pcells.


Improve performance slightly.

Provide a better cache of the FsStat information. Amongst other things, this improves the responsiveness of the df command.


With prior versions of v2.12 dCache, the pools suffered from a problem where the space accounting on the pool was wrong. This can lead to pools adopting an inconsistent state. For tape-attached pools, this can further lead to files being flushed multiple times.


The pool recomputes the rep ls -s output, maintaining the value as files are added or removed. This patch fixes a bug in that calculation.

Fix pool reconstruction. If, on startup, the pool detects it is in an inconsistent state it will attempt to recover from that. With this release, this should work.


Update SRM default property values. From various reports, it is clear that the current default values are not ideal for many sites. The following properties are adjusted:

  • srm.limits.jetty-connector.backlog increased to support bursts of activity; a larger value may be appropriate but not available due to default Linux configuration.

  • srm.request.threads reduced as processing is asynchronous.

  • srm.request.ls.threads change default to be srm.request.ls.max-in-progress as ls requests are blocking.

  • srm.request.max-requests increased to satisfy user-demand; needed as clients typically request more concurrent TURLs that they make concurrent requests.

  • srm.request.max-transfers increased to same value as srm.request.max-requests. This way (by default) dCache never blocks requests pending a client returning a TURL.

  • srm.persistence.remove-expired-period increased to 10 minutes to reduce stress on the database.

  • srm.service.pnfsmanager.timeout decrease to two minutes as PnfsManager should respond within that time and clients will likely disconnect if they don’t hear a response within that time.

  • srm.service.spacemanager.timeout decrease to 30 seconds as the service should respond quickly.

  • srm.protocols.disallowed.get and srm.protocols.disallowed.put now include file protocol by default.

  • srm.protocols.loginbroker.timeout decrease to 20 seconds as this is a very light-weight service.

Support catching and logging some bugs that previously would be silently ignored.

Previously the SRM used the varous retry-timeout properties (e.g., srm.request.retry-timeout, srm.request.get.retry-timeout) for two purposes: the retry period on internal failures and the (undocumented) maximum client poll period. This release includes max-poll-period properties (srm.request.max-poll-period, srm.request.get.max-poll-period, …) to handle the latter.

Fix a ConcurrentModificationException caused when SRM processes two requests close tegether.

Changelog 2.12.2..2.12.3

[maven-release-plugin] prepare release 2.12.3
admin: Propagate NoRouteToCellException to pcells
pool: Fix file deletion
admin: Restore pcells compatibility
srmclient: add support for userRequestDescription
srm: log more SRM bugs
Revert “pool: Make EntryState#DESTROYED deprecated”
admin: Restore timeout semantics for pcells compatibility
loginbroker: Restore compatibility with pcells
spacemanager: Move messages to dcache-vehicles
cleaner: Fix class cast exception
srm: Use more sensible default values
srm: Introduce max pool period property
srm: Fix ConcurrentModificationException in Axis
pool: Fix repository statistiscs collection
pool: Fix pool entry reconstruction
nfs: cleanup CDC related mess
[maven-release-plugin] prepare for next development iteration
chimera: do not maintain time-based cached value of FsStat

Release 2.12.2

Changes affecting multiple services

Fixed access log recording of the mapped user identity so users with non-primary gids are logged without additional commas. This affects the srm, webdav, ftp and xrootd doors.

Upgrade to Netty v4.0.26, which is mostly to fix bugs. This affects the xrootd and pool services.

Fix the java.lang.IllegalStateException: Attribute is not defined: CACHECLASS problem. This problem can affect nearly all dCache services.

This release improves the quality of information recorded when logging problems and fixes synchronization of lease time. This affects the nfs door and pools.


When the nfs door logs something, the NDC (normally shown in square brackets) contains the clients IP address. Each time the door proxies a data transfer, an extra copy of the client IP address is added to the NDC, resulting in the client address appearing multiple times. This is now fixed.


HTTP allows the client to make multiple requests with the same TCP connection, although not all clients make use of this. Previous releases failed to send the response headers for the second and subsequent requests; this is now fixed.

When a client reads a file, the pool reads blocks of data from the local filesystem. When reading such a block, the pool could receive fewer bytes than requested. Previously, the pool assumed that this only happens when the end-of-file is reached; however, this is not guaranteed. Should this assumption be violated then the data sent to the client will be corrupt. In practise, the pool’s assumption is true for Linux and local filesystems; however, the code has been updated to remove this theoretical cause of corruption.

Fix a problem where a door can trigger the pool to post-process a file many times. Each trigger starts a new thread, resulting in very large system load.

Fix NullPointerException, recorded as Failed to mark a promise as failure because it's done already.

Fix that, during startup, the pool would fail when recovering a broken file that has access-latency and retention-policy determined by spacemanager.


Improve the logging and handling of transitory errors.

Changelog 2.12.1..2.12.2

[maven-release-plugin] prepare release 2.12.2
pool: Fix and align pool meta data recovery with current pnfs manager
Fix serialization of cache class in FileAttributes
access log: fix logging of secondary gids
pool: ignore duplicated mover kill requests
spacemanager: Making logging and handling of transient errors more robust
pool: Fix read corruption in HTTP mover
nfs: Pop elements of the NDC when leaving it’s scope.
pool: Fix HTTP mover for multiple requests
libs: update to nfs4j–0.10.2
pool, xrootd: Upgrade to Netty 4.0.26
pool: Fix NPE in xrootd mover
[maven-release-plugin] prepare for next development iteration

Release 2.12.1

Changes affecting multiple services

This release fixes some issues common to both nfs door and pools. Provide better logging of unexpected client behaviour. Improve NFS response to some internal error conditions.

The LocationManager service is started automatically in the broker domain (typically dCacheDomain). This answers requests from other domains with instructions on how to connect to the dCache cluster (typically a star topology, other domains connecting to the dCacheDomain). With this release, the FQDN is sent rather than the hostname name. The node hosting the broker domain should be updated.

Previously, if a client attempts to write a file with Access Latency and Retention Policy that conflicts with the selected reservation a stack-trace was logged. This is now fixed: both the FTP door and spacemanager should be updated.


The ssh admin interface contained a leak that resulted in the error IllegalStateException: Unable to negociate key exchange for item 1. This is now fixed.


Fix GSI authentication “tunnel” used by the dcap door.


Previously, if directory tags are updated fast enough then it was possible for clients to see the old value of the tag. This is now fixed.

Return correct number of bytes written when creating or updating a directory tag. Support registering IPv6 address in built-in portmap implementation (useful for NFSv3 clients).

Log abandoned movers with the corresponding stateid.

The NFS proxy, used by the door to talk to the pool on the client’s behalf, now provides more accurate information to the client about how the request was processed by the pool.


Update the xrootd mover properties. The old pool.mover.xrootd.disk-threads property is now annotated as deprecated; pool.mover.xrootd.threads should be used instead. Some other properties that were ignored in the previous release are now annotated as obsolete or forbidden.


With RDBMs, transactional deadlock rollbacks are normal behaviour, which happen when the database must choose between two conflicting and concurrent changes. Previously, spacemanager would aggressively retry when this happens. This has been observed to trigger performance degradation. This release includes several strategies to minimise the impact of this.

Previously, the default number of space-manager threads was the same as the number of database connections. This does not take into account that there is background activity that also needs access to the database. With this release, the number of threads has been lowered; having a large number of threads also increases the likelihood of seeing transactional deadlock rollbacks.

Fix the shutdown sequence of spacemanager. Previously, shutting down a busy spacemanager could lead to attempts to modify the database after all database connections were closed; such failures were logged.

Reduce logging on various DB errors; generic transient errors are now warnings and transactional deadlock rollbacks are logged at debug level.

Changelog 2.12.0..2.12.1

[maven-release-plugin] prepare release 2.12.1
LocationManager: Use fqdn instead of hostname
spacemanager: Controlled shutdown
spacemanager: Make request processing more robust
spacemanager: Reduce log level on various transient DB errors
chimera: fix updating of directory tags
libs: update to nfs4j–0.10.1
spacemanager: Minor simplification to link group updates
spacemanager: Don’t log stack-trace on AL/RP/Reservation conflict
spacemanager: Lower default for number of threads
pool: Update xrootd properties to reflect changes to Netty 4
ssh2: close file stream when reading authorized_keys file
javatunnel: fix array size to decode
nfs4: log abandoned movers with WARN
[maven-release-plugin] prepare for next development iteration
nfs-proxy: modify ProxyIOAdapter interface

Release 2.12.0

Site description property

There are several places where dCache provides a short, human-readable description of this dCache instance or where this would make sense: the info-provider, the webdav directory listing and the webadmin interface. This release introduces the dcache.description property that is used as a default in these places.

Admin shell supports Ctrl-C

The Ctrl-C key combination may now be used to unblock the shell and make it available to read the next command. The default timeout has been increased to 5 minutes as pressing Ctrl-C is now preferred.

Note that pressing Ctrl-C does not actually cancel the execution of the command. The key combination merely cause the shell to stop waiting for the result.

Embeddable alarms service

Threading issues preventing the alarm service from running in the same domain as other services have been corrected so that it is now safe to do so. Two new properties have been added:

Number of worker threads for processing incoming logging events.
Only store alarms to the persistent store

DataNucleus property file inaccessible

The DataNucleus property file for low level database configuration is no longer exposed. The configuration properties alarms.db.datanucleus-properties.path, billing.db.config.path, and httpd.alarms.db.config.path are obsolete.

Chimera file attribute access optimized

This release optimizes how file attributes are updated in Chimera. This change reduces database load and latency on such updates.

Permission checks have been altered to always allow the owner of a file to update its attributes.

In previous releases, the last access time in Chimera was updated by pools when a pool is accessed. With this release, the atime is maintained by doors. Besides being a more correct implementation of atime, the new implementation is faster.

Unique FTP and DCAP cell names

DCAP and FTP doors instantiate a cell per client connection. The names of these cells are formed by concanating the door’s name with a counter. This counter used to reset on every restart. With this release, the names are derived from a time stamp and with high property the names are unique accross restarts. To reduce the length of the names, the counter is base 64 encoded.

Shorter session identifiers

Most log messages include a session identifier and link all log messages generated by a common user session. These session identifiers are usually formed by combining a cell name with a counter. For FTP and DCAP doors this lead to session identifiers with two counters, resulting in needlessly long identifiers. With this release such redundancy is avoided.

Default FTP internal network interface changed

FTP doors can act as proxies for the data channel between pools and clients. When establishing such a proxy, the FTP door listens for a connection from the pool. Before, the interface the door would listen on on multi-homed hosts would default to the interface the FTP client connected over. Since the client connection has no relationship to which network pools are accessible from, this release changes the door such that it listens to the interface to which the host name resolves. Like before, the default can be overriden by setting the ftp.net.internal property.

Network interface scope published

The info service enumerates the network interfaces of all doors. Previously these interfaces were ordered to list an external interface first. With this release, the scope of the interface (e.g. global, site local, link local, etc). is included instead.

The info-provider is updated to make use of the scope to only publish global network interface and to export all of them.

loginbroker and SRM gain IPv6 support

The loginbroker service acts as a registry for doors and their network interfaces.

With this release, doors register both IPv4 and IPv6 interfaces with their loginbrokers. The discovery of network interfaces is now dynamic such that interfaces that disappear or appear after a door is started will be removed from or added to the registration in the loginbrokers.

Doors now also accept a hostname or FQDN for their *.net.listen property. When registering with a loginbroker, both the name and the resolved IP address is published. The info-provider and the SRM will use this name rather than doing a reverse lookup on the IP address as they did before. If an IP address is used in the configuration, it is the door than now performs a reverse lookup.

The SRM will prefer a TURL that retains the protocol family the SRM client used. That is, for an IPv6 client an IPv6 TURL is preferred, and for an IPv4 client an IPv4 TURL is preferred. The SRM will fall back to the other protocol family if necessary. Note however that TURLs still contain the host name as published by the doors.

Scoped door selection in SRM

With this release the SRM tries to take where the client connected from into account when it selects a door.

The selection logic has been modified such that it will select a network interface with the smallest possible scope as big as the scope of the interface the client connected over. E.g. if the client connected on a network interface with global scope, the SRM will select a door with global scope. If the client connected over a site local interface, the SRM will prefer a door with a site-local interface, but will fall back to selecting an interface with global scope if necessary.

NFS doors use NFS to access pool data

An NFS door can act as a data-proxy between the NFS client and the pools. In previous releases, the NFS door internally used the DCAP protocol between the door and pools. Starting with this release, NFS doors use the NFS 4 protocol instead. The use of NFS provides more robust proxy support in case of network failures.

As part of this change, the lifetime of NFS movers has changed.

Additionally, NFS has seen many performance improvements in this release.

New NFS export options

Added a nopnfs export option to doors to force the use of proxy mode.

Added anonuid and anongid to map all accesses to a particular UID and GID, e.g. /data hostA(rw,all_squash,anonuid=17,anongid=18).

On the fly checksum calculation for NFS and xrootd

Both NFS and xrootd uploads now support calculating checksums during upload when enabled in the pool’s checksum policy. This avoids the long pause at the end of the upload that is usually caused by calculating the checksum after the transfer.

Automatic gap calculation for small pools

Pools have a gap setting that reduces the risk of running out of space during uploads. Once less space than the gap is free, pools will no longer accept new files. In previous releases, small pools less than the size of the default gap would be inaccessible, often leading to confusion during testing. With this release, small pools automatically reduce the gap.

Improved nearline storage SPI

The nearline storage service provider interface has been enhanced to allow nearline storage drivers to query the logical path of a file being flushed. The interface has also been extended such that it is easier to report error codes on failures.

The packaging of the SPI has been changed to make it easier to develop third party drivers without having to depend on the entire dCache code base.

Improved network interface selection in pools

The logic used to select a network interface for a transfer has been improved. This in particular affects partially multi-stacked installations.

Consistent csm info output

With this release, the output format of the csm info command in pools is consistent with the option values of the csm set command.

Updated default checksum policy for new pools

Newly created pools now default to on-transfer checksumming rather than on-write. For large files, the on-write checksum policy often leads to timeouts and throughput issues.

The on-restore policy is now enabled by default.

Explicit port range for xrootd and http movers

The new configuration properties pool.mover.http.port.{min,max} and pool.mover.xrootd.port.{min,max} allow the port range for HTTP and xrootd to be controlled.

Precomputed repository statistics

The pool rep ls -s command used to recalculated per storage group statistics on every invocation. For large pools this was quite slow, leading to timeouts in the admin shell and in the statistics service. With this release the result is precomputed.

Much improved support for control channel free protocols

dCache was born with protocols having seperate control channel and data channels. This has proven to be challenge for protocols like HTTP and xrootd that do not maintain a control channel to the door for the duration of the transfer. In previous releases, there was no way for clients using these protocols to know whether post-processing failed or when it completed. Thus a client would be unaware of e.g. checksum failures or failures to register a file in Chimera, and a client that queried the door directly after it completed uploading would typically be met with an error.

Starting with this release, xrootd and http uploads will block until post-processing has completed. Any errors are propagated back to the client by the pool, and once the client is disconnected, it is guaranteed that the file is fully registered in Chimera.

Reduced memory consumption in pools with Berkeley DB backend

The memory consumption of pools using the Berkeley DB backend has been drastically reduced. The on-disk representation is unchanged.

Pool manager drops obsolete configuration command

The obsolete psu set linkGroup attribute command has been removed. The command had no effect. Sites are encouraged to check the pressence of this command in their poolmanager.conf file before updating. If pressent, the command can be removed by running save in the poolmanager service.

Space manager changes authorization policy for unowned reservations

In previous releases, unowned reservations could be released by anybody. Since this is unlikely to be desirable, this release changes the semantics such that reservations without an owner can only be released by the admin.

SRM enables history logging by default

The SRM supports writing a detailed log of all request state changes to the SRM database. This information is very valuable when one wants to reconstruct the events related to a transfer, for instance, when debugging why a particular transfer failed.

In previous releases this feature was disabled by default due to fear that it would overload the SRM database. Recent releases have however improved database performance in SRM to the point that we now change to enabling history logging by default.

At the same time we changed the default for when data is persistet to the database. This means that although all state transitions are by default recorded in the database, the database is not necessarily updated upon every state transition. This further reduces the database overhead of history logging.

Site specific srmPing attributes

The SRM protocol allows the srmPing reply to contain site specific key-value pairs. With this release, custom key-value pairs may be added in the dCache configuration using the srm.ping-extra-info properties.

Transfer managers service removes runtime database configuration

The admin commands set dbUrl, set dbUser and set dbpass have been dropped.

Webadmin HTML contains dCache version

The webadmin now includes a meta tag reporting the dCache version.

Webadmin features improved navigation bar

The navigation bar now disables the links to disabled pages.

Webadmin no longer exports the info service

The info service can no longer be access through webadmin. The info service is still exposed through the /info path of the httpd service and this is the preferred interface for scripts and other services to query the info service.

Updated httpd service configuration

The httpd service has been heavily refactored. The set update command that was lost in previous releases is once again exposed in the admin shell. The arguments to the ‘set webapp’ command have changed, which means that sites having a custom httpd.conf file likely have to adjust the configuration on update.

The httpd.container.webapps.tmp-dir propery is obsolete as WAR files are no longer unpacked.

WebDAV doors always use JGlobus for https

The WebDAV door previously had the choice of two different https implementations: The plain https setting would use Java’s TLS implementation, while the https-jglobus setting would use the TLS implementation for JGlobus.

In recent years, the two choices actually both used the TLS implementation bundled with Java. The difference between the two was merely how they dealt with certificate handling and internal abstractions. In dCache 2.11, the two code bases were further consolidated to the point that in this release we adopt JGlobus certificate handling for the plain https setting. The https-jglobus setting is deprecated.

One consequence is that the WebDAV door now uses the certificates in /etc/grid-security/ rather than those imported using the dcache import commands.

One of the benefits of the JGlobus certificate handling is that it supports VOMS attributes.

WebDAV door supports parameterised directory templates

The HTML generated by the WebDAV door is cusomizable using a templating language. Starting with this release, configuration properties prefixed with webdav.templates.config are exposed to the template language. Several such properties have been predefined. Consult the information in the webdav.properties file for details.

Sites that have already customized the template will likely have to update the template.

WebDAV blocks access to files being uploaded

When generating a directory listing, the WebDAV door now greys out files that are still being uploaded, preventing the user from clicking a download link that would fail anyway.

Sites that have customized the HTML template will likely have to update the template.

New threading model for HTTP and xrootd movers

The threading model of HTTP and xrootd movers has changed due to an upgrade to the Netty 4 I/O framework. Socket I/O and disk I/O are now served by the same threads. The pool.mover.http.disk-threads property is deprecated and has been replaced by pool.mover.http.threads. pool.mover.http.socket-threads is marked as forbidden, while pool.mover.http.memory-per-connection and pool.mover.http.memory are marked as obsolete.

Xrootd doors are build on the same Netty I/O frame works as the HTTP and xrootd movers. The upgrade to Netty 4 has caused the xrootd.max-total-memory-size and xrootd.max-channel-memory-size to be obsolete.

Third party xrootd plugins have to be ported to Netty 4

Any third party channel handler plugin has to be ported to Netty 4 and xrootd4j 2 before it is compatible with dCache 2.12. Please contact the third party vendor for further details.

Information to developers: If you develop channel handler plugins, it is of utmost importance that your plugins do not perform blocking operations on the Netty threads. Any blocking operation has to be offloaded to a thread pool maintained by the plugin. Please contact support@dcache.org for details.

More uniform access logs

Most doors in dCache support generating a so called access log that records any interaction with clients talking to the doors. The logs share many similarities, but used slightly different formatting and attribute names for the same concepts. This has now been cleaned up. If you developed parsers for the access logs, you most likley have to update these.

Compress events logs

Event logs are a debugging feature that record low-level events in an easy to parse format. Event logs are disabled by default. If enabled, the logs are rotated daily and starting with this release the rotated logs are automatically compressed.

Localized time stamps in pinboard log

Timestamps in the in-memory pinboard log used to follow a 12 hour format. The format has now been localized, meaning it will follow the conventions of the current local.

Renamed and improved wait-for-cells script

The wait-for-cells script uses the info service to determine whether the supplied list of cells is currently running. If not, the script will wait a defined period for the cells to appear before terminating with an error. This release improces the script, strips the .sh suffix and moves it to /usr/sbin/.

Improved bash completion script

The script implementing bash completion for the dcache command has been extended and now supports all sub-commands.

Updated third party libraries

A large number of third party libraries have been updated. The improvements in those libraries are too many to list here, although it many cases not immediately apparent when using dCache.

Changelog from 2.11.0 to 2.12.0

[maven-release-plugin] prepare release 2.12.0
admin: Don’t send errors to stderr
cells: log bugs found by CellShell
cells: fix how bugs are reported from ac_ command.
pool: Fix bug in migration module upgrade logic
pnfsmanager: Fix upload to space token that conflicts with AL and RP tags
Fix: ChecksumChannel returns different checksum on second getChecksum
srm-client: Port delegation client to jline2
admin: Implement Ctrl-C to stop waiting for command
Downgrade maven-resources-plugin to fix build failure
ChecksumChannel: Support sparse files
admin, chimera, srm-client: Update to jline2
spacemanager: Change release authorization for unowned reservations
Fix valueSpec help parser
admin: Delete legacy shell implementation
pom: Update third party libraries
pom: Update to latest maven plugins
spacemanager: Fix NPE in listing space reservations
Maintain CDC of threads in decorated thread pool
spacemanager: Log unexpected exceptions
spacemanager: Refactor linkgroup selection
nfs-proxy: remove dcap based implementation
scripts: fix and update wait-for-cells
nfs-proxy: introduce nfsv4.1 based proxy
access: session is first item and log client socket once per FTP session
pool enable on flight checksum calculation for nfs
pool: Drop some dead code in netty transfer service
pool: Update csm defaults
srm: Enable history logging by default
ChecksumChannel: Allow checksumming on out of order writes
pool: Propagate post processing failures to HTTP clients
pool: Propagate post processing failures to xrootd client
update access log to record consistently client IP+port
add dcache.description property
tunnel: use toString if IOException#getMessage returns null
pool: Refactor how the http mover closes files on upload
Exclude cwd from classpath
pool: Refactor mover execution tracking in http and xrootd transfer services
pool: Unify channel handling between xrootd and http
pool: Rename several mover related methods
pool: Share execution code for http and xrootd
webdav: fix logging of unauthorized activity
ftp: log user’s identity only for the (successfully) command.
xrootd: Update Alice token plugin
pool: Separate success and failure flows on close in http and xrootd movers
pool: Make csm info and csm set use the same values
pool: Implement on-the-fly checksum calculation for xrootd
pool: Make port range explicit for http and xrootd mover
pool: Move common elements of xrootd and http transfer service into base class
pool: Merge NettyServer and TransferService for xrootd and http
pool: Use the door stub in http and xrootd transfer services
pool: Minor refactoring of how movers invoke post processing
xrootd,pool: Port HTTP and xrootd to Netty 4
pool: Propagate HTTP mover failures to pool
chimera: FsSqlDriver#isXxxKeyError accepts SQLException
commons: introduce SqlHelper#tryToRollback
gplazma: update error message for forbidden properties
spacemanager: add blocking option to update link groups command
srm: don’t list absent information in ls
access-log: unify approach to logging the user’s identity
pnfsmanager: log problems when creating upload directory
webdav: add support for parameterised templates
srm: include the reason why upload failed
bash-completion: update dcache bash-completion script
bash-completion: add dcache bash-completion script
chimera: fix race condition on remove
webadmin: ensure unique id attributes for all (currently) tested UI elements
poolmanager: do not use SimpleDateFormat
alarms: decouple remote log processing from local logging context
ftp: fix response if user fails to authenticate to weak FTP door
webadmin: make jquery selector specific to individual tables
webadmin: restore missing components to respect jquery script options
srm: remove the necessity for all scheduled activity have delegated credentials
nfs-proxy: introduce ProxyIoFactory interface
acl: do not check for null results of canXXX
srm: support handlers that do not require a delegated credential
srm: refactor user mapping
build: Add distribution management sections to pom
pool: Rename Mover#postprocess
Move info messages to dcache-vehicles
pool: Move nearline SPI to its own Maven module
nfs-proxy: remove proxy adapter on IO errors
ftp: fix invalid default for ftp.authz.readonly property
nfs-proxy: enable proxy-IO for exports with ‘nopnfs’
nfs-proxy: do not rely on presence of file size in FileAttributes
acl: posix always allows owner to update file attributes
pool: introduce configuration option ‘pool.service.door.timeout’
poolmanager: use thread pool to process write requests
Move vehicles to separate Maven module
webdav: fix double-slash bug by upgrading to patched milton
pool: Extend nearline storage SPI with path and custom error codes
dcap: make code cleanup
cells: add serialVersionId to DelayedReply
srm: refactor how request information is extracted
webdav: fix NullPointerException when PUT as a child of a file
cells: remove (finally) custom FIFO implementation
src: drop custom Base64 implementation
pool: use Expect: 100-continue for 3rd-party copy, support redirection
pool: work-around pool returning “201 Created” before upload is complete
srm: allow sites to configure additional TExtraInfo for srmPing responses
ftp: add user to access log
scripts: fix error meessage on java version mismatch
srm-client: reduce default logging for srmfs
nfs: remove handling of ‘nopnfs’ export option.
nfs: fix use of wrong ConcurrentHashMap implementation
libs: use nfs4j–0.10.0
pool: update NFS transfer service to validate inactive movers
common: use new java time API in NetLoggerBuilder
pool: Fix logging in HTTP mover
srm: Fix calculation of total number of requests
srm: Drop retry limit from Job object
webdav: Alternative to fixing return code of DELETE of absent file
dcap: Fix typo that causes GSI and auth dcap to use the wrong port
nfs: always reply FILE_SYNC4 on write
webadmin: fix login redirect bug
info-provider: fix publishing SRM port number
webdav: don’t log a stack-track when proxy transfer is interrupted
info-provider: remove dCacheDomain assumption.
webdav: make progress markers more robust
info-provider: don’t rely on interface order
webdav: ghost-out files that are currently being uploaded
cells: Fix message timeout in case of thread pool overflows
transfermanager: restore correct limit property on CopyManager
transfermanagers: Fix CopyManager
loginbroker: IPv6 enable and other improvements
chimera: handle NULL field of directory tags
transfermanager: fix billing stub initialization
nfs4: remove redundant code
transfermanager: fix bug in db property definition
pinmanager: Adjust pinmanager defaults
pool: Precompute rep ls -s output
pool: Reduce memory consumption of Berkeley DB backend
pool: Make EntryState#DESTROYED deprecated
Avoid StorageInfo for storage class, cache class and hsm
Incorporate DCAP and NFS style writes into Transfer class
Add storage class, cache class and hsm to FileAttributes
Use Java 8 for StorageInfo string internalization
Internalize common strings in StorageInfo
pool: Drop StorageInfo from CacheRepositoryEntryInfo
pool: Automatically calculate a gap if not specified in the configuration
Upgrade to LiquiBase 3.3.2
bootloader: Don’t fail on missing cell name
check-config: fix warning for deprecated properties
pool: Refactor FTP mover
pool: Fix regression preventing configuration to be reloaded
transfermanager: fix DataNucleus injection and persistence calls
transfermanager: convert to Universal Spring Cell
datanucleus: make configuration consistent
gitignore additions for IntelliJ
nfs4: add command to kill client by server short hand id
nfs41: respect nopnfs export option
libs: move to nfs4j–0.9.4
Do not rely on pressence of file size in FileAttributes
webdav,srm: provide useful log messages for SSL handshake failures.
logs: compress event logs when rotating
Elliminate the internal/external comparator of NetworkUtils
pool: Refactor FTP mover logging
pool: Fix regression causing FTP movers to default to proxy mode
nfs: Allow not to publish to loginbroker
pnfsmanager: Don’t report file size on create unless it is known
pool: Preserve HSM option ordering
cells: Delete pcells related classes
webdav: Fix reported content length for partial GETs
ftp: ensure client command line is available in access log
webdav: Fix return code on DELETE of absent file
chimera: setInodeAttributes have to throw FileNotFoundChimeraException
srm: fix semi-infinite ls range with non-zero offset
chimera: update chimera API
chimera: relax mtime update validatrion in the tests
srm: Some automated refactorings
Drop deprecated fields
Switch to using GlobusPrincipal from JGlobus 2
Refactor NetworkUtils to reduce redundancy
Add caching of local addresses
pool: Improve selection of listening address
pool: Improve selection of listening address
chimera: do not shutdown jdbc dataSource on close
pool: Partially fix interface selection for FTP mover
ftp: Clean up address handling
pool: Fix typo that breaks pool.mover.ftp.allow-incoming-connections
shell: fix shell oracle for configuration keys with a space
chimera: handle setattr on levels as on a regular files
nfs: show current proxy-io transfers in the door
chimera-cli: fix chown
dcap: Fix regression in published protocol family
ftp: fix help output
loginmanager: Fix leak caused by absent child limit
spacemanager: Fix null constraints and other schema migration issues
spacemanager: Move dcache.enable.space-reservation to proper file
ftp: Some simple refactorings identified by IntelliJ
Fix typo in PnfsManager
pool: Simplify synchronization in nearline storage handler
alarms: Fix several resource leak and shutdown problems
alarms: Detach alarms appender on shutdown
Port billing indexer to Java 8
ssh: Allow empty lines and comments marked by hash in authorized_keys2
logback: revert commit 1cc57b1efaced76d22e5b561f861c6daf981f249
dcap: check for url in some commands
pool: Fix shutdown of nearline storage subsystem
admin: Fix error reporting
pool: add Io mode into mover’s status line
Make use of streams API
spacemanager: Make use of lambda expressions and other minor fixes
Use lambda expressions when suitable
Make use of improved diamond operator
spacemanager: Get rid of access latency and retention policy defaults
When introduced we had no other way to set custom log levels than to have a logback.xml specific to system-test. Nowadays log levels can be adjusted through properties in our regular configuration files. Hence, there is no need for the custom logback configuration.
Ensure that LoginManager threads are terminated on shutdown
pool: Expose error code to migration task callback
pool: Refactor migration module task to decouple it further from the pool
logback.xml: Replace layout by encoder
nfs: stop embedded portmap on shutdown
libs: update to nfs4j–0.9.3
nfs: return correct verifier on WRITE and COMMIT
poolmanager: Fix full pool detection for WASS
ftp: Relax requirements for EPSV and EPRT
srm,webdav,httpd: Log SSL handshake failures
ftp: Relax requirements for EPSV and EPRT
Upgrade to Milton 2.6
nfs: set file size in namespace on stable_how is FILE_SYNC4
info: Reduce safety limit to 50 ms
pool: reorder ip addresses returned to NFS client
chimera-provider: do not get file attributes prior update
chimera: make Stat aware of defined attributes
pnfsmanager: update atime on get attribute if desired
pool: Fix ISE when flushing deleted file
httpd: Drop info pages from webadmin
info: Reduce delay between messages
pnfsmanager: Propagate cleaner errors to RemoteNameSpaceProvider
spacemanager: Fix various error recovery scenarios
datanucleus: use persistence units
update schema version from 3.0 to 3.1
xrootd: Propagate mover errors to dCache
pool: Restore flush and stage stats in info
dcap: refactor PnfsSessionHandler to unify permission check and url handling
pool: Improve xrootd error message on missing UUID
cells: Drop support for auto starting CellAdapter
cells: Get rid of thread local holding the current message
cells: Reduce coupling between CellAdapter and CommandInterpreter
Fix NPE in cell initialization
Upgrade to latest version of third party libs
Fix NPE in httpd service
pool: Avoid interrupting Berkeley DB in migration module server
dcache-webadmin: revert rrd data source names
cells: Refine TTL discard message
pool: Fix cleaning of stale locations
xrootd,pool: Fix xrootd and http logging context
Update to HikariCP 2.2.4
jetty: update webdefault.xml to adhere to new specification
gplazma2-htpasswd: Avoid deprecated Guava classes
httpd: Integrate handlers into spring wiring
doors: Add pnfs ID to billing remove entries
Limit MessageCallback to Message
webadmin: Fix ClassCastException in cell admin
webadmin: remove redundant head element in alarms panel html
dcache-webadmin: change output field of cell admin page to monospace font
srm-server: add servlet webapp–2.3.dtd file
dcache-webadmin: eliminate clojure dependency
libs: update to nfs4j–0.9.2
dcache-xrootd: Extend and improve xrootd access log plugin
chimera: Avoid deprecated Guava calls
gplazma-ldap: pull only required attribute
gplazma-ldap: support uniqueMember based group membership query
nfs-proxy: kill mover on close
system-test: move alarms service to dCacheDomain
srm: Java 8 related updates
pool: Minor cleanup of xrootd logging
srm,webadmin,httpd: Upgrade to Jetty 9.2.4
webadmin: add meta tags to discover dCache version
libs: update jglobus to 2.0.6-rc8.d
pool: use entry’s actual LastAccessTime to update namespace
webadmin: refactor navigation bar
srm: Enable legacy GSI close by default
xrootd: Add access-log plugin
cells: Port pinboard to Java 8
fix WebDAV door logging stacktrace on USERINFO request
Move to Java 8
Revert “cells: Improve pinboard”
cells: Improve pinboard
xrootd: Initialize session
imera: protect against NPE in FsSqlDriver#read
chimera: prevent attempts to remove ‘.’ and ‘..’
Fix indentation
pool: Replace parboiled library with grappa
httpd: Refactor handler instantiation
httpd: Refactor wiring code
doors: Shorten session and initiator strings
spacemanager: Avoid a transaction deadlock and reduce DB overhead
pom:update scm and ci urls
dcap: Drop dead code
webdav: Drop plain https connector
Rename Transfer#sessionId to Transfer#id
ftp,dcap: Make cell names unique accross restarts
cells: Add Args#getBooleanOption utility methods
dcap: Initialize CDC session
srm: Fix logging of DN to access log
webdav,srm: Do not manage life cycle of Jetty thread pool
srm-client: Report file level errors
releases: update dCache version to v2.12