setup-method.txt

STANDALONE SERVER INSTRUCTIONS
1) Install a Server with an fresh, updated EL version. Mount the data volume on it.
2) Install the EPEL repos
3) Add the CA rpm repo and install the ca rpm
(optional) Add the xrootd user and group with UID/GID you desire (or the rpm install will create them with defaults).
4) Prod the hole in your firewall for the desired port - you only really need tcp port 1094 if having xroot and http on the same port
5) Add the host certificates and keys to /etc/grid-security. Add xrootd user/group owned copies of the same files.
6) Create a vomsdir in /etc/grid-security and populate it.
7) Install the xrootd packages (list)
8) Add/edit xrootd-$service config in /etc/xrootd. Most obvious change is the export path to your data volume.
9) Create a macaroon secret in /etc/xrootd and change ownership to xrootd.xrootd
10) Create the authdb file
11) Add the scitokens.cfg if using - if not remove references from the xrootd config.
12) Make sure the xrootd user has the accesses you desire to the data in the data volume. This suggested setup has no user/context switching.
13) Start the xroot process with systemctl start xrootd@$service. Note that it does a lot of config checking at the start.
14) Logs by default are in /var/log/xrootd/$service/xrootd.log - if failing to start clues will be in here.

REDIRECTOR INSTRUCTIONS
1)install as above - recommend testing out a standalone server first.
2)Setup redirector and data-server configs - you can be clever and meld all this into one but I don't think that's worth while.
3)On the redirector systemctl start cmsd@<redirector config> and xrootd@<redirector config>
4)On the data server start the same services using the @<data-server config>
5)You can run a data server and redirector on the same node.
NOTE - be sure to that redirectors and servers can freely communicate - firewall or IPv6 problems can cause issues.