workernode gateway certs have *.echo.stfc.ac.uk SANs - set up an xrootd-gateway.echo.stfc.ac.uk DNS host poisoning to redirect to the gateway container
rgw keyring needs to be write enabled, voms-authdb have read/write permissions
switch proxy origin to xrootd-gateway.echo.stfc.ac.uk and poison the DNS
something went wrong on the container (missing symbol for rados) but otherwise seems ok
succeeded this morning
on future of batch farm - cloud provisioning cannot use gsi out of the box - hard to get fixed hostname
100s of jobs on single hosts - WN gws are single points of failure but are a lot more stable now
standard solution is some sort of CMSD hierarchy, but there’s no network proximity heuristics currently.
current solution has benefits - reduces network traffic as WNs essentially talk directly to echo network wise