Dockerfile 2.59 KB
Newer Older
1 2
# XCache image
FROM centos:7
3
ARG xrootdversion=5.1.0
4

5
ADD https://xrootd.slac.stanford.edu/binaries/xrootd-testing-slc7.repo /etc/yum.repos.d/xrootd-testing-slc7.repo
6 7

RUN  yum install --nogpg -y epel-release\
8
  && yum install --nogpg -y xrootd-server-${xrootdversion}
9 10 11 12 13 14 15 16 17

# Have the predefined uid/gid for xrootd to enable easy access to volumes 
RUN xrootd_uid=$(id -u xrootd)\
  && xrootd_gid=$(id -g xrootd)\
  && groupmod -g 9999 xrootd\
  && usermod -u 9998 xrootd\
  && find / -group ${xrootd_gid} -user ${xrootd_gid} -type d -execdir chown xrootd:xrootd {} \; 

# Config directory
18
RUN mkdir -p /etc/xrootd/\
19 20
  && chown xrootd:xrootd /etc/xrootd

21
# Directory keeping the namespace
MUSSET Paul's avatar
MUSSET Paul committed
22 23
RUN mkdir -p /mnt/xcache/ns/\
  && chown xrootd:xrootd /mnt/xcache/ns/
24 25

# Directory keeping the metadata
26 27
RUN mkdir -p /mnt/xcache/metadata/\
  && chown xrootd:xrootd /mnt/xcache/metadata/
28 29

# Directory to mount the data disks. need to have same uid+gid on host and container
MUSSET Paul's avatar
MUSSET Paul committed
30
RUN mkdir -p /mnt/xcache/storage\
MUSSET Paul's avatar
MUSSET Paul committed
31
  && chown xrootd:xrootd /mnt/xcache/storage/
32 33 34 35 36 37 38

# For now checking crl is disabled in xcache config file
# Might have to be later to be put in a volume. with a container spawning every n hours doing the fetch crl
# install ca certificates 
ADD http://repository.egi.eu/sw/production/cas/1/current/repo-files/EGI-trustanchors.repo /etc/yum.repos.d/EGI-trustanchors.repo
RUN yum install --nogpg -y ca-policy-lcg

39 40 41 42
# problem with xrdcl-http not looking /etc/grid-security
RUN cp /etc/grid-security/certificates/*.pem /etc/pki/ca-trust/source/anchors/\
 && update-ca-trust extract

43 44 45 46 47 48 49 50 51 52 53
# Certificates directory
RUN mkdir /etc/grid-security/xrd/\
  && chown xrootd:xrootd /etc/grid-security/xrd/  

# Steps for certificates authentication
# Get VOMS Files
ADD https://indigo-iam.github.io/escape-docs/voms-config/voms-escape.cloud.cnaf.infn.it.vomses /etc/vomses/
ADD https://indigo-iam.github.io/escape-docs/voms-config/voms-escape.cloud.cnaf.infn.it.lsc /etc/grid-security/vomsdir/escape/
RUN chmod 644 /etc/vomses/voms-escape.cloud.cnaf.infn.it.vomses /etc/grid-security/vomsdir/escape/voms-escape.cloud.cnaf.infn.it.lsc

# Install the VO info extractor
54
RUN yum install --nogpg -y xrootd-voms-${xrootdversion}
55 56 57 58 59 60

ENV X509_USER_PROXY=/tmp/proxy-certificate/certificate

RUN mkdir -p /tmp/proxy-certificate\
  && chown xrootd:xrootd /tmp/proxy-certificate

61 62 63
# Install the scitoken plugin
RUN yum install --nogpg -y xrootd-scitokens-${xrootdversion} 

64
# HTTP xroot client library
65
RUN yum install --nogpg -y xrdcl-http-${xrootdversion}\
66 67
  && rm -rf /etc/xrootd

68

69

70
RUN yum clean all
71 72 73

USER xrootd:xrootd
CMD ["xrootd","-d","-c","/etc/xrootd/xcache-config.cfg","-n","xcache"]