Docker-in-Docker (DinD) capabilities of public runners deactivated. More info

Commit 36663a9f authored by MUSSET Paul's avatar MUSSET Paul
Browse files

Merge branch 'stability' into 'dev'

Stability

See merge request !22
parents 63a1feb5 44cbe919
Pipeline #138781 passed with stage
in 2 minutes and 7 seconds
---
ansible_become: yes
storage_devices:
- vdc
- vdd
......
---
- name: start xcache
community.general.docker_compose:
project_src: /root/compose-config
project_name: xcache
remove_orphans: yes
pull: yes
state: present
vars:
ansible_python_interpreter: /usr/bin/python3
......@@ -15,34 +15,40 @@
ansible.builtin.template:
src: ../templates/docker-compose.yaml.j2
dest: /root/compose-config/docker-compose.yaml
- name: copy certificate
ansible.builtin.copy:
content: "{{ certificate }}"
owner: xrootd
group: xrootd
mode: '0600'
dest: /root/cert.pem
- name: copy private key
ansible.builtin.copy:
content: "{{ private_key }}"
owner: xrootd
group: xrootd
mode: '0400'
dest: /root/key.pem
notify: start xcache
- name: copy config files
ansible.builtin.copy:
src: ../files/config
dest: /root/compose-config/
notify: start xcache
- name: launch docker compose
community.general.docker_compose:
project_src: /root/compose-config
project_name: xcache
remove_orphans: yes
pull: yes
state: present
vars:
ansible_python_interpreter: /usr/bin/python3
- name: copy necessary files for authN/authZ
block:
- name: copy certificate
ansible.builtin.copy:
content: "{{ certificate }}"
owner: xrootd
group: xrootd
mode: '0600'
dest: /root/cert.pem
- name: copy private key
ansible.builtin.copy:
content: "{{ private_key }}"
owner: xrootd
group: xrootd
mode: '0400'
dest: /root/key.pem
- name: copy authfile
ansible.builtin.copy:
src: ../files/Authfile
dest: /root/compose-config/config
when: auth is defined and auth == true
- name: copy xcache-config
ansible.builtin.template:
src: ../templates/xcache-config.cfg.j2
dest: /root/compose-config/config/xcache-config.cfg
notify: start xcache
......@@ -5,8 +5,10 @@ services:
image: gitlab-registry.in2p3.fr/cc-escape/xcache-config/xcache:dev
ports:
- "1094:1094"
{% if auth is defined and auth %}
depends_on:
- voms-renewer
{% endif %}
volumes:
- type: bind
source: /mnt/xcache/ns
......@@ -22,6 +24,7 @@ services:
- type: bind
source: ./config
target: /etc/xrootd
{% if auth is defined and auth %}
- type: volume
source: proxy-certificate
target: /tmp/proxy-certificate
......@@ -32,8 +35,10 @@ services:
- source: key
target: xrdkey.pem
mode: 0400
{% endif %}
restart: always
{% if auth is defined and auth %}
voms-renewer:
image: gitlab-registry.in2p3.fr/cc-escape/xcache-config/voms-proxy-init:dev
ports:
......@@ -50,6 +55,7 @@ services:
target: xrdkey.pem
mode: 0400
restart: always
{% endif %}
{% if test_machine is defined and test_machine %}
flusher:
......@@ -57,7 +63,6 @@ services:
ports:
- "80:80"
depends_on:
- voms-renewer
- xcache
volumes:
- type: bind
......@@ -78,12 +83,12 @@ services:
FLUSHER_PORT: 80
{% endif %}
networks:
default:
driver_opts:
com.docker.network.driver.mtu: 1442
{% if auth is defined and auth %}
secrets:
cert:
file: /root/cert.pem
......@@ -92,3 +97,4 @@ secrets:
volumes:
proxy-certificate:
{% endif %}
......@@ -13,7 +13,7 @@ ofs.osslib libXrdPss.so
pss.cachelib libXrdFileCache.so
# Namespace (contains link to the actual data)
oss.localroot /mnt/xcache/ns
oss.localroot /mnt/xcache/ns/
# Metadata directories (cinfo files)
oss.space meta /mnt/xcache/metadata
......@@ -27,10 +27,12 @@ pfc.spaces data meta
# add http support
if exec xrootd
xrd.protocol http libXrdHttp.so
{% if auth is defined and auth %}
http.cadir /etc/grid-security/certificates
http.cert /run/secrets/xrdcert.pem
http.key /run/secrets/xrdkey.pem
http.secxtractor libXrdSecgsiVOMS.so
{% endif %}
fi
# cache log level
......@@ -41,6 +43,7 @@ fi
# sec.trace all
{% if auth is defined and auth %}
# authentication
xrootd.seclib libXrdSec.so
sec.protocol gsi -crl:0 -cert:/run/secrets/xrdcert.pem -key:/run/secrets/xrdkey.pem -gridmap:/dev/null -vomsfun:/usr/lib64/libXrdVoms.so -vomsfunparms:vos=escape
......@@ -49,3 +52,4 @@ sec.protbind * gsi
# authorization
ofs.authorize 1
acc.authdb /etc/xrootd/Authfile
{% endif %}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment