Commit 36663a9f authored by MUSSET Paul's avatar MUSSET Paul
Browse files

Merge branch 'stability' into 'dev'

Stability

See merge request !22
parents 63a1feb5 44cbe919
Pipeline #138781 passed with stage
in 2 minutes and 7 seconds
---
ansible_become: yes
storage_devices:
- vdc
- vdd
......
---
- name: start xcache
community.general.docker_compose:
project_src: /root/compose-config
project_name: xcache
remove_orphans: yes
pull: yes
state: present
vars:
ansible_python_interpreter: /usr/bin/python3
......@@ -15,34 +15,40 @@
ansible.builtin.template:
src: ../templates/docker-compose.yaml.j2
dest: /root/compose-config/docker-compose.yaml
- name: copy certificate
ansible.builtin.copy:
content: "{{ certificate }}"
owner: xrootd
group: xrootd
mode: '0600'
dest: /root/cert.pem
- name: copy private key
ansible.builtin.copy:
content: "{{ private_key }}"
owner: xrootd
group: xrootd
mode: '0400'
dest: /root/key.pem
notify: start xcache
- name: copy config files
ansible.builtin.copy:
src: ../files/config
dest: /root/compose-config/
notify: start xcache
- name: launch docker compose
community.general.docker_compose:
project_src: /root/compose-config
project_name: xcache
remove_orphans: yes
pull: yes
state: present
vars:
ansible_python_interpreter: /usr/bin/python3
- name: copy necessary files for authN/authZ
block:
- name: copy certificate
ansible.builtin.copy:
content: "{{ certificate }}"
owner: xrootd
group: xrootd
mode: '0600'
dest: /root/cert.pem
- name: copy private key
ansible.builtin.copy:
content: "{{ private_key }}"
owner: xrootd
group: xrootd
mode: '0400'
dest: /root/key.pem
- name: copy authfile
ansible.builtin.copy:
src: ../files/Authfile
dest: /root/compose-config/config
when: auth is defined and auth == true
- name: copy xcache-config
ansible.builtin.template:
src: ../templates/xcache-config.cfg.j2
dest: /root/compose-config/config/xcache-config.cfg
notify: start xcache
......@@ -5,8 +5,10 @@ services:
image: gitlab-registry.in2p3.fr/cc-escape/xcache-config/xcache:dev
ports:
- "1094:1094"
{% if auth is defined and auth %}
depends_on:
- voms-renewer
{% endif %}
volumes:
- type: bind
source: /mnt/xcache/ns
......@@ -22,6 +24,7 @@ services:
- type: bind
source: ./config
target: /etc/xrootd
{% if auth is defined and auth %}
- type: volume
source: proxy-certificate
target: /tmp/proxy-certificate
......@@ -32,8 +35,10 @@ services:
- source: key
target: xrdkey.pem
mode: 0400
{% endif %}
restart: always
{% if auth is defined and auth %}
voms-renewer:
image: gitlab-registry.in2p3.fr/cc-escape/xcache-config/voms-proxy-init:dev
ports:
......@@ -50,6 +55,7 @@ services:
target: xrdkey.pem
mode: 0400
restart: always
{% endif %}
{% if test_machine is defined and test_machine %}
flusher:
......@@ -57,7 +63,6 @@ services:
ports:
- "80:80"
depends_on:
- voms-renewer
- xcache
volumes:
- type: bind
......@@ -78,12 +83,12 @@ services:
FLUSHER_PORT: 80
{% endif %}
networks:
default:
driver_opts:
com.docker.network.driver.mtu: 1442
{% if auth is defined and auth %}
secrets:
cert:
file: /root/cert.pem
......@@ -92,3 +97,4 @@ secrets:
volumes:
proxy-certificate:
{% endif %}
......@@ -13,7 +13,7 @@ ofs.osslib libXrdPss.so
pss.cachelib libXrdFileCache.so
# Namespace (contains link to the actual data)
oss.localroot /mnt/xcache/ns
oss.localroot /mnt/xcache/ns/
# Metadata directories (cinfo files)
oss.space meta /mnt/xcache/metadata
......@@ -27,10 +27,12 @@ pfc.spaces data meta
# add http support
if exec xrootd
xrd.protocol http libXrdHttp.so
{% if auth is defined and auth %}
http.cadir /etc/grid-security/certificates
http.cert /run/secrets/xrdcert.pem
http.key /run/secrets/xrdkey.pem
http.secxtractor libXrdSecgsiVOMS.so
{% endif %}
fi
# cache log level
......@@ -41,6 +43,7 @@ fi
# sec.trace all
{% if auth is defined and auth %}
# authentication
xrootd.seclib libXrdSec.so
sec.protocol gsi -crl:0 -cert:/run/secrets/xrdcert.pem -key:/run/secrets/xrdkey.pem -gridmap:/dev/null -vomsfun:/usr/lib64/libXrdVoms.so -vomsfunparms:vos=escape
......@@ -49,3 +52,4 @@ sec.protbind * gsi
# authorization
ofs.authorize 1
acc.authdb /etc/xrootd/Authfile
{% endif %}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment