Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Docker-in-Docker (DinD) capabilities of public runners deactivated.
More info
Open sidebar
Escape European project @ CC
xcache-config
Commits
966e347e
Commit
966e347e
authored
Jan 28, 2021
by
MUSSET Paul
Browse files
[containers] build xrootd5 images
parent
59dcafeb
Pipeline
#101363
passed with stage
in 2 minutes and 43 seconds
Changes
4
Pipelines
1
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
90 additions
and
10 deletions
+90
-10
.gitlab-ci.yml
.gitlab-ci.yml
+17
-10
containers/images/xcache/stable/Dockerfile
containers/images/xcache/stable/Dockerfile
+0
-0
containers/images/xcache/stable/xrootd-stable-slc7.repo
containers/images/xcache/stable/xrootd-stable-slc7.repo
+0
-0
containers/images/xcache/testing/Dockerfile
containers/images/xcache/testing/Dockerfile
+73
-0
No files found.
.gitlab-ci.yml
View file @
966e347e
...
...
@@ -6,34 +6,43 @@ stages:
name
:
gcr.io/kaniko-project/executor:debug
entrypoint
:
[
"
"
]
variables
:
TAG
:
"
"
DIRECTORY
:
"
"
IMAGE_NAME
:
"
"
script
:
-
echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}}" > /kaniko/.docker/config.json
-
/kaniko/executor --context "$CI_PROJECT_DIR/$DIRECTORY" --dockerfile "$CI_PROJECT_DIR/$DIRECTORY/Dockerfile" --destination "$CI_REGISTRY_IMAGE/$IMAGE_NAME"
build_xcache
:
build_xcache
_stable
:
extends
:
-
.build
stage
:
build
variables
:
TAG
:
${CI_COMMIT_REF_SLUG}
DIRECTORY
:
containers/images/xcache/
IMAGE_NAME
:
xcache:${CI_COMMIT_REF_SLUG}
DIRECTORY
:
containers/images/xcache/stable
IMAGE_NAME
:
xcache_stable:${CI_COMMIT_REF_SLUG}
rules
:
-
if
:
'
$CI_COMMIT_BRANCH
!=
"master"'
changes
:
-
containers/images/xcache/Dockerfile
-
containers/images/xcache/stable/Dockerfile
build_xcache_testing
:
extends
:
-
.build
stage
:
build
variables
:
DIRECTORY
:
containers/images/xcache/testing
IMAGE_NAME
:
xcache_testing:${CI_COMMIT_REF_SLUG}
rules
:
-
if
:
'
$CI_COMMIT_BRANCH
!=
"master"'
changes
:
-
containers/images/xcache/stable/Dockerfile
build_xcache_master
:
extends
:
-
.build
stage
:
build
variables
:
TAG
:
"
"
DIRECTORY
:
containers/images/xcache/
IMAGE_NAME
:
xcache
IMAGE_NAME
:
xcache
_stable
rules
:
-
if
:
'
$CI_COMMIT_BRANCH
==
"master"'
changes
:
...
...
@@ -44,7 +53,6 @@ build_voms_proxy_init:
-
.build
stage
:
build
variables
:
TAG
:
${CI_COMMIT_REF_SLUG}
DIRECTORY
:
containers/images/voms-proxy-init/
IMAGE_NAME
:
voms-proxy-init:${CI_COMMIT_REF_SLUG}
rules
:
...
...
@@ -58,7 +66,6 @@ build_voms_proxy_init_master:
-
.build
stage
:
build
variables
:
TAG
:
"
"
DIRECTORY
:
containers/images/voms-proxy-init/
IMAGE_NAME
:
voms-proxy-init
rules
:
...
...
containers/images/xcache/Dockerfile
→
containers/images/xcache/
stable/
Dockerfile
View file @
966e347e
File moved
containers/images/xcache/xrootd-stable-slc7.repo
→
containers/images/xcache/
stable/
xrootd-stable-slc7.repo
View file @
966e347e
File moved
containers/images/xcache/testing/Dockerfile
0 → 100644
View file @
966e347e
# XCache image
FROM
centos:7
ARG
xrootdversion=5.1.0
ADD
https://xrootd.slac.stanford.edu/binaries/xrootd-testing-slc7.repo /etc/yum.repos.d/xrootd-testing-slc7.repo
RUN
yum
install
--nogpg
-y
epel-release
\
&&
yum
install
--nogpg
-y
xrootd-server-
${
xrootdversion
}
# Have the predefined uid/gid for xrootd to enable easy access to volumes
RUN
xrootd_uid
=
$(
id
-u
xrootd
)
\
&&
xrootd_gid
=
$(
id
-g
xrootd
)
\
&&
groupmod
-g
9999 xrootd
\
&&
usermod
-u
9998 xrootd
\
&&
find /
-group
${
xrootd_gid
}
-user
${
xrootd_gid
}
-type
d
-execdir
chown
xrootd:xrootd
{}
\;
# Config directory
RUN
mkdir
-p
/etc/xrootd/
\
&&
chown
xrootd:xrootd /etc/xrootd
# Directory keeping the namespace
RUN
mkdir
-p
/mnt/xcache/ns/
\
&&
chown
xrootd:xrootd /mnt/xcache/ns/
# Directory keeping the metadata
RUN
mkdir
-p
/mnt/xcache/metadata/
\
&&
chown
xrootd:xrootd /mnt/xcache/metadata/
# Directory to mount the data disks. need to have same uid+gid on host and container
RUN
mkdir
-p
/mnt/xcache/storage
\
&&
chown
xrootd:xrootd /mnt/xcache/storage/
# For now checking crl is disabled in xcache config file
# Might have to be later to be put in a volume. with a container spawning every n hours doing the fetch crl
# install ca certificates
ADD
http://repository.egi.eu/sw/production/cas/1/current/repo-files/EGI-trustanchors.repo /etc/yum.repos.d/EGI-trustanchors.repo
RUN
yum
install
--nogpg
-y
ca-policy-lcg
# problem with xrdcl-http not looking /etc/grid-security
RUN
cp
/etc/grid-security/certificates/
*
.pem /etc/pki/ca-trust/source/anchors/
\
&&
update-ca-trust extract
# Certificates directory
RUN
mkdir
/etc/grid-security/xrd/
\
&&
chown
xrootd:xrootd /etc/grid-security/xrd/
# Steps for certificates authentication
# Get VOMS Files
ADD
https://indigo-iam.github.io/escape-docs/voms-config/voms-escape.cloud.cnaf.infn.it.vomses /etc/vomses/
ADD
https://indigo-iam.github.io/escape-docs/voms-config/voms-escape.cloud.cnaf.infn.it.lsc /etc/grid-security/vomsdir/escape/
RUN
chmod
644 /etc/vomses/voms-escape.cloud.cnaf.infn.it.vomses /etc/grid-security/vomsdir/escape/voms-escape.cloud.cnaf.infn.it.lsc
# Install the VO info extractor
RUN
yum
install
--nogpg
-y
xrootd-voms-
${
xrootdversion
}
ENV
X509_USER_PROXY=/tmp/proxy-certificate/certificate
RUN
mkdir
-p
/tmp/proxy-certificate
\
&&
chown
xrootd:xrootd /tmp/proxy-certificate
# Install the scitoken plugin
RUN
yum
install
--nogpg
-y
xrootd-scitokens-
${
xrootdversion
}
# HTTP xroot client library
RUN
yum
install
--nogpg
-y
xrdcl-http-
${
xrootdversion
}
\
&&
rm
-rf
/etc/xrootd
RUN
yum clean all
USER
xrootd:xrootd
CMD
["xrootd","-d","-c","/etc/xrootd/xcache-config.cfg","-n","xcache"]
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment