[containers] build xrootd5 images

966e347e · MUSSET Paul · 59dcafeb · 966e347e · 966e347e · 966e347e
Commit 966e347e authored Jan 28, 2021 by MUSSET Paul
4 changed files
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -6,34 +6,43 @@ stages:
    name: gcr.io/kaniko-project/executor:debug
    entrypoint: [""]
  variables:
-    TAG: ""
    DIRECTORY: ""
    IMAGE_NAME: ""
  script:
    - echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}}" > /kaniko/.docker/config.json
    - /kaniko/executor --context "$CI_PROJECT_DIR/$DIRECTORY" --dockerfile "$CI_PROJECT_DIR/$DIRECTORY/Dockerfile" --destination "$CI_REGISTRY_IMAGE/$IMAGE_NAME" 

-build_xcache:
+build_xcache_stable:
  extends:
    - .build
  stage: build
  variables:
-    TAG: ${CI_COMMIT_REF_SLUG}
-    DIRECTORY: containers/images/xcache/
-    IMAGE_NAME: xcache:${CI_COMMIT_REF_SLUG}
+    DIRECTORY: containers/images/xcache/stable
+    IMAGE_NAME: xcache_stable:${CI_COMMIT_REF_SLUG}
  rules:
    - if: '$CI_COMMIT_BRANCH != "master"'
      changes:
-        - containers/images/xcache/Dockerfile
+        - containers/images/xcache/stable/Dockerfile
+
+build_xcache_testing:
+  extends:
+    - .build
+  stage: build
+  variables:
+    DIRECTORY: containers/images/xcache/testing
+    IMAGE_NAME: xcache_testing:${CI_COMMIT_REF_SLUG}
+  rules:
+    - if: '$CI_COMMIT_BRANCH != "master"'
+      changes:
+        - containers/images/xcache/stable/Dockerfile

 build_xcache_master:
  extends:
    - .build
  stage: build
  variables:
-    TAG: ""
    DIRECTORY: containers/images/xcache/
-    IMAGE_NAME: xcache
+    IMAGE_NAME: xcache_stable
  rules:
    - if: '$CI_COMMIT_BRANCH == "master"'
      changes:
@@ -44,7 +53,6 @@ build_voms_proxy_init:
    - .build
  stage: build
  variables:
-    TAG: ${CI_COMMIT_REF_SLUG}
    DIRECTORY: containers/images/voms-proxy-init/
    IMAGE_NAME: voms-proxy-init:${CI_COMMIT_REF_SLUG}
  rules:
@@ -58,7 +66,6 @@ build_voms_proxy_init_master:
    - .build
  stage: build
  variables:
-    TAG: ""
    DIRECTORY: containers/images/voms-proxy-init/
    IMAGE_NAME: voms-proxy-init
  rules:

--- a/containers/images/xcache/Dockerfile
+++ b/containers/images/xcache/Dockerfile
--- a/containers/images/xcache/xrootd-stable-slc7.repo
+++ b/containers/images/xcache/xrootd-stable-slc7.repo
--- a/containers/images/xcache/testing/Dockerfile
+++ b/containers/images/xcache/testing/Dockerfile
+# XCache image
+FROM centos:7
+ARG xrootdversion=5.1.0
+
+ADD https://xrootd.slac.stanford.edu/binaries/xrootd-testing-slc7.repo /etc/yum.repos.d/xrootd-testing-slc7.repo
+
+RUN  yum install --nogpg -y epel-release\
+  && yum install --nogpg -y xrootd-server-${xrootdversion}
+
+# Have the predefined uid/gid for xrootd to enable easy access to volumes 
+RUN xrootd_uid=$(id -u xrootd)\
+  && xrootd_gid=$(id -g xrootd)\
+  && groupmod -g 9999 xrootd\
+  && usermod -u 9998 xrootd\
+  && find / -group ${xrootd_gid} -user ${xrootd_gid} -type d -execdir chown xrootd:xrootd {} \; 
+
+# Config directory
+RUN mkdir -p /etc/xrootd/\
+  && chown xrootd:xrootd /etc/xrootd
+
+# Directory keeping the namespace
+RUN mkdir -p /mnt/xcache/ns/\
+  && chown xrootd:xrootd /mnt/xcache/ns/
+
+# Directory keeping the metadata
+RUN mkdir -p /mnt/xcache/metadata/\
+  && chown xrootd:xrootd /mnt/xcache/metadata/
+
+# Directory to mount the data disks. need to have same uid+gid on host and container
+RUN mkdir -p /mnt/xcache/storage\
+  && chown xrootd:xrootd /mnt/xcache/storage/
+
+# For now checking crl is disabled in xcache config file
+# Might have to be later to be put in a volume. with a container spawning every n hours doing the fetch crl
+# install ca certificates 
+ADD http://repository.egi.eu/sw/production/cas/1/current/repo-files/EGI-trustanchors.repo /etc/yum.repos.d/EGI-trustanchors.repo
+RUN yum install --nogpg -y ca-policy-lcg
+
+# problem with xrdcl-http not looking /etc/grid-security
+RUN cp /etc/grid-security/certificates/*.pem /etc/pki/ca-trust/source/anchors/\
+ && update-ca-trust extract
+
+# Certificates directory
+RUN mkdir /etc/grid-security/xrd/\
+  && chown xrootd:xrootd /etc/grid-security/xrd/  
+
+# Steps for certificates authentication
+# Get VOMS Files
+ADD https://indigo-iam.github.io/escape-docs/voms-config/voms-escape.cloud.cnaf.infn.it.vomses /etc/vomses/
+ADD https://indigo-iam.github.io/escape-docs/voms-config/voms-escape.cloud.cnaf.infn.it.lsc /etc/grid-security/vomsdir/escape/
+RUN chmod 644 /etc/vomses/voms-escape.cloud.cnaf.infn.it.vomses /etc/grid-security/vomsdir/escape/voms-escape.cloud.cnaf.infn.it.lsc
+
+# Install the VO info extractor
+RUN yum install --nogpg -y xrootd-voms-${xrootdversion}
+
+ENV X509_USER_PROXY=/tmp/proxy-certificate/certificate
+
+RUN mkdir -p /tmp/proxy-certificate\
+  && chown xrootd:xrootd /tmp/proxy-certificate
+
+# Install the scitoken plugin
+RUN yum install --nogpg -y xrootd-scitokens-${xrootdversion} 
+
+# HTTP xroot client library
+RUN yum install --nogpg -y xrdcl-http-${xrootdversion}\
+  && rm -rf /etc/xrootd
+
+
+
+RUN yum clean all
+
+USER xrootd:xrootd
+CMD ["xrootd","-d","-c","/etc/xrootd/xcache-config.cfg","-n","xcache"]