📣 An issue occured with the embedded container registry on October 25 2021, between 10:30 and 12:10 (UTC+2). Any persisting issues should be reported to CC-IN2P3 Support. 🐛

Commit 966e347e authored by MUSSET Paul's avatar MUSSET Paul
Browse files

[containers] build xrootd5 images

parent 59dcafeb
Pipeline #101363 passed with stage
in 2 minutes and 43 seconds
......@@ -6,34 +6,43 @@ stages:
name: gcr.io/kaniko-project/executor:debug
entrypoint: [""]
variables:
TAG: ""
DIRECTORY: ""
IMAGE_NAME: ""
script:
- echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}}" > /kaniko/.docker/config.json
- /kaniko/executor --context "$CI_PROJECT_DIR/$DIRECTORY" --dockerfile "$CI_PROJECT_DIR/$DIRECTORY/Dockerfile" --destination "$CI_REGISTRY_IMAGE/$IMAGE_NAME"
build_xcache:
build_xcache_stable:
extends:
- .build
stage: build
variables:
TAG: ${CI_COMMIT_REF_SLUG}
DIRECTORY: containers/images/xcache/
IMAGE_NAME: xcache:${CI_COMMIT_REF_SLUG}
DIRECTORY: containers/images/xcache/stable
IMAGE_NAME: xcache_stable:${CI_COMMIT_REF_SLUG}
rules:
- if: '$CI_COMMIT_BRANCH != "master"'
changes:
- containers/images/xcache/Dockerfile
- containers/images/xcache/stable/Dockerfile
build_xcache_testing:
extends:
- .build
stage: build
variables:
DIRECTORY: containers/images/xcache/testing
IMAGE_NAME: xcache_testing:${CI_COMMIT_REF_SLUG}
rules:
- if: '$CI_COMMIT_BRANCH != "master"'
changes:
- containers/images/xcache/stable/Dockerfile
build_xcache_master:
extends:
- .build
stage: build
variables:
TAG: ""
DIRECTORY: containers/images/xcache/
IMAGE_NAME: xcache
IMAGE_NAME: xcache_stable
rules:
- if: '$CI_COMMIT_BRANCH == "master"'
changes:
......@@ -44,7 +53,6 @@ build_voms_proxy_init:
- .build
stage: build
variables:
TAG: ${CI_COMMIT_REF_SLUG}
DIRECTORY: containers/images/voms-proxy-init/
IMAGE_NAME: voms-proxy-init:${CI_COMMIT_REF_SLUG}
rules:
......@@ -58,7 +66,6 @@ build_voms_proxy_init_master:
- .build
stage: build
variables:
TAG: ""
DIRECTORY: containers/images/voms-proxy-init/
IMAGE_NAME: voms-proxy-init
rules:
......
# XCache image
FROM centos:7
ARG xrootdversion=5.1.0
ADD https://xrootd.slac.stanford.edu/binaries/xrootd-testing-slc7.repo /etc/yum.repos.d/xrootd-testing-slc7.repo
RUN yum install --nogpg -y epel-release\
&& yum install --nogpg -y xrootd-server-${xrootdversion}
# Have the predefined uid/gid for xrootd to enable easy access to volumes
RUN xrootd_uid=$(id -u xrootd)\
&& xrootd_gid=$(id -g xrootd)\
&& groupmod -g 9999 xrootd\
&& usermod -u 9998 xrootd\
&& find / -group ${xrootd_gid} -user ${xrootd_gid} -type d -execdir chown xrootd:xrootd {} \;
# Config directory
RUN mkdir -p /etc/xrootd/\
&& chown xrootd:xrootd /etc/xrootd
# Directory keeping the namespace
RUN mkdir -p /mnt/xcache/ns/\
&& chown xrootd:xrootd /mnt/xcache/ns/
# Directory keeping the metadata
RUN mkdir -p /mnt/xcache/metadata/\
&& chown xrootd:xrootd /mnt/xcache/metadata/
# Directory to mount the data disks. need to have same uid+gid on host and container
RUN mkdir -p /mnt/xcache/storage\
&& chown xrootd:xrootd /mnt/xcache/storage/
# For now checking crl is disabled in xcache config file
# Might have to be later to be put in a volume. with a container spawning every n hours doing the fetch crl
# install ca certificates
ADD http://repository.egi.eu/sw/production/cas/1/current/repo-files/EGI-trustanchors.repo /etc/yum.repos.d/EGI-trustanchors.repo
RUN yum install --nogpg -y ca-policy-lcg
# problem with xrdcl-http not looking /etc/grid-security
RUN cp /etc/grid-security/certificates/*.pem /etc/pki/ca-trust/source/anchors/\
&& update-ca-trust extract
# Certificates directory
RUN mkdir /etc/grid-security/xrd/\
&& chown xrootd:xrootd /etc/grid-security/xrd/
# Steps for certificates authentication
# Get VOMS Files
ADD https://indigo-iam.github.io/escape-docs/voms-config/voms-escape.cloud.cnaf.infn.it.vomses /etc/vomses/
ADD https://indigo-iam.github.io/escape-docs/voms-config/voms-escape.cloud.cnaf.infn.it.lsc /etc/grid-security/vomsdir/escape/
RUN chmod 644 /etc/vomses/voms-escape.cloud.cnaf.infn.it.vomses /etc/grid-security/vomsdir/escape/voms-escape.cloud.cnaf.infn.it.lsc
# Install the VO info extractor
RUN yum install --nogpg -y xrootd-voms-${xrootdversion}
ENV X509_USER_PROXY=/tmp/proxy-certificate/certificate
RUN mkdir -p /tmp/proxy-certificate\
&& chown xrootd:xrootd /tmp/proxy-certificate
# Install the scitoken plugin
RUN yum install --nogpg -y xrootd-scitokens-${xrootdversion}
# HTTP xroot client library
RUN yum install --nogpg -y xrdcl-http-${xrootdversion}\
&& rm -rf /etc/xrootd
RUN yum clean all
USER xrootd:xrootd
CMD ["xrootd","-d","-c","/etc/xrootd/xcache-config.cfg","-n","xcache"]
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment