# XCache image FROM centos:7 ARG xrootdversion=5.1.0 ADD https://xrootd.slac.stanford.edu/binaries/xrootd-testing-slc7.repo /etc/yum.repos.d/xrootd-testing-slc7.repo RUN yum install --nogpg -y epel-release\ && yum install --nogpg -y xrootd-server-${xrootdversion} # Have the predefined uid/gid for xrootd to enable easy access to volumes RUN xrootd_uid=$(id -u xrootd)\ && xrootd_gid=$(id -g xrootd)\ && groupmod -g 9999 xrootd\ && usermod -u 9998 xrootd\ && find / -group ${xrootd_gid} -user ${xrootd_gid} -type d -execdir chown xrootd:xrootd {} \; # Config directory RUN mkdir -p /etc/xrootd/\ && chown xrootd:xrootd /etc/xrootd # Directory keeping the namespace RUN mkdir -p /mnt/xcache/ns/\ && chown xrootd:xrootd /mnt/xcache/ns/ # Directory keeping the metadata RUN mkdir -p /mnt/xcache/metadata/\ && chown xrootd:xrootd /mnt/xcache/metadata/ # Directory to mount the data disks. need to have same uid+gid on host and container RUN mkdir -p /mnt/xcache/storage\ && chown xrootd:xrootd /mnt/xcache/storage/ # For now checking crl is disabled in xcache config file # Might have to be later to be put in a volume. with a container spawning every n hours doing the fetch crl # install ca certificates ADD http://repository.egi.eu/sw/production/cas/1/current/repo-files/EGI-trustanchors.repo /etc/yum.repos.d/EGI-trustanchors.repo RUN yum install --nogpg -y ca-policy-lcg # problem with xrdcl-http not looking /etc/grid-security RUN cp /etc/grid-security/certificates/*.pem /etc/pki/ca-trust/source/anchors/\ && update-ca-trust extract # Certificates directory RUN mkdir /etc/grid-security/xrd/\ && chown xrootd:xrootd /etc/grid-security/xrd/ # Steps for certificates authentication # Get VOMS Files ADD https://indigo-iam.github.io/escape-docs/voms-config/voms-escape.cloud.cnaf.infn.it.vomses /etc/vomses/ ADD https://indigo-iam.github.io/escape-docs/voms-config/voms-escape.cloud.cnaf.infn.it.lsc /etc/grid-security/vomsdir/escape/ RUN chmod 644 /etc/vomses/voms-escape.cloud.cnaf.infn.it.vomses /etc/grid-security/vomsdir/escape/voms-escape.cloud.cnaf.infn.it.lsc # Install the VO info extractor RUN yum install --nogpg -y xrootd-voms-${xrootdversion} ENV X509_USER_PROXY=/tmp/proxy-certificate/certificate RUN mkdir -p /tmp/proxy-certificate\ && chown xrootd:xrootd /tmp/proxy-certificate # Install the scitoken plugin RUN yum install --nogpg -y xrootd-scitokens-${xrootdversion} # HTTP xroot client library RUN yum install --nogpg -y xrdcl-http-${xrootdversion}\ && rm -rf /etc/xrootd RUN yum clean all USER xrootd:xrootd CMD ["xrootd","-d","-c","/etc/xrootd/xcache-config.cfg","-n","xcache"]