add per dcache service switch

dCache · Oct 21, 2023 · 8fd975e · 8fd975e
1 parent d28b02e
commit 8fd975e
Show file tree

Hide file tree

Showing 4 changed files with 133 additions and 49 deletions.
diff --git a/templates/configmap.yaml b/templates/configmap.yaml
@@ -16,64 +16,82 @@ data:
     [door-svc/cleaner-disk]
     chimera.db.url=jdbc:postgresql://${chimera.db.host}/${chimera.db.name}?ApplicationName=${cleaner-disk.cell.name}
 
-    [door-svc/nfs]
-    chimera.db.url=jdbc:postgresql://${chimera.db.host}/${chimera.db.name}?ApplicationName=${cleaner-disk.cell.name}
-    nfs.version=4.1
-    nfs.domain=dcache.org
-    nfs.enable.portmap=false
-    nfs.namespace-cache.size=8192
-    nfs.export.file=/opt/dcache/etc/exports
-
     [door-svc/billing]
+    [door-svc/httpd]
 
     [door-svc/gplazma]
     gplazma.gridmap.file=/opt/dcache/etc/grid-mapfile
     gplazma.authzdb.file=/opt/dcache/etc/storage-authzdb
     gplazma.vorolemap.file=/opt/dcache/etc/grid-vorolemap
     gplazma.htpasswd.file=/opt/dcache/etc/htpasswd
 
-    [door-svc/xrootd]
-    xrootd.security.tls.mode=OFF
-    xrootd.authz.write-paths = /
-    xrootd.authz.anonymous-operations = FULL
+    [door-svc/frontend]
+    frontend.authn.protocol=http
+    frontend.authz.anonymous-operations=FULL
 
-    [door-svc/httpd]
+  {{ if .Values.services.nfs.enabled }}
+    [door-svc/nfs]
+    chimera.db.url=jdbc:postgresql://${chimera.db.host}/${chimera.db.name}?ApplicationName=${cleaner-disk.cell.name}
+    nfs.version=4.1
+    nfs.domain=dcache.org
+    nfs.enable.portmap=false
+    nfs.namespace-cache.size=8192
+    nfs.export.file=/opt/dcache/etc/exports
+  {{- end}}
 
+{{ if .Values.services.webdav.enabled }}
     [door-svc/webdav]
     webdav.cell.name=webdav-plain
     webdav.net.port=8080
     webdav.authz.anonymous-operations=READONLY
     webdav.redirect.on-write=false
     webdav.redirect.on-read=true
+{{- end }}
 
+{{ if .Values.services.webdavs.enabled }}
     [door-svc/webdav]
     webdav.cell.name=webdav-tls
     webdav.net.port=8083
     webdav.authn.protocol=https
     webdav.authz.anonymous-operations=READONLY
     webdav.redirect.on-write=false
     webdav.redirect.on-read=true
+{{- end }}
 
-    [door-svc/frontend]
-    frontend.authn.protocol=http
-    frontend.authz.anonymous-operations=FULL
+{{ if .Values.services.xrootd.enabled }}
+    [door-svc/xrootd]
+    xrootd.security.tls.mode=OFF
+    xrootd.authz.write-paths = /
+    xrootd.authz.anonymous-operations = FULL
+{{- end }}
 
+{{ if .Values.services.xrootdg.enabled }}
     [door-svc/xrootd]
     xrootd.cell.name = xrootd-gsi
     ## REVISIT: do we need to specify 'authz:none' here?
     xrootd.plugins = gplazma:gsi,authz:none
     xrootd.net.port = 1095
     xrootd.authz.write-paths = /
     xrootd.authz.read-paths = /
+{{- end }}
 
+{{ if .Values.services.dcap.enabled }}
     [door-svc/dcap]
+{{- end }}
 
+{{ if .Values.services.dcapg.enabled }}
     [door-svc/dcap]
     dcap.authn.protocol = gsi
+{{- end }}
 
+{{ if .Values.services.gridftp.enabled }}
     [door-svc/ftp]
     ftp.authn.protocol = gsi
     ftp.loginbroker.address={{ $.Release.Name }}-door-svc.{{ $.Release.Namespace }}.svc.cluster.local
+{{- end }}
+
+
+{{- if .Values.services.srm.enabled }}
 
     [door-svc/transfermanagers]
     transfermanagers.limits.transfer-time = 8200
@@ -88,8 +106,9 @@ data:
 
     [door-svc/spacemanager]
     spacemanager.authz.link-group-file-name=/opt/dcache/etc/linkgroupauthz.conf
+{{- end }}
 
-{{- if .Values.sshAdmin.enabled }}
+{{- if .Values.services.sshAdmin.enabled }}
     [door-svc/admin]
     admin.paths.host-keys=/etc/grid-security/ssh_host_rsa_key
 {{- end }}

diff --git a/templates/door-svc.yaml b/templates/door-svc.yaml
@@ -8,36 +8,71 @@ spec:
   selector:
     app: door
   ports:
+
+    {{ if .Values.services.nfs.enabled }}
     - name: nfs-door
-      port: {{ $.Values.door.ports.nfs }}
+      port: {{ $.Values.services.nfs.port }}
       targetPort: 2049
-    - name: xroot-door
-      port: {{ $.Values.door.ports.xrootd }}
+    {{- end }}
+
+    {{ if .Values.services.dcap.enabled }}
+    - name: dcap-door
+      port: {{ $.Values.services.dcap.port }}
+      targetPort: 22125
+    {{- end }}
+
+    {{ if .Values.services.dcapg.enabled }}
+    - name: dcapg-door
+      port: {{ $.Values.services.dcapg.port }}
+      targetPort: 22128
+    {{- end }}
+
+    {{ if .Values.services.xrootd.enabled }}
+    - name: xrootd-door
+      port: {{ $.Values.services.xrootd.port }}
       targetPort: 1094
-    - name: xroot-door-gsi
-      port: {{ $.Values.door.ports.xrootdg }}
+    {{- end }}
+
+    {{ if .Values.services.xrootdg.enabled }}
+    - name: xrootd-door-gsi
+      port: {{ $.Values.services.xrootdg.port }}
       targetPort: 1095
+    {{- end }}
+
+    {{ if .Values.services.webdav.enabled }}
     - name: webdav-door
-      port: {{ $.Values.door.ports.webdav }}
+      port: {{ $.Values.services.webdav.port }}
       targetPort: 8080
+    {{- end }}
+
+    {{ if .Values.services.webdavs.enabled }}
     - name: webdavs-door
-      port: {{ $.Values.door.ports.webdavs }}
+      port: {{ $.Values.services.webdavs.port }}
       targetPort: 8083
-    - name: dcapg-door
-      port: {{ $.Values.door.ports.dcapg }}
-      targetPort: 22128
-    - name: dcap-door
-      port: {{ $.Values.door.ports.dcap }}
-      targetPort: 22125
-    - name: gridftp-door
-      port: {{ $.Values.door.ports.gridftp }}
+    {{- end }}
+
+    {{ if .Values.services.gridftp.enabled }}
+    - name: ftp-door
+      port: {{ $.Values.services.gridftp.port }}
       targetPort: 2811
+    {{- end }}
+
+    {{ if .Values.services.srm.enabled }}
     - name: srm-door
-      port: {{ $.Values.door.ports.srm }}
+      port: {{ $.Values.services.srm.port }}
       targetPort: 8443
+    {{- end }}
+
+    {{ if .Values.services.sshAdmin.enabled }}
+    - name: admin-door
+      port: {{ $.Values.services.sshAdmin.port }}
+      targetPort: 22224
+    {{- end }}
+
     - name: cell-tunnel
       port: {{ $.Values.cell.tunnel }}
       targetPort: 11111
+
     {{ $range_start := ( $.Values.mover.wan_range_min | int) }}
     {{ $range_stop := ( $.Values.mover.wan_range_max | int) }}
     {{- range $port_index, $port := untilStep $range_start $range_stop 1 }}

diff --git a/templates/door.yaml b/templates/door.yaml
@@ -71,7 +71,7 @@ spec:
           volumeMounts:
             - mountPath: /etc/grid-security
               name: certs
-      {{- if .Values.sshAdmin.enabled }}
+      {{- if .Values.services.sshAdmin.enabled }}
         - name: gen-ssh-key
           image: kroniak/ssh-client
           command: ['sh', '-c', "ssh-keygen -t rsa -b 2048 -N '' -f /etc/grid-security/ssh_host_rsa_key; chown 994:1000 /etc/grid-security/ssh_host_rsa_key"]

diff --git a/values.yaml b/values.yaml
@@ -18,21 +18,51 @@ dcache:
 cell:
   tunnel: 11111
 
-door:
-  ports:
-    nfs: 2049
-    dcapg: 22128
-    dcap: 22125
-    xrootd: 1094
-    xrootdg: 1095
-    webdav: 8080
-    webdavs: 8083
-    gridftp: 2811
-    srm: 8443
-
-sshAdmin:
-  enabled: true
-  port: 22224
+
+#
+# dCache doors/services
+#
+services:
+
+  nfs:
+    enabled: true
+    port: 2049
+
+  dcap:
+    enabled: true
+    port: 22125
+
+  dcapg:
+    enabled: true
+    port: 22128
+
+  xrootd:
+    enabled: true
+    port: 1094
+
+  xrootdg:
+    enabled: true
+    port: 1095
+
+  webdav:
+    enabled: true
+    port: 8080
+
+  webdavs:
+    enabled: true
+    port: 8083
+
+  srm:
+    enabled: true
+    port: 8443
+
+  gridftp:
+    enabled: true
+    port: 2811
+
+  sshAdmin:
+    enabled: true
+    port: 22224
 
 
 mover: