From 64443d968d0fed3eec35d362536d64f60adb1d2d Mon Sep 17 00:00:00 2001 From: garciagenrique Date: Wed, 22 Nov 2023 10:43:34 +0100 Subject: [PATCH] update containers and cronjobs --- containers/rucio-client-testing/Dockerfile | 47 ---------- containers/rucio-client-testing/README.md | 87 ------------------- containers/rucio-client-testing/init_rucio.sh | 18 ---- containers/rucio-client/Dockerfile | 7 +- .../rucio.default.cfg | 13 ++- ...o.default-escape.cfg => rucio.default.cfg} | 0 .../flux/rucio-dev/rucio-dev-cronjobs.yaml | 85 +++--------------- 7 files changed, 24 insertions(+), 233 deletions(-) delete mode 100644 containers/rucio-client-testing/Dockerfile delete mode 100644 containers/rucio-client-testing/README.md delete mode 100755 containers/rucio-client-testing/init_rucio.sh rename containers/{rucio-client-testing => rucio-client}/rucio.default.cfg (63%) rename containers/rucio-noise/{rucio.default-escape.cfg => rucio.default.cfg} (100%) diff --git a/containers/rucio-client-testing/Dockerfile b/containers/rucio-client-testing/Dockerfile deleted file mode 100644 index b58e2b0..0000000 --- a/containers/rucio-client-testing/Dockerfile +++ /dev/null @@ -1,47 +0,0 @@ -FROM almalinux:9 - -ARG TAG - -RUN dnf -y install yum-utils epel-release.noarch && \ - dnf upgrade -y && \ - yum-config-manager --enable crb && \ - dnf install -y \ - gfal2-all \ - gfal2-util \ - python3-gfal2 \ - python3-pip \ - nordugrid-arc-client \ - nordugrid-arc-plugins-gfal \ - nordugrid-arc-plugins-globus \ - nordugrid-arc-plugins-s3 \ - nordugrid-arc-plugins-xrootd \ - voms-clients-java \ - xrootd-client && \ - dnf clean all && \ - rm -rf /var/cache/dnf - -# Upgrade pip & setuptools and install Rucio -RUN python3 -m pip install --no-cache-dir --upgrade pip && \ - python3 -m pip install --no-cache-dir --upgrade setuptools && \ - python3 -m pip install --no-cache-dir --pre rucio-clients[argcomplete]==$TAG && \ - python3 -m pip install --no-cache-dir jinja2 j2cli pyyaml - - -# Add a separate user and change ownership of config dir to that user -RUN groupadd -g 1000 user && \ - useradd -ms /bin/bash -u 1000 -g 1000 user && \ - mkdir -p /opt/rucio/etc/ && \ - chown -R user:user /opt/rucio/etc/ && \ - mkdir -p /opt/user && \ - chown user:user /opt/user - -USER user -WORKDIR /home/user - -# Add the default rucio configuration -ADD --chown=user:user rucio.default.cfg /opt/user/rucio.default.cfg -ADD init_rucio.sh /etc/profile.d/rucio_init.sh - -ENV PATH $PATH:/opt/rucio/bin - -CMD ["/bin/bash"] diff --git a/containers/rucio-client-testing/README.md b/containers/rucio-client-testing/README.md deleted file mode 100644 index 81a01ee..0000000 --- a/containers/rucio-client-testing/README.md +++ /dev/null @@ -1,87 +0,0 @@ -# Rucio - Scientific Data Management - -## (Clients Container) - -Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customisable policies. The data can be spread across globally distributed locations and across heterogeneous data centers, uniting different storage and network technologies as a single federated entity. Rucio offers advanced features such as distributed data recovery or adaptive replication, and is highly scalable, modular, and extensible. Rucio has been originally developed to meet the requirements of the high-energy physics experiment ATLAS, and is continuously extended to support LHC experiments and other diverse scientific communities. - -## Documentation - -General information and latest documentation about Rucio can be found at [readthedocs](https://rucio.readthedocs.io) or on our [webpage](https://rucio.cern.ch). - -## Developers - -For information on how to contribute to Rucio, please refer and follow our [CONTRIBUTING]() guidelines. - -## Getting Started - -This image provides the basic Rucio clients that can be used to communicate with any Rucio server. If you need to upload/download DIDs please check the experiment specific containers. - -To run this container the Rucio server and authentication hosts and the credentials need to be configured. There are two ways to do it: either by using environment variables or by mounting a rucio.cfg file. - -Starting the container using the environment with userpass authentication: - - docker run \ - -e RUCIO_CFG_CLIENT_RUCIO_HOST=https://server.rucio:443 \ - -e RUCIO_CFG_CLIENT_AUTH_HOST=https://auth.rucio:443 \ - -e RUCIO_CFG_CLIENT_AUTH_TYPE=userpass \ - -e RUCIO_CFG_CLIENT_USERNAME=ddmlab \ - -e RUCIO_CFG_CLIENT_PASSWORD=secret \ - -e RUCIO_CFG_CLIENT_ACCOUNT=root \ - --name=rucio-client \ - -it -d rucio/rucio-clients - -With X509 authentication: - - docker run \ - -e RUCIO_CFG_CLIENT_RUCIO_HOST=https://server.rucio:443 \ - -e RUCIO_CFG_CLIENT_AUTH_HOST=https://auth.rucio:443 \ - -e RUCIO_CFG_CLIENT_AUTH_TYPE=x509 \ - -e RUCIO_CFG_CLIENT_CLIENT_CERT=/opt/rucio/etc/usercert.pem \ - -e RUCIO_CFG_CLIENT_CLIENT_KEY=/opt/rucio/etc/userkey.pem \ - -e RUCIO_CFG_CLIENT_ACCOUNT=root \ - -v /opt/rucio/etc/usercert.pem:/opt/rucio/etc/usercert.pem \ - -v /opt/rucio/etc/userkey.pem:/opt/rucio/etc/userkey.pem \ - --name=rucio-client \ - -it -d rucio/rucio-clients - -If you already have a rucio.cfg you can also use that: - - docker run \ - -v /tmp/rucio.cfg:/opt/rucio/etc/rucio.cfg \ - --name=rucio-client \ - -it -d rucio/rucio-clients - -After the container is started you can attach to it and start using the rucio commands: - - docker exec -it rucio-clients /bin/bash - $ rucio ping - -## `RUCIO_CFG` configuration parameters: - -Environment variables can be used to set values for the auto-generated rucio.cfg. The names are derived from the actual names in the configuration file. -The available environment variables are: - -* `RUCIO_CFG_CLIENT_ACCOUNT` -* `RUCIO_CFG_CLIENT_AUTH_HOST` -* `RUCIO_CFG_CLIENT_AUTH_TYPE` -* `RUCIO_CFG_CLIENT_CA_CERT` -* `RUCIO_CFG_CLIENT_CLIENT_CERT` -* `RUCIO_CFG_CLIENT_CLIENT_KEY` -* `RUCIO_CFG_CLIENT_PASSWORD` -* `RUCIO_CFG_CLIENT_REQUEST_RETRIES` -* `RUCIO_CFG_CLIENT_RUCIO_HOST` -* `RUCIO_CFG_CLIENT_USERNAME` -* `RUCIO_CFG_CLIENT_VO` -* `RUCIO_CFG_CLIENT_X509_PROXY` -* `RUCIO_CFG_COMMON_MULTI_VO` -* `RUCIO_CFG_POLICY_LFN2PFN_ALGORITHM_DEFAULT` -* `RUCIO_CFG_POLICY_PACKAGE` -* `RUCIO_CFG_POLICY_PERMISSION` -* `RUCIO_CFG_POLICY_SCHEMA` -* `RUCIO_CFG_POLICY_SUPPORT` -* `RUCIO_CFG_POLICY_SUPPORT_RUCIO` - -## Getting Support - -If you are looking for support, please contact our mailing list rucio-users@googlegroups.com -or join us on our [slack support]() channel. diff --git a/containers/rucio-client-testing/init_rucio.sh b/containers/rucio-client-testing/init_rucio.sh deleted file mode 100755 index 9f702c9..0000000 --- a/containers/rucio-client-testing/init_rucio.sh +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/sh -# Authors: -# - Vincent Garonne, , 2018 - -shopt -s checkwinsize - -if [ ! -f /opt/rucio/etc/rucio.cfg ]; then - echo "File rucio.cfg not found. It will generate one." - mkdir -p /opt/rucio/etc/ - python3 /usr/local/rucio_client/merge_rucio_configs.py \ - -s /opt/user/rucio.default.cfg \ - --use-env \ - -d /opt/rucio/etc/rucio.cfg -fi - -echo "Enable shell completion on the rucio commands" -eval "$(register-python-argcomplete rucio)" -eval "$(register-python-argcomplete rucio-admin)" diff --git a/containers/rucio-client/Dockerfile b/containers/rucio-client/Dockerfile index 6346456..b13f571 100644 --- a/containers/rucio-client/Dockerfile +++ b/containers/rucio-client/Dockerfile @@ -4,7 +4,7 @@ ARG BUILD_DATE FROM $BASEIMAGE:$BASETAG LABEL maintainer="VRE Team - DEV image" -LABEL org.opencontainers.image.source https://github.com/vre-hub/vre +LABEL org.opencontainers.image.source https://github.com/vre-hub/vre-dev LABEL org.label-schema.build-date=$BUILD_DATE USER root @@ -30,11 +30,12 @@ RUN mkdir -p /etc/vomses \ RUN mkdir -p /etc/grid-security/vomsdir/escape \ && wget https://indigo-iam.github.io/escape-docs/voms-config/voms-escape.cloud.cnaf.infn.it.lsc -O /etc/grid-security/vomsdir/escape/voms-escape.cloud.cnaf.infn.it.lsc +# This is kept here just for testing from inside the container. To be removed when moved to v32 to the vre +ADD --chown=user:user rucio.cfg.escape.j2 /opt/user/rucio.cfg.j2 # ESCAPE Rucio setup -ADD --chown=user:user rucio.cfg.escape.j2 /opt/user/rucio.cfg.j2 +ADD --chown=user:user rucio.default.cfg /opt/user/rucio.default.cfg # install reana-client -#ENV LC_ALL=en_US.UTF-8 # Reana needs a gcc compiler RUN yum install -y gcc pip python-devel \ && pip install --upgrade pip diff --git a/containers/rucio-client-testing/rucio.default.cfg b/containers/rucio-client/rucio.default.cfg similarity index 63% rename from containers/rucio-client-testing/rucio.default.cfg rename to containers/rucio-client/rucio.default.cfg index a9f01e7..3551759 100644 --- a/containers/rucio-client-testing/rucio.default.cfg +++ b/containers/rucio-client/rucio.default.cfg @@ -1,3 +1,5 @@ +# Please note that this config is just for the DEV VRE cluster + [client] rucio_host = localhost auth_host = localhost @@ -6,9 +8,9 @@ auth_type = username = password = account = -client_cert = -client_key = -client_x509_proxy = +# client_cert = +# client_key = +# client_x509_proxy = request_retries = 3 [policy] @@ -17,3 +19,8 @@ schema = generic lfn2pfn_algorithm_default = hash support = https://github.com/rucio/rucio/issues/ support_rucio = https://github.com/rucio/rucio/issues/ + +[credentials] +gcs = /opt/rucio/etc/rse-accounts.cfg +# signature_lifetime = 3600 + diff --git a/containers/rucio-noise/rucio.default-escape.cfg b/containers/rucio-noise/rucio.default.cfg similarity index 100% rename from containers/rucio-noise/rucio.default-escape.cfg rename to containers/rucio-noise/rucio.default.cfg diff --git a/infrastructure/cluster/flux/rucio-dev/rucio-dev-cronjobs.yaml b/infrastructure/cluster/flux/rucio-dev/rucio-dev-cronjobs.yaml index 54e7586..5c1fcae 100644 --- a/infrastructure/cluster/flux/rucio-dev/rucio-dev-cronjobs.yaml +++ b/infrastructure/cluster/flux/rucio-dev/rucio-dev-cronjobs.yaml @@ -6,7 +6,7 @@ metadata: spec: containers: - name: rucio-client-dev - image: ghcr.io/vre-hub/rucio-client:sha-ae6ac2c + image: ghcr.io/vre-hub/vre-dev/rucio-client:latest # To make this pod run, ssh into it and run `j2 /opt/user/rucio.cfg.j2 > /opt/rucio/etc/rucio.cfg` if `rucio whoami` is not working imagePullPolicy: Always env: @@ -14,20 +14,24 @@ spec: value: "https://vre-dev-rucio.cern.ch" - name: RUCIO_CFG_AUTH_HOST value: "https://vre-dev-auth-rucio.cern.ch" + - name: RUCIO_CFG_CLIENT_CA_CERT + value: "/etc/pki/tls/certs/CERN-bundle.pem" - name: RUCIO_CFG_ACCOUNT value: "root" - name: RUCIO_CFG_AUTH_TYPE value: "userpass" - - name: RUCIO_CFG_USERNAME + - name: RUCIO_CFG_CLIENT_USERNAME valueFrom: secretKeyRef: name: rucio-root-account key: root-username - - name: RUCIO_CFG_PASSWORD + - name: RUCIO_CFG_CLIENT_PASSWORD valueFrom: secretKeyRef: name: rucio-root-account key: root-password + - name: RUCIO_CFG_CREDENTIALS_GCS + value: "/opt/rucio/etc/rse-accounts.cfg" command: ["sleep","3600"] resources: limits: @@ -95,73 +99,6 @@ spec: # # secret: # # secretName: prod-rucio-x509up # --- -# -# This container is missing all the packaged installed in the escape one - to be done when RUCIO creates the corresponding release. -# -# apiVersion: v1 -# kind: Pod -# metadata: -# name: rucio-client-test-root-user -# namespace: rucio-dev -# spec: -# containers: -# - name: rucio-client-test-root-user -# image: ghcr.io/vre-hub/rucio-client-testing:latest -# env: -# - name: RUCIO_CFG_CLIENT_RUCIO_HOST -# value: "https://vre-dev-rucio.cern.ch" -# - name: RUCIO_CFG_CLIENT_AUTH_HOST -# value: "https://vre-dev-auth-rucio.cern.ch" -# - name: RUCIO_CFG_CLIENT_ACCOUNT -# value: "root" -# - name: RUCIO_CFG_CLIENT_AUTH_TYPE -# value: "userpass" -# - name: RUCIO_CFG_CLIENT_USERNAME -# valueFrom: -# secretKeyRef: -# name: rucio-root-account -# key: root-username -# - name: RUCIO_CFG_CLIENT_PASSWORD -# valueFrom: -# secretKeyRef: -# name: rucio-root-account -# key: root-password - # From here i'm just testing that the VARs are acorreclty passed to the image. - # - name: RUCIO_CFG_CLIENT_CA_CERT - # value: "/etc/pki/tls/certs/CERN-bundle.pem" - # - name: RUCIO_CFG_CLIENT_CLIENT_CERT - # value: "/opt/rucio/etc/usercert.pem" - # - name: RUCIO_CFG_CLIENT_CLIENT_KEY - # value: "/opt/rucio/etc/userkey.pem" - # - name: RUCIO_CFG_CLIENT_REQUEST_RETRIES - # value: "3" - # - name: RUCIO_CFG_CLIENT_VO - # value: "escape" - # - name: RUCIO_CFG_CLIENT_X509_PROXY - # value: "/tmp/x509up_u0" - # - name: RUCIO_CFG_COMMON_MULTI_VO - # value: "test_value" - # - name: RUCIO_CFG_POLICY_LFN2PFN_ALGORITHM_DEFAULT - # value: "hash" - # - name: RUCIO_CFG_POLICY_PACKAGE - # value: "escape" - # - name: RUCIO_CFG_POLICY_PERMISSION - # value: "escape" - # - name: RUCIO_CFG_POLICY_SCHEMA - # value: "escape" - # - name: RUCIO_CFG_POLICY_SUPPORT - # value: "https://github.com/rucio/rucio/issues/" - # - name: RUCIO_CFG_POLICY_SUPPORT_RUCIO - # value: "https://github.com/rucio/rucio/issues/" -# command: ["sleep","3600"] -# resources: -# limits: -# cpu: 100m -# memory: 50Mi -# requests: -# cpu: 100m -# memory: 50Mi ---- apiVersion: v1 kind: Pod metadata: @@ -170,14 +107,14 @@ metadata: spec: containers: - name: rucio-client-test-root-user - #image: ghcr.io/vre-hub/rucio-noise:sha-e101d52 - image: ghcr.io/vre-hub/rucio-noise:sha-61c1178 + image: ghcr.io/vre-hub/vre-de/rucio-noise:latest + # Need to run `python3 /usr/local/rucio/tools/merge_rucio_configs.py --use-env -d /opt/rucio/etc/rucio.cfg` env: - name: RUCIO_CFG_CLIENT_RUCIO_HOST value: "https://vre-dev-rucio.cern.ch" - name: RUCIO_CFG_CLIENT_AUTH_HOST value: "https://vre-dev-auth-rucio.cern.ch" - - name: RUCIO_CFG_CA_CERT + - name: RUCIO_CFG_CLIENT_CA_CERT value: "/etc/pki/tls/certs/CERN-bundle.pem" - name: RUCIO_CFG_CLIENT_ACCOUNT value: "root" @@ -195,8 +132,6 @@ spec: key: root-password - name: RUCIO_CFG_CREDENTIALS_GCS value: "/opt/rucio/etc/rse-accounts.cfg" - - name: RUCIO_CFG_CREDENTIALS_SIGNATURE_LIFETIME - value: "3600" command: ["sleep","3600"] resources: limits: