From 26268d1bf5deb0891939a4c6337b78d00a865045 Mon Sep 17 00:00:00 2001 From: garciagenrique Date: Tue, 13 Aug 2024 16:07:32 +0200 Subject: [PATCH 1/2] upgrade base image to new rc-2 tag --- containers/iam-rucio-sync/Dockerfile | 4 ++-- containers/rucio-client/Dockerfile | 24 ++++++++++--------- .../rucio-client/linuxsupport7s-stable.repo | 9 ------- containers/rucio-noise/Dockerfile | 6 ++--- 4 files changed, 18 insertions(+), 25 deletions(-) delete mode 100644 containers/rucio-client/linuxsupport7s-stable.repo diff --git a/containers/iam-rucio-sync/Dockerfile b/containers/iam-rucio-sync/Dockerfile index 77501d72..3a28b514 100644 --- a/containers/iam-rucio-sync/Dockerfile +++ b/containers/iam-rucio-sync/Dockerfile @@ -1,10 +1,10 @@ # ARG TAG should be updated with the latest-1 version in case no tag is provided -ARG TAG=v1.0.0-rc.1 +ARG TAG=v1.0.0-rc.2 ARG BUILD_DATE # To be changed to specific version+hsa FROM ghcr.io/vre-hub/vre-base-ops:${TAG} -LABEL maintainer="VRE Team @ CERN 22/23 - E. Garcia, E. Gazzarrini, D. Gosein" +LABEL maintainer="VRE Team @ CERN 23/24 - E. Garcia, G. Guerrieri" LABEL org.opencontainers.image.source https://github.com/vre-hub/vre LABEL org.label-schema.build-date=${BUILD_DATE} diff --git a/containers/rucio-client/Dockerfile b/containers/rucio-client/Dockerfile index 42d63d5c..8735f144 100644 --- a/containers/rucio-client/Dockerfile +++ b/containers/rucio-client/Dockerfile @@ -1,7 +1,7 @@ # VRE rucio-client image is the only which BASE is not the vre-base-ops image ARG BASEIMAGE=rucio/rucio-clients -ARG BASETAG=release-1.30.0 +ARG BASETAG=release-34.6.0 ARG BUILD_DATE FROM ${BASEIMAGE}:${BASETAG} @@ -11,26 +11,28 @@ LABEL org.label-schema.build-date=${BUILD_DATE} USER root +# Install epel-relaseas +RUN dnf install -y epel-release + # cleanup yum cache -RUN yum upgrade -y \ - && yum clean all \ - && rm -rf /var/cache/yum +RUN dnf upgrade -y \ + && dnf clean all \ + && rm -rf /var/cache/dnf # install useful tools -RUN yum -y install git htop wget -RUN pip install --upgrade pip +RUN dnf -y install git htop wget +RUN python3 -m pip install --upgrade pip # EGI trust anchors RUN curl -Lo /etc/yum.repos.d/egi-trustanchors.repo https://repository.egi.eu/sw/production/cas/1/current/repo-files/egi-trustanchors.repo \ && yum update -y - -RUN yum -y install ca-certificates ca-policy-egi-core +RUN dnf -y install ca-certificates ca-policy-egi-core # Install CERN CA certs from CERN maintained mirrors # This will add a `CERN-bundle.pem` file (among others) into `/etc/pki/tls/certs/` -COPY ./linuxsupport7s-stable.repo /etc/yum.repos.d/ -RUN yum install -y CERN-CA-certs +RUN dnf -y --repofrompath='tmpcern,https://linuxsoft.cern.ch/cern/alma/$releasever/CERN/$basearch/' upgrade almalinux-release --nogpgcheck +RUN dnf install -y CERN-CA-certs # ESCAPE VOMS setup RUN mkdir -p /etc/vomses \ @@ -40,7 +42,7 @@ RUN mkdir -p /etc/vomses \ # install reana-client ENV LC_ALL=en_US.UTF-8 -RUN pip install reana-client==0.9.2 +RUN pip install reana-client==0.9.3 USER user WORKDIR /home/user diff --git a/containers/rucio-client/linuxsupport7s-stable.repo b/containers/rucio-client/linuxsupport7s-stable.repo deleted file mode 100644 index 9ac9a2b1..00000000 --- a/containers/rucio-client/linuxsupport7s-stable.repo +++ /dev/null @@ -1,9 +0,0 @@ -# Example modified for cc7 taken from https://gitlab.cern.ch/linuxsupport/rpmci/-/blob/master/kojicli/linuxsupport8s-stable.repo -[linuxsupport7s-stable] -name=linuxsupport [stable] -baseurl=https://linuxsoft.cern.ch/cern/centos/7/cern/$basearch -enabled=1 -gpgcheck=False -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-koji file:///etc/pki/rpm-gpg/RPM-GPG-KEY-kojiv2 -priority=1 -protect=1 diff --git a/containers/rucio-noise/Dockerfile b/containers/rucio-noise/Dockerfile index bc8aebef..6182dd5d 100644 --- a/containers/rucio-noise/Dockerfile +++ b/containers/rucio-noise/Dockerfile @@ -1,16 +1,16 @@ # ARG TAG should be updated with the latest-1 version in case no tag is provided -ARG TAG=v1.0.0-rc.1 +ARG TAG=v1.0.0-rc.2 ARG BUILD_DATE FROM ghcr.io/vre-hub/vre-base-ops:${TAG} -LABEL maintainer="VRE Team @ CERN 22/23 - E. Garcia, E. Gazzarrini, D. Gosein" +LABEL maintainer="VRE Team @ CERN 23/24 - E. Garcia, G. Guerrieri" LABEL org.opencontainers.image.source https://github.com/vre-hub/vre LABEL org.label-schema.build-date=${BUILD_DATE} # Workdir is /home COPY produce_noise.sh requirements.txt rses.txt /home/ RUN chmod +x ./produce_noise.sh -RUN pip install -r /home/requirements.txt +RUN python -m pip install -r /home/requirements.txt ENTRYPOINT ["/bin/bash"] From 9276670e10995201483e6dcb3ef084a0ff43f31e Mon Sep 17 00:00:00 2001 From: garciagenrique Date: Tue, 13 Aug 2024 16:50:43 +0200 Subject: [PATCH 2/2] adapt rucio-clients container to v34 --- containers/rucio-client/Dockerfile | 2 +- containers/rucio-client/rucio.cfg.escape.j2 | 24 ------------------- .../rucio-client/rucio.default.cfg.escape | 2 +- 3 files changed, 2 insertions(+), 26 deletions(-) delete mode 100644 containers/rucio-client/rucio.cfg.escape.j2 diff --git a/containers/rucio-client/Dockerfile b/containers/rucio-client/Dockerfile index 9e714f89..3bb39ee9 100644 --- a/containers/rucio-client/Dockerfile +++ b/containers/rucio-client/Dockerfile @@ -48,7 +48,7 @@ USER user WORKDIR /home/user # ESCAPE Rucio client configuration -ADD --chown=user:user rucio.cfg.escape.j2 /opt/user/rucio.cfg.j2 +# Overwrite rucio.default.cfg with the ESCAPE default config file ADD --chown=user:user rucio.default.cfg.escape /opt/user/rucio.default.cfg ENTRYPOINT ["/bin/bash"] diff --git a/containers/rucio-client/rucio.cfg.escape.j2 b/containers/rucio-client/rucio.cfg.escape.j2 deleted file mode 100644 index 899d62ca..00000000 --- a/containers/rucio-client/rucio.cfg.escape.j2 +++ /dev/null @@ -1,24 +0,0 @@ -[client] -rucio_host = {{ RUCIO_CFG_RUCIO_HOST | default('https://vre-rucio.cern.ch') }} -auth_host = {{ RUCIO_CFG_AUTH_HOST | default('https://vre-rucio-auth.cern.ch') }} -ca_cert = {{ RUCIO_CFG_CA_CERT | default('/etc/pki/tls/certs/CERN-bundle.pem') }} -auth_type = {{ RUCIO_CFG_AUTH_TYPE | default('oidc') }} -username = {{ RUCIO_CFG_USERNAME | default('') }} -password = {{ RUCIO_CFG_PASSWORD | default('') }} -account = {{ RUCIO_CFG_ACCOUNT | default('') }} -client_cert = {{ RUCIO_CFG_CLIENT_CERT | default('/opt/rucio/etc/client.crt') }} -client_key = {{ RUCIO_CFG_CLIENT_KEY | default('/opt/rucio/etc/client.key') }} -client_x509_proxy = {{ RUCIO_CFG_CLIENT_X509_PROXY | default('/tmp/x509up') }} -request_retries = {{ RUCIO_CFG_REQUEST_RETRIES | default('3') }} -oidc_issuer = {{ RUCIO_CFG_OIDC_ISSUER | default('escape') }} -oidc_polling = {{ RUCIO_CFG_OIDC_POLLING | default('true') }} -oidc_audience = {{ RUCIO_CFG_OIDC_AUDIENCE | default('rucio') }} -oidc_scope = {{ RUCIO_CFG_OIDC_SCOPE | default('openid profile offline_access wlcg wlcg.groups fts:submit-transfer') }} -auth_oidc_refresh_activate = {{ RUCIO_CFG_AUTH_OIDC_REFRESH_ACTIVATE | default('true') }} - -[policy] -permission = {{ RUCIO_CFG_POLICY_PERMISSION | default('escape')}} -schema = {{ RUCIO_CFG_POLICY_SCHEMA | default('escape') }} -lfn2pfn_algorithm_default = {{ RUCIO_CFG_POLICY_LFN2PFN_ALGORITHM_DEFAULT | default('hash') }} -support = {{ RUCIO_CFG_POLICY_SUPPORT | default('https://github.com/rucio/rucio/issues/') }} -support_rucio = {{ RUCIO_CFG_POLICY_SUPPORT_RUCIO | default('https://github.com/rucio/rucio/issues/') }} diff --git a/containers/rucio-client/rucio.default.cfg.escape b/containers/rucio-client/rucio.default.cfg.escape index 8d430974..8393b23a 100644 --- a/containers/rucio-client/rucio.default.cfg.escape +++ b/containers/rucio-client/rucio.default.cfg.escape @@ -20,5 +20,5 @@ auth_oidc_refresh_activate = true permission = escape schema = escape lfn2pfn_algorithm_default = hash -support = https://github.com/rucio/rucio/issues/ +support = https://github.com/vre-hub/vre/issues support_rucio = https://github.com/rucio/rucio/issues/