From fd679a1d2cce787cea6825c97a1de8315d4ef758 Mon Sep 17 00:00:00 2001 From: Preeti Padmanabha Bhat Date: Tue, 30 Apr 2024 18:25:41 -0700 Subject: [PATCH 1/2] adding docker compose files for xrootd origins and redirectors --- .../docker-compose.yml | 56 ++++++++++++++++++ .../docker-compose.yml | 57 +++++++++++++++++++ 2 files changed, 113 insertions(+) create mode 100644 xrootd/xrootd-stageout-server/xrootd-origin-docker-compose/docker-compose.yml create mode 100644 xrootd/xrootd-stageout-server/xrootd-redir-docker-compose/docker-compose.yml diff --git a/xrootd/xrootd-stageout-server/xrootd-origin-docker-compose/docker-compose.yml b/xrootd/xrootd-stageout-server/xrootd-origin-docker-compose/docker-compose.yml new file mode 100644 index 0000000..efe0d31 --- /dev/null +++ b/xrootd/xrootd-stageout-server/xrootd-origin-docker-compose/docker-compose.yml @@ -0,0 +1,56 @@ +services: + xrootd-stageout-server: + image: cmscaltech/xrootd-stageout-server:cmsdev + network_mode: host + restart: unless-stopped + environment: + # Redirector configuration + - XRD_REDIR=red-sense-dtn2.unl.edu + #- XRD_REDIR=198.32.43.1 + - XRD_REDIR_PORT=1213 + # Local XRootD Ports + - XRD_PORT=1094 + - XRD_MNG_PORT=1213 + # Local FS point. This has to match with volume mounted + - LOCAL_ROOT=/storage/cms/ + # Sitename, mainly for reporting + - SITENAME=T2_US_Nebraska_Test + # Certificate/Key + - XRD_CERT=/etc/grid-security/xrootdcert.pem + - XRD_KEY=/etc/grid-security/xrootdkey.pem + # XRootD http secret key. Mandatory if HTTPREADWRITE is set + - XRD_HTTP_SECRET_KEY=pYrySWhj4BftwJkSbMyAk8ha3p5YXsAt7g3mFzX7Vkg + # Enable HTTP Read/Write + - HTTPREADWRITE=1 + # Shoveler endpoint for reporting stats + - SHOVELER=198.32.43.1 + - SHOVELER_PORT=9993 + # Type redirector (Optional - if defined, pod will act as redirector) + #- TYPE_REDIRECTOR=1 + # Run XRootD in full debug mode (Optional - if defined, pod will run in full debug mode) + # - FULL_DEBUG=1 + # Global redirector. (Optional - if defined, ti will register to master redirector - e.g. CMS Fermilab) + #- GLOBALREDIR=cmsxrootd.fnal.gov + # DFS - Distributed File System (Do all servers see same Filesystem?) + # Redirect all lookup calls to original data servers. Redirector does not have visibility of FS + #- DFS=1 + # CUSTOMCHECKSUM - Custom Checksum Wrapper Script (Useful if FS does not support xattr) + #- CUSTOMCHECKSUM=1 + - VOMS_MAP_LOCATION=/etc/grid-security/voms-mapfile + - GRID_MAP_LOCATION=/etc/grid-security/grid-mapfile + - USER_MAP_FILE=/opt/usergroups/user-group + volumes: + - /root/xrootd/macaroon-secret:/etc/xrootd/macaroon-secret:ro + - /root/xrootd/xrootd-clustered.cfg:/etc/xrootd/xrootd-clustered.cfg:ro + - /root/xrootd/auth_file:/etc/xrootd/auth_file:ro + # - /root/xrootd/config.d:/etc/xrootd/config.d:ro + - /etc/grid-security/xrootdcert.pem:/etc/grid-security/xrootdcert.pem:ro + - /etc/grid-security/xrootdkey.pem:/etc/grid-security/xrootdkey.pem:ro + - /etc/grid-security/user-group:/opt/usergroups/user-group + #- /etc/passwd:/etc/passwd + #- /etc/group:/etc/group + - /mnt/sense:/storage/cms:rw + cap_add: + - CAP_SETUID + - CAP_SETGID + - CAP_DAC_OVERRIDE diff --git a/xrootd/xrootd-stageout-server/xrootd-redir-docker-compose/docker-compose.yml b/xrootd/xrootd-stageout-server/xrootd-redir-docker-compose/docker-compose.yml new file mode 100644 index 0000000..1189467 --- /dev/null +++ b/xrootd/xrootd-stageout-server/xrootd-redir-docker-compose/docker-compose.yml @@ -0,0 +1,57 @@ +ervices: + xrootd-stageout-server: + image: cmscaltech/xrootd-stageout-server:cmsdev + network_mode: host + restart: unless-stopped + environment: + # Redirector configuration + #- XRD_REDIR=redir-01.sense.unl.edu + - XRD_REDIR=red-sense-dtn2.unl.edu + #- XRD_REDIR=198.32.43.1 + - XRD_REDIR_PORT=1213 + # Local XRootD Ports + - XRD_PORT=1095 + - XRD_MNG_PORT=1213 + # Local FS point. This has to match with volume mounted + - LOCAL_ROOT=/storage/cms/ + # Sitename, mainly for reporting + - SITENAME=T2_US_Nebraska_Test + # Certificate/Key + - XRD_CERT=/etc/grid-security/xrootdcert.pem + - XRD_KEY=/etc/grid-security/xrootdkey.pem + # XRootD http secret key. Mandatory if HTTPREADWRITE is set + - XRD_HTTP_SECRET_KEY=pYrySWhj4BftwJkSbMyAk8ha3p5YXsAt7g3mFzX7Vkg + # Enable HTTP Read/Write + - HTTPREADWRITE=1 + # Shoveler endpoint for reporting stats + - SHOVELER=198.32.43.1 + - SHOVELER_PORT=9993 + # Type redirector (Optional - if defined, pod will act as redirector) + - TYPE_REDIRECTOR=1 + # Run XRootD in full debug mode (Optional - if defined, pod will run in full debug mode) + # - FULL_DEBUG=1 + # Global redirector. (Optional - if defined, ti will register to master redirector - e.g. CMS Fermilab) + #- GLOBALREDIR=cmsxrootd.fnal.gov + # DFS - Distributed File System (Do all servers see same Filesystem?) + # Redirect all lookup calls to original data servers. Redirector does not have visibility of FS + #- DFS=1 + # CUSTOMCHECKSUM - Custom Checksum Wrapper Script (Useful if FS does not support xattr) + #- CUSTOMCHECKSUM=1 + - VOMS_MAP_LOCATION=/etc/grid-security/voms-mapfile + - GRID_MAP_LOCATION=/etc/grid-security/grid-mapfile + - USER_MAP_FILE=/opt/usergroups/user-group + volumes: + - /root/xrootd/xrootd-redir/macaroon-secret:/etc/xrootd/macaroon-secret:ro + - /root/xrootd/xrootd-redir/xrootd-clustered.cfg:/etc/xrootd/xrootd-clustered.cfg:ro + - /root/xrootd/xrootd-redir/auth_file:/etc/xrootd/auth_file:ro + # - /root/xrootd/xrootd-redir/config.d:/etc/xrootd/config.d:ro + - /etc/grid-security/xrootdcert.pem:/etc/grid-security/xrootdcert.pem:ro + - /etc/grid-security/xrootdkey.pem:/etc/grid-security/xrootdkey.pem:ro + - /etc/grid-security/user-group:/opt/usergroups/user-group + #- /etc/passwd:/etc/passwd + #- /etc/group:/etc/group + - /mnt/sense:/storage/cms:rw + cap_add: + - CAP_SETUID + - CAP_SETGID + - CAP_DAC_OVERRIDE From ea6e23ac1224bb5c5aee46b8a6cee6235df03f47 Mon Sep 17 00:00:00 2001 From: Preeti Padmanabha Bhat Date: Wed, 1 May 2024 17:02:26 -0700 Subject: [PATCH 2/2] deleted the secret key --- .../docker-compose.yml | 14 +++++++------- .../xrootd-redir-docker-compose/docker-compose.yml | 14 +++++++------- 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/xrootd/xrootd-stageout-server/xrootd-origin-docker-compose/docker-compose.yml b/xrootd/xrootd-stageout-server/xrootd-origin-docker-compose/docker-compose.yml index efe0d31..f6d5b2e 100644 --- a/xrootd/xrootd-stageout-server/xrootd-origin-docker-compose/docker-compose.yml +++ b/xrootd/xrootd-stageout-server/xrootd-origin-docker-compose/docker-compose.yml @@ -16,10 +16,10 @@ services: # Sitename, mainly for reporting - SITENAME=T2_US_Nebraska_Test # Certificate/Key - - XRD_CERT=/etc/grid-security/xrootdcert.pem - - XRD_KEY=/etc/grid-security/xrootdkey.pem + - XRD_CERT=/add/location/of/addxrdcert.pem + - XRD_KEY=/add/location/of/addxrdkey.pem # XRootD http secret key. Mandatory if HTTPREADWRITE is set - - XRD_HTTP_SECRET_KEY=pYrySWhj4BftwJkSbMyAk8ha3p5YXsAt7g3mFzX7Vkg + - XRD_HTTP_SECRET_KEY=addkeyhere # Enable HTTP Read/Write - HTTPREADWRITE=1 # Shoveler endpoint for reporting stats @@ -36,16 +36,16 @@ services: #- DFS=1 # CUSTOMCHECKSUM - Custom Checksum Wrapper Script (Useful if FS does not support xattr) #- CUSTOMCHECKSUM=1 - - VOMS_MAP_LOCATION=/etc/grid-security/voms-mapfile - - GRID_MAP_LOCATION=/etc/grid-security/grid-mapfile + - VOMS_MAP_LOCATION=/add/location/of/vomsfile + - GRID_MAP_LOCATION=/add/location/of/gridfile - USER_MAP_FILE=/opt/usergroups/user-group volumes: - /root/xrootd/macaroon-secret:/etc/xrootd/macaroon-secret:ro - /root/xrootd/xrootd-clustered.cfg:/etc/xrootd/xrootd-clustered.cfg:ro - /root/xrootd/auth_file:/etc/xrootd/auth_file:ro # - /root/xrootd/config.d:/etc/xrootd/config.d:ro - - /etc/grid-security/xrootdcert.pem:/etc/grid-security/xrootdcert.pem:ro - - /etc/grid-security/xrootdkey.pem:/etc/grid-security/xrootdkey.pem:ro + - /add/location/of/cert.pem:/add/location/of/cert.pem:ro + - /add/location/of/key.pem:/add/location/of/key.pem:ro - /etc/grid-security/user-group:/opt/usergroups/user-group #- /etc/passwd:/etc/passwd #- /etc/group:/etc/group diff --git a/xrootd/xrootd-stageout-server/xrootd-redir-docker-compose/docker-compose.yml b/xrootd/xrootd-stageout-server/xrootd-redir-docker-compose/docker-compose.yml index 1189467..68fee7c 100644 --- a/xrootd/xrootd-stageout-server/xrootd-redir-docker-compose/docker-compose.yml +++ b/xrootd/xrootd-stageout-server/xrootd-redir-docker-compose/docker-compose.yml @@ -17,10 +17,10 @@ ervices: # Sitename, mainly for reporting - SITENAME=T2_US_Nebraska_Test # Certificate/Key - - XRD_CERT=/etc/grid-security/xrootdcert.pem - - XRD_KEY=/etc/grid-security/xrootdkey.pem + - XRD_CERT=/add/location/of/cert.pem + - XRD_KEY=/add/location/of/key.pem # XRootD http secret key. Mandatory if HTTPREADWRITE is set - - XRD_HTTP_SECRET_KEY=pYrySWhj4BftwJkSbMyAk8ha3p5YXsAt7g3mFzX7Vkg + - XRD_HTTP_SECRET_KEY=addkeyhere # Enable HTTP Read/Write - HTTPREADWRITE=1 # Shoveler endpoint for reporting stats @@ -37,16 +37,16 @@ ervices: #- DFS=1 # CUSTOMCHECKSUM - Custom Checksum Wrapper Script (Useful if FS does not support xattr) #- CUSTOMCHECKSUM=1 - - VOMS_MAP_LOCATION=/etc/grid-security/voms-mapfile - - GRID_MAP_LOCATION=/etc/grid-security/grid-mapfile + - VOMS_MAP_LOCATION=/add/location/of/vomsfile + - GRID_MAP_LOCATION=/add/location/of/gridfile - USER_MAP_FILE=/opt/usergroups/user-group volumes: - /root/xrootd/xrootd-redir/macaroon-secret:/etc/xrootd/macaroon-secret:ro - /root/xrootd/xrootd-redir/xrootd-clustered.cfg:/etc/xrootd/xrootd-clustered.cfg:ro - /root/xrootd/xrootd-redir/auth_file:/etc/xrootd/auth_file:ro # - /root/xrootd/xrootd-redir/config.d:/etc/xrootd/config.d:ro - - /etc/grid-security/xrootdcert.pem:/etc/grid-security/xrootdcert.pem:ro - - /etc/grid-security/xrootdkey.pem:/etc/grid-security/xrootdkey.pem:ro + - /add/location/of/cert.pem:/add/location/of/cert.pem.pem:ro + - /add/location/of/cert.pem/key.pem:/add/location/of/key.pem:ro - /etc/grid-security/user-group:/opt/usergroups/user-group #- /etc/passwd:/etc/passwd #- /etc/group:/etc/group