Commit 2518ad63 authored by Fabio Luchetti's avatar Fabio Luchetti
Browse files

Assume that the sss keytabs come as needed straight from eos-testkeytab

parent 44ba5c78
Pipeline #2633253 skipped with stage
......@@ -79,13 +79,6 @@ RUN if [ "${EOS_CODENAME}" != "diopside" ]; then yum -y --nogpg install quarkdb;
# fails. This happens on CC7 and C8.
RUN yum install -y --nogpg install xrootd-client
# Swap and use the forwardable keytab (installed by the eos-testkeytab package).
# This is useful for clients who reside on a private network and tunnel through a
# Network Address Translation (NAT) device. You can remove these lines if you don't need them.
RUN mv -f /etc/eos.keytab.fw /etc/eos.keytab \
&& chmod 400 /etc/eos.keytab
# Change owner of /var/spool/xrootd directory to daemon
RUN chown daemon:daemon /var/spool/xrootd
......
......@@ -43,12 +43,6 @@ RUN yum -y --nogpg update \
xrootd-server-libs-$XRD_VERSION \
&& yum clean all
# Swap and use the forwardable keytab (installed by the eos-testkeytab package).
# This is useful for clients who reside on a private network and tunnel through a
# Network Address Translation (NAT) device. You can remove these lines if you don't need them.
RUN mv -f /etc/eos.keytab.fw /etc/eos.keytab \
&& chmod 400 /etc/eos.keytab
# Change owner of /var/spool/xrootd directory to daemon
RUN chown daemon:daemon /var/spool/xrootd
......
......@@ -70,10 +70,4 @@ RUN createrepo ${EOSREPODIR} \
RUN if [ "${EOS_CODENAME}" != "diopside" ]; then yum -y --nogpg install quarkdb; else yum -y --nogpg install eos-quarkdb; fi
# Swap and use the forwardable keytab (installed by the eos-testkeytab package).
# This is useful for clients who reside on a private network and tunnel through a
# Network Address Translation (NAT) device. You can remove these lines if you don't need them.
RUN mv -f /etc/eos.keytab.fw /etc/eos.keytab \
&& chmod 400 /etc/eos.keytab
ENTRYPOINT ["/bin/bash"]
......@@ -88,12 +88,6 @@ RUN if [ "${EOS_CODENAME}" != "diopside" ]; then yum -y --nogpg install quarkdb;
# fails. This happens on CC7 and C8.
RUN dnf -y --nogpg install xrootd-client
# Swap and use the forwardable keytab (installed by the eos-testkeytab package).
# This is useful for clients who reside on a private network and tunnel through a
# Network Address Translation (NAT) device. You can remove these lines if you don't need them.
RUN mv -f /etc/eos.keytab.fw /etc/eos.keytab \
&& chmod 400 /etc/eos.keytab
# Change owner of /var/spool/xrootd directory to daemon
RUN chown daemon:daemon /var/spool/xrootd
......
......@@ -79,10 +79,4 @@ RUN echo -e "export EOS_COVERAGE_REPORT=1" >> /etc/sysconfig/eos
RUN mkdir -p /root/rpmbuild/BUILD/ \
&& cp -r --preserve /usr/src/debug/eos-* /root/rpmbuild/BUILD/
# Swap and use the forwardable keytab (installed by the eos-testkeytab package).
# This is useful for clients who reside on a private network and tunnel through a
# Network Address Translation (NAT) device. You can remove these lines if you don't need them.
RUN mv -f /etc/eos.keytab.fw /etc/eos.keytab \
&& chmod 400 /etc/eos.keytab
ENTRYPOINT ["/bin/bash"]
......@@ -90,12 +90,6 @@ RUN if [ "${EOS_CODENAME}" != "diopside" ]; then yum -y --nogpg install quarkdb;
# fails. This happens on CC7 and C8.
RUN dnf -y --nogpg install xrootd-client
# Swap and use the forwardable keytab (installed by the eos-testkeytab package).
# This is useful for clients who reside on a private network and tunnel through a
# Network Address Translation (NAT) device. You can remove these lines if you don't need them.
RUN mv -f /etc/eos.keytab.fw /etc/eos.keytab \
&& chmod 400 /etc/eos.keytab
# Change owner of /var/spool/xrootd directory to daemon
RUN chown daemon:daemon /var/spool/xrootd
......
......@@ -83,12 +83,6 @@ RUN if [ "${EOS_CODENAME}" != "diopside" ]; then yum -y --nogpg install quarkdb;
# fails. This happens on CC7 and C8.
RUN yum install -y --nogpg install xrootd-client-4.11.3
# Swap and use the forwardable keytab (installed by the eos-testkeytab package).
# This is useful for clients who reside on a private network and tunnel through a
# Network Address Translation (NAT) device. You can remove these lines if you don't need them.
RUN mv -f /etc/eos.keytab.fw /etc/eos.keytab \
&& chmod 400 /etc/eos.keytab
# Change owner of /var/spool/xrootd directory to daemon
RUN chown daemon:daemon /var/spool/xrootd
......
......@@ -72,9 +72,6 @@ RUN apt-get clean \
&& apt-get update \
&& apt-get install -y eos-client eos-fuse eos-fusex eos-test eos-testkeytab
RUN chown daemon:daemon /etc/eos.keytab \
&& chmod 400 /etc/eos.keytab
ENV DEBIAN_FRONTEND default
ENTRYPOINT ["/bin/bash"]
......@@ -78,9 +78,6 @@ RUN apt-get clean \
&& apt-get update \
&& apt-get install -y eos-client eos-fuse eos-fusex eos-test eos-testkeytab
RUN chown daemon:daemon /etc/eos.keytab \
&& chmod 400 /etc/eos.keytab
ENV DEBIAN_FRONTEND default
ENTRYPOINT ["/bin/bash"]
......@@ -62,10 +62,4 @@ RUN createrepo ${EOSREPODIR} \
eos-archive eos-client eos-fuse eos-fusex eos-ns-inspect eos-server eos-test eos-testkeytab \
&& yum clean all
# Swap and use the forwardable keytab (installed by the eos-testkeytab package).
# This is useful for clients who reside on a private network and tunnel through a
# Network Address Translation (NAT) device. You can remove these lines if you don't need them.
RUN mv -f /etc/eos.keytab.fw /etc/eos.keytab \
&& chmod 400 /etc/eos.keytab
ENTRYPOINT ["/bin/bash"]
......@@ -30,6 +30,6 @@
"shared-mount" : 1,
"krb5" : 1,
"sss" : 1,
"ssskeytab" : "/etc/eos.keytab"
"ssskeytab" : "/etc/eos.client.keytab"
}
}
......@@ -5,7 +5,7 @@ xrd.network keepalive
###########################################################
xrootd.seclib libXrdSec.so
sec.protocol unix
sec.protocol sss -c /etc/eos.keytab -s /etc/eos.keytab
sec.protocol sss -c /etc/eos.client.keytab -s /etc/eos.keytab
sec.protbind * only unix sss
###########################################################
all.export / nolock
......
......@@ -15,7 +15,7 @@ oss.fdlimit 16384 32768
# UNIX authentication
sec.protocol unix
# SSS authentication
sec.protocol sss -c /etc/eos.keytab -s /etc/eos.keytab
sec.protocol sss -c /etc/eos.client.keytab -s /etc/eos.headnode.keytab
# KRB authentication
sec.protocol krb5 /etc/eos.krb5.keytab host/<host>@TEST.EOS
# GSI authentication
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment