Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
eos
eos-docker
Commits
2705abd4
Commit
2705abd4
authored
May 18, 2021
by
Fabio Luchetti
Browse files
add eos-nobody user and use the rpm provided forwardable keytab
parent
5e052130
Pipeline
#2628103
skipped with stage
Changes
11
Pipelines
1
Hide whitespace changes
Inline
Side-by-side
Dockerfile
View file @
2705abd4
...
...
@@ -31,7 +31,7 @@ COPY eos-docker/xrootd-fwd-proxy.cfg /etc/xrootd/
RUN
sed
-i
"s/__EOS_CODENAME__/
${
EOS_CODENAME
}
/g"
/etc/yum.repos.d/eos.repo
RUN
mkdir
/var/tmp/eosxd-cache/ /var/tmp/eosxd-journal/
RUN
adduser eos-user
RUN
adduser eos-user
&&
adduser eosnobody
# Docker will aggressively cache the following command, but this is fine, since
# these packages are not updated often.
...
...
@@ -79,14 +79,11 @@ RUN if [ "${EOS_CODENAME}" != "diopside" ]; then yum -y --nogpg install quarkdb;
# fails. This happens on CC7 and C8.
RUN
yum
install
-y
--nogpg
install
xrootd-client
# Generate a new forwardable keytab 'eos-test+' to replace the not-forwardable
# one (installed by the eos-testkeytab package).
# This is useful to deploy EOS on Kubernetes clusters running on CERN's Cloud
# Infrastructure; you can remove these lines if you don't need one.
RUN
yes
| xrdsssadmin
-k
eos-test del /etc/eos.keytab
\
&&
yes
| xrdsssadmin
-u
daemon
-g
daemon
-k
eos-test+
-n
1234567890123456789 add /etc/eos.keytab
\
&&
chown
daemon:daemon /etc/eos.keytab
\
&&
chmod
400 /etc/eos.keytab
# Swap and use the forwardable keytab (installed by the eos-testkeytab package).
# This is useful for clients who reside on a private network and tunnel through a
# Network Address Translation (NAT) device. You can remove these lines if you don't need them.
RUN
mv
-f
/etc/eos.keytab.fw /etc/eos.keytab
# Change owner of /var/spool/xrootd directory to daemon
RUN
chown
daemon:daemon /var/spool/xrootd
...
...
Dockerfile.local
View file @
2705abd4
...
...
@@ -26,7 +26,7 @@ COPY xrootd-fwd-proxy.cfg /etc/xrootd/
RUN mkdir /var/tmp/eosxd-cache/ /var/tmp/eosxd-journal/
RUN adduser eos-user
RUN adduser eos-user
&& adduser eosnobody
# Install XRootD
ENV XRD_VERSION 4.12.7
...
...
@@ -43,14 +43,10 @@ RUN yum -y --nogpg update \
xrootd-server-libs-$XRD_VERSION \
&& yum clean all
# Generate a new forwardable keytab 'eos-test+' to replace the not-forwardable
# one (installed by the eos-testkeytab package).
# This is useful to deploy EOS on Kubernetes clusters running on CERN's Cloud
# Infrastructure; you can remove these lines if you don't need one.
RUN yes | xrdsssadmin -k eos-test del /etc/eos.keytab \
&& yes | xrdsssadmin -u daemon -g daemon -k eos-test+ -n 1234567890123456789 add /etc/eos.keytab \
&& chown daemon:daemon /etc/eos.keytab \
&& chmod 400 /etc/eos.keytab
# Swap and use the forwardable keytab (installed by the eos-testkeytab package).
# This is useful for clients who reside on a private network and tunnel through a
# Network Address Translation (NAT) device. You can remove these lines if you don't need them.
RUN mv -f /etc/eos.keytab.fw /etc/eos.keytab
# Change owner of /var/spool/xrootd directory to daemon
RUN chown daemon:daemon /var/spool/xrootd
...
...
Dockerfile_asan
View file @
2705abd4
...
...
@@ -32,7 +32,7 @@ RUN sed -i "s/__EOS_CODENAME__/${EOS_CODENAME}/g" /etc/yum.repos.d/eos.repo
RUN mkdir /var/tmp/eosxd-cache/ /var/tmp/eosxd-journal/
RUN adduser eos-user
RUN adduser eos-user
&& adduser eosnobody
# Docker will aggressively cache the following command, but this is fine, since
# these packages are not updated often.
...
...
@@ -70,13 +70,9 @@ RUN createrepo ${EOSREPODIR} \
RUN if [ "${EOS_CODENAME}" != "diopside" ]; then yum -y --nogpg install quarkdb; else yum -y --nogpg install eos-quarkdb; fi
# Generate a new forwardable keytab 'eos-test+' to replace the not-forwardable
# one (installed by the eos-testkeytab package).
# This is useful to deploy EOS on Kubernetes clusters running on CERN's Cloud
# Infrastructure; you can remove these lines if you don't need one.
RUN yes | xrdsssadmin -k eos-test del /etc/eos.keytab \
&& yes | xrdsssadmin -u daemon -g daemon -k eos-test+ -n 1234567890123456789 add /etc/eos.keytab \
&& chown daemon:daemon /etc/eos.keytab \
&& chmod 400 /etc/eos.keytab
# Swap and use the forwardable keytab (installed by the eos-testkeytab package).
# This is useful for clients who reside on a private network and tunnel through a
# Network Address Translation (NAT) device. You can remove these lines if you don't need them.
RUN mv -f /etc/eos.keytab.fw /etc/eos.keytab
ENTRYPOINT ["/bin/bash"]
Dockerfile_c8
View file @
2705abd4
...
...
@@ -32,7 +32,7 @@ RUN sed -i "s/__EOS_CODENAME__/${EOS_CODENAME}/g" /etc/yum.repos.d/eos.repo
RUN mkdir /var/tmp/eosxd-cache/ /var/tmp/eosxd-journal/
RUN adduser eos-user
RUN adduser eos-user
&& adduser eosnobody
# Note: Docker will aggressively cache the following command.
# However, these packages don't change often
...
...
@@ -88,14 +88,10 @@ RUN if [ "${EOS_CODENAME}" != "diopside" ]; then yum -y --nogpg install quarkdb;
# fails. This happens on CC7 and C8.
RUN dnf -y --nogpg install xrootd-client
# Generate a new forwardable keytab 'eos-test+' to replace the not-forwardable
# one (installed by the eos-testkeytab package).
# This is useful to deploy EOS on Kubernetes clusters running on CERN's Cloud
# Infrastructure; you can remove these lines if you don't need one.
RUN yes | xrdsssadmin -k eos-test del /etc/eos.keytab \
&& yes | xrdsssadmin -u daemon -g daemon -k eos-test+ -n 1234567890123456789 add /etc/eos.keytab \
&& chown daemon:daemon /etc/eos.keytab \
&& chmod 400 /etc/eos.keytab
# Swap and use the forwardable keytab (installed by the eos-testkeytab package).
# This is useful for clients who reside on a private network and tunnel through a
# Network Address Translation (NAT) device. You can remove these lines if you don't need them.
RUN mv -f /etc/eos.keytab.fw /etc/eos.keytab
# Change owner of /var/spool/xrootd directory to daemon
RUN chown daemon:daemon /var/spool/xrootd
...
...
Dockerfile_coverage
View file @
2705abd4
...
...
@@ -26,7 +26,7 @@ COPY eos-docker/xrootd-fwd-proxy.cfg /etc/xrootd/
RUN mkdir /var/tmp/eosxd-cache/ /var/tmp/eosxd-journal/
RUN adduser eos-user
RUN adduser eos-user
&& adduser eosnobody
# Docker will aggressively cache the following command, but this is fine, since
# these packages are not updated often.
...
...
@@ -79,13 +79,9 @@ RUN echo -e "export EOS_COVERAGE_REPORT=1" >> /etc/sysconfig/eos
RUN mkdir -p /root/rpmbuild/BUILD/ \
&& cp -r --preserve /usr/src/debug/eos-* /root/rpmbuild/BUILD/
# Generate a new forwardable keytab 'eos-test+' to replace the not-forwardable
# one (installed by the eos-testkeytab package).
# This is useful to deploy EOS on Kubernetes clusters running on CERN's Cloud
# Infrastructure; you can remove these lines if you don't need one.
RUN yes | xrdsssadmin -k eos-test del /etc/eos.keytab \
&& yes | xrdsssadmin -u daemon -g daemon -k eos-test+ -n 1234567890123456789 add /etc/eos.keytab \
&& chown daemon:daemon /etc/eos.keytab \
&& chmod 400 /etc/eos.keytab
# Swap and use the forwardable keytab (installed by the eos-testkeytab package).
# This is useful for clients who reside on a private network and tunnel through a
# Network Address Translation (NAT) device. You can remove these lines if you don't need them.
RUN mv -f /etc/eos.keytab.fw /etc/eos.keytab
ENTRYPOINT ["/bin/bash"]
Dockerfile_cs8
View file @
2705abd4
...
...
@@ -34,7 +34,7 @@ RUN sed -i "s/__EOS_CODENAME__/${EOS_CODENAME}/g" /etc/yum.repos.d/eos.repo
RUN mkdir /var/tmp/eosxd-cache/ /var/tmp/eosxd-journal/
RUN adduser eos-user
RUN adduser eos-user
&& adduser eosnobody
# Note: Docker will aggressively cache the following command.
# However, these packages don't change often
...
...
@@ -90,14 +90,10 @@ RUN if [ "${EOS_CODENAME}" != "diopside" ]; then yum -y --nogpg install quarkdb;
# fails. This happens on CC7 and C8.
RUN dnf -y --nogpg install xrootd-client
# Generate a new forwardable keytab 'eos-test+' to replace the not-forwardable
# one (installed by the eos-testkeytab package).
# This is useful to deploy EOS on Kubernetes clusters running on CERN's Cloud
# Infrastructure; you can remove these lines if you don't need one.
RUN yes | xrdsssadmin -k eos-test del /etc/eos.keytab \
&& yes | xrdsssadmin -u daemon -g daemon -k eos-test+ -n 1234567890123456789 add /etc/eos.keytab \
&& chown daemon:daemon /etc/eos.keytab \
&& chmod 400 /etc/eos.keytab
# Swap and use the forwardable keytab (installed by the eos-testkeytab package).
# This is useful for clients who reside on a private network and tunnel through a
# Network Address Translation (NAT) device. You can remove these lines if you don't need them.
RUN mv -f /etc/eos.keytab.fw /etc/eos.keytab
# Change owner of /var/spool/xrootd directory to daemon
RUN chown daemon:daemon /var/spool/xrootd
...
...
Dockerfile_no_sse
View file @
2705abd4
...
...
@@ -32,7 +32,7 @@ RUN sed -i "s/__EOS_CODENAME__/${EOS_CODENAME}/g" /etc/yum.repos.d/eos.repo
RUN mkdir /var/tmp/eosxd-cache/ /var/tmp/eosxd-journal/
RUN adduser eos-user
RUN adduser eos-user
&& adduser eosnobody
# Docker will aggressively cache the following command, but this is fine, since
# these packages are not updated often.
...
...
@@ -83,14 +83,10 @@ RUN if [ "${EOS_CODENAME}" != "diopside" ]; then yum -y --nogpg install quarkdb;
# fails. This happens on CC7 and C8.
RUN yum install -y --nogpg install xrootd-client-4.11.3
# Generate a new forwardable keytab 'eos-test+' to replace the not-forwardable
# one (installed by the eos-testkeytab package).
# This is useful to deploy EOS on Kubernetes clusters running on CERN's Cloud
# Infrastructure; you can remove these lines if you don't need one.
RUN yes | xrdsssadmin -k eos-test del /etc/eos.keytab \
&& yes | xrdsssadmin -u daemon -g daemon -k eos-test+ -n 1234567890123456789 add /etc/eos.keytab \
&& chown daemon:daemon /etc/eos.keytab \
&& chmod 400 /etc/eos.keytab
# Swap and use the forwardable keytab (installed by the eos-testkeytab package).
# This is useful for clients who reside on a private network and tunnel through a
# Network Address Translation (NAT) device. You can remove these lines if you don't need them.
RUN mv -f /etc/eos.keytab.fw /etc/eos.keytab
# Change owner of /var/spool/xrootd directory to daemon
RUN chown daemon:daemon /var/spool/xrootd
...
...
Dockerfile_ubuntu_bionic
View file @
2705abd4
...
...
@@ -21,7 +21,7 @@ COPY eos-docker/fstfmd.dict /var/eos/md/
RUN mkdir /var/tmp/eosxd-cache/ /var/tmp/eosxd-journal/
RUN adduser eos-user
RUN adduser eos-user
&& adduser eosnobody
ENV DEBIAN_FRONTEND noninteractive
...
...
Dockerfile_ubuntu_focal
View file @
2705abd4
...
...
@@ -21,7 +21,7 @@ COPY eos-docker/fstfmd.dict /var/eos/md/
RUN mkdir /var/tmp/eosxd-cache/ /var/tmp/eosxd-journal/
RUN adduser eos-user
RUN adduser eos-user
&& adduser eosnobody
ENV DEBIAN_FRONTEND noninteractive
...
...
Dockerfile_xrd_testing
View file @
2705abd4
...
...
@@ -26,7 +26,7 @@ COPY eos-docker/xrootd-fwd-proxy.cfg /etc/xrootd/
RUN mkdir /var/tmp/eosxd-cache/ /var/tmp/eosxd-journal/
RUN adduser eos-user
RUN adduser eos-user
&& adduser eosnobody
# Docker will aggressively cache the following command, but this is fine, since
# these packages are not updated often.
...
...
@@ -62,13 +62,9 @@ RUN createrepo ${EOSREPODIR} \
eos-archive eos-client eos-fuse eos-fusex eos-ns-inspect eos-server eos-test eos-testkeytab \
&& yum clean all
# Generate a new forwardable keytab 'eos-test+' to replace the not-forwardable
# one (installed by the eos-testkeytab package).
# This is useful to deploy EOS on Kubernetes clusters running on CERN's Cloud
# Infrastructure; you can remove these lines if you don't need one.
RUN yes | xrdsssadmin -k eos-test del /etc/eos.keytab \
&& yes | xrdsssadmin -u daemon -g daemon -k eos-test+ -n 1234567890123456789 add /etc/eos.keytab \
&& chown daemon:daemon /etc/eos.keytab \
&& chmod 400 /etc/eos.keytab
# Swap and use the forwardable keytab (installed by the eos-testkeytab package).
# This is useful for clients who reside on a private network and tunnel through a
# Network Address Translation (NAT) device. You can remove these lines if you don't need them.
RUN mv -f /etc/eos.keytab.fw /etc/eos.keytab
ENTRYPOINT ["/bin/bash"]
minimal/c7_minimal.Dockerfile
View file @
2705abd4
...
...
@@ -34,14 +34,10 @@ RUN sed -i "s|/usr/bin/xrdcp|/opt/eos/xrootd/bin/xrdcp|g" /etc/xrd.cf.fst
# Install some much needed utility: please bloat with care!
RUN
yum
-y
--nogpg
install
nano redis
&&
yum clean all
&&
rm
-rf
/var/cache/yum
# Generate a new forwardable keytab 'eos-test+' to replace the not-forwardable
# one (installed by the eos-testkeytab package). This is mmostly useful to deploy EOS
# on containerized envoronments; you can remove these lines if you don't need one.
# @todo review: what about not installing eos-testkeytab at all?
RUN
yes
| xrdsssadmin
-k
eos-test del /etc/eos.keytab
\
&&
yes
| xrdsssadmin
-u
daemon
-g
daemon
-k
eos-test+
-n
1234567890123456789 add /etc/eos.keytab
\
&&
chown
daemon:daemon /etc/eos.keytab
\
&&
chmod
400 /etc/eos.keytab
# Swap and use the forwardable keytab (installed by the eos-testkeytab package).
# This is useful for clients who reside on a private network and tunnel through a
# Network Address Translation (NAT) device. You can remove these lines if you don't need them.
RUN
mv
-f
/etc/eos.keytab.fw /etc/eos.keytab
# Change owner of /var/spool/xrootd directory to daemon
RUN
chown
daemon:daemon /var/spool/xrootd
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment