Krb5 added and enable monitoring

27a4b475 · Martin Vala · 0c17489f · 27a4b475 · 27a4b475
Commit 27a4b475 authored 7 years ago by Martin Vala
--- a/projects/eos/docker/eos-docker-config-gen
+++ b/projects/eos/docker/eos-docker-config-gen
@@ -30,7 +30,7 @@ function generateEOSConfig() {
    [ -f /etc/xrd.cf.mgm.orig ] || cp /etc/xrd.cf.mgm /etc/xrd.cf.mgm.orig
    cp -f /etc/xrd.cf.mgm.orig /etc/xrd.cf.mgm

-    sed -i 's/^sec.protocol krb5.*/#&/' /etc/xrd.cf.mgm    
+ 
    if [ "$ED_ISALICE" == "1" ];then
        sed -i 's/^sec.protbind \* only krb5 gsi sss unix.*/sec.protbind \* only gsi sss unix/' /etc/xrd.cf.mgm    
        sed -i 's/^#mgmofs.authlib libXrdAliceTokenAcc.so/mgmofs.authlib \/usr\/lib64\/libXrdAliceTokenAcc.so/' /etc/xrd.cf.mgm
@@ -46,7 +46,14 @@ function generateEOSConfig() {
        sed -i 's/user/grid/' /etc/grid-security/xrootd/TkAuthz.Authorization
    else
        sed -i 's/^sec.protocol gsi.*/#&/' /etc/xrd.cf.mgm
-        sed -i 's/^sec.protbind \* only krb5 gsi sss unix.*/sec.protbind \* only sss unix/' /etc/xrd.cf.mgm
+        if [ -z $ED_MGM_KRB5 ];then
+            sed -i 's/^sec.protocol krb5.*/#&/' /etc/xrd.cf.mgm   
+            sed -i 's/^sec.protbind \* only krb5 gsi sss unix.*/sec.protbind \* only sss unix/' /etc/xrd.cf.mgm
+        else
+            sed -i 's/^sec.protocol krb5 host.*/sec.protocol krb5 host\/<host>@'$ED_MGM_KRB5'/' /etc/xrd.cf.mgm   
+            sed -i 's/^sec.protbind \* only krb5 gsi sss unix.*/sec.protbind \* only krb5 sss unix/' /etc/xrd.cf.mgm
+
+        fi        
    fi

    [ -f /etc/xrd.cf.fst.orig ] || cp /etc/xrd.cf.fst /etc/xrd.cf.fst.orig

--- a/projects/eos/utils/eos-docker
+++ b/projects/eos/utils/eos-docker
@@ -24,16 +24,28 @@ function eosDockerRun() {
  INFO "Running eos-$EOS_NODE_TYPE ..."
  if [ ! "$($ED_DOCKER_CMD ps -a -q -f name="eos-$EOS_NODE_TYPE")" ]; then
    INFO "Creating eos-$EOS_NODE_TYPE ..."
+    
    EOS_DOCKER_SAME_ARGS="--privileged -ti -v /sys/fs/cgroup:/sys/fs/cgroup:ro -v $ED_ROOT_DIR:/root/eos -v $ED_EOS_VAR_DIR/eos:/var/eos -v $ED_EOS_VAR_DIR/log/eos:/var/log/eos --net=host -h $(hostname -f)"
+    
+    EOS_DOCKER_SAME_ARGS_END=""
+    [ $ED_MONITORING -eq 1 ] && EOS_DOCKER_SAME_ARGS_END="-p 19999:19999"
+
    if [ "$EOS_NODE_TYPE" == "mgm" ];then
      INFO "Creating eos-$EOS_NODE_TYPE ..."
-      $ED_DOCKER_CMD create --name eos-$EOS_NODE_TYPE $EOS_DOCKER_SAME_ARGS -e EOS_NODE_TYPE=mgm -p 1094:1094 -p 1097:1097 $ED_DOCKER_PREFIX/$ED_DOCKER_IMAGE_NAME_VERSION
+      $ED_DOCKER_CMD create --name eos-$EOS_NODE_TYPE $EOS_DOCKER_SAME_ARGS -e EOS_NODE_TYPE=mgm -p 1094:1094 -p 1097:1097 $EOS_DOCKER_SAME_ARGS_END $ED_DOCKER_PREFIX/$ED_DOCKER_IMAGE_NAME_VERSION
    elif [ "$EOS_NODE_TYPE" == "fst" ];then
      INFO "Creating eos-$EOS_NODE_TYPE ..."
-      $ED_DOCKER_CMD create --name eos-$EOS_NODE_TYPE $EOS_DOCKER_SAME_ARGS -v /var/eos/fs:/var/eos/fs -e EOS_NODE_TYPE=fst -p 1095:1095 $ED_DOCKER_PREFIX/$ED_DOCKER_IMAGE_NAME_VERSION 2>&1
+      $ED_DOCKER_CMD create --name eos-$EOS_NODE_TYPE $EOS_DOCKER_SAME_ARGS -v /var/eos/fs:/var/eos/fs -e EOS_NODE_TYPE=fst -p 1095:1095 $EOS_DOCKER_SAME_ARGS_END $ED_DOCKER_PREFIX/$ED_DOCKER_IMAGE_NAME_VERSION 2>&1
    elif [ "$EOS_NODE_TYPE" == "mgmfst" ];then
      INFO "Creating eos-$EOS_NODE_TYPE ..."
-      $ED_DOCKER_CMD create --name eos-$EOS_NODE_TYPE $EOS_DOCKER_SAME_ARGS -v /var/eos/fs:/var/eos/fs -e EOS_NODE_TYPE=mgmfst -p 1094:1094 -p 1095:1095 -p 1097:1097 $ED_DOCKER_PREFIX/$ED_DOCKER_IMAGE_NAME_VERSION
+      $ED_DOCKER_CMD create --name eos-$EOS_NODE_TYPE $EOS_DOCKER_SAME_ARGS -v /var/eos/fs:/var/eos/fs -e EOS_NODE_TYPE=mgmfst -p 1094:1094 -p 1095:1095 -p 1097:1097 $EOS_DOCKER_SAME_ARGS_END $ED_DOCKER_PREFIX/$ED_DOCKER_IMAGE_NAME_VERSION
+    fi
+  fi
+
+  if  [[ $EOS_NODE_TYPE == mgm* ]];then
+    if [ $ED_MGM_KRB5 -eq 1 ];then
+      [ -f /etc/krb5.conf ] && { $ED_DOCKER_CMD cp /etc/krb5.conf eos-$EOS_NODE_TYPE:/etc/krb5.conf || { ERROR "Poblem doing 'docker cp /etc/krb5.conf :eos-$EOS_NODE_TYPE:/etc/krb5.conf'"; exit 1; }; }
+      [ -f /etc/krb5.keytab ] && { $ED_DOCKER_CMD cp /etc/krb5.keytab eos-$EOS_NODE_TYPE:/etc/krb5.keytab || { ERROR "Poblem doing 'docker cp /etc/krb5.keytab eos-$EOS_NODE_TYPE:/etc/krb5.keytab'"; exit 1; }; }
    fi
  fi

@@ -48,11 +60,6 @@ function eosDockerRun() {
    $ED_DOCKER_CMD cp /etc/grid-security/daemon eos-$EOS_NODE_TYPE:/etc/grid-security/daemon || { ERROR "Poblem doing 'docker cp /etc/grid-security/daemon eos-$EOS_NODE_TYPE:/etc/grid-security/daemon'"; exit 1; }
  fi

-  if  [[ $EOS_NODE_TYPE == mgm* ]];then
-    [ -f /etc/krb5.conf ] && { $ED_DOCKER_CMD cp /etc/krb5.conf eos-$EOS_NODE_TYPE:/etc/krb5.conf || { ERROR "Poblem doing 'docker cp /etc/krb5.conf :eos-$EOS_NODE_TYPE:/etc/krb5.conf'"; exit 1; }; }
-    [ -f /etc/krb5.keytab ] && { $ED_DOCKER_CMD cp /etc/krb5.keytab eos-$EOS_NODE_TYPE:/etc/krb5.keytab || { ERROR "Poblem doing 'docker cp /etc/krb5.keytab eos-$EOS_NODE_TYPE:/etc/krb5.keytab'"; exit 1; }; }
-  fi
-
  INFO "Starting eos-$EOS_NODE_TYPE ..."
  $ED_DOCKER_CMD start eos-$EOS_NODE_TYPE || { ERROR "Poblem starting '"eos-$EOS_NODE_TYPE"' docker"; exit 1; }
  if [ -f /etc/grid-security/hostcert.pem ];then
@@ -63,7 +70,7 @@ function eosDockerRun() {
    mkdir -p $ED_EOS_VAR_DIR/log/eos/tx
    chown 2:root $ED_EOS_VAR_DIR/log/eos/tx
  fi
-  #sleep 1
+  sleep 1

  # Add LDAP user info when needed
  eosDockerLDAP
@@ -74,6 +81,8 @@ function eosDockerRun() {
      $ED_DOCKER_CMD exec eos-$EOS_NODE_TYPE systemctl start eosapmond
    fi
  fi
+
+  [ $ED_MONITORING -eq 1 ] && $ED_DOCKER_CMD exec eos-$EOS_NODE_TYPE systemctl start netdata
  
  [[ $EOS_NODE_TYPE == mgm* ]] && [ ! -f $ED_ROOT_DIR/.eos-init-done ] && { $ED_DOCKER_CMD exec eos-$EOS_NODE_TYPE eos-docker-mgm-init && touch $ED_ROOT_DIR/.eos-init-done; }
 }
@@ -169,12 +178,21 @@ function eosDockerGenerateConfig() {
        echo "export APMON_INSTANCE_NAME=\"ALICE::TEST::EOS\"" >> $myfile
        echo "export APMON_STORAGEPATH=\"\$ED_FST_DATA_PREFIX\"" >> $myfile
    fi
+
+    echo "">> $myfile
+    echo "# Enable krb5" >> $myfile
+    echo "#export ED_MGM_KRB5=\"OPENBRAIN.SK\"" >> $myfile
+
    echo "">> $myfile
    echo "# Enable ldap useri info on MGM (user mapping)" >> $myfile
    echo "export ED_MGM_LDAP=0" >> $myfile
    echo "#export ED_MGM_LDAP_SERVER=\"ldap://ipa1-iep-grid.saske.sk\"" >> $myfile
    echo "#export ED_MGM_LDAP_BASE=\"cn=accounts,dc=openbrain,dc=sk\"" >> $myfile

+    echo "">> $myfile
+    echo "# Enable monitoring" >> $myfile
+    echo "export ED_MONITORING=0" >> $myfile
+
    echo "">> $myfile
    echo "export ED_LOGGER_THEME=light">> $myfile
    echo "#export ED_LOGGER_THEME=dark">> $myfile
@@ -223,7 +241,8 @@ function eosDockerReconfigure() {

 function eosDockerConfigReconfigure() {
    EOS_DOCKER_EXTRA_ENV=""
-    [ "$1" == "alice" ] && EOS_DOCKER_EXTRA_ENV="-e ED_ISALICE=1"
+    [ "$1" == "alice" ] && EOS_DOCKER_EXTRA_ENV="-e ED_ISALICE=1 "
+    [ -z $ED_MGM_KRB5 ] || EOS_DOCKER_EXTRA_ENV="-e ED_MGM_KRB5=$ED_MGM_KRB5"
    EOS_VAR_ENV=""
    [ "$ED_EOS_VAR_DIR" == "/var" ] && EOS_VAR_ENV="-v $ED_EOS_VAR_DIR/eos:/var/eos -v $ED_EOS_VAR_DIR/log/eos:/var/log/eos"
    $ED_DOCKER_CMD run --privileged -ti -v /sys/fs/cgroup:/sys/fs/cgroup:ro -v $ED_ROOT_DIR:/root/eos $EOS_VAR_ENV -h $(hostname -f) --net=host $EOS_DOCKER_EXTRA_ENV $ED_DOCKER_PREFIX/$ED_DOCKER_IMAGE_NAME_VERSION /usr/bin/eos-docker-config-gen $2