Commit 47c68e27 authored by Mihai Patrascoiu's avatar Mihai Patrascoiu
Browse files

Use MIT Kerberos server for CentOS 8 image

parent 86dd3396
......@@ -26,8 +26,8 @@ RUN useradd eos-user
# However, these packages don't change often
RUN dnf -y install epel-release; \
dnf -y --nogpg install \
krb5-workstation createrepo initscripts \
less nano sudo vim at bzip2 git parallel \
krb5-server krb5-workstation createrepo initscripts \
rsync sqlite less nano sudo vim at bzip2 git parallel \
rpm-build libgfortran libacl-devel perl-Test-Harness \
gcc-c++ gdb cmake automake autoconf libtool
......
#!/usr/bin/env bash
# Install MIT Kerberos server
yum install -y krb5-server
# Initialize the KDC database
kdb5_util create -r TEST.EOS -s -P testeos
# Add Kerberos entities
kadmin.local -r TEST.EOS add_principal -randkey -maxlife 0 -maxrenewlife 0 admin1
kadmin.local -r TEST.EOS add_principal -randkey -maxlife 0 -maxrenewlife 0 host/eos-mgm1.eoscluster.cern.ch
# Generate keytab files
kadmin.local -r TEST.EOS ktadd -k /root/admin1.keytab admin1
kadmin.local -r TEST.EOS ktadd -k /root/eos.keytab host/eos-mgm1.eoscluster.cern.ch
# Start the kdc
/usr/sbin/krb5kdc -r TEST.EOS
......@@ -7,6 +7,7 @@ n_fst=7
with_qdb=0
n_client=1
with_proxy=0
krb5="heimdal"
geotags=()
regular_EOS_MGM_URL="EOS_MGM_URL=root://eos-mgm1.eoscluster.cern.ch:1094"
proxy_EOS_MGM_URL="EOS_MGM_URL=root://eos-proxy-test.eoscluster.cern.ch:1094//root://eos-mgm1.eoscluster.cern.ch:1094"
......@@ -14,7 +15,7 @@ proxy_EOS_MGM_URL="EOS_MGM_URL=root://eos-proxy-test.eoscluster.cern.ch:1094//ro
usage()
{
echo "Usage:"
echo "$(basename $0) -i <name of the docker image> [-n <number of FSTs>] [-c <number of clients>] [-u <debian client image>] [-g <geotag1> <geotag2> ...] [-q] [-p]"
echo "$(basename $0) -i <name of the docker image> [-n <number of FSTs>] [-c <number of clients>] [-u <debian client image>] [-g <geotag1> <geotag2> ...] [-q] [-p] [-k <heimdal|mit>]"
echo
echo "-i specify docker image to be used for container creation"
echo "-n specify desired number of FST servers (default is 7)"
......@@ -23,13 +24,14 @@ usage()
echo "-g specify geotags for FST servers (default is docker-test)"
echo "-q create container for QuarkDB server and use QuarkDB instead of In-memory Namespace"
echo "-p create container for proxy server and use it as cluster access point for EOS clients"
echo "-k specifiy which Kerberos setup script to use (default is heimdal)"
echo
echo "-h show usage and exit"
echo
}
# Read provided arguments
while getopts 'i:n:c:u:g:qph' flag; do
while getopts 'i:n:c:u:g:k:qph' flag; do
case "${flag}" in
i) image="${OPTARG}" ;;
n) n_fst="${OPTARG}" ;;
......@@ -45,6 +47,12 @@ while getopts 'i:n:c:u:g:qph' flag; do
echo "Geotags starting with dash (-) cannot be used."
exit 1
fi ;;
k) if [[ "${OPTARG}" = "heimdal" ]] || [[ "${OPTARG}" == "mit" ]]; then
krb5="${OPTARG}"
else
echo "Option must be 'heimdal' or 'mit'"
exit 1
fi ;;
q) with_qdb=1 ;;
p) with_proxy=1 ;;
h) usage
......@@ -71,7 +79,11 @@ docker network create eoscluster.cern.ch || true
# Kerberos server creation and setup
echo -e "\n\n*** Kerberos server creation and setup"
docker run -dit -h eos-kdc.eoscluster.cern.ch --name eos-kdc --net=eoscluster.cern.ch --net-alias=eos-kdc $image
docker exec -i eos-kdc /kdc.sh
if [[ "$krb5" == "heimdal" ]]; then
docker exec -i eos-kdc /kdc.sh
else
docker exec -i eos-kdc /kdc_mit.sh
fi
# MQ server creation and setup
echo -e "\n\n*** MQ server creation and setup"
......@@ -174,8 +186,7 @@ for (( i=1; i<=$n_client; i++ )); do
docker exec -i ${CLIENTHOSTNAME} kinit -kt /root/admin1.keytab admin1@TEST.EOS
docker exec -i ${CLIENTHOSTNAME} kvno host/eos-mgm1.eoscluster.cern.ch
if [[ $with_proxy == 1 ]];
then
if [[ $with_proxy == 1 ]]; then
# Set created proxy server as cluster access point for EOS client
docker exec -i ${CLIENTHOSTNAME} bash -c "echo 'export '"$proxy_EOS_MGM_URL" >> /root/.bashrc; source /root/.bashrc"
else
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment