Commit b7e3e149 authored by Marian Babik's avatar Marian Babik
Browse files

added ipv6-only testing support

parent 2a163a80
......@@ -12,6 +12,18 @@ build:etf_cms_qa:
variables:
TO: gitlab-registry.cern.ch/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME/etf-cms:qa
build:etf_cms_ipv6_qa:
stage: build
environment: master
script: "echo Done"
only:
- master
tags:
- docker-image-build
variables:
DOCKER_FILE: Dockerfile_IPv6
TO: gitlab-registry.cern.ch/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME/etf-cms-ipv6:qa
deploy:production:
tags:
......
FROM gitlab-registry.cern.ch/etf/docker/etf-exp:latest
LABEL maintainer="Marian Babik <Marian.Babik@cern.ch>"
LABEL description="WLCG ETF CMS"
LABEL version="1.0"
ENV NSTREAM_ENABLED=0
# OSG Middleware
RUN yum -y install yum-priorities
RUN rpm -Uvh https://repo.opensciencegrid.org/osg/3.4/osg-3.4-el7-release-latest.rpm
RUN sed "7i priority=99" -i /etc/yum.repos.d/epel.repo
# Core deps
RUN yum -y install voms globus-gsi-sysconfig globus-gsi-cert-utils globus-gssapi-gsi globus-gss-assist \
globus-gsi-proxy-core globus-gsi-credential globus-gsi-callback globus-gsi-openssl-error \
globus-openssl-module globus-gsi-proxy-ssl globus-callout
# Condor client
RUN yum -y install condor condor-python
# Xroot
RUN yum -y install xrootd-python xrootd-client xrootd-libs xrootd-client-libs
# SRM todo: test removing globus deps
RUN yum -y install gfal2-all gfal2-python gfal2-util globus-ftp-client \
globus-gass-transfer globus-ftp-control globus-xio globus-gssapi-error \
globus-gsi-sysconfig globus-gsi-openssl-error globus-openssl-module \
globus-gsi-proxy-ssl
# GFAL IPv6 config
RUN sed -i 's/ENABLE_PASV_PLUGIN=false/ENABLE_PASV_PLUGIN=true/g' /etc/gfal2.d/gsiftp_plugin.conf
RUN sed -i 's/IPV6=false/IPV6=true/g' /etc/gfal2.d/gsiftp_plugin.conf
# MW env
COPY docker/etf-cms/config/grid-env_ipv6.sh /etc/profile.d/
RUN echo "source /etc/profile.d/grid-env.sh" >> /opt/omd/sites/$CHECK_MK_SITE/.profile
# ETF base plugins
RUN yum -y install nagios-plugins-wlcg-condor nagios-plugins-globus nagios-plugins
# ETF JESS setup
# RUN yum -y install python-jess python-nap && chmod 755 /usr/lib64/nagios/plugins/check_js
# COPY ./config/check_condor.cfg /etc/ncgx/metrics.d/
# COPY ./config/metrics.cfg /etc/ncgx/metrics.d/wlcg_cms.cfg
# ETF streaming
RUN mkdir -p /var/spool/nstream/outgoing && chmod 777 /var/spool/nstream/outgoing
RUN mkdir /etc/stompclt
COPY docker/etf-cms/config/ocsp_handler_ipv6.cfg /etc/nstream/
# CMS config
COPY nagios/config/etf_plugin_cms.py /usr/lib/ncgx/x_plugins/
COPY nagios/config/wlcg_cms.cfg /etc/ncgx/metrics.d/
# CMS payload
RUN mkdir -p /usr/libexec/grid-monitoring/probes/org.cms/wnjob
COPY SiteTests/SE/* /usr/libexec/grid-monitoring/probes/org.cms/
COPY nagios/config/org.cms.lcgadmin /usr/libexec/grid-monitoring/probes/org.cms/wnjob/org.cms.lcgadmin
COPY nagios/config/org.cms.production /usr/libexec/grid-monitoring/probes/org.cms/wnjob/org.cms.production
COPY nagios/org.cms.glexec /usr/libexec/grid-monitoring/probes/org.cms/wnjob/org.cms.glexec
COPY SiteTests/MonteCarlo /usr/libexec/grid-monitoring/probes/org.cms/wnjob/org.cms/probes/org.cms/testjob/
COPY SiteTests/testjob/tests /usr/libexec/grid-monitoring/probes/org.cms/wnjob/org.cms/probes/org.cms/testjob/tests
COPY SiteTests/FroNtier/tests /usr/libexec/grid-monitoring/probes/org.cms/wnjob/org.cms/probes/org.cms/testjob/tests
COPY nagios/config/cms_glexec-etf /etc/cron.d/cms_glexec
# ETF config
#COPY ./config/service_template.tpl /etc/ncgx/templates/
COPY docker/etf-cms/config/ncgx.cfg /etc/ncgx/
COPY docker/etf-cms/config/cms_checks.cfg /etc/ncgx/conf.d/
RUN sed -i "s|/usr/bin/ncgx|/urs/bin/ncgx --ipv6|g" /opt/omd/sites/$CHECK_MK_SITE/etc/cron.d/ncgx
EXPOSE 443 6557
COPY docker/etf-cms/docker-entrypoint_ipv6.sh /docker-entrypoint.sh
ENTRYPOINT /docker-entrypoint.sh
export GLITE_LOCATION="/usr"
export GLOBUS_TCP_PORT_RANGE="20000,25000"
export GLITE_LOCATION_VAR="/var"
export GLOBUS_HOSTNAME="`hostname`"
export MYPROXY_SERVER="myproxy.cern.ch"
export LCG_LOCATION="/usr"
export GRID_ENV_LOCATION="/usr/libexec"
export LCG_GFAL_INFOSYS="top-bdii.cern.ch:2170"
export GLOBUS_FTP_CLIENT_IPV6="true"
export GLOBUS_IO_IPV6="true"
handler = { 'backend' : 'mq',
'nagios_vars' : ('servicedesc', 'hostname', 'servicestate', 'longserviceoutput', '_serviceserver', '_serviceunique_tag',
'_servicevo','_servicevo_fqan', 'serviceoutput','_servicetags', 'lastservicecheck'),
'args' : { 'dirq' : '/var/spool/nstream/outgoing',
'c_map' : { 'servicedesc' : 'metricName',
'hostname' : 'hostName',
'servicestate' : 'metricStatus',
'longserviceoutput' : 'detailsData',
'serviceoutput' : 'summaryData',
'_servicevo' : 'voName',
'_serviceserver' : 'gatheredAt',
'_serviceunique_tag' : 'serviceFlavour',
'lastservicecheck' : 'timestamp'
},
'm_map' : { 'org.cms' : 'org.cms.ipv6',
'org.sam' : 'org.sam.ipv6',
'org.atlas' : 'org.atlas.ipv6',
'org.lhcb' : 'org.lhcb.ipv6',
'emi.cream' : 'emi.cream.ipv6',
'webdav' : 'webdav.ipv6',
},
'destination' : '/topic/sam.cms.metric',
},
}
\ No newline at end of file
#!/bin/bash
set -e
_term() {
if [[ -f /var/run/crond.pid ]]; then
kill -9 `cat /var/run/crond.pid`
rm -f /var/run/crond.pid
fi
rm -rf /opt/omd/sites/etf/etc/nagios/conf.d/wlcg/
omd stop
/usr/sbin/httpd -k stop
}
trap _term SIGINT SIGTERM
cat << "EOF"
_____ _____ _____ ____ __ __ ____
| ____|_ _| ___| / ___| \/ / ___|
| _| | | | |_ | | | |\/| \___ \
| |___ | | | _| | |___| | | |___) |
|_____| |_| |_| \____|_| |_|____/
========================================
EOF
ncgx_version=`rpm -q --qf "%{VERSION}-%{RELEASE}" ncgx`
echo "ETF version: ${ncgx_version} Copyright CERN 2016"
echo "License: https://gitlab.cern.ch/etf/ncgx/blob/master/LICENSE"
echo "Check_MK version: $CHECK_MK_VERSION"
echo "Copyright by Mathias Kettner (https://mathias-kettner.de/check_mk.html)"
plugins=`rpm -qa | grep nagios-plugins`
echo "Plugins:"
echo "${plugins}"
echo ""
echo "Starting xinetd ..."
export XINETD_LANG="en_US" && /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid
if [[ -n ${CHECK_MK_USER_ID} ]] ; then
echo "Changing $CHECK_MK_SITE uid to $CHECK_MK_USER_ID"
/usr/sbin/usermod -u ${CHECK_MK_USER_ID} ${CHECK_MK_SITE}
chown -R ${CHECK_MK_SITE} /etc/ncgx /var/cache/ncgx /var/cache/nap
chown -R ${CHECK_MK_SITE} /usr/libexec/grid-monitoring/probes/
fi
if [[ -n ${CHECK_MK_GROUP_ID} ]] ; then
echo "Creating group with gid $CHECK_MK_GROUP_ID"
/usr/sbin/groupadd -g ${CHECK_MK_GROUP_ID} sec
/usr/sbin/groupmems -g sec -a ${CHECK_MK_SITE}
fi
echo "Initialising ..."
if [[ -d /opt/omd/sites/etf/etc/nagios/conf.d/wlcg/ ]]; then
rm -rf /opt/omd/sites/etf/etc/nagios/conf.d/wlcg/
fi
/usr/bin/omd stop
echo "Starting crond ..."
/usr/sbin/crond -m off -p -s
echo "Copying certificates ..."
if [[ ! -f /etc/grid-security/hostcert.pem ]]; then
echo "Failed to find certificates in /etc/grid-security"
exit
fi
mkdir -p /opt/omd/sites/etf/etc/nagios/globus/
cp /etc/grid-security/host*.pem /opt/omd/sites/etf/etc/nagios/globus/
cp /etc/grid-security/etf_srv*.pem /opt/omd/sites/etf/etc/nagios/globus/
chown -R ${CHECK_MK_SITE}.${CHECK_MK_SITE} /opt/omd/sites/etf/etc/nagios/globus/
echo "Configuring access ..."
echo "Configured admins: $CHECK_MK_ADMINS"
sed -i "s|admin_users.*|admin_users = [$CHECK_MK_ADMINS]|" /opt/omd/sites/${CHECK_MK_SITE}/etc/check_mk/multisite.mk
if [[ -f /etc/check_mk/contacts.mk ]]; then
cp /etc/check_mk/contacts.mk /opt/omd/sites/${CHECK_MK_SITE}/etc/check_mk/conf.d/wato/
fi
if [[ -g /etc/check_mk/users.mk ]]; then
cp /etc/check_mk/users.mk /opt/omd/sites/${CHECK_MK_SITE}/etc/check_mk/conf.d/wato/
fi
if [[ "${ETF_ALERTS_ENABLED}" -eq "1" ]] && [[ -f /etc/check_mk/notifications.mk ]]; then
echo "Enabling notifications ..."
cp /etc/check_mk/notifications.mk /opt/omd/sites/${CHECK_MK_SITE}/etc/check_mk/conf.d/wato/
sed -i "s/ETF_HOSTED_BY/${ETF_HOSTED_BY}/" /opt/omd/sites/${CHECK_MK_SITE}/etc/check_mk/conf.d/wato/notifications.mk
sed -i "s/ETF_NAGIOS_HOST/${ETF_NAGIOS_HOST}/" /opt/omd/sites/${CHECK_MK_SITE}/etc/check_mk/conf.d/wato/notifications.mk
fi
cp /etc/ncgx/templates/generic/handlers.cfg /opt/omd/sites/etf/etc/nagios/conf.d/
omd start
rm -f /opt/omd/sites/etf/etc/nagios/conf.d/handlers.cfg
echo "Configuring main.mk: $ETF_HOSTED_BY"
if [[ -z "${ETF_HOSTED_BY}" ]]; then
echo " Variable ETF_HOSTED_BY is not defined, not touching main.mk"
else
grep -qF "${ETF_HOSTED_BY}" /opt/omd/sites/${CHECK_MK_SITE}/etc/check_mk/main.mk || echo "all_hosts += [ \"${ETF_HOSTED_BY}\" ]" >> /opt/omd/sites/${CHECK_MK_SITE}/etc/check_mk/main.mk
fi
echo "Configuring ETF ..."
if [[ -z "${ETF_NAGIOS_HOST}" ]]; then
echo " Variable ETF_NAGIOS_HOST is not defined, using hostname"
ETF_NAGIOS_HOST=`hostname`
grep -qF "${ETF_NAGIOS_HOST}" /etc/ncgx/ncgx.cfg || echo "NAGIOS_HOST = \"${ETF_NAGIOS_HOST}\"" >> /etc/ncgx/ncgx.cfg
else
grep -qF "${ETF_NAGIOS_HOST}" /etc/ncgx/ncgx.cfg || echo "NAGIOS_HOST = \"${ETF_NAGIOS_HOST}\"" >> /etc/ncgx/ncgx.cfg
fi
su etf -c "ncgx --ipv6 --log | tee /opt/omd/sites/etf/var/log/ncgx.log"
su - etf -c "cmk -II; cmk -O"
if [[ "${NSTREAM_ENABLED}" -eq "1" ]] ; then
echo "Nagios stream enabled ..."
else
echo "Nagios stream disabled ..."
/usr/bin/disable_nstream
fi
echo "Fetching CMS credentials ..."
su etf -c "/usr/lib/nagios/plugins/globus/refresh_proxy --vo-fqan /cms/Role=lcgadmin --myproxyuser nagios -H myproxy.cern.ch -t 120 --key /opt/omd/sites/etf/etc/nagios/globus/etf_srv_key.pem --vo cms --lifetime 24 --name NagiosRetrieve-ETF-cms -x /opt/omd/sites/etf/etc/nagios/globus/userproxy.pem--cms-Role_lcgadmin --cert /opt/omd/sites/etf/etc/nagios/globus/etf_srv_cert.pem"
su etf -c "/usr/lib/nagios/plugins/globus/refresh_proxy --vo-fqan /cms/Role=production --myproxyuser nagios -H myproxy.cern.ch -t 120 --key /opt/omd/sites/etf/etc/nagios/globus/etf_srv_key.pem --vo cms --lifetime 24 --name NagiosRetrieve-ETF-cms -x /opt/omd/sites/etf/etc/nagios/globus/userproxy.pem--cms-Role_production --cert /opt/omd/sites/etf/etc/nagios/globus/etf_srv_cert.pem"
su etf -c "/usr/lib/nagios/plugins/globus/refresh_proxy --myproxyuser nagios -H myproxy.cern.ch -t 120 --key /opt/omd/sites/etf/etc/nagios/globus/etf_srv_key.pem --vo cms --lifetime 24 --name NagiosRetrieve-ETF-cms -x /opt/omd/sites/etf/etc/nagios/globus/userproxy.pem--cms --cert /opt/omd/sites/etf/etc/nagios/globus/etf_srv_cert.pem"
echo "Copying credentials ..."
/bin/cp -f /opt/omd/sites/etf/etc/nagios/globus/userproxy.pem--cms /usr/libexec/grid-monitoring/probes/org.cms/wnjob/org.cms.glexec/probes/org.cms.glexec/testjob/tests/payloadproxy-t2
/bin/chown ${CHECK_MK_SITE} /usr/libexec/grid-monitoring/probes/org.cms/wnjob/org.cms.glexec/probes/org.cms.glexec/testjob/tests/payloadproxy-t2
/bin/chmod go+r /usr/libexec/grid-monitoring/probes/org.cms/wnjob/org.cms.glexec/probes/org.cms.glexec/testjob/tests/payloadproxy-t2
/bin/cp -f /opt/omd/sites/etf/etc/nagios/globus/userproxy.pem--cms-Role_production /usr/libexec/grid-monitoring/probes/org.cms/wnjob/org.cms/probes/org.cms/testjob/tests/prodproxy
/bin/chown ${CHECK_MK_SITE} /usr/libexec/grid-monitoring/probes/org.cms/wnjob/org.cms/probes/org.cms/testjob/tests/prodproxy
/bin/chmod go+r /usr/libexec/grid-monitoring/probes/org.cms/wnjob/org.cms/probes/org.cms/testjob/tests/prodproxy
echo "Reloading crontab ..."
su etf -c "omd reload crontab"
echo "Starting Apache ..."
/usr/sbin/httpd -DFOREGROUND &
wait $!
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment