diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 92b198f2588842ea8c383628a020c91069c162cd..98e6358e8a62b917c1ea8f71b17f6b3c983850d6 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,16 +1,21 @@ -variables: - DOCKER_VERSION: "17.05" - -build:etf_alice_qa: +build:etf_alice: stage: build variables: - IMAGE_DESTINATION: gitlab-registry.cern.ch/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME/etf-alice:qa + IMAGE_DESTINATION: "gitlab-registry.cern.ch/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME/etf-alice:" image: # The kaniko debug image is recommended because it has a shell, and a shell is required for an image to be used with GitLab CI/CD. name: gcr.io/kaniko-project/executor:debug entrypoint: [""] - environment: master + environment: $CI_COMMIT_REF_NAME script: + # Determine the tag based on the branch name + - | + if [ "$CI_COMMIT_REF_NAME" == "master" ]; then + TAG="qa" + else + TAG="$CI_COMMIT_REF_NAME" + fi + IMAGE_DESTINATION="$IMAGE_DESTINATION$TAG" # Prepare Kaniko configuration file - echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}}" > /kaniko/.docker/config.json # Build and push the image from the Dockerfile at the root of the project. @@ -18,12 +23,11 @@ build:etf_alice_qa: # Print the full registry path of the pushed image - echo "Image pushed successfully to ${IMAGE_DESTINATION}" only: - - master - + - branches deploy:production: dependencies: - - build:etf_alice_qa + - build:etf_alice stage: deploy image: # Use the ':debug' image as it provides a shell, which is a requirement for GitLab CI @@ -33,4 +37,4 @@ deploy:production: script: - crane auth login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" "$CI_REGISTRY" - crane validate --remote "gitlab-registry.cern.ch/${CI_PROJECT_NAMESPACE}/${CI_PROJECT_NAME}/etf-alice:qa" - - crane tag "gitlab-registry.cern.ch/${CI_PROJECT_NAMESPACE}/${CI_PROJECT_NAME}/etf-alice:qa" prod + - crane tag "gitlab-registry.cern.ch/${CI_PROJECT_NAMESPACE}/${CI_PROJECT_NAME}/etf-alice:qa" prod \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index f3dce9599ce292ae2242dd220ab73f2767bd4a4b..f31e7771683aa408bca2b37d32049e3b7f1c6f36 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,39 +1,8 @@ -FROM gitlab-registry.cern.ch/etf/docker/etf-exp:qa - -LABEL maintainer="Marian Babik <Marian.Babik@cern.ch>" -LABEL description="WLCG ETF ALICE" -LABEL version="1.0" +FROM gitlab-registry.cern.ch/etf/docker/etf-base:el9 ENV NSTREAM_ENABLED=0 -# Middleware -RUN yum -y install yum-priorities -RUN rpm -ivh http://repository.egi.eu/sw/production/umd/4/centos7/x86_64/updates/umd-release-4.1.3-1.el7.centos.noarch.rpm -RUN rpm -import http://repository.egi.eu/sw/production/umd/UMD-RPM-PGP-KEY -RUN cd /etc/yum.repos.d; wget https://repo.data.kit.edu//data-kit-edu-centos7.repo -#RUN cd /etc/yum.repos.d/ && wget https://research.cs.wisc.edu/htcondor/yum/repo.d/htcondor-stable-rhel7.repo -#COPY ./config/htcondor_stable.repo /etc/yum.repos.d/htcondor-stable-rhel7.repo - -# Core -RUN yum -y install voms voms-clients-java oidc-agent-cli - -# CONDOR -RUN yum -y install --nogpgcheck condor condor-python - -# CREAM -# RUN yum -y install glite-ce-cream-cli python-suds openldap-clients python-ldap - -# ARC -# Take the pakcages from UMD due to a bug in v6.19.0 -#RUN rpm -ivh https://download.nordugrid.org/packages/nordugrid-release/releases/6/centos/el7/x86_64/nordugrid-release-6-1.el7.noarch.rpm -RUN yum -y install nordugrid-arc-client nordugrid-arc-plugins-needed nordugrid-arc-plugins-globus - -# ETF Plugins -RUN yum -y install python-jess python-nap nagios-plugins nagios-plugins-globus python-wnfm nagios-plugins-tokens - # Streaming -RUN mkdir -p /var/spool/nstream/outgoing && chmod 777 /var/spool/nstream/outgoing -RUN mkdir /etc/stompclt COPY ./config/ocsp_handler.cfg /etc/nstream/ # ARC config @@ -54,6 +23,7 @@ RUN mkdir -p /usr/libexec/grid-monitoring/probes/org.alice/wnjob COPY ./config/alice_checks.cfg /etc/ncgx/conf.d/ COPY ./config/ncgx.cfg /etc/ncgx/ +COPY ./config/add-keys.sh /opt/omd/sites/etf/.oidc-agent/ + EXPOSE 80 443 6557 -COPY ./docker-entrypoint.sh / -ENTRYPOINT /docker-entrypoint.sh +ENTRYPOINT ["/usr/sbin/init"] \ No newline at end of file diff --git a/config/add-keys.sh b/config/add-keys.sh new file mode 100755 index 0000000000000000000000000000000000000000..c0b8c64206d0433b91e2d55534744d073cd28800 --- /dev/null +++ b/config/add-keys.sh @@ -0,0 +1,7 @@ +#!/bin/bash +source /opt/omd/sites/etf/.oidc-agent/oidc-env.sh +cp -f /etc/grid-security/tokens/* /opt/omd/sites/etf/.oidc-agent/ +cp /opt/omd/sites/etf/.oidc-agent/etf_alice_ce{.K8s,} +/usr/bin/oidc-add --pw-file=/opt/omd/sites/etf/.oidc-agent/etf_alice_ce.key etf_alice_ce +/usr/lib64/nagios/plugins/refresh_token -t 7200 --token-config etf-alice --token-time 345600 --aud /var/lib/gridprobes/alice/scondor/ + diff --git a/config/alice_checks.cfg b/config/alice_checks.cfg index 23872b277078a98d0e769e53a351f03852843089..8ab8c0303f28a5e86d96f05f0fcf6be7f19288a6 100644 --- a/config/alice_checks.cfg +++ b/config/alice_checks.cfg @@ -24,6 +24,6 @@ metrics = { } checks = [ - [ 'localhost', "Alice VO feed", {"args" : {"-u" : "/api/wlcg/vofeed/alice/", "-H" : "wlcg-cric.cern.ch", "-t" : 60, "--onredirect" : "follow"}} ], + [ 'localhost', "Alice VO feed", {"args" : {"-u" : "/api/wlcg/vofeed/alice/", "-H" : "wlcg-cric.cern.ch", "-t" : 60, "--onredirect" : "follow", "-k" : "'Accept: application/xml'"}} ], [ 'localhost', "ETF Livestatus Stats", {"extends": "check_live", "args": {"--pattern": "org.sam", "--delay-crit": 310}} ], ] \ No newline at end of file