From b3856beb16f53172aae3e0703744adee2b4c89f9 Mon Sep 17 00:00:00 2001
From: Laurence Field <laurence.field@cern.ch>
Date: Mon, 30 Sep 2024 11:16:50 +0200
Subject: [PATCH 01/15] Updated for el9
---
Dockerfile | 34 ++--------------------------------
1 file changed, 2 insertions(+), 32 deletions(-)
diff --git a/Dockerfile b/Dockerfile
index f3dce95..b289e3d 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,36 +1,7 @@
-FROM gitlab-registry.cern.ch/etf/docker/etf-exp:qa
-
-LABEL maintainer="Marian Babik <Marian.Babik@cern.ch>"
-LABEL description="WLCG ETF ALICE"
-LABEL version="1.0"
+FROM gitlab-registry.cern.ch/etf/docker/etf-condor:el9
ENV NSTREAM_ENABLED=0
-# Middleware
-RUN yum -y install yum-priorities
-RUN rpm -ivh http://repository.egi.eu/sw/production/umd/4/centos7/x86_64/updates/umd-release-4.1.3-1.el7.centos.noarch.rpm
-RUN rpm -import http://repository.egi.eu/sw/production/umd/UMD-RPM-PGP-KEY
-RUN cd /etc/yum.repos.d; wget https://repo.data.kit.edu//data-kit-edu-centos7.repo
-#RUN cd /etc/yum.repos.d/ && wget https://research.cs.wisc.edu/htcondor/yum/repo.d/htcondor-stable-rhel7.repo
-#COPY ./config/htcondor_stable.repo /etc/yum.repos.d/htcondor-stable-rhel7.repo
-
-# Core
-RUN yum -y install voms voms-clients-java oidc-agent-cli
-
-# CONDOR
-RUN yum -y install --nogpgcheck condor condor-python
-
-# CREAM
-# RUN yum -y install glite-ce-cream-cli python-suds openldap-clients python-ldap
-
-# ARC
-# Take the pakcages from UMD due to a bug in v6.19.0
-#RUN rpm -ivh https://download.nordugrid.org/packages/nordugrid-release/releases/6/centos/el7/x86_64/nordugrid-release-6-1.el7.noarch.rpm
-RUN yum -y install nordugrid-arc-client nordugrid-arc-plugins-needed nordugrid-arc-plugins-globus
-
-# ETF Plugins
-RUN yum -y install python-jess python-nap nagios-plugins nagios-plugins-globus python-wnfm nagios-plugins-tokens
-
# Streaming
RUN mkdir -p /var/spool/nstream/outgoing && chmod 777 /var/spool/nstream/outgoing
RUN mkdir /etc/stompclt
@@ -55,5 +26,4 @@ COPY ./config/alice_checks.cfg /etc/ncgx/conf.d/
COPY ./config/ncgx.cfg /etc/ncgx/
EXPOSE 80 443 6557
-COPY ./docker-entrypoint.sh /
-ENTRYPOINT /docker-entrypoint.sh
+ENTRYPOINT ["/usr/sbin/init"]
\ No newline at end of file
--
GitLab
From 56c6f954171884e0497725e6e73deb1b8eb8593f Mon Sep 17 00:00:00 2001
From: Laurence Field <laurence.field@cern.ch>
Date: Mon, 30 Sep 2024 11:30:06 +0200
Subject: [PATCH 02/15] Updated to build branches.
---
.gitlab-ci.yml | 21 +++++++++++++--------
1 file changed, 13 insertions(+), 8 deletions(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 92b198f..0ac8526 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,16 +1,21 @@
-variables:
- DOCKER_VERSION: "17.05"
-
-build:etf_alice_qa:
+build:etf_alice:
stage: build
variables:
- IMAGE_DESTINATION: gitlab-registry.cern.ch/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME/etf-alice:qa
+ IMAGE_DESTINATION: gitlab-registry.cern.ch/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME/etf-alice:
image:
# The kaniko debug image is recommended because it has a shell, and a shell is required for an image to be used with GitLab CI/CD.
name: gcr.io/kaniko-project/executor:debug
entrypoint: [""]
- environment: master
+ environment: $CI_COMMIT_REF_NAME
script:
+ # Determine the tag based on the branch name
+ - |
+ if [ "$CI_COMMIT_REF_NAME" == "master" ]; then
+ TAG="qa"
+ else
+ TAG="$CI_COMMIT_REF_NAME"
+ fi
+ IMAGE_DESTINATION="$IMAGE_DESTINATION$TAG"
# Prepare Kaniko configuration file
- echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}}" > /kaniko/.docker/config.json
# Build and push the image from the Dockerfile at the root of the project.
@@ -18,12 +23,12 @@ build:etf_alice_qa:
# Print the full registry path of the pushed image
- echo "Image pushed successfully to ${IMAGE_DESTINATION}"
only:
- - master
+ - branches
deploy:production:
dependencies:
- - build:etf_alice_qa
+ - build:etf_alice
stage: deploy
image:
# Use the ':debug' image as it provides a shell, which is a requirement for GitLab CI
--
GitLab
From c3231909d121411a3b102ae3814874647a10a711 Mon Sep 17 00:00:00 2001
From: Laurence Field <laurence.field@cern.ch>
Date: Mon, 30 Sep 2024 11:32:47 +0200
Subject: [PATCH 03/15] Copied from CMS
---
.gitlab-ci.yml | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 0ac8526..98e6358 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,7 +1,7 @@
build:etf_alice:
stage: build
variables:
- IMAGE_DESTINATION: gitlab-registry.cern.ch/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME/etf-alice:
+ IMAGE_DESTINATION: "gitlab-registry.cern.ch/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME/etf-alice:"
image:
# The kaniko debug image is recommended because it has a shell, and a shell is required for an image to be used with GitLab CI/CD.
name: gcr.io/kaniko-project/executor:debug
@@ -25,7 +25,6 @@ build:etf_alice:
only:
- branches
-
deploy:production:
dependencies:
- build:etf_alice
@@ -38,4 +37,4 @@ deploy:production:
script:
- crane auth login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" "$CI_REGISTRY"
- crane validate --remote "gitlab-registry.cern.ch/${CI_PROJECT_NAMESPACE}/${CI_PROJECT_NAME}/etf-alice:qa"
- - crane tag "gitlab-registry.cern.ch/${CI_PROJECT_NAMESPACE}/${CI_PROJECT_NAME}/etf-alice:qa" prod
+ - crane tag "gitlab-registry.cern.ch/${CI_PROJECT_NAMESPACE}/${CI_PROJECT_NAME}/etf-alice:qa" prod
\ No newline at end of file
--
GitLab
From 86a3725b44abd80a3f7921e96acdaf294d30d037 Mon Sep 17 00:00:00 2001
From: Laurence Field <laurence.field@cern.ch>
Date: Mon, 30 Sep 2024 11:38:26 +0200
Subject: [PATCH 04/15] The stomp directory is already in the image
---
Dockerfile | 2 --
1 file changed, 2 deletions(-)
diff --git a/Dockerfile b/Dockerfile
index b289e3d..f0baa05 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -3,8 +3,6 @@ FROM gitlab-registry.cern.ch/etf/docker/etf-condor:el9
ENV NSTREAM_ENABLED=0
# Streaming
-RUN mkdir -p /var/spool/nstream/outgoing && chmod 777 /var/spool/nstream/outgoing
-RUN mkdir /etc/stompclt
COPY ./config/ocsp_handler.cfg /etc/nstream/
# ARC config
--
GitLab
From c26fc4ef98763319d168c290067b099104de614d Mon Sep 17 00:00:00 2001
From: Laurence Field <laurence.field@cern.ch>
Date: Fri, 11 Oct 2024 16:43:02 +0200
Subject: [PATCH 05/15] Script to add keys
---
config/add-keys.sh | 4 ++++
1 file changed, 4 insertions(+)
create mode 100644 config/add-keys.sh
diff --git a/config/add-keys.sh b/config/add-keys.sh
new file mode 100644
index 0000000..ca34378
--- /dev/null
+++ b/config/add-keys.sh
@@ -0,0 +1,4 @@
+#!/bin/bash
+
+oidc-add --pw-file=/opt/omd/sites/etf/.oidc-agent/etf_alice_ce.key etf_alice_ce
+/usr/lib64/nagios/plugins/refresh_token -t 7200 --token-config etf-alice --token-time 345600 --aud /var/lib/gridprobes/alice/scondor/
--
GitLab
From b72d7b7de4100273640f897b109553c1f842f2ae Mon Sep 17 00:00:00 2001
From: Laurence Field <laurence.field@cern.ch>
Date: Fri, 11 Oct 2024 16:44:26 +0200
Subject: [PATCH 06/15] Copy add-keys.sh script
---
Dockerfile | 2 ++
1 file changed, 2 insertions(+)
diff --git a/Dockerfile b/Dockerfile
index f0baa05..9dae368 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -23,5 +23,7 @@ RUN mkdir -p /usr/libexec/grid-monitoring/probes/org.alice/wnjob
COPY ./config/alice_checks.cfg /etc/ncgx/conf.d/
COPY ./config/ncgx.cfg /etc/ncgx/
+COPY ./config/add-keys.sh /opt/omd/sites/etf/.oidc-agent/
+
EXPOSE 80 443 6557
ENTRYPOINT ["/usr/sbin/init"]
\ No newline at end of file
--
GitLab
From b71ad08633b31e24de3c88957bc920665f728899 Mon Sep 17 00:00:00 2001
From: Laurence Field <laurence.field@cern.ch>
Date: Fri, 11 Oct 2024 21:54:31 +0200
Subject: [PATCH 07/15] Adding copy
---
config/add-keys.sh | 1 +
1 file changed, 1 insertion(+)
diff --git a/config/add-keys.sh b/config/add-keys.sh
index ca34378..79429e5 100644
--- a/config/add-keys.sh
+++ b/config/add-keys.sh
@@ -1,4 +1,5 @@
#!/bin/bash
+cp -f /etc/grid-security/tokens/* /opt/omd/sites/etf/.oidc-agent/
oidc-add --pw-file=/opt/omd/sites/etf/.oidc-agent/etf_alice_ce.key etf_alice_ce
/usr/lib64/nagios/plugins/refresh_token -t 7200 --token-config etf-alice --token-time 345600 --aud /var/lib/gridprobes/alice/scondor/
--
GitLab
From c6570df7c547f18f83c8ad514acbdaba289b70d0 Mon Sep 17 00:00:00 2001
From: Laurence Field <lfield@aiadm81.cern.ch>
Date: Fri, 11 Oct 2024 22:18:45 +0200
Subject: [PATCH 08/15] Add execute permissions
---
config/add-keys.sh | 0
1 file changed, 0 insertions(+), 0 deletions(-)
mode change 100644 => 100755 config/add-keys.sh
diff --git a/config/add-keys.sh b/config/add-keys.sh
old mode 100644
new mode 100755
--
GitLab
From 2bce8e1149538d2e87cff2d08b0405ee360d1b70 Mon Sep 17 00:00:00 2001
From: Laurence Field <laurence.field@cern.ch>
Date: Fri, 11 Oct 2024 22:48:10 +0200
Subject: [PATCH 09/15] Adding sourcing of the agent env
---
config/add-keys.sh | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/config/add-keys.sh b/config/add-keys.sh
index 79429e5..324b5f7 100755
--- a/config/add-keys.sh
+++ b/config/add-keys.sh
@@ -1,5 +1,6 @@
#!/bin/bash
-
+source /opt/omd/sites/etf/.oidc-agent/oidc-env.sh
cp -f /etc/grid-security/tokens/* /opt/omd/sites/etf/.oidc-agent/
-oidc-add --pw-file=/opt/omd/sites/etf/.oidc-agent/etf_alice_ce.key etf_alice_ce
+/usr/bin/oidc-add --pw-file=/opt/omd/sites/etf/.oidc-agent/etf_alice_ce.key etf_alice_ce
/usr/lib64/nagios/plugins/refresh_token -t 7200 --token-config etf-alice --token-time 345600 --aud /var/lib/gridprobes/alice/scondor/
+
--
GitLab
From a1f3ad9f1a819a4cd37e9263e66e02d6e0fc7910 Mon Sep 17 00:00:00 2001
From: Laurence Field <laurence.field@cern.ch>
Date: Mon, 14 Oct 2024 11:35:51 +0200
Subject: [PATCH 10/15] Added arc install
---
Dockerfile | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/Dockerfile b/Dockerfile
index 9dae368..e2efb7b 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -5,6 +5,10 @@ ENV NSTREAM_ENABLED=0
# Streaming
COPY ./config/ocsp_handler.cfg /etc/nstream/
+# ARC
+RUN yum -y install https://download.nordugrid.org/packages/nordugrid-release/releases/6.1/rocky/9/x86_64/nordugrid-release-6.1-1.el9.noarch.rpm
+RUN yum -y install nordugrid-arc-client nordugrid-arc-plugins-needed nordugrid-arc-plugins-globus
+
# ARC config
RUN mkdir /opt/omd/sites/$CHECK_MK_SITE/.arc
COPY ./config/client.conf /opt/omd/sites/$CHECK_MK_SITE/.arc/
--
GitLab
From d790a67bc85389e3730362aaa51b4eb3769a5fac Mon Sep 17 00:00:00 2001
From: Laurence Field <laurence.field@cern.ch>
Date: Tue, 15 Oct 2024 14:40:14 +0200
Subject: [PATCH 11/15] ARC7 installed in the base image
---
Dockerfile | 4 ----
1 file changed, 4 deletions(-)
diff --git a/Dockerfile b/Dockerfile
index e2efb7b..9dae368 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -5,10 +5,6 @@ ENV NSTREAM_ENABLED=0
# Streaming
COPY ./config/ocsp_handler.cfg /etc/nstream/
-# ARC
-RUN yum -y install https://download.nordugrid.org/packages/nordugrid-release/releases/6.1/rocky/9/x86_64/nordugrid-release-6.1-1.el9.noarch.rpm
-RUN yum -y install nordugrid-arc-client nordugrid-arc-plugins-needed nordugrid-arc-plugins-globus
-
# ARC config
RUN mkdir /opt/omd/sites/$CHECK_MK_SITE/.arc
COPY ./config/client.conf /opt/omd/sites/$CHECK_MK_SITE/.arc/
--
GitLab
From 24ba222a8b1597305b725827029fa2a366078f4b Mon Sep 17 00:00:00 2001
From: Laurence Field <laurence.field@cern.ch>
Date: Wed, 16 Oct 2024 14:32:43 +0200
Subject: [PATCH 12/15] Change image name
---
Dockerfile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Dockerfile b/Dockerfile
index 9dae368..f31e777 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM gitlab-registry.cern.ch/etf/docker/etf-condor:el9
+FROM gitlab-registry.cern.ch/etf/docker/etf-base:el9
ENV NSTREAM_ENABLED=0
--
GitLab
From d60fa702dbaa36115d14090ccb7e490c273ba38a Mon Sep 17 00:00:00 2001
From: Laurence Field <laurence.field@cern.ch>
Date: Wed, 16 Oct 2024 22:47:22 +0200
Subject: [PATCH 13/15] The http check should accept xml
---
config/alice_checks.cfg | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/config/alice_checks.cfg b/config/alice_checks.cfg
index 23872b2..6df3829 100644
--- a/config/alice_checks.cfg
+++ b/config/alice_checks.cfg
@@ -24,6 +24,6 @@ metrics = {
}
checks = [
- [ 'localhost', "Alice VO feed", {"args" : {"-u" : "/api/wlcg/vofeed/alice/", "-H" : "wlcg-cric.cern.ch", "-t" : 60, "--onredirect" : "follow"}} ],
+ [ 'localhost', "Alice VO feed", {"args" : {"-u" : "/api/wlcg/vofeed/alice/", "-H" : "wlcg-cric.cern.ch", "-t" : 60, "--onredirect" : "follow", "-k" : "Accept: application/xml"}} ],
[ 'localhost', "ETF Livestatus Stats", {"extends": "check_live", "args": {"--pattern": "org.sam", "--delay-crit": 310}} ],
]
\ No newline at end of file
--
GitLab
From 608edd650f1d9cd49eb0f6918e7716989f3860b5 Mon Sep 17 00:00:00 2001
From: Laurence Field <laurence.field@cern.ch>
Date: Wed, 16 Oct 2024 23:48:42 +0200
Subject: [PATCH 14/15] Needs more quotes
---
config/alice_checks.cfg | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/config/alice_checks.cfg b/config/alice_checks.cfg
index 6df3829..8ab8c03 100644
--- a/config/alice_checks.cfg
+++ b/config/alice_checks.cfg
@@ -24,6 +24,6 @@ metrics = {
}
checks = [
- [ 'localhost', "Alice VO feed", {"args" : {"-u" : "/api/wlcg/vofeed/alice/", "-H" : "wlcg-cric.cern.ch", "-t" : 60, "--onredirect" : "follow", "-k" : "Accept: application/xml"}} ],
+ [ 'localhost', "Alice VO feed", {"args" : {"-u" : "/api/wlcg/vofeed/alice/", "-H" : "wlcg-cric.cern.ch", "-t" : 60, "--onredirect" : "follow", "-k" : "'Accept: application/xml'"}} ],
[ 'localhost', "ETF Livestatus Stats", {"extends": "check_live", "args": {"--pattern": "org.sam", "--delay-crit": 310}} ],
]
\ No newline at end of file
--
GitLab
From b7725abeb1b4e8f90c62cdcf4318b4e15a67f548 Mon Sep 17 00:00:00 2001
From: Laurence Field <laurence.field@cern.ch>
Date: Wed, 30 Oct 2024 14:47:05 +0100
Subject: [PATCH 15/15] Added hack for testing K8s
---
config/add-keys.sh | 1 +
1 file changed, 1 insertion(+)
diff --git a/config/add-keys.sh b/config/add-keys.sh
index 324b5f7..c0b8c64 100755
--- a/config/add-keys.sh
+++ b/config/add-keys.sh
@@ -1,6 +1,7 @@
#!/bin/bash
source /opt/omd/sites/etf/.oidc-agent/oidc-env.sh
cp -f /etc/grid-security/tokens/* /opt/omd/sites/etf/.oidc-agent/
+cp /opt/omd/sites/etf/.oidc-agent/etf_alice_ce{.K8s,}
/usr/bin/oidc-add --pw-file=/opt/omd/sites/etf/.oidc-agent/etf_alice_ce.key etf_alice_ce
/usr/lib64/nagios/plugins/refresh_token -t 7200 --token-config etf-alice --token-time 345600 --aud /var/lib/gridprobes/alice/scondor/
--
GitLab