From b3856beb16f53172aae3e0703744adee2b4c89f9 Mon Sep 17 00:00:00 2001 From: Laurence Field <laurence.field@cern.ch> Date: Mon, 30 Sep 2024 11:16:50 +0200 Subject: [PATCH 01/15] Updated for el9 --- Dockerfile | 34 ++-------------------------------- 1 file changed, 2 insertions(+), 32 deletions(-) diff --git a/Dockerfile b/Dockerfile index f3dce95..b289e3d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,36 +1,7 @@ -FROM gitlab-registry.cern.ch/etf/docker/etf-exp:qa - -LABEL maintainer="Marian Babik <Marian.Babik@cern.ch>" -LABEL description="WLCG ETF ALICE" -LABEL version="1.0" +FROM gitlab-registry.cern.ch/etf/docker/etf-condor:el9 ENV NSTREAM_ENABLED=0 -# Middleware -RUN yum -y install yum-priorities -RUN rpm -ivh http://repository.egi.eu/sw/production/umd/4/centos7/x86_64/updates/umd-release-4.1.3-1.el7.centos.noarch.rpm -RUN rpm -import http://repository.egi.eu/sw/production/umd/UMD-RPM-PGP-KEY -RUN cd /etc/yum.repos.d; wget https://repo.data.kit.edu//data-kit-edu-centos7.repo -#RUN cd /etc/yum.repos.d/ && wget https://research.cs.wisc.edu/htcondor/yum/repo.d/htcondor-stable-rhel7.repo -#COPY ./config/htcondor_stable.repo /etc/yum.repos.d/htcondor-stable-rhel7.repo - -# Core -RUN yum -y install voms voms-clients-java oidc-agent-cli - -# CONDOR -RUN yum -y install --nogpgcheck condor condor-python - -# CREAM -# RUN yum -y install glite-ce-cream-cli python-suds openldap-clients python-ldap - -# ARC -# Take the pakcages from UMD due to a bug in v6.19.0 -#RUN rpm -ivh https://download.nordugrid.org/packages/nordugrid-release/releases/6/centos/el7/x86_64/nordugrid-release-6-1.el7.noarch.rpm -RUN yum -y install nordugrid-arc-client nordugrid-arc-plugins-needed nordugrid-arc-plugins-globus - -# ETF Plugins -RUN yum -y install python-jess python-nap nagios-plugins nagios-plugins-globus python-wnfm nagios-plugins-tokens - # Streaming RUN mkdir -p /var/spool/nstream/outgoing && chmod 777 /var/spool/nstream/outgoing RUN mkdir /etc/stompclt @@ -55,5 +26,4 @@ COPY ./config/alice_checks.cfg /etc/ncgx/conf.d/ COPY ./config/ncgx.cfg /etc/ncgx/ EXPOSE 80 443 6557 -COPY ./docker-entrypoint.sh / -ENTRYPOINT /docker-entrypoint.sh +ENTRYPOINT ["/usr/sbin/init"] \ No newline at end of file -- GitLab From 56c6f954171884e0497725e6e73deb1b8eb8593f Mon Sep 17 00:00:00 2001 From: Laurence Field <laurence.field@cern.ch> Date: Mon, 30 Sep 2024 11:30:06 +0200 Subject: [PATCH 02/15] Updated to build branches. --- .gitlab-ci.yml | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 92b198f..0ac8526 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,16 +1,21 @@ -variables: - DOCKER_VERSION: "17.05" - -build:etf_alice_qa: +build:etf_alice: stage: build variables: - IMAGE_DESTINATION: gitlab-registry.cern.ch/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME/etf-alice:qa + IMAGE_DESTINATION: gitlab-registry.cern.ch/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME/etf-alice: image: # The kaniko debug image is recommended because it has a shell, and a shell is required for an image to be used with GitLab CI/CD. name: gcr.io/kaniko-project/executor:debug entrypoint: [""] - environment: master + environment: $CI_COMMIT_REF_NAME script: + # Determine the tag based on the branch name + - | + if [ "$CI_COMMIT_REF_NAME" == "master" ]; then + TAG="qa" + else + TAG="$CI_COMMIT_REF_NAME" + fi + IMAGE_DESTINATION="$IMAGE_DESTINATION$TAG" # Prepare Kaniko configuration file - echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}}" > /kaniko/.docker/config.json # Build and push the image from the Dockerfile at the root of the project. @@ -18,12 +23,12 @@ build:etf_alice_qa: # Print the full registry path of the pushed image - echo "Image pushed successfully to ${IMAGE_DESTINATION}" only: - - master + - branches deploy:production: dependencies: - - build:etf_alice_qa + - build:etf_alice stage: deploy image: # Use the ':debug' image as it provides a shell, which is a requirement for GitLab CI -- GitLab From c3231909d121411a3b102ae3814874647a10a711 Mon Sep 17 00:00:00 2001 From: Laurence Field <laurence.field@cern.ch> Date: Mon, 30 Sep 2024 11:32:47 +0200 Subject: [PATCH 03/15] Copied from CMS --- .gitlab-ci.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 0ac8526..98e6358 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,7 +1,7 @@ build:etf_alice: stage: build variables: - IMAGE_DESTINATION: gitlab-registry.cern.ch/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME/etf-alice: + IMAGE_DESTINATION: "gitlab-registry.cern.ch/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME/etf-alice:" image: # The kaniko debug image is recommended because it has a shell, and a shell is required for an image to be used with GitLab CI/CD. name: gcr.io/kaniko-project/executor:debug @@ -25,7 +25,6 @@ build:etf_alice: only: - branches - deploy:production: dependencies: - build:etf_alice @@ -38,4 +37,4 @@ deploy:production: script: - crane auth login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" "$CI_REGISTRY" - crane validate --remote "gitlab-registry.cern.ch/${CI_PROJECT_NAMESPACE}/${CI_PROJECT_NAME}/etf-alice:qa" - - crane tag "gitlab-registry.cern.ch/${CI_PROJECT_NAMESPACE}/${CI_PROJECT_NAME}/etf-alice:qa" prod + - crane tag "gitlab-registry.cern.ch/${CI_PROJECT_NAMESPACE}/${CI_PROJECT_NAME}/etf-alice:qa" prod \ No newline at end of file -- GitLab From 86a3725b44abd80a3f7921e96acdaf294d30d037 Mon Sep 17 00:00:00 2001 From: Laurence Field <laurence.field@cern.ch> Date: Mon, 30 Sep 2024 11:38:26 +0200 Subject: [PATCH 04/15] The stomp directory is already in the image --- Dockerfile | 2 -- 1 file changed, 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index b289e3d..f0baa05 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,8 +3,6 @@ FROM gitlab-registry.cern.ch/etf/docker/etf-condor:el9 ENV NSTREAM_ENABLED=0 # Streaming -RUN mkdir -p /var/spool/nstream/outgoing && chmod 777 /var/spool/nstream/outgoing -RUN mkdir /etc/stompclt COPY ./config/ocsp_handler.cfg /etc/nstream/ # ARC config -- GitLab From c26fc4ef98763319d168c290067b099104de614d Mon Sep 17 00:00:00 2001 From: Laurence Field <laurence.field@cern.ch> Date: Fri, 11 Oct 2024 16:43:02 +0200 Subject: [PATCH 05/15] Script to add keys --- config/add-keys.sh | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 config/add-keys.sh diff --git a/config/add-keys.sh b/config/add-keys.sh new file mode 100644 index 0000000..ca34378 --- /dev/null +++ b/config/add-keys.sh @@ -0,0 +1,4 @@ +#!/bin/bash + +oidc-add --pw-file=/opt/omd/sites/etf/.oidc-agent/etf_alice_ce.key etf_alice_ce +/usr/lib64/nagios/plugins/refresh_token -t 7200 --token-config etf-alice --token-time 345600 --aud /var/lib/gridprobes/alice/scondor/ -- GitLab From b72d7b7de4100273640f897b109553c1f842f2ae Mon Sep 17 00:00:00 2001 From: Laurence Field <laurence.field@cern.ch> Date: Fri, 11 Oct 2024 16:44:26 +0200 Subject: [PATCH 06/15] Copy add-keys.sh script --- Dockerfile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Dockerfile b/Dockerfile index f0baa05..9dae368 100644 --- a/Dockerfile +++ b/Dockerfile @@ -23,5 +23,7 @@ RUN mkdir -p /usr/libexec/grid-monitoring/probes/org.alice/wnjob COPY ./config/alice_checks.cfg /etc/ncgx/conf.d/ COPY ./config/ncgx.cfg /etc/ncgx/ +COPY ./config/add-keys.sh /opt/omd/sites/etf/.oidc-agent/ + EXPOSE 80 443 6557 ENTRYPOINT ["/usr/sbin/init"] \ No newline at end of file -- GitLab From b71ad08633b31e24de3c88957bc920665f728899 Mon Sep 17 00:00:00 2001 From: Laurence Field <laurence.field@cern.ch> Date: Fri, 11 Oct 2024 21:54:31 +0200 Subject: [PATCH 07/15] Adding copy --- config/add-keys.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/config/add-keys.sh b/config/add-keys.sh index ca34378..79429e5 100644 --- a/config/add-keys.sh +++ b/config/add-keys.sh @@ -1,4 +1,5 @@ #!/bin/bash +cp -f /etc/grid-security/tokens/* /opt/omd/sites/etf/.oidc-agent/ oidc-add --pw-file=/opt/omd/sites/etf/.oidc-agent/etf_alice_ce.key etf_alice_ce /usr/lib64/nagios/plugins/refresh_token -t 7200 --token-config etf-alice --token-time 345600 --aud /var/lib/gridprobes/alice/scondor/ -- GitLab From c6570df7c547f18f83c8ad514acbdaba289b70d0 Mon Sep 17 00:00:00 2001 From: Laurence Field <lfield@aiadm81.cern.ch> Date: Fri, 11 Oct 2024 22:18:45 +0200 Subject: [PATCH 08/15] Add execute permissions --- config/add-keys.sh | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 config/add-keys.sh diff --git a/config/add-keys.sh b/config/add-keys.sh old mode 100644 new mode 100755 -- GitLab From 2bce8e1149538d2e87cff2d08b0405ee360d1b70 Mon Sep 17 00:00:00 2001 From: Laurence Field <laurence.field@cern.ch> Date: Fri, 11 Oct 2024 22:48:10 +0200 Subject: [PATCH 09/15] Adding sourcing of the agent env --- config/add-keys.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/config/add-keys.sh b/config/add-keys.sh index 79429e5..324b5f7 100755 --- a/config/add-keys.sh +++ b/config/add-keys.sh @@ -1,5 +1,6 @@ #!/bin/bash - +source /opt/omd/sites/etf/.oidc-agent/oidc-env.sh cp -f /etc/grid-security/tokens/* /opt/omd/sites/etf/.oidc-agent/ -oidc-add --pw-file=/opt/omd/sites/etf/.oidc-agent/etf_alice_ce.key etf_alice_ce +/usr/bin/oidc-add --pw-file=/opt/omd/sites/etf/.oidc-agent/etf_alice_ce.key etf_alice_ce /usr/lib64/nagios/plugins/refresh_token -t 7200 --token-config etf-alice --token-time 345600 --aud /var/lib/gridprobes/alice/scondor/ + -- GitLab From a1f3ad9f1a819a4cd37e9263e66e02d6e0fc7910 Mon Sep 17 00:00:00 2001 From: Laurence Field <laurence.field@cern.ch> Date: Mon, 14 Oct 2024 11:35:51 +0200 Subject: [PATCH 10/15] Added arc install --- Dockerfile | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/Dockerfile b/Dockerfile index 9dae368..e2efb7b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,6 +5,10 @@ ENV NSTREAM_ENABLED=0 # Streaming COPY ./config/ocsp_handler.cfg /etc/nstream/ +# ARC +RUN yum -y install https://download.nordugrid.org/packages/nordugrid-release/releases/6.1/rocky/9/x86_64/nordugrid-release-6.1-1.el9.noarch.rpm +RUN yum -y install nordugrid-arc-client nordugrid-arc-plugins-needed nordugrid-arc-plugins-globus + # ARC config RUN mkdir /opt/omd/sites/$CHECK_MK_SITE/.arc COPY ./config/client.conf /opt/omd/sites/$CHECK_MK_SITE/.arc/ -- GitLab From d790a67bc85389e3730362aaa51b4eb3769a5fac Mon Sep 17 00:00:00 2001 From: Laurence Field <laurence.field@cern.ch> Date: Tue, 15 Oct 2024 14:40:14 +0200 Subject: [PATCH 11/15] ARC7 installed in the base image --- Dockerfile | 4 ---- 1 file changed, 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index e2efb7b..9dae368 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,10 +5,6 @@ ENV NSTREAM_ENABLED=0 # Streaming COPY ./config/ocsp_handler.cfg /etc/nstream/ -# ARC -RUN yum -y install https://download.nordugrid.org/packages/nordugrid-release/releases/6.1/rocky/9/x86_64/nordugrid-release-6.1-1.el9.noarch.rpm -RUN yum -y install nordugrid-arc-client nordugrid-arc-plugins-needed nordugrid-arc-plugins-globus - # ARC config RUN mkdir /opt/omd/sites/$CHECK_MK_SITE/.arc COPY ./config/client.conf /opt/omd/sites/$CHECK_MK_SITE/.arc/ -- GitLab From 24ba222a8b1597305b725827029fa2a366078f4b Mon Sep 17 00:00:00 2001 From: Laurence Field <laurence.field@cern.ch> Date: Wed, 16 Oct 2024 14:32:43 +0200 Subject: [PATCH 12/15] Change image name --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 9dae368..f31e777 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM gitlab-registry.cern.ch/etf/docker/etf-condor:el9 +FROM gitlab-registry.cern.ch/etf/docker/etf-base:el9 ENV NSTREAM_ENABLED=0 -- GitLab From d60fa702dbaa36115d14090ccb7e490c273ba38a Mon Sep 17 00:00:00 2001 From: Laurence Field <laurence.field@cern.ch> Date: Wed, 16 Oct 2024 22:47:22 +0200 Subject: [PATCH 13/15] The http check should accept xml --- config/alice_checks.cfg | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/alice_checks.cfg b/config/alice_checks.cfg index 23872b2..6df3829 100644 --- a/config/alice_checks.cfg +++ b/config/alice_checks.cfg @@ -24,6 +24,6 @@ metrics = { } checks = [ - [ 'localhost', "Alice VO feed", {"args" : {"-u" : "/api/wlcg/vofeed/alice/", "-H" : "wlcg-cric.cern.ch", "-t" : 60, "--onredirect" : "follow"}} ], + [ 'localhost', "Alice VO feed", {"args" : {"-u" : "/api/wlcg/vofeed/alice/", "-H" : "wlcg-cric.cern.ch", "-t" : 60, "--onredirect" : "follow", "-k" : "Accept: application/xml"}} ], [ 'localhost', "ETF Livestatus Stats", {"extends": "check_live", "args": {"--pattern": "org.sam", "--delay-crit": 310}} ], ] \ No newline at end of file -- GitLab From 608edd650f1d9cd49eb0f6918e7716989f3860b5 Mon Sep 17 00:00:00 2001 From: Laurence Field <laurence.field@cern.ch> Date: Wed, 16 Oct 2024 23:48:42 +0200 Subject: [PATCH 14/15] Needs more quotes --- config/alice_checks.cfg | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/alice_checks.cfg b/config/alice_checks.cfg index 6df3829..8ab8c03 100644 --- a/config/alice_checks.cfg +++ b/config/alice_checks.cfg @@ -24,6 +24,6 @@ metrics = { } checks = [ - [ 'localhost', "Alice VO feed", {"args" : {"-u" : "/api/wlcg/vofeed/alice/", "-H" : "wlcg-cric.cern.ch", "-t" : 60, "--onredirect" : "follow", "-k" : "Accept: application/xml"}} ], + [ 'localhost', "Alice VO feed", {"args" : {"-u" : "/api/wlcg/vofeed/alice/", "-H" : "wlcg-cric.cern.ch", "-t" : 60, "--onredirect" : "follow", "-k" : "'Accept: application/xml'"}} ], [ 'localhost', "ETF Livestatus Stats", {"extends": "check_live", "args": {"--pattern": "org.sam", "--delay-crit": 310}} ], ] \ No newline at end of file -- GitLab From b7725abeb1b4e8f90c62cdcf4318b4e15a67f548 Mon Sep 17 00:00:00 2001 From: Laurence Field <laurence.field@cern.ch> Date: Wed, 30 Oct 2024 14:47:05 +0100 Subject: [PATCH 15/15] Added hack for testing K8s --- config/add-keys.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/config/add-keys.sh b/config/add-keys.sh index 324b5f7..c0b8c64 100755 --- a/config/add-keys.sh +++ b/config/add-keys.sh @@ -1,6 +1,7 @@ #!/bin/bash source /opt/omd/sites/etf/.oidc-agent/oidc-env.sh cp -f /etc/grid-security/tokens/* /opt/omd/sites/etf/.oidc-agent/ +cp /opt/omd/sites/etf/.oidc-agent/etf_alice_ce{.K8s,} /usr/bin/oidc-add --pw-file=/opt/omd/sites/etf/.oidc-agent/etf_alice_ce.key etf_alice_ce /usr/lib64/nagios/plugins/refresh_token -t 7200 --token-config etf-alice --token-time 345600 --aud /var/lib/gridprobes/alice/scondor/ -- GitLab