Skip to content
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 13 additions & 0 deletions docker/cmsweb-alma9-base/Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
FROM cern/alma9-base:latest

# Install EPEL repository (required for voms, fetch-crl and CA-related packages)
RUN dnf -y install epel-release && dnf -y upgrade && dnf clean all

# Upgrade packages from the base image and install CMSWEB required packages
RUN dnf -y install fetch-crl cern-get-certificate CERN-CA-certs ca-certificates && dnf clean all

# Required OS packages
RUN dnf -y install vim less procps python3-pycurl pip && dnf clean all
RUN ln -s /usr/bin/python3 /usr/bin/python

RUN update-ca-trust
28 changes: 25 additions & 3 deletions docker/pypi/alma-base/Dockerfile
Original file line number Diff line number Diff line change
@@ -1,4 +1,26 @@
FROM registry.cern.ch/cmsweb/cmsweb-base as cmsweb-base
FROM registry.cern.ch/cmsweb/exporters as exporters
FROM almalinux:latest
MAINTAINER Valentin Kuznetsov vkuznet@gmail.com
RUN yum install -y curl-minimal libcurl-minimal vim python3-pycurl pip sudo less \
&& yum clean all && rm -rf /var/cache/yum
MAINTAINER Alan Malta alan.malta@cern.ch

# base image stuff: certificates, monitoring, exporters, etc
RUN mkdir /etc/grid-security
COPY --from=cmsweb-base /etc/grid-security/certificates /etc/grid-security/certificates
COPY --from=cmsweb-base /etc/grid-security/vomsdir /etc/grid-security/vomsdir
COPY --from=cmsweb-base /etc/vomses /etc/vomses
COPY --from=exporters /data/cmsweb-ping /usr/bin/cmsweb-ping
COPY --from=exporters /data/process_exporter /usr/bin/process_exporter
COPY --from=exporters /data/cpy_exporter /usr/bin/cpy_exporter

# Required OS packages
RUN dnf -y upgrade && \
dnf -y install --skip-broken curl libcurl && \
dnf -y install sudo vim less procps python3-pycurl pip && \
dnf clean all
RUN ln -s /usr/bin/python3 /usr/bin/python

ENV WDIR=/data
ADD run.sh $WDIR/run.sh
ADD monitor.sh $WDIR/monitor.sh
ADD manage $WDIR/manage
WORKDIR /data
14 changes: 0 additions & 14 deletions docker/pypi/alma-base/errors.txt

This file was deleted.

101 changes: 101 additions & 0 deletions docker/pypi/alma-base/manage
Original file line number Diff line number Diff line change
@@ -0,0 +1,101 @@
#!/bin/bash
##H Usage: manage ACTION [ATTRIBUTE] [SECURITY-STRING]
##H
##H Available actions:
##H help show this help
##H version get current version of the service
##H status show current service's status
##H restart (re)start the service
##H start (re)start the service
##H stop stop the service

# common settings to prettify output
echo_e=-e
COLOR_OK="\\033[0;32m"
COLOR_WARN="\\033[0;31m"
COLOR_NORMAL="\\033[0;39m"

# service settings
srv=`echo $USER | sed -e "s,_,,g" | sed -e "s,t0req,t0_req,g"`
LOGDIR=/data/srv/logs/$srv
AUTHDIR=/data/srv/current/auth/$srv
STATEDIR=/data/srv/state/$srv
CFGDIR=/data/srv/current/config/$srv
CFGFILE=$CFGDIR/config.py
# some MS services uses different config naming convention, therefore we'll
# adjust CFGFILE assingment
for c in monitor output ruleCleaner transferor unmerged; do
if [ -f $CFGDIR/config-${c}.py ]; then
CFGFILE=$CFGDIR/config-${c}.py
fi
done

# necessary env settings for all WM services
export PYTHONPATH=$PYTHONPATH:/etc/secrets:/data/srv/current/config/$srv
export X509_USER_KEY=$AUTHDIR/dmwm-service-key.pem
export X509_USER_CERT=$AUTHDIR/dmwm-service-cert.pem
export REQMGR_CACHE_DIR=$STATEDIR
export WMCORE_CACHE_DIR=$STATEDIR

# by default Rucio relies on /opt/rucio/etc/config.cfg
# if necessary we may setup RUCIO_HOME which should provide this location
# but in k8s we mount rucio config.cfg under /opt/rucio/etc area

usage()
{
cat $0 | grep "^##H" | sed -e "s,##H,,g"
}

start_srv()
{
wmc-httpd -r -d $STATEDIR -l "$LOGDIR/$srv-`hostname -s`.log" $CFGFILE
}

stop_srv()
{
local pid=`ps auxwww | egrep "wmc-httpd" | grep -v grep | awk 'BEGIN{ORS=" "} {print $2}'`
echo "Stop $srv service... ${pid}"
if [ -n "${pid}" ]; then
kill -9 ${pid}
fi
}

status_srv()
{
local pid=`ps auxwww | egrep "wmc-httpd" | grep -v grep | awk 'BEGIN{ORS=" "} {print $2}'`
if [ -z "${pid}" ]; then
echo "$srv service is not running"
return
fi
if [ ! -z "${pid}" ]; then
echo $echo_e "$srv service is ${COLOR_OK}RUNNING${COLOR_NORMAL}, PID=${pid}"
ps -f -wwww -p ${pid}
else
echo $echo_e "$srv service is ${COLOR_WARN}NOT RUNNING${COLOR_NORMAL}"
fi
}

# Main routine, perform action requested on command line.
case ${1:-status} in
start | restart )
stop_srv
start_srv
;;

status )
status_srv
;;

stop )
stop_srv
;;

help )
usage
;;

* )
echo "$0: unknown action '$1', please try '$0 help' or documentation." 1>&2
exit 1
;;
esac
26 changes: 26 additions & 0 deletions docker/pypi/alma-base/monitor.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
#!/bin/bash

echo -e "\nTrying to start process_exporter..."
# start process exporter
configs="config config-monitor config-output config-transferor config-ruleCleaner config-unmerged"
for p in $configs; do
if [ -f /etc/secrets/${p}.py ]; then
echo " Using configuration file: /etc/secrets/${p}.py"
pat="wmc-httpd.*$p"
pid=`ps axjfwww | grep "$pat" | grep -v grep | grep -v process_monitor | grep -v " 1 " | awk '{print $1}'`
if [ -n "$pid" ]; then
app=`grep ^main.application /etc/secrets/${p}.py | grep -v application_dir | sed -e 's,#.*,,g' | awk '{split($0,a,"="); print a[2]}' | sed -e "s, ,,g" -e 's,",,g' -e "s,-,_,g"`
echo " Using PID: $pid and app name: '$app'"
if [ -n "$app" ]; then
prefix=${app}
port=`grep main.port /etc/secrets/${p}.py | sed -e 's,#.*,,g' | awk '{split($0,a,"="); print a[2]}' | sed -e "s, ,,g"`
address=":1${port}"
echo " Starting process_exporter with prefix ${prefix} on ${address}"
nohup process_exporter -pid $pid -prefix $prefix -address "$address" 2>&1 1>& ${prefix}.log < /dev/null &
#cpyAddr=`echo ${address} | sed "s,8,9,g"`
#echo "Start cpy_exporter on ${cpyAddr}"
#nohup cpy_exporter -address "$address" 2>&1 1>& cpy_${prefix}.log < /dev/null &
fi
fi
fi
done
86 changes: 86 additions & 0 deletions docker/pypi/alma-base/run.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,86 @@
#!/bin/bash
# script to start ReqMgr2

srv=`echo $USER | sed -e "s,_,,g"`
STATEDIR=/data/srv/state/$srv
LOGDIR=/data/srv/logs/$srv
AUTHDIR=/data/srv/current/auth/$srv
CONFIGDIR=/data/srv/current/config/$srv
CONFIGFILE=${CONFIGFILE:-config.py}
CFGFILE=/etc/secrets/$CONFIGFILE

### permission update to workaround issues with mounting logs volume
sudo chown -R $USER.$USER /data

mkdir -p $LOGDIR
mkdir -p $STATEDIR
mkdir -p $AUTHDIR
mkdir -p $CONFIGDIR
mkdir -p $AUTHDIR/../wmcore-auth

# environment variables required to run some of the WMCore services
export REQMGR_CACHE_DIR=$STATEDIR
export WMCORE_CACHE_DIR=$STATEDIR

# overwrite host PEM files in /data/srv area by the robot certificate
# Note that the proxy file is not required and used
if [ -f /etc/robots/robotkey.pem ]; then
sudo cp /etc/robots/robotkey.pem $AUTHDIR/dmwm-service-key.pem
sudo cp /etc/robots/robotcert.pem $AUTHDIR/dmwm-service-cert.pem
sudo chown $USER.$USER $AUTHDIR/dmwm-service-key.pem
sudo chown $USER.$USER $AUTHDIR/dmwm-service-cert.pem
sudo chmod 0400 $AUTHDIR/dmwm-service-key.pem
fi

if [ -e $AUTHDIR/dmwm-service-cert.pem ] && [ -e $AUTHDIR/dmwm-service-key.pem ]; then
export X509_USER_CERT=$AUTHDIR/dmwm-service-cert.pem
export X509_USER_KEY=$AUTHDIR/dmwm-service-key.pem
fi

# overwrite header-auth key file with one from secrets
if [ -f /etc/hmac/hmac ]; then
sudo cp /etc/hmac/hmac $AUTHDIR/../wmcore-auth/header-auth-key
sudo chown $USER.$USER $AUTHDIR/../wmcore-auth/header-auth-key
sudo chmod 0600 $AUTHDIR/../wmcore-auth/header-auth-key
fi

# use service configuration files from /etc/secrets if they are present
files=`ls /etc/secrets`
for fname in $files; do
if [ -f /etc/secrets/$fname ]; then
if [ -f $CONFIGDIR/$fname ]; then
rm $CONFIGDIR/$fname
fi
sudo cp /etc/secrets/$fname $CONFIGDIR/$fname
sudo chown $USER.$USER $CONFIGDIR/$fname
if [ "$fname" == "$CONFIGFILE" ]; then
CFGFILE=$CONFIGDIR/$CONFIGFILE
fi
fi
done
files=`ls /etc/secrets`
for fname in $files; do
if [ ! -f $CONFIGDIR/$fname ]; then
sudo cp /etc/secrets/$fname $AUTHDIR/$fname
sudo chown $USER.$USER $AUTHDIR/$fname
fi
done

export PYTHONPATH=$PYTHONPATH:/etc/secrets:$AUTHDIR/$fname

# backward compatible changes for RPM based deployment location of aux files
if [ -d /usr/local/data ] && [ "$USER" == "_reqmgr2" ]; then
sudo mkdir -p /data/srv/current/apps/reqmgr2
sudo ln -s /usr/local/data /data/srv/current/apps/reqmgr2
fi

# start the service
wmc-httpd -r -d $STATEDIR -l "$LOGDIR/$srv-`hostname -s`.log" $CFGFILE

# start monitor.sh script
if [ -f /data/monitor.sh ]; then
/data/monitor.sh
fi

# hack to keep the container running
tail -f /etc/hosts
34 changes: 21 additions & 13 deletions docker/pypi/reqmgr2ms-unmerged/Dockerfile
Original file line number Diff line number Diff line change
@@ -1,23 +1,31 @@
FROM registry.cern.ch/cmsweb/gfal:latest as gfal
FROM registry.cern.ch/cmsweb/dmwm-base:pypi-20230525
MAINTAINER Valentin Kuznetsov vkuznet@gmail.com
COPY --from=gfal /data/miniconda /data/miniconda
FROM registry.cern.ch/cmsweb/pypi/alma-base:alma9-20240305
MAINTAINER Alan Malta alan.malta@cern.ch

# Specific MSUnmerged requirements from epel repository
RUN dnf install epel-release -y && dnf clean all && \
dnf -y install python3-gfal2-util gfal2-plugin-http gfal2-plugin-dcap gfal2-plugin-file \
gfal2-plugin-srm gfal2-plugin-xrootd gfal2-plugin-gridftp gfal2-plugin-sftp && \
dnf clean all

# Specific run.sh for MSUnmerged
ENV WDIR=/data
ENV PATH $PATH:$WDIR/miniconda/bin
ENV PYTHONPATH $WDIR/miniconda/lib/python3.8/site-packages/
# TAG to be passed at build time through `--build-arg TAG=<PYPI_TAG>`. Default: None
ARG TAG=None
WORKDIR $WDIR
ADD run.sh $WDIR/run.sh
# since we install gfal via external image we'll skip it for installation
# of reqmgr2ms-unmerged, but to satisfy dependencies we'll install them first

# TAG to be passed at build time through `--build-arg TAG=<PYPI_TAG>`. Default: None
ARG TAG=None
# We already installed gfal2 via dnf, so first install only non-gfal2 service dependencies
# FIXME: it is probably best to remove it from the requirements.txt file
RUN curl -ksLO https://raw.githubusercontent.com/dmwm/WMCore/$TAG/requirements.txt
RUN cat requirements.txt | grep -v gfal2 > req.txt
RUN cat requirements.txt | grep dbs3-client > req.txt
RUN cat requirements.txt | grep reqmgr2ms-unmerged | grep -v gfal2 >> req.txt
RUN pip install -r req.txt
RUN pip install --no-deps reqmgr2ms-unmerged==$TAG dbs3-client
# and now install MSUnmerged itself, without any dependencies
RUN pip install --no-deps reqmgr2ms-unmerged==$TAG

# and now setup run.sh and manage scripts accordingly
RUN sed -i -e "s,-config.py,-config-unmerged.py,g" /data/run.sh
RUN sed -i -e "s,config.py,config-unmerged.py,g" /data/manage
ENV WDIR=/data
ENV USER=_reqmgr2ms
RUN useradd ${USER} && install -o ${USER} -d ${WDIR}
RUN echo "%$USER ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers
Expand Down
26 changes: 26 additions & 0 deletions docker/pypi/reqmgr2ms-unmerged/Dockerfile.deb
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
FROM registry.cern.ch/cmsweb/gfal:latest as gfal
FROM registry.cern.ch/cmsweb/dmwm-base:pypi-20230525
MAINTAINER Valentin Kuznetsov vkuznet@gmail.com
COPY --from=gfal /data/miniconda /data/miniconda
ENV WDIR=/data
ENV PATH $PATH:$WDIR/miniconda/bin
ENV PYTHONPATH $WDIR/miniconda/lib/python3.8/site-packages/
# TAG to be passed at build time through `--build-arg TAG=<PYPI_TAG>`. Default: None
ARG TAG=None
WORKDIR $WDIR
ADD run.sh $WDIR/run.sh
# since we install gfal via external image we'll skip it for installation
# of reqmgr2ms-unmerged, but to satisfy dependencies we'll install them first
RUN curl -ksLO https://raw.githubusercontent.com/dmwm/WMCore/$TAG/requirements.txt
RUN cat requirements.txt | grep -v gfal2 > req.txt
RUN pip install -r req.txt
RUN pip install --no-deps reqmgr2ms-unmerged==$TAG dbs3-client
RUN sed -i -e "s,-config.py,-config-unmerged.py,g" /data/run.sh
RUN sed -i -e "s,config.py,config-unmerged.py,g" /data/manage
ENV WDIR=/data
ENV USER=_reqmgr2ms
RUN useradd ${USER} && install -o ${USER} -d ${WDIR}
RUN echo "%$USER ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers
USER ${USER}
RUN sudo chown -R $USER.$USER $WDIR
CMD ["python3"]
2 changes: 1 addition & 1 deletion docker/pypi/reqmgr2ms-unmerged/run.sh
Original file line number Diff line number Diff line change
Expand Up @@ -142,7 +142,7 @@ fi
[[ -n $rseExpr ]] && sed -i -e "s/^[[:blank:]]*RSEEXPR.*/RSEEXPR = \"${rseExpr}\"/g" $CFGFILE

# start the service
wmc-httpd -r -d $STATEDIR -l "|rotatelogs $LOGDIR/$srv-%Y%m%d-`hostname -s`.log 86400" $CFGFILE
wmc-httpd -r -d $STATEDIR -l "$LOGDIR/$srv-`hostname -s`.log" $CFGFILE

# start monitor.sh script
if [ -f /data/monitor.sh ]; then
Expand Down
Loading