-
Notifications
You must be signed in to change notification settings - Fork 0
/
user_data_ci.txt
237 lines (225 loc) · 9.25 KB
/
user_data_ci.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
#cloud-config
# Install additional packages on first boot. Packages
# needed for ROOT, EUDET and EUTelesecope
#
# Default: none
#
# if packages are specified, this apt_update will be set to true
#
# packages may be supplied as a single package name or as a list
# with the format [<package>, <version>] wherein the specifc
# package version will be installed.
packages:
- ElectricFence
- libXpm
- libXft
- libicu
- mesa-libGLU
- mesa-libGL
- libXmu
- git
- cmake3
- cern-config-users
- rng-tools
- yum-utils
- device-mapper-persistent-data
- lvm2
- screen
# run commands
#
# runcmd contains a list of either lists or a string
# each item will be executed in order at rc.local like level with
# output to the console
# - runcmd only runs during the first boot
# Trying to fix the lack of dependencies of th EOS packages
## Doesn't work
## runcmd:
## - locmap --enable eosclient
## - locmap --configure eosclient
# final_message
# default: cloud-init boot finished at $TIMESTAMP. Up $UPTIME seconds
# this message is written by cloud-final when the system is finished
# its first boot
final_message: "The system is finally up, after $UPTIME seconds"
# --- Create some files: DESY cvmfs software
# Public key for the desy CVMFS. Just in case does not able to access
# to the server
# And other static files for CVMFS (desy)
# And the /root/.k5login file to assure the root access for the maintainer
# Create the needed messag
# Plus an addendum to /etc/profile in order to prepare the session
write_files:
- path: "/etc/cvmfs/keys/desy.de.pub"
content: |
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3pgrEIimdCPWG9cuhQ0d
ZWfYxvHRz5hL4HvQlmvikLIlHxs2EApnGyAWdaHAeQ4IiY+JXQnGsS8e5Gr2cZRb
Y6Ya19GrjMY1wv8fc+uU9kXp7TbHpl3mSQxERG4+wqosN3+IUaPHdnWGP11idOQB
I0HsJ7PTRk9quFjx1ppkVITZN07+OdGBIzLK6SyDjy49IfL6DVZUH/Oc99IiXg6E
NDN2UecnnjDEmcvQh2UjGSQ+0NHe36ttQKEnK58GvcSj2reUEaVKLRvPcrzT9o7c
ugxcbkBGB3VfqSgfun8urekGEHx+vTNwu8rufBkAbQYdYCPBD3AGqSg+Kgi7i/gX
cwIDAQAB
-----END PUBLIC KEY-----
owner: "root:root"
permissions: '0644'
- path: "/etc/cvmfs/default.local"
content: |
CVMFS_QUOTA_LIMIT='32140'
CVMFS_HTTP_PROXY='http://ca-proxy.cern.ch:3128'
CVMFS_CACHE_BASE='/var/lib/cvmfs'
CVMFS_FORCE_SIGNING='yes'
CVMFS_REPOSITORIES='ilc.desy.de,geant4.cern.ch'
CVMFS_SEND_INFO_HEADER=no
owner: "root:root"
permissions: '0644'
- path: "/etc/cvmfs/domain.d/desy.de.conf"
content: |
CVMFS_SERVER_URL='http://grid-cvmfs-one.desy.de:8000/cvmfs/@fqrn@;http://cvmfs-stratum-one.cern.ch:8000/cvmfs/@fqrn@;http://cvmfs-egi.gridpp.rl.ac.uk:8000/cvmfs/@fqrn@'
CVMFS_KEYS_DIR=/etc/cvmfs/keys
owner: "root:root"
permissions: '0644'
- path: "/root/post-install.sh"
content: |
# Adding the users in the docker group
# And forcing to use /bin/bash shells
for _USER in `grep "/afs/cern.ch/user/" /etc/passwd|cut -d: -f1`;
do
usermod -aG docker ${_USER};
usermod -aG analyser ${_USER};
usermod --shell /bin/bash ${_USER}
done
owner: "root:root"
permissions: "0700"
- path: "/root/.k5login"
content: |
owner: "root:root"
permissions: "0600"
- path: "/root/.forward"
content: |
owner: "root:root"
permissions: "0600"
- path: "/tmp/profile_addendum"
content: |
# CREATED from user-data
# -----------------------
# Not allowing to enter with ticket delegation, to avoid problems
# with the docker-analysis container
if [[ "X"$KRB5CCNAME != "X" ]];
then
echo "********************************************************"
echo "Kerberos ticket delegation not allowed!"
echo "Connect to this machine using: "
echo "$ ssh -oGSSAPIDelegateCredentials=no ${HOSTNAME}"
echo ""
echo "EXITING..."
echo "********************************************************"
exit
fi
# Check if there is a KERBEROS ticket present
klist -s
if [[ $? -ne 0 ]];
then
echo -e "[\033[1;33mCONFIG\033[1;m] Not kerberos ticket present (to activate your AFS area)"
echo -e "[\033[1;32mCONFIG\033[1;m] Creating ticket"
echo "kinit ${USER}@CERN.CH"
kinit ${USER}@CERN.CH
echo -e "[\033[1;32mCONFIG\033[1;m] AFS area activated"
# Be sure to activate the eos as well
ITER="0"
EOSON="1"
while [ $EOSON -ne 0 ] && [ $ITER -lt 4 ]
do
ls /eos/user/${USER:0:1}/${USER}/ &> /dev/null
EOSON=`echo $?`
ITER=$[$ITER+1]
done
if [ $EOSON -ne 0 ];
then
echo -e "[\033[1;31mCONFIG\033[1;m] PROBLEMS activating EOS. Try to exit and re-connect"
else
echo -e "[\033[1;32mCONFIG\033[1;m] EOS area activated"
fi
fi
# Associate to the current credentials EOS
eosfusebind -g
# Export some needed variables
export ID
export GROUP=${GROUPS[0]}
# The alias to run the analysis container
alias docker-analysis="cd /sw/repos/dockerfiles-eutelescope && docker-compose run --rm analysis"
# -- The analysis directory
if [[ $EUID -ne 0 ]];
then
export POOL_DATA=/eos/cms/store/group/dpg_tracker_upgrade/BeamTestTelescope
export TB2017CERN=${POOL_DATA}/20170518-CERN_SPS-H6A
export TB2017DESY11=${POOL_DATA}/20171030-DESY-TB21
export TB2017DESY12=${POOL_DATA}/20171213-DESY-TB21
export TB2018CERN06=${POOL_DATA}/20180613-CERN_SPS-H6B
export TB2018CERN07=${POOL_DATA}/20180724-CERN_SPS-H6B
export TB2018CERN08=${POOL_DATA}/20180829-CERN_SPS-H2
export TB2018CERN1003=${POOL_DATA}/20181003-CERN_SPS-H6B
export TB2018CERN1024=${POOL_DATA}/20181024-CERN_SPS-H6B
export TB2019DESY10=${POOL_DATA}/20191028-DESY-TB21
export DOCKERPATH=/sw/repos/dockerfiles-eutelescope
cd $HOME
echo
echo '=============================================================='
echo 'TEST-BEAM EUDET analysis server'
echo '=============================================================='
echo 'HOST: '$HOSTNAME
echo 'USER: '$USER
echo 'CURRENT DIRECTORY: '$PWD
echo 'HOME: '$HOME
echo '++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++'
echo '* Docker directory: DOCKERPATH [' $(echo ${DOCKERPATH})']'
echo '* Test beam data folder: POOL_DATA ['${POOL_DATA}']'
echo ' Environment variables to access Test Beam data:'
echo ' | SPS CERN June 2017: TB2017CERN'
echo ' | DESY Nov. 2017 TB2017DESY11'
echo ' | DESY Dec. 2017 TB2017DESY12'
echo ' | SPS CERN June 2018: TB2018CERN06'
echo ' | SPS CERN July 2018: TB2018CERN07'
echo ' | SPS CERN Aug-Sept 2018: TB2018CERN08'
echo ' | SPS CERN Oct03 2018: TB2018CERN1003'
echo ' | SPS CERN Oct24 2018: TB2018CERN1024'
echo ' | DESY Oct. 28 2019: TB2019DESY10'
echo '* Marlin framework reconstruction: Test beam data with'
echo ' track reconstruction. Efficiencies and charge maps'
echo '* Starting the Docker analysis container:'
echo -e ' \033[1;32m $ docker-analysis\033[1;m'
echo '=============================================================='
fi
owner: "root:root"
permissions: "0644"
- path: "/bin/add_analysis_service"
content: |
#!/usr/bin/env python
# Modify the docker-compose in order to include the analysis
# service, assuming is in the VM
import sys
import yaml
# WARNING!! No error control, assuming the input file
# exists
compose_file = sys.argv[1]
with open(compose_file) as f:
cl = yaml.load(f)
# Create the analysis service
cl['services']['analysis'] = {'depends_on': ["eutelescope"], \
'image': 'duartej/eutelescope:latest', 'user': '${ID}:${GROUP}', \
'volumes': ['/var/run/eosd:/var/run/eosd', \
'/tmp/krb5cc_${ID}:/tmp/krb5cc_${ID}', '/afs:/afs', \
{'read_only': True, 'source': '/eos', 'type': 'bind', 'target': '/eos'}, \
{'read_only': True, 'source': '/sw/repos/sps-tb-201806-eutel-cfg', \
'type': 'bind', 'target': '/home/eudaquser/sps-tb-201806-eutel-cfg'}, \
{'read_only': True, 'source': '/sw/repos/tele-scope', \
'type': 'bind', 'target': '/eudaq/tele-scope'}, \
'/etc/passwd:/etc/passwd'], \
'environment' : ['KRB5CCNAME=/tmp/krb5cc_${ID}','AFSUSER=${USER}'] \
}
# The compose file modified
with open(compose_file,"w") as f:
yaml.dump(cl,f,default_flow_style=False)
owner: "root:root"
permissions: "0755"