-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathxcache.singularity.def
175 lines (143 loc) · 5.88 KB
/
xcache.singularity.def
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
#
# Author: Wei Yang (SLAC National Accelerator Laboratory / Stanford University, 2017)
#
Bootstrap: yum
OSVersion: 7
MirrorURL: http://mirror.centos.org/centos-%{OSVERSION}/%{OSVERSION}/os/$basearch/
Include: yum
%labels
Maintainer Wei.Yang
Version Xcache-4.7.1,rucioN2N-1.0
Purpose Xcache-for-RUCIO
%setup
mkdir -p $SINGULARITY_ROOTFS/etc/grid-security/certificates
mkdir -p $SINGULARITY_ROOTFS/etc/grid-security/vomsdir
# $GRIDSECURITY is a directory on container local build host
# GRIDSECURITY=/etc/grid-security
GRIDSECURITY="/cvmfs/oasis.opensciencegrid.org/mis/osg-wn-client/current/el7-x86_64/etc/grid-security"
if [ -d $GRIDSECURITY ]; then
cd $GRIDSECURITY
tar chf - certificates vomsdir | (cd $SINGULARITY_ROOTFS/etc/grid-security; tar xf -)
fi
%post
yum install -y curl gperftools hostname
curl -s -o /etc/yum.repos.d/xrootd-stable-slc7.repo http://www.xrootd.org/binaries/xrootd-stable-slc7.repo
curl -s -o /etc/pki/rpm-gpg/RPM-GPG-KEY-wlcg http://linuxsoft.cern.ch/wlcg/RPM-GPG-KEY-wlcg
curl -s -o /etc/yum.repos.d/wlcg-centos7.repo http://linuxsoft.cern.ch/wlcg/wlcg-centos7.repo
yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
yum install -y xrootd-server xrootd-client xrootd libmacaroons
yum install -y xrootd-rucioN2N-for-Xcache
yum install -y vomsxrd
mkdir -p /data
echo "g /atlas / rl" > /etc/xrootd/auth_db
mkdir -p /etc/grid-security/xrd
touch /etc/grid-security/xrd/xrdcert.pem
touch /etc/grid-security/xrd/xrdkey.pem
touch /etc/xrootd/xcache.cfg /var/run/x509up
cat > /etc/xrootd/xcache.cfg.template <<EOF
# "redirector" should be full qualified DNS name (e.g. hostname -f)
set redirector = XCACHE_RDR
all.manager \$(redirector):1213
all.adminpath /data/xrd/var/spool/xrootd
all.pidpath /data/xrd/var/run/xrootd
oss.localroot /data/xrd/namespace
all.export /atlas/rucio stage r/o
all.export /root:/ stage r/o
all.export /xroot:/ stage r/o
if \$(redirector)
all.role manager
cms.delay startup 10
else if exec cmsd
all.role server
oss.statlib XrdName2NameDCP4RUCIO.so
else
oss.space meta /data/xrd/xrdcinfos
oss.space data /data/xrd/datafiles
all.role server
oss.path /atlas/rucio r/w
oss.path /root:/ r/w
oss.path /xroot:/ r/w
ofs.osslib libXrdPss.so
pss.cachelib libXrdFileCache.so
pss.config streams 128
pss.origin localfile:1094
pss.namelib -lfncache -lfn2pfn XrdName2NameDCP4RUCIO.so
pss.ccmlib XrdName2NameDCP4RUCIO.so
pfc.ram XCACHE_RAMSIZE
pfc.diskusage XCACHE_SPACE_LO_MARK XCACHE_SPACE_HI_MARK
pfc.spaces data meta
pfc.blocksize 1M
pfc.prefetch 0
pfc.trace info
# Uncomment the following and bind mount to /etc/xrootd/xcache.cfg to request GSI security from client
#xrootd.seclib libXrdSec.so
#sec.protparm gsi -vomsfun:/usr/lib64/libXrdSecgsiVOMS.so -vomsfunparms:certfmt=pem|vos=atlas|grps=/atlas
#sec.protocol gsi -ca:1 -crl:3
#acc.authdb /etc/xrootd/auth_db
#acc.authrefresh 60
#ofs.authorize
fi
EOF
%runscript
# X509_USER_PROXY, X509_CERT_DIR, X509_VOMS_DIR do not have to be defined/provided
# if x509 user proxy is provided in a non-standard location (/tmp/x509up_u$(id -u)),
# then the proxy should be bind mounted: -B ${X509_USER_PROXY}:/var/run/x509up
unset X509_USER_PROXY
[ -s /var/run/x509up ] && export X509_USER_PROXY=/var/run/x509up
# if X509_CERT_DIR is not defined, or is inaccessible in the container, then we use
# the default location. Same for X509_VOMS_DIR.
# One can also bind mount:
# -B ${X509_CERT_DIR}:/etc/grid-security/certificates
# -B ${X509_VOMS_DIR}:/etc/grid-security/vomsdir
[ ! -z "$X509_CERT_DIR" ] && [ ! -d "$X509_CERT_DIR" ] && export X509_CERT_DIR=/etc/grid-security/certificates
[ ! -z "$X509_VOMS_DIR" ] && [ ! -d "$X509_VOMS_DIR" ] && export X509_VOMS_DIR=/etc/grid-security/vomsdir
mkdir -p /data/xrd/namespace /data/xrd/xrdcinfos /data/xrd/datafiles
mkdir -p /data/xrd/var/log /data/xrd/var/spool /data/xrd/var/run
runcmsd=0
if [ -z "$XCACHE_RDR" ]; then
XCACHE_RDR="www.google.com" # XCACHE_RDR must be defined
else
runcmsd=1
fi
if [ -z "$XCACHE_PFCRAM" ]; then
XCACHE_PFCRAM=$(free | tail -2 | head -1 | awk '{printf("%d", $NF/1024/1024/2)}')
[ $XCACHE_PFCRAM -lt 1 ] && XCACHE_PFCRAM=1
[ $XCACHE_PFCRAM -gt 64 ] && XCACHE_PFCRAM=64
XCACHE_PFCRAM=${XCACHE_PFCRAM}g
fi
[ -z "$XCACHE_SPACE_LO_MARK" ] && XCACHE_SPACE_LO_MARK="0.75"
[ -z "$XCACHE_SPACE_HI_MARK" ] && XCACHE_SPACE_HI_MARK="0.85"
if [ -s /etc/xrootd/xcache.cfg ]; then
xcache_cfg=/etc/xrootd/xcache.cfg
else
xcache_cfg=/tmp/xcache.cfg
cat > $xcache_cfg <<EOF
# Xcache config file - this file is automatically generated
# Modification of this file will be lost.
#
# To make a persistant change, modify and save to another file and then
# bind mount the new config file to /etc/xrootd/xcache.cfg
# Info about the system:
EOF
free | sed -e 's/^/\#\ /g' >> $xcache_cfg
echo "" >> $xcache_cfg
df -k /data | sed -e 's/^/\#\ /g' >> $xcache_cfg
echo "" >> $xcache_cfg
cat /etc/xrootd/xcache.cfg.template | sed -e "s/XCACHE_SPACE_LO_MARK/$XCACHE_SPACE_LO_MARK/g" | \
sed -e "s/XCACHE_SPACE_HI_MARK/$XCACHE_SPACE_HI_MARK/g" | \
sed -e "s/XCACHE_RAMSIZE/$XCACHE_PFCRAM/g" | \
sed -e "s/XCACHE_RDR/$XCACHE_RDR/g" >> $xcache_cfg
fi
#echo $X509_USER_PROXY $X509_CERT_DIR $X509_VOMS_DIR
export LD_PRELOAD=/usr/lib64/libtcmalloc.so
export TCMALLOC_RELEASE_RATE=10
export XRD_METALINKPROCESSING=1
export XRD_LOCALMETALINKFILE=1
export XRD_STREAMERRORWINDOW=0
export XRD_CONNECTIONWINDOW=10
export XRD_CONNECTIONRETRY=2
ulimit -c unlimited
export DAEMON_COREFILE_LIMIT=unlimited
cd /data/xrd/var/spool/xrootd
/usr/bin/xrootd -b -c $xcache_cfg -l /data/xrd/var/log/xrootd.log -k 7
[ "$runcmsd" -eq 1 ] && /usr/bin/cmsd -b -c $xcache_cfg -l /data/xrd/var/log/cmsd.log -k 7