├── README.md ├── manifests ├── client.yaml ├── fts.yaml ├── ftsdb.yaml ├── init-pod.yaml ├── values-daemons.yaml ├── values-postgres.yaml ├── values-server.yaml └── xrd.yaml ├── scripts ├── deploy-rucio.sh ├── setup-minikube.sh └── use-rucio.sh └── secrets ├── README.md ├── hostcert_fts.key.pem ├── hostcert_fts.pem ├── hostcert_rucio.certkey.pem ├── hostcert_rucio.key.pem ├── hostcert_rucio.pem ├── hostcert_xrd1.key.pem ├── hostcert_xrd1.pem ├── hostcert_xrd2.key.pem ├── hostcert_xrd2.pem ├── hostcert_xrd3.key.pem ├── hostcert_xrd3.pem ├── kustomization.yaml ├── rucio_ca.pem ├── ruciouser.key.pem └── ruciouser.pem /README.md: -------------------------------------------------------------------------------- 1 | # Rucio Kubernetes Tutorial 2 | 3 | ## Preliminaries 4 | 5 | * Clone this repo to your local machine 6 | 7 | ```sh 8 | git clone https://github.com/rucio/k8s-tutorial/ 9 | ``` 10 | 11 | * Install `kubectl`: https://kubernetes.io/docs/tasks/tools/install-kubectl/ 12 | * Install `helm`: https://helm.sh/docs/intro/install/ 13 | * (Optional) Install `minikube` if you do not have a pre-existing Kubernetes cluster: https://kubernetes.io/docs/tasks/tools/install-minikube/ 14 | 15 | _NOTE: All following commands should be run from the top-level directory of this repository._ 16 | 17 | ## Set up a Kubernetes cluster 18 | 19 | You can skip this step if you have already set up a Kubernetes cluster. 20 | 21 | * Run the `minikube` setup script: 22 | 23 | ```sh 24 | ./scripts/setup-minikube.sh 25 | ``` 26 | 27 | ## Deploy Rucio, FTS and storage 28 | 29 | You can perform either an [automatic deployment](#automatic-deployment) or a [manual deployment](#manual-deployment), as documented below. 30 | 31 | ### Automatic deployment 32 | 33 | * Run the Rucio deployment script: 34 | 35 | ```sh 36 | ./scripts/deploy-rucio.sh 37 | ``` 38 | 39 | ### Manual deployment 40 | 41 | #### Add repositories to Helm 42 | 43 | ```sh 44 | helm repo add stable https://charts.helm.sh/stable 45 | helm repo add bitnami https://charts.bitnami.com/bitnami 46 | helm repo add rucio https://rucio.github.io/helm-charts 47 | ``` 48 | 49 | #### Apply secrets 50 | 51 | ```sh 52 | kubectl apply -k ./secrets 53 | ``` 54 | 55 | #### (Optional) Delete existing Postgres volume claim 56 | 57 | If you have done this step in a previous tutorial deployment on this cluster, the existing Postgres PersistentVolumeClaim must be deleted. 58 | 59 | 1. Verify if the PVC exists via: 60 | 61 | ```sh 62 | kubectl get pvc data-postgres-postgresql-0 63 | ``` 64 | 65 | If the PVC exists, the command will return the following message: 66 | 67 | ``` 68 | NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS VOLUMEATTRIBUTESCLASS AGE 69 | data-postgres-postgresql-0 Bound ... 8Gi RWO standard 4s 70 | ``` 71 | 72 | If the PVC does not exist, the command will return this message: 73 | 74 | ``` 75 | Error from server (NotFound): persistentvolumeclaims "data-postgres-postgresql-0" not found 76 | ``` 77 | 78 | You can skip to the next section if the PVC does not exist. 79 | 80 | 2. If the PVC exists, patch it to allow deletion: 81 | 82 | ```sh 83 | kubectl patch pvc data-postgres-postgresql-0 -p '{"metadata":{"finalizers":null}}' 84 | ``` 85 | 86 | 3. Delete the PVC: 87 | 88 | ```sh 89 | kubectl delete pvc data-postgres-postgresql-0 90 | ``` 91 | 92 | 4. You might also need to uninstall `postgres` if it is installed: 93 | 94 | ```sh 95 | helm uninstall postgres 96 | ``` 97 | 98 | #### Install Postgres 99 | 100 | ```sh 101 | helm install postgres bitnami/postgresql -f manifests/values-postgres.yaml 102 | ``` 103 | 104 | #### Verify that Postgres is running 105 | 106 | ```sh 107 | kubectl get pod postgres-postgresql-0 108 | ``` 109 | 110 | Once the Postgres setup is complete, you should see `STATUS: Running`. 111 | 112 | #### Start init container pod 113 | 114 | * Once Postgres is running, start the init container pod to set up the Rucio database: 115 | 116 | ```sh 117 | kubectl apply -f manifests/init-pod.yaml 118 | ``` 119 | 120 | * This command will take some time to complete. You can follow the relevant logs via: 121 | 122 | ```sh 123 | kubectl logs -f init 124 | ``` 125 | 126 | #### Verify that the init container pod setup is complete 127 | 128 | ```sh 129 | kubectl get pod init 130 | ``` 131 | 132 | Once the init container pod setup is complete, you should see `STATUS: Completed`. 133 | 134 | 135 | #### Deploy the Rucio server 136 | 137 | ```sh 138 | helm install server rucio/rucio-server -f manifests/values-server.yaml 139 | ``` 140 | 141 | * You can check the deployment status via: 142 | 143 | ```sh 144 | kubectl rollout status deployment server-rucio-server 145 | ``` 146 | 147 | #### Start the XRootD (XRD) storage container pods 148 | 149 | * This command will deploy three XRD storage container pods. 150 | 151 | ```sh 152 | kubectl apply -f manifests/xrd.yaml 153 | ``` 154 | 155 | #### Deploy the FTS database (MySQL) 156 | 157 | ```sh 158 | kubectl apply -f manifests/ftsdb.yaml 159 | ``` 160 | 161 | * You can check the deployment status via: 162 | 163 | ``` 164 | kubectl rollout status deployment fts-mysql 165 | ``` 166 | 167 | #### Deploy the FTS server 168 | 169 | * Once the FTS database deployment is complete, Install the FTS server: 170 | 171 | ```sh 172 | kubectl apply -f manifests/fts.yaml 173 | ``` 174 | 175 | * You can check the deployment status via: 176 | 177 | ```sh 178 | kubectl rollout status deployment fts-server 179 | ``` 180 | 181 | #### Deploy the Rucio daemons 182 | 183 | ```sh 184 | helm install daemons rucio/rucio-daemons -f manifests/values-daemons.yaml 185 | ``` 186 | 187 | This command might take a few minutes. 188 | 189 | #### Troubleshooting 190 | * If at any point `helm` fails to install, before re-installing, remove the previous failed installation: 191 | 192 | ```sh 193 | helm list # list all helm installations 194 | helm delete $installation 195 | ``` 196 | 197 | * You might also get errors that a `job` also exists. You can easily remove this: 198 | 199 | ```sh 200 | kubectl get jobs # get all jobs 201 | kubectl delete jobs/$jobname 202 | ``` 203 | 204 | ## Use Rucio 205 | 206 | Once the setup is complete, you can use Rucio by interacting with it via a client. 207 | 208 | You can either [run the provided script](#client-usage-showcase-script) to showcase the usage of Rucio, 209 | or you can manually run the Rucio commands described in the [Manual client usage](#manual-client-usage) section. 210 | 211 | ### Client usage showcase script 212 | 213 | * Run the Rucio usage script: 214 | 215 | ```sh 216 | ./scripts/use-rucio.sh 217 | ``` 218 | 219 | ### Manual client usage 220 | 221 | #### Start client container pod for interactive use 222 | 223 | ```sh 224 | kubectl apply -f manifests/client.yaml 225 | ``` 226 | 227 | * You can verify that the client container is running via: 228 | 229 | ```sh 230 | kubectl get pod client 231 | ``` 232 | 233 | Once the client container pod setup is complete, you should see `STATUS: Running`. 234 | 235 | #### Enter interactive shell in the client container 236 | 237 | ```sh 238 | kubectl exec -it client -- /bin/bash 239 | ``` 240 | 241 | #### Create the Rucio Storage Elements (RSEs) 242 | 243 | ```sh 244 | rucio rse add XRD1 245 | rucio rse add XRD2 246 | rucio rse add XRD3 247 | ``` 248 | 249 | #### Add the protocol definitions for the storage servers 250 | 251 | ```sh 252 | rucio rse protocol add --host xrd1 XRD1 --scheme root --prefix //rucio --port 1094 --impl rucio.rse.protocols.gfal.Default --domain-json '{"wan": {"read": 1, "write": 1, "delete": 1, "third_party_copy_read": 1, "third_party_copy_write": 1}, "lan": {"read": 1, "write": 1, "delete": 1}}' 253 | rucio rse protocol add --host xrd2 XRD2 --scheme root --prefix //rucio --port 1094 --impl rucio.rse.protocols.gfal.Default --domain-json '{"wan": {"read": 1, "write": 1, "delete": 1, "third_party_copy_read": 1, "third_party_copy_write": 1}, "lan": {"read": 1, "write": 1, "delete": 1}}' 254 | rucio rse protocol add --host xrd3 XRD3 --scheme root --prefix //rucio --port 1094 --impl rucio.rse.protocols.gfal.Default --domain-json '{"wan": {"read": 1, "write": 1, "delete": 1, "third_party_copy_read": 1, "third_party_copy_write": 1}, "lan": {"read": 1, "write": 1, "delete": 1}}' 255 | ``` 256 | 257 | #### Enable FTS 258 | 259 | ```sh 260 | rucio rse attribute add XRD1 --key fts --value https://fts:8446 261 | rucio rse attribute add XRD2 --key fts --value https://fts:8446 262 | rucio rse attribute add XRD3 --key fts --value https://fts:8446 263 | ``` 264 | 265 | Note that `8446` is the port exposed by the `fts-server` pod. You can view the ports opened by a pod by `kubectl describe pod PODNAME`. 266 | 267 | #### Fake a full mesh network 268 | 269 | ```sh 270 | rucio rse distance add XRD1 XRD2 --distance 1 271 | rucio rse distance add XRD1 XRD3 --distance 1 272 | rucio rse distance add XRD2 XRD1 --distance 1 273 | rucio rse distance add XRD2 XRD3 --distance 1 274 | rucio rse distance add XRD3 XRD1 --distance 1 275 | rucio rse distance add XRD3 XRD2 --distance 1 276 | ``` 277 | 278 | #### Indefinite storage quota for root 279 | 280 | ```sh 281 | rucio account limit add root --rse XRD1 --bytes infinity 282 | rucio account limit add root --rse XRD2 --bytes infinity 283 | rucio account limit add root --rse XRD3 --bytes infinity 284 | ``` 285 | 286 | #### Create a default scope for testing 287 | 288 | ```sh 289 | rucio scope add --account root test 290 | ``` 291 | 292 | #### Create initial transfer testing data 293 | 294 | ```sh 295 | dd if=/dev/urandom of=file1 bs=10M count=1 296 | dd if=/dev/urandom of=file2 bs=10M count=1 297 | dd if=/dev/urandom of=file3 bs=10M count=1 298 | dd if=/dev/urandom of=file4 bs=10M count=1 299 | ``` 300 | 301 | #### Upload the files 302 | 303 | ```sh 304 | rucio upload --rse XRD1 --scope test file1 file2 305 | rucio upload --rse XRD2 --scope test file3 file4 306 | ``` 307 | 308 | #### Create a few datasets and containers 309 | 310 | ```sh 311 | rucio did add --type dataset test:dataset1 312 | rucio did content add -to test:dataset1 test:file1 test:file2 313 | 314 | rucio did add --type dataset test:dataset2 315 | rucio did content add -to test:dataset2 test:file3 test:file4 316 | 317 | rucio did add --type container test:container 318 | rucio did content add -to test:container test:dataset1 test:dataset2 319 | 320 | rucio did add --type dataset test:dataset3 321 | rucio did content add -to test:dataset3 test:file4 322 | ``` 323 | 324 | #### Create a rule 325 | 326 | ```sh 327 | rucio rule add test:container --rses XRD3 --copies 1 328 | ``` 329 | 330 | This command will output a rule ID, which can also be obtained via: 331 | 332 | ```sh 333 | rucio rule list --did test:container 334 | ``` 335 | 336 | #### Check rule info 337 | * You can check the information of the rule that has been created: 338 | 339 | ```sh 340 | rucio rule show 341 | ``` 342 | 343 | As the daemons run with long sleep cycles (e.g. 30 seconds, 60 seconds) by default, this could take a while. You can monitor the output of the daemon containers to see what they are doing. 344 | 345 | ## Some helpful commands 346 | 347 | * Activate `kubectl` completion: 348 | 349 | Bash: 350 | 351 | ```bash 352 | source <(kubectl completion bash) 353 | ``` 354 | 355 | Zsh: 356 | 357 | ```zsh 358 | source <(kubectl completion zsh) 359 | ``` 360 | 361 | * View all containers: 362 | 363 | ```sh 364 | kubectl get pods 365 | kubectl get pods --all-namespaces 366 | ``` 367 | 368 | * View logfiles of a pod: 369 | 370 | ```sh 371 | kubectl logs 372 | ``` 373 | 374 | * Tail logfiles of a pod: 375 | 376 | ```sh 377 | kubectl logs -f 378 | ``` 379 | 380 | * Update helm repositories: 381 | 382 | ```sh 383 | helm repo update 384 | ``` 385 | 386 | * Shut down minikube: 387 | 388 | ```sh 389 | minikube stop 390 | ``` 391 | 392 | * Command references: 393 | 1. `kubectl` : [https://kubernetes.io/docs/reference/kubectl/cheatsheet/](https://kubernetes.io/docs/reference/kubectl/cheatsheet/) 394 | 2. `helm` : [https://helm.sh/docs/helm/](https://helm.sh/docs/helm/) 395 | 3. `minikube` : [https://cheatsheet.dennyzhang.com/cheatsheet-minikube-a4](https://cheatsheet.dennyzhang.com/cheatsheet-minikube-a4) 396 | -------------------------------------------------------------------------------- /manifests/client.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Pod 4 | metadata: 5 | name: client 6 | labels: 7 | app: client 8 | spec: 9 | containers: 10 | - name: client 11 | image: rucio/rucio-clients:latest 12 | volumeMounts: 13 | - name: user-cert 14 | mountPath: /tmp/usercert.pem 15 | subPath: tls.cert 16 | - name: user-cert 17 | mountPath: /tmp/userkey.pem 18 | subPath: tls.key 19 | - name: ca-cert 20 | mountPath: /etc/grid-security/certificates/5fca1cb1.0 21 | subPath: tls.cert 22 | command: ["/bin/bash"] 23 | args: ["-c", "mkdir -p /opt/rucio/etc; cp /tmp/usercert.pem /opt/rucio/etc/usercert.pem; cp /tmp/userkey.pem /opt/rucio/etc/userkey.pem; chmod 400 /opt/rucio/etc/userkey.pem; echo ready; while true; do sleep 60; done"] 24 | env: 25 | - name: RUCIO_CFG_CLIENT_RUCIO_HOST 26 | value: http://server-rucio-server 27 | - name: RUCIO_CFG_CLIENT_AUTH_HOST 28 | value: http://server-rucio-server 29 | - name: RUCIO_CFG_CLIENT_AUTH_TYPE 30 | value: userpass 31 | - name: RUCIO_CFG_CLIENT_USERNAME 32 | value: tutorial 33 | - name: RUCIO_CFG_CLIENT_PASSWORD 34 | value: secret1R 35 | - name: RUCIO_CFG_CLIENT_ACCOUNT 36 | value: root 37 | - name: RUCIO_CFG_CLIENT_CERT 38 | value: /opt/rucio/etc/usercert.pem 39 | - name: RUCIO_CFG_CLIENT_CA_CERT 40 | value: /etc/grid-security/certificates/5fca1cb1.0 41 | - name: RUCIO_CFG_CLIENT_KEY 42 | value: /opt/rucio/etc/userkey.pem 43 | - name: RUCIO_CFG_CLIENT_X509_PROXY 44 | value: $X509_USER_PROXY 45 | - name: X509_USER_CERT 46 | value: /opt/rucio/etc/usercert.pem 47 | - name: X509_USER_KEY 48 | value: /opt/rucio/etc/userkey.pem 49 | volumes: 50 | - name: user-cert 51 | secret: 52 | secretName: ruciouser-cert 53 | - name: ca-cert 54 | secret: 55 | secretName: ca-cert 56 | defaultMode: 0644 57 | 58 | 59 | -------------------------------------------------------------------------------- /manifests/fts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: fts-server 6 | labels: 7 | app: fts 8 | spec: 9 | selector: 10 | matchLabels: 11 | app: fts 12 | tier: server 13 | strategy: 14 | type: Recreate 15 | template: 16 | metadata: 17 | labels: 18 | app: fts 19 | tier: server 20 | spec: 21 | containers: 22 | - name: fts-server 23 | image: rucio/test-fts 24 | ports: 25 | - name: ftsapi 26 | containerPort: 8446 27 | protocol: TCP 28 | - name: ftsmon 29 | containerPort: 8449 30 | protocol: TCP 31 | resources: 32 | requests: 33 | memory: "128Mi" 34 | cpu: "250m" 35 | limits: 36 | memory: "256Mi" 37 | cpu: "500m" 38 | volumeMounts: 39 | - name: fts-cert 40 | mountPath: /etc/grid-security/hostcert.pem 41 | subPath: tls.cert 42 | - name: fts-cert 43 | mountPath: /etc/grid-security/hostkey.pem 44 | subPath: tls.key 45 | - name: ca-cert 46 | mountPath: /etc/grid-security/certificates/5fca1cb1.0 47 | subPath: tls.cert 48 | volumes: 49 | - name: fts-cert 50 | secret: 51 | secretName: hostcert-fts 52 | defaultMode: 0600 53 | - name: ca-cert 54 | secret: 55 | secretName: ca-cert 56 | defaultMode: 0644 57 | --- 58 | apiVersion: v1 59 | kind: Service 60 | metadata: 61 | name: fts 62 | labels: 63 | app: fts 64 | spec: 65 | ports: 66 | - port: 8446 67 | targetPort: 8446 68 | protocol: TCP 69 | name: ftsapi 70 | - port: 8449 71 | targetPort: 8449 72 | protocol: TCP 73 | name: ftsmon 74 | selector: 75 | app: fts 76 | tier: server 77 | -------------------------------------------------------------------------------- /manifests/ftsdb.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: fts-mysql 6 | labels: 7 | app: fts 8 | spec: 9 | selector: 10 | matchLabels: 11 | app: fts 12 | tier: mysql 13 | strategy: 14 | type: Recreate 15 | template: 16 | metadata: 17 | labels: 18 | app: fts 19 | tier: mysql 20 | spec: 21 | containers: 22 | - name: fts-mysql 23 | image: mysql:5 24 | env: 25 | - name: MYSQL_USER 26 | value: fts 27 | - name: MYSQL_PASSWORD 28 | value: fts 29 | - name: MYSQL_ROOT_PASSWORD 30 | value: fts 31 | - name: MYSQL_DATABASE 32 | value: fts 33 | ports: 34 | - name: mysql 35 | containerPort: 3306 36 | resources: 37 | requests: 38 | memory: "512Mi" 39 | cpu: "250m" 40 | limits: 41 | memory: "1024Mi" 42 | cpu: "500m" 43 | --- 44 | apiVersion: v1 45 | kind: Service 46 | metadata: 47 | name: ftsdb 48 | labels: 49 | app: ftsdb 50 | spec: 51 | ports: 52 | - port: 3306 53 | targetPort: 3306 54 | protocol: TCP 55 | name: mysql 56 | selector: 57 | app: fts 58 | tier: mysql 59 | -------------------------------------------------------------------------------- /manifests/init-pod.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: init 5 | labels: 6 | app: rucio 7 | spec: 8 | restartPolicy: Never 9 | containers: 10 | - name: init 11 | image: rucio/rucio-init:latest 12 | imagePullPolicy: Always 13 | env: 14 | - name: RUCIO_CFG_DATABASE_DEFAULT 15 | value: postgresql+psycopg://rucio:secret@postgres-postgresql/rucio 16 | - name: RUCIO_CFG_DATABASE_SCHEMA 17 | value: test 18 | - name: RUCIO_CFG_BOOTSTRAP_USERPASS_IDENTITY 19 | value: tutorial 20 | - name: RUCIO_CFG_BOOTSTRAP_USERPASS_PWD 21 | value: secret1R 22 | - name: RUCIO_PRINT_CFG 23 | value: "true" 24 | -------------------------------------------------------------------------------- /manifests/values-daemons.yaml: -------------------------------------------------------------------------------- 1 | abacusAccountCount: 1 2 | abacusRseCount: 1 3 | conveyorTransferSubmitterCount: 1 4 | conveyorPollerCount: 1 5 | conveyorFinisherCount: 1 6 | hermesCount: 0 7 | judgeCleanerCount: 1 8 | judgeEvaluatorCount: 1 9 | judgeInjectorCount: 1 10 | judgeRepairerCount: 1 11 | undertakerCount: 1 12 | reaperCount: 1 13 | 14 | abacusAccount: 15 | threads: 1 16 | resources: 17 | requests: 18 | memory: "64Mi" 19 | cpu: "25m" 20 | limits: 21 | memory: "256Mi" 22 | cpu: "50m" 23 | 24 | abacusRse: 25 | threads: 1 26 | resources: 27 | requests: 28 | memory: "64Mi" 29 | cpu: "25m" 30 | limits: 31 | memory: "256Mi" 32 | cpu: "50m" 33 | 34 | reaper: 35 | greedy: 1 36 | threads: 1 37 | sleepTime: 60 38 | resources: 39 | requests: 40 | memory: "64Mi" 41 | cpu: "50m" 42 | limits: 43 | memory: "256Mi" 44 | cpu: "100m" 45 | extraSecretMounts: 46 | - secretFullName: x509up 47 | mountPath: /opt/proxy/x509up 48 | subPath: x509up 49 | additionalEnvs: 50 | - name: X509_USER_PROXY 51 | value: /opt/proxy/x509up 52 | 53 | undertaker: 54 | threads: 1 55 | resources: 56 | requests: 57 | memory: "64Mi" 58 | cpu: "25m" 59 | limits: 60 | memory: "256Mi" 61 | cpu: "50m" 62 | 63 | conveyorTransferSubmitter: 64 | threads: 1 65 | sleepTime: 10 66 | activities: "'Express' 'Functional Test' 'User Subscriptions'" 67 | resources: 68 | requests: 69 | memory: "64Mi" 70 | cpu: "50m" 71 | limits: 72 | memory: "256Mi" 73 | cpu: "200m" 74 | extraSecretMounts: 75 | - secretFullName: x509up 76 | mountPath: /opt/proxy/x509up 77 | subPath: x509up 78 | config: 79 | conveyor: 80 | usercert: "/opt/proxy/x509up" 81 | 82 | conveyorPoller: 83 | threads: 1 84 | sleepTime: 10 85 | olderThan: 0 86 | resources: 87 | requests: 88 | memory: "64Mi" 89 | cpu: "50m" 90 | limits: 91 | memory: "256Mi" 92 | cpu: "200m" 93 | extraSecretMounts: 94 | - secretFullName: x509up 95 | mountPath: /opt/proxy/x509up 96 | subPath: x509up 97 | config: 98 | conveyor: 99 | usercert: "/opt/proxy/x509up" 100 | 101 | conveyorFinisher: 102 | threads: 1 103 | sleepTime: 10 104 | resources: 105 | requests: 106 | memory: "64Mi" 107 | cpu: "50m" 108 | limits: 109 | memory: "256Mi" 110 | cpu: "200m" 111 | 112 | judgeCleaner: 113 | threads: 1 114 | resources: 115 | requests: 116 | memory: "64Mi" 117 | cpu: "50m" 118 | limits: 119 | memory: "256Mi" 120 | cpu: "200m" 121 | 122 | judgeEvaluator: 123 | threads: 1 124 | resources: 125 | requests: 126 | memory: "64Mi" 127 | cpu: "50m" 128 | limits: 129 | memory: "256Mi" 130 | cpu: "200m" 131 | 132 | 133 | judgeRepairer: 134 | threads: 1 135 | resources: 136 | requests: 137 | memory: "64Mi" 138 | cpu: "50m" 139 | limits: 140 | memory: "256Mi" 141 | cpu: "200m" 142 | 143 | 144 | judgeInjector: 145 | threads: 1 146 | resources: 147 | requests: 148 | memory: "64Mi" 149 | cpu: "50m" 150 | limits: 151 | memory: "256Mi" 152 | cpu: "200m" 153 | 154 | image: 155 | tag: latest 156 | pullPolicy: Always 157 | 158 | useDeprecatedImplicitSecrets: false 159 | 160 | secretMounts: 161 | - volumeName: grid-security-ca 162 | secretFullName: ca-cert 163 | mountPath: /etc/grid-security/certificates/5fca1cb1.0 164 | subPath: tls.cert 165 | 166 | ftsRenewal: 167 | enabled: 1 168 | image: 169 | repository: rucio/fts-cron 170 | tag: latest-java 171 | pullPolicy: Always 172 | script: "tutorial" 173 | vos: 174 | - vo: "tutorial" 175 | voms: "tutorial" 176 | servers: "https://fts:8446" 177 | additionalEnvs: 178 | - name: "FETCH_CRL" 179 | value: "False" 180 | - name: "RUCIO_PROXY_SECRETS" 181 | value: "x509up" 182 | secretMounts: 183 | # The "tutorial" script expects certificates in a very specific, non-configurable, location: 184 | # https://github.com/rucio/containers/blob/master/fts-cron/renew_fts_proxy_tutorial.sh.j2 185 | - volumeName: rucio-cert 186 | secretFullName: hostcert-rucio 187 | mountPath: /opt/rucio/certs/usercert.pem 188 | subPath: tls.cert 189 | - volumeName: rucio-key 190 | secretFullName: hostcert-rucio 191 | mountPath: /opt/rucio/keys/userkey.pem 192 | subPath: tls.key 193 | defaultMode: 0600 194 | - volumeName: grid-security-ca 195 | secretFullName: ca-cert 196 | mountPath: /etc/grid-security/certificates/rucio_ca.pem 197 | subPath: tls.cert 198 | 199 | config: 200 | database: 201 | default: postgresql+psycopg://rucio:secret@postgres-postgresql/rucio 202 | schema: test 203 | 204 | messaging_hermes: 205 | username: "hermes" 206 | password: "supersecret" 207 | nonssl_port: "61613" 208 | use_ssl: "False" 209 | destination: "/queue/events" 210 | brokers: "activemq" 211 | 212 | conveyor: 213 | scheme: "gsiftp,root,https,davs" 214 | transfertool: "fts3" 215 | ftshosts: "https://fts:8446" 216 | cacert: "/etc/grid-security/certificates/5fca1cb1.0" 217 | 218 | policy: 219 | permission: "generic" 220 | schema: "generic" 221 | lfn2pfn_algorithm_default: "hash" 222 | 223 | monitor: 224 | user_scope: "tutorial" 225 | -------------------------------------------------------------------------------- /manifests/values-postgres.yaml: -------------------------------------------------------------------------------- 1 | image: 2 | registry: docker.io 3 | repository: bitnami/postgresql 4 | tag: latest 5 | 6 | persistence: 7 | enabled: false 8 | 9 | auth: 10 | username: rucio 11 | password: secret 12 | database: rucio 13 | -------------------------------------------------------------------------------- /manifests/values-server.yaml: -------------------------------------------------------------------------------- 1 | replicaCount: 1 2 | 3 | image: 4 | repository: rucio/rucio-server 5 | tag: latest 6 | 7 | config: 8 | database: 9 | default: "postgresql+psycopg://rucio:secret@postgres-postgresql/rucio" 10 | schema: "test" 11 | 12 | ingress: 13 | enabled: true 14 | path: / 15 | hosts: 16 | - rucio-server.info 17 | -------------------------------------------------------------------------------- /manifests/xrd.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Pod 4 | metadata: 5 | name: xrd1 6 | labels: 7 | app: xrd1 8 | spec: 9 | containers: 10 | - name: xrd1 11 | image: rucio/test-xrootd 12 | env: 13 | - name: XRDPORT 14 | value: "1094" 15 | ports: 16 | - name: xrd1 17 | containerPort: 1094 18 | protocol: TCP 19 | volumeMounts: 20 | - name: hostcert 21 | mountPath: /tmp/xrdcert.pem 22 | subPath: tls.cert 23 | - name: hostcert 24 | mountPath: /tmp/xrdkey.pem 25 | subPath: tls.key 26 | - name: ca-cert 27 | mountPath: /etc/grid-security/certificates/5fca1cb1.0 28 | subPath: tls.cert 29 | volumes: 30 | - name: hostcert 31 | secret: 32 | secretName: hostcert-xrd1 33 | - name: ca-cert 34 | secret: 35 | secretName: ca-cert 36 | --- 37 | apiVersion: v1 38 | kind: Service 39 | metadata: 40 | name: xrd1 41 | labels: 42 | app: xrd1 43 | spec: 44 | ports: 45 | - port: 1094 46 | targetPort: 1094 47 | protocol: TCP 48 | name: xrd1 49 | 50 | selector: 51 | app: xrd1 52 | 53 | --- 54 | apiVersion: v1 55 | kind: Pod 56 | metadata: 57 | name: xrd2 58 | labels: 59 | app: xrd2 60 | spec: 61 | containers: 62 | - name: xrd2 63 | image: rucio/test-xrootd 64 | env: 65 | - name: XRDPORT 66 | value: "1094" 67 | ports: 68 | - name: xrd2 69 | containerPort: 1094 70 | protocol: TCP 71 | volumeMounts: 72 | - name: hostcert 73 | mountPath: /tmp/xrdcert.pem 74 | subPath: tls.cert 75 | - name: hostcert 76 | mountPath: /tmp/xrdkey.pem 77 | subPath: tls.key 78 | - name: ca-cert 79 | mountPath: /etc/grid-security/certificates/5fca1cb1.0 80 | subPath: tls.cert 81 | volumes: 82 | - name: hostcert 83 | secret: 84 | secretName: hostcert-xrd2 85 | - name: ca-cert 86 | secret: 87 | secretName: ca-cert 88 | --- 89 | apiVersion: v1 90 | kind: Service 91 | metadata: 92 | name: xrd2 93 | labels: 94 | app: xrd2 95 | spec: 96 | ports: 97 | - port: 1094 98 | targetPort: 1094 99 | protocol: TCP 100 | name: xrd2 101 | 102 | selector: 103 | app: xrd2 104 | 105 | --- 106 | apiVersion: v1 107 | kind: Pod 108 | metadata: 109 | name: xrd3 110 | labels: 111 | app: xrd3 112 | spec: 113 | containers: 114 | - name: xrd3 115 | image: rucio/test-xrootd 116 | env: 117 | - name: XRDPORT 118 | value: "1094" 119 | ports: 120 | - name: xrd3 121 | containerPort: 1094 122 | protocol: TCP 123 | volumeMounts: 124 | - name: hostcert 125 | mountPath: /tmp/xrdcert.pem 126 | subPath: tls.cert 127 | - name: hostcert 128 | mountPath: /tmp/xrdkey.pem 129 | subPath: tls.key 130 | - name: ca-cert 131 | mountPath: /etc/grid-security/certificates/5fca1cb1.0 132 | subPath: tls.cert 133 | volumes: 134 | - name: hostcert 135 | secret: 136 | secretName: hostcert-xrd3 137 | - name: ca-cert 138 | secret: 139 | secretName: ca-cert 140 | --- 141 | apiVersion: v1 142 | kind: Service 143 | metadata: 144 | name: xrd3 145 | labels: 146 | app: xrd3 147 | spec: 148 | ports: 149 | - port: 1094 150 | targetPort: 1094 151 | protocol: TCP 152 | name: xrd3 153 | 154 | selector: 155 | app: xrd3 156 | 157 | --- 158 | -------------------------------------------------------------------------------- /scripts/deploy-rucio.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -e 3 | 4 | cd "$(dirname "$0")" 5 | 6 | 7 | echo "# --------------------------------------" 8 | echo "# Check installed packages" 9 | echo "# --------------------------------------" 10 | KUBECTL_SUCCESS="The kubectl package is installed." 11 | KUBECTL_ERROR="The kubectl package is not installed. Please follow this guide https://kubernetes.io/docs/tasks/tools/install-kubectl/" 12 | type kubectl &>/dev/null && echo "${KUBECTL_SUCCESS}" || echo "${KUBECTL_ERROR}" 13 | 14 | HELM_SUCCESS="The helm package is installed." 15 | HELM_ERROR="The helm package is not installed. Please follow this guide https://helm.sh/docs/intro/install/" 16 | type helm &>/dev/null && echo "${HELM_SUCCESS}" || echo "${HELM_ERROR}" 17 | 18 | echo "┌─────────────────────────────────────┐" 19 | echo "⟾ Check default namespace for kubectl │" 20 | echo "└─────────────────────────────────────┘" 21 | WILL_STOP_PODS="n" 22 | KUBECTL_PODS="The default namespace is running elements in kubectl." 23 | if [[ "$(kubectl get all -o custom-columns=NAME:metadata.name --no-headers | wc -l)" -gt 1 ]]; then 24 | echo "${KUBECTL_PODS}" 25 | kubectl get all 26 | read -rp "Do you want to stop all of these pods, services, etc? (y/N): " WILL_STOP_PODS 27 | fi 28 | WILL_STOP_PODS=$(echo "${WILL_STOP_PODS}" | tr '[:upper:]' '[:lower:]') 29 | if [[ "${WILL_STOP_PODS}" == "y" ]]; then 30 | while true; do 31 | echo "" 32 | echo "⤑ Stopping all pods; this might take a few minutes..." 33 | helm uninstall daemons --debug 2>/dev/null || true 34 | helm uninstall server --debug 2>/dev/null || true 35 | helm uninstall postgres --debug 2>/dev/null || true 36 | kubectl delete job daemons-renew-fts-proxy-on-helm-install 2>/dev/null || true 37 | kubectl delete pvc data-postgres-postgresql-0 2>/dev/null || true 38 | kubectl delete -f ../manifests/fts.yaml --all=true --recursive=true 39 | kubectl delete -f ../manifests/ftsdb.yaml --all=true --recursive=true 40 | kubectl delete -f ../manifests/xrd.yaml --all=true --recursive=true 41 | kubectl delete -f ../manifests/client.yaml --all=true --recursive=true 42 | kubectl delete -f ../manifests/init-pod.yaml --all=true --recursive=true 43 | kubectl delete -k ../secrets 44 | kubectl get all 45 | if [[ "$(kubectl get all -o custom-columns=NAME:metadata.name --no-headers | wc -l)" -le 1 ]]; then 46 | break 47 | fi 48 | sleep 4 49 | done 50 | echo "" 51 | echo "Pods stopped." 52 | fi 53 | 54 | echo "" 55 | echo "# --------------------------------------" 56 | echo "# Start Rucio deployment" 57 | echo "# --------------------------------------" 58 | 59 | echo "┌──────────────────────────┐" 60 | echo "⟾ Add repositories to helm │" 61 | echo "└──────────────────────────┘" 62 | helm repo add stable https://charts.helm.sh/stable 63 | helm repo add bitnami https://charts.bitnami.com/bitnami 64 | helm repo add rucio https://rucio.github.io/helm-charts 65 | helm repo update 66 | 67 | echo "┌──────────────────────┐" 68 | echo "⟾ Apply secrets │" 69 | echo "└──────────────────────┘" 70 | kubectl apply -k ../secrets 71 | 72 | echo "┌────────────────────────┐" 73 | echo "⟾ Helm: Install Postgres │" 74 | echo "└────────────────────────┘" 75 | KUBECTL_HAS_PVC="An existing Postgres PersistentVolumeClaim was found. Deleting..." 76 | kubectl get pvc data-postgres-postgresql-0 &>/dev/null || false && { 77 | echo "${KUBECTL_HAS_PVC}" 78 | kubectl delete pvc data-postgres-postgresql-0 79 | } 80 | helm delete postgres 2>/dev/null || true 81 | helm install postgres bitnami/postgresql -f ../manifests/values-postgres.yaml 82 | 83 | echo "┌────────────────────────────────────────┐" 84 | echo "⟾ kubectl: Roll out Postgres StatefulSet │" 85 | echo "└────────────────────────────────────────┘" 86 | echo "⤑ Waiting until Postgres is set up; this might take a few minutes..." 87 | kubectl rollout status statefulset postgres-postgresql 88 | 89 | echo "┌───────────────────────────────────────────┐" 90 | echo "⟾ kubectl: Rucio - Start init container pod │" 91 | echo "└───────────────────────────────────────────┘" 92 | kubectl delete pod init 2>/dev/null || true 93 | kubectl apply -f ../manifests/init-pod.yaml 94 | echo "⤑ Waiting until the Rucio init container pod is set up; this might take a few minutes..." 95 | kubectl wait --timeout=120s --for=condition=Ready pod/init 96 | 97 | echo "┌──────────────────────────────────────────┐" 98 | echo "⟾ kubectl: Logs for Rucio - Init container │" 99 | echo "└──────────────────────────────────────────┘" 100 | kubectl logs init 101 | 102 | echo "┌────────────────────────────┐" 103 | echo "⟾ Helm: Install Rucio server │" 104 | echo "└────────────────────────────┘" 105 | helm delete server 2>/dev/null || true 106 | helm install server rucio/rucio-server -f ../manifests/values-server.yaml 107 | 108 | echo "┌────────────────────────────────────────┐" 109 | echo "⟾ Helm: Check deployment of Rucio server │" 110 | echo "└────────────────────────────────────────┘" 111 | kubectl rollout status deployment server-rucio-server 112 | 113 | echo "┌────────────────────────────────┐" 114 | echo "⟾ kubectl: Logs for Rucio server │" 115 | echo "└────────────────────────────────┘" 116 | kubectl logs deployment/server-rucio-server -c rucio-server 117 | 118 | echo "┌──────────────────────────────────────────────┐" 119 | echo "⟾ kubectl: Start XRootD storage container pods │" 120 | echo "└──────────────────────────────────────────────┘" 121 | kubectl apply -f ../manifests/xrd.yaml 122 | XRD_CONTAINERS=(xrd1 xrd2 xrd3) 123 | echo "XRD_CONTAINERS: ${XRD_CONTAINERS[*]}" 124 | for XRD_CONTAINER in "${XRD_CONTAINERS[@]}"; do 125 | kubectl --timeout=120s wait --for=condition=Ready pod/$XRD_CONTAINER 126 | done 127 | 128 | echo "┌───────────────────────────────────────┐" 129 | echo "⟾ kubectl: Install FTS database (MySQL) │" 130 | echo "└───────────────────────────────────────┘" 131 | kubectl apply -f ../manifests/ftsdb.yaml 132 | 133 | echo "┌───────────────────────────────────────────────────┐" 134 | echo "⟾ kubectl: Check deployment of FTS database (MySQL) │" 135 | echo "└───────────────────────────────────────────────────┘" 136 | kubectl rollout status deployment fts-mysql 137 | 138 | echo "┌────────────────────────────────────────┐" 139 | echo "⟾ kubectl: Logs for FTS database (MySQL) │" 140 | echo "└────────────────────────────────────────┘" 141 | kubectl logs deployment/fts-mysql 142 | 143 | echo "┌─────────────────────────────┐" 144 | echo "⟾ kubectl: Install FTS server │" 145 | echo "└─────────────────────────────┘" 146 | kubectl apply -f ../manifests/fts.yaml 147 | 148 | echo "┌─────────────────────────────────────────┐" 149 | echo "⟾ kubectl: Check deployment of FTS server │" 150 | echo "└─────────────────────────────────────────┘" 151 | kubectl rollout status deployment fts-server 152 | 153 | echo "┌───────────────────────┐" 154 | echo "⟾ kubectl: Logs for FTS │" 155 | echo "└───────────────────────┘" 156 | kubectl logs deployment/fts-server 157 | 158 | echo "┌───────────────────────┐" 159 | echo "⟾ helm: Install daemons │" 160 | echo "└───────────────────────┘" 161 | helm delete daemons 2>/dev/null || true 162 | echo "⤑ Waiting until the daemons are set up; this might take a few minutes..." 163 | helm install daemons rucio/rucio-daemons -f ../manifests/values-daemons.yaml 164 | 165 | echo "┌──────────────────────────────────────┐" 166 | echo "⟾ kubectl: Check deployment of daemons │" 167 | echo "└──────────────────────────────────────┘" 168 | for DAEMON in $(kubectl get deployment -l='app-group=rucio-daemons' -o name); do 169 | kubectl rollout status $DAEMON 170 | done 171 | 172 | echo"" 173 | echo"" 174 | echo"" 175 | echo "*** Rucio deployment complete. ***" 176 | -------------------------------------------------------------------------------- /scripts/setup-minikube.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -e 3 | 4 | cd "$(dirname "$0")" 5 | 6 | # Minikube 7 | MINIKUBE_ARGS=() 8 | 9 | # Set default MINIKUBE_MEMORY to 4000mb if it is not specified 10 | if [[ -z "${MINIKUBE_MEMORY}" ]]; then 11 | MINIKUBE_MEMORY="4000mb" 12 | fi 13 | MINIKUBE_ARGS+=("--memory=${MINIKUBE_MEMORY}") 14 | 15 | if [[ -n "${MINIKUBE_CPU}" ]]; then 16 | MINIKUBE_ARGS+=("--cpus=${MINIKUBE_CPU}") 17 | fi 18 | 19 | display_help() { 20 | echo >&2 "▄▄▄▄▄▄▄▄▄▄▄▄" 21 | echo >&2 "█ HELP █" 22 | echo >&2 "▀▀▀▀▀▀▀▀▀▀▀▀" 23 | echo >&2 "" 24 | echo >&2 "Usage ▶ $0" 25 | echo >&2 "" 26 | echo >&2 "Minikube" 27 | echo >&2 "════════" 28 | echo >&2 "Minikube accepts two parameters: the amount of memory and the number of CPUs." 29 | echo >&2 " Memory:" 30 | echo >&2 " - max" 31 | echo >&2 " - format: [], where unit = b, k, m or g, e.g., 4000mb" 32 | echo >&2 " CPUs:" 33 | echo >&2 " - max" 34 | echo >&2 " - 1, 2, 3, 4, 5, …, e.g., 8" 35 | echo >&2 "" 36 | echo >&2 " Usage" 37 | echo >&2 " ━━━━━" 38 | echo >&2 " These parameters can be set via the environment variables MINIKUBE_MEMORY and MINIKUBE_CPU." 39 | echo >&2 " Usage ▶ export MINIKUBE_MEMORY=5000mb MINIKUBE_CPU=3; $0" 40 | echo >&2 " Usage ▶ export MINIKUBE_CPU=max; $0" 41 | echo >&2 " Usage ▶ export MINIKUBE_MEMORY=max; $0" 42 | } 43 | 44 | case "$1" in 45 | -h | --help) 46 | display_help 47 | exit 0 48 | ;; 49 | --) # End of all options 50 | shift 51 | ;; 52 | -*) # Error 53 | echo "Error: Unknown option: $1" >&2 54 | echo "Help ▶ $0 --help" >&2 55 | exit 1 56 | ;; 57 | esac 58 | 59 | MINIKUBE_SUCCESS="The minikube package is installed." 60 | MINIKUBE_ERROR="The minikube package is not installed. Please install it here: https://kubernetes.io/docs/tasks/tools/install-minikube/" 61 | type minikube &>/dev/null && echo "${MINIKUBE_SUCCESS}" || echo "${MINIKUBE_ERROR}" 62 | 63 | echo "" 64 | echo "# --------------------------------------" 65 | echo "# Clean local environment" 66 | echo "# --------------------------------------" 67 | 68 | echo "┌──────────────────────────────────────────────┐" 69 | echo "⟾ Check local Kubernetes clusters for minikube │" 70 | echo "└──────────────────────────────────────────────┘" 71 | WILL_STOP_MINIKUBE="n" 72 | MINIKUBE_RUNNING_KUBERNETES="The minikube is running local Kubernetes clusters." 73 | minikube status | grep "Running" &>/dev/null && { 74 | echo "${MINIKUBE_RUNNING_KUBERNETES}" 75 | minikube status 76 | read -rp "Do you want to stop the local Kubernetes clusters? (y/N): " WILL_STOP_MINIKUBE 77 | } 78 | WILL_STOP_MINIKUBE=$(echo "${WILL_STOP_MINIKUBE}" | tr '[:upper:]' '[:lower:]') 79 | 80 | if [[ "${WILL_STOP_MINIKUBE}" == "y" ]]; then 81 | minikube stop 82 | fi 83 | 84 | WILL_DELETE_MINIKUBE="n" 85 | MINIKUBE_HAS_KUBERNETES="The minikube has local Kubernetes clusters." 86 | minikube status | grep "Stopped" &>/dev/null && { 87 | echo "${MINIKUBE_HAS_KUBERNETES}" 88 | minikube status || true 89 | read -rp "Do you want to delete the local Kubernetes clusters? (y/N): " WILL_DELETE_MINIKUBE 90 | } 91 | WILL_DELETE_MINIKUBE=$(echo "${WILL_DELETE_MINIKUBE}" | tr '[:upper:]' '[:lower:]') 92 | if [[ "${WILL_DELETE_MINIKUBE}" == "y" ]]; then 93 | minikube delete --all=true 94 | fi 95 | 96 | MINIKUBE_HAS_NOT_PROFILE="The minikube does not have a profile. It will create a new one." 97 | minikube status | grep "not found" &>/dev/null && { 98 | echo "${MINIKUBE_HAS_NOT_PROFILE}" 99 | minikube status || true 100 | minikube start "${MINIKUBE_ARGS[@]}" 101 | } 102 | 103 | echo "┌────────────────┐" 104 | echo "⟾ Start minikube │" 105 | echo "└────────────────┘" 106 | minikube status | grep "Stopped" &>/dev/null && { 107 | echo "${MINIKUBE_HAS_KUBERNETES}" 108 | minikube status || true 109 | minikube start "${MINIKUBE_ARGS[@]}" 110 | } 111 | 112 | echo"" 113 | echo"" 114 | echo"" 115 | echo "*** Minikube setup complete. ***" 116 | -------------------------------------------------------------------------------- /scripts/use-rucio.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -e 3 | 4 | cd "$(dirname "$0")" 5 | 6 | echo "┌─────────────────────────────────────────────────────────────────┐" 7 | echo "⟾ kubectl: Rucio - Start client container pod for interactive use │" 8 | echo "└─────────────────────────────────────────────────────────────────┘" 9 | kubectl apply -f ../manifests/client.yaml 10 | kubectl wait --timeout=120s --for=condition=Ready pod/client 11 | 12 | echo "┌─────────────────────────────────┐" 13 | echo "⟾ kubectl: Check client container │" 14 | echo "└─────────────────────────────────┘" 15 | kubectl exec client -it -- /etc/profile.d/rucio_init.sh 16 | kubectl exec client -it -- rucio whoami 17 | 18 | echo "┌────────────────┐" 19 | echo "⟾ Run Rucio init │" 20 | echo "└────────────────┘" 21 | kubectl exec client -it -- /etc/profile.d/rucio_init.sh 22 | 23 | echo "┌─────────────────┐" 24 | echo "⟾ Create the RSEs │" 25 | echo "└─────────────────┘" 26 | kubectl exec client -it -- rucio rse add --rse XRD1 27 | kubectl exec client -it -- rucio rse add --rse XRD2 28 | kubectl exec client -it -- rucio rse add --rse XRD3 29 | 30 | echo "┌──────────────────────────────────────────────────────┐" 31 | echo "⟾ Add the protocol definitions for the storage servers │" 32 | echo "└──────────────────────────────────────────────────────┘" 33 | kubectl exec client -it -- rucio rse protocol add --host xrd1 --rse XRD1 --scheme root --prefix //rucio --port 1094 --impl rucio.rse.protocols.gfal.Default --domain-json '{"wan": {"read": 1, "write": 1, "delete": 1, "third_party_copy_read": 1, "third_party_copy_write": 1}, "lan": {"read": 1, "write": 1, "delete": 1}}' 34 | kubectl exec client -it -- rucio rse protocol add --host xrd2 --rse XRD2 --scheme root --prefix //rucio --port 1094 --impl rucio.rse.protocols.gfal.Default --domain-json '{"wan": {"read": 1, "write": 1, "delete": 1, "third_party_copy_read": 1, "third_party_copy_write": 1}, "lan": {"read": 1, "write": 1, "delete": 1}}' 35 | kubectl exec client -it -- rucio rse protocol add --host xrd3 --rse XRD3 --scheme root --prefix //rucio --port 1094 --impl rucio.rse.protocols.gfal.Default --domain-json '{"wan": {"read": 1, "write": 1, "delete": 1, "third_party_copy_read": 1, "third_party_copy_write": 1}, "lan": {"read": 1, "write": 1, "delete": 1}}' 36 | 37 | echo "┌────────────┐" 38 | echo "⟾ Enable FTS │" 39 | echo "└────────────┘" 40 | kubectl exec client -it -- rucio rse attribute add --rse XRD1 --key fts --value https://fts:8446 41 | kubectl exec client -it -- rucio rse attribute add --rse XRD2 --key fts --value https://fts:8446 42 | kubectl exec client -it -- rucio rse attribute add --rse XRD3 --key fts --value https://fts:8446 43 | 44 | echo "┌──────────────────────────┐" 45 | echo "⟾ Fake a full mesh network │" 46 | echo "└──────────────────────────┘" 47 | kubectl exec client -it -- rucio rse distance add --source XRD1 --destination XRD2 --distance 1 48 | kubectl exec client -it -- rucio rse distance add --source XRD1 --destination XRD3 --distance 1 49 | kubectl exec client -it -- rucio rse distance add --source XRD2 --destination XRD1 --distance 1 50 | kubectl exec client -it -- rucio rse distance add --source XRD2 --destination XRD3 --distance 1 51 | kubectl exec client -it -- rucio rse distance add --source XRD3 --destination XRD1 --distance 1 52 | kubectl exec client -it -- rucio rse distance add --source XRD3 --destination XRD2 --distance 1 53 | 54 | echo "┌───────────────────────────────────┐" 55 | echo "⟾ Indefinite storage quota for root │" 56 | echo "└───────────────────────────────────┘" 57 | kubectl exec client -it -- rucio account limit add --account root --rses XRD1 --bytes infinity 58 | kubectl exec client -it -- rucio account limit add --account root --rses XRD2 --bytes infinity 59 | kubectl exec client -it -- rucio account limit add --account root --rses XRD3 --bytes infinity 60 | 61 | echo "┌────────────────────────────────────┐" 62 | echo "⟾ Create a default scope for testing │" 63 | echo "└────────────────────────────────────┘" 64 | kubectl exec client -it -- rucio scope add --account root --scope test 65 | 66 | echo "┌──────────────────────────────────────┐" 67 | echo "⟾ Create initial transfer testing data │" 68 | echo "└──────────────────────────────────────┘" 69 | kubectl exec client -it -- dd if=/dev/urandom of=file1 bs=10M count=1 70 | kubectl exec client -it -- dd if=/dev/urandom of=file2 bs=10M count=1 71 | kubectl exec client -it -- dd if=/dev/urandom of=file3 bs=10M count=1 72 | kubectl exec client -it -- dd if=/dev/urandom of=file4 bs=10M count=1 73 | 74 | echo "┌──────────────────┐" 75 | echo "⟾ Upload the files │" 76 | echo "└──────────────────┘" 77 | kubectl exec client -it -- rucio upload --rse XRD1 --scope test --files file1 file2 78 | kubectl exec client -it -- rucio upload --rse XRD2 --scope test --files file3 file4 79 | 80 | echo "┌──────────────────────────────────────┐" 81 | echo "⟾ Create a few datasets and containers │" 82 | echo "└──────────────────────────────────────┘" 83 | kubectl exec client -it -- rucio did add --type dataset --did test:dataset1 84 | kubectl exec client -it -- rucio did content add --to test:dataset1 --did test:file1 test:file2 85 | kubectl exec client -it -- rucio did add --type dataset --did test:dataset2 86 | kubectl exec client -it -- rucio did content add --to test:dataset2 --did test:file3 test:file4 87 | kubectl exec client -it -- rucio did add --type container --did test:container 88 | kubectl exec client -it -- rucio did content add --to test:container --did test:dataset1 test:dataset2 89 | kubectl exec client -it -- rucio did add --type dataset --did test:dataset3 90 | kubectl exec client -it -- rucio did content add --to test:dataset3 --did test:file4 91 | 92 | echo "┌─────────────────────────────────────────────┐" 93 | echo "⟾ Create a rule and remember returned rule ID │" 94 | echo "└─────────────────────────────────────────────┘" 95 | kubectl exec client -it -- rucio rule add --did test:container --rses XRD3 --copies 1 96 | 97 | echo "┌────────────────────────────────────────────────────┐" 98 | echo "⟾ Query the status of the rule until it is completed │" 99 | echo "└────────────────────────────────────────────────────┘" 100 | echo "⤑ It will wait for 90 seconds." 101 | sleep 90 102 | RULE_ID=$(kubectl exec client -it -- rucio rule list --did test:container | tail -n 1 | awk '{print $1}') 103 | echo "RULE_ID: ${RULE_ID}" 104 | kubectl exec client -it -- rucio rule show --rule-id "${RULE_ID}" 105 | 106 | echo"" 107 | echo"" 108 | echo"" 109 | echo "*** Rucio usage showcase complete. ***" 110 | -------------------------------------------------------------------------------- /secrets/README.md: -------------------------------------------------------------------------------- 1 | These certificates were generated in the main Rucio repository: 2 | 3 | https://github.com/rucio/rucio/tree/master/etc/certs -------------------------------------------------------------------------------- /secrets/hostcert_fts.key.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDfXhsl4jLg1C5H 3 | V6b9z8XjV+kT8uAxcguL0zk6ojjOXf4ymqYPNak59xKnKrpWQxUi4sIOpuDJSJfu 4 | TEZqe17N3zdIjBpozV9TMsJ45KoNlgsZPG5Ptws+4qQf2Fv5WEa+nNEYJdipWNSb 5 | DQYMjaKZBbnjgM1ZdXkMt4oZEUkJOcpt/cP/dYx08dpxDzmgqStAxYh3n/zvhW8+ 6 | 7bdx/U3XpV6mmURpYxMZuYmPrzWdBuOnHpZS+ncVrOthhWg91JjKNrWr303MdTPt 7 | noblVZMZWPneHkqR18dBV+4lTOiMvulMpexPz8roBdRUIDW2Uj/oS5pX3PYmajhM 8 | kY87oSa1AgMBAAECggEABFx1GWeseHfOwdgBW8N0A2pAE9fiOTeXEp895uTBHlm2 9 | 9hwktwzO6vcQP0EmELuavMridkCbXcq5Tq7gvBZVuvLLWfMEVqdV37e7aiVazaJF 10 | lrP3mmkCQvN6uArJ0Zk/47EHoxn6vDm5XZ/4ONlbbfNEQR/Owpr40VRUZwS6S+qy 11 | gfJu4YdKi7niobn+3kH4M0iLCplehk46dXARx2pyTEil0A58ysELT8Zj6mOzN8Mq 12 | eRxKTOPylvWng5w/+7w6/MiIBt5BD19QzhtobQS5Qp9s0viLHKlTke3aKhM8rGO7 13 | pOSxMTDUn+Gne3Cess5MkoXXmYKPimV6yPCMxhPAyQKBgQDiX77xsgZ0ZjI2Shil 14 | 5fGrYiAoIqtoARsF9LK1lXhtY82hD1RgWlBW99s7lx2umqUjrMcRBLm9xtu4gPlR 15 | NXPLjNi4tcmOTcN5K+LHAZ/2d6UYORy4xP2JH+Rjk0WKSPFwGhBY3G7UVlfAjj0S 16 | /OuXfqssBKiSWKu0a5ZF21Vh3QKBgQD8maLOG9mdIXwynArhoyzHhpobkHnZs7qz 17 | g6S/k3vH8s/EySRYCBqKfFL4mpkbv6Ij9IVJaq3dBXpTYoDeGblvn4dW7WSBMwcf 18 | MDGDwFWsxIKgQsAqPgBs7ZmaBfg2rTjrF73a9szinsMHKq7XR/syfkAgB3Kqqy3M 19 | ZuQ8h6dGuQKBgEQLCYb2vu/v4/njjcMX+etM5GOMAD+TzX6dzbW9BuTCkgVuaStJ 20 | Gkr512DzDE32V9sATRm1dOsxQcwUoFwjl/nADUiAA+SNRUs/wLuWpnFcBzjfud1k 21 | AN1dw7WWh9mIEWJjwzQilgGnLltHpd32Pg5cWbEyeUT7+CiUCihXRDPVAoGAEU9J 22 | 68vWxsDDrQgqarnu2KFtsBPfdb6uPZz4zjQCGHqYKEkMV4f+oZzRZr3ZXiBssQAR 23 | ni1USsAUWOB4KkAjB/YrpRZRe9UOWOHJkti8RkGVHfxVBNAI4W4Kx5Y/IygNrXaM 24 | CRQ+iA0PGk+feZsyKIykQk2gWveuBMLMQyWcnekCgYEAi/mXEHiPQ+pRDJW5DfEr 25 | hJB3pzxms2z6pD2qzW2gW/tXUVipXm0ZktsM61G8jPXHDzOgoD96flnjQ9nX4xMk 26 | 1MVSX6HJxopH7mrYxl7GsOVZVQ8y2iihdyDbkxhCUV9Ipo+FBxEWrqWcsjHnP8q8 27 | C24xUsxZRI6CR5XkA3vGYBw= 28 | -----END PRIVATE KEY----- 29 | -------------------------------------------------------------------------------- /secrets/hostcert_fts.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIDNzCCAh+gAwIBAgIUVXpZxftaUMwrwgk6wYR1cGl0l5IwDQYJKoZIhvcNAQEL 3 | BQAwHzEdMBsGA1UEAwwUUnVjaW8gRGV2ZWxvcG1lbnQgQ0EwHhcNMjMwNDA1MDgw 4 | NDQyWhcNNDcxMTI1MDgwNDQyWjAOMQwwCgYDVQQDDANmdHMwggEiMA0GCSqGSIb3 5 | DQEBAQUAA4IBDwAwggEKAoIBAQDfXhsl4jLg1C5HV6b9z8XjV+kT8uAxcguL0zk6 6 | ojjOXf4ymqYPNak59xKnKrpWQxUi4sIOpuDJSJfuTEZqe17N3zdIjBpozV9TMsJ4 7 | 5KoNlgsZPG5Ptws+4qQf2Fv5WEa+nNEYJdipWNSbDQYMjaKZBbnjgM1ZdXkMt4oZ 8 | EUkJOcpt/cP/dYx08dpxDzmgqStAxYh3n/zvhW8+7bdx/U3XpV6mmURpYxMZuYmP 9 | rzWdBuOnHpZS+ncVrOthhWg91JjKNrWr303MdTPtnoblVZMZWPneHkqR18dBV+4l 10 | TOiMvulMpexPz8roBdRUIDW2Uj/oS5pX3PYmajhMkY87oSa1AgMBAAGjfDB6MDgG 11 | A1UdEQQxMC+CA2Z0c4IJbG9jYWxob3N0gh1mdHMuZGVmYXVsdC5zdmMuY2x1c3Rl 12 | ci5sb2NhbDAdBgNVHQ4EFgQUwoFPgaMAkeUNws3mn9VWS0DRMXUwHwYDVR0jBBgw 13 | FoAUgKRAaTjggSQvPlnts3wljnT8rqkwDQYJKoZIhvcNAQELBQADggEBAF4iCf4f 14 | VTh53AVYTcPznjrz6BVYNU3qlE1zRHJnSV6MTl1M0qmDA0SkjpBHeO9jYdQ77c0A 15 | ZANNpT4rf/MCUp/UR/ayHEqVmgTbR0avCnmGaEe5MqcMWc38XWXtHk6yYpC5KOMY 16 | fYr+xdN7+KVshvIHthQ+BdnV36EIMgFCFp+cMAW00SMsEs3/YIEKiwiBqm9tbjfv 17 | madl2YKwCS1UnISxFROK8hCxd4zhHmJnBhWFJ7jQY6hQPHexd+tJ6KwQYiciwlsp 18 | 8p3B+n1Bl7W8g2p5+lFBa0CDzADbcsvrMkeziHAH2sefahdoMgflKOL6zdag02GQ 19 | ky6lqs4i0A1c1M8= 20 | -----END CERTIFICATE----- 21 | -------------------------------------------------------------------------------- /secrets/hostcert_rucio.certkey.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIDPjCCAiagAwIBAgIUVXpZxftaUMwrwgk6wYR1cGl0l5EwDQYJKoZIhvcNAQEL 3 | BQAwHzEdMBsGA1UEAwwUUnVjaW8gRGV2ZWxvcG1lbnQgQ0EwHhcNMjMwNDA1MDgw 4 | NDQxWhcNNDcxMTI1MDgwNDQxWjAQMQ4wDAYDVQQDDAVydWNpbzCCASIwDQYJKoZI 5 | hvcNAQEBBQADggEPADCCAQoCggEBAJ5wqvoD0mAN4+8kFJ7n84idYPstCCGgG6Vf 6 | by75x3GE6EznTWyQA3fpjGsuUrT8f7N/zT4ue+0qDB/rM4bzHK5vhnUm36ynOMZ+ 7 | JFiaHkN+iiSF7r3areJ4405H7AXYXoo2atwqDoBzrCLZzQWMfLtADH7JpZfrnpPH 8 | xF/GLKWSC0KcPdFmAekbhL5kHwdzOTmthGtM2XAs2YAjMB2Z35A7UX/GTjqy0A1Y 9 | tDJmBn+pKtEpibe+S/8m1nMzhbo0HL81PgpByQaTfplJwVVQ63kr2dZ2wgwZl6mC 10 | K8rIpdtxWsdO6OZCZS7+P+LEhUwas1SSGFRHkr6R6rxE24rjhrUCAwEAAaOBgDB+ 11 | MDwGA1UdEQQ1MDOCBXJ1Y2lvgglsb2NhbGhvc3SCH3J1Y2lvLmRlZmF1bHQuc3Zj 12 | LmNsdXN0ZXIubG9jYWwwHQYDVR0OBBYEFGr3+mh1/uhElWpDf7YEw0C9qdE2MB8G 13 | A1UdIwQYMBaAFICkQGk44IEkLz5Z7bN8JY50/K6pMA0GCSqGSIb3DQEBCwUAA4IB 14 | AQBciVMpkesr9gPvqY6Z6KH8FIGnCdAKxcrALY3QYy16wwUEBa7MjRXWCGkMltEd 15 | tirW1GtZwpK05rTaVtbQJppHSan9VpdmAumnAH/xDByVTKDUcbjElhuQL6qBBsls 16 | qPyo4dchlkTsfO4vcFf8cn1UB2LDIJQaQEv+2vz7NREkG4st6gDFR+hYq3TbcPqa 17 | LoPQv3R7BBpp1o6OfL26DmEJ0QVsP2dZ4k+X33u2mgPyR8bIBPMtrxwdTHH5QJJf 18 | RpmMQ1dH8wbsx2kZf2YV/LYUFctK52w7m7UrmwwgrFcF879emvElwkpyLzgtWQIh 19 | 8I9oLY52asTLQB959g04wX55 20 | -----END CERTIFICATE----- 21 | -----BEGIN PRIVATE KEY----- 22 | MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCecKr6A9JgDePv 23 | JBSe5/OInWD7LQghoBulX28u+cdxhOhM501skAN36YxrLlK0/H+zf80+LnvtKgwf 24 | 6zOG8xyub4Z1Jt+spzjGfiRYmh5Dfookhe692q3ieONOR+wF2F6KNmrcKg6Ac6wi 25 | 2c0FjHy7QAx+yaWX656Tx8RfxiylkgtCnD3RZgHpG4S+ZB8Hczk5rYRrTNlwLNmA 26 | IzAdmd+QO1F/xk46stANWLQyZgZ/qSrRKYm3vkv/JtZzM4W6NBy/NT4KQckGk36Z 27 | ScFVUOt5K9nWdsIMGZepgivKyKXbcVrHTujmQmUu/j/ixIVMGrNUkhhUR5K+keq8 28 | RNuK44a1AgMBAAECggEAFPpTdQNtBxlHuOnUzh5lfQzjYpZZiYQ2rNx4LubU/KeN 29 | j2MfufROdUHHvQg23K5C5TwSa32BnIrw7If6fE9zmHf9PEUvn99LMeLRQqbzQ1n9 30 | hezyyZHq7H23kO2OZ06448FlQC3UWjcWj025qtapTCykiuP9iCIjDquISWsGjcxV 31 | OTCYK9p71L0tReFjrMqMRsHIdUqJhfHl2U0FvuI58xRwBgD8Rn551iESr1jVTIod 32 | 4B1zsIBqQR5YLmVeQjYlzMCItNvfRW1MR9R0ZjBxOWzTQeWe37Vs8iQTJPx/pKNZ 33 | HzQZugQV6BWB2f5oRl6KdySVGn0wFHmnTNiDr/CCwQKBgQC7uWAJm4i3+whqY6V7 34 | cwTfWgXlPWFLqIWqXYVT6KoictvClT/WGF5l2TmN1/ZYFr7eFSmmcc96vmbfnum7 35 | +OR5DthD98Xa3HEgDDoK+x5IHEMRDEkrXt2UHRcGwzpbCelSBZ8Ty+9drqVAuTMx 36 | cePzz+VfJcnzj5dBE5Dg8LyE9QKBgQDYELc5z15OC98xbHamwsAskEyBKnQn0892 37 | BhHIABkzsrfKJNvTimZImOPRiyMJeu+zgbNR6oJWNkfst7LsP50gkXyGBwyx54fM 38 | ylxJWA5h14jjf2Z/h5pFAy/2MzFt9Y+9zdt/g0jnpgKSPUZptoGwbgIPK/WsLK2u 39 | yPoPm/fiwQKBgG6g+mXvEQ1LlVQNUVKFIBP4W40TNSl/MPaLkq02aj1O7w+nIS2s 40 | wsTG1VIwOW8ESItccWUzoRA28S1L23b5YLuu8ehsNl+aldhLHFGoV9orPaLoWJ6E 41 | k5Rb6FwF5XgNSUEbKvphrrjI2X5hJjg3ZB0lIYmHHZK5xmuFelX1yUOZAoGAXpLC 42 | gI1iC+tqYGnHbarlDxyCQC9i9GPj9RcnBVH1tglOJS8JAYkcyD4Tyg6K4YVsEjh9 43 | UyfAsRfFV7n4mSwnDLBhvxCq39wmNt+EkZ33faAoDNwg80VZo0eH4M37ntPTfRL0 44 | NtYyPSMPEQ+9GFyIW79rK1Tkjd5oj47s1ZRBZoECgYAPqR4/DdeW8Exn92NtafNS 45 | k7UdD73SlZUPCtglMfvIoHop2tNU/q39Ug+SJVpuNv6eazOH/RhBYQY3P4IvgQvs 46 | Ee6w4O6SwdnSKTIdnnp+EET5MeZ0vVR4tVzYZYcVQnMXulsVBe717Kn4xEDcyhCf 47 | t6/zrP0bJ7bgfQxaMrbspg== 48 | -----END PRIVATE KEY----- 49 | -------------------------------------------------------------------------------- /secrets/hostcert_rucio.key.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCecKr6A9JgDePv 3 | JBSe5/OInWD7LQghoBulX28u+cdxhOhM501skAN36YxrLlK0/H+zf80+LnvtKgwf 4 | 6zOG8xyub4Z1Jt+spzjGfiRYmh5Dfookhe692q3ieONOR+wF2F6KNmrcKg6Ac6wi 5 | 2c0FjHy7QAx+yaWX656Tx8RfxiylkgtCnD3RZgHpG4S+ZB8Hczk5rYRrTNlwLNmA 6 | IzAdmd+QO1F/xk46stANWLQyZgZ/qSrRKYm3vkv/JtZzM4W6NBy/NT4KQckGk36Z 7 | ScFVUOt5K9nWdsIMGZepgivKyKXbcVrHTujmQmUu/j/ixIVMGrNUkhhUR5K+keq8 8 | RNuK44a1AgMBAAECggEAFPpTdQNtBxlHuOnUzh5lfQzjYpZZiYQ2rNx4LubU/KeN 9 | j2MfufROdUHHvQg23K5C5TwSa32BnIrw7If6fE9zmHf9PEUvn99LMeLRQqbzQ1n9 10 | hezyyZHq7H23kO2OZ06448FlQC3UWjcWj025qtapTCykiuP9iCIjDquISWsGjcxV 11 | OTCYK9p71L0tReFjrMqMRsHIdUqJhfHl2U0FvuI58xRwBgD8Rn551iESr1jVTIod 12 | 4B1zsIBqQR5YLmVeQjYlzMCItNvfRW1MR9R0ZjBxOWzTQeWe37Vs8iQTJPx/pKNZ 13 | HzQZugQV6BWB2f5oRl6KdySVGn0wFHmnTNiDr/CCwQKBgQC7uWAJm4i3+whqY6V7 14 | cwTfWgXlPWFLqIWqXYVT6KoictvClT/WGF5l2TmN1/ZYFr7eFSmmcc96vmbfnum7 15 | +OR5DthD98Xa3HEgDDoK+x5IHEMRDEkrXt2UHRcGwzpbCelSBZ8Ty+9drqVAuTMx 16 | cePzz+VfJcnzj5dBE5Dg8LyE9QKBgQDYELc5z15OC98xbHamwsAskEyBKnQn0892 17 | BhHIABkzsrfKJNvTimZImOPRiyMJeu+zgbNR6oJWNkfst7LsP50gkXyGBwyx54fM 18 | ylxJWA5h14jjf2Z/h5pFAy/2MzFt9Y+9zdt/g0jnpgKSPUZptoGwbgIPK/WsLK2u 19 | yPoPm/fiwQKBgG6g+mXvEQ1LlVQNUVKFIBP4W40TNSl/MPaLkq02aj1O7w+nIS2s 20 | wsTG1VIwOW8ESItccWUzoRA28S1L23b5YLuu8ehsNl+aldhLHFGoV9orPaLoWJ6E 21 | k5Rb6FwF5XgNSUEbKvphrrjI2X5hJjg3ZB0lIYmHHZK5xmuFelX1yUOZAoGAXpLC 22 | gI1iC+tqYGnHbarlDxyCQC9i9GPj9RcnBVH1tglOJS8JAYkcyD4Tyg6K4YVsEjh9 23 | UyfAsRfFV7n4mSwnDLBhvxCq39wmNt+EkZ33faAoDNwg80VZo0eH4M37ntPTfRL0 24 | NtYyPSMPEQ+9GFyIW79rK1Tkjd5oj47s1ZRBZoECgYAPqR4/DdeW8Exn92NtafNS 25 | k7UdD73SlZUPCtglMfvIoHop2tNU/q39Ug+SJVpuNv6eazOH/RhBYQY3P4IvgQvs 26 | Ee6w4O6SwdnSKTIdnnp+EET5MeZ0vVR4tVzYZYcVQnMXulsVBe717Kn4xEDcyhCf 27 | t6/zrP0bJ7bgfQxaMrbspg== 28 | -----END PRIVATE KEY----- 29 | -------------------------------------------------------------------------------- /secrets/hostcert_rucio.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIDPjCCAiagAwIBAgIUVXpZxftaUMwrwgk6wYR1cGl0l5EwDQYJKoZIhvcNAQEL 3 | BQAwHzEdMBsGA1UEAwwUUnVjaW8gRGV2ZWxvcG1lbnQgQ0EwHhcNMjMwNDA1MDgw 4 | NDQxWhcNNDcxMTI1MDgwNDQxWjAQMQ4wDAYDVQQDDAVydWNpbzCCASIwDQYJKoZI 5 | hvcNAQEBBQADggEPADCCAQoCggEBAJ5wqvoD0mAN4+8kFJ7n84idYPstCCGgG6Vf 6 | by75x3GE6EznTWyQA3fpjGsuUrT8f7N/zT4ue+0qDB/rM4bzHK5vhnUm36ynOMZ+ 7 | JFiaHkN+iiSF7r3areJ4405H7AXYXoo2atwqDoBzrCLZzQWMfLtADH7JpZfrnpPH 8 | xF/GLKWSC0KcPdFmAekbhL5kHwdzOTmthGtM2XAs2YAjMB2Z35A7UX/GTjqy0A1Y 9 | tDJmBn+pKtEpibe+S/8m1nMzhbo0HL81PgpByQaTfplJwVVQ63kr2dZ2wgwZl6mC 10 | K8rIpdtxWsdO6OZCZS7+P+LEhUwas1SSGFRHkr6R6rxE24rjhrUCAwEAAaOBgDB+ 11 | MDwGA1UdEQQ1MDOCBXJ1Y2lvgglsb2NhbGhvc3SCH3J1Y2lvLmRlZmF1bHQuc3Zj 12 | LmNsdXN0ZXIubG9jYWwwHQYDVR0OBBYEFGr3+mh1/uhElWpDf7YEw0C9qdE2MB8G 13 | A1UdIwQYMBaAFICkQGk44IEkLz5Z7bN8JY50/K6pMA0GCSqGSIb3DQEBCwUAA4IB 14 | AQBciVMpkesr9gPvqY6Z6KH8FIGnCdAKxcrALY3QYy16wwUEBa7MjRXWCGkMltEd 15 | tirW1GtZwpK05rTaVtbQJppHSan9VpdmAumnAH/xDByVTKDUcbjElhuQL6qBBsls 16 | qPyo4dchlkTsfO4vcFf8cn1UB2LDIJQaQEv+2vz7NREkG4st6gDFR+hYq3TbcPqa 17 | LoPQv3R7BBpp1o6OfL26DmEJ0QVsP2dZ4k+X33u2mgPyR8bIBPMtrxwdTHH5QJJf 18 | RpmMQ1dH8wbsx2kZf2YV/LYUFctK52w7m7UrmwwgrFcF879emvElwkpyLzgtWQIh 19 | 8I9oLY52asTLQB959g04wX55 20 | -----END CERTIFICATE----- 21 | -------------------------------------------------------------------------------- /secrets/hostcert_xrd1.key.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCYMDVposZ1gOkE 3 | HqsKx3yrLGkj9w7rh542X9LUiL2w/NIll575QUQ0VvmpAUqy2aNv32G2igfaPkJ5 4 | AHoq2OuoyxFb45MxsrNP6XhxU4Br+vii2KCxyAo2XtziWBmXlcjzRgYnplJWPoC3 5 | AHaBFiqu2of9MTnuN0fnLcofJEXhxY07AoDMwdW+LaHFqPmgiwIkLt1UTXT2sxl1 6 | 5JvPnOv6vin8VY8K6DZkKZXMRp1PBSaFJhZ1WhnHlE6LOVGQ2GQ+/dZLrsZMhyF7 7 | DSw0esUjO4aeoSBgBfg6WXcPx0zWkQnhjfEeDSvjDdEfMD5t3smU87yVPQ0AfADk 8 | wQcL1CvZAgMBAAECggEABxuxUvbEWDamK4gXKxC4NPKFEqX2b2/NJvMA0OZ2Ha8h 9 | TZowVaoDuoIZdRhXWdUqeg4v7SuzRDFGP4qTKi8pip+5dtZBSL/0+hWIh5qD1AdL 10 | 16dQkh0qxPFXVccRou/fC+XIYc+15stSjbmaz1qusa4JTf0fnI2+cQDFgQDbtrjF 11 | 9m/WCLmYsPMgwQmW9g+Agyuz0+Z4DIDgkHy/P7TdCinuyqxa+KYbefa7hIOlgMTu 12 | wNQOgvthSv5N9VOVgXJcnWVdF6eoTb/VIKFkSfhHeyTNJpgMcPZKMZZxmGg6BlzX 13 | 75nrw6/IYTi412e+GR+uTvcUGaZj8Hqgw0HrhW+UAQKBgQDLkgNKKiQoQdjPOiYD 14 | AgM9/oSMOE9CC91QhU51SpL/dBtZ/VHnrWFY4C63tqMkjXv4OeamDuh3zOABPB0p 15 | B4pBGcUZInr9/rzbpJ70TKUgXDNe+yJ4Y7CNI0cUtjCFtiuFgwMTqWsv0oXNoWom 16 | V8VpRvKNpsHwVrYC95DnAzlOWQKBgQC/Ym18Vop9r4ecwVekRSv5HTNOt5vZ2ce6 17 | m6xV0WLYyUsrRcFc2SEoRv6B0SErnJ4Lmzd3K9OLMzCrAjTCq0VvMBh/20cFfTLS 18 | +JfKZmg22T186TpTQ8dQK60BhAF1CJJ8jeP8rvZyvTl6J9WGKIROb9fyZ3TftK6N 19 | 86d81hUZgQKBgCyXq4jPemQnKGscfb8i7briyf49R39cQfqleO5Qi6rRsDwiNZLe 20 | c/iYAyPTKiGTrJhPdqrhkSLNCjS7Clg2gp6IGpjK6M5CwvQKN5ekQne4OriPoplk 21 | nQQNukBbOH3Rze7NKBtifUxYfV7yAOKtT10kYXWOFeWj2PMFcARqvF7hAoGAY5/W 22 | BGp8Lw7nVgcjGyTSzhuQMMLNQyrlmFMe85FKljS6h20JSc7RPskuBN+bF7uwXbRP 23 | vB45QXXFOM+uLUPAoi90IWJA5y+T/FRhl3+Vci/FnTc/IEbhAu+pYGeZ5pUuw92M 24 | t2VQbsvnlpoTwYFn1fjMfaezJBxG3SffoNFELIECgYBTswX4F9lNrigdxZJWHwmL 25 | WJ65US2/eAv8gt9sQreRg3/0JQZykJgBt0xw+PxeuR89KZaId/zXBObzeU0SkZIk 26 | l8IYQkByoB3AKOYROc62JUFP0KgX4SVdNLrNKcuKyL6JkAlnc0uIQD44Jb3yIkQz 27 | 9FGcn1x+JChp1toWwFIkgA== 28 | -----END PRIVATE KEY----- 29 | -------------------------------------------------------------------------------- /secrets/hostcert_xrd1.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIDOjCCAiKgAwIBAgIUVXpZxftaUMwrwgk6wYR1cGl0l5MwDQYJKoZIhvcNAQEL 3 | BQAwHzEdMBsGA1UEAwwUUnVjaW8gRGV2ZWxvcG1lbnQgQ0EwHhcNMjMwNDA1MDgw 4 | NDQyWhcNNDcxMTI1MDgwNDQyWjAPMQ0wCwYDVQQDDAR4cmQxMIIBIjANBgkqhkiG 5 | 9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmDA1aaLGdYDpBB6rCsd8qyxpI/cO64eeNl/S 6 | 1Ii9sPzSJZee+UFENFb5qQFKstmjb99htooH2j5CeQB6KtjrqMsRW+OTMbKzT+l4 7 | cVOAa/r4otigscgKNl7c4lgZl5XI80YGJ6ZSVj6AtwB2gRYqrtqH/TE57jdH5y3K 8 | HyRF4cWNOwKAzMHVvi2hxaj5oIsCJC7dVE109rMZdeSbz5zr+r4p/FWPCug2ZCmV 9 | zEadTwUmhSYWdVoZx5ROizlRkNhkPv3WS67GTIchew0sNHrFIzuGnqEgYAX4Oll3 10 | D8dM1pEJ4Y3xHg0r4w3RHzA+bd7JlPO8lT0NAHwA5MEHC9Qr2QIDAQABo34wfDA6 11 | BgNVHREEMzAxggR4cmQxgglsb2NhbGhvc3SCHnhyZDEuZGVmYXVsdC5zdmMuY2x1 12 | c3Rlci5sb2NhbDAdBgNVHQ4EFgQUQRSOqwEtKunEhOFE4NDB5tVBBtswHwYDVR0j 13 | BBgwFoAUgKRAaTjggSQvPlnts3wljnT8rqkwDQYJKoZIhvcNAQELBQADggEBAJFg 14 | 1MXMFzE6VgHQsDRQa5LOCS9zhk3fv1NhZ25VvtrHbtGwUzc8gc74IWJudFFNWf2e 15 | H1Zpy8hfYR5gisfSk0DIANaBMu31+JxYEmNT12lYh9RZQNk9vB84K8Csw0aJNsfp 16 | uWzpSJXhnM71or+3tHJBe6kmQqJKLA75X9Vi6/Wroc9GDc5EtJAenweU2GBVwBKB 17 | 5am+tRN8WXMsjTig2xhyMyLRtq8BBvwDa9iGA0hTRnMMYif5aj2WPwXm2/3ruFED 18 | kNU0++NwxY08B52rSjjmpTF2voZsYsx1OcbMK2HyD4E36P8zKSTHxviDIrIRQAdw 19 | MMCWKt6j3SpyZNtgWFw= 20 | -----END CERTIFICATE----- 21 | -------------------------------------------------------------------------------- /secrets/hostcert_xrd2.key.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCuF6asbocBjMe2 3 | FHcELBhANattK4Zw+27WvUaA447SpaOBEdnXu79Pv2HCePmeCiJSF/lUjwBmz5c4 4 | r5qpc4gpVRf0/CfrPy1uWLUc2vItFbongRUwRFN/xHFd+xajpW9vdXQ2B/no/qOJ 5 | ruet4cde2/VVqWIrRMROK6GfVOqzbTO+yI82cEtCHhrmg3CYsqzM6RJzr6dLNp5D 6 | zdXdcTkEeCSOIiymHdK16bEBbRRkJPVwxpx4LL5qABcCotI3wmWG2hpilpdg2ipX 7 | oJ2AGVKfX9qI13s8FX5BCluOzmaFJ6QIXGkNLiqWgJQE4gc7zDEsDXj+1iPelhxg 8 | JSDcUpzVAgMBAAECggEAAb5U5KcwDPDsUxjTXvmovdk2ap/Ood+ywCMhy0qmydnv 9 | euxt175BRTrab3MnX3t51S6jnZgtCIU4XiX2u48KTwz+HML7DLJo8buhB1/zSvD2 10 | bfeEpHjFXqMzVh3x9Rjutm62XOV+4uQh89AKRpswlEpJo7OlkF9eQ+t7Ro2NfYHX 11 | OUPB7VygNAAFUxvla5zmTxyixRKMTWHocF/iHS4R0UAF3A0tP9Ewvkr9nQ70MUvi 12 | 1coZfNa6tLct1eiKy0aJg/zVmFzGD6WsZdAxL6Xa4ifFCMmfo0J25ey1oaGBtO+o 13 | NrJADPIPCyS62YAjwi/EWANYK/vsFepJjQmhUdzKxQKBgQDkhb+DQruBcBF3h9W2 14 | kSivl/QaAta0MkHuYJz9ZGD8wTHbGXXFP6N4amUxoVACAvjGphV/0PAhoYJDc7md 15 | F3kkH3Zvv7F4EIsUuq6+8U+j2Mwwgi8zesqPfSPeO2MKCSvXZBY7O+ep4VeRqoHO 16 | gj7AuGuXtQRPcCPnW38hJBK/owKBgQDDBnd8G8uUqQHZqmQxDguDxKUv8Ositc1c 17 | spHGxCP/rlbi2EA+cqhrZgOwXz3/bgNvy8Hn5CEYxjIz3Y2IaC92w/QlbIjoBenq 18 | QhgYFj9mOSAi+5wF4gRF2ovINj37+GVxfkI/Sw6ZuMJMwwrUnad+1tNX/oEQK/4u 19 | hUr6lkWZJwKBgQCJfUbaLF4v5EM+DUWxj+hQrTW6KJcQ12P/jbUmZyxLJdlfHxRS 20 | VpV9r1Wu5IUEkNEog2hP/F9dfJSpDIlSUHscFqnlVgnqWNm04RSd4QWvaJKBZPIN 21 | IQWaCwp3fHd75ESyVI9jmAkrll5fT5zFqGsk/FAPeGNdf/S6D7yPLerxzQKBgB5+ 22 | /GAj2Im+g9ONmW0yTQqlzU7Z1WrwEtTT94elVBu/H0cJmcIqG7vvj9QckI1InrD0 23 | o7WnLqW5GFCT7HXQFNv1eFAB0Ma3ZgSDoVDi6bcKZ8QQpC0nUpO5wPHlyXuFNBez 24 | LpjHG9ld0sQ+G4tzu6VR4mp4GaZ1uqF7pmXY6bkxAoGBAN9tdYHiXQDc+ARSDUJv 25 | n5OdZza9FBOywEk7lUZ63svfNHqJki8VlUL6I6RI/3vg6d8XghAbpHBFkFTB1nS0 26 | hZ1/O6GZvesvk7uFAApC78R30KeRZZhAgFvnrOYe2ym0r3QTw/6q0kxNkLN3i2Ly 27 | CkzgIotxudQh7xiWDBGZzOLZ 28 | -----END PRIVATE KEY----- 29 | -------------------------------------------------------------------------------- /secrets/hostcert_xrd2.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIDOjCCAiKgAwIBAgIUVXpZxftaUMwrwgk6wYR1cGl0l5QwDQYJKoZIhvcNAQEL 3 | BQAwHzEdMBsGA1UEAwwUUnVjaW8gRGV2ZWxvcG1lbnQgQ0EwHhcNMjMwNDA1MDgw 4 | NDQyWhcNNDcxMTI1MDgwNDQyWjAPMQ0wCwYDVQQDDAR4cmQyMIIBIjANBgkqhkiG 5 | 9w0BAQEFAAOCAQ8AMIIBCgKCAQEArhemrG6HAYzHthR3BCwYQDWrbSuGcPtu1r1G 6 | gOOO0qWjgRHZ17u/T79hwnj5ngoiUhf5VI8AZs+XOK+aqXOIKVUX9Pwn6z8tbli1 7 | HNryLRW6J4EVMERTf8RxXfsWo6Vvb3V0Ngf56P6jia7nreHHXtv1ValiK0TETiuh 8 | n1Tqs20zvsiPNnBLQh4a5oNwmLKszOkSc6+nSzaeQ83V3XE5BHgkjiIsph3Stemx 9 | AW0UZCT1cMaceCy+agAXAqLSN8JlhtoaYpaXYNoqV6CdgBlSn1/aiNd7PBV+QQpb 10 | js5mhSekCFxpDS4qloCUBOIHO8wxLA14/tYj3pYcYCUg3FKc1QIDAQABo34wfDA6 11 | BgNVHREEMzAxggR4cmQygglsb2NhbGhvc3SCHnhyZDIuZGVmYXVsdC5zdmMuY2x1 12 | c3Rlci5sb2NhbDAdBgNVHQ4EFgQUyyxdGxlIKwzB6vUcSxxrQng9ek0wHwYDVR0j 13 | BBgwFoAUgKRAaTjggSQvPlnts3wljnT8rqkwDQYJKoZIhvcNAQELBQADggEBAEDx 14 | ZJeof4hInuzyf4WO8MEQ4CqrbyJ4lYxO1kdmceN1A1v8AE1F3e8HwVS4i584SOIC 15 | 6eCO2y/JNMdhV//O8SjqFhPtcSUrMw2ERglFQhVHgSi3Rsfipj5hVw3bg3j9Bbv0 16 | XVOD2RGtPb+FP6iFAjHAEBQHziKjzAUtD/7n+ZhcI58t9+CgYunshaIAEDcv0CUr 17 | jPLtZcpdcFN5d2pMYcbpo/kwWWyTpRfDEZl9VjkyxFAgL5WUP204W1C1EPaAHa+4 18 | xBxKjyoQ2BQN56hYmVIs52aZ88fWGLll2KUPOYeaSHpkwVsrKXGfsfSkpEzlUnMn 19 | sl+MXVsGZhgnYAWVypg= 20 | -----END CERTIFICATE----- 21 | -------------------------------------------------------------------------------- /secrets/hostcert_xrd3.key.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC51qOi/thHgqic 3 | kajp0WsJcHVoP6C1Gkg6uBQaMHdhyN2sOSAmMY1zOMUrBTI5sS09/n4CLEzE5oQb 4 | H+hhRI8vrlShETZEeX5qqOcsQrXo3TNMRZH5ewUrGUfFc8L9DEBMohkJGic7VMnJ 5 | i6M41lI5X1NSUAXBqm8J6q+vBXgTi81XA00uhCNaJtxySUW3PC+6OzAX6lZrPsOd 6 | HEmOy0HKOviqdSY0s4SxZXrLewP5B9eIxstPn5T+6XZiqv339tK1JPFmt+y32B6e 7 | i/LlXpGDsRaSFtslAB57NEc45KPmt7vR4MPrwMmTiE6lZGvjxh38BVVJvuIYsBGZ 8 | PRO3v59fAgMBAAECggEAMZUUXMEs2EuCjB+K1zOSINcZ5CIR0S/9dHk3l9M1jufm 9 | SPSG4NnYuRS8+mDtCRp+DSvQ1+iU5PXx6kDFoeoGX/zdxImQlo1pzrBY2WTFHyeh 10 | b6iiLVOGyfx5OzPLIvO5VhjroBOTww84tWbluhzonDkURIJoPscn0BgHHqXRZzkx 11 | AAr1fullXf1SPwvoNceqpxHVy66FDEnPXRxp99xDp46NQYgEBgzIO3p3pwSKgdDW 12 | 7Xom/9Snnh9qOP9sHGmfXHAsXAiRWZ6xdP9laCaHJHUkOCbwzzcFSoxxV62RQxxm 13 | uRpFyuyHLxK9lH4yV/OjvxBn/aGD7mKUAJyEwBvxNQKBgQD0X1o7+Fcq0PhqT9wc 14 | TF69gD/nhFyX4yl044f1u/42SKZFsv5a1vpeb6Uzi2vltBAAqiiXGmVApo1g7Yxv 15 | gxfHq3CdarB2KUpE+Mh0JRUFbE+eg701lKlJBDc8R48Yg/FcPnR+SWW0s1TaWu3C 16 | TjTauQOPEYU9bdLrqMoJIgs6zQKBgQDCrkvkq09otRBtz2HRnUoWqPrxALXMQLJ+ 17 | xQCdwUXLPlGF4SAsAEgkG7CNYwDqmN5xBFTNmUt3mI0nhoDJY0UMVwz84GkYqczA 18 | uesx3WL7LYkIaplR2JQzREqlutIhYnFuL+6epZRRWuQksXqRC1SF2/xC4nl37Unh 19 | B68R+9ma2wKBgQDXd4+/Wtu4w+KVEm8YgHn0irVN9FYUElaGWuyRTj36LRp2UDmX 20 | bP/67mPyS9dKBPcrLt11Re/LDk+QDEQMOsFn65DzK5QFy6hRoi5UwjGDw5l8Qdo9 21 | +SM+Xzo4qzvPuN7Cn8rlYuALcSe7E/uZnI1b4U/zANbDcCdOZFgnr13JbQKBgDEX 22 | Xo/lGvseXWwzVUlUTnB0YAMR2MYOsnQBHWyqZf0gU9JcuI4f7BEe4mBkzMBbmAwL 23 | uY62zy7zSvTil+swmyLHeMDznczYVIds2oASgXkxPFLg/pSC9qwO1nwAJijA+DV+ 24 | 5L8gpcv2DX2rO2sD3mZ62JvNHDA/p9eU5nK0fWTtAoGAOhNYm6uzNHVeDHus7fpk 25 | ibGuEWDiP4WC0QXEw+K/MlRPH6a3poWx0dZL9xUkLWBCpDTG/7KeeaqGECROiXvw 26 | uiRs3AB8KL2GVXWZYCzm9ZZexs2zUwBjfsVpH1bmaJiXVT8DUheRPndgCTjRFaHF 27 | 604qIkJgKb/vF66uFU5eV6Y= 28 | -----END PRIVATE KEY----- 29 | -------------------------------------------------------------------------------- /secrets/hostcert_xrd3.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIDOjCCAiKgAwIBAgIUVXpZxftaUMwrwgk6wYR1cGl0l5UwDQYJKoZIhvcNAQEL 3 | BQAwHzEdMBsGA1UEAwwUUnVjaW8gRGV2ZWxvcG1lbnQgQ0EwHhcNMjMwNDA1MDgw 4 | NDQzWhcNNDcxMTI1MDgwNDQzWjAPMQ0wCwYDVQQDDAR4cmQzMIIBIjANBgkqhkiG 5 | 9w0BAQEFAAOCAQ8AMIIBCgKCAQEAudajov7YR4KonJGo6dFrCXB1aD+gtRpIOrgU 6 | GjB3YcjdrDkgJjGNczjFKwUyObEtPf5+AixMxOaEGx/oYUSPL65UoRE2RHl+aqjn 7 | LEK16N0zTEWR+XsFKxlHxXPC/QxATKIZCRonO1TJyYujONZSOV9TUlAFwapvCeqv 8 | rwV4E4vNVwNNLoQjWibccklFtzwvujswF+pWaz7DnRxJjstByjr4qnUmNLOEsWV6 9 | y3sD+QfXiMbLT5+U/ul2Yqr99/bStSTxZrfst9genovy5V6Rg7EWkhbbJQAeezRH 10 | OOSj5re70eDD68DJk4hOpWRr48Yd/AVVSb7iGLARmT0Tt7+fXwIDAQABo34wfDA6 11 | BgNVHREEMzAxggR4cmQzgglsb2NhbGhvc3SCHnhyZDMuZGVmYXVsdC5zdmMuY2x1 12 | c3Rlci5sb2NhbDAdBgNVHQ4EFgQUkdSE98OHsxjeszj+DngRbJlYUbUwHwYDVR0j 13 | BBgwFoAUgKRAaTjggSQvPlnts3wljnT8rqkwDQYJKoZIhvcNAQELBQADggEBAJO8 14 | BOi75PM4VHuGVViPFSo2rU/BOTZ5JAczipUOTbnIGE7PkZjXO4ihv7uoKQVYF+Ax 15 | tUuXsV1aaemNmhCqfjVLGTCKJ2kRqxpSw8rNPxSaHVTObaKodxSWY3ST1dlAtfCW 16 | 5aDC2aKBsydaqBLkEWs9vpKIuCC0mSTJ3a7nk5bOLQNizoLTfSVqW/CZHtcx8cHJ 17 | qZdUjt/I4ynUP0bFZxr1e8I5CJffN/Ej9KFf5PntYkvhmkzrnqQAT8WsRAxt9xDp 18 | +Ur4+iFgdYB63p1fSkV2+zV2LA8keNnd1wMF6hkvLnrgUb0D0KSr0StFIgOSoFi/ 19 | D+GqhH1aVXG8+B4H4ZE= 20 | -----END CERTIFICATE----- 21 | -------------------------------------------------------------------------------- /secrets/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | secretGenerator: 5 | - name: ca-cert 6 | files: 7 | - tls.cert=rucio_ca.pem 8 | - name: ruciouser-cert 9 | files: 10 | - tls.cert=ruciouser.pem 11 | - tls.key=ruciouser.key.pem 12 | - name: hostcert-rucio 13 | files: 14 | - tls.cert=hostcert_rucio.pem 15 | - tls.key=hostcert_rucio.key.pem 16 | - tls.certkey=hostcert_rucio.certkey.pem 17 | - name: hostcert-fts 18 | files: 19 | - tls.cert=hostcert_fts.pem 20 | - tls.key=hostcert_fts.key.pem 21 | - name: hostcert-xrd1 22 | files: 23 | - tls.cert=hostcert_xrd1.pem 24 | - tls.key=hostcert_xrd1.key.pem 25 | - name: hostcert-xrd2 26 | files: 27 | - tls.cert=hostcert_xrd2.pem 28 | - tls.key=hostcert_xrd2.key.pem 29 | - name: hostcert-xrd3 30 | files: 31 | - tls.cert=hostcert_xrd3.pem 32 | - tls.key=hostcert_xrd3.key.pem 33 | 34 | generatorOptions: 35 | disableNameSuffixHash: true 36 | -------------------------------------------------------------------------------- /secrets/rucio_ca.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIDHzCCAgegAwIBAgIUP9m4yaQmM45g7BVYdSs94ToS6PgwDQYJKoZIhvcNAQEL 3 | BQAwHzEdMBsGA1UEAwwUUnVjaW8gRGV2ZWxvcG1lbnQgQ0EwHhcNMjMwNDA1MDgw 4 | NDQxWhcNNDcxMTI1MDgwNDQxWjAfMR0wGwYDVQQDDBRSdWNpbyBEZXZlbG9wbWVu 5 | dCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKraPbO8Skqj6NAc 6 | qbOQ0H0f8m4seWdN5hypO1IWwPO3qwH51snStM0/QUAexWqVUmoOGhC6NfsFVExj 7 | 1FitlJCiwlRUmWDpMeVleX6TSvzoH7KQHzlmxnWJ83ys7+kadysq47Z8EVkKaekU 8 | /64KUjki+OQr5nU1czUA5I3weDv0vO8ATxxlfRYx/+2pfGLt3a2Y6lFaFUo5LxMu 9 | /vaCRP5JpAML9cUjjEWQ59C9yQipkjL+EcvCljQunF34n84taSNqpcwToK8beTCC 10 | 5eNDp1lnQ+IQ0kjjMxukMhlwBXPPhF2Pd+a91IRj1zkOlVZ08r6kkl6g9BCyhn5b 11 | qYNFn9sCAwEAAaNTMFEwHQYDVR0OBBYEFICkQGk44IEkLz5Z7bN8JY50/K6pMB8G 12 | A1UdIwQYMBaAFICkQGk44IEkLz5Z7bN8JY50/K6pMA8GA1UdEwEB/wQFMAMBAf8w 13 | DQYJKoZIhvcNAQELBQADggEBAHiaIeqkX03w20neNyoso2ExjcRow8YbgXtD1u4c 14 | lebc0k/5w/DDA1d8ZzfVT+5N5XRtKs+/C2oI6Bw/GXr7QxUByNeKtns8+BWAHchq 15 | J94x8MbfZR1MURWhBJo2MQnUKiV0jtbNIGOKxzwhw/+hBqy7Z0y/ZjUHnBNjkwkB 16 | 9py2vU51oJQMDPpZujthFweS7AajECjjVg0wsXUjs+yd3s/wJGIPhM6rWK31anJO 17 | ZH+41sah4qGMTtBa2LdsUHhHDpl9nStTTu8WNS0hUoBQhhlCz6aFk5VOQ/8D65+A 18 | WNUDOBENuSugiN8TPTux1eHMQuX/VfO7lXVD5de9aQ8/ZhQ= 19 | -----END CERTIFICATE----- 20 | -------------------------------------------------------------------------------- /secrets/ruciouser.key.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDhzNxBuaT8rfZA 3 | 5SEGl26GM0qAYpuLKMdCachsDDi42j7n2YYSrn/zBkxNiXaD5ey8bfh1LEL01gV9 4 | hbmOUHnaAdyTPiVIB0TLSl/2F5CXkGx4t+4gAWUc+9mGVShJrVwr6Y5sHrVXORim 5 | eODQWTqCLYbSfWLQTCloD6eAnXYQcDnz2lmyys3IuU/DKX/amMq1PjtEflzI3ef5 6 | CPOwPx2BKtcwrcq/4adzMIY18W/regP9fK6hFcVqp8pCaaPqo2J4ugqwaIk3SoH+ 7 | 4CAdgpPN6yj7JEgrbdgURdRAWymjaELNzla2BQgOhnDlaTO7Kj/vogDjFas51oVX 8 | jZr4NNFVAgMBAAECggEAEyFordbdMB1LBk+DX0wYLJ2O29a+5+jiDPHqbaERczPm 9 | bX1D+zQ2me/4Kf+R/3XM+1/z03WXDKhPWcWpJXITCNHsjrsOrI4VGYYpIC/566Vs 10 | U0P+FE8Z8n0x/kwbuDZMX1oP24A0i/nF6WDHZ0+QAfR6fj3qT8yMG4lr/x0YIic/ 11 | OIyv3IU+K6l+/ud17O9WiCRtTyZXGyIJLdEQJJyDgZeCT+B9z88HtjD3KoVRritn 12 | GwoJ0Czu9DfeNqZsQqMkM6N+tBMcoImwa78+m91oT4qgGyLLPXTlyC5U1GT6LL4K 13 | N1L6g/Q4YIGcnYmB4XR6a8ci3Bgj1Uj7MXOkCx+nlwKBgQDqFWQJUQt/aJLjMYee 14 | I+/4WokqgioOD+zg3esQhltwTIw6OZ3FtbRgblhyaPP6xidqOYG8pQcERBUqn1W8 15 | jhGWRM7ny+1OIJXKESxmq8Z320fVmRLr22k6YAllfc78IgLvl9xNixYzwkXtLi1W 16 | Og7xmr5NAq0u/eJcUO4xRvX8qwKBgQD28O594NT3hHky8RhzEMKegn+ELimxwgpw 17 | w135xTAjC8UAEuVuxL/eU5V2MLGPFKDxqwfWqEXYLF3/WdVGFRCMeOf2Wf1I4+3q 18 | AHt7hQ1cnOh0MrL9F+ytJU3iDx1Kiq0XBsVMRvRBJGT6biDOIUKX7U+m6Q2LuqME 19 | DW5PlaRp/wKBgBBDJi0DhWH3mOTRxxM0efJuD8N1QYiykIlawX7nZqjZmJBe+lgG 20 | 9J4SbHCeW/zbEVfu4NWDPYaNWE8avLEZyZz/8MPnxfe8ict8//GuE162TDpJpSff 21 | mWLl0yFK6TtY/Y05pqN4ezVjVMpSf/HSnMEqN/hPrEpsdvJk6Pdhb6t7AoGALvAC 22 | 1QhsUpPqmaU8GXsBEzII3O4NXM1eQKrR7QzvJmoxSt9Mnu5k7fSDP1DoHyMzqFvz 23 | BHk9tWZRg5zmrgiI+bptlOTsAPPaIBVxYzwaGxV0FcohPXxTr2Gc2TA4SBft6KeP 24 | zvzZppwtWXCfaa7mwowIDNjVi06xd6653gS6mK8CgYBNYlLcX9ugXlezIeXQQLT+ 25 | gw58+WQEJLg8XLwhfwhhQt981541JMm9Hg7T4tpKN+geYm0jNyuHOebgfftszkUV 26 | xYPTdHdNApZ86Z3O7TkPlI6NeQlrcYpiy72oB1bT5PbM8uZuRLlqiPcWFUffxV9Q 27 | 1NEH8V5UEbQ0EkF2bIQTHQ== 28 | -----END PRIVATE KEY----- 29 | -------------------------------------------------------------------------------- /secrets/ruciouser.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIDFDCCAfygAwIBAgIUVXpZxftaUMwrwgk6wYR1cGl0l5AwDQYJKoZIhvcNAQEL 3 | BQAwHzEdMBsGA1UEAwwUUnVjaW8gRGV2ZWxvcG1lbnQgQ0EwHhcNMjMwNDA1MDgw 4 | NDQxWhcNNDcxMTI1MDgwNDQxWjAVMRMwEQYDVQQDDApSdWNpbyBVc2VyMIIBIjAN 5 | BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4czcQbmk/K32QOUhBpduhjNKgGKb 6 | iyjHQmnIbAw4uNo+59mGEq5/8wZMTYl2g+XsvG34dSxC9NYFfYW5jlB52gHckz4l 7 | SAdEy0pf9heQl5BseLfuIAFlHPvZhlUoSa1cK+mObB61VzkYpnjg0Fk6gi2G0n1i 8 | 0EwpaA+ngJ12EHA589pZssrNyLlPwyl/2pjKtT47RH5cyN3n+QjzsD8dgSrXMK3K 9 | v+GnczCGNfFv63oD/XyuoRXFaqfKQmmj6qNieLoKsGiJN0qB/uAgHYKTzeso+yRI 10 | K23YFEXUQFspo2hCzc5WtgUIDoZw5Wkzuyo/76IA4xWrOdaFV42a+DTRVQIDAQAB 11 | o1IwUDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0OBBYEFAGkcxBRp5pCaO5h4vWScEN4 12 | m3hJMB8GA1UdIwQYMBaAFICkQGk44IEkLz5Z7bN8JY50/K6pMA0GCSqGSIb3DQEB 13 | CwUAA4IBAQBM5BUEZK/5rRG4o7kKL1D/Ux8sJ5Dyn5Q5hKRLAx4Dh72Rbs3ou95f 14 | yZH929+VDeok07gs7rkvl5GHxXpgnqQ3pSp6TveRNMYprCBAW/+8ZM5EzO1yZqAo 15 | Fpkhb5uOHA6m9cZKSUlDhLjbJ+/yROcDy6zL26b7SUMDsHkIbh14xZPxUNHj/6Hz 16 | MqOKWwJ2XBy1q7zWItt+lVdLFDBj0rNCHh9OlQxhGBcwBe3i9VVFuXvFI45fEUIK 17 | BT0BCdTpafUXBIylr03q289fBJ9IiDtPJWquwj1NVg2/m/IvM9vSwwUGf12MiXFc 18 | bU4eDBc+qVR+fAmqjWo81mxhAcho7vWM 19 | -----END CERTIFICATE----- 20 | --------------------------------------------------------------------------------