From 99baa97c729a2dfb7c1025d4d2adcd568ad3e410 Mon Sep 17 00:00:00 2001 From: msoares <marcelo.soares@cnaf.infn.it> Date: Thu, 25 Feb 2021 00:44:48 +0000 Subject: [PATCH 1/5] Added all vomses and vomsdir Fixed httpd conf files Fixed mounting volumes Fixed Mysql --- .gitignore | 9 + Dockerfile | 66 +--- assets/1 | 16 + assets/ENV | 12 + assets/fts3-mon/autoindex.conf | 1 - assets/fts3-mon/httpd/conf.d/autoindex.conf | 94 ++++++ .../fts3-mon/{ => httpd/conf.d}/ftsmon.conf | 10 +- assets/fts3-mon/httpd/conf.d/ssl.conf | 217 +++++++++++++ assets/fts3-mon/httpd/conf.d/userdir.conf | 36 +++ assets/fts3-mon/httpd/conf.d/welcome.conf | 22 ++ assets/fts3-mon/httpd/conf.d/zgridsite.conf | 111 +++++++ assets/fts3-mon/ssl.conf | 1 - assets/fts3-mon/userdir.conf | 1 - assets/fts3-mon/welcome.conf | 1 - assets/fts3-mon/zgridsite.conf | 1 - assets/fts3-rest/autoindex.conf | 1 - assets/fts3-rest/httpd/conf.d/autoindex.conf | 94 ++++++ .../{ => httpd/conf.d}/fts3rest.conf | 7 +- assets/fts3-rest/httpd/conf.d/ssl.conf | 217 +++++++++++++ assets/fts3-rest/httpd/conf.d/userdir.conf | 36 +++ assets/fts3-rest/httpd/conf.d/welcome.conf | 22 ++ assets/fts3-rest/httpd/conf.d/zgridsite.conf | 111 +++++++ assets/fts3-rest/ssl.conf | 1 - assets/fts3-rest/userdir.conf | 1 - assets/fts3-rest/welcome.conf | 1 - assets/fts3-rest/zgridsite.conf | 1 - .../fts3-server/httpd/conf.d/autoindex.conf | 94 ++++++ assets/fts3-server/httpd/conf.d/ssl.conf | 217 +++++++++++++ assets/fts3-server/httpd/conf.d/userdir.conf | 36 +++ assets/fts3-server/httpd/conf.d/welcome.conf | 22 ++ .../fts3-server/httpd/conf.d/zgridsite.conf | 111 +++++++ assets/fts3/fts-msg-monitoring.conf | 1 + assets/fts3/fts3config | 31 +- assets/fts3/fts3rest.ini | 13 +- assets/log/fts3/fts3bringonline.log | 0 assets/log/fts3/fts3server.log | 0 assets/log/fts3/fts_bringonline_stderr.log | 0 assets/log/fts3/fts_bringonline_stdout.log | 0 assets/log/fts3/fts_server_stderr.log | 0 assets/log/fts3/fts_server_stdout.log | 0 assets/log/fts3/msg.log | 0 assets/mysql/fts-database-upgrade.py | 285 ++++++++++++++++++ assets/mysql/fts-database-upgrade.pyc | Bin 0 -> 9692 bytes assets/mysql/fts-database-upgrade.pyo | Bin 0 -> 9692 bytes assets/scripts/docker-entrypoint.sh | 21 -- assets/scripts/etc/hosts | 7 + assets/scripts/fts-database-upgrade.py | 285 ++++++++++++++++++ assets/scripts/fts-database-upgrade.pyc | Bin 0 -> 9692 bytes assets/scripts/fts-database-upgrade.pyo | Bin 0 -> 9692 bytes assets/scripts/initialize-mysql.sh | 2 +- assets/scripts/startup-fts-mon.sh | 15 + assets/scripts/startup-fts-rest-mon.sh | 11 - assets/scripts/startup-fts-rest.sh | 12 +- assets/scripts/startup-fts-server.sh | 11 + assets/supervisor/conf.d/supervisord.conf | 36 +++ assets/vomsdir/alice/lcg-voms2.cern.ch.lsc | 2 + assets/vomsdir/alice/voms2.cern.ch.lsc | 2 + assets/vomsdir/argo/voms-01.pd.infn.it.lsc | 2 + assets/vomsdir/argo/voms.cnaf.infn.it.lsc | 2 + assets/vomsdir/atlas/lcg-voms2.cern.ch.lsc | 2 + assets/vomsdir/atlas/voms2.cern.ch.lsc | 2 + assets/vomsdir/auger/voms1.grid.cesnet.cz.lsc | 2 + assets/vomsdir/auger/voms2.grid.cesnet.cz.lsc | 2 + assets/vomsdir/babar/voms.gridpp.ac.uk.lsc | 2 + assets/vomsdir/belle/grid-voms.desy.de.lsc | 2 + assets/vomsdir/belle/voms.cc.kek.jp.lsc | 2 + assets/vomsdir/belle/voms.hep.pnnl.gov.lsc | 2 + .../vomsdir/biomed/cclcgvomsli01.in2p3.fr.lsc | 2 + assets/vomsdir/cdf/voms-01.pd.infn.it.lsc | 2 + assets/vomsdir/cdf/voms.cnaf.infn.it.lsc | 2 + assets/vomsdir/cdf/voms1.fnal.gov.lsc | 2 + assets/vomsdir/cdf/voms2.fnal.gov.lsc | 2 + .../vomsdir/clas12/gryphn.phys.uconn.edu.lsc | 2 + .../vomsdir/clas12/jlabvoms.t2.ucsd.edu.lsc | 2 + assets/vomsdir/cms/lcg-voms2.cern.ch.lsc | 2 + assets/vomsdir/cms/voms2.cern.ch.lsc | 2 + assets/vomsdir/dteam/voms2.hellasgrid.gr.lsc | 2 + assets/vomsdir/geant4/lcg-voms.cern.ch.lsc | 2 + assets/vomsdir/geant4/voms.cern.ch.lsc | 2 + .../gerda.mpg.de/vomsIGI-NA.unina.it.lsc | 2 + .../gerda.mpg.de/vomsmania.cnaf.infn.it.lsc | 2 + .../vomsdir/glast.org/voms-02.pd.infn.it.lsc | 2 + .../vomsdir/glast.org/voms2.cnaf.infn.it.lsc | 2 + .../icarus-exp.org/vomsIGI-NA.unina.it.lsc | 2 + .../icarus-exp.org/vomsmania.cnaf.infn.it.lsc | 2 + assets/vomsdir/infngrid/voms.cnaf.infn.it.lsc | 2 + assets/vomsdir/juno/lcgvoms02.jinr.ru.lsc | 2 + assets/vomsdir/juno/voms.ihep.ac.cn.lsc | 2 + .../km3net.org/voms02.scope.unina.it.lsc | 2 + assets/vomsdir/lhcb/lcg-voms2.cern.ch.lsc | 2 + assets/vomsdir/lhcb/voms2.cern.ch.lsc | 2 + assets/vomsdir/magic/voms01.pic.es.lsc | 2 + .../muoncoll.infn.it/voms-02.pd.infn.it.lsc | 2 + .../muoncoll.infn.it/voms2.cnaf.infn.it.lsc | 2 + .../voms.gridpp.ac.uk.lsc | 2 + .../voms02.gridpp.ac.uk.lsc | 2 + .../voms03.gridpp.ac.uk.lsc | 2 + assets/vomsdir/ops/lcg-voms2.cern.ch.lsc | 2 + assets/vomsdir/ops/voms2.cern.ch.lsc | 2 + assets/vomsdir/pamela/voms-01.pd.infn.it.lsc | 2 + assets/vomsdir/pamela/voms.cnaf.infn.it.lsc | 2 + assets/vomsdir/rdfa/voms.cnaf.infn.it.lsc | 2 + .../vomsdir/theophys/voms-01.pd.infn.it.lsc | 2 + assets/vomsdir/theophys/voms.cnaf.infn.it.lsc | 2 + assets/vomsdir/virgo/voms-01.pd.infn.it.lsc | 2 + assets/vomsdir/virgo/voms.cnaf.infn.it.lsc | 2 + .../vo.compass.cern.ch/lcg-voms2.cern.ch.lsc | 2 + .../vo.compass.cern.ch/voms2.cern.ch.lsc | 2 + .../cclcgvomsli01.in2p3.fr.lsc | 2 + .../vo.darkside.org/vomsIGI-NA.unina.it.lsc | 2 + .../vomsmania.cnaf.infn.it.lsc | 2 + .../vo.padme.org/voms-02.pd.infn.it.lsc | 2 + .../vo.padme.org/voms2.cnaf.infn.it.lsc | 2 + .../xenon.biggrid.nl/voms.grid.sara.nl.lsc | 2 + assets/vomses/alice-lcg-voms2.cern.ch | 1 + assets/vomses/alice-voms2.cern.ch | 1 + assets/vomses/argo-voms-01.pd.infn.it | 1 + assets/vomses/argo-voms.cnaf.infn.it | 1 + assets/vomses/atlas-lcg-voms2.cern.ch | 1 + assets/vomses/atlas-voms2.cern.ch | 1 + assets/vomses/auger-voms1.grid.cesnet.cz | 1 + assets/vomses/auger-voms2.grid.cesnet.cz | 1 + assets/vomses/babar-voms.gridpp.ac.uk | 1 + assets/vomses/belle-grid-voms.desy.de | 1 + assets/vomses/belle-voms.cc.kek.jp | 1 + assets/vomses/belle-voms.hep.pnnl.gov | 1 + assets/vomses/biomed-cclcgvomsli01.in2p3.fr | 1 + assets/vomses/cdf-voms-01.pd.infn.it | 1 + assets/vomses/cdf-voms.cnaf.infn.it | 1 + assets/vomses/cdf-voms1.fnal.gov | 1 + assets/vomses/cdf-voms2.fnal.gov | 1 + assets/vomses/clas12-gryphn.phys.uconn.edu | 1 + assets/vomses/clas12-jlabvoms.t2.ucsd.edu | 1 + assets/vomses/cms-lcg-voms2.cern.ch | 1 + assets/vomses/cms-voms2.cern.ch | 1 + assets/vomses/dteam-voms2.hellasgrid.gr | 1 + assets/vomses/geant4-lcg-voms.cern.ch | 1 + assets/vomses/geant4-voms.cern.ch | 1 + .../vomses/gerda.mpg.de-vomsIGI-NA.unina.it | 1 + .../gerda.mpg.de-vomsmania.cnaf.infn.it | 1 + assets/vomses/glast.org-voms-02.pd.infn.it | 1 + assets/vomses/glast.org-voms2.cnaf.infn.it | 1 + .../vomses/icarus-exp.org-vomsIGI-NA.unina.it | 1 + .../icarus-exp.org-vomsmania.cnaf.infn.it | 1 + assets/vomses/infngrid-voms.cnaf.infn.it | 1 + assets/vomses/juno-lcgvoms02.jinr.ru | 1 + assets/vomses/juno-voms.ihep.ac.cn | 1 + .../vomses/km3net.org-voms02.scope.unina.it | 1 + assets/vomses/lhcb-lcg-voms2.cern.ch | 1 + assets/vomses/lhcb-voms2.cern.ch | 1 + assets/vomses/magic-voms01.pic.es | 1 + .../muoncoll.infn.it-voms-02.pd.infn.it | 1 + .../muoncoll.infn.it-voms2.cnaf.infn.it | 1 + .../na62.vo.gridpp.ac.uk-voms.gridpp.ac.uk | 1 + .../na62.vo.gridpp.ac.uk-voms02.gridpp.ac.uk | 1 + .../na62.vo.gridpp.ac.uk-voms03.gridpp.ac.uk | 1 + assets/vomses/ops-lcg-voms2.cern.ch | 1 + assets/vomses/ops-voms2.cern.ch | 1 + assets/vomses/pamela-voms-01.pd.infn.it | 1 + assets/vomses/pamela-voms.cnaf.infn.it | 1 + assets/vomses/rdfa-voms.cnaf.infn.it | 1 + assets/vomses/theophys-voms-01.pd.infn.it | 1 + assets/vomses/theophys-voms.cnaf.infn.it | 1 + assets/vomses/virgo-voms-01.pd.infn.it | 1 + assets/vomses/virgo-voms.cnaf.infn.it | 1 + .../vo.compass.cern.ch-lcg-voms2.cern.ch | 1 + .../vomses/vo.compass.cern.ch-voms2.cern.ch | 1 + .../vo.cta.in2p3.fr-cclcgvomsli01.in2p3.fr | 1 + .../vo.darkside.org-vomsIGI-NA.unina.it | 1 + .../vo.darkside.org-vomsmania.cnaf.infn.it | 1 + assets/vomses/vo.padme.org-voms-02.pd.infn.it | 1 + assets/vomses/vo.padme.org-voms2.cnaf.infn.it | 1 + assets/vomses/voms.ihep.ac.cn | 1 + assets/vomses/voms2.hellasgrid.gr | 1 + .../vomses/xenon.biggrid.nl-voms.grid.sara.nl | 1 + docker-compose.yml | 25 +- new.docker-compose.yml | 108 +++++++ no.docker-compose.yml | 28 -- old.Dockerfile | 54 ++++ 179 files changed, 2536 insertions(+), 158 deletions(-) create mode 100644 .gitignore create mode 100644 assets/1 create mode 100644 assets/ENV delete mode 100644 assets/fts3-mon/autoindex.conf create mode 100644 assets/fts3-mon/httpd/conf.d/autoindex.conf rename assets/fts3-mon/{ => httpd/conf.d}/ftsmon.conf (93%) create mode 100644 assets/fts3-mon/httpd/conf.d/ssl.conf create mode 100644 assets/fts3-mon/httpd/conf.d/userdir.conf create mode 100644 assets/fts3-mon/httpd/conf.d/welcome.conf create mode 100644 assets/fts3-mon/httpd/conf.d/zgridsite.conf delete mode 100644 assets/fts3-mon/ssl.conf delete mode 100644 assets/fts3-mon/userdir.conf delete mode 100644 assets/fts3-mon/welcome.conf delete mode 100644 assets/fts3-mon/zgridsite.conf delete mode 100644 assets/fts3-rest/autoindex.conf create mode 100644 assets/fts3-rest/httpd/conf.d/autoindex.conf rename assets/fts3-rest/{ => httpd/conf.d}/fts3rest.conf (92%) create mode 100644 assets/fts3-rest/httpd/conf.d/ssl.conf create mode 100644 assets/fts3-rest/httpd/conf.d/userdir.conf create mode 100644 assets/fts3-rest/httpd/conf.d/welcome.conf create mode 100644 assets/fts3-rest/httpd/conf.d/zgridsite.conf delete mode 100644 assets/fts3-rest/ssl.conf delete mode 100644 assets/fts3-rest/userdir.conf delete mode 100644 assets/fts3-rest/welcome.conf delete mode 100644 assets/fts3-rest/zgridsite.conf create mode 100644 assets/fts3-server/httpd/conf.d/autoindex.conf create mode 100644 assets/fts3-server/httpd/conf.d/ssl.conf create mode 100644 assets/fts3-server/httpd/conf.d/userdir.conf create mode 100644 assets/fts3-server/httpd/conf.d/welcome.conf create mode 100644 assets/fts3-server/httpd/conf.d/zgridsite.conf create mode 100644 assets/fts3/fts-msg-monitoring.conf create mode 100644 assets/log/fts3/fts3bringonline.log create mode 100644 assets/log/fts3/fts3server.log create mode 100644 assets/log/fts3/fts_bringonline_stderr.log create mode 100644 assets/log/fts3/fts_bringonline_stdout.log create mode 100644 assets/log/fts3/fts_server_stderr.log create mode 100644 assets/log/fts3/fts_server_stdout.log create mode 100644 assets/log/fts3/msg.log create mode 100644 assets/mysql/fts-database-upgrade.py create mode 100644 assets/mysql/fts-database-upgrade.pyc create mode 100644 assets/mysql/fts-database-upgrade.pyo delete mode 100755 assets/scripts/docker-entrypoint.sh create mode 100644 assets/scripts/etc/hosts create mode 100755 assets/scripts/fts-database-upgrade.py create mode 100644 assets/scripts/fts-database-upgrade.pyc create mode 100644 assets/scripts/fts-database-upgrade.pyo create mode 100755 assets/scripts/startup-fts-mon.sh delete mode 100755 assets/scripts/startup-fts-rest-mon.sh create mode 100755 assets/scripts/startup-fts-server.sh create mode 100644 assets/supervisor/conf.d/supervisord.conf create mode 100644 assets/vomsdir/alice/lcg-voms2.cern.ch.lsc create mode 100644 assets/vomsdir/alice/voms2.cern.ch.lsc create mode 100644 assets/vomsdir/argo/voms-01.pd.infn.it.lsc create mode 100644 assets/vomsdir/argo/voms.cnaf.infn.it.lsc create mode 100644 assets/vomsdir/atlas/lcg-voms2.cern.ch.lsc create mode 100644 assets/vomsdir/atlas/voms2.cern.ch.lsc create mode 100644 assets/vomsdir/auger/voms1.grid.cesnet.cz.lsc create mode 100644 assets/vomsdir/auger/voms2.grid.cesnet.cz.lsc create mode 100644 assets/vomsdir/babar/voms.gridpp.ac.uk.lsc create mode 100644 assets/vomsdir/belle/grid-voms.desy.de.lsc create mode 100644 assets/vomsdir/belle/voms.cc.kek.jp.lsc create mode 100644 assets/vomsdir/belle/voms.hep.pnnl.gov.lsc create mode 100644 assets/vomsdir/biomed/cclcgvomsli01.in2p3.fr.lsc create mode 100644 assets/vomsdir/cdf/voms-01.pd.infn.it.lsc create mode 100644 assets/vomsdir/cdf/voms.cnaf.infn.it.lsc create mode 100644 assets/vomsdir/cdf/voms1.fnal.gov.lsc create mode 100644 assets/vomsdir/cdf/voms2.fnal.gov.lsc create mode 100644 assets/vomsdir/clas12/gryphn.phys.uconn.edu.lsc create mode 100644 assets/vomsdir/clas12/jlabvoms.t2.ucsd.edu.lsc create mode 100644 assets/vomsdir/cms/lcg-voms2.cern.ch.lsc create mode 100644 assets/vomsdir/cms/voms2.cern.ch.lsc create mode 100644 assets/vomsdir/dteam/voms2.hellasgrid.gr.lsc create mode 100644 assets/vomsdir/geant4/lcg-voms.cern.ch.lsc create mode 100644 assets/vomsdir/geant4/voms.cern.ch.lsc create mode 100644 assets/vomsdir/gerda.mpg.de/vomsIGI-NA.unina.it.lsc create mode 100644 assets/vomsdir/gerda.mpg.de/vomsmania.cnaf.infn.it.lsc create mode 100644 assets/vomsdir/glast.org/voms-02.pd.infn.it.lsc create mode 100644 assets/vomsdir/glast.org/voms2.cnaf.infn.it.lsc create mode 100644 assets/vomsdir/icarus-exp.org/vomsIGI-NA.unina.it.lsc create mode 100644 assets/vomsdir/icarus-exp.org/vomsmania.cnaf.infn.it.lsc create mode 100644 assets/vomsdir/infngrid/voms.cnaf.infn.it.lsc create mode 100644 assets/vomsdir/juno/lcgvoms02.jinr.ru.lsc create mode 100644 assets/vomsdir/juno/voms.ihep.ac.cn.lsc create mode 100644 assets/vomsdir/km3net.org/voms02.scope.unina.it.lsc create mode 100644 assets/vomsdir/lhcb/lcg-voms2.cern.ch.lsc create mode 100644 assets/vomsdir/lhcb/voms2.cern.ch.lsc create mode 100644 assets/vomsdir/magic/voms01.pic.es.lsc create mode 100644 assets/vomsdir/muoncoll.infn.it/voms-02.pd.infn.it.lsc create mode 100644 assets/vomsdir/muoncoll.infn.it/voms2.cnaf.infn.it.lsc create mode 100644 assets/vomsdir/na62.vo.gridpp.ac.uk/voms.gridpp.ac.uk.lsc create mode 100644 assets/vomsdir/na62.vo.gridpp.ac.uk/voms02.gridpp.ac.uk.lsc create mode 100644 assets/vomsdir/na62.vo.gridpp.ac.uk/voms03.gridpp.ac.uk.lsc create mode 100644 assets/vomsdir/ops/lcg-voms2.cern.ch.lsc create mode 100644 assets/vomsdir/ops/voms2.cern.ch.lsc create mode 100644 assets/vomsdir/pamela/voms-01.pd.infn.it.lsc create mode 100644 assets/vomsdir/pamela/voms.cnaf.infn.it.lsc create mode 100644 assets/vomsdir/rdfa/voms.cnaf.infn.it.lsc create mode 100644 assets/vomsdir/theophys/voms-01.pd.infn.it.lsc create mode 100644 assets/vomsdir/theophys/voms.cnaf.infn.it.lsc create mode 100644 assets/vomsdir/virgo/voms-01.pd.infn.it.lsc create mode 100644 assets/vomsdir/virgo/voms.cnaf.infn.it.lsc create mode 100644 assets/vomsdir/vo.compass.cern.ch/lcg-voms2.cern.ch.lsc create mode 100644 assets/vomsdir/vo.compass.cern.ch/voms2.cern.ch.lsc create mode 100644 assets/vomsdir/vo.cta.in2p3.fr/cclcgvomsli01.in2p3.fr.lsc create mode 100644 assets/vomsdir/vo.darkside.org/vomsIGI-NA.unina.it.lsc create mode 100644 assets/vomsdir/vo.darkside.org/vomsmania.cnaf.infn.it.lsc create mode 100644 assets/vomsdir/vo.padme.org/voms-02.pd.infn.it.lsc create mode 100644 assets/vomsdir/vo.padme.org/voms2.cnaf.infn.it.lsc create mode 100644 assets/vomsdir/xenon.biggrid.nl/voms.grid.sara.nl.lsc create mode 100644 assets/vomses/alice-lcg-voms2.cern.ch create mode 100644 assets/vomses/alice-voms2.cern.ch create mode 100644 assets/vomses/argo-voms-01.pd.infn.it create mode 100644 assets/vomses/argo-voms.cnaf.infn.it create mode 100644 assets/vomses/atlas-lcg-voms2.cern.ch create mode 100644 assets/vomses/atlas-voms2.cern.ch create mode 100644 assets/vomses/auger-voms1.grid.cesnet.cz create mode 100644 assets/vomses/auger-voms2.grid.cesnet.cz create mode 100644 assets/vomses/babar-voms.gridpp.ac.uk create mode 100644 assets/vomses/belle-grid-voms.desy.de create mode 100644 assets/vomses/belle-voms.cc.kek.jp create mode 100644 assets/vomses/belle-voms.hep.pnnl.gov create mode 100644 assets/vomses/biomed-cclcgvomsli01.in2p3.fr create mode 100644 assets/vomses/cdf-voms-01.pd.infn.it create mode 100644 assets/vomses/cdf-voms.cnaf.infn.it create mode 100644 assets/vomses/cdf-voms1.fnal.gov create mode 100644 assets/vomses/cdf-voms2.fnal.gov create mode 100644 assets/vomses/clas12-gryphn.phys.uconn.edu create mode 100644 assets/vomses/clas12-jlabvoms.t2.ucsd.edu create mode 100644 assets/vomses/cms-lcg-voms2.cern.ch create mode 100644 assets/vomses/cms-voms2.cern.ch create mode 100644 assets/vomses/dteam-voms2.hellasgrid.gr create mode 100644 assets/vomses/geant4-lcg-voms.cern.ch create mode 100644 assets/vomses/geant4-voms.cern.ch create mode 100644 assets/vomses/gerda.mpg.de-vomsIGI-NA.unina.it create mode 100644 assets/vomses/gerda.mpg.de-vomsmania.cnaf.infn.it create mode 100644 assets/vomses/glast.org-voms-02.pd.infn.it create mode 100644 assets/vomses/glast.org-voms2.cnaf.infn.it create mode 100644 assets/vomses/icarus-exp.org-vomsIGI-NA.unina.it create mode 100644 assets/vomses/icarus-exp.org-vomsmania.cnaf.infn.it create mode 100644 assets/vomses/infngrid-voms.cnaf.infn.it create mode 100644 assets/vomses/juno-lcgvoms02.jinr.ru create mode 100644 assets/vomses/juno-voms.ihep.ac.cn create mode 100644 assets/vomses/km3net.org-voms02.scope.unina.it create mode 100644 assets/vomses/lhcb-lcg-voms2.cern.ch create mode 100644 assets/vomses/lhcb-voms2.cern.ch create mode 100644 assets/vomses/magic-voms01.pic.es create mode 100644 assets/vomses/muoncoll.infn.it-voms-02.pd.infn.it create mode 100644 assets/vomses/muoncoll.infn.it-voms2.cnaf.infn.it create mode 100644 assets/vomses/na62.vo.gridpp.ac.uk-voms.gridpp.ac.uk create mode 100644 assets/vomses/na62.vo.gridpp.ac.uk-voms02.gridpp.ac.uk create mode 100644 assets/vomses/na62.vo.gridpp.ac.uk-voms03.gridpp.ac.uk create mode 100644 assets/vomses/ops-lcg-voms2.cern.ch create mode 100644 assets/vomses/ops-voms2.cern.ch create mode 100644 assets/vomses/pamela-voms-01.pd.infn.it create mode 100644 assets/vomses/pamela-voms.cnaf.infn.it create mode 100644 assets/vomses/rdfa-voms.cnaf.infn.it create mode 100644 assets/vomses/theophys-voms-01.pd.infn.it create mode 100644 assets/vomses/theophys-voms.cnaf.infn.it create mode 100644 assets/vomses/virgo-voms-01.pd.infn.it create mode 100644 assets/vomses/virgo-voms.cnaf.infn.it create mode 100644 assets/vomses/vo.compass.cern.ch-lcg-voms2.cern.ch create mode 100644 assets/vomses/vo.compass.cern.ch-voms2.cern.ch create mode 100644 assets/vomses/vo.cta.in2p3.fr-cclcgvomsli01.in2p3.fr create mode 100644 assets/vomses/vo.darkside.org-vomsIGI-NA.unina.it create mode 100644 assets/vomses/vo.darkside.org-vomsmania.cnaf.infn.it create mode 100644 assets/vomses/vo.padme.org-voms-02.pd.infn.it create mode 100644 assets/vomses/vo.padme.org-voms2.cnaf.infn.it create mode 100644 assets/vomses/voms.ihep.ac.cn create mode 100644 assets/vomses/voms2.hellasgrid.gr create mode 100644 assets/vomses/xenon.biggrid.nl-voms.grid.sara.nl create mode 100644 new.docker-compose.yml delete mode 100644 no.docker-compose.yml create mode 100644 old.Dockerfile diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..6ec20cf --- /dev/null +++ b/.gitignore @@ -0,0 +1,9 @@ +./assets/log/fts3/fts3bringonline.log +./assets/log/fts3/fts3server.log +./assets/log/fts3/fts_bringonline_stderr.log +./assets/log/fts3/fts_bringonline_stdout.log +./assets/log/fts3/fts_server_stderr.log +./assets/log/fts3/fts_server_stdout.log +./assets/log/fts3/msg.log +./assets/log/fts3/* +./assets/log/fts3/transfers/* diff --git a/Dockerfile b/Dockerfile index 3836086..c563b1b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,54 +1,16 @@ FROM centos:7 -# Install FTS -RUN yum install -y epel-release.noarch -#RUN curl https://fts-repo.web.cern.ch/fts-repo/fts3-prod-el7.repo -o /etc/yum.repos.d/fts3-prod-el7.repo -#RUN curl https://dmc-repo.web.cern.ch/dmc-repo/dmc-el7.repo -o /etc/yum.repos.d/dmc-el7.repo -RUN curl http://fts-repo.web.cern.ch/fts-repo/fts3-rc-el7.repo -o /etc/yum.repos.d/fts3-prod-el7.repo -RUN curl http://dmc-repo.web.cern.ch/dmc-repo/dmc-rc-el7.repo -o /etc/yum.repos.d/dmc-el7.repo - -RUN yum clean all && yum upgrade -y -RUN yum install -y gfal2-plugin-* --skip-broken -RUN yum install -y fts-server fts-client fts-rest fts-monitoring fts-mysql fts-msg fts-infosys -RUN yum install -y mysql MySQL-python fts-rest-oauth2 multitail -RUN yum install -y fts-server-selinux fts-rest-selinux fts-monitoring-selinux -RUN yum clean all - -# Setup FTS security -COPY assets/fts/certs/hostcert_fts.pem /etc/grid-security/hostcert.pem -COPY assets/fts/certs/hostcert_fts.key.pem /etc/grid-security/hostkey.pem -RUN chmod 400 /etc/grid-security/hostkey.pem -COPY assets/fts/Sectigo/SectigoRSA* /etc/grid-security/certificates/ -COPY assets/fts/Sectigo/USERTrustRSA-AAACA-xSign.crt /etc/grid-security/certificates/ -#COPY assets/fts/Sectigo/SHA-2\ Root\ USERTrust\ RSA\ Certification\ Authority.crt /etc/grid-security/certificates/ - - -# Database configuration for FTS server -COPY assets/fts/fts3config /etc/fts3/fts3config -COPY assets/fts/mysql/fts-schema-6.0.0.sql /usr/share/fts-mysql/fts-schema-6.0.0.sql - -# Configuration for FTSREST and FTSMON -COPY assets/fts/fts3rest.conf /etc/httpd/conf.d/fts3rest.conf -RUN echo "" > /etc/httpd/conf.d/ssl.conf &&\ - echo "" > /etc/httpd/conf.d/autoindex.conf &&\ - echo "" > /etc/httpd/conf.d/userdir.conf &&\ - echo "" > /etc/httpd/conf.d/welcome.conf &&\ - echo "" > /etc/httpd/conf.d/zgridsite.conf &&\ - echo "ServerName fts3-cnaf.cloud.cnaf.infn.it:80" >> /etc/httpd/conf/httpd.conf - -# Entrypoint waiting script for MySQL -COPY assets/fts/wait-for-it.sh /usr/local/bin/wait-for-it.sh -RUN chmod +x /usr/local/bin/wait-for-it.sh - -# Shortcut for logfiles -COPY assets/fts/logshow /usr/local/bin/logshow -RUN chmod +x /usr/local/bin/logshow -RUN touch /var/log/fts3/fts3server.log -RUN chown -R fts3:fts3 /var/log/fts3/fts3server.log -RUN touch /var/log/fts3rest/fts3rest.log -RUN chown -R fts3:fts3 /var/log/fts3rest - -# Startup -EXPOSE 8446 8449 -ADD assets/fts/docker-entrypoint.sh / -ENTRYPOINT ["/docker-entrypoint.sh"] +# Install Gfal2-tool: +RUN yum install -y gfal2-util gfal2-all + +Install SRM Client: +RUN yum install -y emi-storm-srm-client-mp + +# Install FTS3 REST CLI: +RUN yum update-y && yum install -y python-pip +RUN pip install "git+https://gitlab.cern.ch/fts/fts-rest.git" + + + + + diff --git a/assets/1 b/assets/1 new file mode 100644 index 0000000..ab321f2 --- /dev/null +++ b/assets/1 @@ -0,0 +1,16 @@ +#!/bin/bash +set -ex + +# wait for MySQL readiness +/scripts/wait-for-it.sh -h ftsdb -p 3306 -t 3600 + +# put host certificate and key to their place +cp /certs/hostcert.pem /etc/grid-security/hostcert.pem +cp /certs/hostkey.pem /etc/grid-security/hostkey.pem +cp /scripts/hosts /etc/hosts + +# put fts3 rest httpd config file to it's place +#cp /fts3-rest/fts3rest.conf /etc/httpd/conf.d/fts3rest.conf + +/usr/sbin/apachectl -DFOREGROUND # FTS REST frontend + diff --git a/assets/ENV b/assets/ENV new file mode 100644 index 0000000..feae99c --- /dev/null +++ b/assets/ENV @@ -0,0 +1,12 @@ +FTS_HOSTNAME="fts3-cnaf.cloud.cnaf.infn.it" +FTS_SERVER_VERSION=v3.10.0 +FTS_REST_VERSION=v3.10.1 +FTS_MONITORING_VERSION=v3.10.0 +FTS_MYSQL_IMAGE=mysql:5 +FTS_MYSQL_HOST=ftsdb +FTS_DATABASE=fts +FTS_DB_USER=fts +FTS_DB_PASSWD=fts +FTS_DB_ROOT_PASSWD=fts + + diff --git a/assets/fts3-mon/autoindex.conf b/assets/fts3-mon/autoindex.conf deleted file mode 100644 index 8b13789..0000000 --- a/assets/fts3-mon/autoindex.conf +++ /dev/null @@ -1 +0,0 @@ - diff --git a/assets/fts3-mon/httpd/conf.d/autoindex.conf b/assets/fts3-mon/httpd/conf.d/autoindex.conf new file mode 100644 index 0000000..a85cf5d --- /dev/null +++ b/assets/fts3-mon/httpd/conf.d/autoindex.conf @@ -0,0 +1,94 @@ +# +# Directives controlling the display of server-generated directory listings. +# +# Required modules: mod_authz_core, mod_authz_host, +# mod_autoindex, mod_alias +# +# To see the listing of a directory, the Options directive for the +# directory must include "Indexes", and the directory must not contain +# a file matching those listed in the DirectoryIndex directive. +# + +# +# IndexOptions: Controls the appearance of server-generated directory +# listings. +# +IndexOptions FancyIndexing HTMLTable VersionSort + +# We include the /icons/ alias for FancyIndexed directory listings. If +# you do not use FancyIndexing, you may comment this out. +# +Alias /icons/ "/usr/share/httpd/icons/" + +<Directory "/usr/share/httpd/icons"> + Options Indexes MultiViews FollowSymlinks + AllowOverride None + Require all granted +</Directory> + +# +# AddIcon* directives tell the server which icon to show for different +# files or filename extensions. These are only displayed for +# FancyIndexed directories. +# +AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip + +AddIconByType (TXT,/icons/text.gif) text/* +AddIconByType (IMG,/icons/image2.gif) image/* +AddIconByType (SND,/icons/sound2.gif) audio/* +AddIconByType (VID,/icons/movie.gif) video/* + +AddIcon /icons/binary.gif .bin .exe +AddIcon /icons/binhex.gif .hqx +AddIcon /icons/tar.gif .tar +AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv +AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip +AddIcon /icons/a.gif .ps .ai .eps +AddIcon /icons/layout.gif .html .shtml .htm .pdf +AddIcon /icons/text.gif .txt +AddIcon /icons/c.gif .c +AddIcon /icons/p.gif .pl .py +AddIcon /icons/f.gif .for +AddIcon /icons/dvi.gif .dvi +AddIcon /icons/uuencoded.gif .uu +AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl +AddIcon /icons/tex.gif .tex +AddIcon /icons/bomb.gif /core +AddIcon /icons/bomb.gif */core.* + +AddIcon /icons/back.gif .. +AddIcon /icons/hand.right.gif README +AddIcon /icons/folder.gif ^^DIRECTORY^^ +AddIcon /icons/blank.gif ^^BLANKICON^^ + +# +# DefaultIcon is which icon to show for files which do not have an icon +# explicitly set. +# +DefaultIcon /icons/unknown.gif + +# +# AddDescription allows you to place a short description after a file in +# server-generated indexes. These are only displayed for FancyIndexed +# directories. +# Format: AddDescription "description" filename +# +#AddDescription "GZIP compressed document" .gz +#AddDescription "tar archive" .tar +#AddDescription "GZIP compressed tar archive" .tgz + +# +# ReadmeName is the name of the README file the server will look for by +# default, and append to directory listings. +# +# HeaderName is the name of a file which should be prepended to +# directory indexes. +ReadmeName README.html +HeaderName HEADER.html + +# +# IndexIgnore is a set of filenames which directory indexing should ignore +# and not include in the listing. Shell-style wildcarding is permitted. +# +IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t + diff --git a/assets/fts3-mon/ftsmon.conf b/assets/fts3-mon/httpd/conf.d/ftsmon.conf similarity index 93% rename from assets/fts3-mon/ftsmon.conf rename to assets/fts3-mon/httpd/conf.d/ftsmon.conf index b830233..e50157c 100644 --- a/assets/fts3-mon/ftsmon.conf +++ b/assets/fts3-mon/httpd/conf.d/ftsmon.conf @@ -4,6 +4,9 @@ <IfModule !wsgi_module> LoadModule wsgi_module modules/mod_wsgi.so </IfModule> +<IfModule !gridsite_module> + LoadModule gridsite_module modules/mod_gridsite.so +</IfModule> <IfModule !version_module> LoadModule version_module modules/mod_version.so </IfModule> @@ -18,11 +21,8 @@ Listen 8449 SSLHonorCipherOrder on # Certificates -# SSLCertificateFile /etc/grid-security/hostcert.pem -# SSLCertificateKeyFile /etc/grid-security/hostkey.pem - SSLCertificateFile /certs/hostcert.pem - SSLCertificateKeyFile /certs/hostkey.pem - + SSLCertificateFile /etc/grid-security/hostcert.pem + SSLCertificateKeyFile /etc/grid-security/hostkey.pem SSLCACertificatePath /etc/grid-security/certificates SSLCARevocationPath /etc/grid-security/certificates diff --git a/assets/fts3-mon/httpd/conf.d/ssl.conf b/assets/fts3-mon/httpd/conf.d/ssl.conf new file mode 100644 index 0000000..fe96202 --- /dev/null +++ b/assets/fts3-mon/httpd/conf.d/ssl.conf @@ -0,0 +1,217 @@ +# +# When we also provide SSL we have to listen to the +# the HTTPS port in addition. +# +Listen 443 https + +## +## SSL Global Context +## +## All SSL configuration in this context applies both to +## the main server and all SSL-enabled virtual hosts. +## + +# Pass Phrase Dialog: +# Configure the pass phrase gathering process. +# The filtering dialog program (`builtin' is a internal +# terminal dialog) has to provide the pass phrase on stdout. +SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog + +# Inter-Process Session Cache: +# Configure the SSL Session Cache: First the mechanism +# to use and second the expiring timeout (in seconds). +SSLSessionCache shmcb:/run/httpd/sslcache(512000) +SSLSessionCacheTimeout 300 + +# Pseudo Random Number Generator (PRNG): +# Configure one or more sources to seed the PRNG of the +# SSL library. The seed data should be of good random quality. +# WARNING! On some platforms /dev/random blocks if not enough entropy +# is available. This means you then cannot use the /dev/random device +# because it would lead to very long connection times (as long as +# it requires to make more entropy available). But usually those +# platforms additionally provide a /dev/urandom device which doesn't +# block. So, if available, use this one instead. Read the mod_ssl User +# Manual for more details. +SSLRandomSeed startup file:/dev/urandom 256 +SSLRandomSeed connect builtin +#SSLRandomSeed startup file:/dev/random 512 +#SSLRandomSeed connect file:/dev/random 512 +#SSLRandomSeed connect file:/dev/urandom 512 + +# +# Use "SSLCryptoDevice" to enable any supported hardware +# accelerators. Use "openssl engine -v" to list supported +# engine names. NOTE: If you enable an accelerator and the +# server does not start, consult the error logs and ensure +# your accelerator is functioning properly. +# +SSLCryptoDevice builtin +#SSLCryptoDevice ubsec + +## +## SSL Virtual Host Context +## + +<VirtualHost _default_:443> + +# General setup for the virtual host, inherited from global configuration +#DocumentRoot "/var/www/html" +#ServerName www.example.com:443 + +# Use separate log files for the SSL virtual host; note that LogLevel +# is not inherited from httpd.conf. +ErrorLog logs/ssl_error_log +TransferLog logs/ssl_access_log +LogLevel warn + +# SSL Engine Switch: +# Enable/Disable SSL for this virtual host. +SSLEngine on + +# SSL Protocol support: +# List the enable protocol levels with which clients will be able to +# connect. Disable SSLv2 access by default: +SSLProtocol all -SSLv2 -SSLv3 + +# SSL Cipher Suite: +# List the ciphers that the client is permitted to negotiate. +# See the mod_ssl documentation for a complete list. +SSLCipherSuite HIGH:3DES:!aNULL:!MD5:!SEED:!IDEA + +# Speed-optimized SSL Cipher configuration: +# If speed is your main concern (on busy HTTPS servers e.g.), +# you might want to force clients to specific, performance +# optimized ciphers. In this case, prepend those ciphers +# to the SSLCipherSuite list, and enable SSLHonorCipherOrder. +# Caveat: by giving precedence to RC4-SHA and AES128-SHA +# (as in the example below), most connections will no longer +# have perfect forward secrecy - if the server's key is +# compromised, captures of past or future traffic must be +# considered compromised, too. +#SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5 +#SSLHonorCipherOrder on + +# Server Certificate: +# Point SSLCertificateFile at a PEM encoded certificate. If +# the certificate is encrypted, then you will be prompted for a +# pass phrase. Note that a kill -HUP will prompt again. A new +# certificate can be generated using the genkey(1) command. +SSLCertificateFile /etc/grid-security/hostcert.pem + +# Server Private Key: +# If the key is not combined with the certificate, use this +# directive to point at the key file. Keep in mind that if +# you've both a RSA and a DSA private key you can configure +# both in parallel (to also allow the use of DSA ciphers, etc.) +SSLCertificateKeyFile /etc/grid-security/hostkey.pem + +# Server Certificate Chain: +# Point SSLCertificateChainFile at a file containing the +# concatenation of PEM encoded CA certificates which form the +# certificate chain for the server certificate. Alternatively +# the referenced file can be the same as SSLCertificateFile +# when the CA certificates are directly appended to the server +# certificate for convinience. +##### SSLCertificateChainFile /etc/grid-security/hostcert.pem + +# Certificate Authority (CA): +# Set the CA certificate verification path where to find CA +# certificates for client authentication or alternatively one +# huge file containing all of them (file must be PEM encoded) +#SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt + +# Client Authentication (Type): +# Client certificate verification type and depth. Types are +# none, optional, require and optional_no_ca. Depth is a +# number which specifies how deeply to verify the certificate +# issuer chain before deciding the certificate is not valid. +#SSLVerifyClient require +#SSLVerifyDepth 10 + +# Access Control: +# With SSLRequire you can do per-directory access control based +# on arbitrary complex boolean expressions containing server +# variable checks and other lookup directives. The syntax is a +# mixture between C and Perl. See the mod_ssl documentation +# for more details. +#<Location /> +#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \ +# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \ +# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \ +# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \ +# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \ +# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/ +#</Location> + +# SSL Engine Options: +# Set various options for the SSL engine. +# o FakeBasicAuth: +# Translate the client X.509 into a Basic Authorisation. This means that +# the standard Auth/DBMAuth methods can be used for access control. The +# user name is the `one line' version of the client's X.509 certificate. +# Note that no password is obtained from the user. Every entry in the user +# file needs this password: `xxj31ZMTZzkVA'. +# o ExportCertData: +# This exports two additional environment variables: SSL_CLIENT_CERT and +# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the +# server (always existing) and the client (only existing when client +# authentication is used). This can be used to import the certificates +# into CGI scripts. +# o StdEnvVars: +# This exports the standard SSL/TLS related `SSL_*' environment variables. +# Per default this exportation is switched off for performance reasons, +# because the extraction step is an expensive operation and is usually +# useless for serving static content. So one usually enables the +# exportation for CGI and SSI requests only. +# o StrictRequire: +# This denies access when "SSLRequireSSL" or "SSLRequire" applied even +# under a "Satisfy any" situation, i.e. when it applies access is denied +# and no other module can change it. +# o OptRenegotiate: +# This enables optimized SSL connection renegotiation handling when SSL +# directives are used in per-directory context. +#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire +<Files ~ "\.(cgi|shtml|phtml|php3?)$"> + SSLOptions +StdEnvVars +</Files> +<Directory "/var/www/cgi-bin"> + SSLOptions +StdEnvVars +</Directory> + +# SSL Protocol Adjustments: +# The safe and default but still SSL/TLS standard compliant shutdown +# approach is that mod_ssl sends the close notify alert but doesn't wait for +# the close notify alert from client. When you need a different shutdown +# approach you can use one of the following variables: +# o ssl-unclean-shutdown: +# This forces an unclean shutdown when the connection is closed, i.e. no +# SSL close notify alert is send or allowed to received. This violates +# the SSL/TLS standard but is needed for some brain-dead browsers. Use +# this when you receive I/O errors because of the standard approach where +# mod_ssl sends the close notify alert. +# o ssl-accurate-shutdown: +# This forces an accurate shutdown when the connection is closed, i.e. a +# SSL close notify alert is send and mod_ssl waits for the close notify +# alert of the client. This is 100% SSL/TLS standard compliant, but in +# practice often causes hanging connections with brain-dead browsers. Use +# this only for browsers where you know that their SSL implementation +# works correctly. +# Notice: Most problems of broken clients are also related to the HTTP +# keep-alive facility, so you usually additionally want to disable +# keep-alive for those clients, too. Use variable "nokeepalive" for this. +# Similarly, one has to force some clients to use HTTP/1.0 to workaround +# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and +# "force-response-1.0" for this. +BrowserMatch "MSIE [2-5]" \ + nokeepalive ssl-unclean-shutdown \ + downgrade-1.0 force-response-1.0 + +# Per-Server Logging: +# The home of a custom SSL log file. Use this when you want a +# compact non-error SSL logfile on a virtual host basis. +CustomLog logs/ssl_request_log \ + "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" + +</VirtualHost> + diff --git a/assets/fts3-mon/httpd/conf.d/userdir.conf b/assets/fts3-mon/httpd/conf.d/userdir.conf new file mode 100644 index 0000000..b5d7a49 --- /dev/null +++ b/assets/fts3-mon/httpd/conf.d/userdir.conf @@ -0,0 +1,36 @@ +# +# UserDir: The name of the directory that is appended onto a user's home +# directory if a ~user request is received. +# +# The path to the end user account 'public_html' directory must be +# accessible to the webserver userid. This usually means that ~userid +# must have permissions of 711, ~userid/public_html must have permissions +# of 755, and documents contained therein must be world-readable. +# Otherwise, the client will only receive a "403 Forbidden" message. +# +<IfModule mod_userdir.c> + # + # UserDir is disabled by default since it can confirm the presence + # of a username on the system (depending on home directory + # permissions). + # + UserDir disabled + + # + # To enable requests to /~user/ to serve the user's public_html + # directory, remove the "UserDir disabled" line above, and uncomment + # the following line instead: + # + #UserDir public_html +</IfModule> + +# +# Control access to UserDir directories. The following is an example +# for a site where these directories are restricted to read-only. +# +<Directory "/home/*/public_html"> + AllowOverride FileInfo AuthConfig Limit Indexes + Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec + Require method GET POST OPTIONS +</Directory> + diff --git a/assets/fts3-mon/httpd/conf.d/welcome.conf b/assets/fts3-mon/httpd/conf.d/welcome.conf new file mode 100644 index 0000000..c1b6c11 --- /dev/null +++ b/assets/fts3-mon/httpd/conf.d/welcome.conf @@ -0,0 +1,22 @@ +# +# This configuration file enables the default "Welcome" page if there +# is no default index page present for the root URL. To disable the +# Welcome page, comment out all the lines below. +# +# NOTE: if this file is removed, it will be restored on upgrades. +# +<LocationMatch "^/+$"> + Options -Indexes + ErrorDocument 403 /.noindex.html +</LocationMatch> + +<Directory /usr/share/httpd/noindex> + AllowOverride None + Require all granted +</Directory> + +Alias /.noindex.html /usr/share/httpd/noindex/index.html +Alias /noindex/css/bootstrap.min.css /usr/share/httpd/noindex/css/bootstrap.min.css +Alias /noindex/css/open-sans.css /usr/share/httpd/noindex/css/open-sans.css +Alias /images/apache_pb.gif /usr/share/httpd/noindex/images/apache_pb.gif +Alias /images/poweredby.png /usr/share/httpd/noindex/images/poweredby.png diff --git a/assets/fts3-mon/httpd/conf.d/zgridsite.conf b/assets/fts3-mon/httpd/conf.d/zgridsite.conf new file mode 100644 index 0000000..a777a57 --- /dev/null +++ b/assets/fts3-mon/httpd/conf.d/zgridsite.conf @@ -0,0 +1,111 @@ +# +# This is the Apache server configuration file providing GridSite support. +# It contains the configuration directives to instruct the server how to +# serve pages over an https connection with access controls enabled +# via .gacl files. + +# In order to benefit from GridSite it is nescesary to optinally autheticate +# clients to this web server: +# Within mod_ssl's configuration for <VirtualHost _default_:443> +# you should have at least the following parameters set. The mod_ssl +# file cotains more detailed comments about these settings. +## 1. Location of web server certificate file. +## SSLCertificateFile /etc/pki/tls/certs/localhost.crt +## or +## SSLCertificateFile /etc/grid-security/hostcert.pem +## 2. Location of web server key file. +## SSLCertificateKeyFile /etc/pki/tls/private/localhost.key +## or +## SSLCertificateKeyFile /etc/grid-security/hostkey.pem +## 3. Location of certificate authorities which the server should trust. +## SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt +## or +## SSLCACertificatePath /etc/pki/tls/certs/ +## or +## SSLCACertificatePath /etc/grid-security/cetificates +##4. You must at least optionally authenticate clients. +## SSLVerifyClient optional +## SSLVerifyDepth 10 + + + +# Do NOT simply read the instructions in here without understanding +# what they do. They're here only as hints or reminders. If you are unsure +# consult the online docs. You have been warned. +# + +<IfModule !gridsite_module> + LoadModule gridsite_module modules/mod_gridsite.so +</IfModule> +# LoadModule gridsite_module modules/mod_gridsite.so + +ScriptAlias /gridsite-cgi-bin/real-gridsite-admin.cgi "/usr/libexec/gridsite/cgi-bin/real-gridsite-admin.cgi" + + +#Location of authentication cookies and SSL session credentials directory, relative to ServerRoot. Used by GridHTTP to +#record the credentials obtained via HTTPS, and available to the corresponding HTTP request or subsequent HTTPS requests +#following a session restart. (Default: /var/www/sessions) +GridSiteSessionsDir /var/cache/mod_gridsite + +## This is the path of directories (and all their subdirectories) for +## GACL to search when it encounters a dn-list credential. The DN List +## files are plain text, one DN per line, and must have the full url +## as the file name, but URL Encoded - eg with urlencode(1) +# GridSiteDNlists /etc/grid-security/dn-lists/:/var/www/html/dn-lists/ +GridSiteDNlists /etc/grid-security/dn-lists/ + +## This is used to form the URL at which DN Lists "owned" by this +## server are exported. https://FULL.SERVER.NAME/dn-lists/file +GridSiteDNlistsURI /gridsite/dn-lists/ + +## These directives (and the ScriptAlias above) allow authorized +## people to manage files, ACLs and DN Lists through their web +## browsers via HTTPS. The value of GridSiteAdminFile appears to +## exist in every directory, but is internally redirected by +## mod_gridsite to the value of GridSiteAdminURI (the ScriptAlias +## then maps that onto the real-gridsite-admin.cgi executable.) +GridSiteAdminFile gridsite-admin.cgi +GridSiteAdminUri /gridsite-cgi-bin/real-gridsite-admin.cgi + + +Alias /gridsite "/var/lib/gridsite" + + +<Directory "/var/lib/gridsite/"> + SSLOptions +ExportCertData +StdEnvVars + ## This sets up GACL authorization for this server + GridSiteAuth on + + ## This exports various bits of info into the CGI environment + ## variables (and is needed for gridsite-admin.cgi to work.) + GridSiteEnvs on + + ## Nice GridSite directory listings + GridSiteIndexes on + + ## If this is on, GridSite will look for gridsitehead.txt and + ## gridsitefoot.txt in the current directory or its parents, and + ## use them to replace the <body> and </body> tags in .html files. + GridSiteHtmlFormat on + + ## Set the filenames to be used for as standard headers and footers for HTML pages. If the file + ## name begins with "/" then this is used as the absolute path to that file to be used. + ## Otherwise, for each HTML page, the directory of that page is tried first, and then parent + ## directories in ascending order until a header / footer file is found. Header files are inserted + ## in place of HTML <body[ ...]> tags; footer files in place of </body>. (These standard files + ## should each include the appropriate body tag as a replacement.) (Defaults: GridSiteHeadFile + ## gridsitehead.txt, GridSiteFootFile gridsitefoot.txt) + # GridSiteHeadFile gridsitehead.txt + # GridSiteFootFile gridsitefoot.txt + + ## If this is greater than zero, we will accept GSI Proxies for clients + ## (full client certificates - eg inside web browsers - are always ok) + GridSiteGSIProxyLimit 9 + + ## This directive allows authorized people to write/delete files + ## from non-browser clients - eg with htcp(1) + GridSiteMethods GET PUT DELETE MOVE POST + +</Directory> + + diff --git a/assets/fts3-mon/ssl.conf b/assets/fts3-mon/ssl.conf deleted file mode 100644 index 8b13789..0000000 --- a/assets/fts3-mon/ssl.conf +++ /dev/null @@ -1 +0,0 @@ - diff --git a/assets/fts3-mon/userdir.conf b/assets/fts3-mon/userdir.conf deleted file mode 100644 index 8b13789..0000000 --- a/assets/fts3-mon/userdir.conf +++ /dev/null @@ -1 +0,0 @@ - diff --git a/assets/fts3-mon/welcome.conf b/assets/fts3-mon/welcome.conf deleted file mode 100644 index 8b13789..0000000 --- a/assets/fts3-mon/welcome.conf +++ /dev/null @@ -1 +0,0 @@ - diff --git a/assets/fts3-mon/zgridsite.conf b/assets/fts3-mon/zgridsite.conf deleted file mode 100644 index 8b13789..0000000 --- a/assets/fts3-mon/zgridsite.conf +++ /dev/null @@ -1 +0,0 @@ - diff --git a/assets/fts3-rest/autoindex.conf b/assets/fts3-rest/autoindex.conf deleted file mode 100644 index 8b13789..0000000 --- a/assets/fts3-rest/autoindex.conf +++ /dev/null @@ -1 +0,0 @@ - diff --git a/assets/fts3-rest/httpd/conf.d/autoindex.conf b/assets/fts3-rest/httpd/conf.d/autoindex.conf new file mode 100644 index 0000000..a85cf5d --- /dev/null +++ b/assets/fts3-rest/httpd/conf.d/autoindex.conf @@ -0,0 +1,94 @@ +# +# Directives controlling the display of server-generated directory listings. +# +# Required modules: mod_authz_core, mod_authz_host, +# mod_autoindex, mod_alias +# +# To see the listing of a directory, the Options directive for the +# directory must include "Indexes", and the directory must not contain +# a file matching those listed in the DirectoryIndex directive. +# + +# +# IndexOptions: Controls the appearance of server-generated directory +# listings. +# +IndexOptions FancyIndexing HTMLTable VersionSort + +# We include the /icons/ alias for FancyIndexed directory listings. If +# you do not use FancyIndexing, you may comment this out. +# +Alias /icons/ "/usr/share/httpd/icons/" + +<Directory "/usr/share/httpd/icons"> + Options Indexes MultiViews FollowSymlinks + AllowOverride None + Require all granted +</Directory> + +# +# AddIcon* directives tell the server which icon to show for different +# files or filename extensions. These are only displayed for +# FancyIndexed directories. +# +AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip + +AddIconByType (TXT,/icons/text.gif) text/* +AddIconByType (IMG,/icons/image2.gif) image/* +AddIconByType (SND,/icons/sound2.gif) audio/* +AddIconByType (VID,/icons/movie.gif) video/* + +AddIcon /icons/binary.gif .bin .exe +AddIcon /icons/binhex.gif .hqx +AddIcon /icons/tar.gif .tar +AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv +AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip +AddIcon /icons/a.gif .ps .ai .eps +AddIcon /icons/layout.gif .html .shtml .htm .pdf +AddIcon /icons/text.gif .txt +AddIcon /icons/c.gif .c +AddIcon /icons/p.gif .pl .py +AddIcon /icons/f.gif .for +AddIcon /icons/dvi.gif .dvi +AddIcon /icons/uuencoded.gif .uu +AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl +AddIcon /icons/tex.gif .tex +AddIcon /icons/bomb.gif /core +AddIcon /icons/bomb.gif */core.* + +AddIcon /icons/back.gif .. +AddIcon /icons/hand.right.gif README +AddIcon /icons/folder.gif ^^DIRECTORY^^ +AddIcon /icons/blank.gif ^^BLANKICON^^ + +# +# DefaultIcon is which icon to show for files which do not have an icon +# explicitly set. +# +DefaultIcon /icons/unknown.gif + +# +# AddDescription allows you to place a short description after a file in +# server-generated indexes. These are only displayed for FancyIndexed +# directories. +# Format: AddDescription "description" filename +# +#AddDescription "GZIP compressed document" .gz +#AddDescription "tar archive" .tar +#AddDescription "GZIP compressed tar archive" .tgz + +# +# ReadmeName is the name of the README file the server will look for by +# default, and append to directory listings. +# +# HeaderName is the name of a file which should be prepended to +# directory indexes. +ReadmeName README.html +HeaderName HEADER.html + +# +# IndexIgnore is a set of filenames which directory indexing should ignore +# and not include in the listing. Shell-style wildcarding is permitted. +# +IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t + diff --git a/assets/fts3-rest/fts3rest.conf b/assets/fts3-rest/httpd/conf.d/fts3rest.conf similarity index 92% rename from assets/fts3-rest/fts3rest.conf rename to assets/fts3-rest/httpd/conf.d/fts3rest.conf index 04fd304..b7c7a2b 100644 --- a/assets/fts3-rest/fts3rest.conf +++ b/assets/fts3-rest/httpd/conf.d/fts3rest.conf @@ -26,11 +26,8 @@ Listen 8446 SSLHonorCipherOrder on # Certificates -# SSLCertificateFile /etc/grid-security/hostcert.pem -# SSLCertificateKeyFile /etc/grid-security/hostkey.pem - SSLCertificateFile /certs/hostcert.pem - SSLCertificateKeyFile /certs/hostkey.pem - + SSLCertificateFile /etc/grid-security/hostcert.pem + SSLCertificateKeyFile /etc/grid-security/hostkey.pem SSLCACertificatePath /etc/grid-security/certificates SSLCARevocationPath /etc/grid-security/certificates diff --git a/assets/fts3-rest/httpd/conf.d/ssl.conf b/assets/fts3-rest/httpd/conf.d/ssl.conf new file mode 100644 index 0000000..a619886 --- /dev/null +++ b/assets/fts3-rest/httpd/conf.d/ssl.conf @@ -0,0 +1,217 @@ +# +# When we also provide SSL we have to listen to the +# the HTTPS port in addition. +# +Listen 443 https + +## +## SSL Global Context +## +## All SSL configuration in this context applies both to +## the main server and all SSL-enabled virtual hosts. +## + +# Pass Phrase Dialog: +# Configure the pass phrase gathering process. +# The filtering dialog program (`builtin' is a internal +# terminal dialog) has to provide the pass phrase on stdout. +SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog + +# Inter-Process Session Cache: +# Configure the SSL Session Cache: First the mechanism +# to use and second the expiring timeout (in seconds). +SSLSessionCache shmcb:/run/httpd/sslcache(512000) +SSLSessionCacheTimeout 300 + +# Pseudo Random Number Generator (PRNG): +# Configure one or more sources to seed the PRNG of the +# SSL library. The seed data should be of good random quality. +# WARNING! On some platforms /dev/random blocks if not enough entropy +# is available. This means you then cannot use the /dev/random device +# because it would lead to very long connection times (as long as +# it requires to make more entropy available). But usually those +# platforms additionally provide a /dev/urandom device which doesn't +# block. So, if available, use this one instead. Read the mod_ssl User +# Manual for more details. +SSLRandomSeed startup file:/dev/urandom 256 +SSLRandomSeed connect builtin +#SSLRandomSeed startup file:/dev/random 512 +#SSLRandomSeed connect file:/dev/random 512 +#SSLRandomSeed connect file:/dev/urandom 512 + +# +# Use "SSLCryptoDevice" to enable any supported hardware +# accelerators. Use "openssl engine -v" to list supported +# engine names. NOTE: If you enable an accelerator and the +# server does not start, consult the error logs and ensure +# your accelerator is functioning properly. +# +SSLCryptoDevice builtin +#SSLCryptoDevice ubsec + +## +## SSL Virtual Host Context +## + +<VirtualHost _default_:443> + +# General setup for the virtual host, inherited from global configuration +#DocumentRoot "/var/www/html" +#ServerName www.example.com:443 + +# Use separate log files for the SSL virtual host; note that LogLevel +# is not inherited from httpd.conf. +ErrorLog logs/ssl_error_log +TransferLog logs/ssl_access_log +LogLevel warn + +# SSL Engine Switch: +# Enable/Disable SSL for this virtual host. +SSLEngine on + +# SSL Protocol support: +# List the enable protocol levels with which clients will be able to +# connect. Disable SSLv2 access by default: +SSLProtocol all -SSLv2 -SSLv3 + +# SSL Cipher Suite: +# List the ciphers that the client is permitted to negotiate. +# See the mod_ssl documentation for a complete list. +SSLCipherSuite HIGH:3DES:!aNULL:!MD5:!SEED:!IDEA + +# Speed-optimized SSL Cipher configuration: +# If speed is your main concern (on busy HTTPS servers e.g.), +# you might want to force clients to specific, performance +# optimized ciphers. In this case, prepend those ciphers +# to the SSLCipherSuite list, and enable SSLHonorCipherOrder. +# Caveat: by giving precedence to RC4-SHA and AES128-SHA +# (as in the example below), most connections will no longer +# have perfect forward secrecy - if the server's key is +# compromised, captures of past or future traffic must be +# considered compromised, too. +#SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5 +#SSLHonorCipherOrder on + +# Server Certificate: +# Point SSLCertificateFile at a PEM encoded certificate. If +# the certificate is encrypted, then you will be prompted for a +# pass phrase. Note that a kill -HUP will prompt again. A new +# certificate can be generated using the genkey(1) command. +SSLCertificateFile /etc/grid-security/hostcert.pem + +# Server Private Key: +# If the key is not combined with the certificate, use this +# directive to point at the key file. Keep in mind that if +# you've both a RSA and a DSA private key you can configure +# both in parallel (to also allow the use of DSA ciphers, etc.) +SSLCertificateKeyFile /etc/grid-security/hostkey.pem + +# Server Certificate Chain: +# Point SSLCertificateChainFile at a file containing the +# concatenation of PEM encoded CA certificates which form the +# certificate chain for the server certificate. Alternatively +# the referenced file can be the same as SSLCertificateFile +# when the CA certificates are directly appended to the server +# certificate for convinience. +##### SSLCertificateChainFile /etc/grid-security/hostcert.pem + +# Certificate Authority (CA): +# Set the CA certificate verification path where to find CA +# certificates for client authentication or alternatively one +# huge file containing all of them (file must be PEM encoded) +#SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt + +# Client Authentication (Type): +# Client certificate verification type and depth. Types are +# none, optional, require and optional_no_ca. Depth is a +# number which specifies how deeply to verify the certificate +# issuer chain before deciding the certificate is not valid. +#SSLVerifyClient require +#SSLVerifyDepth 10 + +# Access Control: +# With SSLRequire you can do per-directory access control based +# on arbitrary complex boolean expressions containing server +# variable checks and other lookup directives. The syntax is a +# mixture between C and Perl. See the mod_ssl documentation +# for more details. +#<Location /> +#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \ +# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \ +# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \ +# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \ +# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \ +# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/ +#</Location> + +# SSL Engine Options: +# Set various options for the SSL engine. +# o FakeBasicAuth: +# Translate the client X.509 into a Basic Authorisation. This means that +# the standard Auth/DBMAuth methods can be used for access control. The +# user name is the `one line' version of the client's X.509 certificate. +# Note that no password is obtained from the user. Every entry in the user +# file needs this password: `xxj31ZMTZzkVA'. +# o ExportCertData: +# This exports two additional environment variables: SSL_CLIENT_CERT and +# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the +# server (always existing) and the client (only existing when client +# authentication is used). This can be used to import the certificates +# into CGI scripts. +# o StdEnvVars: +# This exports the standard SSL/TLS related `SSL_*' environment variables. +# Per default this exportation is switched off for performance reasons, +# because the extraction step is an expensive operation and is usually +# useless for serving static content. So one usually enables the +# exportation for CGI and SSI requests only. +# o StrictRequire: +# This denies access when "SSLRequireSSL" or "SSLRequire" applied even +# under a "Satisfy any" situation, i.e. when it applies access is denied +# and no other module can change it. +# o OptRenegotiate: +# This enables optimized SSL connection renegotiation handling when SSL +# directives are used in per-directory context. +#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire +<Files ~ "\.(cgi|shtml|phtml|php3?)$"> + SSLOptions +StdEnvVars +</Files> +<Directory "/var/www/cgi-bin"> + SSLOptions +StdEnvVars +</Directory> + +# SSL Protocol Adjustments: +# The safe and default but still SSL/TLS standard compliant shutdown +# approach is that mod_ssl sends the close notify alert but doesn't wait for +# the close notify alert from client. When you need a different shutdown +# approach you can use one of the following variables: +# o ssl-unclean-shutdown: +# This forces an unclean shutdown when the connection is closed, i.e. no +# SSL close notify alert is send or allowed to received. This violates +# the SSL/TLS standard but is needed for some brain-dead browsers. Use +# this when you receive I/O errors because of the standard approach where +# mod_ssl sends the close notify alert. +# o ssl-accurate-shutdown: +# This forces an accurate shutdown when the connection is closed, i.e. a +# SSL close notify alert is send and mod_ssl waits for the close notify +# alert of the client. This is 100% SSL/TLS standard compliant, but in +# practice often causes hanging connections with brain-dead browsers. Use +# this only for browsers where you know that their SSL implementation +# works correctly. +# Notice: Most problems of broken clients are also related to the HTTP +# keep-alive facility, so you usually additionally want to disable +# keep-alive for those clients, too. Use variable "nokeepalive" for this. +# Similarly, one has to force some clients to use HTTP/1.0 to workaround +# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and +# "force-response-1.0" for this. +BrowserMatch "MSIE [2-5]" \ + nokeepalive ssl-unclean-shutdown \ + downgrade-1.0 force-response-1.0 + +# Per-Server Logging: +# The home of a custom SSL log file. Use this when you want a +# compact non-error SSL logfile on a virtual host basis. +CustomLog logs/ssl_request_log \ + "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" + +</VirtualHost> + diff --git a/assets/fts3-rest/httpd/conf.d/userdir.conf b/assets/fts3-rest/httpd/conf.d/userdir.conf new file mode 100644 index 0000000..b5d7a49 --- /dev/null +++ b/assets/fts3-rest/httpd/conf.d/userdir.conf @@ -0,0 +1,36 @@ +# +# UserDir: The name of the directory that is appended onto a user's home +# directory if a ~user request is received. +# +# The path to the end user account 'public_html' directory must be +# accessible to the webserver userid. This usually means that ~userid +# must have permissions of 711, ~userid/public_html must have permissions +# of 755, and documents contained therein must be world-readable. +# Otherwise, the client will only receive a "403 Forbidden" message. +# +<IfModule mod_userdir.c> + # + # UserDir is disabled by default since it can confirm the presence + # of a username on the system (depending on home directory + # permissions). + # + UserDir disabled + + # + # To enable requests to /~user/ to serve the user's public_html + # directory, remove the "UserDir disabled" line above, and uncomment + # the following line instead: + # + #UserDir public_html +</IfModule> + +# +# Control access to UserDir directories. The following is an example +# for a site where these directories are restricted to read-only. +# +<Directory "/home/*/public_html"> + AllowOverride FileInfo AuthConfig Limit Indexes + Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec + Require method GET POST OPTIONS +</Directory> + diff --git a/assets/fts3-rest/httpd/conf.d/welcome.conf b/assets/fts3-rest/httpd/conf.d/welcome.conf new file mode 100644 index 0000000..c1b6c11 --- /dev/null +++ b/assets/fts3-rest/httpd/conf.d/welcome.conf @@ -0,0 +1,22 @@ +# +# This configuration file enables the default "Welcome" page if there +# is no default index page present for the root URL. To disable the +# Welcome page, comment out all the lines below. +# +# NOTE: if this file is removed, it will be restored on upgrades. +# +<LocationMatch "^/+$"> + Options -Indexes + ErrorDocument 403 /.noindex.html +</LocationMatch> + +<Directory /usr/share/httpd/noindex> + AllowOverride None + Require all granted +</Directory> + +Alias /.noindex.html /usr/share/httpd/noindex/index.html +Alias /noindex/css/bootstrap.min.css /usr/share/httpd/noindex/css/bootstrap.min.css +Alias /noindex/css/open-sans.css /usr/share/httpd/noindex/css/open-sans.css +Alias /images/apache_pb.gif /usr/share/httpd/noindex/images/apache_pb.gif +Alias /images/poweredby.png /usr/share/httpd/noindex/images/poweredby.png diff --git a/assets/fts3-rest/httpd/conf.d/zgridsite.conf b/assets/fts3-rest/httpd/conf.d/zgridsite.conf new file mode 100644 index 0000000..a777a57 --- /dev/null +++ b/assets/fts3-rest/httpd/conf.d/zgridsite.conf @@ -0,0 +1,111 @@ +# +# This is the Apache server configuration file providing GridSite support. +# It contains the configuration directives to instruct the server how to +# serve pages over an https connection with access controls enabled +# via .gacl files. + +# In order to benefit from GridSite it is nescesary to optinally autheticate +# clients to this web server: +# Within mod_ssl's configuration for <VirtualHost _default_:443> +# you should have at least the following parameters set. The mod_ssl +# file cotains more detailed comments about these settings. +## 1. Location of web server certificate file. +## SSLCertificateFile /etc/pki/tls/certs/localhost.crt +## or +## SSLCertificateFile /etc/grid-security/hostcert.pem +## 2. Location of web server key file. +## SSLCertificateKeyFile /etc/pki/tls/private/localhost.key +## or +## SSLCertificateKeyFile /etc/grid-security/hostkey.pem +## 3. Location of certificate authorities which the server should trust. +## SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt +## or +## SSLCACertificatePath /etc/pki/tls/certs/ +## or +## SSLCACertificatePath /etc/grid-security/cetificates +##4. You must at least optionally authenticate clients. +## SSLVerifyClient optional +## SSLVerifyDepth 10 + + + +# Do NOT simply read the instructions in here without understanding +# what they do. They're here only as hints or reminders. If you are unsure +# consult the online docs. You have been warned. +# + +<IfModule !gridsite_module> + LoadModule gridsite_module modules/mod_gridsite.so +</IfModule> +# LoadModule gridsite_module modules/mod_gridsite.so + +ScriptAlias /gridsite-cgi-bin/real-gridsite-admin.cgi "/usr/libexec/gridsite/cgi-bin/real-gridsite-admin.cgi" + + +#Location of authentication cookies and SSL session credentials directory, relative to ServerRoot. Used by GridHTTP to +#record the credentials obtained via HTTPS, and available to the corresponding HTTP request or subsequent HTTPS requests +#following a session restart. (Default: /var/www/sessions) +GridSiteSessionsDir /var/cache/mod_gridsite + +## This is the path of directories (and all their subdirectories) for +## GACL to search when it encounters a dn-list credential. The DN List +## files are plain text, one DN per line, and must have the full url +## as the file name, but URL Encoded - eg with urlencode(1) +# GridSiteDNlists /etc/grid-security/dn-lists/:/var/www/html/dn-lists/ +GridSiteDNlists /etc/grid-security/dn-lists/ + +## This is used to form the URL at which DN Lists "owned" by this +## server are exported. https://FULL.SERVER.NAME/dn-lists/file +GridSiteDNlistsURI /gridsite/dn-lists/ + +## These directives (and the ScriptAlias above) allow authorized +## people to manage files, ACLs and DN Lists through their web +## browsers via HTTPS. The value of GridSiteAdminFile appears to +## exist in every directory, but is internally redirected by +## mod_gridsite to the value of GridSiteAdminURI (the ScriptAlias +## then maps that onto the real-gridsite-admin.cgi executable.) +GridSiteAdminFile gridsite-admin.cgi +GridSiteAdminUri /gridsite-cgi-bin/real-gridsite-admin.cgi + + +Alias /gridsite "/var/lib/gridsite" + + +<Directory "/var/lib/gridsite/"> + SSLOptions +ExportCertData +StdEnvVars + ## This sets up GACL authorization for this server + GridSiteAuth on + + ## This exports various bits of info into the CGI environment + ## variables (and is needed for gridsite-admin.cgi to work.) + GridSiteEnvs on + + ## Nice GridSite directory listings + GridSiteIndexes on + + ## If this is on, GridSite will look for gridsitehead.txt and + ## gridsitefoot.txt in the current directory or its parents, and + ## use them to replace the <body> and </body> tags in .html files. + GridSiteHtmlFormat on + + ## Set the filenames to be used for as standard headers and footers for HTML pages. If the file + ## name begins with "/" then this is used as the absolute path to that file to be used. + ## Otherwise, for each HTML page, the directory of that page is tried first, and then parent + ## directories in ascending order until a header / footer file is found. Header files are inserted + ## in place of HTML <body[ ...]> tags; footer files in place of </body>. (These standard files + ## should each include the appropriate body tag as a replacement.) (Defaults: GridSiteHeadFile + ## gridsitehead.txt, GridSiteFootFile gridsitefoot.txt) + # GridSiteHeadFile gridsitehead.txt + # GridSiteFootFile gridsitefoot.txt + + ## If this is greater than zero, we will accept GSI Proxies for clients + ## (full client certificates - eg inside web browsers - are always ok) + GridSiteGSIProxyLimit 9 + + ## This directive allows authorized people to write/delete files + ## from non-browser clients - eg with htcp(1) + GridSiteMethods GET PUT DELETE MOVE POST + +</Directory> + + diff --git a/assets/fts3-rest/ssl.conf b/assets/fts3-rest/ssl.conf deleted file mode 100644 index 8b13789..0000000 --- a/assets/fts3-rest/ssl.conf +++ /dev/null @@ -1 +0,0 @@ - diff --git a/assets/fts3-rest/userdir.conf b/assets/fts3-rest/userdir.conf deleted file mode 100644 index 8b13789..0000000 --- a/assets/fts3-rest/userdir.conf +++ /dev/null @@ -1 +0,0 @@ - diff --git a/assets/fts3-rest/welcome.conf b/assets/fts3-rest/welcome.conf deleted file mode 100644 index 8b13789..0000000 --- a/assets/fts3-rest/welcome.conf +++ /dev/null @@ -1 +0,0 @@ - diff --git a/assets/fts3-rest/zgridsite.conf b/assets/fts3-rest/zgridsite.conf deleted file mode 100644 index 8b13789..0000000 --- a/assets/fts3-rest/zgridsite.conf +++ /dev/null @@ -1 +0,0 @@ - diff --git a/assets/fts3-server/httpd/conf.d/autoindex.conf b/assets/fts3-server/httpd/conf.d/autoindex.conf new file mode 100644 index 0000000..a85cf5d --- /dev/null +++ b/assets/fts3-server/httpd/conf.d/autoindex.conf @@ -0,0 +1,94 @@ +# +# Directives controlling the display of server-generated directory listings. +# +# Required modules: mod_authz_core, mod_authz_host, +# mod_autoindex, mod_alias +# +# To see the listing of a directory, the Options directive for the +# directory must include "Indexes", and the directory must not contain +# a file matching those listed in the DirectoryIndex directive. +# + +# +# IndexOptions: Controls the appearance of server-generated directory +# listings. +# +IndexOptions FancyIndexing HTMLTable VersionSort + +# We include the /icons/ alias for FancyIndexed directory listings. If +# you do not use FancyIndexing, you may comment this out. +# +Alias /icons/ "/usr/share/httpd/icons/" + +<Directory "/usr/share/httpd/icons"> + Options Indexes MultiViews FollowSymlinks + AllowOverride None + Require all granted +</Directory> + +# +# AddIcon* directives tell the server which icon to show for different +# files or filename extensions. These are only displayed for +# FancyIndexed directories. +# +AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip + +AddIconByType (TXT,/icons/text.gif) text/* +AddIconByType (IMG,/icons/image2.gif) image/* +AddIconByType (SND,/icons/sound2.gif) audio/* +AddIconByType (VID,/icons/movie.gif) video/* + +AddIcon /icons/binary.gif .bin .exe +AddIcon /icons/binhex.gif .hqx +AddIcon /icons/tar.gif .tar +AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv +AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip +AddIcon /icons/a.gif .ps .ai .eps +AddIcon /icons/layout.gif .html .shtml .htm .pdf +AddIcon /icons/text.gif .txt +AddIcon /icons/c.gif .c +AddIcon /icons/p.gif .pl .py +AddIcon /icons/f.gif .for +AddIcon /icons/dvi.gif .dvi +AddIcon /icons/uuencoded.gif .uu +AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl +AddIcon /icons/tex.gif .tex +AddIcon /icons/bomb.gif /core +AddIcon /icons/bomb.gif */core.* + +AddIcon /icons/back.gif .. +AddIcon /icons/hand.right.gif README +AddIcon /icons/folder.gif ^^DIRECTORY^^ +AddIcon /icons/blank.gif ^^BLANKICON^^ + +# +# DefaultIcon is which icon to show for files which do not have an icon +# explicitly set. +# +DefaultIcon /icons/unknown.gif + +# +# AddDescription allows you to place a short description after a file in +# server-generated indexes. These are only displayed for FancyIndexed +# directories. +# Format: AddDescription "description" filename +# +#AddDescription "GZIP compressed document" .gz +#AddDescription "tar archive" .tar +#AddDescription "GZIP compressed tar archive" .tgz + +# +# ReadmeName is the name of the README file the server will look for by +# default, and append to directory listings. +# +# HeaderName is the name of a file which should be prepended to +# directory indexes. +ReadmeName README.html +HeaderName HEADER.html + +# +# IndexIgnore is a set of filenames which directory indexing should ignore +# and not include in the listing. Shell-style wildcarding is permitted. +# +IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t + diff --git a/assets/fts3-server/httpd/conf.d/ssl.conf b/assets/fts3-server/httpd/conf.d/ssl.conf new file mode 100644 index 0000000..fe96202 --- /dev/null +++ b/assets/fts3-server/httpd/conf.d/ssl.conf @@ -0,0 +1,217 @@ +# +# When we also provide SSL we have to listen to the +# the HTTPS port in addition. +# +Listen 443 https + +## +## SSL Global Context +## +## All SSL configuration in this context applies both to +## the main server and all SSL-enabled virtual hosts. +## + +# Pass Phrase Dialog: +# Configure the pass phrase gathering process. +# The filtering dialog program (`builtin' is a internal +# terminal dialog) has to provide the pass phrase on stdout. +SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog + +# Inter-Process Session Cache: +# Configure the SSL Session Cache: First the mechanism +# to use and second the expiring timeout (in seconds). +SSLSessionCache shmcb:/run/httpd/sslcache(512000) +SSLSessionCacheTimeout 300 + +# Pseudo Random Number Generator (PRNG): +# Configure one or more sources to seed the PRNG of the +# SSL library. The seed data should be of good random quality. +# WARNING! On some platforms /dev/random blocks if not enough entropy +# is available. This means you then cannot use the /dev/random device +# because it would lead to very long connection times (as long as +# it requires to make more entropy available). But usually those +# platforms additionally provide a /dev/urandom device which doesn't +# block. So, if available, use this one instead. Read the mod_ssl User +# Manual for more details. +SSLRandomSeed startup file:/dev/urandom 256 +SSLRandomSeed connect builtin +#SSLRandomSeed startup file:/dev/random 512 +#SSLRandomSeed connect file:/dev/random 512 +#SSLRandomSeed connect file:/dev/urandom 512 + +# +# Use "SSLCryptoDevice" to enable any supported hardware +# accelerators. Use "openssl engine -v" to list supported +# engine names. NOTE: If you enable an accelerator and the +# server does not start, consult the error logs and ensure +# your accelerator is functioning properly. +# +SSLCryptoDevice builtin +#SSLCryptoDevice ubsec + +## +## SSL Virtual Host Context +## + +<VirtualHost _default_:443> + +# General setup for the virtual host, inherited from global configuration +#DocumentRoot "/var/www/html" +#ServerName www.example.com:443 + +# Use separate log files for the SSL virtual host; note that LogLevel +# is not inherited from httpd.conf. +ErrorLog logs/ssl_error_log +TransferLog logs/ssl_access_log +LogLevel warn + +# SSL Engine Switch: +# Enable/Disable SSL for this virtual host. +SSLEngine on + +# SSL Protocol support: +# List the enable protocol levels with which clients will be able to +# connect. Disable SSLv2 access by default: +SSLProtocol all -SSLv2 -SSLv3 + +# SSL Cipher Suite: +# List the ciphers that the client is permitted to negotiate. +# See the mod_ssl documentation for a complete list. +SSLCipherSuite HIGH:3DES:!aNULL:!MD5:!SEED:!IDEA + +# Speed-optimized SSL Cipher configuration: +# If speed is your main concern (on busy HTTPS servers e.g.), +# you might want to force clients to specific, performance +# optimized ciphers. In this case, prepend those ciphers +# to the SSLCipherSuite list, and enable SSLHonorCipherOrder. +# Caveat: by giving precedence to RC4-SHA and AES128-SHA +# (as in the example below), most connections will no longer +# have perfect forward secrecy - if the server's key is +# compromised, captures of past or future traffic must be +# considered compromised, too. +#SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5 +#SSLHonorCipherOrder on + +# Server Certificate: +# Point SSLCertificateFile at a PEM encoded certificate. If +# the certificate is encrypted, then you will be prompted for a +# pass phrase. Note that a kill -HUP will prompt again. A new +# certificate can be generated using the genkey(1) command. +SSLCertificateFile /etc/grid-security/hostcert.pem + +# Server Private Key: +# If the key is not combined with the certificate, use this +# directive to point at the key file. Keep in mind that if +# you've both a RSA and a DSA private key you can configure +# both in parallel (to also allow the use of DSA ciphers, etc.) +SSLCertificateKeyFile /etc/grid-security/hostkey.pem + +# Server Certificate Chain: +# Point SSLCertificateChainFile at a file containing the +# concatenation of PEM encoded CA certificates which form the +# certificate chain for the server certificate. Alternatively +# the referenced file can be the same as SSLCertificateFile +# when the CA certificates are directly appended to the server +# certificate for convinience. +##### SSLCertificateChainFile /etc/grid-security/hostcert.pem + +# Certificate Authority (CA): +# Set the CA certificate verification path where to find CA +# certificates for client authentication or alternatively one +# huge file containing all of them (file must be PEM encoded) +#SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt + +# Client Authentication (Type): +# Client certificate verification type and depth. Types are +# none, optional, require and optional_no_ca. Depth is a +# number which specifies how deeply to verify the certificate +# issuer chain before deciding the certificate is not valid. +#SSLVerifyClient require +#SSLVerifyDepth 10 + +# Access Control: +# With SSLRequire you can do per-directory access control based +# on arbitrary complex boolean expressions containing server +# variable checks and other lookup directives. The syntax is a +# mixture between C and Perl. See the mod_ssl documentation +# for more details. +#<Location /> +#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \ +# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \ +# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \ +# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \ +# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \ +# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/ +#</Location> + +# SSL Engine Options: +# Set various options for the SSL engine. +# o FakeBasicAuth: +# Translate the client X.509 into a Basic Authorisation. This means that +# the standard Auth/DBMAuth methods can be used for access control. The +# user name is the `one line' version of the client's X.509 certificate. +# Note that no password is obtained from the user. Every entry in the user +# file needs this password: `xxj31ZMTZzkVA'. +# o ExportCertData: +# This exports two additional environment variables: SSL_CLIENT_CERT and +# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the +# server (always existing) and the client (only existing when client +# authentication is used). This can be used to import the certificates +# into CGI scripts. +# o StdEnvVars: +# This exports the standard SSL/TLS related `SSL_*' environment variables. +# Per default this exportation is switched off for performance reasons, +# because the extraction step is an expensive operation and is usually +# useless for serving static content. So one usually enables the +# exportation for CGI and SSI requests only. +# o StrictRequire: +# This denies access when "SSLRequireSSL" or "SSLRequire" applied even +# under a "Satisfy any" situation, i.e. when it applies access is denied +# and no other module can change it. +# o OptRenegotiate: +# This enables optimized SSL connection renegotiation handling when SSL +# directives are used in per-directory context. +#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire +<Files ~ "\.(cgi|shtml|phtml|php3?)$"> + SSLOptions +StdEnvVars +</Files> +<Directory "/var/www/cgi-bin"> + SSLOptions +StdEnvVars +</Directory> + +# SSL Protocol Adjustments: +# The safe and default but still SSL/TLS standard compliant shutdown +# approach is that mod_ssl sends the close notify alert but doesn't wait for +# the close notify alert from client. When you need a different shutdown +# approach you can use one of the following variables: +# o ssl-unclean-shutdown: +# This forces an unclean shutdown when the connection is closed, i.e. no +# SSL close notify alert is send or allowed to received. This violates +# the SSL/TLS standard but is needed for some brain-dead browsers. Use +# this when you receive I/O errors because of the standard approach where +# mod_ssl sends the close notify alert. +# o ssl-accurate-shutdown: +# This forces an accurate shutdown when the connection is closed, i.e. a +# SSL close notify alert is send and mod_ssl waits for the close notify +# alert of the client. This is 100% SSL/TLS standard compliant, but in +# practice often causes hanging connections with brain-dead browsers. Use +# this only for browsers where you know that their SSL implementation +# works correctly. +# Notice: Most problems of broken clients are also related to the HTTP +# keep-alive facility, so you usually additionally want to disable +# keep-alive for those clients, too. Use variable "nokeepalive" for this. +# Similarly, one has to force some clients to use HTTP/1.0 to workaround +# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and +# "force-response-1.0" for this. +BrowserMatch "MSIE [2-5]" \ + nokeepalive ssl-unclean-shutdown \ + downgrade-1.0 force-response-1.0 + +# Per-Server Logging: +# The home of a custom SSL log file. Use this when you want a +# compact non-error SSL logfile on a virtual host basis. +CustomLog logs/ssl_request_log \ + "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" + +</VirtualHost> + diff --git a/assets/fts3-server/httpd/conf.d/userdir.conf b/assets/fts3-server/httpd/conf.d/userdir.conf new file mode 100644 index 0000000..b5d7a49 --- /dev/null +++ b/assets/fts3-server/httpd/conf.d/userdir.conf @@ -0,0 +1,36 @@ +# +# UserDir: The name of the directory that is appended onto a user's home +# directory if a ~user request is received. +# +# The path to the end user account 'public_html' directory must be +# accessible to the webserver userid. This usually means that ~userid +# must have permissions of 711, ~userid/public_html must have permissions +# of 755, and documents contained therein must be world-readable. +# Otherwise, the client will only receive a "403 Forbidden" message. +# +<IfModule mod_userdir.c> + # + # UserDir is disabled by default since it can confirm the presence + # of a username on the system (depending on home directory + # permissions). + # + UserDir disabled + + # + # To enable requests to /~user/ to serve the user's public_html + # directory, remove the "UserDir disabled" line above, and uncomment + # the following line instead: + # + #UserDir public_html +</IfModule> + +# +# Control access to UserDir directories. The following is an example +# for a site where these directories are restricted to read-only. +# +<Directory "/home/*/public_html"> + AllowOverride FileInfo AuthConfig Limit Indexes + Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec + Require method GET POST OPTIONS +</Directory> + diff --git a/assets/fts3-server/httpd/conf.d/welcome.conf b/assets/fts3-server/httpd/conf.d/welcome.conf new file mode 100644 index 0000000..c1b6c11 --- /dev/null +++ b/assets/fts3-server/httpd/conf.d/welcome.conf @@ -0,0 +1,22 @@ +# +# This configuration file enables the default "Welcome" page if there +# is no default index page present for the root URL. To disable the +# Welcome page, comment out all the lines below. +# +# NOTE: if this file is removed, it will be restored on upgrades. +# +<LocationMatch "^/+$"> + Options -Indexes + ErrorDocument 403 /.noindex.html +</LocationMatch> + +<Directory /usr/share/httpd/noindex> + AllowOverride None + Require all granted +</Directory> + +Alias /.noindex.html /usr/share/httpd/noindex/index.html +Alias /noindex/css/bootstrap.min.css /usr/share/httpd/noindex/css/bootstrap.min.css +Alias /noindex/css/open-sans.css /usr/share/httpd/noindex/css/open-sans.css +Alias /images/apache_pb.gif /usr/share/httpd/noindex/images/apache_pb.gif +Alias /images/poweredby.png /usr/share/httpd/noindex/images/poweredby.png diff --git a/assets/fts3-server/httpd/conf.d/zgridsite.conf b/assets/fts3-server/httpd/conf.d/zgridsite.conf new file mode 100644 index 0000000..a777a57 --- /dev/null +++ b/assets/fts3-server/httpd/conf.d/zgridsite.conf @@ -0,0 +1,111 @@ +# +# This is the Apache server configuration file providing GridSite support. +# It contains the configuration directives to instruct the server how to +# serve pages over an https connection with access controls enabled +# via .gacl files. + +# In order to benefit from GridSite it is nescesary to optinally autheticate +# clients to this web server: +# Within mod_ssl's configuration for <VirtualHost _default_:443> +# you should have at least the following parameters set. The mod_ssl +# file cotains more detailed comments about these settings. +## 1. Location of web server certificate file. +## SSLCertificateFile /etc/pki/tls/certs/localhost.crt +## or +## SSLCertificateFile /etc/grid-security/hostcert.pem +## 2. Location of web server key file. +## SSLCertificateKeyFile /etc/pki/tls/private/localhost.key +## or +## SSLCertificateKeyFile /etc/grid-security/hostkey.pem +## 3. Location of certificate authorities which the server should trust. +## SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt +## or +## SSLCACertificatePath /etc/pki/tls/certs/ +## or +## SSLCACertificatePath /etc/grid-security/cetificates +##4. You must at least optionally authenticate clients. +## SSLVerifyClient optional +## SSLVerifyDepth 10 + + + +# Do NOT simply read the instructions in here without understanding +# what they do. They're here only as hints or reminders. If you are unsure +# consult the online docs. You have been warned. +# + +<IfModule !gridsite_module> + LoadModule gridsite_module modules/mod_gridsite.so +</IfModule> +# LoadModule gridsite_module modules/mod_gridsite.so + +ScriptAlias /gridsite-cgi-bin/real-gridsite-admin.cgi "/usr/libexec/gridsite/cgi-bin/real-gridsite-admin.cgi" + + +#Location of authentication cookies and SSL session credentials directory, relative to ServerRoot. Used by GridHTTP to +#record the credentials obtained via HTTPS, and available to the corresponding HTTP request or subsequent HTTPS requests +#following a session restart. (Default: /var/www/sessions) +GridSiteSessionsDir /var/cache/mod_gridsite + +## This is the path of directories (and all their subdirectories) for +## GACL to search when it encounters a dn-list credential. The DN List +## files are plain text, one DN per line, and must have the full url +## as the file name, but URL Encoded - eg with urlencode(1) +# GridSiteDNlists /etc/grid-security/dn-lists/:/var/www/html/dn-lists/ +GridSiteDNlists /etc/grid-security/dn-lists/ + +## This is used to form the URL at which DN Lists "owned" by this +## server are exported. https://FULL.SERVER.NAME/dn-lists/file +GridSiteDNlistsURI /gridsite/dn-lists/ + +## These directives (and the ScriptAlias above) allow authorized +## people to manage files, ACLs and DN Lists through their web +## browsers via HTTPS. The value of GridSiteAdminFile appears to +## exist in every directory, but is internally redirected by +## mod_gridsite to the value of GridSiteAdminURI (the ScriptAlias +## then maps that onto the real-gridsite-admin.cgi executable.) +GridSiteAdminFile gridsite-admin.cgi +GridSiteAdminUri /gridsite-cgi-bin/real-gridsite-admin.cgi + + +Alias /gridsite "/var/lib/gridsite" + + +<Directory "/var/lib/gridsite/"> + SSLOptions +ExportCertData +StdEnvVars + ## This sets up GACL authorization for this server + GridSiteAuth on + + ## This exports various bits of info into the CGI environment + ## variables (and is needed for gridsite-admin.cgi to work.) + GridSiteEnvs on + + ## Nice GridSite directory listings + GridSiteIndexes on + + ## If this is on, GridSite will look for gridsitehead.txt and + ## gridsitefoot.txt in the current directory or its parents, and + ## use them to replace the <body> and </body> tags in .html files. + GridSiteHtmlFormat on + + ## Set the filenames to be used for as standard headers and footers for HTML pages. If the file + ## name begins with "/" then this is used as the absolute path to that file to be used. + ## Otherwise, for each HTML page, the directory of that page is tried first, and then parent + ## directories in ascending order until a header / footer file is found. Header files are inserted + ## in place of HTML <body[ ...]> tags; footer files in place of </body>. (These standard files + ## should each include the appropriate body tag as a replacement.) (Defaults: GridSiteHeadFile + ## gridsitehead.txt, GridSiteFootFile gridsitefoot.txt) + # GridSiteHeadFile gridsitehead.txt + # GridSiteFootFile gridsitefoot.txt + + ## If this is greater than zero, we will accept GSI Proxies for clients + ## (full client certificates - eg inside web browsers - are always ok) + GridSiteGSIProxyLimit 9 + + ## This directive allows authorized people to write/delete files + ## from non-browser clients - eg with htcp(1) + GridSiteMethods GET PUT DELETE MOVE POST + +</Directory> + + diff --git a/assets/fts3/fts-msg-monitoring.conf b/assets/fts3/fts-msg-monitoring.conf new file mode 100644 index 0000000..9ac651f --- /dev/null +++ b/assets/fts3/fts-msg-monitoring.conf @@ -0,0 +1 @@ +ACTIVE=false diff --git a/assets/fts3/fts3config b/assets/fts3/fts3config index 3c1ddcd..046a71f 100644 --- a/assets/fts3/fts3config +++ b/assets/fts3/fts3config @@ -1,18 +1,41 @@ +Port=8443 +IP=127.0.0.1 +User=root +Group=root + Alias=fts -SiteName=DOCKER +SiteName=FTS3-CNAF +MonitoringMessaging=true +Profiling=0 AuthorizedVO=* DbType=mysql DbUserName=fts DbPassword=fts -DbConnectString=ftsdb/fts +#DbConnectString=ftsdb/fts +# DbConnectString=<host>:<port>/<database> +DbConnectString=vm-131-154-97-13.cloud.cnaf.infn.it:3306/fts + +#DbThreadsNum=25 +#Infosys=false +#InfoProviders=glue1 + LogLevel=DEBUG -MinRequiredFreeRAM = 16 -MaxUrlCopyProcesses = 4 +TransferLogDirectory=/var/log/fts3/transfers +ServerLogDirectory=/var/log/fts3 + +CheckStalledTransfers = true +MinRequiredFreeRAM = 50 +MaxUrlCopyProcesses = 400 +#HeartBeatInterval=60 +#HeartBeatGraceInterval=120 +OptimizerInterval = 60 [roles] Public = all:transfer;all:config;all:datamanagement +lcgadmin = vo:transfer +production = all:config diff --git a/assets/fts3/fts3rest.ini b/assets/fts3/fts3rest.ini index eed7baf..e839cc9 100644 --- a/assets/fts3/fts3rest.ini +++ b/assets/fts3/fts3rest.ini @@ -31,17 +31,18 @@ fts3.config = /etc/fts3/fts3config # SQLAlchemy database URL # If fts3.config is specified, the database connection string will be picked # up from there -sqlalchemy.url = mysql://fts:fts@ftsdb/fts +sqlalchemy.url = mysql://fts:fts@vm-131-154-97-13.cloud.cnaf.infn.it/fts +#sqlalchemy.url = mysql://fts:fts@ftsdb/fts # SQLAlchemy pool size. -# sqlalchemy.pool_size=32 +sqlalchemy.pool_size=64 # SQLAlchemy pool timeout. It is recommended to leave some not very high value -sqlalchemy.pool_timeout=10 +sqlalchemy.pool_timeout=20 # WARNING: *THE LINE BELOW MUST BE UNCOMMENTED ON A PRODUCTION ENVIRONMENT* # Debug mode will enable the interactive debugging tool, allowing ANYONE to # execute malicious code after an exception is raised. -#set debug = false +set debug = false # Logging configuration @@ -65,12 +66,12 @@ qualname = routes.middleware # "level = DEBUG" logs the route matched and routing variables. [logger_fts3rest] -level = INFO +level = DEBUG handlers = qualname = fts3rest [logger_sqlalchemy] -level = WARN +level = DEBUG handlers = qualname = sqlalchemy.engine # "level = INFO" logs SQL queries. diff --git a/assets/log/fts3/fts3bringonline.log b/assets/log/fts3/fts3bringonline.log new file mode 100644 index 0000000..e69de29 diff --git a/assets/log/fts3/fts3server.log b/assets/log/fts3/fts3server.log new file mode 100644 index 0000000..e69de29 diff --git a/assets/log/fts3/fts_bringonline_stderr.log b/assets/log/fts3/fts_bringonline_stderr.log new file mode 100644 index 0000000..e69de29 diff --git a/assets/log/fts3/fts_bringonline_stdout.log b/assets/log/fts3/fts_bringonline_stdout.log new file mode 100644 index 0000000..e69de29 diff --git a/assets/log/fts3/fts_server_stderr.log b/assets/log/fts3/fts_server_stderr.log new file mode 100644 index 0000000..e69de29 diff --git a/assets/log/fts3/fts_server_stdout.log b/assets/log/fts3/fts_server_stdout.log new file mode 100644 index 0000000..e69de29 diff --git a/assets/log/fts3/msg.log b/assets/log/fts3/msg.log new file mode 100644 index 0000000..e69de29 diff --git a/assets/mysql/fts-database-upgrade.py b/assets/mysql/fts-database-upgrade.py new file mode 100644 index 0000000..cd27f74 --- /dev/null +++ b/assets/mysql/fts-database-upgrade.py @@ -0,0 +1,285 @@ +#!/usr/bin/env python +# +# Copyright notice: +# Copyright CERN, 2016. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +import logging +import os +import subprocess +import sys +from distutils.util import strtobool +from optparse import OptionParser +from pkg_resources import parse_version +from sqlalchemy import create_engine +from sqlalchemy.exc import ProgrammingError +from tempfile import NamedTemporaryFile +from urlparse import urlparse + +from fts3.util.config import fts3_config_load + +log = logging.getLogger(__name__) + + +def infer_sql_location(config): + """ + Depending on the database configuration, guess where the sql scripts are + located + :param config: FTS3 config file parsed + :return: The inferred SQL script location + """ + base = '/usr/share' + if config['fts3.DbType'] not in ['mysql']: + raise NotImplementedError('Database type %s not supported', config['fts3.DbType']) + return os.path.join(base, 'fts-%s' % config['fts3.DbType']) + + +def connect_database(config): + """ + Connect to the database + :param config: FTS3 config file parsed + :return: A database connection + """ + log.debug('Connecting to the database') + engine = create_engine(config['sqlalchemy.url']) + conn = engine.connect() + log.debug('Connected') + return conn + + +def get_schema_version(conn): + """ + Get the schema version + :param conn: Database connection + :return: Schema version, None if not found + """ + try: + result = conn.execute( + 'SELECT major, minor, patch FROM t_schema_vers ORDER BY major DESC, minor DESC, patch DESC') + row = result.fetchone() + if row is None: + raise Exception('t_schema_vers exits but is empty!') + return parse_version("%(major)d.%(minor)d.%(patch)d" % row) + except ProgrammingError: + return None + + +def get_running_services(conn): + """ + Return a list of tuples (host, service) of services that are still alive + :param conn: Database connection + :return: List of tuples + """ + result = conn.execute( + 'SELECT hostname, service_name FROM t_hosts WHERE beat >= UTC_TIMESTAMP() - INTERVAL 2 MINUTE' + ) + services = [] + for row in result.fetchall(): + services.append((row['hostname'], row['service_name'])) + return services + +def ask_confirmation(question): + """ + Ask a yes/no question + :param question: The question + :return: True if accepted, False if not + """ + print "%s [Y/N]" % question + return strtobool(raw_input().lower()) + + +def get_full_schema_path(sql_location): + """ + Find the full schema with the higher version under sql_location + :param sql_location: Location of the SQL scripts + :return: The path to the full schema script with the highest version + """ + full_schemas = [] + for sql in os.listdir(sql_location): + if sql.endswith('.sql') and sql.startswith('fts-schema'): + path = os.path.join(sql_location, sql) + version = parse_version(sql[:-4].split('-')[2]) + log.debug('Found schema %s with version %s', path, version) + full_schemas.append((version, path)) + if len(full_schemas) == 0: + raise RuntimeError('Could not find a valid schema') + highest = sorted(full_schemas, reverse=True)[0] + log.debug('Highest schema: %s' % highest[1]) + return highest[1] + + +def get_upgrade_scripts(current_version, sql_location): + """ + Look for upgrade scripts + :param current_version: Version running now + :param sql_location: Where to look for the SQL scripts + :return: A list with upgrade scripts that must run + """ + upgrades = [] + for sql in os.listdir(sql_location): + if sql.endswith('.sql') and sql.startswith('fts-diff'): + path = os.path.join(sql_location, sql) + version = parse_version(sql[:-4].split('-')[2]) + log.debug('Found schema %s with version %s', path, version) + if version > current_version: + log.debug('Mark to upgrade') + upgrades.append((version, path)) + return [path for (version, path) in sorted(upgrades)] + + +def run_sql_script_mysql(config, sql): + """ + Run a SQL script + :param config: FTS3 config file parsed + :param sql: The SQL script + """ + parsed = urlparse('mysql://' + config['fts3.DbConnectString']) + + creds = NamedTemporaryFile(delete=True) + print >> creds, """ +[client] +user=%(fts3.DbUserName)s +password=%(fts3.DbPassword)s +""" % config + creds.flush() + + cmd = [ + 'mysql', + '--defaults-extra-file=%s' % creds.name, + '-h', parsed.hostname, + '-v' + ] + if parsed.port: + cmd.extend(['-P', str(parsed.port)]) + cmd.append(parsed.path[1:]) + + log.debug('Running %s < %s', ' '.join(cmd), sql) + + sql_fd = open(sql) + ret = subprocess.call(cmd, stdout=sys.stdout, stderr=sys.stderr, stdin=sql_fd) + if ret != 0: + raise Exception('Failed to run mysql (%d)' % ret) + + +def run_sql_script(config, sql): + """ + Run a SQL script + :param config: FTS3 config file parsed + :param sql: The SQL script + """ + log.info('Running %s' % sql) + run_sql_script_mysql(config, sql) + +def populate_schema(config, sql_location): + """ + Create the schema from scratch + :param config: FTS3 config file parsed + :param sql_location: Location of the SQL scripts + """ + log.warning('The schema does not seem to be created') + if not ask_confirmation('Do you want to create the schema now?'): + log.error('Abort') + return + + schema = get_full_schema_path(sql_location) + run_sql_script(config, schema) + + current_version = get_schema_version(connect_database(config)) + log.info('Running upgrade scripts') + upgrade_schema(connect_database(config), config, current_version, sql_location) + + +def upgrade_schema(conn, config, current_version, sql_location): + """ + Run the upgrade scripts if needed + :param conn: Database connection + :param config: FTS3 config file parsed + :param current_version: Version present in the database + :param sql_location: Location of the SQL scripts + """ + log.info('Current schema version is %s', current_version) + + running_services = get_running_services(conn) + if len(running_services) > 0: + log.warning('There are services still running') + for service in running_services: + log.warning("%s: %s" % service) + if not ask_confirmation('Do you want to continue anyway?'): + log.error('Abort') + return + + upgrade_scripts = get_upgrade_scripts(current_version, sql_location) + if len(upgrade_scripts) == 0: + log.info('No upgrades pending') + return + + log.warning('%d upgrade scripts found' % len(upgrade_scripts)) + for sql in upgrade_scripts: + log.warning(sql) + + if not ask_confirmation('Do you want to run the upgrade scripts?'): + log.error('Abort') + return + + for sql in upgrade_scripts: + run_sql_script(config, sql) + + +def prepare_schema(config, sql_location): + """ + Run the upgrade scripts + :param config: FTS3 config file parsed + :param sql_location: SQL scripts location + :return: + """ + db_type = config['fts3.DbType'] + log.info('Database type: %s' % db_type) + log.info('SQL Scripts location: %s' % sql_location) + log.info('Database: %s' % config['fts3.DbConnectString']) + log.info('User: %s' % config['fts3.DbUserName']) + + conn = connect_database(config) + + current_version = get_schema_version(conn) + if current_version is None: + populate_schema(config, sql_location) + else: + upgrade_schema(conn, config, current_version, sql_location) + + +if __name__ == '__main__': + optparser = OptionParser(description='Run database upgrade scripts') + optparser.add_option('-f', '--config-file', default='/etc/fts3/fts3config', help='Configuration file') + optparser.add_option('-v', '--verbose', default=False, action='store_true', help='Verbose mode') + optparser.add_option('-d', '--sql-location', default=None, help='SQL scripts location') + opts, args = optparser.parse_args() + if len(args) > 0: + optparser.error('No arguments are expected') + + log_handler = logging.StreamHandler(sys.stderr) + log_handler.setFormatter(logging.Formatter('[%(levelname)7s] %(message)s')) + if opts.verbose: + log_handler.setLevel(logging.DEBUG) + else: + log_handler.setLevel(logging.INFO) + log.addHandler(log_handler) + log.setLevel(logging.DEBUG) + + config = fts3_config_load(opts.config_file) + + if opts.sql_location is None: + opts.sql_location = infer_sql_location(config) + + prepare_schema(config, opts.sql_location) diff --git a/assets/mysql/fts-database-upgrade.pyc b/assets/mysql/fts-database-upgrade.pyc new file mode 100644 index 0000000000000000000000000000000000000000..3323eb76c8c9b3445e6f93e43db8f4bf76e242b6 GIT binary patch literal 9692 zcmcgy-)|h(b-uH^BDs_({*oxumaUO&MoULaCUz3HL~KXq4@<2?DYLXy(`FaLox9{N zXJ?jkXH6275Fjqlpa_Bjee6@;3$%GE+P4-3`jWi$p?^dI6zFS!^!v`8*&nPM$9$-0 z4)5IGbME=hch0#k{`b`6!}WiuH&phojK4p?ulZ>~sQ~{uDpYE>Uv|{4lh+s2ZXquh z)oxMB1r?T5=aSmJq#TYfs&Gto#?|h)eJ`nSLUqb&w`|`psc=$tF00+k_I*r+S5#+8 z?M~VEaTQ)wooTf@ZQmzUIHNi<YInxImsL2cI&*4wPB~hs_Po;9)EC(1brnpiKgZq| zRB%}eH&k#%3NNW(N(zfAxGII0RWL1uS5z<~g_|mvmBOnkn3KY5DwvnTEfrjof~$h- zQn<}Ug9UX|P{~gUdRzrq>m~Jta(3@1eMhxlR{_?-DwrQLW6syq7lne8wP8lg^@`GO zsNl8=?nsZ<(W996K*N%ZhV(J|8~xEJDfJnS;;!1QD7~z7g`XeXRYxV2{D+KxQw37# zL`qRc-&DG&+V@0ERi&${y(0CiDp+PE{&VzQ)&7=BUMjHp+tU1&G(<Bp!dAU)`(9V= z@32+|;$^tMo>QFbyKLP3o|NCAS{+TOq*u@jN`H?{=u>}3af1+M-tCKm;-1mFR(TUz z+4?R1ZC4x=Q);S7lQiCs<Iq-JLDiFP+KQv6eqwZDYo}1#<$L{eoftF@svC*+Q(f25 zK`YX>dIr6pCh<YycRH=;U^7YLY@Ru^Z2KJ@?C4H6PW<F-s}*LWCeYSPLRn@oPct=d z*Bf!vY#r3Y*bf@qIB=yd;ddRs=0iO2buS$C9EE~f493*axJvG+6z`?H7IOHpL*b;3 zY8O<ysGj49FXhb(Xs=bqIpIIzG3nyphVJSpz!$i2<fez(4gA#K_l<V#hI)xlLEUo? zdfFKG<WMJC`kCX<HI1azO^xd(S|$tQ2ILe-c?}=wcd}X5+^wD3+u4iTggji4LDn_V zX)lS^+#Rgnikdn}bl}#0_$XVzm3grXnb=HX@2fqNteQhCY%b%K5?tBX-#P2*ltSyA zVSDB^ls59uNzvvm88?bk*YvtL8SK=I*}>H%Bgf(KfGQ<C(s?|#<Md&t8|sdZ&{@tn z<+;QrWuLB}9!jAdx1tIgQqE@uCk+&21yxEO<{KytcD{;T^S7FdyxQwRp8~zoJxi%Y zB8ob`1X=;XLI7`|)^Lw%e9W0~793HPBHsBcs<MUxl%kD;w+O|KGo=B1s6o(;BCWxT zLf#Rtfbw%{2fxe2c!;dm<0#UN)J@|N-MH`p-ycygPTfD%m-zv9Icnp%70p%d>p1ko z#-Z+<tpG%V>}-S%?4eN#VSFGu5a|8hfybJZDvwj)dKFf9#JZf7g|wU%J6!CnXbZCG z>-kxJ8+D?oYHSK8b;X$)oK+vzK02K};PJEt--83f(a8bfOaO1%z&}(en6to>$}nCc zYofyfs%p=oIaR`UA5E&{GvzoAhSmOrj|!JFPzigaA8H&YaAqh--_2~@xf2Bz`@qS* zEI+8V9IUmG3GTVuaRl@>1z^p%7g=nZPq1)p^U>z|j@$9uadOXvz2qODr*Y_Rc~2g@ zY2EHdEU){-+t~En4?eN|-HpxKdNwF4+mWm{w=w(ZXnop(McVJBZp*l^!0Fj-^D25R zRb=_)U<D=aKuR*za<E+?a79n_sc!UAof2hDjV<D{L_hd_qH~+44K3{95%L}pW3}o! z=io%JO1&_}d7&7eTuiBG01ouXx8VrhL#<(x8Y?<uP8o`I#hG^Ia`ob7`s($^csZwA z2clJ{t6~L2$u{<Gs~4h2V2tOYVvGD!REtf~Hs|<`dN!~Pe~n2+TRbt^uJ48|le%%! zO?xnv#;qK}Jl=D`tDm<TdYLU**+B99lx*Rev=xS~AGSWX%rRh#-$(TxjjSlUF`r>y znVxY25g53?i8|kMRb#7hpFP<0Hr;*jy8GU{?ngW8^__>0H)}ihA3v=uyH)q$_RgmF z@%=~cTkhkB+aK+0ibCWwr*t8*uae2F0^C6DKymyq6m9Ukq*yUf9#zD9CGVEY#k+}` zi>b*qjHH?*y(og+tmjicLA~KF)fm*IFy_oVx2y%qor`t$;KJYuXvxBd4`3tUIKc2g z6Y!*25mqxD^b#rGH%B<|Gi_F**gb|v(6`^&0p@j<%kwvDU2?;*lk~(;_zmJn2lw19 zKZL_!ZHGNgq7P*K=_jk(dseonu+CiKpVV7Xx0i~Q595>Ef#aBb#fu4(hTJzt))z}U zLb-dWGlZ2ID_a2);rtZ={u%{>%2B6(mC-4L3DIrr{fG<;;6R#|ijxI-&CNJoNz^6P z77q<Q;hzDDP#Tm0K(~zup~T7H!!6>^ixSnVT~=`afYIk@D}uK{=#zXwRSww&b-bXS zrI(3wjvtqp<DV52H<(~e#vxPUA(mBo6_pOUExx#vuYox)F(z6h!8lpDRuR?zcYL;- z)K)7Bgio4106HU;lU8~tm4~eZIE*>TxF7|*4LdYeGpwsPT)*Z%%3L0?Ea0nwJ7~_S z6B_A><u1eUMy!MCj_wE6YMAxpa96On&^7%r`xUL<Acz1Sl&ZF9=*=xWwn%LGXF@?` z=4>{2mo0QrLO1JiFAOXfQbHhF7`uF=5KW>vPKz~vKsjMwcI7qB#Dy!<czE=8Wdsdv z&`QL@z@iu~p0d@Xev-<oM{n5U5eYd7L`*kqrQR&-$Q+(<W)Y<jZmo3fMQN*}t$$0+ zHsTx$>k+J$9Oc}Hd{G%nVQ1uRgzq3n*@J926O5Ea6-;_DVCGhCXt_Gi9LQ7VB|K>5 z7M$0d>&~mNbT5Mtr}2K>Y4GGm0Q;Y)$XM|2a=;2kHunBTh!7#~FktcerGSOegxd_j z0+WKqF9mELOy~lDUb27{ydNR%{&|kIabl7lIFXFzQXk1bCz1(fY?^o$PTts?V=xb_ zVtI7_(}FtwS6FMBK=W^S2t*#m@sZn%6E}-1pk5NM4TG-HL$DR4dCa@!er$tZHzO3N z@X2uhQII~f;b4piEnAAN<^KuQ`_@+w(45<obqzW_fB-AYiUVNsvm{VzHJbuUk81RL zqtXyYkNxC`CL&u`%$PvSdlRkRH~F~7$0&llD(gnU<9!Qt78IQMoCv+QP$wA8mNMRV zIET#pU5>=>*AEC8kCN!KNdY=J%RfW4Av_on4iLb2<5jEu<7lG*g{~%GRzNzI@|j4u z0li}&2#x^rkoO&WgGE&W^Uy6QJp3cP*@)2r4_WE~Yb}5+sIaJ-PzP2M@j9lGA5$gC zUEq}o=`%+4J`mMqqK3_7X_#d8?G|+(y4?mjU1svF4O$Z3BYT12z)qIONKVtLJ;UZ; zN~N=^J;&S}3-ip)5n)d81<*Fe4Bb&tB_$_C(ruPCBr;2U$ko*<6sZaD5Owo<5zO>J zcZaneF%Xh7Uy;S=vzT>$&dnrYyW}O-R#)Z3pwUcPtlPk}mL~Au#9<6{s8elzz@2^C z2wTAC-eeD+-MdSbY|uw|W0GmvOm=-^PU0jOG(OF0&?pHFv5?hjpqoCz5>wTuY2sIz zg?V?$7+T2cq5bo@{qt1VM_>b~(640X<okFCAG)$ja8V2=O!y)NuP2slz)+E;LE7al zAFIGYh>2=fKHse@1<TtN@q{_pW4z)qUX}@(Vb9pC3Y~V3IUFG(CTwIe>>lK2$tF#N z%`CPCASG4FpctOFWys!sH;EfaVM%?1zBwt-oEh(3{Ph@EdCWmbeoPVs0$W+q=Bi|S zNCgI#=^CBDempp_Y4-yU_hR5CfFU5s^;lrnMOHsUy}5&j8oO4Qc1op5XR=syCK33R z3uSop*9tcaSDd>D0)^>#mi#QiI>!O)HWLK=h#P0KK|~XBrZ50C@vi^>P(XKOpi|q{ zx97>pxgg^ed)s)ExMOe%7nAB$Of)Lhe?U#<%+FehjRed;;y!YTiBW<lAXdw~DGd@A zvw?{f>^QSZu%AONyaTm>%VWa;bf!y>Nhj#V%cL-ic{4h}x^kM5om6PW`~({j`?D^Y zXYr*o-@2K^9TGXSCl@zS{fy#QJKB=9WM($oKoBFymn^E*9U^-lxnkL7V3x4&jo3Yl zd+v!JN#4*l4SxYViuVOe_xFM6ZNsQJSBZ08K}FO>)Ppp3;wLml-d&Vs23Vaq@!sJC zPx)Y?$6Mfo@h@lt>2{k_&74#lg){wUX<Dq8B(l6eK;^~sj7~r|?)E}n5?Cqy6RNU2 z&6FhnN`UE9LGm<Ixe5I8uK@LROUfBgp>Keu#VNH1{-q7|K+y%ct$88(B<Vlu)9EeJ z;l|z#`h(Oow1}@MfIt2KaUeKabkEqK;6`C&27I*$f)Xar{8=b3){}OwhpVc;mszpA zM2<2jTLzk(_m#y?U*X7&y?OOwJlo21>)Iaw(r#mt5HOCz2}ZUtIuvdL9Bd4QD2^wb zXWVFo9+deN9(}&1w|P!wB#oeT@V~Aheph12Quo(j`Ex$sz-{g#_Xp0wHHN5so(>*H z>Zl9-RdKGQXx6Qlo<lGXIFaGZV@?-h0Z5Trlk}QRzL_k~1|vw^$Zf}xVR$LQ?0KZd z2m>SJX8h>v#6NrA`yuAsHufSU7qfA*`yz2FmV&%Kk1Y^yAVM}o=(*{!2@%P;^LoF+ z8#?P@6SUsze5~-{@xhtA8Xvsb5SUAtV^e8@WFptXnF*ZiWBZvfC^yu`3IxvMutg9L zT4?@4!1s1A+b=jfLkKl71B?^lQwTiifRBT+`CcmAz;l)s0A*YRkf!PN^fR@8ix*G< z-15c2t&Aj(ENNR#5~3Kc5D%TXq2WsSzL*J_99xN5Bp*c<!UTv}#ir1Ko{)=$zs$+Y z`UKH@7SEEJEW?qSCV)S=O8pCL^>^WKSku1-phiJ4@SV-*<zIgLAgi3e`ZFYo{=Ee+ z{6y91hjPMNc3YWWrb#1R#e9fVTtmf|dFJB3)9sdC)T48*__p;Nxd&k%%R|CQi>&*Y z4{D5D$XMS-LPhFluwUnXtx{i{iAZ>`Krm-H5&aixviNY)nZ?g_=X&7^RPl;4Q;;aN zUhnv=s9r|^hJ9%3e&VV@3=epDaAkK6xi(g48e*_owP!6+g&;1EHYm?k+@tWO^KE(9 zp5pHv>aZ&`xh?@#cG)Z!#CbqMrK?t9@%Ce*#o_kl)-X$a#rV<`IV#C@BX_}GZYRcf z5M<RrE)J_zs8=;VcM->zX_yULcv#yp%;-Un_r699sy^-F@(`~7O|*WxR0)y13mKp+ zzhm}X+$bTk@DC7<Rd{$J0Ng|3e-}8gIfgCNdJovdBMOkn>){5(tnf)QXA=f-H<eJs zgF~QF%C&oRPzR&Ly#%p~P3h4k!slc+q4t84lMd=u^l3w`rR025T!JyyvvC$3o|I-% zw3o}T*z@qHhH}4!EW;!0UE4%sUG6vPb!(xi_d|*;w)!sX#0L`#z0Ftg#`+rXeVWgm ze_<lW=LbO@HBdJ3=Hwc{qx_{+L{Y~%*q99+ZGknGAV>=$CIrvg?>z9MAk>M(a-z*R zg8HGYlx!swXe(x3KgGvUu?BDa`drEAoT2L@p0R9fWAlTLJ`{z0xV`lx-+H#3tYl?a z7diL6%K@oK>FZqoa|_>x8uvo|o}?)#OM+H_iwoucPhqAoT`W)GXSRH`JXyY0o-f}i jm+^d~yuiD`o6a5l&f#YU{^tTh$N9nxm<Z#@Plf*hB*)n> literal 0 HcmV?d00001 diff --git a/assets/mysql/fts-database-upgrade.pyo b/assets/mysql/fts-database-upgrade.pyo new file mode 100644 index 0000000000000000000000000000000000000000..3323eb76c8c9b3445e6f93e43db8f4bf76e242b6 GIT binary patch literal 9692 zcmcgy-)|h(b-uH^BDs_({*oxumaUO&MoULaCUz3HL~KXq4@<2?DYLXy(`FaLox9{N zXJ?jkXH6275Fjqlpa_Bjee6@;3$%GE+P4-3`jWi$p?^dI6zFS!^!v`8*&nPM$9$-0 z4)5IGbME=hch0#k{`b`6!}WiuH&phojK4p?ulZ>~sQ~{uDpYE>Uv|{4lh+s2ZXquh z)oxMB1r?T5=aSmJq#TYfs&Gto#?|h)eJ`nSLUqb&w`|`psc=$tF00+k_I*r+S5#+8 z?M~VEaTQ)wooTf@ZQmzUIHNi<YInxImsL2cI&*4wPB~hs_Po;9)EC(1brnpiKgZq| zRB%}eH&k#%3NNW(N(zfAxGII0RWL1uS5z<~g_|mvmBOnkn3KY5DwvnTEfrjof~$h- zQn<}Ug9UX|P{~gUdRzrq>m~Jta(3@1eMhxlR{_?-DwrQLW6syq7lne8wP8lg^@`GO zsNl8=?nsZ<(W996K*N%ZhV(J|8~xEJDfJnS;;!1QD7~z7g`XeXRYxV2{D+KxQw37# zL`qRc-&DG&+V@0ERi&${y(0CiDp+PE{&VzQ)&7=BUMjHp+tU1&G(<Bp!dAU)`(9V= z@32+|;$^tMo>QFbyKLP3o|NCAS{+TOq*u@jN`H?{=u>}3af1+M-tCKm;-1mFR(TUz z+4?R1ZC4x=Q);S7lQiCs<Iq-JLDiFP+KQv6eqwZDYo}1#<$L{eoftF@svC*+Q(f25 zK`YX>dIr6pCh<YycRH=;U^7YLY@Ru^Z2KJ@?C4H6PW<F-s}*LWCeYSPLRn@oPct=d z*Bf!vY#r3Y*bf@qIB=yd;ddRs=0iO2buS$C9EE~f493*axJvG+6z`?H7IOHpL*b;3 zY8O<ysGj49FXhb(Xs=bqIpIIzG3nyphVJSpz!$i2<fez(4gA#K_l<V#hI)xlLEUo? zdfFKG<WMJC`kCX<HI1azO^xd(S|$tQ2ILe-c?}=wcd}X5+^wD3+u4iTggji4LDn_V zX)lS^+#Rgnikdn}bl}#0_$XVzm3grXnb=HX@2fqNteQhCY%b%K5?tBX-#P2*ltSyA zVSDB^ls59uNzvvm88?bk*YvtL8SK=I*}>H%Bgf(KfGQ<C(s?|#<Md&t8|sdZ&{@tn z<+;QrWuLB}9!jAdx1tIgQqE@uCk+&21yxEO<{KytcD{;T^S7FdyxQwRp8~zoJxi%Y zB8ob`1X=;XLI7`|)^Lw%e9W0~793HPBHsBcs<MUxl%kD;w+O|KGo=B1s6o(;BCWxT zLf#Rtfbw%{2fxe2c!;dm<0#UN)J@|N-MH`p-ycygPTfD%m-zv9Icnp%70p%d>p1ko z#-Z+<tpG%V>}-S%?4eN#VSFGu5a|8hfybJZDvwj)dKFf9#JZf7g|wU%J6!CnXbZCG z>-kxJ8+D?oYHSK8b;X$)oK+vzK02K};PJEt--83f(a8bfOaO1%z&}(en6to>$}nCc zYofyfs%p=oIaR`UA5E&{GvzoAhSmOrj|!JFPzigaA8H&YaAqh--_2~@xf2Bz`@qS* zEI+8V9IUmG3GTVuaRl@>1z^p%7g=nZPq1)p^U>z|j@$9uadOXvz2qODr*Y_Rc~2g@ zY2EHdEU){-+t~En4?eN|-HpxKdNwF4+mWm{w=w(ZXnop(McVJBZp*l^!0Fj-^D25R zRb=_)U<D=aKuR*za<E+?a79n_sc!UAof2hDjV<D{L_hd_qH~+44K3{95%L}pW3}o! z=io%JO1&_}d7&7eTuiBG01ouXx8VrhL#<(x8Y?<uP8o`I#hG^Ia`ob7`s($^csZwA z2clJ{t6~L2$u{<Gs~4h2V2tOYVvGD!REtf~Hs|<`dN!~Pe~n2+TRbt^uJ48|le%%! zO?xnv#;qK}Jl=D`tDm<TdYLU**+B99lx*Rev=xS~AGSWX%rRh#-$(TxjjSlUF`r>y znVxY25g53?i8|kMRb#7hpFP<0Hr;*jy8GU{?ngW8^__>0H)}ihA3v=uyH)q$_RgmF z@%=~cTkhkB+aK+0ibCWwr*t8*uae2F0^C6DKymyq6m9Ukq*yUf9#zD9CGVEY#k+}` zi>b*qjHH?*y(og+tmjicLA~KF)fm*IFy_oVx2y%qor`t$;KJYuXvxBd4`3tUIKc2g z6Y!*25mqxD^b#rGH%B<|Gi_F**gb|v(6`^&0p@j<%kwvDU2?;*lk~(;_zmJn2lw19 zKZL_!ZHGNgq7P*K=_jk(dseonu+CiKpVV7Xx0i~Q595>Ef#aBb#fu4(hTJzt))z}U zLb-dWGlZ2ID_a2);rtZ={u%{>%2B6(mC-4L3DIrr{fG<;;6R#|ijxI-&CNJoNz^6P z77q<Q;hzDDP#Tm0K(~zup~T7H!!6>^ixSnVT~=`afYIk@D}uK{=#zXwRSww&b-bXS zrI(3wjvtqp<DV52H<(~e#vxPUA(mBo6_pOUExx#vuYox)F(z6h!8lpDRuR?zcYL;- z)K)7Bgio4106HU;lU8~tm4~eZIE*>TxF7|*4LdYeGpwsPT)*Z%%3L0?Ea0nwJ7~_S z6B_A><u1eUMy!MCj_wE6YMAxpa96On&^7%r`xUL<Acz1Sl&ZF9=*=xWwn%LGXF@?` z=4>{2mo0QrLO1JiFAOXfQbHhF7`uF=5KW>vPKz~vKsjMwcI7qB#Dy!<czE=8Wdsdv z&`QL@z@iu~p0d@Xev-<oM{n5U5eYd7L`*kqrQR&-$Q+(<W)Y<jZmo3fMQN*}t$$0+ zHsTx$>k+J$9Oc}Hd{G%nVQ1uRgzq3n*@J926O5Ea6-;_DVCGhCXt_Gi9LQ7VB|K>5 z7M$0d>&~mNbT5Mtr}2K>Y4GGm0Q;Y)$XM|2a=;2kHunBTh!7#~FktcerGSOegxd_j z0+WKqF9mELOy~lDUb27{ydNR%{&|kIabl7lIFXFzQXk1bCz1(fY?^o$PTts?V=xb_ zVtI7_(}FtwS6FMBK=W^S2t*#m@sZn%6E}-1pk5NM4TG-HL$DR4dCa@!er$tZHzO3N z@X2uhQII~f;b4piEnAAN<^KuQ`_@+w(45<obqzW_fB-AYiUVNsvm{VzHJbuUk81RL zqtXyYkNxC`CL&u`%$PvSdlRkRH~F~7$0&llD(gnU<9!Qt78IQMoCv+QP$wA8mNMRV zIET#pU5>=>*AEC8kCN!KNdY=J%RfW4Av_on4iLb2<5jEu<7lG*g{~%GRzNzI@|j4u z0li}&2#x^rkoO&WgGE&W^Uy6QJp3cP*@)2r4_WE~Yb}5+sIaJ-PzP2M@j9lGA5$gC zUEq}o=`%+4J`mMqqK3_7X_#d8?G|+(y4?mjU1svF4O$Z3BYT12z)qIONKVtLJ;UZ; zN~N=^J;&S}3-ip)5n)d81<*Fe4Bb&tB_$_C(ruPCBr;2U$ko*<6sZaD5Owo<5zO>J zcZaneF%Xh7Uy;S=vzT>$&dnrYyW}O-R#)Z3pwUcPtlPk}mL~Au#9<6{s8elzz@2^C z2wTAC-eeD+-MdSbY|uw|W0GmvOm=-^PU0jOG(OF0&?pHFv5?hjpqoCz5>wTuY2sIz zg?V?$7+T2cq5bo@{qt1VM_>b~(640X<okFCAG)$ja8V2=O!y)NuP2slz)+E;LE7al zAFIGYh>2=fKHse@1<TtN@q{_pW4z)qUX}@(Vb9pC3Y~V3IUFG(CTwIe>>lK2$tF#N z%`CPCASG4FpctOFWys!sH;EfaVM%?1zBwt-oEh(3{Ph@EdCWmbeoPVs0$W+q=Bi|S zNCgI#=^CBDempp_Y4-yU_hR5CfFU5s^;lrnMOHsUy}5&j8oO4Qc1op5XR=syCK33R z3uSop*9tcaSDd>D0)^>#mi#QiI>!O)HWLK=h#P0KK|~XBrZ50C@vi^>P(XKOpi|q{ zx97>pxgg^ed)s)ExMOe%7nAB$Of)Lhe?U#<%+FehjRed;;y!YTiBW<lAXdw~DGd@A zvw?{f>^QSZu%AONyaTm>%VWa;bf!y>Nhj#V%cL-ic{4h}x^kM5om6PW`~({j`?D^Y zXYr*o-@2K^9TGXSCl@zS{fy#QJKB=9WM($oKoBFymn^E*9U^-lxnkL7V3x4&jo3Yl zd+v!JN#4*l4SxYViuVOe_xFM6ZNsQJSBZ08K}FO>)Ppp3;wLml-d&Vs23Vaq@!sJC zPx)Y?$6Mfo@h@lt>2{k_&74#lg){wUX<Dq8B(l6eK;^~sj7~r|?)E}n5?Cqy6RNU2 z&6FhnN`UE9LGm<Ixe5I8uK@LROUfBgp>Keu#VNH1{-q7|K+y%ct$88(B<Vlu)9EeJ z;l|z#`h(Oow1}@MfIt2KaUeKabkEqK;6`C&27I*$f)Xar{8=b3){}OwhpVc;mszpA zM2<2jTLzk(_m#y?U*X7&y?OOwJlo21>)Iaw(r#mt5HOCz2}ZUtIuvdL9Bd4QD2^wb zXWVFo9+deN9(}&1w|P!wB#oeT@V~Aheph12Quo(j`Ex$sz-{g#_Xp0wHHN5so(>*H z>Zl9-RdKGQXx6Qlo<lGXIFaGZV@?-h0Z5Trlk}QRzL_k~1|vw^$Zf}xVR$LQ?0KZd z2m>SJX8h>v#6NrA`yuAsHufSU7qfA*`yz2FmV&%Kk1Y^yAVM}o=(*{!2@%P;^LoF+ z8#?P@6SUsze5~-{@xhtA8Xvsb5SUAtV^e8@WFptXnF*ZiWBZvfC^yu`3IxvMutg9L zT4?@4!1s1A+b=jfLkKl71B?^lQwTiifRBT+`CcmAz;l)s0A*YRkf!PN^fR@8ix*G< z-15c2t&Aj(ENNR#5~3Kc5D%TXq2WsSzL*J_99xN5Bp*c<!UTv}#ir1Ko{)=$zs$+Y z`UKH@7SEEJEW?qSCV)S=O8pCL^>^WKSku1-phiJ4@SV-*<zIgLAgi3e`ZFYo{=Ee+ z{6y91hjPMNc3YWWrb#1R#e9fVTtmf|dFJB3)9sdC)T48*__p;Nxd&k%%R|CQi>&*Y z4{D5D$XMS-LPhFluwUnXtx{i{iAZ>`Krm-H5&aixviNY)nZ?g_=X&7^RPl;4Q;;aN zUhnv=s9r|^hJ9%3e&VV@3=epDaAkK6xi(g48e*_owP!6+g&;1EHYm?k+@tWO^KE(9 zp5pHv>aZ&`xh?@#cG)Z!#CbqMrK?t9@%Ce*#o_kl)-X$a#rV<`IV#C@BX_}GZYRcf z5M<RrE)J_zs8=;VcM->zX_yULcv#yp%;-Un_r699sy^-F@(`~7O|*WxR0)y13mKp+ zzhm}X+$bTk@DC7<Rd{$J0Ng|3e-}8gIfgCNdJovdBMOkn>){5(tnf)QXA=f-H<eJs zgF~QF%C&oRPzR&Ly#%p~P3h4k!slc+q4t84lMd=u^l3w`rR025T!JyyvvC$3o|I-% zw3o}T*z@qHhH}4!EW;!0UE4%sUG6vPb!(xi_d|*;w)!sX#0L`#z0Ftg#`+rXeVWgm ze_<lW=LbO@HBdJ3=Hwc{qx_{+L{Y~%*q99+ZGknGAV>=$CIrvg?>z9MAk>M(a-z*R zg8HGYlx!swXe(x3KgGvUu?BDa`drEAoT2L@p0R9fWAlTLJ`{z0xV`lx-+H#3tYl?a z7diL6%K@oK>FZqoa|_>x8uvo|o}?)#OM+H_iwoucPhqAoT`W)GXSRH`JXyY0o-f}i jm+^d~yuiD`o6a5l&f#YU{^tTh$N9nxm<Z#@Plf*hB*)n> literal 0 HcmV?d00001 diff --git a/assets/scripts/docker-entrypoint.sh b/assets/scripts/docker-entrypoint.sh deleted file mode 100755 index 64a10de..0000000 --- a/assets/scripts/docker-entrypoint.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/bash -set -ex - -# wait for MySQL readiness -/scripts/wait-for-it.sh -h ftsdb -p 3306 -t 3600 - -# initialise / upgrade the database -#/scripts/initialize-mysql.sh - - -#mysql -u root -pfts -h ftsdb -Bse "GRANT ALL ON fts.* TO 'fts'@'%' IDENTIFIED BY 'fts';\ -# FLUSH PRIVILEGES;\ -# GRANT SUPER ON *.* to 'fts'@'%' IDENTIFIED BY 'fts';\ -# FLUSH PRIVILEGES;" -#mysql -u root -pfts -h ftsdb fts < /usr/share/fts-mysql/fts-schema-6.0.0.sql - -# startup the FTS services -#/usr/sbin/fts_server # main FTS server daemonizes -#/usr/sbin/httpd -DFOREGROUND # FTS REST frontend & FTSMON - -/usr/bin/supervisord -c /etc/supervisor/conf.d/supervisord.conf diff --git a/assets/scripts/etc/hosts b/assets/scripts/etc/hosts new file mode 100644 index 0000000..e0e9ba4 --- /dev/null +++ b/assets/scripts/etc/hosts @@ -0,0 +1,7 @@ +127.0.0.1 localhost +::1 localhost ip6-localhost ip6-loopback +fe00::0 ip6-localnet +ff00::0 ip6-mcastprefix +ff02::1 ip6-allnodes +ff02::2 ip6-allrouters +131.154.97.15 fts3-cnaf.cloud.cnaf.infn.it fts3-cnaf diff --git a/assets/scripts/fts-database-upgrade.py b/assets/scripts/fts-database-upgrade.py new file mode 100755 index 0000000..cd27f74 --- /dev/null +++ b/assets/scripts/fts-database-upgrade.py @@ -0,0 +1,285 @@ +#!/usr/bin/env python +# +# Copyright notice: +# Copyright CERN, 2016. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +import logging +import os +import subprocess +import sys +from distutils.util import strtobool +from optparse import OptionParser +from pkg_resources import parse_version +from sqlalchemy import create_engine +from sqlalchemy.exc import ProgrammingError +from tempfile import NamedTemporaryFile +from urlparse import urlparse + +from fts3.util.config import fts3_config_load + +log = logging.getLogger(__name__) + + +def infer_sql_location(config): + """ + Depending on the database configuration, guess where the sql scripts are + located + :param config: FTS3 config file parsed + :return: The inferred SQL script location + """ + base = '/usr/share' + if config['fts3.DbType'] not in ['mysql']: + raise NotImplementedError('Database type %s not supported', config['fts3.DbType']) + return os.path.join(base, 'fts-%s' % config['fts3.DbType']) + + +def connect_database(config): + """ + Connect to the database + :param config: FTS3 config file parsed + :return: A database connection + """ + log.debug('Connecting to the database') + engine = create_engine(config['sqlalchemy.url']) + conn = engine.connect() + log.debug('Connected') + return conn + + +def get_schema_version(conn): + """ + Get the schema version + :param conn: Database connection + :return: Schema version, None if not found + """ + try: + result = conn.execute( + 'SELECT major, minor, patch FROM t_schema_vers ORDER BY major DESC, minor DESC, patch DESC') + row = result.fetchone() + if row is None: + raise Exception('t_schema_vers exits but is empty!') + return parse_version("%(major)d.%(minor)d.%(patch)d" % row) + except ProgrammingError: + return None + + +def get_running_services(conn): + """ + Return a list of tuples (host, service) of services that are still alive + :param conn: Database connection + :return: List of tuples + """ + result = conn.execute( + 'SELECT hostname, service_name FROM t_hosts WHERE beat >= UTC_TIMESTAMP() - INTERVAL 2 MINUTE' + ) + services = [] + for row in result.fetchall(): + services.append((row['hostname'], row['service_name'])) + return services + +def ask_confirmation(question): + """ + Ask a yes/no question + :param question: The question + :return: True if accepted, False if not + """ + print "%s [Y/N]" % question + return strtobool(raw_input().lower()) + + +def get_full_schema_path(sql_location): + """ + Find the full schema with the higher version under sql_location + :param sql_location: Location of the SQL scripts + :return: The path to the full schema script with the highest version + """ + full_schemas = [] + for sql in os.listdir(sql_location): + if sql.endswith('.sql') and sql.startswith('fts-schema'): + path = os.path.join(sql_location, sql) + version = parse_version(sql[:-4].split('-')[2]) + log.debug('Found schema %s with version %s', path, version) + full_schemas.append((version, path)) + if len(full_schemas) == 0: + raise RuntimeError('Could not find a valid schema') + highest = sorted(full_schemas, reverse=True)[0] + log.debug('Highest schema: %s' % highest[1]) + return highest[1] + + +def get_upgrade_scripts(current_version, sql_location): + """ + Look for upgrade scripts + :param current_version: Version running now + :param sql_location: Where to look for the SQL scripts + :return: A list with upgrade scripts that must run + """ + upgrades = [] + for sql in os.listdir(sql_location): + if sql.endswith('.sql') and sql.startswith('fts-diff'): + path = os.path.join(sql_location, sql) + version = parse_version(sql[:-4].split('-')[2]) + log.debug('Found schema %s with version %s', path, version) + if version > current_version: + log.debug('Mark to upgrade') + upgrades.append((version, path)) + return [path for (version, path) in sorted(upgrades)] + + +def run_sql_script_mysql(config, sql): + """ + Run a SQL script + :param config: FTS3 config file parsed + :param sql: The SQL script + """ + parsed = urlparse('mysql://' + config['fts3.DbConnectString']) + + creds = NamedTemporaryFile(delete=True) + print >> creds, """ +[client] +user=%(fts3.DbUserName)s +password=%(fts3.DbPassword)s +""" % config + creds.flush() + + cmd = [ + 'mysql', + '--defaults-extra-file=%s' % creds.name, + '-h', parsed.hostname, + '-v' + ] + if parsed.port: + cmd.extend(['-P', str(parsed.port)]) + cmd.append(parsed.path[1:]) + + log.debug('Running %s < %s', ' '.join(cmd), sql) + + sql_fd = open(sql) + ret = subprocess.call(cmd, stdout=sys.stdout, stderr=sys.stderr, stdin=sql_fd) + if ret != 0: + raise Exception('Failed to run mysql (%d)' % ret) + + +def run_sql_script(config, sql): + """ + Run a SQL script + :param config: FTS3 config file parsed + :param sql: The SQL script + """ + log.info('Running %s' % sql) + run_sql_script_mysql(config, sql) + +def populate_schema(config, sql_location): + """ + Create the schema from scratch + :param config: FTS3 config file parsed + :param sql_location: Location of the SQL scripts + """ + log.warning('The schema does not seem to be created') + if not ask_confirmation('Do you want to create the schema now?'): + log.error('Abort') + return + + schema = get_full_schema_path(sql_location) + run_sql_script(config, schema) + + current_version = get_schema_version(connect_database(config)) + log.info('Running upgrade scripts') + upgrade_schema(connect_database(config), config, current_version, sql_location) + + +def upgrade_schema(conn, config, current_version, sql_location): + """ + Run the upgrade scripts if needed + :param conn: Database connection + :param config: FTS3 config file parsed + :param current_version: Version present in the database + :param sql_location: Location of the SQL scripts + """ + log.info('Current schema version is %s', current_version) + + running_services = get_running_services(conn) + if len(running_services) > 0: + log.warning('There are services still running') + for service in running_services: + log.warning("%s: %s" % service) + if not ask_confirmation('Do you want to continue anyway?'): + log.error('Abort') + return + + upgrade_scripts = get_upgrade_scripts(current_version, sql_location) + if len(upgrade_scripts) == 0: + log.info('No upgrades pending') + return + + log.warning('%d upgrade scripts found' % len(upgrade_scripts)) + for sql in upgrade_scripts: + log.warning(sql) + + if not ask_confirmation('Do you want to run the upgrade scripts?'): + log.error('Abort') + return + + for sql in upgrade_scripts: + run_sql_script(config, sql) + + +def prepare_schema(config, sql_location): + """ + Run the upgrade scripts + :param config: FTS3 config file parsed + :param sql_location: SQL scripts location + :return: + """ + db_type = config['fts3.DbType'] + log.info('Database type: %s' % db_type) + log.info('SQL Scripts location: %s' % sql_location) + log.info('Database: %s' % config['fts3.DbConnectString']) + log.info('User: %s' % config['fts3.DbUserName']) + + conn = connect_database(config) + + current_version = get_schema_version(conn) + if current_version is None: + populate_schema(config, sql_location) + else: + upgrade_schema(conn, config, current_version, sql_location) + + +if __name__ == '__main__': + optparser = OptionParser(description='Run database upgrade scripts') + optparser.add_option('-f', '--config-file', default='/etc/fts3/fts3config', help='Configuration file') + optparser.add_option('-v', '--verbose', default=False, action='store_true', help='Verbose mode') + optparser.add_option('-d', '--sql-location', default=None, help='SQL scripts location') + opts, args = optparser.parse_args() + if len(args) > 0: + optparser.error('No arguments are expected') + + log_handler = logging.StreamHandler(sys.stderr) + log_handler.setFormatter(logging.Formatter('[%(levelname)7s] %(message)s')) + if opts.verbose: + log_handler.setLevel(logging.DEBUG) + else: + log_handler.setLevel(logging.INFO) + log.addHandler(log_handler) + log.setLevel(logging.DEBUG) + + config = fts3_config_load(opts.config_file) + + if opts.sql_location is None: + opts.sql_location = infer_sql_location(config) + + prepare_schema(config, opts.sql_location) diff --git a/assets/scripts/fts-database-upgrade.pyc b/assets/scripts/fts-database-upgrade.pyc new file mode 100644 index 0000000000000000000000000000000000000000..3323eb76c8c9b3445e6f93e43db8f4bf76e242b6 GIT binary patch literal 9692 zcmcgy-)|h(b-uH^BDs_({*oxumaUO&MoULaCUz3HL~KXq4@<2?DYLXy(`FaLox9{N zXJ?jkXH6275Fjqlpa_Bjee6@;3$%GE+P4-3`jWi$p?^dI6zFS!^!v`8*&nPM$9$-0 z4)5IGbME=hch0#k{`b`6!}WiuH&phojK4p?ulZ>~sQ~{uDpYE>Uv|{4lh+s2ZXquh z)oxMB1r?T5=aSmJq#TYfs&Gto#?|h)eJ`nSLUqb&w`|`psc=$tF00+k_I*r+S5#+8 z?M~VEaTQ)wooTf@ZQmzUIHNi<YInxImsL2cI&*4wPB~hs_Po;9)EC(1brnpiKgZq| zRB%}eH&k#%3NNW(N(zfAxGII0RWL1uS5z<~g_|mvmBOnkn3KY5DwvnTEfrjof~$h- zQn<}Ug9UX|P{~gUdRzrq>m~Jta(3@1eMhxlR{_?-DwrQLW6syq7lne8wP8lg^@`GO zsNl8=?nsZ<(W996K*N%ZhV(J|8~xEJDfJnS;;!1QD7~z7g`XeXRYxV2{D+KxQw37# zL`qRc-&DG&+V@0ERi&${y(0CiDp+PE{&VzQ)&7=BUMjHp+tU1&G(<Bp!dAU)`(9V= z@32+|;$^tMo>QFbyKLP3o|NCAS{+TOq*u@jN`H?{=u>}3af1+M-tCKm;-1mFR(TUz z+4?R1ZC4x=Q);S7lQiCs<Iq-JLDiFP+KQv6eqwZDYo}1#<$L{eoftF@svC*+Q(f25 zK`YX>dIr6pCh<YycRH=;U^7YLY@Ru^Z2KJ@?C4H6PW<F-s}*LWCeYSPLRn@oPct=d z*Bf!vY#r3Y*bf@qIB=yd;ddRs=0iO2buS$C9EE~f493*axJvG+6z`?H7IOHpL*b;3 zY8O<ysGj49FXhb(Xs=bqIpIIzG3nyphVJSpz!$i2<fez(4gA#K_l<V#hI)xlLEUo? zdfFKG<WMJC`kCX<HI1azO^xd(S|$tQ2ILe-c?}=wcd}X5+^wD3+u4iTggji4LDn_V zX)lS^+#Rgnikdn}bl}#0_$XVzm3grXnb=HX@2fqNteQhCY%b%K5?tBX-#P2*ltSyA zVSDB^ls59uNzvvm88?bk*YvtL8SK=I*}>H%Bgf(KfGQ<C(s?|#<Md&t8|sdZ&{@tn z<+;QrWuLB}9!jAdx1tIgQqE@uCk+&21yxEO<{KytcD{;T^S7FdyxQwRp8~zoJxi%Y zB8ob`1X=;XLI7`|)^Lw%e9W0~793HPBHsBcs<MUxl%kD;w+O|KGo=B1s6o(;BCWxT zLf#Rtfbw%{2fxe2c!;dm<0#UN)J@|N-MH`p-ycygPTfD%m-zv9Icnp%70p%d>p1ko z#-Z+<tpG%V>}-S%?4eN#VSFGu5a|8hfybJZDvwj)dKFf9#JZf7g|wU%J6!CnXbZCG z>-kxJ8+D?oYHSK8b;X$)oK+vzK02K};PJEt--83f(a8bfOaO1%z&}(en6to>$}nCc zYofyfs%p=oIaR`UA5E&{GvzoAhSmOrj|!JFPzigaA8H&YaAqh--_2~@xf2Bz`@qS* zEI+8V9IUmG3GTVuaRl@>1z^p%7g=nZPq1)p^U>z|j@$9uadOXvz2qODr*Y_Rc~2g@ zY2EHdEU){-+t~En4?eN|-HpxKdNwF4+mWm{w=w(ZXnop(McVJBZp*l^!0Fj-^D25R zRb=_)U<D=aKuR*za<E+?a79n_sc!UAof2hDjV<D{L_hd_qH~+44K3{95%L}pW3}o! z=io%JO1&_}d7&7eTuiBG01ouXx8VrhL#<(x8Y?<uP8o`I#hG^Ia`ob7`s($^csZwA z2clJ{t6~L2$u{<Gs~4h2V2tOYVvGD!REtf~Hs|<`dN!~Pe~n2+TRbt^uJ48|le%%! zO?xnv#;qK}Jl=D`tDm<TdYLU**+B99lx*Rev=xS~AGSWX%rRh#-$(TxjjSlUF`r>y znVxY25g53?i8|kMRb#7hpFP<0Hr;*jy8GU{?ngW8^__>0H)}ihA3v=uyH)q$_RgmF z@%=~cTkhkB+aK+0ibCWwr*t8*uae2F0^C6DKymyq6m9Ukq*yUf9#zD9CGVEY#k+}` zi>b*qjHH?*y(og+tmjicLA~KF)fm*IFy_oVx2y%qor`t$;KJYuXvxBd4`3tUIKc2g z6Y!*25mqxD^b#rGH%B<|Gi_F**gb|v(6`^&0p@j<%kwvDU2?;*lk~(;_zmJn2lw19 zKZL_!ZHGNgq7P*K=_jk(dseonu+CiKpVV7Xx0i~Q595>Ef#aBb#fu4(hTJzt))z}U zLb-dWGlZ2ID_a2);rtZ={u%{>%2B6(mC-4L3DIrr{fG<;;6R#|ijxI-&CNJoNz^6P z77q<Q;hzDDP#Tm0K(~zup~T7H!!6>^ixSnVT~=`afYIk@D}uK{=#zXwRSww&b-bXS zrI(3wjvtqp<DV52H<(~e#vxPUA(mBo6_pOUExx#vuYox)F(z6h!8lpDRuR?zcYL;- z)K)7Bgio4106HU;lU8~tm4~eZIE*>TxF7|*4LdYeGpwsPT)*Z%%3L0?Ea0nwJ7~_S z6B_A><u1eUMy!MCj_wE6YMAxpa96On&^7%r`xUL<Acz1Sl&ZF9=*=xWwn%LGXF@?` z=4>{2mo0QrLO1JiFAOXfQbHhF7`uF=5KW>vPKz~vKsjMwcI7qB#Dy!<czE=8Wdsdv z&`QL@z@iu~p0d@Xev-<oM{n5U5eYd7L`*kqrQR&-$Q+(<W)Y<jZmo3fMQN*}t$$0+ zHsTx$>k+J$9Oc}Hd{G%nVQ1uRgzq3n*@J926O5Ea6-;_DVCGhCXt_Gi9LQ7VB|K>5 z7M$0d>&~mNbT5Mtr}2K>Y4GGm0Q;Y)$XM|2a=;2kHunBTh!7#~FktcerGSOegxd_j z0+WKqF9mELOy~lDUb27{ydNR%{&|kIabl7lIFXFzQXk1bCz1(fY?^o$PTts?V=xb_ zVtI7_(}FtwS6FMBK=W^S2t*#m@sZn%6E}-1pk5NM4TG-HL$DR4dCa@!er$tZHzO3N z@X2uhQII~f;b4piEnAAN<^KuQ`_@+w(45<obqzW_fB-AYiUVNsvm{VzHJbuUk81RL zqtXyYkNxC`CL&u`%$PvSdlRkRH~F~7$0&llD(gnU<9!Qt78IQMoCv+QP$wA8mNMRV zIET#pU5>=>*AEC8kCN!KNdY=J%RfW4Av_on4iLb2<5jEu<7lG*g{~%GRzNzI@|j4u z0li}&2#x^rkoO&WgGE&W^Uy6QJp3cP*@)2r4_WE~Yb}5+sIaJ-PzP2M@j9lGA5$gC zUEq}o=`%+4J`mMqqK3_7X_#d8?G|+(y4?mjU1svF4O$Z3BYT12z)qIONKVtLJ;UZ; zN~N=^J;&S}3-ip)5n)d81<*Fe4Bb&tB_$_C(ruPCBr;2U$ko*<6sZaD5Owo<5zO>J zcZaneF%Xh7Uy;S=vzT>$&dnrYyW}O-R#)Z3pwUcPtlPk}mL~Au#9<6{s8elzz@2^C z2wTAC-eeD+-MdSbY|uw|W0GmvOm=-^PU0jOG(OF0&?pHFv5?hjpqoCz5>wTuY2sIz zg?V?$7+T2cq5bo@{qt1VM_>b~(640X<okFCAG)$ja8V2=O!y)NuP2slz)+E;LE7al zAFIGYh>2=fKHse@1<TtN@q{_pW4z)qUX}@(Vb9pC3Y~V3IUFG(CTwIe>>lK2$tF#N z%`CPCASG4FpctOFWys!sH;EfaVM%?1zBwt-oEh(3{Ph@EdCWmbeoPVs0$W+q=Bi|S zNCgI#=^CBDempp_Y4-yU_hR5CfFU5s^;lrnMOHsUy}5&j8oO4Qc1op5XR=syCK33R z3uSop*9tcaSDd>D0)^>#mi#QiI>!O)HWLK=h#P0KK|~XBrZ50C@vi^>P(XKOpi|q{ zx97>pxgg^ed)s)ExMOe%7nAB$Of)Lhe?U#<%+FehjRed;;y!YTiBW<lAXdw~DGd@A zvw?{f>^QSZu%AONyaTm>%VWa;bf!y>Nhj#V%cL-ic{4h}x^kM5om6PW`~({j`?D^Y zXYr*o-@2K^9TGXSCl@zS{fy#QJKB=9WM($oKoBFymn^E*9U^-lxnkL7V3x4&jo3Yl zd+v!JN#4*l4SxYViuVOe_xFM6ZNsQJSBZ08K}FO>)Ppp3;wLml-d&Vs23Vaq@!sJC zPx)Y?$6Mfo@h@lt>2{k_&74#lg){wUX<Dq8B(l6eK;^~sj7~r|?)E}n5?Cqy6RNU2 z&6FhnN`UE9LGm<Ixe5I8uK@LROUfBgp>Keu#VNH1{-q7|K+y%ct$88(B<Vlu)9EeJ z;l|z#`h(Oow1}@MfIt2KaUeKabkEqK;6`C&27I*$f)Xar{8=b3){}OwhpVc;mszpA zM2<2jTLzk(_m#y?U*X7&y?OOwJlo21>)Iaw(r#mt5HOCz2}ZUtIuvdL9Bd4QD2^wb zXWVFo9+deN9(}&1w|P!wB#oeT@V~Aheph12Quo(j`Ex$sz-{g#_Xp0wHHN5so(>*H z>Zl9-RdKGQXx6Qlo<lGXIFaGZV@?-h0Z5Trlk}QRzL_k~1|vw^$Zf}xVR$LQ?0KZd z2m>SJX8h>v#6NrA`yuAsHufSU7qfA*`yz2FmV&%Kk1Y^yAVM}o=(*{!2@%P;^LoF+ z8#?P@6SUsze5~-{@xhtA8Xvsb5SUAtV^e8@WFptXnF*ZiWBZvfC^yu`3IxvMutg9L zT4?@4!1s1A+b=jfLkKl71B?^lQwTiifRBT+`CcmAz;l)s0A*YRkf!PN^fR@8ix*G< z-15c2t&Aj(ENNR#5~3Kc5D%TXq2WsSzL*J_99xN5Bp*c<!UTv}#ir1Ko{)=$zs$+Y z`UKH@7SEEJEW?qSCV)S=O8pCL^>^WKSku1-phiJ4@SV-*<zIgLAgi3e`ZFYo{=Ee+ z{6y91hjPMNc3YWWrb#1R#e9fVTtmf|dFJB3)9sdC)T48*__p;Nxd&k%%R|CQi>&*Y z4{D5D$XMS-LPhFluwUnXtx{i{iAZ>`Krm-H5&aixviNY)nZ?g_=X&7^RPl;4Q;;aN zUhnv=s9r|^hJ9%3e&VV@3=epDaAkK6xi(g48e*_owP!6+g&;1EHYm?k+@tWO^KE(9 zp5pHv>aZ&`xh?@#cG)Z!#CbqMrK?t9@%Ce*#o_kl)-X$a#rV<`IV#C@BX_}GZYRcf z5M<RrE)J_zs8=;VcM->zX_yULcv#yp%;-Un_r699sy^-F@(`~7O|*WxR0)y13mKp+ zzhm}X+$bTk@DC7<Rd{$J0Ng|3e-}8gIfgCNdJovdBMOkn>){5(tnf)QXA=f-H<eJs zgF~QF%C&oRPzR&Ly#%p~P3h4k!slc+q4t84lMd=u^l3w`rR025T!JyyvvC$3o|I-% zw3o}T*z@qHhH}4!EW;!0UE4%sUG6vPb!(xi_d|*;w)!sX#0L`#z0Ftg#`+rXeVWgm ze_<lW=LbO@HBdJ3=Hwc{qx_{+L{Y~%*q99+ZGknGAV>=$CIrvg?>z9MAk>M(a-z*R zg8HGYlx!swXe(x3KgGvUu?BDa`drEAoT2L@p0R9fWAlTLJ`{z0xV`lx-+H#3tYl?a z7diL6%K@oK>FZqoa|_>x8uvo|o}?)#OM+H_iwoucPhqAoT`W)GXSRH`JXyY0o-f}i jm+^d~yuiD`o6a5l&f#YU{^tTh$N9nxm<Z#@Plf*hB*)n> literal 0 HcmV?d00001 diff --git a/assets/scripts/fts-database-upgrade.pyo b/assets/scripts/fts-database-upgrade.pyo new file mode 100644 index 0000000000000000000000000000000000000000..3323eb76c8c9b3445e6f93e43db8f4bf76e242b6 GIT binary patch literal 9692 zcmcgy-)|h(b-uH^BDs_({*oxumaUO&MoULaCUz3HL~KXq4@<2?DYLXy(`FaLox9{N zXJ?jkXH6275Fjqlpa_Bjee6@;3$%GE+P4-3`jWi$p?^dI6zFS!^!v`8*&nPM$9$-0 z4)5IGbME=hch0#k{`b`6!}WiuH&phojK4p?ulZ>~sQ~{uDpYE>Uv|{4lh+s2ZXquh z)oxMB1r?T5=aSmJq#TYfs&Gto#?|h)eJ`nSLUqb&w`|`psc=$tF00+k_I*r+S5#+8 z?M~VEaTQ)wooTf@ZQmzUIHNi<YInxImsL2cI&*4wPB~hs_Po;9)EC(1brnpiKgZq| zRB%}eH&k#%3NNW(N(zfAxGII0RWL1uS5z<~g_|mvmBOnkn3KY5DwvnTEfrjof~$h- zQn<}Ug9UX|P{~gUdRzrq>m~Jta(3@1eMhxlR{_?-DwrQLW6syq7lne8wP8lg^@`GO zsNl8=?nsZ<(W996K*N%ZhV(J|8~xEJDfJnS;;!1QD7~z7g`XeXRYxV2{D+KxQw37# zL`qRc-&DG&+V@0ERi&${y(0CiDp+PE{&VzQ)&7=BUMjHp+tU1&G(<Bp!dAU)`(9V= z@32+|;$^tMo>QFbyKLP3o|NCAS{+TOq*u@jN`H?{=u>}3af1+M-tCKm;-1mFR(TUz z+4?R1ZC4x=Q);S7lQiCs<Iq-JLDiFP+KQv6eqwZDYo}1#<$L{eoftF@svC*+Q(f25 zK`YX>dIr6pCh<YycRH=;U^7YLY@Ru^Z2KJ@?C4H6PW<F-s}*LWCeYSPLRn@oPct=d z*Bf!vY#r3Y*bf@qIB=yd;ddRs=0iO2buS$C9EE~f493*axJvG+6z`?H7IOHpL*b;3 zY8O<ysGj49FXhb(Xs=bqIpIIzG3nyphVJSpz!$i2<fez(4gA#K_l<V#hI)xlLEUo? zdfFKG<WMJC`kCX<HI1azO^xd(S|$tQ2ILe-c?}=wcd}X5+^wD3+u4iTggji4LDn_V zX)lS^+#Rgnikdn}bl}#0_$XVzm3grXnb=HX@2fqNteQhCY%b%K5?tBX-#P2*ltSyA zVSDB^ls59uNzvvm88?bk*YvtL8SK=I*}>H%Bgf(KfGQ<C(s?|#<Md&t8|sdZ&{@tn z<+;QrWuLB}9!jAdx1tIgQqE@uCk+&21yxEO<{KytcD{;T^S7FdyxQwRp8~zoJxi%Y zB8ob`1X=;XLI7`|)^Lw%e9W0~793HPBHsBcs<MUxl%kD;w+O|KGo=B1s6o(;BCWxT zLf#Rtfbw%{2fxe2c!;dm<0#UN)J@|N-MH`p-ycygPTfD%m-zv9Icnp%70p%d>p1ko z#-Z+<tpG%V>}-S%?4eN#VSFGu5a|8hfybJZDvwj)dKFf9#JZf7g|wU%J6!CnXbZCG z>-kxJ8+D?oYHSK8b;X$)oK+vzK02K};PJEt--83f(a8bfOaO1%z&}(en6to>$}nCc zYofyfs%p=oIaR`UA5E&{GvzoAhSmOrj|!JFPzigaA8H&YaAqh--_2~@xf2Bz`@qS* zEI+8V9IUmG3GTVuaRl@>1z^p%7g=nZPq1)p^U>z|j@$9uadOXvz2qODr*Y_Rc~2g@ zY2EHdEU){-+t~En4?eN|-HpxKdNwF4+mWm{w=w(ZXnop(McVJBZp*l^!0Fj-^D25R zRb=_)U<D=aKuR*za<E+?a79n_sc!UAof2hDjV<D{L_hd_qH~+44K3{95%L}pW3}o! z=io%JO1&_}d7&7eTuiBG01ouXx8VrhL#<(x8Y?<uP8o`I#hG^Ia`ob7`s($^csZwA z2clJ{t6~L2$u{<Gs~4h2V2tOYVvGD!REtf~Hs|<`dN!~Pe~n2+TRbt^uJ48|le%%! zO?xnv#;qK}Jl=D`tDm<TdYLU**+B99lx*Rev=xS~AGSWX%rRh#-$(TxjjSlUF`r>y znVxY25g53?i8|kMRb#7hpFP<0Hr;*jy8GU{?ngW8^__>0H)}ihA3v=uyH)q$_RgmF z@%=~cTkhkB+aK+0ibCWwr*t8*uae2F0^C6DKymyq6m9Ukq*yUf9#zD9CGVEY#k+}` zi>b*qjHH?*y(og+tmjicLA~KF)fm*IFy_oVx2y%qor`t$;KJYuXvxBd4`3tUIKc2g z6Y!*25mqxD^b#rGH%B<|Gi_F**gb|v(6`^&0p@j<%kwvDU2?;*lk~(;_zmJn2lw19 zKZL_!ZHGNgq7P*K=_jk(dseonu+CiKpVV7Xx0i~Q595>Ef#aBb#fu4(hTJzt))z}U zLb-dWGlZ2ID_a2);rtZ={u%{>%2B6(mC-4L3DIrr{fG<;;6R#|ijxI-&CNJoNz^6P z77q<Q;hzDDP#Tm0K(~zup~T7H!!6>^ixSnVT~=`afYIk@D}uK{=#zXwRSww&b-bXS zrI(3wjvtqp<DV52H<(~e#vxPUA(mBo6_pOUExx#vuYox)F(z6h!8lpDRuR?zcYL;- z)K)7Bgio4106HU;lU8~tm4~eZIE*>TxF7|*4LdYeGpwsPT)*Z%%3L0?Ea0nwJ7~_S z6B_A><u1eUMy!MCj_wE6YMAxpa96On&^7%r`xUL<Acz1Sl&ZF9=*=xWwn%LGXF@?` z=4>{2mo0QrLO1JiFAOXfQbHhF7`uF=5KW>vPKz~vKsjMwcI7qB#Dy!<czE=8Wdsdv z&`QL@z@iu~p0d@Xev-<oM{n5U5eYd7L`*kqrQR&-$Q+(<W)Y<jZmo3fMQN*}t$$0+ zHsTx$>k+J$9Oc}Hd{G%nVQ1uRgzq3n*@J926O5Ea6-;_DVCGhCXt_Gi9LQ7VB|K>5 z7M$0d>&~mNbT5Mtr}2K>Y4GGm0Q;Y)$XM|2a=;2kHunBTh!7#~FktcerGSOegxd_j z0+WKqF9mELOy~lDUb27{ydNR%{&|kIabl7lIFXFzQXk1bCz1(fY?^o$PTts?V=xb_ zVtI7_(}FtwS6FMBK=W^S2t*#m@sZn%6E}-1pk5NM4TG-HL$DR4dCa@!er$tZHzO3N z@X2uhQII~f;b4piEnAAN<^KuQ`_@+w(45<obqzW_fB-AYiUVNsvm{VzHJbuUk81RL zqtXyYkNxC`CL&u`%$PvSdlRkRH~F~7$0&llD(gnU<9!Qt78IQMoCv+QP$wA8mNMRV zIET#pU5>=>*AEC8kCN!KNdY=J%RfW4Av_on4iLb2<5jEu<7lG*g{~%GRzNzI@|j4u z0li}&2#x^rkoO&WgGE&W^Uy6QJp3cP*@)2r4_WE~Yb}5+sIaJ-PzP2M@j9lGA5$gC zUEq}o=`%+4J`mMqqK3_7X_#d8?G|+(y4?mjU1svF4O$Z3BYT12z)qIONKVtLJ;UZ; zN~N=^J;&S}3-ip)5n)d81<*Fe4Bb&tB_$_C(ruPCBr;2U$ko*<6sZaD5Owo<5zO>J zcZaneF%Xh7Uy;S=vzT>$&dnrYyW}O-R#)Z3pwUcPtlPk}mL~Au#9<6{s8elzz@2^C z2wTAC-eeD+-MdSbY|uw|W0GmvOm=-^PU0jOG(OF0&?pHFv5?hjpqoCz5>wTuY2sIz zg?V?$7+T2cq5bo@{qt1VM_>b~(640X<okFCAG)$ja8V2=O!y)NuP2slz)+E;LE7al zAFIGYh>2=fKHse@1<TtN@q{_pW4z)qUX}@(Vb9pC3Y~V3IUFG(CTwIe>>lK2$tF#N z%`CPCASG4FpctOFWys!sH;EfaVM%?1zBwt-oEh(3{Ph@EdCWmbeoPVs0$W+q=Bi|S zNCgI#=^CBDempp_Y4-yU_hR5CfFU5s^;lrnMOHsUy}5&j8oO4Qc1op5XR=syCK33R z3uSop*9tcaSDd>D0)^>#mi#QiI>!O)HWLK=h#P0KK|~XBrZ50C@vi^>P(XKOpi|q{ zx97>pxgg^ed)s)ExMOe%7nAB$Of)Lhe?U#<%+FehjRed;;y!YTiBW<lAXdw~DGd@A zvw?{f>^QSZu%AONyaTm>%VWa;bf!y>Nhj#V%cL-ic{4h}x^kM5om6PW`~({j`?D^Y zXYr*o-@2K^9TGXSCl@zS{fy#QJKB=9WM($oKoBFymn^E*9U^-lxnkL7V3x4&jo3Yl zd+v!JN#4*l4SxYViuVOe_xFM6ZNsQJSBZ08K}FO>)Ppp3;wLml-d&Vs23Vaq@!sJC zPx)Y?$6Mfo@h@lt>2{k_&74#lg){wUX<Dq8B(l6eK;^~sj7~r|?)E}n5?Cqy6RNU2 z&6FhnN`UE9LGm<Ixe5I8uK@LROUfBgp>Keu#VNH1{-q7|K+y%ct$88(B<Vlu)9EeJ z;l|z#`h(Oow1}@MfIt2KaUeKabkEqK;6`C&27I*$f)Xar{8=b3){}OwhpVc;mszpA zM2<2jTLzk(_m#y?U*X7&y?OOwJlo21>)Iaw(r#mt5HOCz2}ZUtIuvdL9Bd4QD2^wb zXWVFo9+deN9(}&1w|P!wB#oeT@V~Aheph12Quo(j`Ex$sz-{g#_Xp0wHHN5so(>*H z>Zl9-RdKGQXx6Qlo<lGXIFaGZV@?-h0Z5Trlk}QRzL_k~1|vw^$Zf}xVR$LQ?0KZd z2m>SJX8h>v#6NrA`yuAsHufSU7qfA*`yz2FmV&%Kk1Y^yAVM}o=(*{!2@%P;^LoF+ z8#?P@6SUsze5~-{@xhtA8Xvsb5SUAtV^e8@WFptXnF*ZiWBZvfC^yu`3IxvMutg9L zT4?@4!1s1A+b=jfLkKl71B?^lQwTiifRBT+`CcmAz;l)s0A*YRkf!PN^fR@8ix*G< z-15c2t&Aj(ENNR#5~3Kc5D%TXq2WsSzL*J_99xN5Bp*c<!UTv}#ir1Ko{)=$zs$+Y z`UKH@7SEEJEW?qSCV)S=O8pCL^>^WKSku1-phiJ4@SV-*<zIgLAgi3e`ZFYo{=Ee+ z{6y91hjPMNc3YWWrb#1R#e9fVTtmf|dFJB3)9sdC)T48*__p;Nxd&k%%R|CQi>&*Y z4{D5D$XMS-LPhFluwUnXtx{i{iAZ>`Krm-H5&aixviNY)nZ?g_=X&7^RPl;4Q;;aN zUhnv=s9r|^hJ9%3e&VV@3=epDaAkK6xi(g48e*_owP!6+g&;1EHYm?k+@tWO^KE(9 zp5pHv>aZ&`xh?@#cG)Z!#CbqMrK?t9@%Ce*#o_kl)-X$a#rV<`IV#C@BX_}GZYRcf z5M<RrE)J_zs8=;VcM->zX_yULcv#yp%;-Un_r699sy^-F@(`~7O|*WxR0)y13mKp+ zzhm}X+$bTk@DC7<Rd{$J0Ng|3e-}8gIfgCNdJovdBMOkn>){5(tnf)QXA=f-H<eJs zgF~QF%C&oRPzR&Ly#%p~P3h4k!slc+q4t84lMd=u^l3w`rR025T!JyyvvC$3o|I-% zw3o}T*z@qHhH}4!EW;!0UE4%sUG6vPb!(xi_d|*;w)!sX#0L`#z0Ftg#`+rXeVWgm ze_<lW=LbO@HBdJ3=Hwc{qx_{+L{Y~%*q99+ZGknGAV>=$CIrvg?>z9MAk>M(a-z*R zg8HGYlx!swXe(x3KgGvUu?BDa`drEAoT2L@p0R9fWAlTLJ`{z0xV`lx-+H#3tYl?a z7diL6%K@oK>FZqoa|_>x8uvo|o}?)#OM+H_iwoucPhqAoT`W)GXSRH`JXyY0o-f}i jm+^d~yuiD`o6a5l&f#YU{^tTh$N9nxm<Z#@Plf*hB*)n> literal 0 HcmV?d00001 diff --git a/assets/scripts/initialize-mysql.sh b/assets/scripts/initialize-mysql.sh index c796aac..f4fe2d2 100755 --- a/assets/scripts/initialize-mysql.sh +++ b/assets/scripts/initialize-mysql.sh @@ -2,7 +2,7 @@ set -ex # wait for MySQL readiness -#/scripts/wait-for-it.sh -h ftsdb -p 3306 -t 3600 +/scripts/wait-for-it.sh -h ftsdb -p 3306 -t 3600 #/bin/mysql -u root -pfts -h ftsdb fts < /usr/share/fts-mysql/fts-schema-6.0.0.sql mysql -u root -pfts -h ftsdb fts < /scripts/fts-schema-6.0.0.sql diff --git a/assets/scripts/startup-fts-mon.sh b/assets/scripts/startup-fts-mon.sh new file mode 100755 index 0000000..70bc2e3 --- /dev/null +++ b/assets/scripts/startup-fts-mon.sh @@ -0,0 +1,15 @@ +#!/bin/bash +set -ex + +# wait for MySQL readiness +/scripts/wait-for-it.sh -h vm-131-154-97-13.cloud.cnaf.infn.it -p 3306 -t 3600 + +# put host certificate and keys in place +cp /certs/hostcert.pem /etc/grid-security/hostcert.pem +cp /certs/hostkey.pem /etc/grid-security/hostkey.pem +cp /scripts/etc/hosts /etc/hosts + +# put fts monitorind httpd config file in place +#cp /fts3-mon/ftsmon.conf /etc/httpd/conf.d/ftsmon.conf + +/usr/sbin/httpd -DFOREGROUND # FTS REST frontend & FTSMON diff --git a/assets/scripts/startup-fts-rest-mon.sh b/assets/scripts/startup-fts-rest-mon.sh deleted file mode 100755 index 8547cfe..0000000 --- a/assets/scripts/startup-fts-rest-mon.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/bash -set -ex - -# wait for MySQL readiness -/scripts/wait-for-it.sh -h ftsdb -p 3306 -t 3600 - - -cp /certs/hostcert.pem /etc/grid-security/hostcert.pem -cp /certs/hostkey.pem /etc/grid-security/hostkey.pem - -/usr/sbin/httpd -DFOREGROUND # FTS REST frontend & FTSMON diff --git a/assets/scripts/startup-fts-rest.sh b/assets/scripts/startup-fts-rest.sh index f5d0f9a..1e53024 100755 --- a/assets/scripts/startup-fts-rest.sh +++ b/assets/scripts/startup-fts-rest.sh @@ -2,11 +2,15 @@ set -ex # wait for MySQL readiness -/scripts/wait-for-it.sh -h ftsdb -p 3306 -t 3600 - +/scripts/wait-for-it.sh -h vm-131-154-97-13.cloud.cnaf.infn.it -p 3306 -t 3600 +# put host certificate and key to their place cp /certs/hostcert.pem /etc/grid-security/hostcert.pem cp /certs/hostkey.pem /etc/grid-security/hostkey.pem +cp /scripts/etc/hosts /etc/hosts + +# put fts3 rest httpd config file to it's place +#cp /fts3-rest/fts3rest.conf /etc/httpd/conf.d/fts3rest.conf + +/usr/sbin/apachectl -DFOREGROUND # FTS REST frontend -/usr/sbin/apachectl -DFOREGROUND -#/usr/sbin/httpd -DFOREGROUND # FTS REST frontend & FTSMON diff --git a/assets/scripts/startup-fts-server.sh b/assets/scripts/startup-fts-server.sh new file mode 100755 index 0000000..f70dcb2 --- /dev/null +++ b/assets/scripts/startup-fts-server.sh @@ -0,0 +1,11 @@ +#!/bin/bash +set -ex + +# wait for MySQL readiness +/scripts/wait-for-it.sh -h vm-131-154-97-13.cloud.cnaf.infn.it -p 3306 -t 3600 + +cp /certs/hostcert.pem /etc/grid-security/hostcert.pem +cp /certs/hostkey.pem /etc/grid-security/hostkey.pem +cp /scripts/etc/hosts /etc/hosts + +/usr/bin/supervisord -c /etc/supervisor/conf.d/supervisord.conf diff --git a/assets/supervisor/conf.d/supervisord.conf b/assets/supervisor/conf.d/supervisord.conf new file mode 100644 index 0000000..fee6f06 --- /dev/null +++ b/assets/supervisor/conf.d/supervisord.conf @@ -0,0 +1,36 @@ +[supervisord] +nodaemon=true +user=root + +[program:bringonline] +command=/usr/sbin/fts_bringonline -t 25 +autostart=true +autorestart=true +startretries=10 +stdout_logfile=/var/log/fts3/fts_bringonline_stdout.log +stderr_logfile=/var/log/fts3/fts_bringonline_stderr.log +priority=50 + +[program:fts-server] +command=/usr/sbin/fts_server -t 25 +autostart=true +autorestart=true +startretries=10 +stdout_logfile=/var/log/fts3/fts_server_stdout.log +stderr_logfile=/var/log/fts3/fts_server_stderr.log +priority=50 + +[program:fts-msg-bulk] +command=/usr/sbin/fts_msg_bulk +autostart=true +autorestart=true +startretries=10 +priority=50 + +[program:cron] +command=/usr/sbin/crond -n +autostart=true +autorestart=true +startretries=10 +priority=50 + diff --git a/assets/vomsdir/alice/lcg-voms2.cern.ch.lsc b/assets/vomsdir/alice/lcg-voms2.cern.ch.lsc new file mode 100644 index 0000000..6279707 --- /dev/null +++ b/assets/vomsdir/alice/lcg-voms2.cern.ch.lsc @@ -0,0 +1,2 @@ +/DC=ch/DC=cern/OU=computers/CN=lcg-voms2.cern.ch +/DC=ch/DC=cern/CN=CERN Grid Certification Authority diff --git a/assets/vomsdir/alice/voms2.cern.ch.lsc b/assets/vomsdir/alice/voms2.cern.ch.lsc new file mode 100644 index 0000000..54ccd3a --- /dev/null +++ b/assets/vomsdir/alice/voms2.cern.ch.lsc @@ -0,0 +1,2 @@ +/DC=ch/DC=cern/OU=computers/CN=voms2.cern.ch +/DC=ch/DC=cern/CN=CERN Grid Certification Authority diff --git a/assets/vomsdir/argo/voms-01.pd.infn.it.lsc b/assets/vomsdir/argo/voms-01.pd.infn.it.lsc new file mode 100644 index 0000000..6d4d714 --- /dev/null +++ b/assets/vomsdir/argo/voms-01.pd.infn.it.lsc @@ -0,0 +1,2 @@ +/DC=org/DC=terena/DC=tcs/C=IT/L=Frascati/O=Istituto Nazionale di Fisica Nucleare/CN=voms-01.pd.infn.it +/C=NL/ST=Noord-Holland/L=Amsterdam/O=TERENA/CN=TERENA eScience SSL CA 3 diff --git a/assets/vomsdir/argo/voms.cnaf.infn.it.lsc b/assets/vomsdir/argo/voms.cnaf.infn.it.lsc new file mode 100644 index 0000000..911bd72 --- /dev/null +++ b/assets/vomsdir/argo/voms.cnaf.infn.it.lsc @@ -0,0 +1,2 @@ +/DC=org/DC=terena/DC=tcs/C=IT/L=Frascati/O=Istituto Nazionale di Fisica Nucleare/OU=CNAF/CN=voms.cnaf.infn.it +/C=NL/O=GEANT Vereniging/CN=GEANT eScience SSL CA 4 diff --git a/assets/vomsdir/atlas/lcg-voms2.cern.ch.lsc b/assets/vomsdir/atlas/lcg-voms2.cern.ch.lsc new file mode 100644 index 0000000..6279707 --- /dev/null +++ b/assets/vomsdir/atlas/lcg-voms2.cern.ch.lsc @@ -0,0 +1,2 @@ +/DC=ch/DC=cern/OU=computers/CN=lcg-voms2.cern.ch +/DC=ch/DC=cern/CN=CERN Grid Certification Authority diff --git a/assets/vomsdir/atlas/voms2.cern.ch.lsc b/assets/vomsdir/atlas/voms2.cern.ch.lsc new file mode 100644 index 0000000..54ccd3a --- /dev/null +++ b/assets/vomsdir/atlas/voms2.cern.ch.lsc @@ -0,0 +1,2 @@ +/DC=ch/DC=cern/OU=computers/CN=voms2.cern.ch +/DC=ch/DC=cern/CN=CERN Grid Certification Authority diff --git a/assets/vomsdir/auger/voms1.grid.cesnet.cz.lsc b/assets/vomsdir/auger/voms1.grid.cesnet.cz.lsc new file mode 100644 index 0000000..7e7fc74 --- /dev/null +++ b/assets/vomsdir/auger/voms1.grid.cesnet.cz.lsc @@ -0,0 +1,2 @@ +/DC=org/DC=terena/DC=tcs/C=CZ/ST=Hlavni mesto Praha/L=Praha 6/O=CESNET/CN=voms1.grid.cesnet.cz +/C=NL/ST=Noord-Holland/L=Amsterdam/O=TERENA/CN=TERENA eScience SSL CA 3 diff --git a/assets/vomsdir/auger/voms2.grid.cesnet.cz.lsc b/assets/vomsdir/auger/voms2.grid.cesnet.cz.lsc new file mode 100644 index 0000000..14a9685 --- /dev/null +++ b/assets/vomsdir/auger/voms2.grid.cesnet.cz.lsc @@ -0,0 +1,2 @@ +/DC=org/DC=terena/DC=tcs/C=CZ/ST=Hlavni mesto Praha/L=Praha 6/O=CESNET/CN=voms2.grid.cesnet.cz +/C=NL/ST=Noord-Holland/L=Amsterdam/O=TERENA/CN=TERENA eScience SSL CA 3 diff --git a/assets/vomsdir/babar/voms.gridpp.ac.uk.lsc b/assets/vomsdir/babar/voms.gridpp.ac.uk.lsc new file mode 100644 index 0000000..5b37691 --- /dev/null +++ b/assets/vomsdir/babar/voms.gridpp.ac.uk.lsc @@ -0,0 +1,2 @@ +/C=UK/O=eScience/OU=Manchester/L=HEP/CN=voms.gridpp.ac.uk/emailAddress=ops@tier2.hep.manchester.ac.uk +/C=UK/O=eScienceCA/OU=Authority/CN=UK e-Science CA diff --git a/assets/vomsdir/belle/grid-voms.desy.de.lsc b/assets/vomsdir/belle/grid-voms.desy.de.lsc new file mode 100644 index 0000000..f21bcc4 --- /dev/null +++ b/assets/vomsdir/belle/grid-voms.desy.de.lsc @@ -0,0 +1,2 @@ +/C=DE/O=GermanGrid/OU=DESY/CN=host/grid-voms.desy.de +/C=DE/O=GermanGrid/CN=GridKa-CA diff --git a/assets/vomsdir/belle/voms.cc.kek.jp.lsc b/assets/vomsdir/belle/voms.cc.kek.jp.lsc new file mode 100644 index 0000000..92e8f66 --- /dev/null +++ b/assets/vomsdir/belle/voms.cc.kek.jp.lsc @@ -0,0 +1,2 @@ +/C=JP/O=KEK/OU=CRC/CN=host/voms.cc.kek.jp +/C=JP/O=KEK/OU=CRC/CN=KEK GRID Certificate Authority diff --git a/assets/vomsdir/belle/voms.hep.pnnl.gov.lsc b/assets/vomsdir/belle/voms.hep.pnnl.gov.lsc new file mode 100644 index 0000000..c2ecf1f --- /dev/null +++ b/assets/vomsdir/belle/voms.hep.pnnl.gov.lsc @@ -0,0 +1,2 @@ +/DC=org/DC=opensciencegrid/O=Open Science Grid/OU=Services/CN=voms.hep.pnnl.gov +/DC=org/DC=cilogon/C=US/O=CILogon/CN=CILogon OSG CA 1 diff --git a/assets/vomsdir/biomed/cclcgvomsli01.in2p3.fr.lsc b/assets/vomsdir/biomed/cclcgvomsli01.in2p3.fr.lsc new file mode 100644 index 0000000..f350d34 --- /dev/null +++ b/assets/vomsdir/biomed/cclcgvomsli01.in2p3.fr.lsc @@ -0,0 +1,2 @@ +/O=GRID-FR/C=FR/O=CNRS/OU=CC-IN2P3/CN=cclcgvomsli01.in2p3.fr +/C=FR/O=MENESR/OU=GRID-FR/CN=AC GRID-FR Services diff --git a/assets/vomsdir/cdf/voms-01.pd.infn.it.lsc b/assets/vomsdir/cdf/voms-01.pd.infn.it.lsc new file mode 100644 index 0000000..6d4d714 --- /dev/null +++ b/assets/vomsdir/cdf/voms-01.pd.infn.it.lsc @@ -0,0 +1,2 @@ +/DC=org/DC=terena/DC=tcs/C=IT/L=Frascati/O=Istituto Nazionale di Fisica Nucleare/CN=voms-01.pd.infn.it +/C=NL/ST=Noord-Holland/L=Amsterdam/O=TERENA/CN=TERENA eScience SSL CA 3 diff --git a/assets/vomsdir/cdf/voms.cnaf.infn.it.lsc b/assets/vomsdir/cdf/voms.cnaf.infn.it.lsc new file mode 100644 index 0000000..911bd72 --- /dev/null +++ b/assets/vomsdir/cdf/voms.cnaf.infn.it.lsc @@ -0,0 +1,2 @@ +/DC=org/DC=terena/DC=tcs/C=IT/L=Frascati/O=Istituto Nazionale di Fisica Nucleare/OU=CNAF/CN=voms.cnaf.infn.it +/C=NL/O=GEANT Vereniging/CN=GEANT eScience SSL CA 4 diff --git a/assets/vomsdir/cdf/voms1.fnal.gov.lsc b/assets/vomsdir/cdf/voms1.fnal.gov.lsc new file mode 100644 index 0000000..0a57f62 --- /dev/null +++ b/assets/vomsdir/cdf/voms1.fnal.gov.lsc @@ -0,0 +1,2 @@ +/DC=com/DC=DigiCert-Grid/O=Open Science Grid/OU=Services/CN=voms1.fnal.gov +/DC=com/DC=DigiCert-Grid/O=DigiCert Grid/CN=DigiCert Grid CA-1 diff --git a/assets/vomsdir/cdf/voms2.fnal.gov.lsc b/assets/vomsdir/cdf/voms2.fnal.gov.lsc new file mode 100644 index 0000000..e5479c8 --- /dev/null +++ b/assets/vomsdir/cdf/voms2.fnal.gov.lsc @@ -0,0 +1,2 @@ +/DC=org/DC=opensciencegrid/O=Open Science Grid/OU=Services/CN=voms2.fnal.gov +/DC=org/DC=cilogon/C=US/O=CILogon/CN=CILogon OSG CA 1 diff --git a/assets/vomsdir/clas12/gryphn.phys.uconn.edu.lsc b/assets/vomsdir/clas12/gryphn.phys.uconn.edu.lsc new file mode 100644 index 0000000..2fee7df --- /dev/null +++ b/assets/vomsdir/clas12/gryphn.phys.uconn.edu.lsc @@ -0,0 +1,2 @@ +/DC=org/DC=opensciencegrid/O=Open Science Grid/OU=Services/CN=voms/gryphn.phys.uconn.edu +/C=US/O=Internet2/OU=InCommon/CN=InCommon IGTF Server CA diff --git a/assets/vomsdir/clas12/jlabvoms.t2.ucsd.edu.lsc b/assets/vomsdir/clas12/jlabvoms.t2.ucsd.edu.lsc new file mode 100644 index 0000000..b108f24 --- /dev/null +++ b/assets/vomsdir/clas12/jlabvoms.t2.ucsd.edu.lsc @@ -0,0 +1,2 @@ +/DC=org/DC=incommon/C=US/ST=California/L=La Jolla/O=University of California, San Diego/OU=UCSD/CN=jlabvoms.t2.ucsd.edu +/C=US/O=Internet2/OU=InCommon/CN=InCommon IGTF Server CA diff --git a/assets/vomsdir/cms/lcg-voms2.cern.ch.lsc b/assets/vomsdir/cms/lcg-voms2.cern.ch.lsc new file mode 100644 index 0000000..6279707 --- /dev/null +++ b/assets/vomsdir/cms/lcg-voms2.cern.ch.lsc @@ -0,0 +1,2 @@ +/DC=ch/DC=cern/OU=computers/CN=lcg-voms2.cern.ch +/DC=ch/DC=cern/CN=CERN Grid Certification Authority diff --git a/assets/vomsdir/cms/voms2.cern.ch.lsc b/assets/vomsdir/cms/voms2.cern.ch.lsc new file mode 100644 index 0000000..54ccd3a --- /dev/null +++ b/assets/vomsdir/cms/voms2.cern.ch.lsc @@ -0,0 +1,2 @@ +/DC=ch/DC=cern/OU=computers/CN=voms2.cern.ch +/DC=ch/DC=cern/CN=CERN Grid Certification Authority diff --git a/assets/vomsdir/dteam/voms2.hellasgrid.gr.lsc b/assets/vomsdir/dteam/voms2.hellasgrid.gr.lsc new file mode 100644 index 0000000..2bf8ea4 --- /dev/null +++ b/assets/vomsdir/dteam/voms2.hellasgrid.gr.lsc @@ -0,0 +1,2 @@ +/C=GR/O=HellasGrid/OU=hellasgrid.gr/CN=voms2.hellasgrid.gr +/C=GR/O=HellasGrid/OU=Certification Authorities/CN=HellasGrid CA 2016 diff --git a/assets/vomsdir/geant4/lcg-voms.cern.ch.lsc b/assets/vomsdir/geant4/lcg-voms.cern.ch.lsc new file mode 100644 index 0000000..8817af5 --- /dev/null +++ b/assets/vomsdir/geant4/lcg-voms.cern.ch.lsc @@ -0,0 +1,2 @@ +/DC=ch/DC=cern/OU=computers/CN=lcg-voms.cern.ch +/DC=ch/DC=cern/CN=CERN Trusted Certification Authority diff --git a/assets/vomsdir/geant4/voms.cern.ch.lsc b/assets/vomsdir/geant4/voms.cern.ch.lsc new file mode 100644 index 0000000..baa6c15 --- /dev/null +++ b/assets/vomsdir/geant4/voms.cern.ch.lsc @@ -0,0 +1,2 @@ +/DC=ch/DC=cern/OU=computers/CN=voms.cern.ch +/DC=ch/DC=cern/CN=CERN Trusted Certification Authority diff --git a/assets/vomsdir/gerda.mpg.de/vomsIGI-NA.unina.it.lsc b/assets/vomsdir/gerda.mpg.de/vomsIGI-NA.unina.it.lsc new file mode 100644 index 0000000..45ed9b6 --- /dev/null +++ b/assets/vomsdir/gerda.mpg.de/vomsIGI-NA.unina.it.lsc @@ -0,0 +1,2 @@ +/DC=org/DC=terena/DC=tcs/C=IT/ST=Campania/L=Napoli/O=Universita degli Studi di Napoli FEDERICO II/CN=vomsIGI-NA.unina.it +/C=NL/ST=Noord-Holland/L=Amsterdam/O=TERENA/CN=TERENA eScience SSL CA 3 diff --git a/assets/vomsdir/gerda.mpg.de/vomsmania.cnaf.infn.it.lsc b/assets/vomsdir/gerda.mpg.de/vomsmania.cnaf.infn.it.lsc new file mode 100644 index 0000000..322d18c --- /dev/null +++ b/assets/vomsdir/gerda.mpg.de/vomsmania.cnaf.infn.it.lsc @@ -0,0 +1,2 @@ +/DC=org/DC=terena/DC=tcs/C=IT/L=Frascati/O=Istituto Nazionale di Fisica Nucleare/CN=vomsmania.cnaf.infn.it +/C=NL/O=GEANT Vereniging/CN=GEANT eScience SSL CA 4 diff --git a/assets/vomsdir/glast.org/voms-02.pd.infn.it.lsc b/assets/vomsdir/glast.org/voms-02.pd.infn.it.lsc new file mode 100644 index 0000000..ecf661b --- /dev/null +++ b/assets/vomsdir/glast.org/voms-02.pd.infn.it.lsc @@ -0,0 +1,2 @@ +/DC=org/DC=terena/DC=tcs/C=IT/L=Frascati/O=Istituto Nazionale di Fisica Nucleare/CN=voms-02.pd.infn.it +/C=NL/ST=Noord-Holland/L=Amsterdam/O=TERENA/CN=TERENA eScience SSL CA 3 diff --git a/assets/vomsdir/glast.org/voms2.cnaf.infn.it.lsc b/assets/vomsdir/glast.org/voms2.cnaf.infn.it.lsc new file mode 100644 index 0000000..2d28ddc --- /dev/null +++ b/assets/vomsdir/glast.org/voms2.cnaf.infn.it.lsc @@ -0,0 +1,2 @@ +/DC=org/DC=terena/DC=tcs/C=IT/L=Frascati/O=Istituto Nazionale di Fisica Nucleare/OU=Istituto Nazionale di Fisica Nucleare/CN=voms2.cnaf.infn.it +/C=NL/O=GEANT Vereniging/CN=GEANT eScience SSL CA 4 diff --git a/assets/vomsdir/icarus-exp.org/vomsIGI-NA.unina.it.lsc b/assets/vomsdir/icarus-exp.org/vomsIGI-NA.unina.it.lsc new file mode 100644 index 0000000..45ed9b6 --- /dev/null +++ b/assets/vomsdir/icarus-exp.org/vomsIGI-NA.unina.it.lsc @@ -0,0 +1,2 @@ +/DC=org/DC=terena/DC=tcs/C=IT/ST=Campania/L=Napoli/O=Universita degli Studi di Napoli FEDERICO II/CN=vomsIGI-NA.unina.it +/C=NL/ST=Noord-Holland/L=Amsterdam/O=TERENA/CN=TERENA eScience SSL CA 3 diff --git a/assets/vomsdir/icarus-exp.org/vomsmania.cnaf.infn.it.lsc b/assets/vomsdir/icarus-exp.org/vomsmania.cnaf.infn.it.lsc new file mode 100644 index 0000000..322d18c --- /dev/null +++ b/assets/vomsdir/icarus-exp.org/vomsmania.cnaf.infn.it.lsc @@ -0,0 +1,2 @@ +/DC=org/DC=terena/DC=tcs/C=IT/L=Frascati/O=Istituto Nazionale di Fisica Nucleare/CN=vomsmania.cnaf.infn.it +/C=NL/O=GEANT Vereniging/CN=GEANT eScience SSL CA 4 diff --git a/assets/vomsdir/infngrid/voms.cnaf.infn.it.lsc b/assets/vomsdir/infngrid/voms.cnaf.infn.it.lsc new file mode 100644 index 0000000..911bd72 --- /dev/null +++ b/assets/vomsdir/infngrid/voms.cnaf.infn.it.lsc @@ -0,0 +1,2 @@ +/DC=org/DC=terena/DC=tcs/C=IT/L=Frascati/O=Istituto Nazionale di Fisica Nucleare/OU=CNAF/CN=voms.cnaf.infn.it +/C=NL/O=GEANT Vereniging/CN=GEANT eScience SSL CA 4 diff --git a/assets/vomsdir/juno/lcgvoms02.jinr.ru.lsc b/assets/vomsdir/juno/lcgvoms02.jinr.ru.lsc new file mode 100644 index 0000000..8693a27 --- /dev/null +++ b/assets/vomsdir/juno/lcgvoms02.jinr.ru.lsc @@ -0,0 +1,2 @@ +/C=RU/O=RDIG/OU=hosts/OU=jinr.ru/CN=lcgvoms02.jinr.ru +/C=RU/O=RDIG/CN=Russian Data-Intensive Grid CA diff --git a/assets/vomsdir/juno/voms.ihep.ac.cn.lsc b/assets/vomsdir/juno/voms.ihep.ac.cn.lsc new file mode 100644 index 0000000..885c35a --- /dev/null +++ b/assets/vomsdir/juno/voms.ihep.ac.cn.lsc @@ -0,0 +1,2 @@ +/C=CN/O=HEP/OU=CC/O=IHEP/CN=voms.ihep.ac.cn +/C=CN/O=HEP/CN=Institute of High Energy Physics Certification Authority diff --git a/assets/vomsdir/km3net.org/voms02.scope.unina.it.lsc b/assets/vomsdir/km3net.org/voms02.scope.unina.it.lsc new file mode 100644 index 0000000..545f0d4 --- /dev/null +++ b/assets/vomsdir/km3net.org/voms02.scope.unina.it.lsc @@ -0,0 +1,2 @@ +/DC=org/DC=terena/DC=tcs/C=IT/ST=Campania/L=Napoli/O=Universita degli Studi di Napoli FEDERICO II/CN=voms02.scope.unina.it +/C=NL/ST=Noord-Holland/L=Amsterdam/O=TERENA/CN=TERENA eScience SSL CA 3 diff --git a/assets/vomsdir/lhcb/lcg-voms2.cern.ch.lsc b/assets/vomsdir/lhcb/lcg-voms2.cern.ch.lsc new file mode 100644 index 0000000..6279707 --- /dev/null +++ b/assets/vomsdir/lhcb/lcg-voms2.cern.ch.lsc @@ -0,0 +1,2 @@ +/DC=ch/DC=cern/OU=computers/CN=lcg-voms2.cern.ch +/DC=ch/DC=cern/CN=CERN Grid Certification Authority diff --git a/assets/vomsdir/lhcb/voms2.cern.ch.lsc b/assets/vomsdir/lhcb/voms2.cern.ch.lsc new file mode 100644 index 0000000..54ccd3a --- /dev/null +++ b/assets/vomsdir/lhcb/voms2.cern.ch.lsc @@ -0,0 +1,2 @@ +/DC=ch/DC=cern/OU=computers/CN=voms2.cern.ch +/DC=ch/DC=cern/CN=CERN Grid Certification Authority diff --git a/assets/vomsdir/magic/voms01.pic.es.lsc b/assets/vomsdir/magic/voms01.pic.es.lsc new file mode 100644 index 0000000..05ca87c --- /dev/null +++ b/assets/vomsdir/magic/voms01.pic.es.lsc @@ -0,0 +1,2 @@ +/DC=es/DC=irisgrid/O=pic/CN=voms01.pic.es +/DC=es/DC=irisgrid/CN=IRISGridCA diff --git a/assets/vomsdir/muoncoll.infn.it/voms-02.pd.infn.it.lsc b/assets/vomsdir/muoncoll.infn.it/voms-02.pd.infn.it.lsc new file mode 100644 index 0000000..ecf661b --- /dev/null +++ b/assets/vomsdir/muoncoll.infn.it/voms-02.pd.infn.it.lsc @@ -0,0 +1,2 @@ +/DC=org/DC=terena/DC=tcs/C=IT/L=Frascati/O=Istituto Nazionale di Fisica Nucleare/CN=voms-02.pd.infn.it +/C=NL/ST=Noord-Holland/L=Amsterdam/O=TERENA/CN=TERENA eScience SSL CA 3 diff --git a/assets/vomsdir/muoncoll.infn.it/voms2.cnaf.infn.it.lsc b/assets/vomsdir/muoncoll.infn.it/voms2.cnaf.infn.it.lsc new file mode 100644 index 0000000..2d28ddc --- /dev/null +++ b/assets/vomsdir/muoncoll.infn.it/voms2.cnaf.infn.it.lsc @@ -0,0 +1,2 @@ +/DC=org/DC=terena/DC=tcs/C=IT/L=Frascati/O=Istituto Nazionale di Fisica Nucleare/OU=Istituto Nazionale di Fisica Nucleare/CN=voms2.cnaf.infn.it +/C=NL/O=GEANT Vereniging/CN=GEANT eScience SSL CA 4 diff --git a/assets/vomsdir/na62.vo.gridpp.ac.uk/voms.gridpp.ac.uk.lsc b/assets/vomsdir/na62.vo.gridpp.ac.uk/voms.gridpp.ac.uk.lsc new file mode 100644 index 0000000..231f449 --- /dev/null +++ b/assets/vomsdir/na62.vo.gridpp.ac.uk/voms.gridpp.ac.uk.lsc @@ -0,0 +1,2 @@ +/C=UK/O=eScience/OU=Manchester/L=HEP/CN=voms.gridpp.ac.uk +/C=UK/O=eScienceCA/OU=Authority/CN=UK e-Science CA 2B diff --git a/assets/vomsdir/na62.vo.gridpp.ac.uk/voms02.gridpp.ac.uk.lsc b/assets/vomsdir/na62.vo.gridpp.ac.uk/voms02.gridpp.ac.uk.lsc new file mode 100644 index 0000000..35d961d --- /dev/null +++ b/assets/vomsdir/na62.vo.gridpp.ac.uk/voms02.gridpp.ac.uk.lsc @@ -0,0 +1,2 @@ +/C=UK/O=eScience/OU=Oxford/L=OeSC/CN=voms02.gridpp.ac.uk +/C=UK/O=eScienceCA/OU=Authority/CN=UK e-Science CA 2B diff --git a/assets/vomsdir/na62.vo.gridpp.ac.uk/voms03.gridpp.ac.uk.lsc b/assets/vomsdir/na62.vo.gridpp.ac.uk/voms03.gridpp.ac.uk.lsc new file mode 100644 index 0000000..52a613e --- /dev/null +++ b/assets/vomsdir/na62.vo.gridpp.ac.uk/voms03.gridpp.ac.uk.lsc @@ -0,0 +1,2 @@ +/C=UK/O=eScience/OU=Imperial/L=Physics/CN=voms03.gridpp.ac.uk +/C=UK/O=eScienceCA/OU=Authority/CN=UK e-Science CA 2B diff --git a/assets/vomsdir/ops/lcg-voms2.cern.ch.lsc b/assets/vomsdir/ops/lcg-voms2.cern.ch.lsc new file mode 100644 index 0000000..6279707 --- /dev/null +++ b/assets/vomsdir/ops/lcg-voms2.cern.ch.lsc @@ -0,0 +1,2 @@ +/DC=ch/DC=cern/OU=computers/CN=lcg-voms2.cern.ch +/DC=ch/DC=cern/CN=CERN Grid Certification Authority diff --git a/assets/vomsdir/ops/voms2.cern.ch.lsc b/assets/vomsdir/ops/voms2.cern.ch.lsc new file mode 100644 index 0000000..54ccd3a --- /dev/null +++ b/assets/vomsdir/ops/voms2.cern.ch.lsc @@ -0,0 +1,2 @@ +/DC=ch/DC=cern/OU=computers/CN=voms2.cern.ch +/DC=ch/DC=cern/CN=CERN Grid Certification Authority diff --git a/assets/vomsdir/pamela/voms-01.pd.infn.it.lsc b/assets/vomsdir/pamela/voms-01.pd.infn.it.lsc new file mode 100644 index 0000000..6d4d714 --- /dev/null +++ b/assets/vomsdir/pamela/voms-01.pd.infn.it.lsc @@ -0,0 +1,2 @@ +/DC=org/DC=terena/DC=tcs/C=IT/L=Frascati/O=Istituto Nazionale di Fisica Nucleare/CN=voms-01.pd.infn.it +/C=NL/ST=Noord-Holland/L=Amsterdam/O=TERENA/CN=TERENA eScience SSL CA 3 diff --git a/assets/vomsdir/pamela/voms.cnaf.infn.it.lsc b/assets/vomsdir/pamela/voms.cnaf.infn.it.lsc new file mode 100644 index 0000000..911bd72 --- /dev/null +++ b/assets/vomsdir/pamela/voms.cnaf.infn.it.lsc @@ -0,0 +1,2 @@ +/DC=org/DC=terena/DC=tcs/C=IT/L=Frascati/O=Istituto Nazionale di Fisica Nucleare/OU=CNAF/CN=voms.cnaf.infn.it +/C=NL/O=GEANT Vereniging/CN=GEANT eScience SSL CA 4 diff --git a/assets/vomsdir/rdfa/voms.cnaf.infn.it.lsc b/assets/vomsdir/rdfa/voms.cnaf.infn.it.lsc new file mode 100644 index 0000000..911bd72 --- /dev/null +++ b/assets/vomsdir/rdfa/voms.cnaf.infn.it.lsc @@ -0,0 +1,2 @@ +/DC=org/DC=terena/DC=tcs/C=IT/L=Frascati/O=Istituto Nazionale di Fisica Nucleare/OU=CNAF/CN=voms.cnaf.infn.it +/C=NL/O=GEANT Vereniging/CN=GEANT eScience SSL CA 4 diff --git a/assets/vomsdir/theophys/voms-01.pd.infn.it.lsc b/assets/vomsdir/theophys/voms-01.pd.infn.it.lsc new file mode 100644 index 0000000..6d4d714 --- /dev/null +++ b/assets/vomsdir/theophys/voms-01.pd.infn.it.lsc @@ -0,0 +1,2 @@ +/DC=org/DC=terena/DC=tcs/C=IT/L=Frascati/O=Istituto Nazionale di Fisica Nucleare/CN=voms-01.pd.infn.it +/C=NL/ST=Noord-Holland/L=Amsterdam/O=TERENA/CN=TERENA eScience SSL CA 3 diff --git a/assets/vomsdir/theophys/voms.cnaf.infn.it.lsc b/assets/vomsdir/theophys/voms.cnaf.infn.it.lsc new file mode 100644 index 0000000..911bd72 --- /dev/null +++ b/assets/vomsdir/theophys/voms.cnaf.infn.it.lsc @@ -0,0 +1,2 @@ +/DC=org/DC=terena/DC=tcs/C=IT/L=Frascati/O=Istituto Nazionale di Fisica Nucleare/OU=CNAF/CN=voms.cnaf.infn.it +/C=NL/O=GEANT Vereniging/CN=GEANT eScience SSL CA 4 diff --git a/assets/vomsdir/virgo/voms-01.pd.infn.it.lsc b/assets/vomsdir/virgo/voms-01.pd.infn.it.lsc new file mode 100644 index 0000000..6d4d714 --- /dev/null +++ b/assets/vomsdir/virgo/voms-01.pd.infn.it.lsc @@ -0,0 +1,2 @@ +/DC=org/DC=terena/DC=tcs/C=IT/L=Frascati/O=Istituto Nazionale di Fisica Nucleare/CN=voms-01.pd.infn.it +/C=NL/ST=Noord-Holland/L=Amsterdam/O=TERENA/CN=TERENA eScience SSL CA 3 diff --git a/assets/vomsdir/virgo/voms.cnaf.infn.it.lsc b/assets/vomsdir/virgo/voms.cnaf.infn.it.lsc new file mode 100644 index 0000000..911bd72 --- /dev/null +++ b/assets/vomsdir/virgo/voms.cnaf.infn.it.lsc @@ -0,0 +1,2 @@ +/DC=org/DC=terena/DC=tcs/C=IT/L=Frascati/O=Istituto Nazionale di Fisica Nucleare/OU=CNAF/CN=voms.cnaf.infn.it +/C=NL/O=GEANT Vereniging/CN=GEANT eScience SSL CA 4 diff --git a/assets/vomsdir/vo.compass.cern.ch/lcg-voms2.cern.ch.lsc b/assets/vomsdir/vo.compass.cern.ch/lcg-voms2.cern.ch.lsc new file mode 100644 index 0000000..6279707 --- /dev/null +++ b/assets/vomsdir/vo.compass.cern.ch/lcg-voms2.cern.ch.lsc @@ -0,0 +1,2 @@ +/DC=ch/DC=cern/OU=computers/CN=lcg-voms2.cern.ch +/DC=ch/DC=cern/CN=CERN Grid Certification Authority diff --git a/assets/vomsdir/vo.compass.cern.ch/voms2.cern.ch.lsc b/assets/vomsdir/vo.compass.cern.ch/voms2.cern.ch.lsc new file mode 100644 index 0000000..54ccd3a --- /dev/null +++ b/assets/vomsdir/vo.compass.cern.ch/voms2.cern.ch.lsc @@ -0,0 +1,2 @@ +/DC=ch/DC=cern/OU=computers/CN=voms2.cern.ch +/DC=ch/DC=cern/CN=CERN Grid Certification Authority diff --git a/assets/vomsdir/vo.cta.in2p3.fr/cclcgvomsli01.in2p3.fr.lsc b/assets/vomsdir/vo.cta.in2p3.fr/cclcgvomsli01.in2p3.fr.lsc new file mode 100644 index 0000000..f350d34 --- /dev/null +++ b/assets/vomsdir/vo.cta.in2p3.fr/cclcgvomsli01.in2p3.fr.lsc @@ -0,0 +1,2 @@ +/O=GRID-FR/C=FR/O=CNRS/OU=CC-IN2P3/CN=cclcgvomsli01.in2p3.fr +/C=FR/O=MENESR/OU=GRID-FR/CN=AC GRID-FR Services diff --git a/assets/vomsdir/vo.darkside.org/vomsIGI-NA.unina.it.lsc b/assets/vomsdir/vo.darkside.org/vomsIGI-NA.unina.it.lsc new file mode 100644 index 0000000..45ed9b6 --- /dev/null +++ b/assets/vomsdir/vo.darkside.org/vomsIGI-NA.unina.it.lsc @@ -0,0 +1,2 @@ +/DC=org/DC=terena/DC=tcs/C=IT/ST=Campania/L=Napoli/O=Universita degli Studi di Napoli FEDERICO II/CN=vomsIGI-NA.unina.it +/C=NL/ST=Noord-Holland/L=Amsterdam/O=TERENA/CN=TERENA eScience SSL CA 3 diff --git a/assets/vomsdir/vo.darkside.org/vomsmania.cnaf.infn.it.lsc b/assets/vomsdir/vo.darkside.org/vomsmania.cnaf.infn.it.lsc new file mode 100644 index 0000000..322d18c --- /dev/null +++ b/assets/vomsdir/vo.darkside.org/vomsmania.cnaf.infn.it.lsc @@ -0,0 +1,2 @@ +/DC=org/DC=terena/DC=tcs/C=IT/L=Frascati/O=Istituto Nazionale di Fisica Nucleare/CN=vomsmania.cnaf.infn.it +/C=NL/O=GEANT Vereniging/CN=GEANT eScience SSL CA 4 diff --git a/assets/vomsdir/vo.padme.org/voms-02.pd.infn.it.lsc b/assets/vomsdir/vo.padme.org/voms-02.pd.infn.it.lsc new file mode 100644 index 0000000..ecf661b --- /dev/null +++ b/assets/vomsdir/vo.padme.org/voms-02.pd.infn.it.lsc @@ -0,0 +1,2 @@ +/DC=org/DC=terena/DC=tcs/C=IT/L=Frascati/O=Istituto Nazionale di Fisica Nucleare/CN=voms-02.pd.infn.it +/C=NL/ST=Noord-Holland/L=Amsterdam/O=TERENA/CN=TERENA eScience SSL CA 3 diff --git a/assets/vomsdir/vo.padme.org/voms2.cnaf.infn.it.lsc b/assets/vomsdir/vo.padme.org/voms2.cnaf.infn.it.lsc new file mode 100644 index 0000000..2d28ddc --- /dev/null +++ b/assets/vomsdir/vo.padme.org/voms2.cnaf.infn.it.lsc @@ -0,0 +1,2 @@ +/DC=org/DC=terena/DC=tcs/C=IT/L=Frascati/O=Istituto Nazionale di Fisica Nucleare/OU=Istituto Nazionale di Fisica Nucleare/CN=voms2.cnaf.infn.it +/C=NL/O=GEANT Vereniging/CN=GEANT eScience SSL CA 4 diff --git a/assets/vomsdir/xenon.biggrid.nl/voms.grid.sara.nl.lsc b/assets/vomsdir/xenon.biggrid.nl/voms.grid.sara.nl.lsc new file mode 100644 index 0000000..b3e85ab --- /dev/null +++ b/assets/vomsdir/xenon.biggrid.nl/voms.grid.sara.nl.lsc @@ -0,0 +1,2 @@ +/O=dutchgrid/O=hosts/OU=sara.nl/CN=voms.grid.sara.nl +/C=NL/O=NIKHEF/CN=NIKHEF medium-security certification auth diff --git a/assets/vomses/alice-lcg-voms2.cern.ch b/assets/vomses/alice-lcg-voms2.cern.ch new file mode 100644 index 0000000..8a6d861 --- /dev/null +++ b/assets/vomses/alice-lcg-voms2.cern.ch @@ -0,0 +1 @@ +"alice" "lcg-voms2.cern.ch" "15000" "/DC=ch/DC=cern/OU=computers/CN=lcg-voms2.cern.ch" "alice" "24" diff --git a/assets/vomses/alice-voms2.cern.ch b/assets/vomses/alice-voms2.cern.ch new file mode 100644 index 0000000..8d77979 --- /dev/null +++ b/assets/vomses/alice-voms2.cern.ch @@ -0,0 +1 @@ +"alice" "voms2.cern.ch" "15000" "/DC=ch/DC=cern/OU=computers/CN=voms2.cern.ch" "alice" "24" diff --git a/assets/vomses/argo-voms-01.pd.infn.it b/assets/vomses/argo-voms-01.pd.infn.it new file mode 100644 index 0000000..2254aa1 --- /dev/null +++ b/assets/vomses/argo-voms-01.pd.infn.it @@ -0,0 +1 @@ +"argo" "voms-01.pd.infn.it" "15012" "/DC=org/DC=terena/DC=tcs/C=IT/L=Frascati/O=Istituto Nazionale di Fisica Nucleare/CN=voms-01.pd.infn.it" "argo" diff --git a/assets/vomses/argo-voms.cnaf.infn.it b/assets/vomses/argo-voms.cnaf.infn.it new file mode 100644 index 0000000..3ca6c36 --- /dev/null +++ b/assets/vomses/argo-voms.cnaf.infn.it @@ -0,0 +1 @@ +"argo" "voms.cnaf.infn.it" "15012" "/DC=org/DC=terena/DC=tcs/C=IT/L=Frascati/O=Istituto Nazionale di Fisica Nucleare/OU=CNAF/CN=voms.cnaf.infn.it" "argo" diff --git a/assets/vomses/atlas-lcg-voms2.cern.ch b/assets/vomses/atlas-lcg-voms2.cern.ch new file mode 100644 index 0000000..e2eda1c --- /dev/null +++ b/assets/vomses/atlas-lcg-voms2.cern.ch @@ -0,0 +1 @@ +"atlas" "lcg-voms2.cern.ch" "15001" "/DC=ch/DC=cern/OU=computers/CN=lcg-voms2.cern.ch" "atlas" "24" diff --git a/assets/vomses/atlas-voms2.cern.ch b/assets/vomses/atlas-voms2.cern.ch new file mode 100644 index 0000000..134b75e --- /dev/null +++ b/assets/vomses/atlas-voms2.cern.ch @@ -0,0 +1 @@ +"atlas" "voms2.cern.ch" "15001" "/DC=ch/DC=cern/OU=computers/CN=voms2.cern.ch" "atlas" "24" diff --git a/assets/vomses/auger-voms1.grid.cesnet.cz b/assets/vomses/auger-voms1.grid.cesnet.cz new file mode 100644 index 0000000..2ed3c9f --- /dev/null +++ b/assets/vomses/auger-voms1.grid.cesnet.cz @@ -0,0 +1 @@ +"auger" "voms1.grid.cesnet.cz" "15004" "/DC=org/DC=terena/DC=tcs/C=CZ/ST=Hlavni mesto Praha/L=Praha 6/O=CESNET/CN=voms1.grid.cesnet.cz" "auger" "24" diff --git a/assets/vomses/auger-voms2.grid.cesnet.cz b/assets/vomses/auger-voms2.grid.cesnet.cz new file mode 100644 index 0000000..df130b3 --- /dev/null +++ b/assets/vomses/auger-voms2.grid.cesnet.cz @@ -0,0 +1 @@ +"auger" "voms2.grid.cesnet.cz" "15004" "/DC=org/DC=terena/DC=tcs/C=CZ/ST=Hlavni mesto Praha/L=Praha 6/O=CESNET/CN=voms2.grid.cesnet.cz" "auger" "24" diff --git a/assets/vomses/babar-voms.gridpp.ac.uk b/assets/vomses/babar-voms.gridpp.ac.uk new file mode 100644 index 0000000..c3537c1 --- /dev/null +++ b/assets/vomses/babar-voms.gridpp.ac.uk @@ -0,0 +1 @@ +"babar" "voms.gridpp.ac.uk" "15002" "/C=UK/O=eScience/OU=Manchester/L=HEP/CN=voms.gridpp.ac.uk/emailAddress=ops@tier2.hep.manchester.ac.uk" "babar" diff --git a/assets/vomses/belle-grid-voms.desy.de b/assets/vomses/belle-grid-voms.desy.de new file mode 100644 index 0000000..99169ea --- /dev/null +++ b/assets/vomses/belle-grid-voms.desy.de @@ -0,0 +1 @@ +"belle" "grid-voms.desy.de" "15020" "/C=DE/O=GermanGrid/OU=DESY/CN=host/grid-voms.desy.de" "belle" diff --git a/assets/vomses/belle-voms.cc.kek.jp b/assets/vomses/belle-voms.cc.kek.jp new file mode 100644 index 0000000..0d040d0 --- /dev/null +++ b/assets/vomses/belle-voms.cc.kek.jp @@ -0,0 +1 @@ +"belle" "voms.cc.kek.jp" "15020" "/C=JP/O=KEK/OU=CRC/CN=host/voms.cc.kek.jp" "belle" "24" diff --git a/assets/vomses/belle-voms.hep.pnnl.gov b/assets/vomses/belle-voms.hep.pnnl.gov new file mode 100644 index 0000000..f84a9a7 --- /dev/null +++ b/assets/vomses/belle-voms.hep.pnnl.gov @@ -0,0 +1 @@ +"belle" "voms.hep.pnnl.gov" "15020" "/DC=org/DC=opensciencegrid/O=Open Science Grid/OU=Services/CN=voms.hep.pnnl.gov" "belle" diff --git a/assets/vomses/biomed-cclcgvomsli01.in2p3.fr b/assets/vomses/biomed-cclcgvomsli01.in2p3.fr new file mode 100644 index 0000000..3187799 --- /dev/null +++ b/assets/vomses/biomed-cclcgvomsli01.in2p3.fr @@ -0,0 +1 @@ +"biomed" "cclcgvomsli01.in2p3.fr" "15000" "/O=GRID-FR/C=FR/O=CNRS/OU=CC-IN2P3/CN=cclcgvomsli01.in2p3.fr" "biomed" "24" diff --git a/assets/vomses/cdf-voms-01.pd.infn.it b/assets/vomses/cdf-voms-01.pd.infn.it new file mode 100644 index 0000000..98be48e --- /dev/null +++ b/assets/vomses/cdf-voms-01.pd.infn.it @@ -0,0 +1 @@ +"cdf" "voms-01.pd.infn.it" "15001" "/DC=org/DC=terena/DC=tcs/C=IT/L=Frascati/O=Istituto Nazionale di Fisica Nucleare/CN=voms-01.pd.infn.it" "cdf" "24" diff --git a/assets/vomses/cdf-voms.cnaf.infn.it b/assets/vomses/cdf-voms.cnaf.infn.it new file mode 100644 index 0000000..92469bc --- /dev/null +++ b/assets/vomses/cdf-voms.cnaf.infn.it @@ -0,0 +1 @@ +"cdf" "voms.cnaf.infn.it" "15001" "/DC=org/DC=terena/DC=tcs/C=IT/L=Frascati/O=Istituto Nazionale di Fisica Nucleare/OU=CNAF/CN=voms.cnaf.infn.it" "cdf" "24" diff --git a/assets/vomses/cdf-voms1.fnal.gov b/assets/vomses/cdf-voms1.fnal.gov new file mode 100644 index 0000000..795acb9 --- /dev/null +++ b/assets/vomses/cdf-voms1.fnal.gov @@ -0,0 +1 @@ +"cdf" "voms1.fnal.gov" "15020" "/DC=com/DC=DigiCert-Grid/O=Open Science Grid/OU=Services/CN=voms1.fnal.gov" "cdf" "24" diff --git a/assets/vomses/cdf-voms2.fnal.gov b/assets/vomses/cdf-voms2.fnal.gov new file mode 100644 index 0000000..4379888 --- /dev/null +++ b/assets/vomses/cdf-voms2.fnal.gov @@ -0,0 +1 @@ +"cdf" "voms2.fnal.gov" "15020" "/DC=org/DC=opensciencegrid/O=Open Science Grid/OU=Services/CN=voms2.fnal.gov" "cdf" "24" diff --git a/assets/vomses/clas12-gryphn.phys.uconn.edu b/assets/vomses/clas12-gryphn.phys.uconn.edu new file mode 100644 index 0000000..e4636a9 --- /dev/null +++ b/assets/vomses/clas12-gryphn.phys.uconn.edu @@ -0,0 +1 @@ +"clas12" "gryphn.phys.uconn.edu" "15001" "/DC=org/DC=opensciencegrid/O=Open Science Grid/OU=Services/CN=voms/gryphn.phys.uconn.edu" "clas12" "24" diff --git a/assets/vomses/clas12-jlabvoms.t2.ucsd.edu b/assets/vomses/clas12-jlabvoms.t2.ucsd.edu new file mode 100644 index 0000000..106bf9e --- /dev/null +++ b/assets/vomses/clas12-jlabvoms.t2.ucsd.edu @@ -0,0 +1 @@ +"clas12" "jlabvoms.t2.ucsd.edu" "15001" "/DC=org/DC=incommon/C=US/ST=California/L=La Jolla/O=University of California, San Diego/OU=UCSD/CN=jlabvoms.t2.ucsd.edu" "clas12" "24" diff --git a/assets/vomses/cms-lcg-voms2.cern.ch b/assets/vomses/cms-lcg-voms2.cern.ch new file mode 100644 index 0000000..1ee844a --- /dev/null +++ b/assets/vomses/cms-lcg-voms2.cern.ch @@ -0,0 +1 @@ +"cms" "lcg-voms2.cern.ch" "15002" "/DC=ch/DC=cern/OU=computers/CN=lcg-voms2.cern.ch" "cms" "24" diff --git a/assets/vomses/cms-voms2.cern.ch b/assets/vomses/cms-voms2.cern.ch new file mode 100644 index 0000000..229d0dc --- /dev/null +++ b/assets/vomses/cms-voms2.cern.ch @@ -0,0 +1 @@ +"cms" "voms2.cern.ch" "15002" "/DC=ch/DC=cern/OU=computers/CN=voms2.cern.ch" "cms" "24" diff --git a/assets/vomses/dteam-voms2.hellasgrid.gr b/assets/vomses/dteam-voms2.hellasgrid.gr new file mode 100644 index 0000000..e39fc1c --- /dev/null +++ b/assets/vomses/dteam-voms2.hellasgrid.gr @@ -0,0 +1 @@ +"dteam" "voms2.hellasgrid.gr" "15004" "/C=GR/O=HellasGrid/OU=hellasgrid.gr/CN=voms2.hellasgrid.gr" "dteam" "24" diff --git a/assets/vomses/geant4-lcg-voms.cern.ch b/assets/vomses/geant4-lcg-voms.cern.ch new file mode 100644 index 0000000..2e7c8b9 --- /dev/null +++ b/assets/vomses/geant4-lcg-voms.cern.ch @@ -0,0 +1 @@ +"geant4" "lcg-voms.cern.ch" "15007" "/DC=ch/DC=cern/OU=computers/CN=lcg-voms.cern.ch" "geant4" diff --git a/assets/vomses/geant4-voms.cern.ch b/assets/vomses/geant4-voms.cern.ch new file mode 100644 index 0000000..0d51044 --- /dev/null +++ b/assets/vomses/geant4-voms.cern.ch @@ -0,0 +1 @@ +"geant4" "voms.cern.ch" "15007" "/DC=ch/DC=cern/OU=computers/CN=voms.cern.ch" "geant4" diff --git a/assets/vomses/gerda.mpg.de-vomsIGI-NA.unina.it b/assets/vomses/gerda.mpg.de-vomsIGI-NA.unina.it new file mode 100644 index 0000000..783e451 --- /dev/null +++ b/assets/vomses/gerda.mpg.de-vomsIGI-NA.unina.it @@ -0,0 +1 @@ +"gerda.mpg.de" "vomsIGI-NA.unina.it" "15002" "/DC=org/DC=terena/DC=tcs/C=IT/ST=Campania/L=Napoli/O=Universita degli Studi di Napoli FEDERICO II/CN=vomsIGI-NA.unina.it" "gerda.mpg.de" diff --git a/assets/vomses/gerda.mpg.de-vomsmania.cnaf.infn.it b/assets/vomses/gerda.mpg.de-vomsmania.cnaf.infn.it new file mode 100644 index 0000000..07a56c6 --- /dev/null +++ b/assets/vomses/gerda.mpg.de-vomsmania.cnaf.infn.it @@ -0,0 +1 @@ +"gerda.mpg.de" "vomsmania.cnaf.infn.it" "15002" "/DC=org/DC=terena/DC=tcs/C=IT/L=Frascati/O=Istituto Nazionale di Fisica Nucleare/CN=vomsmania.cnaf.infn.it" "gerda.mpg.de" diff --git a/assets/vomses/glast.org-voms-02.pd.infn.it b/assets/vomses/glast.org-voms-02.pd.infn.it new file mode 100644 index 0000000..9510ad3 --- /dev/null +++ b/assets/vomses/glast.org-voms-02.pd.infn.it @@ -0,0 +1 @@ +"glast.org" "voms-02.pd.infn.it" "15018" "/DC=org/DC=terena/DC=tcs/C=IT/L=Frascati/O=Istituto Nazionale di Fisica Nucleare/CN=voms-02.pd.infn.it" "glast.org" diff --git a/assets/vomses/glast.org-voms2.cnaf.infn.it b/assets/vomses/glast.org-voms2.cnaf.infn.it new file mode 100644 index 0000000..fe3063e --- /dev/null +++ b/assets/vomses/glast.org-voms2.cnaf.infn.it @@ -0,0 +1 @@ +"glast.org" "voms2.cnaf.infn.it" "15018" "/DC=org/DC=terena/DC=tcs/C=IT/L=Frascati/O=Istituto Nazionale di Fisica Nucleare/OU=Istituto Nazionale di Fisica Nucleare/CN=voms2.cnaf.infn.it" "glast.org" diff --git a/assets/vomses/icarus-exp.org-vomsIGI-NA.unina.it b/assets/vomses/icarus-exp.org-vomsIGI-NA.unina.it new file mode 100644 index 0000000..8ae8f64 --- /dev/null +++ b/assets/vomses/icarus-exp.org-vomsIGI-NA.unina.it @@ -0,0 +1 @@ +"icarus-exp.org" "vomsIGI-NA.unina.it" "15000" "/DC=org/DC=terena/DC=tcs/C=IT/ST=Campania/L=Napoli/O=Universita degli Studi di Napoli FEDERICO II/CN=vomsIGI-NA.unina.it" "icarus-exp.org" diff --git a/assets/vomses/icarus-exp.org-vomsmania.cnaf.infn.it b/assets/vomses/icarus-exp.org-vomsmania.cnaf.infn.it new file mode 100644 index 0000000..1c664c4 --- /dev/null +++ b/assets/vomses/icarus-exp.org-vomsmania.cnaf.infn.it @@ -0,0 +1 @@ +"icarus-exp.org" "vomsmania.cnaf.infn.it" "15000" "/DC=org/DC=terena/DC=tcs/C=IT/L=Frascati/O=Istituto Nazionale di Fisica Nucleare/CN=vomsmania.cnaf.infn.it" "icarus-exp.org" diff --git a/assets/vomses/infngrid-voms.cnaf.infn.it b/assets/vomses/infngrid-voms.cnaf.infn.it new file mode 100644 index 0000000..0979acd --- /dev/null +++ b/assets/vomses/infngrid-voms.cnaf.infn.it @@ -0,0 +1 @@ +"infngrid" "voms.cnaf.infn.it" "15000" "/DC=org/DC=terena/DC=tcs/C=IT/L=Frascati/O=Istituto Nazionale di Fisica Nucleare/OU=CNAF/CN=voms.cnaf.infn.it" "infngrid" diff --git a/assets/vomses/juno-lcgvoms02.jinr.ru b/assets/vomses/juno-lcgvoms02.jinr.ru new file mode 100644 index 0000000..02f8080 --- /dev/null +++ b/assets/vomses/juno-lcgvoms02.jinr.ru @@ -0,0 +1 @@ +"juno" "lcgvoms02.jinr.ru" "15008" "/C=RU/O=RDIG/OU=hosts/OU=jinr.ru/CN=lcgvoms02.jinr.ru" "juno" "24" diff --git a/assets/vomses/juno-voms.ihep.ac.cn b/assets/vomses/juno-voms.ihep.ac.cn new file mode 100644 index 0000000..688f6ee --- /dev/null +++ b/assets/vomses/juno-voms.ihep.ac.cn @@ -0,0 +1 @@ +"juno" "voms.ihep.ac.cn" "15008" "/C=CN/O=HEP/OU=CC/O=IHEP/CN=voms.ihep.ac.cn" "juno" "24" diff --git a/assets/vomses/km3net.org-voms02.scope.unina.it b/assets/vomses/km3net.org-voms02.scope.unina.it new file mode 100644 index 0000000..cde8e54 --- /dev/null +++ b/assets/vomses/km3net.org-voms02.scope.unina.it @@ -0,0 +1 @@ +"km3net.org" "voms02.scope.unina.it" "15005" "/DC=org/DC=terena/DC=tcs/C=IT/ST=Campania/L=Napoli/O=Universita degli Studi di Napoli FEDERICO II/CN=voms02.scope.unina.it" "km3net.org" diff --git a/assets/vomses/lhcb-lcg-voms2.cern.ch b/assets/vomses/lhcb-lcg-voms2.cern.ch new file mode 100644 index 0000000..68c7507 --- /dev/null +++ b/assets/vomses/lhcb-lcg-voms2.cern.ch @@ -0,0 +1 @@ +"lhcb" "lcg-voms2.cern.ch" "15003" "/DC=ch/DC=cern/OU=computers/CN=lcg-voms2.cern.ch" "lhcb" "24" diff --git a/assets/vomses/lhcb-voms2.cern.ch b/assets/vomses/lhcb-voms2.cern.ch new file mode 100644 index 0000000..abcf8e7 --- /dev/null +++ b/assets/vomses/lhcb-voms2.cern.ch @@ -0,0 +1 @@ +"lhcb" "voms2.cern.ch" "15003" "/DC=ch/DC=cern/OU=computers/CN=voms2.cern.ch" "lhcb" "24" diff --git a/assets/vomses/magic-voms01.pic.es b/assets/vomses/magic-voms01.pic.es new file mode 100644 index 0000000..3efae81 --- /dev/null +++ b/assets/vomses/magic-voms01.pic.es @@ -0,0 +1 @@ +"magic" "voms01.pic.es" "15003" "/DC=es/DC=irisgrid/O=pic/CN=voms01.pic.es" "magic" diff --git a/assets/vomses/muoncoll.infn.it-voms-02.pd.infn.it b/assets/vomses/muoncoll.infn.it-voms-02.pd.infn.it new file mode 100644 index 0000000..ccefabc --- /dev/null +++ b/assets/vomses/muoncoll.infn.it-voms-02.pd.infn.it @@ -0,0 +1 @@ +"muoncoll.infn.it" "voms-02.pd.infn.it" "15022" "/DC=org/DC=terena/DC=tcs/C=IT/L=Frascati/O=Istituto Nazionale di Fisica Nucleare/CN=voms-02.pd.infn.it" "muoncoll.infn.it" "24" diff --git a/assets/vomses/muoncoll.infn.it-voms2.cnaf.infn.it b/assets/vomses/muoncoll.infn.it-voms2.cnaf.infn.it new file mode 100644 index 0000000..6eb7624 --- /dev/null +++ b/assets/vomses/muoncoll.infn.it-voms2.cnaf.infn.it @@ -0,0 +1 @@ +"muoncoll.infn.it" "voms2.cnaf.infn.it" "15022" "/DC=org/DC=terena/DC=tcs/C=IT/L=Frascati/O=Istituto Nazionale di Fisica Nucleare/OU=Istituto Nazionale di Fisica Nucleare/CN=voms2.cnaf.infn.it" "muoncoll.infn.it" "24" diff --git a/assets/vomses/na62.vo.gridpp.ac.uk-voms.gridpp.ac.uk b/assets/vomses/na62.vo.gridpp.ac.uk-voms.gridpp.ac.uk new file mode 100644 index 0000000..21eb7e1 --- /dev/null +++ b/assets/vomses/na62.vo.gridpp.ac.uk-voms.gridpp.ac.uk @@ -0,0 +1 @@ +"na62.vo.gridpp.ac.uk" "voms.gridpp.ac.uk" "15501" "/C=UK/O=eScience/OU=Manchester/L=HEP/CN=voms.gridpp.ac.uk" "na62.vo.gridpp.ac.uk" diff --git a/assets/vomses/na62.vo.gridpp.ac.uk-voms02.gridpp.ac.uk b/assets/vomses/na62.vo.gridpp.ac.uk-voms02.gridpp.ac.uk new file mode 100644 index 0000000..4206eec --- /dev/null +++ b/assets/vomses/na62.vo.gridpp.ac.uk-voms02.gridpp.ac.uk @@ -0,0 +1 @@ +"na62.vo.gridpp.ac.uk" "voms02.gridpp.ac.uk" "15501" "/C=UK/O=eScience/OU=Oxford/L=OeSC/CN=voms02.gridpp.ac.uk" "na62.vo.gridpp.ac.uk" diff --git a/assets/vomses/na62.vo.gridpp.ac.uk-voms03.gridpp.ac.uk b/assets/vomses/na62.vo.gridpp.ac.uk-voms03.gridpp.ac.uk new file mode 100644 index 0000000..09823cb --- /dev/null +++ b/assets/vomses/na62.vo.gridpp.ac.uk-voms03.gridpp.ac.uk @@ -0,0 +1 @@ +"na62.vo.gridpp.ac.uk" "voms03.gridpp.ac.uk" "15501" "/C=UK/O=eScience/OU=Imperial/L=Physics/CN=voms03.gridpp.ac.uk" "na62.vo.gridpp.ac.uk" diff --git a/assets/vomses/ops-lcg-voms2.cern.ch b/assets/vomses/ops-lcg-voms2.cern.ch new file mode 100644 index 0000000..fff4f26 --- /dev/null +++ b/assets/vomses/ops-lcg-voms2.cern.ch @@ -0,0 +1 @@ +"ops" "lcg-voms2.cern.ch" "15009" "/DC=ch/DC=cern/OU=computers/CN=lcg-voms2.cern.ch" "ops" "24" diff --git a/assets/vomses/ops-voms2.cern.ch b/assets/vomses/ops-voms2.cern.ch new file mode 100644 index 0000000..8774608 --- /dev/null +++ b/assets/vomses/ops-voms2.cern.ch @@ -0,0 +1 @@ +"ops" "voms2.cern.ch" "15009" "/DC=ch/DC=cern/OU=computers/CN=voms2.cern.ch" "ops" "24" diff --git a/assets/vomses/pamela-voms-01.pd.infn.it b/assets/vomses/pamela-voms-01.pd.infn.it new file mode 100644 index 0000000..d8afd18 --- /dev/null +++ b/assets/vomses/pamela-voms-01.pd.infn.it @@ -0,0 +1 @@ +"pamela" "voms-01.pd.infn.it" "15013" "/DC=org/DC=terena/DC=tcs/C=IT/L=Frascati/O=Istituto Nazionale di Fisica Nucleare/CN=voms-01.pd.infn.it" "pamela" diff --git a/assets/vomses/pamela-voms.cnaf.infn.it b/assets/vomses/pamela-voms.cnaf.infn.it new file mode 100644 index 0000000..41274f4 --- /dev/null +++ b/assets/vomses/pamela-voms.cnaf.infn.it @@ -0,0 +1 @@ +"pamela" "voms.cnaf.infn.it" "15013" "/DC=org/DC=terena/DC=tcs/C=IT/L=Frascati/O=Istituto Nazionale di Fisica Nucleare/OU=CNAF/CN=voms.cnaf.infn.it" "pamela" diff --git a/assets/vomses/rdfa-voms.cnaf.infn.it b/assets/vomses/rdfa-voms.cnaf.infn.it new file mode 100644 index 0000000..6c7d591 --- /dev/null +++ b/assets/vomses/rdfa-voms.cnaf.infn.it @@ -0,0 +1 @@ +"rdfa" "voms.cnaf.infn.it" "15014" "/DC=org/DC=terena/DC=tcs/C=IT/L=Frascati/O=Istituto Nazionale di Fisica Nucleare/OU=CNAF/CN=voms.cnaf.infn.it" "rdfa" diff --git a/assets/vomses/theophys-voms-01.pd.infn.it b/assets/vomses/theophys-voms-01.pd.infn.it new file mode 100644 index 0000000..64a04a3 --- /dev/null +++ b/assets/vomses/theophys-voms-01.pd.infn.it @@ -0,0 +1 @@ +"theophys" "voms-01.pd.infn.it" "15006" "/DC=org/DC=terena/DC=tcs/C=IT/L=Frascati/O=Istituto Nazionale di Fisica Nucleare/CN=voms-01.pd.infn.it" "theophys" diff --git a/assets/vomses/theophys-voms.cnaf.infn.it b/assets/vomses/theophys-voms.cnaf.infn.it new file mode 100644 index 0000000..8061375 --- /dev/null +++ b/assets/vomses/theophys-voms.cnaf.infn.it @@ -0,0 +1 @@ +"theophys" "voms.cnaf.infn.it" "15006" "/DC=org/DC=terena/DC=tcs/C=IT/L=Frascati/O=Istituto Nazionale di Fisica Nucleare/OU=CNAF/CN=voms.cnaf.infn.it" "theophys" diff --git a/assets/vomses/virgo-voms-01.pd.infn.it b/assets/vomses/virgo-voms-01.pd.infn.it new file mode 100644 index 0000000..305023f --- /dev/null +++ b/assets/vomses/virgo-voms-01.pd.infn.it @@ -0,0 +1 @@ +"virgo" "voms-01.pd.infn.it" "15009" "/DC=org/DC=terena/DC=tcs/C=IT/L=Frascati/O=Istituto Nazionale di Fisica Nucleare/CN=voms-01.pd.infn.it" "virgo" diff --git a/assets/vomses/virgo-voms.cnaf.infn.it b/assets/vomses/virgo-voms.cnaf.infn.it new file mode 100644 index 0000000..4f3cb39 --- /dev/null +++ b/assets/vomses/virgo-voms.cnaf.infn.it @@ -0,0 +1 @@ +"virgo" "voms.cnaf.infn.it" "15009" "/DC=org/DC=terena/DC=tcs/C=IT/L=Frascati/O=Istituto Nazionale di Fisica Nucleare/OU=CNAF/CN=voms.cnaf.infn.it" "virgo" diff --git a/assets/vomses/vo.compass.cern.ch-lcg-voms2.cern.ch b/assets/vomses/vo.compass.cern.ch-lcg-voms2.cern.ch new file mode 100644 index 0000000..8719c7d --- /dev/null +++ b/assets/vomses/vo.compass.cern.ch-lcg-voms2.cern.ch @@ -0,0 +1 @@ +"vo.compass.cern.ch" "lcg-voms2.cern.ch" "15004" "/DC=ch/DC=cern/OU=computers/CN=lcg-voms2.cern.ch" "vo.compass.cern.ch" "24" diff --git a/assets/vomses/vo.compass.cern.ch-voms2.cern.ch b/assets/vomses/vo.compass.cern.ch-voms2.cern.ch new file mode 100644 index 0000000..447115c --- /dev/null +++ b/assets/vomses/vo.compass.cern.ch-voms2.cern.ch @@ -0,0 +1 @@ +"vo.compass.cern.ch" "voms2.cern.ch" "15004" "/DC=ch/DC=cern/OU=computers/CN=voms2.cern.ch" "vo.compass.cern.ch" "24" diff --git a/assets/vomses/vo.cta.in2p3.fr-cclcgvomsli01.in2p3.fr b/assets/vomses/vo.cta.in2p3.fr-cclcgvomsli01.in2p3.fr new file mode 100644 index 0000000..867fd07 --- /dev/null +++ b/assets/vomses/vo.cta.in2p3.fr-cclcgvomsli01.in2p3.fr @@ -0,0 +1 @@ +"vo.cta.in2p3.fr" "cclcgvomsli01.in2p3.fr" "15008" "/O=GRID-FR/C=FR/O=CNRS/OU=CC-IN2P3/CN=cclcgvomsli01.in2p3.fr" "vo.cta.in2p3.fr" diff --git a/assets/vomses/vo.darkside.org-vomsIGI-NA.unina.it b/assets/vomses/vo.darkside.org-vomsIGI-NA.unina.it new file mode 100644 index 0000000..33e93a9 --- /dev/null +++ b/assets/vomses/vo.darkside.org-vomsIGI-NA.unina.it @@ -0,0 +1 @@ +"vo.darkside.org" "vomsIGI-NA.unina.it" "15008" "/DC=org/DC=terena/DC=tcs/C=IT/ST=Campania/L=Napoli/O=Universita degli Studi di Napoli FEDERICO II/CN=vomsIGI-NA.unina.it" "vo.darkside.org" diff --git a/assets/vomses/vo.darkside.org-vomsmania.cnaf.infn.it b/assets/vomses/vo.darkside.org-vomsmania.cnaf.infn.it new file mode 100644 index 0000000..6204427 --- /dev/null +++ b/assets/vomses/vo.darkside.org-vomsmania.cnaf.infn.it @@ -0,0 +1 @@ +"vo.darkside.org" "vomsmania.cnaf.infn.it" "15008" "/DC=org/DC=terena/DC=tcs/C=IT/L=Frascati/O=Istituto Nazionale di Fisica Nucleare/CN=vomsmania.cnaf.infn.it" "vo.darkside.org" diff --git a/assets/vomses/vo.padme.org-voms-02.pd.infn.it b/assets/vomses/vo.padme.org-voms-02.pd.infn.it new file mode 100644 index 0000000..3356fde --- /dev/null +++ b/assets/vomses/vo.padme.org-voms-02.pd.infn.it @@ -0,0 +1 @@ +"vo.padme.org" "voms-02.pd.infn.it" "15020" "/DC=org/DC=terena/DC=tcs/C=IT/L=Frascati/O=Istituto Nazionale di Fisica Nucleare/CN=voms-02.pd.infn.it" "vo.padme.org" diff --git a/assets/vomses/vo.padme.org-voms2.cnaf.infn.it b/assets/vomses/vo.padme.org-voms2.cnaf.infn.it new file mode 100644 index 0000000..e67ed26 --- /dev/null +++ b/assets/vomses/vo.padme.org-voms2.cnaf.infn.it @@ -0,0 +1 @@ +"vo.padme.org" "voms2.cnaf.infn.it" "15020" "/DC=org/DC=terena/DC=tcs/C=IT/L=Frascati/O=Istituto Nazionale di Fisica Nucleare/OU=Istituto Nazionale di Fisica Nucleare/CN=voms2.cnaf.infn.it" "vo.padme.org" diff --git a/assets/vomses/voms.ihep.ac.cn b/assets/vomses/voms.ihep.ac.cn new file mode 100644 index 0000000..6e89dc7 --- /dev/null +++ b/assets/vomses/voms.ihep.ac.cn @@ -0,0 +1 @@ +"juno" "voms.ihep.ac.cn" "15008" "/C=CN/O=HEP/OU=CC/O=IHEP/CN=voms.ihep.ac.cn" "juno" diff --git a/assets/vomses/voms2.hellasgrid.gr b/assets/vomses/voms2.hellasgrid.gr new file mode 100644 index 0000000..a87f46c --- /dev/null +++ b/assets/vomses/voms2.hellasgrid.gr @@ -0,0 +1 @@ +"dteam" "voms2.hellasgrid.gr" "15004" "/C=GR/O=HellasGrid/OU=hellasgrid.gr/CN=voms2.hellasgrid.gr" "dteam" diff --git a/assets/vomses/xenon.biggrid.nl-voms.grid.sara.nl b/assets/vomses/xenon.biggrid.nl-voms.grid.sara.nl new file mode 100644 index 0000000..059e5df --- /dev/null +++ b/assets/vomses/xenon.biggrid.nl-voms.grid.sara.nl @@ -0,0 +1 @@ +"xenon.biggrid.nl" "voms.grid.sara.nl" "30008" "/O=dutchgrid/O=hosts/OU=sara.nl/CN=voms.grid.sara.nl" "xenon.biggrid.nl" diff --git a/docker-compose.yml b/docker-compose.yml index a054e6f..39fa8fc 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -15,15 +15,16 @@ services: fts-server: image: gitlab-registry.cern.ch/fts/fts3:latest hostname: fts3-cnaf.cloud.cnaf.infn.it -# hostname: fts3.local.io volumes: - cabundle:/etc/pki - trustanchors:/etc/grid-security/certificates - ./assets/certs:/certs + - ./assets/log/fts3:/var/log/fts3 - ./assets/vomsdir:/etc/grid-security/vomsdir - ./assets/vomses:/etc/vomses - ./assets/fts3:/etc/fts3 - ./assets/scripts:/scripts + - ./assets/supervisor/conf.d:/etc/supervisor/conf.d ports: - "2170:2170" links: @@ -32,25 +33,26 @@ services: - trust - ftsdb entrypoint: - - /scripts/docker-entrypoint.sh + - /scripts/startup-fts-server.sh + fts-rest: image: gitlab-registry.cern.ch/fts/fts-rest:latest hostname: fts3-cnaf.cloud.cnaf.infn.it -# hostname: fts3-rest.local.io volumes: -# - cabundle:/etc/pki + - cabundle:/etc/pki - trustanchors:/etc/grid-security/certificates - ./assets/certs:/certs + - ./assets/log/fts3:/var/log/fts3 - ./assets/vomsdir:/etc/grid-security/vomsdir - ./assets/vomses:/etc/vomses - ./assets/fts3:/etc/fts3 -# - ./assets/fts3-rest/:/etc/httpd/conf.d/ + - ./assets/fts3-rest/httpd/conf.d:/etc/httpd/conf.d - ./assets/scripts:/scripts + - ./assets/fts3-rest:/fts3-rest ports: - "8446:8446" links: - ftsdb:ftsdb - - fts-server depends_on: - trust - ftsdb @@ -61,27 +63,28 @@ services: fts-mon: image: gitlab-registry.cern.ch/fts/fts-monitoring:latest hostname: fts3-cnaf.cloud.cnaf.infn.it -# hostname: fts3-mon.local.io volumes: -# - cabundle:/etc/pki + - cabundle:/etc/pki - trustanchors:/etc/grid-security/certificates - ./assets/certs:/certs + - ./assets/log/fts3:/var/log/fts3 - ./assets/vomsdir:/etc/grid-security/vomsdir - ./assets/vomses:/etc/vomses - ./assets/fts3:/etc/fts3 -# - ./assets/fts3-mon/:/etc/httpd/conf.d/ + - ./assets/fts3-mon/httpd/conf.d:/etc/httpd/conf.d - ./assets/scripts:/scripts + - ./assets/fts3-mon:/fts3-mon ports: - "8449:8449" links: - ftsdb:ftsdb - - fts-server:fts-server depends_on: - trust - ftsdb - fts-server entrypoint: - - /scripts/startup-fts-rest-mon.sh + - /scripts/startup-fts-mon.sh + ftsdb: image: mysql:5 hostname: ftsdb diff --git a/new.docker-compose.yml b/new.docker-compose.yml new file mode 100644 index 0000000..50c36b9 --- /dev/null +++ b/new.docker-compose.yml @@ -0,0 +1,108 @@ +version: "2.1" +volumes: + trustanchors: + cabundle: + db_data: + +services: + trust: + image: indigoiam/trustanchors + environment: + - FORCE_TRUST_ANCHORS_UPDATE=1 + volumes: + - trustanchors:/etc/grid-security/certificates + - cabundle:/etc/pki + + fts-server: + image: gitlab-registry.cern.ch/fts/fts3:${FTS_SERVER_VERSION} + hostname: ${FTS_HOSTNAME} + volumes: + - cabundle:/etc/pki + - trustanchors:/etc/grid-security/certificates + - ./assets/certs:/certs + - ./assets/log/fts3:/var/log/fts3 + - ./assets/vomsdir:/etc/grid-security/vomsdir + - ./assets/vomses:/etc/vomses + - ./assets/fts3:/etc/fts3 + - ./assets/scripts:/scripts + - ./assets/supervisor/conf.d:/etc/supervisor/conf.d + ports: + - "2170:2170" + links: + - ftsdb:ftsdb + depends_on: + - trust + - ftsdb + entrypoint: + - /scripts/startup-fts-server.sh + + fts-rest: + image: gitlab-registry.cern.ch/fts/fts-rest:${FTS_REST_VERSION} + hostname: ${FTS_HOSTNAME} + volumes: + - cabundle:/etc/pki + - trustanchors:/etc/grid-security/certificates + - ./assets/certs:/certs + - ./assets/log/fts3:/var/log/fts3 + - ./assets/vomsdir:/etc/grid-security/vomsdir + - ./assets/vomses:/etc/vomses + - ./assets/fts3:/etc/fts3 + - ./assets/fts3-rest/httpd/conf.d:/etc/httpd/conf.d + - ./assets/scripts:/scripts + - ./assets/fts3-rest:/fts3-rest + ports: + - "8446:8446" + links: + - ftsdb:ftsdb + depends_on: + - trust + - ftsdb + - fts-server + entrypoint: + - /scripts/startup-fts-rest.sh + + fts-mon: + image: gitlab-registry.cern.ch/fts/fts-monitoring:${FTS_MONITORING_VERSION} + hostname: ${FTS_HOSTNAME} + volumes: + - cabundle:/etc/pki + - trustanchors:/etc/grid-security/certificates + - ./assets/certs:/certs + - ./assets/log/fts3:/var/log/fts3 + - ./assets/vomsdir:/etc/grid-security/vomsdir + - ./assets/vomses:/etc/vomses + - ./assets/fts3:/etc/fts3 + - ./assets/fts3-mon/httpd/conf.d:/etc/httpd/conf.d + - ./assets/scripts:/scripts + - ./assets/fts3-mon:/fts3-mon + ports: + - "8449:8449" + links: + - ftsdb:ftsdb + depends_on: + - trust + - ftsdb + - fts-server + entrypoint: + - /scripts/startup-fts-mon.sh + + ftsdb: + image: ${FTS_MYSQL_IMAGE} + hostname: ftsdb + environment: + - MYSQL_USER=${FTS_DB_USER} + - MYSQL_PASSWORD=${FTS_DB_PASSWD} + - MYSQL_ROOT_PASSWORD=${FTS_DB_ROOT_PASSWD} + - MYSQL_DATABASE=${FTS_DATABASE} + ports: + - "3306:3306" + volumes: + - ./assets/scripts:/scripts + - db_data:/var/lib/mysql +# entrypoint: +# - /scripts/initialize-mysql.sh + healthcheck: + test: ["CMD", "/scripts/initialize-mysql.sh"] + timeout: 3600s + retries: 1 + diff --git a/no.docker-compose.yml b/no.docker-compose.yml deleted file mode 100644 index f1bf9f4..0000000 --- a/no.docker-compose.yml +++ /dev/null @@ -1,28 +0,0 @@ -version: "2" -services: - fts: - build: . -# hostname: fts - hostname: fts3-cnaf.cloud.cnaf.infn.it - volumes: -# - /etc/fts3:/etc/fts3 - - /etc/grid-security:/etc/grid-security - - /etc/grid-security/certificates:/etc/grid-security/certificates -# - /var/log/fts3:/var/log/fts3 - ports: - - "8446:8446" - - "8449:8449" - links: - - ftsdb:ftsdb - depends_on: - - ftsdb - ftsdb: - image: mysql:5 - hostname: ftsdb - environment: - - MYSQL_USER=fts - - MYSQL_PASSWORD=fts - - MYSQL_ROOT_PASSWORD=fts - - MYSQL_DATABASE=fts - ports: - - "3306:3306" diff --git a/old.Dockerfile b/old.Dockerfile new file mode 100644 index 0000000..3836086 --- /dev/null +++ b/old.Dockerfile @@ -0,0 +1,54 @@ +FROM centos:7 + +# Install FTS +RUN yum install -y epel-release.noarch +#RUN curl https://fts-repo.web.cern.ch/fts-repo/fts3-prod-el7.repo -o /etc/yum.repos.d/fts3-prod-el7.repo +#RUN curl https://dmc-repo.web.cern.ch/dmc-repo/dmc-el7.repo -o /etc/yum.repos.d/dmc-el7.repo +RUN curl http://fts-repo.web.cern.ch/fts-repo/fts3-rc-el7.repo -o /etc/yum.repos.d/fts3-prod-el7.repo +RUN curl http://dmc-repo.web.cern.ch/dmc-repo/dmc-rc-el7.repo -o /etc/yum.repos.d/dmc-el7.repo + +RUN yum clean all && yum upgrade -y +RUN yum install -y gfal2-plugin-* --skip-broken +RUN yum install -y fts-server fts-client fts-rest fts-monitoring fts-mysql fts-msg fts-infosys +RUN yum install -y mysql MySQL-python fts-rest-oauth2 multitail +RUN yum install -y fts-server-selinux fts-rest-selinux fts-monitoring-selinux +RUN yum clean all + +# Setup FTS security +COPY assets/fts/certs/hostcert_fts.pem /etc/grid-security/hostcert.pem +COPY assets/fts/certs/hostcert_fts.key.pem /etc/grid-security/hostkey.pem +RUN chmod 400 /etc/grid-security/hostkey.pem +COPY assets/fts/Sectigo/SectigoRSA* /etc/grid-security/certificates/ +COPY assets/fts/Sectigo/USERTrustRSA-AAACA-xSign.crt /etc/grid-security/certificates/ +#COPY assets/fts/Sectigo/SHA-2\ Root\ USERTrust\ RSA\ Certification\ Authority.crt /etc/grid-security/certificates/ + + +# Database configuration for FTS server +COPY assets/fts/fts3config /etc/fts3/fts3config +COPY assets/fts/mysql/fts-schema-6.0.0.sql /usr/share/fts-mysql/fts-schema-6.0.0.sql + +# Configuration for FTSREST and FTSMON +COPY assets/fts/fts3rest.conf /etc/httpd/conf.d/fts3rest.conf +RUN echo "" > /etc/httpd/conf.d/ssl.conf &&\ + echo "" > /etc/httpd/conf.d/autoindex.conf &&\ + echo "" > /etc/httpd/conf.d/userdir.conf &&\ + echo "" > /etc/httpd/conf.d/welcome.conf &&\ + echo "" > /etc/httpd/conf.d/zgridsite.conf &&\ + echo "ServerName fts3-cnaf.cloud.cnaf.infn.it:80" >> /etc/httpd/conf/httpd.conf + +# Entrypoint waiting script for MySQL +COPY assets/fts/wait-for-it.sh /usr/local/bin/wait-for-it.sh +RUN chmod +x /usr/local/bin/wait-for-it.sh + +# Shortcut for logfiles +COPY assets/fts/logshow /usr/local/bin/logshow +RUN chmod +x /usr/local/bin/logshow +RUN touch /var/log/fts3/fts3server.log +RUN chown -R fts3:fts3 /var/log/fts3/fts3server.log +RUN touch /var/log/fts3rest/fts3rest.log +RUN chown -R fts3:fts3 /var/log/fts3rest + +# Startup +EXPOSE 8446 8449 +ADD assets/fts/docker-entrypoint.sh / +ENTRYPOINT ["/docker-entrypoint.sh"] -- GitLab From 69fa1e5a785b364e4b8ed9361f27af4cf1cdf8ba Mon Sep 17 00:00:00 2001 From: root <root@omii005-vm01.cnaf.infn.it> Date: Mon, 8 Mar 2021 10:26:55 +0100 Subject: [PATCH 2/5] - Added environmet variables --- .env | 14 ++++ assets/1 | 16 ----- assets/ENV | 12 ---- assets/fts3/fts3config | 9 ++- assets/fts3/fts3rest.ini | 6 +- assets/scripts/etc/hosts | 2 +- assets/scripts/startup-fts-mon.sh | 2 +- assets/scripts/startup-fts-rest.sh | 2 +- assets/scripts/startup-fts-server.sh | 2 +- docker-compose.yml | 66 +++++++++++++------ initialize_mysql.sh | 7 ++ ...cker-compose.yml => old.docker-compose.yml | 36 +++++----- 12 files changed, 104 insertions(+), 70 deletions(-) create mode 100644 .env delete mode 100644 assets/1 delete mode 100644 assets/ENV create mode 100755 initialize_mysql.sh rename new.docker-compose.yml => old.docker-compose.yml (78%) diff --git a/.env b/.env new file mode 100644 index 0000000..c3aa750 --- /dev/null +++ b/.env @@ -0,0 +1,14 @@ +FTS_HOSTNAME=fts3-cnaf.cloud.cnaf.infn.it +FTS_SITE_NAME=FTS3-CNAF +FTS_IP=131.154.97.15 +FTS_SERVER_VERSION=latest +FTS_REST_VERSION=latest +FTS_MONITORING_VERSION=latest +FTS_MYSQL_IMAGE=mysql:5 +FTS_MYSQL_HOST=ftsdb +FTS_DATABASE=fts +FTS_DB_USER=fts +FTS_DB_PASSWD=fts +FTS_DB_ROOT_PASSWD=fts + + diff --git a/assets/1 b/assets/1 deleted file mode 100644 index ab321f2..0000000 --- a/assets/1 +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/bash -set -ex - -# wait for MySQL readiness -/scripts/wait-for-it.sh -h ftsdb -p 3306 -t 3600 - -# put host certificate and key to their place -cp /certs/hostcert.pem /etc/grid-security/hostcert.pem -cp /certs/hostkey.pem /etc/grid-security/hostkey.pem -cp /scripts/hosts /etc/hosts - -# put fts3 rest httpd config file to it's place -#cp /fts3-rest/fts3rest.conf /etc/httpd/conf.d/fts3rest.conf - -/usr/sbin/apachectl -DFOREGROUND # FTS REST frontend - diff --git a/assets/ENV b/assets/ENV deleted file mode 100644 index feae99c..0000000 --- a/assets/ENV +++ /dev/null @@ -1,12 +0,0 @@ -FTS_HOSTNAME="fts3-cnaf.cloud.cnaf.infn.it" -FTS_SERVER_VERSION=v3.10.0 -FTS_REST_VERSION=v3.10.1 -FTS_MONITORING_VERSION=v3.10.0 -FTS_MYSQL_IMAGE=mysql:5 -FTS_MYSQL_HOST=ftsdb -FTS_DATABASE=fts -FTS_DB_USER=fts -FTS_DB_PASSWD=fts -FTS_DB_ROOT_PASSWD=fts - - diff --git a/assets/fts3/fts3config b/assets/fts3/fts3config index 046a71f..0d0e45a 100644 --- a/assets/fts3/fts3config +++ b/assets/fts3/fts3config @@ -5,6 +5,7 @@ Group=root Alias=fts SiteName=FTS3-CNAF +#SiteName=${FTS_SITE_NAME} MonitoringMessaging=true Profiling=0 @@ -13,9 +14,13 @@ AuthorizedVO=* DbType=mysql DbUserName=fts DbPassword=fts -#DbConnectString=ftsdb/fts +#DbConnectString=vm-131-154-97-13.cloud.cnaf.infn.it:3306/fts +DbConnectString=ftsdb/fts + +#DbUserName=${FTS_DB_USER} +#DbPassword=${FTS_DB_PASSWD} +#DbConnectString=ftsdb/${FTS_DATABASE} # DbConnectString=<host>:<port>/<database> -DbConnectString=vm-131-154-97-13.cloud.cnaf.infn.it:3306/fts #DbThreadsNum=25 #Infosys=false diff --git a/assets/fts3/fts3rest.ini b/assets/fts3/fts3rest.ini index e839cc9..c2bef31 100644 --- a/assets/fts3/fts3rest.ini +++ b/assets/fts3/fts3rest.ini @@ -31,8 +31,10 @@ fts3.config = /etc/fts3/fts3config # SQLAlchemy database URL # If fts3.config is specified, the database connection string will be picked # up from there -sqlalchemy.url = mysql://fts:fts@vm-131-154-97-13.cloud.cnaf.infn.it/fts -#sqlalchemy.url = mysql://fts:fts@ftsdb/fts +#sqlalchemy.url = mysql://user:passwd@host/db +#sqlalchemy.url = mysql://${FTS_DB_USER}:${FTS_DB_PASSWD}@${FTS_MYSQL_HOST}/${FTS_DATABASE} +#sqlalchemy.url = mysql://fts:fts@vm-131-154-97-13.cloud.cnaf.infn.it/fts +sqlalchemy.url = mysql://fts:fts@ftsdb/fts # SQLAlchemy pool size. sqlalchemy.pool_size=64 diff --git a/assets/scripts/etc/hosts b/assets/scripts/etc/hosts index e0e9ba4..2974f85 100644 --- a/assets/scripts/etc/hosts +++ b/assets/scripts/etc/hosts @@ -4,4 +4,4 @@ fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters -131.154.97.15 fts3-cnaf.cloud.cnaf.infn.it fts3-cnaf +${FTS_IP} ${FTS_HOSTNAME} ${FTS_SITE_NAME} diff --git a/assets/scripts/startup-fts-mon.sh b/assets/scripts/startup-fts-mon.sh index 70bc2e3..dc49b13 100755 --- a/assets/scripts/startup-fts-mon.sh +++ b/assets/scripts/startup-fts-mon.sh @@ -2,7 +2,7 @@ set -ex # wait for MySQL readiness -/scripts/wait-for-it.sh -h vm-131-154-97-13.cloud.cnaf.infn.it -p 3306 -t 3600 +/scripts/wait-for-it.sh -h ${FTS_MYSQL_HOST} -p 3306 -t 3600 # put host certificate and keys in place cp /certs/hostcert.pem /etc/grid-security/hostcert.pem diff --git a/assets/scripts/startup-fts-rest.sh b/assets/scripts/startup-fts-rest.sh index 1e53024..1bf1080 100755 --- a/assets/scripts/startup-fts-rest.sh +++ b/assets/scripts/startup-fts-rest.sh @@ -2,7 +2,7 @@ set -ex # wait for MySQL readiness -/scripts/wait-for-it.sh -h vm-131-154-97-13.cloud.cnaf.infn.it -p 3306 -t 3600 +/scripts/wait-for-it.sh -h ${FTS_MYSQL_HOST} -p 3306 -t 3600 # put host certificate and key to their place cp /certs/hostcert.pem /etc/grid-security/hostcert.pem diff --git a/assets/scripts/startup-fts-server.sh b/assets/scripts/startup-fts-server.sh index f70dcb2..6d74467 100755 --- a/assets/scripts/startup-fts-server.sh +++ b/assets/scripts/startup-fts-server.sh @@ -2,7 +2,7 @@ set -ex # wait for MySQL readiness -/scripts/wait-for-it.sh -h vm-131-154-97-13.cloud.cnaf.infn.it -p 3306 -t 3600 +/scripts/wait-for-it.sh -h ${FTS_MYSQL_HOST} -p 3306 -t 3600 cp /certs/hostcert.pem /etc/grid-security/hostcert.pem cp /certs/hostkey.pem /etc/grid-security/hostkey.pem diff --git a/docker-compose.yml b/docker-compose.yml index 39fa8fc..bb85143 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,7 +1,8 @@ -version: "2.1" +version: "3.5" volumes: trustanchors: cabundle: + db_data: services: trust: @@ -13,8 +14,17 @@ services: - cabundle:/etc/pki fts-server: - image: gitlab-registry.cern.ch/fts/fts3:latest - hostname: fts3-cnaf.cloud.cnaf.infn.it + image: gitlab-registry.cern.ch/fts/fts3:${FTS_SERVER_VERSION} + hostname: ${FTS_HOSTNAME} + environment: + - FTS_HOSTNAME=${FTS_HOSTNAME} + - FTS_SITE_NAME=${FTS_SITE_NAME} + - FTS_IP=${FTS_IP} + - FTS_MYSQL_HOST=${FTS_MYSQL_HOST} + - FTS_DATABASE=${FTS_DATABASE} + - FTS_DB_USER=${FTS_DB_USER} + - FTS_DB_PASSWD=${FTS_DB_PASSWD} + - FTS_DB_ROOT_PASSWD=${FTS_DB_ROOT_PASSWD} volumes: - cabundle:/etc/pki - trustanchors:/etc/grid-security/certificates @@ -36,8 +46,17 @@ services: - /scripts/startup-fts-server.sh fts-rest: - image: gitlab-registry.cern.ch/fts/fts-rest:latest - hostname: fts3-cnaf.cloud.cnaf.infn.it + image: gitlab-registry.cern.ch/fts/fts-rest:${FTS_REST_VERSION} + hostname: ${FTS_HOSTNAME} + environment: + - FTS_HOSTNAME=${FTS_HOSTNAME} + - FTS_SITE_NAME=${FTS_SITE_NAME} + - FTS_IP=${FTS_IP} + - FTS_MYSQL_HOST=${FTS_MYSQL_HOST} + - FTS_DATABASE=${FTS_DATABASE} + - FTS_DB_USER=${FTS_DB_USER} + - FTS_DB_PASSWD=${FTS_DB_PASSWD} + - FTS_DB_ROOT_PASSWD=${FTS_DB_ROOT_PASSWD} volumes: - cabundle:/etc/pki - trustanchors:/etc/grid-security/certificates @@ -61,8 +80,17 @@ services: - /scripts/startup-fts-rest.sh fts-mon: - image: gitlab-registry.cern.ch/fts/fts-monitoring:latest - hostname: fts3-cnaf.cloud.cnaf.infn.it + image: gitlab-registry.cern.ch/fts/fts-monitoring:${FTS_MONITORING_VERSION} + hostname: ${FTS_HOSTNAME} + environment: + - FTS_HOSTNAME=${FTS_HOSTNAME} + - FTS_SITE_NAME=${FTS_SITE_NAME} + - FTS_IP=${FTS_IP} + - FTS_MYSQL_HOST=${FTS_MYSQL_HOST} + - FTS_DATABASE=${FTS_DATABASE} + - FTS_DB_USER=${FTS_DB_USER} + - FTS_DB_PASSWD=${FTS_DB_PASSWD} + - FTS_DB_ROOT_PASSWD=${FTS_DB_ROOT_PASSWD} volumes: - cabundle:/etc/pki - trustanchors:/etc/grid-security/certificates @@ -85,22 +113,22 @@ services: entrypoint: - /scripts/startup-fts-mon.sh +# fts-cli: + #image: +# build: . +# hostname: fts3-cnaf.cloud.cnaf.infn.it + ftsdb: - image: mysql:5 + image: ${FTS_MYSQL_IMAGE} hostname: ftsdb environment: - - MYSQL_USER=fts - - MYSQL_PASSWORD=fts - - MYSQL_ROOT_PASSWORD=fts - - MYSQL_DATABASE=fts + - MYSQL_USER=${FTS_DB_USER} + - MYSQL_PASSWORD=${FTS_DB_PASSWD} + - MYSQL_ROOT_PASSWORD=${FTS_DB_ROOT_PASSWD} + - MYSQL_DATABASE=${FTS_DATABASE} ports: - "3306:3306" volumes: - ./assets/scripts:/scripts -# entrypoint: -# - /scripts/initialize-mysql.sh - healthcheck: - test: ["CMD", "/scripts/initialize-mysql.sh"] - timeout: 3600s - retries: 1 - + - db_data:/var/lib/mysql + diff --git a/initialize_mysql.sh b/initialize_mysql.sh new file mode 100755 index 0000000..124a241 --- /dev/null +++ b/initialize_mysql.sh @@ -0,0 +1,7 @@ +#/bin/bash + +docker exec fts3-cnaf_ftsdb_1 sh -c "mysql -u root -pfts fts < /scripts/fts-schema-6.0.0.sql" + +docker exec fts3-cnaf_ftsdb_1 sh -c "mysql -u root -pfts -h ftsdb -Bse \"GRANT ALL ON fts.* TO 'fts'@'%' IDENTIFIED BY 'fts';FLUSH PRIVILEGES;GRANT SUPER ON *.* to 'fts'@'%' IDENTIFIED BY 'fts';FLUSH PRIVILEGES;\" " + + diff --git a/new.docker-compose.yml b/old.docker-compose.yml similarity index 78% rename from new.docker-compose.yml rename to old.docker-compose.yml index 50c36b9..2e89a0f 100644 --- a/new.docker-compose.yml +++ b/old.docker-compose.yml @@ -5,6 +5,7 @@ volumes: db_data: services: + trust: image: indigoiam/trustanchors environment: @@ -14,8 +15,8 @@ services: - cabundle:/etc/pki fts-server: - image: gitlab-registry.cern.ch/fts/fts3:${FTS_SERVER_VERSION} - hostname: ${FTS_HOSTNAME} + image: gitlab-registry.cern.ch/fts/fts3:latest + hostname: fts3-cnaf.cloud.cnaf.infn.it volumes: - cabundle:/etc/pki - trustanchors:/etc/grid-security/certificates @@ -37,8 +38,8 @@ services: - /scripts/startup-fts-server.sh fts-rest: - image: gitlab-registry.cern.ch/fts/fts-rest:${FTS_REST_VERSION} - hostname: ${FTS_HOSTNAME} + image: gitlab-registry.cern.ch/fts/fts-rest:latest + hostname: fts3-cnaf.cloud.cnaf.infn.it volumes: - cabundle:/etc/pki - trustanchors:/etc/grid-security/certificates @@ -62,8 +63,8 @@ services: - /scripts/startup-fts-rest.sh fts-mon: - image: gitlab-registry.cern.ch/fts/fts-monitoring:${FTS_MONITORING_VERSION} - hostname: ${FTS_HOSTNAME} + image: gitlab-registry.cern.ch/fts/fts-monitoring:latest + hostname: fts3-cnaf.cloud.cnaf.infn.it volumes: - cabundle:/etc/pki - trustanchors:/etc/grid-security/certificates @@ -86,14 +87,19 @@ services: entrypoint: - /scripts/startup-fts-mon.sh +# fts-cli: + #image: +# build: . +# hostname: fts3-cnaf.cloud.cnaf.infn.it + ftsdb: - image: ${FTS_MYSQL_IMAGE} + image: mysql:5 hostname: ftsdb environment: - - MYSQL_USER=${FTS_DB_USER} - - MYSQL_PASSWORD=${FTS_DB_PASSWD} - - MYSQL_ROOT_PASSWORD=${FTS_DB_ROOT_PASSWD} - - MYSQL_DATABASE=${FTS_DATABASE} + - MYSQL_USER=fts + - MYSQL_PASSWORD=fts + - MYSQL_ROOT_PASSWORD=fts + - MYSQL_DATABASE=fts ports: - "3306:3306" volumes: @@ -101,8 +107,8 @@ services: - db_data:/var/lib/mysql # entrypoint: # - /scripts/initialize-mysql.sh - healthcheck: - test: ["CMD", "/scripts/initialize-mysql.sh"] - timeout: 3600s - retries: 1 +# healthcheck: +# test: ["CMD", "/scripts/initialize-mysql.sh"] +# timeout: 3600s +# retries: 1 -- GitLab From 7f8ff18c5d4c39945fd03bb9c32b51368592d2d6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcelo=20Vila=C3=A7a=20Pinheiro=20Soares?= <marcelo.soares@cnaf.infn.it> Date: Tue, 9 Mar 2021 17:11:57 +0100 Subject: [PATCH 3/5] Update README.md --- README.md | 91 ++++++++++++++++++++++++++++++++++++++++++++- docker-compose.yml | 1 + initialize_mysql.sh | 8 +++- 3 files changed, 97 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 5cc0926..14d3df6 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,92 @@ # FTS3-CNAF -Project to launch an FTS3 instance with Docker and K8S at CNAF \ No newline at end of file +Project to launch an FTS3 instance with Docker and K8S at CNAF + +This module lanches 5 separated containers, FTS3 server, FTS3 Rest API, FTS3 Monitoring, MySQL database and a generic WLCG client container with WLCG client tools (voms, oidc-agent, davix, gfal, FTS3 rest client) + +# First Actions + +Before start, some actions need to be taken. + +This package comes with some preset files and configurations that need to be replaced/changed accordingly followinf the steps: + +1. Replace `hostcert.pem` and `hostkey.pem` found at `./assets/certs` + +``` + $ cp <your_hostcert.pem> ./assets/certs/hostcert.pem && cp <your_hostkey.pem> ./assets/certs/hostkey.pem +``` + +2. Change FTS3 configuration file found at `./assets/fts3/fts3config` with your server and database information: + +``` + 6 Alias=<Change_Me> + 7 SiteName=<Change_Me> + 8 + 9 MonitoringMessaging=true + 10 Profiling=0 + 11 + 12 AuthorizedVO=* + 13 + 14 DbType=mysql + 15 DbUserName=<Change_Me> + 16 DbPassword=<Change_Me> + 17 + 18 DbConnectString=ftsdb/fts <Change_Me> + +``` +3. Change FTS3 Rest API initialization file found at `./assets/fts3/fts3rest.ini` with your database information: + +``` + 37 sqlalchemy.url = mysql://fts:fts@ftsdb/fts # change this with sqlalchemy sintax like mysql://user:passwd@host/db +``` + +4. Change environment file found at `./assets/.env` with the proper configurations for your docker compose launch. + +``` + 1 FTS_HOSTNAME= #change me + 2 FTS_SITE_NAME= #change me + 3 FTS_IP= #change me + 4 FTS_SERVER_VERSION= #change me for stable production version (v3.10.0) or (latest) for test + 5 FTS_REST_VERSION= #change me for stable production version (v3.10.1) or (latest) for test + 6 FTS_MONITORING_VERSION= #change me for stable production version (v3.10.0) or (latest) for test + 7 FTS_MYSQL_IMAGE=mysql:5 #maybe don't change me unless reconmended by FTS documentation + 8 FTS_MYSQL_HOST=ftsdb #change me if you have an external db or leave it to use contenerized db on package + 9 FTS_DATABASE=fts #you can keep this as the database name or change it + 10 FTS_DB_USER= #change me + 11 FTS_DB_PASSWD= #change me + 12 FTS_DB_ROOT_PASSWD= #change me + +``` + +5. Observation on VOMS + +Notice that this package already delivery "most common" WLCG VO's configuration files, please check if your VO configuration files are present at `./assets/vomsdir` and `./assets/vomses` + +# Initialize MySQL database + +On first time launching, mysql image should be empty, hence needs to be initialized, so it is recomended to run `docker-compose` in detached mode and only `ftsdb` container + +``` +$ docker-compose --env-file .env up -d ftsdb +``` + +Than initializing the database by running the script: + +``` +$ ./initialize_mysql.sh +``` + +This script will create the database and grant privileges for FTS3 user as defined in `./assets/.env`. + +This script can also be used to clean the database if necessary. + + +# Launching FTS3 containers + +Once MySQL database is initialized, to start up FTS containers simply run the command: + +``` +$ docker-compose --env-file .env up -d +``` + +After first time, even if mysql is killed or exit for some reason, it is not needed to re-initialize nor start it detached from the rest of the container. diff --git a/docker-compose.yml b/docker-compose.yml index bb85143..40a46cd 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -122,6 +122,7 @@ services: image: ${FTS_MYSQL_IMAGE} hostname: ftsdb environment: + - MYSQL_HOST=${FTS_MYSQL_HOST} - MYSQL_USER=${FTS_DB_USER} - MYSQL_PASSWORD=${FTS_DB_PASSWD} - MYSQL_ROOT_PASSWORD=${FTS_DB_ROOT_PASSWD} diff --git a/initialize_mysql.sh b/initialize_mysql.sh index 124a241..ad88ccd 100755 --- a/initialize_mysql.sh +++ b/initialize_mysql.sh @@ -1,7 +1,11 @@ #/bin/bash -docker exec fts3-cnaf_ftsdb_1 sh -c "mysql -u root -pfts fts < /scripts/fts-schema-6.0.0.sql" +set +e -docker exec fts3-cnaf_ftsdb_1 sh -c "mysql -u root -pfts -h ftsdb -Bse \"GRANT ALL ON fts.* TO 'fts'@'%' IDENTIFIED BY 'fts';FLUSH PRIVILEGES;GRANT SUPER ON *.* to 'fts'@'%' IDENTIFIED BY 'fts';FLUSH PRIVILEGES;\" " +export $(cat .env | xargs) + +docker exec fts3-cnaf_ftsdb_1 sh -c "mysql -u root -p${FTS_DB_ROOT_PASSWD} ${FTS_DATABASE} < /scripts/fts-schema-6.0.0.sql" + +docker exec fts3-cnaf_ftsdb_1 sh -c "mysql -u root -p${FTS_DB_ROOT_PASSWD} -h ${FTS_MYSQL_HOST} -Bse \"GRANT ALL ON ${FTS_DATABASE}.* TO '${FTS_DB_USER}'@'%' IDENTIFIED BY '${FTS_DB_PASSWD}'; FLUSH PRIVILEGES; GRANT SUPER ON *.* to '${FTS_DB_USER}'@'%' IDENTIFIED BY '${FTS_DB_PASSWD}'; FLUSH PRIVILEGES;\" " -- GitLab From 4db8072d6591423ae8bfffb1234e9ab5893ca5af Mon Sep 17 00:00:00 2001 From: root <root@omii005-vm01.cnaf.infn.it> Date: Wed, 10 Mar 2021 16:38:31 +0100 Subject: [PATCH 4/5] - Added fts3-cli container and test1.p12 file --- .env | 4 +++- assets/certs/test1.p12 | Bin 0 -> 2533 bytes docker-compose.yml | 28 ++++++++++++++++++++++++---- 3 files changed, 27 insertions(+), 5 deletions(-) create mode 100644 assets/certs/test1.p12 diff --git a/.env b/.env index c3aa750..84c5189 100644 --- a/.env +++ b/.env @@ -10,5 +10,7 @@ FTS_DATABASE=fts FTS_DB_USER=fts FTS_DB_PASSWD=fts FTS_DB_ROOT_PASSWD=fts - +FTS_CLI_VERSION=latest +USER=test +USER_UID=501 diff --git a/assets/certs/test1.p12 b/assets/certs/test1.p12 new file mode 100644 index 0000000000000000000000000000000000000000..ade5129f4a96d0486460873138c267f14f713473 GIT binary patch literal 2533 zcmY+^c{me}9|!Pl#%zv^5t+)!721qcuH4CeGeUADbdVek8>W?s962`kH6y}&^%X)Q zRO;)#%atQX?xB9Z&-45JzQ5lepXc*D@Avb(|9qi|(61mM8=43$;eg7Ku8?+kfDm9V z5t<GrLQ{_7L^Kg>_)o==O9Wpyij+Y>z|m9qrvajo9I$^ca05BeykO4L1tr=j?n}}j z5GNpt2nOIa0x7wL{@s>YURk)zedTKP<}(d6U(B_$s#aP|e42f5nhM(<BaJd+xX<F@ z&>j|GUQL+1>r7Uz+|ntqN7BbTAtHyAV7v%9F!1)<*;I?$FV?kC_#UR8%KEq<Zz}69 z2K%DI_68(bB_5HQvvE*ORH%7C`zrKSwie~Aynwyv^=f-F?Cm4kNxP=sI+u|v`ziB5 zU?so2<sf6JR0Ch!iw;*WE(3#7<{7(8*V?vT1%MrxZXgoyU8<V%T9@{mmYKP#x^=v? zjV`>?cgGnmV9>)&?_97PHOD`$ZK-&8GTJE}(h(MQUpi3A*OgHkX-(U;`KcfuXI~l@ zeY<}`T4D;d-2{9qzNOjsB1o+xlE)<3y=_hbzr(vhZQ2k~%F~;vHd~rk%jTO`x=-6v zJ#MFBC2m5>vC%-r@UZ#>u8%V>T*Gjs%f<<tRb*OVPPk=DCAuW5<?_R;yQhsQ0%z09 z9=^v~BQp}qsCoC#5mwQ+<x?K4GrpF)e;6xrnlbwj3z5zRt+V_zKP`MQujP>N#c?UE z)?BSLuP{BC05CN%nO~VvCfMtRuq_1Vi)&JH1T=L06v9^0E{;T{`r<85T{Vueee=hx zrQcZ2v0^*knc%_zikb(r*(z}a^9<l9AS*crE170E5jO=_lm@j+>SP9G1Yzl%A8#2s zn)7;N!d=*Jq<nLCz>WqN0ckR4U~=Q#gkupe8>;U3XK#mxj{+Ue_ey5vte5~!fkvQv zryKp{qx@*FNcfWOiJmL1xGkfI8Vdf+qIxW^k2yz|=m!@&C;Fd?KJ^o#b#|Qs!By>d zKh6pDM=P}75T-%>Kj_&$_n;DVk#d=Cu9x=tZw^797v2dXzw>NNQammB*vE`NLw=7{ zTsMzxBH+hZZZ2&rIASbGTz0B)E&?0BJghduP!StRQl6@r#+fE5AFMA_I!2Ny?Z|G# za7RLsOFct`E6#-{GSlmMO%<1<*8GRj8qlZ^R=l_6IQvCelTNy@VRMzJd4J{F=I+4n zNdJ&yNQX(uthqoE*u8kGs;5Tifn>g6w@5P|d_=k+{W>(d_)8%Ay4pZSf|LE$K}1cC zV;<_(%>V<=9GG#|z2%(&#Jpe*4y|v>s0d1N3ZOE6dP%irPWDFGrhcen--$&xmHwzK zG2+sS7$dP8JJm3kKX=XY8{dgqeWDk%$5-udt)1l?yzLV}@TO08J^f{l)g~$21Xs4M zpWH@c<4iS`{27!~YKlD_;8U4QpQrAo<Oog%-O!<Zw6Lo1ivmQrv^NXu7mI!q!JW4# zzZW(*F+tVev4N2t|A>oH^!C(3Fh=#d$tTeF2ntJV_{RCN`)DG&_Wyv9OJr996WJAy zV!5M};^6uZA21;3$eEQRU>5&R6}G=sfy6bQIb}DK@wX~qBDgc}{gmCWFR6?39&gL= zgC;{;Gqvfq*-g*^^B-p&kx_?Bm?Z9p@Wk+7k(G)024`x9R2<5bYj(Ow-~K@K0^kRL zE2U~_7)4!e2bN0Z-&gOqT2HK1*Sq!V2_M#`x*2idH}J1<ErHVSo7OA4i((%OsIT{$ zTLm!6>4Q-|!<4e#r9Oi>aEN=;t+4&crdwNO8k*_CI<jpYc%pM%`u13+rwQtrKL8iZ zrUdIA7=fMcL2yltVjNmoghJ@KJb;-)O@@AFm`!C8TpHorpqf7J3(<T)I{S>abL~<b zS<8boMBpw+z)qcO0Ubjbt%ii|M_Q6HCmKZyLq315sn*o{b8l_25*0!34HwuZ>+itR z-j~(~-`3YtQ5~yV<rQS<ex+4ftuzP?S+s0kQB9d>M?EH68No976O#A(o&*U=OK!5e zY~rguhs?v=g(Jasn+jdi&T#eqof1L7vPyhgx}gk><>KFp>P+eL2@TEu>oLFUdx8sW z7!jbO;sEno<u0wB6n!;mS#2|krH*|A7#tqVVtq_ge#2REw@z9XG@ta8_&yHr@^+sV z^k$3ilNVnzQ98I8EP;2vI#6(OC`ki;mrwF(?}Hz7jl&3OzT92vOa8<m>xq81h#gh< zwz7$vJ+_+6$XsZ7Ef>SUcW^FE%Jd0|tXxFKkVelzz}TI*-7FPf=T4ErVad6oTJEpI zCUi0BhAW!~H#+=CrtOSVn0w^RNdIlBd|tTG7NciQBQ5ut@Y}gYx+Sj}?j!o$szSzP zFNmbWM`Jb~05+2ZNehc5UvzcwpA0Z-7a^o@2<mma$iATv1Jnk5)O}(3UFTx2ZCrj+ zRZgBz(lzmFd{kYbUoVF{?yI}e?WE@6y#$)PE4HRGAI;7T9Z}Jre#SrmC#Py#71E1D z{VHqECybUIfG#(d%gIaN>DCCccg#Q>p+@G*`(ys!0>w&WT!Sv}*=^qWbs)X09!=w= z4>2MBtpiDN7Mg~_Vr#=5Z<t|gm!v!NKywi!7JE>bQNb_uSUS-&w6Bt@M3Mfn`FS_y zNw<By`)aGNmyX>yZ3`X8s?0JkJYFQz7M)KxOgj%<QVzDn&w50Ph9W%twb09~ki$lG z=x<Zd!>IY*wS|nedPGpDaTQa?zNP$~rT2b+_oW#4Pjq4!PJ?Luu+Hhx7$3}O+jIV^ zSpPV?i$;Qy*wYye^_Wi{7Wue~4ahG@IC<R8qNM;A9sqy2Gf2QvtpTrUk*7?b)JX*K z!~oRZ?v=cbC3uv(8NP?SEIeIG8L|C5#*1PyJFoIa*%#>TQhb==y6T^6S$AVqX|Ox} z9UIvZ8f7Rc3QII=@7jK;41>|@6xmf;E}y?*__N)u=iSpY))QMSeqxCwGc>mWgnN)3 zGU11b7caF&ievX7pL{!ID&|<zkLn%j7@2|G5oiMEplaQaqMeu6plvdXV@Us#qaxG{ zBCoIkPmXW<GFz{ovYNqQCE$OBU20qLk!n1>c%9TMcjuE?EBpNy;?B*UUmSsRVDr51 zk%zDHO+65GBZgPLM~M~7WW2&Ht0lOZ{@KCrP*4TZIi!_aN37a=dn~zKAMcARE&L-P z0d-^R*^934`<OFmiT~;d6~qXE5y+8TUCZLdK-se!J&AL_gdfjtQ_vW+I2y{qewLRF qbb=iKMhGg}*i+hHkB=6u-uj)i8?fHDMFn%7m}oQ}1zO<$R`OrU%Bv~> literal 0 HcmV?d00001 diff --git a/docker-compose.yml b/docker-compose.yml index 40a46cd..d2ca2a4 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -113,10 +113,30 @@ services: entrypoint: - /scripts/startup-fts-mon.sh -# fts-cli: - #image: -# build: . -# hostname: fts3-cnaf.cloud.cnaf.infn.it + fts-cli: + image: marcelovilaca/fts3-cnaf:${FTS_CLI_VERSION} + hostname: ${FTS_HOSTNAME} + environment: + - FTS_HOSTNAME=${FTS_HOSTNAME} + - FTS_SITE_NAME=${FTS_SITE_NAME} + - FTS_IP=${FTS_IP} + - FTS_MYSQL_HOST=${FTS_MYSQL_HOST} + - FTS_DATABASE=${FTS_DATABASE} + - FTS_DB_USER=${FTS_DB_USER} + - FTS_DB_PASSWD=${FTS_DB_PASSWD} + - FTS_DB_ROOT_PASSWD=${FTS_DB_ROOT_PASSWD} + - USER=${USER} + - USER_UID=${USER_UID} + volumes: + - cabundle:/etc/pki + - trustanchors:/etc/grid-security/certificates + - ./assets/certs:/home/${USER}/.globus + - ./assets/log/fts3:/var/log/fts3 + - ./assets/vomsdir:/etc/grid-security/vomsdir + - ./assets/vomses:/etc/vomses + - ./assets/fts3:/etc/fts3 + - ./assets/scripts:/scripts + entrypoint: /tini -- sleep infinity ftsdb: image: ${FTS_MYSQL_IMAGE} -- GitLab From 54ed4f8055859009f03b44ec495a06c660968348 Mon Sep 17 00:00:00 2001 From: msoares <marcelo.soares@cnaf.infn.it> Date: Tue, 16 Mar 2021 16:08:33 +0000 Subject: [PATCH 5/5] - Added x509-scitokens-issuer-client-0.7.0-1.hcc.el7.x86_64.rpm - Added test scripts for crating and copying files --- .env | 8 +- .gitignore | 18 +- Dockerfile | 16 -- README.md | 4 +- assets/fts3/fts3config | 2 +- assets/scripts/etc/hosts | 2 +- ...s-issuer-client-0.7.0-1.hcc.el7.x86_64.rpm | Bin 0 -> 27712 bytes assets/supervisor/conf.d/supervisord.conf | 13 +- .../wlcg/wlcg-voms.cloud.cnaf.infn.it.lsc | 5 +- docker-compose.yml | 16 +- initialize_mysql.sh | 4 +- old.Dockerfile | 54 ------ test/cleanup.sh | 6 + test/command_example.md | 16 ++ test/random_files_creator.sh | 177 ++++++++++++++++++ 15 files changed, 243 insertions(+), 98 deletions(-) delete mode 100644 Dockerfile create mode 100644 assets/scripts/x509-scitokens-issuer-client-0.7.0-1.hcc.el7.x86_64.rpm delete mode 100644 old.Dockerfile create mode 100755 test/cleanup.sh create mode 100644 test/command_example.md create mode 100755 test/random_files_creator.sh diff --git a/.env b/.env index 84c5189..b841bb9 100644 --- a/.env +++ b/.env @@ -1,9 +1,9 @@ FTS_HOSTNAME=fts3-cnaf.cloud.cnaf.infn.it FTS_SITE_NAME=FTS3-CNAF FTS_IP=131.154.97.15 -FTS_SERVER_VERSION=latest -FTS_REST_VERSION=latest -FTS_MONITORING_VERSION=latest +FTS_SERVER_VERSION=v3.10.0 +FTS_REST_VERSION=v3.10.1 +FTS_MONITORING_VERSION=v3.10.0 FTS_MYSQL_IMAGE=mysql:5 FTS_MYSQL_HOST=ftsdb FTS_DATABASE=fts @@ -11,6 +11,6 @@ FTS_DB_USER=fts FTS_DB_PASSWD=fts FTS_DB_ROOT_PASSWD=fts FTS_CLI_VERSION=latest -USER=test +USER=msoares USER_UID=501 diff --git a/.gitignore b/.gitignore index 6ec20cf..57543c8 100644 --- a/.gitignore +++ b/.gitignore @@ -1,9 +1,9 @@ -./assets/log/fts3/fts3bringonline.log -./assets/log/fts3/fts3server.log -./assets/log/fts3/fts_bringonline_stderr.log -./assets/log/fts3/fts_bringonline_stdout.log -./assets/log/fts3/fts_server_stderr.log -./assets/log/fts3/fts_server_stdout.log -./assets/log/fts3/msg.log -./assets/log/fts3/* -./assets/log/fts3/transfers/* +assets/log/fts3/fts3bringonline.log +assets/log/fts3/fts3server.log +assets/log/fts3/fts_bringonline_stderr.log +assets/log/fts3/fts_bringonline_stdout.log +assets/log/fts3/fts_server_stderr.log +assets/log/fts3/fts_server_stdout.log +assets/log/fts3/msg.log +assets/log/fts3/* +assets/log/fts3/transfers/* diff --git a/Dockerfile b/Dockerfile deleted file mode 100644 index c563b1b..0000000 --- a/Dockerfile +++ /dev/null @@ -1,16 +0,0 @@ -FROM centos:7 - -# Install Gfal2-tool: -RUN yum install -y gfal2-util gfal2-all - -Install SRM Client: -RUN yum install -y emi-storm-srm-client-mp - -# Install FTS3 REST CLI: -RUN yum update-y && yum install -y python-pip -RUN pip install "git+https://gitlab.cern.ch/fts/fts-rest.git" - - - - - diff --git a/README.md b/README.md index 14d3df6..cc49fd0 100644 --- a/README.md +++ b/README.md @@ -67,7 +67,7 @@ Notice that this package already delivery "most common" WLCG VO's configuration On first time launching, mysql image should be empty, hence needs to be initialized, so it is recomended to run `docker-compose` in detached mode and only `ftsdb` container ``` -$ docker-compose --env-file .env up -d ftsdb +$ docker-compose up -d ftsdb ``` Than initializing the database by running the script: @@ -86,7 +86,7 @@ This script can also be used to clean the database if necessary. Once MySQL database is initialized, to start up FTS containers simply run the command: ``` -$ docker-compose --env-file .env up -d +$ docker-compose up -d ``` After first time, even if mysql is killed or exit for some reason, it is not needed to re-initialize nor start it detached from the rest of the container. diff --git a/assets/fts3/fts3config b/assets/fts3/fts3config index 0d0e45a..6bd27c1 100644 --- a/assets/fts3/fts3config +++ b/assets/fts3/fts3config @@ -15,7 +15,7 @@ DbType=mysql DbUserName=fts DbPassword=fts #DbConnectString=vm-131-154-97-13.cloud.cnaf.infn.it:3306/fts -DbConnectString=ftsdb/fts +DbConnectString=ftsdb:3306/fts #DbUserName=${FTS_DB_USER} #DbPassword=${FTS_DB_PASSWD} diff --git a/assets/scripts/etc/hosts b/assets/scripts/etc/hosts index 2974f85..c1b7ef4 100644 --- a/assets/scripts/etc/hosts +++ b/assets/scripts/etc/hosts @@ -4,4 +4,4 @@ fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters -${FTS_IP} ${FTS_HOSTNAME} ${FTS_SITE_NAME} +131.154.97.15 fts3-cnaf.cloud.cnaf.infn.it fts3-cnaf diff --git a/assets/scripts/x509-scitokens-issuer-client-0.7.0-1.hcc.el7.x86_64.rpm b/assets/scripts/x509-scitokens-issuer-client-0.7.0-1.hcc.el7.x86_64.rpm new file mode 100644 index 0000000000000000000000000000000000000000..bc35d73d5595250963ae75be83f8b356d799a9d3 GIT binary patch literal 27712 zcmb@s1yogE6E}Pb=@Ln)OP6#b-Q7q?UEl(jhD$d{N`r)ilv09}ARtl_(%m7bl%$k2 z@45bY@_pWCt>;_cVa=KS+k0mA>^ZZ~o^uzwZ}%2ZK){9MBfu@f0k?vAxHv$a;T$kH z+!N}~VdV&eI(u+%a|&^CbMSE5Sy^#H9fc4I|KUOc-TU|6gvw2%yFPRf2ssI8O8|su zhX9-am>B0T4BSCTGyvfO4Ya@7AV3#o6TqkdRze5>_$R;teI&KNWKeeg!pIH)2kfEj z100Y?4gfe(3=$<O2niX4b`RO)A#@gmg-MXF`^~PU4Y!ht0|S&EKvO7xe=cV@$i*^3 z#ddh)6{h$SgVL9JyQ2Val5!r~S;9umUooUajv}U67zRScI~1A8**NaBNjQQ}aDJkM zR1k^TLGhJ!UieoLyt|)7Pvg}4+IRi~^GF0ZRKz+AX%R*5`azi!R+6iZr_=H2GoE)7 z)!r2CB-R%hl`Rs6S2XXF$?@liZFG(E-h6IaQ+#90r^}nf6X&>c+W4bwyNeI|nZIX# zG1rz`F}CadZ9e$L&Jaf=^#(hoLKf3D9EvyY*wQv=@bQNO=lbI|m3p%{<aO(`+=pA| z?XDZe2@EnJb8AiK^7b~NHs9!%vZu+*!p%B4Uu8+FSA2TAEoEiJ%V!A@7Jzb#aPtX? za0^>oar4_)+XzAUtogVF1^K!8czA7WM1WA*jsBNdvWTHyQ_T_Vw>Dd)8cWQnUhqst z<37S1e(pDMx^q7?$(qJ4rfa&H`*4QW;B%-0)AJUmFh~|{pD1g{T&Wz6!!7R)N;2xv z68hxz_rxWJC+QSh9-*S@Fh@+P-lgcne4MgI6W7t-bfbP4aBnk(E$xsUhs4`Qu!7eO z;{IuR_CK!Ql(d^1uP1#oKHkdt^~}YM{Q*kX4!S+Q#Kn2_sQJ!&9l^@2tZ{uaC1MW` zohh9TBcZHq&uCKA6s;2FpFh2749tr7x|i8m@u0k}jtxq-rr9LIZ7Whey}yjp2aH6` zqr+m_W2I0UaL<(KiI@FS9X*Ib=x!!Z2~IJBDd>)+VlKZj6S?8<?SGBz7u%>D`{f42 z>`D)~{mJ*++gn8L6a3SD5C?(qfG&_EKtMj@9w5d6vIYnPAjI{z{0H^}2>A|g0UUvW zz4G_{fWVA*7_lEP0phyDyLVXU4(|aR*dL(qJB-*b2>s|g{0rcS@z;0w5a5XM(mQ-~ zhb!;!=^d`U!@uwFr#pNGaD+ddclZk62z$eK`1%h2xWhMh7_rZR^&?#QBaiS4fe~>4 z^nvDI7$E=<5+ZiMs|*!k8{kNkcNj4@0@K}LEPx~AS?(}4z=3!p@!w&@`v`#%>p<8; zypIs_2)_{+|F3amK;{od%nP)UN$)TbzyTkSnE;OPml)uHJ~AQ~5c&u?guKNaCIdKP z{0qRzfhItRag;}Q_~Bpp-m^Q*0&u|oz4rh|*cS#kpntCg;DGO_h|LP<-$Ud90*n5I zG5GE<A|C;LEE|9$^rh~w^Bq<MIA9OU2jB>QmF{r(9aaW7U>_^#4jbN$zqrFjcjNhY z*aYARdtG<f6yON`(K~GR7sf_B2jJPFS^^yK51SU?2>-0_aN`|@-r>9aLPe|tA>V#C z?s$hg@305Jf%&l)0ghOY=N;a>!(IRf{J}oH!`^?5<0AY<$Rpwa=;PYmVc$E9uuBaB zJxIO7h<GE(g8th%3i@-7g8p%i%KkZC!8R`LU_-?DYYBlvt-*heVDMijFi0Bw*BK0U zgju>n+<pHDd)Pt2|8XKtzzN`>8*y;4hgo{U9Ic`5Je*c`9#)**FgS2_TO(Evy5Lj= z#zB8>(ykCIz#1<n_g`4w8SV<Tg4w{J)*w3%4_CM-7uVm*0!|lqTaY8n+0zH)BP?hx z$PeOzTf&^V9IdTfoNZvX{|<q<IFx`iQ~-h6^FwzLe~9`2@)7W}58<mdH`Lk+ICN~R zp?pF-P(eNc8z{umN|@J*pIgM5Ps9>H+<XE&ydsuDd_uy4JiPoi5MhY5pddt;mmkUp zva+$X7T~rN5`gmaSc~uqK=`eBE%~^Gtpu!vxCMCtDJVZbpACdp7#M*F^Yd~GK&-4F z!h$y3R=^BUkd>eal-rWWieCV*WW&b~g^EA~1gu54MT7<Ufhm9iejdOQH!m-*r4TTW zFdvT<Fcm+ywG}T9KmT8A`scg5i;D;7|9Sh5kM7@#EKaz)6{owa69_mv{(b>TfJhWw zE12G&I!*acnZ^lsVPRzv<hO)*u>SW1{LeH0m0>KvBjpg}XZ>p(h*Iu8KvMrd(4UQr z1#IR&gs_Qdb0IPZZU_21_k_FuX}kJ**tt0K0*Pj61uTtI@E?o&N0*|SvW%=bFDDQG z-&g*B5At#f{FhNa&i|(SFJsmaFPIO)7w&)Y#o7_k$NL}q{^sDn`Cw~hWe!JZ@%)R{ zKXoh0%9`_Wa{sgA_HY+xjz6*Z*SVbj@9@AqtgYDD|9iizp`o;lvN;bY-#<_C&zgUn zH#7wN_?IyJKSVf1{%+^5XUE|Vb@PP6J>Vc9fq}=uBJ1Mh>JEhiZ#M;)BUA(81ckHy zZ4A*P2eU<p|GiHO;_K)F`6CQhf_Oo-+@UrwA7I$S(V9h3L*HCUT36}crIq1^es|dm zB<(+6KsY)1Ie0+)oPvn&7=R=0AOTL^KY#~_1mc~<+y3;ULi^JMc>7bM4}T})W?m`d zT4gC?-^_Mn1x_hrkVZR#WZYp8XRwTml>^k#322E~TK?6RvVuc7J)Ip9uUiQ)2l(#m z3G_cG2>fwZ-r5%84pxBJL)@)hz+zA*n?Fq{Pb;|fKa2}-@&T*(pNu1x{XZ%2{I3d# z`2G(w@c(%d|C7T1=+a-0{C}7M$eI6b4Zsol|3!fVtnB3K2z3I!v%$_#Z?LAcr-vQl zJie<2?zYmObD!A>Vg&(?6=ygzm<1>r;4mkcBgCDR6T|_Qa{)WMcz_`u9#AJ&51@zu zyF($?VD&o<0Kr`WMJOB$XxKvC!5(%%((<UwAe5!8tzpi#Ko=Bj<>KxRwekSu-8^CL zfBb@Dae!q!ZNb16gu)ThuC9*0U~d<92f!ImXKS#x9n=}>1=!TrQqz={18Nt*U0?uV z+Tb5zu26R;psazpID?%auC9m~Va{M{Swsbb5Y_dDd05%~d%**&#MRRs3YO)P1zv1` zm=**fB`XcK1g3C={#7Y~0i!xf@@j&2%K<FIJYWz<Fx=DC)y3W8PyGHx01<3kz;Ab$ z)m^a#mQ_>!o4V}Z3oe+m2h`mLVg>zs>GfBE<_`66he5p{jtCV6n9m<0h&8#`fK_xg zH8_B>&I$22tif<A*T32IaB*?`W9ZM+5D$dH-;Q%mAkGLwUJ!SfizgfmcY-)Nf`J0f z0b+}ggSxxBxWhUBabn(`pnqO<z>$hLR{u`OKpUuE5myM}2GqC!{rfLD|Bexo|G1F; zmTw%0X#Q(y@mCk{a{tc-35e@&$N66^Kv0mM3&f$x3+Au|bGX7>p<oUJ#QHc4Tpw}B znJZ}O=qW20nd@rm>&VKB17bE%A1kP<2aqms0Kh$fIB>YSyLbTE>Eg}-_i%RsV#2}U z3UP-xiNoQp9G0FoHo%WoaF`!doFAA5$YU3GYYyOS<$(W5Eg<>9U=AliV9?3K(-|s$ z_xwRtt}qvnj~|HluC4_RFl#%A2gjdUm&4ZiPucwE`{Yk>5V1vEh<GE*t0{m5`8j~% z3#_Iq1BUuQtvo#-mX6Rz;J+%WM_^!U{K<MAFpI8{?i1EWU~6Azh!e~TSidijXwD8m zlCXFpHYeN;0?ds_J~$wT_%Z;FJ1#Xu%?-R11UdP59|3z2sO**Ho&vHwrsCY(0{nas z9%~zJUJ+q_8zD=6Zf;9UAwfQ<un<&02qFNn;RfnkKo1BR%+(br?6v+>SU_3=*y9mc zT31$C8SDY|@%Sh2LI1X{JI7os?Sc6JZ%g}kk8Sw5t$<>j&(hMy(h_PZU?l+M<F&E` z%4(>9pe2tb504O!jSw%-KY9Eo+<$I}?{PeU5F8PI0^o-Y9DuL@LbUG#gbvU>fY1QK z1PC7>Jb<tPLIH>rAY?5-8Q=(ARDk}bgRnse5W)^Z7Xu(%fc`HVfI4DN{rUao_V$V! z;mfs<pP@0}%jzXg0Wyddi4f?dZ;X1ha;5tu!xTh@yM$`Vd+v!HQrP9o0n>F$ZbNUK zP=3hisbpJ)ZU8-Z{r;^ZnU*;xES2l0xb1gS^m}F0>m-qJ9QbE;))|CH&6$HDgHv+q zzLP^An+^gY+Ef}z#nK#*P-E=i4|CDDE3(bRTAv99RHT0l{@#R+XyTXY?R@)sW0R}e z*Fm0`ldpFMCY4&%ZKOs&7e?9>{TkH2D#Q}o{QH52Ynbq}r0mz<OxVj~22fs3F+@#i zaq2(%O5*v<?y%=weeKJq3>8m&SqBPJx$Q+hw<EQ64PSc8<1C}?BwzUJIet~HyE0Zh zH|rMX<Z+kaU0*^usp1=9?qxz!{JLPzV^20y)k<*9eoyvd^Lnu^2=&yg6M5lD5ZN=5 zRZ>IBq1hp_abXIiE<(Ww)=#Jl>qwa$(aGHp)^ol+a|yLqkbaW=CbS5{#O8_pN8vI_ zEt4y{u=Yv6AK_?G!|JGJZjk{^CR7R&)tcB%n<OnYc&72|S$H=53oXybTGAQ|Uix(C z(E2W6l@qF0$$cKyb7A>pA5rm$R6#}PtAwm}$AkzLId8r^ao$OHb;c(5IjzZaTo?s` zC1V>GO*On!<M-27RsIi<r{zZI_!Ayn$Gksk%FLk4ImME`MEgX}FMcdi#)A#}-AUCN zU!qWX7<lft?nV`z(97%%*(}FwJ9@^ORPk2Ml)YA6kG%DDq2M}1^#DiN6YFc}taP(q zc4uu=KWS)Mh3dc<Z$vnMwrre1HgfZbX~3&U<PPm181IWPdDfAX)29t->&r3A+S$E~ zRDlx&s<<SdxXFBcGi^yK#REy-ZzwlZaObbQQAl5^@{&YCr@w@vuz<e5`{pJ2>%&*< z{EKkIZN2%bYJu$V540~zQgUTj3g9^jh8})J7Rs-yRYiu`^z&0$UfI4v84DzpD5m2< z->7)Kl5}ae_+Y-kQx>^aub^$!tmU1bexymPm%t@|UjK;DSX>O|naOZ!&EOaAqFEJ{ zB5@S<=eZX**!pk9YtVb>F#GQLp9s9DD|y?P35O9bUeABHSRy-h5)SGf+%2qoh&*EO zn-?8<I<wS<Ah7FOJzZGYsg5Ei&iW-oP2jPoa$(GbjDb?SaR1?h)%Gy&oL`~C%*nlO z@cn!8@)|`Yv0tYBo)Tf;7tFlR9$6z#;f#==Jw3Ktj2;wBgr|gD3%H5q`Bz0FQB?lI zKa3gAxBpS)leqU&@uw`Py(K2?7rY+JE18xO&n1`6x`!kctORGu4W&)AP4vo`LGN1S zf7iW?ooj{3dyh1Oxtw*oiNXrvDzp_KKKZ_$(9;~u?xHOj;yiyuwD*PtFK}vlQKj5u z$zmB@2Gim+6TZK3%gbgrMwf~Cv|=%-lx9#|3NE6o&UJtM$?9(V2<q(&-<}+chmpsM zRMk8Dp|mvDD<^)}`=1^eU*^ZxV1U934$BxLB6mFACJW%~SG(vpBgZfZuu$fuh41s> ztw`pR60Cl{sNtP<i03C_PqDiq%E4F9uliwBpXI8cP^J5@aLuJZqw($U+N0GeW+pL{ z18z5X;^&$Db=7hy!XXVuh8dg|ih#zLq($4}QLc-LwI@R`#+}20x8bwF1lpU6)XhY^ zZa!+{hc4AIXGq2O0s|P4P-R}(cLhyZ=ofqpQ}eHGiqCsTiro()cV=0!6}bRqAoDr! zecHPJIOe&bTr;PmyHk40s(J{=Drs$xI*<G0Tw!|QsCCZ7C&kuvjN*$Zi01I41Xplj zLJFSzhoyGn=Q1y*yl*9LEIU~`TeH8Teuozbk{K1|KMbo@IjT284f#1V6k78bD;4Rn zv;UHw3@Y14%BTDyqJCH%GW8JQJc%VpN47`bPqoaH_BUu`{yK{RsAjX|7txF}c9pa` z7ECfHP(u1)!Im7H$G!Ekb>F_pYuo)ub^omD^4`+I$@HDv=M#$ws}iJO_JWusoELNZ zYeTJlYo+>o7sbaX^~3#z&zV`W;#`s9PuR24&!|E3l+REy?VApOlK1+`+b((7==`0| zTP>U-DuUBCd%JxY&&T!88OPq%@!SVaF?QMG53UUDvC-O>9F5wIiyqBWT6*v?E+w6E zwjUnvx9{=Fe|bDfF&K^e=?Ak4L*Rx|-~%s8tjI?J2~Wf|{RY-)R135*b>c@1jme#+ zhFYqnE=$cUL)RE^G)vyYqAQOr>kgIqJ<oKKp=zli<5DRaD#&7kw4|GowP_j2lX6U9 zG2=GzpWd$tE-xz?=~_(x-c1*zzgo=}@4TUAnZY7nE-`p4^uy&FBhg&gn9NOlv5zjH z%8z^RlT;Zc4g2Wo^m4<gt!#6ATX%b_MT}Ih4}9al#vksPu$uP9i6?OvvI|CT_y#)a z%(9gxJe6eKJkcSlK_xg6KiY}p-}AMUWYzn)iBaKdu=@7B%j<h*bPn6IB{$im#UM0% z6poDC=KBfM7Fz}>m`A!Rv5#`yBx;~*k~N!|y4+%}jYOutC$9!=+l##Wj;02KL#jWF zVbsg@rVE6pPz=Yjv+$`zKJJ^AyET4<%Gbd%fwlPK1J^xpsC4mh#zb|@PrZEau||P% z(U;M3Exyzu&L%U(g8WA1Su&(c)%2F5KFa-H*+nEH*D9}i-l!|1+}zWHo6D!^viU&w zx_>&#*`Hp}QG5tGuFAc3n3?R`HJGhjVHEuBbzHynSnb(b&w|Cx#+Sk04e0xn6l^^Y zaVbk!^Z1c**cV)60)m{ouTC2<)$+d6W1503&N~dU_+IQr)XbyP5{E+6430LaxSTA= zeu;L_qkW2$B4B7~7maKu6psJd>#Wd#dTknB8q<mfpHMPhx$4PQnR7D_%NP?zX}#4E z{w<I$9W198Oz7#^Bw!~=A3DmoB!v7n@S9$ss4(<MyWEL7nsHOjucS{|mS+32@$G^; z-G+rx>DATauk7EC3Vg~kJDa02@xJJOcXSA<5Ba$M#VYkYBDI$)DQ#J*$YC!#2}@{n ze(oo@GCOHk@dre*efrEb@FvNKieE~q7R9{5{D`JdJM98&`R%d0nvl0T|J#Y+m9n)Y z%m$%F)3AXCk{vcSIefNiQ*YFs>sWc7fEM4B4=he%>I<K?vgg$(4hta>gH@Hi4``4i z=|had+vz7Ul3#P7PP%Sxg~(0K8`IdsQB8a~LaB8m`kH=@s5!le(rx4c_hJb+TJr5K z%{{ZkJ~wbzOfe?SnkQ4&GOol)pOYl!x4OFj7=^qxKHx{^@J8J_pN^2fs<ZtR9$U)# zF$$rSAJU1fk)>6fT9C8e<xF51B;fIK0CGtbf03Do<4!PlsQ_xUclmNs>foG7mgI@B zNEgzOyX?F>6&v1ohO5+uGfD2t2Kbja?~)j~H;O~6_}JIRTSEcIq#>1`giv3)2$uvE zomZQvu|!knbTQ07(-d(KMn%s=3(vs2#>@6O!g*Y%x+O)Tnv67YfnVY(c9A>zifxcm zy97^=rr`2$I^!{1pNC9=TO~M2#>(M0j#sN8_Y+bNToZf#w>{e{)Z-s0YpV-tLwGfs zrfv&Zj3_41Z(@a~J89%7lT{a4IF5N@#=6!eyI87S#hPl%@ZPz$9E-n5&89q;srl}~ zLZ^YkFt2?wW#!)a=s7mK5bOT-S@dP>`|Y#wWBZ<b#+$P87;k^BUBk-0*Yw!!D_8=( z4p?6K8}{h|>M8NvLp1js%+!%nbdakYL|pDs+Sl?&W!vY=dS>ww=9ZO_;ZkIYl`&7{ zpuF;x?}g&UUKa>R!2EaW!1H9z0?v#sk#1jXW_I%S9-_v>0^YG;W$2xvF5_{ae|s;y zp)1cMIegFg(;CluIyO~+!sDVZ%32L3BF1OUx-NY^9Z<t!X@@!m%KN8>{in0b?T=@F zx3~Iz*VEk(tr9%TJ+!BoN7=*Jp7G-BPl%OUc%fK}&owO|-4<l_CCU)ro*RFKuN=3H zjCUZh0?Gb9Ud{n&m_fG%+if+0EZXB3KLsH%{m4#rjB;;0O(k?;L-7=m?ZsJG)bMJ4 z&BAPj5p8mIlbILs2WYE#8Ds19#{=E2io!8_bNapA@oX0S7kn$=AQNw?_sfaXPun(0 zX`XZWa8Sj2bzk~FB;W3ODnN58z{{QB8uML6d<GvZ+4Uk#fpvYfB*>z;7cRExs5d~n zqHja(m-@PzV@wR&k*a)YSw}>fs4(yRQSvt&0+u~iuzF1`9$LixUn(TuW1?0)Au~76 zH^%Ej#{_oKd<_<52x~ameINm`^)wXk8$HW-o4Kp)>Q5L|S~l!H2N>sm*(zXOk!=Kv z`_V*{MPO?b_@SGOmcA)y3csl4rZ*t@mbj}Ra}?##K+?iXKY+e1i_bswLB1&z@?`qM z>N5GJJ4Vn~I-evbDTRx3hh^anCWxmjQpYLsOMkmvl~RuhSnqWAP}?f66-(2$DStbC z8h!F}3(KtN>+~uI$w17`Biv?=vS#G{YElSFPW=Y=!wphuh!|%Lwt*!)9tHMb@#{>6 zV&V7<w*?~?L)DwK;{nT^-B2~cM;%G)=wW<P8z<O-s^q6sVDZ@Wyk;||&Ak`z3!`^5 zd8NJ1?Dl023|~6Plb<Q}2r|FadY@wjr+o{}9F(OEq+25kbe#?>VKX@RUAXJFz`QB= z_+t@{O7G*w^uUJj(~>pkJzLbVCstPh_doeg*CDMC1`Y{~<8$zRXu74KxSGN>>16ZV zOeyJ&%YGGZT=$mfo#j9Snq8!gj~PYNH>R?DCYz~eaitG}(_V%vbBPuE@~FuY?@kXH z-4vs6_0L9hUjJ^bQ~%cTTV4W7XP)gdo6W`B?>W7!8YRQ#ldVsYF$gIO3IiC|fBBZ; zlH>3rM{aBCVbwpBfBb=&ef#xii_P6AX~=!J7J4~r`n8j;uWiopk=1W8E^`gsV=n{a zR@mgMUUfoxa}s-X7?ZUuRM#d4hC52`7IXc(CjTpk6>G_=0m1ZE?l6Y)nTQJ`B;Def z3_f`AMrEaE4^P8tRqm@P)3^7`n+A35em8orx(X9*vnM&4al80S4c<=#{_dwrF~27> zpTghFx-fw*r>7LpQFHRL88wOWg!nMRoN()j3rUTynSBV=K5rc-p-aF7spzhRZ>~=c z?gJzry0<A;^@2ya;lBmoQe6JKH=<Q1BJ2v2I*|=xXDSNZQT7&Z_=7*3#U-R3KE$<4 z(_2~ztAe=&KK9#WUoanNlK<TP<I=64WzeK=BfAWvm+pF<#Z_v};4%M$;RQqNCu1+e zUx&5bv&FqZ!galbi;5{4f_nx`YWpTGM}FZt9kpdJTQQ<j?c|Ahf27@Pw*9VyY4BS! ze?-(Mzrh;sqmPTwuwaJHM)An`B_VzDGrz-)^V>7Lq8y28nW7Kg>7*hf^wO;f9Q1SE zc3s0pgao}NLgN&^o=Woj&s!_%#z!JM<1MvW$EX^BZ-ft37{9UQ$QX1##pYE6*{;vt zyM22<as;SaL}{6FMB+#@BR`emoxCyGA0dk^ObwNkXUUB6(9=1)j4V#S<mDB6&H^<K z`&<~pY44TMvV<fpoxOWuU_Sd+NxQ=@?##1hV}aW5<MjNsr?g`%@TDQ|X4TcTl0{xD znj+z87VbbH07>wn;UG88;62Qc+R(-N2q$9l++*#VFI{`6_DPhrv;lWs<FG@;uXU@C zhe&Aoqk#H!S?hAeka~Gkq$<%Pu_&@>I<(rz@~O9{_q*xX+i8B49wYzSt2&AIi+!`n zkSPCtXXA`CULZt;bhK~WLnLrMmRLI?xJn_+ceRyF6xFbrhRc$~Ysk5tJvcS&)^NrT zT<fQO4$Y{9;|dyG4s0;U$~nKh#{rSl!gn|J@Z~1d-%WRIX5Z;F+1#EtF+5ik{#1_6 zmcIM)lI(kH+r^{t5<)5TBxYSli}|NG{qIFI;wbQ_oPND0XrvU<bG*XeQtqSE@jKef z$Zz*%yjJ1jvb60EoOtTV*s<1s24PSC=1PM*`JJN+hon4|uRl&od{P?;dpUrDRc#Nd zo)+8I_3ODv25oA{ZamX9z9Y9N^M_-|nVgth%8U1&&U3w>V~+i>)ICO`59<6Uu3^94 zR`B;o&P~Ee!pqY!(bSf^&D*#H-&=DZ6cO5B3&63R3~2goh1h~#5q4T+;#S8FAA@sq zU<36-<(A92iiI#A5woTQdgJy&@5u++@ulHgn4A@Er2!w?U+<AKVS(Sde>@#%IrT+T z@*V$pBva-q{DIKH0_`pCcg43uo|>c|{7lenlacK<PS0Y;t9!eCXLL&ta5d(4vF{WX z0AIc767c--(nRZhHr)K<#E56_zK_fo6vz8@UFIYkN26=@d4FrSTfMipqUdyq9P*V) zZ|T(!w$lf3L9$wEMIp<&NEp#b7dWdaDUr`cgJ$^~jnT`9#b+QL-j48x_zL}9?4{~1 z2C`|<3N+C%T=LlQ6!|L6HX6J-wyi&K*Tpq73@^j_Iiv}pbQ%xLey{~UHTkhNox<Xy z-?BeAHZmC0N9u+5`(zT*(jTiO!tYl|E|G|Z9i~!LV5WL8eL4=OW+7^rl~vpOVuQoe z{ctKo_%h_l*S50f2df^3J+7O5#2jA^;qT_9wo;j(`njgy(8s*3Jc5x+`uOaLDa_~& zPQ4XuHLs;e6j({3`=0y5%*_Ly{fzK~#a(25<M{ez0KX}ZOIfk9)@@8Q|NFWWh%u?I zvcUh6kMrS~f;`JU*aoarl-ijjht4W!3~>R`kHV`I1M0e3@TG8UzOr2iRy+yEqmZ^F zbbs}zJE=6M{vt7^FY2?Webti97rr-dnC5ke<=X{s67pV3MAlgIXB<2N^O`-CpC;(% zjBVM@{c7!RBYUOjq)+yncDme=NvhO%MD@m)P~#a(BwuZGOKyAMHv@6|srznoo3Hlw zFe<tQ(X%P2G#DwUv^=#q#!@&M9M{P&1S(7YY0tpum|wYKINN+xpwAB4eo)B}vrl|p zd^`O5_ER8!Mrwm)rI!EVX!>f7W=Uoq4MuAC4)$b!uHLoB$4ynr2zNmb9(|8|T62pO zljr45g(XvL871G*1|^+-W#o)2l(-&LWs4{@d=$rgsN-gCoZ6qPG*A;Up-Vd&F$&wt z%dZZpdxL95+$C(zJT)XT^Em!;{M}Ul{q*Rvj+t~-i-fHxlMh&VvtvU~?gd`zwQgxT zr3ZCK4ZwPw%jYf13%f}{l%PH~+@au)L~PulQDZEXNNh4m&u!PaH$Uz;6YuFlK%3$d z4oqVnPxs=?RYF#MNb5Yx(liBJj+=&$7GHVAKWCiS>NJ%V(EZ#bes1%f6iF~jpEPxs z)t&hqn&X4nvD``9?$hYLQ#VZ?%AVdRVxLBI;?ntRgB9gV+c6#5{8J74!LVJ0$HqwP zN>l^OzwxLD6F?a#)4CWl5#o-RZUOflReFhob!}@^im7I*4!c4RljI&gsfd027}6_< zvJKaQfh1*#Uo(XeQgau4HZ$ipbZb#!5D0dS`0AR;vM~OBQ$#hW?B^Qsh<mu)@!==t zSS)5w7s-tvPbyN*XbG!QQPx#Ltddm>vuzt~6YW5;3?6AR{a8@r%lDs34qg=s(#iEl zEi%pI{)pGvZupU~9{#R__vYDRW1zJf66uD7+ttK$#I-@)tfuGcxtoqF8gt*!_vu5q zLq6t{59}8V?>`zymj8UTcexVPN%|u~Wvuk6wSI)edTurPF4>}yZ|=Bk6%LdxkI3iM zEyw+bhi{V2o@GxeBnx_kE3ECaViSJqD@s&e(nWKRTXGwvmNe8K9#U|QM5dO5c_H=5 z+Z^%S3u+Q-cozE!$G)btb?))#Fj7!*KIg?A>Cx+;p!!A!JG@4zc;77av*ZOXdkN~E z)b6jWM^R%&WQmdd9z7BLZtqn?6m4aWzEVmB8gYH>XYMs+uk)N5NA)B;dA1jW`z4A| z{{h!$XW~3RClayUz3&u?52k&`pH{~`d}T{RI+4%~4ojLWFlsF!3pIl6lrMh_uV7s$ z`L3-kiZS7T{!}>KBet0KGE26^XMHRAwc=ZeUvI?-g()wW!uwFV4w6&7G@@Ul@4B)S zhhaX`7cb0rx_YwU_N6L&_(X7${HgGovhg$B@n0|-Er-tUynfxu40X}fxMNYXz6=VX zY>uA|%592qcXtbTn?9>ZuREz$<W72-BYB-ozT2X}o0ETyTB0sBN}|(q<oO&gXOQkV zh)Rnr?c~BxX3#!NBa49Vb}856HWOW@_A8A~{qO#<HKr#yIyb__T42i-)S9*4$6Hj) z4P!*3=h51YFGV(<)!&qgJTdwyvnfwQ6_Pw}3`=LQ>hw#XL{f=mPRSt~QXk`>dz^XY zF@gWO(sq_rC(gasj-|G&CnZ{`4;r2QwZd_=PiZZ05Dhmp?A@0@7klx?VNZ0$`(Cm< zBion(RpB*|K(@eoXYZS>$zYfp+Ac<F>5@;!wZ$UgHb^ErDJ-RUC_En*e-NpH?KJi+ zXtj)a>-**e9>e^<!PRaSFKlUlM+k2xqjUN+zU0a5#gj7+tc<Y9{1h(v&X5pERjuXp z`#ipI*}V}T8$Eg)ungre!<$5ckd!e(tD8{lxgfG8VKxq;<}LH{tdzLD>X80PE~=&( zw*lJ0^@PJ;(rA(Dzt0Y07{V7p>jMuxzLtG>yckY8uUQ}<WykDXrM+`AKqfVM0P;>h zTV0XR#xT|@gt?<ub<%ZVeGyw16mtuE-pah<X;$H*P83=D(HDzTb?Mikj`c~%R?+@Z zQ`Tb3L;L+(6A3=Gp9;>e_uhSOO?+KL-KF*5sHFP}6uDz*ASdy4e0a<3#E8};Z`eX! zyACHUwa}Tpk)elY9bLET`<u8)Cc%ye9_tt&4YiE{Zd`9uvZWO1cf707O0p){+>dVG z!4C%%stFI1>k@jf@-8<)x!*7aT1GX#NXyiB&mZ#QQ%@v3$4A0w|GE;B>M}(?n9S_z z97o|E3XfzpKi=t#mvZ<uY7MgY9}(6Wj8}8OXK-}fx|d%8p)$?#aS3z55Z&>#<J~ov z@@_d8N;Ql>#5$OHvQbYnpp5!B){(HFYcMI(i_C&pF=LV;{t$;VMD8`SA{UaX-n~NZ zRpmCx5u;%cQ8ML=M!Bn3WgY`_qjhjYR*~(byeZD`XEPA$Jtgm5pTYMn(;W9m`0LZz z3`@eTaMMU`Q9}AZ%3Wt`9-qu^ue8I7C-q)q`<hw8s6$Z3dnSUEMMUZ1Vy`bhJL)wb zFs|gUxwyb-&4*|ielqsT)CfLW48W2q|1!Zp%<YcJMwbO)5y9Yp`mnQ7utiAUtGL?d zcjPCvi*G`4vG~Ee%{Bq^g(@Z$lgjj%dDV$Omsd)UveG9)-$OrmE5-Nc`wr2n8&{Cb zR4iUm;IDZNk!-evfF7cUru|<3Jy?cJ7%BX&<t7uY0gU{ve~5cN?Dh?c!Z`81G*mc$ z1r&h7fTeIEas1+R)45`e8^+s_rw-XL+2aoS{fp#?hNFG{f+??tOm6I`zcmB;nai&z zFDKrIR9po4TTY4Gh>{}g4f?C^NjQE2M1i&^1s~5l_Z?Oo@A)vc#Df_ub9_YUGtWA; zEJ8Q+(p~kc+Yc>k=<Q<dQ}a>pBi)n=#r<3<(O>W*=IOOWmJx*#J!EmSy1J&F_%@V9 zWrF%#lYR6>bdmw1`77%e_2t!dZETjtnComWwaZFEy3{F>oeFKGKexiv<O-l^9oPH; z>ZS*a;<nz7tWS_jpO+Z3fs=+r=FrkAvri0Zh7A=|BzlOYX>%P(mHpkYUq)WJVFbD{ zOf&ai8?A3FD5m9GR1_y}UfWsbZS5jClO-f2J!O9G>+#_j?551Y_TILS9**lMq4P#; zyY=PqbB%Z!&uXpT1q-Nq&SAWANRk*I!s&QNO1d6_LyT0+1ItrHP`CTen=c4X42*mx z^vW)$r5mEV7cSHqnT8(3Ne~V547QDwa}|33$l!9Dc+l=Nen_*}(wNKF=lGivH&99X zp51^$>p9ABy-GVdJ;Ph1o#0D9LZa^F=6tDWuh&Kq%hSZBHSCp0#pj=0TkY3{rv`_n zEpbdMyd56V)b?c-rQ}7Q6sd8B{cw4;sJT?3iii6mO0rbiaW)~5DmzhrbbZ(rZ9nqn z=d@vc+m%uQ;mt}sH-$|F4g<?#mA3ZOnypFP3~N4Dq!ginUT8<ZLTF8+ezcLWlQep2 zrTdG(sqY4{lP#KWYTG7NeLL7peFuW$j}ro)yvlkc9Yl8J87cM1XvcX;;q=91sNFQ7 znam?@LX$@Oq75fuF6w9X6SvbrsmvoJS1D`7onMM66VSg?a7tJFOa+bZJ6rEZerJZI zH}r}OG!~4uhenHk6%WN)PV>}>kZIO@Zqz^ewmlO@TKrQBqx$wKu0YK<QZFXlA<vKF zjZWIHZ|_U1^PHZ%?j_4ju{l_vPMBU$klQ+zYG|w<tQzx=Q89H0;Sx1lvdA{9?5Jvq zLTWt_j1pTe7rN=utT*kOB_L<f6{s^H@J01G*qF9LG5$GT8l)>k*y;1Rl%zm&YvsHk z4z1VK0gcecbhF@$;hISz6dv`R?^hjek(V=3(g0ZO)i;aQh?E{Q!qum5tczE*c~CIU zKrbviJJVA7rZ&CGyGRbv-AHDr3Yl81lot;ACA-Du@Yk^Y2;g#J`c)SxsY6q>Bnh-z z`l{pd3jtj&T8eU5wcE@glQfr9LxXiM>ApC6<G-z@uJXJ{?6!q?tngF$ii~cG3{PHb z^K2OjUk}Yoqh`1ab`vf|5hkWGn@CkyGMjP}2KdnU(h~Wl!cxl*#+HL8qcR53t&6C2 zI41S_ZW#;+RnSFPZn$3U;|FVKT`*usM=T1hy?c8k8bLg}oeot7Go9yTe?2F);pS1* z_d?0KzkwNWJe7!-6OT%0to|@axjG7}PTnu%ZHr%{FPvNdhM$zl0yQcSo49xPiY$Gm zD~tgv#?fj`GP=&WU>}sK=vjo#rl@;e$Qk;KK0-6?2(xa#ep3G`6o)#9JdZVQr?{Xt zZX+mUYM!sa)ivJVDJ7Em>Z6d28V_lQxmO*td*KZw5~g^G_pPQz@b!LC%ze3z5LfwA zgNV`8=wRdWe7@M&t)fRCrsy)Lh1sayw~%{Y8M?k9FdJPg+tZ)S5Zf(2=E+ddDe?5S z<P+LIr7g4vDc^J2e5prY4XS~byr^3}59X=4=E_cFYCk7@J)QW9MTi@3#`H^JVl(Y) z*>NcD+>6gbTw(DzJEbF?qWB+H!)-C&$DLA}wBU)g3?Q5AWUJ$}B+FPlf9;2?6Rh2M z%u&&`SqpmNJZ~I8VHeI4%*%0cqe)0=-TS^=jpFuosJGk&DdEm*h@9p4OGT7qBwZ#$ z^usR_uD3$<&$6M4OP+_kgcNBtJ34X1pNxWuHHo-z_7Yw$&@jg7&E+Spu2`ewk3M}m zo|AC(q4%mKOuaHU4ePCk#R;x(pOcEIevhY8T3?vuN{v*l)VTP={LcoBbUgSs8+5jy zA$I?JRW7cD>&1pqgwp6&4f;K^=<o2icHRz(WUyu8KTMsGa^!DbNF2vAc>5sxa#@w| zW+bd&rF)B9<q@oC-tpVMvYfrEi$La%($Om%?cM|Y#57C8kIE~hptY+Wj{(ZHvS*$@ zSwo^Pq6miWjk3&amE$sEPKYneGst7)8W7F&e;)q29}$r;5hfdE+z8X6+TZ0d{HUc$ zKFz!2+_Q>Np&L3(`-Z?UoVHCOg~oS(hhLC(<ha~<&nr4dC~k%lm8k?DH+m`kOE3%T zh=SS1L18dYE{TydW02|NGjbZ@iqFA56Kh9jVgazR1@fao600;?{9RH1*q8aBQk`3k zDzRmX<`Q!$>AZywa=B8_56FFp=l=cE9V=zrdjlbb4qt-bg$j%?J#Gz0)s`&KqY~<I zUc6~eIA^tYc!KR<sbhE8P;eLsUcamn_bIz?N9c#8pVeW8o~#&mG+=g%SGkWzR6dC{ zNB%lS|2ll@OWK#``W;2Dg>8}QOR85A+FV};GF*r9Xf)mb1h-L@_RVyB*!}&`$VkQ{ zw8V*MMmNiUC+uL7L)guCyQXi!NRsQt{Hu*lXC!GyU-pX^TK3+}>3rcn&>0Q-=^<V0 zw1=%(;<|ChTvkiGzt_JtZev-@D}46}ZE-|XeeO(6OxjB|w%}1RXoL2noG^dhvY=p7 zm20ZyI8L&O-5BS7&V-a`;aZ%FRN3v8KYzyLn%G>Q=;B0&{KaW-E>`96y!h{0v@mpa z7Inc{EFWW{n6%$dedLFfm)duv_=Ko%yh@R2d$K01_lzpbm7Lo?AJ26lFH#fFq4Dq# zpcZ{5ZW1QfCkX|81||6BA-AnZl=NkvcN(%^B$3g$5Kt>*vS7uK9dvw5nU9NJr&)eH zBch`Yd!AK$Ox@F^BGT4p=x<$HGd&km7+8cN9jTp8dp7Q8Pb<pr==|gSs0rWarrs|$ zSD8a*B-gJxDKHm#b|EZQ8+irlwldJ4aU-)CltbdPyh!>DLQ8y#|FIw&b>QLwg=O%4 zws&o9j#Ly^n7o=5w~OVDbkA82dUQ?Iosqgqkom9Vd2h~=vef4%w}Q3kS35M_h?3U5 za<}Sag6Fa~#P-S=hPpAvt5eS*t(Yn}k%@XlL`f$iGvAEEosVvx@>aXh#Jk`K2t20b zzv<D@{59Ai$Y!H|$#M-*AFHXK>PC7I!CMps-SYZX<m#@xSd{Q%NlB%}SUU0DG-X0j zgF0iZF1Fi%rV2XU!`uQ2r8Y(%VKqY<f)6kHY65BVz0=7sf|`6I19x%v?zg@yaN$!H zg?_?95xva2VAz#Vv>y9L_gFv&$-N1+=6=qxsN2a;^<x*bbUZI9OH-?JiltZVb8pOl zk#F=+uRezTe%SM(HE{<c3T^D9_klwB@ccOJl2vYPCBvb&!gXP;*F2IioymY)ufhDD zZ)}W8Y7uTemSSIzmWeTU_7H}A#6(QRyw-G#P5{kyz-~a}`Lf7ux;;G^-lzT_ya_^V z6_#z-1aGG_M{@Nhc<DSg9$<XFxk(81a~TW9yXMxtjoOYg)RIP~WgI=C)`-e^YD{R? z{{~wV;y=)DG;zOSPVNGm;heO4)KM1KJ^foQMPFb+E1h2%K7Pc}W>WRV(_L?LvA+52 zN0kq3eS;gNFd9F2rnEJoaV8Q!BmH@z;^oE==($sDG^TsYgPZ7-VK_U#m>{h9B6`02 z*8JInouhKqE2#u8<UJ;++xL8_GW^V7@sm;XtI`Zw@~eUs)g#rA;jf9N78dq>)pB_< zNlyO1I-h)uqeWj9ln+y6a<{YU-5yV2RH1Y+UTQJ#xCtY4_7zt7#p7|olDXcP=*~yB zN;Fo=@Sa)n{EW-F<5h8AnQ6tFGcQE}WDU~q-D4RSqmOS@wej%YY~HIpif-Rm8tG9c zKmBSixLjA^Ei_r`R0EcC%8Ipuk;{Lkt()_g7?JF9)o%u|Q>Q1z!vm`Ob4h44o)u3y zPBwEt(f2gU(hdFL|86kj!vO>*1#PfyUt({u3Td9<Gk2SxJ!NN@Kz-<JFS#GSF4R(% zGuFlDcIzad@|2M<hro%yv^-v(-O;^dL`^yrb-9^71<#+<6s=eN0h)mHX%+E%f%34W zV@Am2ukD#r=~S(`GR!z#ZNmGwGZ{NM`RZ7QxC+X!?1k#`bTP)Xn;%yb$M$NzLk1t# z3_MWxFdl9ROlvT-pg(WJvqJ*8M7vh&Ow-VJAJQiaQ{&t=VVloN;0MDOB<DGz_pT$A z#B#{(d4>2Oxg{-A=9HF8B=QYK%q1Uf$SQ{vtP+Y|W#AlFTOIl_1mED-NRL~E%?dp> z!v4rX!#L9Labff6!8&oYqF4{bTugMNHtE>X^Mnu)LH=U~o`?b02jrE;LvF*vE^k+$ z>0a7RGPm0AL`$nT?4zY`4SGZJ{eD)%C!)mIPK9ck2r13J6gEs!Fyns_@nL+Dl_|KW zcW!1>^^#US_tf(~1r8(U&azf;iSpR(iF#b>5ol_WTee~}vhq9TVe&glCR^X<JdI+* z3JoGSECX(HiiN?njL+l+(e|;ID?zl-iVj)P3!4t}TB&Ao<Y@l@UEw^Be$J@PIu_Iu zfgz+X_SLt^lZgd$(Y_p|0}+pKX)qngO+CX*yEj|L#A0(gOpeRDuC|tF0~M>4{dv10 z8dfKkJWkMC?srqg6Y*w<I_l<rpqGyPZQdabho@2LN?%}O8m2#&vCZl?K|(GwCI(@M z*GlPVZKa6l6^evQmJ?i_b=gpG#yhkbj*)$n*tuP1=J&a80&`YrX14Gxc^;9AtISq` zK6ka!d8RvM$WX&Z>6ZXj5K=B{YeLe{IwW`+HuanaHxGT^CaYWdSE~7mOW&=(Q##mr z|7<6YgLnq3>H*l^gNTohcOM=(gvBW<$&mS!3WIb#q$8+Z*?ZOGxzV#!j5?a`i1-Yz z&^)omJ<Fw<7e9L{wA;}8e2Vl?`+_MZCNR^HTbveMDwIC-V129<I7o-y==U?MBL}oz zqn;9L9!l8%dUu>M;mp{@<+lu8m${jH)E5!+Gzhs%C*c`nPx>vT@}++Ow+XIK|7=sB z*;o_LWI?2IQqTkXvn1yu$$`0_hAw20MH|p3*$VdDPKhj0q4=E{w{K}5I~x}#Tzz6G zdSYH%n|J~(W}kARkkfRM?B8~B|1C<P_m*SVSuaiWnD}+|$ItYyE2?>gOvdH>9iri6 zIA1-@Gy<fRuH;m|;Pvn$`_*09%iWS}ub4VYUl9nQ!mqtTF{1pju0`<10}M~!zjzt> z)*>@dD0(i%_tn&X#Br04rg6)0Ja<!kFNwhP@tT*8<ENG9c~gAi0`dKvfro;eOkM2r z$t6?61QoSwJ3FC$B~wk0(kQdyV?lk>iebVb41$FQkD^(8eqK=XI$r8`;1@dy^vd!^ zh`lkg=F}vq4exha?dPe248v4?8<vLhghd5=JMa>|@=0_NO^7=6elAw6kl=g0c;u|u zOsT-qm4xn7)K$8DPEAUA`H<T{5B^>wr!kL<)MK!Uska?Xn@8G#w8pJNQ^%L_-ZUpN zFW)j_rLYXmf_>D}3SMOodcT2tpoS;UWY7z5grz|@B5AUWH=_8DswW7R@{&o18s?gV zG0lJDpR2Q(mg*=CTA6N<>)?9UuR>f~PP(>R*ao)}9A1#&zh?26fBrq{(70PTq^(8q z+w$?a#&)CwEV@ef(>pv7-T5~BGmV2At8Y{fnxYOK%)1&~{^D)G)SvmO%ix|wpAcV$ z{VnBrv2`r=k7LH!)3gP%N82CxECN8prb-@Kgj03iCSCC)9J?xR_k`uHO=wuNyLLV@ zc&K#0cr(KmAs0@~a4f&N=5QFG8PcV1H}v43-1tlAiT|5LcjL&VM>gHh(htZ&h(+Am z`Sx!!RN%kTx`NrX;;NRz#b<QVy_6431zi>6-e1);L@59EdqqJgXRC6U-NvZv7*WWq zlv}b3K`nh#3l<!bDmUhuQ(et9Qhx3$)lHU`xyQewFzi`dLI$!)kaA|pDoT>V`0|V1 zb(Em74!xyt_D#)p4n;mOSG{7R8Mptt*xiY-nJ*@{79;(OQZd>h_CXlP(o8OLXdyN{ zJ2r+)OAoz{gz09MJv0f2`G9|?{KfqHZK+0ElZ8kj_G?cgL66;fx$0j+wvAl(d(V^N za0Au643Acr3Jqd~LncqsbSTH}3*TFs<H^o;sd~3-=aO=ow9;9q3@-mxeX*`C5;#;~ zVii&qO0JOYsrp`|^ugZg$81Z&bB&tXz)#tzb(!gs=P0pn4JpC{2dIo1tf31Z``wh@ z2CP&nQV@ixbgD#vew3428;bg`y<b1R`5NqEHp}EAK3Tc<V9wxv)H~AJzP{)&TCEnl z-ne4fH>Hx@@A1R5+LrMSNW^{){4jj}Wx>(`pZ-k}UP2&G(W<;KyVO+c`nu2O)b&jY z`WJ&XW)q_m`sr0fjq%5&Twn5(eY=}^(x=DgEN#N%OKN`>#I12EO;jW;#-<OlfoHq& z)cq36F*#&$`Y|kl|I?M8TYQx0L?={1HH>SpcVf+uyg*^LQ?Re0`Yg7S#MhA}Fv!}u z-z))cC|VuZxkVkcr5Ug%7Et%p19K^n<K6<xQqx#`((lgDtB8eQb1w6?tb^!!3HOzw zgVx+JjWy{7=6MsCIFzWP<XS;tzH2%0(J<%gOdyTL+jXZzS#!MiB@fGOdWqDh;3TjY zkbBh4)4jw2-SS161aeDI*}bQqB2ha1B(mT28+WCV5@*hqTJ2EN+k3unz9xo&kvB3e zI2t<O{H(s{$k5ID8G0SB0v)8Zkr{U9_h_TSWUs#Io@9!|Bx{1VFBP9!THrMk#m;P7 z{&JtD>;JBM(2Z%b=rj5Sg}OCQr{p`c4nwhNihBjV)=CNcBwJ8n;4XFJUPtcaZRsh^ zl|=Z;_S?$RVts;5&dZd~Q4m)PPK=*(^Dkd$PwuUtO{O?WFyMQ<zU|B~+s+Jr=5=w? zt|S-m?VbJ)2Lm`}jMoL($J(Wc&g~z_=J6<gKMEVs1qx_+K}PlyH^)7EAmdBil%E6w zzodl}Q=Is-V9EDMdD<B`w&^VI%M3a5r05-q@yd4**SjY)%$>bCz<ouZNA+%n06&bK z@g*@m6O2Gy9@iGGVJ0LH9{)23!pB7zLv27HgNMVbP4X$yW$M@%Cnvq^i_zrx)QZ!p z0rA&5Ji3=>3%0PW{6zM#^HXxdqFxxc<Vz>|9zp`wk@QdnGb6|L9YxS$K_%%h)N`7~ z@2CYN7}Jo49jOmPW#95QXT~_nn%XmVf|f8;h<X#_1tvmiKVP1b>b@E&8x9OqiS|TI zW@Vpsf+Q&Zv}Bg2GoWFD;w;+LQMzwG){|jYbEg<&G@eYw)vp6nr{Bgh;TgjdrD0p1 z<hiZVF%PTVdDss^EI2~W50eHI>v*wGf5>m9tv}rV#>ur$yk=+U6-iF|$>~w($;}D- zc3ze7v+9Gv**J*~<*yd^Wd&GC{d%V1b}Ir`n`LTC=|LDwAbuy+qA6<Z*#cI<enwbK zMR8Q}_IQvuN_B#5Un`O7oUFk@g7=1rZ>kx+QAng_a8F;Es{_b3HAP&x@oj-lt75G# z95b1icU50H66@wsP_AN4?s+V9H*yQp{>RG)y`+xsw4$tMf;%uE1B!C->>l?VXBHh= zu;(RPE4jjLChH2g+_{>+Khz0*KJ&7A?D_`^c-!mA+B$|d*0&EK{UR)}hInrruDXj0 z=T|tqgX^xI6i*k`;w7~lNN;QowHYgqG0xxUzj{z*f<+m3@qmv2ib<}0OF2-T-yAg( z_MP5L{(}_`E^hTsL{wxix`=o);Z8)zCmE|b{?9t#v9az1wFgu-V`cSa3ORjR;!R&R zpc9jOx|vR0y4lNTq;I&YviSHP{fM83pK`cj(J}hw=MgBedrS{8Ho>!03!lFJNh<J! znnZR~Fgfqx=vLV)Cf67&$@j0GWw?^TU-;a=$h-}lKr?iD^`iXEE4A4i25*17gfGai zy0zSesjeSRi}cSr#-?2lQ99W9nV-qdp<{Qq=JVt~=0CAg`#MegIfC3=ul#%Gm!|Gp zO=kLsq0x#X$v&no>*TtkuGo{dTJtBKdUlLwdK`7)XP^KUlfDFd3E8P;O#RmO`}%m{ zywCc1Gq3B%R63mS{Stkmdp(nBQ1`@ETOISPkOmzjf1e3j#5WW5&t839YIEu-X3<2( zt|p!D+g{6t2CUQa?Fnrte7KKvee?Cis7dvVltNs0ik3Swpb{;IO|zw1g*D`7qEI*m zJj;s?p5&E=yY!R1J&kofC+JM3Q$6f>y!&~G`fr;FXP>s{2YnquZH;eP)`B?*B0QA1 zab}O>)z33gCvWmo)$ncjPt?>JW7P1ZFv(4IY+<6llCO@%Z~aJ<UJNdm<?Ixu8@61$ zkl4H_lXbXdC3&FUn<pZmF}Ol%ElYsCaDH-d$exxXCv^K${&k}NviQf8x8bmc1hxR? z&kG!D<aD|WHXGrj+=7-Uo7Ll?Z4Kl8y80@+OSu(_+K>1dW^$0w7r3?C`uq=<6>V-H z+OQvn)dj^b^z2M-A5Y$#)S=;6zT^5vU;NvD$)Wn^D;rtu&FGZTAN}mI%#`G5ejoV9 z-^4RxwefmpgOlp5BJp;Lx20HCd2u^Wd|ElL4unt&9BIB_dsU=FJ<Jk6C6mb*n9x~x z=Up;GJFD`<AW)d7fW)We1Ep6fCQn<GcYoZ+<aaUmmWV<xg2{SM1!*^y(vcOFA#a1G zPEzIg68i@5+`@OUN0G<O80q%}ThDB-p<Z?rrL+Btt8DRCp7+e^(!yk(b<CdD!AGNt zD6$@E!5!!piB1a$2fh?+c|&XiGf_S)HD2g7eM^Q`(`Z539!KODu)v$UMKf{m8*==f zvFxAxp8&cbMc+;SdSv&aO&5{QGCm7o!DwsO_G>^UdcM!{pNA(${98>9*yIS~b6kEG zcnz(l%Q$G$7?Xlgc0T=OBU)}F7>M)~Yu$+l)CgWZ?|`vs+q5fd?lS#YoXeZ|f@6*z zpv-(^6?ee;`Ee{Bis^&jktfmmts>(GZ<WIqr~)9SZ&72~-*d11$jed{meWIYq|CF! zDivNsoh;EHUbHGg--~^5FZv1!CWn`Fb`qh0E9U>H5zz_wS7Wc+bJMeE?19M^h=Q?2 z4_KtSdsU2J-45F(-4`O$)(dy#&`a`HGg1cl<>R-^0%v)se@ESLC>jw(U`1!zsFdmm zt?$;8Tzwp<kbUkVNVyk*_kBsIfdb(%rm}FG92fxZxd@jzizeQWH|sS?v<tZ-x;<B+ z;>GsFl;ZM%Fe<d0(bkQ!runFFH2+K7w>906Eu<D1B)kSsXWthQ<c5GPf>zLKZ9Vb3 zcsAxWMu+Ss4|!f4)CESG4VGx^d@Y&;h<sg3Ck&62->?rdQmRMLX2tk<0S9NtdOKA2 z**n9qWDa`rb03M@2^fMbD27tu>jsB+8%fF;MkWhKr`k@5kNlSim&gD_%Y}T(rPyyo zr|gG|FL1<K{n}ZTiL6z7XF7f-J|A5_G@{0=<i;jMD=w(F6-oF(GuD~reR@LfxG;;q zqKk13oJGvT&)pUKwCJ%il4LOU!R3gYZcrl4h_DX9THLO8Ey07ZE|>wq^x&hz+sl(} z={6d4_nD;s^GdFFsxyy3sz9}+qgd%FUuPVPq^yRM?Hu<WQhEM&Zc9yyanjgZY%wh{ zX%@Z7T8W`Bm%m1NauDAi42D)i=-utGiV)!~JH=p=_N5yqo`E^eWW^w@;8+QVe>T3d z>##USyIjoidW}47OH#F<E=FzO;yV>Zo-n!U1?}ld;-IBCy2HrbKR256WG?0})fHYl z{^sOp<6$A}xz*EP5#&LBn_NWlzHW1R$rr!?(@VVtZK&<NI?j2b&c@<R@DL220_AHM zko@l$gy_oggZxnCo6ix7$0^HqqXRzqTvkf_-UzPK3CpML_+v$w;-qJc$1J^PaH^g9 zFkro!hf<L)9y(wijKajUKLpfzwIgR`+F@cPO)2AK2JPa%>?!7~Ud1Vj5ZP?8nZ(dx z0b{1tcNmp;fdakPd!%=mh^i$*7%a@$)E)@;9gK)60TXlCQkjl*n-(I%y&=<;wAv;c zIw4E!V83rQN-PnR<|Al4#U{&xJ}CPd{S){r5SFu|B1Grp3IGHN?7fE%9mg*nWQCPJ zV?Wpt;#0|qm`P`VTYNz#Ndq2W^s`QGqoPX+b(~}XFfU0EGiOcdSO}9`MN7ayi^+(W zzD)#@>p$dMSe7MuL(DEB>y*@VR439Drvt}V>6wApr&nDNcVN0yUUPZ+3p@f%rf1yC z>5tfySf-D=p`v2wl$L?F$zQjbv9ZlQBsJ+vc;K-?m+gXQNL=gwJwz^_eeA=|QPs!6 z8wbm`QF%BrAOvMob;Qv<zMw~!k4$l|L(qf1-X(1q0j0m}{Hf5H6{&qag4*@c87GcV zfMsf4o+jA62|m4~^V7WHeiNtb!P$HgqtScx8kxisEjKV@o~|1?2$Pq~<Eea~-~t&P z0VFmL+b*b<cmZ`BcguF<wiDJwbdQs#?8NWi8cWUy_LbRoJ!%y%#z?HOU77VA;;Nb^ zJ#J{T<I%Bm5RZ9Dby7IFlfnG&cp#}hlje9T%$$8v6ajiPtg$f`2P2*^Z*&5Io__dI zQAs6_t8s2(9RfQ{NZ6mCJwd=p!ERLu#4v-&sJ#3INw1Gl%?rrFf61l|bqor|?*-O- zg!uVPFg0<*N*=i?pK&RxRrq0GnSQN<%pr}=I(VMU%!B}DJK`Ru%Y14&MaE*&@c%26 zvIu?sku(sWK;3^JCkmMU<kpkho}4Hk1tsxbjrNI$e?5g#PYBxf&hI5Xe&=i>@_mk) zC)vxj;qVT}V-)H;#Q<TH(8#DAvE>UjKk>fIBVV9QLL6ALnyN7lNk$F+j*-l?B*Iv{ zBxLXTbSXXPBL1jK3>Qii&jTdICuJuCXNQRUv39xB1YOz8un;fElMG&UUsEyMy@yFC z^4a}LyWv!x9~mTt@hcQz(CP$J^Vk9CK4ye$P;z4gD}o<&(N&Wjj0AYGiEB`_^H7R- za}nmY)e_y*HAh=@y0b+rHx;Hcr}$1Ru&1^o#@+UXI?fDldZi$15Jm}V{q`OdX1vs~ zm--Pzh}=Fwn5RP$;lxr77hk@5e%O5r1aG2&Sc`z<5AlACTBPl2ovG1Q@hR?~iqZIm zEhlR*dm%`gZ8m&vCmep2sDkdFuP7+UfGL9uuzsZ-rrFM*)cc`<v5y0b@H$`B9NBGk zm7ss!y~Icx9GMrAF|sQ;qz6Un_UhyC080TPe+C5M^eeM`7;F!4AR)Ya9Arzxw&SNE z;&6Wc7<+(ue2N>NjP&?!90(?@Z4u3Fu!h~IG!CQI37|<7Fm;x&WB_xc0FliZ#&WLk zbFfVk5m|U2SR6_54?)Pil(e6CHd1}dRLRM7;$ZJ8%C!J{8)Io^A8>r5Cov|XnDJMm z@42GHT`~69MuM~z;>d%}S)9YbMwHh|@qB@9pr#};ht6JD8K8Kx5|T~V>pzp`bl|`Q zR7dh>@jtL<okQT-zLbwJuv%lQ`oKfL2^1CLGY>!nV*b%)=s2EM2y;}K2_vBFC=#Ka zZQ|y2ezCG>SI4V7(7*ZE%;+Dfo^x}jIuovcmH@;0?V(k6^p-{E&$1FVCa|uxt$b1y z**=H8@mEx8Hpv1PqKjJ6AXoS+MUG;Bf6&>@A045Zs@KTnzfP;hB$-%Pk<n|*rftg0 zA8j1zR3$wa^;+TNwmbOVvKEz6D@$`et{CUGn+t`8h1N^UQQtE<a)YCixoeX-r$Ksu zwJr*Gcdmu9R|8`$ZWG(5!E^qMv#P67v3`Ks;Q}I)(<prM5&)$@{rIpKh0twwVGwg? z1=kwP=mIP=g+4g8Y3ZvG@EjWx%RA8#+o3%<-g2&N33QfzJ(MgYpDeox$O*6qHA%T; zd{?a~*_P%{Wjf=@F}aJl#>`F8CaW5+T$n*vY?<A!DagdM&7^i5c8?{#5I(hH=+9(| z!ZIVOn*@Q!4!tx7c!MLWdEPnweBh-lJ{#Po7q2mG@%^J&$XqY1qj4KN$Lxx8ThBNf zmm>1Z+#!j^V!$|w`WiBjR#gKRRCFxj74BfXQOzK;?Z*s6uvx4&K)tb%F~6`UNzVWO zKA-%}Gt@#L?wdv&S;P?MEW6Sc*LBUfB}SoGUdF?+R~+N4$OwzYjK_i1_FdKHWGLfB zZJK3}nc#OA_fTEjPyhLkZMwaAEy&)&;`pYSe=>VLclF%^tbv6JLr0S-M`zHRl?NBu zNO&&F>&LatXe8}?H;dLbSXG)$DxLT?-`6U7KvE{BPV8jL>sbp*GRoWt)s>IuCImFa z>+K9txuFO4RZ|Bxg!Xs%HL2IZ|B>=vWufs!?&(QpM!~7w#fX#{xzq3NrsR`rcCfvG zSO};qwC^mvQ<;l$`v~8(-ojR*Su51Wi_XsiCw@S_PrlGKrQn%pIc;T0mPkx}l(tka z%Zi+=0}%$03CW88j920;9C)zB70<w_jSL=cU1e?n1}Fi?cmJ;1Z>2u2UIfi*>~1BD zeW<-$@TI@K3%2^WxR$DAYRv^Q82(Qxc+-i(`DNOpw@P479MYri?8BLxpDw_22$Y(D z6@Zm*1TTY;(9^KebBtdBktZh(Em4r}Xw;`{sa%rHCOMgDTYv7FTuwc2WQ{ZF9t{+k z03FU#bvZnG)=9!J<JZ0#8T~-Pp)1u$kTbr;S*IEih3EUC0}TR4&JnUH!XGWvPnXIT zBoc=ywN@ASV|%Zop|?GI6^IV#WNaZ)8n~b$CbYJbt{ik<Q0*J|f%dU9>8JUbnVOHd zlOhuzd(gFFZ!&C{3{g3{R1dTI0S41nfjv@ePm#k9EH8>WmF5SUc<y3EYPq~Nx%b|| zj}uAqMC;FdkzTulDCdXOCA`Gqjx%CDU6NLA4qxU%T<<CGp$Hab)vgt)`=19_LST(t zm7^MxzG9Lw)?GgCf(&_K3ot4@9sm24RXf_%>FF^yf{B0!;Kz+m6W2L;klAE#Ewu<M z(m{<raQ9hL9t`%W+e<wXq@G`Dv-z8|8f7{`={m@Ox}vt4yR_5FKr*F3Zi~eiBf){d zRV%%;7f%=_Rn?7zUn5%)G_Ej&4RJQ;i~Ib5m_WoQ-i$-bDA)X!6=yOb{17=Kvg7wB zZs`@pMo#{L5G2skGWUfAc$mS4-_1&v4$?J1@#q2F)fNSQm>lFzm0j+nY*fzB$GOeC zN)PV3{*ymiq#!npT}U5B{O%4uXoRUIu;oj}rRg8691kKl*w@-8=rd_55oD;z-jjxd z{|~BFE3l_0gjL_V_R>|+!Cd4lr%6((;*S{dFS@xq`iaVhb(1he#A2AotS}_$vU!qH z7VWiA<yIjH;6F+u<Kc|&Oi1#JF8zob3u`Em&`^+Vu9}>iPHtV5qT^?t3$mn&cP2_! zQ}f|d^c;z`%{T_vamReT1#|Ec^rV-ug&LmqI)n@b*b2+htDq?LoY6oJtJW)QfA0o@ zw<>|YI2g~IbvC|RC<Ku6Oz5VsM#Bui_fF1XE*fSam+U@Nq}joUte1#Sf2D9(WTfvX z30yZao+J4m^d6NV@T)VcUL9}?vfC_35jO8Jzs-ZZv!ZxNW`*4e0e6MJUQ-u$tA<(i zL0&x{-PQrprDbE;czoTJhT;$2;Pz{m4rXh4yLRt=L5}?=YN#N=`T(c7-d*iWk=PE@ zCIwFL@xWtxvbQKsAC2uL8hz=Zn}gfDImi|f1v0r<lJAtwA32Yk#{P1vEKw1dj6ylS zC8VFM=!g@Kdg~pfy9&bSz64iqQW<MJ)XBQ%@8C9I9o>(7o;<SkenZk?c@%)M20(Lm z!oJrTkbHgnduCC*J?B=-AtzGiNleE(;~d*SsI80$r7YYc!192UcJ_{HiLPB5h|7tV zLdMV*VHK106h%34){|sNym+$MY;Z}46-NQSS8tt3RM&q!<ZKz7Yk}^jGC{bx*({Rc z-p>_IepVt?SI-mDI)Sg0_tR!?GJe4FEqDJ;n6X~v+ult8*&?h4t0)${?!dexM7kU9 zYLJE2fK-8MTyF3h>rD3Tf2k)FQZEYp3i6qTOqnA16+|zJ&9x1WR^h7*swHO@7o}A& za*S6enEa&HxMOARwV;SHvJ&KsQ~ltmbB#7b#(GkTkm$m+XurfN0udIkj@-D5o<p9* z^l2W&G^dsFNd>2ZVL`l;iIW@rREQD9vG&i#(Xy|Gxc*{M&8)OXVb{<1ZUID(TiWqB zn?k;^T48}uUJO>5JBD+ZW&Y*QkOmYzk=1TzVl9v!<7Pq00!LmJ2GAsp;E)U?@H$Ro zsVK&^eR=;eYLom&c*5cw26|pKjRL^+Ls%e%N4nWksgLM@NcHDH^IfVca4e{;^w6?6 zJj$O<XFQEspQ|?rm?8Uy&bdtH-huW16MqxvYBSjFf#Z(!4lA_;a-f^E>2bJ!uz5Z7 zMw{AAC4xU<OjOw?a^g~?m{@Eo@3;1g+08vtlYnOfFR&Jk$K<<dNtZHWAgp>Vf9ln- z`r<JbIVHQ}aB(VUCPPxXl?>2xZdt`2+V1L;WGqaO*&A<p;BN=a6KzSsF^(0UA}~~C zNp?~Fz;7kX<Paa-KNnzM);=%nf82$$P8u5BP<=Jx&#~D4j9#%pYeOgrK6|>%_<wT! z9^`fZ*mW-Xsj^|H<7l^Bm6Q-B5}=Y=8^aWEmv)<>Gy99SF1c*av~%rHE5NfoF|`9r zWT|914^z?fRg(kT{kQ4*Whl^~md{+=O8KAt?-u~Ug?z$Fo0}YB&@Du=JbQz(KrNL) zR&94{gM=D+)Lm+~k0pbJp!c8&x*C%IGs5)uj#W|nN=d=|C+MnXJLipLA0je54}C!T zOAjZg*q^_laT!*55efx*g)_{{#*yyal0%C=38S1#krb-M(I&(MPkA8GtH^K4r#VUe z*<~Quur=V=<Oi}c|0ZEBuQJj)PfBT5%4;JK7(%_iem977S;qv(wYug=$<C{{9g;A1 zmKGsY*d*>MG&huV8-I^z72mYurrN1Ie7zUmV5%455Ahz8>!$gLgSHRTCSopBWy!`7 zLt!l8@IK1>2kdagH$AM6ys&P&vkG5zMCb@^25%v>HMQcwLai~Lbb+-!?zL55A2+3| zmugAwToMFTZP@*Tldp5%>^Ut_-!4`l`asNnx$%0L1f<hvE1?<qd+YQWCG}B_70XHK zKw=e;K{_kpsz($+Z+hJBeiHEvB2YiT-$|`~qgjm--aP_DS>oH;W6TUgO5HR%VIiQ3 z1vx#t5{S3i-hilwfhzxvO<ZUP?GdrwoSsR~x;Vt~@r7>BF1i2SVYfAg`!sg1c#~*` z;`|_xRf4$>z<1sODDmOX5g!qKtHK#}GZm#Hjy&QXmm56`HyKZThdpny7LQ%IfmONe z)VOK0lQWoVrn2{oz~g1ta?H}$BqyvoJYT#LkSyhO?f2)k;JY))iEn&!Faph3G9BSp z&S;k_4cZZA<`TRQT<f<W06JrEu~Qg)PnPcrxlOdj_Da6J@APSAi*2ro`hd22K?^K< z?lLBRhs?&lpYqP&9sISVWm94C337LqIt|9(@TOSAcmEKKpj_A_ISzibv~q)Ao{QH^ zk>@iBlSr+h4o%YhQRZ~Oz+j|OKO^W1z7Nq+!gzFmJgZC_Vy;79x3A|hmjx1B<$omp z-ccDMCJ-+cIZf|{UNX?J!XxWZHJTQrb}@O0uesf-1ab3_47?haaRzGB--qLDJv5xo zVY&7jkio4wUG?kAJ0tgqNoQ?k=%D>Z-wb{M3;2`Yne|e2vuCp;<n9O35&{B1msV2E zIv}1S?`voR87a&9rQ=iNnb;KiCHo2Py2Xj=)tklq+hJEM|MYumi$zTh(C>|ba*tU! zu=+)siWt|+zHh;U?{*8UwyAcuR~Qs|R}R4D4uL&EGq|pk$)M$bypFj4ku?*YOsZ&+ zGjwyjD|4Una0mynS^kqnJkg{bXoe`cMcw;iYcsKJY4(k1!8)>#;EQ>%hP;FZ%j<XQ z)PWSUe%`F&an07xvrgCRg)f{EBanV3q#@xi&x1X|y1nl^PQ1nm$7eQqx=r(pRLsy` zV6n%Jvp|6vnk1lz0l6)(uKwPwlNMab@P%4<6Qcp&hWaXY!WFwc`$F><*TI_5@S#m- zQP3$o*BOD1b4Gx4B+Ss8a>iT$-dc#__rEU3m@?GXJnTm^RTQ!87Mx!CEmBFvpZBFt zV!(f;Za57n8a^$sE=`^2%%Q|!5u*-g1sr#uNDZyP!}2*-5<K{$c6Y@;C_?@73Lp{R z_b)y$DsrIze3yJnk<sj-wq+pD=D1~nTU%)6_W81tl_Pt|DAb&WKM$W)i;{vbhCgVU zbn|uEW}=6^3_Fe0O~yJFXch}&t9G|X*ACekYK!FQm-I#xw<=kYlv>A#o^(v_r(f;L z&X@pX)A5X-hw%AO^7Du;GCC{^-1&mG9q_o8K}M!R+k3XSkSs2Lc#x_tjoH}G2hG92 zR>c*tE1L{LxMCuPfHtVZ9~~NyVwrEn-tnXkc1|1P8w+@c-wl*3bFw*bz=q=#pEq5& zc*nZ^^526d{fi~QB$RC6Uk?SF{piPso{I_4idudXpw=?;*)U4)<3)rMu=(EEWH}vh z&hO_ClBEK|(_6&`kEEg;+ak}N1QGFhH)bPW0E3i1XMpybrjhy%GSV?^C=SyT_LGmA zyInnalwLTZ_AAc>4WCq}Bv?Z()q_+tnXNMYVnX;vQ<|a-w>WoUm~Fs(G{<=PstTb- zb`t&yMTU7L*zz1E;Ad!T0|?z5!t<yi3~@JuUsdsUdF&|DchpIX=lZ&N?kaWQiUc|m z2~^=9u8(A~MU;JiFT=-XnRDM0#OO#fhYbP3i~r0Svc99v6tTWLtLHSEe(KO&IEU<@ zT%#haqrf?Psp_0h#j2wR@AgNxwKT`GyiMGCeecaU_DVzrUIYCi{FKKyKmM;92R8vu zlz&sKB7tI4x3a7Agk=KaC=I;Q4*AYENmxabWc^RMduNzykVw^>^|4;h|ERW^sEY)e zl7hE>E@axM8;7kgjvwg8QFi_7N;2Er%~F0>XsvE5gpJjJrumCgr)W86r5j_A++ed> zv`l&g@yhlQwp!t0*d-|P2NCws<9Wey203sLXksWwBE^};IGzrxA>(q2-~S`V5jVjN zFpgFu5lX_r;c-f_k%+{_B<mm%#kE8S@4msQ7Lv;?)zflUaF?WxeAl<lF+~eCoUDJS z|0tIt2d~=1d1>ZQ+l)R0<QxM@46nL&EE7~R%k`0E6W@SMxSd)0ZPq7^zG^bZZ>>J( z*dt9i`^rlP!?&Xb!@3_#Djp6#mL5eHhMeU4_AKG+k~nSRDIS>r%^$>LR;w?ix(ewU ztgnl8AJ?#Lu)<0X*}8+UU8F&&wc&|L(T5HbFijBQ6h(ea1rG^lZ!ME^OMd9|UIV7T zfWk!M$u#PBd3y^N{e=l8$SEJRpAxuDuS6qr;M|4bi&RQ4eG_~u$6KEq>p~Capr2qe z$Ri__Y}!pp|4$3RmE;naF2-Lh>4q0OwVaY=%G;Zzy;vIQfwCK=9|NLR=nTO}s6C`^ zBl*~N$Ft|N7I%Y=-Qx)_C#mNxEqMNYzHpx9?)-}+RkqaHoF(8hA=ScS8~Z5mG@Jy5 z9Tf7<d>*d>&zCU4hw;Aay8Aw8AkkZ|mgba!M>Uf;({L4;23+IfudaCf0^6?s23i=A zg02l_XEAsU+bt&}!OW;~U~Ga=7yo5-Yt@2S1Cp?)a@GJ|`!;0ZDt^nM@{#N?(5@9; z0Fy(h1rYK0ZPeR<N_Kht4bAn35EqYe>mtRJm5yw%b1L=|B%(k6y*2+V;yg>>n$?52 zj$b8K9yJV8NVjEDp0e!{igF!5IDcXji_nS0;A3Hk-`45+O0~|+@OfAP%X9<@@Fjo5 z=L65|JCp&AkCy98U`{_%Mz1g<q@n~c2w($)Z{!juCmdXSoJ1_2nVKtBNaG<Ge14MH z2mjoV39f6wI78okF-%ysR$j(!=;WQ(I_0rZqv{P!l9p6*U7-9_isr@wJ8VHsZD&eZ z{9yaA)Up^D)lvkOL^it!x0dyma@zUnY0rBTvvHwwiI(QmwM2FyYKofm-#!O+LhdZE zi~~%d&V4m#0wzLGWAs4B*qmNRCdoxD?jVbZaS~rW%@$w6BF!a&SqJX^k3Un_+*%9| zt|&zGQH!J`{QGOHJ$rZ$+UynF#j5<fB^F0GQU3SLuHTum)B*quZbHdGfn1;g$KW<` z3BVd~O_G+gJ?-L0mg&Espj?@SvXO!!(UPPKfDcu6q^W5#hiI|SHQ;izYcU>d!m2Cc zKiWn}3n&PQ0lu^V(e%{z71ml5i6Z4EC6Tf9c#GPyq7w^IH)~7$0J9|7&^vV+zevrt zL<d@cSaqTA1ZXm60l>bYV;Q}HyzRD_gW7=xcBzzCBr!J!n%)Y(oKLJdAG1?+KXxN% z4!~u0<6SsAI=N+rnRG)TaWP$??sW>M_Ilrhb4D<>Ta+P(11qEDARM2ODWPvnw!UPj zoqrOlQ1ZYw%i2^Ey1O}lcroPx!$BzCy@!oPFUTX~LsRj*=WvmHWuuy7`u*2FGSE3G zR@bQX-`-%e^r)JjZCtQ~tdDr_{6PQHqYXQ-!dVONsGx5M<CcY2HiKNb>8#-z7zSNt zQbo(r9l9Qe3Yy!fAQHv{k(Oc`e`^(hoFH+%$#(Xay=G`J`eDFOcE9zJc(A0Th?l<Q z4~0E)*Cl~#%CXg4>|whcMQFqX1t0t(SGNuk5IH8q;s#oyhJYHU>)ZdxR`lUI7_Ab2 zYSJ`nhRG$<nBH-oFAIz*Z+tsE2`8k|271j&V6aQ&>~1DLD>#2fbez_G+fFC&7b*tR z0fbS>@)kt&7lsbttCCozO-xZ%x{&cAoW*bUN6se*2OyEzOsFcQBnL-=O;MaPQTHl` z&sKV*3Nq*5<w7LC<A79~k)16FUphv4$Tkj>#)l-s-nr5b9{wBAu~rmahYF>7Qx`Y_ zi7V1~880Cj1RsKu0gar`Jkgb|kD}H&{`oJ!gQejxfD(#yBkDUyk^AWh-YMQ=9u43v zM|(R*3-J>vhgb~h6-aPy=FXYNa7UhwG=H;9rUK+Z<&-gMeY#~%qotd~o>KVKG+JUy z{?C<gAW-z>R|EAhhvzS?7{70(9{7IfMpa{%s&|w6?$}q&a1a390N<Q+mZDt5M*gP_ zNI&084|Ud-xgs`0!mQF@O^asCp!H?9Hu-nbkG*6;49Zb~M(&rlT{HE8wQW7oXz9S7 z{rZQAdMzJ6ji+hE%Z5pwATeZ&4oEaKAI>j`A5-E3=AZ!PR3BnXTD7l=(O4=uSQ8N& z6lDlJhsPw#+V&{OSw;TP0oozEy+WTuY4^Vp$DnXj?x1>ayBNjLPh$KYJa9cSh(`5P zy_r>~75r3lc3t?KRxqJo=u2C9C!TUVOjbF|eoU;?Kt~u^Q=Tf=H7Nn7Xem4<2-HIw z<{|fpR~EMxuzH(Q03(uA`bUvuR%6d;T2HTAcO3ktT4NW%M^miNz-J&!56+I)d@7|w zUfz`iGS;TjA}$B0%;|R~EixSJJKuc?zwpqVa^lm&<Rvm?zj9|LgV9mQH0B?XB5SB3 zAbc-)Q3u;y(5PsXxh~+BLQa<r0_yO_(lQy4gh)%wioUL&Pd{-Ye}+b7J1;kq@gG5t zKdTkYs+DOxTwOS?iy)0g^lt=i(uo7JFnrJRr_9SG&0h-ca~pwd!w*i^|8Xeh&88%x zHRB?R|9ea~Qh)#eZ#dQj_XMrCzqH;8o+CaJZrrQffiifOn+j4{%t`mz00GOb0o3>d T3!$Ayw&~v-0ssI2018=J#c;~? literal 0 HcmV?d00001 diff --git a/assets/supervisor/conf.d/supervisord.conf b/assets/supervisor/conf.d/supervisord.conf index fee6f06..893ee7b 100644 --- a/assets/supervisor/conf.d/supervisord.conf +++ b/assets/supervisor/conf.d/supervisord.conf @@ -6,31 +6,34 @@ user=root command=/usr/sbin/fts_bringonline -t 25 autostart=true autorestart=true -startretries=10 +startretries=0 stdout_logfile=/var/log/fts3/fts_bringonline_stdout.log stderr_logfile=/var/log/fts3/fts_bringonline_stderr.log priority=50 +exitcodes=0 [program:fts-server] command=/usr/sbin/fts_server -t 25 autostart=true autorestart=true -startretries=10 +startretries=0 stdout_logfile=/var/log/fts3/fts_server_stdout.log stderr_logfile=/var/log/fts3/fts_server_stderr.log priority=50 +exitcodes=0 [program:fts-msg-bulk] command=/usr/sbin/fts_msg_bulk autostart=true autorestart=true -startretries=10 +startretries=0 priority=50 +exitcodes=0 [program:cron] command=/usr/sbin/crond -n autostart=true autorestart=true -startretries=10 +startretries=0 priority=50 - +exitcodes=0 diff --git a/assets/vomsdir/wlcg/wlcg-voms.cloud.cnaf.infn.it.lsc b/assets/vomsdir/wlcg/wlcg-voms.cloud.cnaf.infn.it.lsc index b6f643f..2d12227 100644 --- a/assets/vomsdir/wlcg/wlcg-voms.cloud.cnaf.infn.it.lsc +++ b/assets/vomsdir/wlcg/wlcg-voms.cloud.cnaf.infn.it.lsc @@ -1,2 +1,3 @@ -/DC=org/DC=terena/DC=tcs/C=IT/L=Frascati/O=Istituto Nazionale di Fisica Nucleare/CN=wlcg-voms.cloud.cnaf.infn.it -/C=NL/ST=Noord-Holland/L=Amsterdam/O=TERENA/CN=TERENA eScience SSL CA 3 +/DC=org/DC=terena/DC=tcs/C=IT/L=Frascati/O=Istituto Nazionale di Fisica Nucleare/OU=cnaf/CN=wlcg-voms.cloud.cnaf.infn.it +/C=NL/O=GEANT Vereniging/CN=GEANT eScience SSL CA 4 + diff --git a/docker-compose.yml b/docker-compose.yml index d2ca2a4..208a4e7 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -14,6 +14,8 @@ services: - cabundle:/etc/pki fts-server: + env_file: + - .env image: gitlab-registry.cern.ch/fts/fts3:${FTS_SERVER_VERSION} hostname: ${FTS_HOSTNAME} environment: @@ -35,8 +37,9 @@ services: - ./assets/fts3:/etc/fts3 - ./assets/scripts:/scripts - ./assets/supervisor/conf.d:/etc/supervisor/conf.d - ports: - - "2170:2170" +# Only used for CERN specific BDII publishing (uncomment if this is the case) +# ports: +# - 2170:2170 links: - ftsdb:ftsdb depends_on: @@ -44,8 +47,11 @@ services: - ftsdb entrypoint: - /scripts/startup-fts-server.sh + - if ! rpm -qa | grep x509-scitokens-issuer-client-0.7.0-1.hcc.el7.x86_64; then yum localinstall -y /scripts/x509-scitokens-issuer-client-0.7.0-1.hcc.el7.x86_64.rpm; fi fts-rest: + env_file: + - .env image: gitlab-registry.cern.ch/fts/fts-rest:${FTS_REST_VERSION} hostname: ${FTS_HOSTNAME} environment: @@ -80,6 +86,8 @@ services: - /scripts/startup-fts-rest.sh fts-mon: + env_file: + - .env image: gitlab-registry.cern.ch/fts/fts-monitoring:${FTS_MONITORING_VERSION} hostname: ${FTS_HOSTNAME} environment: @@ -114,6 +122,8 @@ services: - /scripts/startup-fts-mon.sh fts-cli: + env_file: + - .env image: marcelovilaca/fts3-cnaf:${FTS_CLI_VERSION} hostname: ${FTS_HOSTNAME} environment: @@ -139,6 +149,8 @@ services: entrypoint: /tini -- sleep infinity ftsdb: + env_file: + - .env image: ${FTS_MYSQL_IMAGE} hostname: ftsdb environment: diff --git a/initialize_mysql.sh b/initialize_mysql.sh index ad88ccd..a01fe25 100755 --- a/initialize_mysql.sh +++ b/initialize_mysql.sh @@ -4,8 +4,8 @@ set +e export $(cat .env | xargs) -docker exec fts3-cnaf_ftsdb_1 sh -c "mysql -u root -p${FTS_DB_ROOT_PASSWD} ${FTS_DATABASE} < /scripts/fts-schema-6.0.0.sql" +docker exec fts3cnaf_ftsdb_1 sh -c "mysql -u root -p${FTS_DB_ROOT_PASSWD} ${FTS_DATABASE} < /scripts/fts-schema-6.0.0.sql" -docker exec fts3-cnaf_ftsdb_1 sh -c "mysql -u root -p${FTS_DB_ROOT_PASSWD} -h ${FTS_MYSQL_HOST} -Bse \"GRANT ALL ON ${FTS_DATABASE}.* TO '${FTS_DB_USER}'@'%' IDENTIFIED BY '${FTS_DB_PASSWD}'; FLUSH PRIVILEGES; GRANT SUPER ON *.* to '${FTS_DB_USER}'@'%' IDENTIFIED BY '${FTS_DB_PASSWD}'; FLUSH PRIVILEGES;\" " +docker exec fts3cnaf_ftsdb_1 sh -c "mysql -u root -p${FTS_DB_ROOT_PASSWD} -h ${FTS_MYSQL_HOST} -Bse \"GRANT ALL ON ${FTS_DATABASE}.* TO '${FTS_DB_USER}'@'%' IDENTIFIED BY '${FTS_DB_PASSWD}'; FLUSH PRIVILEGES; GRANT SUPER ON *.* to '${FTS_DB_USER}'@'%' IDENTIFIED BY '${FTS_DB_PASSWD}'; FLUSH PRIVILEGES;\" " diff --git a/old.Dockerfile b/old.Dockerfile deleted file mode 100644 index 3836086..0000000 --- a/old.Dockerfile +++ /dev/null @@ -1,54 +0,0 @@ -FROM centos:7 - -# Install FTS -RUN yum install -y epel-release.noarch -#RUN curl https://fts-repo.web.cern.ch/fts-repo/fts3-prod-el7.repo -o /etc/yum.repos.d/fts3-prod-el7.repo -#RUN curl https://dmc-repo.web.cern.ch/dmc-repo/dmc-el7.repo -o /etc/yum.repos.d/dmc-el7.repo -RUN curl http://fts-repo.web.cern.ch/fts-repo/fts3-rc-el7.repo -o /etc/yum.repos.d/fts3-prod-el7.repo -RUN curl http://dmc-repo.web.cern.ch/dmc-repo/dmc-rc-el7.repo -o /etc/yum.repos.d/dmc-el7.repo - -RUN yum clean all && yum upgrade -y -RUN yum install -y gfal2-plugin-* --skip-broken -RUN yum install -y fts-server fts-client fts-rest fts-monitoring fts-mysql fts-msg fts-infosys -RUN yum install -y mysql MySQL-python fts-rest-oauth2 multitail -RUN yum install -y fts-server-selinux fts-rest-selinux fts-monitoring-selinux -RUN yum clean all - -# Setup FTS security -COPY assets/fts/certs/hostcert_fts.pem /etc/grid-security/hostcert.pem -COPY assets/fts/certs/hostcert_fts.key.pem /etc/grid-security/hostkey.pem -RUN chmod 400 /etc/grid-security/hostkey.pem -COPY assets/fts/Sectigo/SectigoRSA* /etc/grid-security/certificates/ -COPY assets/fts/Sectigo/USERTrustRSA-AAACA-xSign.crt /etc/grid-security/certificates/ -#COPY assets/fts/Sectigo/SHA-2\ Root\ USERTrust\ RSA\ Certification\ Authority.crt /etc/grid-security/certificates/ - - -# Database configuration for FTS server -COPY assets/fts/fts3config /etc/fts3/fts3config -COPY assets/fts/mysql/fts-schema-6.0.0.sql /usr/share/fts-mysql/fts-schema-6.0.0.sql - -# Configuration for FTSREST and FTSMON -COPY assets/fts/fts3rest.conf /etc/httpd/conf.d/fts3rest.conf -RUN echo "" > /etc/httpd/conf.d/ssl.conf &&\ - echo "" > /etc/httpd/conf.d/autoindex.conf &&\ - echo "" > /etc/httpd/conf.d/userdir.conf &&\ - echo "" > /etc/httpd/conf.d/welcome.conf &&\ - echo "" > /etc/httpd/conf.d/zgridsite.conf &&\ - echo "ServerName fts3-cnaf.cloud.cnaf.infn.it:80" >> /etc/httpd/conf/httpd.conf - -# Entrypoint waiting script for MySQL -COPY assets/fts/wait-for-it.sh /usr/local/bin/wait-for-it.sh -RUN chmod +x /usr/local/bin/wait-for-it.sh - -# Shortcut for logfiles -COPY assets/fts/logshow /usr/local/bin/logshow -RUN chmod +x /usr/local/bin/logshow -RUN touch /var/log/fts3/fts3server.log -RUN chown -R fts3:fts3 /var/log/fts3/fts3server.log -RUN touch /var/log/fts3rest/fts3rest.log -RUN chown -R fts3:fts3 /var/log/fts3rest - -# Startup -EXPOSE 8446 8449 -ADD assets/fts/docker-entrypoint.sh / -ENTRYPOINT ["/docker-entrypoint.sh"] diff --git a/test/cleanup.sh b/test/cleanup.sh new file mode 100755 index 0000000..d2221c6 --- /dev/null +++ b/test/cleanup.sh @@ -0,0 +1,6 @@ +#!/bin/bash + +gfal-rm --from-file remove.me +rm BULK.json +rm remove.me + diff --git a/test/command_example.md b/test/command_example.md new file mode 100644 index 0000000..a0c2ffe --- /dev/null +++ b/test/command_example.md @@ -0,0 +1,16 @@ +# For creating and adding files to source SE, creating BULK.json file: + +./random_files_creator.sh --Files=20 --Name='Test_files_' --Path=$PWD/files/ --Source='davs://xfer.cr.cnaf.infn.it:8443/wlcg/msoares' --Destination='davs://amnesiac.cloud.cnaf.infn.it:8443/wlcg/msoares/dest' + + +# for submitting the FTS transfer: + +fts-rest-transfer-submit -v -o -s https://fts3-cnaf.cloud.cnaf.infn.it:8446 -f BULK.json + +or + +fts-transfer-submit -v -o -s https://fts3-cnaf.cloud.cnaf.infn.it:8446 -f BULK.json + +# for cleannign the mess: + +./cleanup.sh diff --git a/test/random_files_creator.sh b/test/random_files_creator.sh new file mode 100755 index 0000000..6ca21f3 --- /dev/null +++ b/test/random_files_creator.sh @@ -0,0 +1,177 @@ +#!/bin/bash + + +helpmessage="\n\nScript usage:\n\n +\t\t ./random_file_creator.sh <--option=value> \n\n +e.g.\t ./random_file_creator.sh --Files=12 --Name='Pippo_files_' \n +e.g.\t ./random_file_creator.sh --Path=/path/to/directory/i/want/ \n +\n +Options: +\n\n + -f=\t --Files=\t\t:Insert number of files needed --Files=20 (default = 10)\n + -n=\t --Name=\t\t:Insert fale name that means something to you --Name='Pippo_files_'\n + -s=\t --Source=\t\t:Insert Source storage element to put files + -d=\t --Destination\t\t:Insert Destination storage element to copy files to + -p=\t --Path=\t\t:Insert the path that you wish to use --Path=<path_to_dir>\n + -h\t --help\t\t\t:Shows this help\n\n +\n\n +\t\t* If no values inserted it will use defaults values:\n +\t\t\t Number of Files => 10\n +\t\t\t File Names => random_content_<random value>_00x.init\n +\t\t\t Path => /tmp/<username>/tmp.<random value>/ \n +\n\n\n + +" + +#Default values +numberOfFiles=10 +filesName="random_content_" +sourceSEdir="https://xfer.cr.cnaf.infn.it:8443/webdav" +destinationSEdir="https://amnesiac.cloud.cnaf.infn.it/webdav" +#if [ $DIRAC ] +#then +# diracDir=$DIRAC +#else +# diracDir=$PWD +#fi + +# Parsing arguments +if [ $# -gt 0 ] +then + for i in "$@" + do + case $i in + + -h|--help|-?) + echo -e $helpmessage + exit 0 + ;; + + -f=*|--Files=*) + numberOfFiles="${i#*=}" + shift # past argument=value + ;; + + -n=*|--Name=*) + filesName="${i#*=}" + shift # past argument=value + ;; + + -s=*|--Source=*) + sourceSEdir="${i#*=}" + shift # past argument=value + ;; + + -d=*|--Destination=*) + destinationSEdir="${i#*=}" + shift # past argument=value + ;; + + -p=*|--Path=*) + temporaryPath="${i#*=}" + if [ ! -d "$temporaryPath" ] + then + mkdir -p $temporaryPath + fi + shift # past argument=value + ;; + + *) + echo -e $helpmessage + exit 0 + # unknown option + ;; + esac + done +fi + +set +e +currentDir=$PWD + +# Default temporary path +if [ -z "$temporaryPath" ] + then + temporaryPath=$(mktemp -d) +fi + +# Move to a tmp directory +cd $temporaryPath +if [ $? -ne 0 ] + then + echo $(tput setaf 1)"ERROR: cannot change to directory: " $temporaryPath$(tput sgr 0) + exit $? +fi + +echo "" +echo "Random files created in: " +echo $(tput setaf 2)$temporaryPath$(tput sgr 0) +echo "" +# Start Removal file +touch $currentDir/remove.me + +# Start bulk submission json file: +touch $currentDir/BULK.json +cat <<EOF >> $currentDir/BULK.json +{ + "files": [ +EOF + +# array of fileNames +fileNames=() +for n in $(eval echo "{1..$numberOfFiles}") +do + fileNames+=($(date +"20%y%m%d")_$(date +"%H%M%S")_$( printf %03d "$n" )) +done + +for n in $(eval echo "{1..$numberOfFiles}") +do + randomx=$(( (RANDOM % 3) +1 )) # a random value between 1 and 4 + echo "" + echo $(tput setaf 2)$temporaryPath"/"$filesName${fileNames[$n-1]}".init"$(tput sgr 0) + dd if=/dev/urandom of=$filesName${fileNames[$n-1]}.init bs=100M count=$randomx + + # Gfal-copy file to source SE + sourceFile=$filesName${fileNames[$n-1]}.init + gfal-copy $temporaryPath/$sourceFile $sourceSEdir/$sourceFile -f -p + + # Create entry in json file for bulk submission + cat <<EOF >> $currentDir/BULK.json + { + "sources": [ + "$sourceSEdir/$sourceFile" + ], + "destinations": [ + "$destinationSEdir/$sourceFile" + ], + "selection_strategy": "orderly", + "metadata": "file-metadata", + "activity": "Production", + "filesize": 1024 + } +EOF + +if [ $n -ne $numberOfFiles ] + then + cat <<EOF >> $currentDir/BULK.json + , +EOF +fi + +rm $temporaryPath/$sourceFile + +#create a reference file for removal from the source and destination + +cat <<EOF >> $currentDir/remove.me +$sourceSEdir/$sourceFile +$destinationSEdir/$sourceFile +EOF + +done + +cat <<EOF >> $currentDir/BULK.json + ] + } +EOF + + + -- GitLab