Difference between revisions of "RucioContainerisedClient"
From GridPP Wiki
(→Setting up and Using the Containerized Client) |
|||
(2 intermediate revisions by one user not shown) | |||
Line 4: | Line 4: | ||
* [https://www.docker.com/get-started https://www.docker.com/get-started] (for windows users I would recommend using WSL2 rather than Hyper-V as I have had success there) | * [https://www.docker.com/get-started https://www.docker.com/get-started] (for windows users I would recommend using WSL2 rather than Hyper-V as I have had success there) | ||
+ | * Follow the docker instructions to ensure it is running correctly. | ||
* Using openSSL you will need to split your grid certificate bundle into the certificate and key: | * Using openSSL you will need to split your grid certificate bundle into the certificate and key: | ||
− | openssl pkcs12 -in <*.pfx> -out usercert.pem -clcerts -nokeys | + | openssl pkcs12 -in <*.pfx> -out /sensible/path/usercert.pem -clcerts -nokeys |
− | openssl pkcs12 -in <*.pfx> -out userkey.pem -nocerts -nodes | + | openssl pkcs12 -in <*.pfx> -out /sensible/path/userkey.pem -nocerts -nodes |
*Run the Docker container using the following command: | *Run the Docker container using the following command: | ||
Line 12: | Line 13: | ||
-e RUCIO_CFG_AUTH_TYPE=x509 -e RUCIO_CFG_CLIENT_VO=<3 CHAR VO NAME LOWERCASE> -e RUCIO_CFG_CLIENT_CERT=/opt/rucio/etc/usercert.pem \ | -e RUCIO_CFG_AUTH_TYPE=x509 -e RUCIO_CFG_CLIENT_VO=<3 CHAR VO NAME LOWERCASE> -e RUCIO_CFG_CLIENT_CERT=/opt/rucio/etc/usercert.pem \ | ||
-e RUCIO_CFG_CLIENT_KEY=/opt/rucio/etc/userkey.pem -e RUCIO_CFG_ACCOUNT=<USERNAME> -e RUCIO_CFG_CA_CERT=/opt/rucio/etc/web/ca-first.pem \ | -e RUCIO_CFG_CLIENT_KEY=/opt/rucio/etc/userkey.pem -e RUCIO_CFG_ACCOUNT=<USERNAME> -e RUCIO_CFG_CA_CERT=/opt/rucio/etc/web/ca-first.pem \ | ||
− | -v <PATH/TO/ca- | + | -v <PATH/TO/[https://ca.grid-support.ac.uk/cacerts/ e-Science CA 2B]>:/opt/rucio/etc/web/ca-first.pem -v <PATH/TO/YOUR/USERCERT>:/opt/rucio/etc/usercert -v <PATH/TO/YOUR/USERKEY>:/opt/rucio/etc/userkey \ |
--name=rucio-client -it -d rucio/rucio-clients | --name=rucio-client -it -d rucio/rucio-clients | ||
Latest revision as of 15:52, 27 October 2021
Setting up and Using the Containerized Client
First you will need to download and install Docker to run the container:
- https://www.docker.com/get-started (for windows users I would recommend using WSL2 rather than Hyper-V as I have had success there)
- Follow the docker instructions to ensure it is running correctly.
- Using openSSL you will need to split your grid certificate bundle into the certificate and key:
openssl pkcs12 -in <*.pfx> -out /sensible/path/usercert.pem -clcerts -nokeys openssl pkcs12 -in <*.pfx> -out /sensible/path/userkey.pem -nocerts -nodes
- Run the Docker container using the following command:
run -e RUCIO_CFG_RUCIO_HOST=https://rucio-server.gridpp.rl.ac.uk:443 -e RUCIO_CFG_AUTH_HOST=https://rucio-server.gridpp.rl.ac.uk:443 \ -e RUCIO_CFG_AUTH_TYPE=x509 -e RUCIO_CFG_CLIENT_VO=<3 CHAR VO NAME LOWERCASE> -e RUCIO_CFG_CLIENT_CERT=/opt/rucio/etc/usercert.pem \ -e RUCIO_CFG_CLIENT_KEY=/opt/rucio/etc/userkey.pem -e RUCIO_CFG_ACCOUNT=<USERNAME> -e RUCIO_CFG_CA_CERT=/opt/rucio/etc/web/ca-first.pem \ -v <PATH/TO/e-Science CA 2B>:/opt/rucio/etc/web/ca-first.pem -v <PATH/TO/YOUR/USERCERT>:/opt/rucio/etc/usercert -v <PATH/TO/YOUR/USERKEY>:/opt/rucio/etc/userkey \ --name=rucio-client -it -d rucio/rucio-clients
- Run the following commands:
cd /opt/rucio/etc/ cp userkey userkey.pem chmod 400 userkey.pem cp usercert usercert.pem
- You should now have a fully set up Containerised Client for your Rucio Account and VO which you can start in docker and use whenever you need it.