CERN Accelerating science

How to add an IPv6 xrootd-based file server to the testbed via Docker.

The following installation has to be done on a host where docker.io is installed and running. It was tested with versions 1.6.2 on Debian stable and 1.9.0 on Centos 7:

  1. Download the docker image that was saved here: http://www.mi.infn.it/ipv6/xrootd_centos.tar.gz
  2. Load it as a local docker image (the image name will be xrootd/centos:latest:
    zcat xrootd_centos.tar.gz |docker load
  3. Create a directory to store the data files, and give it away to uid.gid 1000.1000:
    > mkdir /var/tmp/ipv6testbed
    > (sudo) chown 1000.1000 /var/tmp/ipv6testbed
  4. Create an xrootd directory, containing the xrootd.conf and auth_file files.
    An example xrootd.conf can be downloaded from http://www.mi.infn.it/ipv6/xrootd.conf. At least the 'all.sitename' attribute should be edited. As you can see in the example, dual-stack host seipersei.mi.infn.it serves as the testbed redirector.
    The auth_file file should allow access to /var/tmp/ipv6testbed:
    > cat xrootd/auth_file
    u * /var/tmp/ipv6testbed a
  5. Create an xrootd-log directory writable by uid 1000. Xrootd and cmsd will write their logs there.
  6. Make sure the /etc/grid-security dir contains:
    • the host credentials
    • a vomsdir allowing at least voms2.cnaf.infn.it (either download voms2.cnaf.infn.it.pem or create the following .lsc file:
      # cat /etc/grid-security/vomsdir/ipv6.hepix.org/voms2.cnaf.infn.it.lsc
      /C=IT/O=INFN/OU=Host/L=CNAF/CN=voms2.cnaf.infn.it
      /C=IT/O=INFN/CN=INFN CA
    • an xrd subdirectory containing copies of the host certificate and key owned by uid 1000 as follows:
      > ls -l grid-security/xrd
      total 8
      -rw-r--r-- 1 1000 1000 1918 Dec 23 14:11 xrdcert.pem
      -r-------- 1 1000 1000 1708 Dec 23 14:11 xrdkey.pem
  7. Make sure that docker on the host is started with IPv6 enabled. DOCKER_OPTS has to be set as applicable either under sysconfig or in /etc/default/docker:
    DOCKER_OPTS="--ipv6 --fixed-cidr-v6=2001:some:class:for:docker::/64"
  8. Start the docker processes for xrootd and have them import the four directories referenced under (3,4,5,6) above and use the host network:
    docker run -v /etc/grid-security:/etc/grid-security:ro -v ***location-of***/xrootd:/usr/local/etc/xrootd:ro -v ***location-of***/xrootd-log:/var/log/xrootd  -v /var/tmp/ipv6testbed:/var/tmp/ipv6testbed --entrypoint=/usr/local/sbin/start_xrd -d --net=host xrootd/centos

    Check with docker ps that the process is running in the detached container. If it exited, look for the cause(s) in the log files in the xrootd-log directory.