Versions Compared

Old Version 7

changes.mady.by.user Timothy Noble

Saved on

compared with

New Version Current

changes.mady.by.user Timothy Noble

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

You will need BOTH UK eScience CA 2B can be obtained here, and the eScience ROOT obtained here.

You then need to combine them both into a file and call it ca-first.pem, this can be done like this:

Code Block
curl https://cert.ca.ngs.ac.uk/530f7122.0 > ca-first.pem
curl https://cert.ca.ngs.ac.uk/7ed47087.0 >> ca-first.pem

It is important to include the full path to the usercert.pem and userkey.pem files, and the e-Science CA 2B, as well as their file extensions. Otherwise Docker seems to think they are directories which causes problems. If you still have issues, you may need to chmod 777 the usercert and userkey files.

Code Block
services:
  rucio-client:
    image:
       thysk/ral-rucio-client
    environment:
       RUCIO_CFG_RUCIO_HOST: https://multi-vo-rucio-server.nubes.stfc.ac.uk:443
       RUCIO_CFG_AUTH_HOST: https://multi-vo-rucio-authserver.nubes.stfc.ac.uk:443
       RUCIO_CFG_AUTH_TYPE: x509_proxy
       RUCIO_CFG_CLIENT_VO: dtm
       RUCIO_CFG_CLIENT_CERT: /opt/rucio/etc/usercreds/usercert.pem
       RUCIO_CFG_CLIENT_KEY: /opt/rucio/etc/usercreds/userkey.pem
       RUCIO_CFG_ACCOUNT: <account name>
       RUCIO_CFG_CA_CERT: /opt/rucio/etc/web/ca-first.pem
       RUCIO_CFG_CLIENT_X509_PROXY: /tmp/x509up_u1000
    volumes:
      - type: bind
        source: <path to your x509 certificate>
        target: /opt/rucio/etc/usercert.pem
      - type: bind
        source: <path to your x509 certificate>
        target: /home/user/.globus/usercert.pem
      - type:  bind
        source: <path to your x509 key>
        target: /opt/rucio/etc/userkey.pem
      - type:  bind
        source: <path to your x509 key>
        target: /home/user/.globus/userkey.pem
      - type: bind
        source: /home/rtt84632/rucio-client/ca-first.pem
        target: /opt/rucio/etc/web/ca-first.pem
    stdin_open: true
    tty: true

VO Names and Rucio abbreviations

Name

Abbreviation

DTeam

dtm

Square Kilometer Array Observatory

ska

Gridpp

gpp

Once the container is created. Inside the container run this command:

...

Code Block
[common]
logdir = /var/log/rucio
multi_vo = True
loglevel = DEBUG
INFO
[client]

rucio_host = https://multi-vo-rucio-server.gridppnubes.rlstfc.ac.uk:443
auth_host = https://multi-vo-rucio-server.gridppnubes.rlstfc.ac.uk:443
vo = <3 character VO name>
<VO>
account = <your_account><ACCOUNT>
ca_cert = /opt/rucio/etc/web/ca-first.pem
auth_type = x509_proxy
#username =
#password =
client_cert = /opt/rucio/etc/usercert.pem
client_key = /opt/rucio/etc/userkey.pem
client_x509_proxy = /tmp/x509up_u1000
request_retries = 5
oidc_scope = rucio openid profile offline_access
oidc_audience = rucio
oidc_issuer = iris

You should now have a fully set up Containerised Client for your Rucio Account and VO which you can start in docker and use whenever you need it.

...