...
You will need BOTH UK eScience CA 2B can be obtained here, and the eScience ROOT obtained here.
You then need to combine them both into a file and call it ca-first.pem, this can be done like this:
Code Block |
---|
curl https://cert.ca.ngs.ac.uk/530f7122.0 > ca-first.pem
curl https://cert.ca.ngs.ac.uk/7ed47087.0 >> ca-first.pem |
It is important to include the full path to the usercert.pem
and userkey.pem
files, and the e-Science CA 2B, as well as their file extensions. Otherwise Docker seems to think they are directories which causes problems. If you still have issues, you may need to chmod 777
the usercert and userkey files.
Code Block |
---|
services: rucio-client: image: thysk/ral-rucio-client environment: RUCIO_CFG_RUCIO_HOST: https://multi-vo-rucio-server.nubes.stfc.ac.uk:443 RUCIO_CFG_AUTH_HOST: https://multi-vo-rucio-authserver.nubes.stfc.ac.uk:443 RUCIO_CFG_AUTH_TYPE: x509_proxy RUCIO_CFG_CLIENT_VO: dtm RUCIO_CFG_CLIENT_CERT: /opt/rucio/etc/usercreds/usercert.pem RUCIO_CFG_CLIENT_KEY: /opt/rucio/etc/usercreds/userkey.pem RUCIO_CFG_ACCOUNT: <account name> RUCIO_CFG_CA_CERT: /opt/rucio/etc/web/ca-first.pem RUCIO_CFG_CLIENT_X509_PROXY: /tmp/x509up_u1000 volumes: - type: bind source: <path to your x509 certificate> target: /opt/rucio/etc/usercert.pem - type: bind source: <path to your x509 certificate> target: /home/user/.globus/usercert.pem - type: bind source: <path to your x509 key> target: /opt/rucio/etc/userkey.pem - type: bind source: <path to your x509 key> target: /home/user/.globus/userkey.pem - type: bind source: /home/rtt84632/rucio-client/ca-first.pem target: /opt/rucio/etc/web/ca-first.pem stdin_open: true tty: true |
VO Names and Rucio abbreviations
Name | Abbreviation |
---|---|
DTeam | dtm |
Square Kilometer Array Observatory | ska |
Gridpp | gpp |
Once the container is created. Inside the container run this command:
...
Code Block |
---|
[common] logdir = /var/log/rucio multi_vo = True loglevel = DEBUG INFO [client] rucio_host = https://multi-vo-rucio-server.gridppnubes.rlstfc.ac.uk:443 auth_host = https://multi-vo-rucio-server.gridppnubes.rlstfc.ac.uk:443 vo = <3 character VO name> <VO> account = <your_account><ACCOUNT> ca_cert = /opt/rucio/etc/web/ca-first.pem auth_type = x509_proxy #username = #password = client_cert = /opt/rucio/etc/usercert.pem client_key = /opt/rucio/etc/userkey.pem client_x509_proxy = /tmp/x509up_u1000 request_retries = 5 oidc_scope = rucio openid profile offline_access oidc_audience = rucio oidc_issuer = iris |
You should now have a fully set up Containerised Client for your Rucio Account and VO which you can start in docker and use whenever you need it.
...