diff --git a/continuousintegration/docker/ctafrontend/cc7/opt/run/bin/ctacli.sh b/continuousintegration/docker/ctafrontend/cc7/opt/run/bin/ctacli.sh
new file mode 100755
index 0000000000000000000000000000000000000000..0bcf2fa849427eb87030008eaa59a2262b816378
--- /dev/null
+++ b/continuousintegration/docker/ctafrontend/cc7/opt/run/bin/ctacli.sh
@@ -0,0 +1,16 @@
+#!/bin/bash
+
+yum-config-manager --enable cta-artifacts
+yum-config-manager --enable ceph
+
+# Install missing RPMs
+yum -y install cta-cli cta-debuginfo
+
+cat <<EOF > /etc/cta/cta-cli.conf
+# The CTA frontend address in the form <FQDN>:<TCPPort>
+# solved by kubernetes DNS server so KIS...
+ctafrontend:10955
+EOF
+
+# sleep forever but exit immediately when pod is deleted
+exec /bin/bash -c "trap : TERM INT; sleep infinity & wait"
diff --git a/continuousintegration/docker/ctafrontend/cc7/opt/run/bin/ctaeos-mgm.sh b/continuousintegration/docker/ctafrontend/cc7/opt/run/bin/ctaeos-mgm.sh
new file mode 100755
index 0000000000000000000000000000000000000000..b04569eb7a993dadc1aee25f9fcc5cfafb783a4f
--- /dev/null
+++ b/continuousintegration/docker/ctafrontend/cc7/opt/run/bin/ctaeos-mgm.sh
@@ -0,0 +1,137 @@
+#!/bin/sh
+
+yum-config-manager --enable cta-artifacts
+yum-config-manager --enable eos-citrine-commit
+yum-config-manager --enable eos-citrine-depend
+yum-config-manager --enable eos-citrine
+
+# Install missing RPMs
+yum -y install eos-client eos-server xrootd-client xrootd-debuginfo xrootd-server cta-cli cta-debuginfo
+
+# fix reverse DNS for EOS
+/opt/ci/init_pod.sh
+
+# copy needed template configuration files (nice to get all lines for logs)
+yes | cp -r /opt/ci/ctaeos/etc /
+
+eoshost=`hostname -f`
+
+EOS_INSTANCE=`hostname -s`
+TAPE_FS_ID=65535
+CTA_BIN=/usr/bin/cta
+CTA_KT=/etc/ctafrontend_SSS_c.keytab
+CTA_XrdSecPROTOCOL=sss
+CTA_PROC_DIR=/eos/${EOS_INSTANCE}/proc/cta
+CTA_WF_DIR=${CTA_PROC_DIR}/workflow
+CTA_TEST_DIR=/eos/${EOS_INSTANCE}/cta
+
+# prepare CTA cli commands environment
+cat <<EOF > /etc/cta/cta-cli.conf
+# The CTA frontend address in the form <FQDN>:<TCPPort>
+# solved by kubernetes DNS server so KIS...
+ctafrontend:10955
+EOF
+
+
+# setup eos host and instance name
+ sed -i -e "s/DUMMY_HOST_TO_REPLACE/${eoshost}/" /etc/sysconfig/eos
+ sed -i -e "s/DUMMY_INSTANCE_TO_REPLACE/${EOS_INSTANCE}/" /etc/sysconfig/eos
+ sed -i -e "s/DUMMY_HOST_TO_REPLACE/${eoshost}/" /etc/xrd.cf.mgm
+ sed -i -e "s/DUMMY_INSTANCE_TO_REPLACE/${EOS_INSTANCE}/" /etc/xrd.cf.mgm
+ sed -i -e "s/DUMMY_HOST_TO_REPLACE/${eoshost}/" /etc/xrd.cf.mq
+ sed -i -e "s/DUMMY_HOST_TO_REPLACE/${eoshost}/" /etc/xrd.cf.fst
+
+# prepare eos startup
+ # skip systemd for eos initscripts
+ export SYSTEMCTL_SKIP_REDIRECT=1
+# echo y | xrdsssadmin -k ${EOS_INSTANCE} -u daemon -g daemon add /etc/eos.keytab
+# need a deterministic key for taped
+# can only have one key????
+echo -n '0 u:daemon g:daemon n:ctaeos+ N:6361884315374059521 c:1481241620 e:0 f:0 k:1a08f769e9c8e0c4c5a7e673247c8561cd23a0e7d8eee75e4a543f2d2dd3fd22' > /etc/eos.keytab
+ chmod 400 /etc/eos.keytab
+ chown daemon:daemon /etc/eos.keytab
+ mkdir -p /run/lock/subsys
+ mkdir -p /var/eos/config/${eoshost}
+ chown daemon:root /var/eos/config/${eoshost}
+ touch /var/eos/config/${eoshost}/default.eoscf
+ chown daemon:daemon /var/eos/config/${eoshost}/default.eoscf
+
+# add taped SSS must be in a kubernetes secret
+#echo >> /etc/eos.keytab
+#echo '0 u:stage g:tape n:taped+ N:6361736405290319874 c:1481207182 e:0 f:0 k:8e2335f24cf8c7d043b65b3b47758860cbad6691f5775ebd211b5807e1a6ec84' >> /etc/eos.keytab
+
+ #/etc/init.d/eos master mgm
+ #/etc/init.d/eos master mq
+ touch /var/eos/eos.mq.master
+ touch /var/eos/eos.mgm.rw
+ echo "Configured mq mgm on localhost as master"
+
+ source /etc/sysconfig/eos
+
+ mkdir -p /fst
+ chown daemon:daemon /fst/
+
+# start and setup eos for xrdcp to the ${CTA_TEST_DIR}
+ #/etc/init.d/eos start
+ /usr/bin/xrootd -n mq -c /etc/xrd.cf.mq -l /var/log/eos/xrdlog.mq -b -Rdaemon
+ /usr/bin/xrootd -n mgm -c /etc/xrd.cf.mgm -m -l /var/log/eos/xrdlog.mgm -b -Rdaemon
+ /usr/bin/xrootd -n fst -c /etc/xrd.cf.fst -l /var/log/eos/xrdlog.fst -b -Rdaemon
+
+ eos vid enable sss
+ eos vid enable unix
+ EOS_MGM_URL="root://${eoshost}" eosfstregister -r /fst default:1
+
+ eos node set ${eoshost} on
+ eos space set default on
+ eos attr -r set default=replica /eos
+ eos attr -r set sys.forced.nstripes=1 /eos
+
+ eos fs add -m ${TAPE_FS_ID} tape localhost:1234 /does_not_exist tape
+ eos mkdir ${CTA_PROC_DIR}
+ eos mkdir ${CTA_WF_DIR}
+ eos attr set CTA_TapeFsId=${TAPE_FS_ID} ${CTA_WF_DIR}
+
+ eos mkdir ${CTA_TEST_DIR}
+ eos chmod 777 ${CTA_TEST_DIR}
+ eos attr set CTA_StorageClass=ctaStorageClass ${CTA_TEST_DIR}
+
+ # hack before it is fixed in EOS
+ TAPE_FS_ID_TOSET=`eos attr ls ${CTA_WF_DIR} | grep CTA_TapeFsId= | tr '"' ' ' | cut -d ' ' -f 2`
+ eos attr set CTA_TapeFsId=${TAPE_FS_ID_TOSET} ${CTA_TEST_DIR}
+
+ # Link the attributes of CTA worklow directory to the test directory
+ eos attr link ${CTA_WF_DIR} ${CTA_TEST_DIR}
+
+# test EOS
+# eos slow behind us and we need to give it time to be ready
+# 5 secs is not enough
+ sleep 10
+ eos -b node ls
+ xrdcp /etc/group root://${eoshost}:/${CTA_TEST_DIR}/testFile
+
+# prepare EOS workflow
+ eos space config default space.wfe=on
+
+# ATTENTION
+# for sss authorisation unix has to be replaced by sss
+
+# Set the worfklow rule for archiving files to tape
+eos attr set sys.workflow.closew.default="bash:shell:cta XrdSecPROTOCOL=${CTA_XrdSecPROTOCOL} XrdSecSSSKT=${CTA_KT} ${CTA_BIN} archive --user <eos::wfe::rusername> --group <eos::wfe::rgroupname> --diskid <eos::wfe::fid> --instance eoscta --srcurl <eos::wfe::turl> --size <eos::wfe::size> --checksumtype <eos::wfe::checksumtype> --checksumvalue <eos::wfe::checksum> --storageclass <eos::wfe::cxattr:CTA_StorageClass> --diskfilepath <eos::wfe::path> --diskfileowner <eos::wfe::username> --diskfilegroup <eos::wfe::groupname> --recoveryblob:base64 <eos::wfe::base64:metadata> --reportURL 'eosQuery://${EOS_INSTANCE}//eos/wfe/passwd?mgm.pcmd=event\&mgm.fid=<eos::wfe::fxid>\&mgm.logid=cta\&mgm.event=archived\&mgm.workflow=default\&mgm.path=/eos/wfe/passwd\&mgm.ruid=0\&mgm.rgid=0' --stderr" ${CTA_WF_DIR}
+
+# Set the worflow rule for creating tape file replicas in the EOS namespace.
+eos attr set sys.workflow.archived.default="bash:shell:cta eos file tag <eos::wfe::path> +<eos::wfe::cxattr:CTA_TapeFsId>" ${CTA_WF_DIR}
+
+# Set the worfklow rule for retrieving file from tape.
+eos attr set sys.workflow.prepare.default="bash:shell:cta XrdSecPROTOCOL=${CTA_XrdSecPROTOCOL} XrdSecSSSKT=${CTA_KT} ${CTA_BIN} retrieve --user <eos::wfe::rusername> --group <eos::wfe::rgroupname> --id <eos::wfe::fxattr:sys.archiveFileId> --dsturl '<eos::wfe::turl>\&eos.injection=1\&eos.workflow=CTA_retrieve' --diskfilepath <eos::wfe::path> --diskfileowner <eos::wfe::username> --diskfilegroup <eos::wfe::groupname> --recoveryblob:base64 <eos::wfe::base64:metadata> --stderr" ${CTA_WF_DIR}
+
+# Set the workflow rule for the closew event of the CTA_retrieve workflow.
+# Using the CTA_retrieve workflow will prevent the default workflow from
+# receiving the closew event. Triggering the default workflow in this way would
+# haved causes the unwanted action of copying the disk file to tape again.
+# The action of the CTA_retrieve workflow when triggered by the closew event is
+# to set the CTA_retrieved_timestamp attribute.
+eos attr set sys.workflow.closew.CTA_retrieve="bash:shell:cta eos attr set 'CTA_retrieved_timestamp=\"\`date\`\"' <eos::wfe::path>" ${CTA_WF_DIR}
+
+echo "### ctaeos mgm ready ###"
+
+/bin/bash
diff --git a/continuousintegration/docker/ctafrontend/cc7/opt/run/bin/ctafrontend.sh b/continuousintegration/docker/ctafrontend/cc7/opt/run/bin/ctafrontend.sh
new file mode 100755
index 0000000000000000000000000000000000000000..0d08a312778c36c02e91468cfb246ce152429565
--- /dev/null
+++ b/continuousintegration/docker/ctafrontend/cc7/opt/run/bin/ctafrontend.sh
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+yum-config-manager --enable cta-artifacts
+yum-config-manager --enable ceph
+
+# Install missing RPMs
+# cta-catalogueutils is needed to delete the db at the end of instance
+yum -y install cta-frontend cta-debuginfo cta-catalogueutils ceph-common
+
+yes | cp -r /opt/ci/ctafrontend/etc /
+
+/shared/bin/init_objectstore.sh
+. /tmp/objectstore-rc.sh
+
+echo "ObjectStore BackendPath $OBJECTSTOREURL" > /etc/cta/cta-frontend.conf
+echo "Catalogue NumberOfConnections 1" >>/etc/cta/cta-frontend.conf
+echo "Log URL file:/cta-frontend.log" >>/etc/cta/cta-frontend.conf
+
+
+/shared/bin/init_database.sh
+. /tmp/database-rc.sh
+
+echo ${DATABASEURL} >/etc/cta/cta_catalogue_db.conf
+
+# Create user cta early so that we can set file ownership correctly
+useradd cta
+
+# EOS INSTANCE NAME used as username for SSS key
+EOSINSTANCE=ctaeos
+
+
+# Create SSS key for ctafrontend, must be forwardable in kubernetes realm
+echo y | xrdsssadmin -k ctafrontend+ -u ${EOSINSTANCE} -g cta add /etc/ctafrontend_SSS_s.keytab
+# copy it in the client file that contains only one SSS
+cp /etc/ctafrontend_SSS_s.keytab /etc/ctafrontend_SSS_c.keytab
+chmod 600 /etc/ctafrontend_SSS_s.keytab /etc/ctafrontend_SSS_c.keytab
+chown cta /etc/ctafrontend_SSS_s.keytab /etc/ctafrontend_SSS_c.keytab
+sed -i 's|.*sec.protocol sss.*|sec.protocol sss -s /etc/ctafrontend_SSS_s.keytab -c /etc/ctafrontend_SSS_c.keytab|' /etc/xrootd/xrootd-cta.cfg
+sed -i 's|.*sec.protocol unix.*|#sec.protocol unix|' /etc/xrootd/xrootd-cta.cfg
+
+# Hack the default xrootd-cta.cfg provided by the sources
+sed -i 's|.*sec.protocol krb5.*|sec.protocol krb5 /etc/cta-frontend.keytab cta/cta-frontend@TEST.CTA|' /etc/xrootd/xrootd-cta.cfg
+
+# Allow only SSS and krb5 for frontend
+sed -i 's|^sec.protbind .*|sec.protbind * only sss krb5|' /etc/xrootd/xrootd-cta.cfg
+
+# Wait for the keytab file to be pushed in by the creation script.
+echo -n "Waiting for /etc/cta-frontend.keytab"
+for ((;;)); do test -e /etc/cta-frontend.keytab && break; sleep 1; echo -n .; done
+echo OK
+
+touch /cta-frontend.log
+chmod a+w /cta-frontend.log
+tail -F /cta-frontend.log &
+
+echo "Launching frontend"
+runuser --shell='/bin/bash' --session-command='cd ~cta; xrootd -n cta -c /etc/xrootd/xrootd-cta.cfg -I v4' cta
+
+echo "frontend died"
+sleep infinity
diff --git a/continuousintegration/docker/ctafrontend/cc7/opt/run/bin/init.sh b/continuousintegration/docker/ctafrontend/cc7/opt/run/bin/init.sh
new file mode 100755
index 0000000000000000000000000000000000000000..b16b50e57d3547aaecf0632c18bdda1e6a5a4a2d
--- /dev/null
+++ b/continuousintegration/docker/ctafrontend/cc7/opt/run/bin/init.sh
@@ -0,0 +1,70 @@
+#!/bin/sh
+
+# enable cta repository from previously built artifacts
+yum-config-manager --enable cta-artifacts
+yum-config-manager --enable ceph
+
+# install needed packages
+yum -y install cta-objectstore-tools cta-doc mt-st mtx lsscsi sg3_utils cta-catalogueutils ceph-common
+yum clean packages
+
+echo "Using this configuration for library:"
+/shared/bin/init_library.sh
+cat /tmp/library-rc.sh
+. /tmp/library-rc.sh
+
+echo "Creating objectstore"
+/shared/bin/init_objectstore.sh
+. /tmp/objectstore-rc.sh
+
+if [ "$OBJECTSTORETYPE" == "file" ]; then
+ rm -fr $OBJECTSTOREURL
+ mkdir -p $OBJECTSTOREURL
+ cta-objectstore-initialize $OBJECTSTOREURL
+ chmod -R 777 $OBJECTSTOREURL
+else
+ if [[ $(rados -p $OBJECTSTOREPOOL --id $OBJECTSTOREID --namespace $OBJECTSTORENAMESPACE ls | wc -l) -gt 0 ]]; then
+ echo "Rados objectstore ${OBJECTSTOREURL} is not empty: deleting content"
+ rados -p $OBJECTSTOREPOOL --id $OBJECTSTOREID --namespace $OBJECTSTORENAMESPACE ls | xargs -itoto rados -p $OBJECTSTOREPOOL --id $OBJECTSTOREID --namespace $OBJECTSTORENAMESPACE rm toto
+ fi
+ cta-objectstore-initialize $OBJECTSTOREURL
+ echo "Rados objectstore ${OBJECTSTOREURL} content:"
+ rados -p $OBJECTSTOREPOOL --id $OBJECTSTOREID --namespace $OBJECTSTORENAMESPACE ls
+fi
+
+echo "Creating DB"
+/shared/bin/init_database.sh
+. /tmp/database-rc.sh
+
+if [ "$DATABASETYPE" == "sqlite" ]; then
+ mkdir -p $(dirname $(echo ${DATABASEURL} | cut -d: -f2))
+ echo ${DATABASEURL} >/etc/cta/cta_catalogue_db.conf
+ cta-catalogue-schema-create /etc/cta/cta_catalogue_db.conf
+ chmod -R 777 $(dirname $(echo ${DATABASEURL} | cut -d: -f2)) # needed?
+else
+ echo ${DATABASEURL} >/etc/cta/cta_catalogue_db.conf
+ cta-catalogue-schema-create /etc/cta/cta_catalogue_db.conf
+fi
+
+if [ ! $LIBRARYTYPE == "mhvtl" ]; then
+ echo "Real tapes, not labelling";
+else
+ # library management
+ # BEWARE STORAGE SLOTS START @1 and DRIVE SLOTS START @0!!
+ echo "Labelling tapes using the first drive in ${LIBRARYNAME}: ${DRIVENAMES[${driveslot}]} on /dev/${DRIVEDEVICES[${driveslot}]}:"
+ for ((i=0; i<${#TAPES[@]}; i++)); do
+ vid=${TAPES[${i}]}
+ tapeslot=$((${i}+1)) # tape slot is 1 for tape[0] and so on...
+
+ echo -n "${vid} in slot ${tapeslot} "
+ mtx -f /dev/${LIBRARYDEVICE} load ${tapeslot} ${driveslot}
+ cd /tmp
+ echo "VOL1${vid} CASTOR 3">label.file
+ dd if=label.file of=/dev/${DRIVEDEVICES[${driveslot}]} bs=80 count=1
+ mt -f /dev/${DRIVEDEVICES[${driveslot}]} rewind
+ mtx -f /dev/${LIBRARYDEVICE} unload ${tapeslot} ${driveslot}
+ echo "OK"
+ done
+fi
+
+echo "### INIT COMPLETED ###"
diff --git a/continuousintegration/docker/ctafrontend/cc7/opt/run/bin/init_database.sh b/continuousintegration/docker/ctafrontend/cc7/opt/run/bin/init_database.sh
new file mode 100755
index 0000000000000000000000000000000000000000..0434e4d507ade04e6fa8cae828e1e27654637500
--- /dev/null
+++ b/continuousintegration/docker/ctafrontend/cc7/opt/run/bin/init_database.sh
@@ -0,0 +1,42 @@
+#!/bin/bash
+
+DATABASE_CONFIG_DIR=/etc/config/database
+
+function get_conf {
+ test -r ${DATABASE_CONFIG_DIR}/$1 && cat ${DATABASE_CONFIG_DIR}/$1 || echo -n UNDEF
+}
+
+DATABASETYPE=UNDEF
+DATABASEURL=UNDEF
+
+rm -f /tmp/database-rc.sh
+
+case "$(get_conf database.type)" in
+ "UNDEF")
+ echo "database configmap is not defined"
+ ls ${DATABASE_CONFIG_DIR}
+ exit 1
+ ;;
+
+ "sqlite")
+ echo "Configuring sqlite database"
+ DATABASETYPE=sqlite
+ DATABASEURL=sqlite:$(echo $(get_conf database.file.path) | sed -e "s#%NAMESPACE#${MY_NAMESPACE}#")
+ ;;
+ "oracle")
+ echo "Configuring oracle database"
+ DATABASETYPE=oracle
+ DATABASEURL=oracle:$(get_conf database.oracle.username)/$(get_conf database.oracle.password)@$(get_conf database.oracle.database)
+ ;;
+ *)
+ echo "Error unknown database type: $(get_conf database.type)"
+ exit 1
+ ;;
+esac
+
+cat <<EOF >>/tmp/database-rc.sh
+export DATABASETYPE=${DATABASETYPE}
+export DATABASEURL=${DATABASEURL}
+EOF
+
+exit 0
diff --git a/continuousintegration/docker/ctafrontend/cc7/opt/run/bin/init_library.sh b/continuousintegration/docker/ctafrontend/cc7/opt/run/bin/init_library.sh
new file mode 100755
index 0000000000000000000000000000000000000000..b1255f9fb9415e7a609bcaf15bbf73970f0bb558
--- /dev/null
+++ b/continuousintegration/docker/ctafrontend/cc7/opt/run/bin/init_library.sh
@@ -0,0 +1,78 @@
+#!/bin/bash
+
+LIBRARY_CONFIG_DIR=/etc/config/library
+
+function get_conf {
+ test -r ${LIBRARY_CONFIG_DIR}/$1 && cat ${LIBRARY_CONFIG_DIR}/$1 || echo -n UNDEF
+}
+
+LIBRARYTYPE=UNDEF
+
+echo "export LIBRARYTYPE=UNDEF" > /tmp/library-rc.sh
+
+
+case "$(get_conf library.type)" in
+ "UNDEF")
+ echo "library configmap is not defined"
+ ls ${LIBRARY_CONFIG_DIR}
+ exit 1
+ ;;
+ "mhvtl")
+ echo "Configuring mhvtl library"
+
+ if [ "-${driveslot}-" == "--" ]; then
+ echo "DRIVESLOT is not defined, using driveslot 0"
+ echo -n 0 > /tmp/driveslot
+ else
+ echo "DRIVESLOT is set using its value"
+ echo -n ${driveslot} > /tmp/driveslot
+ fi
+
+
+cat <<EOF >/tmp/library-rc.sh
+export LIBRARYTYPE=mhvtl
+export LIBRARYNAME=$(get_conf library.name)
+export LIBRARYDEVICE=$(get_conf library.device)
+export DRIVENAMES=$(get_conf library.drivenames)
+export DRIVEDEVICES=$(get_conf library.drivedevices)
+export TAPES=$(get_conf library.tapes)
+export driveslot=$(cat /tmp/driveslot)
+EOF
+ ;;
+ "ibm")
+ echo "Configuring ibm library"
+
+ if [ "-${driveslot}-" == "--" ]; then
+ echo "DRIVESLOT is not defined, taking first physical drive with a serial number in the list"
+ eval "export DRIVEDEVICES=$(get_conf library.drivedevices)"
+ eval "export DRIVESERIALS=$(get_conf library.driveserials)"
+ for i in "${!DRIVESERIALS[@]}"; do
+ MY_DRIVE_SERIAL=$(sg_inq /dev/${DRIVEDEVICES[$i]} | grep 'Unit serial number' | sed -e 's/ //g' | cut -d: -f2)
+ if [ "-${DRIVESERIALS[$i]}-" == "-${MY_DRIVE_SERIAL}-" ]; then
+ echo -n $i
+ break
+ fi
+ done > /tmp/driveslot
+ else
+ echo "DRIVESLOT is set using its value"
+ echo -n ${driveslot} > /tmp/driveslot
+ fi
+
+cat <<EOF >/tmp/library-rc.sh
+export LIBRARYTYPE=ibm
+export LIBRARYNAME=$(get_conf library.name)
+export LIBRARYDEVICE=$(get_conf library.device)
+export DRIVENAMES=$(get_conf library.drivenames)
+export DRIVEDEVICES=$(get_conf library.drivedevices)
+export DRIVESERIALS=$(get_conf library.driveserials)
+export TAPES=$(get_conf library.tapes)
+export driveslot=$(cat /tmp/driveslot)
+EOF
+ ;;
+ *)
+ echo "Error unknown library type: $(get_conf library.type)"
+ exit 1
+ ;;
+esac
+
+exit 0
diff --git a/continuousintegration/docker/ctafrontend/cc7/opt/run/bin/init_objectstore.sh b/continuousintegration/docker/ctafrontend/cc7/opt/run/bin/init_objectstore.sh
new file mode 100755
index 0000000000000000000000000000000000000000..dcc3346f5b8a3d0381607bdaf274665acb3c0956
--- /dev/null
+++ b/continuousintegration/docker/ctafrontend/cc7/opt/run/bin/init_objectstore.sh
@@ -0,0 +1,57 @@
+#!/bin/bash
+
+OBJECTSTORE_CONFIG_DIR=/etc/config/objectstore
+
+function get_conf {
+ test -r ${OBJECTSTORE_CONFIG_DIR}/$1 && cat ${OBJECTSTORE_CONFIG_DIR}/$1 || echo -n UNDEF
+}
+
+OBJECTSTORETYPE=UNDEF
+OBJECTSTOREURL=UNDEF
+
+rm -f /tmp/objectstore-rc.sh
+
+case "$(get_conf objectstore.type)" in
+ "UNDEF")
+ echo "objectstore configmap is not defined"
+ ls ${OBJECTSTORE_CONFIG_DIR}
+ exit 1
+ ;;
+
+ "ceph")
+ echo "Configuring ceph objectstore"
+
+ cat <<EOF >/etc/ceph/ceph.conf
+[global]
+ mon host = $(get_conf objectstore.ceph.mon):$(get_conf objectstore.ceph.monport)
+EOF
+
+ cat <<EOF >/etc/ceph/ceph.client.$(get_conf objectstore.ceph.id).keyring
+[client.$(get_conf objectstore.ceph.id)]
+ key = $(get_conf objectstore.ceph.key)
+ caps mon = "allow r"
+ caps osd = "allow rwx pool=$(get_conf objectstore.ceph.pool) namespace=$(get_conf objectstore.ceph.namespace)"
+EOF
+ OBJECTSTORETYPE=ceph
+ OBJECTSTOREURL="rados://$(get_conf objectstore.ceph.id)@$(get_conf objectstore.ceph.pool):$(get_conf objectstore.ceph.namespace)"
+ echo "export OBJECTSTORENAMESPACE=$(get_conf objectstore.ceph.namespace)" >> /tmp/objectstore-rc.sh
+ echo "export OBJECTSTOREID=$(get_conf objectstore.ceph.id)" >> /tmp/objectstore-rc.sh
+ echo "export OBJECTSTOREPOOL=$(get_conf objectstore.ceph.pool)" >> /tmp/objectstore-rc.sh
+ ;;
+ "file")
+ echo "Configuring file objectstore"
+ OBJECTSTORETYPE=file
+ OBJECTSTOREURL=$(echo $(get_conf objectstore.file.path) | sed -e "s#%NAMESPACE#${MY_NAMESPACE}#")
+ ;;
+ *)
+ echo "Error unknown objectstore type: $(get_conf objectstore.type)"
+ exit 1
+ ;;
+esac
+
+cat <<EOF >>/tmp/objectstore-rc.sh
+export OBJECTSTORETYPE=${OBJECTSTORETYPE}
+export OBJECTSTOREURL=${OBJECTSTOREURL}
+EOF
+
+exit 0
diff --git a/continuousintegration/docker/ctafrontend/cc7/opt/run/bin/init_pod.sh b/continuousintegration/docker/ctafrontend/cc7/opt/run/bin/init_pod.sh
new file mode 100755
index 0000000000000000000000000000000000000000..a42de022f7fd55188c843a34fb9e1ff095784c3a
--- /dev/null
+++ b/continuousintegration/docker/ctafrontend/cc7/opt/run/bin/init_pod.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+
+echo -n "Fixing reverse DNS for $(hostname): "
+sed -i -c "s/^\($(hostname -i)\)\s\+.*$/\1 $(hostname -s).$(grep search /etc/resolv.conf | cut -d\ -f2) $(hostname -s)/" /etc/hosts
+echo "DONE"
+
+# Not needed anymore, keep it in case it comes back
+#echo -n "Yum should resolve names using IPv4 DNS: "
+#echo "ip_resolve=IPv4" >> /etc/yum.conf
+#echo "DONE"
diff --git a/continuousintegration/docker/ctafrontend/cc7/opt/run/bin/kdc.sh b/continuousintegration/docker/ctafrontend/cc7/opt/run/bin/kdc.sh
new file mode 100755
index 0000000000000000000000000000000000000000..69710f983eececab4852c0d6ccbe7c761b0fba71
--- /dev/null
+++ b/continuousintegration/docker/ctafrontend/cc7/opt/run/bin/kdc.sh
@@ -0,0 +1,44 @@
+#!/bin/bash
+
+# Install missing RPMs (kdc)
+yum -y install heimdal-server heimdal-workstation
+
+# Init the kdc store
+echo -n "Initing kdc... "
+/usr/lib/heimdal/bin/kadmin -l -r TEST.CTA init --realm-max-ticket-life=unlimited --realm-max-renewable-life=unlimited TEST.CTA || (echo Failed. ; exit 1)
+echo Done.
+
+# Start kdc
+echo -n "Starting kdc... "
+/usr/libexec/kdc &
+echo Done.
+
+echo -n "Generating krb5.conf... "
+cat > /etc/krb5.conf << EOF_krb5
+[libdefaults]
+ default_realm = TEST.CTA
+
+[realms]
+ TEST.CTA = {
+ kdc=kdc
+ }
+EOF_krb5
+echo Done.
+
+# Populate KDC and generate keytab files
+echo -n "Populating kdc... "
+/usr/lib/heimdal/bin/kadmin -l -r TEST.CTA add --random-password --use-defaults admin1 admin2 user1 user2 cta/cta-frontend eos/eos-server
+
+/usr/lib/heimdal/bin/kadmin -l -r TEST.CTA ext_keytab --keytab=/root/admin1.keytab admin1
+/usr/lib/heimdal/bin/kadmin -l -r TEST.CTA ext_keytab --keytab=/root/admin2.keytab admin2
+/usr/lib/heimdal/bin/kadmin -l -r TEST.CTA ext_keytab --keytab=/root/user1.keytab user1
+/usr/lib/heimdal/bin/kadmin -l -r TEST.CTA ext_keytab --keytab=/root/user2.keytab user2
+/usr/lib/heimdal/bin/kadmin -l -r TEST.CTA ext_keytab --keytab=/root/cta-frontend.keytab cta/cta-frontend
+/usr/lib/heimdal/bin/kadmin -l -r TEST.CTA ext_keytab --keytab=/root/eos.keytab eos/eos-server
+echo Done.
+
+echo "### KDC ready ###"
+touch /root/kdcReady
+
+# sleep forever but exit immediately when pod is deleted
+exec /bin/bash -c "trap : TERM INT; sleep infinity & wait"
diff --git a/continuousintegration/docker/ctafrontend/cc7/opt/run/bin/rmcd.sh b/continuousintegration/docker/ctafrontend/cc7/opt/run/bin/rmcd.sh
new file mode 100755
index 0000000000000000000000000000000000000000..d425719f7a95222d9ca5b1581f2f62e3c1f4eed6
--- /dev/null
+++ b/continuousintegration/docker/ctafrontend/cc7/opt/run/bin/rmcd.sh
@@ -0,0 +1,24 @@
+#!/bin/sh
+
+yum-config-manager --enable cta-artifacts
+yum-config-manager --enable ceph
+yum-config-manager --enable castor
+
+# Install missing RPMs
+yum -y install mt-st mtx lsscsi sg3_utils cta-taped cta-debuginfo castor-rmc-server
+
+/shared/bin/init_pod.sh
+
+# source library configuration file
+echo "Using this configuration for library:"
+/shared/bin/init_library.sh
+cat /tmp/library-rc.sh
+. /tmp/library-rc.sh
+
+# to get rmcd logs to stdout
+mkfifo /var/log/castor/rmcd_legacy.log
+for ((;;)); do cat </var/log/castor/rmcd_legacy.log; done &
+disown
+
+ln -s /dev/${LIBRARYDEVICE} /dev/smc
+/usr/bin/rmcd -f /dev/smc
diff --git a/continuousintegration/docker/ctafrontend/cc7/opt/run/bin/taped.sh b/continuousintegration/docker/ctafrontend/cc7/opt/run/bin/taped.sh
new file mode 100755
index 0000000000000000000000000000000000000000..f1914852d858124f7eb779c76b2b303703c084c6
--- /dev/null
+++ b/continuousintegration/docker/ctafrontend/cc7/opt/run/bin/taped.sh
@@ -0,0 +1,78 @@
+#!/bin/sh
+
+yum-config-manager --enable cta-artifacts
+yum-config-manager --enable ceph
+yum-config-manager --enable castor
+
+# Install missing RPMs
+yum -y install mt-st mtx lsscsi sg3_utils cta-taped cta-debuginfo castor-rmc-server ceph-common
+
+/shared/bin/init_pod.sh
+
+echo "Using this configuration for library:"
+/shared/bin/init_library.sh
+cat /tmp/library-rc.sh
+. /tmp/library-rc.sh
+
+ln -s /dev/${LIBRARYDEVICE} /dev/smc
+#/usr/bin/rmcd -f /dev/smc&
+
+mkdir -p /etc/castor
+
+tpconfig="${DRIVENAMES[${driveslot}]} ${LIBRARYNAME} /dev/${DRIVEDEVICES[${driveslot}]} smc${driveslot}"
+
+/shared/bin/init_objectstore.sh
+. /tmp/objectstore-rc.sh
+
+echo "Configuring database"
+/shared/bin/init_database.sh
+. /tmp/database-rc.sh
+
+echo ${DATABASEURL} >/etc/cta/cta_catalogue_db.conf
+
+# cta-tapserverd setup
+# to be drop later
+ echo "${tpconfig}" > /etc/castor/TPCONFIG
+ echo "TapeServer ObjectStoreBackendPath $OBJECTSTOREURL" >/etc/castor/castor.conf
+ echo "TapeServer BufSize 5242880" >>/etc/castor/castor.conf
+ echo "TapeServer NbBufs 10" >>/etc/castor/castor.conf
+ echo "TapeServer EOSRemoteHostAndPort ${eoshost}" >>/etc/castor/castor.conf
+
+# cta-taped setup
+ echo "taped BufferCount 10" > /etc/cta/cta.conf
+ echo "general ObjectStoreURL $OBJECTSTOREURL" >> /etc/cta/cta.conf
+ echo "${tpconfig}" > /etc/cta/TPCONFIG
+
+
+####
+# configuring taped
+CTATAPEDSSS="cta_tape_server.keytab"
+
+# key generated with 'echo y | xrdsssadmin -k taped+ -u stage -g tape add /tmp/taped.keytab'
+#echo '0 u:stage g:tape n:taped+ N:6361736405290319874 c:1481207182 e:0 f:0 k:8e2335f24cf8c7d043b65b3b47758860cbad6691f5775ebd211b5807e1a6ec84' >> /etc/cta/${CTATAPEDSSS}
+echo -n '0 u:daemon g:daemon n:ctaeos+ N:6361884315374059521 c:1481241620 e:0 f:0 k:1a08f769e9c8e0c4c5a7e673247c8561cd23a0e7d8eee75e4a543f2d2dd3fd22' > /etc/cta/${CTATAPEDSSS}
+chmod 600 /etc/cta/${CTATAPEDSSS}
+chown stage /etc/cta/${CTATAPEDSSS}
+
+cat <<EOF > /etc/sysconfig/cta-taped
+export CTA_TAPED_OPTIONS="-fl /cta-taped.log"
+
+export XrdSecPROTOCOL=sss
+
+export XrdSecSSSKT=/etc/cta/${CTATAPEDSSS}
+
+EOF
+
+. /etc/sysconfig/cta-taped
+
+
+tail -F /cta-taped.log &
+
+# cta-taped is ran with runuser to avoid a bug with Docker that prevents both
+# the setresgid(-1, 1474, -1) and setresuid(-1, 14029, -1) system calls from
+# working correctly
+runuser -c "/bin/cta-taped ${CTA_TAPED_OPTIONS}"
+
+echo "taped died"
+
+sleep infinity