removing the complicated sed s for xrootd configuration file for the ctafrontend

99e894d3 · Julien Leduc · 82eb3448 · 99e894d3 · 99e894d3
Commit 99e894d3 authored 7 years ago by Julien Leduc
--- a/continuousintegration/docker/ctafrontend/cc7/config/ctafrontend/etc/xrootd/xrootd-cta.cfg
+++ b/continuousintegration/docker/ctafrontend/cc7/config/ctafrontend/etc/xrootd/xrootd-cta.cfg
@@ -18,13 +18,12 @@ xrootd.seclib libXrdSec.so

 # Protocol specification
 # The xroot server process needs to be able to read the keytab file
-#sec.protocol krb5 /etc/krb5.keytab.cta host/<host>@CERN.CH
-#sec.protocol sss -s /var/spool/xrootd/.xrd/sss.keytab -c /tmp/sss.keytab
-sec.protocol unix
+sec.protocol krb5 /etc/cta-frontend.krb5.keytab cta/cta-frontend@TEST.CTA
+sec.protocol sss -s /etc/ctafrontend_SSS_s.keytab -c /etc/ctafrontend_SSS_c.keytab
+#sec.protocol unix

 # Only Kerberos 5 and sss are allowed
-#sec.protbind * only sss
-sec.protbind 172.17.0* only unix
+sec.protbind * only sss krb5

 # Turn off asynchronous i/o
 xrootd.async off

--- a/continuousintegration/docker/ctafrontend/cc7/opt/run/bin/ctafrontend.sh
+++ b/continuousintegration/docker/ctafrontend/cc7/opt/run/bin/ctafrontend.sh
@@ -29,21 +29,12 @@ echo ${DATABASEURL} >/etc/cta/cta-catalogue.conf
 # EOS INSTANCE NAME used as username for SSS key
 EOSINSTANCE=ctaeos

-
 # Create SSS key for ctafrontend, must be forwardable in kubernetes realm
 echo y | xrdsssadmin -k ctafrontend+ -u ${EOSINSTANCE} -g cta add /etc/ctafrontend_SSS_s.keytab
 # copy it in the client file that contains only one SSS
 cp /etc/ctafrontend_SSS_s.keytab /etc/ctafrontend_SSS_c.keytab
 chmod 600 /etc/ctafrontend_SSS_s.keytab /etc/ctafrontend_SSS_c.keytab
 chown cta /etc/ctafrontend_SSS_s.keytab /etc/ctafrontend_SSS_c.keytab
-sed -i 's|.*sec.protocol sss.*|sec.protocol sss -s /etc/ctafrontend_SSS_s.keytab -c /etc/ctafrontend_SSS_c.keytab|' /etc/xrootd/xrootd-cta.cfg
-sed -i 's|.*sec.protocol unix.*|#sec.protocol unix|' /etc/xrootd/xrootd-cta.cfg
-
-# Hack the default xrootd-cta.cfg provided by the sources
-sed -i 's|.*sec.protocol krb5.*|sec.protocol krb5 /etc/cta-frontend.krb5.keytab cta/cta-frontend@TEST.CTA|' /etc/xrootd/xrootd-cta.cfg
-
-# Allow only SSS and krb5 for frontend
-sed -i 's|^sec.protbind .*|sec.protbind * only sss krb5|' /etc/xrootd/xrootd-cta.cfg

 # Wait for the keytab file to be pushed in by the creation script.
 echo -n "Waiting for /etc/cta-frontend.krb5.keytab"