reana-auth-rucio
provides a container image for creating the right Rucio configuration
for REANA workflow jobs. The container image includes no additional logic or libraries,
just the bare minimum to support Rucio. The image is configured to support authentication
for the four experiments at CERN's Large Hadron Collider (ALICE, ATLAS, CMS, LHCb), as
well as ESCAPE Virtual Organization.
reana-auth-rucio
was developed for use in the REANA reusable
research data analysis platform.
You can use reana-auth-rucio
as a base image, however it was built to be used as a
sidecar container with the single purpose of creating the right Rucio configuration. Once
obtained, the configuration files are shared with the main container using common
namespaces.
The end users can ask for Rucio support by means of declaring rucio: true
. Currently,
the container requires VOMS authentication meaning that voms_proxy: true
has also to be
declared, enabling the
reana-auth-vomsproxy sidecar
container.
Inside the container Rucio commands can be executed, for example via:
$ rucio whoami
Building the container and successfully obtaining Rucio configuration requires additional files present in this repository:
files/CERN-bundle.pem
downloaded from Rucio GitLab repository;files/rucio.cfg.j2
Rucio configuration template.
- Adds more WLCG certificates to facilitate data access to outside-CERN sites.
- Changes Rucio client version to 1.30.0.
- Changes installation to use fully-qualified container image names to be Podman friendly.
- Fixes EGI trustanchors installation troubles by switching to CERN CA bundles.
- Initial release.
You can build the reana-auth-rucio
image by optionally passing the build arguments
BASETAG
in order to specify the tag of rucio/rucio-clients
.
For more information about REANA reusable research data analysis platform, please see its documentation.