Upload files

FROM almalinux:9.6

RUN dnf install -y epel-release && dnf clean all

RUN curl -L https://xrootd.web.cern.ch/xrootd.repo -o /etc/yum.repos.d/xrootd.repo && \

    dnf install -y xrootd-5.9.0-1.el9 xrootd-scitokens-5.9.0-1.el9 && \

    dnf clean all

USER xrootd

ENTRYPOINT ["/usr/bin/xrootd"]

CMD ["-c", "/etc/xrootd/xrootd-http.cfg"]

---

name: xrootd

services:

  xrootd:

    container_name: xrootd

    image: xrootd:5.9.0

    build:

      context: .

      dockerfile: Dockerfile

      platforms:

        - linux/amd64

    ports:

      - 80:8443

    volumes:

      - type: bind

        source: ./etc/xrootd/Authfile

        target: /etc/xrootd/Authfile

        read_only: true

      - type: bind

        source: ./etc/xrootd/scitokens.cfg

        target: /etc/xrootd/scitokens.cfg

        read_only: true

      - type: bind

        source: ./etc/xrootd/xrootd-http.cfg

        target: /etc/xrootd/xrootd-http.cfg

        read_only: true

      - type: volume

        source: data

        target: /data

        volume:

          nocopy: true

volumes:

  data:

    name: xrootd-data

    external: true

# Allow access to /data

g * /data a

[Global]

onmissing = passthrough

audience = rucio

[Issuer SKA-IAM]

issuer =  https://ska-iam.stfc.ac.uk/

base_path = /data

map_subject = false

###########################################################################

# This is a very simple sample configuration file sufficient to start an  #

# xrootd data server using the default port 1094 plus http protocol on    #

# port 80. This server runs by itself (stand-alone) and does not assume   #

# it is part of a cluster. You can then connect to this server to access  #

# files in '/tmp'. Consult the the reference manuals on how to create     #

# more complicated configurations and set the host cert and key for http. #

#                                                                         #

# On successful start-up you will see 'initialization completed' in the   #

# last message. You can now connect to the xrootd server.                 #

#                                                                         #

# Note: You should always create a *single* configuration file for all    #

# daemons related to xrootd.                                              #

###########################################################################

# The export directive indicates which paths are to be exported. While the

# default is '/tmp', we indicate it anyway to show you this directive.

#

all.export /data

# The adminpath and pidpath variables indicate where the pid and various

# IPC files should be placed

#

all.adminpath /var/spool/xrootd

all.pidpath /run/xrootd

# Site name

all.sitename ITSRC-RSE

# Load the http protocol, indicate that it should be served on port 80.

# The socket bound to port 80 has to be preallocated by the systemd

# xrdhttp.socket (requires systemd!).

#

# In order to enable the xrdhttp.socket run:

#	systemctl enable xrdhttp@http.socket

# In order to start the xrdhttp.socket run:

#	systemctl start xrdhttp@http.socket

#

xrd.protocol XrdHttp:8443 libXrdHttp.so

# Enable Security

xrootd.seclib libXrdSec.so

sec.level all compatible

# Authentication and Authorization

ofs.authorize 1

ofs.authlib ++ libXrdAccSciTokens.so config=/etc/xrootd/scitokens.cfg

acc.authdb /etc/xrootd/Authfile

acc.audit deny

acc.authrefresh 60

# Pass the bearer token to the authorization framework

http.header2cgi Authorization authz

# Enable checksum

xrootd.chksum adler32

# Only for debugging (comment out after setup is done)

#scitokens.trace all

#ofs.trace all

#pfc.trace all

#xrd.trace all -sched

#pss.setopt DebugLevel 5

# More configuration files can be added in /etc/xrootd/config.d/

# For example /etc/xrootd/config.d/10-mygrid.cfg and

# /etc/xrootd/config.d/98-mysite-specifics.cfg

#

continue /etc/xrootd/config.d/