Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use s-nail host mail server (FNAL/CERN) #1566

Merged
merged 1 commit into from
Jan 23, 2025
+29 −1
Merged

Use s-nail host mail server (FNAL/CERN) #1566

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion docker/pypi/wmagent/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
# syntax=docker/dockerfile-upstream:master
FROM registry.cern.ch/cmsweb/wmagent-base:pypi-20241107-stable
FROM registry.cern.ch/cmsweb/wmagent-base:pypi-20250121-stable
MAINTAINER Valentin Kuznetsov [email protected]

# TAG to be passed at build time through `--build-arg TAG=<WMA_TAG>`. Default: None
Expand Down
28 changes: 28 additions & 0 deletions docker/pypi/wmagent/wmagent-docker-run.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -72,17 +72,37 @@ ln -s $HOST_MOUNT_DIR/srv/wmagent /data/srv/wmagent
passwdEntry=$(getent passwd $wmaUser | awk -F : -v wmaHome="/home/$wmaUser" '{print $1 ":" $2 ":" $3 ":" $4 ":" $5 ":" wmaHome ":" $7}')
groupEntry=$(getent group $wmaGroup)

# @TODO: Create needed unix accounts in container, rather than bind mounting files from the host
# workaround case where Unix account is not in the local system (e.g. sssd)
[[ -d $HOST_MOUNT_DIR/admin/etc/ ]] || (mkdir -p $HOST_MOUNT_DIR/admin/etc) || exit $?

# Validation step
# Delete local docker passwd/group files if uucp is not present (so it can be recreated)
[[ -f "$HOST_MOUNT_DIR/admin/etc/passwd" ]] && ! grep -q uucp "$HOST_MOUNT_DIR/admin/etc/passwd" && {
rm $HOST_MOUNT_DIR/admin/etc/passwd
}
[[ -f "$HOST_MOUNT_DIR/admin/etc/group" ]] && ! grep -q uucp "$HOST_MOUNT_DIR/admin/etc/group" && {
rm $HOST_MOUNT_DIR/admin/etc/group
}

if ! [ -f $HOST_MOUNT_DIR/admin/etc/passwd ]; then
echo "Creating passwd file"
getent passwd > $HOST_MOUNT_DIR/admin/etc/passwd
echo $passwdEntry >> $HOST_MOUNT_DIR/admin/etc/passwd
# add back original system related unix users
echo "Debian-exim:x:103:105::/var/spool/exim4:/usr/sbin/nologin" >> $HOST_MOUNT_DIR/admin/etc/passwd
echo "_apt:x:100:65534::/nonexistent:/usr/sbin/nologin" >> $HOST_MOUNT_DIR/admin/etc/passwd
echo "uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin" >> $HOST_MOUNT_DIR/admin/etc/passwd
fi
if ! [ -f $HOST_MOUNT_DIR/admin/etc/group ]; then
echo "Creating group file"
getent group > $HOST_MOUNT_DIR/admin/etc/group
echo $groupEntry >> $HOST_MOUNT_DIR/admin/etc/group
# add back original system related groups
echo "Debian-exim:x:105:" >> $HOST_MOUNT_DIR/admin/etc/group
echo "messagebus:x:104:" >> $HOST_MOUNT_DIR/admin/etc/group
echo "crontab:x:103:" >> $HOST_MOUNT_DIR/admin/etc/group
echo "uucp:x:10:" >> $HOST_MOUNT_DIR/admin/etc/group
fi

# create regular mount points at runtime
Expand Down Expand Up @@ -116,6 +136,7 @@ $tnsMount \
--mount type=bind,source=/etc/sudoers.d,target=/etc/sudoers.d,readonly \
--mount type=bind,source=/etc/grid-security,target=/etc/grid-security,readonly \
--mount type=bind,source=/etc/vomses,target=/etc/vomses,readonly \
--mount type=bind,source=/etc/s-nail.rc,target=/etc/s-nail_host.rc,readonly \
"

registry=local
Expand Down Expand Up @@ -148,3 +169,10 @@ userStatus="$(docker exec -u root -it wmagent sh -c "passwd -S $wmaUser" | awk '
if [ "${userStatus:0:1}" == "P" ]; then
docker exec -u root -it wmagent sh -c "echo $wmaUser:$wmaUser | chpasswd"
fi

# Configure s-nail to use the host s-nail mail server
docker exec -u root -it wmagent cp /etc/s-nail_host.rc /etc/s-nail.rc
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was thinking that we could keep the modified s-nail.rc under $HOST_MOUNT_DIR/admin/etc/ and simply mount it from there to /etc/s-nail.rc. This way we could do some of this tweaking only once in a lifetime of an agent.

The update-alternatives seem to be still required though - but perhaps it could go to the wmagent Dockerfile?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Regarding update-alternatives, I agree this could be a further improvement.
Regarding keeping the modified s-nail.rc in $HOST_MOUNT_DIR/admin/etc/. What I'm afraid of in this case is that a s-nail update in the host could modify the host config and would not be in sync anymore (with a potential failure). We would need to add a verification step to make sure the config we have in $HOST_MOUNT_DIR/admin/etc/ without the tweaks match the host config, or update it and then tweak it otherwise.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's a good point! Thank you for this clarification, Kenyi.

docker exec -u root -it wmagent sh -c "printf 'set v15-compat\nset smtp-auth=none\nset mta=smtp://127.0.0.1:25' >> /etc/s-nail.rc"
# Change mail to use s-nail
docker exec -u root -it wmagent update-alternatives --install /usr/bin/mailx mailx /usr/bin/s-nail 50 --slave /usr/bin/mail mail /usr/bin/s-nail