Changes

Nikolai.Hartmann · d8291597
--- a/Installation-instructions.md
+++ b/Installation-instructions.md
 **Note:** to just update the image, follow the instructions from
 - [Build image (using mkosi)](#build-image-using-mkosi)
 - [Set permissions for image](#set-permissions-for-image)
 - [Start and enable xcache service running in container](#start-and-enable-xcache-service-running-in-container)
 # Install packages on debian host system
 ```bash
 apt install acl dnf rpm git systemd-container rsync voms-clients
 # (possibly rpm is not needed for manual image building)
 ```
 # Clone git and checkout config files
 ```bash
 git clone https://gitlab.physik.uni-muenchen.de/Nikolai.Hartmann/xcache-nspawn-lrz.git
 # as root in repository dir
 cd xcache-nspawn-lrz
 # optional, in order to be able to push into the dir if no modifications
 git config receive.denyCurrentBranch updateInstead
-# remove everything, except .git
+```
-rm -r *
+Then, to checkout the files in git into the root filesystem (`/`):
-# checkout files to /
+```bash
-git config core.worktree /
+# remove everything, except .git
-git reset --hard
+rm -r *
-# list tracked files
+# checkout files to /
-git ls-files /
+git config core.worktree /
-# remove README
+git reset --hard
-rm /README.md
+# list tracked files
-git update-index --assume-unchanged /README.md
+git ls-files /
-```
+# remove README
+rm /README.md
-# Build image (using mkosi)
+git update-index --assume-unchanged /README.md
-```bash
+```
-cd /var/local/mkosi
-# if not existing yet
+# Build image (using mkosi)
-mkdir mkosi.cache
+```bash
-# generate image
+cd /var/local/mkosi
-img_name=xcache-$(date +%Y-%m-%d-%H%M)
+# if not existing yet
-mkosi -i -t directory -o /var/lib/machines/$img_name |& tee build_$img_name.log
+mkdir mkosi.cache
-```
+# generate image
+img_name=xcache-$(date +%Y-%m-%d-%H%M)
-**Alternative: Build image using manual `dnf --installroot`**
+mkosi -i -t directory -o /var/lib/machines/$img_name |& tee build_$img_name.log
-```bash
+```
-img_name=xcache-$(date +%Y-%m-%d-%H%M)
-build_image.sh /var/lib/machines/$img_name
+**Alternative: Build image using manual `dnf --installroot`**
-```
+```bash
+img_name=xcache-$(date +%Y-%m-%d-%H%M)
-**after building the image don't forget to [set the permissions for the image](#set-permissions-for-image)**
+build_image.sh /var/lib/machines/$img_name
+```
-# Create xrootd user in host system
-We will map the xrootd user id inside the container to one shifted by 65536 * 10 on the host system. This is an arbitrary choice and one should check this range of user ids is not used by anything else. One also has to be careful that the xrootd user id does not change when a new image is built. The image building script now force sets the user id to 1000 so this should be fine. See [[Migrate xrootd user]] for how to change the host xrootd user later if needed.
+**after building the image don't forget to [set the permissions for the image](#set-permissions-for-image)**
-```bash
-# for some reason that command might add a carriage return (therefore the sed) ...
+# Create xrootd user in host system
-XRD_UID_INSIDE=$(systemd-nspawn -D /var/lib/machines/$img_name id -u xrootd | sed 's/\r//')
+We will map the xrootd user id inside the container to one shifted by 65536 * 10 on the host system. This is an arbitrary choice and one should check this range of user ids is not used by anything else. One also has to be careful that the xrootd user id does not change when a new image is built. The image building script now force sets the user id to 1000 so this should be fine. See [[Migrate xrootd user]] for how to change the host xrootd user later if needed.
-XRD_GID_INSIDE=$(systemd-nspawn -D /var/lib/machines/$img_name id -g xrootd | sed 's/\r//')
+```bash
-let "XRD_UID_HOST = $XRD_UID_INSIDE + 65536 * 10"
+# for some reason that command might add a carriage return (therefore the sed) ...
-let "XRD_GID_HOST = $XRD_GID_INSIDE + 65536 * 10"
+XRD_UID_INSIDE=$(systemd-nspawn -D /var/lib/machines/$img_name id -u xrootd | sed 's/\r//')
-useradd --no-create-home --system -u $XRD_UID_HOST xrootd
+XRD_GID_INSIDE=$(systemd-nspawn -D /var/lib/machines/$img_name id -g xrootd | sed 's/\r//')
-groupmod -g $XRD_GID_HOST xrootd
+let "XRD_UID_HOST = $XRD_UID_INSIDE + 65536 * 10"
-```
+let "XRD_GID_HOST = $XRD_GID_INSIDE + 65536 * 10"
+useradd --no-create-home --system -u $XRD_UID_HOST xrootd
-# Set permissions for image
+groupmod -g $XRD_GID_HOST xrootd
-To be able to mount the image read-only the permissions need to be set correctly once. This can be achieved with the following command
+```
-```
-systemd-nspawn --volatile=no --private-users-chown --private-users=655360 -D /var/lib/machines/$img_name ls -la /
+# Set permissions for image
-```
+To be able to mount the image read-only the permissions need to be set correctly once. This can be achieved with the following command
+```
-# Copy xcache robot certificates to `/root/.globus` and add `/etc/vomses`
+systemd-nspawn --volatile=no --private-users-chown --private-users=655360 -D /var/lib/machines/$img_name ls -la /
+```
-# Directories for bind mounts
-Create directories for bind mounts and make them owned by xrootd where nescessary. Here one needs to check that the data directory is the correct path (e.g. the path where the raid system is mounted) and possibly adjust the bind mount in `/etc/systemd/nspawn/xcache.nspawn`
+# Copy xcache robot certificates to `/root/.globus` and add `/etc/vomses`
-Note: Assuming the data directories are under `/srv/xache` and are as configured in `/etc/xrootd/xcache.cfg`
+# Directories for bind mounts
-```bash
+Create directories for bind mounts and make them owned by xrootd where nescessary. Here one needs to check that the data directory is the correct path (e.g. the path where the raid system is mounted) and possibly adjust the bind mount in `/etc/systemd/nspawn/xcache.nspawn`
-mkdir -p /var/spool/xrootd /var/run/xrootd /srv/xcache/namespace /srv/xcache/xrdcinfos
-chown -R xrootd:xrootd /var/spool/xrootd /var/run/xrootd /srv/xcache
+Note: Assuming the data directories are under `/srv/xache` and are as configured in `/etc/xrootd/xcache.cfg`
+```bash
-# if not existing
+mkdir -p /var/spool/xrootd /var/run/xrootd /srv/xcache/namespace /srv/xcache/xrdcinfos
-mkdir -p /etc/grid-security
+chown -R xrootd:xrootd /var/spool/xrootd /var/run/xrootd /srv/xcache
-# if running with authentication and need host key
-setfacl -m "u:xrootd:r" /etc/grid-security/hostkey.pem
+# if not existing
-```
+mkdir -p /etc/grid-security
+# if running with authentication and need host key
-# Start and enable xcache service running in container
+setfacl -m "u:xrootd:r" /etc/grid-security/hostkey.pem
-The running image has to be linked to `/var/lib/machines/xcache` in order to pick up the configuration in `/etc/systemd/nspawn/xcache.nspawn`.
+```
-in case of existing installation (just updated image)
+# Start and enable xcache service running in container
-``` 
+The running image has to be linked to `/var/lib/machines/xcache` in order to pick up the configuration in `/etc/systemd/nspawn/xcache.nspawn`.
-rm /var/lib/machines/xcache
-```
+in case of existing installation (just updated image)
+``` 
-In any case
+rm /var/lib/machines/xcache
 ```
-ln -s /var/lib/machines/{$img_name,xcache}
-```
+In any case
+```
-In case of first installation
+ln -s /var/lib/machines/{$img_name,xcache}
 ```
-machinectl start xcache
-machinectl enable xcache
+In case of first installation
 ```
+machinectl start xcache
-In case of existing installation (just updated image)
+machinectl enable xcache
 ```
-systemctl restart systemd-nspawn@xcache
-```
+In case of existing installation (just updated image)
+```
+systemctl restart systemd-nspawn@xcache
+```