Installing Docker CREAM CE

GRID CERTIFICATES

Request, download and import the certificate host machine at https://ca.cern.ch

GIT REPOSITORY SETUP

git clone https://github.com/WLCG-Lightweight-Sites/wlcg_lightweight_site_ce_cream
cd wlcg_lightweight_site_ce_cream

mkdir ./yaim/ce-config/host-certificates
cd ./yaim/ce-config/host-certificates/

Copy the host certificate obtained in the previous step to ./yaim/ce-config/host-certificates. In this example, the host certificate is named ce-simple.p12

openssl pkcs12 -in ./yaim/ce-config/host-certificates/ce-simple.p12 -clcerts -nokeys -out./yaim/ce-config/host-certificates/hostcert.pem
openssl pkcs12 -in ./yaim/ce-config/host-certificates/ce-simple.p12 -nocerts -nodes -out ./yaim/ce-config/host-certificates/hostkey.pem

chmod -R 744 ./yaim/ce-config
chmod 0600 ./yaim/ce-config/host-certificates/host*

DOCKER AND DOCKER SERVICE

Now follow the Steps to install docker mentioned in : https://github.com/WLCG-Lightweight-Sites/wlcg_lightweight_site_ce_cream/tree/master/yaim
Enable and start docker service

systemctl enable docker
systemctl start docker

Shutdown and disable the Firewall

systemctl disable firewalld
systemctl stop firewalld

Disable SELINUX editing the config file and Change to "Disable"

vim /etc/selinux/config

shutdown -r now

Docker Swarm on the Server (CREAM)

Configuring a overlay Docker network between Sever (CREAM) and Client machines (WNs)

On the CREAM create a overlay network

sudo docker swarm init

sudo docker network create --attachable --driver=overlay --subnet=10.0.1.0/24 simple

sudo docker network ls

docker swarm join-token worker

Include the real ip to hosts file inside docker container

docker exec -it ce-simple01.cat.cbpf.br bash

chkconfig iptables off

vi /etc/hosts

XXX.XXX.XXX.XXX ce-simple.cern.ch

DOCKER SWARM WN

On the client side(Workernode) we will attach to the main network:

sudo docker swarm join --token YOUR-TOKEN CREAMIPADDRES:2377

Ref:https://docs.docker.com/engine/swarm/#whats-next

Fixing knowhosts

/usr/sbin/edg-pbs-knownhosts
/usr/sbin/edg-pbs-shostsequiv

Testing (need to be done at WN side)

ssh wn-simple10

su - dteam001
ssh ce-simple01

Useful docker commands

List all exited containers

docker ps -aq -f status=exited

Remove stopped containers

docker ps -aq --no-trunc -f status=exited | xargs docker rm

This command will not remove running containers, only an error message will be printed out for each of them.

Remove dangling/untagged images

docker images -q --filter dangling=true | xargs docker rmi

Remove containers created after a specific container

docker ps --since a1bz3768ez7g -q | xargs docker rm

Remove containers created before a specific container

docker ps --before a1bz3768ez7g -q | xargs docker rm

Reference: https://zaiste.net/removing_docker_containers/

Provide feedback

Saved searches

Use saved searches to filter your results more quickly