From 4f96d67ee26d5c5266ee14af6dbf8fc0cd7fbfde Mon Sep 17 00:00:00 2001
From: Marco Mambelli <marcom@fnal.gov>
Date: Sat, 21 Dec 2024 06:42:57 -0600
Subject: [PATCH] Moved GWMS install to a single script and added a developer
 install script to keep the testbed leaner and better test RPM dependencies

---
 .github/workflows/workspaces_build.yml        |  18 ++
 workspaces/testbed-workspace/Dockerfile       |  15 +-
 .../scripts/install-developer.sh              |  14 ++
 .../scripts/install-factory.sh                |  85 ---------
 .../scripts/install-frontend.sh               |  71 -------
 .../scripts/install-glideinwms.sh             | 180 ++++++++++++++++++
 6 files changed, 219 insertions(+), 164 deletions(-)
 create mode 100755 workspaces/testbed-workspace/scripts/install-developer.sh
 delete mode 100755 workspaces/testbed-workspace/scripts/install-factory.sh
 delete mode 100755 workspaces/testbed-workspace/scripts/install-frontend.sh
 create mode 100755 workspaces/testbed-workspace/scripts/install-glideinwms.sh

diff --git a/.github/workflows/workspaces_build.yml b/.github/workflows/workspaces_build.yml
index c4ded92..b554c68 100644
--- a/.github/workflows/workspaces_build.yml
+++ b/.github/workflows/workspaces_build.yml
@@ -208,3 +208,21 @@ jobs:
             BUILD_REF=${{env.GITHUB_REF}}
             BUILD_DATE=${{env.BUILD_DATE}}
             GWMS_VERSION=${{env.DH_PREFIX}}${{env.DH_LABEL}}
+
+      - name: Build and push testbed-workspace
+        id: docker_build_testbed_workspace
+        continue-on-error: true
+        if: ${{ ! inputs.sl7_build }}
+        uses: docker/build-push-action@v6
+        with:
+          push: true
+          platforms: ${{env.DH_PLATFORMS}}
+          context: workspaces
+          file: workspaces/testbed-workspace/Dockerfile
+          tags: glideinwms/testbed-workspace:${{env.DH_PREFIX}}${{env.DH_LABEL}}
+          build-args: |
+            BUILD_SHA=${{env.GITHUB_SHA}}
+            BUILD_HASH=${{env.GITHUB_HASH}}
+            BUILD_REF=${{env.GITHUB_REF}}
+            BUILD_DATE=${{env.BUILD_DATE}}
+            GWMS_VERSION=${{env.DH_PREFIX}}${{env.DH_LABEL}}
diff --git a/workspaces/testbed-workspace/Dockerfile b/workspaces/testbed-workspace/Dockerfile
index 5fce336..350f940 100644
--- a/workspaces/testbed-workspace/Dockerfile
+++ b/workspaces/testbed-workspace/Dockerfile
@@ -30,7 +30,7 @@ LABEL name="Testbed workspace with EL9 and utility scripts" \
 RUN echo "Building GWMS Testbed image ($BUILD_SHA/$BUILD_DATE) on $BUILDPLATFORM, for $TARGETPLATFORM"
 
 # Installing some base packages, the CRB repo, and the EPEL (epel-release)
-RUN dnf install -y epel-release yum-utils python3 wget sed git jq vim zsh sudo psmisc bind-utils mlocate && \
+RUN dnf install -y epel-release yum-utils sed wget && \
     dnf config-manager --set-enabled crb && \
     /bin/sed -i '/^enabled=1/a priority=99' /etc/yum.repos.d/epel.repo
 
@@ -39,14 +39,13 @@ RUN dnf install -y cronie supervisor initscripts ;\
     /usr/bin/wget https://raw.githubusercontent.com/gdraheim/docker-systemctl-replacement/master/files/docker/systemctl3.py -O /usr/local/bin/systemctl ;\
     /usr/bin/chmod +x /usr/local/bin/systemctl
 
-# Deploy GWMS aliases
-RUN /usr/bin/wget -O ~/.bash_aliases https://raw.githubusercontent.com/glideinWMS/dev-tools/master/.bash_aliases && \
-    . ~/.bash_aliases || true
+# htgettoken needs the OSG repo
+# Installing htgettoken
+# RUN dnf -y install htgettoken
+
+# Consider the following for FNAL kinit/kx509/...
+# krb5-workstation yum-conf-context-fermilab fermilab-util_kx509 fermilab-conf_kerberos
 
-# Installing htgettoken from source
-RUN dnf -y install krb5-devel python3-devel gcc;\
-    git clone https://github.com/fermitools/htgettoken.git /opt/htgettoken && \
-    pip install /opt/htgettoken/
 
 # This must be after all dnf/yum and pip commands
 # Cleaning YUM and DNF all caches (including disabled repos) and pip caches to reduce size of image
diff --git a/workspaces/testbed-workspace/scripts/install-developer.sh b/workspaces/testbed-workspace/scripts/install-developer.sh
new file mode 100755
index 0000000..a31a236
--- /dev/null
+++ b/workspaces/testbed-workspace/scripts/install-developer.sh
@@ -0,0 +1,14 @@
+#!/usr/bin/bash
+
+# SPDX-FileCopyrightText: 2020 Fermi Research Alliance, LLC
+# SPDX-License-Identifier: Apache-2.0
+
+# Install development software
+# Used to minimize the software installed in the base image (testbed-workspace)
+
+# Development tools
+dnf install -y python3 wget git jq vim zsh sudo psmisc bind-utils mlocate
+
+# Deploy GWMS aliases
+/usr/bin/wget -O ~/.bash_aliases https://raw.githubusercontent.com/glideinWMS/dev-tools/master/.bash_aliases && \
+    . ~/.bash_aliases || true
diff --git a/workspaces/testbed-workspace/scripts/install-factory.sh b/workspaces/testbed-workspace/scripts/install-factory.sh
deleted file mode 100755
index 47283f2..0000000
--- a/workspaces/testbed-workspace/scripts/install-factory.sh
+++ /dev/null
@@ -1,85 +0,0 @@
-#!/usr/bin/env bash
-
-
-### INTRO ###
-
-# Environment
-OSG_VERSION=24
-OSG_REPO=osg
-GWMS_REPO=osg-development
-
-# Argument parser
-while [ -n "$1" ];do
-    case "$1" in
-        --osg-repo)
-            OSG_REPO="$2"
-            shift
-            ;;
-        --gwms-repo)
-            GWMS_REPO="$2"
-            shift
-            ;;
-        --osg-version)
-            OSG_VERSION="$2"
-            shift
-            ;;
-        *)
-            echo "Parameter '$1' is not supported."
-            exit 1
-    esac
-    shift
-done
-
-
-### REPOSITORIES ###
-
-# OSG Repo
-dnf -y install "https://repo.osg-htc.org/osg/$OSG_VERSION-main/osg-$OSG_VERSION-main-el9-release-latest.rpm"
-
-
-### INSTALLATION ###
-
-# OSG
-yum install -y osg-ca-certs --enablerepo="$OSG_REPO"
-
-# Factory
-dnf -y install glideinwms-factory --enablerepo="$GWMS_REPO"
-
-
-### CONFIGURATION ###
-
-# GlideinWMS Factory configuration
-GWMS_CONFIG=/etc/gwms-factory/glideinWMS.xml
-cp /opt/config/factory/glideinWMS.xml $GWMS_CONFIG
-chown gfactory.gfactory $GWMS_CONFIG
-echo Updated Factory configuration
-
-# HTCondor configuration
-cp /opt/config/99-debug.conf /etc/condor/config.d
-cp /opt/config/99-cafile.conf /etc/condor/config.d
-
-# Condor tarball
-CONDOR_TARBALL_URLS="
-https://research.cs.wisc.edu/htcondor/tarball/10/10.x/10.6.0/release/condor-10.6.0-$(arch)_AlmaLinux9-stripped.tar.gz
-https://research.cs.wisc.edu/htcondor/tarball/9.0/9.0.18/release/condor-9.0.18-x86_64_CentOS7-stripped.tar.gz
-"
-CONDOR_TARBALL_PATH=/var/lib/gwms-factory/condor
-[ ! -d $CONDOR_TARBALL_PATH ] && mkdir -p $CONDOR_TARBALL_PATH
-pushd $CONDOR_TARBALL_PATH || exit 3
-for CONDOR_TARBALL_URL in $CONDOR_TARBALL_URLS; do
-    wget "$CONDOR_TARBALL_URL"
-    CONDOR_TARBALL=$(echo "$CONDOR_TARBALL_URL" | awk -F'/' '{print $NF}')
-    tar -xf "$CONDOR_TARBALL"
-done
-popd || exit 4
-
-
-### STARTUP ###
-
-GWMS_DIR=/opt/gwms
-bash /opt/scripts/create-host-certificate.sh -d "$GWMS_DIR"/secrets
-bash /opt/scripts/create-idtokens.sh -a
-systemctl start httpd
-systemctl start condor
-gwms-factory upgrade
-systemctl start gwms-factory
diff --git a/workspaces/testbed-workspace/scripts/install-frontend.sh b/workspaces/testbed-workspace/scripts/install-frontend.sh
deleted file mode 100755
index 0c10a5c..0000000
--- a/workspaces/testbed-workspace/scripts/install-frontend.sh
+++ /dev/null
@@ -1,71 +0,0 @@
-#!/usr/bin/env bash
-
-
-### INTRO ###
-
-# Environment
-OSG_VERSION=24
-OSG_REPO=osg
-GWMS_REPO=osg-development
-
-# Argument parser
-while [ -n "$1" ];do
-    case "$1" in
-        --osg-repo)
-            OSG_REPO="$2"
-            shift
-            ;;
-        --gwms-repo)
-            GWMS_REPO="$2"
-            shift
-            ;;
-        --osg-version)
-            OSG_VERSION="$2"
-            shift
-            ;;
-        *)
-            echo "Parameter '$1' is not supported."
-            exit 1
-    esac
-    shift
-done
-
-
-### REPOSITORIES ###
-
-# OSG Repo
-dnf -y install "https://repo.osg-htc.org/osg/$OSG_VERSION-main/osg-$OSG_VERSION-main-el9-release-latest.rpm"
-
-
-### INSTALLATION ###
-
-# OSG
-yum install -y osg-ca-certs --enablerepo="$OSG_REPO"
-
-# Frontend
-dnf -y install glideinwms-vofrontend --enablerepo="$GWMS_REPO"
-
-
-### CONFIGURATION ###
-
-# GlideinWMS Frontend configuration
-GWMS_CONFIG=/etc/gwms-frontend/frontend.xml
-cp /opt/config/frontend/frontend.xml $GWMS_CONFIG
-chown frontend.frontend $GWMS_CONFIG
-echo Updated Frontend configuration
-
-# HTCondor configuration
-cp /opt/config/99-debug.conf /etc/condor/config.d
-cp /opt/config/99-cafile.conf /etc/condor/config.d
-
-
-### STARTUP ###
-
-GWMS_DIR=/opt/gwms
-bash /opt/scripts/create-host-certificate.sh -d "$GWMS_DIR"/secrets
-bash /opt/scripts/create-idtokens.sh -r
-bash /opt/scripts/create-scitoken.sh
-systemctl start httpd
-systemctl start condor
-gwms-frontend upgrade
-systemctl start gwms-frontend
diff --git a/workspaces/testbed-workspace/scripts/install-glideinwms.sh b/workspaces/testbed-workspace/scripts/install-glideinwms.sh
new file mode 100755
index 0000000..d0011f7
--- /dev/null
+++ b/workspaces/testbed-workspace/scripts/install-glideinwms.sh
@@ -0,0 +1,180 @@
+#!/usr/bin/bash
+
+# SPDX-FileCopyrightText: 2020 Fermi Research Alliance, LLC
+# SPDX-License-Identifier: Apache-2.0
+
+# Install on EL9 the GlideinWMS software from a specific repository
+
+
+### INTRO ###
+
+# Environment
+OSG_VERSION=24
+OSG_REPO=
+GWMS_REPO=osg-development
+GWMS_SW=
+# Outside mounted directory with shared files
+GWMS_DIR=/opt/gwms
+
+help(){
+    cat <<EOF 
+$0 [options]
+Install the EL9 version of the specified GlideinWMS software
+--osg-repo OSG_REPO         Set the repository for the OSG osg-ca-certs, e.g. osg-development, osg (defaults to GWMS_REPO)
+--gwms-repo GWMS_REPO       Set the GlideinWMS repository, e.g. osg-development (default), osg, upcoming-development
+--osg-version OSG_VERSION   Set the OSG version, e.g. 24 (default), 23
+--factory                   Install the Factory
+--frontend                  Install the Frontend
+You cannot set both --factory and --frontend. If none is set the script tries to guess from the hostname
+EOF
+}
+
+# Argument parser
+while [ -n "$1" ];do
+    case "$1" in
+        --osg-repo)
+            OSG_REPO="$2"
+            shift
+            ;;
+        --gwms-repo)
+            GWMS_REPO="$2"
+            shift
+            ;;
+        --osg-version)
+            OSG_VERSION="$2"
+            shift
+            ;;
+        --factory)
+            GWMS_SW=factory
+            ;;
+        --frontend)
+            GWMS_SW=vofrontend
+            ;;
+        *)
+            echo "Parameter '$1' is not supported."
+            help
+            exit 1
+    esac
+    shift
+done
+
+if [[ -z "$GWMS_SW" ]]; then
+    myhost=$(hostname)
+    if [[ "$myhost" = *factory* ]]; then
+        GWMS_SW=factory
+    elif [[ "$myhost" = *frontend* ]]; then
+        GWMS_SW=vofrontend
+    else
+        echo "Unable to determine what to install"
+        help
+        exit 1
+    fi
+fi
+
+if [[ -z "$OSG_REPO" ]]; then
+    OSG_REPO="$GWMS_REPO"
+fi
+
+
+### INSTALLATION ###
+
+do_install(){
+    # Install the OSG repository, common OSG packages, and the GlideinWMS software
+    
+    # OSG Repo
+    dnf -y install "https://repo.osg-htc.org/osg/$OSG_VERSION-main/osg-$OSG_VERSION-main-el9-release-latest.rpm"
+    
+    # OSG packages
+    dnf install -y --enablerepo="$OSG_REPO" osg-ca-certs htgettoken  
+
+    # Install the GlideinWMS Factory/Frontend
+    dnf install -y --enablerepo="$GWMS_REPO" glideinwms-$GWMS_SW
+}
+
+install_factory(){
+    # Install the GlideinWMS Factory
+    dnf install -y --enablerepo="$GWMS_REPO" glideinwms-factory
+}
+
+install_frontend(){
+    # Frontend
+    dnf install -y --enablerepo="$GWMS_REPO" glideinwms-vofrontend
+}
+
+
+### CONFIGURATION ###
+
+configure_common(){
+    # HTCondor configuration
+    cp /opt/config/99-debug.conf /etc/condor/config.d
+    cp /opt/config/99-cafile.conf /etc/condor/config.d
+}
+
+configure_factory(){
+    # GlideinWMS Factory configuration
+    GWMS_CONFIG=/etc/gwms-factory/glideinWMS.xml
+    cp /opt/config/factory/glideinWMS.xml $GWMS_CONFIG
+    chown gfactory.gfactory $GWMS_CONFIG
+    echo Updated Factory configuration
+        
+    # Condor tarball
+    CONDOR_TARBALL_URLS="
+    https://research.cs.wisc.edu/htcondor/tarball/10/10.x/10.6.0/release/condor-10.6.0-$(arch)_AlmaLinux9-stripped.tar.gz
+    https://research.cs.wisc.edu/htcondor/tarball/9.0/9.0.18/release/condor-9.0.18-x86_64_CentOS7-stripped.tar.gz
+    "
+    CONDOR_TARBALL_PATH=/var/lib/gwms-factory/condor
+    [ ! -d $CONDOR_TARBALL_PATH ] && mkdir -p $CONDOR_TARBALL_PATH
+    pushd $CONDOR_TARBALL_PATH || exit 3
+    for CONDOR_TARBALL_URL in $CONDOR_TARBALL_URLS; do
+        wget "$CONDOR_TARBALL_URL"
+        CONDOR_TARBALL=$(echo "$CONDOR_TARBALL_URL" | awk -F'/' '{print $NF}')
+        tar -xf "$CONDOR_TARBALL"
+    done
+    popd || exit 4
+}
+
+configure_frontend(){
+    # GlideinWMS Frontend configuration
+    GWMS_CONFIG=/etc/gwms-frontend/frontend.xml
+    cp /opt/config/frontend/frontend.xml $GWMS_CONFIG
+    chown frontend.frontend $GWMS_CONFIG
+    echo Updated Frontend configuration
+}
+
+
+### STARTUP ###
+
+start_common(){
+    bash /opt/scripts/create-host-certificate.sh -d "$GWMS_DIR"/secrets
+    bash /opt/scripts/create-idtokens.sh -a
+    systemctl start httpd
+    systemctl start condor    
+}
+
+start_factory(){
+    gwms-factory upgrade
+    systemctl start gwms-factory    
+}
+
+start_frontend(){
+    bash /opt/scripts/create-scitoken.sh
+    gwms-frontend upgrade
+    systemctl start gwms-frontend
+}
+
+
+### MAIN ###
+
+do_install
+configure_common
+if [[ "$GWMS_SW" = factory ]]; then
+    configure_factory
+else
+    configure_frontend
+fi
+start_common
+if [[ "$GWMS_SW" = factory ]]; then
+    start_factory
+else
+    start_frontend
+fi