Installing Rucio server

Prerequisites

The Rucio server runs on Python 2.6 and 2.7 on any Unix-like platform.

Install via pip

Heads up: We recommend to use the docker-based install (see next section) as it will configure many things for you automatically. Only use the pip-based install if you have a good reason and know how to configure your webservices manually:

pip install rucio

This will pull the latest release from PyPi. The Rucio server also needs several Python dependencies. These are all listed in the file tools/pip-requires and will be pulled in as necessary.

Install via docker

First, install the docker environment, e.g., for CentOS-based systems:

yum install docker

Afterwards, if you require it, enable the Grid Certificate Authority by adding /etc/yum.repos.d/ca.repo with content:

[carepo]
name=IGTF CA Repository
baseurl=http://linuxsoft.cern.ch/mirror/repository.egi.eu/sw/production/cas/1/current/
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/GPG-KEY-EUGridPMA-RPM-3

with the public key in file /etc/pki/rpm-gpg/GPG-KEY-EUGridPMA-RPM-3:

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.2.1 (GNU/Linux)

mQGiBELTiyYRBAD8goP2vWdf46e/stZvzgkBgJIFTMkHqZOpLqlCKTRGf4VHUASh
hdaktDtPx44fVO4E3zmugc7FP6xz/Hj3SqrUKt98vzF1EMb3i4UMCOBif+jM6VFS
N5N3gDEukNpP2h46LkNPbRPgAEeUmUZy4kTyB9xC/VA7d1sFx6sJZpCHiwCg7DNX
bj4Wuk5b+FyyCOg9++xabokEAJwt4+iyDX3uYZrkzh9hOXgrbBiyGrorAz3jOpqM
4L9+OKs5q9UsBwVXs5Zjei/irgxNjHNZCPo/V4f7o2CHxa88rn4GvstftSK6Oeey
8PaV3vdb5C5SRSbRgvxoUOo6eGVBpv8bVpKm//tNkTboHVsEAKQ1rYzx/m89aCZj
VCw5A/0c3E0rH4ZCeNg7yvta9ur3U7n/aFhzbU3wFLhcIndrPaufz5Sy/SYhOaS9
RgH36GbsmOq6JskdtSpBLq0768BUmrjcosgWl3REpMAZc4vvtb55WRYsrNSrqmXZ
/jHLjQkFHFdObIEcvxl+yIIwUxybMkvdxPZxnpGjF2gg6AoP7rQ5RVVHcmlkUE1B
IERpc3RyaWJ1dGlvbiBTaWduaW5nIEtleSAzIDxpbmZvQGV1Z3JpZHBtYS5vcmc+
iFkEExECABkFAkLTiyYECwcDAgMVAgMDFgIBAh4BAheAAAoJEMMtmcg827xx5PQA
oON2EH0dqfwNjGr1GlGyt1o5bWkzAJ0Y4QOPWaCIJFABoluX5nifjKWV9w==
=qXx1
-----END PGP PUBLIC KEY BLOCK-----

You can now yum install lcg-CA.

The next step is to generate a host certificate, which will be used by the webserver:

openssl pkcs12 -in hostCert.p12 -clcerts -nokeys -out /etc/grid-security/hostcert.pem
openssl pkcs12 -in hostCert.p12 -nocerts -nodes -out /etc/grid-security/hostkey.pem
chmod 0600 /etc/grid-security/hostkey.pem

You can now start the docker service:

service docker start

And finally start up the Rucio server:

docker run --privileged --name rucio-server -v /etc/hostname:/etc/hostname -v /var/log/httpd:/var/log/httpd -v /etc/grid-security/hostcert.pem:/etc/grid-security/hostcert.pem -v /etc/grid-security/hostkey.pem:/etc/grid-security/hostkey.pem -v /sys/fs/cgroup:/sys/fs/cgroup:ro -v /opt/rucio/etc:/opt/rucio/etc -v /etc/grid-security:/etc/grid-security -v /etc/pki:/etc/pki -d -p 443:443  gitlab-registry.cern.ch/rucio01/rucio/mysql_server

Voila. You have a Rucio server up and running.

Miscellaneous

Creating alembic.ini

The following is only needed if you didn’t bootstrap the database. First, enter the docker container:

docker exec -i -t rucio-server /bin/bash

Now, you’re inside the container and you can put in the configuration file etc/rucio.cfg a new [alembic] section:

[alembic]
cfg = alembic.ini

And create a new file alembic.ini with content:

# A generic, single database configuration.

[alembic]
# path to migration scripts
script_location =/usr/lib/python2.7/site-packages/rucio/db/sqla/migrate_repo
sqlalchemy.url = Replace by the DB string here

# Logging configuration
[loggers]
keys = root,sqlalchemy,alembic

[handlers]
keys = console

[formatters]
keys = generic

[logger_root]
level = WARN
handlers = console
qualname =

[logger_sqlalchemy]
level = WARN
handlers =
qualname = sqlalchemy.engine

[logger_alembic]
level = INFO
handlers =
qualname = alembic

[handler_console]
class = StreamHandler
args = (sys.stderr,)
level = NOTSET
formatter = generic

[formatter_generic]
format = %(levelname)-5.5s [%(name)s] %(message)s
datefmt = %H:%M:%S

Eventually, bootstrap the database and restart the webserver:

python /usr/rucio/tools/bootstrap.py
apachectl restart

Special characters in DIDs

To allow DIDs to contain the slash (/) character, one must add the directive

AllowEncodedSlashes on

to the

<VirtualHost>
...
</VirtualHost>

section of /etc/httpd/conf.d/rucio.conf