Ubuntu22: add creation of image

.github/workflows/images-creator.yml

@@ -21,7 +21,7 @@ jobs:
   build:
     strategy:
       matrix:
-        image: ["centos7", "centos8", "el9"]
+        image: ["centos7", "centos8", "el9", "ubuntu2204"]
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3

ubuntu2204/Dockerfile

@@ -0,0 +1,56 @@
+FROM ubuntu:22.04
+LABEL maintainer="andresailer"
+
+# Suppress debconf messages for user interaction during installations
+COPY misc/keyboard /etc/default/keyboard
+ENV DEBIAN_FRONTEND noninteractive
+
+# Install krb5.conf (before installing krb5-user)
+COPY krb5.conf/common /etc/krb5.conf
+
+# Install native packages
+COPY packages.txt /tmp/packages
+RUN apt-get update \
+    && apt-get install -y --no-install-recommends apt-utils \
+    && apt-get upgrade -y \
+    && apt-get install -y $(cat /tmp/packages) \
+    && rm -fv /tmp/packages \
+    && locale-gen en_US.UTF-8 \
+    && rm -rfv /var/lib/apt/lists/*
+
+# Install network file transfer programs
+RUN apt-get update \
+    && apt-get install -y curl \
+    && apt-get install -y wget \
+    && rm -fv /tmp/packages \
+    && rm -rfv /var/lib/apt/lists/*
+
+# Xrootd client from CERN debian repository
+RUN echo "deb http://storage-ci.web.cern.ch/storage-ci/debian/xrootd/ focal release" > /etc/apt/sources.list.d/xrootd.list
+RUN curl -sL http://storage-ci.web.cern.ch/storage-ci/storageci.key -o /tmp/storageci.key \
+    && APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 apt-key add /tmp/storageci.key \
+    && rm -fr /tmp/storageci.key
+RUN apt-get update && apt-get install -y xrootd-client
+
+# Set the correct timezone
+RUN ln -sf /usr/share/zoneinfo/Europe/Zurich /etc/localtime
+
+# Add some subfolders in the $HOME folder
+RUN mkdir /root/.ssh \
+    && mkdir /root/.ccache
+
+# Setup SSH configuration
+COPY misc/config /root/.ssh/config
+RUN chmod 600 /root/.ssh/config
+
+# Setup ccache
+RUN mkdir -p /ccache
+COPY misc/ccache.conf /root/.ccache/ccache.conf
+RUN cp $( which ccache ) /usr/local/bin \
+    && ln -s /usr/local/bin/ccache /usr/local/bin/gcc \
+    && ln -s /usr/local/bin/ccache /usr/local/bin/g++ \
+    && ln -s /usr/local/bin/ccache /usr/local/bin/cc \
+    && ln -s /usr/local/bin/ccache /usr/local/bin/c++
+
+# Run bash as default command
+CMD ["/bin/bash"]

ubuntu2204/krb5.conf/common

@@ -0,0 +1,97 @@
+; AD  : This Kerberos configuration is for CERN's Active Directory realm
+; The line above this is magic and is used by cern-config-keytab. Do
+; not remove.
+
+; Installed with puppet from a series of
+; template fragments.
+
+; /etc/krb5.conf
+
+[libdefaults]
+ default_realm = CERN.CH
+ ticket_lifetime = 25h
+ renew_lifetime = 120h
+ forwardable = true 
+ proxiable = true
+ default_tkt_enctypes = arcfour-hmac-md5 aes256-cts aes128-cts des3-cbc-sha1 des-cbc-md5 des-cbc-crc
+ chpw_prompt = true
+ allow_weak_crypto = true
+
+
+[appdefaults]
+pam = {
+         external = true
+         krb4_convert = false
+         krb4_convert_524 = false
+         krb4_use_as_req = false
+}
+
+[domain_realm]
+.cern.ch = CERN.CH
+.fnal.gov = FNAL.GOV
+.hep.man.ac.uk = HEP.MAN.AC.UK
+.in2p3.fr = IN2P3.FR
+# No default domain for KFKI.HU specified.
+
+[realms]
+# Start of puppet output for CERN.CH
+ CERN.CH  = {
+  default_domain = cern.ch
+  kpasswd_server = cerndc.cern.ch
+  admin_server = cerndc.cern.ch
+   kdc = cerndc.cern.ch
+    v4_name_convert = {
+     host = {
+        rcmd = host
+     }
+   }
+ }
+
+
+# Start of puppet output for FNAL.GOV
+ FNAL.GOV  = {
+  default_domain = fnal.gov
+  admin_server = krb-fnal-admin.fnal.gov
+   kdc = krb-fnal-fcc3.fnal.gov:88
+   kdc = krb-fnal-2.fnal.gov:88
+   kdc = krb-fnal-3.fnal.gov:88
+   kdc = krb-fnal-1.fnal.gov:88
+   kdc = krb-fnal-4.fnal.gov:88
+   kdc = krb-fnal-enstore.fnal.gov:88
+   kdc = krb-fnal-fg2.fnal.gov:88
+   kdc = krb-fnal-cms188.fnal.gov:88
+   kdc = krb-fnal-cms204.fnal.gov:88
+   kdc = krb-fnal-d0online.fnal.gov:88
+ }
+
+
+# Start of puppet output for HEP.MAN.AC.UK
+ HEP.MAN.AC.UK  = {
+  default_domain = hep.man.ac.uk
+  kpasswd_server = afs4.hep.man.ac.uk
+  admin_server = afs4.hep.man.ac.uk
+   kdc = afs1.hep.man.ac.uk
+   kdc = afs2.hep.man.ac.uk
+   kdc = afs3.hep.man.ac.uk
+   kdc = afs4.hep.man.ac.uk
+ }
+
+
+# Start of puppet output for IN2P3.FR
+ IN2P3.FR  = {
+  default_domain = in2p3.fr
+  kpasswd_server = kerberos-admin.in2p3.fr
+  admin_server = kerberos-admin.in2p3.fr
+   kdc = kerberos-1.in2p3.fr
+   kdc = kerberos-2.in2p3.fr
+   kdc = kerberos-3.in2p3.fr
+ }
+
+
+# Start of puppet output for KFKI.HU
+ KFKI.HU  = {
+  admin_server = kerberos.kfki.hu
+   kdc = kerberos.kfki.hu
+ }
+
+

ubuntu2204/krb5.conf/rhel

@@ -0,0 +1,97 @@
+; AD  : This Kerberos configuration is for CERN's Active Directory realm
+; The line above this is magic and is used by cern-config-keytab. Do
+; not remove.
+
+; Installed with puppet from a series of
+; template fragments.
+
+; /etc/krb5.conf
+
+[libdefaults]
+ default_realm = CERN.CH
+ ticket_lifetime = 25h
+ renew_lifetime = 120h
+ forwardable = true 
+ proxiable = true
+ default_tkt_enctypes = arcfour-hmac-md5 aes256-cts aes128-cts des3-cbc-sha1 des-cbc-md5 des-cbc-crc
+ chpw_prompt = true
+ allow_weak_crypto = true
+
+
+[appdefaults]
+pam = {
+         external = true
+         krb4_convert = false
+         krb4_convert_524 = false
+         krb4_use_as_req = false
+}
+
+[domain_realm]
+.cern.ch = CERN.CH
+.fnal.gov = FNAL.GOV
+.hep.man.ac.uk = HEP.MAN.AC.UK
+.in2p3.fr = IN2P3.FR
+# No default domain for KFKI.HU specified.
+
+[realms]
+# Start of puppet output for CERN.CH
+ CERN.CH  = {
+  default_domain = cern.ch
+  kpasswd_server = cerndc.cern.ch
+  admin_server = cerndc.cern.ch
+   kdc = cerndc.cern.ch
+    v4_name_convert = {
+     host = {
+        rcmd = host
+     }
+   }
+ }
+
+
+# Start of puppet output for FNAL.GOV
+ FNAL.GOV  = {
+  default_domain = fnal.gov
+  admin_server = krb-fnal-admin.fnal.gov
+   kdc = krb-fnal-fcc3.fnal.gov:88
+   kdc = krb-fnal-2.fnal.gov:88
+   kdc = krb-fnal-3.fnal.gov:88
+   kdc = krb-fnal-1.fnal.gov:88
+   kdc = krb-fnal-4.fnal.gov:88
+   kdc = krb-fnal-enstore.fnal.gov:88
+   kdc = krb-fnal-fg2.fnal.gov:88
+   kdc = krb-fnal-cms188.fnal.gov:88
+   kdc = krb-fnal-cms204.fnal.gov:88
+   kdc = krb-fnal-d0online.fnal.gov:88
+ }
+
+
+# Start of puppet output for HEP.MAN.AC.UK
+ HEP.MAN.AC.UK  = {
+  default_domain = hep.man.ac.uk
+  kpasswd_server = afs4.hep.man.ac.uk
+  admin_server = afs4.hep.man.ac.uk
+   kdc = afs1.hep.man.ac.uk
+   kdc = afs2.hep.man.ac.uk
+   kdc = afs3.hep.man.ac.uk
+   kdc = afs4.hep.man.ac.uk
+ }
+
+
+# Start of puppet output for IN2P3.FR
+ IN2P3.FR  = {
+  default_domain = in2p3.fr
+  kpasswd_server = kerberos-admin.in2p3.fr
+  admin_server = kerberos-admin.in2p3.fr
+   kdc = kerberos-1.in2p3.fr
+   kdc = kerberos-2.in2p3.fr
+   kdc = kerberos-3.in2p3.fr
+ }
+
+
+# Start of puppet output for KFKI.HU
+ KFKI.HU  = {
+  admin_server = kerberos.kfki.hu
+   kdc = kerberos.kfki.hu
+ }
+
+

ubuntu2204/krb5.conf/ubuntu

@@ -0,0 +1,96 @@
+[libdefaults]
+	default_realm = CERN.CH
+
+# The following krb5.conf variables are only for MIT Kerberos.
+	kdc_timesync = 1
+	ccache_type = 4
+	forwardable = true
+	proxiable = true
+
+# The following encryption type specification will be used by MIT Kerberos
+# if uncommented.  In general, the defaults in the MIT Kerberos code are
+# correct and overriding these specifications only serves to disable new
+# encryption types as they are added, creating interoperability problems.
+#
+# The only time when you might need to uncomment these lines and change
+# the enctypes is if you have local software that will break on ticket
+# caches containing ticket encryption types it doesn't know about (such as
+# old versions of Sun Java).
+
+#	default_tgs_enctypes = des3-hmac-sha1
+#	default_tkt_enctypes = des3-hmac-sha1
+#	permitted_enctypes = des3-hmac-sha1
+
+# The following libdefaults parameters are only for Heimdal Kerberos.
+	fcc-mit-ticketflags = true
+
+[realms]
+	ATHENA.MIT.EDU = {
+		kdc = kerberos.mit.edu
+		kdc = kerberos-1.mit.edu
+		kdc = kerberos-2.mit.edu:88
+		admin_server = kerberos.mit.edu
+		default_domain = mit.edu
+	}
+	ZONE.MIT.EDU = {
+		kdc = casio.mit.edu
+		kdc = seiko.mit.edu
+		admin_server = casio.mit.edu
+	}
+	CSAIL.MIT.EDU = {
+		admin_server = kerberos.csail.mit.edu
+		default_domain = csail.mit.edu
+	}
+	IHTFP.ORG = {
+		kdc = kerberos.ihtfp.org
+		admin_server = kerberos.ihtfp.org
+	}
+	1TS.ORG = {
+		kdc = kerberos.1ts.org
+		admin_server = kerberos.1ts.org
+	}
+	ANDREW.CMU.EDU = {
+		admin_server = kerberos.andrew.cmu.edu
+		default_domain = andrew.cmu.edu
+	}
+        CS.CMU.EDU = {
+                kdc = kerberos-1.srv.cs.cmu.edu
+                kdc = kerberos-2.srv.cs.cmu.edu
+                kdc = kerberos-3.srv.cs.cmu.edu
+                admin_server = kerberos.cs.cmu.edu
+        }
+	DEMENTIA.ORG = {
+		kdc = kerberos.dementix.org
+		kdc = kerberos2.dementix.org
+		admin_server = kerberos.dementix.org
+	}
+	stanford.edu = {
+		kdc = krb5auth1.stanford.edu
+		kdc = krb5auth2.stanford.edu
+		kdc = krb5auth3.stanford.edu
+		master_kdc = krb5auth1.stanford.edu
+		admin_server = krb5-admin.stanford.edu
+		default_domain = stanford.edu
+	}
+        UTORONTO.CA = {
+                kdc = kerberos1.utoronto.ca
+                kdc = kerberos2.utoronto.ca
+                kdc = kerberos3.utoronto.ca
+                admin_server = kerberos1.utoronto.ca
+                default_domain = utoronto.ca
+	}
+
+[domain_realm]
+	.mit.edu = ATHENA.MIT.EDU
+	mit.edu = ATHENA.MIT.EDU
+	.media.mit.edu = MEDIA-LAB.MIT.EDU
+	media.mit.edu = MEDIA-LAB.MIT.EDU
+	.csail.mit.edu = CSAIL.MIT.EDU
+	csail.mit.edu = CSAIL.MIT.EDU
+	.whoi.edu = ATHENA.MIT.EDU
+	whoi.edu = ATHENA.MIT.EDU
+	.stanford.edu = stanford.edu
+	.slac.stanford.edu = SLAC.STANFORD.EDU
+        .toronto.edu = UTORONTO.CA
+        .utoronto.ca = UTORONTO.CA
+

ubuntu2204/misc/bashrc

@@ -0,0 +1,18 @@
+# .bashrc
+
+# Source global definitions
+if [ -f /etc/bashrc ]; then
+	. /etc/bashrc
+fi
+
+# If not running interactively, don't do anything
+[[ $- != *i* ]] && return
+
+PS1="\[\033[0;33m\][\h] [\W] \[\033[1;33m\][\D{%F %T}]\n\[\033[01;36m\]\u \\$ \[\033[0m\]"
+
+# User specific aliases and functions
+alias ls='ls --color=auto'
+alias l='ls -1'
+alias ll='ls -hAltr'
+alias lll='ls --color -hal --group-directories-first'
+

ubuntu2204/misc/ccache.conf

@@ -0,0 +1,4 @@
+cache_dir = /ccache
+cache_dir_levels = 8
+max_files = 0
+max_size = 20.0G

ubuntu2204/misc/config

@@ -0,0 +1,5 @@
+Host epsft-jenkins.cern.ch
+    StrictHostKeyChecking no
+    UserKnownHostsFile /dev/null
+    User sftnight
+    LogLevel QUIET