From cd65037b7ae3f2a3e39c0d2788198e2ad6891210 Mon Sep 17 00:00:00 2001
From: Rahul Chauhan <rahul.chauhan@cern.ch>
Date: Wed, 31 Jan 2024 12:31:35 +0100
Subject: [PATCH 1/2] Configure and mount IDP secrets

Co-Authored-By: Eric Vaandering <ewv@fnal.gov>
---
 apps/base/cms-rucio-common.yaml                | 14 ++++++++++++--
 apps/base/rucio-daemons/cms-rucio-daemons.yaml |  2 ++
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/apps/base/cms-rucio-common.yaml b/apps/base/cms-rucio-common.yaml
index b18b7be5..1831a5eb 100644
--- a/apps/base/cms-rucio-common.yaml
+++ b/apps/base/cms-rucio-common.yaml
@@ -4,10 +4,15 @@ image:
 config:
     accounts:
         special_accounts: "tier0"
+    oidc:
+        idpsecrets: "/opt/rucio/etc/idpsecrets.json"
+
     policy:
         package: CMSRucioPolicy
         lfn2pfn_algorithm_default: "identity"
         support: "https://its.cern.ch/jira/projects/CMSRUCIO/summary"
+        permission: "cms"
+        schema: "cms"
     messaging_hermes:
         brokers: "localhost"
         voname: "cms"    
@@ -56,9 +61,14 @@ ftsRenewal:
     - vo: "cms"
       voms: "cms:/cms/Role=production"
   additionalEnvs:
-    # - name: RUCIO_FTS_SECRETS
-    #   value: release-rucio-x509up
     - name: USERCERT_NAME
       value: "usercert.pem"
     - name: USERKEY_NAME
       value: "new_userkey.pem"
+
+
+secretMounts:
+  - secretFullName: server-idpsecrets
+    mountPath: /opt/rucio/etc/
+    subPaths:
+      - idpsecrets.json
diff --git a/apps/base/rucio-daemons/cms-rucio-daemons.yaml b/apps/base/rucio-daemons/cms-rucio-daemons.yaml
index 58e851b2..5208ecba 100644
--- a/apps/base/rucio-daemons/cms-rucio-daemons.yaml
+++ b/apps/base/rucio-daemons/cms-rucio-daemons.yaml
@@ -200,6 +200,8 @@ config:
     voname: "cms"
     nonssl_port: "61113"
     use_ssl: "False"
+  oidc:
+    admin_issuer: "def"
 
 transmogrifier:
   threads: 4

From 2f547f21f02652a910b9dfc5a47e60468e2659d8 Mon Sep 17 00:00:00 2001
From: Rahul Chauhan <rahul.chauhan@cern.ch>
Date: Wed, 31 Jan 2024 12:34:09 +0100
Subject: [PATCH 2/2] formatting changes

---
 apps/base/cms-rucio-common.yaml               | 77 +++++++++----------
 .../base/rucio-daemons/cms-rucio-daemons.yaml | 39 +++++-----
 2 files changed, 58 insertions(+), 58 deletions(-)

diff --git a/apps/base/cms-rucio-common.yaml b/apps/base/cms-rucio-common.yaml
index 1831a5eb..06edbfc7 100644
--- a/apps/base/cms-rucio-common.yaml
+++ b/apps/base/cms-rucio-common.yaml
@@ -2,46 +2,46 @@ image:
   tag: release-1.19.5
 
 config:
-    accounts:
-        special_accounts: "tier0"
-    oidc:
-        idpsecrets: "/opt/rucio/etc/idpsecrets.json"
+  accounts:
+    special_accounts: "tier0"
+  oidc:
+    idpsecrets: "/opt/rucio/etc/idpsecrets.json"
 
-    policy:
-        package: CMSRucioPolicy
-        lfn2pfn_algorithm_default: "identity"
-        support: "https://its.cern.ch/jira/projects/CMSRUCIO/summary"
-        permission: "cms"
-        schema: "cms"
-    messaging_hermes:
-        brokers: "localhost"
-        voname: "cms"    
-        email_from: "cms-rucio-dev@cern.ch"
-    messaging_cache:
-        brokers: "localhost"
-        voname: "cms"    
-    messaging_fts3:
-        brokers: "localhost"
-        voname: "cms"    
-    tracer_kronos:
-        brokers: "localhost"
-        voname: "cms"    
-    conveyor:
-        ftshosts: "https://cmsfts3.fnal.gov:8446,https://fts3-cms.cern.ch:8446,https://lcgfts3.gridpp.rl.ac.uk:8446"
-        ftsmonhosts: "https://cmsfts3.fnal.gov:8449,https://fts3-cms.cern.ch:8449,https://lcgfts3.gridpp.rl.ac.uk:8449"
-        bring_online: "2678400"
-    monitor:
-        carbon_server: statsd-exporter-rucio-statsd-exporter.prometheus
-        user_scope: rucio
+  policy:
+    package: CMSRucioPolicy
+    lfn2pfn_algorithm_default: "identity"
+    support: "https://its.cern.ch/jira/projects/CMSRUCIO/summary"
+    permission: "cms"
+    schema: "cms"
+  messaging_hermes:
+    brokers: "localhost"
+    voname: "cms"
+    email_from: "cms-rucio-dev@cern.ch"
+  messaging_cache:
+    brokers: "localhost"
+    voname: "cms"
+  messaging_fts3:
+    brokers: "localhost"
+    voname: "cms"
+  tracer_kronos:
+    brokers: "localhost"
+    voname: "cms"
+  conveyor:
+    ftshosts: "https://cmsfts3.fnal.gov:8446,https://fts3-cms.cern.ch:8446,https://lcgfts3.gridpp.rl.ac.uk:8446"
+    ftsmonhosts: "https://cmsfts3.fnal.gov:8449,https://fts3-cms.cern.ch:8449,https://lcgfts3.gridpp.rl.ac.uk:8449"
+    bring_online: "2678400"
+  monitor:
+    carbon_server: statsd-exporter-rucio-statsd-exporter.prometheus
+    user_scope: rucio
 
-# Configure database connections for Oracle Database Resident Connection Pool (DRCP)
-    database:
-      pool_reset_on_return: "rollback"
-      pool_timeout: "30"
-      echo: "0"
-      max_overflow: "10"
-      pool_size: "5"
-      pool_recycle: "600"
+  # Configure database connections for Oracle Database Resident Connection Pool (DRCP)
+  database:
+    pool_reset_on_return: "rollback"
+    pool_timeout: "30"
+    echo: "0"
+    max_overflow: "10"
+    pool_size: "5"
+    pool_recycle: "600"
 
 useDeprecatedImplicitSecrets: false
 
@@ -66,7 +66,6 @@ ftsRenewal:
     - name: USERKEY_NAME
       value: "new_userkey.pem"
 
-
 secretMounts:
   - secretFullName: server-idpsecrets
     mountPath: /opt/rucio/etc/
diff --git a/apps/base/rucio-daemons/cms-rucio-daemons.yaml b/apps/base/rucio-daemons/cms-rucio-daemons.yaml
index 5208ecba..9fa2b6df 100644
--- a/apps/base/rucio-daemons/cms-rucio-daemons.yaml
+++ b/apps/base/rucio-daemons/cms-rucio-daemons.yaml
@@ -62,7 +62,8 @@ reaper:
       value: "/opt/proxy/x509up"
 
 conveyorTransferSubmitter:
-  activities: "'Data Challenge' 'Data Consolidation' 'Recovery' 'Data Brokering' 'Data rebalancing' 'Debug' 'Express' 'Group Subscriptions' 'Production Input' 'Production Output' 'Analysis Input' 'Analysis Output' 'Staging' 'T0 Export' 'T0 Tape' 'Upload/Download (Job)' 'Upload/Download (User)' 'User Subscriptions' 'User AutoApprove'"
+  activities:
+    "'Data Challenge' 'Data Consolidation' 'Recovery' 'Data Brokering' 'Data rebalancing' 'Debug' 'Express' 'Group Subscriptions' 'Production Input' 'Production Output' 'Analysis Input' 'Analysis Output' 'Staging' 'T0 Export' 'T0 Tape' 'Upload/Download (Job)' 'Upload/Download (User)' 'User Subscriptions' 'User AutoApprove'"
     # Same size or smaller than bulk which is 100
   groupBulk: 50
   sleepTime: 60
@@ -116,12 +117,12 @@ hermes:
     limits:
       memory: 9000Mi
 
-judgeEvaluator: 
+judgeEvaluator:
   resources:
     limits:
-      cpu: 3750m 
+      cpu: 3750m
     requests:
-      cpu: 750m 
+      cpu: 750m
   podAnnotations:
     prometheus.io/scrape: "true"
     prometheus.io/port: "8080"
@@ -130,10 +131,10 @@ judgeCleaner:
   threads: 2
   resources:
     limits:
-      cpu: 3750m 
+      cpu: 3750m
       memory: 4000Mi
     requests:
-      cpu: 750m 
+      cpu: 750m
       memory: 400Mi
   podAnnotations:
     prometheus.io/scrape: "true"
@@ -143,10 +144,10 @@ judgeInjector:
   threads: 2
   resources:
     limits:
-      cpu: 3750m 
+      cpu: 3750m
       memory: 8000Mi
     requests:
-      cpu: 750m 
+      cpu: 750m
       memory: 400Mi
   podAnnotations:
     prometheus.io/scrape: "true"
@@ -155,10 +156,10 @@ judgeInjector:
 judgeRepairer:
   resources:
     limits:
-      cpu: 3750m 
+      cpu: 3750m
       memory: 4000Mi
     requests:
-      cpu: 750m 
+      cpu: 750m
   podAnnotations:
     prometheus.io/scrape: "true"
     prometheus.io/port: "8080"
@@ -223,10 +224,10 @@ tracerKronos:
   threads: 1
   resources:
     limits:
-      cpu: 3000m 
+      cpu: 3000m
       memory: 4Gi
     requests:
-      cpu: 1000m 
+      cpu: 1000m
       memory: 2Gi
   podAnnotations:
     prometheus.io/scrape: "true"
@@ -235,13 +236,13 @@ tracerKronos:
     auto-restart: "true"
 
 abacusAccount:
-    resources:
-      limits:
-        cpu: 700m
-        memory: 2000Mi
-      requests:
-        cpu: 700m
-        memory: 250Mi
+  resources:
+    limits:
+      cpu: 700m
+      memory: 2000Mi
+    requests:
+      cpu: 700m
+      memory: 250Mi
 
 # Unused daemons which supply prometheus
 automatix: