diff --git a/opensciencegrid/central-collector/Dockerfile b/opensciencegrid/central-collector/Dockerfile index abf505cd..fc1f23af 100644 --- a/opensciencegrid/central-collector/Dockerfile +++ b/opensciencegrid/central-collector/Dockerfile @@ -25,10 +25,11 @@ RUN yum module enable -y mod_auth_openidc \ # Create home directory for registry user RUN mkdir /var/lib/condor-ce/webapp -COPY etc/supervisord.d/* /etc/supervisord.d/ -COPY etc/condor-ce/config.d/* /etc/condor-ce/config.d/ -COPY etc/httpd/conf.d/* /etc/httpd/conf.d/ -COPY etc/osg/image-init.d/* /etc/osg/image-init.d/ -COPY auto-reload.sh /usr/local/sbin/ +COPY etc/supervisord.d/* /etc/supervisord.d/ +COPY etc/condor-ce/config.d/* /etc/condor-ce/config.d/ +COPY etc/condor-ce/mapfiles.d/* /etc/condor-ce/mapfiles.d/ +COPY etc/httpd/conf.d/* /etc/httpd/conf.d/ +COPY etc/osg/image-init.d/* /etc/osg/image-init.d/ +COPY auto-reload.sh /usr/local/sbin/ RUN chmod a+x /usr/local/sbin/auto-reload.sh diff --git a/opensciencegrid/central-collector/etc/condor-ce/config.d/50-central-collector.conf b/opensciencegrid/central-collector/etc/condor-ce/config.d/50-central-collector.conf new file mode 100644 index 00000000..9c835940 --- /dev/null +++ b/opensciencegrid/central-collector/etc/condor-ce/config.d/50-central-collector.conf @@ -0,0 +1,10 @@ +# We need hostnames for COLLECTOR_REQUIREMENTS authz +# Clients are mapped to @unmapped + +# Include *@unmapped in UNMAPPED_USERS +UNMAPPED_USERS = $UNMAPPED_USERS, *@unmapped + +# Default config uses DENY_DAEMON to set DENY_ADVERTISE_SCHEDD +# > IPVERIFY: deny ADVERTISE_SCHEDD: anonymous@*, *@unmapped (from config value DENY_DAEMON) +# Remove "*@unmapped" to allow @unmapped to advertise +DENY_ADVERTISE_SCHEDD = anonymous@* diff --git a/opensciencegrid/central-collector/etc/condor-ce/mapfiles.d/50-central-collector.conf b/opensciencegrid/central-collector/etc/condor-ce/mapfiles.d/50-central-collector.conf new file mode 100644 index 00000000..829e5549 --- /dev/null +++ b/opensciencegrid/central-collector/etc/condor-ce/mapfiles.d/50-central-collector.conf @@ -0,0 +1 @@ +SSL /[.A-Za-z0-9\/= -]*\/CN=([.A-Za-z0-9\/= -]+)/ \1@unmapped