revad: Register revad-storageproviders as UNIX trusted gateways on EOS

[ebocchi]

This is a manual step at the moment:

# allow the host 
eos access allow 172-17-0-9.sciencebox-storageprovider-home.default.svc.cluster.local (<FQDN of the pod running reva>)

# add gateway
eos vid add gateway 172-17-0-9.sciencebox-storageprovider-home.default.svc.cluster.local
eos vid set map -tident "*@172-17-0-9.sciencebox-storageprovider-home.default.svc.cluster.local" vuid 0 vgid 0

It should be implemented as initContainer in the revad charts. The initContainer will need:

• The EOS sss keytab;
• The EOS binary to issue eos access and vid commands against the MGM;
• Some env var to know the MGM hostname.

The logic to register as trusted gateway can be inspired from https://gitlab.cern.ch/cernbox/boxed/-/blob/master/eos-storage.citrine.d/utils/configure_gateway.sh

Send a PR to the upstream repo (https://github.com/cs3org/charts/tree/master/revad) to have an option for initContainer.

[ebocchi]

See also: cs3org/charts#19

[ebocchi]

Maybe use EOS tokens?
https://eos-docs.web.cern.ch/using/tokens.html

[ebocchi]

Or a specific user (e.g., reva) with sudo powers on the EOS side?

[jimil749]

@ebocchi should I close this? Currently we use sss for auth and reva is able to talk to eos just fine.

[jimil749]

Closed w 24f872d