( CernVM-FS’s documentation —> https://cvmfs.readthedocs.io/en/stable/index.html

Creating a Repository (Stratum 0)—>  https://cvmfs.readthedocs.io/en/stable/cpt-repo.html )

#
#
# new repository @ stratum-0 = cfs-f000.jinr.ru = cvmfs-st-0.jinr.ru
#

#
# params for new repo:
# — name of new repo w/o .jinr.ru, valid [a-z_]
# — quota of new repo: 1T, 100G, 500M
#

newrepo=test
qutrepo=100G

#
# create user for repo management and set quota on / FS
# user name & group will be cfs.$newrepo
# to maintenance the repo, user need his ssh’s rsa pub key
# in $HOME/.ssh/authorized_keys
# in this way the user will be able to ssh to stratum-0
# and change his repository by commands in /etc/sudoers.d/cfs_$newrepo
#
usrrepo=cfs.$newrepo
getent passwd $usrrepo >/dev/null 2>&1
if test $? -ne 0 ; then
useradd -c «user for cvmfs repo $newrepo» -p «*NP*» -U $usrrepo
fi
#
# allow interactive login
#
grep -Eq «^$usrrepo$» /etc/users.allow
if test $? -ne 0 ; then
echo $usrrepo >> /etc/users.allow
fi
#
# user quota on / FS = 50MB
#
xfs_quota -x -c «limit -u bsoft=50m bhard=55m $usrrepo» / 2>/dev/null
#
# insert project name & id in /etc/projects & /etc/projid
#
ln=`cat /etc/projects | awk -F: ‘{ print $1 }’ | sort -n | uniq | tail -n 1`
test X»$ln» = «X» && ln=0
prjrepo=`expr $ln + 1`
grep -Eq «^$prjrepo:/srv/cvmfs/$newrepo.jinr.ru$» /etc/projects
if test $? -ne 0 ; then
echo «$prjrepo:/srv/cvmfs/$newrepo.jinr.ru» >> /etc/projects
fi
grep -Eq «^$newrepo:$prjrepo$» /etc/projid
if test $? -ne 0 ; then
echo «$newrepo:$prjrepo» >> /etc/projid
fi
#
# allow sudo for user
#
usudof=»cfs_$newrepo»
cat > /etc/sudoers.d/$usudof << EOD
$usrrepo ALL=(ALL) NOPASSWD: \\
/usr/bin/cvmfs_server list, \\
/usr/bin/cvmfs_server info $newrepo.jinr.ru, \\
/usr/bin/cvmfs_server transaction $newrepo.jinr.ru, \\
/usr/bin/cvmfs_server resign $newrepo.jinr.ru, \\
/usr/bin/cvmfs_server abort $newrepo.jinr.ru, \\
/usr/bin/cvmfs_server gc $newrepo.jinr.ru, \\
/usr/bin/cvmfs_server publish $newrepo.jinr.ru,\\

/usr/bin/chown $usrrepo /cvmfs/$newrepo.jinr.ru,\\
/usr/sbin/xfs_quota -x -c report /srv/cvmfs
EOD
chmod 440 /etc/sudoers.d/$usudof
#
# create empty ~$usrrepo/.ssh/authorized_keys
#
mkdir /home/$usrrepo/.ssh
touch /home/$usrrepo/.ssh/authorized_keys
chmod 600 /home/$usrrepo/.ssh/authorized_keys
chown -R $usrrepo /home/$usrrepo/
chgrp -R $usrrepo /home/$usrrepo/
#
# create new repo main directory
#
mkdir -p /srv/cvmfs/$newrepo.jinr.ru
chown -R $usrrepo /srv/cvmfs/$newrepo.jinr.ru
chgrp -R $usrrepo /srv/cvmfs/$newrepo.jinr.ru
#
# enable & set quota for project dirs tree
#
xfs_quota -x -c «project -s $prjrepo» /srv/cvmfs
xfs_quota -x -c «limit -p bhard=$qutrepo bsoft=$qutrepo $prjrepo» /srv/cvmfs
#
# copy JINR’s common keys&certs for new repo
#
for k in `/bin/ls -1 /etc/cvmfs/keys/jinr.ru/jinr*` ; do
nk=`echo $k | sed -e «s|/etc/cvmfs/keys/jinr.ru/|/etc/cvmfs/keys/jinr.ru/$newrepo.|»`
/bin/cp -pv $k $nk
done
#
# create new repo
#
cvmfs_server mkfs -o $usrrepo -g -z -k /etc/cvmfs/keys/jinr.ru $newrepo.jinr.ru
#
# change PUBLIC_KEY to JINR common
#
sed -i -e «s|^CVMFS_PUBLIC_KEY=.*$|CVMFS_PUBLIC_KEY=/etc/cvmfs/keys/jinr.ru/jinr.ru.pub|»  /etc/cvmfs/repositories.d/$newrepo.jinr.ru/client.conf
#
# resing repo key
#
cvmfs_server resign -d 60 $newrepo.jinr.ru
#
# check new repo
#
cvmfs_server check -i $newrepo.jinr.ru
cvmfs_server info $newrepo.jinr.ru
#
# set owner for the repository
#
cvmfs_server transaction $newrepo.jinr.ru
chown -R $usrrepo /cvmfs/$newrepo.jinr.ru
chgrp -R $usrrepo /cvmfs/$newrepo.jinr.ru
cvmfs_server publish $newrepo.jinr.ru

#
# how to maintenace the repo
#
# to update repo
# 1. transaction — make cvmfs/$newrepo.jinr.ru writable
# 2. cvmfs_rsync — copy new content to repo
# 3. publish — commit chages in repo
# make it read-only again
# & ready for snapshort from stratum-1
#
cvmfs_server transaction $newrepo.jinr.ru
cvmfs_rsync -a <from> /cvmfs/$newrepo.jinr.ru
cvmfs_server publish $newrepo.jinr.ru

#
# misc commands
#
# abort commit (just before publish)
#
cvmfs_server abort $newrepo.jinr.ru
#
# remove repo from stratum-0 complitely
# do that on stratum-1 too
#
cvmfs_server rmfs $newrepo.jinr.ru