( CernVM-FS’s documentation –> https://cvmfs.readthedocs.io/en/stable/index.html

Creating a Repository (Stratum 0)–>  https://cvmfs.readthedocs.io/en/stable/cpt-repo.html )

#
#
# new repository @ stratum-0 = cfs-f000.jinr.ru = cvmfs-st-0.jinr.ru
#

#
# params for new repo:
# – name of new repo w/o .jinr.ru, valid [a-z_]
# – quota of new repo: 1T, 100G, 500M
#

newrepo=test
qutrepo=100G

#
# create user for repo management and set quota on / FS
# user name & group will be cfs.$newrepo
# to maintenance the repo, user need his ssh’s rsa pub key
# in $HOME/.ssh/authorized_keys
# in this way the user will be able to ssh to stratum-0
# and change his repository by commands in /etc/sudoers.d/cfs_$newrepo
#
usrrepo=”cfs.$newrepo”
getent passwd $usrrepo >/dev/null 2>&1
if test $? -ne 0 ; then
useradd -c “user for cvmfs repo $newrepo” -p “*NP*” -U $usrrepo
fi
#
# allow interactive login
#
grep -Eq “^$usrrepo$” /etc/users.allow
if test $? -ne 0 ; then
echo $usrrepo >> /etc/users.allow
fi
#
# user quota on /FS=50MB
#
xfs_quota -x -c “limit -u bsoft=50m bhard=55m $usrrepo” / 2>/dev/null
#
# insert project name & id in /etc/projects & /etc/projid
#
ln=`cat /etc/projects | awk -F: ‘{ print $1 }’ | sort -n | uniq | tail -n 1`
test X”$ln” = “X” && ln=0
prjrepo=`expr $ln + 1`
grep -Eq “^$prjrepo:/srv/cvmfs/$newrepo.jinr.ru$” /etc/projects
if test $? -ne 0 ; then
echo “$prjrepo:/srv/cvmfs/$newrepo.jinr.ru” >> /etc/projects
fi
grep -Eq “^$newrepo:$prjrepo$” /etc/projid
if test $? -ne 0 ; then
echo “$newrepo:$prjrepo” >> /etc/projid
fi
#
# allow sudo for user
#
usudof=”cfs_$newrepo”
cat > /etc/sudoers.d/$usudof << EOD
$usrrepo ALL=(ALL) NOPASSWD: \\
/usr/bin/cvmfs_server list, \\
/usr/bin/cvmfs_server info $newrepo.jinr.ru, \\
/usr/bin/cvmfs_server transaction $newrepo.jinr.ru, \\
/usr/bin/cvmfs_server resign $newrepo.jinr.ru, \\
/usr/bin/cvmfs_server abort $newrepo.jinr.ru, \\
/usr/bin/cvmfs_server gc $newrepo.jinr.ru, \\
/usr/bin/cvmfs_server publish $newrepo.jinr.ru, \\

/usr/bin/chown $usrrepo /cvmfs/$newrepo.jinr.ru, \\
/usr/sbin/xfs_quota -x -c report /srv/cvmfs
EOD
chmod 440 /etc/sudoers.d/$usudof
#
# create empty ~$usrrepo/.ssh/authorized_keys
#
mkdir /home/$usrrepo/.ssh
touch /home/$usrrepo/.ssh/authorized_keys
chmod 600 /home/$usrrepo/.ssh/authorized_keys
chown -R $usrrepo /home/$usrrepo/
chgrp -R $usrrepo /home/$usrrepo/
#
# create new repo main directory
#
mkdir -p /srv/cvmfs/$newrepo.jinr.ru
chown -R $usrrepo /srv/cvmfs/$newrepo.jinr.ru
chgrp -R $usrrepo /srv/cvmfs/$newrepo.jinr.ru
#
# enable & set quota for project dirs tree
#
xfs_quota -x -c “project -s $prjrepo” /srv/cvmfs
xfs_quota -x -c “limit -p bhard=$qutrepo bsoft=$qutrepo $prjrepo” /srv/cvmfs
#
# copy JINR’s common keys&certs for new repo
#
for k in `/bin/ls -1 /etc/cvmfs/keys/jinr.ru/jinr*` ; do
nk=`echo $k | sed -e “s|/etc/cvmfs/keys/jinr.ru/|/etc/cvmfs/keys/jinr.ru/$newrepo.|”`
/bin/cp -pv $k $nk
done
#
# create new repo
#
cvmfs_server mkfs -o $usrrepo -g -z -k /etc/cvmfs/keys/jinr.ru $newrepo.jinr.ru
#
# change PUBLIC_KEY to JINR common
#
sed -i -e “s|^CVMFS_PUBLIC_KEY=.*$|CVMFS_PUBLIC_KEY=/etc/cvmfs/keys/jinr.ru/jinr.ru.pub|”  /etc/cvmfs/repositories.d/$newrepo.jinr.ru/client.conf
#
# resing repo key
#
cvmfs_server resign -d 60 $newrepo.jinr.ru
#
# check new repo
#
cvmfs_server check -i $newrepo.jinr.ru
cvmfs_server info $newrepo.jinr.ru
#
# set owner for the repository
#
cvmfs_server transaction $newrepo.jinr.ru
chown -R $usrrepo /cvmfs/$newrepo.jinr.ru
chgrp -R $usrrepo /cvmfs/$newrepo.jinr.ru
cvmfs_server publish $newrepo.jinr.ru

#
# how to maintenace the repo
#
# to update repo
# 1. transaction – make cvmfs/$newrepo.jinr.ru writable
# 2. cvmfs_rsync – copy new content to repo
# 3. publish – commit chages in repo make it read-only again
#       & ready for snapshort from stratum-1
#
cvmfs_server transaction $newrepo.jinr.ru
cvmfs_rsync -a <from> /cvmfs/$newrepo.jinr.ru
cvmfs_server publish $newrepo.jinr.ru

#
# misc commands
#
# abort commit (just before publish)
#
cvmfs_server abort $newrepo.jinr.ru
#
# remove repo from stratum-0 complitely
# do that on stratum-1 too
#
cvmfs_server rmfs $newrepo.jinr.ru