projects / arvados.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge branch '21583-railsapi-base64-gem'
[arvados.git] / lib / crunchrun / crunchrun.go
diff --git a/lib/crunchrun/crunchrun.go b/lib/crunchrun/crunchrun.go
index ef045518838a3c3811cd8ee3a57d24a3cedd467f..556a3bfe133389c80ba17be9536ec13b79969d5f 100644 (file)
--- a/lib/crunchrun/crunchrun.go
+++ b/lib/crunchrun/crunchrun.go
@@ -46,6 +46,8 @@ import (
 
 type command struct{}
 
+var arvadosCertPath = "/etc/arvados/ca-certificates.crt"
+
 var Command = command{}
 
 // ConfigData contains environment variables and (when needed) cluster
@@ -76,7 +78,6 @@ type IKeepClient interface {
        ReadAt(locator string, p []byte, off int) (int, error)
        ManifestFileReader(m manifest.Manifest, filename string) (arvados.File, error)
        LocalLocator(locator string) (string, error)
-       ClearBlockCache()
        SetStorageClasses(sc []string)
 }
 
@@ -494,7 +495,7 @@ func (runner *ContainerRunner) SetupMounts() (map[string]bindmount, error) {
                        }
                }
 
-               if bind == "/etc/arvados/ca-certificates.crt" {
+               if bind == arvadosCertPath {
                        needCertMount = false
                }
 
@@ -644,10 +645,19 @@ func (runner *ContainerRunner) SetupMounts() (map[string]bindmount, error) {
        }
 
        if needCertMount && runner.Container.RuntimeConstraints.API {
-               for _, certfile := range arvadosclient.CertFiles {
-                       _, err := os.Stat(certfile)
-                       if err == nil {
-                               bindmounts["/etc/arvados/ca-certificates.crt"] = bindmount{HostPath: certfile, ReadOnly: true}
+               for _, certfile := range []string{
+                       // Populated by caller, or sdk/go/arvados init(), or test suite:
+                       os.Getenv("SSL_CERT_FILE"),
+                       // Copied from Go 1.21 stdlib (src/crypto/x509/root_linux.go):
+                       "/etc/ssl/certs/ca-certificates.crt",                // Debian/Ubuntu/Gentoo etc.
+                       "/etc/pki/tls/certs/ca-bundle.crt",                  // Fedora/RHEL 6
+                       "/etc/ssl/ca-bundle.pem",                            // OpenSUSE
+                       "/etc/pki/tls/cacert.pem",                           // OpenELEC
+                       "/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem", // CentOS/RHEL 7
+                       "/etc/ssl/cert.pem",                                 // Alpine Linux
+               } {
+                       if _, err := os.Stat(certfile); err == nil {
+                               bindmounts[arvadosCertPath] = bindmount{HostPath: certfile, ReadOnly: true}
                                break
                        }
                }
@@ -1996,7 +2006,7 @@ func (command) RunCommand(prog string, args []string, stdin io.Reader, stdout, s
        time.Sleep(*sleep)
 
        if *caCertsPath != "" {
-               arvadosclient.CertFiles = []string{*caCertsPath}
+               os.Setenv("SSL_CERT_FILE", *caCertsPath)
        }
 
        keepstore, err := startLocalKeepstore(conf, io.MultiWriter(&keepstoreLogbuf, stderr))
@@ -2022,7 +2032,6 @@ func (command) RunCommand(prog string, args []string, stdin io.Reader, stdout, s
                log.Printf("%s: %v", containerUUID, err)
                return 1
        }
-       kc.BlockCache = &keepclient.BlockCache{MaxBlocks: 2}
        kc.Retries = 4
 
        cr, err := NewContainerRunner(arvados.NewClientFromEnv(), api, kc, containerUUID)
@@ -2247,9 +2256,14 @@ func startLocalKeepstore(configData ConfigData, logbuf io.Writer) (*exec.Cmd, er
        }
 
        // Rather than have an alternate way to tell keepstore how
-       // many buffers to use when starting it this way, we just
-       // modify the cluster configuration that we feed it on stdin.
-       configData.Cluster.API.MaxKeepBlobBuffers = configData.KeepBuffers
+       // many buffers to use, etc., when starting it this way, we
+       // just modify the cluster configuration that we feed it on
+       // stdin.
+       ccfg := *configData.Cluster
+       ccfg.API.MaxKeepBlobBuffers = configData.KeepBuffers
+       ccfg.Collections.BlobTrash = false
+       ccfg.Collections.BlobTrashConcurrency = 0
+       ccfg.Collections.BlobDeleteConcurrency = 0
 
        localaddr := localKeepstoreAddr()
        ln, err := net.Listen("tcp", net.JoinHostPort(localaddr, "0"))
@@ -2269,7 +2283,7 @@ func startLocalKeepstore(configData ConfigData, logbuf io.Writer) (*exec.Cmd, er
        var confJSON bytes.Buffer
        err = json.NewEncoder(&confJSON).Encode(arvados.Config{
                Clusters: map[string]arvados.Cluster{
-                       configData.Cluster.ClusterID: *configData.Cluster,
+                       ccfg.ClusterID: ccfg,
                },
        })
        if err != nil {