projects / arvados.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
10684: crunch-run adds /etc/arvados/ca-certificates.crt to binds, updated tests.
[arvados.git] / services / crunch-run / crunchrun.go
diff --git a/services/crunch-run/crunchrun.go b/services/crunch-run/crunchrun.go
index 2e475c72e64842b15aa6c7dee88446bc0056b802..7983335692b5ccdcc40d453fc74ebb39727cb8c8 100644 (file)
--- a/services/crunch-run/crunchrun.go
+++ b/services/crunch-run/crunchrun.go
@@ -257,6 +257,7 @@ func (runner *ContainerRunner) SetupMounts() (err error) {
 
        collectionPaths := []string{}
        runner.Binds = nil
+       needCertMount := true
 
        for bind, mnt := range runner.Container.Mounts {
                if bind == "stdout" {
@@ -274,6 +275,9 @@ func (runner *ContainerRunner) SetupMounts() (err error) {
                                return fmt.Errorf("Stdout path does not start with OutputPath: %s, %s", mnt.Path, prefix)
                        }
                }
+               if bind == "/etc/arvados/ca-certificates.crt" {
+                       needCertMount = false
+               }
 
                switch {
                case mnt.Kind == "collection":
@@ -355,6 +359,16 @@ func (runner *ContainerRunner) SetupMounts() (err error) {
                return fmt.Errorf("Output path does not correspond to a writable mount point")
        }
 
+       if needCertMount {
+               for _, certfile := range arvadosclient.CertFiles {
+                       _, err := os.Stat(certfile)
+                       if err == nil {
+                               runner.Binds = append(runner.Binds, fmt.Sprintf("%s:/etc/arvados/ca-certificates.crt:ro", certfile))
+                               break
+                       }
+               }
+       }
+
        if pdhOnly {
                arvMountCmd = append(arvMountCmd, "--mount-by-pdh", "by_id")
        } else {