X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/17b7538373558196516676c9c72839d308966f86..a12864a31d5569c74ed32157d5fe928a1c2563b7:/services/crunch-run/crunchrun.go

diff --git a/services/crunch-run/crunchrun.go b/services/crunch-run/crunchrun.go
index d804c01cad..971cb3a27a 100644
--- a/services/crunch-run/crunchrun.go
+++ b/services/crunch-run/crunchrun.go
@@ -250,8 +250,14 @@ func (runner *ContainerRunner) SetupMounts() (err error) {
 	pdhOnly := true
 	tmpcount := 0
 	arvMountCmd := []string{"--foreground", "--allow-other", "--read-write"}
+
+	if runner.Container.RuntimeConstraints.KeepCacheRAM > 0 {
+		arvMountCmd = append(arvMountCmd, "--file-cache", fmt.Sprintf("%d", runner.Container.RuntimeConstraints.KeepCacheRAM))
+	}
+
 	collectionPaths := []string{}
 	runner.Binds = nil
+	needCertMount := true
 
 	for bind, mnt := range runner.Container.Mounts {
 		if bind == "stdout" {
@@ -269,6 +275,9 @@ func (runner *ContainerRunner) SetupMounts() (err error) {
 				return fmt.Errorf("Stdout path does not start with OutputPath: %s, %s", mnt.Path, prefix)
 			}
 		}
+		if bind == "/etc/arvados/ca-certificates.crt" {
+			needCertMount = false
+		}
 
 		switch {
 		case mnt.Kind == "collection":
@@ -350,6 +359,16 @@ func (runner *ContainerRunner) SetupMounts() (err error) {
 		return fmt.Errorf("Output path does not correspond to a writable mount point")
 	}
 
+	if wantAPI := runner.Container.RuntimeConstraints.API; needCertMount && wantAPI != nil && *wantAPI {
+		for _, certfile := range arvadosclient.CertFiles {
+			_, err := os.Stat(certfile)
+			if err == nil {
+				runner.Binds = append(runner.Binds, fmt.Sprintf("%s:/etc/arvados/ca-certificates.crt:ro", certfile))
+				break
+			}
+		}
+	}
+
 	if pdhOnly {
 		arvMountCmd = append(arvMountCmd, "--mount-by-pdh", "by_id")
 	} else {
@@ -563,6 +582,21 @@ func (runner *ContainerRunner) CaptureOutput() error {
 		return nil
 	}
 
+	if wantAPI := runner.Container.RuntimeConstraints.API; wantAPI != nil && *wantAPI {
+		// Output may have been set directly by the container, so
+		// refresh the container record to check.
+		err := runner.ArvClient.Get("containers", runner.Container.UUID,
+			nil, &runner.Container)
+		if err != nil {
+			return err
+		}
+		if runner.Container.Output != "" {
+			// Container output is already set.
+			runner.OutputPDH = &runner.Container.Output
+			return nil
+		}
+	}
+
 	if runner.HostOutputDir == "" {
 		return nil
 	}
@@ -603,7 +637,7 @@ func (runner *ContainerRunner) CaptureOutput() error {
 	err = runner.ArvClient.Create("collections",
 		arvadosclient.Dict{
 			"collection": arvadosclient.Dict{
-				"expires_at":    time.Now().Add(runner.trashLifetime).Format(time.RFC3339),
+				"trash_at":      time.Now().Add(runner.trashLifetime).Format(time.RFC3339),
 				"name":          "output for " + runner.Container.UUID,
 				"manifest_text": manifestText}},
 		&response)
@@ -674,7 +708,7 @@ func (runner *ContainerRunner) CommitLogs() error {
 	err = runner.ArvClient.Create("collections",
 		arvadosclient.Dict{
 			"collection": arvadosclient.Dict{
-				"expires_at":    time.Now().Add(runner.trashLifetime).Format(time.RFC3339),
+				"trash_at":      time.Now().Add(runner.trashLifetime).Format(time.RFC3339),
 				"name":          "logs for " + runner.Container.UUID,
 				"manifest_text": mt}},
 		&response)
@@ -717,10 +751,10 @@ func (runner *ContainerRunner) ContainerToken() (string, error) {
 func (runner *ContainerRunner) UpdateContainerFinal() error {
 	update := arvadosclient.Dict{}
 	update["state"] = runner.finalState
+	if runner.LogsPDH != nil {
+		update["log"] = *runner.LogsPDH
+	}
 	if runner.finalState == "Complete" {
-		if runner.LogsPDH != nil {
-			update["log"] = *runner.LogsPDH
-		}
 		if runner.ExitCode != nil {
 			update["exit_code"] = *runner.ExitCode
 		}
@@ -780,6 +814,7 @@ func (runner *ContainerRunner) Run() (err error) {
 		checkErr(err)
 
 		if runner.finalState == "Queued" {
+			runner.CrunchLog.Close()
 			runner.UpdateContainerFinal()
 			return
 		}
@@ -812,6 +847,7 @@ func (runner *ContainerRunner) Run() (err error) {
 	// check for and/or load image
 	err = runner.LoadImage()
 	if err != nil {
+		runner.finalState = "Cancelled"
 		err = fmt.Errorf("While loading container image: %v", err)
 		return
 	}
@@ -819,6 +855,7 @@ func (runner *ContainerRunner) Run() (err error) {
 	// set up FUSE mount and binds
 	err = runner.SetupMounts()
 	if err != nil {
+		runner.finalState = "Cancelled"
 		err = fmt.Errorf("While setting up mounts: %v", err)
 		return
 	}
@@ -875,10 +912,15 @@ func main() {
 	cgroupRoot := flag.String("cgroup-root", "/sys/fs/cgroup", "path to sysfs cgroup tree")
 	cgroupParent := flag.String("cgroup-parent", "docker", "name of container's parent cgroup (ignored if -cgroup-parent-subsystem is used)")
 	cgroupParentSubsystem := flag.String("cgroup-parent-subsystem", "", "use current cgroup for given subsystem as parent cgroup for container")
+	caCertsPath := flag.String("ca-certs", "", "Path to TLS root certificates")
 	flag.Parse()
 
 	containerId := flag.Arg(0)
 
+	if *caCertsPath != "" {
+		arvadosclient.CertFiles = []string{*caCertsPath}
+	}
+
 	api, err := arvadosclient.MakeArvadosClient()
 	if err != nil {
 		log.Fatalf("%s: %v", containerId, err)