X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/8ca0b1449607ded51e908481cc4660c20f43a777..8e31910034627dedd7259dd1e45a60768108c1e1:/services/api/app/models/container_request.rb diff --git a/services/api/app/models/container_request.rb b/services/api/app/models/container_request.rb index bcca40700b..a8ffc193b8 100644 --- a/services/api/app/models/container_request.rb +++ b/services/api/app/models/container_request.rb @@ -5,12 +5,18 @@ require 'whitelist_update' class ContainerRequest < ArvadosModel + include ArvadosModelUpdates include HasUuid include KindAndEtag include CommonApiTemplate include WhitelistUpdate belongs_to :container, foreign_key: :container_uuid, primary_key: :uuid + belongs_to :requesting_container, { + class_name: 'Container', + foreign_key: :requesting_container_uuid, + primary_key: :uuid, + } serialize :properties, Hash serialize :environment, Hash @@ -18,20 +24,24 @@ class ContainerRequest < ArvadosModel serialize :runtime_constraints, Hash serialize :command, Array serialize :scheduling_parameters, Hash + serialize :secret_mounts, Hash before_validation :fill_field_defaults, :if => :new_record? before_validation :validate_runtime_constraints - before_validation :validate_scheduling_parameters before_validation :set_container + before_validation :set_default_preemptable_scheduling_parameter validates :command, :container_image, :output_path, :cwd, :presence => true validates :output_ttl, numericality: { only_integer: true, greater_than_or_equal_to: 0 } validates :priority, numericality: { only_integer: true, greater_than_or_equal_to: 0, less_than_or_equal_to: 1000 } + validate :validate_scheduling_parameters validate :validate_state_change validate :check_update_whitelist - after_save :update_priority - after_save :finalize_if_needed + validate :secret_mounts_key_conflict + before_save :scrub_secret_mounts before_create :set_requesting_container_uuid before_destroy :set_priority_zero + after_save :update_priority + after_save :finalize_if_needed api_accessible :user, extend: :common do |t| t.add :command @@ -77,14 +87,18 @@ class ContainerRequest < ArvadosModel AttrsPermittedAlways = [:owner_uuid, :state, :name, :description] AttrsPermittedBeforeCommit = [:command, :container_count_max, :container_image, :cwd, :environment, :filters, :mounts, - :output_path, :priority, :properties, :requesting_container_uuid, + :output_path, :priority, :properties, :runtime_constraints, :state, :container_uuid, :use_existing, - :scheduling_parameters, :output_name, :output_ttl] + :scheduling_parameters, :secret_mounts, :output_name, :output_ttl] def self.limit_index_columns_read ["mounts"] end + def logged_attributes + super.except('secret_mounts') + end + def state_transitions State_transitions end @@ -98,7 +112,9 @@ class ContainerRequest < ArvadosModel if state == Committed && Container.find_by_uuid(container_uuid).final? reload act_as_system_user do - finalize! + leave_modified_by_user_alone do + finalize! + end end end end @@ -145,7 +161,7 @@ class ContainerRequest < ArvadosModel end def self.full_text_searchable_columns - super - ["mounts"] + super - ["mounts", "secret_mounts", "secret_mounts_md5"] end protected @@ -182,6 +198,18 @@ class ContainerRequest < ArvadosModel end end + def set_default_preemptable_scheduling_parameter + if self.state == Committed + # If preemptable instances (eg: AWS Spot Instances) are allowed, + # ask them on child containers by default. + if Rails.configuration.preemptable_instances and + !self.requesting_container_uuid.nil? and + self.scheduling_parameters['preemptable'].nil? + self.scheduling_parameters['preemptable'] = true + end + end + end + def validate_runtime_constraints case self.state when Committed @@ -208,6 +236,9 @@ class ContainerRequest < ArvadosModel scheduling_parameters['partitions'].size) errors.add :scheduling_parameters, "partitions must be an array of strings" end + if !Rails.configuration.preemptable_instances and scheduling_parameters['preemptable'] + errors.add :scheduling_parameters, "preemptable instances are not allowed" + end end end @@ -216,7 +247,7 @@ class ContainerRequest < ArvadosModel if self.new_record? || self.state_was == Uncommitted # Allow create-and-commit in a single operation. - permitted.push *AttrsPermittedBeforeCommit + permitted.push(*AttrsPermittedBeforeCommit) end case self.state @@ -253,32 +284,39 @@ class ContainerRequest < ArvadosModel super(permitted) end - def update_priority - if self.state_changed? or - self.priority_changed? or - self.container_uuid_changed? - act_as_system_user do - Container. - where('uuid in (?)', - [self.container_uuid_was, self.container_uuid].compact). - map(&:update_priority!) + def secret_mounts_key_conflict + secret_mounts.each do |k, v| + if mounts.has_key?(k) + errors.add(:secret_mounts, 'conflict with non-secret mounts') + return false end end end + def scrub_secret_mounts + if self.state == Final + self.secret_mounts = {} + end + end + + def update_priority + return unless state_changed? || priority_changed? || container_uuid_changed? + act_as_system_user do + Container. + where('uuid in (?)', [self.container_uuid_was, self.container_uuid].compact). + map(&:update_priority!) + end + end + def set_priority_zero self.update_attributes!(priority: 0) if self.state != Final end def set_requesting_container_uuid - return !new_record? if self.requesting_container_uuid # already set - - token_uuid = current_api_client_authorization.andand.uuid - container = Container.where('auth_uuid=?', token_uuid).order('created_at desc').first - if container - self.requesting_container_uuid = container.uuid - self.priority = container.priority + return if !current_api_client_authorization + if (c = Container.where('auth_uuid=?', current_api_client_authorization.uuid).select([:uuid, :priority]).first) + self.requesting_container_uuid = c.uuid + self.priority = c.priority>0 ? 1 : 0 end - true end end