X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/ec51cd72eabf0f0bbebf7cd979d1a23a1319a416..94f5be8c86ad975ee7aa9f3df87be23fbc154dec:/sdk/cli/bin/crunch-job diff --git a/sdk/cli/bin/crunch-job b/sdk/cli/bin/crunch-job index e473710c24..4bd58a8ddb 100755 --- a/sdk/cli/bin/crunch-job +++ b/sdk/cli/bin/crunch-job @@ -109,6 +109,15 @@ unless (defined $ENV{"CRUNCH_TMP"}) { } } +$ENV{"HOST_CRUNCHRUNNER_BIN"} ||= `which crunchrunner`; +unless (defined($ENV{"HOST_CERTS"})) { + if (-f "/etc/ssl/certs/ca-certificates.crt") { + $ENV{"HOST_CERTS"} = "/etc/ssl/certs/ca-certificates.crt"; + } elsif (-f "/etc/pki/tls/certs/ca-bundle.crt") { + $ENV{"HOST_CERTS"} = "/etc/pki/tls/certs/ca-bundle.crt"; + } +} + # Create the tmp directory if it does not exist if ( ! -d $ENV{"CRUNCH_TMP"} ) { make_path $ENV{"CRUNCH_TMP"} or die "Failed to create temporary working directory: " . $ENV{"CRUNCH_TMP"}; @@ -432,7 +441,7 @@ fi # Determine whether this version of Docker supports memory+swap limits. ($exited, $stdout, $stderr) = srun_sync( - ["srun", "--nodelist=" . $node[0]], + ["srun", "--nodes=1"], [$docker_bin, 'run', '--help'], {label => "check --memory-swap feature"}); $docker_limitmem = ($stdout =~ /--memory-swap/); @@ -455,7 +464,7 @@ fi $try_user_arg = "--user=$try_user"; } my ($exited, $stdout, $stderr) = srun_sync( - ["srun", "--nodelist=" . $node[0]], + ["srun", "--nodes=1"], ["/bin/sh", "-ec", "$docker_bin run $docker_run_args $try_user_arg $docker_hash id --user"], {label => $label}); @@ -917,6 +926,11 @@ for (my $todo_ptr = 0; $todo_ptr <= $#jobstep_todo; $todo_ptr ++) # For now, use the same approach as TASK_WORK above. $ENV{"JOB_WORK"} = "/tmp/crunch-job-work"; + # Bind mount the crunchrunner binary and host TLS certificates file into + # the container. + $command .= "--volume=\Q$ENV{HOST_CRUNCHRUNNER_BIN}:/usr/local/bin/crunchrunner\E "; + $command .= "--volume=\Q$ENV{HOST_CERTS}:/etc/arvados/ca-certificates.crt\E "; + while (my ($env_key, $env_val) = each %ENV) { if ($env_key =~ /^(ARVADOS|CRUNCH|JOB|TASK)_/) {