X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/f4ca9ad94a6bb006d1f3c7ba207837f1736d1247..3dd2a1957ae4106bfc2bd5405662c47c087eb79c:/sdk/go/crunchrunner/crunchrunner.go diff --git a/sdk/go/crunchrunner/crunchrunner.go b/sdk/go/crunchrunner/crunchrunner.go index 8e24e18fda..14c75afff2 100644 --- a/sdk/go/crunchrunner/crunchrunner.go +++ b/sdk/go/crunchrunner/crunchrunner.go @@ -1,10 +1,13 @@ package main import ( + "crypto/x509" "fmt" "git.curoverse.com/arvados.git/sdk/go/arvadosclient" "git.curoverse.com/arvados.git/sdk/go/keepclient" + "io/ioutil" "log" + "net/http" "os" "os/exec" "os/signal" @@ -113,6 +116,8 @@ func setupCommand(cmd *exec.Cmd, taskp TaskDef, outdir string, replacements map[ cmd.Stdout = os.Stdout } + cmd.Stderr = os.Stderr + if taskp.Env != nil { // Set up subprocess environment cmd.Env = os.Environ() @@ -209,6 +214,10 @@ func runner(api IArvadosClient, "$(task.outdir)": outdir, "$(task.keep)": keepmount} + log.Printf("crunchrunner: $(task.tmpdir)=%v", tmpdir) + log.Printf("crunchrunner: $(task.outdir)=%v", outdir) + log.Printf("crunchrunner: $(task.keep)=%v", keepmount) + // Set up subprocess for k, v := range taskp.Command { taskp.Command[k] = substitute(v, replacements) @@ -317,6 +326,24 @@ func main() { log.Fatal(err) } + // Container may not have certificates installed, so need to look for + // /etc/arvados/ca-certificates.crt in addition to normal system certs. + var certFiles = []string{ + "/etc/ssl/certs/ca-certificates.crt", // Debian + "/etc/pki/tls/certs/ca-bundle.crt", // Red Hat + "/etc/arvados/ca-certificates.crt", + } + + certs := x509.NewCertPool() + for _, file := range certFiles { + data, err := ioutil.ReadFile(file) + if err == nil { + log.Printf("Using TLS certificates at %v", file) + certs.AppendCertsFromPEM(data) + } + } + api.Client.Transport.(*http.Transport).TLSClientConfig.RootCAs = certs + jobUuid := os.Getenv("JOB_UUID") taskUuid := os.Getenv("TASK_UUID") tmpdir := os.Getenv("TASK_WORK")