projects / arvados.git / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 482d0e7)
configurable setuid for crunch jobs
authorTom Clegg <tom@clinicalfuture.com>
Thu, 20 Jun 2013 16:44:03 +0000 (12:44 -0400)
committerTom Clegg <tom@clinicalfuture.com>
Thu, 20 Jun 2013 16:44:03 +0000 (12:44 -0400)
services/api/config/environments/development.rb.example patch | blob | history
services/api/config/environments/production.rb.example [moved from services/api/config/environments/production.rb with 97% similarity] patch | blob | history
services/api/config/environments/test.rb.example [moved from services/api/config/environments/test.rb with 96% similarity] patch | blob | history
services/api/script/crunch-dispatch.rb patch | blob | history

diff --git a/services/api/config/environments/development.rb.example b/services/api/config/environments/development.rb.example
index 24e9ccaa5cfbdb0333834680d2782419e5642255..34e1fab9f5fa855e969f1869fcbfcfbf9b4d2074 100644 (file)
--- a/services/api/config/environments/development.rb.example
+++ b/services/api/config/environments/development.rb.example
@@ -33,6 +33,7 @@ Server::Application.configure do
   config.git_repositories_dir = '/var/cache/git'
 
   config.crunch_job_wrapper = :none
+  config.crunch_job_user = 'crunch' # if false, do not set uid when running jobs
 
   # config.dnsmasq_conf_dir = '/etc/dnsmasq.d'
 
diff --git a/services/api/config/environments/production.rb b/services/api/config/environments/production.rb.example
similarity index 97%
rename from services/api/config/environments/production.rb
rename to services/api/config/environments/production.rb.example
index affa94ec694540d3edd30322c2409f73a66e82e0..2ac0822a2371db3b1acad94f4b5b0ceb15bf75ac 100644 (file)
--- a/services/api/config/environments/production.rb
+++ b/services/api/config/environments/production.rb.example
@@ -61,6 +61,7 @@ Server::Application.configure do
   config.git_repositories_dir = '/var/cache/git'
 
   config.crunch_job_wrapper = :slurm_immediate
+  config.crunch_job_user = 'crunch' # if false, do not set uid when running jobs
 
   # config.dnsmasq_conf_dir = '/etc/dnsmasq.d'
 
diff --git a/services/api/config/environments/test.rb b/services/api/config/environments/test.rb.example
similarity index 96%
rename from services/api/config/environments/test.rb
rename to services/api/config/environments/test.rb.example
index c370b967463a7896b321bbb7e17f6dbf1fc43cb5..0cca2b7140a3d3938ff31deef3930fd5fe4ebd27 100644 (file)
--- a/services/api/config/environments/test.rb
+++ b/services/api/config/environments/test.rb.example
@@ -40,6 +40,7 @@ Server::Application.configure do
   config.git_repositories_dir = '/var/cache/git'
 
   config.crunch_job_wrapper = :slurm_immediate
+  config.crunch_job_user = 'crunch' # if false, do not set uid when running jobs
 
   # config.dnsmasq_conf_dir = '/etc/dnsmasq.d'
 
diff --git a/services/api/script/crunch-dispatch.rb b/services/api/script/crunch-dispatch.rb
index 9e7097e98e5a7c251e59e0940fd663a57cd8a02f..fef599d7fd9f5191b4ef57a8aed1b7311dedd2e0 100755 (executable)
--- a/services/api/script/crunch-dispatch.rb
+++ b/services/api/script/crunch-dispatch.rb
@@ -70,6 +70,11 @@ class Dispatcher
         raise "Unknown crunch_job_wrapper: #{Server::Application.config.crunch_job_wrapper}"
       end
 
+      if Server::Application.config.crunch_job_user
+        cmd_args.unshift("sudo", "-u",
+                         Server::Application.config.crunch_job_user)
+      end
+
       job_auth = ApiClientAuthorization.
         new(user: User.where('uuid=?', job.modified_by_user).first,
             api_client_id: 0)