14807: Pass env vars on stdin instead of using SSH feature.

Arbitrary environment variables are typically not accepted by SSH
server configs.

Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tclegg@veritasgenetics.com>

diff --git a/lib/dispatchcloud/test/stub_driver.go b/lib/dispatchcloud/test/stub_driver.go
index fbab30b175d674ceec0b18d2b1726dfd930df1d7..4a88bfab141d511860dad811befcd376245fb615 100644 (file)
--- a/lib/dispatchcloud/test/stub_driver.go
+++ b/lib/dispatchcloud/test/stub_driver.go
@@ -10,6 +10,7 @@ import (
        "errors"
        "fmt"
        "io"
+       "io/ioutil"
        math_rand "math/rand"
        "regexp"
        "strings"
@@ -205,6 +206,11 @@ func (svm *StubVM) Instance() stubInstance {
 }
 
 func (svm *StubVM) Exec(env map[string]string, command string, stdin io.Reader, stdout, stderr io.Writer) uint32 {
+       stdinData, err := ioutil.ReadAll(stdin)
+       if err != nil {
+               fmt.Fprintf(stderr, "error reading stdin: %s\n", err)
+               return 1
+       }
        queue := svm.sis.driver.Queue
        uuid := regexp.MustCompile(`.{5}-dz642-.{15}`).FindString(command)
        if eta := svm.Boot.Sub(time.Now()); eta > 0 {
@@ -219,10 +225,17 @@ func (svm *StubVM) Exec(env map[string]string, command string, stdin io.Reader,
                fmt.Fprint(stderr, "crunch-run: command not found\n")
                return 1
        }
-       if strings.HasPrefix(command, "crunch-run --detach ") {
+       if strings.HasPrefix(command, "source /dev/stdin; crunch-run --detach ") {
+               stdinKV := map[string]string{}
+               for _, line := range strings.Split(string(stdinData), "\n") {
+                       kv := strings.SplitN(strings.TrimPrefix(line, "export "), "=", 2)
+                       if len(kv) == 2 && len(kv[1]) > 0 {
+                               stdinKV[kv[0]] = kv[1]
+                       }
+               }
                for _, name := range []string{"ARVADOS_API_HOST", "ARVADOS_API_TOKEN"} {
-                       if env[name] == "" {
-                               fmt.Fprintf(stderr, "%s missing from environment %q\n", name, env)
+                       if stdinKV[name] == "" {
+                               fmt.Fprintf(stderr, "%s env var missing from stdin %q\n", name, stdin)
                                return 1
                        }
                }

diff --git a/lib/dispatchcloud/worker/worker.go b/lib/dispatchcloud/worker/worker.go
index a24747267615b9b0d0d0c8851271e92bdb85087c..d0810f7a8ad8597a9e6c4465ff3492edc796bfd9 100644 (file)
--- a/lib/dispatchcloud/worker/worker.go
+++ b/lib/dispatchcloud/worker/worker.go
@@ -101,11 +101,11 @@ func (wkr *worker) startContainer(ctr arvados.Container) {
        wkr.starting[ctr.UUID] = struct{}{}
        wkr.state = StateRunning
        go func() {
-               env := map[string]string{
-                       "ARVADOS_API_HOST":  wkr.wp.arvClient.APIHost,
-                       "ARVADOS_API_TOKEN": wkr.wp.arvClient.AuthToken,
-               }
-               stdout, stderr, err := wkr.executor.Execute(env, "crunch-run --detach '"+ctr.UUID+"'", nil)
+               stdin := bytes.NewBufferString(fmt.Sprintf("export %s=%q\nexport %s=%q\n",
+                       "ARVADOS_API_HOST", wkr.wp.arvClient.APIHost,
+                       "ARVADOS_API_TOKEN", wkr.wp.arvClient.AuthToken))
+               cmd := "source /dev/stdin; crunch-run --detach '" + ctr.UUID + "'"
+               stdout, stderr, err := wkr.executor.Execute(nil, cmd, stdin)
                wkr.mtx.Lock()
                defer wkr.mtx.Unlock()
                now := time.Now()