}
$ENV{"HOST_CRUNCHRUNNER_BIN"} ||= `which crunchrunner`;
-$ENV{"HOST_CERTS"} ||= "/etc/ssl/certs/ca-certificates.crt";
+unless (defined($ENV{"HOST_CERTS"}) {
+ if (-f "/etc/ssl/certs/ca-certificates.crt") {
+ $ENV{"HOST_CERTS"} = "/etc/ssl/certs/ca-certificates.crt";
+ } else if (-f "/etc/pki/tls/certs/ca-bundle.crt") {
+ $ENV{"HOST_CERTS"} = "/etc/pki/tls/certs/ca-bundle.crt";
+}
# Create the tmp directory if it does not exist
if ( ! -d $ENV{"CRUNCH_TMP"} ) {
# Bind mount the crunchrunner binary and host TLS certificates file into
# the container.
- $command .= "--volume=\Q$ENV{HOST_CRUNCHRUNNER_BIN}:/usr/lib/crunchrunner/crunchrunner\E ";
- $command .= "--volume=\Q$ENV{HOST_CERTS}:/usr/lib/crunchrunner/ca-certificates.crt\E ";
+ $command .= "--volume=\Q$ENV{HOST_CRUNCHRUNNER_BIN}:/usr/local/bin/crunchrunner\E ";
+ $command .= "--volume=\Q$ENV{HOST_CERTS}:/etc/arvados/ca-certificates.crt\E ";
while (my ($env_key, $env_val) = each %ENV)
{
log.Fatal(err)
}
- certpath := path.Join(path.Dir(os.Args[0]), "ca-certificates.crt")
- certdata, err := ioutil.ReadFile(certpath)
- if err == nil {
- log.Printf("Using TLS certificates at %v", certpath)
- certs := x509.NewCertPool()
- certs.AppendCertsFromPEM(certdata)
- api.Client.Transport.(*http.Transport).TLSClientConfig.RootCAs = certs
+ // Container may not have certificates installed, so need to look for
+ // /etc/arvados/ca-certificates.crt in addition to normal system certs.
+ var certFiles = []string{
+ "/etc/ssl/certs/ca-certificates.crt", // Debian
+ "/etc/pki/tls/certs/ca-bundle.crt", // Red Hat
+ "/etc/arvados/ca-certificates.crt",
+ }
+
+ certs := x509.NewCertPool()
+ for _, file := range certFiles {
+ data, err := ioutil.ReadFile(file)
+ if err == nil {
+ log.Printf("Using TLS certificates at %v", file)
+ certs.AppendCertsFromPEM(data)
+ }
}
+ api.Client.Transport.(*http.Transport).TLSClientConfig.RootCAs = certs
jobUuid := os.Getenv("JOB_UUID")
taskUuid := os.Getenv("TASK_UUID")