[ARVADOS] created: 91b379c4a76b8278354903158a65e5d47babd363
Git user
git at public.curoverse.com
Wed Apr 6 10:32:47 EDT 2016
at 91b379c4a76b8278354903158a65e5d47babd363 (commit)
commit 91b379c4a76b8278354903158a65e5d47babd363
Author: Brett Smith <brett at curoverse.com>
Date: Wed Apr 6 10:32:03 2016 -0400
8893: crunch-job doesn't pass empty strings to `docker run`.
We solve this issue by requiring $VOLUME_CRUNCHRUNNER and
$VOLUME_CERTS to contain their own quoting. Because of that, we clear
their values first, to make sure we don't inherit values that might
break the `docker run` invocation.
diff --git a/sdk/cli/bin/crunch-job b/sdk/cli/bin/crunch-job
index cc0b60c..6423c1c 100755
--- a/sdk/cli/bin/crunch-job
+++ b/sdk/cli/bin/crunch-job
@@ -853,9 +853,12 @@ for (my $todo_ptr = 0; $todo_ptr <= $#jobstep_todo; $todo_ptr ++)
.q{&& SWAP=$(awk '($1 == "SwapTotal:"){print $2}' </proc/meminfo) }
."&& MEMLIMIT=\$(( (\$MEM * 95) / ($ENV{CRUNCH_NODE_SLOTS} * 100) )) "
."&& let SWAPLIMIT=\$MEMLIMIT+\$SWAP "
- ."&& if which crunchrunner >/dev/null ; then VOLUME_CRUNCHRUNNER=\"--volume=\$(which crunchrunner):/usr/local/bin/crunchrunner\" ; fi "
- ."&& if test -f /etc/ssl/certs/ca-certificates.crt ; then VOLUME_CERTS=\"--volume=/etc/ssl/certs/ca-certificates.crt:/etc/arvados/ca-certificates.crt\" ; fi "
- ."&& if test -f /etc/pki/tls/certs/ca-bundle.crt ; then VOLUME_CERTS=\"--volume=/etc/pki/tls/certs/ca-bundle.crt:/etc/arvados/ca-certificates.crt\" ; fi ";
+ # $VOLUME_CRUNCHRUNNER and $VOLUME_CERTS will be passed unquoted as
+ # arguments to `docker run`. They must contain their own quoting.
+ .q{&& VOLUME_CRUNCHRUNNER="" VOLUME_CERTS="" }
+ .q{&& if which crunchrunner >/dev/null ; then VOLUME_CRUNCHRUNNER=\\"--volume=$(which crunchrunner):/usr/local/bin/crunchrunner\\" ; fi }
+ .q{&& if test -f /etc/ssl/certs/ca-certificates.crt ; then VOLUME_CERTS=\\"--volume=/etc/ssl/certs/ca-certificates.crt:/etc/arvados/ca-certificates.crt\\" ; }
+ .q{elif test -f /etc/pki/tls/certs/ca-bundle.crt ; then VOLUME_CERTS=\\"--volume=/etc/pki/tls/certs/ca-bundle.crt:/etc/arvados/ca-certificates.crt\\" ; fi };
$command .= "&& exec arv-mount --read-write --mount-by-pdh=by_pdh --mount-tmp=tmp --crunchstat-interval=10 --allow-other $arv_file_cache \Q$keep_mnt\E --exec ";
$ENV{TASK_KEEPMOUNT} = "$keep_mnt/by_pdh";
@@ -922,7 +925,7 @@ for (my $todo_ptr = 0; $todo_ptr <= $#jobstep_todo; $todo_ptr ++)
# Bind mount the crunchrunner binary and host TLS certificates file into
# the container.
- $command .= "\"\$VOLUME_CRUNCHRUNNER\" \"\$VOLUME_CERTS\" ";
+ $command .= "\$VOLUME_CRUNCHRUNNER \$VOLUME_CERTS ";
while (my ($env_key, $env_val) = each %ENV)
{
-----------------------------------------------------------------------
hooks/post-receive
--
More information about the arvados-commits
mailing list