[ARVADOS] updated: 6a370a002d008dffaf9f47b7db3da47b40e57254

Git user git at public.curoverse.com
Fri Dec 16 12:21:25 EST 2016 

Summary of changes:
 sdk/go/arvadosclient/arvadosclient.go | 10 +++++++---
 sdk/go/keepclient/keepclient.go       |  1 -
 services/crunch-run/crunchrun.go      |  3 +++
 3 files changed, 10 insertions(+), 4 deletions(-)

       via  6a370a002d008dffaf9f47b7db3da47b40e57254 (commit)
      from  28db15c830a8f129283f43682727b470862572d8 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.


commit 6a370a002d008dffaf9f47b7db3da47b40e57254
Author: Peter Amstutz <peter.amstutz at curoverse.com>
Date:   Fri Dec 16 12:21:06 2016 -0500

    10684: Add -ca-certs option

diff --git a/sdk/go/arvadosclient/arvadosclient.go b/sdk/go/arvadosclient/arvadosclient.go
index dc3eddb..021b947 100644
--- a/sdk/go/arvadosclient/arvadosclient.go
+++ b/sdk/go/arvadosclient/arvadosclient.go
@@ -105,7 +105,11 @@ type ArvadosClient struct {
 	Retries int
 }
 
-var CertFiles = []string{"/etc/arvados/ca-certificates.crt"}
+var CertFiles = []string{
+	"/etc/arvados/ca-certificates.crt",
+	"/etc/ssl/certs/ca-certificates.crt", // Debian/Ubuntu/Gentoo etc.
+	"/etc/pki/tls/certs/ca-bundle.crt",   // Fedora/RHEL
+}
 
 // MakeTLSConfig sets up TLS configuration for communicating with Arvados and Keep services.
 func MakeTLSConfig(insecure bool) *tls.Config {
@@ -119,14 +123,14 @@ func MakeTLSConfig(insecure bool) *tls.Config {
 			if err == nil {
 				success := certs.AppendCertsFromPEM(data)
 				if !success {
-					fmt.Errorf("Did not load any certificates from %v", file)
+					fmt.Printf("Unable to load any certificates from %v", file)
 				} else {
 					tlsconfig.RootCAs = certs
 					break
 				}
 			}
 		}
-		// Will use system default CA roots if /etc/arvados/ca-certificates.crt not found.
+		// Will use system default CA roots instead.
 	}
 
 	return &tlsconfig
diff --git a/sdk/go/keepclient/keepclient.go b/sdk/go/keepclient/keepclient.go
index 1df0fa3..79a8715 100644
--- a/sdk/go/keepclient/keepclient.go
+++ b/sdk/go/keepclient/keepclient.go
@@ -4,7 +4,6 @@ package keepclient
 import (
 	"bytes"
 	"crypto/md5"
-	"crypto/tls"
 	"errors"
 	"fmt"
 	"git.curoverse.com/arvados.git/sdk/go/arvadosclient"
diff --git a/services/crunch-run/crunchrun.go b/services/crunch-run/crunchrun.go
index b14fa2c..10b3a61 100644
--- a/services/crunch-run/crunchrun.go
+++ b/services/crunch-run/crunchrun.go
@@ -912,10 +912,13 @@ func main() {
 	cgroupRoot := flag.String("cgroup-root", "/sys/fs/cgroup", "path to sysfs cgroup tree")
 	cgroupParent := flag.String("cgroup-parent", "docker", "name of container's parent cgroup (ignored if -cgroup-parent-subsystem is used)")
 	cgroupParentSubsystem := flag.String("cgroup-parent-subsystem", "", "use current cgroup for given subsystem as parent cgroup for container")
+	caCertsPath := flag.String("ca-certs", "/etc/arvados/ca-certificates.crt", "Path to TLS root certificates")
 	flag.Parse()
 
 	containerId := flag.Arg(0)
 
+	arvadosclient.CertFiles = []string{*caCertsPath}
+
 	api, err := arvadosclient.MakeArvadosClient()
 	if err != nil {
 		log.Fatalf("%s: %v", containerId, err)

-----------------------------------------------------------------------


hooks/post-receive
--

More information about the arvados-commits mailing list