[ARVADOS] updated: 1.3.0-335-gf9a2eb66c
Git user
git at public.curoverse.com
Fri Feb 15 00:01:30 EST 2019
Summary of changes:
lib/dispatchcloud/worker/worker.go | 21 +++++++++++++++------
services/crunch-run/crunchrun.go | 26 ++++++++++++++++++++++++++
2 files changed, 41 insertions(+), 6 deletions(-)
via f9a2eb66cf89557882a0af0f24f62edd40390211 (commit)
from aaa6a44a72dcaae6ee08e9c28281f5930126b329 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
commit f9a2eb66cf89557882a0af0f24f62edd40390211
Author: Tom Clegg <tclegg at veritasgenetics.com>
Date: Thu Feb 14 23:40:57 2019 -0500
14807: Load API host/token directly from stdin without shell hack.
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tclegg at veritasgenetics.com>
diff --git a/lib/dispatchcloud/worker/worker.go b/lib/dispatchcloud/worker/worker.go
index fbb6981ca..7e2ec509d 100644
--- a/lib/dispatchcloud/worker/worker.go
+++ b/lib/dispatchcloud/worker/worker.go
@@ -6,6 +6,7 @@ package worker
import (
"bytes"
+ "encoding/json"
"fmt"
"strings"
"sync"
@@ -101,14 +102,22 @@ func (wkr *worker) startContainer(ctr arvados.Container) {
wkr.starting[ctr.UUID] = struct{}{}
wkr.state = StateRunning
go func() {
- cmd := "crunch-run --detach '" + ctr.UUID + "'"
- stdin := bytes.NewBufferString(fmt.Sprintf("export %s=%q\nexport %s=%q\n",
- "ARVADOS_API_HOST", wkr.wp.arvClient.APIHost,
- "ARVADOS_API_TOKEN", wkr.wp.arvClient.AuthToken))
+ env := map[string]string{
+ "ARVADOS_API_HOST": wkr.wp.arvClient.APIHost,
+ "ARVADOS_API_TOKEN": wkr.wp.arvClient.AuthToken,
+ }
+ if wkr.wp.arvClient.APIHostInsecure {
+ env["ARVADOS_API_HOST_INSECURE"] = "1"
+ }
+ envJSON, err := json.Marshal(env)
+ if err != nil {
+ panic(err)
+ }
+ stdin := bytes.NewBuffer(envJSON)
+ cmd := "crunch-run --detach --stdin-env '" + ctr.UUID + "'"
if u := wkr.instance.RemoteUser(); u != "root" {
- cmd = "sudo -E " + cmd
+ cmd = "sudo " + cmd
}
- cmd = "source /dev/stdin; " + cmd
stdout, stderr, err := wkr.executor.Execute(nil, cmd, stdin)
wkr.mtx.Lock()
defer wkr.mtx.Unlock()
diff --git a/services/crunch-run/crunchrun.go b/services/crunch-run/crunchrun.go
index 2b9a11958..0576337aa 100644
--- a/services/crunch-run/crunchrun.go
+++ b/services/crunch-run/crunchrun.go
@@ -1737,6 +1737,7 @@ func main() {
cgroupParentSubsystem := flag.String("cgroup-parent-subsystem", "", "use current cgroup for given subsystem as parent cgroup for container")
caCertsPath := flag.String("ca-certs", "", "Path to TLS root certificates")
detach := flag.Bool("detach", false, "Detach from parent process and run in the background")
+ stdinEnv := flag.Bool("stdin-env", false, "Load environment variables from JSON message on stdin")
sleep := flag.Duration("sleep", 0, "Delay before starting (testing use only)")
kill := flag.Int("kill", -1, "Send signal to an existing crunch-run process for given UUID")
list := flag.Bool("list", false, "List UUIDs of existing crunch-run processes")
@@ -1766,6 +1767,13 @@ func main() {
flag.Parse()
+ if *stdinEnv && !ignoreDetachFlag {
+ // Load env vars on stdin if asked (but not in a
+ // detached child process, in which case stdin is
+ // /dev/null).
+ loadEnv(os.Stdin)
+ }
+
switch {
case *detach && !ignoreDetachFlag:
os.Exit(Detach(flag.Arg(0), os.Args, os.Stdout, os.Stderr))
@@ -1856,3 +1864,21 @@ func main() {
log.Fatalf("%s: %v", containerId, runerr)
}
}
+
+func loadEnv(rdr io.Reader) {
+ buf, err := ioutil.ReadAll(rdr)
+ if err != nil {
+ log.Fatalf("read stdin: %s", err)
+ }
+ var env map[string]string
+ err = json.Unmarshal(buf, &env)
+ if err != nil {
+ log.Fatalf("decode stdin: %s", err)
+ }
+ for k, v := range env {
+ err = os.Setenv(k, v)
+ if err != nil {
+ log.Fatalf("setenv(%q): %s", k, err)
+ }
+ }
+}
-----------------------------------------------------------------------
hooks/post-receive
--
More information about the arvados-commits
mailing list