From 8791087165cebd9ace51c52277b3e9398ebc44c3 Mon Sep 17 00:00:00 2001 From: khurtado Date: Thu, 4 Apr 2019 17:43:14 +0000 Subject: [PATCH 1/9] Change ownership of workflow directory when VC3USERID is defined. --- reana_workflow_controller/utils.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/reana_workflow_controller/utils.py b/reana_workflow_controller/utils.py index 86a39286..9c3e6d19 100644 --- a/reana_workflow_controller/utils.py +++ b/reana_workflow_controller/utils.py @@ -27,6 +27,10 @@ def create_workflow_workspace(path): reana_fs = fs.open_fs(app.config['SHARED_VOLUME_PATH']) if not reana_fs.exists(path): reana_fs.makedirs(path) + if os.environ.get("VC3USERID", None): + vc3_uid = int(os.environ.get("VC3USERID")) + owner_gid = os.stat(reana_fs.getsyspath(path)).st_gid + os.chown(reana_fs.getsyspath(path), vc3_uid, owner_gid) def list_directory_files(directory): From 85f3cbcdf727e34a674c0187bf19da7e3871724c Mon Sep 17 00:00:00 2001 From: khurtado Date: Wed, 19 Jun 2019 18:03:10 +0000 Subject: [PATCH 2/9] Run workflor engine pod as a user, when VC3USERID is set in the environment. --- reana_workflow_controller/workflow_run_manager.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/reana_workflow_controller/workflow_run_manager.py b/reana_workflow_controller/workflow_run_manager.py index 311d6d64..c51bae36 100644 --- a/reana_workflow_controller/workflow_run_manager.py +++ b/reana_workflow_controller/workflow_run_manager.py @@ -331,6 +331,9 @@ def _create_job_spec(self, name, command=None, image=None, 'mountPath': SHARED_FS_MAPPING['MOUNT_DEST_PATH'], }, ] + security_context = None + if os.environ.get("VC3USERID", None): + security_context = client.V1SecurityContext(run_as_user=int(os.environ.get("VC3USERID"))) spec.template.spec = client.V1PodSpec(containers=[container]) spec.template.spec.volumes = [ KubernetesWorkflowRunManager.k8s_shared_volume From 6f74d703d446997a9213ff3a188bc5364ac21680 Mon Sep 17 00:00:00 2001 From: khurtado Date: Wed, 19 Jun 2019 19:31:49 +0000 Subject: [PATCH 3/9] Fix run_as_user option --- reana_workflow_controller/workflow_run_manager.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/reana_workflow_controller/workflow_run_manager.py b/reana_workflow_controller/workflow_run_manager.py index c51bae36..4fbf6856 100644 --- a/reana_workflow_controller/workflow_run_manager.py +++ b/reana_workflow_controller/workflow_run_manager.py @@ -334,7 +334,7 @@ def _create_job_spec(self, name, command=None, image=None, security_context = None if os.environ.get("VC3USERID", None): security_context = client.V1SecurityContext(run_as_user=int(os.environ.get("VC3USERID"))) - spec.template.spec = client.V1PodSpec(containers=[container]) + spec.template.spec = client.V1PodSpec(containers=[container], security_context=security_context) spec.template.spec.volumes = [ KubernetesWorkflowRunManager.k8s_shared_volume [REANA_STORAGE_BACKEND] From da6247776544099988df6cea1d051ecf9e6e9d8a Mon Sep 17 00:00:00 2001 From: khurtado Date: Thu, 29 Aug 2019 19:38:27 +0000 Subject: [PATCH 4/9] Force ID/GID as int --- reana_workflow_controller/workflow_run_manager.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/reana_workflow_controller/workflow_run_manager.py b/reana_workflow_controller/workflow_run_manager.py index 737ea5a7..208ac747 100644 --- a/reana_workflow_controller/workflow_run_manager.py +++ b/reana_workflow_controller/workflow_run_manager.py @@ -362,8 +362,8 @@ def _create_job_spec(self, name, command=None, image=None, workflow_enginge_container.env.extend(workflow_engine_env_vars) workflow_enginge_container.security_context = \ client.V1SecurityContext( - run_as_group=WORKFLOW_RUNTIME_USER_GID, - run_as_user=WORKFLOW_RUNTIME_USER_UID + run_as_group=int(WORKFLOW_RUNTIME_USER_GID), + run_as_user=int(WORKFLOW_RUNTIME_USER_UID) ) workflow_enginge_container.volume_mounts = [workspace_mount] secrets_store = REANAUserSecretsStore(owner_id) From 9b1a5e14f3a46fd113fff15ae424dc898887339d Mon Sep 17 00:00:00 2001 From: khurtado Date: Fri, 30 Aug 2019 19:42:50 +0000 Subject: [PATCH 5/9] Propagate volume mount points and VC3 related variables when applicable. --- reana_workflow_controller/config.py | 3 ++ .../workflow_run_manager.py | 33 +++++++++++++++---- 2 files changed, 30 insertions(+), 6 deletions(-) diff --git a/reana_workflow_controller/config.py b/reana_workflow_controller/config.py index 2ea97ccd..aec829ee 100644 --- a/reana_workflow_controller/config.py +++ b/reana_workflow_controller/config.py @@ -29,6 +29,9 @@ SHARED_VOLUME_PATH = os.getenv('SHARED_VOLUME_PATH', '/var/reana') +REANA_JOB_CONTROLLER_VC3_HTCONDOR_ADDR = os.getenv('REANA_JOB_CONTROLLER_VC3_HTCONDOR_ADDR', '') + +REANA_JOB_CONTROLLER_EXTRA_MOUNTPOINTS = os.getenv('REANA_JOB_CONTROLLER_EXTRA_MOUNTPOINTS', '') SQLALCHEMY_TRACK_MODIFICATIONS = False """Track modifications flag.""" diff --git a/reana_workflow_controller/workflow_run_manager.py b/reana_workflow_controller/workflow_run_manager.py index 208ac747..9951f8fd 100644 --- a/reana_workflow_controller/workflow_run_manager.py +++ b/reana_workflow_controller/workflow_run_manager.py @@ -400,6 +400,21 @@ def _create_job_spec(self, name, command=None, image=None, 'value': user } ]) + + job_controller_env_vars.extend([ + { + 'name': 'SHARED_VOLUME_PATH', + 'value': SHARED_VOLUME_PATH + } + ]) + if REANA_JOB_CONTROLLER_VC3_HTCONDOR_ADDR: + job_controller_env_vars.extend([ + { + 'name': 'REANA_JOB_CONTROLLER_VC3_HTCONDOR_ADDR', + 'value': REANA_JOB_CONTROLLER_VC3_HTCONDOR_ADDR + } + ]) + job_controller_container.env.extend(job_controller_env_vars) job_controller_container.env.extend(job_controller_env_secrets) job_controller_container.env.extend([ @@ -411,11 +426,20 @@ def _create_job_spec(self, name, command=None, image=None, 'name': 'REANA_STORAGE_BACKEND', 'value': REANA_STORAGE_BACKEND } - ]) + ]) secrets_volume_mount = \ secrets_store.get_secrets_volume_mount_as_k8s_spec() - job_controller_container.volume_mounts = [workspace_mount, db_mount] + + extra_mounts=[] + for mount_point in REANA_JOB_CONTROLLER_EXTRA_MOUNTPOINTS.split(','): + mount_point = mount_point.lstrip() + basedir = os.path.basename(mount_point) + parentdir = os.path.dirname(mount_point) + mount = get_shared_volume(basedir, parentdir) + extra_mounts.append(mount) + + job_controller_container.volume_mounts = [workspace_mount, db_mount] + extra_mounts job_controller_container.volume_mounts.append(secrets_volume_mount) job_controller_container.ports = [{ @@ -423,11 +447,8 @@ def _create_job_spec(self, name, command=None, image=None, current_app.config['JOB_CONTROLLER_CONTAINER_PORT'] }] containers = [workflow_enginge_container, job_controller_container] - security_context = None - if os.environ.get("VC3USERID", None): - security_context = client.V1SecurityContext(run_as_user=int(os.environ.get("VC3USERID"))) spec.template.spec = client.V1PodSpec( - containers=containers, security_context=security_context) + containers=containers) spec.template.spec.volumes = [ KubernetesWorkflowRunManager.k8s_shared_volume From 9911545739a82be4b5b16457f598ae62f7105ad2 Mon Sep 17 00:00:00 2001 From: khurtado Date: Fri, 30 Aug 2019 19:42:50 +0000 Subject: [PATCH 6/9] Propagate volume mount points and VC3 related variables when applicable. --- reana_workflow_controller/config.py | 3 ++ .../workflow_run_manager.py | 35 +++++++++++++++---- 2 files changed, 32 insertions(+), 6 deletions(-) diff --git a/reana_workflow_controller/config.py b/reana_workflow_controller/config.py index 2ea97ccd..aec829ee 100644 --- a/reana_workflow_controller/config.py +++ b/reana_workflow_controller/config.py @@ -29,6 +29,9 @@ SHARED_VOLUME_PATH = os.getenv('SHARED_VOLUME_PATH', '/var/reana') +REANA_JOB_CONTROLLER_VC3_HTCONDOR_ADDR = os.getenv('REANA_JOB_CONTROLLER_VC3_HTCONDOR_ADDR', '') + +REANA_JOB_CONTROLLER_EXTRA_MOUNTPOINTS = os.getenv('REANA_JOB_CONTROLLER_EXTRA_MOUNTPOINTS', '') SQLALCHEMY_TRACK_MODIFICATIONS = False """Track modifications flag.""" diff --git a/reana_workflow_controller/workflow_run_manager.py b/reana_workflow_controller/workflow_run_manager.py index 208ac747..06cf118a 100644 --- a/reana_workflow_controller/workflow_run_manager.py +++ b/reana_workflow_controller/workflow_run_manager.py @@ -44,6 +44,8 @@ SHARED_VOLUME_PATH, TTL_SECONDS_AFTER_FINISHED, WORKFLOW_ENGINE_COMMON_ENV_VARS, + REANA_JOB_CONTROLLER_VC3_HTCONDOR_ADDR, + REANA_JOB_CONTROLLER_EXTRA_MOUNTPOINTS, DEBUG_ENV_VARS) @@ -400,6 +402,21 @@ def _create_job_spec(self, name, command=None, image=None, 'value': user } ]) + + job_controller_env_vars.extend([ + { + 'name': 'SHARED_VOLUME_PATH', + 'value': SHARED_VOLUME_PATH + } + ]) + if REANA_JOB_CONTROLLER_VC3_HTCONDOR_ADDR: + job_controller_env_vars.extend([ + { + 'name': 'REANA_JOB_CONTROLLER_VC3_HTCONDOR_ADDR', + 'value': REANA_JOB_CONTROLLER_VC3_HTCONDOR_ADDR + } + ]) + job_controller_container.env.extend(job_controller_env_vars) job_controller_container.env.extend(job_controller_env_secrets) job_controller_container.env.extend([ @@ -411,11 +428,20 @@ def _create_job_spec(self, name, command=None, image=None, 'name': 'REANA_STORAGE_BACKEND', 'value': REANA_STORAGE_BACKEND } - ]) + ]) secrets_volume_mount = \ secrets_store.get_secrets_volume_mount_as_k8s_spec() - job_controller_container.volume_mounts = [workspace_mount, db_mount] + + extra_mounts=[] + for mount_point in REANA_JOB_CONTROLLER_EXTRA_MOUNTPOINTS.split(','): + mount_point = mount_point.lstrip() + basedir = os.path.basename(mount_point) + parentdir = os.path.dirname(mount_point) + mount = get_shared_volume(basedir, parentdir) + extra_mounts.append(mount) + + job_controller_container.volume_mounts = [workspace_mount, db_mount] + extra_mounts job_controller_container.volume_mounts.append(secrets_volume_mount) job_controller_container.ports = [{ @@ -423,11 +449,8 @@ def _create_job_spec(self, name, command=None, image=None, current_app.config['JOB_CONTROLLER_CONTAINER_PORT'] }] containers = [workflow_enginge_container, job_controller_container] - security_context = None - if os.environ.get("VC3USERID", None): - security_context = client.V1SecurityContext(run_as_user=int(os.environ.get("VC3USERID"))) spec.template.spec = client.V1PodSpec( - containers=containers, security_context=security_context) + containers=containers) spec.template.spec.volumes = [ KubernetesWorkflowRunManager.k8s_shared_volume From 4179642b9e9ed9007b99b61c1c689f640030dd2b Mon Sep 17 00:00:00 2001 From: khurtado Date: Fri, 30 Aug 2019 19:42:50 +0000 Subject: [PATCH 7/9] Propagate volume mount points and VC3 related variables when applicable. --- reana_workflow_controller/config.py | 3 ++ .../workflow_run_manager.py | 35 +++++++++++++++---- 2 files changed, 32 insertions(+), 6 deletions(-) diff --git a/reana_workflow_controller/config.py b/reana_workflow_controller/config.py index 2ea97ccd..aec829ee 100644 --- a/reana_workflow_controller/config.py +++ b/reana_workflow_controller/config.py @@ -29,6 +29,9 @@ SHARED_VOLUME_PATH = os.getenv('SHARED_VOLUME_PATH', '/var/reana') +REANA_JOB_CONTROLLER_VC3_HTCONDOR_ADDR = os.getenv('REANA_JOB_CONTROLLER_VC3_HTCONDOR_ADDR', '') + +REANA_JOB_CONTROLLER_EXTRA_MOUNTPOINTS = os.getenv('REANA_JOB_CONTROLLER_EXTRA_MOUNTPOINTS', '') SQLALCHEMY_TRACK_MODIFICATIONS = False """Track modifications flag.""" diff --git a/reana_workflow_controller/workflow_run_manager.py b/reana_workflow_controller/workflow_run_manager.py index 208ac747..cc6d5ed1 100644 --- a/reana_workflow_controller/workflow_run_manager.py +++ b/reana_workflow_controller/workflow_run_manager.py @@ -44,6 +44,8 @@ SHARED_VOLUME_PATH, TTL_SECONDS_AFTER_FINISHED, WORKFLOW_ENGINE_COMMON_ENV_VARS, + REANA_JOB_CONTROLLER_VC3_HTCONDOR_ADDR, + REANA_JOB_CONTROLLER_EXTRA_MOUNTPOINTS, DEBUG_ENV_VARS) @@ -400,6 +402,21 @@ def _create_job_spec(self, name, command=None, image=None, 'value': user } ]) + + job_controller_env_vars.extend([ + { + 'name': 'SHARED_VOLUME_PATH', + 'value': SHARED_VOLUME_PATH + } + ]) + if REANA_JOB_CONTROLLER_VC3_HTCONDOR_ADDR: + job_controller_env_vars.extend([ + { + 'name': 'REANA_JOB_CONTROLLER_VC3_HTCONDOR_ADDR', + 'value': REANA_JOB_CONTROLLER_VC3_HTCONDOR_ADDR + } + ]) + job_controller_container.env.extend(job_controller_env_vars) job_controller_container.env.extend(job_controller_env_secrets) job_controller_container.env.extend([ @@ -411,11 +428,20 @@ def _create_job_spec(self, name, command=None, image=None, 'name': 'REANA_STORAGE_BACKEND', 'value': REANA_STORAGE_BACKEND } - ]) + ]) secrets_volume_mount = \ secrets_store.get_secrets_volume_mount_as_k8s_spec() - job_controller_container.volume_mounts = [workspace_mount, db_mount] + + extra_mounts=[] + for mount_point in REANA_JOB_CONTROLLER_EXTRA_MOUNTPOINTS.split(','): + mount_point = mount_point.lstrip() + basedir = os.path.basename(mount_point) + parentdir = os.path.dirname(mount_point) + mount, _ = get_shared_volume(basedir, parentdir) + extra_mounts.append(mount) + + job_controller_container.volume_mounts = [workspace_mount, db_mount] + extra_mounts job_controller_container.volume_mounts.append(secrets_volume_mount) job_controller_container.ports = [{ @@ -423,11 +449,8 @@ def _create_job_spec(self, name, command=None, image=None, current_app.config['JOB_CONTROLLER_CONTAINER_PORT'] }] containers = [workflow_enginge_container, job_controller_container] - security_context = None - if os.environ.get("VC3USERID", None): - security_context = client.V1SecurityContext(run_as_user=int(os.environ.get("VC3USERID"))) spec.template.spec = client.V1PodSpec( - containers=containers, security_context=security_context) + containers=containers) spec.template.spec.volumes = [ KubernetesWorkflowRunManager.k8s_shared_volume From fc28fb79d0aa9c69c2592ba4f313877afcc38ccd Mon Sep 17 00:00:00 2001 From: khurtado Date: Mon, 6 Apr 2020 18:20:19 +0000 Subject: [PATCH 8/9] Working around kubernetes and urllib3 version issues Should only apply to tag 0.6.0 --- setup.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/setup.py b/setup.py index 7b44578f..25cd20bf 100644 --- a/setup.py +++ b/setup.py @@ -44,6 +44,9 @@ ] install_requires = [ + # Workaround for urllib3>1.25 being installed + # and conflicting with requests 2.20.0 + 'urllib3<1.25.0', 'Flask-SQLAlchemy>=2.2', 'Flask>=0.12', 'fs>=2.0', @@ -51,6 +54,7 @@ 'jsonpickle>=0.9.6', 'marshmallow>2.13.0,<=2.20.1', 'packaging>=18.0', + 'kubernetes==10.0.1', 'reana-commons[kubernetes]>=0.6.0,<0.7.0', 'reana-db>=0.6.0,<0.7.0', 'requests==2.20.0', From 959c0fd0a553e8f26e083974e769a3dcdae065f4 Mon Sep 17 00:00:00 2001 From: CodyKank Date: Tue, 9 Jun 2020 09:19:25 -0400 Subject: [PATCH 9/9] Remove k8s workaround in setup.py. Was previously added, no longer needed due to fix in reana-commons. --- setup.py | 4 ---- 1 file changed, 4 deletions(-) diff --git a/setup.py b/setup.py index 25cd20bf..7b44578f 100644 --- a/setup.py +++ b/setup.py @@ -44,9 +44,6 @@ ] install_requires = [ - # Workaround for urllib3>1.25 being installed - # and conflicting with requests 2.20.0 - 'urllib3<1.25.0', 'Flask-SQLAlchemy>=2.2', 'Flask>=0.12', 'fs>=2.0', @@ -54,7 +51,6 @@ 'jsonpickle>=0.9.6', 'marshmallow>2.13.0,<=2.20.1', 'packaging>=18.0', - 'kubernetes==10.0.1', 'reana-commons[kubernetes]>=0.6.0,<0.7.0', 'reana-db>=0.6.0,<0.7.0', 'requests==2.20.0',