Feature #7868

[Crunch] Allow site admin to add arbitrary arguments to all "docker run" commands

Added by Tom Clegg over 3 years ago. Updated over 3 years ago.

Status:
Resolved
Priority:
Normal
Assigned To:
Category:
Crunch
Target version:
Start date:
12/02/2015
Due date:
% Done:

100%

Estimated time:
(Total: 0.00 h)
Story points:
0.5

Description

Background

The motivating use case is adding a --volume argument to modify the list of trusted certificate authorities trusted by Crunch jobs running in containers. This makes it possible to use a self-signed certificate for the API server, without having to customize the docker images being used.

Proposed feature

If an environment variable CRUNCH_JOB_DOCKER_RUN_ARGS is added to the crunch-dispatch run script, this should be propagated to crunch-job much like CRUNCH_JOB_DOCKER_BIN is now. Crunch-job should include this every time it uses docker run.


Subtasks

Task #7920: Add bits to crunch-job and crunch_dispatch.rbResolvedTom Clegg

Task #7912: Review 7868-docker-run-argsResolvedPeter Amstutz

Associated revisions

Revision 00ef3e9d
Added by Tom Clegg over 3 years ago

Merge branch '7868-docker-run-args' closes #7868

Revision ea5a4de1 (diff)
Added by Brett Smith over 3 years ago

7868: Update API server's arvados-cli version.

Curoverse clusters are deployed by setting CRUNCH_JOB_BIN,
effectively excluding it from the bundle, but this is not true for
clusters deployed following the install guide. Out of the box,
they'll use the version of crunch-job that's actually in the
arvados-cli gem in the bundle.

crunch-dispatch has functionality in it that requires a newer
arvados-cli, so update accordingly. This is not exactly the version
produced by #7868, but it's pretty close.

I think there's a strong case that we should update this version
whenever we make a substantial change to crunch-job. But since I'm
pushing this without discussion or review, I'm doing the smallest
thing possible.

Refs #7868.

History

#1 Updated by Tom Clegg over 3 years ago

  • Description updated (diff)
  • Category set to Crunch

#2 Updated by Joshua Randall over 3 years ago

Another use case could be "-e http_proxy -e https_proxy" to pass host proxy configuration in to a container when it is required by local network configuration.

The advice to administrators should probably be to avoid using this unless it is required by some local requirements that prevent generic containers from running correctly without it.

#3 Updated by Tom Clegg over 3 years ago

7868-docker-run-args @ 0102dbf

(Where should this be documented? In the example run script in the install guide?)

#4 Updated by Tom Clegg over 3 years ago

  • Status changed from New to In Progress

#5 Updated by Brett Smith over 3 years ago

  • Target version set to 2015-12-16 sprint

#6 Updated by Brett Smith over 3 years ago

  • Assigned To set to Tom Clegg

#7 Updated by Peter Amstutz over 3 years ago

Successfully tested on local job. LGTM @ 0102dbf

#8 Updated by Tom Clegg over 3 years ago

  • Status changed from In Progress to Resolved

Applied in changeset arvados|commit:00ef3e9dc7240a5ce5bd94d1a358120fa5a35835.

Also available in: Atom PDF