forked from tiradani/parrot_glidein_wrapper
-
Notifications
You must be signed in to change notification settings - Fork 0
/
cvmfs_job_wrapper
71 lines (57 loc) · 2.48 KB
/
cvmfs_job_wrapper
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
# this script is pasted into the main glidien job wrapper by glidein_startup
# idbox TODO:
# - run ssh_to_job shell under parrot idbox or disable ssh_to_job
# - in real idbox mode, we must not allow any jobs to run without being wrapped by parrot
# - do not run this script in user-controlled environment
# run a command with clean environment
safe() {
/usr/bin/env -i "$@"
}
# Locate parrot. We do not rely on any environment that the user can
# override, because we must avoid being manipulated by the user here.
GLIDEIN_PARROT="$_CONDOR_SCRATCH_DIR"
FORCE_PARROT=0
while [ 1 ]; do
p=${GLIDEIN_PARROT%/*}
if [ "$p" = "$GLIDEIN_PARROT" ]; then
GLIDEIN_PARROT=""
fi
GLIDEIN_PARROT="$p"
if [ -x "$GLIDEIN_PARROT/GLIDEIN_PARROT/run_parrot" ]; then
GLIDEIN_PARROT="$GLIDEIN_PARROT/GLIDEIN_PARROT"
if [ -e "$GLIDEIN_PARROT/FORCE_PARROT" ]; then
FORCE_PARROT=1
fi
break
fi
done
# As of parrot 3.4.0, parrot causes ssh_to_job to fail, so
# avoid using parrot when _CONDOR_JOB_PIDS is non-empty.
# (That's how we guess that this is an ssh_to_job session.)
if [ "$FORCE_PARROT" = 1 ] || ( safe grep -q -i '^RequiresCVMFS *= *True' "${_CONDOR_JOB_AD}" && [ -z "$_CONDOR_JOB_PIDS" ] ); then
# Workaround for GLOBUS_TCP_PORT_RANGE_STATE_FILE pointing to a file
# we can't write to. This breaks CMS CRAB 2.8.1 and prior.
if [ "$GLOBUS_TCP_PORT_RANGE_STATE_FILE" != "" ] && ! [ -w "$GLOBUS_TCP_PORT_RANGE_STATE_FILE" ]; then
unset GLOBUS_TCP_PORT_RANGE_STATE_FILE
fi
# point OSG_APP into cvmfs
if [ "$CVMFS_OSG_APP" != "" ]; then
export LOCAL_OSG_APP="$OSG_APP"
export OSG_APP="$CVMFS_OSG_APP"
fi
# done messing with job environment; save it to a file for parrot/exec_job
export -p > "${_CONDOR_SCRATCH_DIR}/parrot_job_env.sh"
# Clense our environment before calling run_parrot, so the user cannot manipulate
# run_parrot or parrot_run. Preserve only the necessary variables.
# We are calling run_parrot here, which calls parrot_run to run the job.
exec /usr/bin/env -i \
GLIDEIN_PARROT=${GLIDEIN_PARROT} \
GLIDEIN_PARROT_TMP=${GLIDEIN_PARROT_TMP} \
_CONDOR_SCRATCH_DIR=${_CONDOR_SCRATCH_DIR} \
_CONDOR_SLOT=${_CONDOR_SLOT} \
_CONDOR_JOB_PIDS=${_CONDOR_JOB_PIDS} \
${GLIDEIN_PARROT}/run_parrot "$@"
# Note that since we exec the job above, wrappers that come after
# this one are ignored.
fi
# fall through to next/default job wrapper