2a7c7d85a5
This PR fixes the artifact sandbox (new in Nomad 1.5) to allow downloading artifacts into the shared 'alloc' directory made available to each task in a common allocation. Previously we assumed the 'alloc' dir would be mounted under the 'task' dir, but this is only the case in fs isolation: chroot; in other modes the alloc dir is elsewhere.
55 lines
1.3 KiB
Go
55 lines
1.3 KiB
Go
package getter
|
|
|
|
import (
|
|
"os"
|
|
|
|
"github.com/hashicorp/nomad/helper/subproc"
|
|
)
|
|
|
|
const (
|
|
// SubCommand is the first argument to the clone of the nomad
|
|
// agent process for downloading artifacts.
|
|
SubCommand = "artifact-isolation"
|
|
)
|
|
|
|
func init() {
|
|
subproc.Do(SubCommand, func() int {
|
|
|
|
// get client and artifact configuration from standard IO
|
|
env := new(parameters)
|
|
if err := env.read(os.Stdin); err != nil {
|
|
subproc.Print("failed to read configuration: %v", err)
|
|
return subproc.ExitFailure
|
|
}
|
|
|
|
// create context with the overall timeout
|
|
ctx, cancel := subproc.Context(env.deadline())
|
|
defer cancel()
|
|
|
|
// force quit after maximum timeout exceeded
|
|
subproc.SetExpiration(ctx)
|
|
|
|
// sandbox the host filesystem for this process
|
|
if !env.DisableFilesystemIsolation {
|
|
if err := lockdown(env.AllocDir, env.TaskDir); err != nil {
|
|
subproc.Print("failed to sandbox %s process: %v", SubCommand, err)
|
|
return subproc.ExitFailure
|
|
}
|
|
}
|
|
|
|
// create the go-getter client
|
|
// options were already transformed into url query parameters
|
|
// headers were already replaced and are usable now
|
|
c := env.client(ctx)
|
|
|
|
// run the go-getter client
|
|
if err := c.Get(); err != nil {
|
|
subproc.Print("failed to download artifact: %v", err)
|
|
return subproc.ExitFailure
|
|
}
|
|
|
|
subproc.Print("artifact download was a success")
|
|
return subproc.ExitSuccess
|
|
})
|
|
}
|