ood_core 0.15.0 → 0.17.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 766b778b98f189dee73ff1cb70a2b0acf53d628a897288260a1b8cf7cb80c0c6
-  data.tar.gz: 03052a68c57de5fe76b795dfd76b66639520d3e9b055c324fbece05db71dd331
+  metadata.gz: 71272779185c8dee0b38f361c14419b77a9a497d46fc74a30b31735882f2f99b
+  data.tar.gz: 827b6d710a0a31f279cc370bd00d49b2d56c3cd31d009d155ee6ad8d2967e552
 SHA512:
-  metadata.gz: c678069d0a37762a706a020c5a7ad7a7354ed3f1edb01fdd25b915065b50754d43c60df48c9ea3b773f3dc4ddb4e12604e9dda02a1ad30b0482e7ab050804181
-  data.tar.gz: 8416227140b6d761f6246f0cce50e41f4462f83b1913ad9e72b511685412810b7b2c7c9951f8c712b127572b421e8a57cd6cdb4dedb7cab9c242eba0d057ad45
+  metadata.gz: e42c8b974608a23ac3973fd68d40042e002e61c0b5a2d17877626578b7ceb178ae94ba3881c26003a8b69800075669410b226cd12c7cfe8350ba21fdd75a9329
+  data.tar.gz: 2f149dedb64a5806626a827d43ceab368cdd1f026a789bb9ece6189596e0e7cc2a5009d98053eafdcd090c49befa688fcf8ccc1f70593635a2a3a4bf5535b0e3

data/CHANGELOG.md

@@ -6,6 +6,87 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
 and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
 
 ## [Unreleased]
+
+## [0.17.1] - 6-14-2021
+
+### Fixed
+
+- Fixed [278](https://github.com/OSC/ood_core/pull/278) where unschedulable pods will now show up as
+  queued_held status.
+
+### Changed
+
+- KUBECONFIG now defaults to /dev/null in the kubernetes adapter in [292](https://github.com/OSC/ood_core/pull/292).
+
+### Added
+
+- Sites can now set `batch_connect.ssh_allow` on the cluster to disable the buttons to start
+  a shell session to compute nodes in [289](https://github.com/OSC/ood_core/pull/289).
+- `POD_PORT` is now available to jobs in the kubernetes adapter in [290](https://github.com/OSC/ood_core/pull/290).
+- Kubernetes pods now support a startProbe in [291](https://github.com/OSC/ood_core/pull/291).
+
+## [0.17.0] - 5-26-2021
+
+### Fixed
+
+- All Kubernetes resources now have the same labels in [280](https://github.com/OSC/ood_core/pull/280).
+- Kubernetes does not crash when no configmap is defined in [282](https://github.com/OSC/ood_core/pull/282).
+- Kubernetes will not specify init containers if there are none in
+  [284](https://github.com/OSC/ood_core/pull/284).
+
+### Added
+
+- Kubernetes, Slurm and Torque now support the script option `gpus_per_node` in
+  [266](https://github.com/OSC/ood_core/pull/266).
+- Kubernetes will now save the pod.yml into the staged root in
+  [277](https://github.com/OSC/ood_core/pull/277).
+- Kubernetes now allows for node selector in [264](https://github.com/OSC/ood_core/pull/264).
+- Kubernetes pods now have access the environment variable POD_NAMESPACE in
+  [275](https://github.com/OSC/ood_core/pull/275).
+- Kubernetes pods can now specify the image pull policy in [272](https://github.com/OSC/ood_core/pull/272).
+- Cluster config's batch_connect now support `ssh_allow` to disable sshing to compute
+  nodes per cluster in [286](https://github.com/OSC/ood_core/pull/286).
+- Kubernetes will now add the templated script content to a configmap in
+  [273](https://github.com/OSC/ood_core/pull/273).
+
+### Changed
+
+- Kubernetes username prefix no longer appends a - in [271](https://github.com/OSC/ood_core/pull/271).
+
+
+
+## [0.16.1] - 2021-04-23
+### Fixed
+- memorized some allow? variables to have better support around ACLS in
+  [267](https://github.com/OSC/ood_core/pull/267)
+
+## [0.16.0] - 2021-04-20
+### Fixed
+- tmux 2.7+ bug in the linux host adapter in [2.5.8](https://github.com/OSC/ood_core/pull/258)
+  and [259](https://github.com/OSC/ood_core/pull/259).
+
+### Changed
+
+- Changed how k8s configmaps in are defined in [251](https://github.com/OSC/ood_core/pull/251).
+  The data structure now expects a key called files which is an array of objects that hold
+  filename, data, mount_path, sub_path and init_mount_path.
+  [255](https://github.com/OSC/ood_core/pull/255) also relates to this interface change.
+
+### Added
+
+- The k8s adapter can now specify environment variables and creates defaults 
+  in [252](https://github.com/OSC/ood_core/pull/252).
+- The k8s adapter can now specify image pull secrets in [253](https://github.com/OSC/ood_core/pull/253).
+
+## [0.15.1] - 2021-02-25
+### Fixed
+- kubernetes adapter uses the full module for helpers in [245](https://github.com/OSC/ood_core/pull/245).
+
+### Changed
+- kubernetes pods spawn with runAsNonRoot set to true in [247](https://github.com/OSC/ood_core/pull/247).
+- kubernetes pods can spawn with supplemental groups along with some other in security defaults in
+  [246](https://github.com/OSC/ood_core/pull/246).
+
 ## [0.15.0] - 2021-01-26
 ### Fixed
 - ccq adapter now accepts job names with spaces in [210](https://github.com/OSC/ood_core/pull/209)
@@ -273,7 +354,12 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 ### Added
 - Initial release!
 
-[Unreleased]: https://github.com/OSC/ood_core/compare/v0.15.0...HEAD
+[Unreleased]: https://github.com/OSC/ood_core/compare/v0.17.1...HEAD
+[0.17.1]: https://github.com/OSC/ood_core/compare/v0.17.0...v0.17.1
+[0.17.0]: https://github.com/OSC/ood_core/compare/v0.16.1...v0.17.0
+[0.16.1]: https://github.com/OSC/ood_core/compare/v0.16.0...v0.16.1
+[0.16.0]: https://github.com/OSC/ood_core/compare/v0.15.1...v0.16.0
+[0.15.1]: https://github.com/OSC/ood_core/compare/v0.15.0...v0.15.1
 [0.15.0]: https://github.com/OSC/ood_core/compare/v0.14.0...v0.15.0
 [0.14.0]: https://github.com/OSC/ood_core/compare/v0.13.0...v0.14.0
 [0.13.0]: https://github.com/OSC/ood_core/compare/v0.12.0...v0.13.0

data/lib/ood_core/cluster.rb

@@ -78,7 +78,9 @@ module OodCore
     # Whether the login feature is allowed
     # @return [Boolean] is login allowed
     def login_allow?
-      allow? && !login_config.empty?
+      return @login_allow if defined?(@login_allow)
+
+      @login_allow = (allow? && !login_config.empty?)
     end
 
     # Build a job adapter from the job configuration
@@ -90,9 +92,11 @@ module OodCore
     # Whether the job feature is allowed based on the ACLs
     # @return [Boolean] is the job feature allowed
     def job_allow?
-      allow? &&
-        !job_config.empty? &&
-        build_acls(job_config.fetch(:acls, []).map(&:to_h)).all?(&:allow?)
+      return @job_allow if defined?(@job_allow)
+
+      @job_allow = (allow? && ! job_config.empty? && build_acls(
+        job_config.fetch(:acls, []).map(&:to_h)
+      ).all?(&:allow?))
     end
 
     # The batch connect template configuration used for this cluster
@@ -138,7 +142,18 @@ module OodCore
     # Whether this cluster is allowed to be used
     # @return [Boolean] whether cluster is allowed
     def allow?
-      acls.all?(&:allow?)
+      return @allow if defined?(@allow)
+
+      @allow = acls.all?(&:allow?)
+    end
+
+    # Whether this cluster supports SSH to batch connect nodes
+    # @return [Boolean, nil] whether cluster supports SSH to batch connect node
+    def batch_connect_ssh_allow?
+      return @batch_connect_ssh_allow if defined?(@batch_connect_ssh_allow)
+      return @batch_connect_ssh_allow = nil if batch_connect_config.nil?
+
+      @batch_connect_ssh_allow = batch_connect_config.fetch(:ssh_allow, nil)
     end
 
     # The comparison operator

data/lib/ood_core/job/adapters/kubernetes/batch.rb

@@ -23,11 +23,11 @@ class OodCore::Job::Adapters::Kubernetes::Batch
     @cluster = options.fetch(:cluster, 'open-ondemand')
     @mounts = options.fetch(:mounts, []).map { |m| m.to_h.symbolize_keys }
     @all_namespaces = options.fetch(:all_namespaces, false)
-    @username_prefix = options.fetch(:username_prefix, nil)
+    @username_prefix = options.fetch(:username_prefix, '')
     @namespace_prefix = options.fetch(:namespace_prefix, '')
 
     @using_context = false
-    @helper = Helper.new
+    @helper = OodCore::Job::Adapters::Kubernetes::Helper.new
 
     begin
       make_kubectl_config(options)
@@ -45,6 +45,9 @@ class OodCore::Job::Adapters::Kubernetes::Batch
     raise ArgumentError, 'Must specify the script' if script.nil?
 
     resource_yml, id = generate_id_yml(script)
+    if !script.workdir.nil? && Dir.exist?(script.workdir)
+      File.open(File.join(script.workdir, 'pod.yml'), 'w') { |f| f.write resource_yml }
+    end
     call("#{formatted_ns_cmd} create -f -", stdin: resource_yml)
 
     id
@@ -112,10 +115,6 @@ class OodCore::Job::Adapters::Kubernetes::Batch
     safe_call("delete", "configmap", configmap_name(id))
   end
 
-  def configmap_mount_path
-    '/ood'
-  end
-
   private
 
   def safe_call(verb, resource, id)
@@ -150,31 +149,56 @@ class OodCore::Job::Adapters::Kubernetes::Batch
   end
 
   def k8s_username
-    username_prefix.nil? ? username : "#{username_prefix}-#{username}"
+    "#{username_prefix}#{username}"
+  end
+
+  def user
+    @user ||= Etc.getpwnam(username)
+  end
+
+  def home_dir
+    user.dir
   end
 
   def run_as_user
-    Etc.getpwnam(username).uid
+    user.uid
   end
 
   def run_as_group
-    Etc.getpwnam(username).gid
+    user.gid
   end
 
   def fs_group
     run_as_group
   end
 
+  def group
+    Etc.getgrgid(run_as_group).name
+  end
+
+  def default_env
+    {
+      USER: username,
+      UID: run_as_user,
+      HOME: home_dir,
+      GROUP: group,
+      GID: run_as_group,
+      KUBECONFIG: '/dev/null',
+    }
+  end
+
   # helper to template resource yml you're going to submit and
   # create an id.
   def generate_id_yml(script)
     native_data = script.native
-    container = helper.container_from_native(native_data[:container])
+    container = helper.container_from_native(native_data[:container], default_env)
     id = generate_id(container.name)
-    configmap = helper.configmap_from_native(native_data, id)
-    init_containers = helper.init_ctrs_from_native(native_data[:init_containers])
-    spec = Kubernetes::Resources::PodSpec.new(container, init_containers: init_containers)
+    configmap = helper.configmap_from_native(native_data, id, script.content)
+    init_containers = helper.init_ctrs_from_native(native_data[:init_containers], container.env)
+    spec = OodCore::Job::Adapters::Kubernetes::Resources::PodSpec.new(container, init_containers: init_containers)
     all_mounts = native_data[:mounts].nil? ? mounts : mounts + native_data[:mounts]
+    node_selector = native_data[:node_selector].nil? ? {} : native_data[:node_selector]
+    gpu_type = native_data[:gpu_type].nil? ? "nvidia.com/gpu" : native_data[:gpu_type]
 
     template = ERB.new(File.read(resource_file), nil, '-')
 

data/lib/ood_core/job/adapters/kubernetes/helper.rb

@@ -29,7 +29,7 @@ class OodCore::Job::Adapters::Kubernetes::Helper
 
     pod_hash.deep_merge!(service_hash)
     pod_hash.deep_merge!(secret_hash)
-    K8sJobInfo.new(pod_hash)
+    OodCore::Job::Adapters::Kubernetes::K8sJobInfo.new(pod_hash)
   rescue NoMethodError
     raise K8sDataError, "unable to read data correctly from json"
   end
@@ -38,18 +38,24 @@ class OodCore::Job::Adapters::Kubernetes::Helper
   #
   # @param container [#to_h]
   #   the input container hash
+  # @param default_env [#to_h]
+  #   Default env to merge with defined env
   # @return  [OodCore::Job::Adapters::Kubernetes::Resources::Container]
-  def container_from_native(container)
-    Kubernetes::Resources::Container.new(
+  def container_from_native(container, default_env)
+    env = container.fetch(:env, {}).to_h.symbolize_keys
+    OodCore::Job::Adapters::Kubernetes::Resources::Container.new(
       container[:name],
       container[:image],
       command: parse_command(container[:command]),
       port: container[:port],
-      env: container.fetch(:env, []),
+      env: default_env.merge(env),
       memory: container[:memory],
       cpu: container[:cpu],
       working_dir: container[:working_dir],
-      restart_policy: container[:restart_policy]
+      restart_policy: container[:restart_policy],
+      image_pull_policy: container[:image_pull_policy],
+      image_pull_secret: container[:image_pull_secret],
+      startup_probe: container[:startup_probe],
     )
   end
 
@@ -76,15 +82,22 @@ class OodCore::Job::Adapters::Kubernetes::Helper
   #   the input configmap hash
   # @param id [#to_s]
   #   the id to use for giving the configmap a name
+  # @param script_content [#to_s]
+  #   the batch script content
   # @return  [OodCore::Job::Adapters::Kubernetes::Resources::ConfigMap]
-  def configmap_from_native(native, id)
-    configmap = native.fetch(:configmap, nil)
-    return nil if configmap.nil?
-
-    Kubernetes::Resources::ConfigMap.new(
+  def configmap_from_native(native, id, script_content)
+    configmap = native.fetch(:configmap, {})
+    configmap[:files] ||= []
+    configmap[:files] << {
+      filename: 'script.sh',
+      data: script_content,
+      mount_path: '/ood/script.sh',
+      sub_path: 'script.sh',
+    } unless configmap[:files].any? { |f| f[:filename] == 'script.sh' }
+
+    OodCore::Job::Adapters::Kubernetes::Resources::ConfigMap.new(
       configmap_name(id),
-      configmap[:filename],
-      configmap[:data]
+      (configmap[:files] || [])
     )
   end
 
@@ -93,13 +106,15 @@ class OodCore::Job::Adapters::Kubernetes::Helper
   # @param native_data [#to_h]
   #   the native data to parse. Expected key init_ctrs and for that
   #   key to be an array of hashes.
+  # @param default_env [#to_h]
+  #   Default env to merge with defined env
   # @return [Array<OodCore::Job::Adapters::Kubernetes::Resources::Container>]
   #   the array of init containers
-  def init_ctrs_from_native(ctrs)
+  def init_ctrs_from_native(ctrs, default_env)
     init_ctrs = []
 
     ctrs&.each do |ctr_raw|
-      ctr = container_from_native(ctr_raw)
+      ctr = container_from_native(ctr_raw, default_env)
       init_ctrs.push(ctr)
     end
 
@@ -225,15 +240,21 @@ class OodCore::Job::Adapters::Kubernetes::Helper
   def submission_time(json_data)
     status = json_data.dig(:status)
     start = status.dig(:startTime)
+    creation = json_data.dig(:metadata, :creationTimestamp)
 
-    if start.nil?
+    if !creation.nil?
+      str = creation
+    elsif !start.nil?
+      str = start
+    else
       # the pod is in some pending state limbo
       conditions = status.dig(:conditions)
+      return nil if conditions.nil?
+      return nil if conditions.size == 0
       # best guess to start time is just the first condition's
       # transition time
       str = conditions[0].dig(:lastTransitionTime)
-    else
-      str = start
+      return nil if str.nil?
     end
 
     DateTime.parse(str).to_time.to_i
@@ -241,11 +262,17 @@ class OodCore::Job::Adapters::Kubernetes::Helper
 
   def pod_status_from_json(json_data)
     phase = json_data.dig(:status, :phase)
+    conditions = json_data.dig(:status, :conditions)
+    unschedulable = conditions.to_a.any? { |c| c.dig(:reason) == "Unschedulable" }
     state = case phase
             when "Running"
               "running"
             when "Pending"
-              "queued"
+              if unschedulable
+                "queued_held"
+              else
+                "queued"
+              end
             when "Failed"
               "suspended"
             when "Succeeded"

data/lib/ood_core/job/adapters/kubernetes/resources.rb

@@ -1,22 +1,68 @@
 module OodCore::Job::Adapters::Kubernetes::Resources
 
   class ConfigMap
-    attr_accessor :name, :filename, :data
+    attr_accessor :name, :files
 
-    def initialize(name, filename, data)
+    def initialize(name, files)
       @name = name
-      @filename = filename
-      @data = data
+      @files = []
+      files.each do |f|
+        @files << ConfigMapFile.new(f)
+      end
+    end
+
+    def mounts?
+      @files.any? { |f| f.mount_path }
+    end
+
+    def init_mounts?
+      @files.any? { |f| f.init_mount_path }
+    end
+  end
+
+  class ConfigMapFile
+    attr_accessor :filename, :data, :mount_path, :sub_path, :init_mount_path, :init_sub_path
+
+    def initialize(data)
+      @filename = data[:filename]
+      @data = data[:data]
+      @mount_path = data[:mount_path]
+      @sub_path = data[:sub_path]
+      @init_mount_path = data[:init_mount_path]
+      @init_sub_path = data[:init_sub_path]
+    end
+  end
+
+  class TCPProbe
+    attr_accessor :port, :initial_delay_seconds, :failure_threshold, :period_seconds
+
+    def initialize(port, data)
+      data ||= {}
+      @port = port
+      @initial_delay_seconds = data[:initial_delay_seconds] || 2
+      @failure_threshold = data[:failure_threshold] || 5
+      @period_seconds = data[:period_seconds] || 5
+    end
+
+    def to_h
+      {
+        port: port,
+        initial_delay_seconds: initial_delay_seconds,
+        failure_threshold: failure_threshold,
+        period_seconds: period_seconds,
+      }
     end
   end
 
   class Container
     attr_accessor :name, :image, :command, :port, :env, :memory, :cpu, :working_dir,
-                  :restart_policy
+                  :restart_policy, :image_pull_policy, :image_pull_secret, :supplemental_groups,
+                  :startup_probe
 
     def initialize(
-        name, image, command: [], port: nil, env: [], memory: "4Gi", cpu: "1",
-        working_dir: "", restart_policy: "Never"
+        name, image, command: [], port: nil, env: {}, memory: "4Gi", cpu: "1",
+        working_dir: "", restart_policy: "Never", image_pull_policy: nil, image_pull_secret: nil, supplemental_groups: [],
+        startup_probe: {}
       )
       raise ArgumentError, "containers need valid names and images" unless name && image
 
@@ -24,11 +70,15 @@ module OodCore::Job::Adapters::Kubernetes::Resources
       @image = image
       @command = command.nil? ? [] : command
       @port = port&.to_i
-      @env = env.nil? ? [] : env
+      @env = env.nil? ? {} : env
       @memory = memory.nil? ? "4Gi" : memory
       @cpu = cpu.nil? ? "1" : cpu
       @working_dir = working_dir.nil? ? "" : working_dir
       @restart_policy = restart_policy.nil? ? "Never" : restart_policy
+      @image_pull_policy = image_pull_policy.nil? ? "IfNotPresent" : image_pull_policy
+      @image_pull_secret = image_pull_secret
+      @supplemental_groups = supplemental_groups.nil? ? [] : supplemental_groups
+      @startup_probe = TCPProbe.new(@port, startup_probe)
     end
 
     def ==(other)
@@ -40,9 +90,12 @@ module OodCore::Job::Adapters::Kubernetes::Resources
         memory == other.memory &&
         cpu == other.cpu &&
         working_dir == other.working_dir &&
-        restart_policy == other.restart_policy
+        restart_policy == other.restart_policy &&
+        image_pull_policy == other.image_pull_policy &&
+        image_pull_secret == other.image_pull_secret &&
+        supplemental_groups == other.supplemental_groups &&
+        startup_probe.to_h == other.startup_probe.to_h
     end
-
   end
 
   class PodSpec

data/lib/ood_core/job/adapters/kubernetes/templates/pod.yml.erb

@@ -19,21 +19,47 @@ spec:
   securityContext:
     runAsUser: <%= run_as_user %>
     runAsGroup: <%= run_as_group %>
+    runAsNonRoot: true
+    <%- if spec.container.supplemental_groups.empty? -%>
+    supplementalGroups: []
+    <%- else -%>
+    supplementalGroups:
+    <%- spec.container.supplemental_groups.each do |supplemental_group| -%>
+    - "<%= supplemental_group %>"
+    <%- end -%>
+    <%- end -%>
     fsGroup: <%= fs_group %>
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  <%- unless spec.container.image_pull_secret.nil? -%>
+  imagePullSecrets:
+  - name: <%= spec.container.image_pull_secret %>
+  <%- end -%>
   containers:
   - name: "<%= spec.container.name %>"
     image: <%= spec.container.image %>
-    imagePullPolicy: IfNotPresent
+    imagePullPolicy: <%= spec.container.image_pull_policy %>
     <%- unless spec.container.working_dir.empty? -%>
     workingDir: "<%= spec.container.working_dir %>"
     <%- end -%>
-    <%- unless spec.container.env.empty? -%>
     env:
-    <%- spec.container.env.each do |env| -%>
-    - name: <%= env[:name] %>
-      value: "<%= env[:value] %>"
+    - name: POD_NAME
+      valueFrom:
+        fieldRef:
+          fieldPath: metadata.name
+    - name: POD_NAMESPACE
+      valueFrom:
+        fieldRef:
+          fieldPath: metadata.namespace
+    <%- unless spec.container.port.nil? -%>
+    - name: POD_PORT
+      value: "<%= spec.container.port %>"
+    <%- end -%>
+    <%- spec.container.env.each_pair do |name, value| -%>
+    - name: <%= name %>
+      value: "<%= value %>"
     <%- end # for each env -%>
-    <%- end # unless env is nil -%>
     <%- unless spec.container.command.empty? -%>
     command:
     <%- spec.container.command.each do |cmd| -%>
@@ -43,41 +69,95 @@ spec:
     <%- unless spec.container.port.nil? -%>
     ports:
     - containerPort: <%= spec.container.port %>
+    startupProbe:
+      tcpSocket:
+        port: <%= spec.container.startup_probe.port %>
+      initialDelaySeconds: <%= spec.container.startup_probe.initial_delay_seconds %>
+      failureThreshold: <%= spec.container.startup_probe.failure_threshold %>
+      periodSeconds: <%= spec.container.startup_probe.period_seconds %>
     <%- end -%>
+    <%- if !all_mounts.empty? || (!configmap.nil? && configmap.mounts?) -%>
     volumeMounts:
     <%- unless configmap.nil? -%>
+    <%- configmap.files.each do |file| -%>
+      <%- next if file.mount_path.nil? -%>
     - name: configmap-volume
-      mountPath:  <%= configmap_mount_path %>
-    <%- end -%>
+      mountPath: <%= file.mount_path %>
+      <%- unless file.sub_path.nil? -%>
+      subPath: <%= file.sub_path %>
+      <%- end # end unless file.sub_path.nil? -%>
+    <%- end # end configmap.files.each -%>
+    <%- end # unless configmap.nil? -%>
     <%- all_mounts.each do |mount| -%>
     - name: <%= mount[:name] %>
       mountPath: <%= mount[:destination_path] %>
     <%- end # for each mount -%>
+    <%- end # configmap mounts? and all_mounts not empty -%>
     resources:
       limits:
         memory: "<%= spec.container.memory %>"
         cpu: "<%= spec.container.cpu %>"
+        <%- unless script.gpus_per_node.nil? -%>
+        <%= gpu_type %>: <%= script.gpus_per_node %>
+        <%- end -%>
       requests:
         memory: "<%= spec.container.memory %>"
         cpu: "<%= spec.container.cpu %>"
-  <%- unless spec.init_containers.nil? -%>
+        <%- unless script.gpus_per_node.nil? -%>
+        <%= gpu_type %>: <%= script.gpus_per_node %>
+        <%- end -%>
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities:
+        drop:
+        - all
+      privileged: false
+  <%- unless spec.init_containers.empty? -%>
   initContainers:
   <%- spec.init_containers.each do |ctr| -%>
   - name: "<%= ctr.name %>"
     image: "<%= ctr.image %>"
+    imagePullPolicy: <%= ctr.image_pull_policy %>
+    env:
+    - name: POD_NAME
+      valueFrom:
+        fieldRef:
+          fieldPath: metadata.name
+    - name: POD_NAMESPACE
+      valueFrom:
+        fieldRef:
+          fieldPath: metadata.namespace
+    <%- ctr.env.each_pair do |name, value| -%>
+    - name: <%= name %>
+      value: "<%= value %>"
+    <%- end # for each env -%>
     command:
     <%- ctr.command.each do |cmd| -%>
     - "<%= cmd %>"
     <%- end # command loop -%>
+    <%- if !all_mounts.empty? || (!configmap.nil? && configmap.init_mounts?) -%>
     volumeMounts:
     <%- unless configmap.nil? -%>
+    <%- configmap.files.each do |file| -%>
+    <%- next if file.init_mount_path.nil? -%>
     - name: configmap-volume
-      mountPath:  <%= configmap_mount_path %>
-    <%- end -%>
+      mountPath: <%= file.init_mount_path %>
+      <%- unless file.init_sub_path.nil? -%>
+      subPath: <%= file.init_sub_path %>
+      <%- end # end unless file.sub_path.nil? -%>
+    <%- end # end configmap.files.each -%>
+    <%- end # unless configmap.nil? -%>
     <%- all_mounts.each do |mount| -%>
     - name: <%= mount[:name] %>
       mountPath: <%= mount[:destination_path] %>
     <%- end # for each mount -%>
+    <%- end # if config_map init mounts and all_mounts not empty -%>
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities:
+        drop:
+        - all
+      privileged: false
   <%- end # init container loop -%>
   <%- end # if init containers -%>
   <%- unless (configmap.to_s.empty? && all_mounts.empty?) -%>
@@ -101,6 +181,12 @@ spec:
   <%- end # if mount is [host,nfs] -%>
   <%- end # for each mount -%>
   <%- end # (configmap.to_s.empty? || all_mounts.empty?) -%>
+  <%- unless node_selector.empty? -%>
+  nodeSelector:
+  <%- node_selector.each_pair do |key, value| -%>
+    <%= key %>: "<%= value %>"
+  <%- end # node_selector.each_pair -%>
+  <%- end #unless node_selector.empty? -%>
 ---
 <%- unless spec.container.port.nil? -%>
 apiVersion: v1
@@ -110,6 +196,8 @@ metadata:
   namespace: <%= namespace %>
   labels:
     job: <%= id %>
+    app.kubernetes.io/name: <%= container.name %>
+    app.kubernetes.io/managed-by: open-ondemand
 spec:
   selector:
     job: <%= id %>
@@ -119,8 +207,8 @@ spec:
     targetPort: <%= spec.container.port %>
   type: NodePort
 <%- end # end for service -%>
----
 <%- unless configmap.nil? -%>
+---
 apiVersion: v1
 kind: ConfigMap
 metadata:
@@ -128,7 +216,12 @@ metadata:
   namespace: <%= namespace %>
   labels:
     job: <%= id %>
+    app.kubernetes.io/name: <%= container.name %>
+    app.kubernetes.io/managed-by: open-ondemand
 data:
-  <%= configmap.filename %>: |
-    <% config_data_lines(configmap.data).each do |line| %><%= line %><% end %>
-<%- end # end for configmap -%>
+<%- configmap.files.each do |file| -%>
+  <%- next if file.data.nil? || file.filename.nil? -%>
+  <%= file.filename %>: |
+    <% config_data_lines(file.data).each do |line| %><%= line %><% end %>
+<%- end # end for configmap files -%>
+<%- end # end configmap.nil? %>

data/lib/ood_core/job/adapters/linux_host/launcher.rb

@@ -16,7 +16,7 @@ class OodCore::Job::Adapters::LinuxHost::Launcher
   # from
   class Error < StandardError; end
 
-  UNIT_SEPARATOR = "\x1F"
+  UNIT_SEPARATOR = ","
 
   # @param debug Whether the adapter should be used in debug mode
   # @param site_timeout [#to_i] A period after which the job should be killed or nil
@@ -80,12 +80,7 @@ class OodCore::Job::Adapters::LinuxHost::Launcher
 
     call(*cmd, stdin: kill_cmd)
   rescue Error => e
-    raise e unless (
-      # The tmux server not running is not an error
-      e.message.include?('failed to connect to server') ||
-      # The session not being found is not an error
-      e.message.include?("session not found: #{session_name_label}")
-    )
+    interpret_and_raise(e)
   end
 
   def list_remote_sessions(host: nil)
@@ -264,8 +259,7 @@ class OodCore::Job::Adapters::LinuxHost::Launcher
       |session_hash| session_hash[:session_name].start_with?(session_name_label)
     }
   rescue Error => e
-    # The tmux server not running is not an error
-    raise e unless e.message.include?('failed to connect to server')
+    interpret_and_raise(e)
     []
   end
 
@@ -280,4 +274,17 @@ class OodCore::Job::Adapters::LinuxHost::Launcher
 
     '/dev/null'
   end
+
+  # under some conditions tmux returns status code 1 but it's not an actual
+  # error. These are when the session is not found or there are no sessions
+  # at all.
+  def interpret_and_raise(error)
+    if error.message.include?('failed to connect to server') # no sessions in tmux 1.8
+      nil
+    elsif error.message.include?('no server running on') # no sessions in tmux 2.7+ message
+      nil
+    else
+      raise error
+    end
+  end
 end

data/lib/ood_core/job/adapters/slurm.rb

@@ -423,6 +423,7 @@ module OodCore
           args.concat ["-t", seconds_to_duration(script.wall_time)] unless script.wall_time.nil?
           args.concat ['-a', script.job_array_request] unless script.job_array_request.nil?
           args.concat ['--qos', script.qos] unless script.qos.nil?
+          args.concat ['--gpus-per-node', script.gpus_per_node] unless script.gpus_per_node.nil?
           # ignore nodes, don't know how to do this for slurm
 
           # Set dependencies

data/lib/ood_core/job/adapters/torque.rb

@@ -159,6 +159,8 @@ module OodCore
             args.concat ["-l", "walltime=#{seconds_to_duration(script.wall_time)}"] unless script.wall_time.nil?
             args.concat ['-t', script.job_array_request] unless script.job_array_request.nil?
             args.concat ['-l', "qos=#{script.qos}"] unless script.qos.nil?
+            args.concat ['-l', "gpus=#{script.gpus_per_node}"] unless script.gpus_per_node.nil?
+
             # Set environment variables
             env = script.job_environment.to_h
             args.concat ["-v", env.keys.join(",")] unless env.empty?

data/lib/ood_core/job/script.rb

@@ -103,6 +103,10 @@ module OodCore
       # @return [String, nil] qos
       attr_reader :qos
 
+      # The GPUs per node for the job
+      # @return [Integer, nil] gpus per node
+      attr_reader :gpus_per_node
+
       # Object detailing any native specifications that are implementation specific
       # @note Should not be used at all costs.
       # @return [Object, nil] native specifications
@@ -136,6 +140,7 @@ module OodCore
       # @param accounting_id [#to_s, nil] accounting id
       # @param job_array_request [#to_s, nil] job array request
       # @param qos [#to_s, nil] qos
+      # @param gpus_per_node [#to_i, nil] gpus per node
       # @param native [Object, nil] native specifications
       # @param copy_environment [Boolean, nil] copy the environment
       def initialize(content:, args: nil, submit_as_hold: nil, rerunnable: nil,
@@ -145,7 +150,7 @@ module OodCore
                      output_path: nil, error_path: nil, reservation_id: nil,
                      queue_name: nil, priority: nil, start_time: nil,
                      wall_time: nil, accounting_id: nil, job_array_request: nil,
-                     qos: nil, native: nil, copy_environment: nil, **_)
+                     qos: nil, gpus_per_node: nil, native: nil, copy_environment: nil, **_)
         @content = content.to_s
 
         @submit_as_hold      = submit_as_hold
@@ -170,6 +175,7 @@ module OodCore
         @accounting_id      = accounting_id     && accounting_id.to_s
         @job_array_request  = job_array_request && job_array_request.to_s
         @qos                = qos               && qos.to_s
+        @gpus_per_node      = gpus_per_node     && gpus_per_node.to_i
         @native             = native
         @copy_environment   = (copy_environment.nil?) ? nil : !! copy_environment
       end
@@ -200,6 +206,7 @@ module OodCore
           accounting_id:       accounting_id,
           job_array_request:   job_array_request,
           qos:                 qos,
+          gpus_per_node:       gpus_per_node,
           native:              native,
           copy_environment:    copy_environment
         }

data/lib/ood_core/version.rb

@@ -1,4 +1,4 @@
 module OodCore
   # The current version of {OodCore}
-  VERSION = "0.15.0"
+  VERSION = "0.17.1"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: ood_core
 version: !ruby/object:Gem::Version
-  version: 0.15.0
+  version: 0.17.1
 platform: ruby
 authors:
 - Eric Franz
@@ -10,7 +10,7 @@ authors:
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2021-01-26 00:00:00.000000000 Z
+date: 2021-06-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ood_support