From 44aaa77ff1d6e2bf937a6a8224fb6347da2b81d6 Mon Sep 17 00:00:00 2001 From: Marco Clemencic <marco.clemencic@cern.ch> Date: Fri, 28 Jul 2023 10:51:33 +0200 Subject: [PATCH 1/3] Add --contain option to apptainer to improve isolation --- python/LbNightlyTools/BuildMethods.py | 1 + 1 file changed, 1 insertion(+) diff --git a/python/LbNightlyTools/BuildMethods.py b/python/LbNightlyTools/BuildMethods.py index 22222aa6..2080bc82 100644 --- a/python/LbNightlyTools/BuildMethods.py +++ b/python/LbNightlyTools/BuildMethods.py @@ -80,6 +80,7 @@ def _apptainer_wrap_cmd(platform, cmd, host_root, cont_root, env, cwd): apptainer_cmd = [ apptainer, "exec", + "--contain", "--bind", "/cvmfs", "--bind", -- GitLab From 069b086428be972aa385c10506228c656f22774f Mon Sep 17 00:00:00 2001 From: Marco Clemencic <marco.clemencic@cern.ch> Date: Fri, 28 Jul 2023 13:34:02 +0200 Subject: [PATCH 2/3] Relocate command line arguments when wrapping in apptainer --- python/LbNightlyTools/BuildMethods.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/python/LbNightlyTools/BuildMethods.py b/python/LbNightlyTools/BuildMethods.py index 2080bc82..561e5377 100644 --- a/python/LbNightlyTools/BuildMethods.py +++ b/python/LbNightlyTools/BuildMethods.py @@ -127,6 +127,8 @@ def log_call(cmd, *args, **kwargs): key: value.replace(host_root, cont_root) for key, value in (kwargs.get("env") or os.environ).items() } + # patch the command line arguments + cmd = [value.replace(host_root, cont_root) for value in cmd] cmd = _apptainer_wrap_cmd( os.environ["BINARY_TAG"], -- GitLab From 36cce95e7f03d647307f08c7a8901d46b0823452 Mon Sep 17 00:00:00 2001 From: Marco Clemencic <marco.clemencic@cern.ch> Date: Fri, 28 Jul 2023 13:39:02 +0200 Subject: [PATCH 3/3] Always get containers from /cvmfs/lhcb.cern.ch/containers --- python/LbNightlyTools/BuildMethods.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/python/LbNightlyTools/BuildMethods.py b/python/LbNightlyTools/BuildMethods.py index 561e5377..56a96fbd 100644 --- a/python/LbNightlyTools/BuildMethods.py +++ b/python/LbNightlyTools/BuildMethods.py @@ -64,9 +64,9 @@ def _apptainer_wrap_cmd(platform, cmd, host_root, cont_root, env, cwd): image = None if re.match(r"x86_64.*-centos7-.*", platform): - image = "/cvmfs/cernvm-prod.cern.ch/cvm4" + image = "/cvmfs/lhcb.cern.ch/containers/os-base/centos7-devel/prod/amd64" elif re.match(r"x86_64.*-slc[56]-.*", platform): - image = "/cvmfs/cernvm-prod.cern.ch/cvm3" + image = "/cvmfs/lhcb.cern.ch/containers/os-base/slc6-devel/prod/amd64" elif re.match(r"x86_64.*-el9-.*", platform): image = "/cvmfs/lhcb.cern.ch/containers/os-base/alma9-devel/prod/amd64" elif re.match(r"arm.*-centos7-.*", platform): -- GitLab