def _workflow_run_name_generator(self, mode):
"""Generate the name to be given to a workflow run.
:param mode: Mode in which the workflow runs: ``workflow`` or
``session``.
"""
return build_unique_component_name(f"run-{mode}", self.workflow.id_)
def _delete_workflow_job(workflow: Workflow) -> None:
job_name = build_unique_component_name("run-batch", workflow.id_)
try:
current_k8s_batchv1_api_client.delete_namespaced_job(
name=job_name,
namespace=REANA_RUNTIME_KUBERNETES_NAMESPACE,
propagation_policy="Background",
)
except ApiException as e:
raise REANAWorkflowControllerError(
f"Workflow engine pod could not be deleted. Error: {e}")
def execute(self):
"""Execute a job in Kubernetes."""
backend_job_id = build_unique_component_name("run-job")
self.job = {
"kind": "Job",
"apiVersion": "batch/v1",
"metadata": {
"name": backend_job_id,
"namespace": REANA_RUNTIME_KUBERNETES_NAMESPACE,
},
"spec": {
"automountServiceAccountToken": False,
"backoffLimit": KubernetesJobManager.MAX_NUM_JOB_RESTARTS,
"autoSelector": True,
"template": {
"metadata": {
"name": backend_job_id,
"labels": {"reana-run-job-workflow-uuid": self.workflow_uuid},
},
"spec": {
"containers": [
{
"image": self.docker_img,
"command": ["bash", "-c"],
"args": [self.cmd],
"name": "job",
"env": [],
"volumeMounts": [],
}
],
"initContainers": [],
"volumes": [],
"restartPolicy": "Never",
"enableServiceLinks": False,
},
},
},
}
user_id = os.getenv("REANA_USER_ID")
secrets_store = REANAUserSecretsStore(user_id)
secret_env_vars = secrets_store.get_env_secrets_as_k8s_spec()
job_spec = self.job["spec"]["template"]["spec"]
job_spec["containers"][0]["env"].extend(secret_env_vars)
job_spec["volumes"].append(secrets_store.get_file_secrets_volume_as_k8s_specs())
secrets_volume_mount = secrets_store.get_secrets_volume_mount_as_k8s_spec()
job_spec["containers"][0]["volumeMounts"].append(secrets_volume_mount)
if self.env_vars:
for var, value in self.env_vars.items():
job_spec["containers"][0]["env"].append({"name": var, "value": value})
self.add_memory_limit(job_spec)
self.add_hostpath_volumes()
self.add_workspace_volume()
self.add_shared_volume()
self.add_eos_volume()
self.add_image_pull_secrets()
self.add_kubernetes_job_timeout()
if self.cvmfs_mounts != "false":
cvmfs_map = {}
for cvmfs_mount_path in ast.literal_eval(self.cvmfs_mounts):
if cvmfs_mount_path in CVMFS_REPOSITORIES:
cvmfs_map[CVMFS_REPOSITORIES[cvmfs_mount_path]] = cvmfs_mount_path
for repository, mount_path in cvmfs_map.items():
volume = get_k8s_cvmfs_volume(repository)
(
job_spec["containers"][0]["volumeMounts"].append(
{
"name": volume["name"],
"mountPath": "/cvmfs/{}".format(mount_path),
"readOnly": volume["readOnly"],
}
)
)
job_spec["volumes"].append(volume)
self.job["spec"]["template"]["spec"][
"securityContext"
] = client.V1PodSecurityContext(
run_as_group=WORKFLOW_RUNTIME_USER_GID, run_as_user=self.kubernetes_uid
)
if self.kerberos:
self._add_krb5_init_container(secrets_store)
if self.voms_proxy:
self._add_voms_proxy_init_container(secrets_volume_mount, secret_env_vars)
if REANA_RUNTIME_JOBS_KUBERNETES_NODE_LABEL:
self.job["spec"]["template"]["spec"][
"nodeSelector"
] = REANA_RUNTIME_JOBS_KUBERNETES_NODE_LABEL
backend_job_id = self._submit()
return backend_job_id
def __init__(self, user_secret_store_id):
"""Initialise the secret store object."""
self.user_secret_store_id = build_unique_component_name(
"secretsstore", str(user_secret_store_id))