anikeev лет назад: 8
Родитель
Сommit
721e76b8a2
4 измененных файлов с 429 добавлено и 0 удалено
  1. 81 0
      PBS_License.txt
  2. 6 0
      README.md
  3. 105 0
      torque-4.2.9-ipc-isolation.patch
  4. 237 0
      torque-4.2.9-r2.ebuild

+ 81 - 0
PBS_License.txt

@@ -0,0 +1,81 @@
+
+        OpenPBS (Portable Batch System) v2.3 Software License
+
+Copyright (c) 1999-2000 Veridian Information Solutions, Inc.
+All rights reserved.
+
+---------------------------------------------------------------------------
+For a license to use or redistribute the OpenPBS software under conditions
+other than those described below, or to purchase support for this software,
+please contact Veridian Systems, PBS Products Department ("Licensor") at:
+
+   www.OpenPBS.org  +1 650 967-4675                  sales@OpenPBS.org
+                       877 902-4PBS (US toll-free)
+---------------------------------------------------------------------------
+
+This license covers use of the OpenPBS v2.3 software (the "Software") at
+your site or location, and, for certain users, redistribution of the
+Software to other sites and locations.  Use and redistribution of
+OpenPBS v2.3 in source and binary forms, with or without modification,
+are permitted provided that all of the following conditions are met.
+After December 31, 2001, only conditions 3-6 must be met:
+
+1. Commercial and/or non-commercial use of the Software is permitted
+   provided a current software registration is on file at www.OpenPBS.org.
+   If use of this software contributes to a publication, product, or
+   service, proper attribution must be given; see www.OpenPBS.org/credit.html
+
+2. Redistribution in any form is only permitted for non-commercial,
+   non-profit purposes.  There can be no charge for the Software or any
+   software incorporating the Software.  Further, there can be no
+   expectation of revenue generated as a consequence of redistributing
+   the Software.
+
+3. Any Redistribution of source code must retain the above copyright notice
+   and the acknowledgment contained in paragraph 6, this list of conditions
+   and the disclaimer contained in paragraph 7.
+
+4. Any Redistribution in binary form must reproduce the above copyright
+   notice and the acknowledgment contained in paragraph 6, this list of
+   conditions and the disclaimer contained in paragraph 7 in the
+   documentation and/or other materials provided with the distribution.
+
+5. Redistributions in any form must be accompanied by information on how to
+   obtain complete source code for the OpenPBS software and any
+   modifications and/or additions to the OpenPBS software.  The source code
+   must either be included in the distribution or be available for no more
+   than the cost of distribution plus a nominal fee, and all modifications
+   and additions to the Software must be freely redistributable by any party
+   (including Licensor) without restriction.
+
+6. All advertising materials mentioning features or use of the Software must
+   display the following acknowledgment:
+
+    "This product includes software developed by NASA Ames Research Center,
+    Lawrence Livermore National Laboratory, and Veridian Information Solutions,
+    Inc.  Visit www.OpenPBS.org for OpenPBS software support,
+    products, and information."
+
+7. DISCLAIMER OF WARRANTY
+
+THIS SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. ANY EXPRESS
+OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT
+ARE EXPRESSLY DISCLAIMED.
+
+IN NO EVENT SHALL VERIDIAN CORPORATION, ITS AFFILIATED COMPANIES, OR THE
+U.S. GOVERNMENT OR ANY OF ITS AGENCIES BE LIABLE FOR ANY DIRECT OR INDIRECT,
+INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
+OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+This license will be governed by the laws of the Commonwealth of Virginia,
+without reference to its choice of law rules.
+
+Addendum
+To obtain complete source code for OpenPBS and modifications/additions
+provided in torque visit www.openpbs.org and/or
+www.supercluster.org/downloads.

+ 6 - 0
README.md

@@ -0,0 +1,6 @@
+# Torque 4 unshare IPC isolation patch
+
+IPC isolation patch based on Gentoo's torque-4.2.9-r2
+
+.patch is under TORQUE v2.5+ Software License v1.1
+.ebuild is under GNU General Public License v2

+ 105 - 0
torque-4.2.9-ipc-isolation.patch

@@ -0,0 +1,105 @@
+diff --git a/configure.ac b/configure.ac
+index 2c8154c..c0afee9 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -1243,6 +1243,19 @@ case "$BLCR" in
+   *) AC_MSG_ERROR([--enable-blcr should be yes or no]) ;;
+ esac
+ 
++dnl
++dnl enable IPC isolation
++dnl
++AC_MSG_CHECKING([whether to build ipc isolation support])
++AC_ARG_ENABLE(ipc-isolation,
++    [  --enable-ipc-isolation    enable ipc isolation support],
++    IPC=$enableval,IPC=no)
++AC_MSG_RESULT($IPC)
++case "$IPC" in
++  yes) AC_DEFINE([IPC_ISOLATION], 1, [Define to enable ipc isolation support]) ;;
++  no) : ;;
++  *) AC_MSG_ERROR([--enable-ipc-isolation should be yes or no]) ;;
++esac
+ 
+ dnl
+ dnl enable Nvidia gpu support
+diff --git a/src/include/pbs_error_db.h b/src/include/pbs_error_db.h
+index 8c7aac9..6a4e11c 100644
+--- a/src/include/pbs_error_db.h
++++ b/src/include/pbs_error_db.h
+@@ -266,6 +266,7 @@ PbsErrClient(PBSE_JOB_NOT_IN_QUEUE, (char *)"Job not found in queue.")
+ PbsErrClient(PBSE_LOGIN_BUSY, (char *)"Login node is currently too busy to run a job")
+ 
+ /* pbs client errors ceiling (max_client_err + 1) */
++PbsErrClient(PBSE_BADIPC,             "Failure of IPC namespace unsharing")
+ PbsErrClient(PBSE_CEILING,           (char*)0)
+ #endif
+ 
+diff --git a/src/lib/Libutils/u_users.c b/src/lib/Libutils/u_users.c
+index 5a0548a..50594ad 100644
+--- a/src/lib/Libutils/u_users.c
++++ b/src/lib/Libutils/u_users.c
+@@ -9,6 +9,10 @@
+ #include "log.h"
+ #include "../Liblog/pbs_log.h"
+ 
++#ifdef IPC_ISOLATION
++#include <sched.h>
++#endif
++
+ #define LDAP_RETRIES 5
+ 
+ struct passwd *getpwnam_wrapper(const char *user_name);
+@@ -111,6 +115,12 @@ int setuid_ext(
+ 
+   errno = 0;
+ 
++#ifdef IPC_ISOLATION
++  rc = unshare(CLONE_NEWIPC)
++
++  if (rc == 0)
++    {
++#endif
+   while (count < LDAP_RETRIES)
+     {
+     if (set_euid == TRUE)
+@@ -142,6 +152,9 @@ int setuid_ext(
+         }
+       }
+     } /* end retry loop */
++#ifdef IPC_ISOLATION
++    }
++#endif
+ 
+   return(rc);
+   } /* END setuid_ext() */
+diff --git a/src/resmom/requests.c b/src/resmom/requests.c
+index f7cddb5..06cfd62 100644
+--- a/src/resmom/requests.c
++++ b/src/resmom/requests.c
+@@ -121,6 +121,10 @@
+ #include <sys/category.h>
+ #endif
+ 
++#ifdef IPC_ISOLATION
++#include <sched.h>
++#endif
++
+ #ifdef HAVE_WORDEXP
+ #include <wordexp.h>
+ 
+@@ -482,6 +486,15 @@ static pid_t fork_to_user(
+       return(-PBSE_BADGRP);
+       }
+ 
++#ifdef IPC_ISOLATION
++    if (unshare(CLONE_NEWIPC) != 0)
++      {
++      /* cannot isolate IPC namespace */
++
++      return(-PBSE_BADIPC);
++      }
++#endif
++
+     if (setuid_ext(useruid, FALSE) == -1)
+       {
+       /* cannot run as the user */

+ 237 - 0
torque-4.2.9-r2.ebuild

@@ -0,0 +1,237 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-cluster/torque/torque-4.2.9-r2.ebuild,v 1.1 2014/12/16 03:33:43 jsbronder Exp $
+
+EAPI=5
+
+# AUTOTOOLS_AUTORECONF=yes
+
+inherit flag-o-matic eutils linux-info
+
+DESCRIPTION="Resource manager and queuing system based on OpenPBS"
+HOMEPAGE="http://www.adaptivecomputing.com/products/open-source/torque"
+# TODO:  hopefully moving to github tags soon
+# http://www.supercluster.org/pipermail/torquedev/2013-May/004519.html
+SRC_URI="http://www.adaptivecomputing.com/index.php?wpfb_dl=2849 -> ${P}.tar.gz"
+
+LICENSE="torque-2.5"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86"
+IUSE="cpusets +crypt doc drmaa kernel_linux munge nvidia server +syslog tk ipc-isolation"
+
+DEPEND_COMMON="
+	sys-libs/ncurses
+	sys-libs/readline
+	cpusets? ( sys-apps/hwloc )
+	munge? ( sys-auth/munge )
+	nvidia? ( >=x11-drivers/nvidia-drivers-275 )
+	tk? ( dev-lang/tk )
+	syslog? ( virtual/logger )
+	!games-util/qstat"
+
+DEPEND="${DEPEND_COMMON}
+	!sys-cluster/slurm"
+
+RDEPEND="${DEPEND_COMMON}
+	crypt? ( net-misc/openssh )
+	!crypt? ( net-misc/netkit-rsh )
+	!dev-libs/uthash"
+
+# Torque should depend on dev-libs/uthash but that's pretty much impossible
+# to patch in as they ship with a broken configure such that files referenced
+# by the configure.ac and Makefile.am are missing.
+# http://www.supercluster.org/pipermail/torquedev/2014-October/004773.html
+
+pkg_setup() {
+	PBS_SERVER_HOME="${PBS_SERVER_HOME:-/var/spool/${PN}}"
+
+	# Find a Torque server to use.  Check environment, then
+	# current setup (if any), and fall back on current hostname.
+	if [ -z "${PBS_SERVER_NAME}" ]; then
+		if [ -f "${ROOT}${PBS_SERVER_HOME}/server_name" ]; then
+			PBS_SERVER_NAME="$(<${ROOT}${PBS_SERVER_HOME}/server_name)"
+		else
+			PBS_SERVER_NAME=$(hostname -f)
+		fi
+	fi
+
+	USE_CPUSETS="--disable-cpuset"
+	if use cpusets; then
+		if ! use kernel_linux; then
+			einfo
+			elog "    Torque currently only has support for cpusets in linux."
+			elog "Assuming you didn't really want this USE flag."
+			einfo
+		else
+			linux-info_pkg_setup
+			if ! linux_config_exists || ! linux_chkconfig_present CPUSETS; then
+				einfo
+				elog "    Torque support for cpusets will require that you recompile"
+				elog "your kernel with CONFIG_CPUSETS enabled."
+				einfo
+			fi
+			USE_CPUSETS="--enable-cpuset"
+		fi
+	fi
+}
+
+src_prepare() {
+	# Unused and causes breakage when switching from glibc to tirpc.
+	# https://github.com/adaptivecomputing/torque/pull/148
+	sed -i '/rpc\/rpc\.h/d' src/lib/Libnet/net_client.c || die
+
+	# We install to a valid location, no need to muck with ld.so.conf
+	# --without-loadlibfile is supposed to do this for us...
+	sed -i '/mk_default_ld_lib_file || return 1/d' buildutils/pbs_mkdirs.in || die
+
+	epatch "${FILESDIR}"/${P}-tcl8.6.patch
+
+	# 524362
+	epatch "${FILESDIR}"/TRQ-2885-limit-tm_adopt-to-only-adopt-a-session-id-t.patch
+
+	#IPC_ISOLATION
+
+	epatch "${FILESDIR}"/${P}-ipc-isolation.patch
+
+}
+
+src_configure() {
+	local myconf="--with-rcp=mom_rcp"
+
+	use crypt && myconf="--with-rcp=scp"
+
+	econf \
+		$(use_enable tk gui) \
+		$(use_enable syslog) \
+		$(use_enable server) \
+		$(use_enable drmaa) \
+		$(use_enable munge munge-library) \
+		$(use_enable nvidia nvidia-gpus) \
+		$(use_enable ipc-isolation) \
+		--with-server-home=${PBS_SERVER_HOME} \
+		--with-environ=/etc/pbs_environment \
+		--with-default-server=${PBS_SERVER_NAME} \
+		--disable-gcc-warnings \
+		--with-tcp-retry-limit=2 \
+		--without-loadlibfile \
+		${USE_CPUSETS} \
+		${myconf}
+}
+
+src_install() {
+	local dir
+
+	DOCS=( CHANGELOG README.* Release_Notes )
+	use doc && DOCS+=( doc/admin_guide.ps doc/*.pdf )
+
+	default
+
+	# The build script isn't alternative install location friendly,
+	# So we have to fix some hard-coded paths in tclIndex for xpbs* to work
+	for file in $(find "${ED}" -iname tclIndex); do
+		sed \
+			-e "s/${ED//\// }/ /" \
+			-i "${file}" || die
+	done
+
+	for dir in $(find "${ED}/${PBS_SERVER_HOME}" -type d); do
+		keepdir "${dir#${ED}}"
+	done
+
+	if use server; then
+		newinitd "${FILESDIR}"/pbs_server-init.d-munge pbs_server
+		newinitd "${FILESDIR}"/pbs_sched-init.d pbs_sched
+	fi
+	newinitd "${FILESDIR}"/pbs_mom-init.d-munge pbs_mom
+	newconfd "${FILESDIR}"/${PN}-conf.d-munge ${PN}
+	newinitd "${FILESDIR}"/trqauthd-init.d trqauthd
+	newenvd "${FILESDIR}"/${PN}-env.d 25${PN}
+}
+
+pkg_preinst() {
+	if [[ -f "${ROOT}etc/pbs_environment" ]]; then
+		cp "${ROOT}etc/pbs_environment" "${ED}"/etc/pbs_environment || die
+	fi
+
+	if use server && [[ -f "${ROOT}${PBS_SERVER_HOME}/server_priv/nodes" ]]; then
+		cp \
+			"${EROOT}${PBS_SERVER_HOME}/server_priv/nodes" \
+			"${ED}/${PBS_SERVER_HOME}/server_priv/nodes" || die
+	fi
+
+	echo "${PBS_SERVER_NAME}" > "${ED}${PBS_SERVER_HOME}/server_name" || die
+
+	# Fix up the env.d file to use our set server home.
+	sed \
+		-e "s:/var/spool/${PN}:${PBS_SERVER_HOME}:g" \
+		-i "${ED}"/etc/env.d/25${PN} || die
+
+	if use munge; then
+		sed -i 's,\(PBS_USE_MUNGE=\).*,\11,' "${ED}"/etc/conf.d/${PN} || die
+	fi
+}
+
+pkg_postinst() {
+	elog "    If this is the first time torque has been installed, then you are not"
+	elog "ready to start the server.  Please refer to the documentation located at:"
+	elog "http://www.clusterresources.com/wiki/doku.php?id=torque:torque_wiki"
+	echo ""
+	elog "    For a basic setup, you may use emerge --config ${PN}"
+	echo ""
+	if [[ -z "${REPLACING_VERSIONS}" ]] || [[ ${REPLACING_VERSIONS} < 4 ]]; then
+		elog "Important 4.0+ updates"
+		elog "  - The on-wire protocol version has been changed."
+		elog "    Versions of Torque before 4.0.0 are no longer able to communicate."
+		elog "  - pbs_iff has been replaced by trqauthd, you will now need to add"
+		elog "    trqauthd to your default runlevel."
+	fi
+}
+
+# root will be setup as the primary operator/manager, the local machine
+# will be added as a node and we'll create a simple queue, batch.
+pkg_config() {
+	local h="$(echo "${ROOT}/${PBS_SERVER_HOME}" | sed 's:///*:/:g')"
+	local rc=0
+
+	ebegin "Configuring Torque"
+	einfo "Using ${h} as the pbs homedir"
+	einfo "Using ${PBS_SERVER_NAME} as the pbs_server"
+
+	# Check for previous configuration and bail if found.
+	if [ -e "${h}/server_priv/acl_svr/operators" ] \
+		|| [ -e "${h}/server_priv/nodes" ] \
+		|| [ -e "${h}/mom_priv/config" ]; then
+		ewarn "Previous Torque configuration detected.  Press Enter to"
+		ewarn "continue or Control-C to abort now"
+		read
+	fi
+
+	# pbs_mom configuration.
+	echo "\$pbsserver ${PBS_SERVER_NAME}" > "${h}/mom_priv/config" || die
+	echo "\$logevent 255" >> "${h}/mom_priv/config" || die
+
+	if use server; then
+		local qmgr="${EROOT}/usr/bin/qmgr -c"
+		# pbs_server bails on repeated backslashes.
+		if ! "${EROOT}"/usr/sbin/pbs_server -f -d "${h}" -t create; then
+			eerror "Failed to start pbs_server"
+			rc=1
+		else
+			${qmgr} "set server operators = root@$(hostname -f)" ${PBS_SERVER_NAME} \
+				&& ${qmgr} "create queue batch" ${PBS_SERVER_NAME} \
+				&& ${qmgr} "set queue batch queue_type = Execution" ${PBS_SERVER_NAME} \
+				&& ${qmgr} "set queue batch started = True" ${PBS_SERVER_NAME} \
+				&& ${qmgr} "set queue batch enabled = True" ${PBS_SERVER_NAME} \
+				&& ${qmgr} "set server default_queue = batch" ${PBS_SERVER_NAME} \
+				&& ${qmgr} "set server resources_default.nodes = 1" ${PBS_SERVER_NAME} \
+				&& ${qmgr} "set server scheduling = True" ${PBS_SERVER_NAME} \
+				|| die
+
+			"${EROOT}"/usr/bin/qterm -t quick ${PBS_SERVER_NAME} || rc=1
+
+			# Add the local machine as a node.
+			echo "$(hostname -f) np=1" > "${h}/server_priv/nodes" || die
+		fi
+	fi
+	eend ${rc}
+}