-
Notifications
You must be signed in to change notification settings - Fork 52
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
bash login shell can undo/override Dockerfile ENV PATH #603
Comments
Hi @mlin, I have been working on a miniwdl extension to enable usage of LSF+Singularity based on the miniwdl-slurm extension. It was straightforward to get basic functionality, but I have run into the issue described here for more complex workflows. In our workflows, we specify the appropriate environment variables when the container images are built. We typically build on a Ubuntu base image. So when the login shell is launched, the environment variables, such as PATH, are overwritten, leading to workflow failures. Dropping the login shell flag seems appropriate as it requires the developer to explicitly set the environment, rather than relying on a particular shell to invoke an environment for them. |
Thanks @adthrasher, that's very exciting! cc @rhpvorderman I'm concerned about this too; bit of a rock & hard place because the login shell flag was added for reasons (#568 cc @nh13) and also apparently to match Cromwell, though I haven't personally confirmed that second part. It may be necessary to pick one behavior or the other as the default, and also allow you to specify exceptions using a wildcard pattern on the docker image name/tag. I'm inclined to say the default should be historically 'whatever Cromwell does' but need to investigate that further (I can imagine it not necessarily being the same across backends). And I'll also raise this in the OpenWDL forum as needing spec clarification. |
Thanks for the quick reply (and all your work on miniwdl, itself)! I reviewed #568 (and the associated PR) prior to commenting. I will note that the workflows that I'm testing with all run correctly in Cromwell. I haven't dug into the Cromwell code deeply, but I'm not aware of it executing in a login shell (as I would expect similar errors if it did). Similar to the user in #568, we are using conda environments, but only a single environment per container image. We then use the As an example, I took the following toy WDL example and ran it with Cromwell 83 (
From Cromwell, I get:
And from miniwdl, I get:
Focusing just on the PATH variables, they differ between the two runs. The cromwell result reflects what is defined in the Docker image ( Happy to discuss this further and provide additional details if needed. |
Thanks @adthrasher for the details @nh13 seems like this is trending towards backing out the login shell change, but definitely interested in your POV...did I misunderstand that the change promoted getting your stuff that was working with Cromwell work with miniwdl too? |
@mlin I think we wanted a login shell so that bashed would be sourced as an example in #568 we have this in the dockerfile: https://github.com/broadinstitute/viral-core/blob/master/Dockerfile#L31 We then avoid boilerplate in every WDL Atala, centralizing it in the dockerfile. It works with Cromwell so that must mean they probably source bashrc. I’d be happy if this is changed to opt-in. |
Thanks both for input. @adthrasher since you were just running little experiments, could I trouble you to determine whether If so, then we have the curiosity that it's not supposed to be a login shell, but is supposed to evaluate
[*] The doc doesn't mention |
Ah, here's some evidence that Cromwell on local defaults runs docker containers in interactive mode ( I'm kind of doubtful that this route to evaluating |
I am unclear from the documentation on the full effect of Docker's interactive mode. The help string does not seem like it is truly interactive.
I used the image provided above by @nh13 with my test WDL script.
Running with
If I instead run the container image interactively (
The Cromwell output of |
And now I'm stumped 😅 |
I'm stumped too. And I do suspect that Cromwell's behavior actually depends a bit on the backend in question (at least that's certainly the case when a Dockerfile's ENTRYPOINT and bash override don't get along with each other). Agree that maybe some path that allows an override of default behavior (login vs non-login) might be helpful. Definitely agree that there's a discussion to be had in the OpenWDL forum more broadly, and I certainly have thoughts there (I never understood why WDL task command blocks were so bash-centric... why can't they just be in python or julia or http whatever the docker's native entrypoint is?) |
I've found that even with
If we .bashrc is not evaluated with either of the following:
But .bashrc is evaluated with either of:
So, it seems you have to go rather out of your way to get .bashrc evaluated non-interactively, and thus I don't think a WDL task ought to assume that it is. This leaves mysterious (given @adthrasher complementary experiments above) why adding a command to .bashrc was effective when @nh13 @dpark01 were working with Cromwell last year. |
New config options [task_runtime] command_shell and command_preamble allow customization of the shell interpreter used for task commands. Also remove the default -l (login) flag from the default shell, which was first set in v1.5.3 (#569) but later proved problematic (#603). The new config options can be used to add this flag back if absolutely needed.
We invoke commands with
bash -l
to create a login shell, apparently following Cromwell. This evaluates/etc/profile
,/etc/profile.d/*
,~/.profile
, and~/.bash_profile
which wouldn't occur in a non-login shell.In some distros
/etc/profile
initializesPATH
absolutely, overwriting any existing setting ofPATH
, such as a value possibly set by anENV
directive in the Dockerfile.The same applies to any environment variable set in the Dockerfile that's originally initialized in any of those profiles.
The text was updated successfully, but these errors were encountered: