Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
27 changes: 1 addition & 26 deletions .trivyignore.yaml
Original file line number Diff line number Diff line change
@@ -1,26 +1 @@
vulnerabilities:
# /usr/bin/pebble is Canonical's init/service manager binary shipped as part of
# the ubuntu:26.04 base image. Its Go stdlib is compiled into the binary by
# Canonical; we cannot upgrade it without replacing the base image. These
# findings will be resolved when Canonical rebuilds pebble against a patched
# Go toolchain. Track: https://bugs.launchpad.net/ubuntu/+source/pebble
- id: CVE-2026-33811
paths:
- usr/bin/pebble
statement: "Canonical pebble base-image binary; not user-controlled."
- id: CVE-2026-33814
paths:
- usr/bin/pebble
statement: "Canonical pebble base-image binary; not user-controlled."
- id: CVE-2026-39820
paths:
- usr/bin/pebble
statement: "Canonical pebble base-image binary; not user-controlled."
- id: CVE-2026-39836
paths:
- usr/bin/pebble
statement: "Canonical pebble base-image binary; not user-controlled."
- id: CVE-2026-42499
paths:
- usr/bin/pebble
statement: "Canonical pebble base-image binary; not user-controlled."
vulnerabilities: []
3 changes: 2 additions & 1 deletion frontend/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,8 @@ RUN apt-get update -y && apt-get install -y \
&& rm -rf /var/lib/apt/lists/* \
&& rm -f /etc/ssh/ssh_host_* \
&& rm -f /etc/ssl/private/ssl-cert-snakeoil.key \
&& rm -f /etc/ssl/certs/ssl-cert-snakeoil.pem
&& rm -f /etc/ssl/certs/ssl-cert-snakeoil.pem \
&& rm -f /usr/bin/pebble

# Create stub eval.h for Python 3.13+ compatibility (header removed but API still present)
RUN python3 -c "import sysconfig; open(sysconfig.get_path('include')+'/eval.h','w').write('#pragma once\n')"
Expand Down
3 changes: 2 additions & 1 deletion mom/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,8 @@ RUN apt-get update -y && apt-get install -y \
&& rm -rf /var/lib/apt/lists/* \
&& rm -f /etc/ssh/ssh_host_* \
&& rm -f /etc/ssl/private/ssl-cert-snakeoil.key \
&& rm -f /etc/ssl/certs/ssl-cert-snakeoil.pem
&& rm -f /etc/ssl/certs/ssl-cert-snakeoil.pem \
&& rm -f /usr/bin/pebble

# Create stub eval.h for Python 3.13+ compatibility (header removed but API still present)
RUN python3 -c "import sysconfig; open(sysconfig.get_path('include')+'/eval.h','w').write('#pragma once\n')"
Expand Down
3 changes: 2 additions & 1 deletion server/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,8 @@ RUN apt-get update -y \
&& rm -rf /var/lib/apt/lists/* \
&& rm -f /etc/ssh/ssh_host_* \
&& rm -f /etc/ssl/private/ssl-cert-snakeoil.key \
&& rm -f /etc/ssl/certs/ssl-cert-snakeoil.pem
&& rm -f /etc/ssl/certs/ssl-cert-snakeoil.pem \
&& rm -f /usr/bin/pebble

# Create stub eval.h for Python 3.13+ compatibility (header removed but API still present)
RUN python3 -c "import sysconfig; open(sysconfig.get_path('include')+'/eval.h','w').write('#pragma once\n')"
Expand Down
13 changes: 10 additions & 3 deletions server/docker-entrypoint.sh
Original file line number Diff line number Diff line change
Expand Up @@ -105,9 +105,16 @@ sudo /opt/pbs/bin/qmgr -c "set server scheduling = True" || true
sudo /opt/pbs/bin/qmgr -c "set server flatuid = True" || true
sudo /opt/pbs/bin/qmgr -c "set server job_history_enable = True" || true

sudo /opt/pbs/bin/qmgr -c "create node pbsnode1" 2>/dev/null || true
sudo /opt/pbs/bin/qmgr -c "create node pbsnode2" 2>/dev/null || true
sudo /opt/pbs/bin/qmgr -c "create node pbsnode3" 2>/dev/null || true
# Pre-declare a range of compute nodes, mirroring the Slurm base's
# `NodeName=slurmnode[1-10]`. A pbsnodeN with no running mom just shows as
# "down" (state-unknown); starting a pbsnodeN service brings it "free". This
# lets the cluster grow purely by adding pbsnodeN services in compose -- the
# same UX as the Slurm cluster. PBS_MAX_NODES is overridable from compose, so
# growing past the default needs no base rebuild.
PBS_MAX_NODES=${PBS_MAX_NODES:-10}
for i in $(seq 1 "${PBS_MAX_NODES}"); do
sudo /opt/pbs/bin/qmgr -c "create node pbsnode${i}" 2>/dev/null || true
done

# Create a queuejob hook that defaults output/error paths to the submission
# directory (PBS_O_WORKDIR) instead of $HOME on the submission host.
Expand Down
Loading