add starter output handling, runner resource management
This commit is contained in:
parent
505431fedc
commit
4e0711fe8c
4 changed files with 39 additions and 29 deletions
3
main.go
3
main.go
|
@ -13,5 +13,6 @@ func main() {
|
||||||
if(err!=nil) {
|
if(err!=nil) {
|
||||||
panic(err)
|
panic(err)
|
||||||
}
|
}
|
||||||
//runner.IsolatedRun(exec.Command("ls", "/"))
|
limits := runner.Limits{Core: 3,Memory: 10000000, Time: 1000}
|
||||||
|
runner.IsolatedRun([]string{"/bin/echo","123"},limits)
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,27 +1,26 @@
|
||||||
package runner
|
package runner
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"errors"
|
//"errors"
|
||||||
|
"bytes"
|
||||||
|
"io"
|
||||||
"fmt"
|
"fmt"
|
||||||
"log"
|
"log"
|
||||||
"os"
|
"os"
|
||||||
"strings"
|
"strings"
|
||||||
exec "os/exec"
|
exec "os/exec"
|
||||||
cgroups "github.com/containerd/cgroups"
|
cgroups "github.com/containerd/cgroups"
|
||||||
//cgroup2 "github.com/containerd/cgroups/v3/cgroup2"
|
|
||||||
//specs "github.com/opencontainers/runtime-spec/specs-go"
|
|
||||||
rand "math/rand"
|
rand "math/rand"
|
||||||
"time"
|
"time"
|
||||||
"os/user"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
const runner_username string = "gaterunner"
|
|
||||||
const runIdLength = 20
|
const runIdLength = 20
|
||||||
var coresIsolated []int
|
var coresIsolated []int
|
||||||
|
|
||||||
type Limits struct {
|
type Limits struct {
|
||||||
core int
|
Core int
|
||||||
memory int
|
Memory int
|
||||||
|
Time int
|
||||||
}
|
}
|
||||||
|
|
||||||
func extractNumbers(s string) (result []int) {
|
func extractNumbers(s string) (result []int) {
|
||||||
|
@ -68,22 +67,26 @@ func Init() error {
|
||||||
return fmt.Errorf("no free cores available")//TODO: trouble description
|
return fmt.Errorf("no free cores available")//TODO: trouble description
|
||||||
}
|
}
|
||||||
log.Println("running on cores:",coresIsolated)
|
log.Println("running on cores:",coresIsolated)
|
||||||
//user setup:
|
|
||||||
_,err:=user.Lookup(runner_username)
|
|
||||||
if err!=nil{
|
|
||||||
if errors.As(err, new(user.UnknownUserError)) {
|
|
||||||
exec.Command("useradd", runner_username).Run();
|
|
||||||
} else {
|
|
||||||
return fmt.Errorf("user error:",err)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
log.Println("Runner initialisation successful!")
|
log.Println("Runner initialisation successful!")
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func IsolatedRun(command []string,core int) {
|
func IsolatedRun(command []string,limits Limits) {
|
||||||
var runId string
|
var runId string
|
||||||
for i:=0;i<runIdLength;i++{runId+=string('a'+byte(rand.Int31n(26)))}
|
for i:=0;i<runIdLength;i++{runId+=string('a'+byte(rand.Int31n(26)))}
|
||||||
os.mkdir("starter/"+runId,0777);
|
os.Mkdir("starter/"+runId,0777)
|
||||||
exec.Command("starter/starter", );
|
//log.Printf("%d",limits.Core)
|
||||||
|
//exec.Command("starter/starter", string(limits.Core),string(limits.Memory),string(limits.Time),runId,command...);
|
||||||
|
args:=[]string{string(limits.Core),string(limits.Memory),string(limits.Time),runId}
|
||||||
|
args=append(args,command...)
|
||||||
|
cmd:=exec.Command("/root/runner/starter/starter",args...)
|
||||||
|
//cmd:=exec.Command("/usr/bin/echo","123")
|
||||||
|
var stdBuffer bytes.Buffer
|
||||||
|
mw := io.MultiWriter(os.Stdout, &stdBuffer)
|
||||||
|
cmd.Stdout = mw
|
||||||
|
err := cmd.Run();
|
||||||
|
if err != nil { log.Fatal(err) }
|
||||||
|
//log.Println(stdBuffer.String())
|
||||||
|
os.RemoveAll("starter/"+runId)
|
||||||
|
cmd.Wait()
|
||||||
}
|
}
|
||||||
|
|
|
@ -56,10 +56,13 @@ static int nsrun(void* arg) {
|
||||||
if (prctl(PR_SET_PDEATHSIG, SIGKILL)) die("cannot PR_SET_PDEATHSIG for child process: %m\n");
|
if (prctl(PR_SET_PDEATHSIG, SIGKILL)) die("cannot PR_SET_PDEATHSIG for child process: %m\n");
|
||||||
struct params *params = (struct params*) arg;
|
struct params *params = (struct params*) arg;
|
||||||
await_setup(params->fd[0]);
|
await_setup(params->fd[0]);
|
||||||
|
if(chdir("shared")) die("failed to chdir: %m");
|
||||||
|
int out_fd=open("out",O_WRONLY|O_CREAT);
|
||||||
|
if(out_fd==-1) die("unable to open out file:%m");
|
||||||
|
else dup2(out_fd,STDOUT_FILENO);
|
||||||
|
if(chdir("..")) die("failed to chdir: %m");
|
||||||
mnt_prepare("minrootfs",params->shared_folder);
|
mnt_prepare("minrootfs",params->shared_folder);
|
||||||
//if(chdir("shared")) die("faled to chdir: %m");
|
|
||||||
sethostname(hostname,sizeof(hostname));
|
sethostname(hostname,sizeof(hostname));
|
||||||
//if(chdir("..")) die("faled to chdir: %m");
|
|
||||||
ro_fs(params->shared_folder);
|
ro_fs(params->shared_folder);
|
||||||
if(setgid(1000)) die("failed to setgid:%m");
|
if(setgid(1000)) die("failed to setgid:%m");
|
||||||
if(setuid(1000)) die("failed to setuid:%m");
|
if(setuid(1000)) die("failed to setuid:%m");
|
||||||
|
|
|
@ -18,6 +18,7 @@
|
||||||
struct params {
|
struct params {
|
||||||
char* shared_folder;
|
char* shared_folder;
|
||||||
int fd[2];
|
int fd[2];
|
||||||
|
int out_fd;
|
||||||
char **argv;
|
char **argv;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -32,6 +33,9 @@ struct killparams{
|
||||||
int pid;
|
int pid;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
#define READ_SIZE 100
|
||||||
|
char read_buf[READ_SIZE+1];
|
||||||
|
|
||||||
#include "ns_exec.c"
|
#include "ns_exec.c"
|
||||||
#include "cgroup_prepare.c"
|
#include "cgroup_prepare.c"
|
||||||
|
|
||||||
|
@ -52,7 +56,7 @@ static char killstack[STACK_SIZE];
|
||||||
|
|
||||||
static void parse_args(int argc, char **argv, struct params *params,struct limits *limits){
|
static void parse_args(int argc, char **argv, struct params *params,struct limits *limits){
|
||||||
if (argc < 6) {
|
if (argc < 6) {
|
||||||
printf("usage:\n starter <core_id> <memory_amount> <time limit in ms> <shared folder> <command, arg1,arg2,...>");
|
puts("usage:\n starter <core_id> <memory_amount> <time limit in ms> <shared folder> <command, arg1,arg2,...>");
|
||||||
exit(0);
|
exit(0);
|
||||||
}
|
}
|
||||||
argc--;argv++;
|
argc--;argv++;
|
||||||
|
@ -91,11 +95,13 @@ static void prepare_userns(int pid) {
|
||||||
}
|
}
|
||||||
|
|
||||||
int main(int argc,char** argv) {
|
int main(int argc,char** argv) {
|
||||||
|
if(setuid(0)) die("need to be run as root");
|
||||||
|
if(setgid(0)) die("need to be run as root");
|
||||||
//getting binary folder
|
//getting binary folder
|
||||||
char bin_path[PATH_MAX];
|
char bin_path[PATH_MAX];
|
||||||
if (realpath (argv[0], bin_path) == 0) die("unable to resolve real path: %m");
|
if (realpath (argv[0], bin_path) == 0) die("unable to resolve real path: %m");
|
||||||
for(int i = strlen(bin_path);i>0 && bin_path[i]!='/';i--) bin_path[i]=0;
|
for(int i = strlen(bin_path);i>0 && bin_path[i]!='/';i--) bin_path[i]=0;
|
||||||
if(chdir(bin_path)) die("unable to chdir: %m");
|
if(chdir(bin_path)) die("unable to chdir to binary path: %m");
|
||||||
//setting random seed
|
//setting random seed
|
||||||
srand(time(NULL));
|
srand(time(NULL));
|
||||||
struct params params;
|
struct params params;
|
||||||
|
@ -104,10 +110,7 @@ int main(int argc,char** argv) {
|
||||||
memset(&limits, 0, sizeof(struct limits));
|
memset(&limits, 0, sizeof(struct limits));
|
||||||
parse_args(argc, argv, ¶ms, &limits);
|
parse_args(argc, argv, ¶ms, &limits);
|
||||||
prepare_cgroup(&limits);
|
prepare_cgroup(&limits);
|
||||||
//exit(0);
|
if (pipe(params.fd) < 0) die("can't open pipe: %m");
|
||||||
if(setuid(0)) die("need to be run as root");
|
|
||||||
if(setgid(0)) die("need to be run as root");
|
|
||||||
if (pipe(params.fd) < 0) exit(0);
|
|
||||||
int clone_flags = SIGCHLD | CLONE_NEWUTS | CLONE_NEWUSER | CLONE_NEWNS | CLONE_NEWPID | CLONE_NEWNET | CLONE_NEWIPC | CLONE_NEWCGROUP/* | CLONE_NEWTIME*/;
|
int clone_flags = SIGCHLD | CLONE_NEWUTS | CLONE_NEWUSER | CLONE_NEWNS | CLONE_NEWPID | CLONE_NEWNET | CLONE_NEWIPC | CLONE_NEWCGROUP/* | CLONE_NEWTIME*/;
|
||||||
int nsrun_pid=clone(nsrun,nmstack+STACK_SIZE,clone_flags,¶ms);
|
int nsrun_pid=clone(nsrun,nmstack+STACK_SIZE,clone_flags,¶ms);
|
||||||
int pipe=params.fd[1];
|
int pipe=params.fd[1];
|
||||||
|
@ -115,13 +118,13 @@ int main(int argc,char** argv) {
|
||||||
prepare_userns(nsrun_pid);
|
prepare_userns(nsrun_pid);
|
||||||
if (nsrun_pid<0) {die("faled to clone");}
|
if (nsrun_pid<0) {die("faled to clone");}
|
||||||
add_to_cgroup(nsrun_pid);
|
add_to_cgroup(nsrun_pid);
|
||||||
|
//dup2(STDOUT_FILENO,params.out[0]);
|
||||||
if (write(pipe, "OK", 2) != 2) die("Failed to write to pipe: %m");//report readiness
|
if (write(pipe, "OK", 2) != 2) die("Failed to write to pipe: %m");//report readiness
|
||||||
struct killparams killparams;
|
struct killparams killparams;
|
||||||
killparams.time=limits.time;
|
killparams.time=limits.time;
|
||||||
killparams.pid=nsrun_pid;
|
killparams.pid=nsrun_pid;
|
||||||
clone(killafter,killstack+STACK_SIZE,SIGCHLD,&killparams);
|
clone(killafter,killstack+STACK_SIZE,SIGCHLD,&killparams);
|
||||||
if (waitpid(nsrun_pid, NULL, 0) == -1) die("Failed to wait pid %d: %m\n", nsrun_pid);
|
if (waitpid(nsrun_pid, NULL, 0) == -1) die("Failed to wait pid %d: %m\n", nsrun_pid);
|
||||||
//int pipe=params.fd[1];
|
|
||||||
remove_cgroup();
|
remove_cgroup();
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue