add starter output handling, runner resource management

This commit is contained in:
root 2024-06-22 20:59:29 +05:00
parent 505431fedc
commit 4e0711fe8c
4 changed files with 39 additions and 29 deletions

View file

@ -13,5 +13,6 @@ func main() {
if(err!=nil) { if(err!=nil) {
panic(err) panic(err)
} }
//runner.IsolatedRun(exec.Command("ls", "/")) limits := runner.Limits{Core: 3,Memory: 10000000, Time: 1000}
runner.IsolatedRun([]string{"/bin/echo","123"},limits)
} }

View file

@ -1,27 +1,26 @@
package runner package runner
import ( import (
"errors" //"errors"
"bytes"
"io"
"fmt" "fmt"
"log" "log"
"os" "os"
"strings" "strings"
exec "os/exec" exec "os/exec"
cgroups "github.com/containerd/cgroups" cgroups "github.com/containerd/cgroups"
//cgroup2 "github.com/containerd/cgroups/v3/cgroup2"
//specs "github.com/opencontainers/runtime-spec/specs-go"
rand "math/rand" rand "math/rand"
"time" "time"
"os/user"
) )
const runner_username string = "gaterunner"
const runIdLength = 20 const runIdLength = 20
var coresIsolated []int var coresIsolated []int
type Limits struct { type Limits struct {
core int Core int
memory int Memory int
Time int
} }
func extractNumbers(s string) (result []int) { func extractNumbers(s string) (result []int) {
@ -68,22 +67,26 @@ func Init() error {
return fmt.Errorf("no free cores available")//TODO: trouble description return fmt.Errorf("no free cores available")//TODO: trouble description
} }
log.Println("running on cores:",coresIsolated) log.Println("running on cores:",coresIsolated)
//user setup:
_,err:=user.Lookup(runner_username)
if err!=nil{
if errors.As(err, new(user.UnknownUserError)) {
exec.Command("useradd", runner_username).Run();
} else {
return fmt.Errorf("user error:",err)
}
}
log.Println("Runner initialisation successful!") log.Println("Runner initialisation successful!")
return nil return nil
} }
func IsolatedRun(command []string,core int) { func IsolatedRun(command []string,limits Limits) {
var runId string var runId string
for i:=0;i<runIdLength;i++{runId+=string('a'+byte(rand.Int31n(26)))} for i:=0;i<runIdLength;i++{runId+=string('a'+byte(rand.Int31n(26)))}
os.mkdir("starter/"+runId,0777); os.Mkdir("starter/"+runId,0777)
exec.Command("starter/starter", ); //log.Printf("%d",limits.Core)
//exec.Command("starter/starter", string(limits.Core),string(limits.Memory),string(limits.Time),runId,command...);
args:=[]string{string(limits.Core),string(limits.Memory),string(limits.Time),runId}
args=append(args,command...)
cmd:=exec.Command("/root/runner/starter/starter",args...)
//cmd:=exec.Command("/usr/bin/echo","123")
var stdBuffer bytes.Buffer
mw := io.MultiWriter(os.Stdout, &stdBuffer)
cmd.Stdout = mw
err := cmd.Run();
if err != nil { log.Fatal(err) }
//log.Println(stdBuffer.String())
os.RemoveAll("starter/"+runId)
cmd.Wait()
} }

View file

@ -56,10 +56,13 @@ static int nsrun(void* arg) {
if (prctl(PR_SET_PDEATHSIG, SIGKILL)) die("cannot PR_SET_PDEATHSIG for child process: %m\n"); if (prctl(PR_SET_PDEATHSIG, SIGKILL)) die("cannot PR_SET_PDEATHSIG for child process: %m\n");
struct params *params = (struct params*) arg; struct params *params = (struct params*) arg;
await_setup(params->fd[0]); await_setup(params->fd[0]);
if(chdir("shared")) die("failed to chdir: %m");
int out_fd=open("out",O_WRONLY|O_CREAT);
if(out_fd==-1) die("unable to open out file:%m");
else dup2(out_fd,STDOUT_FILENO);
if(chdir("..")) die("failed to chdir: %m");
mnt_prepare("minrootfs",params->shared_folder); mnt_prepare("minrootfs",params->shared_folder);
//if(chdir("shared")) die("faled to chdir: %m");
sethostname(hostname,sizeof(hostname)); sethostname(hostname,sizeof(hostname));
//if(chdir("..")) die("faled to chdir: %m");
ro_fs(params->shared_folder); ro_fs(params->shared_folder);
if(setgid(1000)) die("failed to setgid:%m"); if(setgid(1000)) die("failed to setgid:%m");
if(setuid(1000)) die("failed to setuid:%m"); if(setuid(1000)) die("failed to setuid:%m");

View file

@ -18,6 +18,7 @@
struct params { struct params {
char* shared_folder; char* shared_folder;
int fd[2]; int fd[2];
int out_fd;
char **argv; char **argv;
}; };
@ -32,6 +33,9 @@ struct killparams{
int pid; int pid;
}; };
#define READ_SIZE 100
char read_buf[READ_SIZE+1];
#include "ns_exec.c" #include "ns_exec.c"
#include "cgroup_prepare.c" #include "cgroup_prepare.c"
@ -52,7 +56,7 @@ static char killstack[STACK_SIZE];
static void parse_args(int argc, char **argv, struct params *params,struct limits *limits){ static void parse_args(int argc, char **argv, struct params *params,struct limits *limits){
if (argc < 6) { if (argc < 6) {
printf("usage:\n starter <core_id> <memory_amount> <time limit in ms> <shared folder> <command, arg1,arg2,...>"); puts("usage:\n starter <core_id> <memory_amount> <time limit in ms> <shared folder> <command, arg1,arg2,...>");
exit(0); exit(0);
} }
argc--;argv++; argc--;argv++;
@ -91,11 +95,13 @@ static void prepare_userns(int pid) {
} }
int main(int argc,char** argv) { int main(int argc,char** argv) {
if(setuid(0)) die("need to be run as root");
if(setgid(0)) die("need to be run as root");
//getting binary folder //getting binary folder
char bin_path[PATH_MAX]; char bin_path[PATH_MAX];
if (realpath (argv[0], bin_path) == 0) die("unable to resolve real path: %m"); if (realpath (argv[0], bin_path) == 0) die("unable to resolve real path: %m");
for(int i = strlen(bin_path);i>0 && bin_path[i]!='/';i--) bin_path[i]=0; for(int i = strlen(bin_path);i>0 && bin_path[i]!='/';i--) bin_path[i]=0;
if(chdir(bin_path)) die("unable to chdir: %m"); if(chdir(bin_path)) die("unable to chdir to binary path: %m");
//setting random seed //setting random seed
srand(time(NULL)); srand(time(NULL));
struct params params; struct params params;
@ -104,10 +110,7 @@ int main(int argc,char** argv) {
memset(&limits, 0, sizeof(struct limits)); memset(&limits, 0, sizeof(struct limits));
parse_args(argc, argv, &params, &limits); parse_args(argc, argv, &params, &limits);
prepare_cgroup(&limits); prepare_cgroup(&limits);
//exit(0); if (pipe(params.fd) < 0) die("can't open pipe: %m");
if(setuid(0)) die("need to be run as root");
if(setgid(0)) die("need to be run as root");
if (pipe(params.fd) < 0) exit(0);
int clone_flags = SIGCHLD | CLONE_NEWUTS | CLONE_NEWUSER | CLONE_NEWNS | CLONE_NEWPID | CLONE_NEWNET | CLONE_NEWIPC | CLONE_NEWCGROUP/* | CLONE_NEWTIME*/; int clone_flags = SIGCHLD | CLONE_NEWUTS | CLONE_NEWUSER | CLONE_NEWNS | CLONE_NEWPID | CLONE_NEWNET | CLONE_NEWIPC | CLONE_NEWCGROUP/* | CLONE_NEWTIME*/;
int nsrun_pid=clone(nsrun,nmstack+STACK_SIZE,clone_flags,&params); int nsrun_pid=clone(nsrun,nmstack+STACK_SIZE,clone_flags,&params);
int pipe=params.fd[1]; int pipe=params.fd[1];
@ -115,13 +118,13 @@ int main(int argc,char** argv) {
prepare_userns(nsrun_pid); prepare_userns(nsrun_pid);
if (nsrun_pid<0) {die("faled to clone");} if (nsrun_pid<0) {die("faled to clone");}
add_to_cgroup(nsrun_pid); add_to_cgroup(nsrun_pid);
//dup2(STDOUT_FILENO,params.out[0]);
if (write(pipe, "OK", 2) != 2) die("Failed to write to pipe: %m");//report readiness if (write(pipe, "OK", 2) != 2) die("Failed to write to pipe: %m");//report readiness
struct killparams killparams; struct killparams killparams;
killparams.time=limits.time; killparams.time=limits.time;
killparams.pid=nsrun_pid; killparams.pid=nsrun_pid;
clone(killafter,killstack+STACK_SIZE,SIGCHLD,&killparams); clone(killafter,killstack+STACK_SIZE,SIGCHLD,&killparams);
if (waitpid(nsrun_pid, NULL, 0) == -1) die("Failed to wait pid %d: %m\n", nsrun_pid); if (waitpid(nsrun_pid, NULL, 0) == -1) die("Failed to wait pid %d: %m\n", nsrun_pid);
//int pipe=params.fd[1];
remove_cgroup(); remove_cgroup();
return 0; return 0;
} }