def dummy(cgroup_name):
pid = os.getpid()
print('My pid: ', pid)
cg = Cgroup(cgroup_name)
print(cg.pids)
print('dummy groups', cg.cgroups)
print('dummy user', cg.user)
print('dummy cpu limit', cg.cpu_limit)
print('dummy memory limit', cg.memory_limit)
cg.add(pid)
print('leaving dummy')
def setup_cgroups(self, core_limit, mem_limit):
process_user = getpass.getuser()
try:
utils.execute('user_cgroups', process_user, run_as_root=True)
cg = Cgroup('capstan')
cg.set_cpu_limit(core_limit)
cg.set_memory_limit(mem_limit)
return cg
except:
LOG.info("Verify whether the cgroups library was properly installed")
raise
def in_cgroup():
try:
pid = os.getpid()
cg = Cgroup(uuid1)
netns.setns(netns_name)
cg.add(pid)
except Exception as e:
traceback.print_exc()
file_log.write("Failed to preexecute function")
file_log.write(e)
def run_command_with_cgroups_options(command,cpu=None,mem=None,swapless=False,cgroup=None):
if cgroup is None:
cg_name = ''
if swapless:
cg_name += 'swapless'
cg_name += '_cpu'+str(cpu)
if mem != -1:
cg_name += '_mem'+str(mem)
# print (cg_name)
else:
cg_name = cgroup
cg = Cgroup(cg_name)
if cpu is not None:
cg.set_cpu_limit(cpu)
if mem is not None:
cg.set_memory_limit(mem)
if swapless:
cg.set_swappiness(0)
def preexec_fn ():
pid = os.getpid()
print ("starting {} with pid {}".format(command,pid))
cg.add(pid)
process = subprocess.Popen([command],preexec_fn=preexec_fn)
process.wait()
def mocker_rmi(uuid1):
'''+
rmi <image_id> - удаляет
ранее созданный образ из локального хранилища.
'''
if uuid1[0:4] == "img_":
if mocker_check(uuid1) == 1:
print('No image named ' + str(uuid1))
return
btrfsutil.delete_subvolume(btrfs_path + '/' + str(uuid1))
cg = Cgroup(uuid1)
cg.delete()
print('Removed ' + str(uuid1))
else:
print('This is not image')
def put(self, request, cgname, pid):
"""Add process to the cgroup and return a list of processes in the group"""
try:
# Init or create cgroup
cg = Cgroup(cgname)
# Add process to the group
# For security reasons you have to be root or the process has to
# belong to user under which you're running this api.
cg.add(int(pid))
serializer = CgroupSerializer(cg)
data = serializer.data
except CgroupsException as e:
raise CgroupsError(e)
return Response(data)
def mocker_rm(uuid1):
'''+
rm <container_id> - удаляет ранее
созданный контейнер
'''
if uuid1[0:3] == "ps_":
if mocker_check(uuid1) == 1:
print('No container named ' + str(uuid1))
return
btrfsutil.delete_subvolume(btrfs_path + '/' + str(uuid1))
cg = Cgroup(uuid1)
cg.delete()
netns_name = 'netns_' + str(uuid1)
netns.remove(netns_name)
print('Removed ' + str(uuid1))
else:
print('This is not container')
def get(self, request, cgname):
"""List processes from the given group. Create new one if no such group."""
try:
cg = Cgroup(cgname)
serializer = CgroupSerializer(cg)
data = serializer.data
except CgroupsException as e:
raise CgroupsError(e)
return Response(data)
def in_cgroup():
try:
pid = os.getpid()
cg = Cgroup(name)
for env in env_vars:
#log.info('Setting ENV %s' % env)
os.putenv(*env.split('=', 1))
# Set network namespace
netns.setns(netns_name)
# add process to cgroup
cg.add(pid)
os.chroot(layer_dir)
if working_dir != '':
#log.info("Setting working directory to %s" % working_dir)
os.chdir(working_dir)
except Exception as e:
traceback.print_exc()
def mocker_rmi(uuid1):
'''+
rmi <image_id> - удаляет
ранее созданный образ из локального хранилища.
'''
'''
[[ "$(bocker_check "$1")" == 1 ]] && echo "No container named '$1' exists" && exit 1
btrfs subvolume delete "$btrfs_path/$1" > /dev/null
cgdelete -g "$cgroups:/$1" &> /dev/null || true
echo "Removed: $1"
'''
if mocker_check(uuid1) == 1:
print('No container named ' + str(uuid1))
return
btrfsutil.delete_subvolume(btrfs_path + '/' + str(uuid1))
cg = Cgroup(uuid1)
cg.remove(uuid1)
print('Removed ' + str(uuid1))
# Cgroup.remove(uuid)
pass
def in_cgroup():
try:
pid = os.getpid()
cg = Cgroup(name)
for env in env_vars:
log.info('Setting ENV %s' % env)
os.putenv(*env.split('=', 1))
# Set network namespace
netns.setns(netns_name)
# add process to cgroup
cg.add(pid)
os.chroot(layer_dir)
if working_dir != '':
log.info("Setting working directory to %s" % working_dir)
os.chdir(working_dir)
except Exception as e:
traceback.print_exc()
log.error("Failed to preexecute function")
log.error(e)
def setup_cgroup(name):
user = pwd.getpwuid(os.getuid())[0]
print(user)
create_user_cgroups(user)
cg = Cgroup(name)
print('cgroup', cg)
cg.set_cpu_limit(100)
print('memory limit', cg.memory_limit)
cg.set_memory_limit(600)
print('memory limit', cg.memory_limit)
def run(self, *args, **kwargs):
images = ImagesCommand().list_images()
image_name = kwargs['<name>']
ip_last_octet = 103 # TODO : configurable
match = [i[3] for i in images if i[0] == image_name][0]
target_file = os.path.join(_base_dir_, match)
with open(target_file) as tf:
image_details = json.loads(tf.read())
# setup environment details
state = json.loads(image_details['history'][0]['v1Compatibility'])
# Extract information about this container
env_vars = state['config']['Env']
start_cmd = subprocess.list2cmdline(state['config']['Cmd'])
working_dir = state['config']['WorkingDir']
id = uuid.uuid1()
# unique-ish name
name = 'c_' + str(id.fields[5])[:4]
# unique-ish mac
mac = str(id.fields[5])[:2]
layer_dir = os.path.join(_base_dir_, match.replace('.json', ''), 'layers', 'contents')
with IPDB() as ipdb:
veth0_name = 'veth0_'+name
veth1_name = 'veth1_'+name
netns_name = 'netns_'+name
bridge_if_name = 'bridge0'
existing_interfaces = ipdb.interfaces.keys()
# Create a new virtual interface
with ipdb.create(kind='veth', ifname=veth0_name, peer=veth1_name) as i1:
i1.up()
if bridge_if_name not in existing_interfaces:
ipdb.create(kind='bridge', ifname=bridge_if_name).commit()
i1.set_target('master', bridge_if_name)
# Create a network namespace
netns.create(netns_name)
# move the bridge interface into the new namespace
with ipdb.interfaces[veth1_name] as veth1:
veth1.net_ns_fd = netns_name
# Use this network namespace as the database
ns = IPDB(nl=NetNS(netns_name))
with ns.interfaces.lo as lo:
lo.up()
with ns.interfaces[veth1_name] as veth1:
veth1.address = "02:42:ac:11:00:{0}".format(mac)
veth1.add_ip('10.0.0.{0}/24'.format(ip_last_octet))
veth1.up()
ns.routes.add({
'dst': 'default',
'gateway': '10.0.0.1'}).commit()
try:
# setup cgroup directory for this user
user = os.getlogin()
create_user_cgroups(user)
# First we create the cgroup and we set it's cpu and memory limits
cg = Cgroup(name)
cg.set_cpu_limit(50) # TODO : get these as command line options
cg.set_memory_limit(500)
# Then we a create a function to add a process in the cgroup
def in_cgroup():
try:
pid = os.getpid()
cg = Cgroup(name)
for env in env_vars:
log.info('Setting ENV %s' % env)
os.putenv(*env.split('=', 1))
# Set network namespace
netns.setns(netns_name)
# add process to cgroup
cg.add(pid)
os.chroot(layer_dir)
if working_dir != '':
log.info("Setting working directory to %s" % working_dir)
os.chdir(working_dir)
except Exception as e:
traceback.print_exc()
log.error("Failed to preexecute function")
log.error(e)
cmd = start_cmd
log.info('Running "%s"' % cmd)
process = subprocess.Popen(cmd, preexec_fn=in_cgroup, shell=True)
process.wait()
print(process.stdout)
log.error(process.stderr)
except Exception as e:
traceback.print_exc()
log.error(e)
finally:
log.info('Finalizing')
NetNS(netns_name).close()
netns.remove(netns_name)
ipdb.interfaces[veth0_name].remove()
log.info('done')
def run(detach: bool,
image: str = 'ubuntu',
uuid: str = None,
load: bool = False,
cmd=('/bin/uname', '-a')):
cgroup_name = 'test'
base_image_path = os.path.join('./base_images/',
image + '.img') # TODO exist?
if not uuid:
uuid = uuid1()
if type(cmd) is str:
cmd = tuple(shlex.split(cmd))
container_name = str(uuid) + '.img'
img_path = os.path.join('container', container_name)
mount_path = './container/' + str(uuid)
if not load:
shutil.copy(base_image_path, img_path)
if not os.path.exists(mount_path):
os.mkdir(mount_path)
mount('-o', 'rw', img_path, mount_path)
cg = Cgroup(cgroup_name)
cg.set_cpu_limit(50)
cg.set_memory_limit(512)
print("uuid:", uuid) # TODO remove
# create record
create_record(uuid, image, cmd)
# env
my_env = os.environ.copy()
path = set(my_env["PATH"].split(":"))
path.add("/bin")
path.add("/sbin")
path.add("/usr/bin")
path.add("/usr/sbin")
path.add("/usr/local/bin")
path.add("/usr/local/sbin")
my_env["PATH"] = ":".join(path)
def hook():
cg.add(os.getpid())
os.chroot('.')
# proc = subprocess.Popen('echo hello world subprocess!', shell=True)
# proc = subprocess.Popen(['ls', '-lah'], shell=False)
# proc = subprocess.Popen(['free', '-h'], preexec_fn=hook, shell=False)
proc = subprocess.Popen(cmd, preexec_fn=hook, cwd=mount_path, env=my_env)
# TODO try catch
# stdout_r, stdout_w = os.pipe()
# stdout_r = os.fdopen(stdout_r)
# stdout_w = os.fdopen(stdout_w, 'w')
# proc = subprocess.Popen('/bin/bash', preexec_fn=hook, cwd=mount_path, env=my_env,
# stdin=subprocess.PIPE, stdout=stdout_w, stderr=subprocess.STDOUT,
# universal_newlines=True)
# # proc.stdin.write(b'ls /\n')
# # proc.stdin.flush()
# # while True:
# # buf = stdout_r.readline()
# # if not buf:
# # break
# # redirect_socket.send(buf)
# # buf = redirect_socket.recv(1024)
# # proc.stdin.write(buf)
# print("Input: ", end="", file=stdout_w, flush=True)
# print(redirect_socket.recv(1024).decode(), file=proc.stdin, flush=True)
# buf = stdout_r.readline()
# redirect_socket.send(buf.encode())
if detach:
# TODO add to pool
processes[str(uuid)] = proc
return str(uuid) # TODO
else:
proc.wait()
# cleanup
umount(mount_path)
os.rmdir(mount_path)
def run(self, *args, **kwargs):
images = ImagesCommand().list_images()
image_name = kwargs['<name>']
ip_last_octet = 103 # TODO : configurable
match = [i[3] for i in images if i[0] == image_name][0]
target_file = os.path.join(_base_dir_, match)
with open(target_file) as tf:
image_details = json.loads(tf.read())
# setup environment details
state = json.loads(image_details['history'][0]['v1Compatibility'])
# Extract information about this container
env_vars = state['config']['Env']
start_cmd = subprocess.list2cmdline(state['config']['Cmd'])
working_dir = state['config']['WorkingDir']
id = uuid.uuid1()
# unique-ish name
name = 'c_' + str(id.fields[5])[:4]
# unique-ish mac
mac = str(id.fields[5])[:2]
layer_dir = os.path.join(_base_dir_, match.replace('.json', ''),
'layers', 'contents')
with IPDB() as ipdb:
veth0_name = 'veth0_' + name
veth1_name = 'veth1_' + name
netns_name = 'netns_' + name
bridge_if_name = 'bridge0'
existing_interfaces = ipdb.interfaces.keys()
# Create a new virtual interface
with ipdb.create(kind='veth', ifname=veth0_name,
peer=veth1_name) as i1:
i1.up()
if bridge_if_name not in existing_interfaces:
ipdb.create(kind='bridge', ifname=bridge_if_name).commit()
i1.set_target('master', bridge_if_name)
# Create a network namespace
netns.create(netns_name)
# move the bridge interface into the new namespace
with ipdb.interfaces[veth1_name] as veth1:
veth1.net_ns_fd = netns_name
# Use this network namespace as the database
ns = IPDB(nl=NetNS(netns_name))
with ns.interfaces.lo as lo:
lo.up()
with ns.interfaces[veth1_name] as veth1:
veth1.address = "02:42:ac:11:00:{0}".format(mac)
veth1.add_ip('10.0.0.{0}/24'.format(ip_last_octet))
veth1.up()
ns.routes.add({'dst': 'default', 'gateway': '10.0.0.1'}).commit()
try:
# setup cgroup directory for this user
user = os.getlogin()
create_user_cgroups(user)
# First we create the cgroup and we set it's cpu and memory limits
cg = Cgroup(name)
cg.set_cpu_limit(
50) # TODO : get these as command line options
cg.set_memory_limit(500)
# Then we a create a function to add a process in the cgroup
def in_cgroup():
try:
pid = os.getpid()
cg = Cgroup(name)
for env in env_vars:
log.info('Setting ENV %s' % env)
os.putenv(*env.split('=', 1))
# Set network namespace
netns.setns(netns_name)
# add process to cgroup
cg.add(pid)
os.chroot(layer_dir)
if working_dir != '':
log.info("Setting working directory to %s" %
working_dir)
os.chdir(working_dir)
except Exception as e:
traceback.print_exc()
log.error("Failed to preexecute function")
log.error(e)
cmd = start_cmd
log.info('Running "%s"' % cmd)
process = subprocess.Popen(cmd,
preexec_fn=in_cgroup,
shell=True)
process.wait()
print(process.stdout)
log.error(process.stderr)
except Exception as e:
traceback.print_exc()
log.error(e)
finally:
log.info('Finalizing')
NetNS(netns_name).close()
netns.remove(netns_name)
ipdb.interfaces[veth0_name].remove()
log.info('done')
from cgroups import Cgroup
HOL_LIB_DIR = r"/home/eytan.s/Apps/Isabelle2019/src/HOL/Library/"
CMD = [
r"/home/eytan.s/Apps/Isabelle2019/bin/isabelle", "process", "-o",
"quick_and_dirty=true", "-T"
]
BENCHMARK_DIR = r"/home/eytan.s/Apps/benchmarks/benchmarks/isaplannerthy/"
TARGET_DIR = r"/home/eytan.s/Apps/benchmarks/benchmarks/isaplannerthy_results/"
if not os.path.exists(TARGET_DIR):
os.makedirs(TARGET_DIR)
# First we create the cgroup 'charlie' and we set it's cpu and memory limits
cg = Cgroup('hipster_cgroup')
# Then we a create a function to add a process in the cgroup
def in_my_cgroup():
pid = os.getpid()
cg = Cgroup('hipster_cgroup')
cg.add(pid)
def run_isabelle(fn):
try:
in_my_cgroup()
print(f"running {fn}")
os.chdir(HOL_LIB_DIR)
with open(fn) as f:
os.setgroups([])
# Try setting the new uid/gid
os.setgid(running_gid)
os.setuid(running_uid)
# Ensure a very conservative umask
old_umask = os.umask(0o77)
if __name__ == '__main__':
server_class = HTTPServer
httpd = server_class((HOST_NAME, PORT_NUMBER), MyHandler)
# Creating cgroup with wanted limitations
cg = Cgroup('jppapin')
cg.set_cpu_limit(1)
cg.set_memory_limit(700, unit="kilobytes")
# Adding this process in the cgroup
pid = os.getpid()
cg.add(pid)
print("Before dropping privileges")
drop_privileges()
print("After dropping privileges")
print(time.asctime(), 'Server Starts - %s:%s' % (HOST_NAME, PORT_NUMBER))
try:
httpd.serve_forever()
except KeyboardInterrupt:
def get_cgroups():
cgrp_tree = trees.Tree()
cgrp_nodes = cgrp_tree.root.children
cgroups = [Cgroup(name=node.name) for node in cgrp_nodes]
nix_cgrps = []
return nix_cgrps
def in_my_cgroup():
pid = os.getpid()
cg = Cgroup('hipster_cgroup')
cg.add(pid)
if not is_windows:
from cgroups import Cgroup
RunParams = namedtuple('RunParams', ['fn', 'timeout', 'proof_mode'])
project_dir = project_root
BUILD_CMD = [
str(cargo_path), "build", "--release", "--features", "stats", "--package",
"TheSy", "--bin", "TheSy"
]
CMD = [str(executable_release)]
# First we create the cgroup 'charlie' and we set it's cpu and memory limits
if not is_windows:
cg = Cgroup('thesy_cgroup')
# Then we a create a function to add a process in the cgroup
def in_my_cgroup():
if not is_windows:
pid = os.getpid()
cg = Cgroup('thesy_cgroup')
cg.add(pid)
def run_thesy(params: RunParams):
in_my_cgroup()
print(f"running {params.fn}")
try:
cmd = [s for s in CMD]
def in_my_cgroup():
if not is_windows:
pid = os.getpid()
cg = Cgroup('thesy_cgroup')
cg.add(pid)
def mocker_run(uuid1, *args):
'''
run <image_id> <command> - создает контейнер
из указанного image_id и запускает его
с указанной командой
'''
id = uuid.uuid4()
uuid_name = 'ps_' + str(id.fields[5])[:4]
mac = str(id.fields[5])[:2]
if mocker_check(uuid1) == 1:
print('No image named ' + str(uuid1))
return
if mocker_check(uuid_name) == 0:
print(uuid_name)
print('UUID conflict, retrying...')
return
cmd = args
ip_last_octet = 103
with IPDB() as ipdb:
veth0_name = 'veth0_' + str(uuid_name)
veth1_name = 'veth1_' + str(uuid_name)
netns_name = 'netns_' + str(uuid_name)
bridge_if_name = 'bridge0'
existing_interfaces = ipdb.interfaces.keys()
with ipdb.create(kind='veth', ifname=veth0_name,
peer=veth1_name) as i1:
i1.up()
if bridge_if_name not in existing_interfaces:
ipdb.create(kind='bridge', ifname=bridge_if_name).commit()
i1.set_target('master', bridge_if_name)
netns.create(netns_name)
with ipdb.interfaces[veth1_name] as veth1:
veth1.net_ns_fd = netns_name
ns = IPDB(nl=NetNS(netns_name))
with ns.interfaces.lo as lo:
lo.up()
with ns.interfaces[veth1_name] as veth1:
veth1.address = "02:42:ac:11:00:{0}".format(mac)
veth1.add_ip('10.0.0.{0}/24'.format(ip_last_octet))
veth1.up()
ns.routes.add({'dst': 'default', 'gateway': '10.0.0.1'}).commit()
btrfsutil.create_snapshot(btrfs_path + '/' + uuid1,
btrfs_path + '/' + uuid_name)
file_log = open(btrfs_path + '/' + uuid_name + '/' + uuid_name + '.log',
'w')
file = open(btrfs_path + '/' + uuid_name + '/' + uuid_name + '.cmd', 'w')
file.write(str(cmd))
file.close()
cg = Cgroup(uuid_name)
cg.set_cpu_limit(50)
cg.set_memory_limit(500)
def in_cgroup():
try:
pid = os.getpid()
cg = Cgroup(uuid_name)
netns.setns(netns_name)
cg.add(pid)
except Exception as e:
traceback.print_exc()
file_log.write("Failed to preexecute function")
file_log.write(e)
cmd = list(args)
file_log.write('Running ' + cmd[0] + '\n')
process = subprocess.Popen(cmd, preexec_fn=in_cgroup, shell=True)
process.wait()
file_log.write('Error ')
file_log.write(str(process.stderr) + '\n')
file_log.write('Final\n')
NetNS(netns_name).close()
#netns.remove(netns_name)
file_log.write('done\n')
print('Creating', uuid_name)
def memory_reserve(mbytes):
# http://man7.org/linux/man-pages/man7/cgroups.7.html
# system memory to be reserved to the script
cg = Cgroup('my-container')
cg.set_memory_limit(mbytes)
cg.add(os.getpid())
cuda_devices_max = len(args.cuda_devices_used)
multiprocessing.set_start_method('spawn', force=True)
parallel_processes = []
cuda_devices_in_use = [{
'idx': idx,
'tasks': []
} for idx in range(cuda_devices_max)]
if args.is_restricted_cpu:
# sudo /home/asya/anaconda3/envs/conda_env/bin/user_cgroups asya
# Limit resources
# SC_PHYS_PAGES, SC_AVPHYS_PAGES
cg = Cgroup('task_gener')
cpu_process = int(90 / args.local_process_count_per_task)
cg.set_cpu_limit(cpu_process) # %
cg.set_memory_limit(limit=None)
max_mem_process = 0
if args.is_restricted_memory:
max_ram_bytes_available = os.sysconf('SC_PAGE_SIZE') * os.sysconf(
'SC_AVPHYS_PAGES')
max_mem_process = int(
max_ram_bytes_available * 0.9 /
args.local_process_count_per_task) # with 10% in reserve
# cannot use cgroup to limit RAM, because when it is over the limit it will kill process not limit it`s RAM usage
#cg.set_memory_limit(max_ram_bytes_available, unit='bytes')
server_class = HTTPServer
httpd = server_class((HOST_NAME, PORT_NUMBER), MyHandler)
print(time.asctime(), 'Server Starts - %s:%s' % (HOST_NAME, PORT_NUMBER))
newpid = os.fork()
if newpid == 0:
# Drop capabilities
print("=-" * 50)
os.system("capsh --print")
print("=-" * 50)
drop_privileges()
print("PRIVILEGES DROPPED")
print("=-" * 50)
os.system("capsh --print")
print("=-" * 50)
try:
httpd.serve_forever()
except KeyboardInterrupt:
pass
httpd.server_close()
print(time.asctime(),
'Server Stops - %s:%s' % (HOST_NAME, PORT_NUMBER))
else:
# CGroups
cg = Cgroup('charlie', user='******')
cg.set_cpu_limit(0.1)
cg.set_memory_limit(100, unit='megabytes')
cg.add(newpid)
print(os.getpid(), newpid)