def create_jail_group(options):
""" Create user group for jail users and set limits on it """
if not file_contains("/etc/group", "^jailusers"):
run_cmd("groupadd jailusers")
run_cmd("groupadd jailkeeper")
run_cmd("usermod -a -G jailkeeper %s" % (options.username, ))
limits_conf = "/etc/security/limits.conf"
if not file_contains(limits_conf, "@jailusers"):
# limit jailuser processes to:
# 25 processes or system threads
append_line(limits_conf, "@jailusers hard nproc 25 # ai-contest")
# 20 minutes of cpu time
append_line(limits_conf, "@jailusers hard cpu 20 # ai-contest")
# slightly more than 1.5GB of ram
append_line(limits_conf, "@jailusers hard rss 1580000 # ai-contest")
if not file_contains("/etc/sudoers", "^%s.+jailusers" %
(options.username, )):
org_mode = os.stat("/etc/sudoers")[0]
os.chmod("/etc/sudoers", 0640)
append_line(
"/etc/sudoers",
"%s ALL = (%%jailusers) NOPASSWD: ALL" % (options.username, ))
append_line(
"/etc/sudoers",
"%s ALL = (ALL) NOPASSWD: /bin/mount, /bin/umount" %
(options.username, ))
os.chmod("/etc/sudoers", org_mode)
def create_jail_group(options):
""" Create user group for jail users and set limits on it """
if not file_contains("/etc/group", "^jailusers"):
run_cmd("groupadd jailusers")
run_cmd("groupadd jailkeeper")
run_cmd("usermod -a -G jailkeeper %s" % (options.username,))
limits_conf = "/etc/security/limits.conf"
if not file_contains(limits_conf, "@jailusers"):
# limit jailuser processes to:
# 25 processes or system threads
append_line(limits_conf, "@jailusers hard nproc 25 # ai-contest")
# 20 minutes of cpu time
append_line(limits_conf, "@jailusers hard cpu 20 # ai-contest")
# slightly more than 1.5GB of ram
append_line(limits_conf, "@jailusers hard rss 1580000 # ai-contest")
if not file_contains("/etc/sudoers",
"^%s.+jailusers" % (options.username,)):
org_mode = os.stat("/etc/sudoers")[0]
os.chmod("/etc/sudoers", 0640)
append_line("/etc/sudoers",
"%s ALL = (%%jailusers) NOPASSWD: ALL" % (options.username,))
append_line("/etc/sudoers",
"%s ALL = (ALL) NOPASSWD: /bin/mount, /bin/umount" % (
options.username,))
os.chmod("/etc/sudoers", org_mode)
def main(argv=["worker_setup.py"]):
""" Completely set everything up from a fresh ec2 instance """
opts = get_options(argv)
opts.arch = 'i386'
with Environ("DEBIAN_FRONTEND", "noninteractive"):
if opts.update_system:
run_cmd("apt-get update")
run_cmd("apt-get upgrade -y")
if opts.install_required:
install_required_packages()
if opts.install_utilities:
install_utility_packages()
if opts.install_pkg_languages:
install_packaged_languages()
if opts.install_languages:
install_all_languages(opts)
if opts.install_jailguard:
install_jailguard(opts)
if opts.create_jails:
setup_base_chroot(opts)
if opts.packages_only:
return
setup_contest_files(opts)
if opts.create_jails:
setup_base_jail(opts)
setup_jailusers(opts)
start_script = os.path.join(opts.root_dir, "worker/start_worker.sh")
if opts.install_cronjob:
cron_file = "/etc/cron.d/ai-contest"
if not file_contains(cron_file, start_script):
append_line(cron_file, "@reboot %s %s"
% (opts.username, start_script,))
if opts.run_worker:
run_cmd("sudo -u %s %s" % (opts.username, start_script))
def main(argv=["worker_setup.py"]):
""" Completely set everything up from a fresh ec2 instance """
opts = get_options(argv)
with Environ("DEBIAN_FRONTEND", "noninteractive"):
if opts.update_system:
run_cmd("apt-get update")
run_cmd("apt-get upgrade -y")
if opts.install_required:
install_required_packages()
if opts.install_utilities:
install_utility_packages()
if opts.install_languages:
install_all_languages()
if opts.packages_only:
return
setup_contest_files(opts)
if opts.create_jails:
setup_jailusers(opts)
start_script = os.path.join(opts.root_dir, opts.local_repo,
"worker/start_worker.sh")
if opts.install_cronjob:
cron_file = "/etc/cron.d/ai-contest"
if not file_contains(cron_file, start_script):
append_line(cron_file, "@reboot root %s" % (start_script,))
if opts.run_worker:
run_cmd(start_script)