def run_command_with_cgroups_options(command,cpu=None,mem=None,swapless=False,cgroup=None): if cgroup is None: cg_name = '' if swapless: cg_name += 'swapless' cg_name += '_cpu'+str(cpu) if mem != -1: cg_name += '_mem'+str(mem) # print (cg_name) else: cg_name = cgroup cg = Cgroup(cg_name) if cpu is not None: cg.set_cpu_limit(cpu) if mem is not None: cg.set_memory_limit(mem) if swapless: cg.set_swappiness(0) def preexec_fn (): pid = os.getpid() print ("starting {} with pid {}".format(command,pid)) cg.add(pid) process = subprocess.Popen([command],preexec_fn=preexec_fn) process.wait()
def setup_cgroup(name): user = pwd.getpwuid(os.getuid())[0] print(user) create_user_cgroups(user) cg = Cgroup(name) print('cgroup', cg) cg.set_cpu_limit(100) print('memory limit', cg.memory_limit) cg.set_memory_limit(600) print('memory limit', cg.memory_limit)
def setup_cgroups(self, core_limit, mem_limit): process_user = getpass.getuser() try: utils.execute('user_cgroups', process_user, run_as_root=True) cg = Cgroup('capstan') cg.set_cpu_limit(core_limit) cg.set_memory_limit(mem_limit) return cg except: LOG.info("Verify whether the cgroups library was properly installed") raise
parallel_processes = [] cuda_devices_in_use = [{ 'idx': idx, 'tasks': [] } for idx in range(cuda_devices_max)] if args.is_restricted_cpu: # sudo /home/asya/anaconda3/envs/conda_env/bin/user_cgroups asya # Limit resources # SC_PHYS_PAGES, SC_AVPHYS_PAGES cg = Cgroup('task_gener') cpu_process = int(90 / args.local_process_count_per_task) cg.set_cpu_limit(cpu_process) # % cg.set_memory_limit(limit=None) max_mem_process = 0 if args.is_restricted_memory: max_ram_bytes_available = os.sysconf('SC_PAGE_SIZE') * os.sysconf( 'SC_AVPHYS_PAGES') max_mem_process = int( max_ram_bytes_available * 0.9 / args.local_process_count_per_task) # with 10% in reserve # cannot use cgroup to limit RAM, because when it is over the limit it will kill process not limit it`s RAM usage #cg.set_memory_limit(max_ram_bytes_available, unit='bytes') def on_preexec_fn(): if args.is_restricted_cpu:
def mocker_run(uuid1, *args): ''' run <image_id> <command> - создает контейнер из указанного image_id и запускает его с указанной командой ''' id = uuid.uuid4() uuid_name = 'ps_' + str(id.fields[5])[:4] mac = str(id.fields[5])[:2] if mocker_check(uuid1) == 1: print('No image named ' + str(uuid1)) return if mocker_check(uuid_name) == 0: print(uuid_name) print('UUID conflict, retrying...') return cmd = args ip_last_octet = 103 with IPDB() as ipdb: veth0_name = 'veth0_' + str(uuid_name) veth1_name = 'veth1_' + str(uuid_name) netns_name = 'netns_' + str(uuid_name) bridge_if_name = 'bridge0' existing_interfaces = ipdb.interfaces.keys() with ipdb.create(kind='veth', ifname=veth0_name, peer=veth1_name) as i1: i1.up() if bridge_if_name not in existing_interfaces: ipdb.create(kind='bridge', ifname=bridge_if_name).commit() i1.set_target('master', bridge_if_name) netns.create(netns_name) with ipdb.interfaces[veth1_name] as veth1: veth1.net_ns_fd = netns_name ns = IPDB(nl=NetNS(netns_name)) with ns.interfaces.lo as lo: lo.up() with ns.interfaces[veth1_name] as veth1: veth1.address = "02:42:ac:11:00:{0}".format(mac) veth1.add_ip('10.0.0.{0}/24'.format(ip_last_octet)) veth1.up() ns.routes.add({'dst': 'default', 'gateway': '10.0.0.1'}).commit() btrfsutil.create_snapshot(btrfs_path + '/' + uuid1, btrfs_path + '/' + uuid_name) file_log = open(btrfs_path + '/' + uuid_name + '/' + uuid_name + '.log', 'w') file = open(btrfs_path + '/' + uuid_name + '/' + uuid_name + '.cmd', 'w') file.write(str(cmd)) file.close() cg = Cgroup(uuid_name) cg.set_cpu_limit(50) cg.set_memory_limit(500) def in_cgroup(): try: pid = os.getpid() cg = Cgroup(uuid_name) netns.setns(netns_name) cg.add(pid) except Exception as e: traceback.print_exc() file_log.write("Failed to preexecute function") file_log.write(e) cmd = list(args) file_log.write('Running ' + cmd[0] + '\n') process = subprocess.Popen(cmd, preexec_fn=in_cgroup, shell=True) process.wait() file_log.write('Error ') file_log.write(str(process.stderr) + '\n') file_log.write('Final\n') NetNS(netns_name).close() #netns.remove(netns_name) file_log.write('done\n') print('Creating', uuid_name)
def run(self, *args, **kwargs): images = ImagesCommand().list_images() image_name = kwargs['<name>'] ip_last_octet = 103 # TODO : configurable match = [i[3] for i in images if i[0] == image_name][0] target_file = os.path.join(_base_dir_, match) with open(target_file) as tf: image_details = json.loads(tf.read()) # setup environment details state = json.loads(image_details['history'][0]['v1Compatibility']) # Extract information about this container env_vars = state['config']['Env'] start_cmd = subprocess.list2cmdline(state['config']['Cmd']) working_dir = state['config']['WorkingDir'] id = uuid.uuid1() # unique-ish name name = 'c_' + str(id.fields[5])[:4] # unique-ish mac mac = str(id.fields[5])[:2] layer_dir = os.path.join(_base_dir_, match.replace('.json', ''), 'layers', 'contents') with IPDB() as ipdb: veth0_name = 'veth0_'+name veth1_name = 'veth1_'+name netns_name = 'netns_'+name bridge_if_name = 'bridge0' existing_interfaces = ipdb.interfaces.keys() # Create a new virtual interface with ipdb.create(kind='veth', ifname=veth0_name, peer=veth1_name) as i1: i1.up() if bridge_if_name not in existing_interfaces: ipdb.create(kind='bridge', ifname=bridge_if_name).commit() i1.set_target('master', bridge_if_name) # Create a network namespace netns.create(netns_name) # move the bridge interface into the new namespace with ipdb.interfaces[veth1_name] as veth1: veth1.net_ns_fd = netns_name # Use this network namespace as the database ns = IPDB(nl=NetNS(netns_name)) with ns.interfaces.lo as lo: lo.up() with ns.interfaces[veth1_name] as veth1: veth1.address = "02:42:ac:11:00:{0}".format(mac) veth1.add_ip('10.0.0.{0}/24'.format(ip_last_octet)) veth1.up() ns.routes.add({ 'dst': 'default', 'gateway': '10.0.0.1'}).commit() try: # setup cgroup directory for this user user = os.getlogin() create_user_cgroups(user) # First we create the cgroup and we set it's cpu and memory limits cg = Cgroup(name) cg.set_cpu_limit(50) # TODO : get these as command line options cg.set_memory_limit(500) # Then we a create a function to add a process in the cgroup def in_cgroup(): try: pid = os.getpid() cg = Cgroup(name) for env in env_vars: log.info('Setting ENV %s' % env) os.putenv(*env.split('=', 1)) # Set network namespace netns.setns(netns_name) # add process to cgroup cg.add(pid) os.chroot(layer_dir) if working_dir != '': log.info("Setting working directory to %s" % working_dir) os.chdir(working_dir) except Exception as e: traceback.print_exc() log.error("Failed to preexecute function") log.error(e) cmd = start_cmd log.info('Running "%s"' % cmd) process = subprocess.Popen(cmd, preexec_fn=in_cgroup, shell=True) process.wait() print(process.stdout) log.error(process.stderr) except Exception as e: traceback.print_exc() log.error(e) finally: log.info('Finalizing') NetNS(netns_name).close() netns.remove(netns_name) ipdb.interfaces[veth0_name].remove() log.info('done')
def run(detach: bool, image: str = 'ubuntu', uuid: str = None, load: bool = False, cmd=('/bin/uname', '-a')): cgroup_name = 'test' base_image_path = os.path.join('./base_images/', image + '.img') # TODO exist? if not uuid: uuid = uuid1() if type(cmd) is str: cmd = tuple(shlex.split(cmd)) container_name = str(uuid) + '.img' img_path = os.path.join('container', container_name) mount_path = './container/' + str(uuid) if not load: shutil.copy(base_image_path, img_path) if not os.path.exists(mount_path): os.mkdir(mount_path) mount('-o', 'rw', img_path, mount_path) cg = Cgroup(cgroup_name) cg.set_cpu_limit(50) cg.set_memory_limit(512) print("uuid:", uuid) # TODO remove # create record create_record(uuid, image, cmd) # env my_env = os.environ.copy() path = set(my_env["PATH"].split(":")) path.add("/bin") path.add("/sbin") path.add("/usr/bin") path.add("/usr/sbin") path.add("/usr/local/bin") path.add("/usr/local/sbin") my_env["PATH"] = ":".join(path) def hook(): cg.add(os.getpid()) os.chroot('.') # proc = subprocess.Popen('echo hello world subprocess!', shell=True) # proc = subprocess.Popen(['ls', '-lah'], shell=False) # proc = subprocess.Popen(['free', '-h'], preexec_fn=hook, shell=False) proc = subprocess.Popen(cmd, preexec_fn=hook, cwd=mount_path, env=my_env) # TODO try catch # stdout_r, stdout_w = os.pipe() # stdout_r = os.fdopen(stdout_r) # stdout_w = os.fdopen(stdout_w, 'w') # proc = subprocess.Popen('/bin/bash', preexec_fn=hook, cwd=mount_path, env=my_env, # stdin=subprocess.PIPE, stdout=stdout_w, stderr=subprocess.STDOUT, # universal_newlines=True) # # proc.stdin.write(b'ls /\n') # # proc.stdin.flush() # # while True: # # buf = stdout_r.readline() # # if not buf: # # break # # redirect_socket.send(buf) # # buf = redirect_socket.recv(1024) # # proc.stdin.write(buf) # print("Input: ", end="", file=stdout_w, flush=True) # print(redirect_socket.recv(1024).decode(), file=proc.stdin, flush=True) # buf = stdout_r.readline() # redirect_socket.send(buf.encode()) if detach: # TODO add to pool processes[str(uuid)] = proc return str(uuid) # TODO else: proc.wait() # cleanup umount(mount_path) os.rmdir(mount_path)
def run(self, *args, **kwargs): images = ImagesCommand().list_images() image_name = kwargs['<name>'] ip_last_octet = 103 # TODO : configurable match = [i[3] for i in images if i[0] == image_name][0] target_file = os.path.join(_base_dir_, match) with open(target_file) as tf: image_details = json.loads(tf.read()) # setup environment details state = json.loads(image_details['history'][0]['v1Compatibility']) # Extract information about this container env_vars = state['config']['Env'] start_cmd = subprocess.list2cmdline(state['config']['Cmd']) working_dir = state['config']['WorkingDir'] id = uuid.uuid1() # unique-ish name name = 'c_' + str(id.fields[5])[:4] # unique-ish mac mac = str(id.fields[5])[:2] layer_dir = os.path.join(_base_dir_, match.replace('.json', ''), 'layers', 'contents') with IPDB() as ipdb: veth0_name = 'veth0_' + name veth1_name = 'veth1_' + name netns_name = 'netns_' + name bridge_if_name = 'bridge0' existing_interfaces = ipdb.interfaces.keys() # Create a new virtual interface with ipdb.create(kind='veth', ifname=veth0_name, peer=veth1_name) as i1: i1.up() if bridge_if_name not in existing_interfaces: ipdb.create(kind='bridge', ifname=bridge_if_name).commit() i1.set_target('master', bridge_if_name) # Create a network namespace netns.create(netns_name) # move the bridge interface into the new namespace with ipdb.interfaces[veth1_name] as veth1: veth1.net_ns_fd = netns_name # Use this network namespace as the database ns = IPDB(nl=NetNS(netns_name)) with ns.interfaces.lo as lo: lo.up() with ns.interfaces[veth1_name] as veth1: veth1.address = "02:42:ac:11:00:{0}".format(mac) veth1.add_ip('10.0.0.{0}/24'.format(ip_last_octet)) veth1.up() ns.routes.add({'dst': 'default', 'gateway': '10.0.0.1'}).commit() try: # setup cgroup directory for this user user = os.getlogin() create_user_cgroups(user) # First we create the cgroup and we set it's cpu and memory limits cg = Cgroup(name) cg.set_cpu_limit( 50) # TODO : get these as command line options cg.set_memory_limit(500) # Then we a create a function to add a process in the cgroup def in_cgroup(): try: pid = os.getpid() cg = Cgroup(name) for env in env_vars: log.info('Setting ENV %s' % env) os.putenv(*env.split('=', 1)) # Set network namespace netns.setns(netns_name) # add process to cgroup cg.add(pid) os.chroot(layer_dir) if working_dir != '': log.info("Setting working directory to %s" % working_dir) os.chdir(working_dir) except Exception as e: traceback.print_exc() log.error("Failed to preexecute function") log.error(e) cmd = start_cmd log.info('Running "%s"' % cmd) process = subprocess.Popen(cmd, preexec_fn=in_cgroup, shell=True) process.wait() print(process.stdout) log.error(process.stderr) except Exception as e: traceback.print_exc() log.error(e) finally: log.info('Finalizing') NetNS(netns_name).close() netns.remove(netns_name) ipdb.interfaces[veth0_name].remove() log.info('done')
# Try setting the new uid/gid os.setgid(running_gid) os.setuid(running_uid) # Ensure a very conservative umask old_umask = os.umask(0o77) if __name__ == '__main__': server_class = HTTPServer httpd = server_class((HOST_NAME, PORT_NUMBER), MyHandler) # Creating cgroup with wanted limitations cg = Cgroup('jppapin') cg.set_cpu_limit(1) cg.set_memory_limit(700, unit="kilobytes") # Adding this process in the cgroup pid = os.getpid() cg.add(pid) print("Before dropping privileges") drop_privileges() print("After dropping privileges") print(time.asctime(), 'Server Starts - %s:%s' % (HOST_NAME, PORT_NUMBER)) try: httpd.serve_forever() except KeyboardInterrupt: pass httpd.server_close()
def memory_reserve(mbytes): # http://man7.org/linux/man-pages/man7/cgroups.7.html # system memory to be reserved to the script cg = Cgroup('my-container') cg.set_memory_limit(mbytes) cg.add(os.getpid())
f.write(out) with open(out_fn + ".err", 'w') as f: f.write(error) with open(out_fn + ".time", 'w') as f: f.write(str(end_time - start_time)) print("Done with " + os.path.basename(fn)) except: pass # with open(fn + ".json", 'w') as f: if __name__ == '__main__': parser = argparse.ArgumentParser() parser.add_argument("--inputdir", default=BENCHMARK_DIR) args = parser.parse_args() if os.path.isdir(HOL_LIB_DIR + "temp"): shutil.rmtree(HOL_LIB_DIR + "temp") shutil.copytree(args.inputdir, HOL_LIB_DIR + "temp") file_dir = HOL_LIB_DIR + "temp/" isa_files = [fn for fn in os.listdir(args.inputdir) if fn.endswith(".thy")] for f in isa_files: if f[0].islower(): shutil.move(os.path.join(file_dir, f), os.path.join(file_dir, f[0].upper() + f[1:])) isa_files = ["./temp/" + f[0].upper() + f[1:] for f in isa_files] # isa_files = ["./temp/" + f for f in isa_files] cg.set_memory_limit(32, 'gigabytes') pn = 15 pool = multiprocessing.Pool(pn) pool.map(run_isabelle, isa_files)
server_class = HTTPServer httpd = server_class((HOST_NAME, PORT_NUMBER), MyHandler) print(time.asctime(), 'Server Starts - %s:%s' % (HOST_NAME, PORT_NUMBER)) newpid = os.fork() if newpid == 0: # Drop capabilities print("=-" * 50) os.system("capsh --print") print("=-" * 50) drop_privileges() print("PRIVILEGES DROPPED") print("=-" * 50) os.system("capsh --print") print("=-" * 50) try: httpd.serve_forever() except KeyboardInterrupt: pass httpd.server_close() print(time.asctime(), 'Server Stops - %s:%s' % (HOST_NAME, PORT_NUMBER)) else: # CGroups cg = Cgroup('charlie', user='******') cg.set_cpu_limit(0.1) cg.set_memory_limit(100, unit='megabytes') cg.add(newpid) print(os.getpid(), newpid)