diff options
Diffstat (limited to 'planetwars-matchrunner/src/docker_runner.rs')
-rw-r--r-- | planetwars-matchrunner/src/docker_runner.rs | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/planetwars-matchrunner/src/docker_runner.rs b/planetwars-matchrunner/src/docker_runner.rs index d563d60..f82e64e 100644 --- a/planetwars-matchrunner/src/docker_runner.rs +++ b/planetwars-matchrunner/src/docker_runner.rs @@ -45,10 +45,19 @@ async fn spawn_docker_process( let bot_code_dir = std::fs::canonicalize(¶ms.code_path).unwrap(); let code_dir_str = bot_code_dir.as_os_str().to_str().unwrap(); + let memory_limit = 512 * 1024 * 1024; // 512MB let config = container::Config { image: Some(params.image.clone()), host_config: Some(bollard::models::HostConfig { binds: Some(vec![format!("{}:{}", code_dir_str, "/workdir")]), + network_mode: Some("none".to_string()), + memory: Some(memory_limit), + memory_swap: Some(memory_limit), + // TODO: this applies a limit to how much cpu one bot can use. + // when running multiple bots concurrently though, the server + // could still become resource-starved. + cpu_period: Some(100_000), + cpu_quota: Some(10_000), ..Default::default() }), working_dir: Some("/workdir".to_string()), @@ -57,6 +66,7 @@ async fn spawn_docker_process( attach_stdout: Some(true), attach_stderr: Some(true), open_stdin: Some(true), + network_disabled: Some(true), ..Default::default() }; @@ -85,16 +95,35 @@ async fn spawn_docker_process( .await?; Ok(ContainerProcess { + docker, + container_id, stdin: input, output, }) } struct ContainerProcess { + docker: Docker, + container_id: String, stdin: Pin<Box<dyn AsyncWrite + Send>>, output: Pin<Box<dyn Stream<Item = Result<LogOutput, bollard::errors::Error>> + Send>>, } +impl ContainerProcess { + // &mut is required here to make terminate().await Sync + async fn terminate(&mut self) -> Result<(), bollard::errors::Error> { + self.docker + .remove_container( + &self.container_id, + Some(bollard::container::RemoveContainerOptions { + force: true, + ..Default::default() + }), + ) + .await + } +} + fn create_docker_bot( process: ContainerProcess, player_id: u32, @@ -151,6 +180,11 @@ impl DockerBotRunner { .unwrap() .resolve_request(request_id, request_response); } + + self.process + .terminate() + .await + .expect("could not terminate process"); } pub async fn communicate(&mut self, input: &[u8]) -> io::Result<Bytes> { |