aboutsummaryrefslogtreecommitdiff
path: root/planetwars-matchrunner
diff options
context:
space:
mode:
Diffstat (limited to 'planetwars-matchrunner')
-rw-r--r--planetwars-matchrunner/src/docker_runner.rs34
1 files changed, 34 insertions, 0 deletions
diff --git a/planetwars-matchrunner/src/docker_runner.rs b/planetwars-matchrunner/src/docker_runner.rs
index d563d60..f82e64e 100644
--- a/planetwars-matchrunner/src/docker_runner.rs
+++ b/planetwars-matchrunner/src/docker_runner.rs
@@ -45,10 +45,19 @@ async fn spawn_docker_process(
let bot_code_dir = std::fs::canonicalize(&params.code_path).unwrap();
let code_dir_str = bot_code_dir.as_os_str().to_str().unwrap();
+ let memory_limit = 512 * 1024 * 1024; // 512MB
let config = container::Config {
image: Some(params.image.clone()),
host_config: Some(bollard::models::HostConfig {
binds: Some(vec![format!("{}:{}", code_dir_str, "/workdir")]),
+ network_mode: Some("none".to_string()),
+ memory: Some(memory_limit),
+ memory_swap: Some(memory_limit),
+ // TODO: this applies a limit to how much cpu one bot can use.
+ // when running multiple bots concurrently though, the server
+ // could still become resource-starved.
+ cpu_period: Some(100_000),
+ cpu_quota: Some(10_000),
..Default::default()
}),
working_dir: Some("/workdir".to_string()),
@@ -57,6 +66,7 @@ async fn spawn_docker_process(
attach_stdout: Some(true),
attach_stderr: Some(true),
open_stdin: Some(true),
+ network_disabled: Some(true),
..Default::default()
};
@@ -85,16 +95,35 @@ async fn spawn_docker_process(
.await?;
Ok(ContainerProcess {
+ docker,
+ container_id,
stdin: input,
output,
})
}
struct ContainerProcess {
+ docker: Docker,
+ container_id: String,
stdin: Pin<Box<dyn AsyncWrite + Send>>,
output: Pin<Box<dyn Stream<Item = Result<LogOutput, bollard::errors::Error>> + Send>>,
}
+impl ContainerProcess {
+ // &mut is required here to make terminate().await Sync
+ async fn terminate(&mut self) -> Result<(), bollard::errors::Error> {
+ self.docker
+ .remove_container(
+ &self.container_id,
+ Some(bollard::container::RemoveContainerOptions {
+ force: true,
+ ..Default::default()
+ }),
+ )
+ .await
+ }
+}
+
fn create_docker_bot(
process: ContainerProcess,
player_id: u32,
@@ -151,6 +180,11 @@ impl DockerBotRunner {
.unwrap()
.resolve_request(request_id, request_response);
}
+
+ self.process
+ .terminate()
+ .await
+ .expect("could not terminate process");
}
pub async fn communicate(&mut self, input: &[u8]) -> io::Result<Bytes> {