From 93c4306b1015594bb6d7e08d03138c12229ac598 Mon Sep 17 00:00:00 2001 From: Ilion Beyst Date: Sun, 24 Jul 2022 23:08:51 +0200 Subject: pull docker bots before running them --- planetwars-matchrunner/src/docker_runner.rs | 34 +++++++++++++++++++++++++++++ planetwars-server/src/modules/matches.rs | 13 +++++++++-- 2 files changed, 45 insertions(+), 2 deletions(-) diff --git a/planetwars-matchrunner/src/docker_runner.rs b/planetwars-matchrunner/src/docker_runner.rs index 2d93273..6de9bb1 100644 --- a/planetwars-matchrunner/src/docker_runner.rs +++ b/planetwars-matchrunner/src/docker_runner.rs @@ -15,12 +15,22 @@ use crate::match_context::{EventBus, PlayerHandle, RequestError, RequestMessage} use crate::match_log::{MatchLogMessage, MatchLogger, StdErrMessage}; use crate::BotSpec; +// TODO: this API needs a better design with respect to pulling +// and general container management #[derive(Clone, Debug)] pub struct DockerBotSpec { pub image: String, pub binds: Option>, pub argv: Option>, pub working_dir: Option, + pub pull: bool, + pub credentials: Option, +} + +#[derive(Clone, Debug)] +pub struct Credentials { + pub username: String, + pub password: String, } #[async_trait] @@ -43,6 +53,30 @@ async fn spawn_docker_process( ) -> Result { let docker = Docker::connect_with_socket_defaults()?; + if params.pull { + let mut create_image_stream = docker.create_image( + Some(bollard::image::CreateImageOptions { + from_image: params.image.as_str(), + ..Default::default() + }), + None, + params + .credentials + .as_ref() + .map(|credentials| bollard::auth::DockerCredentials { + username: Some(credentials.username.clone()), + password: Some(credentials.password.clone()), + ..Default::default() + }), + ); + + while let Some(item) = create_image_stream.next().await { + // just consume the stream for now, + // and make noise when something breaks + let _info = item.expect("hit error in docker pull"); + } + } + let memory_limit = 512 * 1024 * 1024; // 512MB let config = container::Config { image: Some(params.image.clone()), diff --git a/planetwars-server/src/modules/matches.rs b/planetwars-server/src/modules/matches.rs index a1fe63d..4f538ed 100644 --- a/planetwars-server/src/modules/matches.rs +++ b/planetwars-server/src/modules/matches.rs @@ -1,8 +1,7 @@ -use std::{path::PathBuf, sync::Arc}; - use diesel::{PgConnection, QueryResult}; use planetwars_matchrunner::{self as runner, docker_runner::DockerBotSpec, BotSpec, MatchConfig}; use runner::MatchOutcome; +use std::{path::PathBuf, sync::Arc}; use tokio::task::JoinHandle; use crate::{ @@ -113,6 +112,11 @@ pub fn bot_version_to_botspec( binds: None, argv: None, working_dir: None, + pull: true, + credentials: Some(runner::docker_runner::Credentials { + username: "admin".to_string(), + password: runner_config.registry_admin_password.clone(), + }), }) } else { // TODO: ideally this would not be possible @@ -131,6 +135,11 @@ fn python_docker_bot_spec(config: &GlobalConfig, code_bundle_path: &str) -> Box< binds: Some(vec![format!("{}:{}", code_bundle_path_str, "/workdir")]), argv: Some(vec!["python".to_string(), "bot.py".to_string()]), working_dir: Some("/workdir".to_string()), + // This would be a pull from dockerhub at the moment, let's avoid that for now. + // Maybe the best course of action would be to replicate all images in the dedicated + // registry, so that we only have to provide credentials to that one. + pull: false, + credentials: None, }) } -- cgit v1.2.3