package runner import ( "archive/tar" "bytes" "context" "encoding/base64" "encoding/json" "errors" "fmt" nomadApi "github.com/hashicorp/nomad/api" "github.com/openHPI/poseidon/internal/nomad" "github.com/openHPI/poseidon/pkg/dto" "github.com/openHPI/poseidon/pkg/execution" "io" "strings" "time" ) // ContextKey is the type for keys in a request context. type ContextKey string const ( // runnerContextKey is the key used to store runners in context.Context. runnerContextKey ContextKey = "runner" // SIGQUIT is the character that causes a tty to send the SIGQUIT signal to the controlled process. SIGQUIT = 0x1c // executionTimeoutGracePeriod is the time to wait after sending a SIGQUIT signal to a timed out execution. // If the execution does not return after this grace period, the runner is destroyed. executionTimeoutGracePeriod = 3 * time.Second ) var ( ErrorUnknownExecution = errors.New("unknown execution") ErrorFileCopyFailed = errors.New("file copy failed") ) // NomadJob is an abstraction to communicate with Nomad environments. type NomadJob struct { InactivityTimer executions execution.Storer id string portMappings []nomadApi.PortMapping api nomad.ExecutorAPI onDestroy DestroyRunnerHandler } // NewNomadJob creates a new NomadJob with the provided id. func NewNomadJob(id string, portMappings []nomadApi.PortMapping, apiClient nomad.ExecutorAPI, onDestroy DestroyRunnerHandler, ) *NomadJob { job := &NomadJob{ id: id, portMappings: portMappings, api: apiClient, executions: execution.NewLocalStorage(), onDestroy: onDestroy, } job.InactivityTimer = NewInactivityTimer(job, onDestroy) return job } func (r *NomadJob) ID() string { return r.id } func (r *NomadJob) MappedPorts() []*dto.MappedPort { ports := make([]*dto.MappedPort, 0, len(r.portMappings)) for _, portMapping := range r.portMappings { ports = append(ports, &dto.MappedPort{ ExposedPort: uint(portMapping.To), HostAddress: fmt.Sprintf("%s:%d", portMapping.HostIP, portMapping.Value), }) } return ports } func (r *NomadJob) StoreExecution(id string, request *dto.ExecutionRequest) { r.executions.Add(execution.ID(id), request) } func (r *NomadJob) ExecutionExists(id string) bool { return r.executions.Exists(execution.ID(id)) } func (r *NomadJob) ExecuteInteractively( id string, stdin io.ReadWriter, stdout, stderr io.Writer, ) (<-chan ExitInfo, context.CancelFunc, error) { request, ok := r.executions.Pop(execution.ID(id)) if !ok { return nil, nil, ErrorUnknownExecution } r.ResetTimeout() command, ctx, cancel := prepareExecution(request) exitInternal := make(chan ExitInfo) exit := make(chan ExitInfo, 1) ctxExecute, cancelExecute := context.WithCancel(context.Background()) go r.executeCommand(ctxExecute, command, stdin, stdout, stderr, exitInternal) go r.handleExitOrContextDone(ctx, cancelExecute, exitInternal, exit, stdin) return exit, cancel, nil } func (r *NomadJob) UpdateFileSystem(copyRequest *dto.UpdateFileSystemRequest) error { r.ResetTimeout() var tarBuffer bytes.Buffer if err := createTarArchiveForFiles(copyRequest.Copy, &tarBuffer); err != nil { return err } fileDeletionCommand := fileDeletionCommand(copyRequest.Delete) copyCommand := "tar --extract --absolute-names --verbose --file=/dev/stdin;" updateFileCommand := (&dto.ExecutionRequest{Command: fileDeletionCommand + copyCommand}).FullCommand() stdOut := bytes.Buffer{} stdErr := bytes.Buffer{} exitCode, err := r.api.ExecuteCommand(r.id, context.Background(), updateFileCommand, false, &tarBuffer, &stdOut, &stdErr) if err != nil { return fmt.Errorf( "%w: nomad error during file copy: %v", nomad.ErrorExecutorCommunicationFailed, err) } if exitCode != 0 { return fmt.Errorf( "%w: stderr output '%s' and stdout output '%s'", ErrorFileCopyFailed, stdErr.String(), stdOut.String()) } return nil } func (r *NomadJob) Destroy() error { if err := r.onDestroy(r); err != nil { return fmt.Errorf("error while destroying runner: %w", err) } return nil } func prepareExecution(request *dto.ExecutionRequest) ( command []string, ctx context.Context, cancel context.CancelFunc, ) { command = request.FullCommand() if request.TimeLimit == 0 { ctx, cancel = context.WithCancel(context.Background()) } else { ctx, cancel = context.WithTimeout(context.Background(), time.Duration(request.TimeLimit)*time.Second) } return command, ctx, cancel } func (r *NomadJob) executeCommand(ctx context.Context, command []string, stdin io.ReadWriter, stdout, stderr io.Writer, exit chan<- ExitInfo, ) { exitCode, err := r.api.ExecuteCommand(r.id, ctx, command, true, stdin, stdout, stderr) if err == nil && r.TimeoutPassed() { err = ErrorRunnerInactivityTimeout } exit <- ExitInfo{uint8(exitCode), err} } func (r *NomadJob) handleExitOrContextDone(ctx context.Context, cancelExecute context.CancelFunc, exitInternal <-chan ExitInfo, exit chan<- ExitInfo, stdin io.ReadWriter, ) { defer cancelExecute() defer close(exit) // When this function has finished the connection to the executor is closed. select { case exitInfo := <-exitInternal: exit <- exitInfo return case <-ctx.Done(): } // From this time on the WebSocket connection to the client is closed in /internal/api/websocket.go // waitForExit. Input can still be sent to the executor. exit <- ExitInfo{255, ctx.Err()} // This injects the SIGQUIT character into the stdin. This character is parsed by the tty line discipline // (tty has to be true) and converted to a SIGQUIT signal sent to the foreground process attached to the tty. // By default, SIGQUIT causes the process to terminate and produces a core dump. Processes can catch this signal // and ignore it, which is why we destroy the runner if the process does not terminate after a grace period. _, err := stdin.Write([]byte{SIGQUIT}) // if n != 1 { // The SIGQUIT is sent and correctly processed by the allocation. However, for an unknown // reason, the number of bytes written is always zero even though the error is nil. // Hence, we disabled this sanity check here. See the MR for more details: // https://github.com/openHPI/poseidon/pull/45#discussion_r757029024 // log.WithField("runner", r.id).Warn("Could not send SIGQUIT because nothing was written") // } if err != nil { log.WithField("runner", r.id).WithError(err).Warn("Could not send SIGQUIT due to error") } select { case <-exitInternal: log.WithField("runner", r.id).Debug("Execution terminated after SIGQUIT") case <-time.After(executionTimeoutGracePeriod): log.WithField("runner", r.id).Info("Execution did not quit after SIGQUIT") if err := r.Destroy(); err != nil { log.WithField("runner", r.id).Error("Error when destroying runner") } } } func createTarArchiveForFiles(filesToCopy []dto.File, w io.Writer) error { tarWriter := tar.NewWriter(w) for _, file := range filesToCopy { if err := tarWriter.WriteHeader(tarHeader(file)); err != nil { err := fmt.Errorf("error writing tar file header: %w", err) log. WithField("path", base64.StdEncoding.EncodeToString([]byte(file.Path))). WithField("content", base64.StdEncoding.EncodeToString(file.Content)). Error(err) return err } if _, err := tarWriter.Write(file.ByteContent()); err != nil { err := fmt.Errorf("error writing tar file content: %w", err) log. WithField("path", base64.StdEncoding.EncodeToString([]byte(file.Path))). WithField("content", base64.StdEncoding.EncodeToString(file.Content)). Error(err) return err } } if err := tarWriter.Close(); err != nil { return fmt.Errorf("error closing tar writer: %w", err) } return nil } func fileDeletionCommand(pathsToDelete []dto.FilePath) string { if len(pathsToDelete) == 0 { return "" } command := "rm --recursive --force " for _, filePath := range pathsToDelete { // To avoid command injection, filenames need to be quoted. // See https://unix.stackexchange.com/questions/347332/what-characters-need-to-be-escaped-in-files-without-quotes // for details. singleQuoteEscapedFileName := strings.ReplaceAll(filePath.Cleaned(), "'", "'\\''") command += fmt.Sprintf("'%s' ", singleQuoteEscapedFileName) } command += ";" return command } func tarHeader(file dto.File) *tar.Header { if file.IsDirectory() { return &tar.Header{ Typeflag: tar.TypeDir, Name: file.CleanedPath(), Mode: 0o755, } } else { return &tar.Header{ Typeflag: tar.TypeReg, Name: file.CleanedPath(), Mode: 0o744, Size: int64(len(file.Content)), } } } // MarshalJSON implements json.Marshaler interface. // This exports private attributes like the id too. func (r *NomadJob) MarshalJSON() ([]byte, error) { res, err := json.Marshal(struct { ID string `json:"runnerId"` }{ ID: r.ID(), }) if err != nil { return nil, fmt.Errorf("error marshaling Nomad job: %w", err) } return res, nil }