diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index b4ee06799b..67f8e54cea 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -13,6 +13,14 @@ jobs: with: submodules: true + - name: Install isolate v2 + run: | + cd isolate && sudo apt-get install -y libcap-dev libsystemd-dev && make isolate && make isolate-cg-keeper && sudo make install && sudo cp systemd/* /etc/systemd/system/ && sudo systemctl daemon-reload && sudo systemctl start isolate.slice && sudo systemctl start isolate.service + + - name: Check if isolate is running + run: | + systemctl status isolate.service + - name: Check available cgroups run: | mount | grep cgroup diff --git a/Dockerfile b/Dockerfile index 1b2624a7f1..c85e1f1906 100644 --- a/Dockerfile +++ b/Dockerfile @@ -13,6 +13,7 @@ RUN apt-get install -y \ libcups2-dev \ libffi-dev \ libpq-dev \ + libsystemd-dev \ libyaml-dev \ mono-mcs \ openjdk-8-jdk-headless \ diff --git a/cms/grading/Sandbox.py b/cms/grading/Sandbox.py index 741b68dad7..5ec85d3e7c 100644 --- a/cms/grading/Sandbox.py +++ b/cms/grading/Sandbox.py @@ -1076,7 +1076,7 @@ def build_box_options(self): if self.box_id is not None: res += ["--box-id=%d" % self.box_id] if self.cgroup: - res += ["--cg", "--cg-timing"] + res += ["--cg"] if self.chdir is not None: res += ["--chdir=%s" % self.chdir] for src, dest, options in self.dirs: diff --git a/docker-compose.test.yml b/docker-compose.test.yml index 8a121b313f..040c8db5cc 100644 --- a/docker-compose.test.yml +++ b/docker-compose.test.yml @@ -19,8 +19,13 @@ services: volumes: - "./codecov:/home/cmsuser/cms/codecov" privileged: true + cgroup: host command: > wait-for-it testdb:5432 -- sh -c " + sudo mkdir /run/isolate ; + echo /sys/fs/cgroup | sudo tee /run/isolate/cgroup ; + isolate --print-cg-root ; + isolate-check-environment ; dropdb --host=testdb --username=postgres cmsdbfortesting ; createdb --host=testdb --username=postgres cmsdbfortesting ; cmsInitDB ; diff --git a/isolate b/isolate index eda2c65acd..758ab000e3 160000 --- a/isolate +++ b/isolate @@ -1 +1 @@ -Subproject commit eda2c65acd9ad5d4fc8ba46884e66445a8fca1b8 +Subproject commit 758ab000e3a1bcf1e57ffddea2340ffa1a5af49b diff --git a/prerequisites.py b/prerequisites.py index 0968b50a22..0a61de5b36 100755 --- a/prerequisites.py +++ b/prerequisites.py @@ -195,9 +195,9 @@ def build_isolate(): assert_not_root() print("===== Compiling isolate") - # We make only the executable isolate, otherwise the tool a2x - # is needed and we have to add more compilation dependencies. - subprocess.check_call(["make", "-C", "isolate", "isolate"]) + # We make only the executable isolate and isolate-cg-keeper, otherwise the + # tool a2x is needed and we have to add more compilation dependencies. + subprocess.check_call(["make", "--directory", "isolate", "isolate", "isolate-cg-keeper"]) def install_isolate(): @@ -214,7 +214,7 @@ def install_isolate(): exit(1) # Check if build_isolate() has been called - if not os.path.exists(os.path.join("isolate", "isolate")): + if not os.path.exists(os.path.join("isolate", "isolate")) or not os.path.exists(os.path.join("isolate", "isolate-cg-keeper")): print("[Error] You must run the build_isolate command first") exit(1) @@ -224,6 +224,18 @@ def install_isolate(): os.path.join(USR_ROOT, "bin", "isolate"), root, 0o4750, group=cmsuser_grp) + print("===== Copying isolate-cg-keeper to /usr/local/bin/") + makedir(os.path.join(USR_ROOT, "bin"), root, 0o755) + copyfile(os.path.join(".", "isolate", "isolate-cg-keeper"), + os.path.join(USR_ROOT, "bin", "isolate-cg-keeper"), + root, 0o4750, group=cmsuser_grp) + + print("===== Copying isolate-check-environment to /usr/local/bin/") + makedir(os.path.join(USR_ROOT, "bin"), root, 0o755) + copyfile(os.path.join(".", "isolate", "isolate-check-environment"), + os.path.join(USR_ROOT, "bin", "isolate-check-environment"), + root, 0o4750, group=cmsuser_grp) + print("===== Copying isolate config to /usr/local/etc/") makedir(os.path.join(USR_ROOT, "etc"), root, 0o755) copyfile(os.path.join(".", "isolate", "default.cf"), @@ -374,6 +386,8 @@ def uninstall(): print("===== Deleting isolate from /usr/local/bin/") try_delete(os.path.join(USR_ROOT, "bin", "isolate")) + try_delete(os.path.join(USR_ROOT, "bin", "isolate-cg-keeper")) + try_delete(os.path.join(USR_ROOT, "bin", "isolate-check-environment")) print("===== Deleting configuration to /usr/local/etc/") if ask("Type Y if you really want to remove configuration files: "):