pull docker bots before running them

2022-07-24 23:08:51 +02:00 · 2022-07-24 23:08:51 +02:00 · 93c4306b10
commit 93c4306b10
parent 14b51033fc
2 changed files with 45 additions and 2 deletions
--- a/planetwars-matchrunner/src/docker_runner.rs
+++ b/planetwars-matchrunner/src/docker_runner.rs
@ -15,12 +15,22 @@ use crate::match_context::{EventBus, PlayerHandle, RequestError, RequestMessage}
 use crate::match_log::{MatchLogMessage, MatchLogger, StdErrMessage};
 use crate::BotSpec;

+// TODO: this API needs a better design with respect to pulling
+// and general container management
 #[derive(Clone, Debug)]
 pub struct DockerBotSpec {
    pub image: String,
    pub binds: Option<Vec<String>>,
    pub argv: Option<Vec<String>>,
    pub working_dir: Option<String>,
+    pub pull: bool,
+    pub credentials: Option<Credentials>,
+}
+
+#[derive(Clone, Debug)]
+pub struct Credentials {
+    pub username: String,
+    pub password: String,
 }

 #[async_trait]
@ -43,6 +53,30 @@ async fn spawn_docker_process(
 ) -> Result<ContainerProcess, bollard::errors::Error> {
    let docker = Docker::connect_with_socket_defaults()?;

+    if params.pull {
+        let mut create_image_stream = docker.create_image(
+            Some(bollard::image::CreateImageOptions {
+                from_image: params.image.as_str(),
+                ..Default::default()
+            }),
+            None,
+            params
+                .credentials
+                .as_ref()
+                .map(|credentials| bollard::auth::DockerCredentials {
+                    username: Some(credentials.username.clone()),
+                    password: Some(credentials.password.clone()),
+                    ..Default::default()
+                }),
+        );
+
+        while let Some(item) = create_image_stream.next().await {
+            // just consume the stream for now,
+            // and make noise when something breaks
+            let _info = item.expect("hit error in docker pull");
+        }
+    }
+
    let memory_limit = 512 * 1024 * 1024; // 512MB
    let config = container::Config {
        image: Some(params.image.clone()),
--- a/planetwars-server/src/modules/matches.rs
+++ b/planetwars-server/src/modules/matches.rs
@ -1,8 +1,7 @@
-use std::{path::PathBuf, sync::Arc};
-
 use diesel::{PgConnection, QueryResult};
 use planetwars_matchrunner::{self as runner, docker_runner::DockerBotSpec, BotSpec, MatchConfig};
 use runner::MatchOutcome;
+use std::{path::PathBuf, sync::Arc};
 use tokio::task::JoinHandle;

 use crate::{
@ -113,6 +112,11 @@ pub fn bot_version_to_botspec(
            binds: None,
            argv: None,
            working_dir: None,
+            pull: true,
+            credentials: Some(runner::docker_runner::Credentials {
+                username: "admin".to_string(),
+                password: runner_config.registry_admin_password.clone(),
+            }),
        })
    } else {
        // TODO: ideally this would not be possible
@ -131,6 +135,11 @@ fn python_docker_bot_spec(config: &GlobalConfig, code_bundle_path: &str) -> Box<
        binds: Some(vec![format!("{}:{}", code_bundle_path_str, "/workdir")]),
        argv: Some(vec!["python".to_string(), "bot.py".to_string()]),
        working_dir: Some("/workdir".to_string()),
+        // This would be a pull from dockerhub at the moment, let's avoid that for now.
+        // Maybe the best course of action would be to replicate all images in the dedicated
+        // registry, so that we only have to provide credentials to that one.
+        pull: false,
+        credentials: None,
    })
 }