diff options
author | 2018-06-03 00:07:17 +0200 | |
---|---|---|
committer | 2018-06-03 00:07:17 +0200 | |
commit | 3b10896efd2f691e624e2d02848c6826ef6f5fc3 (patch) | |
tree | a797ac208bfc54b2431d01f3a12bde44d720c159 | |
parent | set dependency on rmq publish (diff) |
update docs
-rw-r--r-- | Pipfile | 2 | ||||
-rw-r--r-- | Pipfile.lock | 123 | ||||
-rw-r--r-- | README.md | 69 | ||||
-rw-r--r-- | snekbox.py | 1 |
4 files changed, 115 insertions, 80 deletions
@@ -5,9 +5,9 @@ name = "pypi" [packages] pika = "*" +docker = "*" [dev-packages] -docker = "*" flask = "*" flask-sockets = "*" gevent = "==1.2.2" diff --git a/Pipfile.lock b/Pipfile.lock index 70f7e24..9edba21 100644 --- a/Pipfile.lock +++ b/Pipfile.lock @@ -1,7 +1,7 @@ { "_meta": { "hash": { - "sha256": "56429edc3ce0dd8b29d5c50fa05e864d0a26ba9c3cc844945b116f8c52310801" + "sha256": "db284676e7f7232ab8e2f8dbda2319fcb62fe648209c2ff8db78c6db058b7d1e" }, "pipfile-spec": 6, "requires": { @@ -16,6 +16,42 @@ ] }, "default": { + "certifi": { + "hashes": [ + "sha256:13e698f54293db9f89122b0581843a782ad0934a4fe0172d2a980ba77fc61bb7", + "sha256:9fa520c1bacfb634fa7af20a76bcbd3d5fb390481724c597da32c719a7dca4b0" + ], + "version": "==2018.4.16" + }, + "chardet": { + "hashes": [ + "sha256:84ab92ed1c4d4f16916e05906b6b75a6c0fb5db821cc65e70cbd64a3e2a5eaae", + "sha256:fc323ffcaeaed0e0a02bf4d117757b98aed530d9ed4531e3e15460124c106691" + ], + "version": "==3.0.4" + }, + "docker": { + "hashes": [ + "sha256:43b45b92bed372161a5d4f3c7137e16b30d93845e99a00bc727938e52850694e", + "sha256:dc5cc0971a0d36fe94c5ce89bd4adb6c892713500af7b0818708229c3199911a" + ], + "index": "pypi", + "version": "==3.3.0" + }, + "docker-pycreds": { + "hashes": [ + "sha256:764a7ea2f6484bc5de5bf0c060f08b41a1118cf1acb987626b3ff45f3cc40dac", + "sha256:e3732a03610a00461a716997670c7010bf1c214a3edc440f7d6a2a3a830ecd9d" + ], + "version": "==0.2.3" + }, + "idna": { + "hashes": [ + "sha256:2c6a5de3089009e3da7c5dde64a141dbc8551d5b7f6cf4ed7c2568d0cc520a8f", + "sha256:8c7309c718f94b3a625cb648ace320157ad16ff131ae0af362c9f21b80ef6ec4" + ], + "version": "==2.6" + }, "pika": { "hashes": [ "sha256:15f485eb68ec56b5a2673c01d518d16f7c371809ca42c72a2da42d4d8190fa4f", @@ -23,6 +59,34 @@ ], "index": "pypi", "version": "==0.11.2" + }, + "requests": { + "hashes": [ + "sha256:6a1b267aa90cac58ac3a765d067950e7dbbf75b1da07e895d1f594193a40a38b", + "sha256:9c443e7324ba5b85070c4a818ade28bfabedf16ea10206da1132edaa6dda237e" + ], + "version": "==2.18.4" + }, + "six": { + "hashes": [ + "sha256:70e8a77beed4562e7f14fe23a786b54f6296e34344c23bc42f07b15018ff98e9", + "sha256:832dc0e10feb1aa2c68dcc57dbb658f1c7e65b9b61af69048abc87a2db00a0eb" + ], + "version": "==1.11.0" + }, + "urllib3": { + "hashes": [ + "sha256:06330f386d6e4b195fbfc736b297f58c5a892e4440e54d294d7004e3a9bbea1b", + "sha256:cc44da8e1145637334317feebd728bd869a35285b93cbb4cca2577da7e62db4f" + ], + "version": "==1.22" + }, + "websocket-client": { + "hashes": [ + "sha256:18f1170e6a1b5463986739d9fd45c4308b0d025c1b2f9b88788d8f69e8a5eb4a", + "sha256:db70953ae4a064698b27ae56dcad84d0ee68b7b43cb40940f537738f38f510c1" + ], + "version": "==0.48.0" } }, "develop": { @@ -40,20 +104,6 @@ ], "version": "==18.1.0" }, - "certifi": { - "hashes": [ - "sha256:13e698f54293db9f89122b0581843a782ad0934a4fe0172d2a980ba77fc61bb7", - "sha256:9fa520c1bacfb634fa7af20a76bcbd3d5fb390481724c597da32c719a7dca4b0" - ], - "version": "==2018.4.16" - }, - "chardet": { - "hashes": [ - "sha256:84ab92ed1c4d4f16916e05906b6b75a6c0fb5db821cc65e70cbd64a3e2a5eaae", - "sha256:fc323ffcaeaed0e0a02bf4d117757b98aed530d9ed4531e3e15460124c106691" - ], - "version": "==3.0.4" - }, "click": { "hashes": [ "sha256:29f99fc6125fbc931b758dc053b3114e55c77a6e4c6c3a2674a2dc986016381d", @@ -102,21 +152,6 @@ ], "version": "==4.5.1" }, - "docker": { - "hashes": [ - "sha256:43b45b92bed372161a5d4f3c7137e16b30d93845e99a00bc727938e52850694e", - "sha256:dc5cc0971a0d36fe94c5ce89bd4adb6c892713500af7b0818708229c3199911a" - ], - "index": "pypi", - "version": "==3.3.0" - }, - "docker-pycreds": { - "hashes": [ - "sha256:764a7ea2f6484bc5de5bf0c060f08b41a1118cf1acb987626b3ff45f3cc40dac", - "sha256:e3732a03610a00461a716997670c7010bf1c214a3edc440f7d6a2a3a830ecd9d" - ], - "version": "==0.2.3" - }, "flake8": { "hashes": [ "sha256:7253265f7abd8b313e3892944044a365e3f4ac3fcdcfb4298f55ee9ddf188ba0", @@ -214,13 +249,6 @@ "index": "pypi", "version": "==19.8.1" }, - "idna": { - "hashes": [ - "sha256:2c6a5de3089009e3da7c5dde64a141dbc8551d5b7f6cf4ed7c2568d0cc520a8f", - "sha256:8c7309c718f94b3a625cb648ace320157ad16ff131ae0af362c9f21b80ef6ec4" - ], - "version": "==2.6" - }, "itsdangerous": { "hashes": [ "sha256:cbb3fcf8d3e33df861709ecaf89d9e6629cff0a217bc2848f1b41cd30d360519" @@ -307,13 +335,6 @@ "index": "pypi", "version": "==0.3.2" }, - "requests": { - "hashes": [ - "sha256:6a1b267aa90cac58ac3a765d067950e7dbbf75b1da07e895d1f594193a40a38b", - "sha256:9c443e7324ba5b85070c4a818ade28bfabedf16ea10206da1132edaa6dda237e" - ], - "version": "==2.18.4" - }, "six": { "hashes": [ "sha256:70e8a77beed4562e7f14fe23a786b54f6296e34344c23bc42f07b15018ff98e9", @@ -321,20 +342,6 @@ ], "version": "==1.11.0" }, - "urllib3": { - "hashes": [ - "sha256:06330f386d6e4b195fbfc736b297f58c5a892e4440e54d294d7004e3a9bbea1b", - "sha256:cc44da8e1145637334317feebd728bd869a35285b93cbb4cca2577da7e62db4f" - ], - "version": "==1.22" - }, - "websocket-client": { - "hashes": [ - "sha256:18f1170e6a1b5463986739d9fd45c4308b0d025c1b2f9b88788d8f69e8a5eb4a", - "sha256:db70953ae4a064698b27ae56dcad84d0ee68b7b43cb40940f537738f38f510c1" - ], - "version": "==0.48.0" - }, "werkzeug": { "hashes": [ "sha256:c3fd7a7d41976d9f44db327260e263132466836cef6f91512889ed60ad26557c", @@ -33,7 +33,9 @@ result <- | |<----------| |<--------| | <------ | pipenv | 2018.05.18 | | docker | 18.03.1-ce | | docker-compose | 1.21.2 | +| nsjail | 2.5 | +_________________________________________ ## Setup local test install python packages @@ -43,10 +45,40 @@ apt-get install -y libprotobuf-dev #needed by nsjail pipenv sync --dev ``` +## NSJail + +Copy the appropriate binary to an appropriate path + +```bash +cp binaries/nsjail2.6-ubuntu-x86_64 /usr/bin/nsjail +chmod +x /usr/bin/nsjail +``` + +give nsjail a test run + +```bash +nsjail -Mo \ +--rlimit_as 700 \ +--chroot / \ +-E LANG=en_US.UTF-8 \ +-R/usr -R/lib -R/lib64 \ +--user nobody \ +--group nogroup \ +--time_limit 2 \ +--disable_proc \ +--iface_no_lo \ +--quiet -- \ +python3.6 -ISq -c "print('test')" +``` + +> if it fails, try without the `--cgroup_pids_max=1` + +## Development environment + Start a rabbitmq instance and get the container IP ```bash -docker run -d --name rmq -p 15672:15672 -e RABBITMQ_DEFAULT_USER=guest -e RABBITMQ_DEFAULT_PASS=guest pythondiscord/rmq:latest +docker-compose up -d pdrmq docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' rmq # expected output with default setting: 172.17.0.2 # If not, change the config.py file to match @@ -57,26 +89,31 @@ rabbitmq webinterface: `http://localhost:15672` start the webserver ```bash -docker run --name snekboxweb --network=host -d pythondiscord/snekboxweb:latest +docker-compose up -d pdsnekboxweb netstat -plnt # tcp 0.0.0.0:5000 LISTEN ``` -use two terminals! +`http://localhost:5000` ```bash -#terminal 1 -pipenv run python snekbox.py - -#terminal 2 -pipenv run python snekweb.py +pipenv run snekbox # for debugging +# or +docker-compose up pdsnekbox # for running the container ``` -`http://localhost:5000` +________________________________________ +## Unit testing and lint + +Make sure rabbitmq is running before running tests -_________________________________ +```bash +pipenv run lint +pipenv run test +``` -# Build the containers +________________________________________ +## Build the containers ```bash # Build @@ -88,14 +125,4 @@ pipenv run pushbox pipenv run pushweb ``` -## Docker compose - -Start all the containers with docker-compose -```bash -docker-compose up -``` - -this boots up rabbitmq, the snekbox and a webinterface on port 5000 - -`http://localhost:5000` @@ -37,6 +37,7 @@ class Snekbox(object): '--time_limit', '2', '--disable_proc', '--iface_no_lo', + # '--cgroup_pids_max=1', # This doesn't work :( '--quiet', '--', self.python_binary, '-ISq', '-c', cmd] |