Use docker java client

I-Al-Istannen · I-Al-Istannen · commit dc1a18105421 · 2023-12-26T00:03:28.000+01:00
diff --git a/JShellAPI/build.gradle b/JShellAPI/build.gradle
@@ -24,6 +24,9 @@ repositories {
 dependencies {
     implementation project(':JShellWrapper')
     implementation 'org.springframework.boot:spring-boot-starter-web'
+    implementation 'com.github.docker-java:docker-java-transport-httpclient5:3.3.4'
+    implementation 'com.github.docker-java:docker-java-core:3.3.4'
+
     testImplementation 'org.springframework.boot:spring-boot-starter-test'
     annotationProcessor "org.springframework.boot:spring-boot-configuration-processor"
 }
diff --git a/JShellAPI/src/main/java/org/togetherjava/jshellapi/service/DockerService.java b/JShellAPI/src/main/java/org/togetherjava/jshellapi/service/DockerService.java
@@ -0,0 +1,120 @@
+package org.togetherjava.jshellapi.service;
+
+import com.github.dockerjava.api.DockerClient;
+import com.github.dockerjava.api.async.ResultCallback;
+import com.github.dockerjava.api.command.PullImageResultCallback;
+import com.github.dockerjava.api.model.*;
+import com.github.dockerjava.core.DefaultDockerClientConfig;
+import com.github.dockerjava.core.DockerClientImpl;
+import com.github.dockerjava.httpclient5.ApacheDockerHttpClient;
+import org.springframework.stereotype.Service;
+
+import java.io.*;
+import java.nio.charset.StandardCharsets;
+import java.time.Duration;
+import java.util.Arrays;
+import java.util.Set;
+import java.util.concurrent.TimeUnit;
+
+@Service
+public class DockerService implements AutoCloseable {
+
+    private final DockerClient client;
+
+    public DockerService() {
+        DefaultDockerClientConfig clientConfig = DefaultDockerClientConfig.createDefaultConfigBuilder().build();
+        ApacheDockerHttpClient httpClient = new ApacheDockerHttpClient.Builder()
+                .dockerHost(clientConfig.getDockerHost())
+                .sslConfig(clientConfig.getSSLConfig())
+                .responseTimeout(Duration.ofSeconds(60))
+                .connectionTimeout(Duration.ofSeconds(60))
+                .build();
+        this.client = DockerClientImpl.getInstance(clientConfig, httpClient);
+    }
+
+    public String spawnContainer(
+            long maxMemoryMegs, long cpus, String name, Duration evalTimeout, long sysoutLimit
+    ) throws InterruptedException {
+        String imageName = "togetherjava.org:5001/togetherjava/jshellwrapper";
+        boolean presentLocally = client.listImagesCmd()
+                .withImageNameFilter(imageName)
+                .exec()
+                .stream()
+                .anyMatch(it -> Arrays.asList(it.getRepoTags()).contains("master"));
+
+        if (!presentLocally) {
+            client.pullImageCmd(imageName)
+                    .withTag("master")
+                    .exec(new PullImageResultCallback())
+                    .awaitCompletion(5, TimeUnit.MINUTES);
+        }
+
+        return client.createContainerCmd(
+                        imageName + ":master"
+                )
+                .withHostConfig(
+                        HostConfig.newHostConfig()
+                                .withAutoRemove(true)
+                                .withInit(true)
+                                .withCapDrop(Capability.ALL)
+                                .withNetworkMode("none")
+                                .withPidsLimit(2000L)
+                                .withReadonlyRootfs(true)
+                                .withMemory(maxMemoryMegs * 1024 * 1024)
+                                .withCpuCount(cpus)
+                )
+                .withStdinOpen(true)
+                .withAttachStdin(true)
+                .withAttachStderr(true)
+                .withAttachStdout(true)
+                .withEnv("evalTimeoutSeconds=" + evalTimeout.toSeconds(), "sysOutCharLimit=" + sysoutLimit)
+                .withName(name)
+                .exec()
+                .getId();
+    }
+
+    public InputStream startAndAttachToContainer(String containerId, InputStream stdin) throws IOException {
+        PipedInputStream pipeIn = new PipedInputStream();
+        PipedOutputStream pipeOut = new PipedOutputStream(pipeIn);
+
+        client.attachContainerCmd(containerId)
+                .withLogs(true)
+                .withFollowStream(true)
+                .withStdOut(true)
+                .withStdErr(true)
+                .withStdIn(stdin)
+                .exec(new ResultCallback.Adapter<>() {
+                    @Override
+                    public void onNext(Frame object) {
+                        try {
+                            String payloadString = new String(object.getPayload(), StandardCharsets.UTF_8);
+                            if (object.getStreamType() == StreamType.STDOUT) {
+                                pipeOut.write(object.getPayload());
+                            } else {
+                                System.err.println(":( " + payloadString);
+                            }
+                        } catch (IOException e) {
+                            throw new UncheckedIOException(e);
+                        }
+                    }
+                });
+
+        client.startContainerCmd(containerId).exec();
+        return pipeIn;
+    }
+
+    public void killContainerByName(String name) {
+        for (Container container : client.listContainersCmd().withNameFilter(Set.of(name)).exec()) {
+            client.killContainerCmd(container.getId()).exec();
+        }
+    }
+
+    @Override
+    public void close() throws Exception {
+        client.close();
+    }
+
+    public boolean isDead(String containerName) {
+        return client.listContainersCmd().withNameFilter(Set.of(containerName)).exec().isEmpty();
+    }
+}
diff --git a/JShellAPI/src/main/java/org/togetherjava/jshellapi/service/JShellService.java b/JShellAPI/src/main/java/org/togetherjava/jshellapi/service/JShellService.java
@@ -4,12 +4,10 @@
 import org.togetherjava.jshellapi.dto.*;
 import org.togetherjava.jshellapi.exceptions.DockerException;
 
-import java.io.BufferedReader;
-import java.io.BufferedWriter;
-import java.io.File;
-import java.io.IOException;
+import java.io.*;
 import java.nio.file.Files;
 import java.nio.file.Path;
+import java.time.Duration;
 import java.time.Instant;
 import java.util.ArrayList;
 import java.util.List;
@@ -18,16 +16,17 @@
 public class JShellService implements Closeable {
     private final JShellSessionService sessionService;
     private final String id;
-    private Process process;
     private final BufferedWriter writer;
     private final BufferedReader reader;
 
     private Instant lastTimeoutUpdate;
     private final long timeout;
     private final boolean renewable;
     private boolean doingOperation;
+    private final DockerService dockerService;
 
-    public JShellService(JShellSessionService sessionService, String id, long timeout, boolean renewable, long evalTimeout, int sysOutCharLimit, int maxMemory, double cpus, String startupScript) throws DockerException {
+    public JShellService(DockerService dockerService, JShellSessionService sessionService, String id, long timeout, boolean renewable, long evalTimeout, int sysOutCharLimit, int maxMemory, double cpus, String startupScript) throws DockerException {
+        this.dockerService = dockerService;
         this.sessionService = sessionService;
         this.id = id;
         this.timeout = timeout;
@@ -39,30 +38,23 @@ public JShellService(JShellSessionService sessionService, String id, long timeou
                 Files.createDirectories(errorLogs.getParent());
                 Files.createFile(errorLogs);
             }
-            process = new ProcessBuilder(
-                    "docker",
-                    "run",
-                    "--rm",
-                    "-i",
-                    "--init",
-                    "--cap-drop=ALL",
-                    "--network=none",
-                    "--pids-limit=2000",
-                    "--read-only",
-                    "--memory=" + maxMemory + "m",
-                    "--cpus=" + cpus,
-                    "--name", containerName(),
-                    "-e", "\"evalTimeoutSeconds=%d\"".formatted(evalTimeout),
-                    "-e", "\"sysOutCharLimit=%d\"".formatted(sysOutCharLimit),
-                    "togetherjava.org:5001/togetherjava/jshellwrapper:master")
-                    .directory(new File(".."))
-                    .redirectError(errorLogs.toFile())
-                    .start();
-            writer = process.outputWriter();
-            reader = process.inputReader();
+            String containerId = dockerService.spawnContainer(
+                    maxMemory,
+                    (long) Math.ceil(cpus),
+                    containerName(),
+                    Duration.ofSeconds(evalTimeout),
+                    sysOutCharLimit
+            );
+            PipedInputStream containerInput = new PipedInputStream();
+            this.writer = new BufferedWriter(new OutputStreamWriter(new PipedOutputStream(containerInput)));
+            InputStream containerOutput = dockerService.startAndAttachToContainer(
+                    containerId,
+                    containerInput
+            );
+            reader = new BufferedReader(new InputStreamReader(containerOutput));
             writer.write(sanitize(startupScript));
             writer.newLine();
-        } catch (IOException e) {
+        } catch (IOException | InterruptedException e) {
             throw new DockerException(e);
         }
         this.doingOperation = false;
@@ -86,7 +78,7 @@ public Optional<JShellResult> eval(String code) throws DockerException {
             checkContainerOK();
 
             return Optional.of(readResult());
-        } catch (IOException | NumberFormatException ex) {
+        } catch (DockerException | IOException | NumberFormatException ex) {
             close();
             throw new DockerException(ex);
         } finally {
@@ -185,27 +177,22 @@ public String id() {
 
     @Override
     public void close() {
-        process.destroyForcibly();
         try {
             try {
                 writer.close();
             } finally {
                 reader.close();
             }
-            new ProcessBuilder("docker", "kill", containerName())
-                    .directory(new File(".."))
-                    .start()
-                    .waitFor();
-        } catch(IOException | InterruptedException ex) {
+            dockerService.killContainerByName(containerName());
+        } catch(IOException ex) {
             throw new RuntimeException(ex);
         }
-        process = null;
         sessionService.notifyDeath(id);
     }
 
     @Override
     public boolean isClosed() {
-        return process == null;
+        return dockerService.isDead(containerName());
     }
 
     private void updateLastTimeout() {
diff --git a/JShellAPI/src/main/java/org/togetherjava/jshellapi/service/JShellSessionService.java b/JShellAPI/src/main/java/org/togetherjava/jshellapi/service/JShellSessionService.java
@@ -18,7 +18,9 @@ public class JShellSessionService {
     private Config config;
     private StartupScriptsService startupScriptsService;
     private ScheduledExecutorService scheduler;
+    private DockerService dockerService;
     private final Map<String, JShellService> jshellSessions = new HashMap<>();
+
     private void initScheduler() {
         scheduler = Executors.newSingleThreadScheduledExecutor();
         scheduler.scheduleAtFixedRate(() -> {
@@ -74,6 +76,7 @@ private synchronized JShellService createSession(String id, long sessionTimeout,
             throw new ResponseStatusException(HttpStatus.TOO_MANY_REQUESTS, "Too many sessions, try again later :(.");
         }
         JShellService service = new JShellService(
+                dockerService,
                 this,
                 id,
                 sessionTimeout,
@@ -97,4 +100,9 @@ public void setConfig(Config config) {
     public void setStartupScriptsService(StartupScriptsService startupScriptsService) {
         this.startupScriptsService = startupScriptsService;
     }
+
+    @Autowired
+    public void setDockerService(DockerService dockerService) {
+        this.dockerService = dockerService;
+    }
 }
