From 5ae0d0c79bcf42f70a8d8b4c3131ef7f227dfab6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Nowacki?= Date: Tue, 1 Oct 2024 20:31:51 +0200 Subject: [PATCH 1/4] temporarily only allow backenddevelopersltd images to be run in jobs --- .../executor/management/commands/run_executor.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/executor/app/src/compute_horde_executor/executor/management/commands/run_executor.py b/executor/app/src/compute_horde_executor/executor/management/commands/run_executor.py index fbae57fb3..bc522cbde 100644 --- a/executor/app/src/compute_horde_executor/executor/management/commands/run_executor.py +++ b/executor/app/src/compute_horde_executor/executor/management/commands/run_executor.py @@ -660,6 +660,9 @@ async def _executor_loop(self): async with miner_client: logger.debug(f"Connected to miner: {settings.MINER_ADDRESS}") initial_message: V0InitialJobRequest = await miner_client.initial_msg + if not initial_message.base_docker_image_name.startswith("backenddevelopersltd/"): + await miner_client.send_failed_to_prepare() + return logger.debug("Checking for CVE-2022-0492 vulnerability") if not await self.is_system_safe_for_cve_2022_0492(): await miner_client.send_failed_to_prepare() @@ -681,6 +684,9 @@ async def _executor_loop(self): logger.debug(f"Informed miner that I'm ready for job {initial_message.job_uuid}") job_request = await miner_client.full_payload + if not job_request.docker_image_name.startswith("backenddevelopersltd/"): + await miner_client.send_failed_to_prepare() + return logger.debug(f"Running job {initial_message.job_uuid}") result = await job_runner.run_job(job_request) result.specs = specs From b40ba8dafb33511d7a14e5eed4bf302886f7d1b7 Mon Sep 17 00:00:00 2001 From: Michal Zukowski Date: Wed, 2 Oct 2024 14:41:00 +0200 Subject: [PATCH 2/4] Fix main_loop tests --- .../tests/integration/test_main_loop.py | 24 +++++++++---------- 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/executor/app/src/compute_horde_executor/executor/tests/integration/test_main_loop.py b/executor/app/src/compute_horde_executor/executor/tests/integration/test_main_loop.py index 960ccb526..324273e10 100644 --- a/executor/app/src/compute_horde_executor/executor/tests/integration/test_main_loop.py +++ b/executor/app/src/compute_horde_executor/executor/tests/integration/test_main_loop.py @@ -68,7 +68,7 @@ def test_main_loop(): json.dumps( { "message_type": "V0PrepareJobRequest", - "base_docker_image_name": "alpine", + "base_docker_image_name": "backenddevelopersltd/compute-horde-job-echo:v0-latest", "timeout_seconds": None, "volume_type": "inline", "job_uuid": job_uuid, @@ -120,7 +120,7 @@ def test_zip_url_volume(httpx_mock: HTTPXMock): json.dumps( { "message_type": "V0PrepareJobRequest", - "base_docker_image_name": "alpine", + "base_docker_image_name": "backenddevelopersltd/compute-horde-job-echo:v0-latest", "timeout_seconds": None, "volume_type": "zip_url", "job_uuid": job_uuid, @@ -174,7 +174,7 @@ def test_zip_url_too_big_volume_should_fail(httpx_mock: HTTPXMock, settings): json.dumps( { "message_type": "V0PrepareJobRequest", - "base_docker_image_name": "alpine", + "base_docker_image_name": "backenddevelopersltd/compute-horde-job-echo:v0-latest", "timeout_seconds": None, "volume_type": "zip_url", "job_uuid": job_uuid, @@ -233,7 +233,7 @@ def response_callback(request: httpx.Request) -> httpx.Response: json.dumps( { "message_type": "V0PrepareJobRequest", - "base_docker_image_name": "alpine", + "base_docker_image_name": "backenddevelopersltd/compute-horde-job-echo:v0-latest", "timeout_seconds": None, "volume_type": "zip_url", "job_uuid": job_uuid, @@ -297,7 +297,7 @@ def response_callback(request: httpx.Request) -> httpx.Response: json.dumps( { "message_type": "V0PrepareJobRequest", - "base_docker_image_name": "alpine", + "base_docker_image_name": "backenddevelopersltd/compute-horde-job-echo:v0-latest", "timeout_seconds": None, "volume_type": "zip_url", "job_uuid": job_uuid, @@ -348,7 +348,7 @@ def test_zip_and_http_post_output_uploader(httpx_mock: HTTPXMock, tmp_path): json.dumps( { "message_type": "V0PrepareJobRequest", - "base_docker_image_name": "alpine", + "base_docker_image_name": "backenddevelopersltd/compute-horde-job-echo:v0-latest", "timeout_seconds": None, "volume_type": "inline", "job_uuid": job_uuid, @@ -415,7 +415,7 @@ def test_zip_and_http_put_output_uploader(httpx_mock: HTTPXMock, tmp_path): json.dumps( { "message_type": "V0PrepareJobRequest", - "base_docker_image_name": "alpine", + "base_docker_image_name": "backenddevelopersltd/compute-horde-job-echo:v0-latest", "timeout_seconds": None, "volume_type": "inline", "job_uuid": job_uuid, @@ -479,7 +479,7 @@ def test_output_upload_failed(httpx_mock: HTTPXMock, tmp_path): json.dumps( { "message_type": "V0PrepareJobRequest", - "base_docker_image_name": "alpine", + "base_docker_image_name": "backenddevelopersltd/compute-horde-job-echo:v0-latest", "timeout_seconds": None, "volume_type": "inline", "job_uuid": job_uuid, @@ -538,7 +538,7 @@ def test_output_upload_retry(httpx_mock: HTTPXMock, tmp_path): json.dumps( { "message_type": "V0PrepareJobRequest", - "base_docker_image_name": "alpine", + "base_docker_image_name": "backenddevelopersltd/compute-horde-job-echo:v0-latest", "timeout_seconds": None, "volume_type": "inline", "job_uuid": job_uuid, @@ -665,7 +665,7 @@ async def read_file_callback(request: httpx.Request, *args, **kwargs) -> httpx.R json.dumps( { "message_type": "V0PrepareJobRequest", - "base_docker_image_name": "alpine", + "base_docker_image_name": "backenddevelopersltd/compute-horde-job-echo:v0-latest", "timeout_seconds": None, "volume_type": "inline", "job_uuid": job_uuid, @@ -771,7 +771,7 @@ def test_single_file_volume(httpx_mock: HTTPXMock, tmp_path): json.dumps( { "message_type": "V0PrepareJobRequest", - "base_docker_image_name": "alpine", + "base_docker_image_name": "backenddevelopersltd/compute-horde-job-echo:v0-latest", "timeout_seconds": None, "volume_type": "single_file", "job_uuid": job_uuid, @@ -839,7 +839,7 @@ def test_multi_volume(httpx_mock: HTTPXMock, tmp_path): json.dumps( { "message_type": "V0PrepareJobRequest", - "base_docker_image_name": "alpine", + "base_docker_image_name": "backenddevelopersltd/compute-horde-job-echo:v0-latest", "timeout_seconds": None, "volume_type": "multi_volume", "job_uuid": job_uuid, From 5a38b09bac8fed80fea6f0f05246f128232191a0 Mon Sep 17 00:00:00 2001 From: Michal Zukowski Date: Wed, 2 Oct 2024 14:46:46 +0200 Subject: [PATCH 3/4] Fix checking on None image --- .../executor/management/commands/run_executor.py | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/executor/app/src/compute_horde_executor/executor/management/commands/run_executor.py b/executor/app/src/compute_horde_executor/executor/management/commands/run_executor.py index bc522cbde..5541abc6a 100644 --- a/executor/app/src/compute_horde_executor/executor/management/commands/run_executor.py +++ b/executor/app/src/compute_horde_executor/executor/management/commands/run_executor.py @@ -660,7 +660,10 @@ async def _executor_loop(self): async with miner_client: logger.debug(f"Connected to miner: {settings.MINER_ADDRESS}") initial_message: V0InitialJobRequest = await miner_client.initial_msg - if not initial_message.base_docker_image_name.startswith("backenddevelopersltd/"): + if ( + initial_message.base_docker_image_name + and not initial_message.base_docker_image_name.startswith("backenddevelopersltd/") + ): await miner_client.send_failed_to_prepare() return logger.debug("Checking for CVE-2022-0492 vulnerability") @@ -684,7 +687,9 @@ async def _executor_loop(self): logger.debug(f"Informed miner that I'm ready for job {initial_message.job_uuid}") job_request = await miner_client.full_payload - if not job_request.docker_image_name.startswith("backenddevelopersltd/"): + if job_request.docker_image_name and not job_request.docker_image_name.startswith( + "backenddevelopersltd/" + ): await miner_client.send_failed_to_prepare() return logger.debug(f"Running job {initial_message.job_uuid}") From e60e65800d70d513d7c1c621ea5ff03922efc842 Mon Sep 17 00:00:00 2001 From: Michal Zukowski Date: Wed, 2 Oct 2024 14:51:54 +0200 Subject: [PATCH 4/4] Fix integration test --- tests/integration_tests/test_miner_on_dev_executor_manager.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/integration_tests/test_miner_on_dev_executor_manager.py b/tests/integration_tests/test_miner_on_dev_executor_manager.py index c08444244..591970e7d 100644 --- a/tests/integration_tests/test_miner_on_dev_executor_manager.py +++ b/tests/integration_tests/test_miner_on_dev_executor_manager.py @@ -127,7 +127,7 @@ async def test_echo_image(self): "message_type": "V0InitialJobRequest", "job_uuid": job_uuid, "executor_class": DEFAULT_EXECUTOR_CLASS, - "base_docker_image_name": "alpine", + "base_docker_image_name": "backenddevelopersltd/compute-horde-job-echo:v0-latest", "timeout_seconds": 60, "volume_type": "inline", }