Server - Githubissues

SchrodingerZhu commented 4 years ago

The server of Project Polya is in charge of the data collection and job assignment. Basically, it has the following module:

Data Interface:
- A series of APIs that allow us to add/delete/modify a student submission state.
- The state includes the following fields:
  - Whether a submission is graded/being graded/waiting to be graded.
  - The score of the submission
  - The identifier of the submission (Directory Name/Student ID/Student Name)
  - The grader information (TA ID)
  - The GPG pubkey to encrypt the grading report for the students (optional, students will decide to provide it or not)
  - Parsing result of the student config file:
    - Type: firejail/docker/x11docker
    - Special Environment Variable
    - Special Requirements (seccomp/linux capacity)
    - Special warnings for TA
    - Readme and report (relative path in the submission directory)
    - Steps (docker-build/prepare/compile/run/post-cleanup), each step as an executable shell script or a dockerfile.
  - Details of the grading:
    - Return Code
    - Date
    - Running Time
    - Comment (by grader)
    - Stdout
    - Stderr
    - The failure step
CLI:
- init: scan all subdirs and create a database and an empty global configuration file.
- each directory must contain the config file (YAML/TOML: do not decided yet), contains the student information and other essential config stated in the data interface. (format is not yet decided)
- tools to add/remove/modify some fields of the grading state
- dump the grading result for TA to view
- dump the grading result for students to view (encrypted using the pubkey if the student provides one)
- invoke another script to submit all source code to MOSS (not decided)
Web Service:
- like the online grading system for University Entrance Examination in China.
- send a compressed student submission archive and global configuration to grading client.
- receive the grading result from the client, details are the same data interface
- handle the request of re-grading
Special Notice There is actually two ways to allow multiple TAs to grading simultaneously:
- One is to use the Server/Client Mode on different PCs
- The other is to let TAs ssh to a same machine and use the client on the localhosts. For the latter case, we should probably provide an efficient way of communication.
The global configurations consists of a main file with several attachments, which will include:
- Which mode(s) are allowed
- A global firejail profile (as a file)
- A global docker setting (as a file)
- Grading Range
- Special Notices for TAs

SchrodingerZhu commented 4 years ago

we will not provide docker options now. see #2

SchrodingerZhu commented 4 years ago

{
  "systemd_nspawn": {
    "pid2": true,
    "env": [
      {
        "name": "TEXT",
        "value": "123"
      }
    ],
    "work_path": "/data",
    "syscall": [
      {
        "name": "mmap",
        "permit": true
      }
    ],
    "capacity": [],
    "capacity_drop": [],
    "no_new_privileges": false,
    "no_network": false,
    "limit": null,
    "extra_bind": [],
    "extra_bind_ro": [
      {
        "source": "testinput.txt",
        "target": "/tmp/testinput.txt"
      }
    ],
    "extra_overlay": [],
    "extra_overlay_ro": []
  },
  "firejail": {
    "timeout": {
      "hour": 0,
      "minute": 0,
      "second": 30
    },
    "syscall": [],
    "shell": "/bin/bash",
    "nice": null,
    "function": {
      "nou2f": false,
      "novideo": false,
      "no3d": false,
      "noautopulse": false,
      "nogroups": false,
      "nonewprivs": false,
      "nodvd": false,
      "nodbus": false,
      "nonet": false
    },
    "mac": null,
    "nodefault": false,
    "limit": {
      "mem_limit": 128,
      "nofile_limit": null,
      "filesize_limit": null,
      "process_limit": null,
      "sigpending_limit": null,
      "cpu_nums": null
    },
    "capacity": [],
    "capacity_drop": [],
    "with_profile": null
  },
  "notification": "the project may invoke X11",
  "max_grade": 100
}

SchrodingerZhu commented 4 years ago

use serde::*;
use std::path::PathBuf;
/// By invoke `setup` the client will first drag the image.
/// The image contains a `root.x86_64` together with other files.
/// ```
/// image.tar.lz4:
///   - root.x86_64
///   - otherfiles
/// ```
/// The image will then be untared into the `.local/tulip/image` direcotry.
/// Then it will download a config file.
///
///
#[derive(Debug, Serialize, Deserialize)]
pub struct EnvPair {
    pub name: String,
    pub value: String
}

#[derive(Debug, Serialize, Deserialize)]
pub struct Syscall {
    pub name: String,
    pub permit: bool
}

#[derive(Debug, Serialize, Deserialize)]
pub struct Limit {
    pub mem_limit: Option<usize>, // in MiB
    pub nofile_limit: Option<usize>,
    pub filesize_limit: Option<usize>,
    pub process_limit: Option<usize>,
    pub sigpending_limit: Option<usize>,
    pub cpu_nums: Option<usize>,

}

#[derive(Debug, Serialize, Deserialize)]
pub struct Binding {
    pub source: PathBuf,
    pub target: PathBuf
}

#[derive(Debug, Serialize, Deserialize)]
pub struct NSpawnConfig {
    pub pid2: bool,
    pub env: Vec<EnvPair>,
    pub work_path: Option<PathBuf>, // in the root
    pub syscall: Vec<Syscall>,
    pub capacity: Vec<String>,
    pub capacity_drop: Vec<String>,
    pub no_new_privileges: bool,
    pub no_network: bool,
    pub limit: Option<Limit>,
    pub extra_bind: Vec<Binding>, // relative path based on `.local/tulip/image`
    pub extra_bind_ro: Vec<Binding>, // relative path based on `.local/tulip/image`
    pub extra_overlay: Vec<Binding>, // relative path based on `.local/tulip/image`
    pub extra_overlay_ro: Vec<Binding>, // relative path based on `.local/tulip/image`
}
#[derive(Debug, Serialize, Deserialize)]
pub struct Timeout {
    pub hour: u8,
    pub minute: u8,
    pub second: u8,
}

#[derive(Debug, Serialize, Deserialize)]
pub struct FuntionList {
    pub nou2f: bool,
    pub novideo: bool,
    pub no3d: bool,
    pub noautopulse: bool,
    pub nogroups: bool,
    pub nonewprivs: bool,
    pub nodvd: bool,
    pub nodbus: bool,
    pub nonet: bool
}

// deterministic-exit-code = true
#[derive(Debug, Serialize, Deserialize)]
pub struct FirejailConfig {
    pub timeout: Option<Timeout>,
    pub syscall: Vec<Syscall>,
    pub shell: Option<String>,
    pub nice: Option<usize>,
    pub function: FuntionList,
    pub mac: Option<String>,
    pub nodefault: bool,
    pub limit: Option<Limit>,
    pub capacity: Vec<String>,
    pub capacity_drop: Vec<String>,
    pub with_profile: Option<PathBuf> // relative path based on `.local/tulip/image`
}

#[derive(Debug, Serialize, Deserialize)]
pub struct Config {
    pub systemd_nspawn: NSpawnConfig,
    pub firejail: FirejailConfig,
    pub notification: String,
    pub max_grade: usize
}

SchrodingerZhu commented 4 years ago

config is adjusted. new template

{
  "systemd_nspawn": {
    "pid2": false,
    "env": [],
    "work_path": null,
    "syscall": [],
    "capacity": [],
    "capacity_drop": [],
    "no_new_privileges": false,
    "no_network": false,
    "limit": null,
    "shell": null
  },
  "firejail": {
    "timeout": null,
    "syscall": [],
    "shell": null,
    "nice": null,
    "function": {
      "nou2f": false,
      "novideo": false,
      "no3d": false,
      "noautopulse": false,
      "nogroups": false,
      "nonewprivs": false,
      "nodvd": false,
      "nodbus": false,
      "nonet": false
    },
    "mac": null,
    "dns": null,
    "nodefault": false,
    "limit": null,
    "capacity": [],
    "capacity_drop": [],
    "with_profile": null,
    "has_x": true
  },
  "notification": "",
  "max_grade": 0,
  "stdin": null,
  "extra_bind": [],
  "extra_bind_ro": [],
  "extra_overlay": [
    {
      "source": "test",
      "target": "test"
    }
  ],
  "extra_overlay_ro": []
}

SchrodingerZhu commented 4 years ago

wintersweet

project-polya / Design-Brochure

Server #1