Merge branch 'pelican-dev:main' into package_updates

pelican-dev · Jul 31, 2024 · 92543f7 · 92543f7
2 parents 7caf965 + 7c9ca52
commit 92543f7
Show file tree

Hide file tree

Showing 4 changed files with 33 additions and 9 deletions.
diff --git a/config/config.go b/config/config.go
@@ -91,7 +91,7 @@ type ApiConfiguration struct {
 	// servers.
 	DisableRemoteDownload bool `json:"-" yaml:"disable_remote_download"`
 
-	// The maximum size for files uploaded through the Panel in MB.
+	// The maximum size for files uploaded through the Panel in MiB.
 	UploadLimit int64 `default:"100" json:"upload_limit" yaml:"upload_limit"`
 
 	// A list of IP address of proxies that may send a X-Forwarded-For header to set the true clients IP

diff --git a/environment/settings.go b/environment/settings.go
@@ -34,7 +34,7 @@ type Mount struct {
 // Limits is the build settings for a given server that impact docker container
 // creation and resource limits for a server instance.
 type Limits struct {
-	// The total amount of memory in megabytes that this server is allowed to
+	// The total amount of memory in mebibytes that this server is allowed to
 	// use on the host system.
 	MemoryLimit int64 `json:"memory_limit"`
 
@@ -50,13 +50,13 @@ type Limits struct {
 	// should be a value between 1 and THREAD_COUNT * 100.
 	CpuLimit int64 `json:"cpu_limit"`
 
-	// The amount of disk space in megabytes that a server is allowed to use.
+	// The amount of disk space in mebibytes that a server is allowed to use.
 	DiskSpace int64 `json:"disk_space"`
 
 	// Sets which CPU threads can be used by the docker instance.
 	Threads string `json:"threads"`
 
-	OOMDisabled bool `json:"oom_disabled"`
+	OOMKiller bool `json:"oom_killer"`
 }
 
 // ConvertedCpuLimit converts the CPU limit for a server build into a number
@@ -79,7 +79,7 @@ func (l Limits) MemoryOverheadMultiplier() float64 {
 }
 
 func (l Limits) BoundedMemoryLimit() int64 {
-	return int64(math.Round(float64(l.MemoryLimit) * l.MemoryOverheadMultiplier() * 1_000_000))
+	return int64(math.Round(float64(l.MemoryLimit) * l.MemoryOverheadMultiplier() * 1024 * 1024))
 }
 
 // ConvertedSwap returns the amount of swap available as a total in bytes. This
@@ -90,7 +90,7 @@ func (l Limits) ConvertedSwap() int64 {
 		return -1
 	}
 
-	return (l.Swap * 1_000_000) + l.BoundedMemoryLimit()
+	return (l.Swap * 1024 * 1024) + l.BoundedMemoryLimit()
 }
 
 // ProcessLimit returns the process limit for a container. This is currently
@@ -99,16 +99,21 @@ func (l Limits) ProcessLimit() int64 {
 	return config.Get().Docker.ContainerPidLimit
 }
 
+// Helper function to create a pointer to a boolean value
+func boolPtr(b bool) *bool {
+	return &b
+}
+
 // AsContainerResources returns the available resources for a container in a format
 // that Docker understands.
 func (l Limits) AsContainerResources() container.Resources {
 	pids := l.ProcessLimit()
 	resources := container.Resources{
 		Memory:            l.BoundedMemoryLimit(),
-		MemoryReservation: l.MemoryLimit * 1_000_000,
+		MemoryReservation: l.MemoryLimit * 1024 * 1024,
 		MemorySwap:        l.ConvertedSwap(),
 		BlkioWeight:       l.IoWeight,
-		OomKillDisable:    &l.OOMDisabled,
+		OomKillDisable:    boolPtr(!l.OOMKiller),
 		PidsLimit:         &pids,
 	}
 

diff --git a/server/backup/backup_s3.go b/server/backup/backup_s3.go
@@ -6,6 +6,7 @@ import (
 	"io"
 	"net/http"
 	"os"
+	"path/filepath"
 	"strconv"
 	"time"
 
@@ -58,6 +59,12 @@ func (s *S3Backup) Generate(ctx context.Context, fsys *filesystem.Filesystem, ig
 	}
 
 	s.log().WithField("path", s.Path()).Info("creating backup for server")
+	if _, err := os.Stat(filepath.Dir(s.Path())); os.IsNotExist(err) {
+		err := os.Mkdir(filepath.Dir(s.Path()), 0o700)
+		if err != nil {
+			return nil, err
+		}
+	}
 	if err := a.Create(ctx, s.Path()); err != nil {
 		return nil, err
 	}

diff --git a/server/mounts.go b/server/mounts.go
@@ -1,6 +1,7 @@
 package server
 
 import (
+	"os"
 	"path/filepath"
 	"strings"
 
@@ -48,7 +49,6 @@ func (s *Server) Mounts() []environment.Mount {
 func (s *Server) customMounts() []environment.Mount {
 	var mounts []environment.Mount
 
-	// TODO: probably need to handle things trying to mount directories that do not exist.
 	for _, m := range s.Config().Mounts {
 		source := filepath.Clean(m.Source)
 		target := filepath.Clean(m.Target)
@@ -59,6 +59,18 @@ func (s *Server) customMounts() []environment.Mount {
 			"read_only":   m.ReadOnly,
 		})
 
+		// Check if the source path exists
+		if _, err := os.Stat(source); os.IsNotExist(err) {
+			logger.WithField("missing_source_path", source).Warn("skipping custom server mount, source path does not exist")
+			continue
+		}
+
+		// Check if the target path includes /home/container
+		if strings.Contains(target, "/home/container") {
+			logger.WithField("invalid_target_path", target).Warn("skipping custom server mount, target path includes /home/container")
+			continue
+		}
+
 		mounted := false
 		for _, allowed := range config.Get().AllowedMounts {
 			// Check if the source path is included in the allowed mounts list.