add optional whitelist for outside images

2024-09-04 00:51:52 +00:00 · 2024-09-04 00:51:52 +00:00 · 590dc4b65e
parent 5e35570d3c
commit 590dc4b65e
3 changed files with 27 additions and 3 deletions
--- a/clore_hosting/main.py
+++ b/clore_hosting/main.py
@ -121,6 +121,8 @@ class CloreClient:

        nvml.init(allow_hive_binaries=not self.dont_use_hive_binaries)

+        self.extra_allowed_images = utils.get_extra_allowed_images()
+
        self.gpu_oc_specs = nvml.get_gpu_oc_specs()
        self.last_oc_service_submit = 0
        self.last_applied_oc = {}
@ -417,7 +419,7 @@ class CloreClient:
                        if type(result)==types.ServerConfig:
                            if result.success:
                                self.last_checked_ws_peers = utils.unix_timestamp()
-                                self.allowed_images=result.allowed_images
+                                self.allowed_images=result.allowed_images+self.extra_allowed_images
                                if not config.debug_ws_peer:
                                    for pure_ws_peer in result.ws_peers:
                                        self.ws_peers[pure_ws_peer]={
--- a/lib/config.py
+++ b/lib/config.py
@ -48,7 +48,8 @@ parser.add_argument('--startup-scripts-folder', type=str, default='/opt/clore-ho
 parser.add_argument('--wireguard-config-folder', type=str, default='/opt/clore-hosting/wireguard/configs', help='Folder with wireguard configs')
 parser.add_argument('--entrypoints-folder', type=str, default='/opt/clore-hosting/entrypoints', help='Folder with custom entrypoints')
 parser.add_argument('--debug-ws-peer', type=str, help="Specific ws peer to connect to (for debugging only)")
-parser.add_argument('--gpu-specs-file', type=str, default='/opt/clore-hosting/client/gpu_specs.json' ,help="Cache with specs of GPU possible OC/Power limit changes")
+parser.add_argument('--gpu-specs-file', type=str, default='/opt/clore-hosting/client/gpu_specs.json', help="Cache with specs of GPU possible OC/Power limit changes")
+parser.add_argument('--extra-allowed-images-file', type=str, default="/opt/clore-hosting/extra_allowed_images.json", help="Docker image whitelist, that are allowed by clore.ai hosting software")

 # Parse arguments, ignoring any non-defined arguments
 args, _ = parser.parse_known_args()
--- a/lib/utils.py
+++ b/lib/utils.py
@ -109,4 +109,25 @@ def hive_set_miner_status(enabled=False):
    if miner_screen_running and not enabled:
        run_command(f"/bin/bash -c \"PATH={HIVE_PATH} && sudo /hive/bin/miner stop\"")
    elif enabled and not miner_screen_running:
-        run_command(f"/bin/bash -c \"PATH={HIVE_PATH} && sudo /hive/sbin/nvidia-oc && sudo /hive/bin/miner start\"")
+        run_command(f"/bin/bash -c \"PATH={HIVE_PATH} && sudo /hive/sbin/nvidia-oc && sudo /hive/bin/miner start\"")
+
+def get_extra_allowed_images():
+    if os.path.exists(config.extra_allowed_images_file):
+        try:
+            with open(config.extra_allowed_images_file, 'r') as file:
+                content = file.read()
+            
+            data = json.loads(content)
+            
+            if isinstance(data, list):
+                if all(isinstance(item, dict) and set(item.keys()) == {'repository', 'allowed_tags'} and isinstance(item['repository'], str) and isinstance(item['allowed_tags'], list) and all(isinstance(tag, str) for tag in item['allowed_tags']) for item in data):
+                    return data
+                else:
+                    return []
+            else:
+                return []
+        except Exception as e:
+            log.error(f"get_extra_allowed_images() | error: {e}")
+            return []
+    else:
+        return []