2015-01-16 03:29:16 +03:00
|
|
|
// Copyright 2015 The Go Authors. All rights reserved.
|
|
|
|
|
// Use of this source code is governed by a BSD-style
|
|
|
|
|
// license that can be found in the LICENSE file.
|
|
|
|
|
|
|
|
|
|
package buildlet
|
|
|
|
|
|
|
|
|
|
import (
|
2022-09-28 00:08:21 +03:00
|
|
|
"bytes"
|
2017-04-15 20:03:18 +03:00
|
|
|
"context"
|
2022-09-28 00:08:21 +03:00
|
|
|
"encoding/json"
|
2015-01-16 03:29:16 +03:00
|
|
|
"errors"
|
|
|
|
|
"fmt"
|
2022-08-03 21:43:47 +03:00
|
|
|
"io"
|
2021-11-16 20:32:26 +03:00
|
|
|
"net"
|
|
|
|
|
"os"
|
|
|
|
|
"os/exec"
|
2022-07-22 19:00:50 +03:00
|
|
|
"regexp"
|
2018-05-04 05:42:17 +03:00
|
|
|
"sort"
|
2015-01-16 03:29:16 +03:00
|
|
|
"strings"
|
2018-05-04 05:42:17 +03:00
|
|
|
"sync"
|
2015-01-16 03:29:16 +03:00
|
|
|
"time"
|
|
|
|
|
|
2016-02-15 02:59:59 +03:00
|
|
|
"golang.org/x/build/buildenv"
|
2015-01-21 09:25:37 +03:00
|
|
|
"golang.org/x/build/dashboard"
|
2015-01-16 03:29:16 +03:00
|
|
|
"golang.org/x/oauth2"
|
2018-05-04 04:42:01 +03:00
|
|
|
"golang.org/x/oauth2/google"
|
2015-01-16 03:29:16 +03:00
|
|
|
"google.golang.org/api/compute/v1"
|
|
|
|
|
)
|
|
|
|
|
|
2015-03-21 02:14:52 +03:00
|
|
|
// GCEGate optionally specifies a function to run before any GCE API call.
|
|
|
|
|
// It's intended to be used to bound QPS rate to GCE.
|
|
|
|
|
var GCEGate func()
|
|
|
|
|
|
|
|
|
|
func apiGate() {
|
|
|
|
|
if GCEGate != nil {
|
|
|
|
|
GCEGate()
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2022-08-30 21:28:48 +03:00
|
|
|
// ErrQuotaExceeded matches errors.Is when VM creation fails with a
|
|
|
|
|
// quota error. Currently, it only supports GCE quota errors.
|
|
|
|
|
var ErrQuotaExceeded = errors.New("quota exceeded")
|
|
|
|
|
|
|
|
|
|
type GCEError struct {
|
|
|
|
|
OpErrors []*compute.OperationErrorErrors
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (q *GCEError) Error() string {
|
2022-09-28 00:08:21 +03:00
|
|
|
var buf bytes.Buffer
|
|
|
|
|
fmt.Fprintf(&buf, "%d GCE operation errors: ", len(q.OpErrors))
|
|
|
|
|
for i, e := range q.OpErrors {
|
|
|
|
|
if i != 0 {
|
|
|
|
|
buf.WriteString("; ")
|
|
|
|
|
}
|
|
|
|
|
b, err := json.Marshal(e)
|
|
|
|
|
if err != nil {
|
|
|
|
|
fmt.Fprintf(&buf, "json.Marshal(OpErrors[%d]): %v", i, err)
|
|
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
buf.Write(b)
|
|
|
|
|
}
|
|
|
|
|
return buf.String()
|
2022-08-30 21:28:48 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (q *GCEError) Is(target error) bool {
|
|
|
|
|
for _, err := range q.OpErrors {
|
|
|
|
|
if target == ErrQuotaExceeded && err.Code == "QUOTA_EXCEEDED" {
|
|
|
|
|
return true
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return false
|
|
|
|
|
}
|
|
|
|
|
|
2015-01-16 03:29:16 +03:00
|
|
|
// StartNewVM boots a new VM on GCE and returns a buildlet client
|
|
|
|
|
// configured to speak to it.
|
2021-12-15 02:17:24 +03:00
|
|
|
func StartNewVM(creds *google.Credentials, buildEnv *buildenv.Environment, instName, hostType string, opts VMOpts) (Client, error) {
|
2018-05-04 05:42:17 +03:00
|
|
|
ctx := context.TODO()
|
|
|
|
|
computeService, _ := compute.New(oauth2.NewClient(ctx, creds.TokenSource))
|
|
|
|
|
|
|
|
|
|
if opts.Description == "" {
|
|
|
|
|
opts.Description = fmt.Sprintf("Go Builder for %s", hostType)
|
|
|
|
|
}
|
|
|
|
|
if opts.ProjectID == "" {
|
|
|
|
|
opts.ProjectID = buildEnv.ProjectName
|
|
|
|
|
}
|
|
|
|
|
if opts.Zone == "" {
|
2019-12-06 00:24:47 +03:00
|
|
|
opts.Zone = buildEnv.RandomVMZone()
|
2018-05-04 05:42:17 +03:00
|
|
|
}
|
2019-12-09 21:51:29 +03:00
|
|
|
zone := opts.Zone
|
2018-05-04 05:42:17 +03:00
|
|
|
if opts.DeleteIn == 0 {
|
|
|
|
|
opts.DeleteIn = 30 * time.Minute
|
|
|
|
|
}
|
2015-01-16 03:29:16 +03:00
|
|
|
|
all: split builder config into builder & host configs
Our builders are named of the form "GOOS-GOARCH" or
"GOOS-GOARCH-suffix".
Over time we've grown many builders. This CL doesn't change
that. Builders continue to be named and operate as before.
Previously the build configuration file (dashboard/builders.go) made
each builder type ("linux-amd64-race", etc) define how to create a
host running a buildlet of that type, even though many builders had
identical host configs. For example, these builders all share the same
host type (a Kubernetes container):
linux-amd64
linux-amd64-race
linux-386
linux-386-387
And these are the same host type (a GCE VM):
windows-amd64-gce
windows-amd64-race
windows-386-gce
This CL creates a new concept of a "hostType" which defines how
the buildlet is created (Kube, GCE, Reverse, and how), and then each
builder itself references a host type.
Users never see the hostType. (except perhaps in gomote list output)
But they at least never need to care about them.
Reverse buildlets now can only be one hostType at a time, which
simplifies things. We were no longer using multiple roles per machine
once moving to VMs for OS X.
gomote continues to operate as it did previously but its underlying
protocol changed and clients will need to be updated. As a new
feature, gomote now has a new flag to let you reuse a buildlet host
connection for different builder rules if they share the same
underlying host type. But users can ignore that.
This CL is a long-standing TODO (previously attempted and aborted) and
will make many things easier and faster, including the linux-arm
cross-compilation effort, and keeping pre-warmed buildlets of VM types
ready to go.
Updates golang/go#17104
Change-Id: Iad8387f48680424a8441e878a2f4762bf79ea4d2
Reviewed-on: https://go-review.googlesource.com/29551
Reviewed-by: Matthew Dempsky <mdempsky@google.com>
2016-09-22 00:27:37 +03:00
|
|
|
hconf, ok := dashboard.Hosts[hostType]
|
2015-01-16 03:29:16 +03:00
|
|
|
if !ok {
|
all: split builder config into builder & host configs
Our builders are named of the form "GOOS-GOARCH" or
"GOOS-GOARCH-suffix".
Over time we've grown many builders. This CL doesn't change
that. Builders continue to be named and operate as before.
Previously the build configuration file (dashboard/builders.go) made
each builder type ("linux-amd64-race", etc) define how to create a
host running a buildlet of that type, even though many builders had
identical host configs. For example, these builders all share the same
host type (a Kubernetes container):
linux-amd64
linux-amd64-race
linux-386
linux-386-387
And these are the same host type (a GCE VM):
windows-amd64-gce
windows-amd64-race
windows-386-gce
This CL creates a new concept of a "hostType" which defines how
the buildlet is created (Kube, GCE, Reverse, and how), and then each
builder itself references a host type.
Users never see the hostType. (except perhaps in gomote list output)
But they at least never need to care about them.
Reverse buildlets now can only be one hostType at a time, which
simplifies things. We were no longer using multiple roles per machine
once moving to VMs for OS X.
gomote continues to operate as it did previously but its underlying
protocol changed and clients will need to be updated. As a new
feature, gomote now has a new flag to let you reuse a buildlet host
connection for different builder rules if they share the same
underlying host type. But users can ignore that.
This CL is a long-standing TODO (previously attempted and aborted) and
will make many things easier and faster, including the linux-arm
cross-compilation effort, and keeping pre-warmed buildlets of VM types
ready to go.
Updates golang/go#17104
Change-Id: Iad8387f48680424a8441e878a2f4762bf79ea4d2
Reviewed-on: https://go-review.googlesource.com/29551
Reviewed-by: Matthew Dempsky <mdempsky@google.com>
2016-09-22 00:27:37 +03:00
|
|
|
return nil, fmt.Errorf("invalid host type %q", hostType)
|
|
|
|
|
}
|
2018-05-04 05:42:17 +03:00
|
|
|
if !hconf.IsVM() && !hconf.IsContainer() {
|
|
|
|
|
return nil, fmt.Errorf("host %q is type %q; want either a VM or container type", hostType, hconf.PoolName())
|
2015-01-16 03:29:16 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
projectID := opts.ProjectID
|
|
|
|
|
if projectID == "" {
|
|
|
|
|
return nil, errors.New("buildlet: missing required ProjectID option")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
prefix := "https://www.googleapis.com/compute/v1/projects/" + projectID
|
all: split builder config into builder & host configs
Our builders are named of the form "GOOS-GOARCH" or
"GOOS-GOARCH-suffix".
Over time we've grown many builders. This CL doesn't change
that. Builders continue to be named and operate as before.
Previously the build configuration file (dashboard/builders.go) made
each builder type ("linux-amd64-race", etc) define how to create a
host running a buildlet of that type, even though many builders had
identical host configs. For example, these builders all share the same
host type (a Kubernetes container):
linux-amd64
linux-amd64-race
linux-386
linux-386-387
And these are the same host type (a GCE VM):
windows-amd64-gce
windows-amd64-race
windows-386-gce
This CL creates a new concept of a "hostType" which defines how
the buildlet is created (Kube, GCE, Reverse, and how), and then each
builder itself references a host type.
Users never see the hostType. (except perhaps in gomote list output)
But they at least never need to care about them.
Reverse buildlets now can only be one hostType at a time, which
simplifies things. We were no longer using multiple roles per machine
once moving to VMs for OS X.
gomote continues to operate as it did previously but its underlying
protocol changed and clients will need to be updated. As a new
feature, gomote now has a new flag to let you reuse a buildlet host
connection for different builder rules if they share the same
underlying host type. But users can ignore that.
This CL is a long-standing TODO (previously attempted and aborted) and
will make many things easier and faster, including the linux-arm
cross-compilation effort, and keeping pre-warmed buildlets of VM types
ready to go.
Updates golang/go#17104
Change-Id: Iad8387f48680424a8441e878a2f4762bf79ea4d2
Reviewed-on: https://go-review.googlesource.com/29551
Reviewed-by: Matthew Dempsky <mdempsky@google.com>
2016-09-22 00:27:37 +03:00
|
|
|
machType := prefix + "/zones/" + zone + "/machineTypes/" + hconf.MachineType()
|
2015-03-21 02:14:52 +03:00
|
|
|
diskType := "https://www.googleapis.com/compute/v1/projects/" + projectID + "/zones/" + zone + "/diskTypes/pd-ssd"
|
all: split builder config into builder & host configs
Our builders are named of the form "GOOS-GOARCH" or
"GOOS-GOARCH-suffix".
Over time we've grown many builders. This CL doesn't change
that. Builders continue to be named and operate as before.
Previously the build configuration file (dashboard/builders.go) made
each builder type ("linux-amd64-race", etc) define how to create a
host running a buildlet of that type, even though many builders had
identical host configs. For example, these builders all share the same
host type (a Kubernetes container):
linux-amd64
linux-amd64-race
linux-386
linux-386-387
And these are the same host type (a GCE VM):
windows-amd64-gce
windows-amd64-race
windows-386-gce
This CL creates a new concept of a "hostType" which defines how
the buildlet is created (Kube, GCE, Reverse, and how), and then each
builder itself references a host type.
Users never see the hostType. (except perhaps in gomote list output)
But they at least never need to care about them.
Reverse buildlets now can only be one hostType at a time, which
simplifies things. We were no longer using multiple roles per machine
once moving to VMs for OS X.
gomote continues to operate as it did previously but its underlying
protocol changed and clients will need to be updated. As a new
feature, gomote now has a new flag to let you reuse a buildlet host
connection for different builder rules if they share the same
underlying host type. But users can ignore that.
This CL is a long-standing TODO (previously attempted and aborted) and
will make many things easier and faster, including the linux-arm
cross-compilation effort, and keeping pre-warmed buildlets of VM types
ready to go.
Updates golang/go#17104
Change-Id: Iad8387f48680424a8441e878a2f4762bf79ea4d2
Reviewed-on: https://go-review.googlesource.com/29551
Reviewed-by: Matthew Dempsky <mdempsky@google.com>
2016-09-22 00:27:37 +03:00
|
|
|
if hconf.RegularDisk {
|
2015-03-21 02:14:52 +03:00
|
|
|
diskType = "" // a spinning disk
|
|
|
|
|
}
|
2015-01-16 03:29:16 +03:00
|
|
|
|
2018-05-04 05:42:17 +03:00
|
|
|
srcImage := "https://www.googleapis.com/compute/v1/projects/" + projectID + "/global/images/" + hconf.VMImage
|
2019-02-16 01:05:42 +03:00
|
|
|
minCPU := hconf.MinCPUPlatform
|
2018-05-04 05:42:17 +03:00
|
|
|
if hconf.IsContainer() {
|
2019-02-16 01:05:42 +03:00
|
|
|
if hconf.NestedVirt {
|
2021-10-18 22:59:06 +03:00
|
|
|
minCPU = "Intel Cascade Lake" // n2 vms (which support NestedVirtualization) are either Ice Lake or Cascade Lake.
|
2019-05-17 23:08:13 +03:00
|
|
|
}
|
|
|
|
|
if vm := hconf.ContainerVMImage(); vm != "" {
|
|
|
|
|
srcImage = "https://www.googleapis.com/compute/v1/projects/" + projectID + "/global/images/" + vm
|
2019-02-16 01:05:42 +03:00
|
|
|
} else {
|
|
|
|
|
var err error
|
2022-11-01 23:57:01 +03:00
|
|
|
srcImage, err = cosImage(ctx, computeService, hconf.CosArchitecture())
|
2019-02-16 01:05:42 +03:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, fmt.Errorf("error find Container-Optimized OS image: %v", err)
|
|
|
|
|
}
|
2018-05-04 05:42:17 +03:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2015-01-16 03:29:16 +03:00
|
|
|
instance := &compute.Instance{
|
2019-01-30 20:13:07 +03:00
|
|
|
Name: instName,
|
|
|
|
|
Description: opts.Description,
|
|
|
|
|
MachineType: machType,
|
2019-02-16 01:05:42 +03:00
|
|
|
MinCpuPlatform: minCPU,
|
2015-01-16 03:29:16 +03:00
|
|
|
Disks: []*compute.AttachedDisk{
|
|
|
|
|
{
|
|
|
|
|
AutoDelete: true,
|
|
|
|
|
Boot: true,
|
|
|
|
|
Type: "PERSISTENT",
|
|
|
|
|
InitializeParams: &compute.AttachedDiskInitializeParams{
|
|
|
|
|
DiskName: instName,
|
2018-05-04 05:42:17 +03:00
|
|
|
SourceImage: srcImage,
|
2015-03-21 02:14:52 +03:00
|
|
|
DiskType: diskType,
|
2022-11-29 19:51:40 +03:00
|
|
|
DiskSizeGb: opts.DiskSizeGB,
|
2015-01-16 03:29:16 +03:00
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
Tags: &compute.Tags{
|
|
|
|
|
// Warning: do NOT list "http-server" or "allow-ssh" (our
|
|
|
|
|
// project's custom tag to allow ssh access) here; the
|
|
|
|
|
// buildlet provides full remote code execution.
|
|
|
|
|
// The https-server is authenticated, though.
|
|
|
|
|
Items: []string{"https-server"},
|
|
|
|
|
},
|
2015-01-16 23:59:14 +03:00
|
|
|
Metadata: &compute.Metadata{},
|
2021-10-08 01:58:50 +03:00
|
|
|
NetworkInterfaces: []*compute.NetworkInterface{{
|
|
|
|
|
Network: prefix + "/global/networks/default-vpc",
|
|
|
|
|
}},
|
2018-05-05 20:13:05 +03:00
|
|
|
|
|
|
|
|
// Prior to git rev 1b1e086fd, we used preemptible
|
|
|
|
|
// instances, as we were helping test the feature. It was
|
|
|
|
|
// removed after git rev a23395d because we hadn't been
|
|
|
|
|
// using it for some time. Our VMs are so short-lived that
|
|
|
|
|
// the feature doesn't really help anyway. But if we ever
|
|
|
|
|
// find we want it again, this comment is here to point to
|
|
|
|
|
// code that might be useful to partially resurrect.
|
|
|
|
|
Scheduling: &compute.Scheduling{Preemptible: false},
|
2015-01-16 03:29:16 +03:00
|
|
|
}
|
2018-05-04 05:42:17 +03:00
|
|
|
|
2019-12-11 23:15:19 +03:00
|
|
|
// Container builders use the COS image, which defaults to logging to Cloud Logging.
|
|
|
|
|
// Permission is granted to this service account.
|
|
|
|
|
if hconf.IsContainer() && buildEnv.COSServiceAccount != "" {
|
2018-05-04 05:42:17 +03:00
|
|
|
instance.ServiceAccounts = []*compute.ServiceAccount{
|
|
|
|
|
{
|
2019-12-11 23:15:19 +03:00
|
|
|
Email: buildEnv.COSServiceAccount,
|
2018-05-04 05:42:17 +03:00
|
|
|
Scopes: []string{compute.CloudPlatformScope},
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2015-01-16 23:59:14 +03:00
|
|
|
addMeta := func(key, value string) {
|
|
|
|
|
instance.Metadata.Items = append(instance.Metadata.Items, &compute.MetadataItems{
|
|
|
|
|
Key: key,
|
2015-09-03 20:27:24 +03:00
|
|
|
Value: &value,
|
2015-01-16 23:59:14 +03:00
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
// The buildlet-binary-url is the URL of the buildlet binary
|
|
|
|
|
// which the VMs are configured to download at boot and run.
|
|
|
|
|
// This lets us/ update the buildlet more easily than
|
|
|
|
|
// rebuilding the whole VM image.
|
all: split builder config into builder & host configs
Our builders are named of the form "GOOS-GOARCH" or
"GOOS-GOARCH-suffix".
Over time we've grown many builders. This CL doesn't change
that. Builders continue to be named and operate as before.
Previously the build configuration file (dashboard/builders.go) made
each builder type ("linux-amd64-race", etc) define how to create a
host running a buildlet of that type, even though many builders had
identical host configs. For example, these builders all share the same
host type (a Kubernetes container):
linux-amd64
linux-amd64-race
linux-386
linux-386-387
And these are the same host type (a GCE VM):
windows-amd64-gce
windows-amd64-race
windows-386-gce
This CL creates a new concept of a "hostType" which defines how
the buildlet is created (Kube, GCE, Reverse, and how), and then each
builder itself references a host type.
Users never see the hostType. (except perhaps in gomote list output)
But they at least never need to care about them.
Reverse buildlets now can only be one hostType at a time, which
simplifies things. We were no longer using multiple roles per machine
once moving to VMs for OS X.
gomote continues to operate as it did previously but its underlying
protocol changed and clients will need to be updated. As a new
feature, gomote now has a new flag to let you reuse a buildlet host
connection for different builder rules if they share the same
underlying host type. But users can ignore that.
This CL is a long-standing TODO (previously attempted and aborted) and
will make many things easier and faster, including the linux-arm
cross-compilation effort, and keeping pre-warmed buildlets of VM types
ready to go.
Updates golang/go#17104
Change-Id: Iad8387f48680424a8441e878a2f4762bf79ea4d2
Reviewed-on: https://go-review.googlesource.com/29551
Reviewed-by: Matthew Dempsky <mdempsky@google.com>
2016-09-22 00:27:37 +03:00
|
|
|
addMeta("buildlet-binary-url", hconf.BuildletBinaryURL(buildenv.ByProjectID(opts.ProjectID)))
|
|
|
|
|
addMeta("buildlet-host-type", hostType)
|
2015-01-16 23:59:14 +03:00
|
|
|
if !opts.TLS.IsZero() {
|
|
|
|
|
addMeta("tls-cert", opts.TLS.CertPEM)
|
|
|
|
|
addMeta("tls-key", opts.TLS.KeyPEM)
|
|
|
|
|
addMeta("password", opts.TLS.Password())
|
|
|
|
|
}
|
2022-11-03 23:07:56 +03:00
|
|
|
if hconf.IsContainer() && hconf.CosArchitecture() == dashboard.CosArchAMD64 {
|
2018-05-04 05:42:17 +03:00
|
|
|
addMeta("gce-container-declaration", fmt.Sprintf(`spec:
|
|
|
|
|
containers:
|
|
|
|
|
- name: buildlet
|
|
|
|
|
image: 'gcr.io/%s/%s'
|
|
|
|
|
volumeMounts:
|
|
|
|
|
- name: tmpfs-0
|
|
|
|
|
mountPath: /workdir
|
|
|
|
|
securityContext:
|
|
|
|
|
privileged: true
|
|
|
|
|
stdin: false
|
|
|
|
|
tty: false
|
|
|
|
|
restartPolicy: Always
|
|
|
|
|
volumes:
|
|
|
|
|
- name: tmpfs-0
|
|
|
|
|
emptyDir:
|
|
|
|
|
medium: Memory
|
2022-11-03 23:07:56 +03:00
|
|
|
`, opts.ProjectID, hconf.ContainerImage))
|
2023-03-27 22:08:08 +03:00
|
|
|
addMeta("user-data", `#cloud-config
|
2022-11-03 23:07:56 +03:00
|
|
|
|
2023-03-27 22:08:08 +03:00
|
|
|
runcmd:
|
|
|
|
|
- sysctl -w kernel.core_pattern=core
|
|
|
|
|
`)
|
|
|
|
|
} else if hconf.IsContainer() && hconf.CosArchitecture() == dashboard.CosArchARM64 {
|
2022-11-03 23:07:56 +03:00
|
|
|
addMeta("user-data", fmt.Sprintf(`#cloud-config
|
|
|
|
|
|
|
|
|
|
write_files:
|
|
|
|
|
- path: /etc/systemd/system/buildlet.service
|
|
|
|
|
permissions: 0644
|
|
|
|
|
owner: root:root
|
|
|
|
|
content: |
|
|
|
|
|
[Unit]
|
|
|
|
|
Description=Start buildlet container
|
|
|
|
|
Wants=gcr-online.target
|
|
|
|
|
After=gcr-online.target
|
|
|
|
|
|
|
|
|
|
[Service]
|
|
|
|
|
Environment="HOME=/home/buildlet"
|
|
|
|
|
ExecStart=/usr/bin/docker run --rm --name=buildlet --privileged -p 80:80 gcr.io/%s/%s
|
|
|
|
|
ExecStop=/usr/bin/docker stop buildlet
|
|
|
|
|
ExecStopPost=/usr/bin/docker rm buildlet
|
|
|
|
|
RemainAfterExit=true
|
|
|
|
|
Type=oneshot
|
|
|
|
|
|
|
|
|
|
runcmd:
|
|
|
|
|
- systemctl daemon-reload
|
|
|
|
|
- systemctl start buildlet.service
|
2023-03-27 22:08:08 +03:00
|
|
|
- sysctl -w kernel.core_pattern=core
|
2018-05-04 05:42:17 +03:00
|
|
|
`, opts.ProjectID, hconf.ContainerImage))
|
|
|
|
|
}
|
2015-01-16 03:29:16 +03:00
|
|
|
|
2018-05-04 05:42:17 +03:00
|
|
|
if opts.DeleteIn > 0 {
|
2015-01-16 03:29:16 +03:00
|
|
|
// In case the VM gets away from us (generally: if the
|
|
|
|
|
// coordinator dies while a build is running), then we
|
|
|
|
|
// set this attribute of when it should be killed so
|
|
|
|
|
// we can kill it later when the coordinator is
|
|
|
|
|
// restarted. The cleanUpOldVMs goroutine loop handles
|
|
|
|
|
// that killing.
|
2015-01-16 23:59:14 +03:00
|
|
|
addMeta("delete-at", fmt.Sprint(time.Now().Add(opts.DeleteIn).Unix()))
|
2015-01-16 03:29:16 +03:00
|
|
|
}
|
2015-01-16 23:59:14 +03:00
|
|
|
|
2015-01-16 03:29:16 +03:00
|
|
|
for k, v := range opts.Meta {
|
2015-01-16 23:59:14 +03:00
|
|
|
addMeta(k, v)
|
2015-01-16 03:29:16 +03:00
|
|
|
}
|
|
|
|
|
|
2015-03-21 02:14:52 +03:00
|
|
|
apiGate()
|
2015-01-16 03:29:16 +03:00
|
|
|
op, err := computeService.Instances.Insert(projectID, zone, instance).Do()
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, fmt.Errorf("Failed to create instance: %v", err)
|
|
|
|
|
}
|
2015-01-16 20:54:03 +03:00
|
|
|
condRun(opts.OnInstanceRequested)
|
2015-01-16 03:29:16 +03:00
|
|
|
createOp := op.Name
|
|
|
|
|
|
|
|
|
|
// Wait for instance create operation to succeed.
|
|
|
|
|
OpLoop:
|
|
|
|
|
for {
|
|
|
|
|
time.Sleep(2 * time.Second)
|
2015-03-21 02:14:52 +03:00
|
|
|
apiGate()
|
2015-01-16 03:29:16 +03:00
|
|
|
op, err := computeService.ZoneOperations.Get(projectID, zone, createOp).Do()
|
|
|
|
|
if err != nil {
|
2022-08-30 21:28:48 +03:00
|
|
|
return nil, fmt.Errorf("failed to get op %s: %v", createOp, err)
|
2015-01-16 03:29:16 +03:00
|
|
|
}
|
|
|
|
|
switch op.Status {
|
|
|
|
|
case "PENDING", "RUNNING":
|
|
|
|
|
continue
|
|
|
|
|
case "DONE":
|
|
|
|
|
if op.Error != nil {
|
2022-08-30 22:41:09 +03:00
|
|
|
err := &GCEError{OpErrors: make([]*compute.OperationErrorErrors, len(op.Error.Errors))}
|
2022-08-30 21:28:48 +03:00
|
|
|
copy(err.OpErrors, op.Error.Errors)
|
|
|
|
|
return nil, err
|
2015-01-16 03:29:16 +03:00
|
|
|
}
|
|
|
|
|
break OpLoop
|
|
|
|
|
default:
|
2022-08-30 21:28:48 +03:00
|
|
|
return nil, fmt.Errorf("unknown create status %q: %+v", op.Status, op)
|
2015-01-16 03:29:16 +03:00
|
|
|
}
|
|
|
|
|
}
|
2015-01-16 20:54:03 +03:00
|
|
|
condRun(opts.OnInstanceCreated)
|
2015-01-16 03:29:16 +03:00
|
|
|
|
2015-03-21 02:14:52 +03:00
|
|
|
apiGate()
|
2015-01-16 03:29:16 +03:00
|
|
|
inst, err := computeService.Instances.Get(projectID, zone, instName).Do()
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, fmt.Errorf("Error getting instance %s details after creation: %v", instName, err)
|
|
|
|
|
}
|
|
|
|
|
|
2015-01-16 23:59:14 +03:00
|
|
|
// Finds its internal and/or external IP addresses.
|
|
|
|
|
intIP, extIP := instanceIPs(inst)
|
2015-01-16 03:29:16 +03:00
|
|
|
|
|
|
|
|
// Wait for it to boot and its buildlet to come up.
|
|
|
|
|
var buildletURL string
|
|
|
|
|
var ipPort string
|
2015-01-16 23:59:14 +03:00
|
|
|
if !opts.TLS.IsZero() {
|
|
|
|
|
if extIP == "" {
|
|
|
|
|
return nil, errors.New("didn't find its external IP address")
|
|
|
|
|
}
|
|
|
|
|
buildletURL = "https://" + extIP
|
|
|
|
|
ipPort = extIP + ":443"
|
2015-01-16 03:29:16 +03:00
|
|
|
} else {
|
2015-01-16 23:59:14 +03:00
|
|
|
if intIP == "" {
|
|
|
|
|
return nil, errors.New("didn't find its internal IP address")
|
|
|
|
|
}
|
|
|
|
|
buildletURL = "http://" + intIP
|
|
|
|
|
ipPort = intIP + ":80"
|
2015-01-16 03:29:16 +03:00
|
|
|
}
|
2019-12-09 21:51:29 +03:00
|
|
|
if opts.OnGotInstanceInfo != nil {
|
|
|
|
|
opts.OnGotInstanceInfo(inst)
|
|
|
|
|
}
|
2022-08-08 23:47:40 +03:00
|
|
|
var closeFunc func()
|
2021-11-16 20:32:26 +03:00
|
|
|
if opts.UseIAPTunnel {
|
2022-08-08 23:47:40 +03:00
|
|
|
var localPort string
|
|
|
|
|
var err error
|
|
|
|
|
localPort, closeFunc, err = createIAPTunnel(ctx, inst)
|
2021-11-16 20:32:26 +03:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, fmt.Errorf("creating IAP tunnel: %v", err)
|
|
|
|
|
}
|
|
|
|
|
buildletURL = "http://localhost:" + localPort
|
|
|
|
|
ipPort = "127.0.0.1:" + localPort
|
|
|
|
|
}
|
|
|
|
|
client, err := buildletClient(ctx, buildletURL, ipPort, &opts)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
2022-08-08 23:47:40 +03:00
|
|
|
if closeFunc != nil {
|
|
|
|
|
return &extraCloseClient{client, closeFunc}, nil
|
2021-12-15 02:17:24 +03:00
|
|
|
}
|
2021-11-16 20:32:26 +03:00
|
|
|
return client, nil
|
|
|
|
|
}
|
|
|
|
|
|
2022-08-08 23:47:40 +03:00
|
|
|
type extraCloseClient struct {
|
|
|
|
|
Client
|
|
|
|
|
close func()
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (e *extraCloseClient) Close() error {
|
|
|
|
|
defer e.close()
|
|
|
|
|
return e.Close()
|
|
|
|
|
}
|
|
|
|
|
|
2021-11-16 20:32:26 +03:00
|
|
|
func createIAPTunnel(ctx context.Context, inst *compute.Instance) (string, func(), error) {
|
|
|
|
|
// Allocate a local listening port.
|
|
|
|
|
ln, err := net.Listen("tcp", "localhost:0")
|
|
|
|
|
if err != nil {
|
|
|
|
|
return "", nil, err
|
|
|
|
|
}
|
|
|
|
|
localAddr := ln.Addr().(*net.TCPAddr)
|
|
|
|
|
ln.Close()
|
|
|
|
|
// Start the gcloud command. For some reason, when gcloud is run with a
|
|
|
|
|
// pipe for stdout, it doesn't log the success message, so we can only
|
|
|
|
|
// check for success empirically.
|
2022-07-22 19:00:50 +03:00
|
|
|
m := regexp.MustCompile(`/projects/([^/]+)/zones/([^/]+)`).FindStringSubmatch(inst.Zone)
|
|
|
|
|
if m == nil {
|
|
|
|
|
return "", nil, fmt.Errorf("unexpected inst.Zone: %q", inst.Zone)
|
|
|
|
|
}
|
|
|
|
|
project, zone := m[1], m[2]
|
2021-11-16 20:32:26 +03:00
|
|
|
tunnelCmd := exec.CommandContext(ctx,
|
|
|
|
|
"gcloud", "compute", "start-iap-tunnel", "--iap-tunnel-disable-connection-check",
|
2022-07-22 19:00:50 +03:00
|
|
|
"--project", project, "--zone", zone, inst.Name, "80", "--local-host-port", localAddr.String())
|
2022-08-03 21:43:47 +03:00
|
|
|
|
|
|
|
|
// hideWriter hides the underlying io.Writer from os/exec, bypassing the
|
|
|
|
|
// special case where os/exec will let a subprocess share the fd to an
|
|
|
|
|
// *os.File. Using hideWriter will result in goroutines that copy from a
|
|
|
|
|
// fresh pipe and write to the writer in the parent Go program.
|
|
|
|
|
// That guarantees that if the subprocess
|
|
|
|
|
// leaves background processes lying around, they will not keep lingering
|
|
|
|
|
// references to the parent Go program's stdout and stderr.
|
|
|
|
|
//
|
|
|
|
|
// Prior to this, it was common for ./debugnewvm | cat to never finish,
|
|
|
|
|
// because debugnewvm left some gcloud helper processes behind, and cat
|
|
|
|
|
// (or any other program) would never observe EOF on its input pipe.
|
|
|
|
|
// We now try to shut gcloud down more carefully with os.Interrupt below,
|
|
|
|
|
// but hideWriter guarantees that lingering processes won't hang
|
|
|
|
|
// pipelines.
|
|
|
|
|
type hideWriter struct{ io.Writer }
|
|
|
|
|
tunnelCmd.Stderr = hideWriter{os.Stderr}
|
|
|
|
|
tunnelCmd.Stdout = hideWriter{os.Stdout}
|
|
|
|
|
|
2021-11-16 20:32:26 +03:00
|
|
|
if err := tunnelCmd.Start(); err != nil {
|
|
|
|
|
return "", nil, err
|
|
|
|
|
}
|
|
|
|
|
// Start the process. Either it's going to fail to start after a bit, or
|
|
|
|
|
// it'll start listening on its port. Because we told it not to check the
|
|
|
|
|
// connection above, the connections won't be functional, but we can dial.
|
|
|
|
|
errc := make(chan error, 1)
|
|
|
|
|
go func() { errc <- tunnelCmd.Wait() }()
|
|
|
|
|
for start := time.Now(); time.Since(start) < 60*time.Second; time.Sleep(5 * time.Second) {
|
|
|
|
|
// Check if the server crashed.
|
|
|
|
|
select {
|
|
|
|
|
case err := <-errc:
|
|
|
|
|
return "", nil, err
|
|
|
|
|
default:
|
|
|
|
|
}
|
|
|
|
|
// Check if it's healthy.
|
|
|
|
|
conn, err := net.DialTCP("tcp", nil, localAddr)
|
|
|
|
|
if err == nil {
|
|
|
|
|
conn.Close()
|
2022-08-03 21:43:47 +03:00
|
|
|
kill := func() {
|
|
|
|
|
// gcloud compute start-iap-tunnel is a group of Python processes,
|
|
|
|
|
// so send an interrupt to try for an orderly shutdown of the process tree
|
|
|
|
|
// before killing the process outright.
|
|
|
|
|
tunnelCmd.Process.Signal(os.Interrupt)
|
|
|
|
|
time.Sleep(2 * time.Second)
|
|
|
|
|
tunnelCmd.Process.Kill()
|
|
|
|
|
}
|
2021-11-16 20:32:26 +03:00
|
|
|
return fmt.Sprint(localAddr.Port), kill, nil
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return "", nil, fmt.Errorf("iap tunnel startup timed out")
|
2015-01-16 03:29:16 +03:00
|
|
|
}
|
2015-01-16 23:59:14 +03:00
|
|
|
|
|
|
|
|
type VM struct {
|
|
|
|
|
// Name is the name of the GCE VM instance.
|
|
|
|
|
// For example, it's of the form "mote-bradfitz-plan9-386-foo",
|
|
|
|
|
// and not "plan9-386-foo".
|
|
|
|
|
Name string
|
|
|
|
|
IPPort string
|
|
|
|
|
TLS KeyPair
|
all: split builder config into builder & host configs
Our builders are named of the form "GOOS-GOARCH" or
"GOOS-GOARCH-suffix".
Over time we've grown many builders. This CL doesn't change
that. Builders continue to be named and operate as before.
Previously the build configuration file (dashboard/builders.go) made
each builder type ("linux-amd64-race", etc) define how to create a
host running a buildlet of that type, even though many builders had
identical host configs. For example, these builders all share the same
host type (a Kubernetes container):
linux-amd64
linux-amd64-race
linux-386
linux-386-387
And these are the same host type (a GCE VM):
windows-amd64-gce
windows-amd64-race
windows-386-gce
This CL creates a new concept of a "hostType" which defines how
the buildlet is created (Kube, GCE, Reverse, and how), and then each
builder itself references a host type.
Users never see the hostType. (except perhaps in gomote list output)
But they at least never need to care about them.
Reverse buildlets now can only be one hostType at a time, which
simplifies things. We were no longer using multiple roles per machine
once moving to VMs for OS X.
gomote continues to operate as it did previously but its underlying
protocol changed and clients will need to be updated. As a new
feature, gomote now has a new flag to let you reuse a buildlet host
connection for different builder rules if they share the same
underlying host type. But users can ignore that.
This CL is a long-standing TODO (previously attempted and aborted) and
will make many things easier and faster, including the linux-arm
cross-compilation effort, and keeping pre-warmed buildlets of VM types
ready to go.
Updates golang/go#17104
Change-Id: Iad8387f48680424a8441e878a2f4762bf79ea4d2
Reviewed-on: https://go-review.googlesource.com/29551
Reviewed-by: Matthew Dempsky <mdempsky@google.com>
2016-09-22 00:27:37 +03:00
|
|
|
Type string // buildlet type
|
2015-01-16 23:59:14 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func instanceIPs(inst *compute.Instance) (intIP, extIP string) {
|
|
|
|
|
for _, iface := range inst.NetworkInterfaces {
|
|
|
|
|
if strings.HasPrefix(iface.NetworkIP, "10.") {
|
|
|
|
|
intIP = iface.NetworkIP
|
|
|
|
|
}
|
|
|
|
|
for _, accessConfig := range iface.AccessConfigs {
|
|
|
|
|
if accessConfig.Type == "ONE_TO_ONE_NAT" {
|
|
|
|
|
extIP = accessConfig.NatIP
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return
|
|
|
|
|
}
|
2018-05-04 05:42:17 +03:00
|
|
|
|
|
|
|
|
var (
|
2022-11-01 23:57:01 +03:00
|
|
|
cosListMu sync.Mutex
|
|
|
|
|
cosCachedTime time.Time
|
|
|
|
|
cosCache = map[dashboard.CosArch]*cosCacheEntry{}
|
2018-05-04 05:42:17 +03:00
|
|
|
)
|
|
|
|
|
|
2022-11-01 23:57:01 +03:00
|
|
|
type cosCacheEntry struct {
|
|
|
|
|
cachedTime time.Time
|
|
|
|
|
cachedImage string
|
|
|
|
|
}
|
|
|
|
|
|
2018-05-04 05:42:17 +03:00
|
|
|
// cosImage returns the GCP VM image name of the latest stable
|
|
|
|
|
// Container-Optimized OS image. It caches results for 15 minutes.
|
2022-11-01 23:57:01 +03:00
|
|
|
func cosImage(ctx context.Context, svc *compute.Service, arch dashboard.CosArch) (string, error) {
|
2018-05-04 05:42:17 +03:00
|
|
|
const cacheDuration = 15 * time.Minute
|
|
|
|
|
cosListMu.Lock()
|
|
|
|
|
defer cosListMu.Unlock()
|
|
|
|
|
|
2022-11-01 23:57:01 +03:00
|
|
|
cosQuery := func(a dashboard.CosArch) (string, error) {
|
|
|
|
|
imList, err := svc.Images.List("cos-cloud").Filter(fmt.Sprintf("(family eq %q)", string(arch))).Context(ctx).Do()
|
|
|
|
|
if err != nil {
|
|
|
|
|
return "", err
|
|
|
|
|
}
|
|
|
|
|
if imList.NextPageToken != "" {
|
|
|
|
|
return "", fmt.Errorf("too many images; pagination not supported")
|
|
|
|
|
}
|
|
|
|
|
ims := imList.Items
|
|
|
|
|
if len(ims) == 0 {
|
|
|
|
|
return "", errors.New("no image found")
|
|
|
|
|
}
|
|
|
|
|
sort.Slice(ims, func(i, j int) bool {
|
|
|
|
|
if ims[i].Deprecated == nil && ims[j].Deprecated != nil {
|
|
|
|
|
return true
|
|
|
|
|
}
|
|
|
|
|
return ims[i].CreationTimestamp > ims[j].CreationTimestamp
|
|
|
|
|
})
|
|
|
|
|
return ims[0].SelfLink, nil
|
2018-05-04 05:42:17 +03:00
|
|
|
}
|
2022-11-01 23:57:01 +03:00
|
|
|
c, ok := cosCache[arch]
|
|
|
|
|
if !ok {
|
|
|
|
|
image, err := cosQuery(arch)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return "", err
|
|
|
|
|
}
|
|
|
|
|
cosCache[arch] = &cosCacheEntry{
|
|
|
|
|
cachedTime: time.Now(),
|
|
|
|
|
cachedImage: image,
|
|
|
|
|
}
|
|
|
|
|
return image, nil
|
2018-05-04 05:42:17 +03:00
|
|
|
}
|
2022-11-01 23:57:01 +03:00
|
|
|
if c.cachedImage != "" && c.cachedTime.After(time.Now().Add(-cacheDuration)) {
|
|
|
|
|
return c.cachedImage, nil
|
2018-05-04 05:42:17 +03:00
|
|
|
}
|
2022-11-01 23:57:01 +03:00
|
|
|
image, err := cosQuery(arch)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return "", err
|
|
|
|
|
}
|
|
|
|
|
c.cachedImage = image
|
|
|
|
|
c.cachedTime = time.Now()
|
|
|
|
|
return image, nil
|
2018-05-04 05:42:17 +03:00
|
|
|
}
|
