2015-07-06 02:22:16 +03:00
|
|
|
// Copyright 2015 The Go Authors. All rights reserved.
|
|
|
|
|
// Use of this source code is governed by a BSD-style
|
|
|
|
|
// license that can be found in the LICENSE file.
|
|
|
|
|
|
|
|
|
|
package buildlet
|
|
|
|
|
|
|
|
|
|
import (
|
2019-11-19 21:23:13 +03:00
|
|
|
"bufio"
|
2017-05-01 18:46:07 +03:00
|
|
|
"bytes"
|
2015-07-06 02:22:16 +03:00
|
|
|
"encoding/json"
|
|
|
|
|
"errors"
|
2016-09-16 01:22:09 +03:00
|
|
|
"flag"
|
2015-07-06 02:22:16 +03:00
|
|
|
"fmt"
|
|
|
|
|
"io/ioutil"
|
2019-11-19 21:23:13 +03:00
|
|
|
"log"
|
2015-07-06 02:22:16 +03:00
|
|
|
"net/http"
|
|
|
|
|
"net/url"
|
2016-09-16 01:22:09 +03:00
|
|
|
"os"
|
|
|
|
|
"path/filepath"
|
|
|
|
|
"runtime"
|
2015-07-06 02:22:16 +03:00
|
|
|
"strings"
|
|
|
|
|
"sync"
|
|
|
|
|
"time"
|
|
|
|
|
|
|
|
|
|
"golang.org/x/build"
|
2016-09-16 01:22:09 +03:00
|
|
|
"golang.org/x/build/buildenv"
|
2019-11-19 21:23:13 +03:00
|
|
|
"golang.org/x/build/types"
|
2015-07-06 02:22:16 +03:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
type UserPass struct {
|
|
|
|
|
Username string // "user-$USER"
|
|
|
|
|
Password string // buildlet key
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// A CoordinatorClient makes calls to the build coordinator.
|
|
|
|
|
type CoordinatorClient struct {
|
|
|
|
|
// Auth specifies how to authenticate to the coordinator.
|
|
|
|
|
Auth UserPass
|
|
|
|
|
|
|
|
|
|
// Instance optionally specifies the build coordinator to connect
|
|
|
|
|
// to. If zero, the production coordinator is used.
|
|
|
|
|
Instance build.CoordinatorInstance
|
|
|
|
|
|
|
|
|
|
mu sync.Mutex
|
|
|
|
|
hc *http.Client
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (cc *CoordinatorClient) instance() build.CoordinatorInstance {
|
|
|
|
|
if cc.Instance == "" {
|
|
|
|
|
return build.ProdCoordinator
|
|
|
|
|
}
|
|
|
|
|
return cc.Instance
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (cc *CoordinatorClient) client() (*http.Client, error) {
|
|
|
|
|
cc.mu.Lock()
|
|
|
|
|
defer cc.mu.Unlock()
|
|
|
|
|
if cc.hc != nil {
|
|
|
|
|
return cc.hc, nil
|
|
|
|
|
}
|
|
|
|
|
cc.hc = &http.Client{
|
|
|
|
|
Transport: &http.Transport{
|
|
|
|
|
Dial: defaultDialer(),
|
|
|
|
|
DialTLS: cc.instance().TLSDialer(),
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
return cc.hc, nil
|
|
|
|
|
}
|
|
|
|
|
|
all: split builder config into builder & host configs
Our builders are named of the form "GOOS-GOARCH" or
"GOOS-GOARCH-suffix".
Over time we've grown many builders. This CL doesn't change
that. Builders continue to be named and operate as before.
Previously the build configuration file (dashboard/builders.go) made
each builder type ("linux-amd64-race", etc) define how to create a
host running a buildlet of that type, even though many builders had
identical host configs. For example, these builders all share the same
host type (a Kubernetes container):
linux-amd64
linux-amd64-race
linux-386
linux-386-387
And these are the same host type (a GCE VM):
windows-amd64-gce
windows-amd64-race
windows-386-gce
This CL creates a new concept of a "hostType" which defines how
the buildlet is created (Kube, GCE, Reverse, and how), and then each
builder itself references a host type.
Users never see the hostType. (except perhaps in gomote list output)
But they at least never need to care about them.
Reverse buildlets now can only be one hostType at a time, which
simplifies things. We were no longer using multiple roles per machine
once moving to VMs for OS X.
gomote continues to operate as it did previously but its underlying
protocol changed and clients will need to be updated. As a new
feature, gomote now has a new flag to let you reuse a buildlet host
connection for different builder rules if they share the same
underlying host type. But users can ignore that.
This CL is a long-standing TODO (previously attempted and aborted) and
will make many things easier and faster, including the linux-arm
cross-compilation effort, and keeping pre-warmed buildlets of VM types
ready to go.
Updates golang/go#17104
Change-Id: Iad8387f48680424a8441e878a2f4762bf79ea4d2
Reviewed-on: https://go-review.googlesource.com/29551
Reviewed-by: Matthew Dempsky <mdempsky@google.com>
2016-09-22 00:27:37 +03:00
|
|
|
// CreateBuildlet creates a new buildlet of the given builder type on
|
|
|
|
|
// cc.
|
|
|
|
|
//
|
|
|
|
|
// This takes a builderType (instead of a hostType), but the
|
|
|
|
|
// returned buildlet can be used as any builder that has the same
|
|
|
|
|
// underlying buildlet type. For instance, a linux-amd64 buildlet can
|
|
|
|
|
// act as either linux-amd64 or linux-386-387.
|
|
|
|
|
//
|
2015-07-06 02:22:16 +03:00
|
|
|
// It may expire at any time.
|
2019-11-19 21:23:13 +03:00
|
|
|
// To release it, call Client.Close.
|
all: split builder config into builder & host configs
Our builders are named of the form "GOOS-GOARCH" or
"GOOS-GOARCH-suffix".
Over time we've grown many builders. This CL doesn't change
that. Builders continue to be named and operate as before.
Previously the build configuration file (dashboard/builders.go) made
each builder type ("linux-amd64-race", etc) define how to create a
host running a buildlet of that type, even though many builders had
identical host configs. For example, these builders all share the same
host type (a Kubernetes container):
linux-amd64
linux-amd64-race
linux-386
linux-386-387
And these are the same host type (a GCE VM):
windows-amd64-gce
windows-amd64-race
windows-386-gce
This CL creates a new concept of a "hostType" which defines how
the buildlet is created (Kube, GCE, Reverse, and how), and then each
builder itself references a host type.
Users never see the hostType. (except perhaps in gomote list output)
But they at least never need to care about them.
Reverse buildlets now can only be one hostType at a time, which
simplifies things. We were no longer using multiple roles per machine
once moving to VMs for OS X.
gomote continues to operate as it did previously but its underlying
protocol changed and clients will need to be updated. As a new
feature, gomote now has a new flag to let you reuse a buildlet host
connection for different builder rules if they share the same
underlying host type. But users can ignore that.
This CL is a long-standing TODO (previously attempted and aborted) and
will make many things easier and faster, including the linux-arm
cross-compilation effort, and keeping pre-warmed buildlets of VM types
ready to go.
Updates golang/go#17104
Change-Id: Iad8387f48680424a8441e878a2f4762bf79ea4d2
Reviewed-on: https://go-review.googlesource.com/29551
Reviewed-by: Matthew Dempsky <mdempsky@google.com>
2016-09-22 00:27:37 +03:00
|
|
|
func (cc *CoordinatorClient) CreateBuildlet(builderType string) (*Client, error) {
|
2019-11-19 21:23:13 +03:00
|
|
|
return cc.CreateBuildletWithStatus(builderType, nil)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const (
|
|
|
|
|
// GomoteCreateStreamVersion is the gomote protocol version at which JSON streamed responses started.
|
|
|
|
|
GomoteCreateStreamVersion = "20191119"
|
|
|
|
|
|
|
|
|
|
// GomoteCreateMinVersion is the oldest "gomote create" protocol version that's still supported.
|
|
|
|
|
GomoteCreateMinVersion = "20160922"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
// CreateBuildletWithStatus is like CreateBuildlet but accepts an optional status callback.
|
|
|
|
|
func (cc *CoordinatorClient) CreateBuildletWithStatus(builderType string, status func(types.BuildletWaitStatus)) (*Client, error) {
|
2015-07-06 02:22:16 +03:00
|
|
|
hc, err := cc.client()
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
ipPort, _ := cc.instance().TLSHostPort() // must succeed if client did
|
|
|
|
|
form := url.Values{
|
2019-11-19 21:23:13 +03:00
|
|
|
"version": {GomoteCreateStreamVersion}, // checked by cmd/coordinator/remote.go
|
all: split builder config into builder & host configs
Our builders are named of the form "GOOS-GOARCH" or
"GOOS-GOARCH-suffix".
Over time we've grown many builders. This CL doesn't change
that. Builders continue to be named and operate as before.
Previously the build configuration file (dashboard/builders.go) made
each builder type ("linux-amd64-race", etc) define how to create a
host running a buildlet of that type, even though many builders had
identical host configs. For example, these builders all share the same
host type (a Kubernetes container):
linux-amd64
linux-amd64-race
linux-386
linux-386-387
And these are the same host type (a GCE VM):
windows-amd64-gce
windows-amd64-race
windows-386-gce
This CL creates a new concept of a "hostType" which defines how
the buildlet is created (Kube, GCE, Reverse, and how), and then each
builder itself references a host type.
Users never see the hostType. (except perhaps in gomote list output)
But they at least never need to care about them.
Reverse buildlets now can only be one hostType at a time, which
simplifies things. We were no longer using multiple roles per machine
once moving to VMs for OS X.
gomote continues to operate as it did previously but its underlying
protocol changed and clients will need to be updated. As a new
feature, gomote now has a new flag to let you reuse a buildlet host
connection for different builder rules if they share the same
underlying host type. But users can ignore that.
This CL is a long-standing TODO (previously attempted and aborted) and
will make many things easier and faster, including the linux-arm
cross-compilation effort, and keeping pre-warmed buildlets of VM types
ready to go.
Updates golang/go#17104
Change-Id: Iad8387f48680424a8441e878a2f4762bf79ea4d2
Reviewed-on: https://go-review.googlesource.com/29551
Reviewed-by: Matthew Dempsky <mdempsky@google.com>
2016-09-22 00:27:37 +03:00
|
|
|
"builderType": {builderType},
|
2015-07-06 02:22:16 +03:00
|
|
|
}
|
|
|
|
|
req, _ := http.NewRequest("POST",
|
|
|
|
|
"https://"+ipPort+"/buildlet/create",
|
|
|
|
|
strings.NewReader(form.Encode()))
|
|
|
|
|
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
|
|
|
|
|
req.SetBasicAuth(cc.Auth.Username, cc.Auth.Password)
|
|
|
|
|
// TODO: accept a context for deadline/cancelation
|
|
|
|
|
res, err := hc.Do(req)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
defer res.Body.Close()
|
|
|
|
|
if res.StatusCode != 200 {
|
|
|
|
|
slurp, _ := ioutil.ReadAll(res.Body)
|
|
|
|
|
return nil, fmt.Errorf("%s: %s", res.Status, slurp)
|
|
|
|
|
}
|
2019-11-19 21:23:13 +03:00
|
|
|
|
|
|
|
|
// TODO: delete this once the server's been deployed with it.
|
|
|
|
|
// This code only exists for compatibility for a day or two at most.
|
|
|
|
|
if res.Header.Get("X-Supported-Version") < GomoteCreateStreamVersion {
|
|
|
|
|
var rb RemoteBuildlet
|
|
|
|
|
if err := json.NewDecoder(res.Body).Decode(&rb); err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
return cc.NamedBuildlet(rb.Name)
|
2015-07-06 02:22:16 +03:00
|
|
|
}
|
2019-11-19 21:23:13 +03:00
|
|
|
|
|
|
|
|
type msg struct {
|
|
|
|
|
Error string `json:"error"`
|
|
|
|
|
Buildlet *RemoteBuildlet `json:"buildlet"`
|
|
|
|
|
Status *types.BuildletWaitStatus `json:"status"`
|
2015-07-06 02:22:16 +03:00
|
|
|
}
|
2019-11-19 21:23:13 +03:00
|
|
|
bs := bufio.NewScanner(res.Body)
|
|
|
|
|
for bs.Scan() {
|
|
|
|
|
line := bs.Bytes()
|
|
|
|
|
var m msg
|
|
|
|
|
if err := json.Unmarshal(line, &m); err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
if m.Error != "" {
|
|
|
|
|
return nil, errors.New(m.Error)
|
|
|
|
|
}
|
|
|
|
|
if m.Buildlet != nil {
|
|
|
|
|
if m.Buildlet.Name == "" {
|
|
|
|
|
return nil, fmt.Errorf("buildlet: coordinator's /buildlet/create returned an unnamed buildlet")
|
|
|
|
|
}
|
|
|
|
|
return cc.NamedBuildlet(m.Buildlet.Name)
|
|
|
|
|
}
|
|
|
|
|
if m.Status != nil {
|
|
|
|
|
if status != nil {
|
|
|
|
|
status(*m.Status)
|
|
|
|
|
}
|
|
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
log.Printf("buildlet: unknown message type from coordinator's /buildlet/create endpoint: %q", line)
|
|
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
err = bs.Err()
|
|
|
|
|
if err == nil {
|
|
|
|
|
err = errors.New("buildlet: coordinator's /buildlet/create ended its response stream without a terminal message")
|
2015-07-06 02:22:16 +03:00
|
|
|
}
|
2019-11-19 21:23:13 +03:00
|
|
|
return nil, err
|
2015-07-06 02:22:16 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
type RemoteBuildlet struct {
|
2018-05-04 05:42:17 +03:00
|
|
|
HostType string // "host-linux-jessie"
|
all: split builder config into builder & host configs
Our builders are named of the form "GOOS-GOARCH" or
"GOOS-GOARCH-suffix".
Over time we've grown many builders. This CL doesn't change
that. Builders continue to be named and operate as before.
Previously the build configuration file (dashboard/builders.go) made
each builder type ("linux-amd64-race", etc) define how to create a
host running a buildlet of that type, even though many builders had
identical host configs. For example, these builders all share the same
host type (a Kubernetes container):
linux-amd64
linux-amd64-race
linux-386
linux-386-387
And these are the same host type (a GCE VM):
windows-amd64-gce
windows-amd64-race
windows-386-gce
This CL creates a new concept of a "hostType" which defines how
the buildlet is created (Kube, GCE, Reverse, and how), and then each
builder itself references a host type.
Users never see the hostType. (except perhaps in gomote list output)
But they at least never need to care about them.
Reverse buildlets now can only be one hostType at a time, which
simplifies things. We were no longer using multiple roles per machine
once moving to VMs for OS X.
gomote continues to operate as it did previously but its underlying
protocol changed and clients will need to be updated. As a new
feature, gomote now has a new flag to let you reuse a buildlet host
connection for different builder rules if they share the same
underlying host type. But users can ignore that.
This CL is a long-standing TODO (previously attempted and aborted) and
will make many things easier and faster, including the linux-arm
cross-compilation effort, and keeping pre-warmed buildlets of VM types
ready to go.
Updates golang/go#17104
Change-Id: Iad8387f48680424a8441e878a2f4762bf79ea4d2
Reviewed-on: https://go-review.googlesource.com/29551
Reviewed-by: Matthew Dempsky <mdempsky@google.com>
2016-09-22 00:27:37 +03:00
|
|
|
BuilderType string // "linux-386-387"
|
|
|
|
|
Name string // "buildlet-adg-openbsd-386-2"
|
|
|
|
|
Created time.Time
|
|
|
|
|
Expires time.Time
|
2015-07-06 02:22:16 +03:00
|
|
|
}
|
|
|
|
|
|
2015-10-24 06:37:37 +03:00
|
|
|
func (cc *CoordinatorClient) RemoteBuildlets() ([]RemoteBuildlet, error) {
|
2015-07-06 02:22:16 +03:00
|
|
|
hc, err := cc.client()
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
ipPort, _ := cc.instance().TLSHostPort() // must succeed if client did
|
|
|
|
|
req, _ := http.NewRequest("GET", "https://"+ipPort+"/buildlet/list", nil)
|
|
|
|
|
req.SetBasicAuth(cc.Auth.Username, cc.Auth.Password)
|
|
|
|
|
res, err := hc.Do(req)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
defer res.Body.Close()
|
|
|
|
|
if res.StatusCode != 200 {
|
|
|
|
|
slurp, _ := ioutil.ReadAll(res.Body)
|
|
|
|
|
return nil, fmt.Errorf("%s: %s", res.Status, slurp)
|
|
|
|
|
}
|
|
|
|
|
var ret []RemoteBuildlet
|
|
|
|
|
if err := json.NewDecoder(res.Body).Decode(&ret); err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
return ret, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// NamedBuildlet returns a buildlet client for the named remote buildlet.
|
|
|
|
|
// Names are not validated. Use Client.Status to check whether the client works.
|
|
|
|
|
func (cc *CoordinatorClient) NamedBuildlet(name string) (*Client, error) {
|
|
|
|
|
hc, err := cc.client()
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
ipPort, _ := cc.instance().TLSHostPort() // must succeed if client did
|
|
|
|
|
c := &Client{
|
|
|
|
|
baseURL: "https://" + ipPort,
|
|
|
|
|
remoteBuildlet: name,
|
|
|
|
|
httpClient: hc,
|
|
|
|
|
authUser: cc.Auth.Username,
|
|
|
|
|
password: cc.Auth.Password,
|
|
|
|
|
}
|
|
|
|
|
c.setCommon()
|
|
|
|
|
return c, nil
|
|
|
|
|
}
|
2016-09-16 01:22:09 +03:00
|
|
|
|
|
|
|
|
var (
|
|
|
|
|
flagsRegistered bool
|
|
|
|
|
gomoteUserFlag string
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
// RegisterFlags registers "user" and "staging" flags that control the
|
|
|
|
|
// behavior of NewCoordinatorClientFromFlags. These are used by remote
|
|
|
|
|
// client commands like gomote.
|
|
|
|
|
func RegisterFlags() {
|
|
|
|
|
if !flagsRegistered {
|
|
|
|
|
buildenv.RegisterFlags()
|
|
|
|
|
flag.StringVar(&gomoteUserFlag, "user", username(), "gomote server username")
|
|
|
|
|
flagsRegistered = true
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// username finds the user's username in the environment.
|
|
|
|
|
func username() string {
|
|
|
|
|
if runtime.GOOS == "windows" {
|
|
|
|
|
return os.Getenv("USERNAME")
|
|
|
|
|
}
|
|
|
|
|
return os.Getenv("USER")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// configDir finds the OS-dependent config dir.
|
|
|
|
|
func configDir() string {
|
|
|
|
|
if runtime.GOOS == "windows" {
|
|
|
|
|
return filepath.Join(os.Getenv("APPDATA"), "Gomote")
|
|
|
|
|
}
|
|
|
|
|
if xdg := os.Getenv("XDG_CONFIG_HOME"); xdg != "" {
|
|
|
|
|
return filepath.Join(xdg, "gomote")
|
|
|
|
|
}
|
|
|
|
|
return filepath.Join(os.Getenv("HOME"), ".config", "gomote")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// userToken reads the gomote token from the user's home directory.
|
|
|
|
|
func userToken() (string, error) {
|
|
|
|
|
if gomoteUserFlag == "" {
|
|
|
|
|
panic("userToken called with user flag empty")
|
|
|
|
|
}
|
|
|
|
|
keyDir := configDir()
|
2017-05-01 18:46:07 +03:00
|
|
|
userPath := filepath.Join(keyDir, "user-"+gomoteUserFlag+".user")
|
|
|
|
|
b, err := ioutil.ReadFile(userPath)
|
|
|
|
|
if err == nil {
|
|
|
|
|
gomoteUserFlag = string(bytes.TrimSpace(b))
|
|
|
|
|
}
|
2016-09-16 01:22:09 +03:00
|
|
|
baseFile := "user-" + gomoteUserFlag + ".token"
|
|
|
|
|
if buildenv.FromFlags() == buildenv.Staging {
|
|
|
|
|
baseFile = "staging-" + baseFile
|
|
|
|
|
}
|
|
|
|
|
tokenFile := filepath.Join(keyDir, baseFile)
|
|
|
|
|
slurp, err := ioutil.ReadFile(tokenFile)
|
|
|
|
|
if os.IsNotExist(err) {
|
|
|
|
|
return "", fmt.Errorf("Missing file %s for user %q. Change --user or obtain a token and place it there.",
|
|
|
|
|
tokenFile, gomoteUserFlag)
|
|
|
|
|
}
|
|
|
|
|
return strings.TrimSpace(string(slurp)), err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// NewCoordinatorClientFromFlags constructs a CoordinatorClient for the current user.
|
|
|
|
|
func NewCoordinatorClientFromFlags() (*CoordinatorClient, error) {
|
|
|
|
|
if !flagsRegistered {
|
|
|
|
|
return nil, errors.New("RegisterFlags not called")
|
|
|
|
|
}
|
|
|
|
|
inst := build.ProdCoordinator
|
cmd/coordinator, cmd/buildlet, cmd/gomote: add SSH support
This adds an SSH server to farmer.golang.org on port 2222 that proxies
SSH connections to users' gomote-created buildlet instances.
For example:
$ gomote create openbsd-amd64-60
user-bradfitz-openbsd-amd64-60-1
$ gomote ssh user-bradfitz-openbsd-amd64-60-1
Warning: Permanently added '[localhost]:33351' (ECDSA) to the list of known hosts.
OpenBSD 6.0 (GENERIC.MP) golang/go#2319: Tue Jul 26 13:00:43 MDT 2016
Welcome to OpenBSD: The proactively secure Unix-like operating system.
Please use the sendbug(1) utility to report bugs in the system.
Before reporting a bug, please try to reproduce it with the latest
version of the code. With bug reports, please try to ensure that
enough information to reproduce the problem is enclosed, and if a
known fix for it exists, include that as well.
$
As before, if the coordinator process is restarted (or crashes, is
evicted, etc), all gomote instances die.
Not yet supported:
* scp (help wanted)
* not all host types are configured. most are. some will need slight
config tweaks to the Docker image (e.g. adding openssh-server)
Supports currently:
* linux-amd64 (host type shared by 386, nacl)
* linux-arm
* linux-arm64
* darwin
* freebsd
* openbsd
* plan9-386
* windows
Implementation details:
* the ssh server process listens on port 2222 in the coordinator
(farmer.golang.org), which is behind a GKE TCP load balancer.
* the ssh server library is github.com/gliderlabs/ssh
* authentication is done via Github users' public keys. It's assumed
that gomote user == github user. But there's a mapping in the code
for known exceptions.
* we can't give out access to this too widely. too many things are
accessible from within the host environment if you look in the right
places. Details omitted. But the Go team and other trusted gomote
users can use this.
* the buildlet binary has a new /connect-ssh handler that acts like a
CONNECT request but instead of taking an explicit host:port, just
says "give me your machine's SSH connection". The buildlet can also
start sshd if needed for the environment. The /connect-ssh handler
also installs the coordinator's public key.
* a new buildlet client library method "ConnectSSH" hits the /connect-ssh
handler and returns a net.Conn.
* the coordinator's ssh.Handler is just running the OpenSSH ssh client.
* because the OpenSSH ssh child process can't connect to a net.Conn,
an emphemeral localhost port is created on the coordinator to proxy
between the ssh client and the net.Conn returned by ConnectSSH.
* The /connect-ssh handler requires http.Hijacker, which requires
fully compliant net.Conn implementations as of Go 1.8. So I needed
to flesh out revdial too, testing it with the
golang.org/x/net/nettest package.
* plan9 doesn't have an ssh server, so we use 0intro's new conterm
program (drawterm without GUI support) to connect to plan9 from the
coordinator ssh proxy instead of using the OpenSSH ssh client
binary.
* windows doesn't have an ssh server, so we enable the telnet service
and the coordinator ssh proxy uses telnet instead on the backend
on the private network. (There is a Windows ssh server but only in
new versions.)
Happy debugging over ssh!
Fixes golang/go#19956
Change-Id: I80a62064c5f85af1f195f980c862ba29af4015f0
Reviewed-on: https://go-review.googlesource.com/50750
Reviewed-by: Herbie Ong <herbie@google.com>
Reviewed-by: Jessie Frazelle <me@jessfraz.com>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2017-07-22 22:15:56 +03:00
|
|
|
env := buildenv.FromFlags()
|
|
|
|
|
if env == buildenv.Staging {
|
2016-09-16 01:22:09 +03:00
|
|
|
inst = build.StagingCoordinator
|
cmd/coordinator, cmd/buildlet, cmd/gomote: add SSH support
This adds an SSH server to farmer.golang.org on port 2222 that proxies
SSH connections to users' gomote-created buildlet instances.
For example:
$ gomote create openbsd-amd64-60
user-bradfitz-openbsd-amd64-60-1
$ gomote ssh user-bradfitz-openbsd-amd64-60-1
Warning: Permanently added '[localhost]:33351' (ECDSA) to the list of known hosts.
OpenBSD 6.0 (GENERIC.MP) golang/go#2319: Tue Jul 26 13:00:43 MDT 2016
Welcome to OpenBSD: The proactively secure Unix-like operating system.
Please use the sendbug(1) utility to report bugs in the system.
Before reporting a bug, please try to reproduce it with the latest
version of the code. With bug reports, please try to ensure that
enough information to reproduce the problem is enclosed, and if a
known fix for it exists, include that as well.
$
As before, if the coordinator process is restarted (or crashes, is
evicted, etc), all gomote instances die.
Not yet supported:
* scp (help wanted)
* not all host types are configured. most are. some will need slight
config tweaks to the Docker image (e.g. adding openssh-server)
Supports currently:
* linux-amd64 (host type shared by 386, nacl)
* linux-arm
* linux-arm64
* darwin
* freebsd
* openbsd
* plan9-386
* windows
Implementation details:
* the ssh server process listens on port 2222 in the coordinator
(farmer.golang.org), which is behind a GKE TCP load balancer.
* the ssh server library is github.com/gliderlabs/ssh
* authentication is done via Github users' public keys. It's assumed
that gomote user == github user. But there's a mapping in the code
for known exceptions.
* we can't give out access to this too widely. too many things are
accessible from within the host environment if you look in the right
places. Details omitted. But the Go team and other trusted gomote
users can use this.
* the buildlet binary has a new /connect-ssh handler that acts like a
CONNECT request but instead of taking an explicit host:port, just
says "give me your machine's SSH connection". The buildlet can also
start sshd if needed for the environment. The /connect-ssh handler
also installs the coordinator's public key.
* a new buildlet client library method "ConnectSSH" hits the /connect-ssh
handler and returns a net.Conn.
* the coordinator's ssh.Handler is just running the OpenSSH ssh client.
* because the OpenSSH ssh child process can't connect to a net.Conn,
an emphemeral localhost port is created on the coordinator to proxy
between the ssh client and the net.Conn returned by ConnectSSH.
* The /connect-ssh handler requires http.Hijacker, which requires
fully compliant net.Conn implementations as of Go 1.8. So I needed
to flesh out revdial too, testing it with the
golang.org/x/net/nettest package.
* plan9 doesn't have an ssh server, so we use 0intro's new conterm
program (drawterm without GUI support) to connect to plan9 from the
coordinator ssh proxy instead of using the OpenSSH ssh client
binary.
* windows doesn't have an ssh server, so we enable the telnet service
and the coordinator ssh proxy uses telnet instead on the backend
on the private network. (There is a Windows ssh server but only in
new versions.)
Happy debugging over ssh!
Fixes golang/go#19956
Change-Id: I80a62064c5f85af1f195f980c862ba29af4015f0
Reviewed-on: https://go-review.googlesource.com/50750
Reviewed-by: Herbie Ong <herbie@google.com>
Reviewed-by: Jessie Frazelle <me@jessfraz.com>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2017-07-22 22:15:56 +03:00
|
|
|
} else if env == buildenv.Development {
|
|
|
|
|
inst = "localhost:8119"
|
2016-09-16 01:22:09 +03:00
|
|
|
}
|
cmd/coordinator, cmd/buildlet, cmd/gomote: add SSH support
This adds an SSH server to farmer.golang.org on port 2222 that proxies
SSH connections to users' gomote-created buildlet instances.
For example:
$ gomote create openbsd-amd64-60
user-bradfitz-openbsd-amd64-60-1
$ gomote ssh user-bradfitz-openbsd-amd64-60-1
Warning: Permanently added '[localhost]:33351' (ECDSA) to the list of known hosts.
OpenBSD 6.0 (GENERIC.MP) golang/go#2319: Tue Jul 26 13:00:43 MDT 2016
Welcome to OpenBSD: The proactively secure Unix-like operating system.
Please use the sendbug(1) utility to report bugs in the system.
Before reporting a bug, please try to reproduce it with the latest
version of the code. With bug reports, please try to ensure that
enough information to reproduce the problem is enclosed, and if a
known fix for it exists, include that as well.
$
As before, if the coordinator process is restarted (or crashes, is
evicted, etc), all gomote instances die.
Not yet supported:
* scp (help wanted)
* not all host types are configured. most are. some will need slight
config tweaks to the Docker image (e.g. adding openssh-server)
Supports currently:
* linux-amd64 (host type shared by 386, nacl)
* linux-arm
* linux-arm64
* darwin
* freebsd
* openbsd
* plan9-386
* windows
Implementation details:
* the ssh server process listens on port 2222 in the coordinator
(farmer.golang.org), which is behind a GKE TCP load balancer.
* the ssh server library is github.com/gliderlabs/ssh
* authentication is done via Github users' public keys. It's assumed
that gomote user == github user. But there's a mapping in the code
for known exceptions.
* we can't give out access to this too widely. too many things are
accessible from within the host environment if you look in the right
places. Details omitted. But the Go team and other trusted gomote
users can use this.
* the buildlet binary has a new /connect-ssh handler that acts like a
CONNECT request but instead of taking an explicit host:port, just
says "give me your machine's SSH connection". The buildlet can also
start sshd if needed for the environment. The /connect-ssh handler
also installs the coordinator's public key.
* a new buildlet client library method "ConnectSSH" hits the /connect-ssh
handler and returns a net.Conn.
* the coordinator's ssh.Handler is just running the OpenSSH ssh client.
* because the OpenSSH ssh child process can't connect to a net.Conn,
an emphemeral localhost port is created on the coordinator to proxy
between the ssh client and the net.Conn returned by ConnectSSH.
* The /connect-ssh handler requires http.Hijacker, which requires
fully compliant net.Conn implementations as of Go 1.8. So I needed
to flesh out revdial too, testing it with the
golang.org/x/net/nettest package.
* plan9 doesn't have an ssh server, so we use 0intro's new conterm
program (drawterm without GUI support) to connect to plan9 from the
coordinator ssh proxy instead of using the OpenSSH ssh client
binary.
* windows doesn't have an ssh server, so we enable the telnet service
and the coordinator ssh proxy uses telnet instead on the backend
on the private network. (There is a Windows ssh server but only in
new versions.)
Happy debugging over ssh!
Fixes golang/go#19956
Change-Id: I80a62064c5f85af1f195f980c862ba29af4015f0
Reviewed-on: https://go-review.googlesource.com/50750
Reviewed-by: Herbie Ong <herbie@google.com>
Reviewed-by: Jessie Frazelle <me@jessfraz.com>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2017-07-22 22:15:56 +03:00
|
|
|
|
2016-09-16 01:22:09 +03:00
|
|
|
if gomoteUserFlag == "" {
|
|
|
|
|
return nil, errors.New("user flag must be specified")
|
|
|
|
|
}
|
|
|
|
|
tok, err := userToken()
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
return &CoordinatorClient{
|
|
|
|
|
Auth: UserPass{
|
|
|
|
|
Username: "user-" + gomoteUserFlag,
|
|
|
|
|
Password: tok,
|
|
|
|
|
},
|
|
|
|
|
Instance: inst,
|
|
|
|
|
}, nil
|
|
|
|
|
}
|
