all: switch vmx-enabled Debian over to Bullseye

I basically just did a find-and-replace, and we'll see if it works? I've updated and built the new disk images so this should be ready to deploy. For golang/go#56414. Change-Id: Iaac41d6f7a1244c3682e624f7a4ee4fa7477dfa1 Reviewed-on: https://go-review.googlesource.com/c/build/+/445617 Run-TryBot: Heschi Kreinick <heschi@google.com> Reviewed-by: Carlos Amedee <carlos@golang.org> Auto-Submit: Heschi Kreinick <heschi@google.com> TryBot-Result: Gopher Robot <gobot@golang.org>
2022-10-26 14:01:19 -04:00 · 2022-10-26 14:01:19 -04:00 · c116c3b2d8
--- a/dashboard/builders.go
+++ b/dashboard/builders.go
@ -281,9 +281,9 @@ var Hosts = map[string]*HostConfig{
 		SSHUsername:    "root",
 	},
 	"host-linux-amd64-androidemu": {
-		Notes:          "Debian Buster w/ Android SDK + emulator (use nested virt)",
+		Notes:          "Debian Bullseye w/ Android SDK + emulator (use nested virt)",
 		ContainerImage: "android-amd64-emu:bff27c0c9263",
-		KonletVMImage:  "android-amd64-emu",
+		KonletVMImage:  "android-amd64-emu-bullseye",
 		NestedVirt:     true,
 		SSHUsername:    "root",
 	},
@ -292,6 +292,12 @@ var Hosts = map[string]*HostConfig{
 		ContainerImage: "linux-x86-bullseye:latest",
 		SSHUsername:    "root",
 	},
+	"host-linux-amd64-bullseye-vmx": {
+		Notes:          "Debian Bullseye w/ Nested Virtualization (VMX CPU bit) enabled",
+		ContainerImage: "linux-x86-bullseye:latest",
+		NestedVirt:     true,
+		SSHUsername:    "root",
+	},
 	"host-linux-amd64-buster": {
 		Notes:          "Debian Buster",
 		ContainerImage: "linux-x86-buster:latest",
@ -339,12 +345,6 @@ var Hosts = map[string]*HostConfig{
 		ContainerImage: "linux-x86-stretch:latest",
 		SSHUsername:    "root",
 	},
-	"host-linux-amd64-stretch-vmx": {
-		Notes:          "Debian Stretch w/ Nested Virtualization (VMX CPU bit) enabled, for testing",
-		ContainerImage: "linux-x86-stretch:latest",
-		NestedVirt:     true,
-		SSHUsername:    "root",
-	},
 	"host-linux-amd64-wsl": {
 		Notes:     "Windows 10 WSL2 Ubuntu",
 		Owners:    []*gophers.Person{gh("mengzhuo")},
@ -1332,7 +1332,7 @@ func (c *HostConfig) ContainerVMImage() string {
 		return c.KonletVMImage
 	}
 	if c.NestedVirt {
-		return "debian-stretch-vmx"
+		return "debian-bullseye-vmx"
 	}
 	if c.isEC2 && c.ContainerImage != "" {
 		return fmt.Sprintf("gcr.io/%s/%s", buildenv.Production.ProjectName, c.ContainerImage)
@ -1532,7 +1532,7 @@ func init() {
 	})
 	addBuilder(BuildConfig{
 		Name:       "linux-amd64-vmx",
-		HostType:   "host-linux-amd64-stretch-vmx",
+		HostType:   "host-linux-amd64-bullseye-vmx",
 		buildsRepo: disabledBuilder,
 	})
 	addBuilder(BuildConfig{
--- a/env/android-amd64-emu/create-vm.sh
+++ b/env/android-amd64-emu/create-vm.sh
@ -7,18 +7,19 @@ set -e
 set -x

 ZONE=us-central1-f
-TARGET_IMAGE=android-amd64-emu
+DEBIAN=bullseye
+TARGET_IMAGE=android-amd64-emu-$DEBIAN

 TMP_DISK=dev-android-amd64-emu-tmpdisk
 TMP_IMG=dev-android-amd64-emu-image
 TMP_VM=dev-android-amd64-emu

-# Create disk, forking debian-vmx-stretch
+# Create disk, forking our vmx-enabled image
 gcloud compute disks delete $TMP_DISK --zone=$ZONE --quiet || true
 gcloud compute disks create $TMP_DISK \
       --zone=$ZONE \
       --size=40GB \
-       --image=debian-stretch-vmx
+       --image=debian-$DEBIAN-vmx

 gcloud compute images delete $TMP_IMG --quiet || true
 gcloud compute images create \
@ -35,20 +36,18 @@ gcloud compute instances create \
       $TMP_VM \
       --zone=$ZONE \
       --image=$TMP_IMG \
-       --min-cpu-platform "Intel Haswell"
+       --min-cpu-platform "Intel Haswell" \
+       --network default-vpc \
+       --no-service-account --no-scopes

-INTERNAL_IP=$(gcloud --format="value(networkInterfaces[0].networkIP)" compute instances list --filter="name=('$TMP_VM')")
 echo "Waiting for SSH port to be available..."
-while ! nc -w 2 -z $INTERNAL_IP 22; do
+while ! gcloud compute ssh $TMP_VM --zone=$ZONE --tunnel-through-iap -- echo hi; do
    sleep 1
 done

-VER=$(docker images "--format={{.ID}}" golang/android-amd64-emu:latest)
-CONTAINER=gcr.io/symbolic-datum-552/android-amd64-emu:$VER
-
 echo "SSH is up. Pulling docker container $CONTAINER on VM..."

-gcloud compute ssh $TMP_VM --zone=$ZONE --internal-ip -- sudo docker pull $CONTAINER
+gcloud compute ssh $TMP_VM --zone=$ZONE --tunnel-through-iap -- sudo docker pull gcr.io/symbolic-datum-552/android-amd64-emu:latest

 echo "Done pulling; shutting down"

--- a/env/linux-x86-vmx/README.md
+++ b/env/linux-x86-vmx/README.md
@ -1,6 +1,6 @@
 # linux-x86-vmx

 These scripts create a GCE VM image that acts like Container-Optimized
-Linux but uses a Debian 9 (Stretch) kernel + userspace instead. We do
-this because Debian 9 includes CONFIG_KVM for nested virtualization,
+Linux but uses a Debian 11 (Bullseye) kernel + userspace instead. We do
+this because Debian 11 includes CONFIG_KVM for nested virtualization,
 whereas that's not compiled in for Container-Optimized Linux.
--- a/env/linux-x86-vmx/create.sh
+++ b/env/linux-x86-vmx/create.sh
@ -3,8 +3,8 @@
 # Use of this source code is governed by a BSD-style
 # license that can be found in the LICENSE file.

-# This creates the debian-stretch-vmx buildlet VM that's
-# like the Container-Optimized OS but using Debian Stretch
+# This creates the debian-bullseye-vmx buildlet VM that's
+# like the Container-Optimized OS but using Debian Bullseye
 # instead of the Chromium OS, and with nested virtualization
 # enabled.

@ -12,7 +12,7 @@ set -e
 set -x

 ZONE=us-central1-f
-TARGET_IMAGE=debian-stretch-vmx
+TARGET_IMAGE=debian-bullseye-vmx

 TMP_DISK=dev-debian-vmx-tmpdisk
 TMP_IMG=dev-debian-vmx-image
@ -24,7 +24,7 @@ gcloud compute disks create $TMP_DISK \
       --zone=$ZONE \
       --size=40GB \
       --image-project=debian-cloud \
-       --image-family debian-9
+       --image-family debian-11

 # Create image based on that disk, with the nested virtualization
 # opt-in flag ("license").
@ -44,14 +44,12 @@ gcloud compute instances create \
       $TMP_VM \
       --zone=$ZONE \
       --image=$TMP_IMG \
-       --min-cpu-platform "Intel Haswell"
-
-INTERNAL_IP=$(gcloud --format="value(networkInterfaces[0].networkIP)" compute instances list --filter="name=('$TMP_VM')")
-EXTERNAL_IP=$(gcloud --format="value(networkInterfaces[0].accessConfigs[0].natIP)" compute instances list --filter="name=('$TMP_VM')")
-echo "external IP: $EXTERNAL_IP, internal IP: $INTERNAL_IP"
+       --min-cpu-platform "Intel Haswell" \
+       --network default-vpc \
+       --no-service-account --no-scopes

 echo "Waiting for SSH port to be available..."
-while ! nc -w 2 -z $INTERNAL_IP 22; do
+while ! gcloud compute ssh $TMP_VM --zone=$ZONE --tunnel-through-iap -- echo hi; do
    sleep 1
 done

@ -59,10 +57,10 @@ echo "SSH is up. Copying prep-vm.sh script to VM..."

 # gcloud compute scp lacks an --internal-ip flag, even though gcloud
 # compute ssh has it. Annoying. Workaround:
-gcloud compute scp --dry-run --zone=$ZONE prep-vm.sh bradfitz@$TMP_VM: | perl -npe "s/$EXTERNAL_IP/$INTERNAL_IP/" | sh
+gcloud compute scp --zone=$ZONE --tunnel-through-iap prep-vm.sh $TMP_VM:

 # And prep the machine.
-gcloud compute ssh $TMP_VM --zone=$ZONE --internal-ip -- sudo bash ./prep-vm.sh
+gcloud compute ssh $TMP_VM --zone=$ZONE --tunnel-through-iap -- sudo bash ./prep-vm.sh

 echo "Done prepping machine; shutting down"

--- a/env/linux-x86-vmx/prep-vm.sh
+++ b/env/linux-x86-vmx/prep-vm.sh
@ -29,7 +29,7 @@ systemctl start konlet-startup

 # Pre-pull some common images/layers to speed up future boots:
 gcloud auth configure-docker --quiet
-docker pull gcr.io/symbolic-datum-552/linux-x86-stretch:latest
+docker pull gcr.io/symbolic-datum-552/linux-x86-bullseye:latest
 docker pull gcr.io/gce-containers/konlet:v.0.9-latest

 apt-get dist-upgrade --yes