[Notes] [Git][BuildGrid/buildgrid][mablanch/68-bots-multi-endpoints] cmd

Martin Blanchard pushed to branch mablanch/68-bots-multi-endpoints at BuildGrid / buildgrid

Commits:

062752e4

by Martin Blanchard at 2018-08-28T16:52:36Z

cmd_bot.py: Allow separate CAS server for any bot

Factorize the separate CAS handling code, originally buildbox specific.

https://gitlab.com/BuildGrid/buildgrid/issues/68

3 changed files:

buildgrid/_app/bots/buildbox.py
buildgrid/_app/bots/temp_directory.py
buildgrid/_app/commands/cmd_bot.py

Changes:

buildgrid/_app/bots/buildbox.py

@@ -16,13 +16,12 @@
  import os
  import subprocess
  import tempfile
 -import grpc
  from google.protobuf import any_pb2
  from buildgrid._protos.build.bazel.remote.execution.v2 import remote_execution_pb2
  from buildgrid._protos.google.bytestream import bytestream_pb2_grpc
 -from buildgrid.utils import read_file, parse_to_pb2_from_fetch
 +from buildgrid.utils import parse_to_pb2_from_fetch
  def work_buildbox(context, lease):
@@ -32,18 +31,7 @@ def work_buildbox(context, lease):
      action_digest = remote_execution_pb2.Digest()
      action_digest_any.Unpack(action_digest)
 -    cert_server = read_file(context.server_cert)
 -    cert_client = read_file(context.client_cert)
 -    key_client = read_file(context.client_key)
+-
 -    # create server credentials
 -    credentials = grpc.ssl_channel_credentials(root_certificates=cert_server,
 -                                               private_key=key_client,
 -                                               certificate_chain=cert_client)
+-
 -    channel = grpc.secure_channel('{}:{}'.format(context.remote, context.port), credentials)
+-
 -    stub = bytestream_pb2_grpc.ByteStreamStub(channel)
 +    stub = bytestream_pb2_grpc.ByteStreamStub(context.cas_channel)
      action = remote_execution_pb2.Action()
      parse_to_pb2_from_fetch(action, stub, action_digest)
@@ -66,13 +54,18 @@ def work_buildbox(context, lease):
          with tempfile.NamedTemporaryFile(dir=os.path.join(casdir, 'tmp')) as output_digest_file:
              command = ['buildbox',
 -                       '--remote={}'.format('https://{}:{}'.format(context.remote, context.port)),
 -                       '--server-cert={}'.format(context.server_cert),
 -                       '--client-key={}'.format(context.client_key),
 -                       '--client-cert={}'.format(context.client_cert),
 +                       '--remote={}'.format(context.cas_remote_url),
                         '--input-digest={}'.format(input_digest_file.name),
                         '--output-digest={}'.format(output_digest_file.name),
                         '--local={}'.format(casdir)]
++
 +            if context.cas_client_key:
 +                command.append('--client-key={}'.format(context.cas_client_key))
 +            if context.cas_client_cert:
 +                command.append('--client-cert={}'.format(context.cas_client_cert))
 +            if context.cas_server_cert:
 +                command.append('--server-cert={}'.format(context.cas_server_cert))
++
              if 'PWD' in environment and environment['PWD']:
                  command.append('--chdir={}'.format(environment['PWD']))

buildgrid/_app/bots/temp_directory.py

@@ -30,7 +30,7 @@ def work_temp_directory(context, lease):
      """
      parent = context.parent
 -    stub_bytestream = bytestream_pb2_grpc.ByteStreamStub(context.channel)
 +    stub_bytestream = bytestream_pb2_grpc.ByteStreamStub(context.cas_channel)
      action_digest = remote_execution_pb2.Digest()
      lease.payload.Unpack(action_digest)
@@ -78,7 +78,7 @@ def work_temp_directory(context, lease):
          request = remote_execution_pb2.BatchUpdateBlobsRequest(instance_name=parent,
                                                                 requests=requests)
 -        stub_cas = remote_execution_pb2_grpc.ContentAddressableStorageStub(context.channel)
 +        stub_cas = remote_execution_pb2_grpc.ContentAddressableStorageStub(context.cas_channel)
          stub_cas.BatchUpdateBlobs(request)
          result_any = any_pb2.Any()

buildgrid/_app/commands/cmd_bot.py

@@ -44,13 +44,24 @@ from ..cli import pass_context
                help="Public client certificate for TLS (PEM-encoded)")
  @click.option('--server-cert', type=click.Path(exists=True, dir_okay=False), default=None,
                help="Public server certificate for TLS (PEM-encoded)")
 +@click.option('--cas-remote', type=click.STRING, default=None, show_default=True,
 +              help="Remote CAS server's URL (port defaults to 11001 if not specified).")
 +@click.option('--cas-client-key', type=click.Path(exists=True, dir_okay=False), default=None,
 +              help="Private CAS client key for TLS (PEM-encoded)")
 +@click.option('--cas-client-cert', type=click.Path(exists=True, dir_okay=False), default=None,
 +              help="Public CAS client certificate for TLS (PEM-encoded)")
 +@click.option('--cas-server-cert', type=click.Path(exists=True, dir_okay=False), default=None,
 +              help="Public CAS server certificate for TLS (PEM-encoded)")
  @click.option('--parent', type=click.STRING, default='main', show_default=True,
                help="Targeted farm resource.")
  @pass_context
 -def cli(context, remote, parent, client_key, client_cert, server_cert):
 +def cli(context, parent, remote, client_key, client_cert, server_cert,
 +        cas_remote, cas_client_key, cas_client_cert, cas_server_cert):
 +    # Setup the remote execution server channel:
      url = urlparse(remote)
      context.remote = '{}:{}'.format(url.hostname, url.port or 50051)
 +    context.remote_url = remote
      context.parent = parent
      if url.scheme == 'http':
@@ -58,12 +69,46 @@ def cli(context, remote, parent, client_key, client_cert, server_cert):
      else:
          credentials = context.load_client_credentials(client_key, client_cert, server_cert)
          if not credentials:
 -            click.echo("ERROR: no TLS keys were specified and no defaults could be found.\n" +
 -                       "Use --allow-insecure in order to deactivate TLS encryption.\n", err=True)
 +            click.echo("ERROR: no TLS keys were specified and no defaults could be found.", err=True)
              sys.exit(-1)
          context.channel = grpc.secure_channel(context.remote, credentials)
 +    context.client_key = client_key
 +    context.client_cert = client_cert
 +    context.server_cert = server_cert
++
 +    # Setup the remote CAS server channel, if separated:
 +    if cas_remote is not None and cas_remote != remote:
 +        cas_url = urlparse(cas_remote)
++
 +        context.cas_remote = '{}:{}'.format(cas_url.hostname, cas_url.port or 11001)
 +        context.cas_remote_url = cas_remote
++
 +        if cas_url.scheme == 'http':
 +            context.cas_channel = grpc.insecure_channel(context.cas_remote)
 +        else:
 +            cas_credentials = context.load_client_credentials(cas_client_key, cas_client_cert, cas_server_cert)
 +            if not cas_credentials:
 +                click.echo("ERROR: no TLS keys were specified and no defaults could be found.", err=True)
 +                sys.exit(-1)
++
 +            context.cas_channel = grpc.secure_channel(context.cas_remote, cas_credentials)
++
 +            context.cas_client_key = cas_client_key
 +            context.cas_client_cert = cas_client_cert
 +            context.cas_server_cert = cas_server_cert
++
 +    else:
 +        context.cas_remote = context.remote
 +        context.cas_remote_url = remote
++
 +        context.cas_channel = context.channel
++
 +        context.cas_client_key = client_key
 +        context.cas_client_cert = client_cert
 +        context.cas_server_cert = server_cert
++
      context.logger = logging.getLogger(__name__)
      context.logger.debug("Starting for remote {}".format(context.remote))
@@ -112,35 +157,17 @@ def run_temp_directory(context):
                help="Main mount-point location.")
  @click.option('--local-cas', type=click.Path(readable=False), default=str(PurePath(Path.home(), 'cas')),
                help="Local CAS cache directory.")
 -@click.option('--client-cert', type=click.Path(readable=False), default=str(PurePath(Path.home(), 'client.crt')),
 -              help="Public client certificate for TLS (PEM-encoded).")
 -@click.option('--client-key', type=click.Path(readable=False), default=str(PurePath(Path.home(), 'client.key')),
 -              help="Private client key for TLS (PEM-encoded).")
 -@click.option('--server-cert', type=click.Path(readable=False), default=str(PurePath(Path.home(), 'server.crt')),
 -              help="Public server certificate for TLS (PEM-encoded).")
 -@click.option('--port', type=click.INT, default=11001, show_default=True,
 -              help="Remote CAS server port.")
 -@click.option('--remote', type=click.STRING, default='localhost', show_default=True,
 -              help="Remote CAS server hostname.")
  @pass_context
 -def run_buildbox(context, remote, port, server_cert, client_key, client_cert, local_cas, fuse_dir):
 +def run_buildbox(context, local_cas, fuse_dir):
      """
      Uses BuildBox to run commands.
      """
+-
 -    context.logger.info("Creating a bot session")
+-
 -    context.remote = remote
 -    context.port = port
 -    context.server_cert = server_cert
 -    context.client_key = client_key
 -    context.client_cert = client_cert
      context.local_cas = local_cas
      context.fuse_dir = fuse_dir
      try:
          b = bot.Bot(context.bot_session)
 -        b.session(work=buildbox.work_buildbox,
 -                  context=context)
 +        b.session(buildbox.work_buildbox,
 +                  context)
      except KeyboardInterrupt:
          pass

[Notes] [Git][BuildGrid/buildgrid][mablanch/68-bots-multi-endpoints] cmd_bot.py: Allow separate CAS server for any bot

Martin Blanchard pushed to branch mablanch/68-bots-multi-endpoints at BuildGrid / buildgrid

Commits:

3 changed files:

Changes: