[Notes] [Git][BuildStream/buildstream][valentindavid/remote_execution

Valentin David pushed to branch valentindavid/remote_execution_configuration at BuildStream / buildstream

Commits:

a11c2ef8

by Valentin David at 2018-12-20T14:13:43Z

Add support for user remote execution configuration

Fixes #631.

ee89b38e

by Valentin David at 2018-12-20T14:13:43Z

Add support for https channel to remote execution and actions servers

Fixes #780.

c0fabe1f

by Valentin David at 2018-12-20T14:13:43Z

Allow selecting user or project configuration for remote execution

Changes:

buildstream/_context.py

@@ -34,6 +34,7 @@ from ._artifactcache import ArtifactCache
  from ._artifactcache.cascache import CASCache
  from ._workspaces import Workspaces, WorkspaceProjectCache, WORKSPACE_PROJECT_FILE
  from .plugin import _plugin_lookup
 +from .sandbox import SandboxRemote
  # Context()
@@ -72,6 +73,9 @@ class Context():
          # The locations from which to push and pull prebuilt artifacts
          self.artifact_cache_specs = None
 +        # The global remote execution configuration
 +        self.remote_execution_specs = None
++
          # The directory to store build logs
          self.logdir = None
@@ -117,6 +121,9 @@ class Context():
          # Whether or not to attempt to pull build trees globally
          self.pull_buildtrees = None
 +        # Which configured remote execution server to use
 +        self.remote_execution = 'any'
++
          # Boolean, whether to offer to create a project for the user, if we are
          # invoked outside of a directory where we can resolve the project.
          self.prompt_auto_init = None
@@ -191,7 +198,7 @@ class Context():
          _yaml.node_validate(defaults, [
              'sourcedir', 'builddir', 'artifactdir', 'logdir',
              'scheduler', 'artifacts', 'logging', 'projects',
 -            'cache', 'prompt', 'workspacedir',
 +            'cache', 'prompt', 'workspacedir', 'remote-execution'
          ])
          for directory in ['sourcedir', 'builddir', 'artifactdir', 'logdir', 'workspacedir']:
@@ -216,6 +223,8 @@ class Context():
          # Load artifact share configuration
          self.artifact_cache_specs = ArtifactCache.specs_from_config_node(defaults)
 +        self.remote_execution_specs = SandboxRemote.specs_from_config_node(defaults)
++
          # Load pull build trees configuration
          self.pull_buildtrees = _yaml.node_get(cache, bool, 'pull-buildtrees')
@@ -277,7 +286,8 @@ class Context():
          # Shallow validation of overrides, parts of buildstream which rely
          # on the overrides are expected to validate elsewhere.
          for _, overrides in _yaml.node_items(self._project_overrides):
 -            _yaml.node_validate(overrides, ['artifacts', 'options', 'strict', 'default-mirror'])
 +            _yaml.node_validate(overrides, ['artifacts', 'options', 'strict', 'default-mirror',
 +                                            'remote-execution'])
          profile_end(Topics.LOAD_CONTEXT, 'load')

buildstream/_frontend/app.py

@@ -183,7 +183,8 @@ class App():
              'builders': 'sched_builders',
              'pushers': 'sched_pushers',
              'network_retries': 'sched_network_retries',
 -            'pull_buildtrees': 'pull_buildtrees'
 +            'pull_buildtrees': 'pull_buildtrees',
 +            'remote_execution': 'remote_execution'
+         }
          for cli_option, context_attr in override_map.items():
              option_value = self._main_options.get(cli_option)

buildstream/_frontend/cli.py

@@ -239,6 +239,9 @@ def print_version(ctx, param, value):
                help="The mirror to fetch from first, before attempting other mirrors")
  @click.option('--pull-buildtrees', is_flag=True, default=None,
                help="Include an element's build tree when pulling remote element artifacts")
 +@click.option('--remote-execution', default='any',
 +              type=click.Choice(['any', 'user', 'project', 'none']),
 +              help='Select which remote execution server to use')
  @click.pass_context
  def cli(context, **kwargs):
      """Build and manipulate BuildStream projects

buildstream/_project.py

@@ -507,7 +507,27 @@ class Project():
          self.artifact_cache_specs = ArtifactCache.specs_from_config_node(config, self.directory)
          # Load remote-execution configuration for this project
 -        self.remote_execution_specs = SandboxRemote.specs_from_config_node(config, self.directory)
 +        project_specs = SandboxRemote.specs_from_config_node(config, self.directory)
 +        override_specs = SandboxRemote.specs_from_config_node(
 +            self._context.get_overrides(self.name), self.directory)
++
 +        if self._context.remote_execution == 'any':
 +            if override_specs is not None:
 +                self.remote_execution_specs = override_specs
 +            elif project_specs is not None:
 +                self.remote_execution_specs = project_specs
 +            else:
 +                self.remote_execution_specs = self._context.remote_execution_specs
 +        elif self._context.remote_execution == 'user':
 +            if override_specs is not None:
 +                self.remote_execution_specs = override_specs
 +            else:
 +                self.remote_execution_specs = self._context.remote_execution_specs
 +        elif self._context.remote_execution == 'project':
 +            self.remote_execution_specs = project_specs
 +        else:
 +            assert self._context.remote_execution == 'none'
 +            self.remote_execution_specs = None
          # Load sandbox environment variables
          self.base_environment = _yaml.node_get(config, Mapping, 'environment')

buildstream/sandbox/_sandboxremote.py

@@ -68,10 +68,32 @@ class SandboxRemote(Sandbox):
          self.storage_url = config.storage_service['url']
          self.exec_url = config.exec_service['url']
 +        exec_certs = {}
 +        for key in ['client-cert', 'client-key', 'server-cert']:
 +            if key in config.exec_service:
 +                with open(resolve_path(config.exec_service[key]), 'rb') as f:
 +                    exec_certs[key] = f.read()
++
 +        self.exec_credentials = grpc.ssl_channel_credentials(
 +            root_certificates=exec_certs.get('server-cert'),
 +            private_key=exec_certs.get('client-key'),
 +            certificate_chain=exec_certs.get('client-cert'))
++
 +        action_certs = {}
 +        for key in ['client-cert', 'client-key', 'server-cert']:
 +            if key in config.action_service:
 +                with open(resolve_path(config.exec_service[key]), 'rb') as f:
 +                    action_certs[key] = f.read()
++
          if config.action_service:
              self.action_url = config.action_service['url']
 +            self.action_credentials = grpc.ssl_channel_credentials(
 +                root_certificates=action_certs.get('server-cert'),
 +                private_key=action_certs.get('client-key'),
 +                certificate_chain=action_certs.get('client-cert'))
          else:
              self.action_url = None
 +            self.action_credentials = None
          self.server_instance = config.exec_service.get('instance', None)
          self.storage_instance = config.storage_service.get('instance', None)
@@ -89,7 +111,7 @@ class SandboxRemote(Sandbox):
          self._get_context().message(Message(None, MessageType.INFO, msg))
      @staticmethod
 -    def specs_from_config_node(config_node, basedir):
 +    def specs_from_config_node(config_node, basedir=None):
          def require_node(config, keyname):
              val = config.get(keyname)
@@ -117,7 +139,7 @@ class SandboxRemote(Sandbox):
          remote_exec_storage_config = require_node(remote_config, 'storage-service')
          remote_exec_action_config = remote_config.get('action-cache-service', {})
 -        _yaml.node_validate(remote_exec_service_config, ['url', 'instance'])
 +        _yaml.node_validate(remote_exec_service_config, ['url', 'instance'] + tls_keys)
          _yaml.node_validate(remote_exec_storage_config, ['url', 'instance'] + tls_keys)
          if remote_exec_action_config:
              _yaml.node_validate(remote_exec_action_config, ['url'])
@@ -304,6 +326,8 @@ class SandboxRemote(Sandbox):
                                 "for example: http://buildservice:50051.")
          if url.scheme == 'http':
              channel = grpc.insecure_channel('{}:{}'.format(url.hostname, url.port))
 +        elif url.scheme == 'https':
 +            channel = grpc.secure_channel('{}:{}'.format(url.hostname, url.port), self.exec_credentials)
          else:
              raise SandboxError("Remote execution currently only supports the 'http' protocol "
                                 "and '{}' was supplied.".format(url.scheme))
@@ -361,11 +385,11 @@ class SandboxRemote(Sandbox):
          if not url.port:
              raise SandboxError("You must supply a protocol and port number in the action-cache-service url, "
                                 "for example: http://buildservice:50051.")
 -        if not url.scheme == "http":
 -            raise SandboxError("Currently only support http for the action cache"
 -                               "and {} was supplied".format(url.scheme))
 +        if url.scheme == 'http':
 +            channel = grpc.insecure_channel('{}:{}'.format(url.hostname, url.port))
 +        elif url.scheme == 'https':
 +            channel = grpc.secure_channel('{}:{}'.format(url.hostname, url.port), self.action_credentials)
 -        channel = grpc.insecure_channel('{}:{}'.format(url.hostname, url.port))
          request = remote_execution_pb2.GetActionResultRequest(action_digest=action_digest)
          stub = remote_execution_pb2_grpc.ActionCacheStub(channel)
          try:

doc/source/format_project.rst

@@ -218,6 +218,7 @@ The use of ports are required to distinguish between pull only access and
  push/pull access. For information regarding the server/client certificates
  and keys, please see: :ref:`Key pair for the server <server_authentication>`.
 +.. _project_remote_execution:
  Remote execution
  ~~~~~~~~~~~~~~~~
@@ -243,9 +244,6 @@ using the `remote-execution` option:
      action-cache-service:
        url: http://bar.action.com:50052
 -The execution-service part of remote execution does not support encrypted
 -connections yet, so the protocol must always be http.
+-
  storage-service specifies a remote CAS store and the parameters are the
  same as those used to specify an :ref:`artifact server <artifacts>`.
@@ -268,6 +266,9 @@ instance names.
  The Remote Execution API can be found via https://github.com/bazelbuild/remote-apis.
 +Remote execution configuration can be also provided in the `user
 +configuration <user_config_remote_execution>`.
++
  .. _project_essentials_mirrors:
  Mirrors

doc/source/using_config.rst

@@ -100,6 +100,54 @@ pull only access and push/pull access. For information regarding this and the
  server/client certificates and keys, please see:
  :ref:`Key pair for the server <server_authentication>`.
 +.. _user_config_remote_execution:
++
 +Remote execution
 +~~~~~~~~~~~~~~~~
++
 +The same configuration for :ref:`remote execution <project_remote_execution>`
 +in ``project.conf`` can be provided in the user configuation.
++
 +There is only one remote execution configuration used per project.
++
 +The project overrides will be taken in priority. The global
 +configuration will be used as fallback.
++
 +1. Global remote execution fallback:
++
 +.. code:: yaml
++
 +  remote-execution:
 +    execution-service:
 +      url: http://execution.fallback.example.com:50051
 +      instance-name: main
 +    storage-service:
 +      url: https://storage.fallback.example.com:11002/
 +      server-cert: /keys/server.crt
 +      client-cert: /keys/client.crt
 +      client-key: /keys/client.key
 +      instance-name: main
 +    action-cache-service:
 +      url: http://action.flalback.example.com:50052
++
 +2. Project override:
++
 +.. code:: yaml
++
 +  projects:
 +    some_project:
 +      remote-execution:
 +        execution-service:
 +          url: http://execution.some_project.example.com:50051
 +          instance-name: main
 +        storage-service:
 +          url: https://storage.some_project.example.com:11002/
 +          server-cert: /some_project_keys/server.crt
 +          client-cert: /some_project_keys/client.crt
 +          client-key: /some_project_keys/client.key
 +          instance-name: main
 +        action-cache-service:
 +          url: http://action.some_project.example.com:50052
  Strict build plan

tests/completions/completions.py

@@ -42,6 +42,7 @@ MAIN_OPTIONS = [
      "--option ",
      "--on-error ",
      "--pull-buildtrees ",
 +    "--remote-execution ",
      "--pushers ",
      "--strict ",
      "--verbose ",

[Notes] [Git][BuildStream/buildstream][valentindavid/remote_execution_configuration] 3 commits: Add support for user remote execution configuration

Valentin David pushed to branch valentindavid/remote_execution_configuration at BuildStream / buildstream

Commits:

8 changed files:

Changes: