diff options
| -rw-r--r-- | .bazelrc | 54 | ||||
| -rw-r--r-- | README.md | 23 | ||||
| -rw-r--r-- | WORKSPACE | 8 | ||||
| -rwxr-xr-x | kokoro/run_tests.sh | 16 | ||||
| -rw-r--r-- | tools/bazel-0.24.0.bazelrc (renamed from .bazelrc_rbe) | 59 |
5 files changed, 109 insertions, 51 deletions
@@ -1 +1,55 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Start with a base bazelrc for a recent version of bazel. These can be +# downloaded from: +# https://github.com/bazelbuild/bazel-toolchains/tree/master/bazelrc +import %workspace%/tools/bazel-0.24.0.bazelrc + +# All changes below are gVisor-specific. + +# Display the current git revision in the info block. build --workspace_status_command tools/workspace_status.sh + +# Add a custom toolchain that builds in a privileged docker container, which is +# required by our syscall tests. +build:remote --extra_toolchains=//test:cc-toolchain-clang-x86_64-default +build:remote --extra_execution_platforms=//test:rbe_ubuntu1604 +build:remote --host_platform=//test:rbe_ubuntu1604 +build:remote --platforms=//test:rbe_ubuntu1604 + +# RBE requires a strong hash function, such as SHA256. +startup --host_jvm_args=-Dbazel.DigestFunction=SHA256 + +# Auth scope needed for authentication with RBE. +build:remote --auth_scope="https://www.googleapis.com/auth/cloud-source-tools" + +# Set flags for uploading to BES in order to view results in the Bazel Build +# Results UI. +build:results --bes_backend="buildeventservice.googleapis.com" +build:results --bes_timeout=60s +build:results --tls_enabled + +# Output BES results url +build:results --bes_results_url="https://source.cloud.google.com/results/invocations/" + +# Set flags for uploading to BES without Remote Build Execution. +build:results-local --bes_backend="buildeventservice.googleapis.com" +build:results-local --bes_timeout=60s +build:results-local --tls_enabled=true +build:results-local --auth_enabled=true +build:results-local --spawn_strategy=local +build:results-local --remote_cache=remotebuildexecution.googleapis.com +build:results-local --remote_timeout=3600 +build:results-local --bes_results_url="https://source.cloud.google.com/results/invocations/" @@ -314,6 +314,28 @@ Run your container again, and inspect the files under `/tmp/runsc`. The log file with name `boot` will contain the strace logs from your application, which can be useful for identifying missing or broken system calls in gVisor. +### Building/testing with Remote Execution + +If you have a [Remote Build Execution][rbe] environment, you can use it to speed +up gVisor build and test cycles. + +You must authenticate with the project first: + +``` +gcloud auth application-default login --no-launch-browser +``` + +Then invoke bazel with the following flags: + +``` +--config=remote +--project_id=$PROJECT +--remote_instance_name=projects/$PROJECT/instances/default_instance +``` + +You can also add those flags to your local ~/.bazelrc to avoid needing to +specify them each time on the command line. + ### Enabling network passthrough For high-performance networking applications, you may choose to disable the user @@ -455,6 +477,7 @@ See [Contributing.md](CONTRIBUTING.md). [netstack]: https://github.com/google/netstack [oci]: https://www.opencontainers.org [python]: https://python.org +[rbe]: https://blog.bazel.build/2018/10/05/remote-build-execution.html [runsc-nightly-sha]: https://storage.googleapis.com/gvisor/releases/nightly/latest/runsc.sha512 [runsc-nightly]: https://storage.googleapis.com/gvisor/releases/nightly/latest/runsc [sandbox]: https://en.wikipedia.org/wiki/Sandbox_(computer_security) @@ -27,11 +27,11 @@ gazelle_dependencies() # See releases at https://releases.bazel.build/bazel-toolchains.html http_archive( name = "bazel_toolchains", - sha256 = "4b1468b254a572dbe134cc1fd7c6eab1618a72acd339749ea343bd8f55c3b7eb", - strip_prefix = "bazel-toolchains-d665ccfa3e9c90fa789671bf4ef5f7c19c5715c4", + sha256 = "67335b3563d9b67dc2550b8f27cc689b64fadac491e69ce78763d9ba894cc5cc", + strip_prefix = "bazel-toolchains-cddc376d428ada2927ad359211c3e356bd9c9fbb", urls = [ - "https://mirror.bazel.build/github.com/bazelbuild/bazel-toolchains/archive/d665ccfa3e9c90fa789671bf4ef5f7c19c5715c4.tar.gz", - "https://github.com/bazelbuild/bazel-toolchains/archive/d665ccfa3e9c90fa789671bf4ef5f7c19c5715c4.tar.gz", + "https://mirror.bazel.build/github.com/bazelbuild/bazel-toolchains/archive/cddc376d428ada2927ad359211c3e356bd9c9fbb.tar.gz", + "https://github.com/bazelbuild/bazel-toolchains/archive/cddc376d428ada2927ad359211c3e356bd9c9fbb.tar.gz", ], ) diff --git a/kokoro/run_tests.sh b/kokoro/run_tests.sh index c52bdfc1b..4769fc7a0 100755 --- a/kokoro/run_tests.sh +++ b/kokoro/run_tests.sh @@ -47,11 +47,6 @@ bazel version # Load the kvm module sudo -n -E modprobe kvm -# Bazel start-up flags for RBE. -BAZEL_RBE_FLAGS=( - "--bazelrc=${WORKSPACE_DIR}/.bazelrc_rbe" -) - # General Bazel build/test flags. BAZEL_BUILD_FLAGS=( "--show_timestamps" @@ -77,9 +72,7 @@ build_everything() { FLAVOR="${1}" cd ${WORKSPACE_DIR} - bazel \ - "${BAZEL_RBE_FLAGS[@]}" \ - build \ + bazel build \ -c "${FLAVOR}" "${BAZEL_BUILD_RBE_FLAGS[@]}" \ "${BUILD_PACKAGES[@]}" } @@ -88,8 +81,7 @@ build_everything() { # configuration. run_simple_tests() { cd ${WORKSPACE_DIR} - bazel \ - test \ + bazel test \ "${BAZEL_BUILD_FLAGS[@]}" \ "${TEST_PACKAGES[@]}" } @@ -178,9 +170,7 @@ run_root_tests() { # Run syscall unit tests. run_syscall_tests() { cd ${WORKSPACE_DIR} - bazel \ - "${BAZEL_RBE_FLAGS[@]}" \ - test "${BAZEL_BUILD_RBE_FLAGS[@]}" \ + bazel test "${BAZEL_BUILD_RBE_FLAGS[@]}" \ --test_tag_filters=runsc_ptrace //test/syscalls/... } diff --git a/.bazelrc_rbe b/tools/bazel-0.24.0.bazelrc index 8c663ad0a..a8348faab 100644 --- a/.bazelrc_rbe +++ b/tools/bazel-0.24.0.bazelrc @@ -12,17 +12,14 @@ # See the License for the specific language governing permissions and # limitations under the License. -# Note for gVisor authors: -# This version is a derivative of: bazel-0.23.0.bazelrc -# From: https://github.com/bazelbuild/bazel-toolchains/blob/master/bazelrc/bazel-0.20.0.bazelrc +# This file is auto-generated from release/bazelrc.tpl and should not be +# modified directly. -# This .bazelrc file contains all of the flags required for the toolchain, -# Remote Build Execution, and the Bazel Build Results UI. Specific flags in -# your Bazel command allow you to use only the remote build, to use only the -# results UI, or to use them both together. - -# Remote Build Execution requires a strong hash function, such as SHA256. -startup --host_jvm_args=-Dbazel.DigestFunction=SHA256 +# This .bazelrc file contains all of the flags required for the provided +# toolchain with Remote Build Execution. +# +# This .bazelrc file also contains all of the flags required for the local +# docker sandboxing. # Depending on how many machines are in the remote execution instance, setting # this higher can make builds faster by allowing more jobs to run in parallel. @@ -41,7 +38,7 @@ build:remote --host_javabase=@bazel_toolchains//configs/ubuntu16_04_clang/1.2:jd build:remote --javabase=@bazel_toolchains//configs/ubuntu16_04_clang/1.2:jdk8 build:remote --host_java_toolchain=@bazel_tools//tools/jdk:toolchain_hostjdk8 build:remote --java_toolchain=@bazel_tools//tools/jdk:toolchain_hostjdk8 -build:remote --crosstool_top=@bazel_toolchains//configs/ubuntu16_04_clang/1.2/bazel_0.23.0/default:toolchain +build:remote --crosstool_top=@bazel_toolchains//configs/ubuntu16_04_clang/1.2/bazel_0.24.0/default:toolchain build:remote --action_env=BAZEL_DO_NOT_DETECT_CPP_TOOLCHAIN=1 # Platform flags: # The toolchain container used for execution is defined in the target indicated @@ -51,10 +48,10 @@ build:remote --action_env=BAZEL_DO_NOT_DETECT_CPP_TOOLCHAIN=1 # "extra_toolchains" to be selected (given constraints defined in # "exec_compatible_with"). # More about platforms: https://docs.bazel.build/versions/master/platforms.html -build:remote --extra_toolchains=//test:cc-toolchain-clang-x86_64-default -build:remote --extra_execution_platforms=//test:rbe_ubuntu1604 -build:remote --host_platform=//test:rbe_ubuntu1604 -build:remote --platforms=//test:rbe_ubuntu1604 +build:remote --extra_toolchains=@bazel_toolchains//configs/ubuntu16_04_clang/1.2/bazel_0.24.0/cpp:cc-toolchain-clang-x86_64-default +build:remote --extra_execution_platforms=@bazel_toolchains//configs/ubuntu16_04_clang/1.2:rbe_ubuntu1604 +build:remote --host_platform=@bazel_toolchains//configs/ubuntu16_04_clang/1.2:rbe_ubuntu1604 +build:remote --platforms=@bazel_toolchains//configs/ubuntu16_04_clang/1.2:rbe_ubuntu1604 # Set various strategies so that all actions execute remotely. Mixing remote # and local execution will lead to errors unless the toolchain and remote @@ -82,26 +79,20 @@ build:remote --remote_timeout=3600 # default. You can use --auth_credentials=some_file.json to use a service # account credential instead. build:remote --auth_enabled=true -build:remote --auth_scope="https://www.googleapis.com/auth/cloud-source-tools" - -# Set flags for uploading to BES in order to view results in the Bazel Build -# Results UI. -build:results --bes_backend="buildeventservice.googleapis.com" -build:results --bes_timeout=60s -build:results --tls_enabled - -# Output BES results url -build:results --bes_results_url="https://source.cloud.google.com/results/invocations/" -# Set flags for uploading to BES without Remote Build Execution. -build:results-local --bes_backend="buildeventservice.googleapis.com" -build:results-local --bes_timeout=60s -build:results-local --tls_enabled=true -build:results-local --auth_enabled=true -build:results-local --spawn_strategy=local -build:results-local --remote_cache=remotebuildexecution.googleapis.com -build:results-local --remote_timeout=3600 -build:results-local --bes_results_url="https://source.cloud.google.com/results/invocations/" +# The following flags are only necessary for local docker sandboxing +# with the rbe-ubuntu16-04 container. Use of these flags is still experimental. +build:docker-sandbox --host_javabase=@bazel_toolchains//configs/ubuntu16_04_clang/1.2:jdk8 +build:docker-sandbox --javabase=@bazel_toolchains//configs/ubuntu16_04_clang/1.2:jdk8 +build:docker-sandbox --crosstool_top=@bazel_toolchains//configs/ubuntu16_04_clang/1.2/bazel_0.24.0/default:toolchain +build:docker-sandbox --experimental_docker_image=gcr.io/cloud-marketplace/google/rbe-ubuntu16-04@sha256:da0f21c71abce3bbb92c3a0c44c3737f007a82b60f8bd2930abc55fe64fc2729 +build:docker-sandbox --spawn_strategy=docker +build:docker-sandbox --strategy=Javac=docker +build:docker-sandbox --strategy=Closure=docker +build:docker-sandbox --strategy=Genrule=docker +build:docker-sandbox --define=EXECUTOR=remote +build:docker-sandbox --experimental_docker_verbose +build:docker-sandbox --experimental_enable_docker_sandbox # The following flags enable the remote cache so action results can be shared # across machines, developers, and workspaces. |