Swarming bot: Design containment API |
|||||||||
Issue descriptionThere are many OS specific ways to contain a task. Many of them will require configuration. This issue is about creating a generic way to define containment at the API level, that can then be used as relevant on the OS where the bot runs. Then blocking bugs can describe the low level implementation of each of these containment. Linux: - namespace (e.g. hide /var, /etc, virtualize /tmp) - cgroups (process containment); issue 764493 - chroot (which I'm not sure is worth at all) - LXC or Docker (higher level containment) Windows: - Job objects; issue 732818 macOS: - AppSandbox (?) https://developer.apple.com/library/content/documentation/Security/Conceptual/AppSandboxDesignGuide/AboutAppSandbox/AboutAppSandbox.html
,
Jul 12
,
Dec 19
,
Dec 19
,
Dec 19
,
Dec 19
,
Dec 19
,
Dec 19
,
Dec 19
,
Dec 19
The following revision refers to this bug: https://chromium.googlesource.com/infra/luci/luci-py.git/+/132c74e3ce003b29221bf3e5fc38af8c4f0bc049 commit 132c74e3ce003b29221bf3e5fc38af8c4f0bc049 Author: Marc-Antoine Ruel <maruel@chromium.org> Date: Wed Dec 19 22:33:36 2018 [swarming] Further proto fine tuning Lots of small things I realized after the fact. Doing these before piling more data (TaskResult). - Assign a bug to every TaskState not implemented yet and comment this. - Assign a bug to every BotEventType not implemented yet and comment this. - Add TaskState MISSING_INPUTS and SKIPPED_INTERNAL_FAILURE for further disambiguation of failure modes. - Rename INTERNAL_FAILURE to RAN_INTERNAL_FAILURE to disambiguate with the 2 new related failures. - Fix CASTree.digest back to an hex encoded string. It's 2x larger, but much simpler to work with. - Rename BotInfo.raw to supplemental. The end goal is to have as much structured data as possible, but still allow customer-specified additional data. Renaming 'raw' to 'supplemental' makes this clearer. - Create PhysicalEntity, which will enable the clear separation between host characteristics and device characteristics. - Declare TaskProperties.containment, futureproofing the need for task process containment. This change is a breaking change (proto message renumbering); TaskRequest is not used anywhere yet. Bug: 757931 Bug: 808836 Bug: 870723 Bug: 905087 Bug: 913978 Bug: 916553 Bug: 916556 Bug: 916557 Bug: 916559 Bug: 916560 Bug: 916562 Bug: 916570 Bug: 916578 Change-Id: Ic1a57d15d028802ad5cf8c6a2f13da15fac662c4 Reviewed-on: https://chromium-review.googlesource.com/c/1384425 Commit-Queue: Marc-Antoine Ruel <maruel@chromium.org> Reviewed-by: Quinten Yearsley <qyearsley@chromium.org> [modify] https://crrev.com/132c74e3ce003b29221bf3e5fc38af8c4f0bc049/appengine/swarming/handlers_prpc_test.py [modify] https://crrev.com/132c74e3ce003b29221bf3e5fc38af8c4f0bc049/appengine/swarming/proto/api/plugin_prpc_pb2.py [modify] https://crrev.com/132c74e3ce003b29221bf3e5fc38af8c4f0bc049/appengine/swarming/proto/api/swarming.proto [modify] https://crrev.com/132c74e3ce003b29221bf3e5fc38af8c4f0bc049/appengine/swarming/proto/api/swarming_pb2.py [modify] https://crrev.com/132c74e3ce003b29221bf3e5fc38af8c4f0bc049/appengine/swarming/proto/api/swarming_prpc_pb2.py [modify] https://crrev.com/132c74e3ce003b29221bf3e5fc38af8c4f0bc049/appengine/swarming/server/bot_management.py [modify] https://crrev.com/132c74e3ce003b29221bf3e5fc38af8c4f0bc049/appengine/swarming/server/bot_management_test.py [modify] https://crrev.com/132c74e3ce003b29221bf3e5fc38af8c4f0bc049/appengine/swarming/server/task_request.py [modify] https://crrev.com/132c74e3ce003b29221bf3e5fc38af8c4f0bc049/appengine/swarming/server/task_request_test.py [modify] https://crrev.com/132c74e3ce003b29221bf3e5fc38af8c4f0bc049/appengine/swarming/server/task_result.py [modify] https://crrev.com/132c74e3ce003b29221bf3e5fc38af8c4f0bc049/appengine/swarming/server/task_result_test.py |
|||||||||
►
Sign in to add a comment |
|||||||||
Comment 1 by mar...@chromium.org
, Feb 21 2018