cmd/gomote: add -firewall flag to run, defaulting to off

While debugging golang/go#25386 I found that the firewall defaulting to on made debugging modules hard. So make gomote default to no outbound firewall and make it opt-in for people who want to reproduce the builder more. Also in this CL: start to use server's builder config, not local state (follow up to CL 169678 which was incomplete). It's still incomplete in this CL, but there's now a panic with more useful information to users telling them to update their binary. Updates golang/go#30929 Change-Id: I17bded71919af1e7a9181866a1349eb72da40051 Reviewed-on: https://go-review.googlesource.com/c/build/+/170397 Reviewed-by: Dmitri Shuralyov <[email protected]>
golang · Apr 2, 2019 · 49a6a61 · 49a6a61
1 parent 31fad79
commit 49a6a61
Show file tree

Hide file tree

Showing 9 changed files with 43 additions and 20 deletions.
diff --git a/cmd/gomote/destroy.go b/cmd/gomote/destroy.go
@@ -23,7 +23,7 @@ func destroy(args []string) error {
  fs.Usage()
  }
  name := fs.Arg(0)
- bc, _, err := clientAndConf(name)
+ bc, err := remoteClient(name)
  if err != nil {
  return err
  }

diff --git a/cmd/gomote/get.go b/cmd/gomote/get.go
@@ -29,7 +29,7 @@ func getTar(args []string) error {
  }
 
  name := fs.Arg(0)
- bc, _, err := clientAndConf(name)
+ bc, err := remoteClient(name)
  if err != nil {
  return err
  }

diff --git a/cmd/gomote/list.go b/cmd/gomote/list.go
@@ -43,27 +43,43 @@ func list(args []string) error {
  return nil
 }
 
-// clientAndConfig returns a buildlet.Client and its build config for
+// remoteClient returns a buildlet.Client for a named remote buildlet
+// (a buildlet connection owned by the build coordinator).
+//
+// As a special case, if name contains '@', the name is expected to be
+// of the form <build-config-name>@ip[:port]. For example,
+// "[email protected]".
+func remoteClient(name string) (*buildlet.Client, error) {
+ bc, _, err := clientAndCondConf(name, false)
+ return bc, err
+}
+
+// clientAndConf returns a buildlet.Client and its build config for
 // a named remote buildlet (a buildlet connection owned by the build
 // coordinator).
 //
 // As a special case, if name contains '@', the name is expected to be
 // of the form <build-config-name>@ip[:port]. For example,
 // "[email protected]".
 func clientAndConf(name string) (bc *buildlet.Client, conf *dashboard.BuildConfig, err error) {
- var ok bool
+ return clientAndCondConf(name, true)
+}
 
+func clientAndCondConf(name string, withConf bool) (bc *buildlet.Client, conf *dashboard.BuildConfig, err error) {
  if strings.Contains(name, "@") {
  f := strings.SplitN(name, "@", 2)
  if len(f) != 2 {
  err = fmt.Errorf("unsupported name %q; for @ form expect <build-config-name>@host[:port]", name)
  return
  }
  builderType := f[0]
- conf, ok = dashboard.Builders[builderType]
- if !ok {
- err = fmt.Errorf("unknown builder type %q (name %q)", builderType, name)
- return
+ if withConf {
+ var ok bool
+ conf, ok = dashboard.Builders[builderType]
+ if !ok {
+ err = fmt.Errorf("unknown builder type %q (name %q)", builderType, name)
+ return
+ }
  }
  ipPort := f[1]
  if !strings.Contains(ipPort, ":") {
@@ -82,14 +98,12 @@ func clientAndConf(name string) (bc *buildlet.Client, conf *dashboard.BuildConfi
  if err != nil {
  return
  }
+ var builderType string
+ var ok bool
  for _, rb := range rbs {
  if rb.Name == name {
- conf, ok = dashboard.Builders[rb.BuilderType]
- if !ok {
- err = fmt.Errorf("builder %q exists, but unknown builder type %q", name, rb.BuilderType)
- return
- }
- break
+ ok = true
+ builderType = rb.BuilderType
  }
  }
  if !ok {
@@ -101,5 +115,11 @@ func clientAndConf(name string) (bc *buildlet.Client, conf *dashboard.BuildConfi
  if err != nil {
  return
  }
+
+ conf, ok = dashboard.Builders[builderType]
+ if !ok {
+ log.Fatalf("Builder type %q not known to this gomote binary. Update your gomote binary. TODO: teach gomote to fetch build configs from the server (Issue 30929)", builderType)
+ }
+
  return bc, conf, nil
 }
diff --git a/cmd/gomote/ls.go b/cmd/gomote/ls.go
@@ -35,7 +35,7 @@ func ls(args []string) error {
  dir = fs.Arg(1)
  }
  name := fs.Arg(0)
- bc, _, err := clientAndConf(name)
+ bc, err := remoteClient(name)
  if err != nil {
  return err
  }

diff --git a/cmd/gomote/ping.go b/cmd/gomote/ping.go
@@ -23,7 +23,7 @@ func ping(args []string) error {
  fs.Usage()
  }
  name := fs.Arg(0)
- bc, _, err := clientAndConf(name)
+ bc, err := remoteClient(name)
  if err != nil {
  return err
  }

diff --git a/cmd/gomote/put.go b/cmd/gomote/put.go
@@ -46,7 +46,7 @@ func putTar(args []string) error {
  }
 
  name := fs.Arg(0)
- bc, _, err := clientAndConf(name)
+ bc, err := remoteClient(name)
  if err != nil {
  return err
  }
@@ -125,7 +125,7 @@ func put(args []string) error {
  fs.Usage()
  }
 
- bc, _, err := clientAndConf(fs.Arg(0))
+ bc, err := remoteClient(fs.Arg(0))
  if err != nil {
  return err
  }

diff --git a/cmd/gomote/rm.go b/cmd/gomote/rm.go
@@ -25,7 +25,7 @@ func rm(args []string) error {
  }
  name := fs.Arg(0)
  args = fs.Args()[1:]
- bc, _, err := clientAndConf(name)
+ bc, err := remoteClient(name)
  if err != nil {
  return err
  }

diff --git a/cmd/gomote/run.go b/cmd/gomote/run.go
@@ -28,6 +28,8 @@ func run(args []string) error {
  fs.BoolVar(&debug, "debug", false, "write debug info about the command's execution before it begins")
  var env stringSlice
  fs.Var(&env, "e", "Environment variable KEY=value. The -e flag may be repeated multiple times to add multiple things to the environment.")
+ var firewall bool
+ fs.BoolVar(&firewall, "firewall", false, "Enable outbound firewall on machine. This is on by default on many builders (where supported) but disabled by default on gomote for ease of debugging. Once any command has been run with the -firewall flag on, it's on for the lifetime of that gomote instance.")
  var path string
  fs.StringVar(&path, "path", "", "Comma-separated list of ExecOpts.Path elements. The special string 'EMPTY' means to run without any $PATH. The empty string (default) does not modify the $PATH. Otherwise, the following expansions apply: the string '$PATH' expands to the current PATH element(s), the substring '$WORKDIR' expands to the buildlet's temp workdir.")
 
@@ -67,6 +69,7 @@ func run(args []string) error {
  } else if path != "" {
  pathOpt = strings.Split(path, ",")
  }
+ env = append(env, "GO_DISABLE_OUTBOUND_NETWORK="+fmt.Sprint(firewall))
 
  remoteErr, execErr := bc.Exec(cmd, buildlet.ExecOpts{
  Dir: dir,

diff --git a/cmd/gomote/ssh.go b/cmd/gomote/ssh.go
@@ -30,7 +30,7 @@ func ssh(args []string) error {
  fs.Usage()
  }
  name := fs.Arg(0)
- _, _, err := clientAndConf(name)
+ _, err := remoteClient(name)
  if err != nil {
  return err
  }