Turn bonanza_builder into a worker

Instead of having a gRPC server integrated into bonanza_builder and
letting clients connect to it directly, this change alters it so that it
behaves like a worker that connects to the scheduler. bonanza_bazel will
now submit builds to the scheduler. This makes it easy to spin up pools
of bonanza_builder systems.

Author: EdSchouten

cmd/bonanza_builder/BUILD.bazel

@@ -10,28 +10,33 @@ go_library(
         "//pkg/model/analysis",
         "//pkg/model/core",
         "//pkg/model/encoding",
-        "//pkg/proto/build",
         "//pkg/proto/configuration/bonanza_builder",
         "//pkg/proto/model/analysis",
+        "//pkg/proto/model/build",
+        "//pkg/proto/model/command",
         "//pkg/proto/remoteexecution",
+        "//pkg/proto/remoteworker",
         "//pkg/proto/storage/dag",
         "//pkg/proto/storage/object",
+        "//pkg/remoteexecution",
+        "//pkg/remoteworker",
         "//pkg/storage/dag",
         "//pkg/storage/object",
         "//pkg/storage/object/grpc",
         "//pkg/storage/object/namespacemapping",
         "@com_github_buildbarn_bb_remote_execution//pkg/filesystem",
+        "@com_github_buildbarn_bb_storage//pkg/clock",
         "@com_github_buildbarn_bb_storage//pkg/filesystem",
         "@com_github_buildbarn_bb_storage//pkg/filesystem/path",
         "@com_github_buildbarn_bb_storage//pkg/global",
-        "@com_github_buildbarn_bb_storage//pkg/grpc",
         "@com_github_buildbarn_bb_storage//pkg/http",
         "@com_github_buildbarn_bb_storage//pkg/program",
+        "@com_github_buildbarn_bb_storage//pkg/random",
         "@com_github_buildbarn_bb_storage//pkg/util",
-        "@org_golang_google_grpc//:grpc",
         "@org_golang_google_grpc//codes",
         "@org_golang_google_grpc//status",
         "@org_golang_google_protobuf//proto",
+        "@org_golang_google_protobuf//types/known/emptypb",
         "@org_golang_x_sync//semaphore",
     ],
 )

cmd/bonanza_builder/main.go

@@ -2,42 +2,46 @@ package main
 
 import (
 	"context"
-	"crypto/ecdh"
-	"crypto/x509"
-	"encoding/pem"
+	"encoding/json"
 	"fmt"
 	"net/http"
 	"os"
 	"runtime"
+	"time"
 
 	re_filesystem "github.com/buildbarn/bb-remote-execution/pkg/filesystem"
+	"github.com/buildbarn/bb-storage/pkg/clock"
 	"github.com/buildbarn/bb-storage/pkg/filesystem"
 	"github.com/buildbarn/bb-storage/pkg/filesystem/path"
 	"github.com/buildbarn/bb-storage/pkg/global"
-	bb_grpc "github.com/buildbarn/bb-storage/pkg/grpc"
 	bb_http "github.com/buildbarn/bb-storage/pkg/http"
 	"github.com/buildbarn/bb-storage/pkg/program"
+	"github.com/buildbarn/bb-storage/pkg/random"
 	"github.com/buildbarn/bb-storage/pkg/util"
 	"github.com/buildbarn/bonanza/pkg/evaluation"
 	model_analysis "github.com/buildbarn/bonanza/pkg/model/analysis"
 	model_core "github.com/buildbarn/bonanza/pkg/model/core"
 	"github.com/buildbarn/bonanza/pkg/model/encoding"
-	build_pb "github.com/buildbarn/bonanza/pkg/proto/build"
 	"github.com/buildbarn/bonanza/pkg/proto/configuration/bonanza_builder"
 	model_analysis_pb "github.com/buildbarn/bonanza/pkg/proto/model/analysis"
+	model_build_pb "github.com/buildbarn/bonanza/pkg/proto/model/build"
+	model_command_pb "github.com/buildbarn/bonanza/pkg/proto/model/command"
 	remoteexecution_pb "github.com/buildbarn/bonanza/pkg/proto/remoteexecution"
+	remoteworker_pb "github.com/buildbarn/bonanza/pkg/proto/remoteworker"
 	dag_pb "github.com/buildbarn/bonanza/pkg/proto/storage/dag"
 	object_pb "github.com/buildbarn/bonanza/pkg/proto/storage/object"
+	remoteexecution "github.com/buildbarn/bonanza/pkg/remoteexecution"
+	"github.com/buildbarn/bonanza/pkg/remoteworker"
 	"github.com/buildbarn/bonanza/pkg/storage/dag"
 	"github.com/buildbarn/bonanza/pkg/storage/object"
 	object_grpc "github.com/buildbarn/bonanza/pkg/storage/object/grpc"
 	object_namespacemapping "github.com/buildbarn/bonanza/pkg/storage/object/namespacemapping"
 
 	"golang.org/x/sync/semaphore"
-	"google.golang.org/grpc"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
 	"google.golang.org/protobuf/proto"
+	"google.golang.org/protobuf/types/known/emptypb"
 )
 
 func main() {
@@ -82,125 +86,147 @@ func main() {
 			return util.StatusWrap(err, "Failed to create execution gRPC client")
 		}
 
-		executionClientPrivateKeyBlock, _ := pem.Decode([]byte(configuration.ExecutionClientPrivateKey))
-		if executionClientPrivateKeyBlock == nil {
-			return status.Error(codes.InvalidArgument, "Execution client private key does not contain a PEM block")
+		executionClientPrivateKey, err := remoteexecution.ParseECDHPrivateKey([]byte(configuration.ExecutionClientPrivateKey))
+		if err != nil {
+			return util.StatusWrap(err, "Failed to parse execution client private key")
 		}
-		if executionClientPrivateKeyBlock.Type != "PRIVATE KEY" {
-			return status.Error(codes.InvalidArgument, "Execution client private key PEM block is not of type PRIVATE KEY")
+		executionClientCertificateChain, err := remoteexecution.ParseCertificateChain([]byte(configuration.ExecutionClientCertificateChain))
+		if err != nil {
+			return util.StatusWrap(err, "Failed to parse execution client certificate chain")
 		}
-		executionClientPrivateKey, err := x509.ParsePKCS8PrivateKey(executionClientPrivateKeyBlock.Bytes)
+
+		remoteWorkerConnection, err := grpcClientFactory.NewClientFromConfiguration(configuration.RemoteWorkerGrpcClient)
 		if err != nil {
-			return util.StatusWrap(err, "Failed to parse execution client private key")
+			return util.StatusWrap(err, "Failed to create remote worker RPC client")
 		}
-		executionClientECDHPrivateKey, ok := executionClientPrivateKey.(*ecdh.PrivateKey)
-		if !ok {
-			return status.Error(codes.InvalidArgument, "Execution client private key is not an ECDH private key")
+		remoteWorkerClient := remoteworker_pb.NewOperationQueueClient(remoteWorkerConnection)
+
+		platformPrivateKeys, err := remoteworker.ParsePlatformPrivateKeys(configuration.PlatformPrivateKeys)
+		if err != nil {
+			return err
 		}
-		var executionClientCertificates [][]byte
-		for certificateBlock, remainder := pem.Decode([]byte(configuration.ExecutionClientCertificateChain)); certificateBlock != nil; certificateBlock, remainder = pem.Decode(remainder) {
-			if certificateBlock.Type != "CERTIFICATE" {
-				return status.Error(codes.InvalidArgument, "Execution client certificate PEM block is not of type CERTIFICATE")
-			}
-			executionClientCertificates = append(executionClientCertificates, certificateBlock.Bytes)
-		}
-
-		if err := bb_grpc.NewServersFromConfigurationAndServe(
-			configuration.GrpcServers,
-			func(s grpc.ServiceRegistrar) {
-				build_pb.RegisterBuilderServer(s, &builderServer{
-					objectDownloader:              objectDownloader,
-					dagUploaderClient:             dag_pb.NewUploaderClient(storageGRPCClient),
-					objectContentsWalkerSemaphore: semaphore.NewWeighted(int64(runtime.NumCPU())),
-					httpClient: &http.Client{
-						Transport: bb_http.NewMetricsRoundTripper(roundTripper, "Builder"),
-					},
-					filePool:                    filePool,
-					cacheDirectory:              cacheDirectory,
-					executionClient:             remoteexecution_pb.NewExecutionClient(executionGRPCClient),
-					executionClientPrivateKey:   executionClientECDHPrivateKey,
-					executionClientCertificates: executionClientCertificates,
-				})
+		clientCertificateAuthorities, err := remoteworker.ParseClientCertificateAuthorities(configuration.ClientCertificateAuthorities)
+		if err != nil {
+			return err
+		}
+		workerName, err := json.Marshal(configuration.WorkerId)
+		if err != nil {
+			return util.StatusWrap(err, "Failed to marshal worker ID")
+		}
+
+		executor := &builderExecutor{
+			objectDownloader:              objectDownloader,
+			dagUploaderClient:             dag_pb.NewUploaderClient(storageGRPCClient),
+			objectContentsWalkerSemaphore: semaphore.NewWeighted(int64(runtime.NumCPU())),
+			httpClient: &http.Client{
+				Transport: bb_http.NewMetricsRoundTripper(roundTripper, "Builder"),
 			},
-			siblingsGroup,
-		); err != nil {
-			return util.StatusWrap(err, "gRPC server failure")
+			filePool:       filePool,
+			cacheDirectory: cacheDirectory,
+			executionClient: remoteexecution.NewClient[*model_command_pb.Action, emptypb.Empty, *model_command_pb.Result](
+				remoteexecution_pb.NewExecutionClient(executionGRPCClient),
+				executionClientPrivateKey,
+				executionClientCertificateChain,
+			),
 		}
+		client, err := remoteworker.NewClient(
+			remoteWorkerClient,
+			executor,
+			clock.SystemClock,
+			random.CryptoThreadSafeGenerator,
+			platformPrivateKeys,
+			clientCertificateAuthorities,
+			configuration.WorkerId,
+			/* sizeClass = */ 0,
+			/* isLargestSizeClass = */ true,
+		)
+		if err != nil {
+			return util.StatusWrap(err, "Failed to create remote worker client")
+		}
+		remoteworker.LaunchWorkerThread(siblingsGroup, client.Run, string(workerName))
 
 		lifecycleState.MarkReadyAndWait(siblingsGroup)
 		return nil
 	})
 }
 
-type builderServer struct {
+type builderExecutor struct {
 	objectDownloader              object.Downloader[object.GlobalReference]
 	dagUploaderClient             dag_pb.UploaderClient
 	objectContentsWalkerSemaphore *semaphore.Weighted
 	httpClient                    *http.Client
 	filePool                      re_filesystem.FilePool
 	cacheDirectory                filesystem.Directory
-	executionClient               remoteexecution_pb.ExecutionClient
-	executionClientPrivateKey     *ecdh.PrivateKey
-	executionClientCertificates   [][]byte
+	executionClient               *remoteexecution.Client[*model_command_pb.Action, emptypb.Empty, *emptypb.Empty, *model_command_pb.Result]
 }
 
-func (s *builderServer) PerformBuild(request *build_pb.PerformBuildRequest, server build_pb.Builder_PerformBuildServer) error {
-	ctx := server.Context()
+func (e *builderExecutor) CheckReadiness(ctx context.Context) error {
+	return nil
+}
 
-	namespace, err := object.NewNamespace(request.Namespace)
+func (e *builderExecutor) Execute(ctx context.Context, action *model_build_pb.Action, executionTimeout time.Duration, executionEvents chan<- proto.Message) (proto.Message, time.Duration, remoteworker_pb.CurrentState_Completed_Result) {
+	namespace, err := object.NewNamespace(action.Namespace)
 	if err != nil {
-		return util.StatusWrap(err, "Invalid namespace")
+		return &model_build_pb.Result{
+			Status: status.Convert(util.StatusWrap(err, "Invalid namespace")).Proto(),
+		}, 0, remoteworker_pb.CurrentState_Completed_FAILED
 	}
 	instanceName := namespace.InstanceName
-	objectDownloader := object_namespacemapping.NewNamespaceAddingDownloader(s.objectDownloader, namespace)
-	buildSpecificationReference, err := namespace.NewGlobalReference(request.BuildSpecificationReference)
+	objectDownloader := object_namespacemapping.NewNamespaceAddingDownloader(e.objectDownloader, namespace)
+	buildSpecificationReference, err := namespace.NewGlobalReference(action.BuildSpecificationReference)
 	if err != nil {
-		return util.StatusWrap(err, "Invalid build specification reference")
+		return &model_build_pb.Result{
+			Status: status.Convert(util.StatusWrap(err, "Invalid build specification reference")).Proto(),
+		}, 0, remoteworker_pb.CurrentState_Completed_FAILED
 	}
 	buildSpecificationEncoder, err := encoding.NewBinaryEncoderFromProto(
-		request.BuildSpecificationEncoders,
+		action.BuildSpecificationEncoders,
 		uint32(namespace.ReferenceFormat.GetMaximumObjectSizeBytes()),
 	)
 	if err != nil {
-		return util.StatusWrap(err, "Invalid build specification encoders")
+		return &model_build_pb.Result{
+			Status: status.Convert(util.StatusWrap(err, "Invalid build specification encoder")).Proto(),
+		}, 0, remoteworker_pb.CurrentState_Completed_FAILED
 	}
 	value, err := evaluation.FullyComputeValue(
 		ctx,
 		model_analysis.NewTypedComputer(model_analysis.NewBaseComputer(
 			objectDownloader,
 			buildSpecificationReference,
 			buildSpecificationEncoder,
-			s.httpClient,
-			s.filePool,
-			s.cacheDirectory,
-			s.executionClient,
-			s.executionClientPrivateKey,
-			s.executionClientCertificates,
+			e.httpClient,
+			e.filePool,
+			e.cacheDirectory,
+			e.executionClient,
 		)),
 		model_core.NewSimpleMessage[proto.Message](&model_analysis_pb.BuildResult_Key{}),
 		func(references []object.LocalReference, objectContentsWalkers []dag.ObjectContentsWalker) error {
 			for i, reference := range references {
 				if err := dag.UploadDAG(
 					ctx,
-					s.dagUploaderClient,
+					e.dagUploaderClient,
 					object.GlobalReference{
 						InstanceName:   instanceName,
 						LocalReference: reference,
 					},
 					objectContentsWalkers[i],
-					s.objectContentsWalkerSemaphore,
+					e.objectContentsWalkerSemaphore,
 					// Assume everything we attempt
 					// to upload is memory backed.
 					object.Unlimited,
 				); err != nil {
-					return fmt.Errorf("failed to store DAG with reference %s: %w", reference.String(), err)
+					return fmt.Errorf("failed to store DAG with reference %e: %w", reference.String(), err)
 				}
 			}
 			return nil
 		},
 	)
 	if err != nil {
-		return err
+		return &model_build_pb.Result{
+			Status: status.Convert(err).Proto(),
+		}, 0, remoteworker_pb.CurrentState_Completed_FAILED
 	}
-	return status.Errorf(codes.Internal, "XXX: %s", value)
+	return &model_build_pb.Result{
+		Status: status.Newf(codes.Internal, "TODO: %s", value).Proto(),
+	}, 0, remoteworker_pb.CurrentState_Completed_FAILED
 }

cmd/bonanza_worker/main.go

@@ -2,10 +2,7 @@ package main
 
 import (
 	"context"
-	"crypto/ecdh"
-	"crypto/x509"
 	"encoding/json"
-	"encoding/pem"
 	"fmt"
 	"os"
 	"regexp"
@@ -116,36 +113,13 @@ func main() {
 				}
 				maximumWritableFileUploadDelay := runnerConfiguration.MaximumWritableFileUploadDelay.AsDuration()
 
-				platformPrivateKeys := make([]*ecdh.PrivateKey, 0, len(runnerConfiguration.PlatformPrivateKeys))
-				for i, privateKey := range runnerConfiguration.PlatformPrivateKeys {
-					privateKeyBlock, _ := pem.Decode([]byte(privateKey))
-					if privateKeyBlock == nil {
-						return status.Errorf(codes.InvalidArgument, "Platform private key at index %d does not contain a PEM block", i)
-					}
-					if privateKeyBlock.Type != "PRIVATE KEY" {
-						return status.Errorf(codes.InvalidArgument, "PEM block of platform private key at index %d is not of type PRIVATE KEY", i)
-					}
-					parsedPrivateKey, err := x509.ParsePKCS8PrivateKey(privateKeyBlock.Bytes)
-					if err != nil {
-						return util.StatusWrapf(err, "Failed to parse platform private key at index %d", i)
-					}
-					ecdhPrivateKey, ok := parsedPrivateKey.(*ecdh.PrivateKey)
-					if !ok {
-						return status.Errorf(codes.InvalidArgument, "Platform private key at index %d is not an ECDH private key", i)
-					}
-					platformPrivateKeys = append(platformPrivateKeys, ecdhPrivateKey)
+				platformPrivateKeys, err := remoteworker.ParsePlatformPrivateKeys(runnerConfiguration.PlatformPrivateKeys)
+				if err != nil {
+					return err
 				}
-
-				clientCertificateAuthorities := x509.NewCertPool()
-				for certificateBlock, remainder := pem.Decode([]byte(runnerConfiguration.ClientCertificateAuthorities)); certificateBlock != nil; certificateBlock, remainder = pem.Decode(remainder) {
-					if certificateBlock.Type != "CERTIFICATE" {
-						return status.Error(codes.InvalidArgument, "Client certificate authority is not of type CERTIFICATE")
-					}
-					certificate, err := x509.ParseCertificate(certificateBlock.Bytes)
-					if err != nil {
-						return util.StatusWrapWithCode(err, codes.InvalidArgument, "Invalid certificate in client certificate authorities")
-					}
-					clientCertificateAuthorities.AddCert(certificate)
+				clientCertificateAuthorities, err := remoteworker.ParseClientCertificateAuthorities(runnerConfiguration.ClientCertificateAuthorities)
+				if err != nil {
+					return err
 				}
 
 				hiddenFilesPattern := func(s string) bool { return false }
@@ -193,7 +167,7 @@ func main() {
 						return util.StatusWrap(err, "Failed to marshal worker ID")
 					}
 
-					buildExecutor := model_command.NewLocalExecutor(
+					executor := model_command.NewLocalExecutor(
 						objectDownloader,
 						dag_pb.NewUploaderClient(storageGRPCClient),
 						semaphore.NewWeighted(int64(runtime.NumCPU())),
@@ -216,7 +190,7 @@ func main() {
 
 					client, err := remoteworker.NewClient(
 						schedulerClient,
-						buildExecutor,
+						executor,
 						clock.SystemClock,
 						random.CryptoThreadSafeGenerator,
 						platformPrivateKeys,

deployments/demo/bonanza_bazel.cert.pem

@@ -0,0 +1,9 @@
+-----BEGIN CERTIFICATE-----
+MIIBSzCB/qADAgECAgEBMAUGAytlcDB6MQswCQYDVQQGEwJBVTETMBEGA1UECAwK
+U29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMTMw
+MQYDVQQDDCpib25hbnphX2JhemVsIGNsaWVudCBjZXJ0aWZpY2F0ZSBhdXRob3Jp
+dHkwHhcNMjUwMjI2MDM1OTQyWhcNMjYwMjI2MDM1OTQyWjAAMCowBQYDK2VuAyEA
+w7t6QbVj8lPoYaVaXXdrf5bR9MWk69Q9Uk7zhzLFFVCjIzAhMB8GA1UdIwQYMBaA
+FO+HGe4qoGcrhpMEko3YDP3y/NKpMAUGAytlcANBACBDHwX3t1TK6XNPcvqsXvfc
+8L0TdNSQ6yjK2gYcSid7kR6K0IK/blaL3vohZXnEmcRI/4bFRtQgzluSmhcwFAM=
+-----END CERTIFICATE-----

deployments/demo/bonanza_bazel.key.pem

@@ -0,0 +1,3 @@
+-----BEGIN PRIVATE KEY-----
+MC4CAQAwBQYDK2VuBCIEIMDh16UF9Qs2bafl+trOBKyuhSW1PWndsbyMv3tQfrVC
+-----END PRIVATE KEY-----