Bazel: remote-executor should support sandboxing
Using remote executor for running test has several benefits
Using sandboxing allows to run tests isolated (especially around binding ports)
We need to allow doing both.
Currently on HEAD (https://github.com/bazelbuild/bazel/commit/9323f3b8afb02df8ac359fb5f6805ba94361591f) version the remote worker does not support it.
How to test it's working: I'll run two test targets that bind the same port for 10 seconds and expect them to work without
@philwo Will be happy if you can inspect that
cc: @ulfjack @ola-rozenfeld
or-shachar
All 10 comments
I'm working on this, but I'm out of office until Monday. Will give you an update middle of next week.
philwo
on 14 Jun 2017
Hey @philwo - any news regarding this issue?
or-shachar
on 21 Jun 2017
A big refactoring CL got approved today: https://bazel-review.googlesource.com/c/12090/
I'll submit it later today and then implement the sandboxing part.
I think it should be not too hard, the only open question is where to get the linux-sandbox binary from.
Maybe I can just include it in the runfiles of the worker via a data dependency. I'll figure it out. :)
philwo
on 21 Jun 2017
@philwo that's great! thanks!
or-shachar
on 21 Jun 2017
Done and in code review now: https://bazel-review.googlesource.com/c/12173/ :)
philwo
on 22 Jun 2017
Yay, thank you! 👏🏽
On Thu, 22 Jun 2017 at 16:38 Philipp Wollermann notifications@github.com
wrote:
Done and in code review now:
https://bazel-review.googlesource.com/c/12173/ :)—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
https://github.com/bazelbuild/bazel/issues/3188#issuecomment-310382681,
or mute the thread
https://github.com/notifications/unsubscribe-auth/ABUIF68v9btO3tAShQVqirRARBJp_2tZks5sGm5TgaJpZM4N5tiE
.
ittaiz
on 22 Jun 2017
Hi,
Any news?
ittaiz
on 28 Jun 2017
Great timing with the push. Pushed code news is best news :D
philwo
on 28 Jun 2017
Happy to report it's working well 👍
(sandboxed remote run inside docker container running on mac osx)
Here's my Dockerfile for bazel worker:
FROM java:8
RUN apt-get update
RUN apt-get install -y wget lxc git build-essential zip unzip
RUN mkdir /tmp/image-making
# install bazel
RUN wget --no-verbose -O /tmp/image-making/bazel-installer.sh https://github.com/bazelbuild/bazel/releases/download/0.5.2/bazel-0.5.2-installer-linux-x86_64.sh
RUN bash /tmp/image-making/bazel-installer.sh
# build latest bazel from sources
RUN wget --no-verbose -O /tmp/image-making/bazel.tar.gz https://github.com/bazelbuild/bazel/archive/d698367067c1ca52c8e23eae58232d0d5a4861cd.tar.gz
WORKDIR /tmp/image-making
RUN tar -xzf bazel.tar.gz
RUN mkdir -p /usr/src
RUN mv bazel-d698367067c1ca52c8e23eae58232d0d5a4861cd /usr/src/io_bazel
# remove temp dir
RUN rm -rf /tmp/image-making
WORKDIR /usr/src/io_bazel
# build bazel
RUN bazel build //src:bazel
# make bazel latest default bazel
RUN cp bazel-bin/src/bazel /usr/local/bin/
# build remote worker
RUN bazel build src/tools/remote_worker:all
RUN mkdir -p /bazel_cache
RUN mkdir -p /run/shm
CMD bazel-bin/src/tools/remote_worker/remote_worker \
--work_path=/bazel_cache \
--listen_port=3030 \
--sandboxing \
--sandboxing_writable_path=/run/shm \
--sandboxing_tmpfs_dir=/tmp \
--sandboxing_block_network
Thanks a lot for your effort!
or-shachar
on 2 Jul 2017
Thanks for reporting back and I'm so glad to hear that it's working :)
philwo
on 10 Jul 2017
Related issues
GaofengCheng
·
3Comments
ajaysaini-sgvu
·
3Comments
davidzchen
·
3Comments
xinxiao
·
3Comments
sandipmgiri
·
3Comments
Most helpful comment
Great timing with the push. Pushed code news is best news :D