From f242fe29f7febf77303e8680b33baa6dd31df4af Mon Sep 17 00:00:00 2001 From: Daniel Moody Date: Thu, 22 Aug 2024 13:52:19 -0500 Subject: [PATCH] SERVER-89304 SERVER-89305 enable remote cache on windows and macos (#26401) GitOrigin-RevId: d0e25409250b3984bd160c583a392a223bc91227 --- .bazelrc | 6 +-- buildscripts/setup_engflow_creds.sh | 27 +++++++++--- evergreen/bazel_RBE_supported.sh | 2 +- site_scons/site_tools/integrate_bazel.py | 56 ++++++++++++++---------- src/third_party/tcmalloc/BUILD.bazel | 4 ++ 5 files changed, 59 insertions(+), 36 deletions(-) diff --git a/.bazelrc b/.bazelrc index 481891da19e..f73c22b5d90 100644 --- a/.bazelrc +++ b/.bazelrc @@ -39,10 +39,6 @@ build:windows --//bazel/config:compiler_type=msvc build:macos --cxxopt=-std=c++20 build:windows --cxxopt=/std:c++20 -# EngFlow remote execution is not available on MacOS and Windows, default to local execution. -common:macos --config=local -common:windows --config=local - # Set the windows version to win10 by default # TODO(SERVER-87654): We may want to add support for other Windows versions in the future. build:windows --cxxopt=-D_WIN32_WINNT=0x0A00 @@ -55,7 +51,7 @@ build:windows --cxxopt=-UCOMPILER_MSVC # remote execution is the default, but only mongodb employees will be able to access # the engflow cluster. External builders should use the local option below # remote execution configs -build --remote_executor=grpcs://sodalite.cluster.engflow.com +build:linux --remote_executor=grpcs://sodalite.cluster.engflow.com build --remote_cache=grpcs://sodalite.cluster.engflow.com build --bes_backend=grpcs://sodalite.cluster.engflow.com build --bes_results_url=https://sodalite.cluster.engflow.com/invocation/ diff --git a/buildscripts/setup_engflow_creds.sh b/buildscripts/setup_engflow_creds.sh index f7a82dda742..9c886b87e2e 100644 --- a/buildscripts/setup_engflow_creds.sh +++ b/buildscripts/setup_engflow_creds.sh @@ -7,18 +7,31 @@ set -o verbose REMOTE_USER=$1 REMOTE_HOST=$2 ZIP_FILE=$3 +LOCAL=$4 if [ -z "$REMOTE_USER" ] || [ -z "$REMOTE_HOST" ] || [ -z "$ZIP_FILE" ]; then echo "Usage: $0 " exit 1 fi -ssh ${REMOTE_USER}@${REMOTE_HOST} "mkdir -p ~/.engflow/creds" -scp ${ZIP_FILE} ${REMOTE_USER}@${REMOTE_HOST}:~/.engflow/creds -ssh ${REMOTE_USER}@${REMOTE_HOST} "cd ~/.engflow/creds; unzip -o engflow-mTLS.zip; rm engflow-mTLS.zip" +if [ -z "$LOCAL" ]; then + ssh ${REMOTE_USER}@${REMOTE_HOST} "mkdir -p ~/.engflow/creds" + scp ${ZIP_FILE} ${REMOTE_USER}@${REMOTE_HOST}:~/.engflow/creds + ssh ${REMOTE_USER}@${REMOTE_HOST} "cd ~/.engflow/creds; unzip -o engflow-mTLS.zip; rm engflow-mTLS.zip" -ssh ${REMOTE_USER}@${REMOTE_HOST} "sudo chown ${REMOTE_USER}:${REMOTE_USER} /home/${REMOTE_USER}/.engflow/creds/engflow.crt /home/${REMOTE_USER}/.engflow/creds/engflow.key" -ssh ${REMOTE_USER}@${REMOTE_HOST} "sudo chmod 600 /home/${REMOTE_USER}/.engflow/creds/engflow.crt /home/${REMOTE_USER}/.engflow/creds/engflow.key" + ssh ${REMOTE_USER}@${REMOTE_HOST} "chown ${REMOTE_USER}:${REMOTE_USER} /home/${REMOTE_USER}/.engflow/creds/engflow.crt /home/${REMOTE_USER}/.engflow/creds/engflow.key" + ssh ${REMOTE_USER}@${REMOTE_HOST} "chmod 600 /home/${REMOTE_USER}/.engflow/creds/engflow.crt /home/${REMOTE_USER}/.engflow/creds/engflow.key" -ssh ${REMOTE_USER}@${REMOTE_HOST} "echo \"build --tls_client_certificate=/home/${REMOTE_USER}/.engflow/creds/engflow.crt\" >> ~/.bazelrc" -ssh ${REMOTE_USER}@${REMOTE_HOST} "echo \"build --tls_client_key=/home/${REMOTE_USER}/.engflow/creds/engflow.key\" >> ~/.bazelrc" + ssh ${REMOTE_USER}@${REMOTE_HOST} "echo \"build --tls_client_certificate=/home/${REMOTE_USER}/.engflow/creds/engflow.crt\" >> ~/.bazelrc" + ssh ${REMOTE_USER}@${REMOTE_HOST} "echo \"build --tls_client_key=/home/${REMOTE_USER}/.engflow/creds/engflow.key\" >> ~/.bazelrc" +else + mkdir -p $HOME/.engflow/creds + unzip -o "$ZIP_FILE" + rm "$ZIP_FILE" + mv engflow.crt $HOME/.engflow/creds + mv engflow.key $HOME/.engflow/creds + chown $USER $HOME/.engflow/creds/engflow.crt $HOME/.engflow/creds/engflow.key + chmod 600 $HOME/.engflow/creds/engflow.crt $HOME/.engflow/creds/engflow.key + echo "build --tls_client_certificate=$HOME/.engflow/creds/engflow.crt" >> $HOME/.bazelrc + echo "build --tls_client_key=$HOME/.engflow/creds/engflow.key" >> $HOME/.bazelrc +fi \ No newline at end of file diff --git a/evergreen/bazel_RBE_supported.sh b/evergreen/bazel_RBE_supported.sh index c54985e3e56..c074be50854 100644 --- a/evergreen/bazel_RBE_supported.sh +++ b/evergreen/bazel_RBE_supported.sh @@ -3,7 +3,7 @@ bazel_rbe_supported() { OS="$(uname)" ARCH="$(uname -m)" - if [ "$OS" == "Linux" ] && { [ "$ARCH" == "aarch64" ] || [ "$ARCH" == "x86_64" ]; }; then + if [ "$ARCH" == "aarch64" ] || [ "$ARCH" == "arm64" ] || [ "$ARCH" == "x86_64" ]; then return 0 else return 1 diff --git a/site_scons/site_tools/integrate_bazel.py b/site_scons/site_tools/integrate_bazel.py index 372a17662fd..7e12238b775 100644 --- a/site_scons/site_tools/integrate_bazel.py +++ b/site_scons/site_tools/integrate_bazel.py @@ -426,6 +426,15 @@ def create_program_builder(env: SCons.Environment.Environment) -> None: env["BUILDERS"]["BazelProgram"] = create_bazel_builder(env["BUILDERS"]["Program"]) +def get_default_cert_dir(): + if platform.system() == "Windows": + return f"C:/cygwin/home/{getpass.getuser()}/.engflow" + elif platform.system() == "Linux": + return f"/home/{getpass.getuser()}/.engflow" + elif platform.system() == "Darwin": + return f"{os.path.expanduser('~')}/.engflow" + + def validate_remote_execution_certs(env: SCons.Environment.Environment) -> bool: running_in_evergreen = os.environ.get("CI") @@ -435,8 +444,15 @@ def validate_remote_execution_certs(env: SCons.Environment.Environment) -> bool: ) return False + if os.name == "nt" and not os.path.exists(f"{os.path.expanduser('~')}/.bazelrc"): + with open(f"{os.path.expanduser('~')}/.bazelrc", "a") as bazelrc: + bazelrc.write( + f"build --tls_client_certificate={get_default_cert_dir()}/creds/engflow.crt\n" + ) + bazelrc.write(f"build --tls_client_key={get_default_cert_dir()}/creds/engflow.key\n") + if not running_in_evergreen and not os.path.exists( - f"/home/{getpass.getuser()}/.engflow/creds/engflow.crt" + f"{get_default_cert_dir()}/creds/engflow.crt" ): # Temporary logic to copy over the credentials for users that ran the installation steps using the old directory (/engflow/). if os.path.exists("/engflow/creds/engflow.crt") and os.path.exists( @@ -446,21 +462,21 @@ def validate_remote_execution_certs(env: SCons.Environment.Environment) -> bool: "Moving EngFlow credentials from the legacy directory (/engflow/) to the new directory (~/.engflow/)." ) try: - os.makedirs(f"/home/{getpass.getuser()}/.engflow/creds/", exist_ok=True) + os.makedirs(f"{get_default_cert_dir()}/creds/", exist_ok=True) shutil.move( "/engflow/creds/engflow.crt", - f"/home/{getpass.getuser()}/.engflow/creds/engflow.crt", + f"{get_default_cert_dir()}/creds/engflow.crt", ) shutil.move( "/engflow/creds/engflow.key", - f"/home/{getpass.getuser()}/.engflow/creds/engflow.key", + f"{get_default_cert_dir()}/creds/engflow.key", ) - with open(f"/home/{getpass.getuser()}/.bazelrc", "a") as bazelrc: + with open(f"{get_default_cert_dir()}/.bazelrc", "a") as bazelrc: bazelrc.write( - f"build --tls_client_certificate=/home/{getpass.getuser()}/.engflow/creds/engflow.crt\n" + f"build --tls_client_certificate={get_default_cert_dir()}/creds/engflow.crt\n" ) bazelrc.write( - f"build --tls_client_key=/home/{getpass.getuser()}/.engflow/creds/engflow.key\n" + f"build --tls_client_key={get_default_cert_dir()}/creds/engflow.key\n" ) except OSError as exc: print(exc) @@ -481,11 +497,11 @@ def validate_remote_execution_certs(env: SCons.Environment.Environment) -> bool: if status_code == 200: public_hostname = response.text else: - public_hostname = "{{REPLACE_WITH_WORKSTATION_HOST_NAME}}" + public_hostname = "localhost" print( - f"""\nERROR: ~/.engflow/creds/engflow.crt not found. Please reach out to #ask-devprod-build if you need help with the steps below. + f"""\nERROR: {get_default_cert_dir()}/creds/engflow.crt not found. Please reach out to #ask-devprod-build if you need help with the steps below. -(If the below steps are not working, remote execution can be disabled by passing BAZEL_FLAGS=--config=local at the end of your scons.py invocation) +(If the below steps are not working or you are an external person to MongoDB, remote execution can be disabled by passing BAZEL_FLAGS=--config=local at the end of your scons.py invocation) Please complete the following steps to generate a certificate: - (If not in the Engineering org) Request access to the MANA group https://mana.corp.mongodbgov.com/resources/659ec4b9bccf3819e5608712 @@ -498,23 +514,23 @@ ZIP_FILE=~/Downloads/engflow-mTLS.zip curl https://raw.githubusercontent.com/mongodb/mongo/master/buildscripts/setup_engflow_creds.sh -o setup_engflow_creds.sh chmod +x ./setup_engflow_creds.sh -./setup_engflow_creds.sh {getpass.getuser()} {public_hostname} $ZIP_FILE\n""" +./setup_engflow_creds.sh {getpass.getuser()} {public_hostname} $ZIP_FILE {"local" if public_hostname == "localhost" else ""}\n""" ) return False if not running_in_evergreen and ( - not os.access(f"/home/{getpass.getuser()}/.engflow/creds/engflow.crt", os.R_OK) - or not os.access(f"/home/{getpass.getuser()}/.engflow/creds/engflow.key", os.R_OK) + not os.access(f"{get_default_cert_dir()}/creds/engflow.crt", os.R_OK) + or not os.access(f"{get_default_cert_dir()}/creds/engflow.key", os.R_OK) ): print( - "Invalid permissions set on ~/.engflow/creds/engflow.crt or ~/.engflow/creds/engflow.key" + f"Invalid permissions set on {get_default_cert_dir()}/creds/engflow.crt or {get_default_cert_dir()}/creds/engflow.key" ) print("Please run the following command to fix the permissions:\n") print( - f"sudo chown {getpass.getuser()}:{getpass.getuser()} /home/{getpass.getuser()}/.engflow/creds/engflow.crt /home/{getpass.getuser()}/.engflow/creds/engflow.key" + f"sudo chown {getpass.getuser()}:{getpass.getuser()} {get_default_cert_dir()}/creds/engflow.crt {get_default_cert_dir()}/creds/engflow.key" ) print( - f"sudo chmod 600 /home/{getpass.getuser()}/.engflow/creds/engflow.crt /home/{getpass.getuser()}/.engflow/creds/engflow.key" + f"sudo chmod 600 {get_default_cert_dir()}/creds/engflow.crt {get_default_cert_dir()}/creds/engflow.key" ) return False return True @@ -851,13 +867,7 @@ def generate(env: SCons.Environment.Environment) -> None: formatted_options = [f"--//bazel/config:{_SANITIZER_MAP[opt]}=True" for opt in options] bazel_internal_flags.extend(formatted_options) - # Disable RE for external developers and when executing on non-linux amd64/arm64 platforms - is_external_developer = not os.path.exists("/opt/mongodbtoolchain") - if ( - normalized_os != "linux" - or normalized_arch not in ["arm64", "amd64"] - or is_external_developer - ): + if normalized_arch not in ["arm64", "amd64"]: bazel_internal_flags.append("--config=local") # Disable remote execution for public release builds. diff --git a/src/third_party/tcmalloc/BUILD.bazel b/src/third_party/tcmalloc/BUILD.bazel index 8f7fb7e18ad..397f903c472 100644 --- a/src/third_party/tcmalloc/BUILD.bazel +++ b/src/third_party/tcmalloc/BUILD.bazel @@ -136,6 +136,7 @@ COPTS = [ "-Wno-deprecated-volatile", "-Wno-implicit-int-float-conversion", ], + "//conditions:default": [], }) # The kernel supported logic is split into 2 select statements to avoid an "ambiguous match" error. @@ -149,6 +150,8 @@ KERNEL_SUPPORTED = select({ }) + select({ "//bazel/config:linux_s390x": ["@platforms//:incompatible"], "//bazel/config:linux_ppc64le": ["@platforms//:incompatible"], + "@platforms//os:macos": ["@platforms//:incompatible"], + "@platforms//os:windows": ["@platforms//:incompatible"], "//conditions:default": [], }) @@ -320,6 +323,7 @@ mongo_cc_library( hdrs = TCMALLOC_HEADERS + select({ "@//bazel/config:linux_aarch64": ["dist/tcmalloc/internal/percpu_rseq_aarch64.S"], "@//bazel/config:linux_x86_64": ["dist/tcmalloc/internal/percpu_rseq_x86_64.S"], + "//conditions:default": [], }), copts = COPTS, includes = INCLUDES,