x/build/dashboard: many builders are configured with GO_DISABLE_OUTBOUND_NETWORK=1, but it has effect only on linux-386-stretch, linux-amd64-stretch #51444

dmitshur · 2022-03-02T21:03:13Z

Issue #51439 demonstrates that linux-386-stretch, linux-amd64-stretch builders correctly failed when internet access (to something other than https://proxy.golang.org and https://vcs-test.golang.org) was accidentally needed for a test to run, but many other Linux builders did not, despite their configuration including "GO_DISABLE_OUTBOUND_NETWORK=1".

The buildlet binary is currently responsible for implementing the internet shut-off, perhaps something broke? Maybe by now we have a better way available to implement this?

CC @golang/release.

The text was updated successfully, but these errors were encountered:

gopherbot · 2022-03-02T21:06:56Z

Change https://go.dev/cl/389394 mentions this issue: cmd/golangorg: move test cases that need internet to live.txt

One test case added in CL 388016 depends on production resources, specifically the snippet https://play.golang.org/p/MAohLsrz7JQ.go served by the production instance of the Go playground. This would be caught by TryBots where internet access is disabled, but that didn't happen due to golang/go#51444. Updates golang/go#51181. Fixes golang/go#51439. Change-Id: I4f1c5ea1a6ccad9ae4e5cbb749e3dee0b26731b5 Reviewed-on: https://go-review.googlesource.com/c/website/+/389394 Reviewed-by: Bryan Mills <bcmills@google.com> Reviewed-by: Jamal Carvalho <jamalcarvalho@google.com> Trust: Dmitri Shuralyov <dmitshur@google.com>

heschi · 2022-03-15T18:45:09Z

Let's consider putting these in the trybot set for now.

gopherbot · 2022-07-21T14:41:50Z

Change https://go.dev/cl/418778 mentions this issue: dashboard: add linux-amd64-stretch to TryBot set

gopherbot · 2022-07-21T14:41:51Z

Change https://go.dev/cl/418777 mentions this issue: cmd/buildlet: update vcs-test.golang.org IP

dmitshur · 2022-07-21T17:02:28Z

On a linux-amd64 gomote:

root@buildlet-linux-bullseye-rnb2120c9:/workdir# /sbin/iptables
-bash: /sbin/iptables: No such file or directory

That's probably why it's not working on it: the iptables binary isn't available, yet that's how cmd/buildlet tries to disable the outbound network.

It is available on linux-amd64-stretch:

root@buildlet-linux-stretch-rnd7166e2:~# /sbin/iptables
iptables v1.6.0: no command specified
Try `iptables -h' or 'iptables --help' for more information.

dmitshur · 2022-07-21T17:17:19Z

We install the iptables package both in stretch (here) and bullseye (here) images. But in bullseye it's available at a slightly different path:

~# which iptables
/usr/sbin/iptables

It's changing as part of the move to GKE. Keep the old IP temporarily accessible while the DNS change gradually propagates. For golang/go#53889. Updates golang/go#51444. Change-Id: I324623c3b79d1b7af0dd2d8f3aea5acec4b849f7 Reviewed-on: https://go-review.googlesource.com/c/build/+/418777 Reviewed-by: Heschi Kreinick <heschi@google.com> Run-TryBot: Dmitri Shuralyov <dmitshur@golang.org> Reviewed-by: Carlos Amedee <carlos@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Auto-Submit: Dmitri Shuralyov <dmitshur@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org>

gopherbot · 2022-07-21T18:48:19Z

Change https://go.dev/cl/418792 mentions this issue: cmd/buildlet: find iptables on newer systems, via PATH

gopherbot · 2022-07-22T18:54:19Z

Change https://go.dev/cl/419079 mentions this issue: cmd/buildlet: update Makefile targets

gopherbot · 2022-07-22T19:14:17Z

Change https://go.dev/cl/419174 mentions this issue: internal/worker: make tests hermetic

This change fixes various inconsistencies, and adds missing targets. Remove the gotip version override for building the riscv64 buildlet. It might've been necessary in the past, but it isn't by now. Remove OpenBSD 6.0-specific buildlets, they're long since obsolete. Updates golang/go#51444. Change-Id: I8b56511d092915a28e9ab7eba799472b37d9d411 Reviewed-on: https://go-review.googlesource.com/c/build/+/419079 Run-TryBot: Dmitri Shuralyov <dmitshur@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Auto-Submit: Dmitri Shuralyov <dmitshur@golang.org> Reviewed-by: Heschi Kreinick <heschi@google.com> TryBot-Result: Gopher Robot <gobot@golang.org>

Refactor tests that contact proxy.golang.org to use a local HTTP server instead. Fixes failures on builders with no outbound network. For golang/go#51444. Change-Id: I7d4e5a0b2dc4b1c0cddd12435e3656307bed4c70 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/419174 TryBot-Result: Gopher Robot <gobot@golang.org> Run-TryBot: Damien Neil <dneil@google.com> Reviewed-by: Jonathan Amsterdam <jba@google.com>

One test case added in CL 388016 depends on production resources, specifically the snippet https://play.golang.org/p/MAohLsrz7JQ.go served by the production instance of the Go playground. This would be caught by TryBots where internet access is disabled, but that didn't happen due to golang/go#51444. Updates golang/go#51181. Fixes golang/go#51439. Change-Id: I4f1c5ea1a6ccad9ae4e5cbb749e3dee0b26731b5 Reviewed-on: https://go-review.googlesource.com/c/website/+/389394 Reviewed-by: Bryan Mills <bcmills@google.com> Reviewed-by: Jamal Carvalho <jamalcarvalho@google.com> Trust: Dmitri Shuralyov <dmitshur@google.com>

dmitshur added Builders x/build issues (builders, bots, dashboards) NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. labels Mar 2, 2022

dmitshur added this to the Unreleased milestone Mar 2, 2022

dmitshur mentioned this issue Mar 2, 2022

x/website/cmd/golangorg: frequent TestWeb failures with "connect: no route to host" to play.golang.org since CL 388016 #51439

Closed

heschi added this to Planned in Go Release Team Mar 15, 2022

dmitshur mentioned this issue Jun 27, 2022

x/build: build failures due to 410 Gone responses from symbolic-datum-552 GOPROXY #53572

Open

dmitshur added NeedsFix The path to resolution is known, but the work has not been done. and removed NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. labels Jul 21, 2022

dmitshur self-assigned this Jul 21, 2022

dmitshur moved this from Planned to In Progress in Go Release Team Jul 21, 2022

gopherbot closed this as completed in golang/build@dcd7d5a Jul 21, 2022

Go Release Team automation moved this from In Progress to Done Jul 21, 2022

golang locked and limited conversation to collaborators Jul 22, 2023

gopherbot added the FrozenDueToAge label Jul 22, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

x/build/dashboard: many builders are configured with GO_DISABLE_OUTBOUND_NETWORK=1, but it has effect only on linux-386-stretch, linux-amd64-stretch #51444

x/build/dashboard: many builders are configured with GO_DISABLE_OUTBOUND_NETWORK=1, but it has effect only on linux-386-stretch, linux-amd64-stretch #51444

dmitshur commented Mar 2, 2022 •

edited

gopherbot commented Mar 2, 2022

heschi commented Mar 15, 2022

gopherbot commented Jul 21, 2022

gopherbot commented Jul 21, 2022

dmitshur commented Jul 21, 2022

dmitshur commented Jul 21, 2022

gopherbot commented Jul 21, 2022

gopherbot commented Jul 22, 2022

gopherbot commented Jul 22, 2022

x/build/dashboard: many builders are configured with GO_DISABLE_OUTBOUND_NETWORK=1, but it has effect only on linux-386-stretch, linux-amd64-stretch #51444

x/build/dashboard: many builders are configured with GO_DISABLE_OUTBOUND_NETWORK=1, but it has effect only on linux-386-stretch, linux-amd64-stretch #51444

Comments

dmitshur commented Mar 2, 2022 • edited

gopherbot commented Mar 2, 2022

heschi commented Mar 15, 2022

gopherbot commented Jul 21, 2022

gopherbot commented Jul 21, 2022

dmitshur commented Jul 21, 2022

dmitshur commented Jul 21, 2022

gopherbot commented Jul 21, 2022

gopherbot commented Jul 22, 2022

gopherbot commented Jul 22, 2022

dmitshur commented Mar 2, 2022 •

edited