Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x/build/dashboard: many builders are configured with GO_DISABLE_OUTBOUND_NETWORK=1, but it has effect only on linux-386-stretch, linux-amd64-stretch #51444

Closed
dmitshur opened this issue Mar 2, 2022 · 9 comments
Closed

x/build/dashboard: many builders are configured with GO_DISABLE_OUTBOUND_NETWORK=1, but it has effect only on linux-386-stretch, linux-amd64-stretch #51444

dmitshur opened this issue Mar 2, 2022 · 9 comments
Assignees
@dmitshur
Labels
Builders x/build issues (builders, bots, dashboards) FrozenDueToAge NeedsFix The path to resolution is known, but the work has not been done.
Milestone
Unreleased

Comments

@dmitshur
Copy link
Contributor

dmitshur commented Mar 2, 2022
edited
Loading

Issue #51439 demonstrates that linux-386-stretch, linux-amd64-stretch builders correctly failed when internet access (to something other than https://proxy.golang.org and https://vcs-test.golang.org) was accidentally needed for a test to run, but many other Linux builders did not, despite their configuration including "GO_DISABLE_OUTBOUND_NETWORK=1".

The buildlet binary is currently responsible for implementing the internet shut-off, perhaps something broke? Maybe by now we have a better way available to implement this?

CC @golang/release.
@dmitshur dmitshur added Builders x/build issues (builders, bots, dashboards) NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. labels Mar 2, 2022
@dmitshur dmitshur added this to the Unreleased milestone Mar 2, 2022
@gopherbot
Copy link
Contributor

Change https://go.dev/cl/389394 mentions this issue: cmd/golangorg: move test cases that need internet to live.txt

@dmitshur dmitshur mentioned this issue Mar 2, 2022
Closed
gopherbot pushed a commit to golang/website that referenced this issue Mar 2, 2022
@dmitshur
cmd/golangorg: move test case that needs internet to live.txt
42bfd6b 
One test case added in CL 388016 depends on production resources,
specifically the snippet https://play.golang.org/p/MAohLsrz7JQ.go
served by the production instance of the Go playground.

This would be caught by TryBots where internet access is disabled,
but that didn't happen due to golang/go#51444.

Updates golang/go#51181.
Fixes golang/go#51439.

Change-Id: I4f1c5ea1a6ccad9ae4e5cbb749e3dee0b26731b5
Reviewed-on: https://go-review.googlesource.com/c/website/+/389394
Reviewed-by: Bryan Mills <bcmills@google.com>
Reviewed-by: Jamal Carvalho <jamalcarvalho@google.com>
Trust: Dmitri Shuralyov <dmitshur@google.com>
@heschi
Copy link
Contributor

heschi commented Mar 15, 2022

Let's consider putting these in the trybot set for now.

@dmitshur dmitshur mentioned this issue Jun 27, 2022
Open
@gopherbot
Copy link
Contributor

Change https://go.dev/cl/418778 mentions this issue: dashboard: add linux-amd64-stretch to TryBot set

@gopherbot
Copy link
Contributor

Change https://go.dev/cl/418777 mentions this issue: cmd/buildlet: update vcs-test.golang.org IP

@dmitshur
Copy link
Contributor Author

On a linux-amd64 gomote:

root@buildlet-linux-bullseye-rnb2120c9:/workdir# /sbin/iptables
-bash: /sbin/iptables: No such file or directory

That's probably why it's not working on it: the iptables binary isn't available, yet that's how cmd/buildlet tries to disable the outbound network.

It is available on linux-amd64-stretch:

root@buildlet-linux-stretch-rnd7166e2:~# /sbin/iptables
iptables v1.6.0: no command specified
Try `iptables -h' or 'iptables --help' for more information.

@dmitshur
Copy link
Contributor Author

We install the iptables package both in stretch (here) and bullseye (here) images. But in bullseye it's available at a slightly different path:

~# which iptables
/usr/sbin/iptables

@dmitshur dmitshur added NeedsFix The path to resolution is known, but the work has not been done. and removed NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. labels Jul 21, 2022
@dmitshur dmitshur self-assigned this Jul 21, 2022
gopherbot pushed a commit to golang/build that referenced this issue Jul 21, 2022
@dmitshur @gopherbot
cmd/buildlet: update vcs-test.golang.org IP
530f97d 
It's changing as part of the move to GKE.

Keep the old IP temporarily accessible
while the DNS change gradually propagates.

For golang/go#53889.
Updates golang/go#51444.

Change-Id: I324623c3b79d1b7af0dd2d8f3aea5acec4b849f7
Reviewed-on: https://go-review.googlesource.com/c/build/+/418777
Reviewed-by: Heschi Kreinick <heschi@google.com>
Run-TryBot: Dmitri Shuralyov <dmitshur@golang.org>
Reviewed-by: Carlos Amedee <carlos@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Auto-Submit: Dmitri Shuralyov <dmitshur@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
@gopherbot
Copy link
Contributor

Change https://go.dev/cl/418792 mentions this issue: cmd/buildlet: find iptables on newer systems, via PATH

@gopherbot
Copy link
Contributor

Change https://go.dev/cl/419079 mentions this issue: cmd/buildlet: update Makefile targets

@gopherbot
Copy link
Contributor

Change https://go.dev/cl/419174 mentions this issue: internal/worker: make tests hermetic

gopherbot pushed a commit to golang/build that referenced this issue Jul 22, 2022
@dmitshur @gopherbot
cmd/buildlet: update Makefile targets
6b9a04b 
This change fixes various inconsistencies, and adds missing targets.

Remove the gotip version override for building the riscv64 buildlet.
It might've been necessary in the past, but it isn't by now.

Remove OpenBSD 6.0-specific buildlets, they're long since obsolete.

Updates golang/go#51444.

Change-Id: I8b56511d092915a28e9ab7eba799472b37d9d411
Reviewed-on: https://go-review.googlesource.com/c/build/+/419079
Run-TryBot: Dmitri Shuralyov <dmitshur@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Auto-Submit: Dmitri Shuralyov <dmitshur@golang.org>
Reviewed-by: Heschi Kreinick <heschi@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
gopherbot pushed a commit to golang/vulndb that referenced this issue Jul 22, 2022
@neild
internal/worker: make tests hermetic
fdcbe42 
Refactor tests that contact proxy.golang.org to use a local
HTTP server instead. Fixes failures on builders with no
outbound network.

For golang/go#51444.

Change-Id: I7d4e5a0b2dc4b1c0cddd12435e3656307bed4c70
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/419174
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Damien Neil <dneil@google.com>
Reviewed-by: Jonathan Amsterdam <jba@google.com>
@heschi heschi moved this to Done in Go Release Sep 27, 2022
MK825 added a commit to MK825/website that referenced this issue Oct 18, 2022
@MK825
cmd/golangorg: move test case that needs internet to live.txt
dd5f40b 
One test case added in CL 388016 depends on production resources,
specifically the snippet https://play.golang.org/p/MAohLsrz7JQ.go
served by the production instance of the Go playground.

This would be caught by TryBots where internet access is disabled,
but that didn't happen due to golang/go#51444.

Updates golang/go#51181.
Fixes golang/go#51439.

Change-Id: I4f1c5ea1a6ccad9ae4e5cbb749e3dee0b26731b5
Reviewed-on: https://go-review.googlesource.com/c/website/+/389394
Reviewed-by: Bryan Mills <bcmills@google.com>
Reviewed-by: Jamal Carvalho <jamalcarvalho@google.com>
Trust: Dmitri Shuralyov <dmitshur@google.com>
@golang golang locked and limited conversation to collaborators Jul 22, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@dmitshur dmitshur

Labels
Builders x/build issues (builders, bots, dashboards) FrozenDueToAge NeedsFix The path to resolution is known, but the work has not been done.
Projects
Go Release
Archived in project
Milestone
Unreleased
Development

No branches or pull requests
3 participants
@dmitshur @gopherbot @heschi