diff --git a/buildbot/google/README.md b/buildbot/google/README.md new file mode 100644 --- /dev/null +++ b/buildbot/google/README.md @@ -0,0 +1,5 @@ +# LLVM buildbot workers configuration + +This folder contains some of the configuration of the buildbots managed +at Google. The workers are deployed on Google Cloud. + diff --git a/buildbot/google/docker/README.md b/buildbot/google/docker/README.md new file mode 100644 --- /dev/null +++ b/buildbot/google/docker/README.md @@ -0,0 +1,23 @@ +This folder contains the Dockerfiles and scripts used for some of the +buildbot workers. + +# Scripts + +This folder also contains some scripts that are useful in working with the +docker images. + +## build_run.sh +Build a docker image and run it locally + +## build_deploy.sh +Build a docker image, increment the version number, tag it and upload it to +the registry. + +# Secrets + +The buildbot workers need a password to authenticate with the buildbot server. +This password needs to be kept a secert. The usual way to handle it is to store +the secrets in a secure place and during runtime mount that secure place into +the container. The secret file shall just contain the password in plain text. + +Kubernetes offers a [mechanism to handle secrets](https://kubernetes.io/docs/concepts/configuration/secret/). diff --git a/buildbot/google/docker/build_deploy.sh b/buildbot/google/docker/build_deploy.sh new file mode 100755 --- /dev/null +++ b/buildbot/google/docker/build_deploy.sh @@ -0,0 +1,73 @@ +#!/bin/bash +#===-- build_deploy.sh ---------------------------------------------------===// +# Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. +# See https://llvm.org/LICENSE.txt for license information. +# SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception +# +#===----------------------------------------------------------------------===// +# This script will deploy a docker image to the registry. +# Arguments: +# +# This updates the `VERSION` file with the latest version number. +#===----------------------------------------------------------------------===// + +set -eu + +DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" +IMAGE_NAME="${1%/}" + +# increment version number +cd "${DIR}/${IMAGE_NAME}" + +# get version numbers from repository +# FIXME: use variables to configure URL +ALL_VERSIONS=$(gcloud container images list-tags gcr.io/sanitizer-bots/${IMAGE_NAME} --format=text | \ + awk '/tags.*:\W+[0-9]+/ {print $2}') +# read local version number from file and add it to the array +ALL_VERSIONS+=($(cat VERSION)) +# find maximum version number and increment it +VERSION=$(echo "${ALL_VERSIONS[*]}" | sort -nr | head -n1) +VERSION=$(( ${VERSION} + 1 )) + +# get the git hash and add some suffixes +GIT_HASH=$(git rev-parse HEAD) +if [[ $(git diff --stat) != '' ]]; then + # if working copy is dirty + GIT_HASH+="-dirty-${USER}" +elif [[ $(git --no-pager diff origin/master | wc -l) > 0 ]]; then + # if the hash has not been uploaded to origin/master yet + GIT_HASH+="-local-${USER}" +fi + +# fully qualified image name +# FIXME: use variables to configure URL +QUALIFIED_NAME="gcr.io/sanitizer-bots/${IMAGE_NAME}" +# tags to be added to the image and pushed to the repository +TAGS=( + "${QUALIFIED_NAME}:latest" + "${QUALIFIED_NAME}:${VERSION}" + "${QUALIFIED_NAME}:${GIT_HASH}" + ) + +# build the image and tag it locally +docker build -t ${IMAGE_NAME}:latest -t ${IMAGE_NAME}:${VERSION} . + +# print the list of tags to be pushed +echo "-----------------------------------------" +echo "image version: ${VERSION}" +echo "tags:" +printf ' %s\n' "${TAGS[@]}" +echo "-----------------------------------------" +read -p "Push to registry? [yN]" -n 1 -r +echo + +if [[ $REPLY =~ ^[Yy]$ ]] +then + for TAG in "${TAGS[@]}" + do + docker tag ${IMAGE_NAME}:${VERSION} "${TAG}" + docker push "${TAG}" + done + # store the version number + echo "${VERSION}" > VERSION +fi diff --git a/buildbot/google/docker/build_run.sh b/buildbot/google/docker/build_run.sh new file mode 100755 --- /dev/null +++ b/buildbot/google/docker/build_run.sh @@ -0,0 +1,29 @@ +#!/bin/bash +#===-- build_run.sh ------------------------------------------------------===// +# Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. +# See https://llvm.org/LICENSE.txt for license information. +# SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception +# +#===----------------------------------------------------------------------===// +# This script will deploy a docker image to the registry. +# Arguments: +# +# +# optional: +#===----------------------------------------------------------------------===// + +set -eux + +DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" +IMAGE_NAME="${1%/}" +SECRET_STORAGE="$2" +CMD= +if [ "$#" -eq 3 ]; +then + CMD="$3" +fi + +cd "${DIR}/${IMAGE_NAME}" + +docker build -t "${IMAGE_NAME}:latest" . +docker run -it -v "${SECRET_STORAGE}":/secrets "${IMAGE_NAME}" ${CMD} diff --git a/buildbot/google/docker/buildbot-mlir-nvidia/Dockerfile b/buildbot/google/docker/buildbot-mlir-nvidia/Dockerfile new file mode 100644 --- /dev/null +++ b/buildbot/google/docker/buildbot-mlir-nvidia/Dockerfile @@ -0,0 +1,57 @@ +#===-- Dockerfile --------------------------------------------------------===// +# Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. +# See https://llvm.org/LICENSE.txt for license information. +# SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception +# +#===----------------------------------------------------------------------===// +# Docker image used for the mlir-nvidia builder +#===----------------------------------------------------------------------===// + +# Use the image from NVIDIA as base +FROM nvidia/cuda:10.2-base-ubuntu18.04 + + +# install build tools +RUN apt-get update; \ + apt-get install -y software-properties-common apt-transport-https ca-certificates \ + clang-8 lld-8 ninja-build git wget gnupg ccache \ + python python-pip python-psutil ;\ + update-alternatives --install /usr/bin/clang clang /usr/bin/clang-8 100 ;\ + update-alternatives --install /usr/bin/clang++ clang++ /usr/bin/clang++-8 100 ;\ + update-alternatives --install /usr/bin/lld lld /usr/bin/lld-8 100 + +# install cuda +# avoid popups for keyboard configurations +RUN DEBIAN_FRONTEND=noninteractive apt-get install -y cuda + +# Ubuntu ships with old cmake version, install the latest one +# from https://apt.kitware.com/ +RUN wget -O - https://apt.kitware.com/keys/kitware-archive-latest.asc 2>/dev/null | \ + gpg --dearmor - | \ + tee /etc/apt/trusted.gpg.d/kitware.gpg >/dev/null ;\ + apt-add-repository 'deb https://apt.kitware.com/ubuntu/ bionic main' ;\ + apt-get update ;\ + apt-get install -y cmake + +# install (old) build bot version +# this version of build bot requires python2! +RUN pip install buildbot-slave==0.8.11 + +# Volume to mount secrets into the container +VOLUME /secrets + +# create user account, some test fail if run as root +RUN useradd buildbot --create-home +WORKDIR /home/buildbot +USER buildbot + +# copy startup script +COPY run.sh /home/buildbot/ + +ENV WORKER_NAME="mlir-nvidia" + +# Set up buildbot host and maintainer info. +RUN mkdir -p "${WORKER_NAME}/info/" ;\ + echo "Christian Kühnel " > "${WORKER_NAME}/info/admin" + +CMD ./run.sh diff --git a/buildbot/google/docker/buildbot-mlir-nvidia/VERSION b/buildbot/google/docker/buildbot-mlir-nvidia/VERSION new file mode 100644 --- /dev/null +++ b/buildbot/google/docker/buildbot-mlir-nvidia/VERSION @@ -0,0 +1 @@ +1 \ No newline at end of file diff --git a/buildbot/google/docker/buildbot-mlir-nvidia/run.sh b/buildbot/google/docker/buildbot-mlir-nvidia/run.sh new file mode 100755 --- /dev/null +++ b/buildbot/google/docker/buildbot-mlir-nvidia/run.sh @@ -0,0 +1,45 @@ +#!/bin/bash +#===-- run.sh -------------------------------------------------------------===// +# Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. +# See https://llvm.org/LICENSE.txt for license information. +# SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception +# +#===----------------------------------------------------------------------===// +# This script will start the buildbot worker +#===----------------------------------------------------------------------===// + +set -eu + +# Read the worker password from a mounted file. +WORKER_PASSWORD=$(cat /secrets/token) + +# generate the host information of this worker +( + uname -a ; \ + cat /proc/cpuinfo | grep "model name" | head -n1 | cut -d " " -f 3- ;\ + echo "number of cores: $(nproc)" ;\ + nvidia-smi -L | cut -d "(" -f 1 ;\ + lsb_release -d | cut -f 2- ; \ + clang --version | head -n1 ; \ + ld.lld-8 --version ; \ + cmake --version | head -n1 +) > ${WORKER_NAME}/info/host + +# FIXME(kuhnel): +# It looks like GKE sometimes deploys the container before the NVIDIA drivers +# are loaded on the host. In this case the GPU is not available during the +# entire lifecycle of the container. Not sure how to fix this properly. +# Maybe the above entry is enough as it depends on a working `nvidia-smi`. +# If not a workaround might be to check for the graphics card in this script and +# exit immediately if it's not available. + +# create the folder structure +buildslave create-slave --keepalive=200 "${WORKER_NAME}" \ + lab.llvm.org:9994 "${WORKER_NAME}" "${WORKER_PASSWORD}" + +# start the daemon, this command return immetiately +buildslave start "${WORKER_NAME}" + +# To keep the container running and produce log outputs: dump the worker +# log to stdout +tail -f ${WORKER_NAME}/twistd.log