Goma Setup

[Yang Gu]

I'm following up instructions at https://chromium.googlesource.com/infra/goma/server/ and https://chromium.googlesource.com/infra/goma/client to set up Goma service within Intel. However, I met some issues to make it run well and I have some further questions that need your help.
So far, my progress is a server with Ubuntu 19.04 has been set up, while my client side machines can be Windows or Linux. If I run client on same machine as server (export GOMA_SERVER_HOST=localhost), it seemed Goma already worked well. But if I change GOMA_SERVER_HOST to real <server_hostname>, compiler_proxy couldn't start successfully using "goma_ctl.py start". You may see I met same issue for other client machines. The command for me to start remoteexec_proxy is "remoteexec_proxy --port 5050 --platform-container-image "docker://<id>" --remoteexec-addr <server_hostname> --remote-instance-name <server_hostname> --whitelisted-users <user>". So my detailed questions are:
1. What's the issue that localhost could work, but server_hostname for GOMA_SERVER_HOST couldn't work? I think I must misunderstand some options here, like --remoteexec-addr, --remote-instance-name, --service-account-json. 
2. How to specify the option for "--whitelisted-users", if I have multiple users? My Windows machine is in a special domain, while server is not. 
3. How can I set up the server with more than 1 machine? How should I change the configuration of client?

4. How can I restrict the users of Goma server? 

If you have some more detailed document, or detailed description of some options for both server and client commands, or some further examples, that would be very helpful. Thanks!

[Yoshisato Yanagisawa]

2019年5月20日(月) 17:51 Yang Gu <yan...@intel.com>:

I'm following up instructions at https://chromium.googlesource.com/infra/goma/server/ and https://chromium.googlesource.com/infra/goma/client to set up Goma service within Intel. However, I met some issues to make it run well and I have some further questions that need your help.
So far, my progress is a server with Ubuntu 19.04 has been set up, while my client side machines can be Windows or Linux. If I run client on same machine as server (export GOMA_SERVER_HOST=localhost), it seemed Goma already worked well. But if I change GOMA_SERVER_HOST to real <server_hostname>, compiler_proxy couldn't start successfully using "goma_ctl.py start". You may see I met same issue for other client machines. The command for me to start remoteexec_proxy is "remoteexec_proxy --port 5050 --platform-container-image "docker://<id>" --remoteexec-addr <server_hostname> --remote-instance-name <server_hostname> --whitelisted-users <user>". So my detailed questions are:
1. What's the issue that localhost could work, but server_hostname for GOMA_SERVER_HOST couldn't work? I think I must misunderstand some options here, like --remoteexec-addr, --remote-instance-name, --service-account-json. 

I suppose firewall etc exists between two machines, or you did not set -whitelisted-users to something relevant.

Is it possible for you to show error message you see?

 

2. How to specify the option for "--whitelisted-users", if I have multiple users? My Windows machine is in a special domain, while server is not. 

According to the command description, it accepts command separated values.

https://chromium.googlesource.com/infra/goma/server/+/48224f31513604484d7c74afa5fd9d7e621e1691/cmd/remoteexec_proxy/main.go#65

If you need to grant access to users with ",", you might need to modify the code:

https://chromium.googlesource.com/infra/goma/server/+/48224f31513604484d7c74afa5fd9d7e621e1691/cmd/remoteexec_proxy/main.go#220

https://ci.chromium.org/p/goma-server/builders/try/linux_rel/b8912960842023440416 can be a good example to know how to build Goma server with your change.

 

3. How can I set up the server with more than 1 machine? How should I change the configuration of client?

You can use HTTP load balancer.  Although Goma client keep the connection alive, one compile request would be sent with one HTTP request, I guess the request balanced well.

Goma client can understand multiple A and AAAA DNS records, but it only use the IP address who replied the first.  Round robin DNS may not work well.

 

4. How can I restrict the users of Goma server? 

I think --whitelisted-users is provided for that purpose.  Or, do I misunderstand your question?

 

If you have some more detailed document, or detailed description of some options for both server and client commands, or some further examples, that would be very helpful. Thanks!

 

You might have already seen https://docs.google.com/document/d/1VcBQEQP4EmSYViHjadV2A3SbLzq25f7IPo5l_gO-6ZU/edit#heading=h.hcec26kp2ye5, right?

Every flag usually has explanation, but if it is not clear, please feel free to ask us.

By the way, I have seen somebody running remotexec_proxy in Google Kubernetes Engine in chromium.slack.com #goma channel.

--
--
Chromium Developers mailing list: chromi...@chromium.org
View archives, change email options, or unsubscribe:
http://groups.google.com/a/chromium.org/group/chromium-dev
---
You received this message because you are subscribed to the Google Groups "Chromium-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-dev...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-dev/331d9bc2-1b0a-4c7c-a70d-c2e17d04d48a%40chromium.org.

[Yoshisato Yanagisawa]

2021年4月1日(木) 15:17 nicke hu <nic...@gmail.com>:

I'm not a Googler and I ran into the same problem, which made everything very difficult.

I have two working machines, I want to use them in combination with goma.

remoteexec_proxy converts Goma protocol to RBE protocol.  Thus, you need to have RBE servers somewhere and need to make remoteexec_server use the RBE servers.

Just to confirm but you have RBE servers in your local area network, right?

 

in Ubuntu 20 local test
goma server：
$ remoteexec_proxy --port 5050 --allowed-users nick..@gmail.com
...  INFO  using default service account

Just to confirm you also set the following parameters to somewhere you have RBE servers, right?

   --platform-container-image "docker://...@sha256:..." \
   --remoteexec-addr $REMOTEEXEC_ADDR \
   --remote-instance-name $REMOTE_INSTANCE_NAME

 

goma client:
$ export GOMA_USE_SSL=false
$ export GOMA_SERVER_PORT=5050
$ export GOMA_SERVER_HOST=localhost
$ goma_ctl.py ensure_start
...
compiler poxy (pid=44927) status: http://127.0.0.1:8088 error: access to backend servers was rejected.
Failed to start compiler_proxy.

Login as nick...@gmail.com
Current user is not registered with Goma service at http://localhost:5050 with GOMA_RPC_EXTRA_PARAMS="". Unable to use Goma.

What do I need to do to make goma work.

Let me know more about your status.

Do you have RBE servers?  If you use 3rd party implementation, which one do you use?

[nicke hu]

I'm not a Googler and I ran into the same problem, which made everything very difficult.

I have two working machines, I want to use them in combination with goma.

in Ubuntu 20 local test
goma server：
$ remoteexec_proxy --port 5050 --allowed-users nick..@gmail.com
...  INFO  using default service account

goma client:
$ export GOMA_USE_SSL=false
$ export GOMA_SERVER_PORT=5050
$ export GOMA_SERVER_HOST=localhost
$ goma_ctl.py ensure_start
...
compiler poxy (pid=44927) status: http://127.0.0.1:8088 error: access to backend servers was rejected.
Failed to start compiler_proxy.

Login as nick...@gmail.com
Current user is not registered with Goma service at http://localhost:5050 with GOMA_RPC_EXTRA_PARAMS="". Unable to use Goma.

What do I need to do to make goma work.

在2019年5月20日星期一 UTC+8 下午5:57:56<yyana...@chromium.org> 写道：

[nicke hu]

Thanks for reply
There is indeed no RBE service.  I am looking up relevant information.

bazel-buildfarm & remote-apis

I will spend a lot of time to break through.

[Leon Deng]

Hi ,

I  try to build Chromium by goma,   and I notice that goma server is open source. So I try to create my own goma server.

1 Follow the document : https://chromium.googlesource.com/infra/goma/server/  to run the server

export GOMA_SERVER_HOST=localhost
export GOMA_SERVER_PORT=7000
export PATH=$HOME/gocode/bin:$PATH

remoteexec_proxy --port  7000\
   --remoteexec-addr localhost \
   --remote-instance-name goma-server \
   --whitelisted-users l**@gmail.com

 2 Follow the document : https://chromium.googlesource.com/infra/goma/client/  to run the client

to make client connect to server, I change server_host to localhost:7000

$HOME/client/out/Release/goma_ctl.py start

using /run/user/1000/goma_orange as tmpdir
GOMA version ca
waiting for compiler_proxy to respond...
waiting for compiler_proxy to respond...
waiting for compiler_proxy to respond...

......

waiting for compiler_proxy to respond...
waiting for compiler_proxy to respond...
compiler proxy (pid=23147) status: http://127.0.0.1:8088 error: access to backend servers was rejected.
Failed to start compiler_proxy.
Login as leon.de...@gmail.com
Port: 7000
Temporary error?  try again

It seems that current  goma client is not registered with goma service.

En, I'm not sure how does goma server work , there are some questions:

1  Can I create my own goma server without connecting to google? 

2  If possible, how can I change my step to let  goma client connect to goma server to build ?

Expect some message  to save my life.

[Yoshisato Yanagisawa]

Sorry for the slow reply.

2021年5月11日(火) 19:33 Leon Deng <leon.de...@gmail.com>:

I saw people set up their own Goma server with 3rd party RE in chromium #goma slack channel.  However, I have never tried them yet.

 

2  If possible, how can I change my step to let  goma client connect to goma server to build ?

I think Goma client connects to Google API service to authenticate itself, and I could not find the switch to disable that.

You might need to edit http_init.cc to make it not set any kinds of oauth2 configs.

 

If it cannot connect to Google API service, the Goma client will connect to the server without an OAuth2 access token.  The way to make it connect to your Goma server should be fine.