cmd/makemac: add full instance management to makemac

Currently makemac is extremely minimal, all it does is renew existing
leases.  It does not attempt to detect broken leases or create new
leases. Over time as leases disappear for various reasons, the pool
slowly dwindles, and a human must come along and add new leases.

Extend makemac to perform complete lifecycle management. config.go
specifies the desired count of each image type, and makemac attempts
to maintain that many healthy leases.

There are several different ways that a lease may be unhealthy:

It may fail initial boot. If it fails to connect to the hypervisor,
MacService will automatically remove it eventually. If it connects to
the hypervisor, but not to LUCI, then it will appear healthy in
MacService but be missing from swarming.

It may succeed initial boot and successfully connect to LUCI, but
eventually freeze, crash, etc. This case will appears as a "dead" bot
on LUCI, and may or may not be automatically removed from MacService
depending on the nature of the freeze/crash.

makemac attempts to detect and handle all of these cases. For example,
if LUCI reports a bot as "dead", but MacService still reports it as
alive, makemac will destroy the lease.

Since makemac can now perform destructive actions, we need to add a
bit more safety. Leases created by makemac will set the MacService
lease "project name" to "makemac". The "project name" is effectively
just a tag on the lease.  makemac will only operate on leases with the
"makemac" project. All other leases (such as those manually created by
a human) will be left alone.

Image updates can be performed by changing the image SHA in config.go.
handleObsoleteLeases will automatically destroy old leases using the
old image on the next run.

Change-Id: I9bc53cb5812784adbb5cacf9fb224d64d063c089
Auto-Submit: Michael Pratt <>
LUCI-TryBot-Result: Go LUCI <>
Reviewed-by: Dmitri Shuralyov <>
Reviewed-by: Dmitri Shuralyov <>
9 files changed
tree: da19c0ffb5c75407cf90f8d71101bebad080900b
  1. app/
  2. autocertcache/
  3. buildenv/
  4. buildlet/
  5. cloudfns/
  6. cmd/
  7. dashboard/
  8. deploy/
  9. devapp/
  10. doc/
  11. env/
  12. gerrit/
  13. influx/
  14. internal/
  15. kubernetes/
  16. livelog/
  17. maintner/
  18. pargzip/
  19. perf/
  20. perfdata/
  21. relnote/
  22. repos/
  23. revdial/
  24. tarutil/
  25. third_party/
  26. types/
  27. .dockerignore
  28. .gcloudignore
  29. .gitignore
  30. build.go
  31. codereview.cfg
  33. go.mod
  34. go.sum
  38. update-readmes.go

Go Build Tools

Go Reference

This repository holds the source for various packages and tools that support Go's build system and the development of the Go programming language.

Warning: Packages here are internal to Go's build system and its needs. Some may one day be promoted to another repository, or they may be modified arbitrarily or even disappear altogether. In short, code in this repository is not subject to the Go 1 compatibility promise nor the Release Policy.

Report Issues / Send Patches

This repository uses Gerrit for code changes. To contribute, see

The main issue tracker for the blog is located at Prefix your issue with “x/build/DIR: ” in the subject line.


The main components of the Go build system are:

  • The coordinator, in cmd/coordinator/, serves and It runs on GKE and coordinates the whole build system. It finds work to do (both pre-submit “TryBot” work, and post-submit work) and executes builds, allocating machines to run the builds. It is the owner of all machines. It holds the state for which builds passed or failed, and the build logs.

  • The Go package in buildenv/ contains constants for where the dashboard and coordinator run, for prod, staging, and local development.

  • The buildlet, in cmd/buildlet/, is the HTTP server that runs on each worker machine to execute builds on the coordinator's behalf. This runs on every possible GOOS/GOARCH value. The buildlet binaries are stored on Google Cloud Storage and fetched per-build, so we can update the buildlet binary independently of the underlying machine images. The buildlet is the most insecure server possible: it has HTTP handlers to read & write arbitrary content to disk, and to execute any file on disk. It also has an SSH tunnel handler. The buildlet must never be exposed to the Internet. The coordinator provisions buildlets in one of three ways:

    1. by creating VMs on Google Compute Engine (GCE) with custom images configured to fetch & run the buildlet on boot, listening on port 80 in a private network.

    2. by running Linux containers (on either Google Kubernetes Engine or GCE with the Container-Optimized OS image), with the container images configured to fetch & run the buildlet on start, also listening on port 80 in a private network.

    3. by taking buildlets out of a pool of connected, dedicated machines. The buildlet can run in either listen mode (as on GCE and GKE) or in reverse mode. In reverse mode, the buildlet connects out to and registers itself with the coordinator. The TCP connection is then logically reversed (using revdial and when the coordinator needs to do a build, it makes HTTP requests to the coordinator over the already-open TCP connection.

    These three pools can be viewed at the coordinator's

  • The env/ directory describes build environments. It contains scripts to create VM images, Dockerfiles to create Kubernetes containers, and instructions and tools for dedicated machines.

  • maintner in maintner/ is a library for slurping all of Go's GitHub and Gerrit state into memory. The daemon maintnerd in maintner/maintnerd/ runs on GKE and serves The daemon watches GitHub and Gerrit and appends to a mutation log whenever it sees new activity. The logs are stored on GCS and served to clients.

  • The godata package in maintner/godata/ provides a trivial API to let anybody write programs against Go's maintner corpus (all of our GitHub and Gerrit history), live up to the second. It takes a few seconds to load into memory and a few hundred MB of RAM after it downloads the mutation log from the network.

  • pubsubhelper in cmd/pubsubhelper/ is a dependency of maintnerd. It runs on GKE, is available at, and runs an HTTP server to receive Webhook updates from GitHub on new activity and an SMTP server to receive new activity emails from Gerrit. It then is a pubsub system for maintnerd to subscribe to.

  • The gitmirror server in cmd/gitmirror/ mirrors Gerrit to GitHub, and also serves a mirror of the Gerrit code to the coordinator for builds, so we don't overwhelm Gerrit and blow our quota.

  • The Go gopherbot bot logic runs on GKE. The code is in cmd/gopherbot. It depends on maintner via the godata package.

  • The developer dashboard at runs on GKE. Its code is in devapp/. It also depends on maintner via the godata package.

  • cmd/retrybuilds: a Go client program to delete build results from the dashboard

  • The perfdata server, in perfdata/appengine serves It runs on App Engine and serves the benchmark result storage system.

  • The perf server, in perf/appengine serves It runs on App Engine and serves the benchmark result analysis system. See its README for how to start a local testing instance.

Adding a Go Builder

If you wish to run a Go builder, please email first. There is documentation at, but depending on the type of builder, we may want to run it ourselves, after you prepare an environment description (resulting in a VM image) of it. See the env directory.