env/linux-arm64/aws, dashboard: update linux-arm64 builder image

This updates the instruction for creating a VM image and
a buildlet container image. The instructions will provide
a better description for the steps required to create the images.

The VM image has been updated to no longer require sudo when
the docker command is executed.

The host configuration has been updated with a new VM type and
VM image.

The rundockerbuildlet service configuration has been modified:
* The memory limit has been removed because rundockerbuildlet will
now use all of the available memory for buildlets running on AWS.
* The service will report as running even after rundockerbuildlet has
exited. Rundockerbuildlet will initiate a single buildlet and then exit.
* The service will not be restarted after rundockerbuildlet has exited.

Changes made to rundockerbuildlet which required these changes have been
made in CL 234114.

Updates golang/go#36841

Change-Id: I3ff51e414b11a2b1427cbd7c6e24e9135fc2a5c3
Reviewed-on: https://go-review.googlesource.com/c/build/+/236297
Run-TryBot: Carlos Amedee <carlos@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Alexander Rakoczy <alex@golang.org>
diff --git a/dashboard/builders.go b/dashboard/builders.go
index cc922f7..4470c9c 100644
--- a/dashboard/builders.go
+++ b/dashboard/builders.go
@@ -545,8 +545,9 @@
 	},
 	"host-linux-arm64-aws": &HostConfig{
 		Notes:           "Debian Buster, EC2 arm64 instance. See x/build/env/linux-arm64/aws",
-		VMImage:         "ami-0454a5239a73a9e81",
-		machineType:     "a1.xlarge",
+		VMImage:         "ami-06f66c749c71b2511",
+		ContainerImage:  "gobuilder-arm64-aws:latest",
+		machineType:     "m6g.xlarge",
 		isEC2:           true,
 		env:             []string{"GOROOT_BOOTSTRAP=/usr/local/go-bootstrap"},
 		buildletURLTmpl: "http://storage.googleapis.com/$BUCKET/buildlet.linux-amd64",
@@ -661,7 +662,7 @@
 			panic(fmt.Sprintf("HostType %q != key %q", c.HostType, key))
 		}
 		nSet := 0
-		if c.VMImage != "" {
+		if c.VMImage != "" && !c.isEC2 {
 			nSet++
 		}
 		if c.ContainerImage != "" {
@@ -1328,7 +1329,7 @@
 	case c.IsReverse:
 		return "Reverse (dedicated machine/VM)"
 	case c.IsEC2():
-		return "EC2 VM"
+		return "EC2 VM Container"
 	case c.IsVM():
 		return "GCE VM"
 	case c.IsContainer():
@@ -1351,6 +1352,9 @@
 	if c.NestedVirt {
 		return "debian-stretch-vmx"
 	}
+	if c.isEC2 && c.ContainerImage != "" {
+		return fmt.Sprintf("gcr.io/%s/%s", buildenv.Production.ProjectName, c.ContainerImage)
+	}
 	return ""
 }
 
diff --git a/env/linux-arm64/aws/Makefile b/env/linux-arm64/aws/Makefile
index 20a2f30..59a0efe 100644
--- a/env/linux-arm64/aws/Makefile
+++ b/env/linux-arm64/aws/Makefile
@@ -2,16 +2,15 @@
 # Use of this source code is governed by a BSD-style
 # license that can be found in the LICENSE file.
 
-# Compiled stage0 binary must be in working dir.
+# run on arm64 instance
+prod-build: Dockerfile
+	sudo docker build -t gcr.io/symbolic-datum-552/gobuilder-arm64-aws:latest .
 
-STAGING_BUCKET=dev-go-builder-data
-PROD_BUCKET=go-builder-data
-
-staging: Dockerfile
-	docker build --build-arg -t gobuilder-arm64-aws:latest .
-
-prod: Dockerfile
-	docker build --build-arg -t gobuilder-arm64-aws:latest .
+# run on arm64 instance
+prod-push: prod-build
+	sudo docker login -u oauth2accesstoken https://gcr.io
+	sudo docker push gcr.io/symbolic-datum-552/gobuilder-arm64-aws:latest
+	sudo rm /root/.docker/config.json
 
 env-var-check:
 ifndef AWS_ACCESS_KEY_ID
diff --git a/env/linux-arm64/aws/README.md b/env/linux-arm64/aws/README.md
index cb6ca98..934f2af 100644
--- a/env/linux-arm64/aws/README.md
+++ b/env/linux-arm64/aws/README.md
@@ -2,8 +2,8 @@
 
 ## Machines
 
-The AWS builders use the a1 instance types which are arm64 based machines of varying specifications.
-The base type used will be a1.xlarge 4 vCPUs, 8192 MiB.
+The AWS builders use the m6 instance types which are arm64 based machines of varying specifications.
+The base type used will be m6g.xlarge 4 vCPUs, 16384 MiB.
 
 ## Machine Image
 
@@ -28,14 +28,21 @@
 
 `AWS_ACCESS_KEY_ID=<id> AWS_SECRET_ACCESS_KEY=<secret> make create-aws-image`
 
-## Buildlet Image
+## Buildlet Container Image
 
-Buildlet images with stage0 installed can be created via:
+Buildlet container images must be build on an arm64 instance with the proper credentials. The instructions
+are as follows:
 
-Prod:
+*  In your normal gcloud dev environment, retrieve a short-lived access token:
 
-`make prod`
+  `you@dev:~$ gcloud auth print-access-token`
 
-Staging:
+*  On an arm64 instance, clone the build repository.
 
-`make staging`
+*  cd into the `env/linux-arm64/aws` directory.
+
+*  Execute: `make prod-push`
+
+*  When prompted for your password, paste in the access token from the first step.
+
+*  Ensure `/root/.docker/config.json` has been deleted.
diff --git a/env/linux-arm64/aws/prepare_image.sh b/env/linux-arm64/aws/prepare_image.sh
index 56ab80b..0f808de 100644
--- a/env/linux-arm64/aws/prepare_image.sh
+++ b/env/linux-arm64/aws/prepare_image.sh
@@ -35,13 +35,15 @@
 	 docker-ce-cli \
 	 containerd.io
 
+sudo usermod -aG docker "$USER"
+
 # retrieve the latest version of Go
 GO_VERSION="$(curl -s https://golang.org/dl/?mode=json | jq --raw-output '.[0].version')"
 GO_PACKAGE="$GO_VERSION.linux-arm64.tar.gz"
 GO_SHA="$(curl -s https://golang.org/dl/?mode=json | jq --raw-output '.[0].files | map(select(.arch == "arm64")) | .[0].sha256')"
 
 # download Go package
-curl -o $TMP_DIR/$GO_PACKAGE" -L "https://golang.org/dl/$GO_PACKAGE"
+curl -o "$TMP_DIR/$GO_PACKAGE" -L "https://golang.org/dl/$GO_PACKAGE"
 
 # verify sha256 shasum"
 echo "$GO_SHA $TMP_DIR/$GO_PACKAGE" | sha256sum --check --status
diff --git a/env/linux-arm64/aws/rundockerbuildlet.service b/env/linux-arm64/aws/rundockerbuildlet.service
index c6c1745..a9229df 100644
--- a/env/linux-arm64/aws/rundockerbuildlet.service
+++ b/env/linux-arm64/aws/rundockerbuildlet.service
@@ -7,10 +7,7 @@
 
 [Service]
 Type=simple
+RemainAfterExit=true
 ExecStart=/usr/local/bin/rundockerbuildlet \
      -env=host-linux-arm64-aws \
-     -memory=7g \
      -image=gobuilder-arm64-aws
-Restart=always
-RestartSec=2
-StartLimitInterval=0