blob: 717d6ef1fc2d25c4de1ab187766475601edd69eb [file] [log] [blame] [edit]
// Copyright 2024 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package main
import (
"cmp"
"fmt"
"log"
"slices"
"go.chromium.org/luci/swarming/client/swarming"
)
// swarmingConfig describes a swarming server.
type swarmingConfig struct {
Host string // Swarming host URL
Pool string // Pool containing MacService bots
client swarming.Client
}
var (
// Public swarming host.
publicSwarming = &swarmingConfig{
Host: "chromium-swarm.appspot.com",
Pool: "luci.golang.shared-workers",
}
// Security swarming host.
internalSwarming = &swarmingConfig{
Host: "chrome-swarming.appspot.com",
Pool: "luci.golang.security-try-workers",
}
)
// imageConfig describes how many instances of a specific image type should
// exist.
type imageConfig struct {
Hostname string // LUCI hostname prefix
Cert string // Bot certificate (resolved with internal/secret)
Key string // bot key (resolved with internal/secret)
Image string // image SHA
MinCount int // minimum instance count to maintain
}
// Production image configuration for each swarming host.
//
// After changing an image here, makemac will automatically destroy instances
// with the old image. Changing hostname, cert, or key will _not_ automatically
// destroy instances.
//
// TODO(prattmic): rather than storing secrets in secret manager, makemac could
// use genbotcert to generate valid certificate/key pairs on the fly, unique to
// each lease, which could then have unique hostnames.
var prodImageConfig = map[*swarmingConfig][]imageConfig{
publicSwarming: {
{
Hostname: "darwin-amd64-10_15",
Cert: "secret:symbolic-datum-552/darwin-amd64-10_15-cert",
Key: "secret:symbolic-datum-552/darwin-amd64-10_15-key",
Image: "57b56e0a86984934370bf00058b2bd708031d256104167a3bbbc5ff5aaaf6939",
MinCount: 5, // release branches only
},
{
Hostname: "darwin-amd64-11",
Cert: "secret:symbolic-datum-552/darwin-amd64-11-cert",
Key: "secret:symbolic-datum-552/darwin-amd64-11-key",
Image: "3279e7f8aef8a1d02ba0897de44e5306f94c8cacec3c8c662a897b810879f655",
MinCount: 10,
},
{
Hostname: "darwin-amd64-12",
Cert: "secret:symbolic-datum-552/darwin-amd64-12-cert",
Key: "secret:symbolic-datum-552/darwin-amd64-12-key",
Image: "959a409833522fcba0be62c0c818d68b29d4e1be28d3cbf43dbbc81cb3e3fdeb",
MinCount: 10,
},
{
Hostname: "darwin-amd64-13",
Cert: "secret:symbolic-datum-552/darwin-amd64-13-cert",
Key: "secret:symbolic-datum-552/darwin-amd64-13-key",
Image: "30efbbd26e846da8158a7252d47b3adca15b30270668a95620ace3502cdcaa36",
MinCount: 10,
},
{
Hostname: "darwin-amd64-14",
Cert: "secret:symbolic-datum-552/darwin-amd64-14-cert",
Key: "secret:symbolic-datum-552/darwin-amd64-14-key",
Image: "88491078fb25b3bd6db3fe519d0bca63448cddf3f7f10177da2e46019664a85b",
MinCount: 10,
},
},
internalSwarming: {
{
Hostname: "darwin-amd64-10_15-security",
Cert: "secret:symbolic-datum-552/darwin-amd64-10_15-security-cert",
Key: "secret:symbolic-datum-552/darwin-amd64-10_15-security-key",
Image: "57b56e0a86984934370bf00058b2bd708031d256104167a3bbbc5ff5aaaf6939",
MinCount: 1,
},
{
Hostname: "darwin-amd64-11-security",
Cert: "secret:symbolic-datum-552/darwin-amd64-11-security-cert",
Key: "secret:symbolic-datum-552/darwin-amd64-11-security-key",
Image: "3279e7f8aef8a1d02ba0897de44e5306f94c8cacec3c8c662a897b810879f655",
MinCount: 1,
},
{
Hostname: "darwin-amd64-12-security",
Cert: "secret:symbolic-datum-552/darwin-amd64-12-security-cert",
Key: "secret:symbolic-datum-552/darwin-amd64-12-security-key",
Image: "959a409833522fcba0be62c0c818d68b29d4e1be28d3cbf43dbbc81cb3e3fdeb",
MinCount: 1,
},
{
Hostname: "darwin-amd64-13-security",
Cert: "secret:symbolic-datum-552/darwin-amd64-13-security-cert",
Key: "secret:symbolic-datum-552/darwin-amd64-13-security-key",
Image: "30efbbd26e846da8158a7252d47b3adca15b30270668a95620ace3502cdcaa36",
MinCount: 1,
},
{
Hostname: "darwin-amd64-14-security",
Cert: "secret:symbolic-datum-552/darwin-amd64-14-security-cert",
Key: "secret:symbolic-datum-552/darwin-amd64-14-security-key",
Image: "88491078fb25b3bd6db3fe519d0bca63448cddf3f7f10177da2e46019664a85b",
MinCount: 1,
},
},
}
// imageConfigMap returns a map from imageConfig.Image to imageConfig.
func imageConfigMap(cc []imageConfig) map[string]*imageConfig {
m := make(map[string]*imageConfig)
for _, c := range cc {
c := c
if _, ok := m[c.Image]; ok {
panic(fmt.Sprintf("duplicate image %s in image config", c.Image))
}
m[c.Image] = &c
}
return m
}
// sortedSwarmingConfigs returns the swarming configs in c, sorted by host.
func sortedSwarmingConfigs(c map[*swarmingConfig][]imageConfig) []*swarmingConfig {
scs := make([]*swarmingConfig, 0, len(c))
for sc := range c {
scs = append(scs, sc)
}
slices.SortFunc(scs, func(a, b *swarmingConfig) int {
return cmp.Compare(a.Host, b.Host)
})
return scs
}
func init() {
// Panic if prodImageConfig contains duplicates.
for _, c := range prodImageConfig {
imageConfigMap(c)
}
}
func logImageConfig(sc *swarmingConfig, cc []imageConfig) {
log.Printf("%s image configuration:", sc.Host)
for _, c := range cc {
log.Printf("\t%s: image=%s\tcount=%d", c.Hostname, c.Image, c.MinCount)
}
}