diff options
Diffstat (limited to 'src/tools/remote/README.md')
-rw-r--r-- | src/tools/remote/README.md | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/src/tools/remote/README.md b/src/tools/remote/README.md new file mode 100644 index 0000000000..d662790f4f --- /dev/null +++ b/src/tools/remote/README.md @@ -0,0 +1,42 @@ +# Remote worker + +This program implements a remote execution worker that uses gRPC to accept work +requests. It can work as a remote execution worker, a cache worker, or both. +The simplest setup is as follows: + +- First build the worker and run it. + + bazel build src/tools/remote:all + bazel-bin/src/tools/remote/worker \ + --work_path=/tmp/test \ + --listen_port=8080 + +- Then you run Bazel pointing to the worker instance. + + bazel build \ + --spawn_strategy=remote --remote_cache=localhost:8080 \ + --remote_executor=localhost:8080 src/tools/generate_workspace:all + +The above command will build generate_workspace with remote spawn strategy that +uses the local worker as the distributed caching and execution backend. + +## Sandboxing + +If you run the worker on Linux, you can also enable sandboxing for increased hermeticity: + + bazel-bin/src/tools/remote/worker \ + --work_path=/tmp/test \ + --listen_port=8080 \ + --sandboxing \ + --sandboxing_writable_path=/run/shm \ + --sandboxing_tmpfs_dir=/tmp \ + --sandboxing_block_network + +As you can see, the specific behavior of the sandbox can be tuned via the flags + +- --sandboxing_writable_path=<path> makes a path writable for running actions. +- --sandboxing_tmpfs_dir=<path> will mount a fresh, empty tmpfs for each running action on a path. +- --sandboxing_block_network will put each running action into its own network namespace that has + no network connectivity except for its own "localhost". Note that due to a Linux kernel issue this + might result in a loss of performance if you run many actions in parallel. For long running tests + it probably won't matter much, though. |