| # Remote worker |
| |
| This program implements a remote execution worker that uses gRPC to accept work |
| requests. It can work as a remote execution worker, a cache worker, or both. |
| The simplest setup is as follows: |
| |
| - First build the worker and run it. |
| |
| bazel build src/tools/remote:all |
| bazel-bin/src/tools/remote/worker \ |
| --work_path=/tmp/test \ |
| --listen_port=8080 |
| |
| - Then you run Bazel pointing to the worker instance. |
| |
| bazel build \ |
| --spawn_strategy=remote --remote_cache=localhost:8080 \ |
| --remote_executor=localhost:8080 src/tools/generate_workspace:all |
| |
| The above command will build generate_workspace with remote spawn strategy that |
| uses the local worker as the distributed caching and execution backend. |
| |
| ## Sandboxing |
| |
| If you run the worker on Linux, you can also enable sandboxing for increased hermeticity: |
| |
| bazel-bin/src/tools/remote/worker \ |
| --work_path=/tmp/test \ |
| --listen_port=8080 \ |
| --sandboxing \ |
| --sandboxing_writable_path=/run/shm \ |
| --sandboxing_tmpfs_dir=/tmp \ |
| --sandboxing_block_network |
| |
| As you can see, the specific behavior of the sandbox can be tuned via the flags |
| |
| - --sandboxing_writable_path=<path> makes a path writable for running actions. |
| - --sandboxing_tmpfs_dir=<path> will mount a fresh, empty tmpfs for each running action on a path. |
| - --sandboxing_block_network will put each running action into its own network namespace that has |
| no network connectivity except for its own "localhost". Note that due to a Linux kernel issue this |
| might result in a loss of performance if you run many actions in parallel. For long running tests |
| it probably won't matter much, though. |
