-
Notifications
You must be signed in to change notification settings - Fork 12
/
Copy pathREADME
188 lines (120 loc) · 4.99 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
Termite is a generic distributed compilation system.
The master distributes the compilation to workers. Workers run
arbitrary binaries in a containerized FUSE mirror of the master's file
system, and then ship the results back to the master.
CAVEATS
Work in progress.
COMPILE/INSTALL
* Install go.
* Install prerequisites:
go install code.google.com/p/go.crypto/ssh
go install github.com/hanwen/go-fuse/fuse
* Compiling:
git clone https://github.com/hanwen/termite
mkdir go ; cd go
export GOPATH=$(pwd)
(cd bin/mkbox ; make )
for d in bin/coordinator bin/worker bin/master bin/shell-wrapper
do
go install github.com/hanwen/termite/$d
done
sudo cp termite-make /usr/local/bin/
sudo cp bin/mkbox/mkbox /usr/local/bin/termite-mkbox
sudo cp /tmp/go/bin/* /usr/local/bin/
* Make needs to be patched to use termite's shell wrapper:
# Add MAKE_SHELL variable to make.
wget http://ftp.gnu.org/gnu/make/make-3.82.tar.bz2
tar xjf make-3.28.tar.bz2
cd make-3.82 && patch -p1 < ../termite/patches/make-*patch
./configure && make && make install
* Coreutils before 8.0 has buggy directory traversal, making 'rm -rf' flaky.
* Set resource limits: add the following to your /etc/security/limits.conf
root soft nofile 5000
root hard nofile 5000
* soft nofile 5000
* hard nofile 5000
* Mount the source/object directories so termite can write xattrs, and
noatime for performance improvements:
mount -o remount,user_xattr,noatime my/device my/mountpoint
OVERVIEW
There are 5 binaries:
* Mkbox: a wrapper that sets up the containerization. Based on Brian Swetland's
https://github.com/swetland/mkbox
* Coordinator: a simple server that administers a list of live
workers. Workers periodically contact the coordinator.
* Worker: should run as root, and typically runs on multiple machines.
* Master: the daemon that runs on the machine. It contacts the
coordinator to get a list of workers, and reserves job slots on the
workers. Run it in the root of the writable directory for the
compile. It creates a .termite-socket that the wrapper below uses.
* Shell-wrapper: a wrapper to use with make's SHELL variable.
The choice between remote and local can be set through the file
.termite-localrc in the same dir as .termite-socket. The file is in
json format, and you can find examples in the patches/ subdirectory.
The default
[{
"Regexp": ".*termite-make",
"Local": true,
"Recurse": true,
"SkipRefresh": true
}, {
"Regexp": ".*",
"Local": false
}]
(ie., only recursive make calls are run locally) should work for most
projects, but for performance reasons, you might want to run more
commands locally.
Typically, build-system commands should run locally (eg. make, cmake).
Commands that modify build artefacts should not run locally: local
commands do not run inside a FUSE sandbox, so termite can't tell what
files they modify, and how to update filesystem caches on the workers.
By default, after executing a local command, the termite master scans
for changed files. If you know this is not the case, you can skip
this with SkipRefresh: true.
RUNNING
ssh-keygen -t rsa -b 1024 -f termite_rsa
${TERMITE_DIR}/bin/coordinator/coordinator -secret termite_rsa &
${TERMITE_DIR}/bin/worker/worker -jobs 4 -coordinator localhost:1233 \
-secret termite_rsa
cd ${PROJECT}
${TERMITE_DIR}/bin/master/master -jobs 4 \
-secret termite_rsa &
termite-make -j20
PERFORMANCE
See below. The overhead of running in FUSE is 50 to 100%
SECURITY
* The worker runs binaries inside a containerized mount of a FUSE file
system.
* Worker and master use plaintext TCP/IP, and use a shared secret with
HMAC-SHA1 to authenticate the connection. See
https://github.com/hanwen/termite/blob/master/termite/connection.go
for details.
* Worker and master must trust each other, for the following reasons:
- workers can request all publicly readable files from the master.
- workers can cause the master to run arbitrary binaries as the user
compiling.
- the master can make the worker run arbitrary binaries as 'nobody'.
* The master will never serve files that have no group/other
permissions.
* Wrapper and master run as the same user and use IPC unix domain
sockets to communicate. The socket mode is 0700.
CAVEATS
* Hardlinks on the workers are translated to copies on the master.
TODO (by decreasing priority)
* Worker -> worker fetch
* Connection scheme: exp/ssh, security review?
SUCCESSFUL COMPILES
Termite timings by running master and single worker on the same
machine. The smaller the package, the larger the overhead.
* coreutils 8.12 (1.6x slower, Lenovo T60, 2-core, make -j2)
* Make 3.82 (1.85x slower, Lenovo T60, 2-core)
* LLVM 2.9 (1.5 slower, Dell T5300 6-core, make -j12)
* GUILE 2.0.
- Must run inside srcdir.
- 1.1x slower, Dell T5300 6-core, make -j6
* Emacs 24
- 1.8x slower (Lenovo T60, make -j2)
- Must run in srcdir.
* Android Gingerbread.
DISCLAIMER
This is not an official Google product.