Google Git
Sign in
chromium / infra / infra.git / 36f81f098984f6fa4ccec6fe66b58cf96d84c55c / . / go / src / infra / vm_leaser
tree: e571b6905f90d746560860ed724607befbcdb300 [path history] [tgz]
  1. client/
  2. cmd/
  3. internal/
  4. .gitignore
  5. Makefile
  6. OWNERS
  7. README.md
go/src/infra/vm_leaser/README.md

VM Leaser Service

This document is intended to be a reference for any developers looking to modify or use the VM Leaser Service. It provides the necessary details for development and deployment. Please contact justinsuen@google.com for any questions with regards to the VM Leaser Service implementation.

Prerequisites

To develop and use the VM Leaser Service, you must have the following installed:

  • Docker - Note that this is not supported by the gLinux team out of the box.
  • gcloud CLI - This SDK is very helpful and needed for service deployments.
  • grpcurl (optional) - This is very useful for making calls to gRPC services.

Development

There are several workflows for local development. Since we deploy this service via Cloud Run, we use Docker to maintain development images and service containers.

Run Service Locally

The command to run the service locally is

> make dev

This command builds a local version of the image and tags it as gcr.io/${GCP_PROJECT}/vm-leaser-service:latest. Then it runs a Docker container to expose the service at localhost:50051. The container is removed once the command ends.

Interact with the Local Service

To interact with the service, you can use grpcurl. Locally, there is no authentication and requests are run without TLS. Cloud Run takes care of it out of the box though so fret not. The -plaintext flag is specified for this reason.

To list all services available at the endpoint:

> grpcurl -plaintext \
  -H "Authorization: Bearer $(gcloud auth print-identity-token)" \
  localhost:50051 \
  list

grpc.reflection.v1alpha.ServerReflection
chromiumos.test.api.VMLeaserService

To list all APIs available for a given service:

> grpcurl -plaintext \
  -H "Authorization: Bearer $(gcloud auth print-identity-token)" \
  localhost:50051 \
  list chromiumos.test.api.VMLeaserService

chromiumos.test.api.VMLeaserService.ExtendLease
chromiumos.test.api.VMLeaserService.LeaseVM
chromiumos.test.api.VMLeaserService.ReleaseVM

To call an RPC, you can specify the proto and payload via grpcurl. Here is an example of how to lease a VM:

> grpcurl -plaintext \
  -H "Authorization: Bearer $(gcloud auth print-identity-token)" \
  -proto ../../go.chromium.org/chromiumos/config/proto/chromiumos/test/api/vm_leaser.proto \
  -d '{
    "host_reqs": {
      "gce_image": "projects/chrome-fleet-vm-leaser-dev/global/images/betty-arc-r-release",
      "gce_region": "us-central1-a",
      "gce_project": "chrome-fleet-vm-leaser-dev",
      "gce_network": "global/networks/default",
      "gce_machine_type": "e2-medium",
      "gce_disk_size": "20"
    },
    "lease_duration": "1m"
  }' \
  localhost:50051 \
  chromiumos.test.api.VMLeaserService.LeaseVM

{
  "leaseId": "vm-12107b1b-52be-475f-bdd5-8b68306645d2",
  "vm": {
    "id": "vm-12107b1b-52be-475f-bdd5-8b68306645d2",
    "address": {
      "host": "10.128.0.44",
      "port": 22
    },
    "gceRegion": "us-central1-a"
  }
}

An example to release a VM:

> grpcurl -plaintext \
  -H "Authorization: Bearer $(gcloud auth print-identity-token)" \
  -proto ../../go.chromium.org/chromiumos/config/proto/chromiumos/test/api/vm_leaser.proto \
  -d '{
    "lease_id": "vm-bcb29756-ff94-4da9-a531-2cd20bad9771",
    "gce_project": "chrome-fleet-vm-leaser-dev",
    "gce_region": "us-central1-a"
  }' \
  localhost:50051 \
  chromiumos.test.api.VMLeaserService.ReleaseVM

{
  "leaseId": "vm-bcb29756-ff94-4da9-a531-2cd20bad9771"
}

Please consult the grpcurl documentation for more information.

Production

For the production environment, we rely on LUCI K8s to automatically deploy to GKE.

Interact with the Production Service

To interact with the service, you can use grpcurl. Cloud Run provides TLS out of the box so the default port is 443. We will also need to authenticate. For these examples, we will use a Bearer token generated by gcloud auth print-identity-token. You can also generate a token using luci-auth token.

To list the RPCs available for our service:

> grpcurl \
  -H "Authorization: Bearer $(gcloud auth print-identity-token)" \
  staging.vmleaser.api.cr.dev:443 \
  list chromiumos.test.api.VMLeaserService

chromiumos.test.api.VMLeaserService.ExtendLease
chromiumos.test.api.VMLeaserService.LeaseVM
chromiumos.test.api.VMLeaserService.ReleaseVM

To call an RPC, you can specify the proto and payload via grpcurl. Here is an example of how to lease a VM:

> grpcurl \
  -H "Authorization: Bearer $(gcloud auth print-identity-token)" \
  -proto ../../go.chromium.org/chromiumos/config/proto/chromiumos/test/api/vm_leaser.proto \
    -d '{
    "host_reqs": {
      "gce_image": "projects/chrome-fleet-vm-leaser-dev/global/images/betty-arc-r-release",
      "gce_region": "us-central1-a",
      "gce_project": "chrome-fleet-vm-leaser-dev",
      "gce_network": "global/networks/default",
      "gce_machine_type": "e2-medium",
      "gce_disk_size": "20"
    }
  }' \
  staging.vmleaser.api.cr.dev:443 \
  chromiumos.test.api.VMLeaserService.LeaseVM

{
  "leaseId": "vm-12107b1b-52be-475f-bdd5-8b68306645d2",
  "vm": {
    "id": "vm-12107b1b-52be-475f-bdd5-8b68306645d2",
    "address": {
      "host": "10.128.0.44",
      "port": 22
    }
  }
}