From 0261b66eb04541491e09bffe4a6d212f9a76675b Mon Sep 17 00:00:00 2001
From: Brad Fitzpatrick <bradfitz@golang.org>
Date: Fri, 15 Feb 2019 22:05:42 +0000
Subject: [PATCH] dashboard, buildlet: add a disabled builder with nested virt,
 for testing

This adds a linux-amd64 COS builder that should be just like our
existing linux-amd64 COS builder except that it's using a forked image
that has the VMX license bit enabled for nested virtualization. (GCE
appears to be using the license mechanism as some sort of opt-in
mechanism for features that aren't yet GA; might go away?)

Once this is in, it won't do any new builds as regular+trybot builders
are disabled. But it means I can then use gomote + debugnewvm to work
on preparing the other four image types.

Updates golang/go#15581 (solaris)
Updates golang/go#23060 (dragonfly)
Updates golang/go#30262 (riscv)
Updates golang/go#30267 (fuchsia)
Updates golang/go#23824 (android)

Change-Id: Ic55f17eea17908dba7f58618d8cd162a2ed9b015
Reviewed-on: https://go-review.googlesource.com/c/162959
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
---
 buildlet/gce.go       | 25 ++++++++++++++++++++-----
 dashboard/builders.go | 18 ++++++++++++++++++
 2 files changed, 38 insertions(+), 5 deletions(-)

diff --git a/buildlet/gce.go b/buildlet/gce.go
index 1a1c0a0c1f..2bacf7de08 100644
--- a/buildlet/gce.go
+++ b/buildlet/gce.go
@@ -142,11 +142,26 @@ func StartNewVM(creds *google.Credentials, buildEnv *buildenv.Environment, instN
 	}
 
 	srcImage := "https://www.googleapis.com/compute/v1/projects/" + projectID + "/global/images/" + hconf.VMImage
+	minCPU := hconf.MinCPUPlatform
 	if hconf.IsContainer() {
-		var err error
-		srcImage, err = cosImage(ctx, computeService)
-		if err != nil {
-			return nil, fmt.Errorf("error find Container-Optimized OS image: %v", err)
+		if hconf.NestedVirt {
+			minCPU = "Intel Haswell" // documented minimum from https://cloud.google.com/compute/docs/instances/enable-nested-virtualization-vm-instances
+			// TODO: use some variant of cosImage that finds our local
+			// forked copy of cos-stable with the VMX license added. For
+			// now, I just manually once ran:
+			//   gcloud compute images create cos-stable-72-11316-136-0-vmx --source-image=cos-stable-72-11316-136-0 --source-image-project=cos-cloud --licenses=https://www.googleapis.com/compute/v1/projects/vm-options/global/licenses/enable-vmx
+			// And we'll use that version for now. Perhaps when Nested
+			// Virtualization reaches GA it'll just become a boolean we
+			// can set in our compute.Instance creation request and this
+			// license opt-in mechanism will be unnecessary.
+			const coxVMXImage = "cos-stable-72-11316-136-0-vmx"
+			srcImage = "https://www.googleapis.com/compute/v1/projects/" + projectID + "/global/images/" + coxVMXImage
+		} else {
+			var err error
+			srcImage, err = cosImage(ctx, computeService)
+			if err != nil {
+				return nil, fmt.Errorf("error find Container-Optimized OS image: %v", err)
+			}
 		}
 	}
 
@@ -154,7 +169,7 @@ func StartNewVM(creds *google.Credentials, buildEnv *buildenv.Environment, instN
 		Name:           instName,
 		Description:    opts.Description,
 		MachineType:    machType,
-		MinCpuPlatform: hconf.MinCPUPlatform,
+		MinCpuPlatform: minCPU,
 		Disks: []*compute.AttachedDisk{
 			{
 				AutoDelete: true,
diff --git a/dashboard/builders.go b/dashboard/builders.go
index 4616c98c8c..6400f484e3 100644
--- a/dashboard/builders.go
+++ b/dashboard/builders.go
@@ -41,6 +41,14 @@ var Hosts = map[string]*HostConfig{
 		env:             []string{"GOROOT_BOOTSTRAP=/go1.4"},
 		SSHUsername:     "root",
 	},
+	"host-linux-stretch-vmx": &HostConfig{
+		Notes:           "Debian Stretch w/ Nested Virtualization (VMX CPU bit) enabled, for testing",
+		ContainerImage:  "linux-x86-stretch:latest",
+		NestedVirt:      true,
+		buildletURLTmpl: "http://storage.googleapis.com/$BUCKET/buildlet.linux-amd64",
+		env:             []string{"GOROOT_BOOTSTRAP=/go1.4"},
+		SSHUsername:     "root",
+	},
 	"host-linux-armhf-cross": &HostConfig{
 		Notes:           "Debian Jessie with armhf cross-compiler, built from env/crosscompile/linux-armhf-jessie",
 		ContainerImage:  "linux-armhf-jessie:latest",
@@ -576,6 +584,9 @@ type HostConfig struct {
 	ExpectNum       int  // expected number of reverse buildlets of this type
 	HermeticReverse bool // whether reverse buildlet has fresh env per conn
 
+	// Container image options, if ContainerImage != "":
+	NestedVirt bool // container requires VMX nested virtualization
+
 	// Optional base env. GOROOT_BOOTSTRAP should go here if the buildlet
 	// has Go 1.4+ baked in somewhere.
 	env []string
@@ -1204,6 +1215,13 @@ func init() {
 		numTryTestHelpers: 4,
 		RunBench:          true,
 	})
+	addBuilder(BuildConfig{
+		Name:      "linux-amd64-vmx",
+		HostType:  "host-linux-stretch-vmx",
+		MaxAtOnce: 1,
+		TryOnly:   true, // don't run regular build
+		tryBot:    nil,  // and don't run trybots (only gomote)
+	})
 
 	const testAlpine = false // Issue 22689 (hide all red builders), Issue 19938 (get Alpine passing)
 	if testAlpine {