Add generic gRPC stream forwarding

[moroten]

To be able to pass Bazel's build event stream (BES) to the same DNS name, without having to add an extra L7 router in front of the bb-storage frontend, add a configuration to forward specific gRPC methods to other backends. No authorization is possible on the passed through messages because Buildbarn has no knowledge about the semantics of the forwarded messages.

The gRPC reflection service has also been extended to forward requests that cannot be resolved locally.

[moroten]

I'm working on the tests, but that is not ready yet.

[aspect-workflows]

Test

26 test targets passed

Targets

//pkg/auth:auth_test [k8-fastbuild]                                                           884ms
//pkg/blobstore/buffer:buffer_test [k8-fastbuild]                                             47ms
//pkg/blobstore/completenesschecking:completenesschecking_test [k8-fastbuild]                 78ms
//pkg/blobstore/grpcclients:grpcclients_test [k8-fastbuild]                                   76ms
//pkg/blobstore/grpcservers:grpcservers_test [k8-fastbuild]                                   155ms
//pkg/blobstore/local:local_test [k8-fastbuild]                                               315ms
//pkg/blobstore/mirrored:mirrored_test [k8-fastbuild]                                         196ms
//pkg/blobstore/readcaching:readcaching_test [k8-fastbuild]                                   92ms
//pkg/blobstore/readfallback:readfallback_test [k8-fastbuild]                                 127ms
//pkg/blobstore/replication:replication_test [k8-fastbuild]                                   90ms
//pkg/blobstore/sharding/integration:integration_test [k8-fastbuild]                          167ms
//pkg/blobstore/sharding/legacy:legacy_test [k8-fastbuild]                                    863ms
//pkg/blobstore/sharding:sharding_test [k8-fastbuild]                                         1s
//pkg/blobstore:blobstore_test [k8-fastbuild]                                                 149ms
//pkg/builder:builder_test [k8-fastbuild]                                                     100ms
//pkg/capabilities:capabilities_test [k8-fastbuild]                                           126ms
//pkg/digest:digest_test [k8-fastbuild]                                                       101ms
//pkg/filesystem/path:path_test [k8-fastbuild]                                                283ms
//pkg/grpc:grpc_test [k8-fastbuild]                                                           44ms
//pkg/http/server:server_test [k8-fastbuild]                                                  77ms
//pkg/jmespath:jmespath_test [k8-fastbuild]                                                   422ms
//pkg/jwt:jwt_test [k8-fastbuild]                                                             117ms
//pkg/otel:otel_test [k8-fastbuild]                                                           77ms
//pkg/prometheus:prometheus_test [k8-fastbuild]                                               110ms
//pkg/util:util_test [k8-fastbuild]                                                           47ms
//pkg/x509:x509_test [k8-fastbuild]                                                           133ms

Total test execution time was 6s. 4 tests (13.3%) were fully cached saving 359ms.

[EdSchouten]

As far as I know, the only way to properly cleaning up the resources associated with a stream is to call RecvMsg() until a non-nil value is returned. I don't think that this implementation guarantees that, as we return immediately if incomingStream.SendMsg() fails.

Maybe instead of using errgroup.Group we should give in and use Buildbarn's own program.Group? Then we can do something like this:

https://github.com/buildbarn/bonanza/blob/7e085b3671950094bdfc76b4ad2814585f4f4a8e/pkg/storage/dag/grpc/uploader.go#L75-L84

[moroten]

According to https://pkg.go.dev/google.golang.org/grpc#ClientConn.NewStream, cancelling the context is enough. program.Group does give that guarantee, but as incomingStream.RecvMsg can block until the whole method returns, a go func is needed. That go func needs to be able to cancel the context, but may try to cancel after the whole method has returned. program.Group does not support that, so I stick with errgroup.

[moroten]

I've tested the docker-compose deployment, adding the following to frontend.jsonnet:

    relays: [
      {
        endpoint: {address: "scheduler:8984"},
        services: ["buildbarn.buildqueuestate.BuildQueueState"],
      },
    ],

Then I successfully ran:

$ grpcurl -plaintext localhost:8980 list
build.bazel.remote.execution.v2.ActionCache
build.bazel.remote.execution.v2.Capabilities
build.bazel.remote.execution.v2.ContentAddressableStorage
build.bazel.remote.execution.v2.Execution
buildbarn.buildqueuestate.BuildQueueState
google.bytestream.ByteStream
grpc.health.v1.Health
grpc.reflection.v1.ServerReflection
grpc.reflection.v1alpha.ServerReflection
$ grpcurl -plaintext -d '{}' localhost:8980  buildbarn.buildqueuestate.BuildQueueState/ListPlatformQueues
{
  "platformQueues": [
...
  ]
}

[EdSchouten]

Is it common practice to still use the v1alpha protocol? If not, what are your thoughts on omitting it?

[moroten]

grpc-java added support for v1 as late as 2024. v1alpha proto file has been set as deprecated since three years. Still, grpc-go reflection.Register() uses both APIs. grpcurl added support for v1 in 2022, so I'm find with removing v1alpha support.

Three years for upgrading grpcurl should be enough. I'll remove v1alpha.

[EdSchouten]

Question: What happens if one of the backends is down? Does this mean reflection stops functioning altogether?

[moroten]

Yes, for services bind that backend in the list. The combined resolver calls the reflection backends in order until something else than NotFound is returned. Is that acceptable?

[moroten]

Thank you for review. Busy today, will reply tonight.

[moroten]

@EdSchouten are we ready to merge this? (No hurry, is the holiday season.)

[moroten]

@EdSchouten Friendly ping.

[moroten]

@EdSchouten Friendly ping.