Closed Bug 1156323 Opened 10 years ago Closed 5 years ago

Write a Windows worker that uses spoon.net (or other isolation technology)

Categories

(Taskcluster :: Workers, defect, P5)

Product:
Taskcluster
Component:
Workers
Platform:
x86
macOS
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: pmoore, Unassigned)

Details

(Whiteboard: [generic-worker])

We have docker worker providing isolation for linux tasks in taskcluster. We are developing a generic worker for executing tasks (in a non-isolated fashion) against arbitrary operating systems (that go code can compile for). A Windows specific worker that uses spoon.net isolation (or an alternative isolation technology) would bring the benefits of the docker worker to the windows platform. The generic worker can only be used for running trusted jobs, with better isolation features, the windows platform could be used for a broader range of tasks, more securely, and would be more reliable/deterministic.
No longer blocks: tc-2015-q2
Summary: meta: [pmoore-Q2/2015-goal] [stretch goal] Write a Windows worker that uses spoon.net (or other isolation technology) - *STRETCH* goal → Write a Windows worker that uses spoon.net (or other isolation technology)
I'm not sure what benefits this will offer over the current solution of spawning new users per task. Certainly adding containerisation introduces considerable more complexity. I'm tempted to suggest we drop the idea entirely, as I'm not sure what it offers that our current solution doesn't already provide. This bug was initially raised before the generic worker on Windows had been designed/implemented, and therefore at this time it was not clear we could offer guaranteed clean task environments without containerisation. Shall we RESOLVED/INVALID this bug?
Flags: needinfo?(jopsen)
There are huge benefits over what we have now. Spoon.net offers virtual file system, registery and more that is shippped with images. Spoon is basically docker for windows, I just don't know if or how many compatibility issues it has. So no need to use a special VM, just use the default VM and put everything we need in spoon images. I'm okay, if you close this. Doing it is a complicated experiment and would require working with a proprietary product like spoon.net, so we would have to talk to them about licensing... Mostly we just need to stop the spoon client from calling home and some licensing. Anyways, we've talked about generic-worker having different processing backends, adding this would just be another one.
Flags: needinfo?(jopsen)
Component: TaskCluster → General
Product: Testing → Taskcluster
Component: General → Generic-Worker
Component: Generic-Worker → Worker
Whiteboard: [generic-worker]
Should we give up on this?
Flags: needinfo?(pmoore)
Good question. Somehow I don't like entirely shutting the door on it, but realistically I don't think we have much time to work on it. Maybe we leave it open for an interested contributor? Reading https://turbo.net/tour#prerequisites it still appeals to me.
Flags: needinfo?(pmoore)
Marking the bug INCOMPLETE doesn't mean closing the door -- but I don't think spoon.net is anywhere on the horizon of priorities right now..
Flags: needinfo?(pmoore)
QA Contact: pmoore
(In reply to Dustin J. Mitchell [:dustin] pronoun: he from comment #5) > Marking the bug INCOMPLETE doesn't mean closing the door -- but I don't > think spoon.net is anywhere on the horizon of priorities right now.. There is no spoon.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → INCOMPLETE
Marking as P5 instead (I think we agreed to do this for bugs we don't intend to get round to fixing, but still believe to be valid).
Status: RESOLVED → REOPENED
Flags: needinfo?(pmoore)
Priority: -- → P5
Resolution: INCOMPLETE → ---
Component: Worker → Workers
Status: REOPENED → RESOLVED
Closed: 7 years ago5 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.