Re: “Towards Guix for DevOps”

[Jan Nieuwenhuizen <janneke@gnu.org>]

[-- Attachment #1: Type: text/plain, Size: 2740 bytes --]

Ludovic Courtès writes:

> Jakob wrote a lovely post about the ongoing work implementing ‘guix
> deploy’ as part of GSoC:
>
>   https://gnu.org/s/guix/blog/2019/towards-guix-for-devops/
>
> Check it out!

Yes, this is excellent.  I started playing with it using a deploy-vm.sh
script (see attached).  It took me a few iterations to get all bits
right; I mistook the host's signing-key's error message for an ssh
authentication problem, e.g.

This works great so I am already using it now; together with channels it
simplifies my deployments a lot.

I found that I cannot deploy to older machines, running 0.16 or earlier.
Not really a problem but it should at least be documented, I think.

Here's what deploying to a 0.16 machine gives me

--8<---------------cut here---------------start------------->8---
+ guix deploy deploy-vm.scm
substitute: updating substitutes from 'http://guix1.oban.verum.com:8181'... 100.0%
substitute: updating substitutes from 'http://guix3.oban.verum.com:8181'... 100.0%
substitute: updating substitutes from 'http://janneke.lilypond.org:8080'... 100.0%
sending 142 store items (745 MiB) to 'localhost'...
sending 3 store items (0 MiB) to 'localhost'...
Backtrace:
           7 (primitive-load "/gnu/store/rl2fvwwdj9n82yjhc8v1yygy5c0zwnkb-profile/bin/guix")
In guix/ui.scm:
  1659:12  6 (run-guix-command _ . _)
In guix/store.scm:
   623:10  5 (call-with-store _)
In srfi/srfi-1.scm:
    640:9  4 (for-each #<procedure 19c9020 at guix/scripts/deploy.scm:81:16 (machine)> (#<<machine> system: #…>))
In guix/store.scm:
  1803:24  3 (run-with-store #<store-connection 256.99 10e3a80> _ #:guile-for-build _ #:system _ #:target _)
In gnu/machine/ssh.scm:
    339:2  2 (_ _)
In guix/remote.scm:
   122:20  1 (_ _)
    66:17  0 (%remote-eval _ _)

guix/remote.scm:66:17: In procedure %remote-eval:
Throw to key `srfi-34' with args `(#<inferior-object #<condition &action-exception-error [service: user-homes action: start key: match-error args: ("match" "no matching pattern" "#<<user-account> name: \"root\" password: \"\" uid: 0 group: \"root\" supplementary-groups: () comment: \"System administrator\" home-directory: #<procedure home-directory (x)> create-home-directory?: #t shell: \"/gnu/store/qn1ax1fkj16x280m1rv7mcimfmn9l2pf-bash-4.4.23/bin/bash\" system?: #f>")] 716f00>>)'.
+ ssh -i id_rsa -p 10022 root@localhost guix system list-generations
--8<---------------cut here---------------end--------------->8---

After manually reconfiguring the machine to 1.0 it works, but that
already starts to feel clumsy :)

Anyway, very impressive and a big thank you Jakob!

Greetings,
janneke

I've also put this up on https://gitlab/janneke/deploy


[-- Attachment #2: deploy-vm.sh --]
[-- Type: application/x-sh, Size: 900 bytes --]

[-- Attachment #3: bare-bones.scm --]
[-- Type: application/octet-stream, Size: 1395 bytes --]

(define-module (bare-bones)
  #:use-module (ice-9 rdelim)
  #:use-module (gnu)
  #:use-module (gnu services networking)
  #:use-module (gnu services ssh)
  #:export (%bare-bones))

(define %bare-bones
  (operating-system
    (host-name "baar")
    (timezone "Europe/Amsterdam")
    (bootloader (bootloader-configuration
                 (bootloader grub-bootloader)
                 (target "/dev/vda")))
    (file-systems (cons (file-system
                          ;; after reboot: no such device: guix
                          ;; (device (file-system-label "guix"))
                          (device "/dev/vda1")
                          (mount-point "/")
                          (type "ext4"))
                        %base-file-systems))
    (services
     (cons*
      (service dhcp-client-service-type)
      (service openssh-service-type
               (openssh-configuration
                (permit-root-login #t)
                (authorized-keys
                 `(("root" ,(local-file "id_rsa.pub"))))
                (port-number 22)))
      (modify-services %base-services
        (guix-service-type
         config => (guix-configuration
                    (inherit config)
                    (authorized-keys
                     (cons
                      (local-file "/etc/guix/signing-key.pub")
                      %default-authorized-guix-keys)))))))))

%bare-bones

[-- Attachment #4: deploy-vm.scm --]
[-- Type: application/octet-stream, Size: 913 bytes --]

(use-modules (gnu))
(use-modules (bare-bones))
(use-service-modules shepherd)

(define %system
  (operating-system
    (inherit %bare-bones)
    (host-name "deployable")

    (packages (cons* hello %base-packages))

    (services
     (cons* (service (shepherd-service-type
                      'hello
                      (lambda _
                        (shepherd-service
                         (provision '(hello))
                         (start '(lambda _ (display "hello\n")))
                         (stop '(lambda _ (display "goodbye\n"))))))
                     #t)
            (operating-system-user-services %bare-bones)))))

(list (machine
       (system %system)
       (environment managed-host-environment-type)
       (configuration (machine-ssh-configuration
                       (host-name "localhost")
                       (identity "id_rsa")
                       (port 10022)))))

[-- Attachment #5: channels.scm --]
[-- Type: application/octet-stream, Size: 139 bytes --]

(list
 (channel
  (name 'guix)
  (url "https://git.savannah.gnu.org/git/guix.git")
  (commit "53f21642729e4786141c072dd835b04cb85dfe28")))

[-- Attachment #6: Type: text/plain, Size: 152 bytes --]


-- 
Jan Nieuwenhuizen <janneke@gnu.org> | GNU LilyPond http://lilypond.org
Freelance IT http://JoyofSource.com | Avatar® http://AvatarAcademy.com