From: ludo@gnu.org (Ludovic Courtès)
To: Pjotr Prins <pjotr.public12@thebird.nl>
Cc: guix-devel@gnu.org
Subject: Re: Self-contained Guix tarball
Date: Tue, 21 Apr 2015 10:11:29 +0200 [thread overview]
Message-ID: <87zj61q4su.fsf@gnu.org> (raw)
In-Reply-To: <20150421070357.GB15795@thebird.nl> (Pjotr Prins's message of "Tue, 21 Apr 2015 09:03:57 +0200")
Pjotr Prins <pjotr.public12@thebird.nl> skribis:
> When you administrate a large amount of servers things can go wrong
> due to system failures, failed backup recoveries, hacking attempts and
> adminstrators trying to be clever ;). Murphy's law dictates that the
> store and the sqlitedb meta information will go out of sync. For
> production setups it is necessary to be able to recover from backups,
> but as an intermediate recovery step it would be really nice if Guix
> could recover its meta information from an existing store - assuming
> only the DB is corrupt (google for sqlite corrupted databases). It is
> especially nice when your backups are out of sync too.
The important thing is that currently, the DB is authoritative. So it
cannot be corrupt (that would be equivalent to having lost /gnu/store
altogether), and thus it cannot be repaired.
What *can* be repaired is the store: for instance, if a store item is
tampered with. The daemon has code to do it, but the Guix client tools
do not expose it yet.
> guix archive looks good, but for speedy deployment it can happen an
> adminstrator would have a simple use case of:
>
> - Copying 2 stores to 1 machine
> - Rebuild database
>
> to do it quick and dirty. Since all software packages are isolated
> this would make a really good use case even if (with some trouble) you
> could use guix archive for that. I prefer quick and dirty.
>
> I am not pushing for this functionality directly, but I would
> certainly like to have it when I need it :)
I don’t think it could work the way you envision it. What kind of
deployment do you have in mind? For whole system deployment, one can
obviously use ‘guix system’.
>> I suspect this would make GC inefficient (lots of disk seeks to
>> determine references/referrers compared to queries of the SQLite
>> database.)
>
> Yes, Nix switched to using sqlitedb because of the GC.
I think it’s been there “forever” (at least since I started contributing
in 2008.)
> It is also useful to search current versions of installed packages
> quickly. Even so, I think it should be viewed as an index. The state
> of the machine is what is *sitting* in the store. That would be the
> correct design.
>
> Meta information can go out of sync. Therefore we should not assume
> they are in sync.
Again, the store can go “out of sync,” but the DB itself is
authoritative currently.
And it’s important that it be this way. One example is that build
processes can write their outputs to the store; if the build process
fails, there are still those files in the store, but the DB won’t have
recorded them as valid, so they can be swept on the next GC.
>> Another (opposite :-)) option is to make /gnu/store a read-only bind
>> mount on GuixSD. Commit 3392ce5 does that. This will prevent
>> accidental modifications of the store.
>
> That is a good solution for end-users. Not for administrators. So
> adminstrators will circumvent it.
Well, administrators won’t be able to circumvent it accidentally, at
least.
I understand this framework really constrains what sysadmins can do, and
in particular prevents them from doing “quick-and-dirty hacks.” I think
we should strive to find the UIs that allow for quick hacks while not
compromising the store’s integrity.
WDYT?
Thanks,
Ludo’.
next prev parent reply other threads:[~2015-04-21 8:11 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-04-10 8:46 Copying whole /gnu/store from USB does not work Pjotr Prins
2015-04-10 11:48 ` Ludovic Courtès
2015-04-10 13:14 ` Pjotr Prins
2015-04-10 13:41 ` David Thompson
2015-04-12 10:28 ` Copying whole /gnu/store from USB does not work (SOLVED) Pjotr Prins
2015-04-12 12:29 ` Ludovic Courtès
2015-04-12 20:07 ` Self-contained Guix tarball Ludovic Courtès
2015-04-13 6:54 ` Pjotr Prins
2015-04-13 9:57 ` Ludovic Courtès
2015-04-13 10:05 ` Pjotr Prins
2015-04-13 13:29 ` Mark H Weaver
2015-04-14 21:33 ` Ludovic Courtès
2015-04-13 15:47 ` Thompson, David
2015-04-15 21:31 ` Ludovic Courtès
2015-04-16 5:33 ` Pjotr Prins
2015-04-18 21:23 ` Ludovic Courtès
2015-04-19 8:18 ` Pjotr Prins
2015-04-19 20:09 ` Ludovic Courtès
2015-04-19 13:34 ` Taylan Ulrich Bayırlı/Kammer
2015-04-20 20:49 ` Ludovic Courtès
2015-04-21 7:03 ` Pjotr Prins
2015-04-21 7:19 ` Pjotr Prins
2015-04-21 8:18 ` Ludovic Courtès
2015-04-21 8:44 ` Pjotr Prins
2015-04-21 12:16 ` Ludovic Courtès
2015-04-21 8:11 ` Ludovic Courtès [this message]
2015-04-21 8:37 ` Pjotr Prins
2015-04-21 10:08 ` Ricardo Wurmus
2015-04-21 10:17 ` Pjotr Prins
2015-04-21 12:08 ` Andreas Enge
2015-04-21 12:12 ` Ludovic Courtès
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87zj61q4su.fsf@gnu.org \
--to=ludo@gnu.org \
--cc=guix-devel@gnu.org \
--cc=pjotr.public12@thebird.nl \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).