From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:470:142:3::10]:49548) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hgZHa-0007ey-Ce for guix-patches@gnu.org; Thu, 27 Jun 2019 14:38:07 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hgZHY-0006IO-OL for guix-patches@gnu.org; Thu, 27 Jun 2019 14:38:06 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:54327) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1hgZHW-0006H1-II for guix-patches@gnu.org; Thu, 27 Jun 2019 14:38:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1hgZHW-0003sl-Bg for guix-patches@gnu.org; Thu, 27 Jun 2019 14:38:02 -0400 Subject: [bug#36404] [PATCH 0/6] Add 'guix deploy'. Resent-Message-ID: Received: from eggs.gnu.org ([2001:470:142:3::10]:49166) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hgZGq-0006rx-KK for guix-patches@gnu.org; Thu, 27 Jun 2019 14:37:23 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hgZGo-0005kD-4o for guix-patches@gnu.org; Thu, 27 Jun 2019 14:37:20 -0400 Received: from mx.sdf.org ([205.166.94.20]:52640) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hgZGn-0005ZJ-NR for guix-patches@gnu.org; Thu, 27 Jun 2019 14:37:18 -0400 Received: from Epsilon (pool-173-76-53-40.bstnma.fios.verizon.net [173.76.53.40]) (authenticated (0 bits)) by mx.sdf.org (8.15.2/8.14.5) with ESMTPSA id x5RIb2In003059 (using TLSv1.2 with cipher AES256-GCM-SHA384 (256 bits) verified NO) for ; Thu, 27 Jun 2019 18:37:09 GMT From: zerodaysfordays@sdf.lonestar.org (Jakob L. Kreuze) Date: Thu, 27 Jun 2019 14:35:28 -0400 Message-ID: <87o92ianbj.fsf@sdf.lonestar.org> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org Sender: "Guix-patches" To: 36404@debbugs.gnu.org --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Hello, Guix! This patch provides the basis for 'guix deploy', implementing what I've referred to as the "simple case" in my progress reports: in-place updates to machines (physical or virtual) whose name and IP address we know well. Do note that these commits depend on Ludovic's implementation of 'remote-eval'.[1] There's certainly more to be done with this -- the GSoC period is far from over, and I'm hoping to use that time to implement more complex use-cases such as automatically provisioning virtual machines in the cloud. I'm submitting a patch series now per the recommendation of my mentors to break the project into a few chunks to submit over the duration of the summer. Quite a bit has changed since my last email about this.[2] For one, GOOPS is no longer used. Machine declarations now look just like any other sort of declaration in Guix. #+BEGIN_SRC scheme (use-modules (gnu) (guix)) (use-machine-modules ssh) (use-service-modules networking ssh) (use-package-modules bootloaders) (define %system (operating-system (host-name "gnu-deployed") (timezone "Etc/UTC") (bootloader (bootloader-configuration (bootloader grub-bootloader) (target "/dev/vda") (terminal-outputs '(console)))) (file-systems (cons (file-system (mount-point "/") (device "/dev/vda1") (type "ext4")) %base-file-systems)) (services (append (list (service dhcp-client-service-type) (service openssh-service-type (openssh-configuration (permit-root-login #t) (allow-empty-passwords? #t)))) %base-services)))) (list (machine (system %system) (environment 'managed-host) (configuration (machine-ssh-configuration (host-name "localhost") (identity "./id_rsa") (port 2222))))) #+END_SRC scheme There are a number of other differences here as well. For one, the SSH configuration now has an 'identity' field for specifying a private key to use when authenticating with the host. Any key management scheme you might have set up in '~/.ssh/config' will also work if the 'identity' field is omitted. The 'environment' field is where we declare how machines should be provisioned. In this case, the only type of provisioning that's been implemented is 'managed-host' -- the "simple case" of in-place updates to a machine that's already running GuixSD. The parameters for provisioning are given in the form of an environment-specific configuration type. In the example, this is 'machine-ssh-configuration', which describes how 'guix deploy' should make an SSH connection to the machine. I'm sure you can imagine something along the lines of a 'machine-digitalocean-configuration', describing some parameters for a droplet. There are two things in this patch series that I'd like comments on in particular. First, I still haven't figured out the whole testing situation. The tests, as of now, spin up a virtual machine, create a machine instance, deploy that to the virtual machine, and then make assertions about changes made to the system. These tests were originally in the system test suite as they deal with virtual machines, but I've since moved it into the normal Guix test suite because of how much needs to be done on the host side -- I spent an absurd amount of time trying to fit a call to 'deploy-machine' into a derivation that could be run by the system test suite, but I just wasn't able to make it work. I'm hoping someone will have thoughts about how we can test 'guix deploy'. Should we have them disabled by default? Is there some way to implement them in the a system test suite that I've overlooked? Should the tests be included at all? Second, I'd like some suggestions on how to go about the documentation. I have a cursory description of how to invoke the command-line tool, and an example of a deployment specification, but I'm wondering if the documentation should be split up into multiple sections across the manual -- especially if we're going to have multiple 'environment' types with their own configuration records down the line. I look forward to your comments. Regards, Jakob [1]: https://lists.gnu.org/archive/html/guix-patches/2019-06/msg00201.html [2]: https://lists.gnu.org/archive/html/guix-devel/2019-06/msg00078.html David Thompson (1): Take another stab at this whole guix deploy thing. Jakob L. Kreuze (5): ssh: Add 'identity' keyword to 'open-ssh-session'. gnu: Add machine type for deployment specifications. Export the (gnu machine) interface. Add 'guix deploy'. doc: Add section for 'guix deploy'. Makefile.am | 4 +- doc/guix.texi | 103 +++++++++ gnu.scm | 8 +- gnu/local.mk | 5 +- gnu/machine.scm | 89 ++++++++ gnu/machine/ssh.scm | 355 +++++++++++++++++++++++++++++++ guix/scripts/deploy.scm | 90 ++++++++ guix/ssh.scm | 3 +- tests/machine.scm | 450 ++++++++++++++++++++++++++++++++++++++++ 9 files changed, 1103 insertions(+), 4 deletions(-) create mode 100644 gnu/machine.scm create mode 100644 gnu/machine/ssh.scm create mode 100644 guix/scripts/deploy.scm create mode 100644 tests/machine.scm =2D-=20 2.22.0 --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEa1VJLOiXAjQ2BGSm9Qb9Fp2P2VoFAl0VDHAACgkQ9Qb9Fp2P 2VoM7RAAhm+uON9VKdFJwd2u9P4E5QPel+EAqgQImJXTWxRS81T2GLsyCt9qHc+H WIRyBzW96p8V0uYI7PlLcdA851XrVychuv6oazAO2YPw0lgaPr3Gn3foJsFi+Sa9 9vfyClT2ime1HqlYHs0/H80FVSF2a/EwVygkKaLn+6UTu4hOSTEXE8uMXTplqWbw M0766ngNI2+1ECJzqoSjgpDssMZihMrv2+4jayqXC9lXtKu/D+vEXHFpoOi/9s12 z32rvooOcFqX2FOXH1DHeTcQ6Y8mK4YlPTaZHHDqlKO9uvZACEWCsf22MOq64YMa 4VqHT71qoiomSg221ZItNGWv9L8zt5YanNpvKqKFbIlH0bURiutf+6cRVJZ7ORvT ya3KTFjLo4aNoKuu35TyOSPVKWyJe3svP9zUhhBon71T+33tCzyG4MSSpiGm8GTh fe395AoHcvronrSQ/jgxgzhCZYWevtz+kPybwP67MSgaL526uMzkgNiQbw8NrfIQ 5SnfOiT0ZHzV+QsCh5htlkVCGR5HI8DTAmG3C1e8d1xUfkCX2RJHmjowbZDjNIYN YxX+NJe0V4RAVVBP8dWzdq/whznBYmLamRo1OfOxSuXru9tL2ppNItXwr7mre1zJ uBN+YA+oQrCZvdh1bZmyzJDx0z5f9qJ6lVTngXqJiI4kDTxKVCQ= =93JG -----END PGP SIGNATURE----- --=-=-=--