From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2 ([2001:41d0:8:6d80::]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by ms0.migadu.com with LMTPS id GByNNFy/c2AvRQEAgWs5BA (envelope-from ) for ; Mon, 12 Apr 2021 05:32:44 +0200 Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2 with LMTPS id yPZsLly/c2DWDAAAB5/wlQ (envelope-from ) for ; Mon, 12 Apr 2021 03:32:44 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 210F41876A for ; Mon, 12 Apr 2021 05:32:44 +0200 (CEST) Received: from localhost ([::1]:38098 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lVnJZ-0003pX-UK for larch@yhetil.org; Sun, 11 Apr 2021 23:32:41 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:34524) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lVnJP-0003pR-Eo for help-guix@gnu.org; Sun, 11 Apr 2021 23:32:31 -0400 Received: from minsky.hcoop.net ([104.248.1.95]:41358) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lVnJN-0007ga-R4 for help-guix@gnu.org; Sun, 11 Apr 2021 23:32:31 -0400 Received: from marsh.hcoop.net ([45.55.52.66]) by minsky.hcoop.net with esmtpsa (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1lVnJM-0005mK-7B for help-guix@gnu.org; Sun, 11 Apr 2021 23:32:28 -0400 Date: Sun, 11 Apr 2021 23:32:27 -0400 (EDT) From: Jack Hill X-X-Sender: jackhill@marsh.hcoop.net To: help-guix@gnu.org Subject: ProxyJump and offload Message-ID: User-Agent: Alpine 2.21 (DEB 202 2017-01-01) MIME-Version: 1.0 Content-ID: Received-SPF: pass client-ip=104.248.1.95; envelope-from=jackhill@jackhill.us; helo=minsky.hcoop.net X-Spam_score_int: -13 X-Spam_score: -1.4 X-Spam_bar: - X-Spam_report: (-1.4 / 5.0 requ) BAYES_00=-1.9, PDS_BTC_ID=0.499, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, WEIRD_PORT=0.001 autolearn=no autolearn_force=no X-Spam_action: no action Content-Type: text/plain; FORMAT=flowed; CHARSET=UTF-8 Content-Transfer-Encoding: 8BIT X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: help-guix@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-guix-bounces+larch=yhetil.org@gnu.org Sender: "Help-Guix" X-Migadu-Flow: FLOW_IN ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1618198364; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=WM1Y2d6SxDL5OFUEeolApdGpG9DHBIY9Wi3pD/xxYP8=; b=dAafNvmEbtI/c5+OCymVEE44DiTUXsr3RfpiDWMddThWOFkFLeuMdyr1OzGtGe4ZblmRGS dtOyhVumARETaWL5EE0eGwIgyJRXh8LNAnzOP/Qq4h/0AJXFbm+tSn0z1wbIFbLysP1lpp OfFkUaX0ao388I7moH3V1OpHWBqfY600ntRG0KsFbm2H05GTrVE1p2mcY9ea4+MV7yvlfm Qem1vWm1yiD6nbz5Kke2aE0CuDs76d2wl7XMe6P2Q7JqJs0G5P7gTkgN82M9jGza3ARTeD LfnuCyTT9hRedO+NlbbncFtAaCmnmui6EvuWPDMl6HvIqfF15vJB9lcKtMLefw== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1618198364; a=rsa-sha256; cv=none; b=EyqLWTduH59KHTK6R5HRdA9xe7a89YoNCiXcO1vtAo88bPVGUZacdNeDu+0opiWdodX/IZ bNIpzYOtq1xrpbVCvHMkLixkUXwFYmVpRD3rhpJ5AGmgNnn8KWXpi1kpiW+ZB/rsZs/Nyz r2Ig6xqX3IzdOBFBpMxb+rGicJIJGeUx4ycUq3L+8pfZji4KBRrPij9iNS4FWaqWklp4rc 0drStZ/SFm/wi0PKCGIj+fCCBsy2/W4lf9Vcl8rMQtKFqMjjZTWvW7tDlfQdA1d/Tgajyl B0GCZTYmRNBJB5EHIq4U0IA+46xrFymuK1QjoIsj1xqJIQO96Ue//KK+ljZ/4g== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of help-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=help-guix-bounces@gnu.org X-Migadu-Spam-Score: -1.94 Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of help-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=help-guix-bounces@gnu.org X-Migadu-Queue-Id: 210F41876A X-Spam-Score: -1.94 X-Migadu-Scanner: scn0.migadu.com X-TUID: U7aA4qMpIlBz Hi Guix, I'm tryng to set up offloading to a remote machine on a different network. The preffered way to access machines on the remote network is via openssh's ProxyJump option (as I understand it, this does some automated port forwarding to access the eventual remote host via the proxy host). To that end I've set up the following root ssh config in /root/.ssh/config: ``` Host proxy.remote.jackhill.us User jackhill Host builder.jackhill.us User install ProxyJump proxy.remote.jackhill.us ``` and /etc/guix/machines.scm: ``` (list (build-machine (name "builder.jackhill.us") (systems '("x86_64-linux")) (user "install") (host-key "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHls4Zn3WmWBdBCO43gmwJSd2afVzr980nQV4RLH/tw8 root@builder") (private-key "/root/.ssh/id_ed25519"))) ``` With this configuration `sudo -E guix offload test` suceeds: ``` $ sudo -E guix offload test guix offload: testing 1 build machines defined in '/etc/guix/machines.scm'... guix offload: Guix is usable on 'builder.jackhill.us' (test returned "/gnu/store/883yjkl46dxw9mzykykmbs0yzwyxm17z-test") guix offload: 'builder.jackhill.us' is running GNU Guile 3.0.5 guix offload: sending 1 store item (0 MiB) to 'builder.jackhill.us'... exporting path `/gnu/store/xv5y6vb5rqivpgg8c23mmyifnbjx4zkg-export-test' guix offload: 'builder.jackhill.us' successfully imported '/gnu/store/xv5y6vb5rqivpgg8c23mmyifnbjx4zkg-export-test' retrieving 1 store item from 'builder.jackhill.us'... guix offload: successfully imported '/gnu/store/0p7dz3ynp51qk4q9nvbscl5bv0hvfcsh-import-test' from 'builder.jackhill.us' ``` However, actually trying to build something that is not in my store fails: ``` $ guix build --no-substitutes okular The following derivation will be built: /gnu/store/gcbhh3rbpmcr4p4rdvsj9cw48gwkhnlf-okular-20.12.1.drv process 18275 acquired build slot '/var/guix/offload/builder.jackhill.us:22/0' guix offload: error: failed to connect to 'builder.jackhill.us': Socket error: Connection reset by peer waiting for locks or build slots... ^C ``` If I temporarily disable the need to use a proxy host and remove the ProxyJump line from my ssh config, then it works as expected: ``` $ guix build --no-substitutes okular The following derivation will be built: /gnu/store/gcbhh3rbpmcr4p4rdvsj9cw48gwkhnlf-okular-20.12.1.drv process 18551 acquired build slot '/var/guix/offload/builder.jackhill.us:22/0' normalized load on machine 'builder.jackhill.us' is 0.01 building /gnu/store/gcbhh3rbpmcr4p4rdvsj9cw48gwkhnlf-okular-20.12.1.drv... guix offload: sending 294 store items (286 MiB) to 'builder.jackhill.us'... exporting path `/gnu/store/36dq4d3dba7z2vjiqsqphndn7sb2wmyj-kconfig-5.70.0-guile-builder' … ``` What am I doing wrong? Best, Jack