all messages for Guix-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed
From: Marius Bakke <marius@gnu.org>
To: 42261@debbugs.gnu.org
Subject: [bug#42261] [PATCH 4/4] services: Add ganeti.
Date: Wed,  8 Jul 2020 12:11:17 +0200	[thread overview]
Message-ID: <20200708101118.3579-4-marius@gnu.org> (raw)
In-Reply-To: <20200708101118.3579-1-marius@gnu.org>

* gnu/services/virtualization.scm (<ganeti-noded-configuration>,
<ganeti-confd-configuration>, <ganeti-wconfd-configuration>,
<ganeti-luxid-configuration>, <ganeti-rapi-configuration>,
<ganeti-kvmd-configuration>, <ganeti-mond-configuration>),
<ganeti-metad-configuration>, <ganeti-watcher-configuration>,
<ganeti-cleaner-configuration>, <ganeti-configuration>, <ganeti-os>,
<ganeti-os-variant>, <debootstrap-configuration>): New record types.
(%default-ganeti-environment-variables, ganeti-noded-service,
ganeti-noded-service-type, ganeti-confd-service, ganeti-confd-service-type,
ganeti-wconfd-service, ganeti-wconfd-service-type, ganeti-luxid-service,
ganeti-luxid-service-type, ganeti-rapi-service, ganeti-rapi-service-type,
ganeti-kvmd-service, ganeti-kvmd-service-type, ganeti-mond-service,
ganeti-mond-service-type, ganeti-metad-service, ganeti-metad-service-type,
ganeti-watcher-command, ganeti-watcher-jobs, ganeti-watcher-service-type,
ganeti-cleaner-jobs, ganeti-cleaner-service-type, ganeti-activation,
ganeti-shepherd-services, ganeti-mcron-jobs, ganeti-service-type,
hooks->directory, debootstrap-configuration-compiler, debootstrap-variant,
ganeti-os-variant->configuration, ganeti-os->directory, ganeti-directory,
file-storage-file, ganeti-etc-service, ganeti-service-type): New variables.
* gnu/tests/virtualization.scm (%debootstrap-hooks, %ganeti-os,
run-ganeti-test, %test-ganeti-kvm, %test-ganeti-lxc): New variables.
* doc/guix.texi (Virtualization Services): Document accordingly.
---
 doc/guix.texi                   | 560 ++++++++++++++++++++
 gnu/services/virtualization.scm | 906 +++++++++++++++++++++++++++++++-
 gnu/tests/virtualization.scm    | 175 +++++-
 3 files changed, 1639 insertions(+), 2 deletions(-)

diff --git a/doc/guix.texi b/doc/guix.texi
index 992bc303bb..d5cfc23297 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -24898,6 +24898,566 @@ the @code{--snapshot} flag using something along these lines:
           (options '("--hda"))))
 @end lisp
 
+@subsubheading Ganeti
+
+@cindex ganeti
+
+@quotation Note
+This service currently offered as a tech preview.  Configuration options may
+be changed in a backwards-incompatible manner, and not all features have been
+thorougly tested.  Users of this service are encouraged to share their
+experience at @email{guix-devel@@gnu.org}.
+@end quotation
+
+Ganeti is a cluster-based virtual machine management system.  It consists
+of multiple services which are described later in this section.  In addition
+to the Ganeti service, you will need the OpenSSH service
+(@pxref{Networking Services, @code{openssh-service-type}}), and update the
+@file{/etc/hosts} file (@pxref{operating-system Reference, @code{hosts-file}})
+with the cluster name and address (or use a DNS server).  Here is an example
+configuration for a Ganeti cluster node:
+
+@lisp
+(operating-system
+  ...
+  (host-name "node1")
+  (hosts-file (plain-file "hosts" (format #f "
+127.0.0.1       localhost
+::1             localhost
+
+192.168.1.100   ganeti.example.com
+192.168.1.101   node1.example.com node1
+192.168.1.102   node2.example.com node2
+")))
+
+  ;; Install QEMU so we can use KVM-based instances, and LVM, DRBD and Ceph
+  ;; in order to use the "plain", "drbd" and "rbd" storage backends.
+  (packages (append (map specification->package
+                         '("qemu" "lvm2" "drbd-utils" "ceph"
+                           "ganeti-instance-guix" "ganeti-instance-debootstrap"))
+                    %base-packages))
+  (services
+   (append (list (static-networking-service "eth0" "192.168.1.101"
+                                            #:netmask "255.255.255.0"
+                                            #:gateway "192.168.1.254"
+                                            #:name-servers '("192.168.1.252"
+                                                             "192.168.1.253"))
+
+                 ;; Ganeti uses SSH to communicate between nodes.
+                 (service openssh-service-type
+                          (openssh-configuration
+                           (permit-root-login 'without-password)))
+
+                 (service ganeti-service-type
+                          (ganeti-configuration
+                           ;; This file specifies allowed file system paths
+                           ;; for storing virtual machine images.
+                           (file-storage-paths '("/srv/ganeti/file-storage")))))
+           %base-services)))
+@end lisp
+
+Users are advised to read the
+@url{http://docs.ganeti.org/ganeti/master/html/admin.html,Ganeti
+administrators guide} to learn about the various cluster options and
+day-to-day operations.
+
+There is also a
+@url{https://guix.gnu.org/blog/2020/ganeti-cluster-on-guix/,blog post}
+describing how to configure a small cluster.
+
+The rest of this section documents each of the various services and their
+configuration options.
+
+@defvr {Scheme Variable} ganeti-service-type
+This is a service type that includes all the various services that Ganeti
+nodes should run.
+
+Its value is a @code{ganeti-configuration} object that defines the package
+to use for CLI operations, as well as configuration for the various daemons.
+
+@end defvr
+
+@deftp {Data Type} ganeti-configuration
+The @code{ganeti} service takes the following configuration options:
+
+@table @asis
+@item @code{ganeti} (default: @code{ganeti})
+The @code{ganeti} package to use.  It will be installed to the system profile
+and make @command{gnt-cluster}, @command{gnt-instance}, etc available.  Note
+that the value specified here does not affect the other services as each refer
+to a specific @code{ganeti} package (see below).
+
+@item @code{noded-configuration} (default: @code{(ganeti-noded-configuration)})
+@item @code{confd-configuration} (default: @code{(ganeti-confd-configuration)})
+@item @code{wconfd-configuration} (default: @code{(ganeti-wconfd-configuration)})
+@item @code{luxid-configuration} (default: @code{(ganeti-luxid-configuration)})
+@item @code{rapi-configuration} (default: @code{(ganeti-rapi-configuration)})
+@item @code{kvmd-configuration} (default: @code{(ganeti-kvmd-configuration)})
+@item @code{mond-configuration} (default: @code{(ganeti-mond-configuration)})
+@item @code{watcher-configuration} (default: @code{(ganeti-watcher-configuration)})
+@item @code{cleaner-configuration} (default: @code{(ganeti-cleaner-configuration)})
+
+These options control the various daemons and cron jobs that are distributed
+with Ganeti.  The possible values for these are described in detail below.
+To override a setting, you must use the configuration type for that service:
+
+@lisp
+(service ganeti-service-type
+         (ganeti-configuration
+          (rapi-configuration
+           (ganeti-rapi-configuration
+            (interface "eth1"))))
+          (watcher-configuration
+           (ganeti-watcher-configuration
+            (rapi-ip "10.0.0.1"))))
+@end lisp
+
+@item @code{file-storage-paths} (default: @code{'()})
+List of allowed directories for file storage backend.
+
+@item @code{os} (default: @code{'()})
+List if @code{<ganeti-os>} records.  This currently only works with the
+@code{debootstrap} OS plugin.
+@end table
+
+In essence @code{ganeti-service-type} is shorthand for declaring each service
+individually:
+
+@lisp
+(service ganeti-noded-service-type)
+(service ganeti-confd-service-type)
+(service ganeti-wconfd-service-type)
+(service ganeti-luxid-service-type)
+(service ganeti-kvmd-service-type)
+(service ganeti-mond-service-type)
+(service ganeti-watcher-service-type)
+(service ganeti-cleaner-service-type)
+@end lisp
+
+The @file{/etc/ganeti} directory would need to be managed by other means however.
+
+@end deftp
+
+@deftp {Scheme Variable} ganeti-os
+This data type is suitable for passing to the @code{os} configuration of
+Ganeti.  It takes the following parameters:
+
+@table @asis
+@item @code{name}
+The name for this OS.  It is only used to specify where the variant configuration
+ends up.  Setting it to "debootstrap" will create
+@file{/etc/ganeti/instance-debootstrap}.
+
+@item @code{variants} (default: @code{'()})
+List of @code{ganeti-os-variant} objects for this OS.
+
+@end table
+@end deftp
+
+@deftp {Scheme Variable} ganeti-os-variant
+This is the data type for a Ganeti OS variant.
+
+@table @asis
+@item @code{name}
+The name of this variant.
+
+@item @code{configuration}
+A configuration for this variant.  Currently only @code{debootstrap-configuration}
+is supported.
+
+@end table
+@end deftp
+
+@deftp {Scheme Variable} debootstrap-configuration
+
+@table @asis
+@item @code{hooks} (default: @code{#f})
+If set, this must be a G-expression that specifies a directory with scripts
+that will run when the OS is installed.  It can also be a list of
+@code{(name . file-like)} pairs.  For example:
+
+@lisp
+
+`((10-testing . ,(plain-file "#!/bin/sh\necho Hello, World")))
+
+@end lisp
+
+That will create a directory with one executable and run it every time this
+variant is installed.
+@item @code{proxy} (default: @code{#f})
+HTTP proxy to use, if any.
+@item @code{mirror} (default: @var{#f})
+The Debian mirror.  Typically something like
+@code{http://ftp.no.debian.org/debian}.  The default varies depending on
+the distribution.
+@item @code{arch} (default: @code{#f})
+The dpkg architecture.  Set to @code{armhf} to debootstrap an ARMv7 instance
+on an AArch64 host.  Default is to use the current system architecture.
+@item @code{suite} (default: @code{"stable"})
+When not #f, must be a Debian distribution suite such as @code{buster} or
+@code{focal}.
+@item @code{extra-pkgs} (default: @var{%default-debootstrap-extra-pkgs})
+List of extra packages that will get installed by dpkg in addition
+to the minimal system.
+@item @code{components} (default: @code{#f})
+When set, must be a list of Debian repository ``components''.  For example
+@code{'("main" "contrib")}.
+@item @code{generate-cache?} (default: @code{#t})
+Whether to automatically cache the generated debootstrap archive.
+@item @code{clean-cache} (default: @code{14})
+Discard the cache after this amount of days.  Use @code{#f} to never
+clear the cache.
+@item @code{partition-style} (default: @code{'msdos})
+The type of partition to create.  When set, it must be one of
+@code{'msdos}, @code{'none} or a string.
+@item @code{partition-alignment} (default: @code{2048})
+Alignment of the partition in sectors.
+@end table
+@end deftp
+
+@defvr {Scheme Variable} debootstrap-variant
+This is a helper procedure to create @code{ganeti-os-variant} records.  It
+takes two arguments: a name and an optional @code{debootstrap-configuration}
+for this variant.
+@end defvr
+
+@defvr {Scheme Variable} ganeti-noded-service-type
+@command{ganeti-noded} is the daemon responsible for node-specific functions
+within the Ganeti system.  The value of this service must be a
+@code{ganeti-noded-configuration} object.
+
+@end defvr
+
+@deftp {Data Type} ganeti-noded-configuration
+This is the configuration for the @code{ganeti-noded} service.
+
+@table @asis
+@item @code{ganeti} (default: @code{ganeti})
+The @code{ganeti} package to use for this service.
+
+@item @code{port} (default: @code{1811})
+The TCP port on which the node daemon listens for network requests.
+
+@item @code{address} (default: @code{"0.0.0.0"})
+The network address that the daemon will bind to.  The default address means
+bind to all available addresses.
+
+@item @code{interface} (default: @code{#f})
+When this is set, it must be a specific network interface (e.g.@: @code{eth0})
+that the daemon will bind to.
+
+@item @code{max-clients} (default: @code{20})
+This sets a limit on the maximum number of simultaneous client connections
+that the daemon will handle.  Connections above this count are accepted, but
+no responses will be sent until enough connections have closed.
+
+@item @code{ssl?} (default: @code{#t})
+Whether to use SSL/TLS to encrypt network communications.  The certificate
+is automatically provisioned by the cluster and can be rotated with
+@command{gnt-cluster renew-crypto}.
+
+@item @code{ssl-key} (default: @file{"/var/lib/ganeti/server.pem"})
+This can be used to provide a specific encryption key for TLS communications.
+
+@item @code{ssl-cert} (default: @file{"/var/lib/ganeti/server.pem"})
+This can be used to provide a specific certificate for TLS communications.
+
+@item @code{debug?} (default: @code{#f})
+When true, the daemon performs additional logging for debugging purposes.
+Note that this @emph{will} leak encryption details to the log files, use
+with care.
+
+@end table
+@end deftp
+
+@defvr {Scheme Variable} ganeti-confd-service-type
+@command{ganeti-confd} answers queries related to the configuration of a
+Ganeti cluster.  The purpose of this daemon is to have a highly available
+and fast way to query cluster configuration values.  It is automatically
+active on all @dfn{master candidates}.  The value of this service must be a
+@code{ganeti-confd-configuration} object.
+
+@end defvr
+
+@deftp {Data Type} ganeti-confd-configuration
+This is the configuration for the @code{ganeti-confd} service.
+
+@table @asis
+@item @code{ganeti} (default: @code{ganeti})
+The @code{ganeti} package to use for this service.
+
+@item @code{port} (default: @code{1814})
+The UDP port on which to listen for network requests.
+
+@item @code{address} (default: @code{"0.0.0.0"})
+Network address that the daemon will bind to.
+
+@item @code{debug?} (default: @code{#f})
+When true, the daemon performs additional logging for debugging purposes.
+
+@end table
+@end deftp
+
+@defvr {Scheme Variable} ganeti-wconfd-service-type
+@command{ganeti-wconfd} is the daemon that has authoritative knowledge
+about the cluster configuration and is the only entity that can accept
+changes to it.  All jobs that need to modify the configuration will do so
+by sending appropriate requests to this daemon.  It only runs on the
+@dfn{master node} and will automatically disable itself on other nodes.
+
+The value of this service must be a
+@code{ganeti-wconfd-configuration} object.
+@end defvr
+
+@deftp {Data Type} ganeti-wconfd-configuration
+This is the configuration for the @code{ganeti-wconfd} service.
+
+@table @asis
+@item @code{ganeti} (default: @code{ganeti})
+The @code{ganeti} package to use for this service.
+
+@item @code{no-voting?} (default: @code{#f})
+The daemon will refuse to start if the majority of cluster nodes does not
+agree that it is running on the master node.  Set to @code{#t} to start
+even if a quorum can not be reached (dangerous, use with caution).
+
+@item @code{debug?} (default: @code{#f})
+When true, the daemon performs additional logging for debugging purposes.
+
+@end table
+@end deftp
+
+@defvr {Scheme Variable} ganeti-luxid-service-type
+@command{ganeti-luxid} is a daemon used to answer queries related to the
+configuration and the current live state of a Ganeti cluster.  Additionally,
+it is the authorative daemon for the Ganeti job queue.   Jobs can be
+submitted via this daemon and it schedules and starts them.
+
+It takes a @code{ganeti-luxid-configuration} object.
+@end defvr
+
+@deftp {Data Type} ganeti-luxid-configuration
+This is the configuration for the @code{ganeti-wconfd} service.
+
+@table @asis
+@item @code{ganeti} (default: @code{ganeti})
+The @code{ganeti} package to use for this service.
+
+@item @code{no-voting?} (default: @code{#f})
+The daemon will refuse to start if it cannot verify that the majority of
+cluster nodes believes that it is running on the master node.  Set to
+@code{#t} to ignore such checks and start anyway (this can be dangerous).
+
+@item @code{debug?} (default: @code{#f})
+When true, the daemon performs additional logging for debugging purposes.
+
+@end table
+@end deftp
+
+@defvr {Scheme Variable} ganeti-rapi-service-type
+@command{ganeti-rapi} provides a remote API for Ganeti clusters.  It runs on
+the master node and can be used to perform cluster actions programmatically
+via a JSON-based RPC protocol.
+
+Most query operations are allowed without authentication (unless
+@var{require-authentication?} is set), whereas write operations require
+explicit authorization via the @file{/var/lib/ganeti/rapi/users} file.  See
+the @url{http://docs.ganeti.org/ganeti/master/html/rapi.html, Ganeti Remote
+API documentation} for more information.
+
+The value of this service must be a @code{ganeti-rapi-configuration} object.
+@end defvr
+
+@deftp {Data Type} ganeti-rapi-configuration
+This is the configuration for the @code{ganeti-rapi} service.
+
+@table @asis
+@item @code{ganeti} (default: @code{ganeti})
+The @code{ganeti} package to use for this service.
+
+@item @code{require-authentication?} (default: @code{#f})
+Whether to require authentication even for read-only operations.
+
+@item @code{port} (default: @code{5080})
+The TCP port on which to listen to API requests.
+
+@item @code{address} (default: @code{"0.0.0.0"})
+The network address that the service will bind to.  By default it listens
+on all configured addresses.
+
+@item @code{interface} (default: @code{#f})
+When set, it must specify a specific network interface such as @code{eth0}
+that the daemon will bind to.
+
+@item @code{max-clients} (default: @code{20})
+The maximum number of simultaneous client requests to handle.  Further
+connections are allowed, but no responses are sent until enough connections
+have closed.
+
+@item @code{ssl-key} (default: @file{"/var/lib/ganeti/server.pem"})
+This can be used to provide a specific encryption key for TLS communications.
+
+@item @code{ssl-cert} (default: @file{"/var/lib/ganeti/server.pem"})
+This can be used to provide a specific certificate for TLS communications.
+
+@item @code{debug?} (default: @code{#f})
+When true, the daemon performs additional logging for debugging purposes.
+Note that this @emph{will} leak encryption details to the log files, use
+with caution.
+
+@end table
+@end deftp
+
+@defvr {Scheme Variable} ganeti-kvmd-service-type
+@command{ganeti-kvmd} is responsible for determining whether a given KVM
+instance was shut down by an administrator or a user.  Normally Ganeti will
+restart an instance that was not stopped through Ganeti itself.  If the
+cluster option @code{user_shutdown} is true, this daemon monitors the
+@code{QMP} socket provided by QEMU and listens for shutdown events, and
+marks the instance as @dfn{USER_down} instead of @dfn{ERROR_down} when
+it shuts down gracefully by itself.
+
+It takes a @code{ganeti-kvmd-configuration} object.
+@end defvr
+
+@deftp {Data Type} ganeti-kvmd-configuration
+
+@table @asis
+@item @code{ganeti} (default: @code{ganeti})
+The @code{ganeti} package to use for this service.
+
+@item @code{debug?} (default: @code{#f})
+When true, the daemon performs additional logging for debugging purposes.
+
+@end table
+@end deftp
+
+@defvr {Scheme Variable} ganeti-mond-service-type
+@command{ganeti-mond} is an optional daemon that provides Ganeti monitoring
+functionality.  It is responsible for running data collectors and publish the
+collected information through a HTTP interface.
+
+It takes a @code{ganeti-mond-configuration} object.
+@end defvr
+
+@deftp {Data Type} ganeti-mond-configuration
+
+@table @asis
+@item @code{ganeti} (default: @code{ganeti})
+The @code{ganeti} package to use for this service.
+
+@item @code{port} (default: @code{1815})
+The port on which the daemon will listen.
+
+@item @code{address} (default: @code{"0.0.0.0"})
+The network address that the daemon will bind to.  By default it binds to all
+available interfaces.
+
+@item @code{debug?} (default: @code{#f})
+When true, the daemon performs additional logging for debugging purposes.
+
+@end table
+@end deftp
+
+@defvr {Scheme Variable} ganeti-metad-service-type
+@command{ganeti-metad} is an optional daemon that can be used to provide
+information about the cluster to instances or OS install scripts.  It is
+not included in @code{ganeti-service-type} because using it requires
+additional configuration and support in OS providers.
+
+It takes a @code{ganeti-metad-configuration} object.
+@end defvr
+
+@deftp {Data Type} ganeti-metad-configuration
+
+@table @asis
+@item @code{ganeti} (default: @code{ganeti})
+The @code{ganeti} package to use for this service.
+
+@item @code{port} (default: @code{80})
+The port on which the daemon will listen.
+
+@item @code{address} (default: @code{#f})
+If set, the daemon will bind to this address only.  If left unset, the behavior
+depends on the cluster configuration.
+
+@item @code{debug?} (default: @code{#f})
+When true, the daemon performs additional logging for debugging purposes.
+
+@end table
+@end deftp
+
+@defvr {Scheme Variable} ganeti-watcher-service-type
+@command{ganeti-watcher} is a script designed to run periodically and ensure
+the health of a cluster.  It will automatically restart instances that have
+stopped without Ganetis consent, and repairs DRBD links in case a node has
+rebooted.  It also archives old cluster jobs and restarts Ganeti daemons
+that are not running.  If the cluster parameter @code{ensure_node_health}
+is set, the watcher will also shutdown instances and DRBD devices if the
+node it is running on is declared offline by known master candidates.
+
+It can be paused on all nodes with @command{gnt-cluster watcher pause}.
+
+The service takes a @code{ganeti-watcher-configuration} object.
+@end defvr
+
+@deftp {Data Type} ganeti-watcher-configuration
+
+@table @asis
+@item @code{ganeti} (default: @code{ganeti})
+The @code{ganeti} package to use for this service.
+
+@item @code{schedule} (default: @code{'(next-second-from (next-minute (range 0 60 5)))})
+How often to run the script.  The default is every five minutes.
+
+@item @code{rapi-ip} (default: @code{#f})
+This option needs to be specified only if the RAPI daemon is configured to use
+a particular interface or address.  By default the cluster address is used.
+
+@item @code{job-age} (default: @code{(* 6 3600)})
+Archive cluster jobs older than this age, specified in seconds.  The default
+is 6 hours.  This keeps @command{gnt-job list} manageable.
+
+@item @code{verify-disks?} (default: @code{#t})
+If this is @code{#f}, the watcher will not try to repair broken DRBD links
+automatically.  Administrators should instead use
+@command{gnt-cluster verify-disks} manually.
+
+@item @code{debug?} (default: @code{#f})
+When @code{#t}, the script performs additional logging for debugging purposes.
+
+@end table
+@end deftp
+
+@defvr {Scheme Variable} ganeti-cleaner-service-type
+@command{ganeti-cleaner} is a script designed to run periodically and remove
+old files from the cluster.  This service type controls two @dfn{cron jobs}:
+one intended for the master node that permanently purges old cluster jobs,
+and one intended for every node that removes expired X509 certificates, keys,
+and outdated @command{ganeti-watcher} information.  Like all Ganeti services,
+it is safe to include even on non-master nodes as it will disable itself as
+necessary.
+
+It takes a @code{ganeti-cleaner-configuration} object.
+@end defvr
+
+@deftp {Data Type} ganeti-cleaner-configuration
+
+@table @asis
+@item @code{ganeti} (default: @code{ganeti})
+The @code{ganeti} package to use for the @command{gnt-cleaner} command.
+
+@item @code{master-schedule} (default: @code{"45 1 * * *"})
+How often to run the master cleaning job.  The default is once per day, at
+01:45:00.
+
+@item @code{node-schedule} (default: @code{"45 2 * * *"})
+How often to run the node cleaning job.  The default is once per day, at
+02:45:00.
+
+@end table
+@end deftp
+
 @node Version Control Services
 @subsection Version Control Services
 
diff --git a/gnu/services/virtualization.scm b/gnu/services/virtualization.scm
index b93ed70099..0566508a3a 100644
--- a/gnu/services/virtualization.scm
+++ b/gnu/services/virtualization.scm
@@ -2,6 +2,7 @@
 ;;; Copyright © 2017 Ryan Moe <ryan.moe@gmail.com>
 ;;; Copyright © 2018 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2020 Jan (janneke) Nieuwenhuizen <janneke@gnu.org>
+;;; Copyright © 2020 Marius Bakke <marius@gnu.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -28,6 +29,7 @@
   #:use-module (gnu services base)
   #:use-module (gnu services configuration)
   #:use-module (gnu services dbus)
+  #:use-module (gnu services mcron)
   #:use-module (gnu services shepherd)
   #:use-module (gnu services ssh)
   #:use-module (gnu services)
@@ -45,10 +47,12 @@
   #:use-module (guix store)
   #:use-module (guix utils)
 
+  #:use-module (srfi srfi-1)
   #:use-module (srfi srfi-9)
   #:use-module (srfi srfi-26)
   #:use-module (rnrs bytevectors)
   #:use-module (ice-9 match)
+  #:use-module (ice-9 format)
 
   #:export (%hurd-vm-operating-system
             hurd-vm-configuration
@@ -77,7 +81,65 @@
 
             qemu-binfmt-configuration
             qemu-binfmt-configuration?
-            qemu-binfmt-service-type))
+            qemu-binfmt-service-type
+
+            ganeti-noded-configuration
+            ganeti-noded-configuration?
+            ganeti-noded-service-type
+
+            ganeti-confd-configuration
+            ganeti-confd-configuration?
+            ganeti-confd-service-type
+
+            ganeti-wconfd-configuration
+            ganeti-wconfd-configuration?
+            ganeti-wconfd-service-type
+            ganeti-wconfd-forced-service-type
+
+            ganeti-luxid-configuration
+            ganeti-luxid-configuration?
+            ganeti-luxid-service-type
+
+            ganeti-rapi-configuration
+            ganeti-rapi-configuration?
+            ganeti-rapi-service-type
+
+            ganeti-kvmd-configuration
+            ganeti-kvmd-configuration?
+            ganeti-kvmd-service-type
+
+            ganeti-mond-configuration
+            ganeti-mond-configuration?
+            ganeti-mond-service-type
+
+            ganeti-metad-configuration
+            ganeti-metad-configuration?
+            ganeti-metad-service-type
+
+            ganeti-watcher-configuration
+            ganeti-watcher-configuration?
+            ganeti-watcher-service-type
+
+            ganeti-cleaner-configuration
+            ganeti-cleaner-configuration?
+            ganeti-cleaner-service-type
+
+            ganeti-os
+            ganeti-os?
+            ganeti-os-variants
+
+            ganeti-os-variant
+            ganeti-os-variant?
+            ganeti-os-variant-configuration
+
+            %default-debootstrap-extra-pkgs
+            debootstrap-configuration
+            debootstrap-configuration?
+            debootstrap-variant
+
+            ganeti-configuration
+            ganeti-configuration?
+            ganeti-service-type))
 
 (define (uglify-field-name field-name)
   (let ((str (symbol->string field-name)))
@@ -912,3 +974,845 @@ functionality of the kernel Linux.")))
    (default-value (hurd-vm-configuration))
    (description
     "Provide a Virtual Machine running the GNU/Hurd.")))
+
+
+\f
+;;;
+;;; Service definitions for running a Ganeti cluster.
+;;;
+;;; Planned improvements: run daemons (except ganeti-noded) under unprivileged
+;;; user accounts and/or containers.  The account names must match the ones
+;;; given to Ganetis configure script.  metad needs "setcap" or root in order
+;;; to bind on port 80.
+
+;; Set PATH so the various daemons are able to find the 'ip' executable, LVM,
+;; Ceph, Gluster, etc, without having to add absolute references to everything.
+(define %default-ganeti-environment-variables
+  (list (string-append "PATH="
+                       (string-join '("/run/setuid-programs"
+                                      "/run/current-system/profile/sbin"
+                                      "/run/current-system/profile/bin")
+                                    ":"))))
+
+(define-record-type* <ganeti-noded-configuration>
+  ganeti-noded-configuration make-ganeti-noded-configuration
+  ganeti-noded-configuration?
+  (ganeti      ganeti-noded-configuration-ganeti        ;<package>
+               (default ganeti))
+  (port        ganeti-noded-configuration-port          ;integer
+               (default 1811))
+  (address     ganeti-noded-configuration-address       ;string
+               (default "0.0.0.0"))
+  (interface   ganeti-noded-configuration-interface     ;string | #f
+               (default #f))
+  (max-clients ganeti-noded-configuration-max-clients   ;integer
+               (default 20))
+  (ssl?        ganeti-noded-configuration-ssl?          ;Boolean
+               (default #t))
+  (ssl-key     ganeti-noded-configuration-ssl-key       ;string
+               (default "/var/lib/ganeti/server.pem"))
+  (ssl-cert    ganeti-noded-configuration-ssl-cert      ;string
+               (default "/var/lib/ganeti/server.pem"))
+  (debug?      ganeti-noded-configuration-debug?        ;Boolean
+               (default #f)))
+
+(define ganeti-noded-service
+  (match-lambda
+    (($ <ganeti-noded-configuration> ganeti port address interface max-clients
+                                     ssl? ssl-key ssl-cert debug?)
+     (list (shepherd-service
+            (documentation "Run the Ganeti node daemon.")
+            (provision '(ganeti-noded))
+            (requirement '(user-processes networking))
+
+            ;; If the daemon stops, it is probably for a good reason;
+            ;; otherwise ganeti-watcher will restart it for us anyway.
+            (respawn? #f)
+
+            (start #~(make-forkexec-constructor
+                      (list #$(file-append ganeti "/sbin/ganeti-noded")
+                            (string-append "--port=" (number->string #$port))
+                            (string-append "--bind=" #$address)
+                            #$@(if interface
+                                   #~((string-append "--interface=" #$interface))
+                                   #~())
+                            (string-append "--max-clients="
+                                           #$(number->string max-clients))
+                            #$@(if ssl?
+                                   #~((string-append "--ssl-key=" #$ssl-key)
+                                      (string-append "--ssl-cert=" #$ssl-cert))
+                                   #~("--no-ssl"))
+                            #$@(if debug?
+                                   #~("--debug")
+                                   #~()))
+                      #:environment-variables
+                      '#$%default-ganeti-environment-variables
+                      #:pid-file "/var/run/ganeti/ganeti-noded.pid"))
+            (stop #~(make-kill-destructor)))))))
+
+(define ganeti-noded-service-type
+  (service-type (name 'ganeti-noded)
+                (extensions
+                 (list (service-extension shepherd-root-service-type
+                                          ganeti-noded-service)))
+                (default-value (ganeti-noded-configuration))
+                (description
+                 "@command{ganeti-noded} is the daemon which is responsible
+for the node functions in the Ganeti system.")))
+
+(define-record-type* <ganeti-confd-configuration>
+  ganeti-confd-configuration make-ganeti-confd-configuration
+  ganeti-confd-configuration?
+  (ganeti      ganeti-confd-configuration-ganeti        ;<package>
+               (default ganeti))
+  (port        ganeti-confd-configuration-port          ;integer
+               (default 1814))
+  (address     ganeti-confd-configuration-address       ;string
+               (default "0.0.0.0"))
+  (debug?      ganeti-confd-configuration-debug?        ;Boolean
+               (default #f)))
+
+(define ganeti-confd-service
+  (match-lambda
+    (($ <ganeti-confd-configuration> ganeti port address debug?)
+     (list (shepherd-service
+            (documentation "Run the Ganeti confd daemon.")
+            (provision '(ganeti-confd))
+            (requirement '(user-processes networking))
+            (respawn? #f)
+            (start #~(make-forkexec-constructor
+                      (list #$(file-append ganeti "/sbin/ganeti-confd")
+                            (string-append "--port=" (number->string #$port))
+                            (string-append "--bind=" #$address)
+                            #$@(if debug?
+                                   #~("--debug")
+                                   #~()))
+                      #:environment-variables
+                      '#$%default-ganeti-environment-variables
+                      #:pid-file "/var/run/ganeti/ganeti-confd.pid"))
+            (stop #~(make-kill-destructor)))))))
+
+(define ganeti-confd-service-type
+  (service-type (name 'ganeti-confd)
+                (extensions
+                 (list (service-extension shepherd-root-service-type
+                                          ganeti-confd-service)))
+                (default-value (ganeti-confd-configuration))
+                (description
+                 "@command{ganeti-confd} is a daemon used to answer queries
+related to the configuration of a Ganeti cluster.")))
+
+(define-record-type* <ganeti-wconfd-configuration>
+  ganeti-wconfd-configuration make-ganeti-wconfd-configuration
+  ganeti-wconfd-configuration?
+  (ganeti      ganeti-wconfd-configuration-ganeti       ;<package>
+               (default ganeti))
+  (no-voting?  ganeti-wconfd-configuration-no-voting?   ;Boolean
+               (default #f))
+  (debug?      ganeti-wconfd-configuration-debug?       ;Boolean
+               (default #f)))
+
+(define ganeti-wconfd-service
+  (match-lambda
+    (($ <ganeti-wconfd-configuration> ganeti no-voting? debug?)
+     (list (shepherd-service
+            (documentation "Run the Ganeti wconfd daemon.")
+            (provision '(ganeti-wconfd))
+            (requirement '(user-processes))
+
+            ;; This service will automatically disable itself when not
+            ;; running on the master node.  Don't attempt to restart it.
+            (respawn? #f)
+
+            (start #~(make-forkexec-constructor
+                      (list #$(file-append ganeti "/sbin/ganeti-wconfd")
+                            #$@(if no-voting?
+                                   #~("--no-voting" "--yes-do-it")
+                                   #~())
+                            #$@(if debug?
+                                   #~("--debug")
+                                   #~()))
+                      #:environment-variables
+                      '#$%default-ganeti-environment-variables
+                      #:pid-file "/var/run/ganeti/ganeti-wconfd.pid"))
+            (stop #~(make-kill-destructor)))))))
+
+(define ganeti-wconfd-service-type
+  (service-type (name 'ganeti-wconfd)
+                (extensions
+                 (list (service-extension shepherd-root-service-type
+                                          ganeti-wconfd-service)))
+                (default-value (ganeti-wconfd-configuration))
+                (description
+                 "@command{ganeti-wconfd} is the daemon that has authoritative
+knowledge about the configuration and is the only entity that can accept changes
+to it.  All jobs that need to modify the configuration will do so by sending
+appropriate requests to this daemon.")))
+
+(define (ganeti-wconfd-forced-service config)
+  (let ((ganeti (ganeti-wconfd-configuration-ganeti config)))
+    (list (shepherd-service
+           (documentation "Forcefully start the Ganeti wconfd daemon (dangerous!).")
+           (provision '(ganeti-wconfd-forced ganeti-wconfd))
+           (requirement '(user-processes))
+           (auto-start? #f)
+           (respawn? #f)
+           (start #~(make-forkexec-constructor
+                     (list #$(file-append ganeti "/sbin/ganeti-wconfd")
+                           "--force-node" "--no-voting" "--yes-do-it")
+                     #:environment-variables
+                     '#$%default-ganeti-environment-variables
+                     #:pid-file "/var/run/ganeti/ganeti-wconfd.pid"))
+           (stop #~(make-kill-destructor))))))
+
+(define ganeti-wconfd-forced-service-type
+  (service-type (name 'ganeti-force-wconfd)
+                (extensions
+                 (list (service-extension shepherd-root-service-type
+                                          ganeti-wconfd-forced-service)))
+                (default-value (ganeti-wconfd-configuration))
+                (description
+                 "This service will forcefully start the wconf daemon even
+on non-master nodes.  It is automatically and temporarily started in the event
+of a master-failover.  Do not start or enable this service manually unless you
+know exactly what you are doing!")))
+
+(define-record-type* <ganeti-luxid-configuration>
+  ganeti-luxid-configuration make-ganeti-luxid-configuration
+  ganeti-luxid-configuration?
+  (ganeti      ganeti-luxid-configuration-ganeti        ;<package>
+               (default ganeti))
+  (no-voting?  ganeti-luxid-configuration-no-voting?    ;Boolean
+               (default #f))
+  (debug?      ganeti-luxid-configuration-debug?        ;Boolean
+               (default #f)))
+
+(define ganeti-luxid-service
+  (match-lambda
+    (($ <ganeti-luxid-configuration> ganeti no-voting? debug?)
+     (list (shepherd-service
+            (documentation "Run the Ganeti LUXI daemon.")
+            (provision '(ganeti-luxid))
+            (requirement '(user-processes))
+
+            ;; This service will automatically disable itself when not
+            ;; running on the master node.  Don't attempt to restart it.
+            (respawn? #f)
+
+            (start #~(make-forkexec-constructor
+                      (list #$(file-append ganeti "/sbin/ganeti-luxid")
+                            #$@(if no-voting?
+                                   #~("--no-voting" "--yes-do-it")
+                                   #~())
+                            #$@(if debug?
+                                   #~("--debug")
+                                   #~()))
+                      #:environment-variables
+                      '#$%default-ganeti-environment-variables
+                      #:pid-file "/var/run/ganeti/ganeti-luxid.pid"))
+            (stop #~(make-kill-destructor)))))))
+
+(define ganeti-luxid-service-type
+  (service-type (name 'ganeti-luxid)
+                (extensions
+                 (list (service-extension shepherd-root-service-type
+                                          ganeti-luxid-service)))
+                (default-value (ganeti-luxid-configuration))
+                (description
+                 "@command{ganeti-luxid} is a daemon used to answer queries
+related to the configuration and the current live state of a Ganeti cluster.
+Additionally, it is the autorative daemon for the Ganeti job queue.  Jobs can
+be submitted via this daemon and it schedules and starts them.")))
+
+(define-record-type* <ganeti-rapi-configuration>
+  ganeti-rapi-configuration make-ganeti-rapi-configuration
+  ganeti-rapi-configuration?
+  (ganeti      ganeti-rapi-configuration-ganeti         ;<package>
+               (default ganeti))
+  (require-authentication?
+   ganeti-rapi-configuration-require-authentication?    ;Boolean
+   (default #f))
+  (port        ganeti-rapi-configuration-port           ;integer
+               (default 5080))
+  (address     ganeti-rapi-configuration-address        ;string
+               (default "0.0.0.0"))
+  (interface   ganeti-rapi-configuration-interface      ;string | #f
+               (default #f))
+  (max-clients ganeti-rapi-configuration-max-clients    ;integer
+               (default 20))
+  (ssl?        ganeti-rapi-configuration-ssl?           ;Boolean
+               (default #t))
+  (ssl-key     ganeti-rapi-configuration-ssl-key        ;string
+               (default "/var/lib/ganeti/server.pem"))
+  (ssl-cert    ganeti-rapi-configuration-ssl-cert       ;string
+               (default "/var/lib/ganeti/server.pem"))
+  (debug?      ganeti-rapi-configuration-debug?         ;Boolean
+               (default #f)))
+
+(define ganeti-rapi-service
+  (match-lambda
+    (($ <ganeti-rapi-configuration> ganeti require-authentication? port address
+                                    interface max-clients ssl? ssl-key ssl-cert
+                                    debug?)
+     (list (shepherd-service
+            (documentation "Run the Ganeti RAPI daemon.")
+            (provision '(ganeti-rapi))
+            (requirement '(user-processes networking))
+
+            ;; This service will automatically disable itself when not
+            ;; running on the master node.  Don't attempt to restart it.
+            (respawn? #f)
+
+            (start #~(make-forkexec-constructor
+                      (list #$(file-append ganeti "/sbin/ganeti-rapi")
+                            #$@(if require-authentication?
+                                   #~("--require-authentication")
+                                   #~())
+                            (string-append "--port=" (number->string #$port))
+                            (string-append "--bind=" #$address)
+                            #$@(if interface
+                                   #~((string-append "--interface=" #$interface))
+                                   #~())
+                            (string-append "--max-clients="
+                                           #$(number->string max-clients))
+                            #$@(if ssl?
+                                   #~((string-append "--ssl-key=" #$ssl-key)
+                                      (string-append "--ssl-cert=" #$ssl-cert))
+                                   #~("--no-ssl"))
+                            #$@(if debug?
+                                   #~("--debug")
+                                   #~()))
+                      #:environment-variables
+                      '#$%default-ganeti-environment-variables
+                      #:pid-file "/var/run/ganeti/ganeti-rapi.pid"))
+            (stop #~(make-kill-destructor)))))))
+
+(define ganeti-rapi-service-type
+  (service-type (name 'ganeti-rapi)
+                (extensions
+                 (list (service-extension shepherd-root-service-type
+                                          ganeti-rapi-service)))
+                (default-value (ganeti-rapi-configuration))
+                (description
+                 "@command{ganeti-rapi} is the daemon providing a remote API
+for Ganeti clusters.")))
+
+(define-record-type* <ganeti-kvmd-configuration>
+  ganeti-kvmd-configuration make-ganeti-kvmd-configuration
+  ganeti-kvmd-configuration?
+  (ganeti      ganeti-kvmd-configuration-ganeti         ;<package>
+               (default ganeti))
+  (debug?      ganeti-kvmd-configuration-debug?         ;Boolean
+               (default #f)))
+
+(define ganeti-kvmd-service
+  (match-lambda
+    (($ <ganeti-kvmd-configuration> ganeti debug?)
+     (list (shepherd-service
+            (documentation "Run the Ganeti KVM daemon.")
+            (provision '(ganeti-kvmd))
+            (requirement '(user-processes))
+
+            ;; This service will automatically disable itself when not
+            ;; needed.  Don't attempt to restart it.
+            (respawn? #f)
+
+            (start #~(make-forkexec-constructor
+                      (list #$(file-append ganeti "/sbin/ganeti-kvmd")
+                            #$@(if debug?
+                                   #~("--debug")
+                                   #~()))
+                      #:environment-variables
+                      '#$%default-ganeti-environment-variables
+                      #:pid-file "/var/run/ganeti/ganeti-kvmd.pid"))
+            (stop #~(make-kill-destructor)))))))
+
+(define ganeti-kvmd-service-type
+  (service-type (name 'ganeti-kvmd)
+                (extensions
+                 (list (service-extension shepherd-root-service-type
+                                          ganeti-kvmd-service)))
+                (default-value (ganeti-kvmd-configuration))
+                (description
+                 "@command{ganeti-kvmd} is responsible for determining whether
+a given KVM instance was shutdown by an administrator or a user.
+
+The KVM daemon monitors, using @code{inotify}, KVM instances through their QMP
+sockets, which are provided by KVM.  Using the QMP sockets, the KVM daemon
+listens for particular shutdown, powerdown, and stop events which will determine
+if a given instance was shutdown by the user or Ganeti, and this result is
+communicated to Ganeti via a special file in the filesystem.")))
+
+(define-record-type* <ganeti-mond-configuration>
+  ganeti-mond-configuration make-ganeti-mond-configuration
+  ganeti-mond-configuration?
+  (ganeti      ganeti-mond-configuration-ganeti         ;<package>
+               (default ganeti))
+  (port        ganeti-mond-configuration-port           ;integer | #f
+               (default 80))
+  (address     ganeti-mond-configuration-address        ;string
+               (default "0.0.0.0"))
+  (debug?      ganeti-mond-configuration-debug?         ;Boolean
+               (default #f)))
+
+(define ganeti-mond-service
+  (match-lambda
+    (($ <ganeti-mond-configuration> ganeti port address debug?)
+     (list (shepherd-service
+            (documentation "Run the Ganeti monitoring daemon.")
+            (provision '(ganeti-mond))
+            (requirement '(user-processes networking))
+            (respawn? #f)
+            (start #~(make-forkexec-constructor
+                      (list #$(file-append ganeti "/sbin/ganeti-mond")
+                            (string-append "--port=" (number->string #$port))
+                            (string-append "--bind=" #$address)
+                            #$@(if debug?
+                                   #~("--debug")
+                                   #~()))
+                      #:pid-file "/var/run/ganeti/ganeti-mond.pid"))
+            (stop #~(make-kill-destructor)))))))
+
+(define ganeti-mond-service-type
+  (service-type (name 'ganeti-mond)
+                (extensions
+                 (list (service-extension shepherd-root-service-type
+                                          ganeti-mond-service)))
+                (default-value (ganeti-mond-configuration))
+                (description
+                 "@command{ganeti-mond} is a daemon providing monitoring
+functionality.  It is responsible for running the data collectors and to
+provide the collected information through a HTTP interface.")))
+
+(define-record-type* <ganeti-metad-configuration>
+  ganeti-metad-configuration make-ganeti-metad-configuration
+  ganeti-metad-configuration?
+  (ganeti      ganeti-metad-configuration-ganeti        ;<package>
+               (default ganeti))
+  (port        ganeti-metad-configuration-port          ;integer | #f
+               (default 80))
+  (address     ganeti-metad-configuration-address       ;string | #f
+               (default #f))
+  (debug?      ganeti-metad-configuration-debug?        ;Boolean
+               (default #f)))
+
+(define ganeti-metad-service
+  (match-lambda
+    (($ <ganeti-metad-configuration> ganeti port address debug?)
+     (list (shepherd-service
+            (documentation "Run the Ganeti metadata daemon.")
+            (provision '(ganeti-metad))
+            (requirement '(user-processes networking))
+            (respawn? #f)
+            (start #~(make-forkexec-constructor
+                      (list #$(file-append ganeti "/sbin/ganeti-metad")
+                            (string-append "--port=" (number->string #$port))
+                            #$@(if address
+                                   #~((string-append "--bind=" #$address))
+                                   #~())
+                            #$@(if debug?
+                                   #~("--debug")
+                                   #~()))
+                      #:pid-file "/var/run/ganeti/ganeti-metad.pid"))
+            (stop #~(make-kill-destructor)))))))
+
+(define ganeti-metad-service-type
+  (service-type (name 'ganeti-metad)
+                (extensions
+                 (list (service-extension shepherd-root-service-type
+                                          ganeti-metad-service)))
+                (default-value (ganeti-metad-configuration))
+                (description
+                 "@command{ganeti-metad} is an optional daemon that can be
+used to pass information to OS install scripts or instances.")))
+
+(define-record-type* <ganeti-watcher-configuration>
+  ganeti-watcher-configuration make-ganeti-watcher-configuration
+  ganeti-watcher-configuration?
+  (ganeti        ganeti-watcher-configuration-ganeti        ;<package>
+                 (default ganeti))
+  (schedule      ganeti-watcher-configuration-schedule      ;list | string
+                 (default
+                   '(next-second-from
+                     ;; Run every five minutes.
+                     (next-minute (range 0 60 5)))))
+  (rapi-ip       ganeti-watcher-configuration-rapi-ip       ;#f | string
+                 (default #f))
+  (job-age       ganeti-watcher-configuration-job-age       ;integer
+                 (default (* 6 3600)))
+  (verify-disks? ganeti-watcher-configuration-verify-disks? ;Boolean
+                 (default #t))
+  (debug?        ganeti-watcher-configuration-debug?        ;Boolean
+                 (default #f)))
+
+(define ganeti-watcher-command
+  (match-lambda
+    (($ <ganeti-watcher-configuration> ganeti _ rapi-ip job-age verify-disks?
+                                       debug?)
+     #~(lambda ()
+         (system* #$(file-append ganeti "/sbin/ganeti-watcher")
+                  #$@(if rapi-ip
+                         #~(string-append "--rapi-ip=" #$rapi-ip)
+                         #~())
+                  (string-append "--job-age=" (number->string #$job-age))
+                  #$@(if verify-disks?
+                         #~()
+                         #~("--no-verify-disks"))
+                  #$@(if debug?
+                         #~("--debug")
+                         #~()))))))
+
+(define (ganeti-watcher-jobs config)
+  (match config
+    (($ <ganeti-watcher-configuration> _ schedule)
+     (list
+      #~(job #$@(match schedule
+                  ((? string?)
+                   #~(#$schedule))
+                  ((? list?)
+                   #~('#$schedule)))
+             #$(ganeti-watcher-command config))))))
+
+(define ganeti-watcher-service-type
+  (service-type (name 'ganeti-watcher)
+                (extensions
+                 (list (service-extension mcron-service-type
+                                          ganeti-watcher-jobs)))
+                (default-value (ganeti-watcher-configuration))
+                (description
+                 "@command{ganeti-watcher} is a periodically run script that
+performs a number of maintenance actions on the cluster.  It will automatically
+restart instances that are marked as ERROR_down, i.e., instances that should be
+running, but are not; and it will also try to repair DRBD links in case a
+secondary node has rebooted.  In addition it is responsible for archiving old
+cluster jobs, and it will restart any down Ganeti daemons that are appropriate
+for the current node.  If the cluster parameter @code{maintain_node_health} is
+enabled, the watcher will also shutdown instances and DRBD devices if the node
+is declared offline by known master candidates.")))
+
+(define-record-type* <ganeti-cleaner-configuration>
+  ganeti-cleaner-configuration make-ganeti-cleaner-configuration
+  ganeti-cleaner-configuration?
+  (ganeti          ganeti-cleaner-configuration-ganeti          ;<package>
+                   (default ganeti))
+  (master-schedule ganeti-cleaner-configuration-master-schedule ;list | string
+                   ;; Run the master cleaner at 01:45 every day.
+                   (default "45 1 * * *"))
+  (node-schedule ganeti-cleaner-configuration-node-schedule     ;list | string
+                   ;; Run the node cleaner at 02:45 every day.
+                   (default "45 2 * * *")))
+
+(define ganeti-cleaner-jobs
+  (match-lambda
+    (($ <ganeti-cleaner-configuration> ganeti master-schedule node-schedule)
+     (list
+      #~(job #$@(match master-schedule
+                  ((? string?)
+                   #~(#$master-schedule))
+                  ((? list?)
+                   #~('#$master-schedule)))
+             (lambda ()
+              (system* #$(file-append ganeti "/sbin/ganeti-cleaner")
+                       "master")))
+      #~(job #$@(match node-schedule
+                  ((? string?)
+                   #~(#$node-schedule))
+                  ((? list?)
+                   #~('#$node-schedule)))
+             (lambda ()
+               (system* #$(file-append ganeti "/sbin/ganeti-cleaner")
+                        "node")))))))
+
+(define ganeti-cleaner-service-type
+  (service-type (name 'ganeti-cleaner)
+                (extensions
+                 (list (service-extension mcron-service-type
+                                          ganeti-cleaner-jobs)))
+                (default-value (ganeti-cleaner-configuration))
+                (description
+                 "@command{ganeti-cleaner} is a script that removes old files
+from the cluster.  When called with @code{node} as argument it removes expired
+X509 certificates and keys from @file{/var/run/ganeti/crypto}, as well as
+outdated @command{ganeti-watcher} information.
+
+When called with @code{master} as argument, it instead removes files older
+than 21 days from @file{/var/lib/ganeti/queue/archive}.")))
+
+(define-record-type* <ganeti-configuration>
+  ganeti-configuration make-ganeti-configuration
+  ganeti-configuration?
+  (ganeti                 ganeti-configuration-ganeti
+                          (default ganeti))
+  (noded-configuration    ganeti-configuration-noded-configuration
+                          (default (ganeti-noded-configuration)))
+  (confd-configuration    ganeti-configuration-confd-configuration
+                          (default (ganeti-confd-configuration)))
+  (wconfd-configuration   ganeti-configuration-wconfd-configuration
+                          (default (ganeti-wconfd-configuration)))
+  (luxid-configuration    ganeti-configuration-luxid-configuration
+                          (default (ganeti-luxid-configuration)))
+  (rapi-configuration     ganeti-configuration-rapi-configuration
+                          (default (ganeti-rapi-configuration)))
+  (kvmd-configuration     ganeti-configuration-kvmd-configuration
+                          (default (ganeti-kvmd-configuration)))
+  (mond-configuration     ganeti-configuration-mond-configuration
+                          (default (ganeti-mond-configuration)))
+  (watcher-configuration  ganeti-configuration-watcher-configuration
+                          (default (ganeti-watcher-configuration)))
+  (cleaner-configuration  ganeti-configuration-cleaner-configuration
+                          (default (ganeti-cleaner-configuration)))
+  (file-storage-paths     ganeti-configuration-file-storage-paths ;list of strings | gexp
+                          (default '()))
+  (os                     ganeti-configuration-os  ;list of <ganeti-os>
+                          (default '())))
+
+(define (ganeti-activation config)
+  (with-imported-modules '((guix build utils))
+    #~(begin
+        (use-modules (guix build utils))
+        (for-each mkdir-p
+                  '("/var/log/ganeti"
+                    "/var/log/ganeti/kvm"
+                    "/var/log/ganeti/os"
+                    "/var/lib/ganeti/rapi"
+                    "/var/lib/ganeti/queue"
+                    "/var/lib/ganeti/queue/archive"
+                    "/var/run/ganeti/bdev-cache"
+                    "/var/run/ganeti/crypto"
+                    "/var/run/ganeti/socket"
+                    "/var/run/ganeti/instance-disks"
+                    "/var/run/ganeti/instance-reason"
+                    "/var/run/ganeti/livelocks")))))
+
+(define ganeti-shepherd-services
+  (match-lambda
+    (($ <ganeti-configuration> _ noded confd wconfd luxid rapi kvmd mond)
+     (append (ganeti-noded-service noded)
+             (ganeti-confd-service confd)
+             (ganeti-wconfd-service wconfd)
+             (ganeti-luxid-service luxid)
+             (ganeti-rapi-service rapi)
+             (ganeti-kvmd-service kvmd)
+             (ganeti-mond-service mond)))))
+
+(define ganeti-mcron-jobs
+  (match-lambda
+    (($ <ganeti-configuration> _ _ _ _ _ _ _ _ watcher cleaner)
+     (append (ganeti-watcher-jobs watcher)
+             (ganeti-cleaner-jobs cleaner)))))
+
+(define-record-type* <ganeti-os>
+  ganeti-os make-ganeti-os ganeti-os?
+  (name ganeti-os-name)                 ;string
+  (variants ganeti-os-variants          ;list of <ganeti-os-variant>
+            (default '())))
+
+(define-record-type* <ganeti-os-variant>
+  ganeti-os-variant make-ganeti-os-variant ganeti-os-variant?
+  (name ganeti-os-variant-name)                    ;string
+  (configuration ganeti-os-variant-configuration)) ;record
+
+(define %default-debootstrap-extra-pkgs
+  ;; Packages suitable for a fully virtualized KVM guest.
+  '("acpi-support-base" "udev" "linux-image-amd64" "openssh-server"
+    "locales-all" "grub-pc"))
+
+(define-record-type* <debootstrap-configuration>
+  debootstrap-configuration make-debootstrap-configuration
+  debootstrap-configuration?
+  ;; This option is treated specially and can be either a gexp or a
+  ;; list of (name . file-like) pairs.
+  (hooks debootstrap-configuration-hooks
+                 (default #f))
+  (proxy debootstrap-configuration-proxy (default #f))         ;#f | string
+  (mirror debootstrap-configuration-mirror                     ;#f | string
+          (default #f))
+  (arch debootstrap-configuration-arch (default #f))           ;#f | string
+  (suite debootstrap-configuration-suite                       ;#f | string
+         (default "stable"))
+  (extra-pkgs debootstrap-configuration-extra-pkgs             ;list of strings
+              (default %default-debootstrap-extra-pkgs))
+  (components debootstrap-configuration-components             ;list of strings
+              (default '()))
+  (generate-cache? debootstrap-configuration-generate-cache?   ;Boolean
+                   (default #t))
+  (clean-cache debootstrap-configuration-clean-cache           ;#f | integer
+               (default 14))
+  (partition-style debootstrap-configuration-partition-style   ;#f | symbol | string
+                   (default 'msdos))
+  (partition-alignment debootstrap-configuration-partition-alignment ;#f | integer
+                       (default 2048)))
+
+(define (hooks->directory hooks)
+  (match hooks
+    ((? file-like?)
+     hooks)
+    ((? list?)
+     (let ((names (map car hooks))
+           (files (map cdr hooks)))
+       (with-imported-modules '((guix build utils))
+         (computed-file "hooks-union"
+                        #~(begin
+                            (use-modules (guix build utils)
+                                         (ice-9 match))
+                            (mkdir-p #$output)
+                            (with-directory-excursion #$output
+                              (for-each (match-lambda
+                                          ((name hook)
+                                           (let ((file-name (string-append
+                                                             #$output "/"
+                                                             (symbol->string name))))
+                                             ;; Copy to the destination to ensure
+                                             ;; the file is executable.
+                                             (copy-file hook file-name)
+                                             (chmod file-name #o555))))
+                                        '#$(zip names files))))))))
+    (_ #f)))
+
+(define-gexp-compiler (debootstrap-configuration-compiler
+                       (file <debootstrap-configuration>) system target)
+  (match file
+    (($ <debootstrap-configuration> hooks proxy mirror arch suite extra-pkgs
+                                    components generate-cache? clean-cache
+                                    partition-style partition-alignment)
+     (let ((customize-dir (hooks->directory hooks)))
+       (gexp->derivation
+        "debootstrap-variant"
+        #~(call-with-output-file (ungexp output "out")
+            (lambda (port)
+              (display
+               (string-append
+                (ungexp-splicing
+                 `(,@(if proxy
+                          `("PROXY=" ,proxy "\n")
+                          '())
+                    ,@(if mirror
+                          `("MIRROR=" ,mirror "\n")
+                          '())
+                    ,@(if arch
+                          `("ARCH=" ,arch "\n")
+                          '())
+                    ,@(if suite
+                          `("SUITE=" ,suite "\n")
+                          '())
+                    ,@(if (not (null? extra-pkgs))
+                          `("EXTRA_PKGS=" ,(string-join extra-pkgs ",") "\n")
+                          '())
+                    ,@(if (not (null? components))
+                          `("COMPONENTS=" ,(string-join components ",") "\n")
+                          '())
+                    ,@(if customize-dir
+                          `("CUSTOMIZE_DIR=" ,customize-dir "\n")
+                          '())
+                    ,@(if generate-cache?
+                          '("GENERATE_CACHE=yes\n")
+                          '("GENERATE_CACHE=no\n"))
+                    ,@(if clean-cache
+                          `("CLEAN_CACHE=" ,(number->string clean-cache) "\n")
+                          '())
+                    ,@(if partition-style
+                          (if (symbol? partition-style)
+                              `("PARTITION_STYLE="
+                                ,(symbol->string partition-style) "\n")
+                              `("PARTITION_STYLE=" ,partition-style "\n"))
+                          '())
+                    ,@(if partition-alignment
+                          `("PARTITION_ALIGNMENT="
+                            ,(number->string partition-alignment) "\n")
+                          '()))))
+               port)))
+        #:local-build? #t)))))
+
+(define* (debootstrap-variant name
+                              #:optional
+                              (configuration (debootstrap-configuration)))
+  (ganeti-os-variant
+   (name name)
+   (configuration configuration)))
+
+(define ganeti-os-variant->configuration
+  (match-lambda
+    (($ <ganeti-os-variant> name configuration)
+     configuration)))
+
+(define (ganeti-os->directory os)
+  "Return the derivation to build the configuration directory to be installed
+in /etc/ganeti/instance-$os for OS."
+  (let* ((name     (ganeti-os-name os))
+         (variants (ganeti-os-variants os))
+         (names    (map ganeti-os-variant-name variants))
+         (configs  (map ganeti-os-variant->configuration variants)))
+    (with-imported-modules '((guix build utils))
+      (define builder
+        #~(begin
+            (use-modules (guix build utils)
+                         (ice-9 match)
+                         (srfi srfi-1))
+            (mkdir-p #$output)
+            (unless (null? '#$names)
+              (let ((variants-dir (string-append #$output "/variants")))
+                (mkdir-p variants-dir)
+                (call-with-output-file (string-append variants-dir "/variants.list")
+                  (lambda (port)
+                    (format port (string-join '#$names "\n"))))
+                (for-each (match-lambda
+                            ((name file)
+                             (symlink file
+                                      (string-append variants-dir "/" name ".conf"))))
+
+                          '#$(zip names configs))))))
+
+      (computed-file (string-append name "-os") builder))))
+
+(define (ganeti-directory file-storage-file os)
+  (let ((dirs (map ganeti-os->directory os))
+        (names (map ganeti-os-name os)))
+    (with-imported-modules '((guix build utils))
+      (define builder
+        #~(begin
+            (use-modules (guix build utils)
+                         (ice-9 match))
+            (mkdir-p #$output)
+            (when #$file-storage-file
+              (symlink #$file-storage-file
+                       (string-append #$output "/file-storage-paths")))
+            (for-each (match-lambda
+                        ((name dest)
+                         (symlink dest
+                                  (string-append #$output "/instance-" name))))
+                      '#$(zip names dirs))))
+      (computed-file "etc-ganeti" builder))))
+
+(define (file-storage-file paths)
+  (match paths
+    ((? null?) #f)
+    ((? list?) (plain-file
+                "file-storage-paths"
+                (string-join paths "\n")))
+    (_ paths)))
+
+(define (ganeti-etc-service config)
+  (list `("ganeti" ,(ganeti-directory
+                     (file-storage-file
+                      (ganeti-configuration-file-storage-paths config))
+                     (ganeti-configuration-os config)))))
+
+(define ganeti-service-type
+  (service-type (name 'ganeti)
+                (extensions
+                 (list (service-extension activation-service-type
+                                          ganeti-activation)
+                       (service-extension shepherd-root-service-type
+                                          ganeti-shepherd-services)
+                       (service-extension etc-service-type
+                                          ganeti-etc-service)
+                       (service-extension profile-service-type
+                                          (compose list ganeti-configuration-ganeti))
+                       (service-extension mcron-service-type
+                                          ganeti-mcron-jobs)))
+                (default-value (ganeti-configuration))
+                (description
+                 "Ganeti is a family of services that are designed to run
+on a fleet of machines and facilitate deployment and maintenance of virtual
+servers (@dfn{instances}).  It can migrate instances between nodes, automatically
+restart failed instances, evacuate nodes, and much more.")))
diff --git a/gnu/tests/virtualization.scm b/gnu/tests/virtualization.scm
index fbdec20805..47415aa701 100644
--- a/gnu/tests/virtualization.scm
+++ b/gnu/tests/virtualization.scm
@@ -1,5 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2017 Christopher Baines <mail@cbaines.net>
+;;; Copyright © 2020 Marius Bakke <marius@gnu.org>.
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -17,6 +18,7 @@
 ;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
 
 (define-module (gnu tests virtualization)
+  #:use-module (gnu)
   #:use-module (gnu tests)
   #:use-module (gnu system)
   #:use-module (gnu system file-systems)
@@ -24,11 +26,13 @@
   #:use-module (gnu services)
   #:use-module (gnu services dbus)
   #:use-module (gnu services networking)
+  #:use-module (gnu services ssh)
   #:use-module (gnu services virtualization)
   #:use-module (gnu packages virtualization)
   #:use-module (guix gexp)
   #:use-module (guix store)
-  #:export (%test-libvirt))
+  #:use-module (ice-9 format)
+  #:export (%test-libvirt %test-ganeti-kvm %test-ganeti-lxc))
 
 (define %libvirt-os
   (simple-operating-system
@@ -93,3 +97,172 @@
    (name "libvirt")
    (description "Connect to the running LIBVIRT service.")
    (value (run-libvirt-test))))
+
+(define %debootstrap-os-hooks
+  `((test-hook . ,(plain-file "debootstrap-hook"
+                             "#!/bin/sh\nexit 0"))))
+(define %ganeti-os
+  (operating-system
+    (host-name "gnt1")
+    (timezone "Europe/Oslo")
+    (locale "en_US.UTF-8")
+
+    (bootloader (bootloader-configuration
+                 (bootloader grub-bootloader)
+                 (target "/dev/vda")))
+    (file-systems (cons (file-system
+                          (device (file-system-label "my-root"))
+                          (mount-point "/")
+                          (type "ext4"))
+                        %base-file-systems))
+    (firmware '())
+
+    ;; The hosts file must contain a nonlocal IP for host-name.
+    ;; In addition, the cluster name must resolve to an IP address that
+    ;; is not currently provisioned.
+    (hosts-file (plain-file "hosts" (format #f "
+127.0.0.1       localhost
+10.0.2.2        gnt1
+192.168.254.254 ganeti.local
+")))
+
+    (packages (append (list ganeti-instance-debootstrap)
+                      %base-packages))
+    (services
+     (append (list (static-networking-service "eth0" "10.0.2.2"
+                                              #:netmask "255.255.255.0"
+                                              #:gateway "10.0.2.1"
+                                              #:name-servers '("10.0.2.1"))
+
+                   (service openssh-service-type
+                            (openssh-configuration
+                             (permit-root-login 'without-password)))
+
+                   (service ganeti-service-type
+                            (ganeti-configuration
+                             (file-storage-paths
+                              '("/srv/ganeti/file-storage"))
+                             (os
+                              (list (ganeti-os
+                                     (name "debootstrap")
+                                     (variants
+                                      (list (debootstrap-variant
+                                             "buster"
+                                             (debootstrap-configuration
+                                              (hooks %debootstrap-os-hooks)))))))))))
+             %base-services))))
+
+(define* (run-ganeti-test hypervisor #:key
+                          (master-netdev "eth0")
+                          (hvparams '())
+                          (extra-packages '()))
+  "Run tests in %GANETI-OS."
+  (define os
+    (marionette-operating-system
+     (operating-system
+       (inherit %ganeti-os)
+       (packages (append extra-packages
+                         (operating-system-packages %ganeti-os))))
+     #:imported-modules '((gnu services herd)
+                          (guix combinators))))
+
+  (define vm
+    (virtual-machine
+     (operating-system os)
+     ;; Some of the daemons are fairly memory-hungry.
+     (memory-size 512)
+     (port-forwardings '((5080 . 5080)))))
+
+  (define test
+    (with-imported-modules '((gnu build marionette))
+      #~(begin
+          (use-modules (srfi srfi-11) (srfi srfi-64)
+                       (gnu build marionette))
+
+          (define marionette
+            (make-marionette (list #$vm)))
+
+          (mkdir #$output)
+          (chdir #$output)
+
+          (test-begin "ganeti")
+
+          ;; Ganeti uses the Shepherd to start/stop daemons, so make sure
+          ;; it is ready before we begin.  It takes a while because all
+          ;; Ganeti daemons fail to start initially.
+          (test-assert "shepherd is ready"
+            (wait-for-unix-socket "/var/run/shepherd/socket" marionette))
+
+          (test-eq "gnt-cluster init"
+            0
+            (marionette-eval
+             '(begin
+                (setenv
+                 "PATH"
+                 ;; Init needs to run 'ssh-keygen', 'ip', etc.
+                 "/run/current-system/profile/sbin:/run/current-system/profile/bin")
+                (system* #$(file-append ganeti "/sbin/gnt-cluster") "init"
+                         (string-append "--master-netdev=" #$master-netdev)
+                         ;; TODO: Enable more disk backends.
+                         "--enabled-disk-templates=file"
+                         (string-append "--enabled-hypervisors="
+                                        #$hypervisor)
+                         ;; Set kernel_path to an empty string to prevent
+                         ;; 'gnt-cluster verify' from testing for its presence.
+                         (string-append "--hypervisor-parameters="
+                                        #$hypervisor ":"
+                                        (string-join '#$hvparams "\n"))
+                         ;; Set the default NIC mode to 'routed' to avoid having to
+                         ;; configure a full bridge to placate 'gnt-cluster verify'.
+                         "--nic-parameters=mode=routed,link=eth0"
+                         "ganeti.local"))
+             marionette))
+
+          (test-eq "gnt-cluster verify"
+            0
+            (marionette-eval
+             '(begin
+                (system* #$(file-append ganeti "/sbin/gnt-cluster") "verify"))
+             marionette))
+
+          (test-equal "gnt-os list"
+            "debootstrap+buster"
+            (marionette-eval
+             '(begin
+                (use-modules (ice-9 popen) (ice-9 rdelim))
+                (let* ((port (open-pipe*
+                              OPEN_READ
+                              (string-append #$ganeti "/sbin/gnt-os")
+                              "list" "--no-headers"))
+                       (output (read-line port)))
+                  (close-pipe port)
+                  output))
+             marionette))
+
+          (test-eq "gnt-cluster destroy"
+            0
+            (marionette-eval
+             '(begin
+                (system* #$(file-append ganeti "/sbin/gnt-cluster")
+                         "destroy" "--yes-do-it"))
+             marionette))
+
+          (test-end)
+          (exit (= (test-runner-fail-count (test-runner-current)) 0)))))
+
+  (gexp->derivation (string-append "ganeti-" hypervisor "-test") test))
+
+(define %test-ganeti-kvm
+  (system-test
+   (name "ganeti-kvm")
+   (description "Provision a Ganeti cluster using the KVM hypervisor.")
+   (value (run-ganeti-test "kvm"
+                           #:hvparams '("kernel_path=")
+                           #:extra-packages (list qemu)))))
+
+(define %test-ganeti-lxc
+  (system-test
+   (name "ganeti-lxc")
+   (description "Provision a Ganeti cluster using LXC as the hypervisor.")
+   (value (run-ganeti-test "lxc"
+                           #:extra-packages (list lxc)))))
-- 
2.27.0





  parent reply	other threads:[~2020-07-08 10:13 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-07-08 10:08 [bug#42261] [PATCH 0/4] Add Ganeti Marius Bakke
2020-07-08 10:11 ` [bug#42261] [PATCH 1/4] gnu: Add ganeti Marius Bakke
2020-07-08 10:11   ` [bug#42261] [PATCH 2/4] gnu: Add ganeti-instance-guix Marius Bakke
2020-07-08 10:11   ` [bug#42261] [PATCH 3/4] gnu: Add ganeti-instance-debootstrap Marius Bakke
2020-07-08 10:11   ` Marius Bakke [this message]
2020-07-10 20:58     ` [bug#42261] [PATCH 4/4] services: Add ganeti Ludovic Courtès
2020-07-11 21:54       ` Marius Bakke
2020-07-08 10:11   ` [bug#42261] [PATCH] website: Add draft of a Ganeti cluster post Marius Bakke
2020-07-10 21:05     ` Ludovic Courtès
2020-07-10 21:00   ` [bug#42261] [PATCH 1/4] gnu: Add ganeti Ludovic Courtès
2020-07-11 22:08     ` Marius Bakke
2020-07-13 10:32       ` Ludovic Courtès
2020-07-16 20:36         ` bug#42261: " Marius Bakke

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200708101118.3579-4-marius@gnu.org \
    --to=marius@gnu.org \
    --cc=42261@debbugs.gnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/guix.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.