From mboxrd@z Thu Jan 1 00:00:00 1970 From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) Subject: New =?utf-8?Q?=E2=80=98guix_offload=E2=80=99?= build hook Date: Fri, 24 Jan 2014 00:18:15 +0100 Message-ID: <87a9emxp6w.fsf@gnu.org> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:40290) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1W6TcM-0000KU-PG for guix-devel@gnu.org; Thu, 23 Jan 2014 18:23:34 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1W6TcF-0005Ub-Ev for guix-devel@gnu.org; Thu, 23 Jan 2014 18:23:26 -0500 Received: from hera.aquilenet.fr ([141.255.128.1]:40161) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1W6TcE-0005UR-TN for guix-devel@gnu.org; Thu, 23 Jan 2014 18:23:19 -0500 Received: from localhost (localhost [127.0.0.1]) by hera.aquilenet.fr (Postfix) with ESMTP id 139201BCB for ; Fri, 24 Jan 2014 00:18:17 +0100 (CET) Received: from hera.aquilenet.fr ([127.0.0.1]) by localhost (hera.aquilenet.fr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 33NGm9JMfJ7A for ; Fri, 24 Jan 2014 00:18:16 +0100 (CET) Received: from pluto (reverse-83.fdn.fr [80.67.176.83]) by hera.aquilenet.fr (Postfix) with ESMTPSA id 9E4AE1BCA for ; Fri, 24 Jan 2014 00:18:16 +0100 (CET) List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org To: guix-devel@gnu.org Hi! Finally support for offloading builds to other Guix machines has landed! It=E2=80=99s still rough on the edges, but it does the job, and should allo= w us to start having more than one machine (and one architecture) building things. Yay! It requires Guile 2.0.10 (not yet released) though, and is not built when this prerequisite is missing. Below is the new documentation, for comments. The design is obviously similar to that of Nix=E2=80=99s remote build facility, but I think it=E2= =80=99s also more flexible (machine file, PKI, etc.) Future work: =E2=80=A2 Currently it connects to remote machine using GNU lsh, but I=E2= =80=99d like to switch to Guile-SSH, because that will provide finer control. =E2=80=A2 On IRC Mark rightfully pointed out that it would be nice to kee= p a signature of the machine that actually built an element (currently, signatures are checked and then discarded.) I realized they could actually easily be kept around in $localstatedir, and possibly reused as-is upon export. =E2=80=A2 Fixing bugs, FIXMEs, etc. Ludo=E2=80=99. 2.2.2 Using the Offload Facility -------------------------------- The build daemon can "offload" derivation builds to other machines running Guix, using the =E2=80=98offload=E2=80=99 "build hook". When that = feature is enabled, a list of user-specified build machines is read from =E2=80=98/etc/guix/machines.scm=E2=80=99; anytime a build is requested, for= instance via =E2=80=98guix build=E2=80=99, the daemon attempts to offload it to one of t= he machines that satisfies the derivation=E2=80=99s constraints, in particular its syst= em type=E2=80=94e.g., =E2=80=98x86_64-linux=E2=80=99. Missing prerequisites f= or the build are copied over SSH to the target machine, which then proceeds with the build; upon success the output(s) of the build are copied back to the initial machine. The =E2=80=98/etc/guix/machines.scm=E2=80=99 is=E2=80=94not surprisingly= !=E2=80=94a Scheme file whose return value must be a list of =E2=80=98build-machine=E2=80=99 objects. In= practice, it typically looks like this: (list (build-machine (name "eightysix.example.org") (system "x86_64-linux") (user "bob") (speed 2.)) ; incredibly fast! (build-machine (name "meeps.example.org") (system "mips64el-linux") (user "alice") (private-key (string-append (getenv "HOME") "/.ssh/id-rsa-for-guix")))) In the example above we specify a list of two build machines, one for the =E2=80=98x86_64=E2=80=99 architecture and one for the =E2=80=98mips64el= =E2=80=99 architecture. The compulsory fields for a =E2=80=98build-machine=E2=80=99 declaration are: =E2=80=98name=E2=80=99 The remote machine=E2=80=99s host name. =E2=80=98system=E2=80=99 The remote machine=E2=80=99s system type. =E2=80=98user=E2=80=99 The user account to use when connecting to the remote machine over SSH. Note that the SSH key pair must _not_ be passphrase-protected, to allow non-interactive logins. A number of optional fields may be optionally specified: =E2=80=98private-key=E2=80=99 The SSH private key file to use when connecting to the machine. =E2=80=98parallel-builds=E2=80=99 The number of builds that may run in parallel on the machine (1 by default.) =E2=80=98speed=E2=80=99 A =E2=80=9Crelative speed factor=E2=80=9D. The offload scheduler will= tend to prefer machines with a higher speed factor. =E2=80=98features=E2=80=99 A list of strings denoting specific features supported by the machine. An example is =E2=80=98"kvm"=E2=80=99 for machines that have= the KVM Linux modules and corresponding hardware support. Derivations can request features by name, and they will be scheduled on matching build machines. The =E2=80=98guix=E2=80=99 command must be in the search path on the bui= ld machines, since offloading works by invoking the =E2=80=98guix archive=E2=80=99 and = =E2=80=98guix build=E2=80=99 commands. There=E2=80=99s one last thing to do once =E2=80=98machines.scm=E2=80=99= is in place. As explained above, when offloading, files are transferred back and forth between the machine stores. For this to work, you need to generate a key pair to allow the daemon to export signed archives of files from the store (*note Invoking guix archive::): # guix archive --generate-key Thus, when receiving files, a machine=E2=80=99s build daemon can make sure = they are genuine, have not been tampered with, and that they are signed by an authorized key.