From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp1.migadu.com ([2001:41d0:1008:1e59::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms8.migadu.com with LMTPS id 0H2uOkYfe2UqmAAAkFu2QA (envelope-from ) for ; Thu, 14 Dec 2023 16:29:11 +0100 Received: from aspmx1.migadu.com ([2001:41d0:303:e224::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp1.migadu.com with LMTPS id YO7rM0Yfe2XCcgAA62LTzQ (envelope-from ) for ; Thu, 14 Dec 2023 16:29:10 +0100 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=iWR9uCTd; spf=pass (aspmx1.migadu.com: domain of "guix-science-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-science-bounces+larch=yhetil.org@gnu.org"; dmarc=pass (policy=none) header.from=gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1702567750; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=3o/CAaHhFAqM3GP7EtvNsA28emmv++/u/DHMh8+Hkkg=; b=jiscJWc8Do9tJeLyJx0L1KZGiq1u6zao/iq8+nVzgggJSJT6V1vz1IEdlTGoYcKsIhGGYg RIvFNw+Bs5Fe7F4Y7zptBUvJ7HCYLCVzmDYXI8cCFdqBwEBimkgw7O3mwBfm3MdSlyQCzj zS+YxMi5Sf/aQFh+++UzDAh3P5D5db4ozcnehNys6g5q8zISPFN1/NhBJSCxvO8ktt0ecy EvO972xyB1IRZfz3ZE7rKUEszlp2IDEr5WRgYfWX2ej+BFDSFxK0BfUbLBHjqrsk0FRbZQ RAZ7VbKytbTNIgEd2+F1LmCaKCOzaTEbUwVHj5mB5SQWZu6aMlX7JbJ8IZ99kQ== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1702567750; a=rsa-sha256; cv=none; b=GBXp9dMUZHB2gLl8Q7eUIGo8wupjRy39n/Y8ZFoTn6vqtzhEkrzIj0yV3adawLJKtC+kPS qduPIYclJt+7OaHnVR3iIINoiBPUHOAY1qg6PsxFGxQ0ohRvCMKZDinaaz8/owH8VfsnFB /Is4tOAvxx/RURBAiJjb1nZ+JV7uEDJQhreqoqpNGzDTs4ukWQjhtei3m2wguLBycWo/bf vAWpi9VHxFuZSEapBl8hvS9Cn578/z+n+h+QfAfpe00HT7smLvjXb4Akrogby7Xrr9p/QB udYWDXt1zswGWTTQaBk3R3WxQ3/7/Q+8Pie1wnff1YT2bB/kdKq/Iu1Faoh+Lg== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=iWR9uCTd; spf=pass (aspmx1.migadu.com: domain of "guix-science-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-science-bounces+larch=yhetil.org@gnu.org"; dmarc=pass (policy=none) header.from=gmail.com Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 97CE712B4B for ; Thu, 14 Dec 2023 16:29:10 +0100 (CET) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rDndo-0005UB-Jr; Thu, 14 Dec 2023 10:28:48 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rDndn-0005Tx-68; Thu, 14 Dec 2023 10:28:47 -0500 Received: from mail-pj1-x1036.google.com ([2607:f8b0:4864:20::1036]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rDndl-0004s7-E6; Thu, 14 Dec 2023 10:28:46 -0500 Received: by mail-pj1-x1036.google.com with SMTP id 98e67ed59e1d1-286f22c52c7so5815982a91.2; Thu, 14 Dec 2023 07:28:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1702567723; x=1703172523; darn=gnu.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=3o/CAaHhFAqM3GP7EtvNsA28emmv++/u/DHMh8+Hkkg=; b=iWR9uCTdc12DoBeHpQtZzIeV/c2FdJGaNDRsAsFXzbQFNFGc5orUm1s6Zi8SWHev2S ybanTzRdpiQQ4TJ4WPe1PHgv8wSo1KMeASCoTKKiOkx96vnHOpONxDwSvYWg7D+dwf8J yPLcGK/nSVdNitJDwFjwtPzpR57GDoxS+CI72gTZi02LgFnV9auuiZAvYH5wF4krDN7k MRzmHx7/6ALY7Wa3IwSpRhQba/WN/zCWO2TEZnzqU2UvzJX0+pOw02uvtt5rgPrubDW4 vLTt48i7ohGSdJYpLXcphswK2AQ5ITgvcfU7rZ9MIECHiArgetkBR8X4jdJD1ecC95es EDoA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1702567723; x=1703172523; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=3o/CAaHhFAqM3GP7EtvNsA28emmv++/u/DHMh8+Hkkg=; b=fqrD2wBknA+gxPnwd0b3WK41CaLxdLxE8rBH6kzeKvIj1EA5wRQPNOW26BZgxlwy8J ItuZUmfD8NcBDhzytk5ov4g4SEPmkmPDRPZcLKh3m52wBXgkLjlnGvSjEk9IatR7GZnH 3WduE5n5Vywzlhw/XMeU+bkW6M38X+Bo216A/jWqXYyMWnzWTAZ+CuV65YP0zaDlOHgA j3MF2YbvJ8X3dCmEGkm0g5x4ZuXCTX9wksuY/lYbU8w1VcrL/y/mue9nqBUc9omEVgKM bP57igfpOD76fhEYfsYDgMKf4viQ7QVB6OAYJ4moCqWkTEtw7XkJMtT/H5kwh/OMlaRf jujg== X-Gm-Message-State: AOJu0YzPuuumKnz8fOf4uT43kGIuiZjLR/EA9kVkkCgSJ9HdDAgdZZB+ CZbqJYdkCZAXAjZJ5Tnj/wu2b5g+OrzXdpLHJ1o= X-Google-Smtp-Source: AGHT+IFeEXzYF8okH2u7V0pb+JIpxbb3JTSgzSJti5v+DUx/Lau95lUlMU7Y0kYLntmZsvoJbKmvPhBLvzyFeUbTiLQ= X-Received: by 2002:a17:90a:b306:b0:28a:a89d:4e85 with SMTP id d6-20020a17090ab30600b0028aa89d4e85mr3435723pjr.63.1702567723161; Thu, 14 Dec 2023 07:28:43 -0800 (PST) MIME-Version: 1.0 References: <87pm00mxkg.fsf@lease-up.com> <87plz8alhc.fsf@mdc-berlin.de> In-Reply-To: <87plz8alhc.fsf@mdc-berlin.de> From: "Etienne B. Roesch" Date: Thu, 14 Dec 2023 15:28:31 +0000 Message-ID: Subject: Re: guix on nfs based systems To: Ricardo Wurmus Cc: Felix Lechner , help-guix@gnu.org, guix-science@gnu.org Content-Type: multipart/alternative; boundary="000000000000586c4b060c79f0a7" Received-SPF: pass client-ip=2607:f8b0:4864:20::1036; envelope-from=etienne.roesch@gmail.com; helo=mail-pj1-x1036.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guix-science@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-science-bounces+larch=yhetil.org@gnu.org Sender: guix-science-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US X-Migadu-Spam-Score: -9.51 X-Spam-Score: -9.51 X-Migadu-Queue-Id: 97CE712B4B X-Migadu-Scanner: mx12.migadu.com X-TUID: lQXykncbFjj9 --000000000000586c4b060c79f0a7 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Thanks a ton! I think we've arrived at the limit of how I understand the daemon to work, and GUIX_DAEMON_SOCKET. I think I understand that you are using a single node (hpc of sort I imagine), where users create sessions, and within which you provide the guix command, having set up GUIX_DAEMON_SOCKET to a unix-domain socket (to that same node / itself). That makes total sense in the context of the single node. Did I get that right? I think what we are aiming for, in our case (where users each have their own nodes as it were, only sharing network drives), is providing the guix command on each node, set up with GUIX_DAEMON_SOCKET connecting with ssh to a master node with a daemon, that itself would have access to the same network drives. The issue with profiles you are mentioning is interesting; I haven't quite thought it through yet. I think I would personally want users to be able to create profiles (for reproducibility reasons) but I guess it would work the same way with guix shells built from manifests, maybe slightly less easy to interact with, I don't know. Etienne On Thu, Dec 14, 2023 at 2:48=E2=80=AFPM Ricardo Wurmus wrote: > > "Etienne B. Roesch" writes: > > > Hiccups: we provide home dirs as nfs drives through the network. Using > guix, we are thinking of creating one nfs drive, shared by all > > users, to contain /var/guix and /gnu/store, symlinked from /. > > As I understand, that should work, until a user decides to run "guix gc= " > (which would clear wrongly assumed unused profiles) or maybe > > until a user decides to launch several vms (which is theoretically > possible, but doesn't happen often). > > I would strongly discourage the use of profiles in users=E2=80=99 home > directories. When introducing Guix we now only demo =E2=80=9Cguix shell= =E2=80=9D, which > is preferrable in most cases. =E2=80=9Cguix gc=E2=80=9D is problematic w= hen profile > links are in locations that the daemon cannot read. > > > Efraim suggested using a shared daemon ssh-ing GUIX_DAEMON_SOCKET. We > > would probably run this on a separate vm. We are however unsure how it > > would behave when /var/guix/daemon-socket/socket is itself on an nfs. > > We only export /var/guix/profiles, not anything else in /var/guix. > Using GUIX_DAEMON_SOCKET with a network port (make =E2=80=9Cguix-daemon= =E2=80=9D listen > on that port) is all we ever needed. > > -- > Ricardo Wurmus > > System administrator > BIMSB - Scientific Bioinformatics Platform > Max Delbrueck Center for Molecular Medicine > > email: ricardo.wurmus@mdc-berlin.de > tel: +49 30 9406 1796 > --000000000000586c4b060c79f0a7 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Thanks a ton!

I think we've arrived= at the limit of how I understand the daemon to work, and GUIX_DAEMON_SOCKE= T. I think I understand that you are using a single node (hpc of sort I ima= gine), where users create sessions, and within which you provide the guix c= ommand, having set up GUIX_DAEMON_SOCKET to a unix-domain socket (to that s= ame node / itself). That makes total=C2=A0sense in the context of the singl= e node. Did I get that right?

I think what we are = aiming for, in our case (where users each have their own nodes as it were, = only sharing network drives), is providing the guix command on each node, s= et up with GUIX_DAEMON_SOCKET connecting with ssh to a master node with a d= aemon, that itself would have=C2=A0access to the same network drives.
=

The issue with profiles you are mentioning is interesti= ng; I haven't quite thought it through yet. I think I would personally = want users to be able to create profiles (for reproducibility reasons) but = I guess it would work the same way with guix shells built from manifests, m= aybe slightly less easy to interact with, I don't know.

<= /div>
Etienne

On Thu, Dec 14, 2023 at 2:48=E2=80=AFPM Ricardo Wurm= us <ricardo.wurmus@mdc-b= erlin.de> wrote:

"Etienne B. Roesch" <etienne.roesch@gmail.com> writes:

> Hiccups: we provide home dirs as nfs drives through the network. Using= guix, we are thinking of creating one nfs drive, shared by all
> users, to contain /var/guix and /gnu/store, symlinked from /.
> As I understand, that should work, until a user decides to run "g= uix gc" (which would clear wrongly assumed unused profiles) or maybe > until a user decides to launch several vms (which is theoretically pos= sible, but doesn't happen often).

I would strongly discourage the use of profiles in users=E2=80=99 home
directories.=C2=A0 When introducing Guix we now only demo =E2=80=9Cguix she= ll=E2=80=9D, which
is preferrable in most cases.=C2=A0 =E2=80=9Cguix gc=E2=80=9D is problemati= c when profile
links are in locations that the daemon cannot read.

> Efraim suggested using a shared daemon ssh-ing GUIX_DAEMON_SOCKET. We<= br> > would probably run this on a separate vm. We are however unsure how it=
> would behave when /var/guix/daemon-socket/socket is itself on an nfs.<= br>
We only export /var/guix/profiles, not anything else in /var/guix.
Using GUIX_DAEMON_SOCKET with a network port (make =E2=80=9Cguix-daemon=E2= =80=9D listen
on that port) is all we ever needed.

--
Ricardo Wurmus

System administrator
BIMSB - Scientific Bioinformatics Platform
Max Delbrueck Center for Molecular Medicine

email: ri= cardo.wurmus@mdc-berlin.de
tel:=C2=A0 =C2=A0+49 30 9406 1796
--000000000000586c4b060c79f0a7--