From: Bruno Victal <mirai@makinata.eu>
To: "Ludovic Courtès" <ludo@gnu.org>
Cc: 60657@debbugs.gnu.org
Subject: bug#60657: Rethinking how service extensions work
Date: Tue, 9 May 2023 20:12:58 +0100 [thread overview]
Message-ID: <ef567f51-d348-bdc2-0f8e-f019cd3c7c92@makinata.eu> (raw)
In-Reply-To: <87pm9xy6xh.fsf@gnu.org>
Hi Ludo’,
On 2023-02-25 17:46, Ludovic Courtès wrote:
> Bruno Victal <mirai@makinata.eu> skribis:
>> In [1], the issue arises from using activation-service-type to create files/directories for services
>> when these should be either (1) shepherd one-shot services or moved into the 'start' procedure of the service.
>> 'activation-service-type' should only be used for doing things "listed on its label", that is, performing
>> actions at boot-time or after a system reconfigure.
>
> Right.
>
> As we once discussed on IRC, the conclusion to me is that some of the
> code currently implemented as activation snippets should rather be
> implemented either as part of the ‘start’ method of the corresponding
> Shepherd service, or as a one-shot Shepherd service that the main
> service would depend on.
I think moving them into the ‘start’ method is the best course of action.
I'm considering the following changes:
* Adding (gnu build activation) to %default-imported-modules + %default-modules in (gnu services shepherd).
I expect that mkdir-p/perms is going to be used frequently enough, using the number of activation-service
extensions in use as a rough estimate.
* Refactor the activation extensions into the ‘start’ method, where it makes sense to do so.
There's one issue I'm somewhat concerned about, consider the following snippet:
--8<---------------cut here---------------start------------->8---
(define log-directory "/var/log")
(define username "notroot")
(start
#~(lambda _
(mkdir-p/perms #$log-directory (getpw #$username) #o750)
...))
--8<---------------cut here---------------end--------------->8---
This is somewhat pitfall prone since you most likely don't want to chown /var/log to a non-root user.
I'm unsure what's the best course to take here, would a simple file-exist? check before mkdir-p/perms be sufficient?
In either case, with or without refactoring this issue is already present (but in activation-service extensions)
so it's no worse than the status quo.
>> (simple-service 'mount-overlayfs shepherd-root-service-type
>> (list (shepherd-service (requirement '(foo-mount))
>> (provision '(overlayfs-foo))
>> (documentation "Mount OverlayFS.")
>> (one-shot? #t)
>> (start (let ((util-linux (@ (gnu packages linux) util-linux)))
>> #~(lambda _
>> (system* #$(file-append util-linux "/bin/mount")
>> "-t" "overlay"
>> "-o" (string-append "noatime,nodev,noexec,ro,"
>> "lowerdir="
>> (string-join '("/srv/foo/overlays/top-layer"
>> "/srv/foo/overlays/layer2"
>> "/srv/foo/overlays/layer1"
>> "/media/foo-base") ":"))
>> "none" "/media/foo" )))))))
>
> Note that this should prolly be declared as a ‘file-system’ rather than
> as a custom service. That way, it would get a “standard” Shepherd
> service.
>
> There are cases where we add explicit dependencies on
> ‘file-system-/media/foo’ or similar. <file-system> has a ‘dependencies’
> field specifically for this purpose (info "(guix) File Systems").
>
> Would that work for you?
Unfortunately OverlayFS is filtered out from fstab by Guix (reported #60246) and the dependencies field IMO is too restrictive,
there should be a (sane) way to pass shepherd service symbols too. (for cases where a file system depends on 'networking or
depends on a particular interface e.g. NFS mount that uses a IPv6 link-local address)
Cheers,
Bruno
next prev parent reply other threads:[~2023-05-09 19:14 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-08 12:31 bug#60657: Rethinking how service extensions work Bruno Victal
2023-01-24 17:31 ` Bruno Victal
2023-02-25 17:46 ` Ludovic Courtès
2023-05-09 19:12 ` Bruno Victal [this message]
2023-05-10 19:57 ` Liliana Marie Prikler
2023-05-11 10:22 ` Ludovic Courtès
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ef567f51-d348-bdc2-0f8e-f019cd3c7c92@makinata.eu \
--to=mirai@makinata.eu \
--cc=60657@debbugs.gnu.org \
--cc=ludo@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.