From: Ricardo Wurmus <ricardo.wurmus@mdc-berlin.de>
To: guix-devel <guix-devel@gnu.org>
Subject: issues with offloading
Date: Thu, 5 Feb 2015 11:54:54 +0100 [thread overview]
Message-ID: <idj7fvw8w75.fsf@bimsb-sys02.mdc-berlin.net> (raw)
Hi Guix,
I'm trying to set up offloading such that I can have a powerful build
host compile stuff for me when my workstation isn't strong enough. I
bumped into a couple of issues while doing this, prompting me to write
this email to discuss what might be changed to improve this.
* lsh required
The manual does not appear to mention that for offloading lsh is
expected to be installed on the submitting host. Since I only had
OpenSSH installed (on the local workstation and the remote server) I
decided to redefine %lsh-command and %lshg-command:
(define %lsh-command "ssh")
(define %lshg-command "ssh")
When the command in these variables does not exist there is no error
message at all. I only discovered the issue because machine-load
returned +inf.0 for every machine in the list (defined in
/etc/guix/machines.scm) and looped indefinitely to find a suitable
machine.
Here are some recommendations:
- make %lsh-command and %lshg-command configurable or mention in the
documentation that lsh must be available in the PATH.
- print an error message when "remote-pipe" fails due to not finding
the command specified in %lsh-command / %lshg-command
- only run once over the machines given in /etc/guix/machines.scm
instead of looping indefinitely, or alternatively print the reason
for skipping a machine (e.g. by stating that machine-load is +inf.0)
* does not work with unpriviledged user
I assumed that all I needed was an SSH key for an unprivileged user on
the remote machine in order to log on to the remote build host and
talk to the local guix-daemon there. However, we actually run Guile
scripts on the remote instead of letting the privileged daemon perform
known-to-be-safe commands.
This is a problem with register-gc-root, for example. It creates a
directory in %state-directory where an unprivileged user likely has no
write permissions. This mkdir fails silently because register-gc-root
does not bother checking the result of
(false-if-exception (mkdir root-directory))
When the root-directory (e.g. /var/guix/gcroots/tmp) cannot be created
by the remote user running the guile script, the following (symlink
...) fails.
Recommendations:
- instead of sending a script to be executed by a remote Guile process
running as the unprivileged SSH user it may make sense to bake this
feature into the daemon. The daemon has permissions on
%state-directory anyway, while a regular user probably shouldn't.
- check the return value of (false-if-exception (mkdir
root-directory)), or do not use false-if-exception at all to fail
right there when the directory should be created rather than failing
when the symlink to a non-existing directory cannot be created.
This would arguably result in a clearer error message.
This is as far as I got. What do you think?
~~ Ricardo
next reply other threads:[~2015-02-05 10:55 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-02-05 10:54 Ricardo Wurmus [this message]
2015-02-05 22:39 ` issues with offloading Ludovic Courtès
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=idj7fvw8w75.fsf@bimsb-sys02.mdc-berlin.net \
--to=ricardo.wurmus@mdc-berlin.de \
--cc=guix-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.