issues with offloading

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

issues with offloading

From:	Ricardo Wurmus
Subject:	issues with offloading
Date:	Thu, 5 Feb 2015 11:54:54 +0100

Hi Guix,

I'm trying to set up offloading such that I can have a powerful build
host compile stuff for me when my workstation isn't strong enough.  I
bumped into a couple of issues while doing this, prompting me to write
this email to discuss what might be changed to improve this.

* lsh required

  The manual does not appear to mention that for offloading lsh is
  expected to be installed on the submitting host.  Since I only had
  OpenSSH installed (on the local workstation and the remote server) I
  decided to redefine %lsh-command and %lshg-command:

    (define %lsh-command "ssh")
    (define %lshg-command "ssh")

  When the command in these variables does not exist there is no error
  message at all.  I only discovered the issue because machine-load
  returned +inf.0 for every machine in the list (defined in
  /etc/guix/machines.scm) and looped indefinitely to find a suitable
  machine.

  Here are some recommendations:

  - make %lsh-command and %lshg-command configurable or mention in the
    documentation that lsh must be available in the PATH.

  - print an error message when "remote-pipe" fails due to not finding
    the command specified in %lsh-command / %lshg-command

  - only run once over the machines given in /etc/guix/machines.scm
    instead of looping indefinitely, or alternatively print the reason
    for skipping a machine (e.g. by stating that machine-load is +inf.0)

* does not work with unpriviledged user

  I assumed that all I needed was an SSH key for an unprivileged user on
  the remote machine in order to log on to the remote build host and
  talk to the local guix-daemon there.  However, we actually run Guile
  scripts on the remote instead of letting the privileged daemon perform
  known-to-be-safe commands.

  This is a problem with register-gc-root, for example.  It creates a
  directory in %state-directory where an unprivileged user likely has no
  write permissions.  This mkdir fails silently because register-gc-root
  does not bother checking the result of

    (false-if-exception (mkdir root-directory))

  When the root-directory (e.g. /var/guix/gcroots/tmp) cannot be created
  by the remote user running the guile script, the following (symlink
  ...) fails.

  Recommendations:

  - instead of sending a script to be executed by a remote Guile process
    running as the unprivileged SSH user it may make sense to bake this
    feature into the daemon.  The daemon has permissions on
    %state-directory anyway, while a regular user probably shouldn't.

  - check the return value of (false-if-exception (mkdir
    root-directory)), or do not use false-if-exception at all to fail
    right there when the directory should be created rather than failing
    when the symlink to a non-existing directory cannot be created.
    This would arguably result in a clearer error message.

This is as far as I got.  What do you think?

~~ Ricardo

[Prev in Thread]

Current Thread

[Next in Thread]

issues with offloading, Ricardo Wurmus <=
- Re: issues with offloading, Ludovic Courtès, 2015/02/05

Prev by Date: Re: missing input and more
Next by Date: Re: missing input and more
Previous by thread: missing input and more
Next by thread: Re: issues with offloading
Index(es):
- Date
- Thread