[bug#43155] [PATCH] hydra//build-machines: Update childhurd-net-options

guix-patches

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug#43155] [PATCH] hydra//build-machines: Update childhurd-net-options

From:	Jan Nieuwenhuizen
Subject:	[bug#43155] [PATCH] hydra//build-machines: Update childhurd-net-options for secret-service.
Date:	Wed, 02 Sep 2020 07:58:13 +0200
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)

Ludovic Courtès writes:

Hi!

> Jan Nieuwenhuizen <janneke@gnu.org> skribis:
>
>> With bug https://bugs.gnu.org/43106 just closed we now have a nice way
>> to inject secrets into the Childhurds.
>>
>> Using the attached patch, which needs a fresh pull and reconfigure on
>> berlin (at least the nodes 101,102 that run Childhurds), we can create a
>> tree of childhurd secrets like so
>>
>> /etc/childhurd/etc/guix/signing-key.pub
>> /etc/childhurd/etc/guix/signing-key.sec
>> /etc/childhurd/etc/ssh/ssh_host_ed25519_key
>> /etc/childhurd/etc/ssh/ssh_host_ecdsa_key
>> /etc/childhurd/etc/ssh/ssh_host_ed25519_key.pub
>> /etc/childhurd/etc/ssh/ssh_host_ecdsa_key.pub
>>
>> ...and then we should be able to start offloading builds for the Hurd.
>
> Yup!  Probably we’ll create /etc/childhurd/HOST for each VM, so we also
> need to adjust <hurd-vm-configuration> accordingly, right?

Yes, we can add something like

      (secret-root (format #f "/etc/childhurd/~a" id))

to the

    (service hurd-vm-service-type
        (hurd-vm-configuration
          ...

(i'm a bit curious, though, why we would want to differentiate between
childhurds, they can be all identical?)

> (I realize that the current code will silently keep going if we forget
> to put the secret files in place; IOW, the service config doesn’t show
> the files we intended to push as secrets.  Oh well, we’ll see that
> later.)

Yes, I guess that's a feature -- "you" can start it once, then do
something like

    mkdir -p /etc/childhurd/etc
    scp -r childhurd:/etc/guix /etc/childhurd/etc
    scp -r childhurd:/etc/ssh /etc/childhurd/etc

>> (I guess we then also need to add a cuirass jobs for the Hurd?)
>
> Yes, or maybe just change ‘systems’ in the Cuirass specs for
> ‘guix-master’, but then it’ll try to build everything for GNU/Hurd,
> which doesn’t sound like a great idea for now.

I agree, not much sense in that yet.

> Perhaps we can simply add a separate jobset pulling from ‘master’ but
> building only for i586-gnu and only the “core” package set?

Hmm, why can't I find the definition of "core"?.  Anyway, It would be a
great first step to build (everything needef for) "hello", after that we
want to have/try "guile-3.0" and possibly "guix".

>>>From 6d1c388ed82c260af27b556c0677e780ee410b05 Mon Sep 17 00:00:00 2001
>> From: "Jan (janneke) Nieuwenhuizen" <janneke@gnu.org>
>> Date: Tue, 1 Sep 2020 16:31:42 +0200
>> Subject: [PATCH] hydra//build-machines: Update childhurd-net-options for
>>  secret-service.
>> Content-Transfer-Encoding: 8bit
>> Content-Type: text/plain; charset=UTF-8
>>
>> * hydra/modules/sysadmin/build-machines.scm (berlin-new-build-machine-os)
>> [childhurd-net-options]: Include secret-service local QEMU forwarding.
>> Use variables from (gnu services virtualization).
>
> LGTM, thanks!

Great, pushed to guix-maintenance as 04c0fc1ea110b82d6180bbc1b2f895e55e746cd8

Janneke

...after first pushing this -- Ooopss typo fix

>From 35dd1de08f1b812a22184e925b089ffc471c52de Mon Sep 17 00:00:00 2001
From: "Jan (janneke) Nieuwenhuizen" <janneke@gnu.org>
Date: Wed, 2 Sep 2020 07:52:13 +0200
Subject: [PATCH 1/2] hydra/build-machines: Oops, typo in
 childhurd-net-options.
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset=UTF-8

* hydra/modules/sysadmin/build-machines.scm (berlin-new-build-machine-os)
[childhurd-net-options]: Remove stray dot from parameter list.
---
 hydra/modules/sysadmin/build-machines.scm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hydra/modules/sysadmin/build-machines.scm 
b/hydra/modules/sysadmin/build-machines.scm
index b4afcbe..0a3e113 100644
--- a/hydra/modules/sysadmin/build-machines.scm
+++ b/hydra/modules/sysadmin/build-machines.scm
@@ -118,7 +118,7 @@ EMULATED-ARCHITECTURES, unless it's empty."
                        (mcron-configuration (jobs (list gc-job))))
               (operating-system-user-services %hurd-vm-operating-system)))))
 
-  (define (childhurd-net-options . config)
+  (define (childhurd-net-options config)
     "Expose SSH and VNC ports on 0.0.0.0; for first Childhurd VM those
 are 10022 and 15900."
     (let ((id 0))
-- 
Jan Nieuwenhuizen <janneke@gnu.org> | GNU LilyPond http://lilypond.org
Freelance IT http://JoyofSource.com | Avatar® http://AvatarAcademy.com

-- 
Jan Nieuwenhuizen <janneke@gnu.org> | GNU LilyPond http://lilypond.org
Freelance IT http://JoyofSource.com | Avatar® http://AvatarAcademy.com

[Prev in Thread]

Current Thread

[Next in Thread]

[bug#43155] [PATCH] hydra//build-machines: Update childhurd-net-options for secret-service., Jan Nieuwenhuizen, 2020/09/01
- [bug#43155] [PATCH] hydra//build-machines: Update childhurd-net-options for secret-service., Ludovic Courtès, 2020/09/01
  - [bug#43155] [PATCH] hydra//build-machines: Update childhurd-net-options for secret-service., Jan Nieuwenhuizen <=
    - [bug#43155] [PATCH] hydra//build-machines: Update childhurd-net-options for secret-service., Ludovic Courtès, 2020/09/02
    - [bug#43155] [PATCH] hydra//build-machines: Update childhurd-net-options for secret-service., Jan Nieuwenhuizen, 2020/09/03

Prev by Date: [bug#43106] [PATCH v3 2/2] services: childhurd: Support installing secrets from the host.
Next by Date: [bug#43159] [PATCH 0/2] Make 'guix help' helpful
Previous by thread: [bug#43155] [PATCH] hydra//build-machines: Update childhurd-net-options for secret-service.
Next by thread: [bug#43155] [PATCH] hydra//build-machines: Update childhurd-net-options for secret-service.
Index(es):
- Date
- Thread