02/02: doc: No longer suggest using 'degraded' mount options with Btrfs.
apteryx pushed a commit to branch master
in repository maintenance.
commit 67195e5a86bcde30b7bedd230eb1ba7be7e7bd8b
Author: Maxim Cournoyer
AuthorDate: Sun Jun 2 20:38:22 2024 -0400
doc: No longer suggest using 'degraded' mount options with Btrfs.
This is subject to racing of the devices, and may mount a perfectly
valid (but slow to appear) array as degraded.
* doc/infra-handbook.org (Btrfs compression and mount options): Remove
suggestion of using the 'degraded' mount option.
---
doc/infra-handbook.org | 11 +++
1 file changed, 3 insertions(+), 8 deletions(-)
diff --git a/doc/infra-handbook.org b/doc/infra-handbook.org
index b76275d..e85d68d 100644
--- a/doc/infra-handbook.org
+++ b/doc/infra-handbook.org
@@ -212,17 +212,12 @@ file system of choice for GNU/Linux-based Guix System
build machines.
** Btrfs compression and mount options
To get the most out of Btrfs, enabling zstd compression is
-recommended. When using RAID arrays, it can also be useful to use the
-~degraded~ mount option, otherwise the RAID could fail to assemble at
-boot if any drive part of the array has a problem. Here's an alist of
-recommended mount options, taken from
-file:../hydra/deploy-node-129.scm for a build machine when high
-availability is preferred over data safety (degraded):
+recommended. Here's an alist of recommended mount options, taken from
+file:../hydra/deploy-node-129.scm:
#+begin_src scheme
(define %common-btrfs-options '(("compress" . "zstd")
-("space_cache" . "v2")
-"degraded"))
+("space_cache" . "v2")))
#+end_src
** Btrfs balance mcron job
01/02: machines.rec: Register lieserl's IP address.
apteryx pushed a commit to branch master in repository maintenance. commit 663a7e8bf3d988d90ab2d3822e43663234e354e4 Author: Maxim Cournoyer AuthorDate: Sun Jun 2 20:37:56 2024 -0400 machines.rec: Register lieserl's IP address. --- hydra/machines.rec | 1 + 1 file changed, 1 insertion(+) diff --git a/hydra/machines.rec b/hydra/machines.rec index 08b8921..c3b4bb0 100644 --- a/hydra/machines.rec +++ b/hydra/machines.rec @@ -204,6 +204,7 @@ SystemType: aarch64-linux BaseSystem: Guix System Nickname: lieserl +Hostname: 10.0.0.14 Physical: Yes Vendor: SoftIron, OverDrive 1000 Location: Toulouse, France
branch master updated (bd08600 -> 67195e5)
apteryx pushed a change to branch master in repository maintenance. from bd08600 hydra: services: guix-packages-website: Work around startup failure. new 663a7e8 machines.rec: Register lieserl's IP address. new 67195e5 doc: No longer suggest using 'degraded' mount options with Btrfs. The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: doc/infra-handbook.org | 11 +++ hydra/machines.rec | 1 + 2 files changed, 4 insertions(+), 8 deletions(-)
branch master updated: website: Directly link the security mail address.
This is an automated email from the git hooks/post-receive script.
apteryx pushed a commit to branch master
in repository guix-artwork.
The following commit(s) were added to refs/heads/master by this push:
new 5b5bc6e website: Directly link the security mail address.
5b5bc6e is described below
commit 5b5bc6eaf737c60fa247e902e4d3fd7e12441388
Author: Jonathan Brielmaier
AuthorDate: Wed Feb 7 00:19:51 2024 +0100
website: Directly link the security mail address.
The guix-security list is private, so accessing to the mailman
interface is not useful (e.g., no public archives).
* website/apps/base/templates/security.scm (security-t): Use mailto
link directly.
Signed-off-by: Maxim Cournoyer
---
website/apps/base/templates/security.scm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/website/apps/base/templates/security.scm
b/website/apps/base/templates/security.scm
index d70218e..993cf5c 100644
--- a/website/apps/base/templates/security.scm
+++ b/website/apps/base/templates/security.scm
@@ -43,7 +43,7 @@ system|GNU Hurd|GNU Guix package manager|Security updates")
#\|)
`(p
"To report sensitive security issues in Guix itself or the
packages it provides, you can write to the private mailing list "
- (a (@ (href "https://lists.gnu.org/mailman/listinfo/guix-security;))
+ (a (@ (href "mailto:guix-secur...@gnu.org;))
("guix-secur...@gnu.org")) ". This list is monitored by a
small team of Guix developers."))
,(G_
branch main updated: tests: Adjust imports for Guix API change.
This is an automated email from the git hooks/post-receive script. apteryx pushed a commit to branch main in repository guix-cuirass. The following commit(s) were added to refs/heads/main by this push: new 42b55a1 tests: Adjust imports for Guix API change. 42b55a1 is described below commit 42b55a17df694ca94008aa76762d2cdc92b6b193 Author: Maxim Cournoyer AuthorDate: Wed May 15 21:42:48 2024 -0400 tests: Adjust imports for Guix API change. This is a follow-up to the previous commit. * tests/database.scm: Adjust imports. * tests/metrics.scm: Likewise. --- tests/database.scm | 2 +- tests/metrics.scm | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/database.scm b/tests/database.scm index fe476ab..ecd7ba9 100644 --- a/tests/database.scm +++ b/tests/database.scm @@ -30,7 +30,7 @@ ((cuirass logging) #:select (current-logging-level)) (tests common) (guix channels) - ((guix utils) #:select (call-with-temporary-output-file)) + ((guix build utils) #:select (call-with-temporary-output-file)) (rnrs io ports) (squee) (fibers) diff --git a/tests/metrics.scm b/tests/metrics.scm index 0561b08..c16f2df 100644 --- a/tests/metrics.scm +++ b/tests/metrics.scm @@ -20,7 +20,7 @@ (cuirass metrics) (cuirass utils) (tests common) - ((guix utils) #:select (call-with-temporary-output-file)) + ((guix build utils) #:select (call-with-temporary-output-file)) (squee) (srfi srfi-64))
branch main updated: scripts: Adjust for a Guix change of API.
This is an automated email from the git hooks/post-receive script.
apteryx pushed a commit to branch main
in repository guix-cuirass.
The following commit(s) were added to refs/heads/main by this push:
new bb84b8c scripts: Adjust for a Guix change of API.
bb84b8c is described below
commit bb84b8ca0ff228545e7e3fe1eb2afa3bd74a19be
Author: Maxim Cournoyer
AuthorDate: Wed May 15 21:13:04 2024 -0400
scripts: Adjust for a Guix change of API.
Since Guix commit 54be7795b5cc2f6cad05f8649121372c9d5af806 ("utils: Don’t
re-export ‘call-with-temporary-output-file’."),
`call-with-temporary-output-file' from (guix build utils) is no longer
re-exported from (guix utils).
* src/cuirass/scripts/remote-server.scm: Adjust imports.
---
src/cuirass/scripts/remote-server.scm | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/cuirass/scripts/remote-server.scm
b/src/cuirass/scripts/remote-server.scm
index 49b1869..fb4ffe3 100644
--- a/src/cuirass/scripts/remote-server.scm
+++ b/src/cuirass/scripts/remote-server.scm
@@ -39,9 +39,9 @@
store-protocol-error?
store-protocol-error-message))
#:use-module (guix ui)
- #:use-module ((guix utils)
-#:select (cache-directory call-with-temporary-output-file))
- #:use-module ((guix build utils) #:select (mkdir-p))
+ #:use-module ((guix utils) #:select (cache-directory))
+ #:use-module ((guix build utils) #:select (mkdir-p
+ call-with-temporary-output-file))
#:autoload (guix build download) (url-fetch)
#:autoload (gcrypt pk-crypto) (read-file-sexp)
#:use-module (simple-zmq)
branch master updated: berlin: Automate Debbugs rsync job for mumi.
This is an automated email from the git hooks/post-receive script. apteryx pushed a commit to branch master in repository maintenance. The following commit(s) were added to refs/heads/master by this push: new ce19490 berlin: Automate Debbugs rsync job for mumi. ce19490 is described below commit ce1949099d3947dc915710bcc7dab439a590b71f Author: Maxim Cournoyer AuthorDate: Thu Feb 1 14:16:48 2024 -0500 berlin: Automate Debbugs rsync job for mumi. * hydra/berlin.scm (rsync-debbugs-job): New variable. (services) [mcron-service-type]: Register it. Fixes: https://issues.guix.gnu.org/59180 --- hydra/berlin.scm | 16 +++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/hydra/berlin.scm b/hydra/berlin.scm index 4be6d5f..7b75d98 100644 --- a/hydra/berlin.scm +++ b/hydra/berlin.scm @@ -6,7 +6,7 @@ ;; Copyright © 2020, 2021 Florian Pelz ;; Copyright © 2020, 2021 Mathieu Othacehe ;; Copyright © 2021 Tobias Geerinckx-Rice -;; Copyright © 2022, 2023 Maxim Cournoyer +;; Copyright © 2022, 2023, 2024 Maxim Cournoyer ;; Copyright © 2023 Andreas Enge ;; Copyright © 2023 Arun Isaac ;; Released under the GNU GPLv3 or any later version. @@ -360,6 +360,17 @@ An incremental send is attempted if a PARENT snapshot is provided." (send-snapshot snapshot #:parent parent #:pipe #f)) +(define rsync-debbugs-job + #~(job '(next-minute (range 1 60 5)) + (lambda _ + (system* (string-append #$rsync "/bin/rsync") +"--delete" "-av" +"--timeout=120" ;2 minutes +"--password-file=/root/secrets/var-lib-debbugs.rsync" +"debbugs-...@debbugs.gnu.org::var-lib-debbugs" +"/var/mumi/data/")) + "Rsync Debbugs data")) + (define (anonip-service file) (service anonip-service-type (anonip-configuration @@ -444,6 +455,8 @@ An incremental send is attempted if a PARENT snapshot is provided." (device (uuid "43AE-6859" 'fat)) ;/dev/sdg2 (type "vfat")) %btrfs-pool-san;for convenience + ;; The root subvolume contains 'secrets' a directory + ;; for storing secrets in files. (btrfs-subvolume-mount "@root" "/") (btrfs-subvolume-mount "@cache" "/var/cache") (btrfs-subvolume-mount "@home" "/home") @@ -701,5 +714,6 @@ An incremental send is attempted if a PARENT snapshot is provided." (inherit config) (jobs (cons* btrfs-balance-job btrfs-send-job + rsync-debbugs-job (mcron-configuration-jobs config))
01/02: bayfront: Fix goggles-bot rotation bug.
apteryx pushed a commit to branch master in repository maintenance. commit c3ba2c3f4becdfd43dd3fc0dd67726c7d1448cee Author: Maxim Cournoyer AuthorDate: Thu Feb 1 13:23:30 2024 -0500 bayfront: Fix goggles-bot rotation bug. * hydra/goggles-bot.scm (log-to-file): Fix new day detection logic. Reported-by: Ricardo Wurmus --- hydra/goggles-bot.scm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hydra/goggles-bot.scm b/hydra/goggles-bot.scm index 6973259..42babc5 100755 --- a/hydra/goggles-bot.scm +++ b/hydra/goggles-bot.scm @@ -114,7 +114,7 @@ the current date as contained in TIME." (day (day-for-channel channel))) (when (or (not day) (not port) - (< day (tm:mday time))) + (not (= day (tm:mday time ;today is a new day ;; Day's over, finish the file. (when port (force-output port)
branch master updated (8c85e43 -> 30226ae)
apteryx pushed a change to branch master in repository maintenance. from 8c85e43 sysadmin: qa-frontpage: Update to 0-17.ee1ceae. new c3ba2c3 bayfront: Fix goggles-bot rotation bug. new 30226ae bayfront: Register self as admin. The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: hydra/bayfront.scm| 6 -- hydra/goggles-bot.scm | 2 +- 2 files changed, 5 insertions(+), 3 deletions(-)
02/02: bayfront: Register self as admin.
apteryx pushed a commit to branch master in repository maintenance. commit 30226aecca2a0f14151cd1d3c08f47227a88c7f0 Author: Maxim Cournoyer AuthorDate: Thu Feb 1 13:26:38 2024 -0500 bayfront: Register self as admin. * hydra/bayfront.scm (%sysadmins): Add Maxim Cournoyer. --- hydra/bayfront.scm | 6 -- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/hydra/bayfront.scm b/hydra/bayfront.scm index 17b0d69..56341de 100644 --- a/hydra/bayfront.scm +++ b/hydra/bayfront.scm @@ -38,8 +38,10 @@ (ssh-public-key (local-file "keys/ssh/mathieu.pub"))) (sysadmin (name "nckx") (full-name "Tobias Geerinckx-Rice") - (ssh-public-key (local-file "keys/ssh/nckx.pub") - + (ssh-public-key (local-file "keys/ssh/nckx.pub"))) +(sysadmin (name "maxim") + (full-name "Maxim Cournoyer") + (ssh-public-key (local-file "keys/ssh/maxim.pub") (define %nginx-deploy-hook ;; Hook that restarts nginx when a new certificate is deployed.
branch master updated: berlin: mumi-service-type: Use latest from guix.
This is an automated email from the git hooks/post-receive script. apteryx pushed a commit to branch master in repository maintenance. The following commit(s) were added to refs/heads/master by this push: new 2fe5928 berlin: mumi-service-type: Use latest from guix. 2fe5928 is described below commit 2fe5928322f917bbcf94b0617f235a1bcd4f044d Author: Maxim Cournoyer AuthorDate: Mon Jan 29 10:56:12 2024 -0500 berlin: mumi-service-type: Use latest from guix. * hydra/berlin.scm (services) [mumi-service-type]: Comment out mumi field, as the latest version is directly available in Guix. --- hydra/berlin.scm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hydra/berlin.scm b/hydra/berlin.scm index 00affd8..4be6d5f 100644 --- a/hydra/berlin.scm +++ b/hydra/berlin.scm @@ -602,7 +602,7 @@ An incremental send is attempted if a PARENT snapshot is provided." (service mumi-service-type (mumi-configuration - (mumi mumi-latest) + ;; (mumi mumi-latest) ;latest is currently in guix ;; The mailer is broken again. No pretty bug report ;; like <https://issues.guix.gnu.org/49295>, but it's ;; broken.
branch master updated: doc: Fix remaining evaluation hook example.
This is an automated email from the git hooks/post-receive script.
apteryx pushed a commit to branch master
in repository guix-cuirass.
The following commit(s) were added to refs/heads/master by this push:
new f63bd5e doc: Fix remaining evaluation hook example.
f63bd5e is described below
commit f63bd5ea6406086337d241db7d7ab1f6d872c934
Author: vicvbcun
AuthorDate: Tue Oct 17 12:54:21 2023 +0200
doc: Fix remaining evaluation hook example.
This is a follow-up to commit 0b63c3b6989af77d4e1c9a98dd25c8f26b37d930.
* doc/cuirass.texi (Triggering an Evaluation): Fix URL in example.
Signed-off-by: Maxim Cournoyer
---
doc/cuirass.texi | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/doc/cuirass.texi b/doc/cuirass.texi
index ea2b10e..c3e6c33 100644
--- a/doc/cuirass.texi
+++ b/doc/cuirass.texi
@@ -939,7 +939,7 @@ jobset, along these lines:
@example
wget --post-data="" -O /dev/null \
- https://cuirass.example.org/@var{jobset}/hooks/evaluate
+ https://cuirass.example.org/jobset/@var{jobset}/hook/evaluate
@end example
A good idea is to do that from the post-push hook of the relevant Git
branch master updated: doc: Fix evaluation hook URL example.
This is an automated email from the git hooks/post-receive script.
apteryx pushed a commit to branch master
in repository guix-cuirass.
The following commit(s) were added to refs/heads/master by this push:
new 0b63c3b doc: Fix evaluation hook URL example.
0b63c3b is described below
commit 0b63c3b6989af77d4e1c9a98dd25c8f26b37d930
Author: vicvbcun
AuthorDate: Sun Oct 8 02:04:55 2023 +0200
doc: Fix evaluation hook URL example.
* doc/cuirass.texi (Invocation): Fix URL in the example of the push hook.
Signed-off-by: Maxim Cournoyer
---
doc/cuirass.texi | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/doc/cuirass.texi b/doc/cuirass.texi
index 7e1737a..ea2b10e 100644
--- a/doc/cuirass.texi
+++ b/doc/cuirass.texi
@@ -561,7 +561,7 @@ example with a command along these lines:
@example
wget --post-data="" -O /dev/null \
- https://cuirass.example.org/@var{jobset}/hooks/evaluate
+ https://cuirass.example.org/jobset/@var{jobset}/hook/evaluate
@end example
You would typically run that command as a @dfn{push hook} on the servers
branch master updated: berlin: Add missing parenthesis.
This is an automated email from the git hooks/post-receive script. apteryx pushed a commit to branch master in repository maintenance. The following commit(s) were added to refs/heads/master by this push: new 0d86124 berlin: Add missing parenthesis. 0d86124 is described below commit 0d86124423b3469e208e212a0908e5a3e364da5d Author: Maxim Cournoyer AuthorDate: Wed May 24 20:08:46 2023 -0400 berlin: Add missing parenthesis. * hydra/berlin.scm (%sysadmins): Add missing closing parenthesis. --- hydra/berlin.scm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hydra/berlin.scm b/hydra/berlin.scm index e5aa73d..4ba2a11 100644 --- a/hydra/berlin.scm +++ b/hydra/berlin.scm @@ -66,7 +66,7 @@ (ssh-public-key (local-file "keys/ssh/arunisaac.pub"))) (sysadmin (name "efraim") (full-name "Efraim Flashner") - (ssh-public-key (local-file "keys/ssh/efraim.pub" + (ssh-public-key (local-file "keys/ssh/efraim.pub") (include "nginx/berlin.scm") (include "website.scm")
branch master updated: hydra: berlin: Factorize btrfs-send mcron job script.
This is an automated email from the git hooks/post-receive script. apteryx pushed a commit to branch master in repository maintenance. The following commit(s) were added to refs/heads/master by this push: new ed9fa32 hydra: berlin: Factorize btrfs-send mcron job script. ed9fa32 is described below commit ed9fa3216ffb41baf0bd255abaa8b0bf4e700a91 Author: Maxim Cournoyer AuthorDate: Fri May 19 17:18:07 2023 -0400 hydra: berlin: Factorize btrfs-send mcron job script. * hydra/berlin.scm (btrfs-send-job): Break the script into smaller procedures to improve readability. --- hydra/berlin.scm | 85 +++- 1 file changed, 54 insertions(+), 31 deletions(-) diff --git a/hydra/berlin.scm b/hydra/berlin.scm index 2f22f74..9e036ef 100644 --- a/hydra/berlin.scm +++ b/hydra/berlin.scm @@ -266,51 +266,67 @@ file system than the default one hosted on the SAN storage." (rnrs io simple) (srfi srfi-1) (srfi srfi-19) - (srfi srfi-26)) + (srfi srfi-26) + (srfi srfi-71)) + + (define %lock-file "/var/lock/mcron-btrfs-send-job.lock") + (define btrfs #$(file-append btrfs-progs "/bin/btrfs")) + (define %subvolume "/mnt/btrfs-pool-san/@publish") + (define %snapshots-dir "/mnt/btrfs-pool-san/snapshots/") + ;; TODO: Add non-overlapping job support to mcron ;; itself, instead of this ad-hoc advisory lock ;; based solution. - (define %lock-file "/var/lock/mcron-btrfs-send-job.lock") - (define (call-with-advisory-lock file thunk) (call-with-port (open-file file "r") (lambda (lock) (flock lock (logior LOCK_EX LOCK_NB)) (thunk - (define (create-and-send-snapshot) -(let* ((subvolume-name "@publish") - (subvolume (string-append "/mnt/btrfs-pool-san/" - subvolume-name)) + (define (snapshot-subvolume subvolume dest) +"Create a new snapshot of SUBVOLUME in DEST." +(let* ((subvolume-name (basename subvolume)) (timestamp (date->string (time-utc->date (current-time)) "~5")) (snapshot-name (string-append subvolume-name "." - timestamp)) - (snapshots-dir "/mnt/btrfs-pool-san/snapshots/") - (btrfs #$(file-append btrfs-progs "/bin/btrfs"))) - (mkdir-p snapshots-dir) - (chdir snapshots-dir) - ;; Create a new snapshot. - (invoke btrfs "subvolume" "snapshot" "-r" - subvolume snapshot-name) + timestamp))) + (mkdir-p dest) + (with-directory-excursion dest +(invoke btrfs "subvolume" "snapshot" "-r" +subvolume snapshot-name + + (define (prune-snapshots dir prefix preserve-count) +"Delete all but the PRESERVE-COUNT newest snapshots +found in DIR whose name match PREFIX." +(with-directory-excursion dir (let* ((snapshots (scandir "." (cut string-prefix? - subvolume-name <>))) - (old-snapshots (if (> (length snapshots) 2) -(drop-right snapshots 2) -'())) - (recent-snapshots (if (> (length snapshots) 2) - (take-right snapshots 2) - snapshots)) - (snapshot (last recent-snapshots)) - (parent-snapshot (if (= 2 (length recent-snapshots)) - (first recent-snapshots) - #f))) + prefix <>))) + (old-snapshots (
branch master updated: hydra: berlin: Add an initial (incomplete) btrfs-send-job mcron job.
This is an automated email from the git hooks/post-receive script. apteryx pushed a commit to branch master in repository maintenance. The following commit(s) were added to refs/heads/master by this push: new 0b402ff hydra: berlin: Add an initial (incomplete) btrfs-send-job mcron job. 0b402ff is described below commit 0b402ffc496d40f36b9ee9f53fbfc79fecee16e3 Author: Maxim Cournoyer AuthorDate: Fri May 19 10:15:01 2023 -0400 hydra: berlin: Add an initial (incomplete) btrfs-send-job mcron job. * hydra/berlin.scm (btrfs-send-job): New mcron job. [services] : Register it. --- hydra/berlin.scm | 83 ++-- 1 file changed, 80 insertions(+), 3 deletions(-) diff --git a/hydra/berlin.scm b/hydra/berlin.scm index 62c35ee..2f22f74 100644 --- a/hydra/berlin.scm +++ b/hydra/berlin.scm @@ -13,6 +13,7 @@ (use-modules (gnu) (guix) (sysadmin services) (sysadmin people) (sysadmin dns) (sysadmin web) (guix git-download) + (guix modules) ((guix utils) #:select (current-source-directory)) ((guix build utils) #:select (find-files)) (srfi srfi-1) @@ -249,6 +250,81 @@ file system than the default one hosted on the SAN storage." "balance" "start" "-dusage=5" "/")) "btrfs-balance")) +(define btrfs-send-job + ;; Take a snapshot of the substitutes, and send it to + ;; hydra-guix-129. + #~(job '(next-minute (range 0 60 10)) + #$(program-file +"btrfs-send-publish" +(with-imported-modules (source-module-closure +'((guix build utils))) + #~(begin + (use-modules (guix build utils) + (ice-9 ftw) + (ice-9 exceptions) + (ice-9 match) + (rnrs io simple) + (srfi srfi-1) + (srfi srfi-19) + (srfi srfi-26)) + ;; TODO: Add non-overlapping job support to mcron + ;; itself, instead of this ad-hoc advisory lock + ;; based solution. + (define %lock-file "/var/lock/mcron-btrfs-send-job.lock") + + (define (call-with-advisory-lock file thunk) +(call-with-port (open-file file "r") + (lambda (lock) +(flock lock (logior LOCK_EX LOCK_NB)) +(thunk + + (define (create-and-send-snapshot) +(let* ((subvolume-name "@publish") + (subvolume (string-append "/mnt/btrfs-pool-san/" + subvolume-name)) + (timestamp (date->string + (time-utc->date (current-time)) "~5")) + (snapshot-name (string-append subvolume-name "." + timestamp)) + (snapshots-dir "/mnt/btrfs-pool-san/snapshots/") + (btrfs #$(file-append btrfs-progs "/bin/btrfs"))) + (mkdir-p snapshots-dir) + (chdir snapshots-dir) + ;; Create a new snapshot. + (invoke btrfs "subvolume" "snapshot" "-r" + subvolume snapshot-name) + (let* ((snapshots (scandir "." (cut string-prefix? + subvolume-name <>))) + (old-snapshots (if (> (length snapshots) 2) +(drop-right snapshots 2) +'())) + (recent-snapshots (if (> (length snapshots) 2) + (take-right snapshots 2) + snapshots)) + (snapshot (last recent-snapshots)) + (parent-snapshot (if (= 2 (length recent-snapshots)) + (first recent-snapshots) + #f))) +;; Only preserve the last two snapshots. +(for-each (cut invoke btrfs "subvolume" "delete" <>) + old-snapshots) +;; Send the snapshot to the remote server (hydra). +(format +
branch master updated: hydra: node-129: Add an rsync service for substitutes mirroring.
This is an automated email from the git hooks/post-receive script.
apteryx pushed a commit to branch master
in repository maintenance.
The following commit(s) were added to refs/heads/master by this push:
new b49da23 hydra: node-129: Add an rsync service for substitutes
mirroring.
b49da23 is described below
commit b49da23ee62589359f1e005f22e77a6065172d3d
Author: Maxim Cournoyer
AuthorDate: Fri May 19 09:12:11 2023 -0400
hydra: node-129: Add an rsync service for substitutes mirroring.
* hydra/deploy-node-129.scm (node-129-os) [file-systems]: Move
@publish-mirror subvolume to SAN storage.
[services]: Add an rsync service.
---
hydra/deploy-node-129.scm | 15 ---
1 file changed, 12 insertions(+), 3 deletions(-)
diff --git a/hydra/deploy-node-129.scm b/hydra/deploy-node-129.scm
index e1e058e..b17e53f 100644
--- a/hydra/deploy-node-129.scm
+++ b/hydra/deploy-node-129.scm
@@ -7,12 +7,15 @@
;;;
;;; 2. be available as a fall-back to Berlin in case of problems
;;;
-;;; 3. Be used as a test bed for staging new configurations before
+;;; 3. offer an rsync service to mirror Berlin's binary substitutes
+;;;
+;;; 4. Be used as a test bed for staging new configurations before
;;;they are deployed in production to Berlin.
;;;
;;; TODO: Implement service redundancy with Berlin.
;;;
;;; FIXME: Re-deploying must happen from Berlin, due to bug #46760.
+;;; FIXME: Must use reconfigure instead of deploy due to bug #63559.
;;;
;;; To update its operating system, make sure you are a sysadmin
;;; defined in the 'berlin-new-build-machine-os' procedure in
@@ -29,6 +32,7 @@
(gnu packages linux)
(gnu services base)
(gnu services mcron)
+ (gnu services rsync)
(gnu services ssh)
(gnu system file-systems)
(gnu system linux-initrd)
@@ -199,8 +203,7 @@ devices {
;; point itself, so introduce a 'publish' parent
;; directory.
(btrfs-subvolume-mount "@publish-mirror"
-"/srv/publish/substitutes"
-#:device-uuid %btrfs-ssd-uuid)
+"/srv/publish/substitutes")
%base-file-systems))
(services
(cons* (simple-service 'copy-kernel+initrd-to-/boot
@@ -209,6 +212,12 @@ devices {
(simple-service 'etc-multipath.conf
etc-service-type
(list `("multipath.conf" ,%multipath.conf)))
+ (service rsync-service-type
+ (rsync-configuration
+(modules
+ (list (rsync-module
+(name "substitutes")
+(file-name "/srv/publish/substitutes"))
(modify-services (operating-system-user-services base-os)
(mcron-service-type
config => (mcron-configuration
02/03: hydra: node-129: Expose the SSDs as a new RAID 10 Btrfs array.
apteryx pushed a commit to branch master
in repository maintenance.
commit 3c8c7e5af0d259d659f20f2156e73d66b7ef4091
Author: Maxim Cournoyer
AuthorDate: Wed May 17 16:07:31 2023 -0400
hydra: node-129: Expose the SSDs as a new RAID 10 Btrfs array.
* hydra/deploy-node-129.scm (%btrfs-ssd-raid10-uuid): New variable.
(%btrfs-pool-san): Relocate mount point to /mnt/btrfs-pool-san.
(%btrfs-pool-ssd): New variable.
(btrfs-subvolume-mount): Support a #:device-uuid argument.
(node-129-os) [file-systems]: Add %btrfs-pool-ssd. Mount the
@publish-mirror subvolume to /srv/publish/substitutes.
---
hydra/deploy-node-129.scm | 33 +
1 file changed, 29 insertions(+), 4 deletions(-)
diff --git a/hydra/deploy-node-129.scm b/hydra/deploy-node-129.scm
index 2122e66..77f574c 100644
--- a/hydra/deploy-node-129.scm
+++ b/hydra/deploy-node-129.scm
@@ -47,20 +47,35 @@
(define %common-btrfs-options '(("compress" . "zstd")
("space_cache" . "v2")))
+(define %btrfs-ssd-uuid "43c70fb3-c587-49b7-9c8d-23356d656fae")
+
(define %btrfs-pool-san
(file-system
(device (uuid %btrfs-san-uuid))
-(mount-point "/mnt/btrfs-pool")
+(mount-point "/mnt/btrfs-pool-san")
(create-mount-point? #t)
(type "btrfs")
(options (alist->file-system-options
(cons '("subvolid" . "5")
%common-btrfs-options)
-(define (btrfs-subvolume-mount name mount-point)
- "Return a file system to mount the Btrfs subvolume NAME at MOUNT-POINT."
+(define %btrfs-pool-ssd
(file-system
-(device (uuid %btrfs-san-uuid))
+(device (uuid %btrfs-ssd-uuid))
+(mount-point "/mnt/btrfs-pool-ssd")
+(create-mount-point? #t)
+(type "btrfs")
+(options (alist->file-system-options
+ (cons '("subvolid" . "5")
+%common-btrfs-options)
+
+(define* (btrfs-subvolume-mount name mount-point
+#:key (device-uuid %btrfs-san-uuid))
+ "Return a file system to mount the Btrfs subvolume NAME at
+MOUNT-POINT. DEVICE-UUID can be provided to use a different Btrfs file
+system than the default one hosted on the SAN storage."
+ (file-system
+(device (uuid device-uuid))
(mount-point mount-point)
(create-mount-point? #t)
(type "btrfs")
@@ -172,10 +187,20 @@ devices {
(mount-point "/boot/efi2")
(device (uuid "FCDB-FA3A" 'fat)) ;/dev/sdb2
(type "vfat"))
+
%btrfs-pool-san ;for convenience
(btrfs-subvolume-mount "@root" "/")
(btrfs-subvolume-mount "@home" "/home")
(btrfs-subvolume-mount "@cache" "/var/cache")
+
+ %btrfs-pool-ssd
+ ;; The renameat2 trick only works on the parent
+ ;; of an active mount point, not on the mount
+ ;; point itself, so introduce a 'publish' parent
+ ;; directory.
+ (btrfs-subvolume-mount "@publish-mirror"
+"/srv/publish/substitutes"
+#:device-uuid %btrfs-ssd-uuid)
%base-file-systems))
(services
(cons* (simple-service 'copy-kernel+initrd-to-/boot
branch master updated (73984e7 -> 995004a)
apteryx pushed a change to branch master in repository maintenance. from 73984e7 berlin: Move guix-publish cache to its own Btrfs subvolume. new 19edb61 hydra: deploy-node-129: Fix indentation. new 3c8c7e5 hydra: node-129: Expose the SSDs as a new RAID 10 Btrfs array. new 995004a hydra: node-129: Authorize berlin's SSH key for root user. The 3 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: hydra/deploy-node-129.scm | 82 +++ 1 file changed, 62 insertions(+), 20 deletions(-)
03/03: hydra: node-129: Authorize berlin's SSH key for root user.
apteryx pushed a commit to branch master
in repository maintenance.
commit 995004a7316dd784d335b4112d84ecfb69f7703a
Author: Maxim Cournoyer
AuthorDate: Wed May 17 16:11:33 2023 -0400
hydra: node-129: Authorize berlin's SSH key for root user.
* hydra/deploy-node-129.scm (node-129-os) [services] :
Authorize the berlin.guixsd.org.pub SSH key for the 'root' user.
Allow berlin (141.80.181.40) to connect as root.
---
hydra/deploy-node-129.scm | 19 ++-
1 file changed, 18 insertions(+), 1 deletion(-)
diff --git a/hydra/deploy-node-129.scm b/hydra/deploy-node-129.scm
index 77f574c..e1e058e 100644
--- a/hydra/deploy-node-129.scm
+++ b/hydra/deploy-node-129.scm
@@ -241,7 +241,24 @@ devices {
(inherit config)
;; Only accept public key authentication for
;; enhanced security.
-(password-authentication? #f))
+(password-authentication? #f)
+;; Connecting as root is only allowed from
+;; Berlin, and makes it possible to sync
+;; subvolumes via Btrfs send/receive.
+(authorized-keys
+ (cons
+ `("root"
+,(local-file "keys/ssh/berlin.guixsd.org.pub"))
+ (openssh-configuration-authorized-keys config)))
+;; The default route configured on Berlin
+;; means it's seen as 141.80.181.40, not
+;; 141.80.167.131 to hydra-guix-129.
+(extra-content
+ (string-append
+ (openssh-configuration-extra-content config)
+ "
+Match Address 141.80.181.40
+ PermitRootLogin yes\n")))
(swap-devices '();cannot do swap on Btrfs RAID
(list
01/03: hydra: deploy-node-129: Fix indentation.
apteryx pushed a commit to branch master
in repository maintenance.
commit 19edb61d3370991a093dfaa39cd2f8bce53164c2
Author: Maxim Cournoyer
AuthorDate: Wed May 17 14:10:38 2023 -0400
hydra: deploy-node-129: Fix indentation.
* hydra/deploy-node-129.scm (node-129-os): Re-indent.
---
hydra/deploy-node-129.scm | 30 +++---
1 file changed, 15 insertions(+), 15 deletions(-)
diff --git a/hydra/deploy-node-129.scm b/hydra/deploy-node-129.scm
index a3ce0a0..2122e66 100644
--- a/hydra/deploy-node-129.scm
+++ b/hydra/deploy-node-129.scm
@@ -144,26 +144,26 @@ devices {
#:max-jobs 4
#:max-cores 24)))
(operating-system
- (inherit base-os)
- (initrd-modules (append (list "megaraid_sas" "scsi_transport_sas"
- "mpt3sas" "libsas"
- ;; Suggested by 'guix system init' for
- ;; the SAN storage.
- "qla2xxx")
-%base-initrd-modules))
- (bootloader
- (bootloader-configuration
- (inherit (operating-system-bootloader base-os)) ;efi bootloader
- (targets (list "/boot/efi" "/boot/efi2"
+ (inherit base-os)
+ (initrd-modules (append (list "megaraid_sas" "scsi_transport_sas"
+ "mpt3sas" "libsas"
+ ;; Suggested by 'guix system init' for
+ ;; the SAN storage.
+ "qla2xxx")
+ %base-initrd-modules))
+ (bootloader
+ (bootloader-configuration
+(inherit (operating-system-bootloader base-os)) ;efi bootloader
+(targets (list "/boot/efi" "/boot/efi2"
(packages
(cons* multipath-tools
(operating-system-packages base-os)))
(file-systems (cons*
(file-system
- (mount-point "/boot") ;/dev/sda3 and /dev/sdb3 in Btrfs
RAID 1
- (device (uuid "f4ec81a5-3ea6-494b-8886-b71eec6721ee"))
- (type "btrfs")
- (options "compress=zstd"))
+ (mount-point "/boot") ;/dev/sda3 and /dev/sdb3 in Btrfs
RAID 1
+ (device (uuid "f4ec81a5-3ea6-494b-8886-b71eec6721ee"))
+ (type "btrfs")
+ (options "compress=zstd"))
(file-system
(mount-point "/boot/efi")
(device (uuid "FC8E-0264" 'fat)) ;/dev/sda2
branch master updated: berlin: Move guix-publish cache to its own Btrfs subvolume.
This is an automated email from the git hooks/post-receive script.
apteryx pushed a commit to branch master
in repository maintenance.
The following commit(s) were added to refs/heads/master by this push:
new 73984e7 berlin: Move guix-publish cache to its own Btrfs subvolume.
73984e7 is described below
commit 73984e7f956d9af2babfb9c508c107427816da7e
Author: Maxim Cournoyer
AuthorDate: Tue May 16 11:14:22 2023 -0400
berlin: Move guix-publish cache to its own Btrfs subvolume.
* hydra/berlin.scm (btrfs-subvolume-mount): Move the DEVICE-UUID to a
#:device-uuid argument.
(operating-system) [file-systems]: Add a new mount point for the
@publish subvolume.
---
hydra/berlin.scm | 23 +--
1 file changed, 13 insertions(+), 10 deletions(-)
diff --git a/hydra/berlin.scm b/hydra/berlin.scm
index b2ec2cc..62c35ee 100644
--- a/hydra/berlin.scm
+++ b/hydra/berlin.scm
@@ -6,7 +6,7 @@
;; Copyright © 2020, 2021 Florian Pelz
;; Copyright © 2020, 2021 Mathieu Othacehe
;; Copyright © 2021 Tobias Geerinckx-Rice
-;; Copyright © 2022 Maxim Cournoyer
+;; Copyright © 2022, 2023 Maxim Cournoyer
;; Copyright © 2023 Andreas Enge
;; Released under the GNU GPLv3 or any later version.
@@ -225,9 +225,11 @@ devices {
(cons '("subvolid" . "5")
%common-btrfs-options)
-(define (btrfs-subvolume-mount device-uuid name mount-point)
- "Return a file system to mount the Btrfs subvolume NAME on DEVICE-UUID
-at MOUNT-POINT."
+(define* (btrfs-subvolume-mount name mount-point
+#:key (device-uuid %btrfs-san-uuid))
+ "Return a file system to mount the Btrfs subvolume NAME at
+MOUNT-POINT. DEVICE-UUID can be provided to use a different Btrfs
+file system than the default one hosted on the SAN storage."
(file-system
(device (uuid device-uuid))
(mount-point mount-point)
@@ -305,13 +307,14 @@ at MOUNT-POINT."
(device (uuid "67498a2f-3e32-4e8c-96a5-8a4844ea229c"))
;/dev/sdg3
(type "ext4"))
(file-system
- (mount-point "/boot/efi")
- (device (uuid "43AE-6859" 'fat)) ;/dev/sdg2
- (type "vfat"))
+ (mount-point "/boot/efi")
+ (device (uuid "43AE-6859" 'fat)) ;/dev/sdg2
+ (type "vfat"))
%btrfs-pool-san;for convenience
- (btrfs-subvolume-mount %btrfs-san-uuid "@root" "/")
- (btrfs-subvolume-mount %btrfs-san-uuid "@cache" "/var/cache")
- (btrfs-subvolume-mount %btrfs-san-uuid "@home" "/home")
+ (btrfs-subvolume-mount "@root" "/")
+ (btrfs-subvolume-mount "@cache" "/var/cache")
+ (btrfs-subvolume-mount "@home" "/home")
+ (btrfs-subvolume-mount "@publish" "/var/cache/guix/publish")
%base-file-systems))
;; Local admin account for MDC maintenance.
branch master updated: berlin: Remove no longer existing CRL file from config.
This is an automated email from the git hooks/post-receive script. apteryx pushed a commit to branch master in repository maintenance. The following commit(s) were added to refs/heads/master by this push: new 5a6b8cd berlin: Remove no longer existing CRL file from config. 5a6b8cd is described below commit 5a6b8cd7286d1c8906beaa35ebba6eff5bae3a79 Author: Maxim Cournoyer AuthorDate: Thu May 11 00:25:19 2023 -0400 berlin: Remove no longer existing CRL file from config. The new ssl-ca certificate authority produced doesn't have a CRL file for now. Remove it from the config to avoid crashing nginx. * hydra/nginx/berlin.scm (%berlin-servers): Remove ssl_crl directive. (%zabbix-nginx-server): Likewise. --- hydra/nginx/berlin.scm | 2 -- 1 file changed, 2 deletions(-) diff --git a/hydra/nginx/berlin.scm b/hydra/nginx/berlin.scm index a3ff107..d1df1ba 100644 --- a/hydra/nginx/berlin.scm +++ b/hydra/nginx/berlin.scm @@ -261,7 +261,6 @@ PUBLISH-URL." "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;" ;; For Cuirass admin interface authentication "ssl_client_certificate /etc/ssl-ca/certs/ca.crt;" - "ssl_crl /etc/ssl-ca/private/ca.crl;" "ssl_verify_client optional;" (nginx-server-configuration @@ -531,7 +530,6 @@ PUBLISH-URL." "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;" ;; For client cert authentication "ssl_client_certificate /etc/ssl-ca/certs/ca.crt;" - "ssl_crl /etc/ssl-ca/private/ca.crl;" "ssl_verify_client on;"))) (locations (let ((php-location (nginx-php-location)))
branch master updated: hydra: deploy-node-129: Set default route.
This is an automated email from the git hooks/post-receive script.
apteryx pushed a commit to branch master
in repository maintenance.
The following commit(s) were added to refs/heads/master by this push:
new c683686 hydra: deploy-node-129: Set default route.
c683686 is described below
commit c683686b3628838d37f0b868bb47e99e79f0fa0a
Author: Maxim Cournoyer
AuthorDate: Wed May 10 08:57:47 2023 -0400
hydra: deploy-node-129: Set default route.
Previously, the default route would be internal to the network,
causing replies to external requests to be filtered by the firewall.
* hydra/deploy-node-129.scm (node-129-os)
[static-networking-service-type]: Set default route to 141.80.181.1.
---
hydra/deploy-node-129.scm | 8 +++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/hydra/deploy-node-129.scm b/hydra/deploy-node-129.scm
index cc70d69..a3ce0a0 100644
--- a/hydra/deploy-node-129.scm
+++ b/hydra/deploy-node-129.scm
@@ -1,12 +1,15 @@
;;; Commentary;
;;;
;;; This machine uses a server identical to Berlin (a Dell PowerEdge
-;;; R430 server) and serves a dual purpose:
+;;; R430 server) and serves the following purposes:
;;;
;;; 1. act as a regular Berlin build machine
;;;
;;; 2. be available as a fall-back to Berlin in case of problems
;;;
+;;; 3. Be used as a test bed for staging new configurations before
+;;;they are deployed in production to Berlin.
+;;;
;;; TODO: Implement service redundancy with Berlin.
;;;
;;; FIXME: Re-deploying must happen from Berlin, due to bug #46760.
@@ -203,6 +206,9 @@ devices {
(network-address
(device "eno4")
(value "141.80.167.251/26"
+(routes (list (network-route
+ (destination "default")
+ (gateway "141.80.181.1"
(provision '(backdoor))) ;required else car error
networks))
(openssh-service-type
02/02: hydra: berlin: Add Arun Isaac as a sysadmin.
apteryx pushed a commit to branch master
in repository maintenance.
commit 1993171ad40584786dd933c10ae3f324cfb552d3
Author: Arun Isaac
AuthorDate: Wed Apr 19 10:53:44 2023 +0100
hydra: berlin: Add Arun Isaac as a sysadmin.
* hydra/berlin.scm (%sysadmins): Add Arun Isaac.
* hydra/keys/ssh/arunisaac.pub: New file.
Signed-off-by: Maxim Cournoyer
---
hydra/berlin.scm | 5 -
hydra/keys/ssh/arunisaac.pub | 1 +
2 files changed, 5 insertions(+), 1 deletion(-)
diff --git a/hydra/berlin.scm b/hydra/berlin.scm
index 5e79929..b2ec2cc 100644
--- a/hydra/berlin.scm
+++ b/hydra/berlin.scm
@@ -59,7 +59,10 @@
(ssh-public-key (local-file "keys/ssh/lfam.pub")))
(sysadmin (name "maxim")
(full-name "Maxim Cournoyer")
- (ssh-public-key (local-file "keys/ssh/maxim.pub")
+ (ssh-public-key (local-file "keys/ssh/maxim.pub")))
+(sysadmin (name "arunisaac")
+ (full-name "Arun Isaac")
+ (ssh-public-key (local-file "keys/ssh/arunisaac.pub")
(include "nginx/berlin.scm")
(include "website.scm")
diff --git a/hydra/keys/ssh/arunisaac.pub b/hydra/keys/ssh/arunisaac.pub
new file mode 100644
index 000..68ec7f9
--- /dev/null
+++ b/hydra/keys/ssh/arunisaac.pub
@@ -0,0 +1 @@
+ssh-ed25519
C3NzaC1lZDI1NTE5IJgYifUhSVZ3RCVCZPAh4VTLUJeCPWcEUsa/TGucRofs
arunis...@systemreboot.net
branch master updated (33c64ba -> 1993171)
apteryx pushed a change to branch master in repository maintenance. from 33c64ba sysadmin: qa-frontpage: Update to 0-11.083420e. new 255ef2a Authorize Arun Isaac's PGP key. new 1993171 hydra: berlin: Add Arun Isaac as a sysadmin. The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: .guix-authorizations | 2 ++ hydra/berlin.scm | 5 - hydra/keys/ssh/arunisaac.pub | 1 + 3 files changed, 7 insertions(+), 1 deletion(-) create mode 100644 hydra/keys/ssh/arunisaac.pub
01/02: Authorize Arun Isaac's PGP key.
apteryx pushed a commit to branch master
in repository maintenance.
commit 255ef2ac1c23937aa291f60a5a1478e460c73a07
Author: Maxim Cournoyer
AuthorDate: Fri May 5 12:59:26 2023 -0400
Authorize Arun Isaac's PGP key.
* .guix-authorizations (authorizations): Register Arun's key.
---
.guix-authorizations | 2 ++
1 file changed, 2 insertions(+)
diff --git a/.guix-authorizations b/.guix-authorizations
index f039ba8..f1f24d0 100644
--- a/.guix-authorizations
+++ b/.guix-authorizations
@@ -8,6 +8,8 @@
(name "andreas"))
("27D5 86A4 F890 0854 329F F09F 1260 E464 82E6 3562"
(name "apteryx"))
+ ("7F73 0343 F2F0 9F3C 77BF 79D3 2E25 EE8B 6180 2BB3"
+ (name "arunisaac"))
("45CC 63B8 5258 C9D5 5F34 B239 D37D 0EA7 CECC 3912"
(name "biscuolo"))
("3E89 EEE7 458E 720D 9754 E0B2 5E28 A33B 0B84 F577"
branch keyring updated: Add Arun Isaac's PGP key.
This is an automated email from the git hooks/post-receive script. apteryx pushed a commit to branch keyring in repository maintenance. The following commit(s) were added to refs/heads/keyring by this push: new 0b575c9 Add Arun Isaac's PGP key. 0b575c9 is described below commit 0b575c9d360f93ebe7bb6365a2cce79d87787096 Author: Maxim Cournoyer AuthorDate: Fri May 5 12:54:36 2023 -0400 Add Arun Isaac's PGP key. * arunisaac-2E25EE8B.key: New key. --- arunisaac-2E25EE8B.key | 75 ++ 1 file changed, 75 insertions(+) diff --git a/arunisaac-2E25EE8B.key b/arunisaac-2E25EE8B.key new file mode 100644 index 000..d1c64dc --- /dev/null +++ b/arunisaac-2E25EE8B.key @@ -0,0 +1,75 @@ +-BEGIN PGP PUBLIC KEY BLOCK- + +mQENBFIrWlgBCADL9VFDowZ3tM5Ogb38eC3I9PWhXpEVV6DB7AKJlOdpdc5caBng +CUu6UfnVwtNXT3eTr+vG5u3tANnaVbL6tq+8o7V1gWhpAlQ62OfgolxExpHOjHII +xUrPyi4JdNnVyYp/GfEb7hHz4zN0nY6CyVn8DFXOCmJzQvnAWFHEKjtCLFWguxO9 +e/nElbBUo+CNa7eUurKW/cCym0/bkLZBMTXlwoy6ZAik5w92gNUyQ7x8ICKTzmPF +HQVZ+gN7fNWh2KjP3DFU1KV909xKnaQz2FZcmU7ywNud2gjwTjwo+LlzEo+B3eKD +z8eeHcujbFBZciWd0R+PlGLKMr6gHoBP4nAvABEBAAG0I0FydW4gSSA8YXJ1bmlz +YWFjQHN5c3RlbXJlYm9vdC5uZXQ+iQFXBBMBCABBAhsDBQsJCAcCBhUICQoLAgQW +AgMBAh4BAheAAhkBFiEEf3MDQ/Lwnzx3v3nTLiXui2GAK7MFAmQAcAgFCRO2STAA +CgkQLiXui2GAK7MWuAf7BOlCFYM9zUCBzzP8rNpE7554u6Uj0sivGb/WpXSa9nYe +ofNmXbarsUyghPasGo3fhWc2Y4+WAkT3cx83xHm9pIe6zeBO6e6lb3g+qQv/gdTz +u6arroEzc8GdzIP32T2mtbsZpI9nE7ggGNP2a6VsJN9f8pCqWI8Zv/R8HWVZvece +CoLHGxOM2Nweg64PGJ0b6MfmCA1YJA7Pw946gamwitA92ANXdh6VyojSFIF6B1ue +gO0p4UcdVI4vvJTUBRDLMLQMwn/oTxs+b340/oVd0L8oxniPQVjfpOaZiFluZnmW +THzg1oEWcMKJE6peURdEIPP06JcBPhaDQa8MTCnU1IkBNwQTAQgAIQUCVi0wCgIb +AwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRAuJe6LYYArs/7nCACfiPKWI1h5 +roUjW1mfF3OXXm7P4un/wFNLC5mq2/zvrHmITWJZG6bPHJDohCex+TJUaC5imtbB +ZV37OfDavgFXwjd+zcxxRA4Ozar8qutmqiOob8H6Sv3wDflLwmbqO1TxIS25rMcO +JHnV/yeMOfx54khnYCmgTXtItE26wRETiwSNqLRqO9pE4regUUj91y0fa2O66GP7 +BPYFvusDclYwtQTP406m4aqLCv4O/Qn7n94WtBtIkRAl/ark198uZZa5IIfNiwrk +9rSjXAQp7/5E25rQRUTZwK3UDHB9lXJj+7Jh5FcupQT9Lo11LIj2ouFDTf04I33e +ZRhJaYzrD4mtiQFOBBMBCAA4AhsDBQsJCAcCBhUICQoLAgQWAgMBAh4BAheAFiEE +f3MDQ/Lwnzx3v3nTLiXui2GAK7MFAljPXesACgkQLiXui2GAK7NHSggAyZuiP7bZ +Yy0QZ95CbY3vUgZLpaJf9o8UfG+ER/uvPjcHD9wunPl/bCBjLoPf4pI2KgXwrLl5 +/mIbmx40CTRLBxW5CGgINHbDKRwfQH1XUWQ4EajoebkK2y1Mty31wmWE0/7POM77 +mWC/s6d1l09iBDYGoWTWEnL5a9PoOHmSzFXja5ZCuO7qqmjvxZOtc0dpb13GIv5g +d1j8nGGcRJDnXku38lDvygd6dAqY1h0hihA1QgwC8RMCS80gaeGjf06+p5jeBofs +zss7VgyhDgxte6kMRHJbBpK9oCjez7EhnPiU02+nIBQvp+StC+yMolI5Cjci7kgE +/fHOijr5O6XClIkBUwQTAQgAPgIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgBYh +BH9zA0Py8J88d7950y4l7othgCuzBQJasrFoBQkKaIqQAAoJEC4l7othgCuz9qgH ++L4Bg8DMFRIDl7wLzB5yC8rZ3So9KW+qYlnUp1Ga1270ha+M8uPzjJ12xVke8CRz +bxZeKuw+v6vbnMVxrae88A3vAiQmpRF+/jbCSTId7+ivzpo02LJsI7jH4J5pjQCI +Lar70sWv2IjIJvjF4pwq+uHBw8J2wyxCyAEJ+BM6TFs87bPnpAcE8PfDgrb5uroU +dHd8GTHWoYDdav+h5c3ABcJ6vsUBpRI1dDLvC4f5b32O24JSMlEm2OX6QS0KtbIE +he4UEdhkaAkdKdfeRgfk9Tz71VoyeqOi20FkQ285JfI0bAHDIcxupzPzTD//EIbc +js14C5yQh5oo5S5ehlPU5YkBVwQTAQgAQQIbAwULCQgHAgYVCAkKCwIEFgIDAQIe +AQIXgAIZARYhBH9zA0Py8J88d7950y4l7othgCuzBQJecxFJBQkOKOpxAAoJEC4l +7othgCuz5wAH/iz1f4ZUyqxQapFV1aEEUXewZV9uDYQJnhWHVM7VRe9r4I9QTm8b +awrRcXCloJlqOoaZu2/MbGeOmhGvfqNLjzGsHnmXL8/rBzW03D4fO9uKcQh9kky0 +ZsM6xLLidfS12AQL/oxprpX1kLrAVUujoCB01b3Iy0weWMxNA00jz+e1L0/R9Ujw +dNq+4zIFoZRp5k2hicOwgmtFa4AnbfD/KCxI2TSGsQB63XtXjZvhx4iqedZRNBwE +RA/2/T0Qx/uNm9xlIeKmd5grgmxqtdi3vTKSiGIeLGQd8MaRlMo/P7h39ruoKmmF +tkqxLevSN64rHuHEfrqGlbZJtFlWApgH5h20N0FydW4gSSAoTXkgcGVyc29uYWwg +a2V5KSA8dGhlcm9hcm9mdGhlZHJhZ29uQGdtYWlsLmNvbT6JATEEMAEIABsFAlfl +njwUHSBJJ20gbGVhdmluZyBnbWFpbC4ACgkQLiXui2GAK7M/pAgAgaji8T6JiEjk +Cxg+xu42nFndwVeguk6f8U5ZlkLNM0XuYs/8EWT3eZM5LFVFjAYXsHK0MdAdQEYe +fMbF5ZKzKtEXcuz7PAm5ZBu2q8fKo1uDjLyQDIxMRFBlSys6Ro3xx6/bZtYbl1H/ +D92tMIEIKxPRc1TEC2CKclu/35RmgAsctHHcEn5w8Nj+vSavlVsjy/41Zsn5MGoz +oTXjmefpcunS2N8FmiUfliRcw8r33mxl0HlZgd5vGuYcjmN59PLsRM51h7Afaeye +yNvoWoXLJy7JtgCM65fAXMVmXE0B1hLSxZVCaeUTAbx8n9BuBHA+cM+wcwAmzP0u +6g0PX7nf24kBOQQTAQIAIwUCUitaWAIbAwcLCQgHAwIBBhUIAgkKCwQWAgMBAh4B +AheAAAoJEC4l7othgCuzVHgH/jAyy7nfFDfEqJ97fxzDj9DdrSPTTEcm494iNq0V +fiX6Wta9oIzBfGk7qpU3FkwRQnYzsj50XHnGYbYn3bZ254bdtTKC70N/fXATmWaS +lIrTIBqlrqAmGV1gSCZmH+fMscgSvTNfKcBPNSTvnQwPdPqjrlUtPNqVMC45lqGQ +LrLufZCagJ1yiWuigcHP93BRJ2RQws3YOtJ8tNPKhdiBtsVGYdn6ZaJh/oTj3eWy +Ut8cRS2tHMLxqQgGs8BTIM5azAENDEKkQioD+BOWbMQ70ZdhMGkGq8G+RLg3haSL +2y3eWawBZBI0+7x4dH/qXlwlmsn1uNKMAzRm1h79eQYbnZ6IXgQQEQgABgUCVQcB +iQAKCRDc2ShkX3xJJkygAQCLtk5EWW8S/916lDhNi+R1OE8S6I/tTdjczqYTIa7E +3wEA9L6RTECVsQ9J+duvLoukGIgqNHdRinoheBuIVAIHTIe5AQ0EUitaWAEIAJhZ +VxJGITTgYG1EegfrfF8ZAOXu468VWljwmzgCArN/uMO9DliacrcQ3mjzocn+FrSo ++Rf5zTOn2qIQ5zQoTuxfBxSGB6R3YowvBFQ58PYpfZoRScnkTuqKCxqvKH3AzyEW +ZSuxZO6V4/OAn7QCICjQMCAlWOcvmfBsBIxGHutCAv5J3rax/pq2mwGx9LkvUPui +FFkMidwsgxNLvBQyJIyoiN0n4spOGiJVn0LZz1C+tYEmwB7xtOtY6OdTO6q74Jyf +anA3rspcXP+tQoRynwdCToHkU7gcJP1HQ8/7Entk9i6RbCITQwMriz9eML+V6zbo +xYR0NmyjsZTAR
branch master updated (6c492e6 -> 66e2c2a)
apteryx pushed a change to branch master in repository maintenance. from 6c492e6 deploy-node-129: Update host key. new d285376 keys: Update node-129 signing key. new 66e2c2a machines-for-berlin.scm: Update hydra-guix-129 host key. The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: hydra/keys/guix/berlin/141.80.167.186.pub | 6 +++--- hydra/machines-for-berlin.scm | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-)
02/02: machines-for-berlin.scm: Update hydra-guix-129 host key.
apteryx pushed a commit to branch master
in repository maintenance.
commit 66e2c2a5cb32b44496901c98700bacf8be3aa1cd
Author: Maxim Cournoyer
AuthorDate: Mon Apr 24 16:41:23 2023 -0400
machines-for-berlin.scm: Update hydra-guix-129 host key.
* hydra/machines-for-berlin.scm (hosts): Update host key.
---
hydra/machines-for-berlin.scm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hydra/machines-for-berlin.scm b/hydra/machines-for-berlin.scm
index c0f5013..5d78776 100644
--- a/hydra/machines-for-berlin.scm
+++ b/hydra/machines-for-berlin.scm
@@ -120,7 +120,7 @@
192)
;; hydra-guix-129
("141.80.167.186"
- "ssh-ed25519
C3NzaC1lZDI1NTE5IEKtRABWvMsfq4Om16CLMpP9qbaJj83blA+K82SnZd6R"
+ "ssh-ed25519
C3NzaC1lZDI1NTE5IMuCdrMoF25T9ejPLAAcS92b6lVIz5+U0avyYPQTG5NI"
192)
;; hydra-guix-130
;; FIXME: Disabled Nov 19 2022; waiting troubleshooting from
01/02: keys: Update node-129 signing key.
apteryx pushed a commit to branch master in repository maintenance. commit d28537694fd8e1423248c8bebd01f27a498136d9 Author: Maxim Cournoyer AuthorDate: Mon Apr 24 16:30:23 2023 -0400 keys: Update node-129 signing key. * hydra/keys/guix/berlin/141.80.167.186.pub: Update key. --- hydra/keys/guix/berlin/141.80.167.186.pub | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/hydra/keys/guix/berlin/141.80.167.186.pub b/hydra/keys/guix/berlin/141.80.167.186.pub index 83f6711..9a69af8 100644 --- a/hydra/keys/guix/berlin/141.80.167.186.pub +++ b/hydra/keys/guix/berlin/141.80.167.186.pub @@ -1,6 +1,6 @@ -(public-key - (ecc +(public-key + (ecc (curve Ed25519) - (q #0A1834ECCF3B5D454886C574E77DCB6641CBB5D36C05AD471A467AC63825DAA3#) + (q #889C2020D8FC3B84ABFACBD3B5CE4152CCDB79F1CF2831B489D25A8B3287001C#) ) )
branch master updated: deploy-node-129: Update host key.
This is an automated email from the git hooks/post-receive script.
apteryx pushed a commit to branch master
in repository maintenance.
The following commit(s) were added to refs/heads/master by this push:
new 6c492e6 deploy-node-129: Update host key.
6c492e6 is described below
commit 6c492e63b065b449a86606d37d798ee75ef893cc
Author: Maxim Cournoyer
AuthorDate: Mon Apr 24 15:47:27 2023 -0400
deploy-node-129: Update host key.
* hydra/deploy-node-129.scm (machine) [host-key]: Update key.
---
hydra/deploy-node-129.scm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hydra/deploy-node-129.scm b/hydra/deploy-node-129.scm
index 774c86a..cc70d69 100644
--- a/hydra/deploy-node-129.scm
+++ b/hydra/deploy-node-129.scm
@@ -222,5 +222,5 @@ devices {
(host-name %ip-address)
(user (getenv "USER"))
(build-locally? #t)
-(host-key "ssh-ed25519
C3NzaC1lZDI1NTE5IEKtRABWvMsfq4Om16CLMpP9qbaJj83blA+K82SnZd6R")
+(host-key "ssh-ed25519
C3NzaC1lZDI1NTE5IMuCdrMoF25T9ejPLAAcS92b6lVIz5+U0avyYPQTG5NI")
(system "x86_64-linux")
02/02: node-129: Update machine configuration, booting from SAN.
apteryx pushed a commit to branch master
in repository maintenance.
commit 48573f3aafff35dbfde480a73d4bc2391dc3f4f1
Author: root
AuthorDate: Mon Apr 24 16:48:02 2023 +
node-129: Update machine configuration, booting from SAN.
* hydra/deploy-node-129.scm (%btrfs-raid-uuid): Rename to...
(%btrfs-san-uuid): ... this.
(%common-btrfs-options): Remove degraded option.
(%btrfs-pool): Rename to...
(%btrfs-pool-san): ... this.
(btrfs-subvolume-mount): Adjust accordingly.
(%copy-kernel-and-initrd): New variable.
(node-129-os) [initrd-modules]: New field.
[bootloader]: Update targets.
[file-system]: Update file systems.
[services]: Register the copy-kernel+initrd-to-/boot service.
---
hydra/deploy-node-129.scm | 85 +--
1 file changed, 52 insertions(+), 33 deletions(-)
diff --git a/hydra/deploy-node-129.scm b/hydra/deploy-node-129.scm
index dfb6923..774c86a 100644
--- a/hydra/deploy-node-129.scm
+++ b/hydra/deploy-node-129.scm
@@ -28,6 +28,7 @@
(gnu services mcron)
(gnu services ssh)
(gnu system file-systems)
+(gnu system linux-initrd)
(guix gexp)
(sysadmin build-machines))
@@ -38,16 +39,14 @@
;; List of authorized 'guix archive' keys.
(list (local-file "keys/guix/berlin.guixsd.org-export.pub")))
-(define %btrfs-raid-uuid "64a837b7-b9dc-4b64-ba95-712ba4032c71")
+(define %btrfs-san-uuid "3bd8e3fb-2ad1-41ff-ac80-4ca3e17950ea")
(define %common-btrfs-options '(("compress" . "zstd")
-("space_cache" . "v2")
-"degraded"))
+("space_cache" . "v2")))
-;;; Top-level Btrfs subvolume.
-(define %btrfs-pool
+(define %btrfs-pool-san
(file-system
-(device (uuid %btrfs-raid-uuid))
+(device (uuid %btrfs-san-uuid))
(mount-point "/mnt/btrfs-pool")
(create-mount-point? #t)
(type "btrfs")
@@ -58,7 +57,7 @@
(define (btrfs-subvolume-mount name mount-point)
"Return a file system to mount the Btrfs subvolume NAME at MOUNT-POINT."
(file-system
-(device (uuid %btrfs-raid-uuid))
+(device (uuid %btrfs-san-uuid))
(mount-point mount-point)
(create-mount-point? #t)
(type "btrfs")
@@ -108,6 +107,29 @@ devices {
}
"))
+(define %copy-kernel-and-initrd
+ ;; The storage device where the root file system is is invisible to
+ ;; GRUB. Thus, copy the kernel and initrd to /boot, where GRUB will
+ ;; be able to find them.
+ (with-imported-modules '((guix build utils))
+#~(begin
+ (use-modules (guix build utils))
+
+ (for-each
+(lambda (file)
+ (let ((target (string-append "/boot/@root/" file)))
+(format #t "copying '~a' to /boot/@root/~%" file)
+(mkdir-p (dirname target))
+(copy-recursively file target)))
+
+;; /run/current-system/kernel is a profile. The trick below
+;; allows us to get at its actual directory name, which is
+;; what 'grub.cfg' refers to.
+(list (dirname
+ (canonicalize-path "/run/current-system/kernel/bzImage"))
+ (dirname (canonicalize-path "/run/current-system/initrd")))
+
+
(define node-129-os
(let ((base-os (berlin-new-build-machine-os
@@ -119,47 +141,44 @@ devices {
#:max-jobs 4
#:max-cores 24)))
(operating-system
- (inherit base-os)
- (bootloader
- (bootloader-configuration
-(inherit (operating-system-bootloader base-os)) ;efi bootloader
-(targets (list "/boot/efi" "/boot/efi2" "/boot/efi3"
- "/boot/efi4" "/boot/efi5"
+ (inherit base-os)
+ (initrd-modules (append (list "megaraid_sas" "scsi_transport_sas"
+ "mpt3sas" "libsas"
+ ;; Suggested by 'guix system init' for
+ ;; the SAN storage.
+ "qla2xxx")
+%base-initrd-modules))
+ (bootloader
+ (bootloader-configuration
+ (inherit (operating-system-bootloader base-os)) ;efi bootloader
+ (targets (list "/boot/efi" "/boot/efi2"
(packages
(cons* multipath-tools
(operating-system-packages base-os)))
(file-systems (cons*
+(file-system
+ (mount-point "/boot") ;/dev/sda3 and /dev/sdb3 in Btrfs
RAID 1
+ (device (uuid "f4ec81a5-3ea6-494b-8886-b71eec6721ee"))
+ (type "btrfs")
+ (options "compress=zstd"))
(file-system
(mount-point "/boot/efi")
- (device (uuid "B19B-79B3" 'fat)) ;/dev/sda2
+ (device (uuid "FC8E-0264" 'fat)) ;/dev/sda2
(type "vfat"))
branch master updated (f8fe881 -> 48573f3)
apteryx pushed a change to branch master in repository maintenance. from f8fe881 sysadmin: qa-frontpage: Update to 0-9.e3810d9. new ed575f2 doc: Fix PXE boot procedure documented in infra-handbook.org. new 48573f3 node-129: Update machine configuration, booting from SAN. The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: doc/infra-handbook.org| 43 +++- hydra/deploy-node-129.scm | 85 +-- 2 files changed, 86 insertions(+), 42 deletions(-)
01/02: doc: Fix PXE boot procedure documented in infra-handbook.org.
apteryx pushed a commit to branch master in repository maintenance. commit ed575f27e7bdd5fdf4fbb11d2db5e28ff76930c4 Author: Maxim Cournoyer AuthorDate: Mon Apr 24 14:47:57 2023 -0400 doc: Fix PXE boot procedure documented in infra-handbook.org. * doc/infra-handbook.org (Repairing a non-bootable Guix System via a PXE booted image): Describe procedure as done via the BIOS instead of the iDRAC web page. --- doc/infra-handbook.org | 43 ++- 1 file changed, 34 insertions(+), 9 deletions(-) diff --git a/doc/infra-handbook.org b/doc/infra-handbook.org index f018ab6..a5e0a8f 100644 --- a/doc/infra-handbook.org +++ b/doc/infra-handbook.org @@ -144,11 +144,19 @@ mode fallback to a network (PXE) boot, and using the serial console to navigate the boot menus. Pressing F12 as suggested during the boot to reach PXE doesn't seem to -work. An alternative way is to visit the "BIOS Settings" tab of the -"Configuration" via the iDAC web interface, navigate to the "One-Time -Boot Device List" section, choose the PXE device entry for the "UEFI -Boot Sequence Device" drop-down menu, press the "Apply" button, then -"Apply And Reboot" at the bottom. +work. The most reliable way I've found is to change the ~Boot +Settings~ in a persistent fashion by entering the System Setup (F2) at +boot: + +System Setup + - System BIOS + - Boot Settings + - UEFI Boot Settings + +Leave only the PXE Device checkbox enabled, then press ESC, ESC, ESC, +Yes, OK, ESC and YES to save and exit. The PXE boot typically +succeeds on the second reboot, which it attempts automatically after +failing once. The images are made available by the MDC infrastructure team via [[https://github.com/cobbler/cobbler][Cobbler]] , and only a few of the images available are bootable (sadly, @@ -164,10 +172,27 @@ connect to from the ~hydra-guix-129~ or ~berlin~ machines. You can then mount the file systems and modify ~/boot/grub/grub.cfg~ or anything. If you need to reconfigure the machine, you can refer to: info:guix#Chrooting to chroot into an existing system, except -you'll need to pass the ~--no-substitutes~ argument to ~guix-daemon~, -otherwise it'll loop trying to fetch substitutes from -https://ci.guix.gnu.org, in vain. If the reconfiguration hangs, you -may need to use ~--no-grafts~. +you'll need to use the +~--substitute-urls=https://bordeaux.guix.gnu.org~ to avoid blocking on +attempting to fetch substitutes from https://ci.guix.gnu.org, in vain. +If the reconfiguration hangs, you may also need to use ~--no-grafts~. + +To allow connecting to a root shell from a remote machine +(e.g. ~berlin~), set the ~PermitRootLogin~ to ~yes~ in +=/etc/ssh/sshd_config= and set a password for the ~root~ user via the +~passwd~ command, then ~systemctl restart sshd~. + +** Scribbled Notes +To replicate ~node-129~'s file system under ~/mnt~, use: + +#+begin_example +mount -o subvol=@root /dev/mapper/mpathb /mnt +mount -o subvol=@cache /dev/mapper/mpathb /mnt/var/cache +mount -o subvol=@home /dev/mapper/mpathb /mnt/home +mount /dev/sda3 /mnt/boot/ +mount /dev/sda2 /mnt/boot/efi +mount /dev/sdb2 /mnt/boot/efi2/ +#+end_example * Btrfs file system
branch master updated (bec8c7e -> 2734db7)
apteryx pushed a change to branch master in repository maintenance. from bec8c7e hydra: cuirass: Add jobset for testing Go language updates. new d723981 doc: Update infra-handbook.org. new 2734db7 doc: Add maintainers-handbook.org The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: doc/infra-handbook.org | 7 +-- doc/maintainers/maintainers-handbook.org | 17 + 2 files changed, 22 insertions(+), 2 deletions(-) create mode 100644 doc/maintainers/maintainers-handbook.org
01/02: doc: Update infra-handbook.org.
apteryx pushed a commit to branch master in repository maintenance. commit d7239816446ead108982584251b695780be7ba3f Author: Maxim Cournoyer AuthorDate: Sun Mar 12 17:36:09 2023 -0400 doc: Update infra-handbook.org. * doc/infra-handbook.org (Repairing a non-bootable Guix System via a PXE booted image): Update doc. --- doc/infra-handbook.org | 7 +-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/doc/infra-handbook.org b/doc/infra-handbook.org index fa005c3..f018ab6 100644 --- a/doc/infra-handbook.org +++ b/doc/infra-handbook.org @@ -1,4 +1,5 @@ #:TITLE Guix Infrastructure Handbook +#+STARTUP: content hidestars This handbook is intended for sysadmin volunteers taking care of the infrastructure powering the Guix website, substitutes and other @@ -152,8 +153,10 @@ Boot Sequence Device" drop-down menu, press the "Apply" button, then The images are made available by the MDC infrastructure team via [[https://github.com/cobbler/cobbler][Cobbler]] , and only a few of the images available are bootable (sadly, Guix System is not one of them). One image which works and has Btrfs -support is "Ubuntu-22.04-server-amd64", but you need to adjust its -'clinux' kernel arguments at the GRUB menu boot to add +support is "Ubuntu-22.04-server-amd64". Upon selecting that entry and +pressing RET, a sub-menu should appear, containing +"Ubuntu-22.04-server-amd64-GuixFarm". Before booting it, you need to +adjust its 'clinux' kernel arguments at the GRUB menu boot to add ~console=ttyS0,115200~ in order to see the serial output. There is a convenient way to turn on SSH at the installer screen, which you can connect to from the ~hydra-guix-129~ or ~berlin~ machines.
02/02: doc: Add maintainers-handbook.org
apteryx pushed a commit to branch master in repository maintenance. commit 2734db7fd40fb13d6ba434460fcd8b8156c9e2ae Author: Maxim Cournoyer AuthorDate: Sun Mar 12 17:37:02 2023 -0400 doc: Add maintainers-handbook.org * doc/maintainers/maintainers-handbook.org: New file. --- doc/maintainers/maintainers-handbook.org | 17 + 1 file changed, 17 insertions(+) diff --git a/doc/maintainers/maintainers-handbook.org b/doc/maintainers/maintainers-handbook.org new file mode 100644 index 000..a77d37f --- /dev/null +++ b/doc/maintainers/maintainers-handbook.org @@ -0,0 +1,17 @@ +#:TITLE Guix Co-maintainers Handbook +#+STARTUP: content hidestars + +This handbook is a collection of notes to document various +management-related activities typically done by the Guix +co-maintainers. + +* Savannah +** Managing repositories +Creating new Git repositories on Savannah under the "Guix" project can +be done by sending a request to savannah-hackers-pub...@gnu.org. The +request should include: + +- The git repository name, e.g. 'nar-herd' +- Its description, e.g. 'Manage a collection of Guix nar files.' +- Its current source (to allow Savannah admins to review if it meets + the GNU FSDG criteria)
branch master updated: doc: Expound some sections of the infra handbook.
This is an automated email from the git hooks/post-receive script. apteryx pushed a commit to branch master in repository maintenance. The following commit(s) were added to refs/heads/master by this push: new 0313d3e doc: Expound some sections of the infra handbook. 0313d3e is described below commit 0313d3e8b066d6abc472a717020e0236024e06ea Author: Maxim Cournoyer AuthorDate: Fri Jan 20 21:48:39 2023 -0500 doc: Expound some sections of the infra handbook. * doc/infra-handbook.org (Boot device): Mention the server operates best in UEFI mode. (iDRAC serial console access to Berlin): Explicit how to enter the serial console. (Repairing a non-bootable Guix System via a PXE booted image): Explain how to trigger a PXE boot. (The boot fails with kernel panick on qla2xxx-related errors): Fix a typo. --- doc/infra-handbook.org | 42 +++--- 1 file changed, 27 insertions(+), 15 deletions(-) diff --git a/doc/infra-handbook.org b/doc/infra-handbook.org index c72de57..fa005c3 100644 --- a/doc/infra-handbook.org +++ b/doc/infra-handbook.org @@ -38,10 +38,11 @@ file:../hydra/deploy-node-129.scm. ** Boot device -The boot device is made of two 931 GB rotational disks attached to the -PERC controller card and configured in RAID 1. It holds the UEFI -partition as well as another partition for /boot. It is made -necessary because the SAN is not visible to GRUB. +The PowerEdge R7425 firmware works best in UEFI mode. The boot device +is made of two 931 GB rotational disks attached to the PERC controller +card and configured in RAID 1. It holds the UEFI partition as well as +another partition for /boot. It is made necessary because the SAN is +not visible to GRUB. ** SSH access to Berlin and node 129 The following ~~/.ssh/config~ snippets can be defined to access the @@ -129,22 +130,33 @@ access its iDRAC interface, because this wouldn't work in case berlin is not currently running. For the same reason, the iDRAC interface of node 129 is reached by proxy jumping through berlin. +After having connected to the iDRAC interface, the serial console can +be entered by typing the ~console com2~ command at the ~racadm>> ~ +prompt. To exit, press ~C-\~. + ** Repairing a non-bootable Guix System via a PXE booted image One way to fix a non-bootable Guix System is to boot a different GNU/Linux system and mount the partitions and make changes to them. This is made possible for Berlin and node 129 by having their boot mode fallback to a network (PXE) boot, and using the serial console to -navigate the boot menus. The images are made available via the MDC -infrastructure team via [[https://github.com/cobbler/cobbler][Cobbler]] , and only a few of the images -available are bootable (sadly, Guix System is not one of them). - -One image which works and has Btrfs support is -"Ubuntu-22.04-server-amd64", but you need to adjust its 'clinux' -kernel arguments at boot to add ~console=ttyS0,115200~ in order to see -the serial output. There is a convenient way to turn on SSH at the -installer screen, which you can connect to from the ~hydra-guix-129~ -machine. +navigate the boot menus. + +Pressing F12 as suggested during the boot to reach PXE doesn't seem to +work. An alternative way is to visit the "BIOS Settings" tab of the +"Configuration" via the iDAC web interface, navigate to the "One-Time +Boot Device List" section, choose the PXE device entry for the "UEFI +Boot Sequence Device" drop-down menu, press the "Apply" button, then +"Apply And Reboot" at the bottom. + +The images are made available by the MDC infrastructure team via +[[https://github.com/cobbler/cobbler][Cobbler]] , and only a few of the images available are bootable (sadly, +Guix System is not one of them). One image which works and has Btrfs +support is "Ubuntu-22.04-server-amd64", but you need to adjust its +'clinux' kernel arguments at the GRUB menu boot to add +~console=ttyS0,115200~ in order to see the serial output. There is a +convenient way to turn on SSH at the installer screen, which you can +connect to from the ~hydra-guix-129~ or ~berlin~ machines. You can then mount the file systems and modify ~/boot/grub/grub.cfg~ or anything. If you need to reconfigure the machine, you can refer @@ -244,6 +256,6 @@ Here's an example: #+end_example Solution: This is indicative of a device failure part of the backing devices of the SAN (Storage Area Network) array. Ensure multipath is -in used to mount the SAN (TBD), which adds resiliency to this problem, +in use to mount the SAN (TBD), which adds resiliency to this problem, and report the problem to Ricardo Wurmus/the SIMB infrastructure department.
branch master updated (d36fd16 -> 223fa53)
apteryx pushed a change to branch master in repository maintenance. from d36fd16 hydra: services: Add service for the Guix Packages website. new c6bb774 hydra/services: Allow configuring full guix gc jobs. new 223fa53 berlin: Configure a full garbage collection run daily. The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: hydra/berlin.scm| 2 +- hydra/modules/sysadmin/services.scm | 36 +++- 2 files changed, 24 insertions(+), 14 deletions(-)
02/02: berlin: Configure a full garbage collection run daily.
apteryx pushed a commit to branch master
in repository maintenance.
commit 223fa5351cc5377d74965111cbece4603df4c15f
Author: Maxim Cournoyer
AuthorDate: Wed Jan 18 11:34:22 2023 -0500
berlin: Configure a full garbage collection run daily.
* hydra/berlin.scm (services): Set the gc-threshold argument of the
frontend-services procedure to #f.
---
hydra/berlin.scm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hydra/berlin.scm b/hydra/berlin.scm
index 35b9c71..c175780 100644
--- a/hydra/berlin.scm
+++ b/hydra/berlin.scm
@@ -534,7 +534,7 @@ at MOUNT-POINT."
;; Make sure we get enough build users.
#:authorized-keys %build-node-keys
#:build-accounts-to-max-jobs-ratio 5
- #:gc-threshold (* 15 TiB)
+ #:gc-threshold #f
#:systems '("x86_64-linux" "i686-linux"
"aarch64-linux"
"powerpc64le-linux")
01/02: hydra/services: Allow configuring full guix gc jobs.
apteryx pushed a commit to branch master in repository maintenance. commit c6bb774462a7f8f7ba86def8ccb0567ef3e2ac3b Author: Maxim Cournoyer AuthorDate: Wed Jan 18 11:25:22 2023 -0500 hydra/services: Allow configuring full guix gc jobs. * hydra/modules/sysadmin/services.scm (gc-jobs): Document that threshold can be #f, and remove the -F and threshold value for the guix gc jobs in this case. Also run once instead of twice a day when a full gc is used. --- hydra/modules/sysadmin/services.scm | 36 +++- 1 file changed, 23 insertions(+), 13 deletions(-) diff --git a/hydra/modules/sysadmin/services.scm b/hydra/modules/sysadmin/services.scm index bdc7a3f..b0cae94 100644 --- a/hydra/modules/sysadmin/services.scm +++ b/hydra/modules/sysadmin/services.scm @@ -3,6 +3,7 @@ ;;; Copyright © 2016-2022 Ludovic Courtès ;;; Copyright © 2017, 2018, 2020, 2022 Ricardo Wurmus ;;; Copyright © 2022 Leo Famulari +;;; Copyright © 2023 Maxim Cournoyer ;;; ;;; This program is free software: you can redistribute it and/or modify ;;; it under the terms of the GNU General Public License as published by @@ -207,19 +208,28 @@ deleted (define (gc-jobs threshold) - "Return the garbage collection mcron jobs." - (list #~(job '(next-hour '(3 15)) - #$cleanup-cuirass-roots) - -#~(job '(next-hour '(4)) - (string-append #$guix "/bin/guix gc -F" - #$(number->string threshold))) - -;; Half a day later, make sure half of our quota is available. -#~(job '(next-hour '(16)) - (string-append #$guix "/bin/guix gc -F" - #$(number->string - (quotient threshold 2)) + "Return the garbage collection mcron jobs. The garbage collection +jobs are run twice a day, when the available free space falls below +THRESHOLD. THRESHOLD can be set to #f to run a daily full garbage +collection instead." + (define (make-guix-gc-command threshold) +`(,(file-append guix "/bin/guix") "gc" + ,@(if threshold +(list "-F" (number->string threshold)) +'( + + `(,#~(job '(next-hour '(3 15)) +#$cleanup-cuirass-roots) + +,#~(job '(next-hour '(4)) +(string-join '#$(make-guix-gc-command threshold))) + +;; Half a day later, make sure half of our quota is available. +,@(if threshold + (list #~(job '(next-hour '(16)) + (string-join '#$(make-guix-gc-command +(quotient threshold 2) + '( (define* (guix-daemon-config #:key (max-jobs 5) (cores 4) (build-accounts-to-max-jobs-ratio 4)
branch master updated: Replace execl with system* in mcron jobs.
This is an automated email from the git hooks/post-receive script. apteryx pushed a commit to branch master in repository maintenance. The following commit(s) were added to refs/heads/master by this push: new 7607878 Replace execl with system* in mcron jobs. 7607878 is described below commit 76078782392fe9826a6a47537ee9b85910fd96c9 Author: Maxim Cournoyer AuthorDate: Mon Nov 28 22:34:55 2022 -0500 Replace execl with system* in mcron jobs. Using execl causes the run-job mcron forked guile process to be hijacked and the lost of some output annotation. * doc/infra-handbook.org (Btrfs balance mcron job): Replace execl with system* and drop first argument. * hydra/berlin.scm (btrfs-balance-job): Likewise. * hydra/deploy-node-129.scm (btrfs-balance-job): Likewise. * hydra/milano-guix-1.scm (btrfs-balance-job): Likewise. * hydra/modules/sysadmin/overdrive.scm (btrfs-balance-job): Likewise. * hydra/monokuma.scm (btrfs-balance-job): Likewise. --- doc/infra-handbook.org | 4 ++-- hydra/berlin.scm | 4 ++-- hydra/deploy-node-129.scm| 4 ++-- hydra/milano-guix-1.scm | 4 ++-- hydra/modules/sysadmin/overdrive.scm | 4 ++-- hydra/monokuma.scm | 4 ++-- 6 files changed, 12 insertions(+), 12 deletions(-) diff --git a/doc/infra-handbook.org b/doc/infra-handbook.org index c27ab91..c72de57 100644 --- a/doc/infra-handbook.org +++ b/doc/infra-handbook.org @@ -197,8 +197,8 @@ file:../hydra/deploy-node-129.scm machine configuration: ;; low (5%) to minimize wear on the SSD. Runs at 5 AM every 3 days. #~(job '(next-hour-from (next-day (range 1 31 3)) '(5)) (lambda () - (execl #$(file-append btrfs-progs "/bin/btrfs") "btrfs" - "balance" "start" "-dusage=5" "/")) + (system* #$(file-append btrfs-progs "/bin/btrfs") +"balance" "start" "-dusage=5" "/")) "btrfs-balance")) #+end_src diff --git a/hydra/berlin.scm b/hydra/berlin.scm index 545762f..dd8a2eb 100644 --- a/hydra/berlin.scm +++ b/hydra/berlin.scm @@ -239,8 +239,8 @@ at MOUNT-POINT." ;; low (5%) to minimize wear on the SSD. Runs at 5 AM every 3 days. #~(job '(next-hour-from (next-day (range 1 31 3)) '(5)) (lambda () - (execl #$(file-append btrfs-progs "/bin/btrfs") "btrfs" - "balance" "start" "-dusage=5" "/")) + (system* #$(file-append btrfs-progs "/bin/btrfs") +"balance" "start" "-dusage=5" "/")) "btrfs-balance")) (define (anonip-service file) diff --git a/hydra/deploy-node-129.scm b/hydra/deploy-node-129.scm index fe8048d..dfb6923 100644 --- a/hydra/deploy-node-129.scm +++ b/hydra/deploy-node-129.scm @@ -72,8 +72,8 @@ ;; low (5%) to minimize wear on the SSD. Runs at 5 AM every 3 days. #~(job '(next-hour-from (next-day (range 1 31 3)) '(5)) (lambda () - (execl #$(file-append btrfs-progs "/bin/btrfs") "btrfs" - "balance" "start" "-dusage=5" "/")) + (system* #$(file-append btrfs-progs "/bin/btrfs") +"balance" "start" "-dusage=5" "/")) "btrfs-balance")) (define %multipath.conf diff --git a/hydra/milano-guix-1.scm b/hydra/milano-guix-1.scm index 528bc98..6fea79d 100644 --- a/hydra/milano-guix-1.scm +++ b/hydra/milano-guix-1.scm @@ -44,8 +44,8 @@ ;; low (5%) to minimize wear on the SSD. Runs at 5 AM every 3 days. #~(job '(next-hour-from (next-day (range 1 31 3)) '(5)) (lambda () - (execl #$(file-append btrfs-progs "/bin/btrfs") "btrfs" - "balance" "start" "-dusage=5" "/")) + (system* #$(file-append btrfs-progs "/bin/btrfs") +"balance" "start" "-dusage=5" "/")) "btrfs-balance")) diff --git a/hydra/modules/sysadmin/overdrive.scm b/hydra/modules/sysadmin/overdrive.scm index 0e5c4de..b605285 100644 --- a/hydra/modules/sysadmin/overdrive.scm +++ b/hydra/modules/sysadmin/overdrive.scm @@ -78,8 +78,8 @@ ;; low (5%) to minimize wear on the SSD. Runs at 5 AM every 3 days. #~(job '(next-hour-from (next-day (range 1 31 3)) '(5)) (lambda () - (execl #$(file-append btrfs-progs "/bin/btrfs") "btrfs" - "balance" "start" "-dusage=5" "/")) + (system* #$(file-append btrfs-progs "/bin/btrfs") +
02/02: berlin: machines: Temporarily disable node 130.
apteryx pushed a commit to branch master
in repository maintenance.
commit d48bb35ebd30cbb0399928ce8247f467ff57bb27
Author: Maxim Cournoyer
AuthorDate: Sat Nov 19 14:20:13 2022 -0500
berlin: machines: Temporarily disable node 130.
* hydra/machines-for-berlin.scm (hosts): Comment out node 130 and add
an explanatory comment.
---
hydra/machines-for-berlin.scm | 9 ++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/hydra/machines-for-berlin.scm b/hydra/machines-for-berlin.scm
index 5faa88e..22e9f52 100644
--- a/hydra/machines-for-berlin.scm
+++ b/hydra/machines-for-berlin.scm
@@ -123,9 +123,12 @@
"ssh-ed25519
C3NzaC1lZDI1NTE5IEKtRABWvMsfq4Om16CLMpP9qbaJj83blA+K82SnZd6R"
192)
;; hydra-guix-130
-("141.80.167.187"
- "ssh-ed25519
C3NzaC1lZDI1NTE5ICZilog+9Jdim9k07baYK6QZfkZRZbQQriExjtOEfjQ5"
- 192)))
+;; FIXME: Disabled Nov 19 2022; waiting troubleshooting from
+;; Madalin (segfaults in libc).
+;; ("141.80.167.187"
+;; "ssh-ed25519
C3NzaC1lZDI1NTE5ICZilog+9Jdim9k07baYK6QZfkZRZbQQriExjtOEfjQ5"
+;; 192)
+))
(define template-x86_64
(match-lambda
branch master updated (94aeb73 -> d48bb35)
apteryx pushed a change to branch master in repository maintenance. from 94aeb73 hydra: Add sjd-p9 signing key. new c84511f berlin: Migrate boot device to HDD RAID 1 array. new d48bb35 berlin: machines: Temporarily disable node 130. The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: doc/infra-handbook.org| 11 ++- hydra/berlin.scm | 23 ++- hydra/machines-for-berlin.scm | 9 ++--- 3 files changed, 22 insertions(+), 21 deletions(-)
01/02: berlin: Migrate boot device to HDD RAID 1 array.
apteryx pushed a commit to branch master
in repository maintenance.
commit c84511f0394f2e0f1a0736d3f6f1e5bdef49c49b
Author: Maxim Cournoyer
AuthorDate: Sat Nov 19 13:56:37 2022 -0500
berlin: Migrate boot device to HDD RAID 1 array.
* hydra/berlin.scm (%btrfs-boot-partition): Delete variable.
(bootloader) [targets]: Remove "/boot/efi2" target.
(file-systems): Remove the /boot/efi2 file system, add a file system
for /boot and adjust the UUID of the underlying device of the
/boot/efi mout point.
* doc/infra-handbook.org (Specifications): Mention the PERC controller
and the two hard drives.
(Boot device): New section.
---
doc/infra-handbook.org | 11 ++-
hydra/berlin.scm | 23 ++-
2 files changed, 16 insertions(+), 18 deletions(-)
diff --git a/doc/infra-handbook.org b/doc/infra-handbook.org
index 6ee8a53..c27ab91 100644
--- a/doc/infra-handbook.org
+++ b/doc/infra-handbook.org
@@ -8,6 +8,7 @@ The different machines involved are registered in the
file:../hydra/machines.rec file.
* Berlin
+
Berlin is the main machine, which hosts the website
(https://guix.gnu.org/), the MUMI issue tracker
(https://issues.guix.gnu.org/), runs the build farm
@@ -23,6 +24,8 @@ Dell PowerEdge R7425 server with the following specifications:
- 2x AMD EPYC 7451 24-Core processors
- Storage Area Network (SAN) of 100 TiB
- SAN connected to two QLogic QLE2692 16G Fibre Channel adapters (qla2xxx)
+- PERC 730p RAID/HBA disk controller with 8 slots
+- 2x 1 TB hard drives in a RAID 1 configuration (attached to the PERC)
- 188 GiB of memory
The machine can be remotely administered via iDRAC, the Dell server
@@ -33,8 +36,14 @@ a machine intended to become a fallback, known as node 129,
which is
deployed from Berlin via the deploy file:
file:../hydra/deploy-node-129.scm.
-** SSH access to Berlin and node 129
+** Boot device
+The boot device is made of two 931 GB rotational disks attached to the
+PERC controller card and configured in RAID 1. It holds the UEFI
+partition as well as another partition for /boot. It is made
+necessary because the SAN is not visible to GRUB.
+
+** SSH access to Berlin and node 129
The following ~~/.ssh/config~ snippets can be defined to access the
Berlin machine:
diff --git a/hydra/berlin.scm b/hydra/berlin.scm
index 238034b..2ff16a7 100644
--- a/hydra/berlin.scm
+++ b/hydra/berlin.scm
@@ -212,15 +212,6 @@ devices {
(define %common-btrfs-options '(("compress" . "zstd")
("space_cache" . "v2")))
-(define %btrfs-boot-partition
- (file-system
-(device (uuid "7a2d8741-bc5e-489e-a2b9-197b2adb6efb")) ;/dev/sda3
-(mount-point "/boot")
-(type "btrfs")
-(options (alist->file-system-options
- (cons '("subvolid" . "5")
-%common-btrfs-options)
-
(define %btrfs-pool-san
(file-system
(device (uuid %btrfs-san-uuid))
@@ -300,20 +291,18 @@ at MOUNT-POINT."
;; Show the GRUB menu on the serial interface.
(bootloader (bootloader-configuration
(bootloader grub-efi-bootloader)
- (targets '("/boot/efi"
- "/boot/efi2"))
+ (targets '("/boot/efi"))
(terminal-inputs '(serial))
(terminal-outputs '(serial
(file-systems (cons*
- %btrfs-boot-partition
(file-system
- (mount-point "/boot/efi")
- (device (uuid "82BD-8C0E" 'fat)) ;/dev/sda2
- (type "vfat"))
+ (mount-point "/boot")
+ (device (uuid "67498a2f-3e32-4e8c-96a5-8a4844ea229c"))
;/dev/sdg3
+ (type "ext4"))
(file-system
- (mount-point "/boot/efi2")
- (device (uuid "AC37-DE29" 'fat)) ;/dev/sdb2
+ (mount-point "/boot/efi")
+ (device (uuid "43AE-6859" 'fat)) ;/dev/sdg2
(type "vfat"))
%btrfs-pool-san;for convenience
(btrfs-subvolume-mount %btrfs-san-uuid "@root" "/")
branch master updated: infra-handbook: Update solution for the SAN boot problem.
This is an automated email from the git hooks/post-receive script. apteryx pushed a commit to branch master in repository maintenance. The following commit(s) were added to refs/heads/master by this push: new caf3809 infra-handbook: Update solution for the SAN boot problem. caf3809 is described below commit caf3809e52734d83960f5f28fe19d07aecc13a9b Author: Maxim Cournoyer AuthorDate: Wed Nov 16 14:41:17 2022 -0500 infra-handbook: Update solution for the SAN boot problem. Ricardo later mention there had been a device outage in the SAN. * doc/infra-handbook.org (The boot fails with kernel panick on qla2xxx-related errors): Update solution text. --- doc/infra-handbook.org | 9 + 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/doc/infra-handbook.org b/doc/infra-handbook.org index 0a67037..6ee8a53 100644 --- a/doc/infra-handbook.org +++ b/doc/infra-handbook.org @@ -233,7 +233,8 @@ Here's an example: [ 51.266936] [ 54.246148] NMI watchdog: Watchdog detected hard LOCKUP on cpu 64 #+end_example -Solution: Stop the server, update the firmware of the QLogic cards, -then start the server. The exact failure reason is unknown but it is -possible that the QLogic cards firmware becomes incompatible with that -of the SAN, which is always kept up to date. +Solution: This is indicative of a device failure part of the backing +devices of the SAN (Storage Area Network) array. Ensure multipath is +in used to mount the SAN (TBD), which adds resiliency to this problem, +and report the problem to Ricardo Wurmus/the SIMB infrastructure +department.
branch master updated: hydra: node-129: Use compress, not compress-force mount option.
This is an automated email from the git hooks/post-receive script.
apteryx pushed a commit to branch master
in repository maintenance.
The following commit(s) were added to refs/heads/master by this push:
new b805039 hydra: node-129: Use compress, not compress-force mount
option.
b805039 is described below
commit b8050390877b31762b226d46d586c12109275ac9
Author: Maxim Cournoyer
AuthorDate: Sat Nov 12 11:13:28 2022 -0500
hydra: node-129: Use compress, not compress-force mount option.
* hydra/deploy-node-129.scm (%common-btrfs-options): Replace
compress-force with compress.
(node-129-os): Bring back comment about why there can't be a swap
file/device.
---
hydra/deploy-node-129.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/hydra/deploy-node-129.scm b/hydra/deploy-node-129.scm
index 829076a..c9fd729 100644
--- a/hydra/deploy-node-129.scm
+++ b/hydra/deploy-node-129.scm
@@ -40,7 +40,7 @@
(define %btrfs-raid-uuid "64a837b7-b9dc-4b64-ba95-712ba4032c71")
-(define %common-btrfs-options '(("compress-force" . "zstd")
+(define %common-btrfs-options '(("compress" . "zstd")
("space_cache" . "v2")
"degraded"))
@@ -154,7 +154,7 @@
;; Only accept public key authentication for
;; enhanced security.
(password-authentication? #f)
- (swap-devices '()
+ (swap-devices '();cannot do swap on Btrfs RAID
(list
(machine
branch master updated: doc: Add a Problems/solutions knowledge base section.
This is an automated email from the git hooks/post-receive script.
apteryx pushed a commit to branch master
in repository maintenance.
The following commit(s) were added to refs/heads/master by this push:
new eee43c5 doc: Add a Problems/solutions knowledge base section.
eee43c5 is described below
commit eee43c569c1a87ee3cf9991c649cec1d2522c04f
Author: Maxim Cournoyer
AuthorDate: Thu Nov 10 21:01:23 2022 -0500
doc: Add a Problems/solutions knowledge base section.
* doc/infra-handbook.org (Specifications): Mention the QLogic
adapters.
(Btrfs compression and mount options): Use 'compress' instead of
'compress-force', as the later can cause too many file extents, which
in turn translate into a slow mount for a very large file system.
(Problems/solutions knowledge base): New section.
---
doc/infra-handbook.org | 48 +++-
1 file changed, 47 insertions(+), 1 deletion(-)
diff --git a/doc/infra-handbook.org b/doc/infra-handbook.org
index 956173d..0a67037 100644
--- a/doc/infra-handbook.org
+++ b/doc/infra-handbook.org
@@ -22,6 +22,7 @@ Dell PowerEdge R7425 server with the following specifications:
- 2x AMD EPYC 7451 24-Core processors
- Storage Area Network (SAN) of 100 TiB
+- SAN connected to two QLogic QLE2692 16G Fibre Channel adapters (qla2xxx)
- 188 GiB of memory
The machine can be remotely administered via iDRAC, the Dell server
@@ -162,7 +163,7 @@ file:../hydra/deploy-node-129.scm for a build machine when
high
availability is preferred over data safety (degraded):
#+begin_src scheme
-(define %common-btrfs-options '(("compress-force" . "zstd")
+(define %common-btrfs-options '(("compress" . "zstd")
("space_cache" . "v2")
"degraded"))
#+end_src
@@ -191,3 +192,48 @@ file:../hydra/deploy-node-129.scm machine configuration:
"balance" "start" "-dusage=5" "/"))
"btrfs-balance"))
#+end_src
+
+* Problems/solutions knowledge base
+** The boot fails with kernel panick on qla2xxx-related errors
+Here's an example:
+#+begin_example
+[ 51.266790] Call Trace:
+[ 51.266792]
+[ 51.266794] _raw_spin_lock_irqsave+0x46/0x60
+[ 51.266799] qla2xxx_dif_start_scsi_mq+0x2b7/0xe60 [qla2xxx
124f4fec4ef588623af420625c6af8b5bcce53fd]
+[ 51.266823] qla2xxx_mqueuecommand+0x222/0x2d0 [qla2xxx
124f4fec4ef588623af420625c6af8b5bcce53fd]
+[ 51.266838] qla2xxx_queuecommand+0x1a1/0x3d0 [qla2xxx
124f4fec4ef588623af420625c6af8b5bcce53fd]
+[ 51.266852] scsi_queue_rq+0x390/0xc00
+[ 51.266857] __blk_mq_try_issue_directly+0x176/0x1e0
+[ 51.266861] blk_mq_plug_issue_direct.constprop.0+0x93/0x180
+[ 51.266865] blk_mq_flush_plug_list+0x23d/0x2a0
+[ 51.266868] __blk_flush_plug+0xed/0x130
+[ 51.266872] blk_finish_plug+0x31/0x50
+[ 51.266874] read_pages+0x1f5/0x300
+[ 51.266879] page_cache_ra_unbounded+0x131/0x180
+[ 51.266882] force_page_cache_ra+0xc7/0x100
+[ 51.266885] page_cache_sync_ra+0x34/0x90
+[ 51.266887] filemap_get_pages+0x127/0x700
+[ 51.266893] filemap_read+0xde/0x420
+[ 51.266898] blkdev_read_iter+0xbd/0x1e0
+[ 51.266901] new_sync_read+0x13e/0x1c0
+[ 51.266905] vfs_read+0x151/0x1a0
+[ 51.266908] ksys_read+0x73/0xf0
+[ 51.266911] __x64_sys_read+0x1e/0x30
+[ 51.266913] do_syscall_64+0x60/0xc0
+[ 51.266919] entry_SYSCALL_64_after_hwframe+0x63/0xcd
+[ 51.266922] RIP: 0033:0x4e73de
+[ 51.266924] Code: 0f 1f 40 00 48 c7 c2 bc ff ff ff f7 d8 64 89 02 48 c7 c0
ff ff ff ff eb ba 0f 1f 00 64 8b 04 25 18 00 00 00 85 c0 75 14 0f 05 <48> 3d 00
f0 ff ff 77 5a c3 66 0f 1f 84 00 00 00 00 00 48 83 ec 28
+[ 51.266926] RSP: 002b:7ffc403f39e8 EFLAGS: 0246 ORIG_RAX:
+[ 51.266928] RAX: ffda RBX: 01a98738 RCX:
004e73de
+[ 51.266929] RDX: 0100 RSI: 01a98748 RDI:
0006
+[ 51.266930] RBP: 01a51bc0 R08: 01a98720 R09:
01a3ef10
+[ 51.266932] R10: 0007 R11: 0246 R12:
09ffe000
+[ 51.266933] R13: 0100 R14: 01a98720 R15:
01a51c10
+[ 51.266936]
+[ 54.246148] NMI watchdog: Watchdog detected hard LOCKUP on cpu 64
+#+end_example
+Solution: Stop the server, update the firmware of the QLogic cards,
+then start the server. The exact failure reason is unknown but it is
+possible that the QLogic cards firmware becomes incompatible with that
+of the SAN, which is always kept up to date.
branch master updated: New maintainers meeting notes.
This is an automated email from the git hooks/post-receive script. apteryx pushed a commit to branch master in repository maintenance. The following commit(s) were added to refs/heads/master by this push: new 21f78b0 New maintainers meeting notes. 21f78b0 is described below commit 21f78b01281103d5bcdae3dff50aea5d4cc98a18 Author: Maxim Cournoyer AuthorDate: Tue Nov 8 12:19:10 2022 -0500 New maintainers meeting notes. * doc/maintainers/meetings/2022-11-02.org: New file. --- doc/maintainers/meetings/2022-11-02.org | 39 + 1 file changed, 39 insertions(+) diff --git a/doc/maintainers/meetings/2022-11-02.org b/doc/maintainers/meetings/2022-11-02.org new file mode 100644 index 000..9b1852d --- /dev/null +++ b/doc/maintainers/meetings/2022-11-02.org @@ -0,0 +1,39 @@ +* Maintainers meeting +** Schedule +Tuesday, 2th of November from 14:00 CET to 15:00 CET on Jami. + +** Agenda +No fixed agenda. + +** Notes +Maxim and Mathieu were present. + +The need to enable log rotation on Berlin was brought up, as the nginx +logs now take up most of the used space on Berlin (multiple +terabytes). + +The outstanding issues for the release were discussed. Current +outstanding issues: + +M-x debbugs-gnu-bugs 53214 RET b s s + +53594 important no matching pattern #
02/02: berlin: Remove "degraded" mount option.
apteryx pushed a commit to branch master
in repository maintenance.
commit 32a20262070c430a492db91ee005b9a59a17e2d2
Author: Maxim Cournoyer
AuthorDate: Thu Oct 27 10:54:30 2022 -0400
berlin: Remove "degraded" mount option.
This option is mostly useful when using Btrfs RAID array that should
remain mountable even when one of device has a problem. Since we are
no longer using a Btrfs RAID array, remove the option.
* hydra/berlin.scm (%common-btrfs-options): Remove "degraded"
mount option.
---
hydra/berlin.scm | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/hydra/berlin.scm b/hydra/berlin.scm
index 209b257..60733b5 100644
--- a/hydra/berlin.scm
+++ b/hydra/berlin.scm
@@ -178,8 +178,7 @@ Happy hacking!\n"))
(define %btrfs-san-uuid "d5d1a040-7f2a-4c38-9a89-82f08866f6ec")
(define %common-btrfs-options '(("compress" . "zstd")
-("space_cache" . "v2")
-"degraded"))
+("space_cache" . "v2")))
(define %btrfs-boot-partition
(file-system
branch master updated (988c645 -> 32a2026)
apteryx pushed a change to branch master in repository maintenance. from 988c645 hydra: milano-guix-1: Configure dhcp client to only work with eno1. new 7eab096 berlin: Replace compress with compress-force for the Btrfs mount options. new 32a2026 berlin: Remove "degraded" mount option. The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: hydra/berlin.scm | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-)
01/02: berlin: Replace compress with compress-force for the Btrfs mount options.
apteryx pushed a commit to branch master
in repository maintenance.
commit 7eab096f0c9dd60c85f4f0f23f75252bfb339c6c
Author: Maxim Cournoyer
AuthorDate: Thu Oct 27 10:49:40 2022 -0400
berlin: Replace compress with compress-force for the Btrfs mount options.
compress-force writes fixed 512 KiB extents for any files, while
compress can write 128 MiB ones for non-compressible files, which
should greatly reduce the number of extents needed to store the NARs,
for example.
A very large number of extents can cause 'mount' to take a long time,
as is currently the case.
* hydra/berlin.scm (%common-btrfs-options): Replace "compress-force"
with "compress".
---
hydra/berlin.scm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hydra/berlin.scm b/hydra/berlin.scm
index 8960ab5..209b257 100644
--- a/hydra/berlin.scm
+++ b/hydra/berlin.scm
@@ -177,7 +177,7 @@ Happy hacking!\n"))
;;; Large Btrfs partition on the MDC-provided SAN storage (100 TiB).
(define %btrfs-san-uuid "d5d1a040-7f2a-4c38-9a89-82f08866f6ec")
-(define %common-btrfs-options '(("compress-force" . "zstd")
+(define %common-btrfs-options '(("compress" . "zstd")
("space_cache" . "v2")
"degraded"))
01/02: hydra: berlin: Remove explicit file system utilities from packages.
apteryx pushed a commit to branch master in repository maintenance. commit dab787b4a2501f640c08870da4e3242ee8f55e6b Author: Maxim Cournoyer AuthorDate: Mon Oct 3 11:31:03 2022 -0400 hydra: berlin: Remove explicit file system utilities from packages. This is no longer necessary with 45eac6cdf5c8d9d7b0c564b105c790d2d2007799 (services: Add file system utilities to profile), which automatically takes care of that. * hydra/berlin.scm (packages): Remove btrfs-progs and dosfstools. --- hydra/berlin.scm | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/hydra/berlin.scm b/hydra/berlin.scm index 24419d5..07f8771 100644 --- a/hydra/berlin.scm +++ b/hydra/berlin.scm @@ -289,9 +289,7 @@ at MOUNT-POINT." (home-directory "/home/bi-admin")) %base-user-accounts)) - (packages (cons* btrfs-progs - dosfstools - certbot emacs wget iptables + (packages (cons* certbot emacs wget iptables jnettop openssh rsync screen strace ;; This is needed to set GIT_SSL_CAINFO allowing ;; Cuirass to fetch sources via HTTPS.
branch master updated (def2f46 -> 36d6101)
apteryx pushed a change to branch master in repository maintenance. from def2f46 guix-europe: accounting: Add and consolidate entries for September. new dab787b hydra: berlin: Remove explicit file system utilities from packages. new 36d6101 hydra: berlin: Add mcron btrfs balance job. The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: hydra/berlin.scm | 45 ++--- 1 file changed, 30 insertions(+), 15 deletions(-)
02/02: hydra: berlin: Add mcron btrfs balance job.
apteryx pushed a commit to branch master
in repository maintenance.
commit 36d610130e5d2354039bcdf678fe34afdc2dfaba
Author: Maxim Cournoyer
AuthorDate: Mon Oct 3 11:32:22 2022 -0400
hydra: berlin: Add mcron btrfs balance job.
* hydra/berlin.scm (btrfs-balance-job): New variable.
[services]: Register the job in the mcron-configuration inherited from
the frontend-services.
---
hydra/berlin.scm | 41 +
1 file changed, 29 insertions(+), 12 deletions(-)
diff --git a/hydra/berlin.scm b/hydra/berlin.scm
index 07f8771..dc30fe1 100644
--- a/hydra/berlin.scm
+++ b/hydra/berlin.scm
@@ -16,7 +16,7 @@
((guix build utils) #:select (find-files))
(srfi srfi-1)
(ice-9 match))
-(use-service-modules avahi base databases dns monitoring networking admin
+(use-service-modules avahi base databases dns mcron monitoring networking admin
rsync shepherd ssh vpn web)
(use-package-modules admin base certs databases disk emacs linux mail
monitoring
screen ssh tls tor vim package-management
@@ -211,6 +211,16 @@ at MOUNT-POINT."
(cons (cons "subvol" name)
%common-btrfs-options)
+(define btrfs-balance-job
+ ;; Re-allocate chunks which are using less than 5% of their chunk
+ ;; space, to regain Btrfs 'unallocated' space. The usage is kept
+ ;; low (5%) to minimize wear on the SSD. Runs at 5 AM every 3 days.
+ #~(job '(next-hour-from (next-day (range 1 31 3)) '(5))
+ (lambda ()
+ (execl #$(file-append btrfs-progs "/bin/btrfs") "btrfs"
+ "balance" "start" "-dusage=5" "/"))
+ "btrfs-balance"))
+
(define (anonip-service file)
(service anonip-service-type
(anonip-configuration
@@ -486,14 +496,21 @@ at MOUNT-POINT."
(append
(map anonip-service %anonip-log-files)
(website-services)
- (frontend-services %sysadmins
- ;; Make sure we get enough build users.
- #:authorized-keys %build-node-keys
- #:build-accounts-to-max-jobs-ratio 5
- #:gc-threshold (* 15 TiB)
- #:systems '("x86_64-linux" "i686-linux"
- "aarch64-linux"
- "powerpc64le-linux")
- #:motd %motd
- #:publish-workers 8
- #:max-jobs 20)
+ (modify-services
+ (frontend-services %sysadmins
+ ;; Make sure we get enough build users.
+ #:authorized-keys %build-node-keys
+ #:build-accounts-to-max-jobs-ratio 5
+ #:gc-threshold (* 15 TiB)
+ #:systems '("x86_64-linux" "i686-linux"
+ "aarch64-linux"
+ "powerpc64le-linux")
+ #:motd %motd
+ #:publish-workers 8
+ #:max-jobs 20)
+(mcron-service-type
+ config => (mcron-configuration
+(inherit config)
+(jobs (cons btrfs-balance-job
+(mcron-configuration-jobs
+ config))
03/03: berlin: Add a separate, bootable /boot partition and use it.
apteryx pushed a commit to branch master
in repository maintenance.
commit 6b64909552975a0336f5c87c39be46e4e5e5408d
Author: Maxim Cournoyer
AuthorDate: Fri Sep 30 12:58:12 2022 -0400
berlin: Add a separate, bootable /boot partition and use it.
* hydra/berlin.scm (%btrfs-boot-partition): New variable.
(%btrfs-ssd-uuid, %btrfs-pool-ssd): Delete variables.
(%common-btrfs-options): Delete comment.
(bootloader): Register a second efi2 target.
[file-systems]: Register %btrfs-boot-partition. Adjust device of
the /boot/efi mount point. Add a secnod /boot/efi2 mount point.
Remove anything that has to do with btrfs-ssd-ssd, which no longer
exists. Relocate /home on the SAN.
---
hydra/berlin.scm | 51 +--
1 file changed, 17 insertions(+), 34 deletions(-)
diff --git a/hydra/berlin.scm b/hydra/berlin.scm
index f70f447..24419d5 100644
--- a/hydra/berlin.scm
+++ b/hydra/berlin.scm
@@ -174,37 +174,26 @@ Happy hacking!\n"))
;;;
;;; Btrfs pools.
;;;
-;;; This Btrfs storage array is composed of six (6) Samsung 870 QVO
-;;; SSDs of 8 TB each; configured to use the raid1c4 Btrfs profile for
-;;; metadata and raid10 for data.
-(define %btrfs-ssd-uuid "16ff18e1-eb41-4224-8df6-80d3b53c411a")
-
-;;; This is one large Btrfs partition on the MDC-provided SAN storage
-;;; (100 TiB).
+;;; Large Btrfs partition on the MDC-provided SAN storage (100 TiB).
(define %btrfs-san-uuid "d5d1a040-7f2a-4c38-9a89-82f08866f6ec")
-;;; TODO: Implement some mcron job that monitors the absent of a disk
-;;; in the array, or IO related errors in dmesg, so that we can notice
-;;; if the Btrfs becomes degraded.
(define %common-btrfs-options '(("compress-force" . "zstd")
("space_cache" . "v2")
"degraded"))
-(define %btrfs-pool-san
+(define %btrfs-boot-partition
(file-system
-;; This is required by the 'btrbk' backup tool.
-(device (uuid %btrfs-san-uuid))
-(mount-point "/mnt/btrfs-pool-san")
+(device (uuid "7a2d8741-bc5e-489e-a2b9-197b2adb6efb")) ;/dev/sda3
+(mount-point "/boot")
(type "btrfs")
(options (alist->file-system-options
(cons '("subvolid" . "5")
%common-btrfs-options)
-(define %btrfs-pool-ssd
+(define %btrfs-pool-san
(file-system
-;; This is required by the 'btrbk' backup tool.
-(device (uuid %btrfs-ssd-uuid))
-(mount-point "/mnt/btrfs-pool-ssd")
+(device (uuid %btrfs-san-uuid))
+(mount-point "/mnt/btrfs-pool-san")
(type "btrfs")
(options (alist->file-system-options
(cons '("subvolid" . "5")
@@ -270,31 +259,25 @@ at MOUNT-POINT."
;; Show the GRUB menu on the serial interface.
(bootloader (bootloader-configuration
(bootloader grub-efi-bootloader)
- (targets '("/boot/efi"))
+ (targets '("/boot/efi"
+ "/boot/efi2"))
(terminal-inputs '(serial))
(terminal-outputs '(serial
(file-systems (cons*
+ %btrfs-boot-partition
(file-system
(mount-point "/boot/efi")
- (device (uuid "E1B3-BF92" 'fat)) ;/dev/sdi1
+ (device (uuid "82BD-8C0E" 'fat)) ;/dev/sda2
(type "vfat"))
-
+ (file-system
+ (mount-point "/boot/efi2")
+ (device (uuid "AC37-DE29" 'fat)) ;/dev/sdb2
+ (type "vfat"))
+ %btrfs-pool-san;for convenience
(btrfs-subvolume-mount %btrfs-san-uuid "@root" "/")
(btrfs-subvolume-mount %btrfs-san-uuid "@cache" "/var/cache")
-
- (btrfs-subvolume-mount %btrfs-ssd-uuid "@home" "/home")
-
- ;; For convenience.
- %btrfs-pool-san
- %btrfs-pool-ssd
- (file-system
- ;; This is device holding the old root file system,
- ;; /dev/sdg1.
- (device (uuid "76954008-06cf-4b91-b0bb-316d8bab0576"))
- (mount-point "/mnt/old-root-fs")
- (type "ext4"))
-
+ (btrfs-subvolume-mount %btrfs-san-uuid "@home" "/home")
%base-file-systems))
;; Local admin account for MDC maintenance.
01/03: doc: Add infra-handbook.org.
apteryx pushed a commit to branch master
in repository maintenance.
commit 62525c6d4986e8abf3c7f23d41ecaa9b053c7d6e
Author: Maxim Cournoyer
AuthorDate: Wed Sep 21 11:37:52 2022 -0400
doc: Add infra-handbook.org.
* doc/infra-handbook.org: New file.
---
doc/infra-handbook.org | 193 +
1 file changed, 193 insertions(+)
diff --git a/doc/infra-handbook.org b/doc/infra-handbook.org
new file mode 100644
index 000..956173d
--- /dev/null
+++ b/doc/infra-handbook.org
@@ -0,0 +1,193 @@
+#:TITLE Guix Infrastructure Handbook
+
+This handbook is intended for sysadmin volunteers taking care of the
+infrastructure powering the Guix website, substitutes and other
+services offered via https://guix.gnu.org/.
+
+The different machines involved are registered in the
+file:../hydra/machines.rec file.
+
+* Berlin
+Berlin is the main machine, which hosts the website
+(https://guix.gnu.org/), the MUMI issue tracker
+(https://issues.guix.gnu.org/), runs the build farm
+(https://ci.guix.gnu.org/) and serves the cached substitutes. It is
+graciously provided by the Max Delbrück Center for Molecular Medicine
+in the Helmholtz Association (MDC) and hosted at their datacenter in
+Berlin, hence its name.
+
+** Specifications
+
+Dell PowerEdge R7425 server with the following specifications:
+
+- 2x AMD EPYC 7451 24-Core processors
+- Storage Area Network (SAN) of 100 TiB
+- 188 GiB of memory
+
+The machine can be remotely administered via iDRAC, the Dell server
+management platform.
+
+Its configuration is defined in file:../hydra/berlin.scm. Berlin has
+a machine intended to become a fallback, known as node 129, which is
+deployed from Berlin via the deploy file:
+file:../hydra/deploy-node-129.scm.
+
+** SSH access to Berlin and node 129
+
+The following ~~/.ssh/config~ snippets can be defined to access the
+Berlin machine:
+
+#+begin_src
+Host berlin
+ HostName berlin.guix.gnu.org
+ DynamicForward 8022
+ ForwardAgent yes
+#+end_src
+
+The ~DynamicForward~ on port 8022 will be explained in the iDRAC web
+access section below, while ~ForwardAgent~ is useful to have your
+agent credentials used to deploy to node 129 from Berlin available.
+
+For node 129, you can use:
+#+begin_src
+Host hydra-guix-129
+ HostName 141.80.181.41
+ DynamicForward 8022
+#+end_src
+
+** iDRAC web page access
+
+The Dell iDRAC management suite offers a web site to easily do actions
+such as rebooting a machine, changing parameters or simply checking
+its current status. The iDRAC page of Berlin can be accessed at
+https://141.80.167.225, while node 129's page can be accessed at
+https://141.80.167.229. Because the iDRAC web interface can only be
+accessed locally from the MDC, it is necessary to configure some HTTP
+proxy. This can be accomplished via OpenSSH's SOCKS proxy support.
+For it to work, two things are needed:
+
+1. A ~DynamicForward~ directive on your SSH host, as shown in the
+ snippets from the above [[SSH access to Berlin and node 129]] section.
+2. A proxy auto-configuration (PAC) file to configure your browser to relay
+ requests to specific domains to through the SOCKS proxy.
+
+For GNU IceCat, the PAC file can be defined as below, and placed for
+example at ~~/.mozilla/proxy.pac~. Then you should navigate to the
+IceCat Settings -> General -> Network Settings (completely at the
+bottom), and tick the "Automatic proxy configuration URL" checkbox,
+inputting the PAC file URI in the associated text box, e.g.:
+file://home/maxim/.mozilla/proxy.pac. Click the "Reload" button to
+have it effective.
+
+#+begin_src
+function FindProxyForURL(url, host) {
+if (isInNet(dnsResolve(host), "141.80.167.0", "255.255.255.0")) {
+return "SOCKS localhost:8022; DIRECT";
+} else {
+return "DIRECT";
+}
+}
+#+end_src
+
+After that, navigating to https://141.80.167.229 should display the
+iDRAC login page, as long as you have an active connection to either
+~berlin~ or ~hydra-guix-129~.
+
+** iDRAC serial console access to Berlin
+
+iDRAC also provides access to a server's serial console, which can be
+very handy to debug boot problems (before an SSH server is available).
+The iDRAC main console interfaces reachable per specific IPs private
+to the MDC network, so it is necessary to proxy jump through Berlin or
+node 129 to reach them, as shown in the ~~/.ssh/config~ configuration
+snippets below:
+
+#+begin_src
+Host hydra-guix-129-idrac
+ ProxyJump berlin
+ HostName 141.80.167.229
+ User guix
+
+Host berlin-idrac
+ ProxyJump hydra-guix-129
+ HostName 141.80.167.225
+ User guix
+#+end_src
+
+You may notice that we don't proxy jump through berlin itself to
+access its iDRAC interface, because this wouldn't work in case berlin
+is not currently running. For the same reason, the iDRAC interface of
+node 129 is reached by proxy jumping through berlin.
02/03: berlin: Adjust %copy-kernel-and-initrd activation script.
apteryx pushed a commit to branch master in repository maintenance. commit 441f2486078e1ba0af252b9c7e74b22fe9147192 Author: Maxim Cournoyer AuthorDate: Fri Sep 30 12:53:27 2022 -0400 berlin: Adjust %copy-kernel-and-initrd activation script. The store being on a GRUB-invisible SAN device, the kernel and initrd should now be copied to /boot, which is hosted on two local SSDs (Btrfs RAID1). * hydra/berlin.scm (%copy-kernel-and-initrd): Adjust to /boot instead of to /store. Copy the whole file name, not just its base name. Let warnings go through. [services]: Rename service from copy-kernel+initrd-to-/store to copy-kernel+initrd-to-/boot. --- hydra/berlin.scm | 32 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/hydra/berlin.scm b/hydra/berlin.scm index 58fe68d..f70f447 100644 --- a/hydra/berlin.scm +++ b/hydra/berlin.scm @@ -106,26 +106,26 @@ Happy hacking!\n")) (define %copy-kernel-and-initrd - ;; The storage device where the root file system is is invisible to GRUB. - ;; Thus, copy the kernel and initrd to /store, where GRUB will be able to - ;; find them. + ;; The storage device where the root file system is is invisible to + ;; GRUB. Thus, copy the kernel and initrd to /boot, where GRUB will + ;; be able to find them. (with-imported-modules '((guix build utils)) #~(begin (use-modules (guix build utils)) -(for-each (lambda (file) -(let ((target (string-append "/store/" (basename file - (unless (file-exists? target) -(format #t "copying '~a' to /store...~%" file) -(copy-recursively file target - #:log (%make-void-port "w") +(for-each + (lambda (file) + (let ((target (string-append "/boot/@root/" file))) + (format #t "copying '~a' to /boot/@root/~%" file) + (mkdir-p (dirname target)) + (copy-recursively file target))) - ;; /run/current-system/kernel is a profile. The trick - ;; below allows us to get at its actual directory name, - ;; which is what 'grub.cfg' refers to. - (list (dirname - (canonicalize-path "/run/current-system/kernel/bzImage")) -(dirname (canonicalize-path "/run/current-system/initrd"))) + ;; /run/current-system/kernel is a profile. The trick below + ;; allows us to get at its actual directory name, which is + ;; what 'grub.cfg' refers to. + (list (dirname +(canonicalize-path "/run/current-system/kernel/bzImage")) + (dirname (canonicalize-path "/run/current-system/initrd"))) (define %build-node-key-directory @@ -322,7 +322,7 @@ at MOUNT-POINT." %base-packages)) (services (cons* - (simple-service 'copy-kernel+initrd-to-/store + (simple-service 'copy-kernel+initrd-to-/boot activation-service-type %copy-kernel-and-initrd)
branch master updated (2cae951 -> 6b64909)
apteryx pushed a change to branch master in repository maintenance. from 2cae951 goggles: Linkify only the matching URL substring. new 62525c6 doc: Add infra-handbook.org. new 441f248 berlin: Adjust %copy-kernel-and-initrd activation script. new 6b64909 berlin: Add a separate, bootable /boot partition and use it. The 3 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: doc/infra-handbook.org | 193 + hydra/berlin.scm | 83 + 2 files changed, 226 insertions(+), 50 deletions(-) create mode 100644 doc/infra-handbook.org
02/06: hydra: overdrive: Enable Btrfs compression.
apteryx pushed a commit to branch master
in repository maintenance.
commit 0ba36942a26ab3a9df4a757fe2de8b580848685a
Author: Maxim Cournoyer
AuthorDate: Fri Sep 23 08:19:54 2022 -0400
hydra: overdrive: Enable Btrfs compression.
* hydra/modules/sysadmin/overdrive.scm (%common-btrfs-options): New
variable.
(overdrive-system) [file-systems] : Use it for mount options.
---
hydra/modules/sysadmin/overdrive.scm | 7 ++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/hydra/modules/sysadmin/overdrive.scm
b/hydra/modules/sysadmin/overdrive.scm
index ee879d1..43ad9dc 100644
--- a/hydra/modules/sysadmin/overdrive.scm
+++ b/hydra/modules/sysadmin/overdrive.scm
@@ -79,6 +79,9 @@
"balance" "start" "-dusage=5" "/"))
"btrfs-balance"))
+(define %common-btrfs-options '(("compress-force" . "zstd")
+("space_cache" . "v2")))
+
(define* (overdrive-system name #:key wireguard-ip)
(operating-system
(host-name name)
@@ -94,7 +97,9 @@
(file-systems (cons* (file-system
(device "/dev/sda3")
(mount-point "/")
- (type "btrfs"))
+ (type "btrfs")
+ (options (alist->file-system-options
+ %common-btrfs-options)))
(file-system
(device "/dev/sda1")
(mount-point "/boot/efi")
01/06: hydra: Adjust Btrfs balance jobs.
apteryx pushed a commit to branch master in repository maintenance. commit 88ba60b97eb3c9943c5925fc060e9cab663a68a4 Author: Maxim Cournoyer AuthorDate: Fri Sep 23 08:13:29 2022 -0400 hydra: Adjust Btrfs balance jobs. Balancing metadata is not recommended, so do not do it. Reduce balance usage filter threshold to 5%, which is more reasonable for a balance running often and require less free blocks. * hydra/modules/sysadmin/overdrive.scm (btrfs-job): Rename to: (btrfs-balance-job). Use the same snippet as used in 'deploy-node-129.scm'. (overdrive-system) [services] : Adjust for job rename. * hydra/milano-guix-1.scm: Likewise. * hydra/monokuma.scm: Likewise. --- hydra/milano-guix-1.scm | 17 ++--- hydra/modules/sysadmin/overdrive.scm | 18 +++--- hydra/monokuma.scm | 17 ++--- 3 files changed, 31 insertions(+), 21 deletions(-) diff --git a/hydra/milano-guix-1.scm b/hydra/milano-guix-1.scm index da7be51..bfb6144 100644 --- a/hydra/milano-guix-1.scm +++ b/hydra/milano-guix-1.scm @@ -38,12 +38,15 @@ ;; Run 'guix gc' at 3AM every day. #~(job '(next-hour '(3)) "guix gc -F 350G")) -(define btrfs-job - ;; Run 'btrfs balance' every three days to make free space. - #~(job (lambda (now) - (next-day-from now (range 1 31 3))) - (string-append #$btrfs-progs "/bin/btrfs balance " -"start -dusage=50 /"))) +(define btrfs-balance-job + ;; Re-allocate chunks which are using less than 5% of their chunk + ;; space, to regain Btrfs 'unallocated' space. The usage is kept + ;; low (5%) to minimize wear on the SSD. Runs at 5 AM every 3 days. + #~(job '(next-hour-from (next-day (range 1 31 3)) '(5)) + (lambda () + (execl #$(file-append btrfs-progs "/bin/btrfs") "btrfs" + "balance" "start" "-dusage=5" "/")) + "btrfs-balance")) ;; The actual machine @@ -130,7 +133,7 @@ (service mcron-service-type (mcron-configuration - (jobs (list gc-job btrfs-job + (jobs (list gc-job btrfs-balance-job (service guix-build-coordinator-agent-service-type (guix-build-coordinator-agent-configuration diff --git a/hydra/modules/sysadmin/overdrive.scm b/hydra/modules/sysadmin/overdrive.scm index 2a18b4d..ee879d1 100644 --- a/hydra/modules/sysadmin/overdrive.scm +++ b/hydra/modules/sysadmin/overdrive.scm @@ -3,6 +3,7 @@ ;;; Copyright © 2016-2018, 2020-2022 Ludovic Courtès ;;; Copyright © 2020, 2021 Mathieu Othacehe ;;; Copyright © 2022 Andreas Enge +;;; Copyright © 2022 Maxim Cournoyer ;;; ;;; This program is free software: you can redistribute it and/or modify ;;; it under the terms of the GNU General Public License as published by @@ -68,12 +69,15 @@ ;; Run 'guix gc' at 3AM every day. #~(job '(next-hour '(3)) "guix gc -F 50G")) -(define btrfs-job - ;; Run 'btrfs balance' every three days to make free space. - #~(job (lambda (now) - (next-day-from now (range 1 31 3))) - (string-append #$btrfs-progs "/bin/btrfs balance " -"start -dusage=50 -musage=70 /"))) +(define btrfs-balance-job + ;; Re-allocate chunks which are using less than 5% of their chunk + ;; space, to regain Btrfs 'unallocated' space. The usage is kept + ;; low (5%) to minimize wear on the SSD. Runs at 5 AM every 3 days. + #~(job '(next-hour-from (next-day (range 1 31 3)) '(5)) + (lambda () + (execl #$(file-append btrfs-progs "/bin/btrfs") "btrfs" + "balance" "start" "-dusage=5" "/")) + "btrfs-balance")) (define* (overdrive-system name #:key wireguard-ip) (operating-system @@ -119,7 +123,7 @@ (service dhcp-client-service-type) (service mcron-service-type (mcron-configuration -(jobs (list gc-job btrfs-job +(jobs (list gc-job btrfs-balance-job (service agetty-service-type (agetty-configuration diff --git a/hydra/monokuma.scm b/hydra/monokuma.scm index 7809073..f4f3b70 100644 --- a/hydra/monokuma.scm +++ b/hydra/monokuma.scm @@ -26,12 +26,15 @@ ;; Run 'guix gc' at 3AM every day. #~(job '(next-hour '(3)) "guix gc -F 200G")) -(define btrfs-job - ;; Run 'btrfs balance' every three days to make free space. - #~(job (lambda (now) - (next-day-from now (range 1 31 3))) - (string-append #$btrfs-progs "/bin/btrfs balance " -"start -dusage=50 -musage=70 /"))) +(define btrfs-balance-job + ;; Re-allocate chunks which are using less than 5% of their chunk + ;; space, to regain B
04/06: hydra: overdrive: Allow un-authenticated sudo to wheel group.
apteryx pushed a commit to branch master
in repository maintenance.
commit 8cd6fbee6d59f65c0099020f35a9f05dd59b7511
Author: Maxim Cournoyer
AuthorDate: Fri Sep 23 14:15:15 2022 -0400
hydra: overdrive: Allow un-authenticated sudo to wheel group.
This enables reconfiguring the overdrive machines via 'guix deploy'.
* hydra/modules/sysadmin/overdrive.scm (overdrive-system)
[sudoers-file]: New field.
---
hydra/modules/sysadmin/overdrive.scm | 16 +++-
1 file changed, 15 insertions(+), 1 deletion(-)
diff --git a/hydra/modules/sysadmin/overdrive.scm
b/hydra/modules/sysadmin/overdrive.scm
index 43ad9dc..a74fea7 100644
--- a/hydra/modules/sysadmin/overdrive.scm
+++ b/hydra/modules/sysadmin/overdrive.scm
@@ -30,6 +30,8 @@
#:use-module (gnu services mcron)
#:use-module (gnu services ssh)
#:use-module (gnu services vpn)
+ #:use-module (srfi srfi-1)
+ #:use-module (srfi srfi-26)
#:use-module ((sysadmin services) #:select (berlin-wireguard-peer))
#:export (overdrive-system))
@@ -167,4 +169,16 @@
'("--max-jobs=2" "--cores=3")))
(packages (cons* btrfs-progs screen openssh strace nss-certs
- %base-packages
+ %base-packages))
+
+;; Allow sysadmins (sudoers) to use 'sudo' without a password so
+;; they can 'guix deploy' these machines as their own user.
+(sudoers-file
+ (plain-file "sudoers"
+ (string-join
+ (append (remove (cut string-prefix? "%wheel" <>)
+ (string-split
+ (string-trim-right (plain-file-content
+ %sudoers-specification))
+ #\newline))
+ (list "%wheel ALL = NOPASSWD: ALL\n")) "\n")
03/06: hydra: build-machines: Enable non-authenticated sudo by group.
apteryx pushed a commit to branch master
in repository maintenance.
commit ae6efd3523ac5755703bc483bc7806a9627b460b
Author: Maxim Cournoyer
AuthorDate: Fri Sep 23 14:08:37 2022 -0400
hydra: build-machines: Enable non-authenticated sudo by group.
* hydra/modules/sysadmin/build-machines.scm
(berlin-new-build-machine-os)[sudoers]: Grant access by the "wheel"
group instead of by username.
---
hydra/modules/sysadmin/build-machines.scm | 16 +++-
1 file changed, 11 insertions(+), 5 deletions(-)
diff --git a/hydra/modules/sysadmin/build-machines.scm
b/hydra/modules/sysadmin/build-machines.scm
index 4d14e48..de4bd56 100644
--- a/hydra/modules/sysadmin/build-machines.scm
+++ b/hydra/modules/sysadmin/build-machines.scm
@@ -34,6 +34,8 @@
#:use-module (sysadmin people)
#:use-module (gnu packages ssh)
#:use-module (ice-9 format)
+ #:use-module (srfi srfi-1)
+ #:use-module (srfi srfi-26)
#:export (build-machine-os
berlin-new-build-machine-os
childhurd-ip?))
@@ -299,12 +301,16 @@ Match Address 141.80.167.131
(number->string max-jobs)
"--cores"
(number->string max-cores)
-;; Allow sysadmins to use 'sudo' without a password so they can
-;; 'guix deploy' these machines as their own user.
+;; Allow sysadmins (sudoers) to use 'sudo' without a password so
+;; they can 'guix deploy' these machines as their own user.
(sudoers-file
(plain-file "sudoers"
- (string-append (plain-file-content %sudoers-specification)
- (format #f "~{~a ALL = NOPASSWD: ALL~%~}"
- (map sysadmin-name sysadmins)))
+ (string-join
+ (append (remove (cut string-prefix? "%wheel" <>)
+ (string-split
+ (string-trim-right (plain-file-content
+ %sudoers-specification))
+ #\newline))
+ (list "%wheel ALL = NOPASSWD: ALL\n")) "\n")
;;; build-machines.scm end here
branch master updated (af6d488 -> 9971141)
apteryx pushed a change to branch master in repository maintenance. from af6d488 guix-europe: minutes: Clarify an old document. new 88ba60b hydra: Adjust Btrfs balance jobs. new 0ba3694 hydra: overdrive: Enable Btrfs compression. new ae6efd3 hydra: build-machines: Enable non-authenticated sudo by group. new 8cd6fbe hydra: overdrive: Allow un-authenticated sudo to wheel group. new bcf7692 hydra: Turn overdrive1 config into a deployable machine config. new 9971141 hydra: overdrive: Use ZRAM. The 6 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: hydra/deploy-overdrive1.scm | 14 ++ hydra/milano-guix-1.scm | 17 +++- hydra/modules/sysadmin/build-machines.scm | 16 +++ hydra/modules/sysadmin/overdrive.scm | 46 +-- hydra/monokuma.scm| 17 +++- hydra/overdrive1.scm | 4 --- 6 files changed, 82 insertions(+), 32 deletions(-) create mode 100644 hydra/deploy-overdrive1.scm delete mode 100644 hydra/overdrive1.scm
06/06: hydra: overdrive: Use ZRAM.
apteryx pushed a commit to branch master in repository maintenance. commit 99711415ca4869f69c06c6ad84499193f0ed8208 Author: Maxim Cournoyer AuthorDate: Sun Sep 25 22:27:50 2022 -0400 hydra: overdrive: Use ZRAM. * hydra/modules/sysadmin/overdrive.scm (overdrive-system) [services]: Add zram-device-service-type. --- hydra/modules/sysadmin/overdrive.scm | 5 + 1 file changed, 5 insertions(+) diff --git a/hydra/modules/sysadmin/overdrive.scm b/hydra/modules/sysadmin/overdrive.scm index a74fea7..0e5c4de 100644 --- a/hydra/modules/sysadmin/overdrive.scm +++ b/hydra/modules/sysadmin/overdrive.scm @@ -26,6 +26,7 @@ #:use-module (gnu packages certs) #:use-module (gnu services avahi) #:use-module (gnu services cuirass) + #:use-module (gnu services linux) #:use-module (gnu services networking) #:use-module (gnu services mcron) #:use-module (gnu services ssh) @@ -149,6 +150,10 @@ (addresses (list wireguard-ip)) (peers (list berlin-wireguard-peer + (service zram-device-service-type (zram-device-configuration + (size "4G") + (compression-algorithm 'ZSTD) + (priority 100))) (service ntp-service-type)
05/06: hydra: Turn overdrive1 config into a deployable machine config.
apteryx pushed a commit to branch master in repository maintenance. commit bcf7692d410b527023198d06411d371c22cf74dc Author: Maxim Cournoyer AuthorDate: Fri Sep 23 14:11:47 2022 -0400 hydra: Turn overdrive1 config into a deployable machine config. * hydra/overdrive1.scm: Rename to... * hydra/deploy-overdrive1.scm: ... this. Wrap the operating system into a record. --- hydra/deploy-overdrive1.scm | 14 ++ hydra/overdrive1.scm| 4 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/hydra/deploy-overdrive1.scm b/hydra/deploy-overdrive1.scm new file mode 100644 index 000..0dbc270 --- /dev/null +++ b/hydra/deploy-overdrive1.scm @@ -0,0 +1,14 @@ +(use-modules (sysadmin overdrive)) + +(list + (machine + (operating-system (overdrive-system "overdrive1" + #:wireguard-ip "10.0.0.3/32")) + (environment managed-host-environment-type) + (configuration + (machine-ssh-configuration +(host-name "overdrive1") +(user (getenv "USER")) +(build-locally? #t) +(host-key "ssh-ed25519 C3NzaC1lZDI1NTE5IPf2f93c90oi9s9qGVGWC3sDgG7kEBvIEwR021NsfG+z") +(system "aarch64-linux") diff --git a/hydra/overdrive1.scm b/hydra/overdrive1.scm deleted file mode 100644 index d093174..000 --- a/hydra/overdrive1.scm +++ /dev/null @@ -1,4 +0,0 @@ -(use-modules (sysadmin overdrive)) - -(overdrive-system "overdrive1" - #:wireguard-ip "10.0.0.3/32")
01/02: hydra/machines.rec: Replace GuixSD with Guix System.
apteryx pushed a commit to branch master in repository maintenance. commit b85461cefeb608a1692867568c9e6a7630f7cd0c Author: Maxim Cournoyer AuthorDate: Wed Sep 21 10:27:32 2022 -0400 hydra/machines.rec: Replace GuixSD with Guix System. --- hydra/machines.rec | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/hydra/machines.rec b/hydra/machines.rec index 10dec67..6367c34 100644 --- a/hydra/machines.rec +++ b/hydra/machines.rec @@ -196,7 +196,7 @@ Location: Bordeaux, France Contact: Andreas Enge Cores: 8 SystemType: x86_64-linux -BaseSystem: GuixSD +BaseSystem: Guix System PublicKey: (public-key + (ecc +(curve Ed25519) @@ -214,7 +214,7 @@ Contact: Ricardo Wurmus Contact: Madalin Patrascu Cores: 72 SystemType: x86_64-linux (front-end) -BaseSystem: GuixSD, see berlin.scm +BaseSystem: Guix System, see berlin.scm PublicKey: (public-key + (ecc + (curve Ed25519) @@ -232,7 +232,7 @@ Contact: Giovanni Biscuolo Contact: Andrea Trentini Cores: 32 SystemType: x86_64-linux -BaseSystem: GuixSD, see milano-guix-1.scm +BaseSystem: Guix System, see milano-guix-1.scm PublicKey: (public-key + (ecc + (curve Ed25519)
branch master updated (1abb59e -> 5779636)
apteryx pushed a change to branch master in repository maintenance. from 1abb59e hydra: bayfront: Reduce guix-daemon --cores. new b85461c hydra/machines.rec: Replace GuixSD with Guix System. new 5779636 hydra/machines.rec: Specify the vendor of the head server. The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: hydra/machines.rec | 8 1 file changed, 4 insertions(+), 4 deletions(-)
02/02: hydra/machines.rec: Specify the vendor of the head server.
apteryx pushed a commit to branch master in repository maintenance. commit 5779636e3a12aecbfdf9f392e48946ebeecae45f Author: Maxim Cournoyer AuthorDate: Wed Sep 21 11:59:30 2022 -0400 hydra/machines.rec: Specify the vendor of the head server. --- hydra/machines.rec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hydra/machines.rec b/hydra/machines.rec index 6367c34..4d09fb3 100644 --- a/hydra/machines.rec +++ b/hydra/machines.rec @@ -208,7 +208,7 @@ Nickname: berlin Hostname: berlin.guixsd.org Port: 22 Physical: Yes -Vendor: ? +Vendor: Dell PowerEdge R7425 with two AMD EPYC 7451 24-Core Processor Location: Max Delbrück Center, Berlin, Germany Contact: Ricardo Wurmus Contact: Madalin Patrascu
branch master updated: hydra: Register Berlin's own signing key for substitutes.
This is an automated email from the git hooks/post-receive script. apteryx pushed a commit to branch master in repository maintenance. The following commit(s) were added to refs/heads/master by this push: new 4fdd0b5 hydra: Register Berlin's own signing key for substitutes. 4fdd0b5 is described below commit 4fdd0b589ad47b88fe2d9b4a5cf8a49d80f801c2 Author: Maxim Cournoyer AuthorDate: Tue Sep 6 09:13:48 2022 -0400 hydra: Register Berlin's own signing key for substitutes. * hydra/berlin.scm (%build-node-keys): Expound comment. * hydra/keys/guix/berlin.pub: New file. Reported-by: Ricardo Wurmus --- hydra/berlin.scm | 4 +++- hydra/keys/guix/berlin/berlin.pub | 6 ++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/hydra/berlin.scm b/hydra/berlin.scm index f9489cf..e94a69c 100644 --- a/hydra/berlin.scm +++ b/hydra/berlin.scm @@ -133,7 +133,9 @@ Happy hacking!\n")) (string-append (current-source-directory) "/keys/guix/berlin")) (define %build-node-keys - ;; Signing keys of the build nodes. + ;; Signing keys of the build nodes. The signing key of the head + ;; node should be available so that it can use cached substitutes + ;; that no longer exist in its store. (map (lambda (file) (local-file file (string-map (match-lambda (#\: #\-) diff --git a/hydra/keys/guix/berlin/berlin.pub b/hydra/keys/guix/berlin/berlin.pub new file mode 100644 index 000..f156a37 --- /dev/null +++ b/hydra/keys/guix/berlin/berlin.pub @@ -0,0 +1,6 @@ +(public-key + (ecc + (curve Ed25519) + (q #8D156F295D24B0D9A86FA5741A840FF2D24F60F7B6C4134814AD55625971B394#) + ) + )
branch master updated: doc: Add meeting notes.
This is an automated email from the git hooks/post-receive script. apteryx pushed a commit to branch master in repository maintenance. The following commit(s) were added to refs/heads/master by this push: new d1830e0 doc: Add meeting notes. d1830e0 is described below commit d1830e06bf895381090fed26ca24128afd3317e5 Author: Maxim Cournoyer AuthorDate: Tue Sep 6 08:49:30 2022 -0400 doc: Add meeting notes. * doc/maintainers/meetings/2022-08-06.org: New file. --- doc/maintainers/meetings/2022-08-06.org | 31 +++ 1 file changed, 31 insertions(+) diff --git a/doc/maintainers/meetings/2022-08-06.org b/doc/maintainers/meetings/2022-08-06.org new file mode 100644 index 000..7aa3cab --- /dev/null +++ b/doc/maintainers/meetings/2022-08-06.org @@ -0,0 +1,31 @@ +* Maintainers meeting +** Schedule +The 6th of August from 14:00 CEST to 14:35 CET on Jami. + +** Agenda +No fixed agenda. + +** Notes +Efraim, Maxim and Mathieu were present. + +- The /var/cache directory was relocated to the 100 TiB SAN storage on + Berlin, completing the migration. The 6 x 8 TiB SSDs are thus + available for being re-purposed. + +*Action* Discuss if there's a need on Bordeaux or elsewhere to +re-purpose the SSDs. [Maxim] + +*Action* Version the /etc/guix/machines.scm file in the +guix-maintenance repository and deploy it via an extra-special-file +service. [Mathieu] + +*Action* Register Berlin's own Guix signing key to its guix-daemon +configuration, so that it can use the cached substitutes no longer in +its store. + +The following actions are carried from last month: + +*Action* Expound NEWS file. [All] + +*Action* Exercise release machinery, e.g. ~make release~ and verify +documented process in =doc/release.org= [All]
branch master updated: doc: Add 2022-08-02 maintainers meeting notes.
This is an automated email from the git hooks/post-receive script. apteryx pushed a commit to branch master in repository maintenance. The following commit(s) were added to refs/heads/master by this push: new c9ad808 doc: Add 2022-08-02 maintainers meeting notes. c9ad808 is described below commit c9ad8085c05012086d906ec41d945f7382557283 Author: Maxim Cournoyer AuthorDate: Tue Aug 2 10:07:26 2022 -0400 doc: Add 2022-08-02 maintainers meeting notes. * doc/maintainers/meetings/2022-08-02.org: New file. --- doc/maintainers/meetings/2022-07-02.org | 33 + 1 file changed, 33 insertions(+) diff --git a/doc/maintainers/meetings/2022-07-02.org b/doc/maintainers/meetings/2022-07-02.org new file mode 100644 index 000..70931de --- /dev/null +++ b/doc/maintainers/meetings/2022-07-02.org @@ -0,0 +1,33 @@ +* Maintainers meeting +** Schedule +The 2nd of August from 14:00 CEST to 15:15 CET on Jami & Jitsi. + +** Agenda +No fixed agenda -- discuss an action to take. + +** Notes +Meeting was held on Jami & Jitsi. Efraim, Maxim and Tobias were present. + +- The infrastructure status was discussed. Berlin is now accessible + via iDRAC, and its root file system was migrated to the 100 TiB SAN + storage, to resolve inodes exhaustion problem that was occurring on + the older ext4 partition. =/var/cache= and =/home= which are still + on the RAID 10 SSDs. To boot from the SAN, the store items + referenced by grub.cfg needed to be copied to /boot. + +*Action* Migrate the remaining =/var/cache= and =/home= to @cache and +@home Btrfs submodules on the SAN. [Tobias] + +*Action* Implement a 'stand-alone?' bootloader-configuration option +that would take care of copying grub.cfg things to =/boot= +automatically. [Maxim?] + +- Discussed re-entering release mode. + +*Action* Expound NEWS file. [All] + +*Action* Exercise release machinery, e.g. ~make release~ and verify +documented process in =doc/release.org= [All] + +- Also discussed: RISC-V support being worked on by Efraim, and the + process of granting commit access.
branch wip-san-migration deleted (was ea45260)
apteryx pushed a change to branch wip-san-migration in repository maintenance. was ea45260 berlin: Migrate root file system to SAN storage. The revisions that were on this branch are still contained in other references; therefore, this change does not discard any commits from the repository.
branch master updated (32547a9 -> ea45260)
apteryx pushed a change to branch master in repository maintenance. from 32547a9 gnu: hydra-guix-129: Add a btrfs balance job. add 3901696 hydra: berlin: Migrate bootloader from BIOS to UEFI. add 764a60c hydra: hydra-guix-129: Add dosfstools package. add 4c744fd hydra: berlin: Fix indentation. add ea45260 berlin: Migrate root file system to SAN storage. No new revisions were added by this update. Summary of changes: hydra/berlin.scm | 156 +- hydra/deploy-node-129.scm | 4 +- 2 files changed, 74 insertions(+), 86 deletions(-)
03/04: hydra: berlin: Fix indentation.
apteryx pushed a commit to branch wip-san-migration
in repository maintenance.
commit 4c744fdb25d780d2426833d556af02a8b0f598a6
Author: Maxim Cournoyer
AuthorDate: Fri Jul 29 15:08:12 2022 -0400
hydra: berlin: Fix indentation.
* hydra/berlin.scm (services): Fix indentation.
---
hydra/berlin.scm | 46 +++---
1 file changed, 23 insertions(+), 23 deletions(-)
diff --git a/hydra/berlin.scm b/hydra/berlin.scm
index 2c4c4c3..851d233 100644
--- a/hydra/berlin.scm
+++ b/hydra/berlin.scm
@@ -493,26 +493,26 @@ Happy hacking!\n"))
(allowed-ips '("10.0.0.12/32")))
(append
- (map anonip-service
- '("http.access.log"
-"https.access.log"
-"disarchive.access.log"
-"dump-guix-gnu-org.https.access.log"
-"qualif.access.log"
-"bootstrappable.access.log"
-"bootstrappable.https.access.log"
-"workflows-guix-info.access.log"
-"workflows-guix-info.https.access.log"
-"issues-guix-gnu-org.https.access.log"))
- (website-services)
- (frontend-services %sysadmins
-;; Make sure we get enough build users.
-#:authorized-keys %build-node-keys
-#:build-accounts-to-max-jobs-ratio 5
-#:gc-threshold (* 15 TiB)
-#:systems '("x86_64-linux" "i686-linux"
-"aarch64-linux"
-"powerpc64le-linux")
-#:motd %motd
-#:publish-workers 8
-#:max-jobs 20)
+ (map anonip-service
+ '("http.access.log"
+ "https.access.log"
+ "disarchive.access.log"
+ "dump-guix-gnu-org.https.access.log"
+ "qualif.access.log"
+ "bootstrappable.access.log"
+ "bootstrappable.https.access.log"
+ "workflows-guix-info.access.log"
+ "workflows-guix-info.https.access.log"
+ "issues-guix-gnu-org.https.access.log"))
+ (website-services)
+ (frontend-services %sysadmins
+ ;; Make sure we get enough build users.
+ #:authorized-keys %build-node-keys
+ #:build-accounts-to-max-jobs-ratio 5
+ #:gc-threshold (* 15 TiB)
+ #:systems '("x86_64-linux" "i686-linux"
+ "aarch64-linux"
+ "powerpc64le-linux")
+ #:motd %motd
+ #:publish-workers 8
+ #:max-jobs 20)
04/04: berlin: Migrate root file system to SAN storage.
apteryx pushed a commit to branch wip-san-migration
in repository maintenance.
commit ea4526070eb939da84d0a37e3b23e0a2d1b86b1f
Author: Maxim Cournoyer
AuthorDate: Fri Jul 29 15:19:46 2022 -0400
berlin: Migrate root file system to SAN storage.
Farewell, inodes exhaustion...
---
hydra/berlin.scm | 99 +++-
1 file changed, 40 insertions(+), 59 deletions(-)
diff --git a/hydra/berlin.scm b/hydra/berlin.scm
index 851d233..1babce2 100644
--- a/hydra/berlin.scm
+++ b/hydra/berlin.scm
@@ -170,13 +170,16 @@ Happy hacking!\n"))
;;;
-;;; Btrfs RAID10 array.
+;;; Btrfs pools.
;;;
;;; This Btrfs storage array is composed of six (6) Samsung 870 QVO
;;; SSDs of 8 TB each; configured to use the raid1c4 Btrfs profile for
;;; metadata and raid10 for data.
+(define %btrfs-ssd-uuid "16ff18e1-eb41-4224-8df6-80d3b53c411a")
-(define %btrfs-raid-uuid "16ff18e1-eb41-4224-8df6-80d3b53c411a")
+;;; This is one large Btrfs partition on the MDC-provided SAN storage
+;;; (100 TiB).
+(define %btrfs-san-uuid "d5d1a040-7f2a-4c38-9a89-82f08866f6ec")
;;; TODO: Implement some mcron job that monitors the absent of a disk
;;; in the array, or IO related errors in dmesg, so that we can notice
@@ -185,48 +188,37 @@ Happy hacking!\n"))
("space_cache" . "v2")
"degraded"))
-;;; Top-level Btrfs subvolume.
-(define %btrfs-pool
+(define %btrfs-pool-san
(file-system
;; This is required by the 'btrbk' backup tool.
-(device (uuid %btrfs-raid-uuid))
-(mount-point "/mnt/btrfs-pool")
+(device (uuid %btrfs-san-uuid))
+(mount-point "/mnt/btrfs-pool-san")
(type "btrfs")
(options (alist->file-system-options
(cons '("subvolid" . "5")
%common-btrfs-options)
-;;; Root Btrfs subvolume.
-(define @root
+(define %btrfs-pool-ssd
(file-system
-(device (uuid %btrfs-raid-uuid))
-(mount-point "/new-root")
+;; This is required by the 'btrbk' backup tool.
+(device (uuid %btrfs-ssd-uuid))
+(mount-point "/mnt/btrfs-pool-ssd")
(type "btrfs")
(options (alist->file-system-options
- (cons '("subvol" . "@root")
+ (cons '("subvolid" . "5")
%common-btrfs-options)
-;;; Home Btrfs subvolume.
-(define @home
+(define (btrfs-subvolume-mount device-uuid name mount-point)
+ "Return a file system to mount the Btrfs subvolume NAME on DEVICE-UUID
+at MOUNT-POINT."
(file-system
-(device (uuid %btrfs-raid-uuid))
-(mount-point "/home")
+(device (uuid device-uuid))
+(mount-point mount-point)
+(create-mount-point? #t)
(type "btrfs")
(options (alist->file-system-options
- (cons '("subvol" . "@home")
-%common-btrfs-options)))
-(dependencies (list @root
-
-;;; Cache Btrfs subvolume.
-(define @cache
- (file-system
-(device (uuid %btrfs-raid-uuid))
-(mount-point "/var/cache")
-(type "btrfs")
-(options (alist->file-system-options
- (cons '("subvol" . "@cache")
-%common-btrfs-options)))
-(dependencies (list @root
+ (cons (cons "subvol" name)
+%common-btrfs-options)
(define (anonip-service file)
(service anonip-service-type
@@ -245,18 +237,15 @@ Happy hacking!\n"))
;; management interface can only be accessed through selected
;; servers within the MDC campus network.
(kernel-arguments '("console=tty0"
- "console=ttyS0,115200"
- ;; As the initrd lacks any device
- ;; synchronization support, give enough time for
- ;; the storage devices to be up before
- ;; attempting to assemble and mount the root
- ;; file system.
- "rootdelay=20"))
+ "console=ttyS0,115200"))
;; The Dell server need these kernel modules for the
;; RAID controller.
(initrd-modules (append (list "megaraid_sas" "scsi_transport_sas"
-"mpt3sas" "libsas")
+"mpt3sas" "libsas"
+;; Suggested by 'guix system init' for
+;; the SAN storage.
+"qla2xxx")
%base-initrd-modules))
;; Show the GRUB menu on the serial interface.
@@ -271,30 +260,22 @@ Happy hack
02/04: hydra: hydra-guix-129: Add dosfstools package.
apteryx pushed a commit to branch wip-san-migration in repository maintenance. commit 764a60c8aaf49133c61e7d762ec9e7078ca2c7a2 Author: Maxim Cournoyer AuthorDate: Fri Jul 29 15:07:27 2022 -0400 hydra: hydra-guix-129: Add dosfstools package. * hydra/deploy-node-129.scm (node-129-os)[packages]: Add dosfstools. --- hydra/deploy-node-129.scm | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/hydra/deploy-node-129.scm b/hydra/deploy-node-129.scm index 39d22a1..9f186a5 100644 --- a/hydra/deploy-node-129.scm +++ b/hydra/deploy-node-129.scm @@ -155,7 +155,9 @@ ;; enhanced security. (password-authentication? #f) (swap-devices '()) ;cannot do swap on Btrfs RAID - (packages (cons btrfs-progs (operating-system-packages base-os)) + (packages (cons* btrfs-progs + dosfstools + (operating-system-packages base-os)) (list (machine
01/04: hydra: berlin: Migrate bootloader from BIOS to UEFI.
apteryx pushed a commit to branch wip-san-migration
in repository maintenance.
commit 3901696c68d11a75a7e512dc34f476674f0d62c3
Author: Maxim Cournoyer
AuthorDate: Fri Jul 29 14:04:04 2022 -0400
hydra: berlin: Migrate bootloader from BIOS to UEFI.
The recently added Storage Area Network (SAN) is used to hold the ESP
partition data.
* hydra/berlin.scm (bootloader): Switch to grub-efi-bootloader.
(file-systems): Add a mount point for /boot/efi.
---
hydra/berlin.scm | 13 +
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/hydra/berlin.scm b/hydra/berlin.scm
index ded3a18..2c4c4c3 100644
--- a/hydra/berlin.scm
+++ b/hydra/berlin.scm
@@ -18,7 +18,7 @@
(ice-9 match))
(use-service-modules avahi base databases dns monitoring networking admin
rsync shepherd ssh vpn web)
-(use-package-modules admin base certs databases emacs linux mail monitoring
+(use-package-modules admin base certs databases disk emacs linux mail
monitoring
ssh tls tor vim package-management
version-control
web wget ci rsync
@@ -257,16 +257,20 @@ Happy hacking!\n"))
;; RAID controller.
(initrd-modules (append (list "megaraid_sas" "scsi_transport_sas"
"mpt3sas" "libsas")
- %base-initrd-modules))
+ %base-initrd-modules))
;; Show the GRUB menu on the serial interface.
(bootloader (bootloader-configuration
- (bootloader grub-bootloader)
- (targets '("/dev/sdg"))
+ (bootloader grub-efi-bootloader)
+ (targets '("/boot/efi"))
(terminal-inputs '(serial))
(terminal-outputs '(serial
(file-systems (cons*
+ (file-system
+ (mount-point "/boot/efi")
+ (device (uuid "E1B3-BF92" 'fat)) ;/dev/sdi1
+ (type "vfat"))
;; The root file system resides on just a single
;; disk, no RAID :-/
(file-system
@@ -303,6 +307,7 @@ Happy hacking!\n"))
%base-user-accounts))
(packages (cons* btrfs-progs
+ dosfstools
certbot emacs wget iptables
jnettop openssh rsync
;; This is needed to set GIT_SSL_CAINFO allowing
branch wip-san-migration created (now ea45260)
apteryx pushed a change to branch wip-san-migration in repository maintenance. at ea45260 berlin: Migrate root file system to SAN storage. This branch includes the following new commits: new 3901696 hydra: berlin: Migrate bootloader from BIOS to UEFI. new 764a60c hydra: hydra-guix-129: Add dosfstools package. new 4c744fd hydra: berlin: Fix indentation. new ea45260 berlin: Migrate root file system to SAN storage. The 4 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference.
branch master updated: gnu: hydra-guix-129: Add a btrfs balance job.
This is an automated email from the git hooks/post-receive script. apteryx pushed a commit to branch master in repository maintenance. The following commit(s) were added to refs/heads/master by this push: new 32547a9 gnu: hydra-guix-129: Add a btrfs balance job. 32547a9 is described below commit 32547a9b4700a7474a086c18f7fbc3a901f8a50e Author: Maxim Cournoyer AuthorDate: Fri Jul 29 10:52:25 2022 -0400 gnu: hydra-guix-129: Add a btrfs balance job. * hydra/deploy-node-129.scm (btrfs-balance-job): New mcron job. (node-129-os)[services]: Register it. --- hydra/deploy-node-129.scm | 16 1 file changed, 16 insertions(+) diff --git a/hydra/deploy-node-129.scm b/hydra/deploy-node-129.scm index 5283c4a..39d22a1 100644 --- a/hydra/deploy-node-129.scm +++ b/hydra/deploy-node-129.scm @@ -25,6 +25,7 @@ (gnu bootloader grub) (gnu packages linux) (gnu services base) + (gnu services mcron) (gnu services ssh) (gnu system file-systems) (guix gexp) @@ -65,6 +66,16 @@ (cons (cons "subvol" name) %common-btrfs-options) +(define btrfs-balance-job + ;; Re-allocate chunks which are using less than 5% of their chunk + ;; space, to regain Btrfs 'unallocated' space. The usage is kept + ;; low (5%) to minimize wear on the SSD. Runs at 5 AM every 3 days. + #~(job '(next-hour-from (next-day (range 1 31 3)) '(5)) + (lambda () + (execl #$(file-append btrfs-progs "/bin/btrfs") "btrfs" + "balance" "start" "-dusage=5" "/")) + "btrfs-balance")) + (define node-129-os (let ((base-os (berlin-new-build-machine-os @@ -114,6 +125,11 @@ %base-file-systems)) (services (modify-services (operating-system-user-services base-os) + (mcron-service-type + config => (mcron-configuration + (inherit config) + (jobs (cons btrfs-balance-job + (mcron-configuration-jobs config) (static-networking-service-type networks => (cons (static-networking
branch master updated: hydra: deploy-node-129: Add static IP for iDRAC network access.
This is an automated email from the git hooks/post-receive script. apteryx pushed a commit to branch master in repository maintenance. The following commit(s) were added to refs/heads/master by this push: new 5922e4c hydra: deploy-node-129: Add static IP for iDRAC network access. 5922e4c is described below commit 5922e4c03372711d1b808c053c11be01298b5a86 Author: Maxim Cournoyer AuthorDate: Fri Jul 29 10:26:35 2022 -0400 hydra: deploy-node-129: Add static IP for iDRAC network access. * hydra/deploy-node-129.scm (node-129-os): Add a new IP address. --- hydra/deploy-node-129.scm | 26 +- 1 file changed, 17 insertions(+), 9 deletions(-) diff --git a/hydra/deploy-node-129.scm b/hydra/deploy-node-129.scm index 025715b..5283c4a 100644 --- a/hydra/deploy-node-129.scm +++ b/hydra/deploy-node-129.scm @@ -115,15 +115,23 @@ (services (modify-services (operating-system-user-services base-os) (static-networking-service-type - ;; This machine is reachable from the Internet so that it can - ;; be used as an alternative to Berlin to access the Guix - ;; MDC network. - networks => (cons (static-networking - (addresses (list (network-address - (device "eno2") - (value "141.80.181.41/24" - (provision '(backdoor))) ;required else car error -networks)) + networks => + (cons (static-networking + (addresses (list + ;; This is a publicly accessible IP, to + ;; allow accessing the Guix MDC network + ;; via this machine when Berlin is down. + (network-address + (device "eno2") + (value "141.80.181.41/24")) + ;; This gives the machine access to the + ;; iDRAC network, so that it can access + ;; Berlin's iDRAC for example. + (network-address + (device "eno4") + (value "141.80.167.251/26" + (provision '(backdoor))) ;required else car error +networks)) (openssh-service-type config => (openssh-configuration (inherit config)
branch master updated: hydra: build-machines: Add Tobias as sysadmin.
This is an automated email from the git hooks/post-receive script.
apteryx pushed a commit to branch master
in repository maintenance.
The following commit(s) were added to refs/heads/master by this push:
new fede010 hydra: build-machines: Add Tobias as sysadmin.
fede010 is described below
commit fede010299693d4bc9b1a12708af2b3b471b36b5
Author: Maxim Cournoyer
AuthorDate: Fri Jul 29 08:54:28 2022 -0400
hydra: build-machines: Add Tobias as sysadmin.
* hydra/modules/sysadmin/build-machines.scm
(berlin-new-build-machine-os): Add Tobias as sysadmin.
---
hydra/modules/sysadmin/build-machines.scm | 3 +++
1 file changed, 3 insertions(+)
diff --git a/hydra/modules/sysadmin/build-machines.scm
b/hydra/modules/sysadmin/build-machines.scm
index d291830..4d14e48 100644
--- a/hydra/modules/sysadmin/build-machines.scm
+++ b/hydra/modules/sysadmin/build-machines.scm
@@ -180,6 +180,9 @@ are 10022 and 15900. Keep secret-service port local."
(sysadmin (name "maxim")
(full-name "Maxim Cournoyer")
(ssh-public-key (local-file "../../keys/ssh/maxim.pub")))
+ (sysadmin (name "nckx")
+(full-name "Tobias Geerinckx-Rice")
+(ssh-public-key (local-file "../../keys/ssh/nckx.pub")))
(sysadmin (name "hydra") ;fake sysadmin
(full-name "Hydra User")
(restricted? #t)
branch master updated: hydra: node-129: Register public IP.
This is an automated email from the git hooks/post-receive script.
apteryx pushed a commit to branch master
in repository maintenance.
The following commit(s) were added to refs/heads/master by this push:
new 0ce2d32 hydra: node-129: Register public IP.
0ce2d32 is described below
commit 0ce2d3210d537468084c712e55c18b2ce8e53267
Author: Maxim Cournoyer
AuthorDate: Thu Jun 23 15:22:51 2022 -0400
hydra: node-129: Register public IP.
And disable password-based SSH access.
* hydra/deploy-node-129.scm (node-129-os)
[services]{static-networking-service-type}: New service.
{openssh-service-type}: Disable password authentication.
---
hydra/deploy-node-129.scm | 22 +-
1 file changed, 21 insertions(+), 1 deletion(-)
diff --git a/hydra/deploy-node-129.scm b/hydra/deploy-node-129.scm
index 35121e2..025715b 100644
--- a/hydra/deploy-node-129.scm
+++ b/hydra/deploy-node-129.scm
@@ -7,7 +7,7 @@
;;;
;;; 2. be available as a fall-back to Berlin in case of problems
;;;
-;;; TODO: Implement the fall-back to Berlin
+;;; TODO: Implement service redundancy with Berlin.
;;;
;;; FIXME: Re-deploying must happen from Berlin, due to bug #46760.
;;;
@@ -24,6 +24,8 @@
(use-modules (gnu bootloader)
(gnu bootloader grub)
(gnu packages linux)
+ (gnu services base)
+ (gnu services ssh)
(gnu system file-systems)
(guix gexp)
(sysadmin build-machines))
@@ -110,6 +112,24 @@
(btrfs-subvolume-mount "@srv""/srv")
%btrfs-pool
%base-file-systems))
+ (services
+ (modify-services (operating-system-user-services base-os)
+ (static-networking-service-type
+ ;; This machine is reachable from the Internet so that it can
+ ;; be used as an alternative to Berlin to access the Guix
+ ;; MDC network.
+ networks => (cons (static-networking
+ (addresses (list (network-address
+ (device "eno2")
+ (value "141.80.181.41/24"
+ (provision '(backdoor))) ;required else car error
+networks))
+ (openssh-service-type
+ config => (openssh-configuration
+ (inherit config)
+ ;; Only accept public key authentication for
+ ;; enhanced security.
+ (password-authentication? #f)
(swap-devices '()) ;cannot do swap on Btrfs RAID
(packages (cons btrfs-progs (operating-system-packages base-os))
02/03: hydra: berlin-new-build-machine-os: Add sudoers config.
apteryx pushed a commit to branch master
in repository maintenance.
commit 5febef17276ff035390b6d430784d9bb733ada81
Author: Maxim Cournoyer
AuthorDate: Thu Jun 16 11:38:35 2022 -0400
hydra: berlin-new-build-machine-os: Add sudoers config.
* hydra/modules/sysadmin/build-machines.scm
(berlin-new-build-machine-os) [sudoers-file]: New field.
---
hydra/modules/sysadmin/build-machines.scm | 9 -
hydra/modules/sysadmin/people.scm | 1 +
2 files changed, 9 insertions(+), 1 deletion(-)
diff --git a/hydra/modules/sysadmin/build-machines.scm
b/hydra/modules/sysadmin/build-machines.scm
index 7b89eb5..d291830 100644
--- a/hydra/modules/sysadmin/build-machines.scm
+++ b/hydra/modules/sysadmin/build-machines.scm
@@ -295,6 +295,13 @@ Match Address 141.80.167.131
(list "--max-jobs"
(number->string max-jobs)
"--cores"
- (number->string max-cores)))
+ (number->string max-cores)
+;; Allow sysadmins to use 'sudo' without a password so they can
+;; 'guix deploy' these machines as their own user.
+(sudoers-file
+ (plain-file "sudoers"
+ (string-append (plain-file-content %sudoers-specification)
+ (format #f "~{~a ALL = NOPASSWD: ALL~%~}"
+ (map sysadmin-name sysadmins)))
;;; build-machines.scm end here
diff --git a/hydra/modules/sysadmin/people.scm
b/hydra/modules/sysadmin/people.scm
index 6d2a862..f9db51e 100644
--- a/hydra/modules/sysadmin/people.scm
+++ b/hydra/modules/sysadmin/people.scm
@@ -25,6 +25,7 @@
#:use-module (ice-9 match)
#:export (sysadmin?
sysadmin
+sysadmin-name
sysadmin-service-type))
;;; Commentary:
03/03: hydra: Add deploy-node-129 deployment config.
apteryx pushed a commit to branch master
in repository maintenance.
commit 80a65361f4f40646832d531441e96b8fb16d5e7b
Author: Maxim Cournoyer
AuthorDate: Thu Jun 16 10:30:37 2022 -0400
hydra: Add deploy-node-129 deployment config.
* hydra/deploy-node-129.scm: New file.
* hydra/berlin-nodes.scm (nodes): De-register node 129 from here.
---
hydra/berlin-nodes.scm| 6 +--
hydra/deploy-node-129.scm | 126 ++
2 files changed, 128 insertions(+), 4 deletions(-)
diff --git a/hydra/berlin-nodes.scm b/hydra/berlin-nodes.scm
index 5f476e6..47f413e 100644
--- a/hydra/berlin-nodes.scm
+++ b/hydra/berlin-nodes.scm
@@ -121,10 +121,8 @@
"141.80.167.185"
"ssh-ed25519
C3NzaC1lZDI1NTE5IAIomlYpFmdaTiWGf4DWs6sc831zbNlU5XBjicHmZINA"
192)
-(129
- "141.80.167.186"
- "ssh-ed25519
C3NzaC1lZDI1NTE5ICBZkQ4ZQgMGs/3druNQLsyFWHVhjtmN/sj1fxrPeUqJ"
- 192)
+;; Node 129 is not listed here, as it's used as Berlin's twin and
+;; has its own configuration file, deploy-node-129.scm.
(130
"141.80.167.187"
"ssh-ed25519
C3NzaC1lZDI1NTE5ICZilog+9Jdim9k07baYK6QZfkZRZbQQriExjtOEfjQ5"
diff --git a/hydra/deploy-node-129.scm b/hydra/deploy-node-129.scm
new file mode 100644
index 000..35121e2
--- /dev/null
+++ b/hydra/deploy-node-129.scm
@@ -0,0 +1,126 @@
+;;; Commentary;
+;;;
+;;; This machine uses a server identical to Berlin (a Dell PowerEdge
+;;; R430 server) and serves a dual purpose:
+;;;
+;;; 1. act as a regular Berlin build machine
+;;;
+;;; 2. be available as a fall-back to Berlin in case of problems
+;;;
+;;; TODO: Implement the fall-back to Berlin
+;;;
+;;; FIXME: Re-deploying must happen from Berlin, due to bug #46760.
+;;;
+;;; To update its operating system, make sure you are a sysadmin
+;;; defined in the 'berlin-new-build-machine-os' procedure in
+;;; (sysadmin build-machines). You can request another current
+;;; sysadmin to commit the change and re-deploy it. Then you should
+;;; be able to do the following, from your personal 'maintenance'
+;;; checkout on Berlin:
+;;;
+;;; $ guix deploy -L modules deploy-node-129.scm
+;;;
+
+(use-modules (gnu bootloader)
+ (gnu bootloader grub)
+ (gnu packages linux)
+ (gnu system file-systems)
+ (guix gexp)
+ (sysadmin build-machines))
+
+(define %ip-address "141.80.167.186")
+
+;;; XXX: Copied from berlin-nodes.scm.
+(define %authorized-guix-keys
+ ;; List of authorized 'guix archive' keys.
+ (list (local-file "keys/guix/berlin.guixsd.org-export.pub")))
+
+(define %btrfs-raid-uuid "64a837b7-b9dc-4b64-ba95-712ba4032c71")
+
+(define %common-btrfs-options '(("compress-force" . "zstd")
+("space_cache" . "v2")
+"degraded"))
+
+;;; Top-level Btrfs subvolume.
+(define %btrfs-pool
+ (file-system
+(device (uuid %btrfs-raid-uuid))
+(mount-point "/mnt/btrfs-pool")
+(create-mount-point? #t)
+(type "btrfs")
+(options (alist->file-system-options
+ (cons '("subvolid" . "5")
+%common-btrfs-options)
+
+(define (btrfs-subvolume-mount name mount-point)
+ "Return a file system to mount the Btrfs subvolume NAME at MOUNT-POINT."
+ (file-system
+(device (uuid %btrfs-raid-uuid))
+(mount-point mount-point)
+(create-mount-point? #t)
+(type "btrfs")
+(options (alist->file-system-options
+ (cons (cons "subvol" name)
+%common-btrfs-options)
+
+
+(define node-129-os
+ (let ((base-os (berlin-new-build-machine-os
+ 129
+ #:authorized-guix-keys %authorized-guix-keys
+ #:emulated-architectures '("ppc64le")
+ #:childhurd? (childhurd-ip? %ip-address)
+ #:systems '("x86_64-linux" "i686-linux")
+ #:max-jobs 4
+ #:max-cores 24)))
+(operating-system
+ (inherit base-os)
+ (bootloader
+ (bootloader-configuration
+(inherit (operating-system-bootloader base-os)) ;efi bootloader
+(targets (list "/boot/efi" "/boot/efi2" "/boot/efi3"
+ "/boot/efi4" "/boot/efi5"
+ (file-systems (cons*
+(file-system
+ (mount-point "/boot/efi")
+ (device (uuid "B19B-79B3" 'fat)) ;/dev/sda2
+ (type "vfat"))
+(file-system
+ (mount-point "/boot/efi2")
+ (device (uuid "B1E1-D315" 'fat)) ;/dev/sdb2
+
01/03: hydra: Add myself as sysadmin to 'berlin-new-build-machine-os'.
apteryx pushed a commit to branch master in repository maintenance. commit c59765510106ffef9dd1801754e26fb6c045394e Author: Maxim Cournoyer AuthorDate: Thu Jun 16 11:37:18 2022 -0400 hydra: Add myself as sysadmin to 'berlin-new-build-machine-os'. * hydra/modules/sysadmin/build-machines.scm (berlin-new-build-machine-os): Register myself as sysadmin. --- hydra/modules/sysadmin/build-machines.scm | 3 +++ 1 file changed, 3 insertions(+) diff --git a/hydra/modules/sysadmin/build-machines.scm b/hydra/modules/sysadmin/build-machines.scm index 4b68f67..7b89eb5 100644 --- a/hydra/modules/sysadmin/build-machines.scm +++ b/hydra/modules/sysadmin/build-machines.scm @@ -177,6 +177,9 @@ are 10022 and 15900. Keep secret-service port local." (sysadmin (name "rekado") (full-name "Ricardo Wurmus") (ssh-public-key (local-file "../../keys/ssh/rekado.pub"))) + (sysadmin (name "maxim") + (full-name "Maxim Cournoyer") +(ssh-public-key (local-file "../../keys/ssh/maxim.pub"))) (sysadmin (name "hydra") ;fake sysadmin (full-name "Hydra User") (restricted? #t)
branch master updated (9182833 -> 80a6536)
apteryx pushed a change to branch master in repository maintenance. from 9182833 hydra: honeycomb: Add public IP of kreuzberg. new c597655 hydra: Add myself as sysadmin to 'berlin-new-build-machine-os'. new 5febef1 hydra: berlin-new-build-machine-os: Add sudoers config. new 80a6536 hydra: Add deploy-node-129 deployment config. The 3 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: hydra/berlin-nodes.scm| 6 +- hydra/deploy-node-129.scm | 126 ++ hydra/modules/sysadmin/build-machines.scm | 12 ++- hydra/modules/sysadmin/people.scm | 1 + 4 files changed, 140 insertions(+), 5 deletions(-) create mode 100644 hydra/deploy-node-129.scm
branch master updated: berlin: Update motd.
This is an automated email from the git hooks/post-receive script. apteryx pushed a commit to branch master in repository maintenance. The following commit(s) were added to refs/heads/master by this push: new eb61dea berlin: Update motd. eb61dea is described below commit eb61dea8418093f02d884f0aed5f31e9c57f7e07 Author: Maxim Cournoyer AuthorDate: Tue Jun 14 13:51:06 2022 -0400 berlin: Update motd. * hydra/berlin.scm (%motd): Update best practices. --- hydra/berlin.scm | 7 ++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/hydra/berlin.scm b/hydra/berlin.scm index 95f6880..46c1131 100644 --- a/hydra/berlin.scm +++ b/hydra/berlin.scm @@ -89,8 +89,13 @@ Best practices: 1. Store everything in guix-maintenance.git. - 2. Use the Git checkouts of Guix and guix-maintenance in ~root. + + 2. To reconfigure, use the latest Guix available and your personal, + up-to-date copy of guix-maintenance, e.g. '~/src/guix-maintenance'. + Use 'sudo' to reconfigure to leave traces. + 3. Notify guix-sysad...@gnu.org when reconfiguring. + 4. Notify guix-sysad...@gnu.org when something goes wrong. 5. Notify ricardo.wur...@mdc-berlin.de or rek...@elephly.net when the
branch master updated (d2717b7 -> cee592f)
apteryx pushed a change to branch master in repository maintenance. from d2717b7 hydra: lakeside: Configure as a proper mirror. new c5661d2 Revert "berlin: Migrate root file system to Btrfs array." new 231e6ac hydra: berlin: Adjust bootloader target drive. new cee592f berlin: nginx: Raise 'server-names-hash-bucket-size' to 128. The 3 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: hydra/berlin.scm | 142 ++--- hydra/nginx/berlin.scm | 1 + 2 files changed, 77 insertions(+), 66 deletions(-)
03/03: berlin: nginx: Raise 'server-names-hash-bucket-size' to 128.
apteryx pushed a commit to branch master in repository maintenance. commit cee592f1f4385436cc287e71419b169f94281ca8 Author: Maxim Cournoyer AuthorDate: Wed May 4 09:16:09 2022 -0400 berlin: nginx: Raise 'server-names-hash-bucket-size' to 128. This is to avoid the error: "nginx: [emerg] could not build server_names_hash, you should increase server_names_hash_bucket_size: 64". * hydra/nginx/berlin.scm (%nginx-configuration) [server-names-hash-bucket-size]: New field. --- hydra/nginx/berlin.scm | 1 + 1 file changed, 1 insertion(+) diff --git a/hydra/nginx/berlin.scm b/hydra/nginx/berlin.scm index 8bf09ae..dacd8aa 100644 --- a/hydra/nginx/berlin.scm +++ b/hydra/nginx/berlin.scm @@ -494,6 +494,7 @@ PUBLISH-URL." (define %nginx-configuration (nginx-configuration (server-blocks %berlin-servers) + (server-names-hash-bucket-size 128) (modules (list ;; Module to redirect users to the localized pages of their choice.
02/03: hydra: berlin: Adjust bootloader target drive.
apteryx pushed a commit to branch master
in repository maintenance.
commit 231e6ac062fa539ea8a3e1682bdf24c81b6d5dd1
Author: Maxim Cournoyer
AuthorDate: Tue May 3 21:12:57 2022 -0400
hydra: berlin: Adjust bootloader target drive.
* hydra/berlin.scm [bootloader]: Adjust target to /dev/sdg, which is
the device name of the root device when the 6 SSDs are connected.
---
hydra/berlin.scm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hydra/berlin.scm b/hydra/berlin.scm
index d22a9ee..ec0eb35 100644
--- a/hydra/berlin.scm
+++ b/hydra/berlin.scm
@@ -251,7 +251,7 @@ Happy hacking!\n"))
;; Show the GRUB menu on the serial interface.
(bootloader (bootloader-configuration
(bootloader grub-bootloader)
- (targets '("/dev/sda"))
+ (targets '("/dev/sdg"))
(terminal-inputs '(serial))
(terminal-outputs '(serial
01/03: Revert "berlin: Migrate root file system to Btrfs array."
apteryx pushed a commit to branch master
in repository maintenance.
commit c5661d21a1dc35f5228ca6ba78e0c8bf6ced4ef0
Author: Maxim Cournoyer
AuthorDate: Tue May 3 21:12:06 2022 -0400
Revert "berlin: Migrate root file system to Btrfs array."
This reverts commit 6c6115ef2b3300f9bad028a242d21a97fd7f0bed, as the
resulting system was not bootable.
---
hydra/berlin.scm | 142 +--
1 file changed, 76 insertions(+), 66 deletions(-)
diff --git a/hydra/berlin.scm b/hydra/berlin.scm
index 4e8b533..d22a9ee 100644
--- a/hydra/berlin.scm
+++ b/hydra/berlin.scm
@@ -99,6 +99,30 @@ Best practices:
Happy hacking!\n"))
+
+(define %copy-kernel-and-initrd
+ ;; The storage device where the root file system is is invisible to GRUB.
+ ;; Thus, copy the kernel and initrd to /store, where GRUB will be able to
+ ;; find them.
+ (with-imported-modules '((guix build utils))
+#~(begin
+(use-modules (guix build utils))
+
+(for-each (lambda (file)
+(let ((target (string-append "/store/" (basename file
+ (unless (file-exists? target)
+(format #t "copying '~a' to /store...~%" file)
+(copy-recursively file target
+ #:log (%make-void-port "w")
+
+ ;; /run/current-system/kernel is a profile. The trick
+ ;; below allows us to get at its actual directory name,
+ ;; which is what 'grub.cfg' refers to.
+ (list (dirname
+ (canonicalize-path
"/run/current-system/kernel/bzImage"))
+(dirname (canonicalize-path
"/run/current-system/initrd")))
+
+
(define %build-node-key-directory
;; Directory containing the signing keys of build nodes.
(string-append (current-source-directory) "/keys/guix/berlin"))
@@ -129,6 +153,9 @@ Happy hacking!\n"))
(rsync-module
(name "web-audio")
(file-name "/srv/audio"))
+(rsync-module
+ (name "web-cuirass")
+ (file-name "/src/cuirass-releases"))
(rsync-module
(name "disarchive")
(file-name "/gnu/disarchive"))
@@ -159,23 +186,43 @@ Happy hacking!\n"))
;; This is required by the 'btrbk' backup tool.
(device (uuid %btrfs-raid-uuid))
(mount-point "/mnt/btrfs-pool")
-(create-mount-point? #t)
(type "btrfs")
(options (alist->file-system-options
(cons '("subvolid" . "5")
%common-btrfs-options)
-(define (btrfs-subvolume-mount name mount-point)
- "Return a file system to mount the Btrfs subvolume NAME at MOUNT-POINT."
+;;; Root Btrfs subvolume.
+(define @root
(file-system
(device (uuid %btrfs-raid-uuid))
-(mount-point mount-point)
-(create-mount-point? #t)
+(mount-point "/new-root")
(type "btrfs")
(options (alist->file-system-options
- (cons (cons "subvol" name)
+ (cons '("subvol" . "@root")
%common-btrfs-options)
+;;; Home Btrfs subvolume.
+(define @home
+ (file-system
+(device (uuid %btrfs-raid-uuid))
+(mount-point "/home")
+(type "btrfs")
+(options (alist->file-system-options
+ (cons '("subvol" . "@home")
+%common-btrfs-options)))
+(dependencies (list @root
+
+;;; Cache Btrfs subvolume.
+(define @cache
+ (file-system
+(device (uuid %btrfs-raid-uuid))
+(mount-point "/var/cache")
+(type "btrfs")
+(options (alist->file-system-options
+ (cons '("subvol" . "@cache")
+%common-btrfs-options)))
+(dependencies (list @root
+
(operating-system
(host-name "berlin.guix.gnu.org")
@@ -204,49 +251,35 @@ Happy hacking!\n"))
;; Show the GRUB menu on the serial interface.
(bootloader (bootloader-configuration
(bootloader grub-bootloader)
- ;; FIXME: Add support in GRUB to find devices by UUID
- ;; or labels.
- ;; FIXME: Ensure system can boot even when one disk is
- ;; missing (see: https://issues.guix.gnu.org/40999).
- (targets '("/dev/sda"
- "/dev/sdb"
- "/dev/sdc"
- "/dev/sdd"
- "/dev/sde"
- "/dev/sdf"))
+ (targets '("/dev/sda"))
(terminal-inputs '(serial))
branch master updated: hydra: build-machines: Update swap-devices field definition.
This is an automated email from the git hooks/post-receive script. apteryx pushed a commit to branch master in repository maintenance. The following commit(s) were added to refs/heads/master by this push: new ea3817d hydra: build-machines: Update swap-devices field definition. ea3817d is described below commit ea3817d9c8ae8de2cca56796b194957503c19e4a Author: Maxim Cournoyer AuthorDate: Thu Mar 17 13:45:28 2022 -0400 hydra: build-machines: Update swap-devices field definition. * hydra/modules/sysadmin/build-machines.scm (berlin-new-build-machine-os)[swap-devices]: Use a swap-space record for the device. --- hydra/modules/sysadmin/build-machines.scm | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/hydra/modules/sysadmin/build-machines.scm b/hydra/modules/sysadmin/build-machines.scm index 1f01fd8..08aef96 100644 --- a/hydra/modules/sysadmin/build-machines.scm +++ b/hydra/modules/sysadmin/build-machines.scm @@ -204,7 +204,8 @@ are 10022 and 15900. Keep secret-service port local." (string-append "127.0.0.1 localhost " host-name "\n" "::1 localhost " host-name "\n" "141.80.167.131 ci.guix.gnu.org\n"))) -(swap-devices (list "/dev/sda2")) +(swap-devices (list (swap-space + (target "/dev/sda2" (file-systems (cons* (file-system (mount-point "/boot/efi")
branch master updated: roadmap: Update with items from the Guix Days.
This is an automated email from the git hooks/post-receive script. apteryx pushed a commit to branch master in repository maintenance. The following commit(s) were added to refs/heads/master by this push: new 40fa5a2 roadmap: Update with items from the Guix Days. 40fa5a2 is described below commit 40fa5a2386ce1f26c915c45eaed8a326998ea0e7 Author: Julien Lepiller AuthorDate: Sun Feb 20 18:37:10 2022 +0100 roadmap: Update with items from the Guix Days. * doc/ROADMAP.org: Update with items discussed during the Guix Days. Signed-off-by: Maxim Cournoyer --- doc/ROADMAP.org | 69 ++--- 1 file changed, 51 insertions(+), 18 deletions(-) diff --git a/doc/ROADMAP.org b/doc/ROADMAP.org index 29b033e..3147db2 100644 --- a/doc/ROADMAP.org +++ b/doc/ROADMAP.org @@ -6,39 +6,65 @@ to discuss it on guix-de...@gnu.org! * ‘guix pull’ -** TODO 'guix pull' & commit authentication <https://bugs.gnu.org/22883> +** DONE 'guix pull' & commit authentication <https://bugs.gnu.org/22883> ** TODO build-self.scm trampoline runs faster +** TODO Guix pull shows which channel new/updated packages come from +** TODO Guix pull caches the repository at the same location for all users * UI/UX -** TODO grafts and profile hooks run as “build continuations” <https://bugs.gnu.org/28310> +** DONE grafts and profile hooks run as “build continuations” <https://bugs.gnu.org/28310> ** TODO ‘package-derivation’ made faster -** TODO (gnu installer) UI can be used to edit config.scm +** DONE (gnu installer) UI can be used to edit config.scm Maybe leave the possibility to specify a file, or even a URL? ** TODO ‘guix system status’ shows info about the current status ** TODO packages can be [[https://lists.gnu.org/archive/html/guix-devel/2019-05/msg00285.html][parameterized]] ** TODO web application to [re]configure a Guix System +** TODO Colorful error messages with in-context source indicating exactly where the error occurred and why See [[https://openwrt.org/docs/techref/uci][LuCI]], [[https://yunohost.org/][YuNoHost]], and [[https://www.rudder.io/en/][Rudder]]. -** TODO ‘guix environment’ uses [[https://lists.gnu.org/archive/html/guix-devel/2017-08/msg00300.html][sane defaults and conventions]] +** DONE ‘guix environment’ uses [[https://lists.gnu.org/archive/html/guix-devel/2017-08/msg00300.html][sane defaults and conventions]] ** TODO GNOME Software backend written (or some other GUI implemented) ** TODO packages made more lightweight (only necessary files are included) -* core +** TODO guix pack docker images use multiple layers +** TODO guix search uses a cache to improve performance +** TODO netboot with nfs root or store works +** TODO guix pack supports parabola's package format +** TODO guix shell containers have simple flags to enable graphics and audio, similar to the network flag +* core ** TODO substitutes can be published and fetched over IPFS <https://issues.guix.gnu.org/issue/33899> -** TODO ‘wip-build-systems-gexp’ branch updated & merged +** DONE ‘wip-build-systems-gexp’ branch updated & merged ** TODO labels removed from the inputs fields of packages -** TODO [[https://savannah.nongnu.org/projects/gash/][Gash]] used instead of Bash during bootstrap +** DONE [[https://savannah.nongnu.org/projects/gash/][Gash]] used instead of Bash during bootstrap ** TODO shepherd uses Fibers, logs correctly, can do “socket activation” ** TODO (guix record) provides optional static type checking +** TODO `wip-full-source-bootstrap` branch merged +** TODO `wip-arm-bootstrap` branch merged +** TODO the bootstrap does not use a Guile binary anymore +** TODO the bootstrap does not use old versions of GNU Utilities +** TODO bootstrap OCaml +** TODO bootstrap GHC +** TODO bootstrap Crystal +** TODO bootstrap Idris2 +** TODO bootstrap Kotlin +** TODO bootstrap rust on i686, arm, etc. +** TODO Guix falls back to SWH for SVN/HG origins +** TODO sources.json is generated by the build farm +** TODO ‘propagated-build-inputs’ supports multiple outputs +** TODO guix is able to store secrets * architectures -** TODO Guix System can run GNU/Hurd +** DONE Guix System can run GNU/Hurd +** TODO Desktop support on GNU/Hurd ** TODO system/installer images available for armhf ** TODO system/installer images available for aarch64 -** TODO riscv64 supported -** TODO ppc64el(le?)/power9 supported +** DONE riscv64 supported +** DONE ppc64el(le?)/power9 supported +** TODO Riscv substitutes available +** TODO Support cross-compiling to Android +** TODO Installation script supports installing to Android * build daemon @@ -49,23 +75,30 @@ See [[https://openwrt.org/docs/techref/uci][LuCI]], [[https://yunohost.org/][YuN * devops -** TODO ‘guix system reconfigure --target=host.example.org’ is a thing -** TODO ‘guix deploy’ is a thing +** DONE ‘guix deploy’ is a thing * miscellaneous -**
branch master updated (f385394 -> 38c7c87)
apteryx pushed a change to branch master in repository maintenance. from f385394 doc: Add 2022-03-01 maintainers meeting notes. new f49b152 berlin: Disable gzip compression for substitutes. new 38c7c87 berlin: Update TODO and remove extraneous needed-for-boot? in config. The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: hydra/berlin.scm| 7 +++ hydra/modules/sysadmin/services.scm | 4 +--- 2 files changed, 4 insertions(+), 7 deletions(-)
02/02: berlin: Update TODO and remove extraneous needed-for-boot? in config.
apteryx pushed a commit to branch master
in repository maintenance.
commit 38c7c876556d2d82a6316b0272b45a4ef7df297d
Author: Maxim Cournoyer
AuthorDate: Thu Mar 3 13:22:11 2022 -0500
berlin: Update TODO and remove extraneous needed-for-boot? in config.
* hydra/berlin.scm (%common-btrfs-options): 'rootflags' is now
supported. Preserve the degraded option as it is useful for
unattended reboots, and update the TODO to mention the state of the
Btrfs array should be monitored.
[file-systems]: Remove the 'create-mount-point?' fields from the
'/mnt/old-gnu' and '/mnt/old-root-fs' mount points, as they were set
to the default value (#f) anyway.
---
hydra/berlin.scm | 7 +++
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/hydra/berlin.scm b/hydra/berlin.scm
index b58827d..10e1e9b 100644
--- a/hydra/berlin.scm
+++ b/hydra/berlin.scm
@@ -146,8 +146,9 @@ Happy hacking!\n"))
(define %btrfs-raid-uuid "16ff18e1-eb41-4224-8df6-80d3b53c411a")
-;;; TODO: Honor rootflags in the initrd, then remove degraded (see:
-;;; https://issues.guix.gnu.org/40998).
+;;; TODO: Implement some mcron job that monitors the absent of a disk
+;;; in the array, or IO related errors in dmesg, so that we can notice
+;;; if the Btrfs becomes degraded.
(define %common-btrfs-options '(("compress-force" . "zstd")
("space_cache" . "v2")
"degraded"))
@@ -237,7 +238,6 @@ Happy hacking!\n"))
(device (uuid "a6455b66-59d2-40bd-bddb-0c572bb62a2f"))
(mount-point "/mnt/old-gnu")
(create-mount-point? #t)
- (needed-for-boot? #f)
(mount? #f)
(type "ext4"))
;; Access root file system without bind mounts.
@@ -245,7 +245,6 @@ Happy hacking!\n"))
(device (file-system-label "my-root"))
(mount-point "/mnt/old-root-fs")
(create-mount-point? #t)
- (needed-for-boot? #f)
(mount? #f)
(type "ext4"))
%base-file-systems))
01/02: berlin: Disable gzip compression for substitutes.
apteryx pushed a commit to branch master
in repository maintenance.
commit f49b15274ea2ed84bca18a40b855ff7dcd1a31a0
Author: Maxim Cournoyer
AuthorDate: Thu Mar 3 13:17:31 2022 -0500
berlin: Disable gzip compression for substitutes.
* hydra/modules/sysadmin/services.scm (frontend-services): Remove gzip
from the list of supported compression types.
---
hydra/modules/sysadmin/services.scm | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/hydra/modules/sysadmin/services.scm
b/hydra/modules/sysadmin/services.scm
index d8ab02f..18161cc 100644
--- a/hydra/modules/sysadmin/services.scm
+++ b/hydra/modules/sysadmin/services.scm
@@ -581,9 +581,7 @@ to a selected directory.")
;;
<https://lists.gnu.org/archive/html/guix-devel/2021-01/msg00097.html>
;; for the compression ratio/decompression speed
;; tradeoffs.
- ;; TODO: Eventually, disable gzip, as discussed at
- ;;
<https://lists.gnu.org/archive/html/guix-devel/2021-03/msg00333.html>.
- (compression '(("gzip" 9) ("lzip" 9) ("zstd" 19)))
+ (compression '(("lzip" 9) ("zstd" 19)))
(cache-bypass-threshold cache-bypass-threshold)
(workers publish-workers)))
branch master updated: doc: Add 2022-03-01 maintainers meeting notes.
This is an automated email from the git hooks/post-receive script. apteryx pushed a commit to branch master in repository maintenance. The following commit(s) were added to refs/heads/master by this push: new f385394 doc: Add 2022-03-01 maintainers meeting notes. f385394 is described below commit f3853949aad3da4b2c231bf3cd2073a2be04 Author: Maxim Cournoyer AuthorDate: Thu Mar 3 13:06:25 2022 -0500 doc: Add 2022-03-01 maintainers meeting notes. * doc/maintainers/meetings/2022-03-01.org: New file. --- doc/maintainers/meetings/2022-03-01.org | 34 + 1 file changed, 34 insertions(+) diff --git a/doc/maintainers/meetings/2022-03-01.org b/doc/maintainers/meetings/2022-03-01.org new file mode 100644 index 000..13ed238 --- /dev/null +++ b/doc/maintainers/meetings/2022-03-01.org @@ -0,0 +1,34 @@ +* Maintainers meeting +** Schedule +The 1st of March from 14:00 CET to 15:00 CET on Jami. + +** Agenda +No fixed agenda -- discuss an action to take. + +** Notes +Meeting was held on Jami. Efraim, Maxim and Tobias were present. + +- Discussed the recent events and what action was appropriate from the + Guix maintainers. + +- Berlin file system migration status: awaiting on-site person + availability to try a reboot again. There was a problem where the + devices would not be available at the time 'btrfs device scan' was + run by the init ram disk, which caused the root file system to be + mounted in a degraded state. It is assumed this is due to our init + ram disk not supporting hardware events/synchronization. Using + rootdelay=20 or alternatively passing the + 'device=/dev/sda3,/dev/sdb3,/dev/sdc3,/dev/sdd3,/dev/sde3,/dev/sdf3' + mount option should be a workaround (which can now be changed easily + via the rootflags kernel option from the GRUB interface). + +*Action* Draft and send an official statement regarding recent events. + +*Action* Update our Code of Conduct copy the latest version. + +*Action* Add a notice at the top of the Code of Conduct mentioning +issues pertaining to it should be brought up with the maintainers, not +in the other public Guix communication channels. + +*Action* Turn any release-related past (uncompleted yet) actions into + Debbugs issues tagged as blocking the 1.4.0 release issue (#53214).
branch master updated: berlin: Add a 'rootdelay=20' kernel argument.
This is an automated email from the git hooks/post-receive script.
apteryx pushed a commit to branch master
in repository maintenance.
The following commit(s) were added to refs/heads/master by this push:
new 714b50a berlin: Add a 'rootdelay=20' kernel argument.
714b50a is described below
commit 714b50a8e95635761c1765d755969a2268f7de9f
Author: Maxim Cournoyer
AuthorDate: Thu Feb 17 14:10:01 2022 -0500
berlin: Add a 'rootdelay=20' kernel argument.
Previous attempts to boot the Btrfs RAID array failed with messages
suggesting not all the drives were ready:
[ 64.434898] BTRFS warning (device sdb3): chunk 98847948800 missing
4 devices, max tolerance is 1 for writable mount
Hopefully a 20 s delay is enough to allow for the drives to fully
warm-up before they get assembled into an array by 'btrfs device
scan'.
* hydra/berlin.scm (operating-system)[kernel-arguments]: Add
'rootdelay=20'.
[file-systems]: Do not require for boot nor auto mount.
: Likewise.
---
hydra/berlin.scm | 12 +++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/hydra/berlin.scm b/hydra/berlin.scm
index 466e734..804d95e 100644
--- a/hydra/berlin.scm
+++ b/hydra/berlin.scm
@@ -186,7 +186,13 @@ Happy hacking!\n"))
;; management interface can only be accessed through selected
;; servers within the MDC campus network.
(kernel-arguments '("console=tty0"
- "console=ttyS0,115200"))
+ "console=ttyS0,115200"
+ ;; As the initrd lacks any device
+ ;; synchronization support, give enough time for
+ ;; the storage devices to be up before
+ ;; attempting to assemble and mount the root
+ ;; file system.
+ "rootdelay=20"))
;; The Dell server need these kernel modules for the
;; RAID controller.
@@ -231,12 +237,16 @@ Happy hacking!\n"))
(device (uuid "a6455b66-59d2-40bd-bddb-0c572bb62a2f"))
(mount-point "/mnt/old-gnu")
(create-mount-point? #t)
+ (needed-for-boot? #f)
+ (mount? #f)
(type "ext4"))
;; Access root file system without bind mounts.
(file-system
(device (file-system-label "my-root"))
(mount-point "/mnt/old-root-fs")
(create-mount-point? #t)
+ (needed-for-boot? #f)
+ (mount? #f)
(type "ext4"))
%base-file-systems))
