Hi Guix,
I'm trying to set up offloading such that I can have a powerful build
host compile stuff for me when my workstation isn't strong enough. I
bumped into a couple of issues while doing this, prompting me to write
this email to discuss what might be changed to improve this.
* lsh required
The manual does not appear to mention that for offloading lsh is
expected to be installed on the submitting host. Since I only had
OpenSSH installed (on the local workstation and the remote server) I
decided to redefine %lsh-command and %lshg-command:
(define %lsh-command "ssh")
(define %lshg-command "ssh")
When the command in these variables does not exist there is no error
message at all. I only discovered the issue because machine-load
returned +inf.0 for every machine in the list (defined in
/etc/guix/machines.scm) and looped indefinitely to find a suitable
machine.
Here are some recommendations:
- make %lsh-command and %lshg-command configurable or mention in the
documentation that lsh must be available in the PATH.
- print an error message when "remote-pipe" fails due to not finding
the command specified in %lsh-command / %lshg-command
- only run once over the machines given in /etc/guix/machines.scm
instead of looping indefinitely, or alternatively print the reason
for skipping a machine (e.g. by stating that machine-load is +inf.0)
* does not work with unpriviledged user
I assumed that all I needed was an SSH key for an unprivileged user on
the remote machine in order to log on to the remote build host and
talk to the local guix-daemon there. However, we actually run Guile
scripts on the remote instead of letting the privileged daemon perform
known-to-be-safe commands.
This is a problem with register-gc-root, for example. It creates a
directory in %state-directory where an unprivileged user likely has no
write permissions. This mkdir fails silently because register-gc-root
does not bother checking the result of
(false-if-exception (mkdir root-directory))
When the root-directory (e.g. /var/guix/gcroots/tmp) cannot be created
by the remote user running the guile script, the following (symlink
...) fails.
Recommendations:
- instead of sending a script to be executed by a remote Guile process
running as the unprivileged SSH user it may make sense to bake this
feature into the daemon. The daemon has permissions on
%state-directory anyway, while a regular user probably shouldn't.
- check the return value of (false-if-exception (mkdir
root-directory)), or do not use false-if-exception at all to fail
right there when the directory should be created rather than failing
when the symlink to a non-existing directory cannot be created.
This would arguably result in a clearer error message.
This is as far as I got. What do you think?
~~ Ricardo
