Daniel Littlewood <[email protected]> writes: > Hi help-guix, > > I am wanting to try out the `guix deploy` command, but I am a little > scared to use it. If I make a mistake in my OS config (such as removing > a public key by mistake, or breaking the network configuration) then I > might lock myself out. Of course, since this is a guix system, it is > trivial to roll back to a previous generation, so long as I can still > issue the command to roll back. > > I am looking for a mechanism whereby the system can be made to > automatically issue a rollback command if the deployment fails somehow. > Obviously, if your operating system config is badly broken (e.g. invalid > syntax) then it will not build and the deployment will not proceed. I am > thinking of the case where the OS is validly configured, but does not > satisfy certain desired properties (like permitting SSH from a certain key). > > Of course, since deploying a full guix system image can alter the OS in > more or less arbitrary ways, not everything can be guaranteed. The > simplest thing I can think of that might work is to include a shepherd > service in your OS config which will automatically issue a guix system > roll-back (and perhaps also rebooting) unless a certain post-release > "deploy succeeded" signal is received. For instance, you could configure > your deployment script to halt this service via ssh, and if you don't do > this within 30 seconds, the rollback occurs. As long as this service > remains in your OS config, you could screw up everything else and it > should remain accessible (after waiting for the timeout, at least). >
Hi Dan, Sounds like a great idea :) (also don’t forget to make the “deploy succeeded” persist between reboots) Good day, Noé > I could not see any evidence from the manual that `guix deploy` does > something like this automatically. I can see the flags --timeout and > --max-silent-time, but I think these are to guard against slow builds, > rather than mistakes necessarily. There is also guix deploy --roll-back, > which would not work in the scenario I'm imagining. > > I will probably attempt to write something, unless I find out somebody > else has. So if you are interested in this, even if you don't have an > answer, let me know. > > Dan
signature.asc
Description: PGP signature
