Commit graph

3734 commits

Author SHA1 Message Date
Cole Helbling bb16f4fb10 RunCommand: set umask when creating log paths
This uses the somewhat restrictive umask of 0027 so that people outside
the user or group cannot read the files. This also helps to inhibit
TOCTOU where someone else has a handle to our file before we chmod it
and after we close it.
2022-01-28 13:03:15 -08:00
Cole Helbling 5d3912962b RunCommand: use helper functions to ensure filenames and paths are the same
Otherwise, it's possible someone updates the format in one place but not
the others, leading to broken or incorrect functionality.
2022-01-28 13:03:15 -08:00
Cole Helbling 4a441b54ce hydra-module: /var/lib/hydra -> ${baseDir} 2022-01-28 13:03:15 -08:00
Cole Helbling 14090fbb86 runcommand-log.tt: init 2022-01-28 13:03:15 -08:00
Janne Heß 796ce165d4 RunCommand: Allow displaying command output 2022-01-28 13:03:15 -08:00
Janne Heß 4cb5e6cd94 RunCommand: Capture the output of the commands 2022-01-28 13:00:17 -08:00
Graham Christensen 001539c3d2
Merge pull request #1127 from NixOS/grahamc-patch-1
Create a bug report issue template
2022-01-25 09:57:17 -05:00
Graham Christensen 0a5f625746
Update bug_report.md 2022-01-24 20:36:08 -05:00
Graham Christensen f6e86efc9f
Merge pull request #1091 from Ma27/ssh-remote-store-location
hydra-queue-runner: support store URIs declaring an alternate store location
2022-01-24 14:10:54 -05:00
Graham Christensen 3a4ea6e563
Merge pull request #1124 from obsidiansystems/simplify--closure-of-path-set
simplify, `computeFSClosure` can take a set now
2022-01-24 14:09:35 -05:00
Graham Christensen bb68b56f61
Merge pull request #1133 from helsinki-systems/doc/config-format
doc: Document the file format of the config
2022-01-21 20:49:18 -05:00
Graham Christensen c280692f91
Merge pull request #1126 from DeterminateSystems/build-localhost-paths
build-remote: copy missing paths from the binary cache to localhost
2022-01-21 16:16:33 -05:00
Graham Christensen 44cd890ae3
Merge pull request #1130 from DeterminateSystems/prompt-password
hydra-create-user: support prompting for password
2022-01-21 15:38:39 -05:00
Graham Christensen ba96a13407 Record metrics when getting the closure to localhost 2022-01-21 15:38:05 -05:00
Graham Christensen 7e9e82398d build-remote: copy missing paths from the binary cache to localhost
In a Hydra instance I saw:

    possibly transient failure building ‘/nix/store/X.drv’ on ‘localhost’:
      dependency '/nix/store/Y' of '/nix/store/Y.drv' does not exist,
      and substitution is disabled

This is confusing because the Hydra in question does have substitution enabled.

This instance uses:

  keep-outputs = true
  keep-derivations = true

and an S3 binary cache which is not configured as a substituter in the nix.conf.

It appears this instance encountered a situation where store path Y was built
and present in the binary cache, and Y.drv was GC rooted on the instance,
however Y was not on the host.

When Hydra would try to build this path locally, it would look in the binary
cache to see if it was cached:

    (nix)
    439      bool valid = isValidPathUncached(storePath);
    440
    441      if (diskCache && !valid)
    442          // FIXME: handle valid = true case.
    443          diskCache->upsertNarInfo(getUri(), hashPart, 0);
    444
    445      return valid;

Since it was cached, the store path was considered Valid.

The queue monitor would then not put this input in for substitution, because
the path is valid:

    (hydra)
    470          if (!destStore->isValidPath(*i.second.path(*localStore, step->drv->name, i.first))) {
    471              valid = false;
    472              missing.insert_or_assign(i.first, i.second);
    473          }

Hydra appears to correctly handle the case of missing paths that need
to be substituted from the binary cache already, but since most
Hydra instances use `keep-outputs` *and* all paths in the binary cache
originate from that machine, it is not common for a path to be cached
and not GC rooted locally.

I'll run Hydra with this patch for a while and see if we run in to the
problem again.

A big thanks to John Ericson who helped debug this particular issue.
2022-01-21 15:26:45 -05:00
Graham Christensen 952f629b7c Test the queue runner in the scenario where a dependency is available in the cache but GC'd locally, where we're building locally 2022-01-21 15:26:45 -05:00
Graham Christensen 5c3e48fd0d CliRunners: decode UTF8 before printing stderr/stdout
Fixes yath output. It used to say:

    step â is now runnable

Now it says:

    step ‘/run...2ipqz6hbc41m4c5w5bkq-dependent-job.drv’ is now runnable
2022-01-21 15:24:33 -05:00
Graham Christensen e4407f8c93 HydraTestContext: expose the nix state dir 2022-01-21 15:12:10 -05:00
Janne Heß 56308dbb05
doc: Document the file format of the config 2022-01-21 20:48:50 +01:00
Graham Christensen da1af1ce68 Docs: use hydra-create-user --password-prompt 2022-01-21 13:05:12 -05:00
Graham Christensen e351054f61
Merge pull request #1129 from DeterminateSystems/fixup-argon2
Fixup argon2 instructions in hydra-create-user
2022-01-21 13:01:37 -05:00
Graham Christensen 61325853a6
Merge pull request #1132 from DeterminateSystems/ldap-role-match
LDAP support: require the prefix 'hydra_' to match documentation
2022-01-21 12:58:35 -05:00
Graham Christensen 0eeced7f08 hydra-create-user: Warn that creating users with a plaintext password is deprecated 2022-01-21 12:56:15 -05:00
Graham Christensen 98928a4125 fixups 2022-01-21 12:52:06 -05:00
Graham Christensen a888a57baf tests.ldap: verify the hydra_ prefix is required 2022-01-21 12:46:02 -05:00
Graham Christensen 76fbde6d6b Set noecho when reading passwords 2022-01-21 11:11:09 -05:00
Graham Christensen 8ba4ae461e
Merge pull request #1131 from kenranunderscore/fix-invalid-yaml
Fix invalid YAML in documentation
2022-01-21 11:03:28 -05:00
Graham Christensen b8f72d7ff2 LDAP support: require the prefix 'hydra_' to match documentation 2022-01-21 10:48:04 -05:00
Graham Christensen bb893d0bd5 hydra-create-user: support prompting for passwords
I'm not sure this is a good implementation as-is. It does work,
but the password gets echo'd to the screen. I tried to use IO::Prompt
but IO::Prompt really seems to want to read the password from ARGV.
2022-01-21 10:40:56 -05:00
Graham Christensen 3a6c25489c Hydra::Helper::Nix: expose a captureStdoutStderrWithStdin, make it available in tests 2022-01-21 10:40:06 -05:00
Graham Christensen d4fe7e55dd Hydra::Helper::Nix: sort exported functions 2022-01-21 10:40:06 -05:00
Graham Christensen 4945306a2b hydra-create-user: make docs about using --password-hash better 2022-01-21 10:39:22 -05:00
Johannes Maier 4476aba5f7 Fix invalid YAML in documentation 2022-01-21 16:38:59 +01:00
Graham Christensen 12d0d0c176 hydra-create-user: use test_context over test_init 2022-01-21 10:37:48 -05:00
Graham Christensen bb9864bad7 hydra-create-user.t: rename the various users based on their password type 2022-01-21 09:12:47 -05:00
Graham Christensen 46b8f7cce8 Create a bug report issue template 2022-01-20 20:10:28 -05:00
John Ericson e7a1ae87aa simplify, computeFSClosure can take a set now 2022-01-20 14:53:01 -05:00
Graham Christensen ed1b532b74
Merge pull request #1093 from DeterminateSystems/builds-jobset-project
Builds: drop the jobset and project columns
2022-01-17 10:11:55 -05:00
Graham Christensen 8c50cd06e4 machines: ensure the jobset name is present 2022-01-15 17:11:08 -05:00
Graham Christensen c8dc6a9419 Plugins: get project and jobset information from the project and jobset tables 2022-01-15 15:58:02 -05:00
Graham Christensen 9dc40e0816 evaluator: don't save project, jobset on builds 2022-01-15 15:58:02 -05:00
Graham Christensen c539deea99 builds: add a build->project func to get the project via the jobset 2022-01-15 15:58:02 -05:00
Graham Christensen f120909547 builds: drop project, jobset columns
Indexes were haphazardly dropped.
2022-01-15 15:58:02 -05:00
Graham Christensen 1caff3a250
Merge pull request #1117 from DeterminateSystems/project-jobset/queue-runner
queue-runner: track jobsets by ID
2022-01-15 15:57:14 -05:00
Graham Christensen 9671d4d135
Merge pull request #1119 from DeterminateSystems/project-jobset/update-gc-roots
Project jobset: update-gc-roots
2022-01-15 15:57:06 -05:00
Graham Christensen f1a608ac35
Merge pull request #1118 from DeterminateSystems/project-jobset/declarativejobsets
Project jobset: Update DeclarativeJobsets to not use the project or jobsets columns on Bulids
2022-01-15 15:56:48 -05:00
Graham Christensen 7544d4ff47 hydra-update-gc-roots: get project and jobset information from the project and jobset tables 2022-01-15 14:26:45 -05:00
Graham Christensen 52dda56b99 hydra-update-gc-roots: add a very basic test validating successful execution 2022-01-15 14:20:11 -05:00
Graham Christensen 72c3110002 queue-runner: track jobsets by ID 2022-01-15 14:06:00 -05:00
Graham Christensen 17c6bd4fd8 DeclarativeJobsets: get the jobset name from the jobset table 2022-01-15 13:46:32 -05:00