Commit graph

3481 commits

Author SHA1 Message Date
dd2ce84fe5
hydra-module: don't use createHome = true; to create Hydra's base-dir
In NixOS, the user generation script was changed to set the permissions `0700`
to a home-directory that's specified in the `users.users`-submodule with
`createHome` being set to `true`[1].

However, the home-directory of `hydra` is also the base directory of other services using
other users (e.g. `hydra-queue-runner`). With permissions being `0700`, processes with
such a user cannot traverse into `/var/lib/hydra` and thus not into subdirectories.

I guess that this issue was kind of hidden because `hydra-init.service` ensures
proper permissions[2]. However, if `hydra-init.service` is not restarted on a
system-activation, the permissions of `/var/lib/hydra` will be set back to `0700`
by the activation script that runs on each activation.

This has lead to errors like this in `hydra-queue-runner` on my Hydra:

```
Sep 20 09:11:30 hydra hydra-queue-runner[306]: error (ignored): error: cannot unlink '/var/lib/hydra/build-logs/7h/dssz03gazrkqzfmlr5cprd0dvkg4db-squashfs.img.drv': Permission denied
Sep 20 09:11:30 hydra hydra-queue-runner[306]: error (ignored): error: cannot unlink '/var/lib/hydra/build-logs/b9/350vd8jpv1f86i312c9pkdcd2z56aw-squashfs.img.drv': Permission denied
Sep 20 09:11:30 hydra hydra-queue-runner[306]: error (ignored): error: cannot unlink '/var/lib/hydra/build-logs/kz/vlq4v9a1rylcp4fsqqav3lcjgskky4-squashfs.img.drv': Permission denied
Sep 20 09:11:30 hydra hydra-queue-runner[306]: error (ignored): error: cannot unlink '/var/lib/hydra/build-logs/xd/hkjnbbr9jp7364pkn8zpk9v8xapj2c-nix-2.4pre20210917_37cc50f.drv': Permission denied
Sep 20 09:11:30 hydra hydra-queue-runner[306]: error (ignored): error: cannot unlink '/var/lib/hydra/build-logs/zn/9df7225fl8p7iavqqfvlyay4rf0msw-nix-2.4pre20210917_37cc50f.drv': Permission denied
Sep 20 09:11:30 hydra hydra-queue-runner[306]: possibly transient failure building ‘/nix/store/7hdssz03gazrkqzfmlr5cprd0dvkg4db-squashfs.img.drv’ on ‘roflmayr’: error: creating directory '/var/lib/hydra/build-logs': Permission denied
Sep 20 09:11:30 hydra hydra-queue-runner[306]: will retry ‘/nix/store/7hdssz03gazrkqzfmlr5cprd0dvkg4db-squashfs.img.drv’ after 543s
```

Because of that, I decided to remove the `createHome = true;` setting and instead used
`systemd-tmpfiles`[3] which can not only ensure that certain directories
exist, but also proper permissions.

With this change, we can also get rid of the manual setup in
`hydra-init.service` since `systemd-tmpfiles` will be executed by
`switch-to-configuration` before *any* systemd service gets started. On
startup, `systemd-tmpfiles-setup.service` is invoked within
`sysinit.target` being reached, so when `hydra-init.service` gets called
in `multi-user.target`, the structure already exists.

[1] fa0d499dbf
[2] 3cec908738/hydra-module.nix (L260-L262)
[3] https://www.freedesktop.org/software/systemd/man/systemd-tmpfiles.html
2021-09-22 00:08:15 +02:00
dependabot[bot]
ac0529cacb
build(deps): bump cachix/install-nix-action from 13 to 14
Bumps [cachix/install-nix-action](https://github.com/cachix/install-nix-action) from 13 to 14.
- [Release notes](https://github.com/cachix/install-nix-action/releases)
- [Commits](https://github.com/cachix/install-nix-action/compare/v13...v14)

---
updated-dependencies:
- dependency-name: cachix/install-nix-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-09-13 15:00:47 +00:00
255d4a91bc
jobset-eval: pass full parameter to "Compare to..."
When I take a look at *all* failing builds (by clicking at `[...] more
jobs omitted`) and I try to compare the failures to another jobset, I'd
like to still view *all* failing builds in the compare-view.

This wasn't the case before since the `full=`-param was ignored by the
compare-buttons.
2021-09-08 23:23:29 +02:00
Graham Christensen
741590c923 perlcritic: explicitly assign the result of readdir/file reads 2021-09-07 21:55:55 -04:00
Graham Christensen
85bb1c7ef9 (perlcritic) JSON::Any -> JSON::MaybeXS 2021-09-07 21:55:55 -04:00
Graham Christensen
c603ae35f0 perlcritic: Don't conditionally declare variables 2021-09-07 21:35:01 -04:00
Graham Christensen
3cec908738
Merge pull request #1016 from DeterminateSystems/fixup/1011
ResultSet::TaskRetries: add missing method, get_retryable_task
2021-09-07 11:20:29 -04:00
Graham Christensen
b1879132af ResultSet::TaskRetries: add missing method, get_retryable_task
Yet again, manual testing is proving to be insufficient. I'm pretty
sure I wrote this code but lost it in a rebase, or perhaps the switch
to result classes.

At any rate, this implements the actual "fetch a retry row and run it"
for the hydra-notify daemon.

Tested by hand.
2021-09-07 11:12:10 -04:00
Graham Christensen
d6aa3f8d15
Merge pull request #1011 from DeterminateSystems/retryable-notifications
Retryable notifications
2021-09-07 10:04:32 -04:00
Graham Christensen
21e1ff0da1 perlcritic: don't open files as bare words 2021-09-06 22:20:17 -04:00
Graham Christensen
efd1d78b97 Hydra::Helper::Nix: getHydraNotifyPrometheusConfig fixup strict warning around double-declaring cfg 2021-09-06 22:13:33 -04:00
Graham Christensen
c880888f1e File::Slurp -> File::Slurper 2021-09-06 22:13:33 -04:00
Your Name
c54629b732 Helper/Nix.pm: perlcritic statsd in scalar context 2021-09-06 22:13:33 -04:00
Your Name
55b7802b61 t/lib/Setup.pm: nix_config: default to empty string 2021-09-06 22:13:33 -04:00
Your Name
4677a7c894 perlcritic: use strict, use warnings 2021-09-06 22:13:33 -04:00
Your Name
d3feb8b9a5 perlcritic: ratchet to severity 4 2021-09-06 21:35:35 -04:00
Graham Christensen
dd06ab7a99 Merge pull request #1004 from DeterminateSystems/avoid-a-b
Avoid $a, $b
2021-09-06 21:35:17 -04:00
Graham Christensen
ca4b8d449f
BitBucketStatus: tbuild -> build (typo) 2021-09-06 21:12:13 -04:00
Graham Christensen
d9df26ac5a
POD: improve wording, punctuation, caps
Co-authored-by: Cole Helbling <cole.helbling@determinate.systems>
2021-09-03 09:13:34 -04:00
Graham Christensen
ea3ae0693e Hook up the retryable tasks with hydra-notify 2021-09-02 10:06:26 -04:00
Graham Christensen
c0e86faa78 hydra-notify: call TaskRetries->save_task if a task fails 2021-09-02 10:06:26 -04:00
Graham Christensen
b0055a23df TaskDispatcher: Support re-queueing tasks, and dropping tasks after 100 failures. 2021-09-02 10:06:26 -04:00
Graham Christensen
d0b0fc21b3 ResultSet::TaskRetries: teach about saving tasks 2021-09-02 10:06:26 -04:00
Graham Christensen
147fa4d029 Result::TaskRetries: Teach about requeue 2021-09-02 10:06:26 -04:00
Graham Christensen
42c2d2f387 Hydra::Math: add an exponential_backoff function 2021-09-02 10:06:26 -04:00
Graham Christensen
29738364fb ResultSet::TaskRetries: add get_seconds_to_next_retry
Get the number of seconds before the next retriable task is ready.

This number is specifically intended to be used as a timeout, where
`undef` means never time out.
2021-09-02 10:06:26 -04:00
Graham Christensen
c4134c8e84 TaskRetries: init table 2021-09-02 10:06:26 -04:00
Graham Christensen
1f2adf61aa hydra-notify: extract runPluginsForEvent to a TaskDispatcher 2021-09-02 10:06:26 -04:00
Graham Christensen
bec44614f4
Merge pull request #1014 from Ma27/fix-gitea-test
gitea-plugin: fix test
2021-08-30 09:43:59 -04:00
ajs124
59cb44261d fix ldap nixos test
passwords were replaced with salted sha1 instead of sha256, because I
don't want to have to figure out how to make slapd load this module

We could also just do {CLEARTEXT} for the purpose of this test
2021-08-29 01:47:34 +02:00
e36353532c
gitea-plugin: fix test
The test seems to be broken for a while[1]. The cause for this is that
in gitea 1.14 the `create-user` command got renamed to `user create`.

[1] https://hydra.nixos.org/build/151092299
2021-08-29 00:08:59 +02:00
Graham Christensen
a0a9d4c1c3
Merge pull request #1009 from DeterminateSystems/dbix-docs
hydra.sql: explain update-dbix.pl map
2021-08-27 10:22:53 -04:00
Graham Christensen
fa57fb8f25 hydra.sql: explain update-dbix.pl map 2021-08-26 22:10:19 -04:00
Graham Christensen
f81905fce4
Merge pull request #1007 from DeterminateSystems/resultset-class-namespaces
DBIx::Class: migrate to use_namespaces
2021-08-26 16:30:07 -04:00
Graham Christensen
397d13a300 DBIx::Class: migrate to use_namespaces
This gives us a place to put helper functions that act on entire
tables, not just individual records.

This should be a backwards compatible change, except in places we're
manually using result class names.
2021-08-26 12:37:19 -04:00
Graham Christensen
da55838703
Merge pull request #1001 from DeterminateSystems/hydra-notify-prometheus
hydra-notify: export prometheus metrics
2021-08-25 11:50:43 -04:00
Your Name
24467a7bde Nix::getHydraNotifyPrometheusConfig: print errors if the configuration provided is invalid. 2021-08-24 11:35:38 -04:00
Your Name
4ebdcc290e fixup! hydra-notify: pre-declare metrics 2021-08-24 10:57:23 -04:00
Your Name
45e8fa5319 hydra-notify: support sending diagnostic dumps to STDERR on request 2021-08-24 10:56:13 -04:00
Your Name
de2282bcf4 hydra-notify: print out log lines indicating it is or is not launching the exporter 2021-08-24 10:56:13 -04:00
Your Name
5c1228e141 hydra-notify: pre-declare metrics 2021-08-24 10:56:13 -04:00
Your Name
f4ad80527a hydra-notify: Enable the prometheus exporter in development environments by default 2021-08-24 10:56:13 -04:00
Your Name
6d7ee27d25 hydra-notify: make the prometheus endpoint configurable, default-off 2021-08-24 10:56:13 -04:00
Your Name
5d0ad5f649 hydra-notify: initial scratch take of prometheus events 2021-08-24 10:56:12 -04:00
Graham Christensen
e9ba0b56f6 BuildFinished : $b -> $build (perlcritic) 2021-08-20 21:52:32 -04:00
Graham Christensen
5e10648a98 CoverityScan: $b -> $build (perlcritic) 2021-08-20 21:52:32 -04:00
Graham Christensen
c929f5cac0 SlackNotification: $build -> $topbuild, $b -> $build (perlcritic) 2021-08-20 21:52:32 -04:00
Graham Christensen
b4f9807290 GithubStatus: $build -> $topbuild, $b -> $build (perlcritic) 2021-08-20 21:52:32 -04:00
Graham Christensen
5c9d8794b1 GiteaStatus: $build -> $topbuild, $b -> $build (perlcritic) 2021-08-20 21:52:32 -04:00
Graham Christensen
3920bf1df3 BitBucketStatus: $build -> $topbuild, $b -> $build (perlcritic) 2021-08-20 21:52:32 -04:00