Hydra, for Lix
Find a file
Maximilian Bosch dd2ce84fe5
hydra-module: don't use createHome = true; to create Hydra's base-dir
In NixOS, the user generation script was changed to set the permissions `0700`
to a home-directory that's specified in the `users.users`-submodule with
`createHome` being set to `true`[1].

However, the home-directory of `hydra` is also the base directory of other services using
other users (e.g. `hydra-queue-runner`). With permissions being `0700`, processes with
such a user cannot traverse into `/var/lib/hydra` and thus not into subdirectories.

I guess that this issue was kind of hidden because `hydra-init.service` ensures
proper permissions[2]. However, if `hydra-init.service` is not restarted on a
system-activation, the permissions of `/var/lib/hydra` will be set back to `0700`
by the activation script that runs on each activation.

This has lead to errors like this in `hydra-queue-runner` on my Hydra:

```
Sep 20 09:11:30 hydra hydra-queue-runner[306]: error (ignored): error: cannot unlink '/var/lib/hydra/build-logs/7h/dssz03gazrkqzfmlr5cprd0dvkg4db-squashfs.img.drv': Permission denied
Sep 20 09:11:30 hydra hydra-queue-runner[306]: error (ignored): error: cannot unlink '/var/lib/hydra/build-logs/b9/350vd8jpv1f86i312c9pkdcd2z56aw-squashfs.img.drv': Permission denied
Sep 20 09:11:30 hydra hydra-queue-runner[306]: error (ignored): error: cannot unlink '/var/lib/hydra/build-logs/kz/vlq4v9a1rylcp4fsqqav3lcjgskky4-squashfs.img.drv': Permission denied
Sep 20 09:11:30 hydra hydra-queue-runner[306]: error (ignored): error: cannot unlink '/var/lib/hydra/build-logs/xd/hkjnbbr9jp7364pkn8zpk9v8xapj2c-nix-2.4pre20210917_37cc50f.drv': Permission denied
Sep 20 09:11:30 hydra hydra-queue-runner[306]: error (ignored): error: cannot unlink '/var/lib/hydra/build-logs/zn/9df7225fl8p7iavqqfvlyay4rf0msw-nix-2.4pre20210917_37cc50f.drv': Permission denied
Sep 20 09:11:30 hydra hydra-queue-runner[306]: possibly transient failure building ‘/nix/store/7hdssz03gazrkqzfmlr5cprd0dvkg4db-squashfs.img.drv’ on ‘roflmayr’: error: creating directory '/var/lib/hydra/build-logs': Permission denied
Sep 20 09:11:30 hydra hydra-queue-runner[306]: will retry ‘/nix/store/7hdssz03gazrkqzfmlr5cprd0dvkg4db-squashfs.img.drv’ after 543s
```

Because of that, I decided to remove the `createHome = true;` setting and instead used
`systemd-tmpfiles`[3] which can not only ensure that certain directories
exist, but also proper permissions.

With this change, we can also get rid of the manual setup in
`hydra-init.service` since `systemd-tmpfiles` will be executed by
`switch-to-configuration` before *any* systemd service gets started. On
startup, `systemd-tmpfiles-setup.service` is invoked within
`sysinit.target` being reached, so when `hydra-init.service` gets called
in `multi-user.target`, the structure already exists.

[1] fa0d499dbf
[2] 3cec908738/hydra-module.nix (L260-L262)
[3] https://www.freedesktop.org/software/systemd/man/systemd-tmpfiles.html
2021-09-22 00:08:15 +02:00
.github build(deps): bump cachix/install-nix-action from v12 to v13 2021-04-05 05:21:35 +00:00
datadog add space 2017-07-26 16:56:16 +01:00
doc hydra-notify: support sending diagnostic dumps to STDERR on request 2021-08-24 10:56:13 -04:00
examples Extend Setup Information 2020-05-02 16:04:20 +02:00
foreman hydra-notify: Enable the prometheus exporter in development environments by default 2021-08-24 10:56:13 -04:00
src ResultSet::TaskRetries: add missing method, get_retryable_task 2021-09-07 11:12:10 -04:00
t ResultSet::TaskRetries: add missing method, get_retryable_task 2021-09-07 11:12:10 -04:00
.editorconfig Initialize a basic editorconfig 2021-08-06 14:59:40 -04:00
.gitignore ... add some needed gitignores... 2021-07-26 03:42:08 +00:00
.perlcriticrc Start checking PRs with perlcritic 2021-08-20 11:06:43 -04:00
.yath.rc tests: move to t, allow yath test from root 2021-03-05 09:49:06 -08:00
bootstrap hydra: Simplify `bootstrap'. 2011-01-14 10:52:47 +00:00
configure.ac Rename version to version.txt 2021-07-05 19:47:58 +01:00
COPYING hydra: revert license change 2010-03-29 14:16:46 +00:00
default.nix Simplify default.nix and shell.nix 2020-06-17 19:19:55 +02:00
flake.lock flake.lock: Update 2021-08-10 13:41:04 +02:00
flake.nix gitea-plugin: fix test 2021-08-29 00:08:59 +02:00
hydra-api.yaml Project: add declfile, decltype, declvalue to API 2021-05-02 17:45:14 -07:00
hydra-module.nix hydra-module: don't use createHome = true; to create Hydra's base-dir 2021-09-22 00:08:15 +02:00
INSTALL hydra: use autoconf/-make 2010-09-30 14:29:15 +00:00
Makefile.am tests: move to t, allow yath test from root 2021-03-05 09:49:06 -08:00
Procfile Procfile: sort alphabetically 2021-04-05 16:10:09 +00:00
README.md Start checking PRs with perlcritic 2021-08-20 11:06:43 -04:00
shell.nix Simplify default.nix and shell.nix 2020-06-17 19:19:55 +02:00
version.txt Rename version to version.txt 2021-07-05 19:47:58 +01:00

Hydra

CI

Hydra is a Continuous Integration service for Nix based projects.

Installation And Setup

Note: The instructions provided below are intended to enable new users to get a simple, local installation up and running. They are by no means sufficient for running a production server, let alone a public instance.

Enabling The Service

Running Hydra is currently only supported on NixOS. The hydra module allows for an easy setup. The following configuration can be used for a simple setup that performs all builds on localhost (Please refer to the Options page for all available options):

{
  services.hydra = {
    enable = true;
    hydraURL = "http://localhost:3000";
    notificationSender = "hydra@localhost";
    buildMachinesFiles = [];
    useSubstitutes = true;
  };
}

Creating An Admin User

Once the Hydra service has been configured as above and activate you should already be able to access the UI interface at the specified URL. However some actions require an admin user which has to be created first:

$ su - hydra
$ hydra-create-user <USER> --full-name '<NAME>' \
    --email-address '<EMAIL>' --password <PASSWORD> --role admin

Afterwards you should be able to log by clicking on "Sign In" on the top right of the web interface using the credentials specified by hydra-crate-user. Once you are logged in you can click "Admin -> Create Project" to configure your first project.

Creating A Simple Project And Jobset

In order to evaluate and build anything you need to crate projects that contain jobsets. Hydra supports imperative and declarative projects and many different configurations. The steps below will guide you through the required steps to creating a minimal imperative project configuration.

Creating A Project

Log in as adminstrator, click "Admin" and select "Create project". Fill the form as follows:

  • Identifier: hello
  • Display name: hello
  • Description: hello project

Click "Create project".

Creating A Jobset

After creating a project you are forwarded to the project page. Click "Actions" and choose "Create jobset". Fill the form with the following values:

  • Identifier: hello
  • Nix expression: examples/hello.nix in hydra
  • Check interval: 60
  • Scheduling shares: 1

We have to add two inputs for this jobset. One for nixpkgs and one for hydra (which we are referrencing in the Nix expression above):

  • Input name: nixpkgs

  • Type: Git checkout

  • Value: https://github.com/nixos/nixpkgs-channels nixos-20.03

  • Input name: hydra

  • Type: Git checkout

  • Value: https://github.com/nixos/hydra

Make sure State at the top of the page is set to "Enabled" and click on "Create jobset". This concludes the creation of a jobset that evaluates ./examples/hello.nix once a minute. Clicking "Evaluations" should list the first evaluation of the newly created jobset after a brief delay.

Building And Developing

Building Hydra

You can build Hydra via nix-build using the provided default.nix:

$ nix-build

Development Environment

You can use the provided shell.nix to get a working development environment:

$ nix-shell
$ ./bootstrap
$ configurePhase # NOTE: not ./configure
$ make

Executing Hydra During Development

When working on new features or bug fixes you need to be able to run Hydra from your working copy. This can be done using foreman:

$ nix-shell
$ # hack hack
$ make
$ foreman start

Have a look at the Procfile if you want to see how the processes are being started. In order to avoid conflicts with services that might be running on your host, hydra and postgress are started on custom ports:

  • hydra-server: 63333 with the username "alice" and the password "foobar"
  • postgresql: 64444

Note that this is only ever meant as an ad-hoc way of executing Hydra during development. Please make use of the NixOS module for actually running Hydra in production.

Checking your patches

After making your changes, verify the test suite passes and perlcritic is still happy.

Start by following the steps in Development Environment.

Then, you can run the tests and the perlcritic linter together with:

$ nix-shell
$ make check

You can run a single test with:

$ nix-shell
$ yath test ./t/foo/bar.t

And you can run just perlcritic with:

$ nix-shell
$ make perlcritic

JSON API

You can also interface with Hydra through a JSON API. The API is defined in hydra-api.yaml and you can test and explore via the swagger editor

Additional Resources

License

Hydra is licensed under GPL-3.0

Icons provided free by EmojiOne.