confctl 1.0.0 → 2.1.0

data/lib/confctl/nix.rb

@@ -1,4 +1,5 @@
 require 'confctl/utils/file'
+require 'digest'
 require 'etc'
 require 'json'
 require 'securerandom'
@@ -15,10 +16,11 @@ module ConfCtl
 
     include Utils::File
 
-    def initialize(conf_dir: nil, show_trace: false, max_jobs: nil)
+    def initialize(conf_dir: nil, show_trace: false, max_jobs: nil, cores: nil)
       @conf_dir = conf_dir || ConfDir.path
       @show_trace = show_trace
       @max_jobs = max_jobs || Settings.instance.max_jobs
+      @cores = cores
       @cmd = SystemCommand.new
     end
 
@@ -40,6 +42,7 @@ module ConfCtl
             '--out-link', out_link,
             (show_trace ? '--show-trace' : nil),
             (max_jobs ? ['--max-jobs', max_jobs.to_s] : nil),
+            (cores ? ['--cores', cores.to_s] : nil),
             ConfCtl.nix_asset('evaluator.nix')
           ].flatten.compact
 
@@ -88,6 +91,7 @@ module ConfCtl
             '--out-link', out_link,
             (show_trace ? '--show-trace' : nil),
             (max_jobs ? ['--max-jobs', max_jobs.to_s] : nil),
+            (cores ? ['--cores', cores.to_s] : nil),
             ConfCtl.nix_asset('evaluator.nix')
           ].flatten.compact
 
@@ -124,6 +128,7 @@ module ConfCtl
           '--out-link', out_link,
           (show_trace ? '--show-trace' : nil),
           (max_jobs ? ['--max-jobs', max_jobs.to_s] : nil),
+          (cores ? ['--cores', cores.to_s] : nil),
           ConfCtl.nix_asset('evaluator.nix')
         ].flatten.compact
 
@@ -133,19 +138,19 @@ module ConfCtl
       end
     end
 
-    # Evaluate swpins for host
-    # @param host [String]
-    # @return [Hash]
-    def eval_host_swpins(host)
+    # Evaluate swpins for hosts
+    # @param hosts [Array<String>]
+    # @return [Hash] host => swpins
+    def eval_host_swpins(hosts)
       with_argument({
         confDir: conf_dir,
         build: :evalHostSwpins,
-        machines: [host]
+        machines: hosts
       }, core_swpins: true) do |arg|
         out_link = File.join(
           cache_dir,
           'build',
-          "#{ConfCtl.safe_host_name(host)}.swpins"
+          "#{Digest::SHA256.hexdigest(hosts.join(','))[0..11]}.swpins"
         )
 
         cmd_args = [
@@ -154,18 +159,19 @@ module ConfCtl
           '--out-link', out_link,
           (show_trace ? '--show-trace' : nil),
           (max_jobs ? ['--max-jobs', max_jobs.to_s] : nil),
+          (cores ? ['--cores', cores.to_s] : nil),
           ConfCtl.nix_asset('evaluator.nix')
         ].flatten.compact
 
         out, = cmd.run(*cmd_args)
 
-        JSON.parse(File.read(out.strip))[host]
+        JSON.parse(File.read(out.strip))
       end
     end
 
     # Build config.system.build.toplevel for selected hosts
     #
-    # @param hosts [Array<String>]
+    # @param hosts [Array<Machine>]
     # @param swpin_paths [Hash]
     # @param host_swpin_specs [Hash]
     # @param time [Time]
@@ -176,7 +182,7 @@ module ConfCtl
     # @yieldparam path [String]
     #
     # @return [Hash<String, Generation::Build>]
-    def build_toplevels(hosts: [], swpin_paths: {}, host_swpin_specs: {}, time: nil, &block)
+    def build_attributes(hosts: [], swpin_paths: {}, host_swpin_specs: {}, time: nil, &block)
       with_argument({
         confDir: conf_dir,
         build: :toplevel,
@@ -191,6 +197,7 @@ module ConfCtl
           '--out-link', out_link,
           (show_trace ? '--show-trace' : nil),
           (max_jobs ? ['--max-jobs', max_jobs.to_s] : nil),
+          (cores ? ['--cores', cores.to_s] : nil),
           ConfCtl.nix_asset('evaluator.nix')
         ].flatten.compact
 
@@ -198,15 +205,16 @@ module ConfCtl
         nb.run(&block)
 
         begin
-          host_toplevels = JSON.parse(File.read(out_link))
-          host_toplevels.each do |host, toplevel|
+          host_results = JSON.parse(File.read(out_link))
+          host_results.each do |host, result|
             host_generations = Generation::BuildList.new(host)
-            generation = host_generations.find(toplevel, swpin_paths)
+            generation = host_generations.find(result['attribute'], swpin_paths)
 
             if generation.nil?
               generation = Generation::Build.new(host)
               generation.create(
-                toplevel,
+                result['attribute'],
+                result['autoRollback'],
                 swpin_paths,
                 host_swpin_specs[host],
                 date: time
@@ -226,45 +234,104 @@ module ConfCtl
     end
 
     # @param machine [Machine]
-    # @param toplevel [String]
+    # @param paths [Array<String>]
     #
     # @yieldparam progress [Integer]
     # @yieldparam total [Integer]
     # @yieldparam path [String]
     #
     # @return [Boolean]
-    def copy(machine, toplevel, &)
+    def copy(machine, paths, &)
       if machine.localhost?
         true
+      elsif machine.carried?
+        cp = NixCopy.new(machine.carrier_machine.target_host, paths)
+        cp.run!(&).success?
       else
-        cp = NixCopy.new(machine.target_host, toplevel)
+        cp = NixCopy.new(machine.target_host, paths)
         cp.run!(&).success?
       end
     end
 
     # @param machine [Machine]
-    # @param toplevel [String]
+    # @param generation [Generation::Build]
     # @param action [String]
     # @return [Boolean]
-    def activate(machine, toplevel, action)
-      args = [File.join(toplevel, 'bin/switch-to-configuration'), action]
+    def activate(machine, generation, action)
+      args = [File.join(generation.toplevel, 'bin/switch-to-configuration'), action]
 
       MachineControl.new(machine).execute!(*args).success?
     end
 
+    # @param machine [Machine]
+    # @param generation [Generation::Build]
+    # @param action [String]
+    # @return [Boolean]
+    def activate_with_rollback(machine, generation, action)
+      check_file = File.join('/run', "confctl-confirm-#{SecureRandom.hex(3)}")
+      timeout = machine['autoRollback']['timeout']
+      logger = NullLogger.new
+
+      args = [
+        generation.auto_rollback,
+        '-t', timeout,
+        generation.toplevel,
+        action,
+        check_file
+      ]
+
+      activation_success = nil
+
+      activation_thread = Thread.new do
+        activation_success = MachineControl.new(machine).execute!(*args).success?
+      end
+
+      # Wait for the configuration to be switched
+      t = Time.now
+
+      loop do
+        out, = MachineControl.new(machine, logger:).execute!('cat', check_file, '2>/dev/null')
+        stripped = out.strip
+        break if stripped == 'switched' || ((t + timeout + 10) < Time.now && stripped != 'switching')
+
+        sleep(1)
+      end
+
+      # Confirm it
+      10.times do
+        break if MachineControl.new(machine, logger:).execute!('sh', '-c', "'echo confirmed > #{check_file}'").success?
+      end
+
+      activation_thread.join
+      activation_success
+    end
+
     # @param machine [Machine]
     # @param toplevel [String]
     # @return [Boolean]
     def set_profile(machine, toplevel)
       args = [
         'nix-env',
-        '-p', '/nix/var/nix/profiles/system',
+        '-p', machine.profile,
         '--set', toplevel
       ]
 
       MachineControl.new(machine).execute!(*args).success?
     end
 
+    # @param machine [Machine]
+    # @param toplevel [String]
+    # @return [Boolean]
+    def set_carried_profile(machine, toplevel)
+      args = [
+        'carrier-env',
+        '-p', machine.profile,
+        '--set', toplevel
+      ]
+
+      MachineControl.new(machine.carrier_machine).execute!(*args).success?
+    end
+
     # @param packages [Array<String>]
     # @param command [String]
     # @return [Boolean]
@@ -292,7 +359,7 @@ module ConfCtl
 
     protected
 
-    attr_reader :conf_dir, :show_trace, :max_jobs, :cmd
+    attr_reader :conf_dir, :show_trace, :max_jobs, :cores, :cmd
 
     # Execute block only if `out_link` does not exist or conf dir has changed
     # @param out_link [String] out link path
@@ -357,6 +424,7 @@ module ConfCtl
           '--arg', 'jsonArg', arg,
           (show_trace ? '--show-trace' : nil),
           (max_jobs ? ['--max-jobs', max_jobs.to_s] : nil),
+          (cores ? ['--cores', cores.to_s] : nil),
           ConfCtl.nix_asset('evaluator.nix')
         ].flatten.compact
 

data/lib/confctl/nix_copy.rb

@@ -1,10 +1,10 @@
 module ConfCtl
   class NixCopy
     # @param target [String]
-    # @param store_path [String]
-    def initialize(target, store_path)
+    # @param store_paths [Array<String>]
+    def initialize(target, store_paths)
       @target = target
-      @store_path = store_path
+      @store_paths = store_paths
       @total = nil
       @progress = 0
     end
@@ -22,7 +22,7 @@ module ConfCtl
       ret = cmd.run!(
         'nix-copy-closure',
         '--to', "root@#{target}",
-        store_path,
+        *store_paths,
         &line_buf.feed_block
       )
 
@@ -32,7 +32,7 @@ module ConfCtl
 
     protected
 
-    attr_reader :target, :store_path
+    attr_reader :target, :store_paths
 
     def parse_line(line)
       if @total.nil? && /^copying (\d+) paths/ =~ line

data/lib/confctl/null_logger.rb

@@ -0,0 +1,7 @@
+module ConfCtl
+  class NullLogger
+    def <<(_str)
+      # do nothing
+    end
+  end
+end

data/lib/confctl/swpins/specs/git.rb

@@ -103,7 +103,7 @@ module ConfCtl
 
     def prefetch_github(ref)
       mirror = GitRepoMirror.new(nix_opts['url'])
-      mirror.setup
+      mirror.setup(ref:)
 
       rev = mirror.revision_parse(ref)
       url = File.join(nix_opts['url'], 'archive', "#{rev}.tar.gz")

data/lib/confctl/swpins/specs/git_rev.rb

@@ -5,7 +5,7 @@ module ConfCtl
     handle :'git-rev'
 
     def prefetch_set(args)
-      super(args)
+      super
       wrap_fetcher
     end
 

data/lib/confctl/system_command.rb

@@ -2,9 +2,10 @@ require 'tty-command'
 
 module ConfCtl
   module SystemCommand
+    # @param logger [#<<]
     # @return [TTY::Command]
-    def self.new
-      TTY::Command.new(output: Logger.instance, color: false)
+    def self.new(logger: nil)
+      TTY::Command.new(output: logger || Logger.instance, color: false)
     end
   end
 end

data/lib/confctl/version.rb

@@ -1,3 +1,3 @@
 module ConfCtl
-  VERSION = '1.0.0'.freeze
+  VERSION = '2.1.0'.freeze
 end

data/libexec/auto-rollback.rb

@@ -0,0 +1,106 @@
+#!@ruby@/bin/ruby
+# Switch to a new system configuration and wait for confctl to confirm
+# connectivity. If confctl is unable to reach the deployed machine, this
+# script will roll back to the previous configuration.
+
+require 'optparse'
+
+class AutoRollback
+  def self.run
+    ar = new
+    ar.run
+  end
+
+  def run
+    puts 'Deploying with auto-rollback'
+
+    options = parse_options
+
+    current_system = File.readlink('/run/current-system')
+    puts "  current system = #{current_system}"
+    puts "  new system     = #{options[:toplevel]}"
+    puts "  action         = #{options[:action]}"
+    puts "  check file     = #{options[:check_file]}"
+    puts "  timeout        = #{options[:timeout]} seconds"
+    puts
+
+    puts 'Switching to new configuration'
+    File.write(options[:check_file], 'switching')
+
+    pid = Process.spawn(
+      File.join(options[:toplevel], 'bin/switch-to-configuration'),
+      options[:action]
+    )
+
+    Process.wait(pid)
+
+    File.write(options[:check_file], 'switched')
+
+    puts 'Switch complete, waiting for confirmation'
+    t = Time.now
+
+    loop do
+      sleep(0.5)
+
+      if File.read(options[:check_file]).strip == 'confirmed'
+        puts 'Configuration confirmed'
+        File.unlink(options[:check_file])
+        exit
+      end
+
+      break if t + options[:timeout] < Time.now
+    end
+
+    puts 'Timeout occurred, rolling back'
+
+    pid = Process.spawn(
+      File.join(current_system, 'bin/switch-to-configuration'),
+      options[:action]
+    )
+
+    Process.wait(pid)
+
+    puts 'Rollback complete'
+    exit(false)
+  end
+
+  protected
+
+  def parse_options
+    options = {
+      timeout: 60,
+      toplevel: nil,
+      action: nil,
+      check_file: nil
+    }
+
+    opt_parser = OptionParser.new do |parser|
+      parser.banner = "Usage: #{$0} [options] <toplevel> <action> <check file>"
+
+      parser.on('-t', '--timeout TIMEOUT', Integer, 'Timeout in seconds') do |v|
+        options[:timeout] = v
+      end
+
+      parser.on('-h', '--help', 'Print help message and exit') do
+        puts parser
+        exit
+      end
+    end
+
+    opt_parser.parse!
+
+    if ARGV.length != 3
+      warn 'Invalid arguments'
+      warn opt_parser
+      exit(false)
+    end
+
+    options[:toplevel] = ARGV[0]
+    options[:action] = ARGV[1]
+    options[:check_file] = ARGV[2]
+
+    options
+  end
+end
+
+AutoRollback.run

data/man/man8/confctl-options.nix.8

@@ -1,4 +1,4 @@
-.TH confctl\-options.nix 8           2024\-02\-17                             master
+.TH confctl\-options.nix 8           2024\-05\-07                             master
 .SH NAME
 .PP
 \fB\fCconfctl\-options.nix\fR \- confctl configuration documentation
@@ -599,6 +599,22 @@ Address with prefix as string
 .PP
     \fIDeclared by:\fP \fB\fC<confctl/nix/modules/cluster>\fR
 .TP
+\fB\fCcluster.<name>.buildAttribute\fR
+Path to the attribute in machine system config that should be built
+.IP
+For example, \fB\fC[ "system" "build" "toplevel" ]\fR will select attribute
+\fB\fCconfig.system.build.toplevel\fR\&.
+.PP
+    \fIType:\fP list of string
+.PP
+    \fIDefault:\fP \fB\fC[
+  "system"
+  "build"
+  "toplevel"
+]\fR
+.PP
+    \fIDeclared by:\fP \fB\fC<confctl/nix/modules/cluster>\fR
+.TP
 \fB\fCcluster.<name>.buildGenerations.max\fR
 The maximum number of build generations to be kept on the build
 machine.
@@ -632,6 +648,151 @@ machine.
 .PP
     \fIDeclared by:\fP \fB\fC<confctl/nix/modules/cluster>\fR
 .TP
+\fB\fCcluster.<name>.carrier.enable\fR
+Whether to enable This machine is a carrier for other machines.
+.PP
+    \fIType:\fP boolean
+.PP
+    \fIDefault:\fP \fB\fCfalse\fR
+.PP
+    \fIExample:\fP \fB\fCtrue\fR
+.PP
+    \fIDeclared by:\fP \fB\fC<confctl/nix/modules/cluster>\fR
+.TP
+\fB\fCcluster.<name>.carrier.machines\fR
+List of carried machines
+.PP
+    \fIType:\fP list of (submodule)
+.PP
+    \fIDefault:\fP \fB\fC[ ]\fR
+.PP
+    \fIDeclared by:\fP \fB\fC<confctl/nix/modules/cluster>\fR
+.TP
+\fB\fCcluster.<name>.carrier.machines.*.alias\fR
+Alias for carried machine name
+.PP
+    \fIType:\fP null or string
+.PP
+    \fIDefault:\fP \fB\fCnull\fR
+.PP
+    \fIDeclared by:\fP \fB\fC<confctl/nix/modules/cluster>\fR
+.TP
+\fB\fCcluster.<name>.carrier.machines.*.buildAttribute\fR
+Path to the attribute in machine system config that should be built
+.IP
+For example, \fB\fC[ "system" "build" "toplevel" ]\fR will select attribute
+\fB\fCconfig.system.build.toplevel\fR\&.
+.PP
+    \fIType:\fP list of string
+.PP
+    \fIDefault:\fP \fB\fC[
+  "system"
+  "build"
+  "toplevel"
+]\fR
+.PP
+    \fIDeclared by:\fP \fB\fC<confctl/nix/modules/cluster>\fR
+.TP
+\fB\fCcluster.<name>.carrier.machines.*.buildGenerations.max\fR
+The maximum number of build generations to be kept on the build
+machine.
+.PP
+    \fIType:\fP null or signed integer
+.PP
+    \fIDefault:\fP \fB\fCnull\fR
+.PP
+    \fIDeclared by:\fP \fB\fC<confctl/nix/modules/cluster>\fR
+.TP
+\fB\fCcluster.<name>.carrier.machines.*.buildGenerations.maxAge\fR
+Delete build generations older than
+\fB\fCcluster.<name>.carrier.machines.*.buildGenerations.maxAge\fR
+seconds from the build machine. Old generations are deleted even
+if \fB\fCcluster.<name>.carrier.machines.*.buildGenerations.max\fR is
+not reached.
+.PP
+    \fIType:\fP null or signed integer
+.PP
+    \fIDefault:\fP \fB\fCnull\fR
+.PP
+    \fIDeclared by:\fP \fB\fC<confctl/nix/modules/cluster>\fR
+.TP
+\fB\fCcluster.<name>.carrier.machines.*.buildGenerations.min\fR
+The minimum number of build generations to be kept on the build
+machine.
+.PP
+    \fIType:\fP null or signed integer
+.PP
+    \fIDefault:\fP \fB\fCnull\fR
+.PP
+    \fIDeclared by:\fP \fB\fC<confctl/nix/modules/cluster>\fR
+.TP
+\fB\fCcluster.<name>.carrier.machines.*.extraModules\fR
+A list of additional NixOS modules to be imported for this machine
+.PP
+    \fIType:\fP list of path
+.PP
+    \fIDefault:\fP \fB\fC[ ]\fR
+.PP
+    \fIDeclared by:\fP \fB\fC<confctl/nix/modules/cluster>\fR
+.TP
+\fB\fCcluster.<name>.carrier.machines.*.hostGenerations.max\fR
+The maximum number of generations to be kept on the machine.
+.PP
+    \fIType:\fP null or signed integer
+.PP
+    \fIDefault:\fP \fB\fCnull\fR
+.PP
+    \fIDeclared by:\fP \fB\fC<confctl/nix/modules/cluster>\fR
+.TP
+\fB\fCcluster.<name>.carrier.machines.*.hostGenerations.maxAge\fR
+Delete generations older than
+\fB\fCcluster.<name>.carrier.machines.*.hostGenerations.maxAge\fR
+seconds from the machine. Old generations are deleted even
+if \fB\fCcluster.<name>.carrier.machines.*.hostGenerations.max\fR is
+not reached.
+.PP
+    \fIType:\fP null or signed integer
+.PP
+    \fIDefault:\fP \fB\fCnull\fR
+.PP
+    \fIDeclared by:\fP \fB\fC<confctl/nix/modules/cluster>\fR
+.TP
+\fB\fCcluster.<name>.carrier.machines.*.hostGenerations.min\fR
+The minimum number of generations to be kept on the machine.
+.PP
+    \fIType:\fP null or signed integer
+.PP
+    \fIDefault:\fP \fB\fCnull\fR
+.PP
+    \fIDeclared by:\fP \fB\fC<confctl/nix/modules/cluster>\fR
+.TP
+\fB\fCcluster.<name>.carrier.machines.*.labels\fR
+Optional user\-defined labels to classify the machine
+.PP
+    \fIType:\fP attribute set
+.PP
+    \fIDefault:\fP \fB\fC{ }\fR
+.PP
+    \fIDeclared by:\fP \fB\fC<confctl/nix/modules/cluster>\fR
+.TP
+\fB\fCcluster.<name>.carrier.machines.*.machine\fR
+Machine name
+.PP
+    \fIType:\fP string
+.PP
+    \fIDefault:\fP \fB\fCnull\fR
+.PP
+    \fIDeclared by:\fP \fB\fC<confctl/nix/modules/cluster>\fR
+.TP
+\fB\fCcluster.<name>.carrier.machines.*.tags\fR
+Optional user\-defined tags to classify the machine
+.PP
+    \fIType:\fP list of string
+.PP
+    \fIDefault:\fP \fB\fC[ ]\fR
+.PP
+    \fIDeclared by:\fP \fB\fC<confctl/nix/modules/cluster>\fR
+.TP
 \fB\fCcluster.<name>.healthChecks.builderCommands\fR
 Check commands run on the build machine
 .PP
@@ -1032,6 +1193,9 @@ Host name
 .TP
 \fB\fCcluster.<name>.host.target\fR
 Address/host to which the configuration is deployed to
+.IP
+Set to null if the machine is not deployable, e.g. when it is only used
+as a carried machine.
 .PP
     \fIType:\fP null or string
 .PP