guix/maintenance
2
0
Fork 0
mirror of git://git.savannah.gnu.org/guix/maintenance.git synced 2023-12-14 03:33:04 +01:00
Code Issues Releases Wiki Activity
maintenance/hydra/deploy-node-129.scm
Maxim Cournoyer 7607878239
Replace execl with system* in mcron jobs. 
Using execl causes the run-job mcron forked guile process to be
hijacked and the lost of some output annotation.

* doc/infra-handbook.org (Btrfs balance mcron job): Replace execl with
system* and drop first argument.
* hydra/berlin.scm (btrfs-balance-job): Likewise.
* hydra/deploy-node-129.scm (btrfs-balance-job): Likewise.
* hydra/milano-guix-1.scm (btrfs-balance-job): Likewise.
* hydra/modules/sysadmin/overdrive.scm (btrfs-balance-job): Likewise.
* hydra/monokuma.scm (btrfs-balance-job): Likewise.
2022-11-28 22:37:11 -05:00

208 lines
7.4 KiB
Scheme
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

;;; Commentary;
;;;
;;; This machine uses a server identical to Berlin (a Dell PowerEdge
;;; R430 server) and serves a dual purpose:
;;;
;;; 1. act as a regular Berlin build machine
;;;
;;; 2. be available as a fall-back to Berlin in case of problems
;;;
;;; TODO: Implement service redundancy with Berlin.
;;;
;;; FIXME: Re-deploying must happen from Berlin, due to bug #46760.
;;;
;;; To update its operating system, make sure you are a sysadmin
;;; defined in the 'berlin-new-build-machine-os' procedure in
;;; (sysadmin build-machines). You can request another current
;;; sysadmin to commit the change and re-deploy it. Then you should
;;; be able to do the following, from your personal 'maintenance'
;;; checkout on Berlin:
;;;
;;; $ guix deploy -L modules deploy-node-129.scm
;;;
(use-modules (gnu bootloader)
(gnu bootloader grub)
(gnu packages linux)
(gnu services base)
(gnu services mcron)
(gnu services ssh)
(gnu system file-systems)
(guix gexp)
(sysadmin build-machines))
(define %ip-address "141.80.167.186")
;;; XXX: Copied from berlin-nodes.scm.
(define %authorized-guix-keys
;; List of authorized 'guix archive' keys.
(list (local-file "keys/guix/berlin.guixsd.org-export.pub")))
(define %btrfs-raid-uuid "64a837b7-b9dc-4b64-ba95-712ba4032c71")
(define %common-btrfs-options '(("compress" . "zstd")
("space_cache" . "v2")
"degraded"))
;;; Top-level Btrfs subvolume.
(define %btrfs-pool
(file-system
(device (uuid %btrfs-raid-uuid))
(mount-point "/mnt/btrfs-pool")
(create-mount-point? #t)
(type "btrfs")
(options (alist->file-system-options
(cons '("subvolid" . "5")
%common-btrfs-options)))))
(define (btrfs-subvolume-mount name mount-point)
"Return a file system to mount the Btrfs subvolume NAME at MOUNT-POINT."
(file-system
(device (uuid %btrfs-raid-uuid))
(mount-point mount-point)
(create-mount-point? #t)
(type "btrfs")
(options (alist->file-system-options
(cons (cons "subvol" name)
%common-btrfs-options)))))
(define btrfs-balance-job
;; Re-allocate chunks which are using less than 5% of their chunk
;; space, to regain Btrfs 'unallocated' space. The usage is kept
;; low (5%) to minimize wear on the SSD. Runs at 5 AM every 3 days.
#~(job '(next-hour-from (next-day (range 1 31 3)) '(5))
(lambda ()
(system* #$(file-append btrfs-progs "/bin/btrfs")
"balance" "start" "-dusage=5" "/"))
"btrfs-balance"))
(define %multipath.conf
(plain-file "multipath.conf"
"\
defaults {
user_friendly_names \"yes\"
find_multipaths \"yes\"
}
blacklist {
devnode \"!^(sd[a-z]|dasd[a-z]|nvme[0-9])\"
device {
vendor \".*\"
product \".*\"
}
}
# allow only Dell Compelent volumes
blacklist_exceptions {
device {
vendor \"COMPELNT\"
product \"Compellent Vol\"
}
}
devices {
device {
vendor \"COMPELNT\"
product \"Compellent Vol\"
path_grouping_policy \"group_by_prio\"
failback \"immediate\"
no_path_retry \"queue\"
}
}
"))
(define node-129-os
(let ((base-os (berlin-new-build-machine-os
129
#:authorized-guix-keys %authorized-guix-keys
#:emulated-architectures '("ppc64le")
#:childhurd? (childhurd-ip? %ip-address)
#:systems '("x86_64-linux" "i686-linux")
#:max-jobs 4
#:max-cores 24)))
(operating-system
(inherit base-os)
(bootloader
(bootloader-configuration
(inherit (operating-system-bootloader base-os)) ;efi bootloader
(targets (list "/boot/efi" "/boot/efi2" "/boot/efi3"
"/boot/efi4" "/boot/efi5" ))))
(packages
(cons* multipath-tools
(operating-system-packages base-os)))
(file-systems (cons*
(file-system
(mount-point "/boot/efi")
(device (uuid "B19B-79B3" 'fat)) ;/dev/sda2
(type "vfat"))
(file-system
(mount-point "/boot/efi2")
(device (uuid "B1E1-D315" 'fat)) ;/dev/sdb2
(type "vfat"))
(file-system
(mount-point "/boot/efi3")
(device (uuid "B1FA-76F0" 'fat)) ;/dev/sdc2
(type "vfat"))
(file-system
(mount-point "/boot/efi4")
(device (uuid "FC8E-0264" 'fat)) ;/dev/sdd2
(type "vfat"))
(file-system
(mount-point "/boot/efi5")
(device (uuid "FCDB-FA3A" 'fat)) ;/dev/sde2
(type "vfat"))
(btrfs-subvolume-mount "@root" "/")
(btrfs-subvolume-mount "@etc" "/etc")
(btrfs-subvolume-mount "@home" "/home")
(btrfs-subvolume-mount "@cache" "/var/cache")
(btrfs-subvolume-mount "@log" "/var/log")
(btrfs-subvolume-mount "@secrets" "/secrets")
(btrfs-subvolume-mount "@srv" "/srv")
%btrfs-pool
%base-file-systems))
(services
(cons* (simple-service 'etc-multipath.conf
etc-service-type
(list `("multipath.conf" ,%multipath.conf)))
(modify-services (operating-system-user-services base-os)
(mcron-service-type
config => (mcron-configuration
(inherit config)
(jobs (cons btrfs-balance-job
(mcron-configuration-jobs config)))))
(static-networking-service-type
networks =>
(cons (static-networking
(addresses (list
;; This is a publicly accessible IP, to
;; allow accessing the Guix MDC network
;; via this machine when Berlin is down.
(network-address
(device "eno2")
(value "141.80.181.41/24"))
;; This gives the machine access to the
;; iDRAC network, so that it can access
;; Berlin's iDRAC for example.
(network-address
(device "eno4")
(value "141.80.167.251/26"))))
(provision '(backdoor))) ;required else car error
networks))
(openssh-service-type
config => (openssh-configuration
(inherit config)
;; Only accept public key authentication for
;; enhanced security.
(password-authentication? #f))))))
(swap-devices '())))) ;cannot do swap on Btrfs RAID
(list
(machine
(operating-system node-129-os)
(environment managed-host-environment-type)
(configuration
(machine-ssh-configuration
(host-name %ip-address)
(user (getenv "USER"))
(build-locally? #t)
(host-key "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEKtRABWvMsfq4Om16CLMpP9qbaJj83blA+K82SnZd6R")
(system "x86_64-linux")))))
View git blame Copy permalink