mirror of
git://git.savannah.gnu.org/guix/maintenance.git
synced 2023-12-14 03:33:04 +01:00
Using execl causes the run-job mcron forked guile process to be hijacked and the lost of some output annotation. * doc/infra-handbook.org (Btrfs balance mcron job): Replace execl with system* and drop first argument. * hydra/berlin.scm (btrfs-balance-job): Likewise. * hydra/deploy-node-129.scm (btrfs-balance-job): Likewise. * hydra/milano-guix-1.scm (btrfs-balance-job): Likewise. * hydra/modules/sysadmin/overdrive.scm (btrfs-balance-job): Likewise. * hydra/monokuma.scm (btrfs-balance-job): Likewise.
208 lines
7.4 KiB
Scheme
208 lines
7.4 KiB
Scheme
;;; Commentary;
|
||
;;;
|
||
;;; This machine uses a server identical to Berlin (a Dell PowerEdge
|
||
;;; R430 server) and serves a dual purpose:
|
||
;;;
|
||
;;; 1. act as a regular Berlin build machine
|
||
;;;
|
||
;;; 2. be available as a fall-back to Berlin in case of problems
|
||
;;;
|
||
;;; TODO: Implement service redundancy with Berlin.
|
||
;;;
|
||
;;; FIXME: Re-deploying must happen from Berlin, due to bug #46760.
|
||
;;;
|
||
;;; To update its operating system, make sure you are a sysadmin
|
||
;;; defined in the 'berlin-new-build-machine-os' procedure in
|
||
;;; (sysadmin build-machines). You can request another current
|
||
;;; sysadmin to commit the change and re-deploy it. Then you should
|
||
;;; be able to do the following, from your personal 'maintenance'
|
||
;;; checkout on Berlin:
|
||
;;;
|
||
;;; $ guix deploy -L modules deploy-node-129.scm
|
||
;;;
|
||
|
||
(use-modules (gnu bootloader)
|
||
(gnu bootloader grub)
|
||
(gnu packages linux)
|
||
(gnu services base)
|
||
(gnu services mcron)
|
||
(gnu services ssh)
|
||
(gnu system file-systems)
|
||
(guix gexp)
|
||
(sysadmin build-machines))
|
||
|
||
(define %ip-address "141.80.167.186")
|
||
|
||
;;; XXX: Copied from berlin-nodes.scm.
|
||
(define %authorized-guix-keys
|
||
;; List of authorized 'guix archive' keys.
|
||
(list (local-file "keys/guix/berlin.guixsd.org-export.pub")))
|
||
|
||
(define %btrfs-raid-uuid "64a837b7-b9dc-4b64-ba95-712ba4032c71")
|
||
|
||
(define %common-btrfs-options '(("compress" . "zstd")
|
||
("space_cache" . "v2")
|
||
"degraded"))
|
||
|
||
;;; Top-level Btrfs subvolume.
|
||
(define %btrfs-pool
|
||
(file-system
|
||
(device (uuid %btrfs-raid-uuid))
|
||
(mount-point "/mnt/btrfs-pool")
|
||
(create-mount-point? #t)
|
||
(type "btrfs")
|
||
(options (alist->file-system-options
|
||
(cons '("subvolid" . "5")
|
||
%common-btrfs-options)))))
|
||
|
||
(define (btrfs-subvolume-mount name mount-point)
|
||
"Return a file system to mount the Btrfs subvolume NAME at MOUNT-POINT."
|
||
(file-system
|
||
(device (uuid %btrfs-raid-uuid))
|
||
(mount-point mount-point)
|
||
(create-mount-point? #t)
|
||
(type "btrfs")
|
||
(options (alist->file-system-options
|
||
(cons (cons "subvol" name)
|
||
%common-btrfs-options)))))
|
||
|
||
(define btrfs-balance-job
|
||
;; Re-allocate chunks which are using less than 5% of their chunk
|
||
;; space, to regain Btrfs 'unallocated' space. The usage is kept
|
||
;; low (5%) to minimize wear on the SSD. Runs at 5 AM every 3 days.
|
||
#~(job '(next-hour-from (next-day (range 1 31 3)) '(5))
|
||
(lambda ()
|
||
(system* #$(file-append btrfs-progs "/bin/btrfs")
|
||
"balance" "start" "-dusage=5" "/"))
|
||
"btrfs-balance"))
|
||
|
||
(define %multipath.conf
|
||
(plain-file "multipath.conf"
|
||
"\
|
||
defaults {
|
||
user_friendly_names \"yes\"
|
||
find_multipaths \"yes\"
|
||
}
|
||
blacklist {
|
||
devnode \"!^(sd[a-z]|dasd[a-z]|nvme[0-9])\"
|
||
device {
|
||
vendor \".*\"
|
||
product \".*\"
|
||
}
|
||
}
|
||
# allow only Dell Compelent volumes
|
||
blacklist_exceptions {
|
||
device {
|
||
vendor \"COMPELNT\"
|
||
product \"Compellent Vol\"
|
||
}
|
||
}
|
||
devices {
|
||
device {
|
||
vendor \"COMPELNT\"
|
||
product \"Compellent Vol\"
|
||
path_grouping_policy \"group_by_prio\"
|
||
failback \"immediate\"
|
||
no_path_retry \"queue\"
|
||
}
|
||
}
|
||
"))
|
||
|
||
|
||
(define node-129-os
|
||
(let ((base-os (berlin-new-build-machine-os
|
||
129
|
||
#:authorized-guix-keys %authorized-guix-keys
|
||
#:emulated-architectures '("ppc64le")
|
||
#:childhurd? (childhurd-ip? %ip-address)
|
||
#:systems '("x86_64-linux" "i686-linux")
|
||
#:max-jobs 4
|
||
#:max-cores 24)))
|
||
(operating-system
|
||
(inherit base-os)
|
||
(bootloader
|
||
(bootloader-configuration
|
||
(inherit (operating-system-bootloader base-os)) ;efi bootloader
|
||
(targets (list "/boot/efi" "/boot/efi2" "/boot/efi3"
|
||
"/boot/efi4" "/boot/efi5" ))))
|
||
(packages
|
||
(cons* multipath-tools
|
||
(operating-system-packages base-os)))
|
||
(file-systems (cons*
|
||
(file-system
|
||
(mount-point "/boot/efi")
|
||
(device (uuid "B19B-79B3" 'fat)) ;/dev/sda2
|
||
(type "vfat"))
|
||
(file-system
|
||
(mount-point "/boot/efi2")
|
||
(device (uuid "B1E1-D315" 'fat)) ;/dev/sdb2
|
||
(type "vfat"))
|
||
(file-system
|
||
(mount-point "/boot/efi3")
|
||
(device (uuid "B1FA-76F0" 'fat)) ;/dev/sdc2
|
||
(type "vfat"))
|
||
(file-system
|
||
(mount-point "/boot/efi4")
|
||
(device (uuid "FC8E-0264" 'fat)) ;/dev/sdd2
|
||
(type "vfat"))
|
||
(file-system
|
||
(mount-point "/boot/efi5")
|
||
(device (uuid "FCDB-FA3A" 'fat)) ;/dev/sde2
|
||
(type "vfat"))
|
||
(btrfs-subvolume-mount "@root" "/")
|
||
(btrfs-subvolume-mount "@etc" "/etc")
|
||
(btrfs-subvolume-mount "@home" "/home")
|
||
(btrfs-subvolume-mount "@cache" "/var/cache")
|
||
(btrfs-subvolume-mount "@log" "/var/log")
|
||
(btrfs-subvolume-mount "@secrets" "/secrets")
|
||
(btrfs-subvolume-mount "@srv" "/srv")
|
||
%btrfs-pool
|
||
%base-file-systems))
|
||
(services
|
||
(cons* (simple-service 'etc-multipath.conf
|
||
etc-service-type
|
||
(list `("multipath.conf" ,%multipath.conf)))
|
||
(modify-services (operating-system-user-services base-os)
|
||
(mcron-service-type
|
||
config => (mcron-configuration
|
||
(inherit config)
|
||
(jobs (cons btrfs-balance-job
|
||
(mcron-configuration-jobs config)))))
|
||
(static-networking-service-type
|
||
networks =>
|
||
(cons (static-networking
|
||
(addresses (list
|
||
;; This is a publicly accessible IP, to
|
||
;; allow accessing the Guix MDC network
|
||
;; via this machine when Berlin is down.
|
||
(network-address
|
||
(device "eno2")
|
||
(value "141.80.181.41/24"))
|
||
;; This gives the machine access to the
|
||
;; iDRAC network, so that it can access
|
||
;; Berlin's iDRAC for example.
|
||
(network-address
|
||
(device "eno4")
|
||
(value "141.80.167.251/26"))))
|
||
(provision '(backdoor))) ;required else car error
|
||
networks))
|
||
(openssh-service-type
|
||
config => (openssh-configuration
|
||
(inherit config)
|
||
;; Only accept public key authentication for
|
||
;; enhanced security.
|
||
(password-authentication? #f))))))
|
||
(swap-devices '())))) ;cannot do swap on Btrfs RAID
|
||
|
||
(list
|
||
(machine
|
||
(operating-system node-129-os)
|
||
(environment managed-host-environment-type)
|
||
(configuration
|
||
(machine-ssh-configuration
|
||
(host-name %ip-address)
|
||
(user (getenv "USER"))
|
||
(build-locally? #t)
|
||
(host-key "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEKtRABWvMsfq4Om16CLMpP9qbaJj83blA+K82SnZd6R")
|
||
(system "x86_64-linux")))))
|