guix deploy Error reading from the channel

DoneSubmitted by Jérémy Korwin-Zmijowski.
Details
2 participants
  • Jérémy Korwin-Zmijowski
  • Ludovic Courtès
Owner
unassigned
Severity
normal
J
J
Jérémy Korwin-Zmijowski wrote on 2 Dec 2020 01:14
(address . bug-guix@gnu.org)
046761441ee840be6d6bd4c9defe10291eee687d.camel@korwin-zmijowski.fr
Hello Guixters,
I am trying to deploy a system on DigitalOcean droplet using `guixdeploy`. But I am facing the following issue :
$ guix deploy ynm-machine-declaration.scm La (1) machine suivante sera déployée : ynm
guix deploy: déploiement vers ynm... ;;; [2020/12/02 00:15:48.683027, 0] read_from_channel_port: [GSSH ERROR] Error reading from the channel: #<unknown channel (freed) 7f3ca3ef80a0>
Then I decided to Ctrl-C the process.

Sometimes I did ssh to the target to see if I can see proof that thingswere doing ok (for example if the infect script is created in the tmpdirectory...). And I noticed I had to delete the ssh key of the targeton my laptop to ssh again...
ssh-keygen -f "/home/jeko/.ssh/known_hosts" -R "159.89.21.175"
Then, on the target machine guix seems to be installed. I am able torun `guix pull`. But the packages I wanted to be globally installedwere missing.
On the laptop I deployed from:
$ guix --version guix (GNU Guix) d848b6caab973f6191143360ca53787a19c5e6e4 Copyright © 2020 les auteurs de Guix Licence GPLv3+ : GNU GPL version 3 ou ultérieure < http://www.gnu.org/licenses/gpl.fr.html Ceci est un logiciel libre : vous êtes libre de le modifier et de le redistribuer. Il n'y a AUCUNE GARANTIE, dans les limites permises par la loi.
On the droplet after guix pull:
# guix --version guix (GNU Guix) 04b83678653fda3c66e600e88f54f5108290ec1c Copyright (C) 2020 the Guix authors License GPLv3+: GNU GPL version 3 or later < http://gnu.org/licenses/gpl.html This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law.
I have no clue how to provide more info (logs, traces, …) but I wouldbe very happy to do so if anyone can lead me a bit on that.
Cheers,
Jeko
(add-to-load-path (getcwd)) (use-modules (gnu) (ynm-system-decalaration)) ;; (machine ;; (operating-system %ynm-system-decalaration) ;; (environment managed-host-environment-type) ;; (configuration (machine-ssh-configuration ;; (host-name "yournextmeal.tech") ;; (host-key "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGXArluyIh9+8Nooz9a7LoQV8ree1jpFLMvp7wPsgiMO root@yournextmeal.tech") ;; (system "x86_64-linux") ;; (user "root") ;; (identity "/home/jeko/.ssh/id_ed25519.pub") ;; (port 2222)))) (list (machine (operating-system %ynm-system-decalaration) (environment digital-ocean-environment-type) (configuration (digital-ocean-configuration (region "fra1") (size "s-1vcpu-1gb") (ssh-key "/home/jeko/.ssh/id_rsa") (tags (list "guix" "ynm")) (enable-ipv6? #f)))))
(define-module (ynm-system-decalaration)) (use-modules (gnu) (gnu services)) (use-service-modules ssh networking) (use-package-modules screen ssh certs version-control) (define-public %ynm-system-decalaration (operating-system (host-name "ynm") (timezone "Europe/Paris") (locale "fr_FR.utf8") (packages (cons* screen git nss-certs %base-packages)) (bootloader (bootloader-configuration (bootloader grub-bootloader) (target "/dev/vda"))) (file-systems (cons (file-system (mount-point "/") (device "/dev/vda1") (type "ext4")) %base-file-systems)) (initrd-modules (append (list "virtio_scsi") %base-initrd-modules)) (services (append (list (service dhcp-client-service-type) (service openssh-service-type (openssh-configuration (openssh openssh-sans-x) (permit-root-login 'without-password) (authorized-keys `(("root" ,(local-file "/home/jeko/.ssh/id_rsa.pub")))) (port-number 2222)))) (modify-services %base-services (guix-service-type ynm-config => (guix-configuration (inherit ynm-config) (authorized-keys (append (list (local-file "/etc/guix/signing-key.pub")) %default-authorized-guix-keys))))))))) %ynm-system-decalaration
L
L
Ludovic Courtès wrote on 3 Dec 2020 17:45
(name . Jérémy Korwin-Zmijowski)(address . jeremy@korwin-zmijowski.fr)(address . 44999@debbugs.gnu.org)
871rg6et2y.fsf@gnu.org
Hi Jérémy,
Jérémy Korwin-Zmijowski <jeremy@korwin-zmijowski.fr> skribis:
Toggle quote (14 lines)> I am trying to deploy a system on DigitalOcean droplet using `guix> deploy`. But I am facing the following issue :>> $ guix deploy ynm-machine-declaration.scm > La (1) machine suivante sera d.ploy.e :> ynm>> guix deploy: d.ploiement vers ynm...> ;;; [2020/12/02 00:15:48.683027, 0] read_from_channel_port: [GSSH> ERROR] Error reading from the channel: #<unknown channel (freed)> 7f3ca3ef80a0>>> Then I decided to Ctrl-C the process.
Does it fail like this every time?
Your message suggests deployment on the droplet eventually succeededsince you were able to run ‘guix pull’ there, is that correct?
Thanks,Ludo’.
J
J
Jérémy Korwin-Zmijowski wrote on 4 Dec 2020 15:53
(name . Ludovic Courtès)(address . ludo@gnu.org)(address . 44999@debbugs.gnu.org)
da75f61aed6311c767bbf0eb384da2c7c4734ee5.camel@korwin-zmijowski.fr
Le jeudi 03 décembre 2020 à 17:45 +0100, Ludovic Courtès a écrit :
Toggle quote (8 lines)> Does it fail like this every time?> > Your message suggests deployment on the droplet eventually succeeded> since you were able to run ‘guix pull’ there, is that correct?> > Thanks,> Ludo’.
Hello Ludo !
I made some more attempts. I was unable to reproduce the previousscenario… Looks like with my ssh connections I put myself in anexceptionnal situation.
All I got is `guix deploy` running forever (I let it more than 2 hours)
$ guix deploy ynm-droplet-declaration.scm La (1) machine suivante sera déployée : ynm1607086083
guix deploy: déploiement vers ynm1607086083...
I have to kill it myself. There is no guix on the target system.
As soon as I get some time I will try to determine where it stops.
Jérémy
L
L
Ludovic Courtès wrote on 17 Dec 2020 12:37
(name . Jérémy Korwin-Zmijowski)(address . jeremy@korwin-zmijowski.fr)(address . 44999@debbugs.gnu.org)
87eejok6ix.fsf@gnu.org
Hi Jérémy,
Jérémy Korwin-Zmijowski <jeremy@korwin-zmijowski.fr> skribis:
Toggle quote (16 lines)> I made some more attempts. I was unable to reproduce the previous> scenario… Looks like with my ssh connections I put myself in an> exceptionnal situation.>> All I got is `guix deploy` running forever (I let it more than 2 hours)>> $ guix deploy ynm-droplet-declaration.scm> La (1) machine suivante sera déployée :> ynm1607086083>> guix deploy: déploiement vers ynm1607086083...>> I have to kill it myself. There is no guix on the target system.>> As soon as I get some time I will try to determine where it stops.
Did it eventually succeed? Or do you keep hitting hangs?
Thanks,Ludo’.
J
J
Jérémy Korwin-Zmijowski wrote on 17 Dec 2020 14:20
(name . Ludovic Courtès)(address . ludo@gnu.org)(address . 44999@debbugs.gnu.org)
02995ae7c6c68a77e1f3b15351b64115d90ada47.camel@korwin-zmijowski.fr
Hey Ludo' !
Thank you for asking !
I apologize to have not taken the time to investigate on this(understand: put 'pk' commands everywhere haha. I don't know what elseto do).
Just did a retry. The command line still hangs with :
$ guix deploy ynm-droplet-declaration.scm La (1) machine suivante sera déployée : kitchen
guix deploy: déploiement vers kitchen...
The droplet is created with the right hostname (kitchen in ynm / 1 GBMemory / 25 GB Disk / FRA1 - Debian 9 x64)
So I SSH to the machine and ran some commands :
$ ssh root@165.22.28.15 -p 22 -i /home/jeko/.ssh/id_rsa.pubThe authenticity of host '165.22.28.15 (165.22.28.15)' can't beestablished.ECDSA key fingerprint isSHA256:7dACwKdFtebnZB/vs/pMcChgsp3yoITOvATZFtXki+c.Are you sure you want to continue connecting (yes/no/[fingerprint])?yesWarning: Permanently added '165.22.28.15' (ECDSA) to the list of knownhosts.Linux kitchen 4.9.0-13-amd64 #1 SMP Debian 4.9.228-1 (2020-07-05)x86_64
The programs included with the Debian GNU/Linux system are freesoftware;the exact distribution terms for each program are described in theindividual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extentpermitted by applicable law.# ls /root/guix-binary-1.0.1.x86_64-linux.tar.xz# ls /tmp/guix-infect.sh var# guix --versionguix (GNU Guix) 1.0.1Copyright (C) 2019 the Guix authorsLicense GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.htmlThis is free software: you are free to change and redistribute it.There is NO WARRANTY, to the extent permitted by law.
While I was writing this message, I've been disconnected from SSH
root@kitchen:~# Connection to 165.22.28.15 closed by remote host. Connection to 165.22.28.15 closed.
And the following trace appeared on the hanging deploy command
;;; [2020/12/17 14:10:55.445770, 0] read_from_channel_port: [GSSH ERROR] Error reading from the channel: #<unknown channel (freed) 7f2cf28b86c0>
If I want to SSH again to the machine, I get this message :
$ ssh root@165.22.28.15 -p 22 -i /home/jeko/.ssh/id_rsa.pub @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that a host key has just been changed. The fingerprint for the ECDSA key sent by the remote host is SHA256:52FacP3UGfdq4zggEVW5cbCzlbqSepkZhki5qMo0bnQ. Please contact your system administrator. Add correct host key in /home/jeko/.ssh/known_hosts to get rid of this message. Offending ECDSA key in /home/jeko/.ssh/known_hosts:36 remove with: ssh-keygen -f "/home/jeko/.ssh/known_hosts" -R "165.22.28.15" ECDSA host key for 165.22.28.15 has changed and you have requested strict checking. Host key verification failed.
That's all I can bring on the table right know !
To be continued…
Jérémy
L
L
Ludovic Courtès wrote on 16 Jan 15:24 +0100
control message for bug #44999
(address . control@debbugs.gnu.org)
87bldpyn60.fsf@gnu.org
tags 44999 + moreinfoquit
J
J
Jérémy Korwin-Zmijowski wrote on 23 Jul 23:33 +0200
Re: bug#44999: guix deploy Error reading from the channel
(name . Ludovic Courtès)(address . ludo@gnu.org)(address . 44999@debbugs.gnu.org)
386d99fa-0e2c-7e4b-d8eb-edde0f1d820d@korwin-zmijowski.fr
Hi !
With more recent Guix version the error is slightly different.
I think we could close this issue.
I will open a new one later.
Jérémy
Attachment: file
Attachment: OpenPGP_signature
L
L
Ludovic Courtès wrote on 25 Jul 19:01 +0200
(name . Jérémy Korwin-Zmijowski)(address . jeremy@korwin-zmijowski.fr)(address . 44999-done@debbugs.gnu.org)
87k0le9vk9.fsf@gnu.org
Hi,
Jérémy Korwin-Zmijowski <jeremy@korwin-zmijowski.fr> skribis:
Toggle quote (6 lines)> With more recent Guix version the error is slightly different.>> I think we could close this issue.>> I will open a new one later.
Alright, closing this one.
Ludo’.
Closed
?
Your comment

Commenting via the web interface is currently disabled.

To comment on this conversation send email to 44999@debbugs.gnu.org