Rethinking how service extensions work

  • Open
  • quality assurance status badge
Details
3 participants
  • Liliana Marie Prikler
  • Ludovic Courtès
  • Bruno Victal
Owner
unassigned
Submitted by
Bruno Victal
Severity
normal
B
B
Bruno Victal wrote on 8 Jan 2023 13:31
(name . bug-guix)(address . bug-guix@gnu.org)
a720e5dc-bcec-6b36-56dd-19738101c785@makinata.eu
Hi all,

The current situation with services in Guix is that service extensions do not care about dependencies.
This can result in cryptic errors as seen in [1].

In [1], the issue arises from using activation-service-type to create files/directories for services
when these should be either (1) shepherd one-shot services or moved into the 'start' procedure of the service.
'activation-service-type' should only be used for doing things "listed on its label", that is, performing
actions at boot-time or after a system reconfigure.

But both solutions (1) and (2) are still not enough as the directories themselves might not yet
be available and the services must be aware of this fact and wait for them to be ready. One example
would be a network dependent mount or a simple service that mounts a volume such as:

Toggle snippet (18 lines)
(simple-service 'mount-overlayfs shepherd-root-service-type
(list (shepherd-service (requirement '(foo-mount))
(provision '(overlayfs-foo))
(documentation "Mount OverlayFS.")
(one-shot? #t)
(start (let ((util-linux (@ (gnu packages linux) util-linux)))
#~(lambda _
(system* #$(file-append util-linux "/bin/mount")
"-t" "overlay"
"-o" (string-append "noatime,nodev,noexec,ro,"
"lowerdir="
(string-join '("/srv/foo/overlays/top-layer"
"/srv/foo/overlays/layer2"
"/srv/foo/overlays/layer1"
"/media/foo-base") ":"))
"none" "/media/foo" )))))))

This example also means that it's untenable to just look into the file-systems field entries and attempt
to intelligently discover which paths are required for the services and add them as dependencies (another hole to this idea
is that overlayfs and some fuse filesystems can mount over the same path).

I've proposed in [2] for the service procedure to accept optional arguments, these could be of interest in solving this problem.
Another place we should look at is how systemd manages its service dependencies, with the 'Wants', 'After', 'Before', 'RequiresMountsFor', etc. [3]
directives. These could potentially be implemented and used alongside [2].

Such changes might also imply that a UI change in herd is required to handle the structured information or to avoid cluttering it with too
much "noise".


B
B
Bruno Victal wrote on 24 Jan 2023 18:31
(address . 60657@debbugs.gnu.org)
10e6cd1e-644c-b02c-e0a6-bcb110dbd5f1@makinata.eu
On 2023-01-08 12:31, Bruno Victal wrote:
Toggle quote (3 lines)
> (...) the issue arises from using activation-service-type to create files/directories for services
> when these should be either (1) shepherd one-shot services or moved into the 'start' procedure of the service.

Idea:
Instead of moving these procedures into the start procedure from shepherd-service and end up with a very
large start constructor, we could augment <shepherd-service> with a 'pre-start' field that is responsible for
setting up the initial conditions for the service. That is, we move most of the code in the activation-service-type extensions
into this 'pre-start' field. We could also consider if it would make sense adding post-start, pre-stop and post-stop fields.


Cheers,
Bruno
L
L
Ludovic Courtès wrote on 25 Feb 2023 18:46
(name . Bruno Victal)(address . mirai@makinata.eu)(address . 60657@debbugs.gnu.org)
87pm9xy6xh.fsf@gnu.org
Hi Bruno,

Bruno Victal <mirai@makinata.eu> skribis:

Toggle quote (2 lines)
> The current situation with services in Guix is that service extensions do not care about dependencies.

This is the result of “services” being unrelated to “Shepherd services”,
as noted in the manual (info "(guix) Services").

Toggle quote (9 lines)
> This can result in cryptic errors as seen in [1].
>
> [1] https://issues.guix.gnu.org/57589#12
>
> In [1], the issue arises from using activation-service-type to create files/directories for services
> when these should be either (1) shepherd one-shot services or moved into the 'start' procedure of the service.
> 'activation-service-type' should only be used for doing things "listed on its label", that is, performing
> actions at boot-time or after a system reconfigure.

Right.

As we once discussed on IRC, the conclusion to me is that some of the
code currently implemented as activation snippets should rather be
implemented either as part of the ‘start’ method of the corresponding
Shepherd service, or as a one-shot Shepherd service that the main
service would depend on.

Toggle quote (21 lines)
> But both solutions (1) and (2) are still not enough as the directories themselves might not yet
> be available and the services must be aware of this fact and wait for them to be ready. One example
> would be a network dependent mount or a simple service that mounts a volume such as:
>
> (simple-service 'mount-overlayfs shepherd-root-service-type
> (list (shepherd-service (requirement '(foo-mount))
> (provision '(overlayfs-foo))
> (documentation "Mount OverlayFS.")
> (one-shot? #t)
> (start (let ((util-linux (@ (gnu packages linux) util-linux)))
> #~(lambda _
> (system* #$(file-append util-linux "/bin/mount")
> "-t" "overlay"
> "-o" (string-append "noatime,nodev,noexec,ro,"
> "lowerdir="
> (string-join '("/srv/foo/overlays/top-layer"
> "/srv/foo/overlays/layer2"
> "/srv/foo/overlays/layer1"
> "/media/foo-base") ":"))
> "none" "/media/foo" )))))))

Note that this should prolly be declared as a ‘file-system’ rather than
as a custom service. That way, it would get a “standard” Shepherd
service.

There are cases where we add explicit dependencies on
‘file-system-/media/foo’ or similar. <file-system> has a ‘dependencies’
field specifically for this purpose (info "(guix) File Systems").

Would that work for you?

HTH,
Ludo’.
B
B
Bruno Victal wrote on 9 May 2023 21:12
(name . Ludovic Courtès)(address . ludo@gnu.org)(address . 60657@debbugs.gnu.org)
ef567f51-d348-bdc2-0f8e-f019cd3c7c92@makinata.eu
Hi Ludo’,

On 2023-02-25 17:46, Ludovic Courtès wrote:
Toggle quote (14 lines)
> Bruno Victal <mirai@makinata.eu> skribis:
>> In [1], the issue arises from using activation-service-type to create files/directories for services
>> when these should be either (1) shepherd one-shot services or moved into the 'start' procedure of the service.
>> 'activation-service-type' should only be used for doing things "listed on its label", that is, performing
>> actions at boot-time or after a system reconfigure.
>
> Right.
>
> As we once discussed on IRC, the conclusion to me is that some of the
> code currently implemented as activation snippets should rather be
> implemented either as part of the ‘start’ method of the corresponding
> Shepherd service, or as a one-shot Shepherd service that the main
> service would depend on.

I think moving them into the ‘start’ method is the best course of action.
I'm considering the following changes:
* Adding (gnu build activation) to %default-imported-modules + %default-modules in (gnu services shepherd).
I expect that mkdir-p/perms is going to be used frequently enough, using the number of activation-service
extensions in use as a rough estimate.
* Refactor the activation extensions into the ‘start’ method, where it makes sense to do so.


There's one issue I'm somewhat concerned about, consider the following snippet:

Toggle snippet (11 lines)
(define log-directory "/var/log")
(define username "notroot")

(start
#~(lambda _
(mkdir-p/perms #$log-directory (getpw #$username) #o750)
...))


This is somewhat pitfall prone since you most likely don't want to chown /var/log to a non-root user.
I'm unsure what's the best course to take here, would a simple file-exist? check before mkdir-p/perms be sufficient?

In either case, with or without refactoring this issue is already present (but in activation-service extensions)
so it's no worse than the status quo.

Toggle quote (27 lines)
>> (simple-service 'mount-overlayfs shepherd-root-service-type
>> (list (shepherd-service (requirement '(foo-mount))
>> (provision '(overlayfs-foo))
>> (documentation "Mount OverlayFS.")
>> (one-shot? #t)
>> (start (let ((util-linux (@ (gnu packages linux) util-linux)))
>> #~(lambda _
>> (system* #$(file-append util-linux "/bin/mount")
>> "-t" "overlay"
>> "-o" (string-append "noatime,nodev,noexec,ro,"
>> "lowerdir="
>> (string-join '("/srv/foo/overlays/top-layer"
>> "/srv/foo/overlays/layer2"
>> "/srv/foo/overlays/layer1"
>> "/media/foo-base") ":"))
>> "none" "/media/foo" )))))))
>
> Note that this should prolly be declared as a ‘file-system’ rather than
> as a custom service. That way, it would get a “standard” Shepherd
> service.
>
> There are cases where we add explicit dependencies on
> ‘file-system-/media/foo’ or similar. <file-system> has a ‘dependencies’
> field specifically for this purpose (info "(guix) File Systems").
>
> Would that work for you?

Unfortunately OverlayFS is filtered out from fstab by Guix (reported #60246) and the dependencies field IMO is too restrictive,
there should be a (sane) way to pass shepherd service symbols too. (for cases where a file system depends on 'networking or
depends on a particular interface e.g. NFS mount that uses a IPv6 link-local address)


Cheers,
Bruno
L
L
Liliana Marie Prikler wrote on 10 May 2023 21:57
(address . 60657@debbugs.gnu.org)
5502762865d23b85dd133821904008344b3c6602.camel@gmail.com
Am Dienstag, dem 09.05.2023 um 20:12 +0100 schrieb Bruno Victal:
Toggle quote (53 lines)
> Hi Ludo’,
>
> On 2023-02-25 17:46, Ludovic Courtès wrote:
> > Bruno Victal <mirai@makinata.eu> skribis:
> > > In [1], the issue arises from using activation-service-type to
> > > create files/directories for services
> > > when these should be either (1) shepherd one-shot services or
> > > moved into the 'start' procedure of the service.
> > > 'activation-service-type' should only be used for doing things
> > > "listed on its label", that is, performing
> > > actions at boot-time or after a system reconfigure.
> >
> > Right.
> >
> > As we once discussed on IRC, the conclusion to me is that some of
> > the
> > code currently implemented as activation snippets should rather be
> > implemented either as part of the ‘start’ method of the
> > corresponding
> > Shepherd service, or as a one-shot Shepherd service that the main
> > service would depend on.
>
> I think moving them into the ‘start’ method is the best course of
> action.
> I'm considering the following changes:
> * Adding (gnu build activation) to %default-imported-modules +
> %default-modules in (gnu services shepherd).
>   I expect that mkdir-p/perms is going to be used frequently enough,
> using the number of activation-service
>   extensions in use as a rough estimate.
> * Refactor the activation extensions into the ‘start’ method, where
> it makes sense to do so.
>
>
> There's one issue I'm somewhat concerned about, consider the
> following snippet:
>
> --8<---------------cut here---------------start------------->8---
>
> (define log-directory "/var/log")
> (define username "notroot")
>
> (start
>  #~(lambda _
>     (mkdir-p/perms #$log-directory (getpw #$username) #o750)
>     ...))
>
> --8<---------------cut here---------------end--------------->8---
>
> This is somewhat pitfall prone since you most likely don't want to
> chown /var/log to a non-root user.
> I'm unsure what's the best course to take here, would a simple file-
> exist? check before mkdir-p/perms be sufficient?
I think this question highlights perfectly why one-shot services (or
perhaps an as-of yet unknown type of services) are the way to go: With
clearly named services for the creation of directories, you don't need
to worry about creating some file with the wrong permissions as the
owner is already predetermined. You also don't need mkdir-p; you
simply depend on the mkdir-#$(dirname my-directory) service.


Cheers
L
L
Ludovic Courtès wrote on 11 May 2023 12:22
(name . Bruno Victal)(address . mirai@makinata.eu)(address . 60657@debbugs.gnu.org)
8735436ubr.fsf@gnu.org
Hi Bruno,

Bruno Victal <mirai@makinata.eu> skribis:

Toggle quote (2 lines)
> On 2023-02-25 17:46, Ludovic Courtès wrote:

[...]

Toggle quote (13 lines)
>> As we once discussed on IRC, the conclusion to me is that some of the
>> code currently implemented as activation snippets should rather be
>> implemented either as part of the ‘start’ method of the corresponding
>> Shepherd service, or as a one-shot Shepherd service that the main
>> service would depend on.
>
> I think moving them into the ‘start’ method is the best course of action.
> I'm considering the following changes:
> * Adding (gnu build activation) to %default-imported-modules + %default-modules in (gnu services shepherd).
> I expect that mkdir-p/perms is going to be used frequently enough, using the number of activation-service
> extensions in use as a rough estimate.
> * Refactor the activation extensions into the ‘start’ method, where it makes sense to do so.

OK. Cosmetic considerations: how about adding a ‘pre-start’ field in
<shepherd-service>? That would allow us to keep the “setup” bit
visually separate from the actual ‘start’ method, even if under the hood
they get “merged” together:

(shepherd-service
;; …
(pre-start #~(mkdir-p "/whatever"))
(start #~(make-forkexec-constructor …)))

Toggle quote (14 lines)
> There's one issue I'm somewhat concerned about, consider the following snippet:
>
>
> (define log-directory "/var/log")
> (define username "notroot")
>
> (start
> #~(lambda _
> (mkdir-p/perms #$log-directory (getpw #$username) #o750)
> ...))
>
> This is somewhat pitfall prone since you most likely don't want to chown /var/log to a non-root user.
> I'm unsure what's the best course to take here, would a simple file-exist? check before mkdir-p/perms be sufficient?

We ensure /var/log exists before anything else—see ‘directives’ in (gnu
build install).

If we want an extra safety, we can add a real activation snippet that
does (mkdir-p "/var/log"), with the understanding that it would notably
run at boot time before shepherd is started.

Toggle quote (3 lines)
> In either case, with or without refactoring this issue is already present (but in activation-service extensions)
> so it's no worse than the status quo.

Right.

Toggle quote (14 lines)
>> Note that this should prolly be declared as a ‘file-system’ rather than
>> as a custom service. That way, it would get a “standard” Shepherd
>> service.
>>
>> There are cases where we add explicit dependencies on
>> ‘file-system-/media/foo’ or similar. <file-system> has a ‘dependencies’
>> field specifically for this purpose (info "(guix) File Systems").
>>
>> Would that work for you?
>
> Unfortunately OverlayFS is filtered out from fstab by Guix (reported #60246) and the dependencies field IMO is too restrictive,
> there should be a (sane) way to pass shepherd service symbols too. (for cases where a file system depends on 'networking or
> depends on a particular interface e.g. NFS mount that uses a IPv6 link-local address)

Sure, we could make these changes. Let’s discuss it separately?

Thanks,
Ludo’.
?