From b33e1a183f6756514e6b6a3b84054a232dbddad4 Mon Sep 17 00:00:00 2001 From: Oleg Pykhalov Date: Sat, 2 Jul 2022 13:41:06 +0300 Subject: services: docker: Fix race condition. Fixes . * gnu/packages/patches/containerd-create-pid-file.patch: New file. * gnu/local.mk (dist_patch_DATA): Add this. * gnu/packages/docker.scm (containerd)[source]: Add this patch. * gnu/services/docker.scm (containerd-shepherd-service): Add #:pid-file and #:pid-file-timeout. * gnu/services/docker.scm (docker-shepherd-service): Add --containerd flag. Signed-off-by: Maxim Cournoyer --- gnu/services/docker.scm | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'gnu/services') diff --git a/gnu/services/docker.scm b/gnu/services/docker.scm index 846ebe8334..741bab5a8c 100644 --- a/gnu/services/docker.scm +++ b/gnu/services/docker.scm @@ -98,6 +98,8 @@ loop-back communications.") ;; For finding containerd-shim binary. #:environment-variables (list (string-append "PATH=" #$containerd "/bin")) + #:pid-file "/run/containerd/containerd.pid" + #:pid-file-timeout 300 #:log-file "/var/log/containerd.log")) (stop #~(make-kill-destructor))))) @@ -135,7 +137,8 @@ loop-back communications.") '("--userland-proxy=false")) (if #$enable-iptables? "--iptables" - "--iptables=false")) + "--iptables=false") + "--containerd" "/run/containerd/containerd.sock") #:environment-variables (list #$@environment-variables) #:pid-file "/var/run/docker.pid" -- cgit v1.2.3 From 6a2a8ca1f5560c37cdf20cbbac972db64a9dbac9 Mon Sep 17 00:00:00 2001 From: Timotej Lazar Date: Fri, 15 Jul 2022 07:56:06 +0200 Subject: gnu: tests: Fix guix-data-service test. Since revision 32, guix-data-service starts immediately but returns an HTTP error code until initialization is complete. Adjust the test accordingly, and remove the increased startup time limit. * gnu/services/guix.scm (guix-data-service): Use default #:pid-file-timeout. * gnu/tests/guix.scm (guix-data-service): Retry the http-get test several times to give the service time to initialize. Signed-off-by: Christopher Baines --- gnu/services/guix.scm | 2 -- gnu/tests/guix.scm | 21 +++++++++++++++------ 2 files changed, 15 insertions(+), 8 deletions(-) (limited to 'gnu/services') diff --git a/gnu/services/guix.scm b/gnu/services/guix.scm index 338e027245..dac1e5841a 100644 --- a/gnu/services/guix.scm +++ b/gnu/services/guix.scm @@ -652,8 +652,6 @@ ca-certificates.crt file in the system profile." #:user #$user #:group #$group #:pid-file "/var/run/guix-data-service/pid" - ;; Allow time for migrations to run - #:pid-file-timeout 120 #:environment-variables `(,(string-append "GUIX_LOCPATH=" #$glibc-utf8-locales "/lib/locale") diff --git a/gnu/tests/guix.scm b/gnu/tests/guix.scm index a4c3e35e5d..ad0980a10c 100644 --- a/gnu/tests/guix.scm +++ b/gnu/tests/guix.scm @@ -222,14 +222,23 @@ host all all ::1/128 trust")))))) ((pid) (number? pid)))))) marionette)) + ;; The service starts immediately but replies with status 500 until + ;; initialization is complete, so keep trying for a while. + (define (try-http-get attempts) + (let ((status + (let-values (((response text) + (http-get #$(simple-format + #f "http://localhost:~A/healthcheck" + forwarded-port)))) + (response-code response)))) + (if (or (= status 200) (<= attempts 1)) + status + (begin (sleep 5) + (try-http-get (- attempts 1)))))) + (test-equal "http-get" 200 - (let-values - (((response text) - (http-get #$(simple-format - #f "http://localhost:~A/healthcheck" forwarded-port) - #:decode-body? #t))) - (response-code response))) + (try-http-get 12)) (test-end)))) -- cgit v1.2.3 From fb868cd7794f15e21298e5bdea996fbf0dad17ca Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Tue, 19 Jul 2022 16:26:53 +0200 Subject: services: tor: Switch to 'least-authority-wrapper'. * gnu/services/networking.scm (tor-configuration->torrc): Remove "User" and "PidFile". (tor-shepherd-service): Use 'least-authority-wrapper' and 'make-forkexec-constructor' instead of 'make-forkexec-constructor/container'. --- gnu/services/networking.scm | 47 +++++++++++++++++++++++++++------------------ 1 file changed, 28 insertions(+), 19 deletions(-) (limited to 'gnu/services') diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm index a9560db66b..b555c46040 100644 --- a/gnu/services/networking.scm +++ b/gnu/services/networking.scm @@ -918,9 +918,7 @@ applications in communication. It is used by Jami, for example."))) (lambda (port) (display "\ ### These lines were generated from your system configuration: -User tor DataDirectory /var/lib/tor -PidFile /var/run/tor/tor.pid Log notice syslog\n" port) (when (eq? 'unix '#$socks-socket-type) (display "\ @@ -960,7 +958,25 @@ HiddenServicePort ~a ~a~%" "Return a running Tor." (match config (($ tor) - (let ((torrc (tor-configuration->torrc config))) + (let* ((torrc (tor-configuration->torrc config)) + (tor (least-authority-wrapper + (file-append tor "/bin/tor") + #:name "tor" + #:mappings (list (file-system-mapping + (source "/var/lib/tor") + (target source) + (writable? #t)) + (file-system-mapping + (source "/dev/log") ;for syslog + (target source)) + (file-system-mapping + (source "/var/run/tor") + (target source) + (writable? #t)) + (file-system-mapping + (source torrc) + (target source))) + #:namespaces (delq 'net %namespaces)))) (with-imported-modules (source-module-closure '((gnu build shepherd) (gnu system file-systems))) @@ -974,22 +990,15 @@ HiddenServicePort ~a ~a~%" (modules '((gnu build shepherd) (gnu system file-systems))) - (start #~(make-forkexec-constructor/container - (list #$(file-append tor "/bin/tor") "-f" #$torrc) - - #:log-file "/var/log/tor.log" - #:mappings (list (file-system-mapping - (source "/var/lib/tor") - (target source) - (writable? #t)) - (file-system-mapping - (source "/dev/log") ;for syslog - (target source)) - (file-system-mapping - (source "/var/run/tor") - (target source) - (writable? #t))) - #:pid-file "/var/run/tor/tor.pid")) + ;; XXX: #:pid-file won't work because the wrapped 'tor' + ;; program would print its PID within the user namespace + ;; instead of its actual PID outside. There's no inetd or + ;; systemd socket activation support either (there's + ;; 'sd_notify' though), so we're stuck with that. + (start #~(make-forkexec-constructor + (list #$tor "-f" #$torrc) + #:user "tor" #:group "tor" + #:log-file "/var/log/tor.log")) (stop #~(make-kill-destructor)) (documentation "Run the Tor anonymous network overlay.")))))))) -- cgit v1.2.3