From 6d6e8c3a56daf16252f78ede1db277853d33b807 Mon Sep 17 00:00:00 2001 From: Rob Vermaas Date: Wed, 5 Jun 2013 18:11:19 +0200 Subject: [PATCH 01/13] Use same configuration for S3 as for EBS backed images. --- maintainers/scripts/ec2/create-s3-amis.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/maintainers/scripts/ec2/create-s3-amis.sh b/maintainers/scripts/ec2/create-s3-amis.sh index 6608ebd51d60..1aaac2832394 100755 --- a/maintainers/scripts/ec2/create-s3-amis.sh +++ b/maintainers/scripts/ec2/create-s3-amis.sh @@ -1,7 +1,7 @@ #! /bin/sh -e nixos=$(nix-instantiate --find-file nixos) -export NIXOS_CONFIG=$nixos/modules/virtualisation/amazon-config.nix +export NIXOS_CONFIG=$(dirname $(readlink -f $0))/amazon-base-config.nix version=$(nix-instantiate --eval-only '' -A config.system.nixosVersion | sed s/'"'//g) echo "NixOS version is $version" From 4a40a1f86e6cf40187190d63e33bfbfd1ddc9e7a Mon Sep 17 00:00:00 2001 From: Rob Vermaas Date: Wed, 5 Jun 2013 18:12:20 +0200 Subject: [PATCH 02/13] Update to use NixOps in stead on charon, use copy_image method for copying to other regions. --- maintainers/scripts/ec2/create-ebs-amis.py | 56 +++++++++++++++------- 1 file changed, 38 insertions(+), 18 deletions(-) diff --git a/maintainers/scripts/ec2/create-ebs-amis.py b/maintainers/scripts/ec2/create-ebs-amis.py index 9f5ded304988..93971ac9504d 100755 --- a/maintainers/scripts/ec2/create-ebs-amis.py +++ b/maintainers/scripts/ec2/create-ebs-amis.py @@ -4,14 +4,16 @@ import os import sys import time import argparse -import charon.util -from charon import deployment +import nixops.util +from nixops import deployment from boto.ec2.blockdevicemapping import BlockDeviceMapping, BlockDeviceType +import boto.ec2 parser = argparse.ArgumentParser(description='Create an EBS-backed NixOS AMI') -parser.add_argument('--region', dest='region', required=True, help='EC2 region') -parser.add_argument('--keep', dest='keep', action='store_true', help='Keep Charon machine after use') +parser.add_argument('--region', dest='region', required=True, help='EC2 region to create the image in') +parser.add_argument('--keep', dest='keep', action='store_true', help='Keep NixOps machine after use') parser.add_argument('--hvm', dest='hvm', action='store_true', help='Create HVM image') +parser.add_argument('--key', dest='key_name', action='store_true', help='Keypair used for HVM instance creation', default="rob") args = parser.parse_args() instance_type = "cc1.4xlarge" if args.hvm else "m1.small" @@ -67,7 +69,7 @@ m.run_command("nix-channel --update") m.run_command("nixos-rebuild switch") version = m.run_command("nixos-version", capture_stdout=True).replace('"', '').rstrip() print >> sys.stderr, "NixOS version is {0}".format(version) -m.run_command("cp -f $(nix-instantiate --find-file nixos/modules/virtualisation/amazon-config.nix) /mnt/etc/nixos/configuration.nix") +m.upload_file("./amazon-base-config.nix", "/mnt/etc/nixos/configuration.nix") m.run_command("nixos-install") if args.hvm: m.run_command('cp /mnt/nix/store/*-grub-0.97*/lib/grub/i386-pc/* /mnt/boot/grub') @@ -98,24 +100,24 @@ volume = m._conn.get_all_volumes([], filters={'attachment.instance-id': m.resour if args.hvm: instance = m._conn.run_instances( image_id="ami-6a9e4503" , instance_type=instance_type - , key_name=key_name + , key_name=args.key_name , placement=m.zone , security_groups=["eelco-test"]).instances[0] - charon.util.check_wait(lambda: instance.update() == 'running', max_tries=120) + nixops.util.check_wait(lambda: instance.update() == 'running', max_tries=120) instance.stop() - charon.util.check_wait(lambda: instance.update() == 'stopped', max_tries=120) + nixops.util.check_wait(lambda: instance.update() == 'stopped', max_tries=120) old_root_volume = m._conn.get_all_volumes([], filters={'attachment.instance-id': instance.id, 'attachment.device': "/dev/sda1"})[0] old_root_volume.detach() volume.detach() - charon.util.check_wait(lambda: volume.update() == 'available', max_tries=120) - charon.util.check_wait(lambda: old_root_volume.update() == 'available', max_tries=120) + nixops.util.check_wait(lambda: volume.update() == 'available', max_tries=120) + nixops.util.check_wait(lambda: old_root_volume.update() == 'available', max_tries=120) volume.attach(instance.id, '/dev/sda1') - charon.util.check_wait(lambda: volume.update() == 'in-use', max_tries=120) + nixops.util.check_wait(lambda: volume.update() == 'in-use', max_tries=120) ami_id = m._conn.create_image(instance.id, ami_name, description) time.sleep(5) image = m._conn.get_all_images([ami_id])[0] - charon.util.check_wait(lambda: image.update() == 'available', max_tries=120) + nixops.util.check_wait(lambda: image.update() == 'available', max_tries=120) instance.terminate() else: @@ -123,7 +125,7 @@ else: snapshot = volume.create_snapshot(description=description) print >> sys.stderr, "created snapshot {0}".format(snapshot.id) - charon.util.check_wait(check, max_tries=120) + nixops.util.check_wait(check, max_tries=120) m._conn.create_tags([snapshot.id], {'Name': ami_name}) @@ -160,7 +162,6 @@ print >> sys.stderr, "making image public..." image = m._conn.get_all_images(image_ids=[ami_id])[0] image.set_launch_permissions(user_ids=[], group_names=["all"]) - # Do a test deployment to make sure that the AMI works. f = open("ebs-test.nix", "w") f.write( @@ -190,11 +191,30 @@ test_depl.name = "ebs-creator-test" test_depl.nix_exprs = [os.path.abspath("./ebs-test.nix")] test_depl.deploy(create_only=True) test_depl.machines['machine'].run_command("nixos-version") + +if args.hvm: + image_type = 'hvm' +else: + image_type = 'ebs' + +# Log the AMI ID. +f = open("{0}.{1}.ami-id".format(args.region, image_type), "w") +f.write("{0}".format(ami_id)) +f.close() + +for dest in [ 'us-east-1', 'us-west-1', 'us-west-2', 'eu-west-1']: + if args.region != dest: + print >> sys.stderr, "copying image from region {0} to {1}".format(args.region, dest) + conn = boto.ec2.connect_to_region(dest) + copy_image = conn.copy_image(args.region, ami_id, ami_name, description=None, client_token=None) + + # Log the AMI ID. + f = open("{0}.{1}.ami-id".format(dest, image_type), "w") + f.write("{0}".format(copy_image.image_id)) + f.close() + + if not args.keep: test_depl.destroy_resources() test_depl.delete() -# Log the AMI ID. -f = open("{0}.ebs.ami-id".format(args.region), "w") -f.write("{0}".format(ami_id)) -f.close() From b3f04718cf6a73655997d214944ef0220eb01f5d Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Tue, 11 Jun 2013 12:10:58 +0200 Subject: [PATCH 03/13] Use stable Nix by default --- modules/services/misc/nix-daemon.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/services/misc/nix-daemon.nix b/modules/services/misc/nix-daemon.nix index 8f1bfd3ccaad..f3ebf0a34188 100644 --- a/modules/services/misc/nix-daemon.nix +++ b/modules/services/misc/nix-daemon.nix @@ -54,7 +54,7 @@ in options = { environment.nix = mkOption { - default = pkgs.nixUnstable; + default = pkgs.nix; merge = mergeOneOption; description = '' This option specifies the Nix package instance to use throughout the system. From 4b0d6a0759eae6c692b5ed9e7b2262929b4dc8ad Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Tue, 11 Jun 2013 16:15:24 +0200 Subject: [PATCH 04/13] nscd: Restart if /etc/hosts changes --- modules/services/system/nscd.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/services/system/nscd.nix b/modules/services/system/nscd.nix index 22f507f39d74..e8534b120435 100644 --- a/modules/services/system/nscd.nix +++ b/modules/services/system/nscd.nix @@ -52,6 +52,8 @@ in mkdir -m 0755 -p /var/db/nscd ''; + restartTriggers = [ config.environment.etc.hosts.source ]; + serviceConfig = { ExecStart = "@${pkgs.glibc}/sbin/nscd nscd -f ${./nscd.conf}"; Type = "forking"; From 7cf23a740d1aa09b277244f8295141a5a9756b14 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Wed, 12 Jun 2013 14:23:33 +0200 Subject: [PATCH 05/13] Update the default binary cache URL to cache.nixos.org --- modules/services/misc/nix-daemon.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/services/misc/nix-daemon.nix b/modules/services/misc/nix-daemon.nix index f3ebf0a34188..4563336a5bc7 100644 --- a/modules/services/misc/nix-daemon.nix +++ b/modules/services/misc/nix-daemon.nix @@ -220,7 +220,7 @@ in }; binaryCaches = mkOption { - default = [ http://nixos.org/binary-cache ]; + default = [ http://cache.nixos.org/ ]; type = types.listOf types.string; description = '' List of binary cache URLs used to obtain pre-built binaries From bf28d5c109b8ae7dca06c0f01787c23be704ff1e Mon Sep 17 00:00:00 2001 From: aszlig Date: Thu, 13 Jun 2013 01:56:09 +0200 Subject: [PATCH 06/13] zabbix-server: Add PID file to systemd config. This is to avoid (in some cases) constant restarting of the Zabbix server, which causes odds bugs and crashes in the exit handler (if it's too early during startup). Signed-off-by: aszlig --- modules/services/monitoring/zabbix-server.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/services/monitoring/zabbix-server.nix b/modules/services/monitoring/zabbix-server.nix index df42071ebba0..806aaf4f90a4 100644 --- a/modules/services/monitoring/zabbix-server.nix +++ b/modules/services/monitoring/zabbix-server.nix @@ -100,6 +100,7 @@ in serviceConfig.Type = "forking"; serviceConfig.Restart = "always"; serviceConfig.RestartSec = 2; + serviceConfig.PIDFile = pidFile; }; }; From 89904709510971003c58bf41a8fd28780fc45da6 Mon Sep 17 00:00:00 2001 From: aszlig Date: Thu, 13 Jun 2013 02:28:23 +0200 Subject: [PATCH 07/13] apache-httpd/zabbix: Allow custom configFile. If option is left by its default value, behaviour is the same as before, using the configuration file created by the web interface. Signed-off-by: aszlig --- .../web-servers/apache-httpd/zabbix.nix | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/modules/services/web-servers/apache-httpd/zabbix.nix b/modules/services/web-servers/apache-httpd/zabbix.nix index 6191d63584a9..b485279b3710 100644 --- a/modules/services/web-servers/apache-httpd/zabbix.nix +++ b/modules/services/web-servers/apache-httpd/zabbix.nix @@ -11,10 +11,11 @@ let # we could generate zabbix.conf.php declaratively. zabbixPHP = pkgs.runCommand "${pkgs.zabbix.server.name}-php" {} '' - cp -rs ${pkgs.zabbix.server}/share/zabbix/php $out + cp -rs ${pkgs.zabbix.server}/share/zabbix/php "$out" chmod -R u+w $out - #rm -rf $out/conf - ln -s ${config.stateDir}/zabbix.conf.php $out/conf/zabbix.conf.php + ln -s "${if config.configFile == null + then "${config.stateDir}/zabbix.conf.php" + else config.configFile}" "$out/conf/zabbix.conf.php" ''; in @@ -57,6 +58,16 @@ in "; }; + configFile = pkgs.lib.mkOption { + default = null; + type = with pkgs.lib.types; nullOr path; + description = '' + The configuration file (zabbix.conf.php) which contains the database + connection settings. If not set, the configuration settings will created + by the web installer. + ''; + }; + stateDir = pkgs.lib.mkOption { default = "/var/lib/zabbix/frontend"; description = " From a5c6a36466f6dd65e91aaa56e9b3818bd968b490 Mon Sep 17 00:00:00 2001 From: aszlig Date: Thu, 13 Jun 2013 02:31:35 +0200 Subject: [PATCH 08/13] apache-httpd/zabbix: Set max_input_time. At least the Zabbix 2.x web installer requires max_input_time to be set to 300 seconds. As it doesn't hurt to set it for the 1.x versions, I'm including it here. Signed-off-by: aszlig --- modules/services/web-servers/apache-httpd/zabbix.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/services/web-servers/apache-httpd/zabbix.nix b/modules/services/web-servers/apache-httpd/zabbix.nix index b485279b3710..a6e6042fdf6d 100644 --- a/modules/services/web-servers/apache-httpd/zabbix.nix +++ b/modules/services/web-servers/apache-httpd/zabbix.nix @@ -28,6 +28,7 @@ in '' post_max_size = 32M max_execution_time = 300 + max_input_time = 300 ''; extraConfig = '' From 62d52826021431b2008fb16153ea0bc5f17a325f Mon Sep 17 00:00:00 2001 From: aszlig Date: Thu, 13 Jun 2013 02:40:46 +0200 Subject: [PATCH 09/13] zabbix-server: Make it easier to use peer auth. Quoting from the manual about DBHost: ``` In case of MySQL localhost or empty string results in using a socket. In case of PostgreSQL only empty string results in attempt to use socket. ``` https://www.zabbix.com/documentation/2.0/manual/appendix/config/zabbix_server With this commit we should avoid some race conditions in systemd, because if the host is set to "", there is no condition that postgresql has to be started prior to the Zabbix server. Signed-off-by: aszlig --- modules/services/monitoring/zabbix-server.nix | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/modules/services/monitoring/zabbix-server.nix b/modules/services/monitoring/zabbix-server.nix index 806aaf4f90a4..60c1f914fb78 100644 --- a/modules/services/monitoring/zabbix-server.nix +++ b/modules/services/monitoring/zabbix-server.nix @@ -34,6 +34,8 @@ let ''} ''; + useLocalPostgres = cfg.dbServer == "localhost" || cfg.dbServer == ""; + in { @@ -51,7 +53,10 @@ in services.zabbixServer.dbServer = mkOption { default = "localhost"; - description = "Hostname or IP address of the database server."; + description = '' + Hostname or IP address of the database server. + Use an empty string ("") to use peer authentication. + ''; }; services.zabbixServer.dbPassword = mkOption { @@ -65,7 +70,7 @@ in config = mkIf cfg.enable { - services.postgresql.enable = cfg.dbServer == "localhost"; + services.postgresql.enable = useLocalPostgres; users.extraUsers = singleton { name = "zabbix"; @@ -77,7 +82,7 @@ in { description = "Zabbix Server"; wantedBy = [ "multi-user.target" ]; - after = optional (cfg.dbServer == "localhost") "postgresql.service"; + after = optional useLocalPostgres "postgresql.service"; preStart = '' From 3bf12106352c86773fc31d4a10a7c58ef39c3f14 Mon Sep 17 00:00:00 2001 From: aszlig Date: Thu, 13 Jun 2013 03:29:29 +0200 Subject: [PATCH 10/13] zabbix-server: Swap order of database population. Starting with Zabbix 2.0 the order of data imports is important[*] and will lead to errors if not done in the right order. Zabbix 1.8 works fine with the swapped order as well, so this change shouldn't affect any pre-2.0 users. [*] https://www.zabbix.com/documentation/2.0/manual/appendix/install/db_scripts Signed-off-by: aszlig --- modules/services/monitoring/zabbix-server.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/services/monitoring/zabbix-server.nix b/modules/services/monitoring/zabbix-server.nix index 60c1f914fb78..6735b4ca3279 100644 --- a/modules/services/monitoring/zabbix-server.nix +++ b/modules/services/monitoring/zabbix-server.nix @@ -93,8 +93,8 @@ in ${pkgs.postgresql}/bin/createuser --no-superuser --no-createdb --no-createrole zabbix || true ${pkgs.postgresql}/bin/createdb --owner zabbix zabbix || true cat ${pkgs.zabbix.server}/share/zabbix/db/schema/postgresql.sql | ${pkgs.su}/bin/su -s "$SHELL" zabbix -c '${pkgs.postgresql}/bin/psql zabbix' - cat ${pkgs.zabbix.server}/share/zabbix/db/data/data.sql | ${pkgs.su}/bin/su -s "$SHELL" zabbix -c '${pkgs.postgresql}/bin/psql zabbix' cat ${pkgs.zabbix.server}/share/zabbix/db/data/images_pgsql.sql | ${pkgs.su}/bin/su -s "$SHELL" zabbix -c '${pkgs.postgresql}/bin/psql zabbix' + cat ${pkgs.zabbix.server}/share/zabbix/db/data/data.sql | ${pkgs.su}/bin/su -s "$SHELL" zabbix -c '${pkgs.postgresql}/bin/psql zabbix' touch "${libDir}/db-created" fi ''; From 80c5b807d29dca9824bd31a21b72bde5283611fa Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Fri, 14 Jun 2013 13:49:25 +0200 Subject: [PATCH 11/13] Fix tree toggles in VM tests --- lib/test-driver/log2html.xsl | 32 ++++++++++++++++---------------- lib/testing.nix | 2 -- 2 files changed, 16 insertions(+), 18 deletions(-) diff --git a/lib/test-driver/log2html.xsl b/lib/test-driver/log2html.xsl index 0123fc537606..8e907d85ffac 100644 --- a/lib/test-driver/log2html.xsl +++ b/lib/test-driver/log2html.xsl @@ -9,8 +9,8 @@ - - + +