The drvpath^out syntax is only part of `nix build', not `nix-build',
which still produces the outPath as it did before, but errors out if
attempted to be called in the same way as `nix build'.
printing what node caused an error is very useful for debugging
build or deployment failures, especially when deploying to several
nodes at the same time
Problem: When profile activation confirmation fails due to
confirmation timeout and performs a rollback, zero exit code is
returned. Such a behavior is confusing since rollback usually means
something went wrong during deployment and it shouldn't return
successful exit code.
Solution: Explicitly return confirmation waiting error instead of
printing it and silently signalizing success.
Problem: Currently profile activation waiting timeout is hardcoded to
240 seconds, see https://github.com/serokell/deploy-rs/pull/48.
In some cases, this timeout can be exceeded (e.g.
activation performs a heavy DB migration and waits for it to finish
before considering the profile activation succesful).
Solution: Make this timeout configurable via 'activationTimeout' deploy
attribute or corresponding '--activation-timeout' CLI option. For the
sake of backward compatibility, the new 'wait' subcommand
'--activation-timeout' option is made optional and defaults to 240
seconds if it wasn't provided.
Problem: Since https://github.com/NixOS/nix/pull/5226 nix profiles for
users are stored in 'XDG_STATE_HOME' or 'HOME' directory. However,
'deploy-rs' still expects profiles to be present in
'/nix/var/nix/profiles/per-user'. As a result, an attempt to deploy a
profile with newer nix may fail with an error about non-existing files.
Solution: Instead of deducing the profile path prior to ssh'ing and
actual activation, deduce the path to the profile during as a part of
'activate-rs' invocation.
Now if the profile path is not specified explicitly as an attribute in
profile within the deploy flake, the path to the profile is determined
based on the user to which the profile belongs and on the values of
'XDG_STATE_HOME' and 'HOME' variables.
Additionally, if the old profile directory (in
'/nix/var/nix/profiles/per-user') for a given user already exists, it is
used instead for the sake of backward compatibility.
Problem: Since 2.15 nix no longer reference '.drv' as derivation
outputs. At the same time, nix before '2.13' doesn't support '.drv'
special suffix handling.
Solution: Provide '^out' suffix for the profile deriver in case
'nix path-info <...>.drv' returns the same '<...>.drv' path.
In other cases either an error about the build result not being present
in the /nix/store is returned or an actual build result path is
returned.
Problem: 'temp_path' and 'lock_path' are handled as 'String'.
This can be a problem when the 'temp_path' directory is a symlink
on the target system, e.g. this is the case with the default
'/tmp' and macOS, where this directory is actually a symlink to '/private/tmp'.
Solution: Handle 'temp_path' and 'lock_path' as actual Paths.
Also, canonicalize 'temp_path' to avoid canary file path mismatches when checking
filesystem events.
As a side effect, also update the 'notify' dependency to the latest stable version.
Problem: '--hostname' is ignored when used with '--remote-build'.
Solution: Account for 'data.deploy_data.cmd_overrides.hostname' when
building a profile remotely.
Try to build everything first before pushing to remotes. Since the build
is more likely to fail than the upload, if there is an error the deployment
will fail sooner and before uploading any potentially unusable configuration.
This can be useful when e.g. deploying a kernel update to a target host.
You usually plan a reboot (or kexec) after that to activate the new
kernel. However you don't want to wait for services to be restarted
first since these will be "restarted" anyways on the reboot. In cases
like GitLab or the Atlassian stack this actually makes a difference.
This patch changes the following things:
* If `--boot` is provided, `nix-env -p profile-to-activate --set` is
called for each deployed profile to make sure that it is activated
automatically after a reboot.
* However, the actual activation (e.g. `switch-to-configuration switch`)
is skipped. Instead:
* For NixOS, `switch-to-configuration boot` is called to set the new
profile as default in the bootloader.
* For everything else, nothing else is done. The profile is already
the new default (and thus picked up on the next boot).
Run multiple deployments in sequence
Resolve targets later
Extend context by deployed flake
Apply clippy suggestions
Add revoke command builder
Track succeeded deploys
Add revoke function
Register revoke error as deploy error
Prepare revoke command in activate
Extend logger to handle revoke
Implement revoke command client side
Run revoke on previously suceeded
Control whether to override by flag
Adhere profile configuration auto_rollback setting
Cargo fmt
Correctly provide profile path to activation script when revoking
Document multi flake mode in README
Resolve a typo in README.md
Co-authored-by: notgne2 <gen2@gen2.space>
Use existing teminology
rename revoke_suceeded -> rollback_suceeded
Use more open CLI argument name `targets` instead of `flakes`
Document name changes in README
Add sudo command support for revokes
Call run_deploy with `dry_active` flag
Test revoke commands contains sudo
Set default temp_path in activate binary
Require temp_path for wait and activate subcommands
Add copyright comment
Address review change requests
Fix typo in README
Co-authored-by: Alexander Bantyev <balsoft@balsoft.ru>
Currently, we evaluate the `#deploy` output strictly. This means
- Longer eval times
- Extraneous evaluation errors with `--skip-checks`
- `-- --impure` even when the path we're currently deploying is pure
- etc.
With this change, evaluation happens lazily -- we only evaluate the nodes
and profiles we really need. It is only implemented for flaky Nix, and
it is on by default. To get the old behavior, one can specify
`--strict-eval`.
I have tested that this indeed dramatically increases evaluation speed
in all of our repos, and removes the need to deploy Agora with
`--impure`. Hooray!
