futurile/guix-play
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

services: guix-build-coordinator: Rework authentication config.

Browse Source 
A new authentication approach has been added to the coordinator, so to better
represent the options, this commit changes the configuration to accept
different records, each for different authentication approaches.

* gnu/services/guix.scm (guix-build-coordinator-agent-configuration-uuid,
guix-build-coordinator-agent-configuration-password,
guix-build-coordinator-agent-configuration-password-file): Removed
procedures.
(guix-build-coordinator-agent-password-auth,
guix-build-coordinator-agent-password-auth?,
guix-build-coordinator-agent-password-auth-uuid,
guix-build-coordinator-agent-password-auth-password,
guix-build-coordinator-agent-password-file-auth,
guix-build-coordinator-agent-password-file-auth?,
guix-build-coordinator-agent-password-file-auth-uuid,
guix-build-coordinator-agent-password-file-auth-password-file): New
procedures.
(guix-build-coordinator-agent-shepherd-services): Adjust to handle the
authentication field and it's possible record values.
* doc/guix.texi (Guix Build Coordinator): Update documentation.
This commit is contained in:
Christopher Baines 2021-02-28 21:11:58 +00:00
parent 39efda1e1e
commit 7556130c2f
No known key found for this signature in database
GPG Key ID: 5E28A33B0B84F577
2 changed files with 74 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
doc/guix.texi
View File

@ -30962,18 +30962,9 @@ The system user to run the service as.
@item @code{coordinator} (default: @code{"http://localhost:8745"})
The URI to use when connecting to the coordinator.
@item @code{uuid}
The UUID of the agent. This should be generated by the coordinator
process, stored in the coordinator database, and used by the intended
agent.
@item @code{password} (default: @code{#f})
The password to use when connecting to the coordinator. A file to read
the password from can also be specified, and this is more secure.
@item @code{password-file} (default: @code{#f})
A file containing the password to use when connecting to the
coordinator.
@item @code{authentication}
Record describing how this agent should authenticate with the
coordinator. Possible record types are described below.
@item @code{systems} (default: @code{#f})
The systems for which this agent should fetch builds. The agent process
@ -30993,6 +30984,39 @@ input store items aren't already available.
@end table
@end deftp
@deftp {Data Type} guix-build-coordinator-agent-password-auth
Data type representing an agent authenticating with a coordinator via a
UUID and password.
@table @asis
@item @code{uuid}
The UUID of the agent. This should be generated by the coordinator
process, stored in the coordinator database, and used by the intended
agent.
@item @code{password}
The password to use when connecting to the coordinator.
@end table
@end deftp
@deftp {Data Type} guix-build-coordinator-agent-password-file-auth
Data type representing an agent authenticating with a coordinator via a
UUID and password read from a file.
@table @asis
@item @code{uuid}
The UUID of the agent. This should be generated by the coordinator
process, stored in the coordinator database, and used by the intended
agent.
@item @code{password-file}
A file containing the password to use when connecting to the
coordinator.
@end table
@end deftp
The Guix Build Coordinator package contains a script to query an
instance of the Guix Data Service for derivations to build, and then
submit builds for those derivations to the coordinator. The service

54
gnu/services/guix.scm
View File

@ -55,14 +55,22 @@
guix-build-coordinator-agent-configuration-package
guix-build-coordinator-agent-configuration-user
guix-build-coordinator-agent-configuration-coordinator
guix-build-coordinator-agent-configuration-uuid
guix-build-coordinator-agent-configuration-password
guix-build-coordinator-agent-configuration-password-file
guix-build-coordinator-agent-configuration-authentication
guix-build-coordinator-agent-configuration-systems
guix-build-coordinator-agent-configuration-max-parallel-builds
guix-build-coordinator-agent-configuration-derivation-substitute-urls
guix-build-coordinator-agent-configuration-non-derivation-substitute-urls
guix-build-coordinator-agent-password-auth
guix-build-coordinator-agent-password-auth?
guix-build-coordinator-agent-password-auth-uuid
guix-build-coordinator-agent-password-auth-password
guix-build-coordinator-agent-password-file-auth
guix-build-coordinator-agent-password-file-auth?
guix-build-coordinator-agent-password-file-auth-uuid
guix-build-coordinator-agent-password-file-auth-password-file
guix-build-coordinator-agent-service-type
guix-build-coordinator-queue-builds-configuration
@ -132,11 +140,7 @@
(default "guix-build-coordinator-agent"))
(coordinator guix-build-coordinator-agent-configuration-coordinator
(default "http://localhost:8745"))
(uuid guix-build-coordinator-agent-configuration-uuid)
(password guix-build-coordinator-agent-configuration-password
(default #f))
(password-file guix-build-coordinator-agent-configuration-password-file
(default #f))
(authentication guix-build-coordinator-agent-configuration-authentication)
(systems guix-build-coordinator-agent-configuration-systems
(default #f))
(max-parallel-builds
@ -149,6 +153,21 @@
guix-build-coordinator-agent-configuration-non-derivation-substitute-urls
(default #f)))
(define-record-type* <guix-build-coordinator-agent-password-auth>
guix-build-coordinator-agent-password-auth
make-guix-build-coordinator-agent-password-auth
guix-build-coordinator-agent-password-auth?
(uuid guix-build-coordinator-agent-password-auth-uuid)
(password guix-build-coordinator-agent-password-auth-password))
(define-record-type* <guix-build-coordinator-agent-password-file-auth>
guix-build-coordinator-agent-password-file-auth
make-guix-build-coordinator-agent-password-file-auth
guix-build-coordinator-agent-password-file-auth?
(uuid guix-build-coordinator-agent-password-file-auth-uuid)
(password-file
guix-build-coordinator-agent-password-file-auth-password-file))
(define-record-type* <guix-build-coordinator-queue-builds-configuration>
guix-build-coordinator-queue-builds-configuration
make-guix-build-coordinator-queue-builds-configuration
@ -326,7 +345,7 @@
(define (guix-build-coordinator-agent-shepherd-services config)
(match-record config <guix-build-coordinator-agent-configuration>
(package user coordinator uuid password password-file max-parallel-builds
(package user coordinator authentication max-parallel-builds
derivation-substitute-urls non-derivation-substitute-urls
systems)
(list
@ -337,13 +356,16 @@
(start #~(make-forkexec-constructor
(list #$(file-append package "/bin/guix-build-coordinator-agent")
#$(string-append "--coordinator=" coordinator)
#$(string-append "--uuid=" uuid)
#$@(if password
#~(#$(string-append "--password=" password))
#~())
#$@(if password-file
#~(#$(string-append "--password-file=" password-file))
#~())
#$@(match authentication
(($ <guix-build-coordinator-agent-password-auth>
uuid password)
#~(#$(string-append "--uuid=" uuid)
#$(string-append "--password=" password)))
(($ <guix-build-coordinator-agent-password-file-auth>
uuid password-file)
#~(#$(string-append "--uuid=" uuid)
#$(string-append "--password-file="
password-file))))
#$(simple-format #f "--max-parallel-builds=~A"
max-parallel-builds)
#$@(if derivation-substitute-urls