Age | Commit message (Collapse) | Author | Files | Lines |
|
These are too difficult to implement via nix-store --serve.
‘--show-progress’ could be re-implemented fairly easily via a
sink/source wrapper class.
|
|
|
|
|
|
|
|
|
|
This makes things more efficient (we don't need to use an SSH master
connection, and we only start a single remote process) and gets rid of
locking issues (the remote nix-store process will keep inputs and
outputs locked as long as they're needed).
It also makes it more or less secure to connect directly to the root
account on the build machine, using a forced command
(e.g. ‘command="nix-store --serve --write"’). This bypasses the Nix
daemon and is therefore more efficient.
Also, don't call nix-store to import the output paths.
|
|
It's kinda pointless to check substituters on the remote side, since
we just checked them locally.
|
|
This reverts commit 69b8f9980f39c14a59365a188b300a34d625a2cd.
The timeout should be enforced remotely. Otherwise, if the garbage
collector is running either locally or remotely, if will block the
build or closure copying for some time. If the garbage collector
takes too long, the build may time out, which is not what we want.
Also, on heavily loaded systems, copying large paths to and from the
remote machine can take a long time, also potentially resulting in a
timeout.
|
|
|
|
The "$UID != 0" makes no sense: if the local side has write access to
the Nix store (which is always the case) then it doesn't matter if
we're root - we can import unsigned paths either way.
|
|
|
|
Fixes #120.
|
|
|
|
Otherwise it will set the parent's stdin to non-blocking mode, causing
the subsequent read of the set of inputs/outputs to fail randomly.
That's insane.
|
|
Before selecting a machine, build-remote.pl will try to run the
command "nix-builds-inhibited" on the machine. If this command exists
and returns a 0 exit code, then the machine won't be used. It's up to
the user to provide this command, but it would typically be a script
that checks whether there is enough disk space and whether the load is
not too high.
|
|
|
|
Don't pass --timeout / --max-silent-time to the remote builder.
Instead, let the local Nix process terminate the build if it exceeds a
timeout. The remote builder will be killed as a side-effect. This
gives better error reporting (since the timeout message from the
remote side wasn't properly propagated) and handles non-Nix problems
like SSH hangs.
|
|
This reverts commit 28bba8c44f484eae38e8a15dcec73cfa999156f6.
|
|
|
|
‘--option verbosity 0’ doesn't actually do anything.
|
|
|
|
Note that this will only work if the client has a very recent Nix
version (post 15e1b2c223494ecb5efefc3ea0e3b926a6b1d7dc), otherwise the
--option flag will just be ignored.
Fixes #50.
|
|
This handles the chroot and build hook cases, which are easy.
Supporting the non-chroot-build case will require more work (hash
rewriting!).
Issue #21.
|
|
Mandatory features are features that MUST be present in a derivation's
requiredSystemFeatures attribute. One application is performance
testing, where we have a dedicated machine to run performance tests
(and nothing else). Then we would add the label "perf" to the
machine's mandatory features and to the performance testing
derivations.
|
|
|
|
In the build hook, don't wait forever to get the upload lock. This
ensures progress if another process gets stuck while holding the
upload lock.
|
|
readable to other users. Otherwise, any user can open the lock file
for reading and lock it, thus DoSing the remote build mechanism.
|
|
closure to a given machine at the same time. This prevents the case
where multiple instances try to copy the same missing store path to
the target machine, which is very wasteful.
|
|
|
|
‘nix-store --export’.
* Add a Perl module that provides the functionality of
‘nix-copy-closure --to’. This is used by build-remote.pl so it no
longer needs to start a separate nix-copy-closure process. Also, it
uses the Perl API to do the export, so it doesn't need to start a
separate nix-store process either. As a result, nix-copy-closure
and build-remote.pl should no longer fail on very large closures due
to an "Argument list too long" error. (Note that having very many
dependencies in a single derivation can still fail because the
environment can become too large. Can't be helped though.)
|
|
|
|
|
|
failure. The build hook can use this to distinguish between
transient and permanent failures on the remote side.
|
|
|
|
on OpenSolaris when using connection sharing. Instead have
the remote side check for disconnection and kill the process
group when that happens.
|
|
set.
* In the build hook, print a trace message to allow Hydra to pick up
the name of the remote machine used for the build.
|
|
hook script proper, and the stdout/stderr of the builder. Only the
latter should be saved in /nix/var/log/nix/drvs.
* Allow the verbosity to be set through an option.
* Added a flag --quiet to lower the verbosity level.
|
|
it requires a certain feature on the build machine, e.g.
requiredSystemFeatures = [ "kvm" ];
We need this in Hydra to make sure that builds that require KVM
support are forwarded to machines that have KVM support. Probably
this should also be enforced for local builds.
|
|
the hook every time we want to ask whether we can run a remote build
(which can be very often), we now reuse a hook process for answering
those queries until it accepts a build. So if there are N
derivations to be built, at most N hooks will be started.
|
|
|
|
output as GC roots. This prevents a race if the garbage collector
is running during the build.
|
|
substituters.
|
|
because otherwise the lock will be released at the end of the while
loop.
|
|
|
|
|
|
|
|
machines of the right type (if available). This makes the build
farm more robust to failures.
|
|
* Removed the Cygwin password hack since the problem is apparently
fixed in Visual Studio.
|
|
load on the Hydra build farm (where it's unnecessary anyway because
it has a fast connection to the build machines). In any case,
compression can be enabled by using the `-C' option to ssh.
|
|
Nix though.
|