Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

nixos/switch-to-configuration: restart changed socket units #50340

Closed
wants to merge 3 commits into from
Closed

nixos/switch-to-configuration: restart changed socket units #50340

wants to merge 3 commits into from

Conversation

fpletz
Copy link
Member

@fpletz fpletz commented Nov 14, 2018

Motivation for this change

Previously, socket units wouldn't be restarted if they were changed. To restart the socket, the service the socket is attached to needs to be stopped first before the socket can be restarted.

Discovered while converting fcgiwrap to full socket activation support and writing a test for it. These changes are also part of this PR as is the test that checks using fcgiwrap if sockets are properly restarted.

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nox --run "nox-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Fits CONTRIBUTING.md.

@fpletz
nixos/switch-to-configuration: restart changed socket units
e4cba5a 
Previously, socket units wouldn't be restarted if they were
changed. To restart the socket, the service the socket is attached
to needs to be stopped first before the socket can be restarted.
@fpletz
fcgiwrap module: switch to full socket activation
c282114
@fpletz
fcgiwrap: add patch to support changing workdir
c831e81
@fpletz fpletz force-pushed the fix/socket-change-activation branch from 795266e to c831e81 Compare November 14, 2018 03:25
@fpletz
Copy link
Member Author

fpletz commented Nov 14, 2018

@GrahamcOfBorg test fcgiwrap systemd

@GrahamcOfBorg
Copy link

No attempt on x86_64-linux (full log)

The following builds were skipped because they don't evaluate on x86_64-linux: tests.fcgiwrap, tests.systemd

Partial log (click to expand)

error: while evaluating 'recursiveUpdate' at /var/lib/gc-of-borg/.nix-test-rs/repo/38dca4e3aa6bca43ea96d2fcc04e8229/builder/rbvermaa-spot/lib/attrsets.nix:415:26, called from /var/lib/gc-of-borg/.nix-test-rs/repo/38dca4e3aa6bca43ea96d2fcc04e8229/builder/rbvermaa-spot/lib/attrsets.nix:148:28:
while evaluating 'recursiveUpdateUntil' at /var/lib/gc-of-borg/.nix-test-rs/repo/38dca4e3aa6bca43ea96d2fcc04e8229/builder/rbvermaa-spot/lib/attrsets.nix:384:37, called from /var/lib/gc-of-borg/.nix-test-rs/repo/38dca4e3aa6bca43ea96d2fcc04e8229/builder/rbvermaa-spot/lib/attrsets.nix:416:5:
while evaluating 'zipAttrsWith' at /var/lib/gc-of-borg/.nix-test-rs/repo/38dca4e3aa6bca43ea96d2fcc04e8229/builder/rbvermaa-spot/lib/attrsets.nix:347:21, called from /var/lib/gc-of-borg/.nix-test-rs/repo/38dca4e3aa6bca43ea96d2fcc04e8229/builder/rbvermaa-spot/lib/attrsets.nix:394:8:
while evaluating 'zipAttrsWithNames' at /var/lib/gc-of-borg/.nix-test-rs/repo/38dca4e3aa6bca43ea96d2fcc04e8229/builder/rbvermaa-spot/lib/attrsets.nix:332:33, called from /var/lib/gc-of-borg/.nix-test-rs/repo/38dca4e3aa6bca43ea96d2fcc04e8229/builder/rbvermaa-spot/lib/attrsets.nix:347:27:
while evaluating anonymous function at /var/lib/gc-of-borg/.nix-test-rs/repo/38dca4e3aa6bca43ea96d2fcc04e8229/builder/rbvermaa-spot/lib/lists.nix:113:41, called from /var/lib/gc-of-borg/.nix-test-rs/repo/38dca4e3aa6bca43ea96d2fcc04e8229/builder/rbvermaa-spot/lib/attrsets.nix:347:46:
while evaluating the attribute 'systemd' at /var/lib/gc-of-borg/.nix-test-rs/repo/38dca4e3aa6bca43ea96d2fcc04e8229/builder/rbvermaa-spot/nixos/tests/all-tests.nix:198:3:
while evaluating 'handleTest' at /var/lib/gc-of-borg/.nix-test-rs/repo/38dca4e3aa6bca43ea96d2fcc04e8229/builder/rbvermaa-spot/nixos/tests/all-tests.nix:17:22, called from /var/lib/gc-of-borg/.nix-test-rs/repo/38dca4e3aa6bca43ea96d2fcc04e8229/builder/rbvermaa-spot/nixos/tests/all-tests.nix:198:13:
while evaluating 'discoverTests' at /var/lib/gc-of-borg/.nix-test-rs/repo/38dca4e3aa6bca43ea96d2fcc04e8229/builder/rbvermaa-spot/nixos/tests/all-tests.nix:13:19, called from /var/lib/gc-of-borg/.nix-test-rs/repo/38dca4e3aa6bca43ea96d2fcc04e8229/builder/rbvermaa-spot/nixos/tests/all-tests.nix:18:5:
access to path '/nix/store/g6rn7lxamwwl6rwn2xqsnq6gbqrw336c-rbvermaa-spot' is forbidden in restricted mode

@GrahamcOfBorg
Copy link

No attempt on aarch64-linux (full log)

The following builds were skipped because they don't evaluate on aarch64-linux: tests.fcgiwrap, tests.systemd

Partial log (click to expand)

Cannot nix-instantiate `tests.systemd' because:
error: while evaluating 'recursiveUpdate' at /var/lib/gc-of-borg/nix-test-rs-32/repo/38dca4e3aa6bca43ea96d2fcc04e8229/builder/grahamc-aarch64-community-32/lib/attrsets.nix:415:26, called from /var/lib/gc-of-borg/nix-test-rs-32/repo/38dca4e3aa6bca43ea96d2fcc04e8229/builder/grahamc-aarch64-community-32/lib/attrsets.nix:148:28:
while evaluating 'recursiveUpdateUntil' at /var/lib/gc-of-borg/nix-test-rs-32/repo/38dca4e3aa6bca43ea96d2fcc04e8229/builder/grahamc-aarch64-community-32/lib/attrsets.nix:384:37, called from /var/lib/gc-of-borg/nix-test-rs-32/repo/38dca4e3aa6bca43ea96d2fcc04e8229/builder/grahamc-aarch64-community-32/lib/attrsets.nix:416:5:
while evaluating 'zipAttrsWith' at /var/lib/gc-of-borg/nix-test-rs-32/repo/38dca4e3aa6bca43ea96d2fcc04e8229/builder/grahamc-aarch64-community-32/lib/attrsets.nix:347:21, called from /var/lib/gc-of-borg/nix-test-rs-32/repo/38dca4e3aa6bca43ea96d2fcc04e8229/builder/grahamc-aarch64-community-32/lib/attrsets.nix:394:8:
while evaluating 'zipAttrsWithNames' at /var/lib/gc-of-borg/nix-test-rs-32/repo/38dca4e3aa6bca43ea96d2fcc04e8229/builder/grahamc-aarch64-community-32/lib/attrsets.nix:332:33, called from /var/lib/gc-of-borg/nix-test-rs-32/repo/38dca4e3aa6bca43ea96d2fcc04e8229/builder/grahamc-aarch64-community-32/lib/attrsets.nix:347:27:
while evaluating the attribute 'systemd' at /var/lib/gc-of-borg/nix-test-rs-32/repo/38dca4e3aa6bca43ea96d2fcc04e8229/builder/grahamc-aarch64-community-32/nixos/tests/all-tests.nix:198:3:
while evaluating 'handleTest' at /var/lib/gc-of-borg/nix-test-rs-32/repo/38dca4e3aa6bca43ea96d2fcc04e8229/builder/grahamc-aarch64-community-32/nixos/tests/all-tests.nix:17:22, called from /var/lib/gc-of-borg/nix-test-rs-32/repo/38dca4e3aa6bca43ea96d2fcc04e8229/builder/grahamc-aarch64-community-32/nixos/tests/all-tests.nix:198:13:
while evaluating 'discoverTests' at /var/lib/gc-of-borg/nix-test-rs-32/repo/38dca4e3aa6bca43ea96d2fcc04e8229/builder/grahamc-aarch64-community-32/nixos/tests/all-tests.nix:13:19, called from /var/lib/gc-of-borg/nix-test-rs-32/repo/38dca4e3aa6bca43ea96d2fcc04e8229/builder/grahamc-aarch64-community-32/nixos/tests/all-tests.nix:18:5:
access to path '/nix/store/i7qg1qsz4idr6a68pfiz9dk1m34vp31x-grahamc-aarch64-community-32' is forbidden in restricted mode

@fpletz
Copy link
Member Author

fpletz commented Nov 14, 2018

Tests work fine for me. Seems to be an ofborg glitch. cc @grahamc

@GrahamcOfBorg
Copy link

Success on x86_64-linux (full log)

Attempted: fcgiwrap

Partial log (click to expand)

moving /nix/store/vrs3ppxmq302la93xi6w02k1f3ab0x78-fcgiwrap-1.1.0/man to /nix/store/vrs3ppxmq302la93xi6w02k1f3ab0x78-fcgiwrap-1.1.0/share/man
shrinking RPATHs of ELF executables and libraries in /nix/store/vrs3ppxmq302la93xi6w02k1f3ab0x78-fcgiwrap-1.1.0
shrinking /nix/store/vrs3ppxmq302la93xi6w02k1f3ab0x78-fcgiwrap-1.1.0/sbin/fcgiwrap
gzipping man pages under /nix/store/vrs3ppxmq302la93xi6w02k1f3ab0x78-fcgiwrap-1.1.0/share/man/
strip is /nix/store/vcc4svb8gy29g4pam2zja6llkbcwsyiq-binutils-2.30/bin/strip
stripping (with command strip and flags -S) in /nix/store/vrs3ppxmq302la93xi6w02k1f3ab0x78-fcgiwrap-1.1.0/sbin
patching script interpreter paths in /nix/store/vrs3ppxmq302la93xi6w02k1f3ab0x78-fcgiwrap-1.1.0
checking for references to /build in /nix/store/vrs3ppxmq302la93xi6w02k1f3ab0x78-fcgiwrap-1.1.0...
moving /nix/store/vrs3ppxmq302la93xi6w02k1f3ab0x78-fcgiwrap-1.1.0/sbin/* to /nix/store/vrs3ppxmq302la93xi6w02k1f3ab0x78-fcgiwrap-1.1.0/bin
/nix/store/vrs3ppxmq302la93xi6w02k1f3ab0x78-fcgiwrap-1.1.0

@GrahamcOfBorg
Copy link

No attempt on x86_64-darwin (full log)

The following builds were skipped because they don't evaluate on x86_64-darwin: fcgiwrap

Partial log (click to expand)


a) For `nixos-rebuild` you can set
  { nixpkgs.config.allowUnsupportedSystem = true; }
in configuration.nix to override this.

b) For `nix-env`, `nix-build`, `nix-shell` or any other Nix command you can add
  { allowUnsupportedSystem = true; }
to ~/.config/nixpkgs/config.nix.

@GrahamcOfBorg
Copy link

Success on aarch64-linux (full log)

Attempted: fcgiwrap

Partial log (click to expand)

moving /nix/store/la4910f8rrlc304y9qpqizyw9s11s3vn-fcgiwrap-1.1.0/man to /nix/store/la4910f8rrlc304y9qpqizyw9s11s3vn-fcgiwrap-1.1.0/share/man
shrinking RPATHs of ELF executables and libraries in /nix/store/la4910f8rrlc304y9qpqizyw9s11s3vn-fcgiwrap-1.1.0
shrinking /nix/store/la4910f8rrlc304y9qpqizyw9s11s3vn-fcgiwrap-1.1.0/sbin/fcgiwrap
gzipping man pages under /nix/store/la4910f8rrlc304y9qpqizyw9s11s3vn-fcgiwrap-1.1.0/share/man/
strip is /nix/store/p9akxn2sfy4wkhqdqa3li97pc6jaz3r1-binutils-2.30/bin/strip
stripping (with command strip and flags -S) in /nix/store/la4910f8rrlc304y9qpqizyw9s11s3vn-fcgiwrap-1.1.0/sbin
patching script interpreter paths in /nix/store/la4910f8rrlc304y9qpqizyw9s11s3vn-fcgiwrap-1.1.0
checking for references to /build in /nix/store/la4910f8rrlc304y9qpqizyw9s11s3vn-fcgiwrap-1.1.0...
moving /nix/store/la4910f8rrlc304y9qpqizyw9s11s3vn-fcgiwrap-1.1.0/sbin/* to /nix/store/la4910f8rrlc304y9qpqizyw9s11s3vn-fcgiwrap-1.1.0/bin
/nix/store/la4910f8rrlc304y9qpqizyw9s11s3vn-fcgiwrap-1.1.0

@lheckemann
Copy link
Member

lheckemann commented Nov 14, 2018
edited

For the ofborg problem: https://logs.nix.samueldr.com/nixos-borg/2018-11-13#1542105665-1542108034; (caused by #50233)

lheckemann
lheckemann reviewed Nov 15, 2018
View reviewed changes
Copy link
Member

@lheckemann lheckemann left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overall LGTM!

nixos/doc/manual/release-notes/rl-1903.xml
addresses as defined in
<citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
</para>
</listitem>
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should there also be a note about socket restarts in here?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmm, yeah. you're right. Adding socking restart support is kind of a bugfix though. I'll add a paragraph.

nixos/modules/services/web-servers/fcgiwrap.nix Show resolved Hide resolved
nixos/modules/services/web-servers/fcgiwrap.nix
socketMode = mkOption {
type = types.str;
default = "0660";
description = "File mode of the socket if it is defined as a Unix socket.";
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I suggest we don't bikeshed this PR on this discussion, but…

Would it maybe make sense to make a socket type which contains all these options, since it may well be used in multiple places? It doesn't seem that nice to have these settings which are essentially aliases for systemd.sockets.fcgiwrap.socketConfig.*.

@mmahut
Copy link
Member

mmahut commented Aug 13, 2019

Are there any updates on this pull request, please?

@lheckemann lheckemann mentioned this pull request Nov 21, 2019
Merged
3 tasks
@domenkozar
Copy link
Member

Done in #73871, fcgiwrap needs a new PR :)

@domenkozar domenkozar closed this Nov 26, 2019
@fpletz fpletz deleted the fix/socket-change-activation branch December 7, 2019 11:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lheckemann lheckemann lheckemann left review comments

@aneeshusa aneeshusa aneeshusa left review comments

@globin globin globin approved these changes

@infinisil infinisil Awaiting requested review from infinisil

Assignees
No one assigned
Labels
0.kind: enhancement 6.topic: nixos 8.has: changelog 8.has: documentation 8.has: module (update) 10.rebuild-darwin: 0 10.rebuild-linux: 1-10
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
7 participants
@fpletz @GrahamcOfBorg @lheckemann @mmahut @domenkozar @globin @aneeshusa