aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristopher Baines <mail@cbaines.net>2021-02-28 21:11:58 +0000
committerChristopher Baines <mail@cbaines.net>2021-02-28 21:56:33 +0000
commit7556130c2f940c8c92ea79af633cb08c82f50cb4 (patch)
tree0bd013a043179f0fc511e6c9a38d2926075cc1bf
parent39efda1e1e3fad351f6d6ee43be9942882f932f0 (diff)
downloadguix-7556130c2f940c8c92ea79af633cb08c82f50cb4.tar
guix-7556130c2f940c8c92ea79af633cb08c82f50cb4.tar.gz
services: guix-build-coordinator: Rework authentication config.
A new authentication approach has been added to the coordinator, so to better represent the options, this commit changes the configuration to accept different records, each for different authentication approaches. * gnu/services/guix.scm (guix-build-coordinator-agent-configuration-uuid, guix-build-coordinator-agent-configuration-password, guix-build-coordinator-agent-configuration-password-file): Removed procedures. (guix-build-coordinator-agent-password-auth, guix-build-coordinator-agent-password-auth?, guix-build-coordinator-agent-password-auth-uuid, guix-build-coordinator-agent-password-auth-password, guix-build-coordinator-agent-password-file-auth, guix-build-coordinator-agent-password-file-auth?, guix-build-coordinator-agent-password-file-auth-uuid, guix-build-coordinator-agent-password-file-auth-password-file): New procedures. (guix-build-coordinator-agent-shepherd-services): Adjust to handle the authentication field and it's possible record values. * doc/guix.texi (Guix Build Coordinator): Update documentation.
-rw-r--r--doc/guix.texi48
-rw-r--r--gnu/services/guix.scm54
2 files changed, 74 insertions, 28 deletions
diff --git a/doc/guix.texi b/doc/guix.texi
index 27083f1ae6..b75fce4dbc 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -30962,18 +30962,9 @@ The system user to run the service as.
@item @code{coordinator} (default: @code{"http://localhost:8745"})
The URI to use when connecting to the coordinator.
-@item @code{uuid}
-The UUID of the agent. This should be generated by the coordinator
-process, stored in the coordinator database, and used by the intended
-agent.
-
-@item @code{password} (default: @code{#f})
-The password to use when connecting to the coordinator. A file to read
-the password from can also be specified, and this is more secure.
-
-@item @code{password-file} (default: @code{#f})
-A file containing the password to use when connecting to the
-coordinator.
+@item @code{authentication}
+Record describing how this agent should authenticate with the
+coordinator. Possible record types are described below.
@item @code{systems} (default: @code{#f})
The systems for which this agent should fetch builds. The agent process
@@ -30993,6 +30984,39 @@ input store items aren't already available.
@end table
@end deftp
+@deftp {Data Type} guix-build-coordinator-agent-password-auth
+Data type representing an agent authenticating with a coordinator via a
+UUID and password.
+
+@table @asis
+@item @code{uuid}
+The UUID of the agent. This should be generated by the coordinator
+process, stored in the coordinator database, and used by the intended
+agent.
+
+@item @code{password}
+The password to use when connecting to the coordinator.
+
+@end table
+@end deftp
+
+@deftp {Data Type} guix-build-coordinator-agent-password-file-auth
+Data type representing an agent authenticating with a coordinator via a
+UUID and password read from a file.
+
+@table @asis
+@item @code{uuid}
+The UUID of the agent. This should be generated by the coordinator
+process, stored in the coordinator database, and used by the intended
+agent.
+
+@item @code{password-file}
+A file containing the password to use when connecting to the
+coordinator.
+
+@end table
+@end deftp
+
The Guix Build Coordinator package contains a script to query an
instance of the Guix Data Service for derivations to build, and then
submit builds for those derivations to the coordinator. The service
diff --git a/gnu/services/guix.scm b/gnu/services/guix.scm
index 88d23f746a..b86e20360b 100644
--- a/gnu/services/guix.scm
+++ b/gnu/services/guix.scm
@@ -55,14 +55,22 @@
guix-build-coordinator-agent-configuration-package
guix-build-coordinator-agent-configuration-user
guix-build-coordinator-agent-configuration-coordinator
- guix-build-coordinator-agent-configuration-uuid
- guix-build-coordinator-agent-configuration-password
- guix-build-coordinator-agent-configuration-password-file
+ guix-build-coordinator-agent-configuration-authentication
guix-build-coordinator-agent-configuration-systems
guix-build-coordinator-agent-configuration-max-parallel-builds
guix-build-coordinator-agent-configuration-derivation-substitute-urls
guix-build-coordinator-agent-configuration-non-derivation-substitute-urls
+ guix-build-coordinator-agent-password-auth
+ guix-build-coordinator-agent-password-auth?
+ guix-build-coordinator-agent-password-auth-uuid
+ guix-build-coordinator-agent-password-auth-password
+
+ guix-build-coordinator-agent-password-file-auth
+ guix-build-coordinator-agent-password-file-auth?
+ guix-build-coordinator-agent-password-file-auth-uuid
+ guix-build-coordinator-agent-password-file-auth-password-file
+
guix-build-coordinator-agent-service-type
guix-build-coordinator-queue-builds-configuration
@@ -132,11 +140,7 @@
(default "guix-build-coordinator-agent"))
(coordinator guix-build-coordinator-agent-configuration-coordinator
(default "http://localhost:8745"))
- (uuid guix-build-coordinator-agent-configuration-uuid)
- (password guix-build-coordinator-agent-configuration-password
- (default #f))
- (password-file guix-build-coordinator-agent-configuration-password-file
- (default #f))
+ (authentication guix-build-coordinator-agent-configuration-authentication)
(systems guix-build-coordinator-agent-configuration-systems
(default #f))
(max-parallel-builds
@@ -149,6 +153,21 @@
guix-build-coordinator-agent-configuration-non-derivation-substitute-urls
(default #f)))
+(define-record-type* <guix-build-coordinator-agent-password-auth>
+ guix-build-coordinator-agent-password-auth
+ make-guix-build-coordinator-agent-password-auth
+ guix-build-coordinator-agent-password-auth?
+ (uuid guix-build-coordinator-agent-password-auth-uuid)
+ (password guix-build-coordinator-agent-password-auth-password))
+
+(define-record-type* <guix-build-coordinator-agent-password-file-auth>
+ guix-build-coordinator-agent-password-file-auth
+ make-guix-build-coordinator-agent-password-file-auth
+ guix-build-coordinator-agent-password-file-auth?
+ (uuid guix-build-coordinator-agent-password-file-auth-uuid)
+ (password-file
+ guix-build-coordinator-agent-password-file-auth-password-file))
+
(define-record-type* <guix-build-coordinator-queue-builds-configuration>
guix-build-coordinator-queue-builds-configuration
make-guix-build-coordinator-queue-builds-configuration
@@ -326,7 +345,7 @@
(define (guix-build-coordinator-agent-shepherd-services config)
(match-record config <guix-build-coordinator-agent-configuration>
- (package user coordinator uuid password password-file max-parallel-builds
+ (package user coordinator authentication max-parallel-builds
derivation-substitute-urls non-derivation-substitute-urls
systems)
(list
@@ -337,13 +356,16 @@
(start #~(make-forkexec-constructor
(list #$(file-append package "/bin/guix-build-coordinator-agent")
#$(string-append "--coordinator=" coordinator)
- #$(string-append "--uuid=" uuid)
- #$@(if password
- #~(#$(string-append "--password=" password))
- #~())
- #$@(if password-file
- #~(#$(string-append "--password-file=" password-file))
- #~())
+ #$@(match authentication
+ (($ <guix-build-coordinator-agent-password-auth>
+ uuid password)
+ #~(#$(string-append "--uuid=" uuid)
+ #$(string-append "--password=" password)))
+ (($ <guix-build-coordinator-agent-password-file-auth>
+ uuid password-file)
+ #~(#$(string-append "--uuid=" uuid)
+ #$(string-append "--password-file="
+ password-file))))
#$(simple-format #f "--max-parallel-builds=~A"
max-parallel-builds)
#$@(if derivation-substitute-urls