From 7556130c2f940c8c92ea79af633cb08c82f50cb4 Mon Sep 17 00:00:00 2001 From: Christopher Baines Date: Sun, 28 Feb 2021 21:11:58 +0000 Subject: services: guix-build-coordinator: Rework authentication config. A new authentication approach has been added to the coordinator, so to better represent the options, this commit changes the configuration to accept different records, each for different authentication approaches. * gnu/services/guix.scm (guix-build-coordinator-agent-configuration-uuid, guix-build-coordinator-agent-configuration-password, guix-build-coordinator-agent-configuration-password-file): Removed procedures. (guix-build-coordinator-agent-password-auth, guix-build-coordinator-agent-password-auth?, guix-build-coordinator-agent-password-auth-uuid, guix-build-coordinator-agent-password-auth-password, guix-build-coordinator-agent-password-file-auth, guix-build-coordinator-agent-password-file-auth?, guix-build-coordinator-agent-password-file-auth-uuid, guix-build-coordinator-agent-password-file-auth-password-file): New procedures. (guix-build-coordinator-agent-shepherd-services): Adjust to handle the authentication field and it's possible record values. * doc/guix.texi (Guix Build Coordinator): Update documentation. --- doc/guix.texi | 48 +++++++++++++++++++++++++++++++++------------ gnu/services/guix.scm | 54 ++++++++++++++++++++++++++++++++++++--------------- 2 files changed, 74 insertions(+), 28 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index 27083f1ae6..b75fce4dbc 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -30962,18 +30962,9 @@ The system user to run the service as. @item @code{coordinator} (default: @code{"http://localhost:8745"}) The URI to use when connecting to the coordinator. -@item @code{uuid} -The UUID of the agent. This should be generated by the coordinator -process, stored in the coordinator database, and used by the intended -agent. - -@item @code{password} (default: @code{#f}) -The password to use when connecting to the coordinator. A file to read -the password from can also be specified, and this is more secure. - -@item @code{password-file} (default: @code{#f}) -A file containing the password to use when connecting to the -coordinator. +@item @code{authentication} +Record describing how this agent should authenticate with the +coordinator. Possible record types are described below. @item @code{systems} (default: @code{#f}) The systems for which this agent should fetch builds. The agent process @@ -30993,6 +30984,39 @@ input store items aren't already available. @end table @end deftp +@deftp {Data Type} guix-build-coordinator-agent-password-auth +Data type representing an agent authenticating with a coordinator via a +UUID and password. + +@table @asis +@item @code{uuid} +The UUID of the agent. This should be generated by the coordinator +process, stored in the coordinator database, and used by the intended +agent. + +@item @code{password} +The password to use when connecting to the coordinator. + +@end table +@end deftp + +@deftp {Data Type} guix-build-coordinator-agent-password-file-auth +Data type representing an agent authenticating with a coordinator via a +UUID and password read from a file. + +@table @asis +@item @code{uuid} +The UUID of the agent. This should be generated by the coordinator +process, stored in the coordinator database, and used by the intended +agent. + +@item @code{password-file} +A file containing the password to use when connecting to the +coordinator. + +@end table +@end deftp + The Guix Build Coordinator package contains a script to query an instance of the Guix Data Service for derivations to build, and then submit builds for those derivations to the coordinator. The service diff --git a/gnu/services/guix.scm b/gnu/services/guix.scm index 88d23f746a..b86e20360b 100644 --- a/gnu/services/guix.scm +++ b/gnu/services/guix.scm @@ -55,14 +55,22 @@ guix-build-coordinator-agent-configuration-package guix-build-coordinator-agent-configuration-user guix-build-coordinator-agent-configuration-coordinator - guix-build-coordinator-agent-configuration-uuid - guix-build-coordinator-agent-configuration-password - guix-build-coordinator-agent-configuration-password-file + guix-build-coordinator-agent-configuration-authentication guix-build-coordinator-agent-configuration-systems guix-build-coordinator-agent-configuration-max-parallel-builds guix-build-coordinator-agent-configuration-derivation-substitute-urls guix-build-coordinator-agent-configuration-non-derivation-substitute-urls + guix-build-coordinator-agent-password-auth + guix-build-coordinator-agent-password-auth? + guix-build-coordinator-agent-password-auth-uuid + guix-build-coordinator-agent-password-auth-password + + guix-build-coordinator-agent-password-file-auth + guix-build-coordinator-agent-password-file-auth? + guix-build-coordinator-agent-password-file-auth-uuid + guix-build-coordinator-agent-password-file-auth-password-file + guix-build-coordinator-agent-service-type guix-build-coordinator-queue-builds-configuration @@ -132,11 +140,7 @@ (default "guix-build-coordinator-agent")) (coordinator guix-build-coordinator-agent-configuration-coordinator (default "http://localhost:8745")) - (uuid guix-build-coordinator-agent-configuration-uuid) - (password guix-build-coordinator-agent-configuration-password - (default #f)) - (password-file guix-build-coordinator-agent-configuration-password-file - (default #f)) + (authentication guix-build-coordinator-agent-configuration-authentication) (systems guix-build-coordinator-agent-configuration-systems (default #f)) (max-parallel-builds @@ -149,6 +153,21 @@ guix-build-coordinator-agent-configuration-non-derivation-substitute-urls (default #f))) +(define-record-type* + guix-build-coordinator-agent-password-auth + make-guix-build-coordinator-agent-password-auth + guix-build-coordinator-agent-password-auth? + (uuid guix-build-coordinator-agent-password-auth-uuid) + (password guix-build-coordinator-agent-password-auth-password)) + +(define-record-type* + guix-build-coordinator-agent-password-file-auth + make-guix-build-coordinator-agent-password-file-auth + guix-build-coordinator-agent-password-file-auth? + (uuid guix-build-coordinator-agent-password-file-auth-uuid) + (password-file + guix-build-coordinator-agent-password-file-auth-password-file)) + (define-record-type* guix-build-coordinator-queue-builds-configuration make-guix-build-coordinator-queue-builds-configuration @@ -326,7 +345,7 @@ (define (guix-build-coordinator-agent-shepherd-services config) (match-record config - (package user coordinator uuid password password-file max-parallel-builds + (package user coordinator authentication max-parallel-builds derivation-substitute-urls non-derivation-substitute-urls systems) (list @@ -337,13 +356,16 @@ (start #~(make-forkexec-constructor (list #$(file-append package "/bin/guix-build-coordinator-agent") #$(string-append "--coordinator=" coordinator) - #$(string-append "--uuid=" uuid) - #$@(if password - #~(#$(string-append "--password=" password)) - #~()) - #$@(if password-file - #~(#$(string-append "--password-file=" password-file)) - #~()) + #$@(match authentication + (($ + uuid password) + #~(#$(string-append "--uuid=" uuid) + #$(string-append "--password=" password))) + (($ + uuid password-file) + #~(#$(string-append "--uuid=" uuid) + #$(string-append "--password-file=" + password-file)))) #$(simple-format #f "--max-parallel-builds=~A" max-parallel-builds) #$@(if derivation-substitute-urls -- cgit v1.2.3