From unknown Mon Jun 23 23:51:31 2025 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 From: bug#20381 <20381@debbugs.gnu.org> To: bug#20381 <20381@debbugs.gnu.org> Subject: Status: Document how to interact with a remote daemon Reply-To: bug#20381 <20381@debbugs.gnu.org> Date: Tue, 24 Jun 2025 06:51:31 +0000 retitle 20381 Document how to interact with a remote daemon reassign 20381 guix submitter 20381 ludo@gnu.org (Ludovic Court=C3=A8s) severity 20381 wishlist thanks From debbugs-submit-bounces@debbugs.gnu.org Mon Apr 20 08:47:41 2015 Received: (at submit) by debbugs.gnu.org; 20 Apr 2015 12:47:41 +0000 Received: from localhost ([127.0.0.1]:33120 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1YkB6y-0000lJ-Nm for submit@debbugs.gnu.org; Mon, 20 Apr 2015 08:47:41 -0400 Received: from eggs.gnu.org ([208.118.235.92]:44958) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1YkB6w-0000l6-Is for submit@debbugs.gnu.org; Mon, 20 Apr 2015 08:47:38 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1YkB6q-0001J8-9m for submit@debbugs.gnu.org; Mon, 20 Apr 2015 08:47:33 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,T_RP_MATCHES_RCVD autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:47510) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YkB6q-0001J3-6U for submit@debbugs.gnu.org; Mon, 20 Apr 2015 08:47:32 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:58446) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YkB6p-0007Bj-3p for bug-guix@gnu.org; Mon, 20 Apr 2015 08:47:32 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1YkB6l-0001HA-0Q for bug-guix@gnu.org; Mon, 20 Apr 2015 08:47:31 -0400 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:37075) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YkB6k-0001H6-TM for bug-guix@gnu.org; Mon, 20 Apr 2015 08:47:26 -0400 Received: from pluto.bordeaux.inria.fr ([193.50.110.57]:47601 helo=pluto) by fencepost.gnu.org with esmtpsa (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1YkB6j-0007l9-LY; Mon, 20 Apr 2015 08:47:25 -0400 From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) To: bug-guix@gnu.org Subject: Interacting with a remote daemon X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 1 =?utf-8?Q?Flor=C3=A9al?= an 223 de la =?utf-8?Q?R?= =?utf-8?Q?=C3=A9volution?= X-PGP-Key-ID: 0x3D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-unknown-linux-gnu Date: Mon, 20 Apr 2015 14:47:23 +0200 Message-ID: <87a8y3q84k.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -5.0 (-----) X-Debbugs-Envelope-To: submit Cc: Ricardo Wurmus X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) In , Ricardo notes: At some point I think it would make sense to enhance Guix such that RPCs can be made over SSH, so that explicit logging on to a management machine is no longer necessary. We should see exactly how much support is needed. Is =E2=80=98socat=E2=80=99 enough, as suggested in ? That means there would be no authentication, but maybe that=E2=80=99s accep= table in a cluster that is isolated on its own LAN anyway. Option #2 would be to augment (guix store) and guix-daemon so that there is built-in support for TCP sockets, which would be slightly more convenient. Option #3 would be to make (guix store) SSH-capable, with Guile-SSH. But it sounds like SSH would incur relatively high latency when connecting to the daemon. There remains the problem that /var/guix/profiles/per-user/$USER would have to be writable to this to be useful. Thoughts? Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Mon Apr 20 09:19:49 2015 Received: (at control) by debbugs.gnu.org; 20 Apr 2015 13:19:49 +0000 Received: from localhost ([127.0.0.1]:33139 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1YkBc5-0001UV-Cx for submit@debbugs.gnu.org; Mon, 20 Apr 2015 09:19:49 -0400 Received: from fencepost.gnu.org ([208.118.235.10]:41711 ident=Debian-exim) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1YkBc3-0001UN-9m for control@debbugs.gnu.org; Mon, 20 Apr 2015 09:19:47 -0400 Received: from pluto.bordeaux.inria.fr ([193.50.110.57]:48126 helo=pluto) by fencepost.gnu.org with esmtpsa (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1YkBc2-0001x8-DE for control@debbugs.gnu.org; Mon, 20 Apr 2015 09:19:46 -0400 Date: Mon, 20 Apr 2015 15:19:44 +0200 Message-Id: <878udnq6mn.fsf@gnu.org> To: control@debbugs.gnu.org From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) Subject: control message for bug #20381 MIME-version: 1.0 Content-type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Spam-Score: -5.0 (-----) X-Debbugs-Envelope-To: control X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) severity 20381 wishlist From debbugs-submit-bounces@debbugs.gnu.org Fri Jul 10 06:43:08 2015 Received: (at 20381) by debbugs.gnu.org; 10 Jul 2015 10:43:08 +0000 Received: from localhost ([127.0.0.1]:45931 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1ZDVls-0008Pf-0y for submit@debbugs.gnu.org; Fri, 10 Jul 2015 06:43:08 -0400 Received: from venus.bbbm.mdc-berlin.de ([141.80.25.30]:33614) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1ZDVlp-0008PV-IY for 20381@debbugs.gnu.org; Fri, 10 Jul 2015 06:43:06 -0400 Received: from localhost (localhost [127.0.0.1]) by venus.bbbm.mdc-berlin.de (Postfix) with ESMTP id 71DFB380856 for <20381@debbugs.gnu.org>; Fri, 10 Jul 2015 12:43:04 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=mdc-berlin.de; h= content-transfer-encoding:content-type:content-type:mime-version :message-id:date:date:subject:subject:from:from:received :received:received; s=mdc; t=1436524979; x=1438339380; bh=n3ijjb nbLA0av3T2Sr6Gm288dXMYRNmvFufPa5tbfQQ=; b=ENSupnmWkC/hx//yQb5HYo oxSDeL9GEKLULYK6WLggQKk0DqVKfZ+3ik1TdqGFA6fODf95vh9rEwSJuKmuvBRp X7DI5fhMZDNUG3HfhMAwMec/fTQBtDdvfEGIzwfJuD0QtNLhitn9jhChh/QepYqq bfAXwtG6eShcbZuu327jI= X-Virus-Scanned: amavisd-new at mdc-berlin.de Received: from venus.bbbm.mdc-berlin.de ([127.0.0.1]) by localhost (venus.bbbm.mdc-berlin.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EjfxpKVuaRi7 for <20381@debbugs.gnu.org>; Fri, 10 Jul 2015 12:42:59 +0200 (CEST) Received: from HTCAONE.mdc-berlin.net (mab.citx.mdc-berlin.de [141.80.36.102]) by venus.bbbm.mdc-berlin.de (Postfix) with ESMTP for <20381@debbugs.gnu.org>; Fri, 10 Jul 2015 12:42:59 +0200 (CEST) Received: from localhost (141.80.180.135) by HTCAONE.mdc-berlin.net (141.80.180.125) with Microsoft SMTP Server (TLS) id 14.3.235.1; Fri, 10 Jul 2015 12:42:57 +0200 From: Ricardo Wurmus To: <20381@debbugs.gnu.org> Subject: Interacting with a remote daemon Date: Fri, 10 Jul 2015 12:42:57 +0200 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit X-Originating-IP: [141.80.180.135] X-TM-AS-Product-Ver: SMEX-10.0.0.4211-7.500.1018-21668.006 X-TM-AS-Result: No--13.537200-0.000000-31 X-TM-AS-User-Approved-Sender: Yes X-TM-AS-User-Blocked-Sender: No X-Spam-Score: -5.3 (-----) X-Debbugs-Envelope-To: 20381 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.3 (-----) I just tried the socat idea[1] with some success. On the guix-builder host where guix-daemon is running and the NFS share holding ‘/gnu’ (with $localstatedir set to ‘/gnu/var’) is mounted as read-write I executed this: /root/.guix-profile/bin/socat TCP4-LISTEN:9999 UNIX:/gnu/var/guix/daemon-socket/socket On a cluster node where /gnu is mounted read-only I ran this: socat UNIX-LISTEN:/home/rwurmus/foo TCP4:guix-builder:9999 & export GUIX_DAEMON_SOCKET=$HOME/foo At this point I could use guix build hello guix environment hello which is really great! To make the “guix” command available on cluster nodes I just installed it into my default user profile as ‘~/.guix-profile/bin/guix’. The problem with this is that profile commands don’t work as the regular “guix” package as installed with $localstatedir set to ‘/var’. This can be fixed, of course, (e.g. by creating a slightly different “guix” package with the appropriate configure flags set) but it’s still a minor annoyance. It would be great if $localstatedir could be overridden at runtime or if it could default to whatever the daemon uses. This would probably work fine if I limited the socket forwarding to just the cluster nodes, because only there user ids are guaranteed to be correct (not on workstations). On workstations that are not centrally managed this will not work, as the user ids could be arbitrary and it would thus allow anyone to change anyone else’s profile by creating a local account with the appropriate uid. I prefer the socat approach over just running “guix” remotely through an SSH connection, because with socat the “guix” command can actually be used to spawn a new local shell with “guix environment”, which is very useful. I don’t think this would work if “guix” were just run remotely. (Please correct me if I’m wrong about this.) ~~ Ricardo From debbugs-submit-bounces@debbugs.gnu.org Fri Jul 10 13:49:02 2015 Received: (at 20381) by debbugs.gnu.org; 10 Jul 2015 17:49:02 +0000 Received: from localhost ([127.0.0.1]:46395 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1ZDcQ1-0000UE-Iy for submit@debbugs.gnu.org; Fri, 10 Jul 2015 13:49:02 -0400 Received: from eggs.gnu.org ([208.118.235.92]:35888) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1ZDcPz-0000Tf-JO for 20381@debbugs.gnu.org; Fri, 10 Jul 2015 13:49:00 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ZDcPs-0002MG-Vx for 20381@debbugs.gnu.org; Fri, 10 Jul 2015 13:48:54 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=5.0 tests=ALL_TRUSTED,BAYES_50, RP_MATCHES_RCVD autolearn=disabled version=3.3.2 Received: from fencepost.gnu.org ([208.118.235.10]:60494) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZDcPs-0002MA-T4; Fri, 10 Jul 2015 13:48:52 -0400 Received: from reverse-83.fdn.fr ([80.67.176.83]:44420 helo=pluto) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.82) (envelope-from ) id 1ZDcPs-000733-57; Fri, 10 Jul 2015 13:48:52 -0400 From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) To: Ricardo Wurmus Subject: Re: bug#20381: Interacting with a remote daemon References: <87a8y3q84k.fsf@gnu.org> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 22 Messidor an 223 de la =?utf-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x3D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-unknown-linux-gnu Date: Fri, 10 Jul 2015 19:48:50 +0200 In-Reply-To: (Ricardo Wurmus's message of "Fri, 10 Jul 2015 12:42:57 +0200") Message-ID: <87h9pbaoot.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 208.118.235.10 X-Spam-Score: -5.6 (-----) X-Debbugs-Envelope-To: 20381 Cc: 20381@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.6 (-----) Ricardo Wurmus skribis: > I just tried the socat idea[1] with some success. > > On the guix-builder host where guix-daemon is running and the NFS share > holding =E2=80=98/gnu=E2=80=99 (with $localstatedir set to =E2=80=98/gnu/= var=E2=80=99) is mounted as > read-write I executed this: > > /root/.guix-profile/bin/socat TCP4-LISTEN:9999 UNIX:/gnu/var/guix/dae= mon-socket/socket > > On a cluster node where /gnu is mounted read-only I ran this: > > socat UNIX-LISTEN:/home/rwurmus/foo TCP4:guix-builder:9999 & > export GUIX_DAEMON_SOCKET=3D$HOME/foo > > At this point I could use > > guix build hello > guix environment hello > > which is really great! Excellent, thanks for testing! > To make the =E2=80=9Cguix=E2=80=9D command available on cluster nodes I j= ust installed > it into my default user profile as =E2=80=98~/.guix-profile/bin/guix=E2= =80=99. The > problem with this is that profile commands don=E2=80=99t work as the regu= lar > =E2=80=9Cguix=E2=80=9D package as installed with $localstatedir set to = =E2=80=98/var=E2=80=99. This can > be fixed, of course, (e.g. by creating a slightly different =E2=80=9Cguix= =E2=80=9D > package with the appropriate configure flags set) but it=E2=80=99s still = a minor > annoyance. What about installing Guix in /gnu/bin (say) and sharing it over NFS? I would avoid installing Guix in a profile, because if things go wrong, you may find yourself unable to do anything. In practice, you can always roll-back by hand (it=E2=80=99s simply a matter of switching the profiles/per-user/$USER symlink), but still. > It would be great if $localstatedir could be overridden at runtime or > if it could default to whatever the daemon uses. Actually it can be overridden via the intentionally-undocumented NIX_STATE_DIR environment variable (see (guix config).) > This would probably work fine if I limited the socket forwarding to just > the cluster nodes, because only there user ids are guaranteed to be > correct (not on workstations). On workstations that are not centrally > managed this will not work, as the user ids could be arbitrary and it > would thus allow anyone to change anyone else=E2=80=99s profile by creati= ng a > local account with the appropriate uid. The only problem would be with =E2=80=98guix package=E2=80=99, which you ha= ven=E2=80=99t mentioned yet. :-) For =E2=80=98guix package=E2=80=99 to work, /gnu/var/guix/profiles/per-user must be shared read-write (over NFS) with correct UID mapping. > I prefer the socat approach over just running =E2=80=9Cguix=E2=80=9D remo= tely through an > SSH connection, because with socat the =E2=80=9Cguix=E2=80=9D command can= actually be > used to spawn a new local shell with =E2=80=9Cguix environment=E2=80=9D, = which is very > useful. I don=E2=80=99t think this would work if =E2=80=9Cguix=E2=80=9D = were just run > remotely. (Please correct me if I=E2=80=99m wrong about this.) Indeed, that would only allow you to spawn a shell on the machine where the =E2=80=98guix=E2=80=99 command is executed (which, in your case, is not= a compute node AIUI.) I think we should have a =E2=80=9CCluster Setup=E2=80=9D section in the man= ual to explain all this. Would you like to give it a try? Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Fri Jul 10 16:24:13 2015 Received: (at 20381) by debbugs.gnu.org; 10 Jul 2015 20:24:13 +0000 Received: from localhost ([127.0.0.1]:46464 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1ZDeqC-0006ST-NQ for submit@debbugs.gnu.org; Fri, 10 Jul 2015 16:24:13 -0400 Received: from venus.bbbm.mdc-berlin.de ([141.80.25.30]:37398) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1ZDeqA-0006SH-9E for 20381@debbugs.gnu.org; Fri, 10 Jul 2015 16:24:11 -0400 Received: from localhost (localhost [127.0.0.1]) by venus.bbbm.mdc-berlin.de (Postfix) with ESMTP id 3AB04380442; Fri, 10 Jul 2015 22:24:09 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=mdc-berlin.de; h= content-transfer-encoding:content-type:content-type:mime-version :message-id:date:date:in-reply-to:subject:subject:from:from :references:received:received:received; s=mdc; t=1436559843; x= 1438374244; bh=UzS14FZosfXt5U3M2hE5U7sWSq4EJkH8LBFMJwSDlrw=; b=D /Yvxu2ncaw3GqF1LYIoIfFOV/482DD/GMHifxhzPNjzN34Olffs86VhwQpIQHCWE bGF4suuegyatSNRUHgjpO0+/uCH8o4efRnaQM2pWfPM/HFRynyfHEY9QRzb12asX mBHVxvdWOPfWwHQpqPQ+o6Io9BGrifNoNyQBtC6JP4= X-Virus-Scanned: amavisd-new at mdc-berlin.de Received: from venus.bbbm.mdc-berlin.de ([127.0.0.1]) by localhost (venus.bbbm.mdc-berlin.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NYuP3RAUuLgt; Fri, 10 Jul 2015 22:24:03 +0200 (CEST) Received: from HTCAONE.mdc-berlin.net (mab.citx.mdc-berlin.de [141.80.36.102]) by venus.bbbm.mdc-berlin.de (Postfix) with ESMTP; Fri, 10 Jul 2015 22:24:03 +0200 (CEST) Received: from localhost (141.80.180.135) by HTCAONE.mdc-berlin.net (141.80.180.125) with Microsoft SMTP Server (TLS) id 14.3.235.1; Fri, 10 Jul 2015 22:24:02 +0200 References: <87a8y3q84k.fsf@gnu.org> <87h9pbaoot.fsf@gnu.org> From: Ricardo Wurmus To: Ludovic =?utf-8?Q?Court=C3=A8s?= Subject: Re: bug#20381: Interacting with a remote daemon In-Reply-To: <87h9pbaoot.fsf@gnu.org> Date: Fri, 10 Jul 2015 22:24:02 +0200 Message-ID: <87k2u7iwwt.fsf@mdc-berlin.de> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit X-Originating-IP: [141.80.180.135] X-TM-AS-Product-Ver: SMEX-10.0.0.4211-7.500.1018-21670.002 X-TM-AS-Result: No--12.205300-0.000000-31 X-TM-AS-User-Approved-Sender: Yes X-TM-AS-User-Blocked-Sender: No X-Spam-Score: -5.6 (-----) X-Debbugs-Envelope-To: 20381 Cc: 20381@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.6 (-----) Ludovic Courtès writes: > What about installing Guix in /gnu/bin (say) and sharing it over NFS? > > I would avoid installing Guix in a profile, because if things go wrong, > you may find yourself unable to do anything. In practice, you can > always roll-back by hand (it’s simply a matter of switching the > profiles/per-user/$USER symlink), but still. > >> It would be great if $localstatedir could be overridden at runtime or >> if it could default to whatever the daemon uses. > > Actually it can be overridden via the intentionally-undocumented > NIX_STATE_DIR environment variable (see (guix config).) Oh, nice. Installing Guix somewhere into /gnu is actually a pretty good idea. I’ll try that and play with NIX_STATE_DIR as well. >> This would probably work fine if I limited the socket forwarding to just >> the cluster nodes, because only there user ids are guaranteed to be >> correct (not on workstations). On workstations that are not centrally >> managed this will not work, as the user ids could be arbitrary and it >> would thus allow anyone to change anyone else’s profile by creating a >> local account with the appropriate uid. > > The only problem would be with ‘guix package’, which you haven’t > mentioned yet. :-) For ‘guix package’ to work, > /gnu/var/guix/profiles/per-user must be shared read-write (over NFS) > with correct UID mapping. Correct. I haven’t tried ‘guix package’ at all because I just assumed it would work. > I think we should have a “Cluster Setup” section in the manual to > explain all this. Would you like to give it a try? Sounds like a good idea. I can give it a try but I’ll be on vacation for a while and can only get around to writing in a couple of weeks. But I think I’m a good candidate for drafting this section, given that I’ve got a cluster to play with :) Thanks for your helpful recommendations! ~~ Ricardo From debbugs-submit-bounces@debbugs.gnu.org Thu Mar 24 11:24:08 2016 Received: (at control) by debbugs.gnu.org; 24 Mar 2016 15:24:08 +0000 Received: from localhost ([127.0.0.1]:36284 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1aj77I-0005m0-LC for submit@debbugs.gnu.org; Thu, 24 Mar 2016 11:24:08 -0400 Received: from venus.bbbm.mdc-berlin.de ([141.80.25.30]:58114) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1aj77H-0005lp-2i for control@debbugs.gnu.org; Thu, 24 Mar 2016 11:24:07 -0400 Received: from localhost (localhost [127.0.0.1]) by venus.bbbm.mdc-berlin.de (Postfix) with ESMTP id F1A1A380956 for ; Thu, 24 Mar 2016 16:24:05 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=mdc-berlin.de; h= content-type:content-type:mime-version:message-id:date:date :subject:subject:from:from:received:received:received; s=mdc; t= 1458833040; x=1460647441; bh=12vQQhOSUblmUYhGd7NP/9miULZ85gazrJR Slk3bch4=; b=Mw9MOuDXoi1rkvJD1XkNiSnAENT840i69pMCmnC8wx1r6MqrZK2 GOs6bSPJuBdtnm3KkFhoURU05Lo0bY6xhmbK5qyc3irpzP4Pad8knqo2v9n0qL8F NAsx1WhgjE+ZWs4GEs1A8dOWs3z8dJikotGttcj2FKQWhLwtJeYpAgVY= X-Virus-Scanned: amavisd-new at mdc-berlin.de Received: from venus.bbbm.mdc-berlin.de ([127.0.0.1]) by localhost (venus.bbbm.mdc-berlin.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id q2qtlfE5igSA for ; Thu, 24 Mar 2016 16:24:00 +0100 (CET) Received: from HTCATWO.mdc-berlin.net (puck.citx.mdc-berlin.de [141.80.36.101]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by venus.bbbm.mdc-berlin.de (Postfix) with ESMTPS for ; Thu, 24 Mar 2016 16:24:00 +0100 (CET) Received: from localhost (141.80.180.135) by HTCATWO.mdc-berlin.net (141.80.180.125) with Microsoft SMTP Server (TLS) id 14.3.266.1; Thu, 24 Mar 2016 16:23:59 +0100 From: Ricardo Wurmus To: Subject: Interacting with a remote daemon Date: Thu, 24 Mar 2016 16:23:59 +0100 Message-ID: MIME-Version: 1.0 Content-Type: text/plain X-Originating-IP: [141.80.180.135] X-TM-AS-Product-Ver: SMEX-11.0.0.4255-8.000.1202-22216.000 X-TM-AS-Result: No--0.134000-0.000000-31 X-TM-AS-User-Approved-Sender: Yes X-TM-AS-User-Blocked-Sender: No X-Spam-Score: -5.0 (-----) X-Debbugs-Envelope-To: control X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) retitle 20381 Document how to interact with a remote daemon owner ! From debbugs-submit-bounces@debbugs.gnu.org Tue Apr 25 06:25:28 2017 Received: (at 20381-done) by debbugs.gnu.org; 25 Apr 2017 10:25:28 +0000 Received: from localhost ([127.0.0.1]:38856 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1d2xey-0001aF-2Y for submit@debbugs.gnu.org; Tue, 25 Apr 2017 06:25:28 -0400 Received: from eggs.gnu.org ([208.118.235.92]:56924) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1d2xev-0001a3-LZ for 20381-done@debbugs.gnu.org; Tue, 25 Apr 2017 06:25:25 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1d2xen-0003He-6v for 20381-done@debbugs.gnu.org; Tue, 25 Apr 2017 06:25:20 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,RP_MATCHES_RCVD autolearn=disabled version=3.3.2 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:34257) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1d2xeV-000353-ET; Tue, 25 Apr 2017 06:24:59 -0400 Received: from [89.131.103.136] (port=49258 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1d2xeU-0006hd-MC; Tue, 25 Apr 2017 06:24:59 -0400 From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) To: 20381-done@debbugs.gnu.org Subject: Re: bug#20381: Interacting with a remote daemon References: <87a8y3q84k.fsf@gnu.org> Date: Tue, 25 Apr 2017 12:24:54 +0200 In-Reply-To: <87a8y3q84k.fsf@gnu.org> ("Ludovic \=\?utf-8\?Q\?Court\=C3\=A8s\=22'\?\= \=\?utf-8\?Q\?s\?\= message of "Mon, 20 Apr 2015 14:47:23 +0200") Message-ID: <8737cwdbt5.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-Spam-Score: -5.0 (-----) X-Debbugs-Envelope-To: 20381-done Cc: Ricardo Wurmus X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) Hello! ludo@gnu.org (Ludovic Court=C3=A8s) skribis: > In , Ricardo notes: > > At some point I think it would make sense to enhance Guix such that > RPCs can be made over SSH, so that explicit logging on to a management > machine is no longer necessary. > > We should see exactly how much support is needed. > > Is =E2=80=98socat=E2=80=99 enough, as suggested in > ? > That means there would be no authentication, but maybe that=E2=80=99s acc= eptable > in a cluster that is isolated on its own LAN anyway. > > Option #2 would be to augment (guix store) and guix-daemon so that there > is built-in support for TCP sockets, which would be slightly more > convenient. > > Option #3 would be to make (guix store) SSH-capable, with Guile-SSH. > But it sounds like SSH would incur relatively high latency when > connecting to the daemon. I think this is fixed by this series of commits: 285f63e80 * store: Support 'ssh://' URIs in 'GUIX_DAEMON_SOCKET'. e53783372 * ssh: Decompose 'connect-to-remote-daemon'. 615c5298f * ssh: Move 'open-ssh-session' to (guix ssh). ba97e454b * offload: Avoid using '_' as a 'match' pattern. 3dff90ce3 * store: Add support for remote connections via 'guix://' URIs. 3b5cd17a9 * store: Add 'system-error-to-connection-error' macro. 1397b422e * store: 'GUIX_DAEMON_SOCKET' can now be a URI. with the caveats given here: https://lists.gnu.org/archive/html/guix-devel/2017-04/msg00487.html Closing! Ludo=E2=80=99. From unknown Mon Jun 23 23:51:31 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Tue, 23 May 2017 11:24:05 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator