Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Design and enable creation of remote gc roots #11812

Open
layus opened this issue Nov 5, 2024 · 4 comments
Open

Design and enable creation of remote gc roots #11812

layus opened this issue Nov 5, 2024 · 4 comments
Labels
feature Feature request or proposal gc Store garbage collection and deletion store Issues and pull requests concerning the Nix store

Comments

@layus
Copy link
Member

layus commented Nov 5, 2024

Is your feature request related to a problem? Please describe.

It is impossible to get an atomic gc root on remote store paths.
The creation of gc roots is explicitly disabled in nix build if we do not have a LocalFSStore:

nix/src/nix/build.cc

Lines 141 to 143 in 26c3fc1

if (outLink != "")
if (auto store2 = store.dynamic_pointer_cast<LocalFSStore>())
createOutLinks(outLink, buildables, *store2);

Describe the solution you'd like

Ideally, there should be a way to create remote gc roots for paths that are build remotely using --store ssh-ng:... and other remote stores and operations. Otherwise there is no way to enforce atomicity.

The biggest challenge is to create roots that are owned by the right user, and pick a place to put them.

I suggest we might discover the user from the ssh connection, and put the indirect root in a well-known location in side it's home. I need to check if there is an obvious place to do that. If there is a user process on the remote machine that proxies the requests to the local nix daemon (so the remote nix daemon from the point of view of the user) then it is the right place to do it.
If connection are forwarded to the remote nix daemon directly, it may become tricky.

As for the location, I assume .local/nix/gcroots would be good enough. .cache is probably not good.

And for the name, it is really tricky. I do not think we should trust the name provided on the command line, as there is a high potential for conflicts and race conditions. Using the nix store path name itself might work. Alternatively, trusting the name passed by the user provides lots of flexibility. They can decide on their own how to organize their remote roots.

As a note, I think these roots should be updated on each access, so as to allow a basic LRU gc to happen if needed.

Describe alternatives you've considered

  • Direct gc roots are not good, as they are owned by root. The user who created them cannot remove them.
  • If we had /nix/var/nix/gcroots/per-user/ around we could craft something with it, but it has been recently removed.

Additional context

Related issues:

#4002
#11505 (comment)
#11506
#7138 (comment)

Some hints in the code:

* @todo actually this is not so good because stores are *views*.
* Some views have only a no-op temp roots even though others to the
* same store allow triggering GC. For instance one can't add a root
* over ssh, but that doesn't prevent someone from gc-ing that store
* accesed via SSH locally).

* | | `addPermRoot()` | `addIndirectRoot()` |
* |-------------------|-----------------|---------------------|
* | `LocalStore` | local | local |
* | `UDSRemoteStore` | local | remote |
* | `SSHStore` | doesn't have | doesn't have |
* | `MountedSSHStore` | remote | doesn't have |

/cc @kjeremy @kevincox for you have showed interest in this topic before.

Priorities

Add 👍 to issues you find important.

@layus layus added the feature Feature request or proposal label Nov 5, 2024
@roberth roberth added store Issues and pull requests concerning the Nix store gc Store garbage collection and deletion labels Nov 6, 2024
@roberth roberth added this to Nix team Nov 6, 2024
@github-project-automation github-project-automation bot moved this to To triage in Nix team Nov 6, 2024
@Ericson2314
Copy link
Member

Ericson2314 commented Nov 13, 2024

I think you want the mounted-ssh-ng://?

The main reason it is experimental is that it should be a configure flag on ssh-ng:// instead. #11139 helps with that.

@edolstra
Copy link
Member

As for the location, I assume .local/nix/gcroots would be good enough. .cache is probably not good.

An issue with this is how/when those GC roots get cleaned up. We don't want roots to accumulate forever without an obvious way to get rid of them.

As a note, I think these roots should be updated on each access, so as to allow a basic LRU gc to happen if needed.

What is meant with updating a root? And what counts as an access?

I think you want the mounted-ssh-ng://?

Probably we want SSHStore to create GC roots via SSH's sftp protocol. That way, whether it's permitted is a configuration policy of the SSH server.

@edolstra edolstra removed this from Nix team Nov 13, 2024
@layus
Copy link
Member Author

layus commented Nov 13, 2024 via email

@nixos-discourse
Copy link

This issue has been mentioned on NixOS Discourse. There might be relevant details there:

https://discourse.nixos.org/t/2024-11-13-nix-team-meeting-minutes-194/56211/1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
feature Feature request or proposal gc Store garbage collection and deletion store Issues and pull requests concerning the Nix store
Projects
None yet
Development

No branches or pull requests

5 participants