nixos/netbird: fix port conflict on metrics endpoint #357105
Conversation
github-actions
bot
added
6.topic: nixos
TheRealGramdalf
force-pushed
the
netbird-metrics-fix
branch
3 times, most recently
from
af24957 to
4345388
Compare
|
I based this on the netbird 0.32.0 release before realizing that PR was merged to master after the branch off - it would be helpful to know from @Saturn745 or @vrifox whether I should rebase this PR against the 0.31.1 release currently in the branch off (which still has the issues fixed) or if the 0.32.0 release PR should be backported as well. |
| @@ -36,6 +36,8 @@ | |||
| - `authelia` has been upgraded to version 4.38. This version brings several features and improvements which are detailed in the [release blog post](https://www.authelia.com/blog/4.38-release-notes/). | |||
| This release also deprecates some configuration keys which are likely to be removed in version 5.0.0. | |||
|
|
|||
| - `netbird` has been updated to 0.32.0. This adds a built-in relay server which is not yet supported by the NixOS module, as well as a metrics endpoint for both the management and signal services. The default metrics port for the `signal` service has been changed from `9090` to `9091` to prevent a port conflict with the management server. This can be changed by overriding their respective `extraOptions` as needed. Refer to the [release notes](https://github.com/netbirdio/netbird/releases/tag/v0.32.0) and [this pull request](https://github.com/NixOS/nixpkgs/pull/354032#issuecomment-2480925927) for more information. | |||
There was a problem hiding this comment.
24.11 has alredy been branched off so if you want to add a release note it should be 25.05. But since its an anti breaking change I wouldn't say a release note is necessary.
There was a problem hiding this comment.
Not sure how backporting affects release notes, but I would presume that keeping the notes will require a manual backport
There was a problem hiding this comment.
I asked on the matrix channel and they said this should definitely be backported, so I'm guessing the release note should stay for 24.11
There was a problem hiding this comment.
Not sure how backporting affects release notes, but I would presume that keeping the notes will require a manual backport
I believe a manual backport would be necessary regardless, unless one of the package maintainers were to initiate it once this gets merged
There was a problem hiding this comment.
I based this on the netbird 0.32.0 release before realizing that PR was merged to master after the branch off - it would be helpful to know from @Saturn745 or @vrifox whether I should rebase this PR against the 0.31.1 release currently in the branch off (which still has the issues fixed) or if the 0.32.0 release PR should be backported as well.
No need, backporting will only consider changes in this PR so it doesn't matter what you base this against
which still has the issues fixed
What do you mean? Assuming you mean the issue is not present in 0.31.1 then I guess we won't have to backport at all
|
I think if we're backporting this we should do it right and add a dedicated |
ofborg
bot
added
10.rebuild-darwin: 0
Both 0.31.1 and 0.32.0 are affected by the port clash. I realized after I created the PR that the 0.32.0 update PR didn't make it into the branch off. |
Will do. I'll still add the |
I'll just go ahead and change this to 0.31.1. If #356512 gets backported before this is merged I can switch it back, but for now I'll assume the version of netbird in the 24.11 release is going to be 0.31.1. |
TheRealGramdalf
force-pushed
the
netbird-metrics-fix
branch
from
4345388 to
d499b19
Compare
|
Ready for merge. If I need to create another PR manually for the backport just let me know. |
|
Just FYI: In case this will not be merged today you'll probably have to change the release notes to 25.05 after branch-off |
|
Yeah, I'll wait until it's clear it won't be getting in, no need for extra ofborg evals. I was hoping to get it in for 24.11 not only for the port fix, but to make people aware of the additional ports in case of other conflicts/if updates to firewall rules are required. Ideally I'd have a note specifically mentioning that (upstream communication isn't the greatest; it looks like they test almost exclusively in docker where clashing ports aren't an issue), but this'll have to do for now. |
There was a problem hiding this comment.
Add an assert here, which assumes port != metricsPort
There was a problem hiding this comment.
So would this work?
assertions = [
{
assertion = cfg.port != cfg.metricsPort;
message = "The primary listen port cannot be the same as the listen port for the metrics endpoint";
}
];I verified that it does syntactically (i.e. it correctly identifies and throws an error when I set them to the same value), I'm just not sure if you meant to use assertions or assert.
There was a problem hiding this comment.
Yes, just like this
nixpkgs/nixos/modules/services/scheduling/scx.nix
Lines 101 to 106 in 69fd9db
I take it you have tested this with your configuration
There was a problem hiding this comment.
Yes, I tested both the normal situation (two different ports) and triggering the assertion (metricsPort is the same as port). It behaved as one would expect in both cases.
TheRealGramdalf
force-pushed
the
netbird-metrics-fix
branch
from
d499b19 to
bfc160a
Compare
|
Once again ready for merge. I did some manual checks and everything functions fine, not sure if we should wait for ofborg or just send it due to the branch window - I'm relatively new to PRs so I'm not too sure if it's required or just recommended. |
|
Well we mainly wait for Ofborg so it detects any underlying issue during eval. But considering how slower and costlier it has become, there have been calls to replace it with GitHub actions, which should be faster. New eval workflow PR has been merged yesterday, and it looks like the checks passed. Let's still wait for Ofborg to check other things, I am happy to merge it after that. |
|
Allright, sounds good! I'm mainly just trying to get it in before the 24.11 release so the change is in the release notes. I've been advised over on matrix that this should ideally get backported, but again I'm new to PRs and I'm not entirely sure what the process is like - there were mentions of changes to the release notes requiring a manual backport, but again I'm new to that specific area. |
|
Checks complete, ready for merge - let me know if there's anything to do for the backport PR. @PatrickDaG one thing to note for your PR - |
|
Successfully created backport PR for |
Added changes discussed in #354032 (comment) to fix a port clash between the netbird management and signal services, as well as an
extraOptionto facilitate ad-hoc changes in the future should more breaking changes be released by upstream.Things done
nix.conf? (See Nix manual)sandbox = relaxedsandbox = truenix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage./result/bin/)Add a 👍 reaction to pull requests you find important.