summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--doc/guix.texi646
-rw-r--r--gnu/local.mk2
-rw-r--r--gnu/services/ganeti.scm1109
-rw-r--r--gnu/tests/ganeti.scm265
4 files changed, 2022 insertions, 0 deletions
diff --git a/doc/guix.texi b/doc/guix.texi
index 17338ed764..a6ee679b11 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -24975,6 +24975,652 @@ the @code{--snapshot} flag using something along these lines:
(options '("--hda"))))
@end lisp
+@subsubheading Ganeti
+
+@cindex ganeti
+
+@quotation Note
+This service is considered experimental. Configuration options may be changed
+in a backwards-incompatible manner, and not all features have been thorougly
+tested. Users of this service are encouraged to share their experience at
+@email{guix-devel@@gnu.org}.
+@end quotation
+
+Ganeti is a virtual machine management system. It is designed to keep virtual
+machines running on a cluster of servers even in the event of hardware failures,
+and to make maintenance and recovery tasks easy. It consists of multiple
+services which are described later in this section. In addition to the Ganeti
+service, you will need the OpenSSH service (@pxref{Networking Services,
+@code{openssh-service-type}}), and update the @file{/etc/hosts} file
+(@pxref{operating-system Reference, @code{hosts-file}}) with the cluster name
+and address (or use a DNS server).
+
+All nodes participating in a Ganeti cluster should have the same Ganeti and
+@file{/etc/hosts} configuration. Here is an example configuration for a Ganeti
+cluster node that supports multiple storage backends, and installs the
+@code{debootstrap} and @code{guix} @dfn{OS providers}:
+
+@lisp
+(use-package-modules virtualization)
+(use-service-modules base ganeti networking ssh)
+(operating-system
+ ;; @dots{}
+ (host-name "node1")
+ (hosts-file (plain-file "hosts" (format #f "
+127.0.0.1 localhost
+::1 localhost
+
+192.168.1.200 ganeti.example.com
+192.168.1.201 node1.example.com node1
+192.168.1.202 node2.example.com node2
+")))
+
+ ;; Install QEMU so we can use KVM-based instances, and LVM, DRBD and Ceph
+ ;; in order to use the "plain", "drbd" and "rbd" storage backends.
+ (packages (append (map specification->package
+ '("qemu" "lvm2" "drbd-utils" "ceph"
+ ;; Add the debootstrap and guix OS providers.
+ "ganeti-instance-guix" "ganeti-instance-debootstrap"))
+ %base-packages))
+ (services
+ (append (list (static-networking-service "eth0" "192.168.1.201"
+ #:netmask "255.255.255.0"
+ #:gateway "192.168.1.254"
+ #:name-servers '("192.168.1.252"
+ "192.168.1.253"))
+
+ ;; Ganeti uses SSH to communicate between nodes.
+ (service openssh-service-type
+ (openssh-configuration
+ (permit-root-login 'without-password)))
+
+ (service ganeti-service-type
+ (ganeti-configuration
+ ;; This list specifies allowed file system paths
+ ;; for storing virtual machine images.
+ (file-storage-paths '("/srv/ganeti/file-storage"))
+ ;; This variable configures a single "variant" for
+ ;; both Debootstrap and Guix that works with KVM.
+ (os %default-ganeti-os))))
+ %base-services)))
+@end lisp
+
+Users are advised to read the
+@url{http://docs.ganeti.org/ganeti/master/html/admin.html,Ganeti
+administrators guide} to learn about the various cluster options and
+day-to-day operations. There is also a
+@url{https://guix.gnu.org/blog/2020/ganeti-on-guix/,blog post}
+describing how to configure a small cluster.
+
+@defvr {Scheme Variable} ganeti-service-type
+This is a service type that includes all the various services that Ganeti
+nodes should run.
+
+Its value is a @code{ganeti-configuration} object that defines the package
+to use for CLI operations, as well as configuration for the various daemons.
+@end defvr
+
+@deftp {Data Type} ganeti-configuration
+The @code{ganeti} service takes the following configuration options:
+
+@table @asis
+@item @code{ganeti} (default: @code{ganeti})
+The @code{ganeti} package to use. It will be installed to the system profile
+and make @command{gnt-cluster}, @command{gnt-instance}, etc available. Note
+that the value specified here does not affect the other services as each refer
+to a specific @code{ganeti} package (see below).
+
+@item @code{noded-configuration} (default: @code{(ganeti-noded-configuration)})
+@itemx @code{confd-configuration} (default: @code{(ganeti-confd-configuration)})
+@itemx @code{wconfd-configuration} (default: @code{(ganeti-wconfd-configuration)})
+@itemx @code{luxid-configuration} (default: @code{(ganeti-luxid-configuration)})
+@itemx @code{rapi-configuration} (default: @code{(ganeti-rapi-configuration)})
+@itemx @code{kvmd-configuration} (default: @code{(ganeti-kvmd-configuration)})
+@itemx @code{mond-configuration} (default: @code{(ganeti-mond-configuration)})
+@itemx @code{metad-configuration} (default: @code{(ganeti-metad-configuration)})
+@itemx @code{watcher-configuration} (default: @code{(ganeti-watcher-configuration)})
+@itemx @code{cleaner-configuration} (default: @code{(ganeti-cleaner-configuration)})
+
+These options control the various daemons and cron jobs that are distributed
+with Ganeti. The possible values for these are described in detail below.
+To override a setting, you must use the configuration type for that service:
+
+@lisp
+(service ganeti-service-type
+ (ganeti-configuration
+ (rapi-configuration
+ (ganeti-rapi-configuration
+ (interface "eth1"))))
+ (watcher-configuration
+ (ganeti-watcher-configuration
+ (rapi-ip "10.0.0.1"))))
+@end lisp
+
+@item @code{file-storage-paths} (default: @code{'()})
+List of allowed directories for file storage backend.
+
+@item @code{os} (default: @code{%default-ganeti-os})
+List of @code{<ganeti-os>} records.
+@end table
+
+In essence @code{ganeti-service-type} is shorthand for declaring each service
+individually:
+
+@lisp
+(service ganeti-noded-service-type)
+(service ganeti-confd-service-type)
+(service ganeti-wconfd-service-type)
+(service ganeti-luxid-service-type)
+(service ganeti-kvmd-service-type)
+(service ganeti-mond-service-type)
+(service ganeti-metad-service-type)
+(service ganeti-watcher-service-type)
+(service ganeti-cleaner-service-type)
+@end lisp
+
+Plus a service extension for @code{etc-service-type} that configures the file
+storage backend and OS variants.
+
+@end deftp
+
+@deftp {Data Type} ganeti-os
+This data type is suitable for passing to the @code{os} configuration of
+Ganeti. It takes the following parameters:
+
+@table @asis
+@item @code{name}
+The name for this OS provider. It is only used to specify where the
+configuration ends up. Setting it to ``debootstrap'' will create
+@file{/etc/ganeti/instance-debootstrap}.
+
+@item @code{extension}
+The file extension for variants of this OS type. For example
+@file{.conf} or @file{.scm}.
+
+@item @code{variants} (default: @code{'()})
+List of @code{ganeti-os-variant} objects for this OS.
+
+@end table
+@end deftp
+
+@deftp {Data Type} ganeti-os-variant
+This is the data type for a Ganeti OS variant. It takes the following
+parameters:
+
+@table @asis
+@item @code{name}
+The name of this variant.
+
+@item @code{configuration}
+A configuration file for this variant.
+@end table
+@end deftp
+
+@defvr {Scheme Variable} %default-debootstrap-hooks
+This variable contains hooks to configure networking and the GRUB bootloader.
+@end defvr
+
+@defvr {Scheme Variable} %default-debootstrap-extra-pkgs
+This variable contains a list of packages suitable for a fully-virtualized guest.
+@end defvr
+
+@deftp {Data Type} debootstrap-configuration
+
+This data type creates configuration files suitable for the debootstrap OS provider.
+
+@table @asis
+@item @code{hooks} (default: @code{%default-debootstrap-hooks})
+When not @code{#f}, this must be a G-expression that specifies a directory with
+scripts that will run when the OS is installed. It can also be a list of
+@code{(name . file-like)} pairs. For example:
+
+@lisp
+
+`((99-hello-world . ,(plain-file "#!/bin/sh\necho Hello, World")))
+
+@end lisp
+
+That will create a directory with one executable named @code{99-hello-world}
+and run it every time this variant is installed. If set to @code{#f}, hooks
+in @file{/etc/ganeti/instance-debootstrap/hooks} will be used, if any.
+@item @code{proxy} (default: @code{#f})
+HTTP proxy to use, if any.
+@item @code{mirror} (default: @code{#f})
+The Debian mirror. Typically something like @code{http://ftp.no.debian.org/debian}.
+The default varies depending on the distribution.
+@item @code{arch} (default: @code{#f})
+The dpkg architecture. Set to @code{armhf} to debootstrap an ARMv7 instance
+on an AArch64 host. Default is to use the current system architecture.
+@item @code{suite} (default: @code{"stable"})
+When set, this must be a Debian distribution ``suite'' such as @code{buster}
+or @code{focal}. If set to @code{#f}, the default for the OS provider is used.
+@item @code{extra-pkgs} (default: @code{%default-debootstrap-extra-pkgs})
+List of extra packages that will get installed by dpkg in addition
+to the minimal system.
+@item @code{components} (default: @code{#f})
+When set, must be a list of Debian repository ``components''. For example
+@code{'("main" "contrib")}.
+@item @code{generate-cache?} (default: @code{#t})
+Whether to automatically cache the generated debootstrap archive.
+@item @code{clean-cache} (default: @code{14})
+Discard the cache after this amount of days. Use @code{#f} to never
+clear the cache.
+@item @code{partition-style} (default: @code{'msdos})
+The type of partition to create. When set, it must be one of
+@code{'msdos}, @code{'none} or a string.
+@item @code{partition-alignment} (default: @code{2048})
+Alignment of the partition in sectors.
+@end table
+@end deftp
+
+@deffn {Scheme Procedure} debootstrap-variant
+This is a helper procedure that creates a @code{ganeti-os-variant} record. It
+takes two parameters: a name and a @code{debootstrap-configuration} object.
+@end deffn
+
+@deffn {Scheme Procedure} debootstrap-os
+This is a helper procedure that creates a @code{ganeti-os} record. It takes
+a list of variants created with @code{debootstrap-variant}.
+@end deffn
+
+@deffn {Scheme Procedure} guix-variant
+This is a helper procedure that creates a @code{ganeti-os-variant} record for
+use with the Guix OS provider. It takes a name and a G-expression that returns
+a ``file-like'' (@pxref{G-Expressions, file-like objects}) object containing a
+Guix System configuration.
+@end deffn
+
+@deffn {Scheme Procedure} guix-os
+This is a helper procedure that creates a @code{ganeti-os} record. It
+takes a list of variants produced by @code{guix-variant}.
+@end deffn
+
+@defvr {Scheme Variable} %default-debootstrap-variants
+This is a convenience variable to make the debootstrap provider work
+``out of the box'' without users having to declare variants manually. It
+contains a single debootstrap variant with the default configuration:
+
+@lisp
+(list (debootstrap-variant
+ "default"
+ (debootstrap-configuration))))
+@end lisp
+@end defvr
+
+@defvr {Scheme Variable} %default-guix-variants
+This is a convenience variable to make the Guix OS provider work without
+additional configuration. It creates a virtual machine that has an SSH
+server, a serial console, and authorizes the Ganeti hosts SSH keys.
+
+@lisp
+(list (guix-variant
+ "default"
+ (file-append ganeti-instance-guix
+ "/share/doc/ganeti-instance-guix/examples/dynamic.scm"))))
+@end lisp
+@end defvr
+
+Users can implement support for OS providers unbeknownst to Guix by extending
+the @code{ganeti-os} and @code{ganeti-os-variant} records appropriately.
+For example:
+
+@lisp
+(ganeti-os
+ (name "custom")
+ (extension ".conf")
+ (variants
+ (list (ganeti-os-variant
+ (name "foo")
+ (configuration (plain-file "bar" "this is fine"))))))
+@end lisp
+
+That creates @file{/etc/ganeti/instance-custom/variants/foo.conf} which points
+to a file in the store with contents @code{this is fine}. It also creates
+@file{/etc/ganeti/instance-custom/variants/variants.list} with contents @code{foo}.
+
+Obviously this may not work for all OS providers out there. If you find the
+interface limiting, please reach out to @email{guix-devel@@gnu.org}.
+
+The rest of this section documents the various services that are included by
+@code{ganeti-service-type}.
+
+@defvr {Scheme Variable} ganeti-noded-service-type
+@command{ganeti-noded} is the daemon responsible for node-specific functions
+within the Ganeti system. The value of this service must be a
+@code{ganeti-noded-configuration} object.
+@end defvr
+
+@deftp {Data Type} ganeti-noded-configuration
+This is the configuration for the @code{ganeti-noded} service.
+
+@table @asis
+@item @code{ganeti} (default: @code{ganeti})
+The @code{ganeti} package to use for this service.
+
+@item @code{port} (default: @code{1811})
+The TCP port on which the node daemon listens for network requests.
+
+@item @code{address} (default: @code{"0.0.0.0"})
+The network address that the daemon will bind to. The default address means
+bind to all available addresses.
+
+@item @code{interface} (default: @code{#f})
+When this is set, it must be a specific network interface (e.g.@: @code{eth0})
+that the daemon will bind to.
+
+@item @code{max-clients} (default: @code{20})
+This sets a limit on the maximum number of simultaneous client connections
+that the daemon will handle. Connections above this count are accepted, but
+no responses will be sent until enough connections have closed.
+
+@item @code{ssl?} (default: @code{#t})
+Whether to use SSL/TLS to encrypt network communications. The certificate
+is automatically provisioned by the cluster and can be rotated with
+@command{gnt-cluster renew-crypto}.
+
+@item @code{ssl-key} (default: @file{"/var/lib/ganeti/server.pem"})
+This can be used to provide a specific encryption key for TLS communications.
+
+@item @code{ssl-cert} (default: @file{"/var/lib/ganeti/server.pem"})
+This can be used to provide a specific certificate for TLS communications.
+
+@item @code{debug?} (default: @code{#f})
+When true, the daemon performs additional logging for debugging purposes.
+Note that this will leak encryption details to the log files, use with caution.
+
+@end table
+@end deftp
+
+@defvr {Scheme Variable} ganeti-confd-service-type
+@command{ganeti-confd} answers queries related to the configuration of a
+Ganeti cluster. The purpose of this daemon is to have a highly available
+and fast way to query cluster configuration values. It is automatically
+active on all @dfn{master candidates}. The value of this service must be a
+@code{ganeti-confd-configuration} object.
+
+@end defvr
+
+@deftp {Data Type} ganeti-confd-configuration
+This is the configuration for the @code{ganeti-confd} service.
+
+@table @asis
+@item @code{ganeti} (default: @code{ganeti})
+The @code{ganeti} package to use for this service.
+
+@item @code{port} (default: @code{1814})
+The UDP port on which to listen for network requests.
+
+@item @code{address} (default: @code{"0.0.0.0"})
+Network address that the daemon will bind to.
+
+@item @code{debug?} (default: @code{#f})
+When true, the daemon performs additional logging for debugging purposes.
+
+@end table
+@end deftp
+
+@defvr {Scheme Variable} ganeti-wconfd-service-type
+@command{ganeti-wconfd} is the daemon that has authoritative knowledge
+about the cluster configuration and is the only entity that can accept
+changes to it. All jobs that need to modify the configuration will do so
+by sending appropriate requests to this daemon. It only runs on the
+@dfn{master node} and will automatically disable itself on other nodes.
+
+The value of this service must be a
+@code{ganeti-wconfd-configuration} object.
+@end defvr
+
+@deftp {Data Type} ganeti-wconfd-configuration
+This is the configuration for the @code{ganeti-wconfd} service.
+
+@table @asis
+@item @code{ganeti} (default: @code{ganeti})
+The @code{ganeti} package to use for this service.
+
+@item @code{no-voting?} (default: @code{#f})
+The daemon will refuse to start if the majority of cluster nodes does not
+agree that it is running on the master node. Set to @code{#t} to start
+even if a quorum can not be reached (dangerous, use with caution).
+
+@item @code{debug?} (default: @code{#f})
+When true, the daemon performs additional logging for debugging purposes.
+
+@end table
+@end deftp
+
+@defvr {Scheme Variable} ganeti-luxid-service-type
+@command{ganeti-luxid} is a daemon used to answer queries related to the
+configuration and the current live state of a Ganeti cluster. Additionally,
+it is the authorative daemon for the Ganeti job queue. Jobs can be
+submitted via this daemon and it schedules and starts them.
+
+It takes a @code{ganeti-luxid-configuration} object.
+@end defvr
+
+@deftp {Data Type} ganeti-luxid-configuration
+This is the configuration for the @code{ganeti-wconfd} service.
+
+@table @asis
+@item @code{ganeti} (default: @code{ganeti})
+The @code{ganeti} package to use for this service.
+
+@item @code{no-voting?} (default: @code{#f})
+The daemon will refuse to start if it cannot verify that the majority of
+cluster nodes believes that it is running on the master node. Set to
+@code{#t} to ignore such checks and start anyway (this can be dangerous).
+
+@item @code{debug?} (default: @code{#f})
+When true, the daemon performs additional logging for debugging purposes.
+
+@end table
+@end deftp
+
+@defvr {Scheme Variable} ganeti-rapi-service-type
+@command{ganeti-rapi} provides a remote API for Ganeti clusters. It runs on
+the master node and can be used to perform cluster actions programmatically
+via a JSON-based RPC protocol.
+
+Most query operations are allowed without authentication (unless
+@var{require-authentication?} is set), whereas write operations require
+explicit authorization via the @file{/var/lib/ganeti/rapi/users} file. See
+the @url{http://docs.ganeti.org/ganeti/master/html/rapi.html, Ganeti Remote
+API documentation} for more information.
+
+The value of this service must be a @code{ganeti-rapi-configuration} object.
+@end defvr
+
+@deftp {Data Type} ganeti-rapi-configuration
+This is the configuration for the @code{ganeti-rapi} service.
+
+@table @asis
+@item @code{ganeti} (default: @code{ganeti})
+The @code{ganeti} package to use for this service.
+
+@item @code{require-authentication?} (default: @code{#f})
+Whether to require authentication even for read-only operations.
+
+@item @code{port} (default: @code{5080})
+The TCP port on which to listen to API requests.
+
+@item @code{address} (default: @code{"0.0.0.0"})
+The network address that the service will bind to. By default it listens
+on all configured addresses.
+
+@item @code{interface} (default: @code{#f})
+When set, it must specify a specific network interface such as @code{eth0}
+that the daemon will bind to.
+
+@item @code{max-clients} (default: @code{20})
+The maximum number of simultaneous client requests to handle. Further
+connections are allowed, but no responses are sent until enough connections
+have closed.
+
+@item @code{ssl?} (default: @code{#f})
+Whether to use SSL/TLS encryption on the RAPI port.
+
+@item @code{ssl-key} (default: @file{"/var/lib/ganeti/server.pem"})
+This can be used to provide a specific encryption key for TLS communications.
+
+@item @code{ssl-cert} (default: @file{"/var/lib/ganeti/server.pem"})
+This can be used to provide a specific certificate for TLS communications.
+
+@item @code{debug?} (default: @code{#f})
+When true, the daemon performs additional logging for debugging purposes.
+Note that this will leak encryption details to the log files, use with caution.
+
+@end table
+@end deftp
+
+@defvr {Scheme Variable} ganeti-kvmd-service-type
+@command{ganeti-kvmd} is responsible for determining whether a given KVM
+instance was shut down by an administrator or a user. Normally Ganeti will
+restart an instance that was not stopped through Ganeti itself. If the
+cluster option @code{user_shutdown} is true, this daemon monitors the
+@code{QMP} socket provided by QEMU and listens for shutdown events, and
+marks the instance as @dfn{USER_down} instead of @dfn{ERROR_down} when
+it shuts down gracefully by itself.
+
+It takes a @code{ganeti-kvmd-configuration} object.
+@end defvr
+
+@deftp {Data Type} ganeti-kvmd-configuration
+
+@table @asis
+@item @code{ganeti} (default: @code{ganeti})
+The @code{ganeti} package to use for this service.
+
+@item @code{debug?} (default: @code{#f})
+When true, the daemon performs additional logging for debugging purposes.
+
+@end table
+@end deftp
+
+@defvr {Scheme Variable} ganeti-mond-service-type
+@command{ganeti-mond} is an optional daemon that provides Ganeti monitoring
+functionality. It is responsible for running data collectors and publish the
+collected information through a HTTP interface.
+
+It takes a @code{ganeti-mond-configuration} object.
+@end defvr
+
+@deftp {Data Type} ganeti-mond-configuration
+
+@table @asis
+@item @code{ganeti} (default: @code{ganeti})
+The @code{ganeti} package to use for this service.
+
+@item @code{port} (default: @code{1815})
+The port on which the daemon will listen.
+
+@item @code{address} (default: @code{"0.0.0.0"})
+The network address that the daemon will bind to. By default it binds to all
+available interfaces.
+
+@item @code{debug?} (default: @code{#f})
+When true, the daemon performs additional logging for debugging purposes.
+
+@end table
+@end deftp
+
+@defvr {Scheme Variable} ganeti-metad-service-type
+@command{ganeti-metad} is an optional daemon that can be used to provide
+information about the cluster to instances or OS install scripts. It is
+not included in @code{ganeti-service-type} because using it requires
+additional configuration and support in OS providers.
+
+It takes a @code{ganeti-metad-configuration} object.
+@end defvr
+
+@deftp {Data Type} ganeti-metad-configuration
+
+@table @asis
+@item @code{ganeti} (default: @code{ganeti})
+The @code{ganeti} package to use for this service.
+
+@item @code{port} (default: @code{80})
+The port on which the daemon will listen.
+
+@item @code{address} (default: @code{#f})
+If set, the daemon will bind to this address only. If left unset, the behavior
+depends on the cluster configuration.
+
+@item @code{debug?} (default: @code{#f})
+When true, the daemon performs additional logging for debugging purposes.
+
+@end table
+@end deftp
+
+@defvr {Scheme Variable} ganeti-watcher-service-type
+@command{ganeti-watcher} is a script designed to run periodically and ensure
+the health of a cluster. It will automatically restart instances that have
+stopped without Ganetis consent, and repairs DRBD links in case a node has
+rebooted. It also archives old cluster jobs and restarts Ganeti daemons
+that are not running. If the cluster parameter @code{ensure_node_health}
+is set, the watcher will also shutdown instances and DRBD devices if the
+node it is running on is declared offline by known master candidates.
+
+It can be paused on all nodes with @command{gnt-cluster watcher pause}.
+
+The service takes a @code{ganeti-watcher-configuration} object.
+@end defvr
+
+@deftp {Data Type} ganeti-watcher-configuration
+
+@table @asis
+@item @code{ganeti} (default: @code{ganeti})
+The @code{ganeti} package to use for this service.
+
+@item @code{schedule} (default: @code{'(next-second-from (next-minute (range 0 60 5)))})
+How often to run the script. The default is every five minutes.
+
+@item @code{rapi-ip} (default: @code{#f})
+This option needs to be specified only if the RAPI daemon is configured to use
+a particular interface or address. By default the cluster address is used.
+
+@item @code{job-age} (default: @code{(* 6 3600)})
+Archive cluster jobs older than this age, specified in seconds. The default
+is 6 hours. This keeps @command{gnt-job list} manageable.
+
+@item @code{verify-disks?} (default: @code{#t})
+If this is @code{#f}, the watcher will not try to repair broken DRBD links
+automatically. Administrators will need to use @command{gnt-cluster verify-disks}
+manually instead.
+
+@item @code{debug?} (default: @code{#f})
+When @code{#t}, the script performs additional logging for debugging purposes.
+
+@end table
+@end deftp
+
+@defvr {Scheme Variable} ganeti-cleaner-service-type
+@command{ganeti-cleaner} is a script designed to run periodically and remove
+old files from the cluster. This service type controls two @dfn{cron jobs}:
+one intended for the master node that permanently purges old cluster jobs,
+and one intended for every node that removes expired X509 certificates, keys,
+and outdated @command{ganeti-watcher} information. Like all Ganeti services,
+it is safe to include even on non-master nodes as it will disable itself as
+necessary.
+
+It takes a @code{ganeti-cleaner-configuration} object.
+@end defvr
+
+@deftp {Data Type} ganeti-cleaner-configuration
+
+@table @asis
+@item @code{ganeti} (default: @code{ganeti})
+The @code{ganeti} package to use for the @command{gnt-cleaner} command.
+
+@item @code{master-schedule} (default: @code{"45 1 * * *"})
+How often to run the master cleaning job. The default is once per day, at
+01:45:00.
+
+@item @code{node-schedule} (default: @code{"45 2 * * *"})
+How often to run the node cleaning job. The default is once per day, at
+02:45:00.
+
+@end table
+@end deftp
+
@node Version Control Services
@subsection Version Control Services
diff --git a/gnu/local.mk b/gnu/local.mk
index c36fa1ea5e..7f4ff1f695 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -586,6 +586,7 @@ GNU_SYSTEM_MODULES = \
%D%/services/docker.scm \
%D%/services/authentication.scm \
%D%/services/games.scm \
+ %D%/services/ganeti.scm \
%D%/services/getmail.scm \
%D%/services/guix.scm \
%D%/services/hurd.scm \
@@ -662,6 +663,7 @@ GNU_SYSTEM_MODULES = \
%D%/tests/desktop.scm \
%D%/tests/dict.scm \
%D%/tests/docker.scm \
+ %D%/tests/ganeti.scm \
%D%/tests/guix.scm \
%D%/tests/monitoring.scm \
%D%/tests/nfs.scm \
diff --git a/gnu/services/ganeti.scm b/gnu/services/ganeti.scm
new file mode 100644
index 0000000000..80a61818f7
--- /dev/null
+++ b/gnu/services/ganeti.scm
@@ -0,0 +1,1109 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2020 Marius Bakke <marius@gnu.org>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu services ganeti)
+ #:use-module (gnu packages virtualization)
+ #:use-module (gnu services)
+ #:use-module (gnu services mcron)
+ #:use-module (gnu services shepherd)
+ #:use-module (guix gexp)
+ #:use-module (guix records)
+
+ #:use-module (srfi srfi-1)
+ #:use-module (ice-9 match)
+
+ #:export (ganeti-noded-configuration
+ ganeti-noded-configuration?
+ ganeti-noded-configuration-ganeti
+ ganeti-noded-configuration-port
+ ganeti-noded-configuration-address
+ ganeti-noded-configuration-interface
+ ganeti-noded-configuration-max-clients
+ ganeti-noded-configuration-ssl?
+ ganeti-noded-configuration-ssl-key
+ ganeti-noded-configuration-ssl-cert
+ ganeti-noded-configuration-debug?
+ ganeti-noded-service-type
+
+ ganeti-confd-configuration
+ ganeti-confd-configuration?
+ ganeti-confd-configuration-ganeti
+ ganeti-confd-configuration-port
+ ganeti-confd-configuration-address
+ ganeti-confd-configuration-debug
+ ganeti-confd-service-type
+
+ ganeti-wconfd-configuration
+ ganeti-wconfd-configuration?
+ ganeti-wconfd-configuration-ganeti
+ ganeti-wconfd-configuration-no-voting?
+ ganeti-wconfd-configuration-debug?
+ ganeti-wconfd-service-type
+
+ ganeti-luxid-configuration
+ ganeti-luxid-configuration?
+ ganeti-luxid-configuration-ganeti
+ ganeti-luxid-configuration-no-voting?
+ ganeti-luxid-configuration-debug?
+ ganeti-luxid-service-type
+
+ ganeti-rapi-configuration
+ ganeti-rapi-configuration?
+ ganeti-rapi-configuration-ganeti
+ ganeti-rapi-configuration-require-authentication?
+ ganeti-rapi-configuration-port
+ ganeti-rapi-configuration-address
+ ganeti-rapi-configuration-interface
+ ganeti-rapi-configuration-max-clients
+ ganeti-rapi-configuration-ssl?
+ ganeti-rapi-configuration-ssl-key
+ ganeti-rapi-configuration-ssl-cert
+ ganeti-rapi-configuration-debug?
+ ganeti-rapi-service-type
+
+ ganeti-kvmd-configuration
+ ganeti-kvmd-configuration?
+ ganeti-kvmd-configuration-ganeti
+ ganeti-kvmd-configuration-debug?
+ ganeti-kvmd-service-type
+
+ ganeti-mond-configuration
+ ganeti-mond-configuration?
+ ganeti-mond-configuration-ganeti
+ ganeti-mond-configuration-port
+ ganeti-mond-configuration-address
+ ganeti-mond-configuration-debug?
+ ganeti-mond-service-type
+
+ ganeti-metad-configuration
+ ganeti-metad-configuration?
+ ganeti-metad-configuration-ganeti
+ ganeti-metad-configuration-port
+ ganeti-metad-configuration-address
+ ganeti-metad-configuration-debug?
+ ganeti-metad-service-type
+
+ ganeti-watcher-configuration
+ ganeti-watcher-configuration?
+ ganeti-watcher-configuration-ganeti
+ ganeti-watcher-configuration-schedule
+ ganeti-watcher-configuration-rapi-ip
+ ganeti-watcher-configuration-job-age
+ ganeti-watcher-configuration-verify-disks?
+ ganeti-watcher-configuration-debug?
+ ganeti-watcher-service-type
+
+ ganeti-cleaner-configuration
+ ganeti-cleaner-configuration?
+ ganeti-cleaner-configuration-ganeti
+ ganeti-cleaner-configuration-master-schedule
+ ganeti-cleaner-configuration-node-schedule
+ ganeti-cleaner-service-type
+
+ ganeti-os
+ ganeti-os?
+ ganeti-os-name
+ ganeti-os-extension
+ ganeti-os-variants
+
+ ganeti-os-variant
+ ganeti-os-variant?
+ ganeti-os-variant-name
+ ganeti-os-variant-configuration
+
+ %debootstrap-interfaces-hook
+ %debootstrap-grub-hook
+ %default-debootstrap-hooks
+ %default-debootstrap-extra-pkgs
+ debootstrap-configuration
+ debootstrap-configuration?
+ debootstrap-configuration-hooks
+ debootstrap-configuration-proxy
+ debootstrap-configuration-mirror
+ debootstrap-configuration-arch
+ debootstrap-configuration-suite
+ debootstrap-configuration-extra-pkgs
+ debootstrap-configuration-components
+ debootstrap-configuration-generate-cache?
+ debootstrap-configuration-clean-cache
+ debootstrap-configuration-partition-style
+ debootstrap-configuration-partition-alignment
+
+ debootstrap-variant
+ debootstrap-os
+ %default-debootstrap-variants
+
+ guix-variant
+ guix-os
+ %default-guix-variants
+
+ %default-ganeti-os
+
+ ganeti-configuration
+ ganeti-configuration?
+ ganeti-configuration-noded-configuration
+ ganeti-configuration-confd-configuration
+ ganeti-configuration-wconfd-configuration
+ ganeti-configuration-luxid-configuration
+ ganeti-configuration-rapi-configuration
+ ganeti-configuration-kvmd-configuration
+ ganeti-configuration-mond-configuration
+ ganeti-configuration-metad-configuration
+ ganeti-configuration-watcher-configuration
+ ganeti-configuration-cleaner-configuration
+ ganeti-configuration-file-storage-paths
+ ganeti-configuration-os
+ ganeti-service-type))
+
+;;;
+;;; Service definitions for running a Ganeti cluster.
+;;;
+;;; Planned improvements: run daemons (except ganeti-noded) under unprivileged
+;;; user accounts and/or containers. The account names must match the ones
+;;; given to Ganetis configure script. metad needs "setcap" or root in order
+;;; to bind on port 80.
+
+;; Set PATH so the various daemons are able to find the 'ip' executable, LVM,
+;; Ceph, Gluster, etc, without having to add absolute references to everything.
+(define %default-ganeti-environment-variables
+ (list (string-append "PATH="
+ (string-join '("/run/setuid-programs"
+ "/run/current-system/profile/sbin"
+ "/run/current-system/profile/bin")
+ ":"))))
+
+(define-record-type* <ganeti-noded-configuration>
+ ganeti-noded-configuration make-ganeti-noded-configuration
+ ganeti-noded-configuration?
+ (ganeti ganeti-noded-configuration-ganeti ;<package>
+ (default ganeti))
+ (port ganeti-noded-configuration-port ;integer
+ (default 1811))
+ (address ganeti-noded-configuration-address ;string
+ (default "0.0.0.0"))
+ (interface ganeti-noded-configuration-interface ;string | #f
+ (default #f))
+ (max-clients ganeti-noded-configuration-max-clients ;integer
+ (default 20))
+ (ssl? ganeti-noded-configuration-ssl? ;Boolean
+ (default #t))
+ (ssl-key ganeti-noded-configuration-ssl-key ;string
+ (default "/var/lib/ganeti/server.pem"))
+ (ssl-cert ganeti-noded-configuration-ssl-cert ;string
+ (default "/var/lib/ganeti/server.pem"))
+ (debug? ganeti-noded-configuration-debug? ;Boolean
+ (default #f)))
+
+(define ganeti-noded-service
+ (match-lambda
+ (($ <ganeti-noded-configuration> ganeti port address interface max-clients
+ ssl? ssl-key ssl-cert debug?)
+ (list (shepherd-service
+ (documentation "Run the Ganeti node daemon.")
+ (provision '(ganeti-noded))
+ (requirement '(user-processes networking))
+
+ ;; If the daemon stops, it is probably for a good reason;
+ ;; otherwise ganeti-watcher will restart it for us anyway.
+ (respawn? #f)
+
+ (start #~(make-forkexec-constructor
+ (list #$(file-append ganeti "/sbin/ganeti-noded")
+ #$(string-append "--port=" (number->string port))
+ #$(string-append "--bind=" address)
+ #$@(if interface
+ #~((string-append "--interface=" #$interface))
+ #~())
+ #$(string-append "--max-clients="
+ (number->string max-clients))
+ #$@(if ssl?
+ #~((string-append "--ssl-key=" #$ssl-key)
+ (string-append "--ssl-cert=" #$ssl-cert))
+ #~("--no-ssl"))
+ #$@(if debug?
+ #~("--debug")
+ #~()))
+ #:environment-variables
+ '#$%default-ganeti-environment-variables
+ #:pid-file "/var/run/ganeti/ganeti-noded.pid"))
+ (stop #~(make-kill-destructor)))))))
+
+(define ganeti-noded-service-type
+ (service-type (name 'ganeti-noded)
+ (extensions
+ (list (service-extension shepherd-root-service-type
+ ganeti-noded-service)))
+ (default-value (ganeti-noded-configuration))
+ (description
+ "@command{ganeti-noded} is the daemon which is responsible
+for the node functions in the Ganeti system.")))
+
+(define-record-type* <ganeti-confd-configuration>
+ ganeti-confd-configuration make-ganeti-confd-configuration
+ ganeti-confd-configuration?
+ (ganeti ganeti-confd-configuration-ganeti ;<package>
+ (default ganeti))
+ (port ganeti-confd-configuration-port ;integer
+ (default 1814))
+ (address ganeti-confd-configuration-address ;string
+ (default "0.0.0.0"))
+ (debug? ganeti-confd-configuration-debug? ;Boolean
+ (default #f)))
+
+(define ganeti-confd-service
+ (match-lambda
+ (($ <ganeti-confd-configuration> ganeti port address debug?)
+ (list (shepherd-service
+ (documentation "Run the Ganeti confd daemon.")
+ (provision '(ganeti-confd))
+ (requirement '(user-processes networking))
+ (respawn? #f)
+ (start #~(make-forkexec-constructor
+ (list #$(file-append ganeti "/sbin/ganeti-confd")
+ #$(string-append "--port=" (number->string port))
+ #$(string-append "--bind=" address)
+ #$@(if debug?
+ #~("--debug")
+ #~()))
+ #:environment-variables
+ '#$%default-ganeti-environment-variables
+ #:pid-file "/var/run/ganeti/ganeti-confd.pid"))
+ (stop #~(make-kill-destructor)))))))
+
+(define ganeti-confd-service-type
+ (service-type (name 'ganeti-confd)
+ (extensions
+ (list (service-extension shepherd-root-service-type
+ ganeti-confd-service)))
+ (default-value (ganeti-confd-configuration))
+ (description
+ "@command{ganeti-confd} is a daemon used to answer queries
+related to the configuration of a Ganeti cluster.")))
+
+(define-record-type* <ganeti-wconfd-configuration>
+ ganeti-wconfd-configuration make-ganeti-wconfd-configuration
+ ganeti-wconfd-configuration?
+ (ganeti ganeti-wconfd-configuration-ganeti ;<package>
+ (default ganeti))
+ (no-voting? ganeti-wconfd-configuration-no-voting? ;Boolean
+ (default #f))
+ (debug? ganeti-wconfd-configuration-debug? ;Boolean
+ (default #f)))
+
+;; If this file exists, the wconfd daemon will be forcefully started even on
+;; non-master nodes. It is used to accommodate a master-failover scenario.
+(define %wconfd-force-node-hint
+ "/var/lib/ganeti/guix_wconfd_force_node_hint")
+
+(define (wconfd-wrapper ganeti args)
+ ;; Wrapper for the wconfd daemon that looks for the force-node hint.
+ (program-file
+ "wconfd-wrapper"
+ #~(begin
+ (let ((wconfd #$(file-append ganeti "/sbin/ganeti-wconfd"))
+ (force-node? (file-exists? #$%wconfd-force-node-hint)))
+ (if force-node?
+ (execl wconfd wconfd "--force-node" "--no-voting" "--yes-do-it" #$@args)
+ (execl wconfd wconfd #$@args))))))
+
+(define shepherd-wconfd-force-start-action
+ ;; Shepherd action to create the force-node hint and start wconfd.
+ (shepherd-action
+ (name 'force-start)
+ (documentation
+ "Forcefully start wconfd even on non-master nodes (dangerous!).")
+ (procedure #~(lambda _
+ (format #t "Forcefully starting the wconfd daemon...~%")
+ (action 'ganeti-wconfd 'enable)
+ (dynamic-wind
+ (lambda ()
+ (false-if-exception
+ (call-with-output-file #$%wconfd-force-node-hint
+ (lambda (port)
+ (const #t)))))
+ (lambda ()
+ (action 'ganeti-wconfd 'restart))
+ (lambda ()
+ (delete-file #$%wconfd-force-node-hint)))
+ #t))))
+
+(define ganeti-wconfd-service
+ (match-lambda
+ (($ <ganeti-wconfd-configuration> ganeti no-voting? debug?)
+ (list (shepherd-service
+ (documentation "Run the Ganeti wconfd daemon.")
+ (provision '(ganeti-wconfd))
+ (requirement '(user-processes))
+
+ ;; Shepherd action to support a master-failover scenario. It is
+ ;; automatically invoked during 'gnt-cluster master-failover' (see
+ ;; related Ganeti patch) and not intended for interactive use.
+ (actions (list shepherd-wconfd-force-start-action))
+
+ ;; wconfd will disable itself when not running on the master
+ ;; node. Don't attempt to restart it.
+ (respawn? #f)
+
+ (start
+ #~(make-forkexec-constructor
+ (list #$(wconfd-wrapper ganeti
+ (append
+ (if no-voting?
+ '("--no-voting" "--yes-do-it")
+ '())
+ (if debug?
+ '("--debug")
+ '()))))
+ #:environment-variables
+ '#$%default-ganeti-environment-variables
+ #:pid-file "/var/run/ganeti/ganeti-wconfd.pid"))
+ (stop #~(make-kill-destructor)))))))
+
+(define ganeti-wconfd-service-type
+ (service-type (name 'ganeti-wconfd)
+ (extensions
+ (list (service-extension shepherd-root-service-type
+ ganeti-wconfd-service)))
+ (default-value (ganeti-wconfd-configuration))
+ (description
+ "@command{ganeti-wconfd} is the daemon that has authoritative
+knowledge about the configuration and is the only entity that can accept changes
+to it. All jobs that need to modify the configuration will do so by sending
+appropriate requests to this daemon.")))
+
+(define-record-type* <ganeti-luxid-configuration>
+ ganeti-luxid-configuration make-ganeti-luxid-configuration
+ ganeti-luxid-configuration?
+ (ganeti ganeti-luxid-configuration-ganeti ;<package>
+ (default ganeti))
+ (no-voting? ganeti-luxid-configuration-no-voting? ;Boolean
+ (default #f))
+ (debug? ganeti-luxid-configuration-debug? ;Boolean
+ (default #f)))
+
+(define ganeti-luxid-service
+ (match-lambda
+ (($ <ganeti-luxid-configuration> ganeti no-voting? debug?)
+ (list (shepherd-service
+ (documentation "Run the Ganeti LUXI daemon.")
+ (provision '(ganeti-luxid))
+ (requirement '(user-processes))
+
+ ;; This service will automatically disable itself when not
+ ;; running on the master node. Don't attempt to restart it.
+ (respawn? #f)
+
+ (start #~(make-forkexec-constructor
+ (list #$(file-append ganeti "/sbin/ganeti-luxid")
+ #$@(if no-voting?
+ #~("--no-voting" "--yes-do-it")
+ #~())
+ #$@(if debug?
+ #~("--debug")
+ #~()))
+ #:environment-variables
+ '#$%default-ganeti-environment-variables
+ #:pid-file "/var/run/ganeti/ganeti-luxid.pid"))
+ (stop #~(make-kill-destructor)))))))
+
+(define ganeti-luxid-service-type
+ (service-type (name 'ganeti-luxid)
+ (extensions
+ (list (service-extension shepherd-root-service-type
+ ganeti-luxid-service)))
+ (default-value (ganeti-luxid-configuration))
+ (description
+ "@command{ganeti-luxid} is a daemon used to answer queries
+related to the configuration and the current live state of a Ganeti cluster.
+Additionally, it is the autorative daemon for the Ganeti job queue. Jobs can
+be submitted via this daemon and it schedules and starts them.")))
+
+(define-record-type* <ganeti-rapi-configuration>
+ ganeti-rapi-configuration make-ganeti-rapi-configuration
+ ganeti-rapi-configuration?
+ (ganeti ganeti-rapi-configuration-ganeti ;<package>
+ (default ganeti))
+ (require-authentication?
+ ganeti-rapi-configuration-require-authentication? ;Boolean
+ (default #f))
+ (port ganeti-rapi-configuration-port ;integer
+ (default 5080))
+ (address ganeti-rapi-configuration-address ;string
+ (default "0.0.0.0"))
+ (interface ganeti-rapi-configuration-interface ;string | #f
+ (default #f))
+ (max-clients ganeti-rapi-configuration-max-clients ;integer
+ (default 20))
+ (ssl? ganeti-rapi-configuration-ssl? ;Boolean
+ (default #f))
+ (ssl-key ganeti-rapi-configuration-ssl-key ;string
+ (default "/var/lib/ganeti/server.pem"))
+ (ssl-cert ganeti-rapi-configuration-ssl-cert ;string
+ (default "/var/lib/ganeti/server.pem"))
+ (debug? ganeti-rapi-configuration-debug? ;Boolean
+ (default #f)))
+
+(define ganeti-rapi-service
+ (match-lambda
+ (($ <ganeti-rapi-configuration> ganeti require-authentication? port address
+ interface max-clients ssl? ssl-key ssl-cert
+ debug?)
+ (list (shepherd-service
+ (documentation "Run the Ganeti RAPI daemon.")
+ (provision '(ganeti-rapi))
+ (requirement '(user-processes networking))
+
+ ;; This service will automatically disable itself when not
+ ;; running on the master node. Don't attempt to restart it.
+ (respawn? #f)
+
+ (start #~(make-forkexec-constructor
+ (list #$(file-append ganeti "/sbin/ganeti-rapi")
+ #$@(if require-authentication?
+ #~("--require-authentication")
+ #~())
+ #$(string-append "--port=" (number->string port))
+ #$(string-append "--bind=" address)
+ #$@(if interface
+ #~((string-append "--interface=" #$interface))
+ #~())
+ #$(string-append "--max-clients="
+ (number->string max-clients))
+ #$@(if ssl?
+ #~((string-append "--ssl-key=" #$ssl-key)
+ (string-append "--ssl-cert=" #$ssl-cert))
+ #~("--no-ssl"))
+ #$@(if debug?
+ #~("--debug")
+ #~()))
+ #:environment-variables
+ '#$%default-ganeti-environment-variables
+ #:pid-file "/var/run/ganeti/ganeti-rapi.pid"))
+ (stop #~(make-kill-destructor)))))))
+
+(define ganeti-rapi-service-type
+ (service-type (name 'ganeti-rapi)
+ (extensions
+ (list (service-extension shepherd-root-service-type
+ ganeti-rapi-service)))
+ (default-value (ganeti-rapi-configuration))
+ (description
+ "@command{ganeti-rapi} is the daemon providing a remote API
+for Ganeti clusters.")))
+
+(define-record-type* <ganeti-kvmd-configuration>
+ ganeti-kvmd-configuration make-ganeti-kvmd-configuration
+ ganeti-kvmd-configuration?
+ (ganeti ganeti-kvmd-configuration-ganeti ;<package>
+ (default ganeti))
+ (debug? ganeti-kvmd-configuration-debug? ;Boolean
+ (default #f)))
+
+(define ganeti-kvmd-service
+ (match-lambda
+ (($ <ganeti-kvmd-configuration> ganeti debug?)
+ (list (shepherd-service
+ (documentation "Run the Ganeti KVM daemon.")
+ (provision '(ganeti-kvmd))
+ (requirement '(user-processes))
+
+ ;; This service will automatically disable itself when not
+ ;; needed. Don't attempt to restart it.
+ (respawn? #f)
+
+ (start #~(make-forkexec-constructor
+ (list #$(file-append ganeti "/sbin/ganeti-kvmd")
+ #$@(if debug?
+ #~("--debug")
+ #~()))
+ #:environment-variables
+ '#$%default-ganeti-environment-variables
+ #:pid-file "/var/run/ganeti/ganeti-kvmd.pid"))
+ (stop #~(make-kill-destructor)))))))
+
+(define ganeti-kvmd-service-type
+ (service-type (name 'ganeti-kvmd)
+ (extensions
+ (list (service-extension shepherd-root-service-type
+ ganeti-kvmd-service)))
+ (default-value (ganeti-kvmd-configuration))
+ (description
+ "@command{ganeti-kvmd} is responsible for determining whether
+a given KVM instance was shutdown by an administrator or a user.
+
+The KVM daemon monitors, using @code{inotify}, KVM instances through their QMP
+sockets, which are provided by KVM. Using the QMP sockets, the KVM daemon
+listens for particular shutdown, powerdown, and stop events which will determine
+if a given instance was shutdown by the user or Ganeti, and this result is
+communicated to Ganeti via a special file in the filesystem.")))
+
+(define-record-type* <ganeti-mond-configuration>
+ ganeti-mond-configuration make-ganeti-mond-configuration
+ ganeti-mond-configuration?
+ (ganeti ganeti-mond-configuration-ganeti ;<package>
+ (default ganeti))
+ (port ganeti-mond-configuration-port ;integer
+ (default 1815))
+ (address ganeti-mond-configuration-address ;string
+ (default "0.0.0.0"))
+ (debug? ganeti-mond-configuration-debug? ;Boolean
+ (default #f)))
+
+(define ganeti-mond-service
+ (match-lambda
+ (($ <ganeti-mond-configuration> ganeti port address debug?)
+ (list (shepherd-service
+ (documentation "Run the Ganeti monitoring daemon.")
+ (provision '(ganeti-mond))
+ (requirement '(user-processes networking))
+ (respawn? #f)
+ (start #~(make-forkexec-constructor
+ (list #$(file-append ganeti "/sbin/ganeti-mond")
+ #$(string-append "--port=" (number->string port))
+ #$(string-append "--bind=" address)
+ #$@(if debug?
+ #~("--debug")
+ #~()))
+ #:pid-file "/var/run/ganeti/ganeti-mond.pid"))
+ (stop #~(make-kill-destructor)))))))
+
+(define ganeti-mond-service-type
+ (service-type (name 'ganeti-mond)
+ (extensions
+ (list (service-extension shepherd-root-service-type
+ ganeti-mond-service)))
+ (default-value (ganeti-mond-configuration))
+ (description
+ "@command{ganeti-mond} is a daemon providing monitoring
+functionality. It is responsible for running the data collectors and to
+provide the collected information through a HTTP interface.")))
+
+(define-record-type* <ganeti-metad-configuration>
+ ganeti-metad-configuration make-ganeti-metad-configuration
+ ganeti-metad-configuration?
+ (ganeti ganeti-metad-configuration-ganeti ;<package>
+ (default ganeti))
+ (port ganeti-metad-configuration-port ;integer
+ (default 80))
+ (address ganeti-metad-configuration-address ;string | #f
+ (default #f))
+ (debug? ganeti-metad-configuration-debug? ;Boolean
+ (default #f)))
+
+(define ganeti-metad-service
+ (match-lambda
+ (($ <ganeti-metad-configuration> ganeti port address debug?)
+ (list (shepherd-service
+ (documentation "Run the Ganeti metadata daemon.")
+ (provision '(ganeti-metad))
+ (requirement '(user-processes networking))
+ (respawn? #f)
+ (start #~(make-forkexec-constructor
+ (list #$(file-append ganeti "/sbin/ganeti-metad")
+ #$(string-append "--port=" (number->string port))
+ #$@(if address
+ #~((string-append "--bind=" #$address))
+ #~())
+ #$@(if debug?
+ #~("--debug")
+ #~()))
+ #:pid-file "/var/run/ganeti/ganeti-metad.pid"))
+ (stop #~(make-kill-destructor)))))))
+
+(define ganeti-metad-service-type
+ (service-type (name 'ganeti-metad)
+ (extensions
+ (list (service-extension shepherd-root-service-type
+ ganeti-metad-service)))
+ (default-value (ganeti-metad-configuration))
+ (description
+ "@command{ganeti-metad} is a daemon that can be used to pass
+information to OS install scripts or instances.")))
+
+(define-record-type* <ganeti-watcher-configuration>
+ ganeti-watcher-configuration make-ganeti-watcher-configuration
+ ganeti-watcher-configuration?
+ (ganeti ganeti-watcher-configuration-ganeti ;<package>
+ (default ganeti))
+ (schedule ganeti-watcher-configuration-schedule ;list | string
+ (default '(next-second-from
+ ;; Run every five minutes.
+ (next-minute (range 0 60 5)))))
+ (rapi-ip ganeti-watcher-configuration-rapi-ip ;#f | string
+ (default #f))
+ (job-age ganeti-watcher-configuration-job-age ;integer
+ (default (* 6 3600)))
+ (verify-disks? ganeti-watcher-configuration-verify-disks? ;Boolean
+ (default #t))
+ (debug? ganeti-watcher-configuration-debug? ;Boolean
+ (default #f)))
+
+(define ganeti-watcher-command
+ (match-lambda
+ (($ <ganeti-watcher-configuration> ganeti _ rapi-ip job-age verify-disks?
+ debug?)
+ #~(lambda ()
+ (system* #$(file-append ganeti "/sbin/ganeti-watcher")
+ #$@(if rapi-ip
+ #~(string-append "--rapi-ip=" #$rapi-ip)
+ #~())
+ #$(string-append "--job-age=" (number->string job-age))
+ #$@(if verify-disks?
+ #~()
+ #~("--no-verify-disks"))
+ #$@(if debug?
+ #~("--debug")
+ #~()))))))
+
+(define (ganeti-watcher-jobs config)
+ (match config
+ (($ <ganeti-watcher-configuration> _ schedule)
+ (list
+ #~(job #$@(match schedule
+ ((? string?)
+ #~(#$schedule))
+ ((? list?)
+ #~('#$schedule)))
+ #$(ganeti-watcher-command config))))))
+
+(define ganeti-watcher-service-type
+ (service-type (name 'ganeti-watcher)
+ (extensions
+ (list (service-extension mcron-service-type
+ ganeti-watcher-jobs)))
+ (default-value (ganeti-watcher-configuration))
+ (description
+ "@command{ganeti-watcher} is a periodically run script that
+performs a number of maintenance actions on the cluster. It will automatically
+restart instances that are marked as ERROR_down, i.e., instances that should be
+running, but are not; and it will also try to repair DRBD links in case a
+secondary node has rebooted. In addition it is responsible for archiving old
+cluster jobs, and it will restart any down Ganeti daemons that are appropriate
+for the current node. If the cluster parameter @code{maintain_node_health} is
+enabled, the watcher will also shutdown instances and DRBD devices if the node
+is declared offline by known master candidates.")))
+
+(define-record-type* <ganeti-cleaner-configuration>
+ ganeti-cleaner-configuration make-ganeti-cleaner-configuration
+ ganeti-cleaner-configuration?
+ (ganeti ganeti-cleaner-configuration-ganeti ;<package>
+ (default ganeti))
+ (master-schedule ganeti-cleaner-configuration-master-schedule ;list | string
+ ;; Run the master cleaner at 01:45 every day.
+ (default "45 1 * * *"))
+ (node-schedule ganeti-cleaner-configuration-node-schedule ;list | string
+ ;; Run the node cleaner at 02:45 every day.
+ (default "45 2 * * *")))
+
+(define ganeti-cleaner-jobs
+ (match-lambda
+ (($ <ganeti-cleaner-configuration> ganeti master-schedule node-schedule)
+ (list
+ #~(job #$@(match master-schedule
+ ((? string?)
+ #~(#$master-schedule))
+ ((? list?)
+ #~('#$master-schedule)))
+ (lambda ()
+ (system* #$(file-append ganeti "/sbin/ganeti-cleaner")
+ "master")))
+ #~(job #$@(match node-schedule
+ ((? string?)
+ #~(#$node-schedule))
+ ((? list?)
+ #~('#$node-schedule)))
+ (lambda ()
+ (system* #$(file-append ganeti "/sbin/ganeti-cleaner")
+ "node")))))))
+
+(define ganeti-cleaner-service-type
+ (service-type (name 'ganeti-cleaner)
+ (extensions
+ (list (service-extension mcron-service-type
+ ganeti-cleaner-jobs)))
+ (default-value (ganeti-cleaner-configuration))
+ (description
+ "@command{ganeti-cleaner} is a script that removes old files
+from the cluster. When called with @code{node} as argument it removes expired
+X509 certificates and keys from @file{/var/run/ganeti/crypto}, as well as
+outdated @command{ganeti-watcher} information.
+
+When called with @code{master} as argument, it instead removes files older
+than 21 days from @file{/var/lib/ganeti/queue/archive}.")))
+
+(define-record-type* <ganeti-configuration>
+ ganeti-configuration make-ganeti-configuration
+ ganeti-configuration?
+ (ganeti ganeti-configuration-ganeti
+ (default ganeti))
+ (noded-configuration ganeti-configuration-noded-configuration
+ (default (ganeti-noded-configuration)))
+ (confd-configuration ganeti-configuration-confd-configuration
+ (default (ganeti-confd-configuration)))
+ (wconfd-configuration ganeti-configuration-wconfd-configuration
+ (default (ganeti-wconfd-configuration)))
+ (luxid-configuration ganeti-configuration-luxid-configuration
+ (default (ganeti-luxid-configuration)))
+ (rapi-configuration ganeti-configuration-rapi-configuration
+ (default (ganeti-rapi-configuration)))
+ (kvmd-configuration ganeti-configuration-kvmd-configuration
+ (default (ganeti-kvmd-configuration)))
+ (mond-configuration ganeti-configuration-mond-configuration
+ (default (ganeti-mond-configuration)))
+ (metad-configuration ganeti-configuration-metad-configuration
+ (default (ganeti-metad-configuration)))
+ (watcher-configuration ganeti-configuration-watcher-configuration
+ (default (ganeti-watcher-configuration)))
+ (cleaner-configuration ganeti-configuration-cleaner-configuration
+ (default (ganeti-cleaner-configuration)))
+ (file-storage-paths ganeti-configuration-file-storage-paths ;list of strings | gexp
+ (default '()))
+ (os ganeti-configuration-os ;list of <ganeti-os>
+ (default '())))
+
+(define (ganeti-activation config)
+ (with-imported-modules '((guix build utils))
+ #~(begin
+ (use-modules (guix build utils))
+ (for-each mkdir-p
+ '("/var/log/ganeti"
+ "/var/log/ganeti/kvm"
+ "/var/log/ganeti/os"
+ "/var/lib/ganeti/rapi"
+ "/var/lib/ganeti/queue"
+ "/var/lib/ganeti/queue/archive"
+ "/var/run/ganeti/bdev-cache"
+ "/var/run/ganeti/crypto"
+ "/var/run/ganeti/socket"
+ "/var/run/ganeti/instance-disks"
+ "/var/run/ganeti/instance-reason"
+ "/var/run/ganeti/livelocks")))))
+
+(define ganeti-shepherd-services
+ (match-lambda
+ (($ <ganeti-configuration> _ noded confd wconfd luxid rapi kvmd mond metad)
+ (append (ganeti-noded-service noded)
+ (ganeti-confd-service confd)
+ (ganeti-wconfd-service wconfd)
+ (ganeti-luxid-service luxid)
+ (ganeti-rapi-service rapi)
+ (ganeti-kvmd-service kvmd)
+ (ganeti-mond-service mond)
+ (ganeti-metad-service metad)))))
+
+(define ganeti-mcron-jobs
+ (match-lambda
+ (($ <ganeti-configuration> _ _ _ _ _ _ _ _ _ watcher cleaner)
+ (append (ganeti-watcher-jobs watcher)
+ (ganeti-cleaner-jobs cleaner)))))
+
+(define-record-type* <ganeti-os>
+ ganeti-os make-ganeti-os ganeti-os?
+ (name ganeti-os-name) ;string
+ (extension ganeti-os-extension) ;string
+ (variants ganeti-os-variants ;list of <ganeti-os-variant>
+ (default '())))
+
+(define-record-type* <ganeti-os-variant>
+ ganeti-os-variant make-ganeti-os-variant ganeti-os-variant?
+ (name ganeti-os-variant-name) ;string
+ (configuration ganeti-os-variant-configuration)) ;<file-like>
+
+(define %debootstrap-interfaces-hook
+ (file-append ganeti-instance-debootstrap
+ "/share/doc/ganeti-instance-debootstrap/examples/interfaces"))
+
+;; The GRUB hook shipped with instance-debootstrap does not work with GRUB2.
+;; For convenience, provide one that work with modern Debians here.
+;; Note: it would be neat to reuse Guix' bootloader infrastructure instead.
+(define %debootstrap-grub-hook
+ (plain-file "grub"
+ "#!/usr/bin/env bash
+CLEANUP=( )
+cleanup() {
+ if [ ${#CLEANUP[*]} -gt 0 ]; then
+ LAST_ELEMENT=$((${#CLEANUP[*]}-1))
+ REVERSE_INDEXES=$(seq ${LAST_ELEMENT} -1 0)
+ for i in $REVERSE_INDEXES; do
+ ${CLEANUP[$i]}
+ done
+ fi
+}
+
+trap cleanup EXIT
+
+mount -t proc proc $TARGET/proc
+CLEANUP+=(\"umount $TARGET/proc\")
+mount -t sysfs sysfs $TARGET/sys
+CLEANUP+=(\"umount $TARGET/sys\")
+mount -o bind /dev $TARGET/dev
+CLEANUP+=(\"umount $TARGET/dev\")
+
+echo '
+GRUB_TIMEOUT_STYLE=menu
+GRUB_CMDLINE_LINUX_DEFAULT=\"console=ttyS0,115200 net.ifnames=0\"
+GRUB_TERMINAL=\"serial\"
+GRUB_SERIAL_COMMAND=\"serial --unit=0 --speed=115200\"
+' >> $TARGET/etc/default/grub
+
+# This PATH is propagated into the chroot and necessary to make grub-install
+# and related commands visible.
+export PATH=\"/usr/sbin:/usr/bin:/sbin:/bin:$PATH\"
+
+chroot \"$TARGET\" grub-install $BLOCKDEV
+chroot \"$TARGET\" update-grub
+
+cleanup
+trap - EXIT
+"))
+
+(define %default-debootstrap-hooks
+ `((10-interfaces . ,%debootstrap-interfaces-hook)
+ (90-grub . ,%debootstrap-grub-hook)))
+
+(define %default-debootstrap-extra-pkgs
+ ;; Packages suitable for a fully virtualized KVM guest.
+ '("acpi-support-base" "udev" "linux-image-amd64" "openssh-server"
+ "locales-all" "grub-pc"))
+
+(define-record-type* <debootstrap-configuration>
+ debootstrap-configuration make-debootstrap-configuration
+ debootstrap-configuration?
+ (hooks debootstrap-configuration-hooks ;#f | gexp | '((name . gexp))
+ (default %default-debootstrap-hooks))
+ (proxy debootstrap-configuration-proxy (default #f)) ;#f | string
+ (mirror debootstrap-configuration-mirror ;#f | string
+ (default #f))
+ (arch debootstrap-configuration-arch (default #f)) ;#f | string
+ (suite debootstrap-configuration-suite ;#f | string
+ (default "stable"))
+ (extra-pkgs debootstrap-configuration-extra-pkgs ;list of strings
+ (default %default-debootstrap-extra-pkgs))
+ (components debootstrap-configuration-components ;list of strings
+ (default '()))
+ (generate-cache? debootstrap-configuration-generate-cache? ;Boolean
+ (default #t))
+ (clean-cache debootstrap-configuration-clean-cache ;#f | integer
+ (default 14))
+ (partition-style debootstrap-configuration-partition-style ;#f | symbol | string
+ (default 'msdos))
+ (partition-alignment debootstrap-configuration-partition-alignment ;#f | integer
+ (default 2048)))
+
+(define (hooks->directory hooks)
+ (match hooks
+ ((? file-like?)
+ hooks)
+ ((? list?)
+ (let ((names (map car hooks))
+ (files (map cdr hooks)))
+ (with-imported-modules '((guix build utils))
+ (computed-file "hooks-union"
+ #~(begin
+ (use-modules (guix build utils)
+ (ice-9 match))
+ (mkdir-p #$output)
+ (with-directory-excursion #$output
+ (for-each (match-lambda
+ ((name hook)
+ (let ((file-name (string-append
+ #$output "/"
+ (symbol->string name))))
+ ;; Copy to the destination to ensure
+ ;; the file is executable.
+ (copy-file hook file-name)
+ (chmod file-name #o555))))
+ '#$(zip names files))))))))
+ (_ #f)))
+
+(define-gexp-compiler (debootstrap-configuration-compiler
+ (file <debootstrap-configuration>) system target)
+ (match file
+ (($ <debootstrap-configuration> hooks proxy mirror arch suite extra-pkgs
+ components generate-cache? clean-cache
+ partition-style partition-alignment)
+ (let ((customize-dir (hooks->directory hooks)))
+ (gexp->derivation
+ "debootstrap-variant"
+ #~(call-with-output-file (ungexp output "out")
+ (lambda (port)
+ (display
+ (string-append
+ (ungexp-splicing
+ `(,@(if proxy
+ `("PROXY=" ,proxy "\n")
+ '())
+ ,@(if mirror
+ `("MIRROR=" ,mirror "\n")
+ '())
+ ,@(if arch
+ `("ARCH=" ,arch "\n")
+ '())
+ ,@(if suite
+ `("SUITE=" ,suite "\n")
+ '())
+ ,@(if (not (null? extra-pkgs))
+ `("EXTRA_PKGS=" ,(string-join extra-pkgs ",") "\n")
+ '())
+ ,@(if (not (null? components))
+ `("COMPONENTS=" ,(string-join components ",") "\n")
+ '())
+ ,@(if customize-dir
+ `("CUSTOMIZE_DIR=" ,customize-dir "\n")
+ '())
+ ,@(if generate-cache?
+ '("GENERATE_CACHE=yes\n")
+ '("GENERATE_CACHE=no\n"))
+ ,@(if clean-cache
+ `("CLEAN_CACHE=" ,(number->string clean-cache) "\n")
+ '())
+ ,@(if partition-style
+ (if (symbol? partition-style)
+ `("PARTITION_STYLE="
+ ,(symbol->string partition-style) "\n")
+ `("PARTITION_STYLE=" ,partition-style "\n"))
+ '())
+ ,@(if partition-alignment
+ `("PARTITION_ALIGNMENT="
+ ,(number->string partition-alignment) "\n")
+ '()))))
+ port)))
+ #:local-build? #t)))))
+
+(define (ganeti-os->directory os)
+ "Return the derivation to build the configuration directory to be installed
+in /etc/ganeti/instance-$os for OS."
+ (let* ((name (ganeti-os-name os))
+ (extension (ganeti-os-extension os))
+ (variants (ganeti-os-variants os))
+ (names (map ganeti-os-variant-name variants))
+ (configs (map ganeti-os-variant-configuration variants)))
+ (with-imported-modules '((guix build utils))
+ (define builder
+ #~(begin
+ (use-modules (guix build utils)
+ (ice-9 format)
+ (ice-9 match)
+ (srfi srfi-1))
+ (mkdir-p #$output)
+ (unless (null? '#$names)
+ (let ((variants-dir (string-append #$output "/variants")))
+ (mkdir-p variants-dir)
+ (call-with-output-file (string-append variants-dir "/variants.list")
+ (lambda (port)
+ (format port "~a~%"
+ (string-join '#$names "\n"))))
+ (for-each (match-lambda
+ ((name file)
+ (symlink file
+ (string-append variants-dir "/" name
+ #$extension))))
+
+ '#$(zip names configs))))))
+
+ (computed-file (string-append name "-os") builder))))
+
+(define (ganeti-directory file-storage-file os)
+ (let ((dirs (map ganeti-os->directory os))
+ (names (map ganeti-os-name os)))
+ (define builder
+ #~(begin
+ (use-modules (ice-9 match))
+ (mkdir #$output)
+ (when #$file-storage-file
+ (symlink #$file-storage-file
+ (string-append #$output "/file-storage-paths")))
+ (for-each (match-lambda
+ ((name dest)
+ (symlink dest
+ (string-append #$output "/instance-" name))))
+ '#$(zip names dirs))))
+ (computed-file "etc-ganeti" builder)))
+
+(define (file-storage-file paths)
+ (match paths
+ ((? null?) #f)
+ ((? list?) (plain-file
+ "file-storage-paths"
+ (string-join paths "\n")))
+ (_ paths)))
+
+(define (ganeti-etc-service config)
+ (list `("ganeti" ,(ganeti-directory
+ (file-storage-file
+ (ganeti-configuration-file-storage-paths config))
+ (ganeti-configuration-os config)))))
+
+(define (debootstrap-os variants)
+ (ganeti-os
+ (name "debootstrap")
+ (extension ".conf")
+ (variants variants)))
+
+(define (debootstrap-variant name configuration)
+ (ganeti-os-variant
+ (name name)
+ (configuration configuration)))
+
+(define %default-debootstrap-variants
+ (list (debootstrap-variant
+ "default"
+ (debootstrap-configuration))))
+
+(define (guix-os variants)
+ (ganeti-os
+ (name "guix")
+ (extension ".scm")
+ (variants variants)))
+
+(define (guix-variant name configuration)
+ (ganeti-os-variant
+ (name name)
+ (configuration configuration)))
+
+(define %default-guix-variants
+ (list (guix-variant
+ "default"
+ (file-append ganeti-instance-guix
+ "/share/doc/ganeti-instance-guix/examples/dynamic.scm"))))
+
+;; The OS configurations usually come with a default OS. To make them work
+;; out of the box, follow suit.
+(define %default-ganeti-os
+ (list (debootstrap-os %default-debootstrap-variants)
+ (guix-os %default-guix-variants)))
+
+(define ganeti-service-type
+ (service-type (name 'ganeti)
+ (extensions
+ (list (service-extension activation-service-type
+ ganeti-activation)
+ (service-extension shepherd-root-service-type
+ ganeti-shepherd-services)
+ (service-extension etc-service-type
+ ganeti-etc-service)
+ (service-extension profile-service-type
+ (compose list ganeti-configuration-ganeti))
+ (service-extension mcron-service-type
+ ganeti-mcron-jobs)))
+ (default-value (ganeti-configuration (os %default-ganeti-os)))
+ (description
+ "Ganeti is a family of services that are designed to run
+on a fleet of machines and facilitate deployment and maintenance of virtual
+servers (@dfn{instances}). It can migrate instances between nodes, automatically
+restart failed instances, evacuate nodes, and much more.")))
diff --git a/gnu/tests/ganeti.scm b/gnu/tests/ganeti.scm
new file mode 100644
index 0000000000..0615edcde4
--- /dev/null
+++ b/gnu/tests/ganeti.scm
@@ -0,0 +1,265 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2020 Marius Bakke <marius@gnu.org>.
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu tests ganeti)
+ #:use-module (gnu)
+ #:use-module (gnu tests)
+ #:use-module (gnu system vm)
+ #:use-module (gnu services)
+ #:use-module (gnu services ganeti)
+ #:use-module (gnu services networking)
+ #:use-module (gnu services ssh)
+ #:use-module (gnu packages virtualization)
+ #:use-module (guix gexp)
+ #:use-module (ice-9 format)
+ #:export (%test-ganeti-kvm %test-ganeti-lxc))
+
+(define %ganeti-os
+ (operating-system
+ (host-name "gnt1")
+ (timezone "Etc/UTC")
+ (locale "en_US.UTF-8")
+
+ (bootloader (bootloader-configuration
+ (bootloader grub-bootloader)
+ (target "/dev/vda")))
+ (file-systems (cons (file-system
+ (device (file-system-label "my-root"))
+ (mount-point "/")
+ (type "ext4"))
+ %base-file-systems))
+ (firmware '())
+
+ ;; The hosts file must contain a nonlocal IP for host-name.
+ ;; In addition, the cluster name must resolve to an IP address that
+ ;; is not currently provisioned.
+ (hosts-file (plain-file "hosts" (format #f "
+127.0.0.1 localhost
+::1 localhost
+10.0.2.2 gnt1.example.com gnt1
+192.168.254.254 ganeti.example.com
+")))
+
+ (packages (append (list ganeti-instance-debootstrap ganeti-instance-guix)
+ %base-packages))
+ (services
+ (append (list (static-networking-service "eth0" "10.0.2.2"
+ #:netmask "255.255.255.0"
+ #:gateway "10.0.2.1"
+ #:name-servers '("10.0.2.1"))
+
+ (service openssh-service-type
+ (openssh-configuration
+ (permit-root-login 'without-password)))
+
+ (service ganeti-service-type
+ (ganeti-configuration
+ (file-storage-paths '("/srv/ganeti/file-storage"))
+ (os %default-ganeti-os))))
+ %base-services))))
+
+(define* (run-ganeti-test hypervisor #:key
+ (master-netdev "eth0")
+ (hvparams '())
+ (extra-packages '())
+ (rapi-port 5080)
+ (noded-port 1811))
+ "Run tests in %GANETI-OS."
+ (define os
+ (marionette-operating-system
+ (operating-system
+ (inherit %ganeti-os)
+ (packages (append extra-packages
+ (operating-system-packages %ganeti-os))))
+ #:imported-modules '((gnu services herd)
+ (guix combinators))))
+
+ (define %forwarded-rapi-port 5080)
+ (define %forwarded-noded-port 1811)
+
+ (define vm
+ (virtual-machine
+ (operating-system os)
+ ;; Some of the daemons are fairly memory-hungry.
+ (memory-size 512)
+ ;; Forward HTTP ports so we can access them from the "outside".
+ (port-forwardings `((,%forwarded-rapi-port . ,rapi-port)
+ (,%forwarded-noded-port . ,noded-port)))))
+
+ (define test
+ (with-imported-modules '((gnu build marionette))
+ #~(begin
+ (use-modules (srfi srfi-11) (srfi srfi-64)
+ (web uri) (web client) (web response)
+ (gnu build marionette))
+
+ (define marionette
+ (make-marionette (list #$vm)))
+
+ (mkdir #$output)
+ (chdir #$output)
+
+ (test-begin "ganeti")
+
+ ;; Ganeti uses the Shepherd to start/stop daemons, so make sure
+ ;; it is ready before we begin. It takes a while because all
+ ;; Ganeti daemons fail to start initially.
+ (test-assert "shepherd is ready"
+ (wait-for-unix-socket "/var/run/shepherd/socket" marionette))
+
+ (test-eq "gnt-cluster init"
+ 0
+ (marionette-eval
+ '(begin
+ (setenv
+ "PATH"
+ ;; Init needs to run 'ssh-keygen', 'ip', etc.
+ "/run/current-system/profile/sbin:/run/current-system/profile/bin")
+ (system* #$(file-append ganeti "/sbin/gnt-cluster") "init"
+ (string-append "--master-netdev=" #$master-netdev)
+ ;; TODO: Enable more disk backends.
+ "--enabled-disk-templates=file"
+ (string-append "--enabled-hypervisors="
+ #$hypervisor)
+ (string-append "--hypervisor-parameters="
+ #$hypervisor ":"
+ (string-join '#$hvparams "\n"))
+ ;; Set the default NIC mode to 'routed' to avoid having to
+ ;; configure a full bridge to placate 'gnt-cluster verify'.
+ "--nic-parameters=mode=routed,link=eth0"
+ "ganeti.example.com"))
+ marionette))
+
+ ;; Disable the watcher while doing daemon tests to prevent interference.
+ (test-eq "watcher pause"
+ 0
+ (marionette-eval
+ '(begin
+ (system* #$(file-append ganeti "/sbin/gnt-cluster")
+ "watcher" "pause" "1h"))
+ marionette))
+
+ (test-assert "force-start wconfd"
+ ;; Check that the 'force-start' Shepherd action works, used in a
+ ;; master-failover scenario.
+ (marionette-eval
+ '(begin
+ (setenv "PATH" "/run/current-system/profile/bin")
+ (invoke "herd" "stop" "ganeti-wconfd")
+ (invoke "herd" "disable" "ganeti-wconfd")
+ (invoke "herd" "force-start" "ganeti-wconfd"))
+ marionette))
+
+ ;; Verify that the cluster is healthy.
+ (test-eq "gnt-cluster verify 1"
+ 0
+ (marionette-eval
+ '(begin
+ (system* #$(file-append ganeti "/sbin/gnt-cluster") "verify"))
+ marionette))
+
+ ;; Try stopping and starting daemons with daemon-util like
+ ;; 'gnt-node add', 'gnt-cluster init', etc.
+ (test-eq "daemon-util stop-all"
+ 0
+ (marionette-eval
+ '(begin
+ (system* #$(file-append ganeti "/lib/ganeti/daemon-util")
+ "stop-all"))
+ marionette))
+
+ (test-eq "daemon-util start-all"
+ 0
+ (marionette-eval
+ '(begin
+ (system* #$(file-append ganeti "/lib/ganeti/daemon-util")
+ "start-all"))
+ marionette))
+
+ ;; Check that the cluster is still healthy after the daemon restarts.
+ (test-eq "gnt-cluster verify 2"
+ 0
+ (marionette-eval
+ '(begin
+ (system* #$(file-append ganeti "/sbin/gnt-cluster") "verify"))
+ marionette))
+
+ (test-eq "watcher continue"
+ 0
+ (marionette-eval
+ '(begin
+ (system* #$(file-append ganeti "/sbin/gnt-cluster")
+ "watcher" "continue"))
+ marionette))
+
+ ;; Try accessing the RAPI. This causes an expected failure:
+ ;; https://github.com/ganeti/ganeti/issues/1502
+ ;; Run it anyway for easy testing of potential fixes.
+ (test-equal "http-get RAPI version"
+ '(200 "2")
+ (let-values
+ (((response text)
+ (http-get #$(simple-format
+ #f "http://localhost:~A/version"
+ %forwarded-rapi-port)
+ #:decode-body? #t)))
+ (list (response-code response) text)))
+
+ (test-equal "gnt-os list"
+ "debootstrap+default\nguix+default\n"
+ (marionette-eval
+ '(begin
+ (use-modules (ice-9 popen))
+ (let* ((port (open-pipe*
+ OPEN_READ
+ #$(file-append ganeti "/sbin/gnt-os")
+ "list" "--no-headers"))
+ (output (get-string-all port)))
+ (close-pipe port)
+ output))
+ marionette))
+
+ (test-eq "gnt-cluster destroy"
+ 0
+ (marionette-eval
+ '(begin
+ (system* #$(file-append ganeti "/sbin/gnt-cluster")
+ "destroy" "--yes-do-it"))
+ marionette))
+
+ (test-end)
+ (exit (= (test-runner-fail-count (test-runner-current)) 1)))))
+
+ (gexp->derivation (string-append "ganeti-" hypervisor "-test") test))
+
+(define %test-ganeti-kvm
+ (system-test
+ (name "ganeti-kvm")
+ (description "Provision a Ganeti cluster using the KVM hypervisor.")
+ (value (run-ganeti-test "kvm"
+ ;; Set kernel_path to an empty string to prevent
+ ;; 'gnt-cluster verify' from testing for its presence.
+ #:hvparams '("kernel_path=")
+ #:extra-packages (list qemu)))))
+
+(define %test-ganeti-lxc
+ (system-test
+ (name "ganeti-lxc")
+ (description "Provision a Ganeti cluster using LXC as the hypervisor.")
+ (value (run-ganeti-test "lxc"
+ #:extra-packages (list lxc)))))