| 1 Dec 2022 |
 Zhaofeng Li | In reply to @ask-yourself:matrix.org
deployment.privilegeEscalationCommand = ["doas"]; is also set. colmena apply-local --sudo should work | 19:01:40 |
 @ask-yourself:matrix.org | The output of colmena apply-local is:
.dotfiles on main [!+] ⊥ colmena apply-local
[WARN ] Colmena was not started by root. This is probably not going to work.
[WARN ] Hint: Add the --sudo flag.
warning: Git tree '/home/isaac/.dotfiles' is dirty
[INFO ] Using flake: git+file:///home/isaac/.dotfiles
warning: Git tree '/home/isaac/.dotfiles' is dirty
warning: Git tree '/home/isaac/.dotfiles' is dirty
🕖 7s 2 succeeded
desktop ✅ 6s Evaluated desktop
❌ 7s Failed: Child process exited with error code: 1
desktop ✅ 6s Evaluated desktop
desktop ✅ 0s Built "/nix/store/cagxgr77kc1ip1f31fx9y1f5xq23mk68-nixos-system-desktop-23.05pre-git"
desktop ✅ 0s Pushed system closure
desktop ❌ 0s Activation failed: Child process exited with error code: 1
[ERROR] Failed to deploy to desktop - Last 3 lines of logs:
[ERROR] created)
[ERROR] state) Running
[ERROR] failure) Child process exited with error code: 1
[ERROR] Failed to complete requested operation - Last 1 lines of logs:
[ERROR] failure) Child process exited with error code: 1
[ERROR] -----
[ERROR] Operation failed with error: Child process exited with error code: 1
| 19:01:54 |
 Linux Hackerman | oops, never mind what I said then | 19:01:56 |
| @ask-yourself:matrix.org | In reply to @zhaofeng:zhaofeng.li
colmena apply-local --sudo should work This should work even after I turn of sudo for this machine? | 19:02:29 |
| @ask-yourself:matrix.org | (And yes it does work, thank you.) | 19:02:50 |
| Zhaofeng Li | It uses the privilegeEscalationCommand configured in the config | 19:02:52 |
| Zhaofeng Li | `apply-local` doesn't run the escalation command by default. It seems a bit rude to do so, given that sudo cache exists and Colmena may end up doing dangerous things without prompt. Better make it explicit I guess. | 19:03:36 |
| Linux Hackerman | gosh frick, I wanted to test if the problem still exists and yes it very much does lol | 19:04:00 |
| Zhaofeng Li | * There hasn't been any change to the heuristic which assumes a constant memory size for each node. We can probably make the number bigger if people keep running into things like this. It's bit difficult to estimate the memory usage to evaluate a "typical" config | 19:05:19 |
| @ask-yourself:matrix.org | Zhaofeng Li: colmena apply-local --sudo doesn't work once sudo is turned off though, and I want to turn sudo off. | 19:05:42 |
| Linux Hackerman | Hm, would it be appropriate to set the OOM score adjustment for the nix-eval-jobs process to avoid this kind of thing? | 19:06:28 |
| Zhaofeng Li | Hmm, it should be using the `deployment.privilegeEscalationCommand`. Let me check | 19:06:41 |
| @ask-yourself:matrix.org | Wait. I had that commented out. | 19:06:59 |
| @ask-yourself:matrix.org | Don't waste your time checking yet, probably my error. | 19:07:09 |
| Linux Hackerman | also, the heuristic results in 52 workers for me which... I think is deep into inappropriate territory for 32G of RAM :D | 19:09:04 |
| Zhaofeng Li | Argh, I keep forgetting Element Android has Markdown turned off by default. Another thing to set for each new client | 19:09:10 |
| @ask-yourself:matrix.org | Ok yeah, colmena apply-locall --sudo does not work with sudo turned off, even with deployment.privilegeEscalationCommand = ["doas"];. | 19:10:44 |
| @ask-yourself:matrix.org | * Ok yeah, colmena apply-local --sudo does not work with sudo turned off, even with deployment.privilegeEscalationCommand = ["doas"];. | 19:10:51 |
| Zhaofeng Li | Interesting, and it says something like sudo: command not found? | 19:12:38 |
| Zhaofeng Li | Just confirming, is the deployment.privilegeEscalationCommand set inside the host config? If it's outside, you may have inadvertently created a deployment node instead | 19:14:14 |
| Zhaofeng Li | In reply to @linus:schreibt.jetzt
also, the heuristic results in 52 workers for me which... I think is deep into inappropriate territory for 32G of RAM :D Well yeah, currently it assumes each node takes 512MB to evaluate 😅 Or (remaining_ram - 1024MB) / 512MB nodes | 19:16:48 |
| @ask-yourself:matrix.org | In reply to @zhaofeng:zhaofeng.li
Interesting, and it says something like sudo: command not found? This is the output for both commands:
.dotfiles on main [!+] λ colmena apply-local --sudo
thread 'main' panicked at 'Failed to run sudo to escalate privileges: Os { code: 2, kind: NotFound, message: "No such file or directory" }', src/command/apply_local.rs:162:10
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
.dotfiles on main [!+] ⊥ colmena apply-local
[WARN ] Colmena was not started by root. This is probably not going to work.
[WARN ] Hint: Add the --sudo flag.
warning: Git tree '/home/isaac/.dotfiles' is dirty
[INFO ] Using flake: git+file:///home/isaac/.dotfiles
warning: Git tree '/home/isaac/.dotfiles' is dirty
warning: Git tree '/home/isaac/.dotfiles' is dirty
🕔 7s 2 succeeded
desktop ✅ 6s Evaluated desktop
❌ 7s Failed: Child process exited with error code: 1
desktop ✅ 6s Evaluated desktop
desktop ✅ 0s Built "/nix/store/pm7h842lz8c1jwx3crwj1hmwxn9hphr5-nixos-system-desktop-23.05pre-git"
desktop ✅ 0s Pushed system closure
desktop ❌ 0s Activation failed: Child process exited with error code: 1
[ERROR] Failed to deploy to desktop - Last 3 lines of logs:
[ERROR] created)
[ERROR] state) Running
[ERROR] failure) Child process exited with error code: 1
[ERROR] Failed to complete requested operation - Last 1 lines of logs:
[ERROR] failure) Child process exited with error code: 1
[ERROR] -----
[ERROR] Operation failed with error: Child process exited with error code: 1
| 19:23:20 |
| @ask-yourself:matrix.org | In reply to @zhaofeng:zhaofeng.li
Just confirming, is the deployment.privilegeEscalationCommand set inside the host config? If it's outside, you may have inadvertently created a deployment node instead I think so, if you wanna see where I've set it up in full context, it's here: https://gitlab.com/IsaacBrown92/dotfiles/-/blob/main/nixos/desktop/security.nix | 19:27:30 |
| Zhaofeng Li | In reply to @ask-yourself:matrix.org
This is the output for both commands:
.dotfiles on main [!+] λ colmena apply-local --sudo
thread 'main' panicked at 'Failed to run sudo to escalate privileges: Os { code: 2, kind: NotFound, message: "No such file or directory" }', src/command/apply_local.rs:162:10
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
.dotfiles on main [!+] ⊥ colmena apply-local
[WARN ] Colmena was not started by root. This is probably not going to work.
[WARN ] Hint: Add the --sudo flag.
warning: Git tree '/home/isaac/.dotfiles' is dirty
[INFO ] Using flake: git+file:///home/isaac/.dotfiles
warning: Git tree '/home/isaac/.dotfiles' is dirty
warning: Git tree '/home/isaac/.dotfiles' is dirty
🕔 7s 2 succeeded
desktop ✅ 6s Evaluated desktop
❌ 7s Failed: Child process exited with error code: 1
desktop ✅ 6s Evaluated desktop
desktop ✅ 0s Built "/nix/store/pm7h842lz8c1jwx3crwj1hmwxn9hphr5-nixos-system-desktop-23.05pre-git"
desktop ✅ 0s Pushed system closure
desktop ❌ 0s Activation failed: Child process exited with error code: 1
[ERROR] Failed to deploy to desktop - Last 3 lines of logs:
[ERROR] created)
[ERROR] state) Running
[ERROR] failure) Child process exited with error code: 1
[ERROR] Failed to complete requested operation - Last 1 lines of logs:
[ERROR] failure) Child process exited with error code: 1
[ERROR] -----
[ERROR] Operation failed with error: Child process exited with error code: 1
Aha, you are using 0.3. Then you need --sudo-command=doas instead of deployment.privilegeEscalationCommand. 0.3 escalates privileges in apply-local eagerly at the beginning before evaluation. | 19:43:42 |
| Zhaofeng Li | In the main development branch, it was changed to only escalate during activation using the configured privilege escalation command. | 19:44:22 |
| @ask-yourself:matrix.org | Oh, how can I be on the current version? | 19:47:49 |
| Zhaofeng Li | You can use the flake of the unreleased version as mentioned here: https://colmena.cli.rs/unstable/tutorial/flakes.html | 19:49:03 |
| @ask-yourself:matrix.org | Oh, so deployment.privilegeEscalationCommand is an unreleased feature? | 19:52:08 |
| Zhaofeng Li | It's used for the normal apply but for apply-local it's unreleased | 19:52:54 |
| @ask-yourself:matrix.org | Ahhh. | 19:53:42 |
