From patchwork Sun Oct 27 12:45:34 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Ekaitz Zarraga X-Patchwork-Id: 69537 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id E36DB27BBEA; Sun, 27 Oct 2024 12:46:54 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-7.6 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_BLOCKED, RCVD_IN_VALIDITY_CERTIFIED,RCVD_IN_VALIDITY_RPBL,RCVD_IN_VALIDITY_SAFE, SPF_HELO_PASS autolearn=ham autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 70C3827BBE2 for ; Sun, 27 Oct 2024 12:46:53 +0000 (GMT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1t52f9-00024t-SR; Sun, 27 Oct 2024 08:46:31 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1t52f7-00024g-IT for guix-patches@gnu.org; Sun, 27 Oct 2024 08:46:29 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1t52f6-0003o4-PT; Sun, 27 Oct 2024 08:46:29 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:Date:From:To:Subject; bh=4oLNT0xejYbGiOkIeuOU0WONpinf3EmAdgX+q8D49K8=; b=hjwiDqi7dJSWHHn5MW+vDyxOX48T7dK9BCa7lhpLeCobPfCVshNtyUqSReQg/eznD2xug5RQns1zGyNksVlqL37rGsAgNKF72WZ0qeZ3JUm0zZ3ezGq7qhmBN3gyZOknbfn7V4z6N4GeiJPkTnHJYE2wYg6Bzg534m0ncki9NDFkpC7ejlNZDAbbt54NZpA6fQrFaoayF1VxVWk5sJuCg/mWPtkRdTnC87EjkQg0pJVot/8rpDllZVMVE2+wWClVrHhh218Rubrk8ZJLX5wVZrKC/iwXniAp9z6X1UoTIC8bDOyacRxyzY22WclFDuQSWdSLUQSAbRZnmIG1zCZpig==; Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1t52fe-0004Nv-EV; Sun, 27 Oct 2024 08:47:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#74046] [PATCH] doc: Add "Contributing to Guix's infrastructure". Resent-From: Ekaitz Zarraga Original-Sender: "Debbugs-submit" Resent-CC: ludo@gnu.org, maxim.cournoyer@gmail.com, guix-patches@gnu.org Resent-Date: Sun, 27 Oct 2024 12:47:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 74046 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 74046@debbugs.gnu.org Cc: ludo@gnu.org, Ekaitz Zarraga , Ludovic =?utf-8?q?Cour?= =?utf-8?q?t=C3=A8s?= , Maxim Cournoyer X-Debbugs-Original-To: guix-patches@gnu.org X-Debbugs-Original-Xcc: Ludovic =?utf-8?q?Court=C3=A8s?= , Maxim Cournoyer Received: via spool by submit@debbugs.gnu.org id=B.173003320416805 (code B ref -1); Sun, 27 Oct 2024 12:47:02 +0000 Received: (at submit) by debbugs.gnu.org; 27 Oct 2024 12:46:44 +0000 Received: from localhost ([127.0.0.1]:44232 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1t52fL-0004My-H3 for submit@debbugs.gnu.org; Sun, 27 Oct 2024 08:46:44 -0400 Received: from lists.gnu.org ([209.51.188.17]:40300) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1t52fJ-0004Mr-S2 for submit@debbugs.gnu.org; Sun, 27 Oct 2024 08:46:42 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1t52ei-0001vZ-Bx for guix-patches@gnu.org; Sun, 27 Oct 2024 08:46:05 -0400 Received: from dane.soverin.net ([185.233.34.24]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1t52ee-0003f5-FP; Sun, 27 Oct 2024 08:46:04 -0400 Received: from smtp.soverin.net (c04smtp-lb01.int.sover.in [10.10.4.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by dane.soverin.net (Postfix) with ESMTPS id 4Xbx8M4LwczyPK; Sun, 27 Oct 2024 12:45:55 +0000 (UTC) Received: from smtp.soverin.net (smtp.soverin.net [10.10.4.99]) by soverin.net (Postfix) with ESMTPSA id 4Xbx8M0JfNz14s; Sun, 27 Oct 2024 12:45:55 +0000 (UTC) Authentication-Results: smtp.soverin.net; dkim=pass (2048-bit key; unprotected) header.d=elenq.tech header.i=@elenq.tech header.a=rsa-sha256 header.s=soverin1 header.b=XxAg0ldE; dkim-atps=neutral DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=elenq.tech; s=soverin1; t=1730033155; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=4oLNT0xejYbGiOkIeuOU0WONpinf3EmAdgX+q8D49K8=; b=XxAg0ldEoIBJPQ3TuN7+/Nrnjp/C7MexHk/JFqpJZlUq2lasLvJXiIi85Xyrqn9obKnu5Q sQzUsNwlcoPnjuOukxqAbi0g+AuH+xo5AQ8cVW5VnLtph26VJsI9VpmVSi+yid6aMUUF0H zggfLXJ01xJMcCcj5MVd+r6ZniTcVODwMz5xmfCj7wvumJ6qOTWwskv67xgsN50kQHLD8S HoOH3i01siQdM5lZvhzHy6Rt7tv9XbmkshpCrS+cZI++tD+hWg7ImponfPXheVi8a7c7tP vKig/mG3qUQa/IkKXoGNr3lRfp2llabrOmM97mrDHiN98xdhHyQmtQlRQWLZag== From: Ekaitz Zarraga Date: Sun, 27 Oct 2024 13:45:34 +0100 Message-ID: <881dbbde93521a4f6957cd795e6942c43103f688.1730033134.git.ekaitz@elenq.tech> MIME-Version: 1.0 X-Spampanel-Class: ham Received-SPF: pass client-ip=185.233.34.24; envelope-from=ekaitz@elenq.tech; helo=dane.soverin.net X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches Use the "Call for contribution to the Guix infrastructure" by Ludovic Courtès to create a section in the documentation that describes how to contribute to the infrastructure. https://lists.gnu.org/archive/html/guix-devel/2024-05/msg00183.html * doc/contributing.texi (Contributing to Guix's infrastructure): New section. Change-Id: I3f3a99ad884110cc8323789e8c14bec1f7327e97 --- doc/contributing.texi | 187 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 187 insertions(+) base-commit: 091131af64fd4e4e925fff829fa19097cfcdfcc5 diff --git a/doc/contributing.texi b/doc/contributing.texi index acdc303be6..1510e07ddc 100644 --- a/doc/contributing.texi +++ b/doc/contributing.texi @@ -37,6 +37,7 @@ Contributing * Deprecation Policy:: Commitments and tools for deprecation. * Writing Documentation:: Improving documentation in GNU Guix. * Translating Guix:: Make Guix speak your native language. +* Contributing to Guix's infrastructure:: Make Guix ecosystem work better. @end menu @node Requirements @@ -3594,3 +3595,189 @@ Translating Guix be updated accordingly (see @file{website/i18n-howto.txt} for more information on the process). @end itemize + + +@cindex infrastructure +@node Contributing to Guix's infrastructure +@section Contributing to Guix's infrastructure + +Since its inception, the Guix project has always valued its autonomy, and that +reflects in its infrastructure: our servers run Guix System and exclusively +free software, none of them is hosted by one of these transnational companies, +and they're administered by volunteers. + +Of course this comes at a cost and this is why we're sending this call for +contributions. Our hope is to make infrastructure-related activity more +legible so that maybe you can picture yourself helping in one of these areas. + + +@menu +* Coding:: +* System administration:: +* Day-to-day system administration:: +* On-site intervention:: +* Hosting:: +* Administrative tasks:: +@end menu + +@node Coding +@subsection Coding + +Guix runs many Guix-specific services; this is all lovely Scheme code but it +tends to receive less attention than Guix itself: + +@itemize +@item Build Farm Front-End: @url{https://git.cbaines.net/guix/bffe} +@item Cuirass: @url{https://guix.gnu.org/cuirass/} +@item Goggles (IRC logger): +@url{https://git.savannah.gnu.org/cgit/guix/maintenance.git/tree/hydra/goggles.scm} +@item Guix Build Coordinator: +@url{https://git.savannah.gnu.org/cgit/guix/build-coordinator.git/} +@item Guix Data Service: +@url{https://git.savannah.gnu.org/git/guix/data-service.git/} +@item Guix Packages Website: +@url{https://codeberg.org/luis-felipe/guix-packages-website.git} +@item mumi: @url{https://git.savannah.gnu.org/cgit/guix/mumi.git/} +@item nar-herder: @url{https://git.savannah.gnu.org/cgit/guix/nar-herder.git/} +@item QA Frontpage: @url{https://git.savannah.gnu.org/git/guix/qa-frontpage.git} +@end itemize + +There is no time constraint on this coding activity: any improvement is +welcome, whenever it comes. Most of these code bases are relatively small, +which should make it easier to get started. + +Prerequisites: Familiarity with Guile, HTTP, and databases. + +If you wish to get started, check out the README of the project of your choice +and get in touch with guix-devel and the primary developer(s) of the tool as +per @code{git shortlog -s | sort -k1 -n}. + +@node System administration +@subsection System administration + +Guix System configuration for all our systems is held in this repository: + +@url{https://git.savannah.gnu.org/cgit/guix/maintenance.git/tree/hydra/} + +The two front-ends are @file{berlin.scm} (the machine behind ci.guix.gnu.org) +and @file{bayfront.scm} (the machine behind bordeaux.guix.gnu.org, +guix.gnu.org, hpc.guix.info, qa.guix.gnu.org, and more). Both connect to a +number of build machines and helpers. + +Without even having SSH access to the machine, you can help by posting patches +to improve the configuration (you can test it with @code{guix system vm}). +Here are ways you can help: + +@itemize +@item +Improve infra monitoring: set up a dashboard to monitor all the infrastructure, +and an out-of-band channel to communicate about downtime. + +@item +Implement web site redundancy: guix.gnu.org should be backed by several +machines on different sites. Get in touch with us and/or send a patch! + +@item +Implement substitute redundancy: likewise, bordeaux.guix.gnu.org and +ci.guix.gnu.org should be backed by several head nodes. + +@item +Improve backup: there's currently ad-hoc backup of selected pieces over rsync +between the two head nodes; we can improve on that, for example with a +dedicated backup site and proper testing of recoverability. + +@item +Support mirroring: We'd like to make it easy for others to mirror substitutes +from ci.guix and bordeaux.guix, perhaps by offering public rsync access. + +@item +Optimize our web services: Monitor the performance of our services and tweak +nginx config or whatever it takes to improve it. + +There is no time constraint on this activity: any improvement is welcome, +whenever you can work on it. + +Prerequisite: Familiarity with Guix System administration and ideally with the +infrastructure handbook: + +@url{https://git.savannah.gnu.org/cgit/guix/maintenance.git/tree/doc/infra-handbook.org} + +@end itemize + +@node Day-to-day system administration +@subsection Day-to-day system administration + +We're also looking for people who'd be willing to have SSH access to some of +the infrastructure to help with day-to-day maintenance: restarting a build, +restarting the occasional service that has gone wild (that can happen), +reconfiguring/upgrading a machine, rebooting, etc. + +This day-to-day activity requires you to be available some of the time (during +office hours or not, during the week-end or not), whenever is convenient for +you, so you can react to issues reported on IRC, on the mailing list, or +elsewhere, and synchronize with other sysadmins. + +Prerequisite: Being a “known” member of the community, familiarity with Guix +System administration, with some of the services/web sites being run, and with +the infrastructure handbook: + +@url{https://git.savannah.gnu.org/cgit/guix/maintenance.git/tree/doc/infra-handbook.org} + +@node On-site intervention +@subsection On-site intervention + +The first front-end is currently generously hosted by the Max Delbrück Center +(MDC), a research institute in Berlin, Germany. Only authorized personnel can +physically access it. + +The second one, bordeaux.guix.gnu.org, is hosted in Bordeaux, France, in a +professional data center shared with non-profit ISP Aquilenet. If you live in +the region of Bordeaux and would like to help out when we need to go on-site, +please make yourself known by emailing @email{guix-sysadmin@@gnu.org}. + +On-site interventions are rare, but they're usually in response to an +emergency. + +@node Hosting +@subsection Hosting + +We're looking for people who can host machines and help out whenever +physical access is needed. More specifically: + +@itemize +@item +We need hosting of “small” machines such as single-board computers (AArch64, +RISC-V) for use as build machines. + +@item +We need hosting for front-ends and x86_64 build machines in a data center where +they can be racked and where, ideally, several local Guix sysadmins can +physically access them. +@end itemize + +The machines should be accessible over Wireguard VPN most of the +time, so longer power or network interruptions should be the +exception. + +Prerequisites: Familiarity with installing and remotely administering Guix +System. + +@node Administrative tasks +@subsection Administrative tasks + +The infra remains up and running thanks to crucial administrative tasks, which +includes: + +@itemize +@item +Selecting and purchasing hardware, for example build machines. +@item +Renewing domain names. + +@item +Securing funding, in particular via the Guix Foundation: +@url{https://foundation.guix.info} +@end itemize + +Prerequisites: Familiarity with hardware, and/or DNS registrars, +and/or sponsorship, and/or crowdfunding.