difftreelog
fix legacy ssh store support
in: trunk
4 files changed
cmds/fleet/src/cmds/build_systems.rsdiffbeforeafterboth--- a/cmds/fleet/src/cmds/build_systems.rs
+++ b/cmds/fleet/src/cmds/build_systems.rs
@@ -106,6 +106,9 @@
if let Some(destination) = opts.action_attr::<String>(&host, "dest").await? {
host.set_session_destination(destination);
};
+ if let Some(legacy) = opts.action_attr::<bool>(&host, "legacy_ssh_store").await? {
+ host.set_legacy_ssh_store(legacy);
+ };
set.spawn_local(
(async move {
crates/fleet-base/src/host.rsdiffbeforeafterboth--- a/crates/fleet-base/src/host.rs
+++ b/crates/fleet-base/src/host.rs
@@ -13,7 +13,7 @@
use anyhow::{Context, Result, anyhow, bail, ensure};
use fleet_shared::SecretData;
use nix_eval::{Value, nix_go, nix_go_json, util::assert_warn};
-use openssh::SessionBuilder;
+use openssh::{ControlPersist, SessionBuilder};
use serde::de::DeserializeOwned;
use tabled::Tabled;
use tempfile::NamedTempFile;
@@ -99,6 +99,7 @@
// TODO: Both of those values are taken from host opts, there should be a cleaner way to specify it
deploy_kind: OnceCell<DeployKind>,
session_destination: OnceCell<String>,
+ legacy_ssh_store: OnceCell<bool>,
pub host_config: Option<Value>,
pub nixos_config: OnceCell<Value>,
@@ -219,6 +220,11 @@
.set(kind)
.expect("deploy kind is already set");
}
+ pub fn set_legacy_ssh_store(&self, legacy: bool) {
+ self.legacy_ssh_store
+ .set(legacy)
+ .expect("legacy ssh store is already set")
+ }
pub async fn deploy_kind(&self) -> Result<DeployKind> {
if let Some(kind) = self.deploy_kind.get() {
return Ok(*kind);
@@ -263,7 +269,8 @@
if let Some(session) = &self.session.get() {
return Ok((*session).clone());
};
- let session = SessionBuilder::default();
+ let mut session = SessionBuilder::default();
+ session.control_persist(ControlPersist::ClosedAfterInitialConnection);
let dest = self.session_destination.get().unwrap_or(&self.name);
let session = session
@@ -418,9 +425,15 @@
);
nix.arg("copy").arg("--substitute-on-destination");
+ let proto = if self.legacy_ssh_store.get().cloned().unwrap_or(false) {
+ "ssh"
+ } else {
+ "ssh-ng"
+ };
+
match self.deploy_kind().await? {
DeployKind::Fleet | DeployKind::UpgradeToFleet | DeployKind::NixosLustrate => {
- nix.comparg("--to", format!("ssh-ng://{}", self.name));
+ nix.comparg("--to", format!("{proto}://{}", self.name));
}
DeployKind::NixosInstall => {
nix
@@ -428,7 +441,7 @@
.arg("--no-check-sigs")
.comparg(
"--to",
- format!("ssh-ng://root@{}?remote-store=/mnt", self.name),
+ format!("{proto}://root@{}?remote-store=/mnt", self.name),
);
}
}
@@ -568,6 +581,7 @@
session: OnceLock::new(),
deploy_kind: OnceCell::new(),
session_destination: OnceCell::new(),
+ legacy_ssh_store: OnceCell::new(),
}
}
@@ -589,6 +603,7 @@
session: OnceLock::new(),
deploy_kind: OnceCell::new(),
session_destination: OnceCell::new(),
+ legacy_ssh_store: OnceCell::new(),
})
}
pub async fn list_hosts(&self) -> Result<Vec<ConfigHost>> {
crates/fleet-shared/src/encoding.rsdiffbeforeafterboth--- a/crates/fleet-shared/src/encoding.rs
+++ b/crates/fleet-shared/src/encoding.rs
@@ -1,6 +1,5 @@
use std::{
- fmt::{self, Display},
- str::FromStr,
+ collections::BTreeMap, fmt::{self, Display}, str::FromStr
};
use base64::engine::{Engine, general_purpose::STANDARD_NO_PAD};
flake.nixdiffbeforeafterboth1{2 description = "NixOS cluster configuration management";34 inputs = {5 nixpkgs.url = "github:nixos/nixpkgs/release-25.05";6 rust-overlay = {7 url = "github:oxalica/rust-overlay";8 inputs.nixpkgs.follows = "nixpkgs";9 };10 flake-parts = {11 url = "github:hercules-ci/flake-parts";12 inputs.nixpkgs-lib.follows = "nixpkgs";13 };14 crane.url = "github:ipetkov/crane";15 shelly.url = "github:CertainLach/shelly";16 treefmt-nix = {17 url = "github:numtide/treefmt-nix";18 inputs.nixpkgs.follows = "nixpkgs";19 };20 # DeterminateSystem's nix fork is controversial, but I don't mind it,21 # and it has lazy-trees support which is useful for fleet.22 nix.url = "github:deltarocks/nix/fleet";23 };24 outputs =25 inputs:26 inputs.flake-parts.lib.mkFlake27 {28 inherit inputs;29 }30 {31 imports = [ inputs.shelly.flakeModule ];32 flake = rec {33 lib =34 (import ./lib {35 inherit (inputs.nixpkgs) lib;36 })37 // {38 fleetConfiguration = throw "function-based interface is deprecated, use flake-parts syntax instead";39 };40 flakeModules.default = import ./lib/flakePart.nix {41 inherit (inputs) crane;42 };43 flakeModule = flakeModules.default;4445 fleetModules.tf = ./modules/extras/tf.nix;4647 # Used to test nix-eval bindings48 testData = {49 testObj = {50 v = "Hello";51 };52 testString = "hello";53 };5455 # To be used with https://github.com/NixOS/nix/pull/889256 schemas =57 let58 inherit (inputs.nixpkgs.lib) mapAttrs;59 in60 {61 fleetConfigurations = {62 version = 1;63 doc = ''64 The `fleetConfigurations` flake output defines fleet cluster configurations.65 '';66 inventory = output: {67 children = mapAttrs (configName: cluster: {68 what = "fleet cluster configuration";6970 children = mapAttrs (hostName: host: {71 what = "host [${host.system}]";72 }) cluster.config.hosts;73 # It is possible to implement this inventory right now, but I want to74 # get rid of `fleet.nix` file in the future.75 # children.secrets = { };76 }) output;77 };78 };79 };80 };81 # Supported and tested list of deployment targets.82 systems = [83 "x86_64-linux"84 "aarch64-linux"85 "armv7l-linux"86 "armv6l-linux"87 ];88 perSystem =89 {90 config,91 system,92 pkgs,93 self,94 inputs',95 ...96 }:97 let98 inherit (lib.attrsets) mapAttrs';99 inherit (lib.lists) elem;100 # Can also be built for darwin, through it is not usual to deploy nixos systems from macos machines.101 # I have no hardware for such testing, thus only adding machines I actually have and use.102 #103 # It is not possible to deploy any host from armv6/armv7 hardware, and I don't think it even makes sense.104 deployerSystems = [105 "aarch64-linux"106 "x86_64-linux"107 ];108 deployerSystem = elem system deployerSystems;109 lib = pkgs.lib;110 rust = pkgs.rust-bin.fromRustupToolchainFile ./rust-toolchain.toml;111 craneLib = (inputs.crane.mkLib pkgs).overrideToolchain rust;112 treefmt = (inputs.treefmt-nix.lib.evalModule pkgs ./treefmt.nix).config.build;113 in114 {115 _module.args.pkgs = import inputs.nixpkgs {116 inherit system;117 overlays = [ (inputs.rust-overlay.overlays.default) (final: prev: {118 boehmgc = prev.boehmgc.overrideAttrs (prevAttrs: {119 configureFlags = prevAttrs.configureFlags ++ [120 "--enable-gc-assertions"121 ];122 });123 }) ];124 };125 # Reference fleet package should be built with nightly rust, specified in rust-toolchain.toml.126 packages = lib.mkIf deployerSystem (127 let128 packages = pkgs.callPackages ./pkgs {129 inherit craneLib inputs';130 };131 in132 packages // { default = packages.fleet; }133 );134 # fleet-install-secrets will not be built normally, because they are not ran directly by user most of the time.135 # checks there build packages for default nixpkgs rustPlatform packages.136 checks =137 let138 nixpkgsCraneLib = inputs.crane.mkLib pkgs;139 packages = pkgs.callPackages ./pkgs {140 craneLib = nixpkgsCraneLib;141 inherit inputs;142 };143 prefixAttrs =144 prefix: attrs:145 mapAttrs' (name: value: {146 name = "${prefix}${name}";147 value = value.overrideAttrs (prev: {148 pname = "${prefix}${prev.pname}";149 });150 }) attrs;151 in152 # fleet-install-secrets is installed to remote systems, thus needs to work153 # with rust in nixpkgs.154 (prefixAttrs "nixpkgs-" {155 inherit (packages) fleet-install-secrets;156 })157 // {158 formatting = treefmt.check self;159 };160 # TODO: It should be possible to move lib.mkIf to default attribute, instead of disabling the whole161 # devShells block, yet nix flake check fails here, due to no default shell found. It is nix or flake-parts bug?162 shelly.shells.default = lib.mkIf deployerSystem {163 factory = craneLib.devShell;164 packages = with pkgs; [165 rust166 cargo-edit167 cargo-udeps168 cargo-fuzz169 cargo-watch170 cargo-outdated171172 pkg-config173 openssl174 rustPlatform.bindgenHook175 inputs'.nix.packages.nix-expr-c176 inputs'.nix.packages.nix-flake-c177 inputs'.nix.packages.nix-fetchers-c178 ];179 environment.PROTOC = "${pkgs.protobuf}/bin/protoc";180 };181 formatter = treefmt.wrapper;182 };183 };184}