[Nix-dev] NixOps reproducible bug with large amount of deployment.keys

4levels 4levels at gmail.com
Wed Apr 19 14:27:17 CEST 2017 

Hi Nix Devs, hi Philip,

in an effort to solve my previous problem (bash argument list too long) I
tried a new deployment in NixOps, only containing the derivations from the
examples in the nixops manual.  The forementioned issue appears again so I
think this is a bug in NixOps and how the keys derivation is being handled.

Steps to reproduce: create the following files

test.nix:

{
  network.description = "Web server";

  webserver =
    { config, pkgs, ... }:
    { services.httpd.enable = true;
      services.httpd.adminAddr = "alice at example.org";
      networking.firewall.allowedTCPPorts = [ 80 ];
    };
}

test-servers.nix:

webserver =
  { config, pkgs, ... }:
  {
    deployment.targetEnv = "virtualbox";
    deployment.virtualbox.memorySize = 1024; # megabytes
    deployment.virtualbox.vcpu = 2; # number of cpus
    };
  }


Add a lot of keys to test-servers.nix, in the form below (example)

deployment.keys."phpmyadmin.password" = {
  text = fileContents (./keys/phpmyadmin.password);
  group = "keys";
  permissions = "0640";
};

Removing the extra attributes group and permissions doesn't seem to change
the length of the generated derivation.

Create a new deployment:
$ nixops create -dtest test.nix test-servers.nix

Output of $ nixops info -dtest
Network name: test
Network UUID: 74586894-24e7-11e7-adab-525400d7e1fa
Network description: Web server
Nix expressions: test.nix test-server.nix

+-----------+--------------------+------------+-------------+------------+
| Name      |       Status       | Type       | Resource Id | IP address |
+-----------+--------------------+------------+-------------+------------+
| webserver | Missing / Outdated | virtualbox |             |            |
+-----------+--------------------+------------+-------------+------------+


As soon as you add a lot of key files (+1000) the issue appears, resulting
in the following error:

$ nixops deploy -dtest --build-only:
building path(s)
‘/nix/store/lv40g4brdfa187x3h08jbxgwrs12gmpm-nixos-system-webserver-17.03.890.ce3ab704b2’
while setting up the build environment: executing
‘/nix/store/86blj9iqyxwmdgkn3dyrpib1gkbmz91v-bash-4.4-p5/bin/bash’:
Argument list too long
builder for
‘/nix/store/apmw3a1pb7imlw7p6vls9hs6glj4n44h-nixos-system-webserver-17.03.890.ce3ab704b2.drv’
failed with exit code 1


The main reason is that the keys derivation contains all key related
statements on a single line and is passed as a single argument to bash,
triggering the maxlength error (argument list too long).  I could reduce
the lenght of the names of the keyfiles, since this will actually reduce
the total length of the generated keys derivation, but that's no solution,
especially since I'm intending to deploy even more keys in the near future..

Since this is reproducible and baked into NixOps, I consider this a bug.
This is currenlty really a blocking issue for me, setting me back for
almost a week now as I lack the skills to solve this myself.
Has anyone an idea how I or someone else can fix / work around this?


Kind regards,

Erik aka 4levels
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.science.uu.nl/pipermail/nix-dev/attachments/20170419/9630a6bd/attachment.html>

More information about the nix-dev mailing list