hosts: use x-systemd.device-timeout=5min option

Apparently canonical/cloud-init#4673 and more hacks are not needed, we can simply ramp up the timeout that systemd is willing to wait for the .device unit to appear. Signed-off-by: Florian Klink <flokli@flokli.de>
flokli · Dec 19, 2023 · 9ecd471 · 9ecd471
1 parent aa9c1df
commit 9ecd471
Show file tree

Hide file tree

Showing 5 changed files with 34 additions and 71 deletions.
diff --git a/hosts/azure-common-2.nix b/hosts/azure-common-2.nix
@@ -4,32 +4,11 @@
 #
 # Profile to import for Azure VMs. Imports azure-common.nix from nixpkgs,
 # and configures cloud-init.
-{
-  modulesPath,
-  pkgs,
-  ...
-}: {
+{modulesPath, ...}: {
   imports = [
     "${modulesPath}/virtualisation/azure-config.nix"
   ];
 
-  nixpkgs.overlays = [
-    (_self: super: {
-      cloud-init = super.cloud-init.overrideAttrs (old: {
-        patches =
-          old.patches
-          or []
-          ++ [
-            # Add support for timeout in disk_setup: https://github.com/canonical/cloud-init/pull/4673
-            (pkgs.fetchpatch {
-              url = "https://github.com/canonical/cloud-init/pull/4673/commits/9b2e3dc907dc06d0a2abdaae6f0b1f0612c5c5dc.patch";
-              hash = "sha256-KAd+4YT+dgzIoEq5qZj6y4peclIb3rvnuY6QIQObAiY=";
-            })
-          ];
-      });
-    })
-  ];
-
   # enable cloud-init, so instance metadata is set accordingly and we can use
   # cloud-config for ssh key management.
   services.cloud-init.enable = true;
@@ -42,9 +21,4 @@
   # but the way nixpkgs configures cloud-init prevents it from picking up DNS
   # settings from elsewhere.
   # services.resolved.enable = false;
-
-  # Add filesystem-related tools to cloud-inits path, so it can format data disks.
-  services.cloud-init.btrfs.enable = true;
-  services.cloud-init.ext4.enable = true;
-  services.cloud-init.xfs.enable = true;
 }
diff --git a/hosts/binary-cache/configuration.nix b/hosts/binary-cache/configuration.nix
@@ -15,6 +15,22 @@
 
   nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
 
+  # Configure /var/lib/caddy in /etc/fstab.
+  # Due to an implicit RequiresMountsFor=$state-dir, systemd
+  # will block starting the service until this mounted.
+  fileSystems."/var/lib/caddy" = {
+    device = "/dev/disk/by-lun/10";
+    fsType = "ext4";
+    options = [
+      # Due to https://github.com/hashicorp/terraform-provider-azurerm/issues/6117
+      # disks get attached later during boot.
+      # The default of 90s doesn't seem to be sufficient.
+      "x-systemd.device-timeout=5min"
+      "x-systemd.makefs"
+      "x-systemd.growfs"
+    ];
+  };
+
   # Run a read-only HTTP webserver proxying to the "binary-cache-v1" storage
   # container at a unix socket.
   # This relies on IAM to grant access to the storage container.
@@ -77,10 +93,6 @@
     "${pkgs.caddy}/bin/caddy run --environ --config ${config.services.caddy.configFile}/Caddyfile"
   ];
 
-  # Wait for cloud-init mounting before we start caddy.
-  systemd.services.caddy.after = ["cloud-init.service"];
-  systemd.services.caddy.requires = ["cloud-init.service"];
-
   # Expose the HTTP and HTTPS port.
   networking.firewall.allowedTCPPorts = [80 443];
 

diff --git a/hosts/jenkins-controller/configuration.nix b/hosts/jenkins-controller/configuration.nix
@@ -11,6 +11,22 @@
     self.nixosModules.service-openssh
   ];
 
+  # Configure /var/lib/jenkins in /etc/fstab.
+  # Due to an implicit RequiresMountsFor=$state-dir, systemd
+  # will block starting the service until this mounted.
+  fileSystems."/var/lib/jenkins" = {
+    device = "/dev/disk/by-lun/10";
+    fsType = "ext4";
+    options = [
+      # Due to https://github.com/hashicorp/terraform-provider-azurerm/issues/6117
+      # disks get attached later during boot.
+      # The default of 90s doesn't seem to be sufficient.
+      "x-systemd.device-timeout=5min"
+      "x-systemd.makefs"
+      "x-systemd.growfs"
+    ];
+  };
+
   services.jenkins = {
     enable = true;
     listenAddress = "localhost";
@@ -19,13 +35,10 @@
   };
 
   # set StateDirectory=jenkins, so state volume has the right permissions
+  # and we wait on the mountpoint to appear.
   # https://github.com/NixOS/nixpkgs/pull/272679
   systemd.services.jenkins.serviceConfig.StateDirectory = "jenkins";
 
-  # Wait for cloud-init mounting before we start jenkins.
-  systemd.services.jenkins.after = ["cloud-init.service"];
-  systemd.services.jenkins.requires = ["cloud-init.service"];
-
   # TODO: deploy reverse proxy, sort out authentication (SSO?)
 
   nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";

diff --git a/terraform/jenkins/binary_cache.tf b/terraform/jenkins/binary_cache.tf
@@ -35,24 +35,6 @@ module "binary_cache_vm" {
         ssh_authorized_keys = local.ssh_keys[user]
       }
     ]
-    # mount /dev/disk/by-lun/10 to /var/lib/caddy
-    disk_setup = {
-      "/dev/disk/by-lun/10" = {
-        layout  = false # don't partition
-        timeout = 60    # wait for device to appear
-      }
-    }
-    fs_setup = [
-      {
-        filesystem = "ext4"
-        partition  = "auto"
-        device     = "/dev/disk/by-lun/10"
-        label      = "caddy"
-      }
-    ]
-    mounts = [
-      ["/dev/disk/by-label/caddy", "/var/lib/caddy"]
-    ]
     # TODO: this should be EnvironmentFile, so we don't need to restart
     write_files = [
       {

diff --git a/terraform/jenkins/jenkins_controller.tf b/terraform/jenkins/jenkins_controller.tf
@@ -37,24 +37,6 @@ module "jenkins_controller_vm" {
         ssh_authorized_keys = local.ssh_keys[user]
       }
     ]
-    # mount /dev/disk/by-lun/10 to /var/lib/jenkins
-    disk_setup = {
-      "/dev/disk/by-lun/10" = {
-        layout  = false # don't partition
-        timeout = 60    # wait for device to appear
-      }
-    }
-    fs_setup = [
-      {
-        filesystem = "ext4"
-        partition  = "auto"
-        device     = "/dev/disk/by-lun/10"
-        label      = "jenkins"
-      }
-    ]
-    mounts = [
-      ["/dev/disk/by-label/jenkins", "/var/lib/jenkins"]
-    ]
   })])
 
   subnet_id = azurerm_subnet.jenkins.id