DeterminateSystems / nix-installer

Install Nix and flakes with the fast and reliable Determinate Nix Installer, with over 7 million installs.
https://determinate.systems
GNU Lesser General Public License v2.1
2.33k stars 58 forks source link

I/O Error getting nixbld group with `nsncd` & `sssd` #622

Open gmacon opened 1 year ago

gmacon commented 1 year ago

Got an error trying to install on Ubuntu 20.04. I am running nsncd 1.4.1 (from their .deb package) to handle the sssd configuration.

Error

Error: 
   0: Planner error
   1: Error executing action
   2: Action `create_group` errored
   3: Getting gid for group `nixbld`
   4: EIO: I/O error

Metadata

key value
version 0.11.0
os linux
arch x86_64

Backtrace

``` Backtrace: 0: 1: 2: 3: 4: 5: 6: 7: 8: 9: 10: 11: 12: ```
Hoverbear commented 1 year ago

We've seen other reports of issues with nsncd as well, I think we need to do some work to add support.

gmacon commented 1 year ago

Further evidence for this being related specifically to nsncd: I stopped nsncd and ran the installer and it worked.

Hoverbear commented 1 year ago

I installed the latest nsncd package on an Ubuntu VM and was able to use nix-installer without any special configuration:

ana@ephemeral-ubuntu:~/Downloads$ curl -L https://install.determinate.systems/nix | sh -s -- install
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
100 16008  100 16008    0     0  19983      0 --:--:-- --:--:-- --:--:-- 19983
info: downloading installer https://install.determinate.systems/nix/tag/v0.11.0/nix-installer-x86_64-linux
`nix-installer` needs to run as `root`, attempting to escalate now via `sudo`...
Nix install plan (v0.11.0)
Planner: linux (with default settings)

Planned actions:
* Create directory `/nix`
* Fetch `https://releases.nixos.org/nix/nix-2.17.0/nix-2.17.0-x86_64-linux.tar.xz` to `/nix/temp-install-dir`
* Create a directory tree in `/nix`
* Move the downloaded Nix into `/nix`
* Create build group (GID 30000)
* Setup the default Nix profile
* Place the Nix configuration in `/etc/nix/nix.conf`
* Configure the shell profiles
* Create directory `/etc/tmpfiles.d`
* Configure Nix daemon related settings with systemd
* Remove directory `/nix/temp-install-dir`

Proceed? ([Y]es/[n]o/[e]xplain): y
 INFO Step: Create directory `/nix`
 INFO Step: Provision Nix
 INFO Step: Create build group (GID 30000)
 INFO Step: Configure Nix
 INFO Step: Create directory `/etc/tmpfiles.d`
 INFO Step: Configure Nix daemon related settings with systemd
 INFO Step: Remove directory `/nix/temp-install-dir`
Nix was installed successfully!
To get started using Nix, open a new shell or run `. /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh`

ana@ephemeral-ubuntu:~/Downloads$ sudo systemctl status nsncd
● nsncd.service - name-service non-caching daemon
     Loaded: loaded (/lib/systemd/system/nsncd.service; enabled; vendor preset: enabled)
     Active: active (running) since Thu 2023-09-07 08:36:43 PDT; 43s ago
   Main PID: 42010 (nsncd)
      Tasks: 11 (limit: 4636)
     Memory: 1.4M
        CPU: 24ms
     CGroup: /system.slice/nsncd.service
             └─42010 /usr/lib/nsncd

Sep 07 08:36:43 ephemeral-ubuntu systemd[1]: Starting name-service non-caching daemon...
Sep 07 08:36:43 ephemeral-ubuntu nsncd[42010]: Sep 07 08:36:43.392 INFO started, config: Config { ignored_request_types: {}, worker_count: 8, handoff_timeout: 3s }, path: "/var/run/nscd/socket"
Sep 07 08:36:43 ephemeral-ubuntu systemd[1]: Started name-service non-caching daemon.
Sep 07 08:36:55 ephemeral-ubuntu nsncd[42010]: Sep 07 08:36:55.122 ERRO error handling request, err: ENOENT: No such file or directory, request_type: GETGRBYNAME, thread: worker_0
Sep 07 08:37:00 ephemeral-ubuntu nsncd[42010]: Sep 07 08:37:00.308 ERRO error handling request, err: ENOENT: No such file or directory, request_type: GETGRBYNAME, thread: worker_1
Sep 07 08:37:00 ephemeral-ubuntu nsncd[42010]: Sep 07 08:37:00.410 ERRO error handling request, err: ENOENT: No such file or directory, request_type: GETPWBYUID, thread: worker_0
Sep 07 08:37:00 ephemeral-ubuntu nsncd[42010]: Sep 07 08:37:00.452 ERRO error handling request, err: ENOENT: No such file or directory, request_type: GETPWBYUID, thread: worker_4
Sep 07 08:37:01 ephemeral-ubuntu nsncd[42010]: Sep 07 08:37:01.351 ERRO error handling request, err: ENOENT: No such file or directory, request_type: GETPWBYUID, thread: worker_0
Sep 07 08:37:01 ephemeral-ubuntu nsncd[42010]: Sep 07 08:37:01.695 ERRO error handling request, err: ENOENT: No such file or directory, request_type: GETPWBYUID, thread: worker_7

The errors nsncd emits don't seem to break the install. I was able to successfully run Nix commands.

Can you help me understand how your system may differ from my test system?

gmacon commented 1 year ago

The most likely candidate is that my user account isn't a local (/etc/passwd) account, it's a directory account. The system is configured with SSSD locally talking to an IPA server for authentication. I don't actually configure that (my office's IT staff hands the system to me with all of this already set up), so I don't know a lot about it, but I'm happy to answer questions about the configuration that's on my system.

It did occur to me that there might be a directory group with ID 30000, but I double-checked and there isn't such a group.

Hoverbear commented 1 year ago

The process is failing on https://docs.rs/nix/latest/nix/unistd/struct.Group.html#method.from_name, which calls https://pubs.opengroup.org/onlinepubs/9699919799/functions/getpwuid_r.html.

By the looks of it nsncd may intercept that call, I wonder if there is some incompatibility...

Hoverbear commented 1 year ago

In https://github.com/DeterminateSystems/nix-installer/issues/512 we wondered if this was caused by musl somehow. If you're willing to fiddle with Rust toolchains, do you think you could try the cargo based instructions here? https://github.com/DeterminateSystems/nix-installer#building-a-binary

RUSTFLAGS="--cfg tokio_unstable" cargo install --git https://github.com/DeterminateSystems/nix-installer

Then try

nix-installer install
gmacon commented 1 year ago

I fired up an ubuntu:focal docker container, installed curl and build-essential, ran rustup, and ran the build command you cited. I copied the installer to my laptop, created an isolated shell (with no Nix stuff configured; sudo -u $USER /bin/bash --noprofile --norc) and then realized that this doesn't help because I already have Nix installed, so it just says

Found existing plan in /nix/receipt.json, with the same settings, already completed, try uninstalling (/nix/nix-installer uninstall) and reinstalling if Nix isn't working

I don't really want to uninstall Nix at this point, but I was able to successfully run sudo ./nix-installer plan linux.

Hoverbear commented 1 year ago

If the plan works, that's a good sign. I'm going to hold this issue open and hopefully someone might chime in with a similar problem and this fixing it. Otherwise I'll try to build a full reproduction soon and confirm this is the fix soon.

gmacon commented 1 year ago

I needed to install Nix on another system today, so I gave this a try.

nix-installer v0.14.0 (/root/.cargo/git/checkouts/nix-installer-3ae5a75f90316dad/ccae8a0)

$ grep sss /etc/nsswitch.conf 
passwd:         files systemd sss
group:          files systemd sss
shadow:         files sss
services:       db files sss
netgroup:       nis sss
sudoers:        files sss
automount:      sss
$ systemctl status nsncd
● nsncd.service - name-service non-caching daemon
     Loaded: loaded (/lib/systemd/system/nsncd.service; enabled; vendor preset: enabled)
     Active: active (running) since Thu 2023-10-26 16:20:50 EDT; 4min 50s ago
   Main PID: 99917 (nsncd)
      Tasks: 11 (limit: 76693)
     Memory: 1.4M
     CGroup: /system.slice/nsncd.service
             └─99917 /usr/lib/nsncd
$ ./detsys-nix-inst/nix-installer install
`nix-installer` needs to run as `root`, attempting to escalate now via `sudo`...
[sudo] password for gmacon: 
Nix install plan (v0.14.0)
Planner: linux (with default settings)

Planned actions:
* Create directory `/nix`
* Fetch `https://releases.nixos.org/nix/nix-2.18.1/nix-2.18.1-x86_64-linux.tar.xz` to `/nix/temp-install-dir`
* Create a directory tree in `/nix`
* Move the downloaded Nix into `/nix`
* Create build users (UID 30000-30032) and group (GID 30000)
* Setup the default Nix profile
* Place the Nix configuration in `/etc/nix/nix.conf`
* Configure the shell profiles
* Configure Nix daemon related settings with systemd
* Remove directory `/nix/temp-install-dir`

Proceed? ([Y]es/[n]o/[e]xplain): y
 INFO Step: Create directory `/nix`
 INFO Step: Provision Nix
 INFO Step: Create build users (UID 30000-30032) and group (GID 30000)
 INFO Step: Configure Nix
 INFO Step: Create directory `/etc/tmpfiles.d`
 INFO Step: Configure Nix daemon related settings with systemd
 INFO Step: Remove directory `/nix/temp-install-dir`
Nix was installed successfully!
To get started using Nix, open a new shell or run `. /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh`

$ 
Hoverbear commented 1 year ago

So it works with the glibc version???? Yes!!!

ameyp commented 11 months ago

Worked for me too with the glibc version

Hoverbear commented 11 months ago

Thank you so much for confirming. We may need to consider options here.