tomodachi94
commented
3 months ago Upstream PR filed at https://github.com/OpenPrinting/cups/pull/1035 to add a slice for the CUPS printing system, since it appears we use the upstream units.
Open h7x4 opened 10 months ago
tomodachi94
commented
3 months ago Upstream PR filed at https://github.com/OpenPrinting/cups/pull/1035 to add a slice for the CUPS printing system, since it appears we use the upstream units.
hacscred
commented
1 month ago What is the group of processes involved in paperless? The already merged commit doesn't mention any group larger than one of processes, which is incompatible with the goals of this issue.
tomodachi94
commented
1 month ago That module has a few services
paperless-scheduler.servicepaperless-task-queue.servicepaperless-consumer.servicepaperless-web.serviceAfaict, these services are all parts which allow the larger Paperless system to function robustly.
hacscred
commented
1 month ago The PR https://github.com/NixOS/nixpkgs/pull/341278/files doesn't tie those together. The paperless-web.service should be assigned to the slice mentioned in the PR or as a child, which is also not happening in that PR.
If you are accomplishing something in that PR, it's certainly not obvious.
tomodachi94
commented
1 month ago The way the module is arranged, adding something to defaultServiceConfig should propagate it across all of the module's units, but I could be wrong.
Here's where I think this behavior takes effect, but feel free to disagree:
defaultServiceConfig attrset is defined in a let/in block: https://github.com/tomodachi94/nixpkgs/blob/b8eaa7b34077326c435b5755ae2974b5fde48b1d/nixos/modules/services/misc/paperless.nix#L43hacscred
commented
1 month ago The way the feature should work is that there exists a slice foo.slice as well as foo-sub{1,2,3}.slice (matching the various paperless service names would make sense, but that's not needed as long as they share the same prefix with a dash). The namespace is not related to resource allocation, which is what slices are about.
Unless you have any proof that it actually works, and by proof I mean a committed performance test I certainly do not believe it works.
My knowledge just comes from reading the documentation and according to the documentation, you need to set the slice name.
Even, if there is some implicit naming going on, setting the slice name explicitly would still be better with a comment saying that a hierarchical naming scheme is being used.
So, you might be right, but your answer is biasing me more towards the hypothesis of you not knowing what you are doing.
So, please read the documentation again and make my suggested changes or prove I am wrong. I provided some evidence that I am right.
h7x4
commented
1 month ago The way the feature should work is that there exists a slice foo.slice as well as foo-sub{1,2,3}.slice [...]
I did not understand what you meant here. Do you want a slice for every single systemd service belonging to paperless? You can already do resource control directly on the service, which will end up creating an underlying cgroup. https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html
Unless you have any proof that it actually works, and by proof I mean a committed performance test I certainly do not believe it works.
If you worry that systemd slices and/or cgroups doesn't work as expected, this would be an upstream issue with systemd or the kernel. We don't set any resource limits by default, so there shouldn't be any (or at least negligible) difference in performance.
My knowledge just comes from reading the documentation and according to the documentation, you need to set the slice name.
Even, if there is some implicit naming going on, setting the slice name explicitly would still be better with a comment saying that a hierarchical naming scheme is being used.
The slice names are set correctly in their units. Try building this configuration. All units matching result/etc/systemd/system/paperless-*.service has the Slice attribute set correctly.
nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [{
boot.isContainer = true;
services.paperless.enable = true;
}];
}paperless-web.serviceSo, please read the documentation again and make my suggested changes or prove I am wrong. [...]
Could you be more explicit about which exact changes you are suggesting? It is not clear to me based on what has previously been discussed. Best would be a patch or a PR, but an example or two would probably work as well.
hacscred
commented
1 month ago If you know the value of the Slice attribute of the various paperless services already have a prefix of paperless-, you can interpret my comment as a request to define the Slice value in the module for all of the services (since I am in the church of defaults are awful to depend on), but if others don't care then feel free to ignore that request.
I would like to see such Slice values defined to not be surprised. I think people which are not systems experts should also quickly be able to understand what's happening.
h7x4
commented
1 month ago If you know the value of the Slice attribute of the various paperless services already have a prefix of paperless-, you can interpret my comment as a request to define the Slice value in the module for all of the services [...]
I might just be dense, but I still don't understand what change you are asking for. All of the 4 paperless services now has Slice = system-paperless.slice, with the system- prefix ensuring that the paperless slice is part of the slice containing all systemwide services. It would be great if you could provide an example of the exact change you are asking for. What do you want the contents of systemd.services.paperless-web.serviceConfig.Slice to be?
I would like to see such Slice values defined to not be surprised. I think people which are not systems experts should also quickly be able to understand what's happening.
I'd be happy to document the approach with both how's and why's around slices and resource control. I can especially see how the system- prefix in particular could be confusing, as we have already had a hiccup with phpfpm. But I'm not really able to pinpoint the other points of confusion, apart from never having seen slices before maybe? Is there anything we should do differently to make things more inherently clear in the config?
hacscred
commented
1 month ago I expected Slice = system-paperless-web.slice for the web service, etc. AFAIU, that's how the system of slices is intended to be used.
I think operationally it would be the same if the web service never gets another sub-service.
hacscred
commented
1 month ago I think I missed the Slice definition once, because every other setting seemed alphabetically ordered.
I would just use the same style.
Issue description
I'd like to start organizing some of the nixos services into systemd slices.
According to the
systemd.slicedocs, A slice unit is a concept for hierarchically managing resources of a group of processes. There are quite a few modules that split up their services into several systemd units, which I think makes sense to collect into a slice.Some of the benefits of creating such slices would be:
systemctl status, indenting slice contents in subtreesjournalctl -u <slicename>.sliceAs a side note, I also think most slices should be prefixed with
system-if there's not a good reason not to. By default, service and scope units are placed insystem.slice. This would be in contrast to something like how php-fpm is currently put in a top-level slice (planning to move this as part of this tracking issue).TODO
hardware/video/nvidia.nixservices/backup/bacula.nixservices/continuous-integration/hydraservices/desktops/cpupower-gui.nixservices/games/armagenatronadservices/mail/sympa.nixservices/misc/forgejo.nixservices/misc/gitlab.nixservices/misc/guix/default.nixservices/misc/lifecycled.nixservices/misc/paperless.nix(#341278)services/misc/sourcehut/default.nixservices/matrix/synapse.nixservices/monitoring/cockpit.nixservices/monitoring/graphite.nixservices/monitoring/prometheusandservices/monitoring/prometheus/exportersservices/monitoring/ups.nixservices/networking/consul.nixservices/networking/cgit.nixservices/networking/jibri/default.nixservices/networking/kea.nixservices/networking/networkmanager.nixservices/networking/nncp.nixservices/networking/nsd.nixservices/networking/openvpn.nixservices/networking/softether.nixservices/networking/spiped.nixservices/networking/supplicant.nixservices/networking/tailscale.nixservices/networking/vdirsyncer.nixservices/networking/websockify.nixservices/networking/wg-quick.nixservices/networking/wireguard.nixservices/networking/zeronsd.nixservices/network-filesystems/moosefs.nixservices/network-filesystems/samba.nix(#279917)services/network-filesystems/tahoe.nixservices/network-filesystems/xtreemfs.nixservices/security/clamav.nixservices/security/esdm.nixservices/security/kanidm.nixservices/security/shibboleth-sp.nixservices/system/cloud-init.nixservices/system/kerberos/heimdal.nixservices/web-servers/phpfpm, prefix slice withsystem-tasks/filesystems/zfs.nixvirtualisation/digital-ocean-config.nixvirtualisation/libvirtd.nixvirtualisation/parallels-guest.nixvirtualisation/vmware-host.nix