nixcloud.TLS fails in nixos-19.09

[qknight]

failing test

client# [    9.214698] dhcpcd[513]: Failed to reload-or-try-restart ntpd.service: Unit ntpd.service not found.
client# [    9.216372] dhcpcd[513]: Failed to reload-or-try-restart openntpd.service: Unit openntpd.service not found.
client# [    9.218409] dhcpcd[513]: Failed to reload-or-try-restart chronyd.service: Unit chronyd.service not found.
client# [    9.230513] dhcpcd[513]: forked to background, child pid 731
client# [    9.233495] systemd[1]: Started DHCP Client.
client# [    9.237300] systemd[1]: Reached target Network is Online.
client# [    9.239422] systemd[1]: Reached target Multi-User System.
client# [    9.241140] systemd[1]: Startup finished in 3.692s (kernel) + 5.533s (userspace) = 9.225s.
client# [    9.285373] login[661]: pam_unix(login:session): session opened for user root by LOGIN(uid=0)
client# [    9.301032] systemd[1]: Created slice user-0.slice.
client# [    9.304311] systemd[1]: Starting User Runtime Directory /run/user/0...
client# [    9.316311] systemd-logind[662]: New session 1 of user root.
client# [    9.335350] systemd[1]: Started User Runtime Directory /run/user/0.
client# [    9.340311] systemd[1]: Starting User Manager for UID 0...
client# [    9.348063] systemd[733]: pam_unix(systemd-user:session): session opened for user root by (uid=0)
client# [    9.463161] systemd[733]: Reached target Paths.
client# [    9.464749] systemd[733]: Reached target Sockets.
client# [    9.475381] systemd[733]: Reached target Timers.
client# [    9.476567] systemd[733]: Reached target Basic System.
client# [    9.484086] systemd[1]: Started User Manager for UID 0.
client# [    9.487049] login[738]: ROOT LOGIN  on '/dev/tty1'
client# [    9.492425] systemd[1]: Started Session 1 of user root.
client# [    9.495084] systemd[733]: Reached target Main User Target.
client# [    9.497534] systemd[733]: Startup finished in 104ms.
client# [    9.542223] dhcpcd[731]: eth0: soliciting an IPv6 router
client: running command: systemctl --no-pager show "default.target"
client: exit status 0
(0.03 seconds)
(10.69 seconds)
letsencrypt: waiting for unit ‘boulder.service’
letsencrypt: running command: systemctl --no-pager show "boulder.service"
letsencrypt: exit status 0
(0.03 seconds)
letsencrypt: running command: systemctl list-jobs --full 2>&1
letsencrypt: exit status 0
(0.02 seconds)
letsencrypt: running command: systemctl --no-pager show "boulder.service"
letsencrypt: exit status 0
(0.03 seconds)
(0.08 seconds)
The nixcloud test 'nixcloud.TLS' has failed with error 'unit ‘boulder.service’ is inactive and there are no pending jobs' but in case the machine was too slow (virtualized, not enough ram, too much cpu load, etc) then you can also disable the tests by adding 'nixcloud.tests.enable = false;' to your /etc/nixos/configuration.nix and still use our software.
cleaning up
killing letsencrypt (pid 6)
killing client (pid 59)
killing webserver (pid 31)
(0.00 seconds)
Attempt to end element "nest" with "logfile" tag at /nix/store/f053vwv6hdkhl7xxaqcx1dmb5gqd88s0-nixos-test-driver/lib/perl5/site_perl/Logger.pm line 28.
END failed--call queue aborted, <__ANONIO__> line 600.
vde_switch: EOF on stdin, cleaning up and exiting
vde_switch: Could not remove ctl dir '/build/vde1.ctl': Directory not empty
builder for '/nix/store/9b056k9qgv5k6h9zdbm03q9s8057km2x-vm-test-run-nixcloud.TLS.drv' failed with exit code 22
error: build of '/nix/store/9b056k9qgv5k6h9zdbm03q9s8057km2x-vm-test-run-nixcloud.TLS.drv' failed

last commit

client# [    7.932803] nscd[728]: 728 monitoring file `/etc/resolv.conf` (5)
client# [    7.934374] nscd[728]: 728 monitoring directory `/etc` (2)
client# [    7.935938] nscd[728]: 728 monitoring file `/etc/services` (6)
client# [    7.937568] nscd[728]: 728 monitoring directory `/etc` (2)
client# [    7.939068] nscd[728]: 728 disabled inotify-based monitoring for file `/etc/netgroup': No such file or directory
client# [    7.941105] nscd[728]: 728 stat failed for file `/etc/netgroup'; will try again later: No such file or directory
client# [    7.949224] dhcpcd[512]: Failed to reload-or-try-restart ntpd.service: Unit ntpd.service not found.
client# [    7.950540] dhcpcd[512]: Failed to reload-or-try-restart openntpd.service: Unit openntpd.service not found.
client# [    7.951963] dhcpcd[512]: Failed to reload-or-try-restart chronyd.service: Unit chronyd.service not found.
client# [    7.960952] dhcpcd[512]: forked to background, child pid 743
client# [    7.963186] systemd[1]: Started DHCP Client.
client# [    7.966270] systemd[1]: Reached target Network is Online.
client# [    7.967863] systemd[1]: Reached target Multi-User System.
client# [    7.969158] systemd[1]: Startup finished in 3.202s (kernel) + 4.755s (userspace) = 7.957s.
client# [    8.001996] login[673]: pam_unix(login:session): session opened for user root by LOGIN(uid=0)
client# [    8.015055] systemd[1]: Created slice user-0.slice.
client# [    8.022066] systemd[1]: Starting User Runtime Directory /run/user/0...
client# [    8.025866] systemd-logind[674]: New session 1 of user root.
client# [    8.040041] systemd[1]: Started User Runtime Directory /run/user/0.
client# [    8.043885] systemd[1]: Starting User Manager for UID 0...
client# [    8.047697] systemd[745]: pam_unix(systemd-user:session): session opened for user root by (uid=0)
client# [    8.133738] systemd[745]: Reached target Paths.
client# [    8.135004] systemd[745]: Reached target Sockets.
client# [    8.146503] systemd[745]: Reached target Timers.
client# [    8.151065] systemd[745]: Reached target Basic System.
client# [    8.153827] login[750]: ROOT LOGIN  on '/dev/tty1'
client# [    8.158096] systemd[1]: Started User Manager for UID 0.
client# [    8.168185] systemd[1]: Started Session 1 of user root.
client# [    8.169527] dhcpcd[743]: eth0: soliciting an IPv6 router
client# [    8.170467] systemd[745]: Reached target Main User Target.
client# [    8.171576] systemd[745]: Startup finished in 81ms.
client: running command: systemctl --no-pager show "default.target"
client: exit status 0
(0.02 seconds)
(9.57 seconds)
letsencrypt: waiting for unit ‘boulder.service’
letsencrypt: running command: systemctl --no-pager show "boulder.service"
letsencrypt: exit status 0
(0.02 seconds)
letsencrypt: running command: systemctl list-jobs --full 2>&1
letsencrypt: exit status 0
(0.02 seconds)
letsencrypt: running command: systemctl --no-pager show "boulder.service"
letsencrypt: exit status 0
(0.02 seconds)
(0.06 seconds)
The nixcloud test 'nixcloud.TLS' has failed with error 'unit ‘boulder.service’ is inactive and there are no pending jobs' but in case the machine was too slow (virtualized, not enough ram, too much cpu load, etc) then you can also disable the tests by adding 'nixcloud.tests.enable = false;' to your /etc/nixos/configuration.nix and still use our software.
cleaning up
killing webserver (pid 48)
killing letsencrypt (pid 6)
killing client (pid 67)
(0.00 seconds)
Attempt to end element "nest" with "logfile" tag at /nix/store/kh5dfx8r6pjqp6f1n1shkyifh6xpjbhz-nixos-test-driver/lib/perl5/site_perl/Logger.pm line 28.
END failed--call queue aborted, <__ANONIO__> line 597.
vde_switch: EOF on stdin, cleaning up and exiting
vde_switch: Could not remove ctl dir '/build/vde1.ctl': Directory not empty
builder for '/nix/store/gyz6c5bim59c1p12pch1gfl2bq4bcv9j-vm-test-run-nixcloud.TLS.drv' failed with exit code 22
error: build of '/nix/store/gyz6c5bim59c1p12pch1gfl2bq4bcv9j-vm-test-run-nixcloud.TLS.drv' failed
f4b14cea55078b35c755e103015e0d0e8e4943a8 is the first bad commit
commit f4b14cea55078b35c755e103015e0d0e8e4943a8
Author: Félix Baylac-Jacqué <felix@alternativebit.fr>
Date:   Fri Oct 18 19:13:04 2019 +0200

    nixos/tests/letsencrypt: use Pebble instead of Boulder

    Let's encrypt bumped ACME to V2. We need to update our nixos test to
    be compatible with this new protocol version.

    We decided to drop the Boulder ACME server in favor of the more
    integration test friendly Pebble.

    - overriding cacert not necessary
    - this avoids rebuilding lots of packages needlessly
    - nixos/tests/acme: use pebble's ca for client tests
    - pebble always generates its own ca which has to be fetched

    (cherry picked from commit 0c0af28cd59766f961efefea8ad4d14343a82821)

 nixos/modules/security/acme.nix                    |   5 +
 nixos/tests/acme.nix                               |  18 +-
 ...ange-ACME-directory-endpoint-to-directory.patch |  25 ++
 nixos/tests/common/letsencrypt/common.nix          |  26 +-
 nixos/tests/common/letsencrypt/default.nix         | 378 ++---------------
 nixos/tests/common/letsencrypt/mkcerts.nix         |   2 +-
 nixos/tests/common/letsencrypt/snakeoil-certs.nix  | 451 +++++++++++----------
 7 files changed, 313 insertions(+), 592 deletions(-)
 create mode 100644 nixos/tests/common/letsencrypt/0001-Change-ACME-directory-endpoint-to-directory.patch
bisect run success

[qknight]

the fix:

joachim@tuxedo ~/D/p/n/nixcloud-webservices> git diff
diff --git a/modules/services/TLS/test.nix b/modules/services/TLS/test.nix
index 5994138..b177814 100644
--- a/modules/services/TLS/test.nix
+++ b/modules/services/TLS/test.nix
@@ -137,7 +137,6 @@ in rec {
           };
           "validacmecert.com" = {
             mode = "ACME";
-            # FIXME aszlig: our default is the v02 endpoint but boulder in nixpkgs can't do that at the moment
             acmeApiEndpoint = "https://acme-v02.api.letsencrypt.org/directory";
             users = [ "nixcloud-permCheck" ];
           };
@@ -262,7 +261,7 @@ in rec {
     $letsencrypt->waitForUnit("default.target");
     $webserver->waitForUnit("default.target");
     $client->waitForUnit("default.target");
-    $letsencrypt->waitForUnit("boulder.service");
+    $letsencrypt->waitForUnit("pebble.service");

     # if the nixcloud.reverse-proxy doesn't make it, we don't need to go on
     $webserver->waitForUnit("nixcloud.reverse-proxy.service");

[qknight]

fixed in dd379bcbbb003525b7bc5cde65647470eeeab060