Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

nixos/netbird: fix port conflict on metrics endpoint #357105

Merged
merged 1 commit into from
Nov 22, 2024

Conversation

TheRealGramdalf
Copy link
Contributor

Added changes discussed in #354032 (comment) to fix a port clash between the netbird management and signal services, as well as an extraOption to facilitate ad-hoc changes in the future should more breaking changes be released by upstream.

Things done

  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
    • sandbox = relaxed
    • sandbox = true
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 25.05 Release Notes (or backporting 24.11 and 25.05 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
  • Fits CONTRIBUTING.md.

Add a 👍 reaction to pull requests you find important.

@github-actions github-actions bot added 6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 8.has: documentation This PR adds or changes documentation 8.has: changelog 8.has: module (update) This PR changes an existing module in `nixos/` labels Nov 18, 2024
@TheRealGramdalf TheRealGramdalf force-pushed the netbird-metrics-fix branch 3 times, most recently from af24957 to 4345388 Compare November 18, 2024 22:58
@TheRealGramdalf
Copy link
Contributor Author

I based this on the netbird 0.32.0 release before realizing that PR was merged to master after the branch off - it would be helpful to know from @Saturn745 or @vrifox whether I should rebase this PR against the 0.31.1 release currently in the branch off (which still has the issues fixed) or if the 0.32.0 release PR should be backported as well.

@@ -36,6 +36,8 @@
- `authelia` has been upgraded to version 4.38. This version brings several features and improvements which are detailed in the [release blog post](https://www.authelia.com/blog/4.38-release-notes/).
This release also deprecates some configuration keys which are likely to be removed in version 5.0.0.

- `netbird` has been updated to 0.32.0. This adds a built-in relay server which is not yet supported by the NixOS module, as well as a metrics endpoint for both the management and signal services. The default metrics port for the `signal` service has been changed from `9090` to `9091` to prevent a port conflict with the management server. This can be changed by overriding their respective `extraOptions` as needed. Refer to the [release notes](https://github.com/netbirdio/netbird/releases/tag/v0.32.0) and [this pull request](https://github.com/NixOS/nixpkgs/pull/354032#issuecomment-2480925927) for more information.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

24.11 has alredy been branched off so if you want to add a release note it should be 25.05. But since its an anti breaking change I wouldn't say a release note is necessary.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure how backporting affects release notes, but I would presume that keeping the notes will require a manual backport

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I asked on the matrix channel and they said this should definitely be backported, so I'm guessing the release note should stay for 24.11

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure how backporting affects release notes, but I would presume that keeping the notes will require a manual backport

I believe a manual backport would be necessary regardless, unless one of the package maintainers were to initiate it once this gets merged

nixos/modules/services/networking/netbird/signal.nix Outdated Show resolved Hide resolved
nixos/modules/services/networking/netbird/signal.nix Outdated Show resolved Hide resolved
nixos/modules/services/networking/netbird/signal.nix Outdated Show resolved Hide resolved
@SuperSandro2000 SuperSandro2000 added the backport release-24.11 Backport PR automatically label Nov 19, 2024
Copy link
Contributor

@oddlama oddlama left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I based this on the netbird 0.32.0 release before realizing that PR was merged to master after the branch off - it would be helpful to know from @Saturn745 or @vrifox whether I should rebase this PR against the 0.31.1 release currently in the branch off (which still has the issues fixed) or if the 0.32.0 release PR should be backported as well.

No need, backporting will only consider changes in this PR so it doesn't matter what you base this against

which still has the issues fixed

What do you mean? Assuming you mean the issue is not present in 0.31.1 then I guess we won't have to backport at all

@PatrickDaG
Copy link
Contributor

I think if we're backporting this we should do it right and add a dedicated metricsPort option, you can just copy mine from the other PR. Sounds like a bad idea to rely on a default extraOption, those should only be used in special cases.

@ofborg ofborg bot added 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin 10.rebuild-linux: 1-10 labels Nov 19, 2024
@TheRealGramdalf
Copy link
Contributor Author

What do you mean? Assuming you mean the issue is not present in 0.31.1 then I guess we won't have to backport at all

Both 0.31.1 and 0.32.0 are affected by the port clash. I realized after I created the PR that the 0.32.0 update PR didn't make it into the branch off.
This only really matters because of the release notes, since theres a link in there pointing to the 0.32.0 release notes. My question was whether or not I should change the link to point at 0.31.1, or if we should backport the 0.32.0 PR as well.

@TheRealGramdalf
Copy link
Contributor Author

I think if we're backporting this we should do it right and add a dedicated metricsPort option, you can just copy mine from the other PR. Sounds like a bad idea to rely on a default extraOption, those should only be used in special cases.

Will do. I'll still add the extraOptions to signal to make it consistent and to aid in case of further breakages from upstream.

@TheRealGramdalf
Copy link
Contributor Author

Both 0.31.1 and 0.32.0 are affected by the port clash. I realized after I created the PR that the 0.32.0 update PR didn't make it into the branch off. This only really matters because of the release notes, since theres a link in there pointing to the 0.32.0 release notes. My question was whether or not I should change the link to point at 0.31.1, or if we should backport the 0.32.0 PR as well.

I'll just go ahead and change this to 0.31.1. If #356512 gets backported before this is merged I can switch it back, but for now I'll assume the version of netbird in the 24.11 release is going to be 0.31.1.

@TheRealGramdalf
Copy link
Contributor Author

Ready for merge. If I need to create another PR manually for the backport just let me know.

@oddlama
Copy link
Contributor

oddlama commented Nov 20, 2024

Just FYI: In case this will not be merged today you'll probably have to change the release notes to 25.05 after branch-off

@TheRealGramdalf
Copy link
Contributor Author

TheRealGramdalf commented Nov 20, 2024

Yeah, I'll wait until it's clear it won't be getting in, no need for extra ofborg evals. I was hoping to get it in for 24.11 not only for the port fix, but to make people aware of the additional ports in case of other conflicts/if updates to firewall rules are required. Ideally I'd have a note specifically mentioning that (upstream communication isn't the greatest; it looks like they test almost exclusively in docker where clashing ports aren't an issue), but this'll have to do for now.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add an assert here, which assumes port != metricsPort

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So would this work?

assertions = [
      {
        assertion = cfg.port != cfg.metricsPort;
        message = "The primary listen port cannot be the same as the listen port for the metrics endpoint";
      }
    ];

I verified that it does syntactically (i.e. it correctly identifies and throws an error when I set them to the same value), I'm just not sure if you meant to use assertions or assert.

Copy link
Contributor

@JohnRTitor JohnRTitor Nov 21, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, just like this

assertions = [
{
assertion = lib.versionAtLeast config.boot.kernelPackages.kernel.version "6.12";
message = "SCX is only supported on kernel version >= 6.12.";
}
];

I take it you have tested this with your configuration

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, I tested both the normal situation (two different ports) and triggering the assertion (metricsPort is the same as port). It behaved as one would expect in both cases.

@TheRealGramdalf
Copy link
Contributor Author

Once again ready for merge. I did some manual checks and everything functions fine, not sure if we should wait for ofborg or just send it due to the branch window - I'm relatively new to PRs so I'm not too sure if it's required or just recommended.

@JohnRTitor
Copy link
Contributor

Well we mainly wait for Ofborg so it detects any underlying issue during eval. But considering how slower and costlier it has become, there have been calls to replace it with GitHub actions, which should be faster.

New eval workflow PR has been merged yesterday, and it looks like the checks passed. Let's still wait for Ofborg to check other things, I am happy to merge it after that.

@JohnRTitor JohnRTitor self-assigned this Nov 21, 2024
@TheRealGramdalf
Copy link
Contributor Author

Allright, sounds good! I'm mainly just trying to get it in before the 24.11 release so the change is in the release notes. I've been advised over on matrix that this should ideally get backported, but again I'm new to PRs and I'm not entirely sure what the process is like - there were mentions of changes to the release notes requiring a manual backport, but again I'm new to that specific area.

@TheRealGramdalf
Copy link
Contributor Author

TheRealGramdalf commented Nov 22, 2024

Checks complete, ready for merge - let me know if there's anything to do for the backport PR.

@PatrickDaG one thing to note for your PR - cfg currently points to config.services.netbird.server.<component>, which you changed to omit the <component> . You'll need to edit the metricsPort option to reflect that again when you rebase.

Copy link
Member

@Scrumplex Scrumplex left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changes LGTM

@Scrumplex Scrumplex merged commit ecd6e1e into NixOS:master Nov 22, 2024
31 checks passed
Copy link
Contributor

Successfully created backport PR for release-24.11:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 8.has: changelog 8.has: documentation This PR adds or changes documentation 8.has: module (update) This PR changes an existing module in `nixos/` 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin 10.rebuild-linux: 1-10 backport release-24.11 Backport PR automatically
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants