Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

kubo: default installation gives null API field instead of some unix domain socket #248447

Closed
Jorropo opened this issue Aug 11, 2023 · 6 comments · Fixed by #272041
Closed

kubo: default installation gives null API field instead of some unix domain socket #248447

Jorropo opened this issue Aug 11, 2023 · 6 comments · Fixed by #272041
Labels
0.kind: bug Something is broken

Comments

@Jorropo
Copy link
Contributor

Jorropo commented Aug 11, 2023
edited
Loading

Describe the bug

We got theses reports of Kubo panicing on startup due to probably an empty API field ipfs/kubo#10056. This is a bug in our software however I belive this is also a bug in:

nixpkgs/nixos/modules/services/network-filesystems/kubo.nix

Line 186 in cf73a86

default = [ ];

Because a Kubo daemon without an API listener is borderline useless, your choice to change to a unix socket (f2be3ae) makes sense however I think some default got lost and now it is set to Null.

Given I am not a Nix user myself I got help from @justinabrahms to fill in the template, thx ❤️.

Steps To Reproduce

Steps to reproduce the behavior:

  1. Add services.kubo.enable = true to /etc/nixos/configuration.nix
  2. sudo nixos-rebuild switch
  3. systemctl status ipfs notice it's failing with a panic.

Expected behavior

After installation Kubo daemon should start and the RPC should be usable by a permissioned user.

Notify maintainers

@Luflosi

Metadata

Please run nix-shell -p nix-info --run "nix-info -m" and paste the result.

$ nix-shell -p nix-info --run "nix-info -m"
 - system: `"x86_64-linux"`
 - host os: `Linux 6.1.38, NixOS, 23.05 (Stoat), 23.05.2064.53657afe297`
 - multi-user?: `yes`
 - sandbox: `yes`
 - version: `nix-env (Nix) 2.13.3`
 - channels(abrahms): `""`
 - channels(root): `"home-manager-23.05.tar.gz, nixos-23.05"`
 - nixpkgs: `/nix/var/nix/profiles/per-user/root/channels/nixos`
@Jorropo Jorropo added the 0.kind: bug Something is broken label Aug 11, 2023
@Jorropo

This comment was marked as outdated.

Sign in to view
@Luflosi
Copy link
Contributor

Luflosi commented Aug 11, 2023

Weird that it works on my machine and in the NixOS tests. One of the NixOS tests only has services.kubo.enable = true; and services.kubo.autoMount = true; options set. autoMount does quite a lot but I didn't see anything obvious why this should affect the API settings. But maybe it does make a difference and maybe I specified some additional option on my machine makes it also work there. I'll try to reproduce it with just the enable option set in the next couple days.
On one machine ipfs config show shows that the API field is set to null and yet Kubo starts without a problem and RPC API server listening on /unix/run/ipfs.sock can be seen in the log.
According to a comment at the top of, ipfs-api.socket, "Enabling this [socket file] will completely override any API listeners configured in your config.". NixOS enables this socket file and overrides ListenStream with %t/ipfs.sock (which is /run/ipfs.sock) plus whatever the user has set in services.kubo.settings.Addresses.API. What I don't know is how systemd communicates this information to Kubo but this seems to work.
So in conclusion, I would think that setting the API field to null in the Kubo config doesn't matter because ipfs-api.socket is enabled, which should override this and specify a socket for the API.

@Jorropo
Copy link
Contributor Author

Jorropo commented Aug 11, 2023
edited
Loading

Thx I wasn't aware we even had this feature (or that you could use systemd to configure application sockets in the first place).

We have a simple incorrect listeners[0] assumption which is panicking since kubo is configured without listeners.

However this is fed by listeners, err := sockets.TakeListeners("io.ipfs.api") which tries to load something like ipfs-api.socket as you linked. So if you have a "API": null but use something like ipfs-api.socket it should work (AFAIT).
I can't test experimentally that feeding the API through systemd works right now, I'll report later, but it seems to me that the ipfs-api.socket like config is not applied somehow.

@Luflosi
Copy link
Contributor

Luflosi commented Aug 13, 2023

I was able to reproduce the problem. Maybe I just need to order the ipfs.service unit after the two socket units. I'll take a closer look in the following days when I have some more time.

@ntninja
Copy link
Contributor

ntninja commented Nov 8, 2023
edited
Loading

This happened to me too on first installation, the reason was that systemd couldn’t bind port 8080 because it is already in use by another service, then started Kubo anyways. So my theory is that Kubo checks if there was a socket made available by systemd and if there was none falls back to trying to read the listen address from the config (which is then null) and then panics in the observed way.

For anyone else affected by this, run systemctl status ipfs-api.socket ipfs-gateway.socket and check if both sockets were correctly bound when Kubo crashes in this way.

@Luflosi Luflosi mentioned this issue Dec 4, 2023
Merged
13 tasks
@Luflosi
Copy link
Contributor

Luflosi commented Dec 4, 2023

I created #272041, which should fix this.

@Luflosi Luflosi mentioned this issue Dec 4, 2023
Closed
Luflosi added a commit to Luflosi/nixpkgs that referenced this issue Dec 15, 2023
@Luflosi
nixos/kubo: fix potential panic on startup
d4fcb44 
This fixes a panic of the kubo daemon which could occur under certain conditions when the daemon was starting.
It was caused by the `ipfs.service` unit not depending on the `ipfs-api.socket` and `ipfs-gateway.socket` units with `Wants=`. This allows the `ipfs.service` to be started manually or by `nixos-rebuild` without the sockets being set up before that. When that happens, the daemon won't know about these sockets and will only use what is set in `services.kubo.settings.Addresses.Gateway` and `services.kubo.settings.Addresses.API`. By default the `API` is an empty list in NixOS though. The daemon doesn't like this at all and panics on startup, see ipfs/kubo#10056.
With this commit, starting `ipfs.service` will first set up the two sockets before starting the actual service.
Adding the `Sockets=` option implicitly adds a `Wants=` for the sockets and this is exactly what we need. See https://www.freedesktop.org/software/systemd/man/latest/systemd.service.html#Implicit%20Dependencies . This can be checked with `systemctl show ipfs.service`.

This should probably be upstreamed to the unit file in the Kubo repo.

The problem can be reproduced in the following way:
- Add `services.kubo.enable = true` to `/etc/nixos/configuration.nix`
- `sudo nixos-rebuild switch` (this may already fail, not sure why it's not deterministic for me)
- `sudo systemctl stop ipfs-api.socket`
- `sudo systemctl stop ipfs-gateway.socket`
- `sudo systemctl stop ipfs.service`
- `sudo systemctl start ipfs.service`

Fixes NixOS#248447.
github-actions bot pushed a commit that referenced this issue Dec 15, 2023
@Luflosi @github-actions
nixos/kubo: fix potential panic on startup
2d2c58d 
This fixes a panic of the kubo daemon which could occur under certain conditions when the daemon was starting.
It was caused by the `ipfs.service` unit not depending on the `ipfs-api.socket` and `ipfs-gateway.socket` units with `Wants=`. This allows the `ipfs.service` to be started manually or by `nixos-rebuild` without the sockets being set up before that. When that happens, the daemon won't know about these sockets and will only use what is set in `services.kubo.settings.Addresses.Gateway` and `services.kubo.settings.Addresses.API`. By default the `API` is an empty list in NixOS though. The daemon doesn't like this at all and panics on startup, see ipfs/kubo#10056.
With this commit, starting `ipfs.service` will first set up the two sockets before starting the actual service.
Adding the `Sockets=` option implicitly adds a `Wants=` for the sockets and this is exactly what we need. See https://www.freedesktop.org/software/systemd/man/latest/systemd.service.html#Implicit%20Dependencies . This can be checked with `systemctl show ipfs.service`.

This should probably be upstreamed to the unit file in the Kubo repo.

The problem can be reproduced in the following way:
- Add `services.kubo.enable = true` to `/etc/nixos/configuration.nix`
- `sudo nixos-rebuild switch` (this may already fail, not sure why it's not deterministic for me)
- `sudo systemctl stop ipfs-api.socket`
- `sudo systemctl stop ipfs-gateway.socket`
- `sudo systemctl stop ipfs.service`
- `sudo systemctl start ipfs.service`

Fixes #248447.

(cherry picked from commit d4fcb44)
Lainera pushed a commit to Lainera/nixpkgs that referenced this issue Dec 20, 2023
@Luflosi @Lainera
nixos/kubo: fix potential panic on startup
ddd6c82 
This fixes a panic of the kubo daemon which could occur under certain conditions when the daemon was starting.
It was caused by the `ipfs.service` unit not depending on the `ipfs-api.socket` and `ipfs-gateway.socket` units with `Wants=`. This allows the `ipfs.service` to be started manually or by `nixos-rebuild` without the sockets being set up before that. When that happens, the daemon won't know about these sockets and will only use what is set in `services.kubo.settings.Addresses.Gateway` and `services.kubo.settings.Addresses.API`. By default the `API` is an empty list in NixOS though. The daemon doesn't like this at all and panics on startup, see ipfs/kubo#10056.
With this commit, starting `ipfs.service` will first set up the two sockets before starting the actual service.
Adding the `Sockets=` option implicitly adds a `Wants=` for the sockets and this is exactly what we need. See https://www.freedesktop.org/software/systemd/man/latest/systemd.service.html#Implicit%20Dependencies . This can be checked with `systemctl show ipfs.service`.

This should probably be upstreamed to the unit file in the Kubo repo.

The problem can be reproduced in the following way:
- Add `services.kubo.enable = true` to `/etc/nixos/configuration.nix`
- `sudo nixos-rebuild switch` (this may already fail, not sure why it's not deterministic for me)
- `sudo systemctl stop ipfs-api.socket`
- `sudo systemctl stop ipfs-gateway.socket`
- `sudo systemctl stop ipfs.service`
- `sudo systemctl start ipfs.service`

Fixes NixOS#248447.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
0.kind: bug Something is broken
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

nixos/kubo: fix potential panic on startup Luflosi/nixpkgs
3 participants
@ntninja @Luflosi @Jorropo