Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[nix-cache] Allow use of multiple caches. Split read vs write #2059

Merged
merged 5 commits into from
May 16, 2024
Merged

[nix-cache] Allow use of multiple caches. Split read vs write #2059

merged 5 commits into from
May 16, 2024

Conversation

mikeland73
Copy link
Contributor

Summary

  • Use new API
  • Allow devbox to use multiple caches for read.
  • Split read vs write caches

How was it tested?

Untested, needs new api to be deployed

@mikeland73 mikeland73 requested review from gcurtis and savil May 16, 2024 19:02
gcurtis
gcurtis approved these changes May 16, 2024
View reviewed changes
internal/boxcli/cache.go Outdated
permissions := cache.GetPermissions()
fmt.Fprintf(
cmd.OutOrStdout(),
"* %s (read: %t, write %t)\n",
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor suggestion - instead of printing the bools we could make it a little more human-readable with something like:

* s3://private-cache
* s3://devbox-cache (read-only)
* https://cache.nixos.org (read-only)

internal/devbox/cache.go Outdated Show resolved Hide resolved
internal/devbox/packages.go Outdated Show resolved Hide resolved
internal/devbox/providers/nixcache/nixcache.go Outdated
Comment on lines 50 to 56
// Token expiration should always be 60 minutes, but we want to expire
// the cache a bit earlier to avoid having a stale token.
// Adding a 40 minute check to ensure we don't accidentally create a
// very short-lived token.
if time.Until(exp) > 40*time.Minute {
exp = exp.Add(-10 * time.Minute)
}
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This changes the filecache expiration, but not the credential expiration. Should the buffer be the same for both?

  • filecache expiration determines when devbox cache credentials will make an API request for a new token.
  • AWSCredentials.Expiration determines when the AWS C++ SDK will call devbox cache credentials again to get a new token. It caches the token in-memory so that it doesn't need to invoke the credential process before every request.
  • The AWS SDK doesn't write the token to disk anywhere, so the cached in-memory token is only valid for the duration of the Nix process or the token expiration (whichever happens first). After that, it calls devbox cache credentials again.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

if the aws c++ sdk respects the expiration then this change is not needed. Do you know if that's the case if the expiration happens in the middle of a command?

My concern was that in long running jobs the token might expire in the middle of the job. by adding this 10 minute buffer it guarantees that devbox cache credentials will return something that has at least 10 minutes left. Maybe it's not needed? I can remove.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I believe it should respect the expiration (at least that's what the aws help config-vars docs make it sound like. I haven't tested it though.

I'm wondering what happens if the nix daemon gets a token and then tries to use it close to the expiration time. The daemon is obviously long-lived, so it will probably have that token right up until the expiration. Does the AWS CLI/SDK already have a small buffer to account for clock skew? If not, maybe we should still include a small one.

internal/devbox/providers/nixcache/nixcache.go Outdated Show resolved Hide resolved
mikeland73 and others added 4 commits May 16, 2024 14:35
@mikeland73 @gcurtis
Apply suggestions from code review
e4aedad 
Co-authored-by: Greg Curtis <greg.curtis@jetpack.io>
Signed-off-by: Mike Landau <mikeland86@gmail.com>
@mikeland73
Requested changes
3eb52e9
@mikeland73
Fix bad merge
d3a51ee
@mikeland73
Merge branch 'main' into landau/use-multi-cache
cf2e2fd
@mikeland73 mikeland73 merged commit d434bf5 into main May 16, 2024
24 checks passed
@mikeland73 mikeland73 deleted the landau/use-multi-cache branch May 16, 2024 22:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gcurtis gcurtis gcurtis approved these changes

@savil savil Awaiting requested review from savil

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@mikeland73 @gcurtis