services: Make 'nscd-service' configurable; cache hosts/services by default.

Before that, as it was given an empty configuration file, nscd would
actually have all its caches disabled.

* gnu/services/base.scm (<nscd-configuration>, <nscd-cache>): New record
  types.
  (%nscd-default-caches, %nscd-default-configuration): New variables.
  (nscd.conf-file): New procedure.
  (nscd-service): Add 'config' parameter.  Use 'nscd.conf-file', and
  pass its result as the '-f' parameter of nscd.
* doc/guix.texi (Base Services): Update 'nscd-service' documentation
  accordingly.  Document 'nscd-configuration', 'nscd-cache',
  '%nscd-default-configuration', and '%nscd-default-caches'.
This commit is contained in:
Ludovic Courtès 2014-12-14 16:29:24 +01:00
parent f912da3a84
commit 6454b33345
2 changed files with 200 additions and 6 deletions

View file

@ -4177,10 +4177,91 @@ tool suite.)
the ``message of the day''.
@end deffn
@deffn {Monadic Procedure} nscd-service [#:glibc glibc]
Return a service that runs libc's name service cache daemon (nscd).
@cindex name service cache daemon
@cindex nscd
@deffn {Monadic Procedure} nscd-service [@var{config}] [#:glibc glibc]
Return a service that runs libc's name service cache daemon (nscd) with the
given @var{config}---an @code{<nscd-configuration>} object.
@end deffn
@defvr {Scheme Variable} %nscd-default-configuration
This is the default @code{<nscd-configuration>} value (see below) used
by @code{nscd-service}. This uses the caches defined by
@var{%nscd-default-caches}; see below.
@end defvr
@deftp {Data Type} nscd-configuration
This is the type representing the name service cache daemon (nscd)
configuration.
@table @asis
@item @code{log-file} (default: @code{"/var/log/nscd.log"})
Name of nscd's log file. This is where debugging output goes when
@code{debug-level} is strictly positive.
@item @code{debug-level} (default: @code{0})
Integer denoting the debugging levels. Higher numbers mean more
debugging output is logged.
@item @code{caches} (default: @var{%nscd-default-caches})
List of @code{<nscd-cache>} objects denoting things to be cached; see
below.
@end table
@end deftp
@deftp {Data Type} nscd-cache
Data type representing a cache database of nscd and its parameters.
@table @asis
@item @code{database}
This is a symbol representing the name of the database to be cached.
Valid values are @code{passwd}, @code{group}, @code{hosts}, and
@code{services}, which designate the corresponding NSS database
(@pxref{NSS Basics,,, libc, The GNU C Library Reference Manual}).
@item @code{positive-time-to-live}
@itemx @code{negative-time-to-live} (default: @code{20})
A number representing the number of seconds during which a positive or
negative lookup result remains in cache.
@item @code{check-files?} (default: @code{#t})
Whether to check for updates of the files corresponding to
@var{database}.
For instance, when @var{database} is @code{hosts}, setting this flag
instructs nscd to check for updates in @file{/etc/hosts} and to take
them into account.
@item @code{persistent?} (default: @code{#t})
Whether the cache should be stored persistently on disk.
@item @code{shared?} (default: @code{#t})
Whether the cache should be shared among users.
@item @code{max-database-size} (default: 32@tie{}MiB)
Maximum size in bytes of the database cache.
@c XXX: 'suggested-size' and 'auto-propagate?' seem to be expert
@c settings, so leave them out.
@end table
@end deftp
@defvr {Scheme Variable} %nscd-default-caches
List of @code{<nscd-cache>} objects used by default by
@code{nscd-configuration} (see above.)
It enables persistent and aggressive caching of service and host name
lookups. The latter provides better host name lookup performance,
resilience in the face of unreliable name servers, and also better
privacy---often the result of host name lookups is in local cache, so
external name servers do not even need to be queried.
@end defvr
@deffn {Monadic Procedure} syslog-service
Return a service that runs @code{syslogd} with reasonable default
settings.

View file

@ -33,8 +33,10 @@ (define-module (gnu services base)
#:select (mount-flags->bit-mask))
#:use-module (guix gexp)
#:use-module (guix monads)
#:use-module (guix records)
#:use-module (srfi srfi-1)
#:use-module (srfi srfi-26)
#:use-module (ice-9 match)
#:use-module (ice-9 format)
#:export (root-file-system-service
file-system-service
@ -46,6 +48,16 @@ (define-module (gnu services base)
console-font-service
udev-service
mingetty-service
%nscd-default-caches
%nscd-default-configuration
nscd-configuration
nscd-configuration?
nscd-cache
nscd-cache?
nscd-service
syslog-service
guix-service
@ -374,9 +386,110 @@ (define* (mingetty-service tty
#:allow-empty-passwords? allow-empty-passwords?
#:motd motd)))))))
(define* (nscd-service #:key (glibc (canonical-package glibc)))
"Return a service that runs libc's name service cache daemon (nscd)."
(with-monad %store-monad
(define-record-type* <nscd-configuration> nscd-configuration
make-nscd-configuration
nscd-configuration?
(log-file nscd-configuration-log-file ;string
(default "/var/log/nscd.log"))
(debug-level nscd-debug-level ;integer
(default 0))
;; TODO: See nscd.conf in glibc for other options to add.
(caches nscd-configuration-caches ;list of <nscd-cache>
(default %nscd-default-caches)))
(define-record-type* <nscd-cache> nscd-cache make-nscd-cache
nscd-cache?
(database nscd-cache-database) ;symbol
(positive-time-to-live nscd-cache-positive-time-to-live) ;integer
(negative-time-to-live nscd-cache-negative-time-to-live
(default 20)) ;integer
(suggested-size nscd-cache-suggested-size ;integer ("default module
;of hash table")
(default 211))
(check-files? nscd-cache-check-files? ;Boolean
(default #t))
(persistent? nscd-cache-persistent? ;Boolean
(default #t))
(shared? nscd-cache-shared? ;Boolean
(default #t))
(max-database-size nscd-cache-max-database-size ;integer
(default (* 32 (expt 2 20))))
(auto-propagate? nscd-cache-auto-propagate? ;Boolean
(default #t)))
(define %nscd-default-caches
;; Caches that we want to enable by default. Note that when providing an
;; empty nscd.conf, all caches are disabled.
(list (nscd-cache (database 'hosts)
;; Aggressively cache the host name cache to improve
;; privacy and resilience.
(positive-time-to-live (* 3600 12))
(negative-time-to-live 20)
(persistent? #t))
(nscd-cache (database 'services)
;; Services are unlikely to change, so we can be even more
;; aggressive.
(positive-time-to-live (* 3600 24))
(negative-time-to-live 3600)
(check-files? #t) ;check /etc/services changes
(persistent? #t))))
(define %nscd-default-configuration
;; Default nscd configuration.
(nscd-configuration))
(define (nscd.conf-file config)
"Return the @file{nscd.conf} configuration file for @var{config}, an
@code{<nscd-configuration>} object."
(define cache->config
(match-lambda
(($ <nscd-cache> (= symbol->string database)
positive-ttl negative-ttl size check-files?
persistent? shared? max-size propagate?)
(string-append "\nenable-cache\t" database "\tyes\n"
"positive-time-to-live\t" database "\t"
(number->string positive-ttl) "\n"
"negative-time-to-live\t" database "\t"
(number->string negative-ttl) "\n"
"suggested-size\t" database "\t"
(number->string size) "\n"
"check-files\t" database "\t"
(if check-files? "yes\n" "no\n")
"persistent\t" database "\t"
(if persistent? "yes\n" "no\n")
"shared\t" database "\t"
(if shared? "yes\n" "no\n")
"max-db-size\t" database "\t"
(number->string max-size) "\n"
"auto-propagate\t" database "\t"
(if propagate? "yes\n" "no\n")))))
(match config
(($ <nscd-configuration> log-file debug-level caches)
(text-file "nscd.conf"
(string-append "\
# Configuration of libc's name service cache daemon (nscd).\n\n"
(if log-file
(string-append "logfile\t" log-file)
"")
"\n"
(if debug-level
(string-append "debug-level\t"
(number->string debug-level))
"")
"\n"
(string-concatenate
(map cache->config caches)))))))
(define* (nscd-service #:optional (config %nscd-default-configuration)
#:key (glibc (canonical-package glibc)))
"Return a service that runs libc's name service cache daemon (nscd) with the
given @var{config}---an @code{<nscd-configuration>} object."
(mlet %store-monad ((nscd.conf (nscd.conf-file config)))
(return (service
(documentation "Run libc's name service cache daemon (nscd).")
(provision '(nscd))
@ -388,7 +501,7 @@ (define* (nscd-service #:key (glibc (canonical-package glibc)))
(start #~(make-forkexec-constructor
(list (string-append #$glibc "/sbin/nscd")
"-f" "/dev/null" "--foreground")))
"-f" #$nscd.conf "--foreground")))
(stop #~(make-kill-destructor))
(respawn? #f)))))