Remove cloud-init from the Openstack image configuration #54800
Conversation
The Openstack metadata service exposes the EC2 API. We use the existing `ec2.nix` module to configure the hostname and ssh keys of an Openstack Instance. A test checks the ssh server is well configured. This is mainly to reduce the size of the image (700MB). Also, declarative features provided by cloud-init are not really useful since we would prefer to use our `configuration.nix` file instead.
This allows the VM to provide a `configuration.nix` file to the VM. The test doesn't work in sandbox because it needs Internet (however it works interactively).
|
@GrahamcOfBorg test openstack-image-metadata |
|
@GrahamcOfBorg test ec2-nixops |
|
The ec2 tests failure is not related to these patch (same error without my patches). ping @flokli :) |
| wget --retry-connrefused -O "$metaDir/user-data" http://169.254.169.254/1.0/user-data && chmod 600 "$metaDir/user-data" | ||
| fi | ||
|
|
||
| if ! [ -e "$metaDir/hostname" ]; then |
There was a problem hiding this comment.
this should be optional, like in nixos/modules/virtualisation/ec2-data.nix
There was a problem hiding this comment.
I would prefer to avoid changes on the ec2 image. I can't test the change (no ec2 account and the test is broken). Moreover this could also impact users relying on this hostname file.
I think this could be addressed in another PR.
| wants = [ "network-online.target" ]; | ||
| after = [ "network-online.target" ]; | ||
| script = | ||
| '' |
There was a problem hiding this comment.
The following script looks pretty similar to what's in nixos/modules/virtualisation/amazon-image.nix at boot.initrd.postMountCommands.
This duplicates the script in nixos/modules/virtualisation/amazon-image.nix, and probably should be merged.
Other suggestion, what about using https://github.com/coreos/coreos-metadata, which already handles changing hostname and ssh keys, and where it should be fairly trivial to make it expose user-data?
There was a problem hiding this comment.
As discussed, I've moved the script in a shared file.
|
@edolstra from your reaction on the PR, is there a way you can test this? |
| ]; | ||
|
|
||
| system.build.novaImage = import ../../../lib/make-disk-image.nix { | ||
| system.build.openstackImage = import ../../../lib/make-disk-image.nix { |
There was a problem hiding this comment.
@Lassulus this might need a fix in https://github.com/nix-community/nixos-generators too
There was a problem hiding this comment.
I could do it.
I also plan to send a post on discourse to ask for some help to publish this image on the NixOS download page.
People don't necessary know `nova` is related to Openstack (it is a component of Openstack). So, it is more explicit to call it `openstackImage`.
This is to let the `ec2-data.nix` module sets the hostname from the metadata API value.
To share the metadata fetcher script between ec2 and Openstack images.
cloud-initis replaced by modules used by our EC2 image (Openstack metadata service provides an EC2 API).sshkeys andconfiguration.nixare appliednovaImageis renamed toopenstackImageThis is mainly to reduce the size of the image (from 2.2GB to 1.3GB). Also, I think we generally don't care about
cloud-initfeatures since we have aconfiguration.nixfile.Unfortunately, one of the two tests doesn't work in the sandbox because it needs Internet. This is also the case of EC2 tests... I hope to fix them later (help is welcome on that).
I also test this image on an Openstack cloud. It is working as expected.
Note this also fixes the current Nova image which is currently broken.
Things done
sandboxinnix.confon non-NixOS)nix-shell -p nox --run "nox-review wip"./result/bin/)nix path-info -Sbefore and after)