Amazon Images for Aarch64 #62042
Amazon Images for Aarch64 #62042
Conversation
| @@ -51,7 +51,9 @@ in { | |||
| inherit lib config; | |||
| inherit (cfg) contents format name; | |||
| pkgs = import ../../../.. { inherit (pkgs) system; }; # ensure we use the regular qemu-kvm package | |||
| partitionTableType = if config.ec2.hvm then "legacy" else "none"; | |||
| partitionTableType = if config.ec2.efi then "efi" | |||
| else if config.ec2.hvm then "legacy" | |||
There was a problem hiding this comment.
ec2.hvm is blocked by an assertion, but the implementation still seems to support it. I preserved the existing behavior.
| @@ -61,6 +63,9 @@ in { | |||
| ${optionalString config.ec2.hvm '' | |||
| ec2.hvm = true; | |||
| ''} | |||
| ${optionalString config.ec2.efi '' | |||
| ec2.efi = true; | |||
There was a problem hiding this comment.
Implemented in the same pattern as ec2.hvm, but I don't know the reason for this.
| @@ -25,6 +25,9 @@ in | |||
| { assertion = cfg.hvm; | |||
| message = "Paravirtualized EC2 instances are no longer supported."; | |||
| } | |||
| { assertion = cfg.efi -> cfg.hvm; | |||
There was a problem hiding this comment.
I don't know if this is a strict requirement, but it reduces the possible configurations to support.
thefloweringash
force-pushed
the
aarch64-ami
branch
from
6174864
to
83b54f9
Compare
thefloweringash
force-pushed
the
aarch64-ami
branch
from
83b54f9
to
fb44e07
Compare
thefloweringash
changed the title
|
If you can add some documentation too, which would make it possible to use this in 10 minutes, this is the kind of thing that would make me want to run Great to see arm support coming, regardless. |
| us-east-1 us-east-2 us-west-1 us-west-2 | ||
| ca-central-1 | ||
| ap-southeast-1 ap-southeast-2 ap-northeast-1 ap-northeast-2 | ||
| ap-south-1 ap-east-1 |
There was a problem hiding this comment.
ap-east-1 is new here, and may required additional configuration to enable this region
There was a problem hiding this comment.
I don't think we have to do any region-specific configuration.
There was a problem hiding this comment.
Some regions can be individually disabled and enabled, see the Amazon docs on Managing AWS Regions. I think ap-east-1 is the only region that this applies to, and is disabled by default.
There was a problem hiding this comment.
Yeah, looks like ap-east-1 and me-south-1 are currently disabled.
|
|
||
| # configuration | ||
| state_dir=/home/deploy/amis/ec2-images | ||
| home_region=us-west-2 |
There was a problem hiding this comment.
I can't tell the home region of the nixos-amis bucket, this is probably wrong.
There was a problem hiding this comment.
It's in eu-west-1 (or EU if it needs the old S3 location constraint).
thefloweringash
force-pushed
the
aarch64-ami
branch
2 times, most recently
from
fe34388
to
65e0249
Compare
nixos/release.nix
Outdated
| @@ -196,6 +196,22 @@ in rec { | |||
| ); | |||
|
|
|||
|
|
|||
| # A disk image that can be imported to Amazon EC2 and registered as an AMI | |||
| amazon_image = forMatchingSystems [ "x86_64-linux" "aarch64-linux" ] (system: | |||
| @@ -42,7 +42,7 @@ in { | |||
|
|
|||
| format = mkOption { | |||
| type = types.enum [ "raw" "qcow2" "vpc" ]; | |||
| default = "qcow2"; | |||
| default = "vpc"; | |||
There was a problem hiding this comment.
Is vpc a sparse / compressed disk format? For Hydra it's important not to increase the size of the images a lot.
There was a problem hiding this comment.
I believe it's sparse but not compressed, comparisons:
└── [ 1193577472] nixos-amazon-image-19.09pre130979.gfedcba-aarch64-linux.vhd
└── [ 1177550848] nixos-amazon-image-19.09pre130979.gfedcba-aarch64-linux.qcow2
└── [ 1132745216] nixos-amazon-image-19.09pre130979.gfedcba-x86_64-linux.vhd
└── [ 1116078080] nixos-amazon-image-19.09pre130979.gfedcba-x86_64-linux.qcow2
d82bec8
to
ec7d1db
Compare
|
@thefloweringash Can you resolve the merge conflict? Then I'll merge this. Thanks! |
These can be imported without converison.
thefloweringash
force-pushed
the
aarch64-ami
branch
from
ec7d1db
to
84742e2
Compare
|
Rebased on current master. I haven't tested it since the rebase, but the rebase itself was straightforward. |
|
I've now successfully tested booting both amd64 and aarch64 AMIs on current master (after fixing the ceph entry in the release notes). |
|
I’m trying to use this image and I am importing it manually (since there seem to be no images on the nixos.org website currently), however the 🤔 |
|
Hm, ok, apparently EFI is specifically for aarch64, and one has to pass |
Are you using I've created an aarch64 ami with create-amis.sh and successfully booted an a1.medium on it. If this is still failing for you, can you share more details so I can try to reproduce it? |
Motivation for this change
AMIs for Amazon's A1 instance type. Following advice from
#nixos-dev, this adds a hydra job to build the images, and a script that will upload and register the prebuilt images given the store path. The uploader does not require a configured aarch64 builder.While rewriting the
create-amis.shscript I only used theawsclipackage. I haven't seen it written anywhere, but it seems like the ec2-* tools do not support current AWS features like session tokens and assume-role based access to s3. I find this version more compatible with my authentication scheme (short lived tokens), but recognize this is a large change from the existing behavior.Configuration details adapted from #52779
Tested booting both "arm64" and "x86_64" images produced from
nix-build nixos/release.nix -A amazon_image.Things done
sandboxinnix.confon non-NixOS)nix-shell -p nix-review --run "nix-review wip"./result/bin/)nix path-info -Sbefore and after)