New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
machinectl compliant NixOS installation #67232
Conversation
@GrahamcOfBorg test systemd-machinectl |
94efb79
to
012ed77
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The simple installer test runs locally.
012ed77
to
dba2d58
Compare
This pull request has been mentioned on NixOS Discourse. There might be relevant details there: https://discourse.nixos.org/t/prs-ready-for-review-may-2019/3032/49 |
nixos/tests/systemd-machinectl.nix
Outdated
name = "systemd-machinectl"; | ||
|
||
machine = { lib, ... }: { | ||
# use networkd to optain systemd network setup |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
# use networkd to optain systemd network setup | |
# use networkd to obtain systemd network setup |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
thanks for reviewing, I updated the PR.
cc @arianvp |
fi | ||
nixos-enter --root "$mountPoint" -- /run/current-system/bin/switch-to-configuration boot |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why was this moved out of the if
? Why do we need to run switch-to-configuration boot
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We have to ensure that /sbin/init is available, otherwise machinectl do not know per default what to start.
The NixOS option boot.loader.initScript.enable setups system.build.installBootLoader, which creates /sbin/init.
I called switch-to-configuration to get the script executed.
Do you see a better way to solve this issue?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No this seems fine to me.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hm, why not simply not pass the --no-bootloader
flag? Seems to me that you do want to install the boot loader (i.e. the creation of /sbin/init
) here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
because a container machinectl directory will not have a /boot
partition, to which a bootloader is installed, but it will need an /sbin/init
for it to be picked up by systemd-nspawn --boot --directory <path-to-container>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/boot
should be an implementation detail of certain boot loaders (namely GRUB and UEFI), but the initScript
boot loader shouldn't require that.
Looks good to me! |
networking.useNetworkd = true; | ||
|
||
# systemd-nspawn expects /sbin/init | ||
boot.loader.initScript.enable = true; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
(Not important for merging this) do we perhaps want to make a ./modules/profiles/machinectl.nix
that enables this initScript.enable
option?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is a good idea but I would propose nspawn-container.nix
as a profile name. This is more general. machinectl
is only the tool that handles basic nspawn container functionality.
Avoid assertion in nixos/modules/system/boot/resolved.nix if service systemd-resolved is enabled.
The activation script is needed to get the missing files in etc/ created. Needed for container manager like systemd-nspawn.
b6dd0b6
to
db9b5f5
Compare
Rebased onto current master and squashed some of the fixup commits. Doing a final test run now and will add a short paragraph in the release notes. Thanks! 🎉 |
Please do not merge this yet. There are still some issues with the functionality in this PR, probably due to the systemd bump recently. In the generated container, some services seem to fail due to very weird reasons:
Note the Additionally, |
This seems to be similar to as: systemd/systemd#7605 status=238/STATE_DIRECTORY is thrown if systemd cannot create the This kind of stuff should only happen if there is something funky going on with |
The Nevertheless, |
@fpletz what happens if you run this as |
@arianvp This will work (already tried it) but the attached documentation is misleading. Since we're not targeting 19.09 anymore this seems fine to me but we have to ensure we fix the documentation if this isn't fixed in systemd before 20.03. |
Yes I will, I prepare a PR. |
So this was reverted. |
@maxbrieiev The current instructions I have are:
cp /var/lib/machines/$MACHINE_NAME/nix/store/*-etc-os-release /var/lib/machines/$MACHINE_NAME/etc/os-release`
mkdir /var/lib/machines/$MACHINE_NAME/sbin
ln -s /init /var/lib/machines/$MACHINE_NAME/sbin/init
chattr -i /var/lib/machines/$MACHINE_NAME/var/empty |
Motivation for this change
Simple installation of NixOS into a systemd controlled container via machinectl.
Used networkd to get working network setup without additional configuration.
see also #9884 and #35364
Things done
sandbox
innix.conf
on non-NixOS)nix-shell -p nix-review --run "nix-review wip"
./result/bin/
)nix path-info -S
before and after)Notify maintainers
cc @nbarbey
cc @