New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
rkt: run api service and make socket activatable #40534
Conversation
No attempt on aarch64-linux (full log) The following builds were skipped because they don't evaluate on aarch64-linux: rkt Partial log (click to expand)
|
Success on x86_64-linux (full log) Attempted: rkt Partial log (click to expand)
|
}; | ||
}; | ||
|
||
systemd.tmpfiles.rules = [ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you explain why all these files are needed?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Upstream wants it
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Which services creates this usually?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I should have been clearer - sorry. In order to be able to actually interact with rkt without being root/using sudo, you need to be a member of the rkt
group.
Without this PR:
peter@dolores:~ $ rkt list
list: failed to get pod handles: mkdir /var/lib/rkt/pods: permission denied
With it:
peter@dolores:~ $ rkt list
UUID APP IMAGE NAME STATE CREATED STARTED NETWORKS
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could we maybe use the upstream file? environment.etc."tmpfiles.d/rkt.conf".source = "${rkt}/lib/tmpfiles.d/rkt.conf";
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hmm, it is not installed by default. Adding the following to postInstall
should do it.
mkdir -p $out/lib/tmpfiles.d
install -Dm644 dist/init/systemd/tmpfiles.d/rkt.conf $out/lib/tmpfiles.d/rkt.conf
Taken from https://github.com/rkt/rkt/blob/601d9887c5f3659c0e5f72ce1f839787c55fd1f3/scripts/install-rkt.sh#L57
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Services should probably be installed the same way. And systemd.packages
should probably recognize tmpfiles.d
(#40594).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As I understand it, files in tmpfiles.d
are not automatically loaded on NixOS. We need to add them to systemd.tmpfiles.rules
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
From
nixpkgs/nixos/modules/system/boot/systemd.nix
Lines 773 to 781 in 8a93595
"tmpfiles.d/systemd.conf".source = "${systemd}/example/tmpfiles.d/systemd.conf"; | |
"tmpfiles.d/x11.conf".source = "${systemd}/example/tmpfiles.d/x11.conf"; | |
"tmpfiles.d/nixos.conf".text = '' | |
# This file is created automatically and should not be modified. | |
# Please change the option ‘systemd.tmpfiles.rules’ instead. | |
${concatStringsSep "\n" cfg.tmpfiles.rules} | |
''; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Files that are simply part of the package distribution aren't added - so we need to add it to /etc/tmpfiles.d
like it's done here or alternatively builtins.readFile
. In any case, there is no need to re-invent the wheel so I will adjust this to use the file distributes with upstream. We could it it similarly for the units.
What is the status of this pull request? |
rkt is for all intents and purposes dead, so we might as well close this. |
Motivation for this change
The rkt-metadata service is socket activatable so there is no point running it eagerly. Also, it was just called "rkt" in the past which isn't really descriptive as it isn't needed for running regular containers but is a metadata service.
We also now run the API service.
Cc: @Mic92 and @coretemp who have shown interest in the socket activation stuff
Things done
build-use-sandbox
innix.conf
on non-NixOS)nix-shell -p nox --run "nox-review wip"
./result/bin/
)