Commit graph

450 commits

Author SHA1 Message Date
Rickard Nilsson
301b4e9018 nixos/libvirt: Add virtlogd and virtlockd systemd sockets and services 2016-06-27 13:32:21 +02:00
Rickard Nilsson
1b54e48561 nixos/libvirt: Adapt libvirtd.service to upstream sources 2016-06-27 13:04:52 +02:00
Rickard Nilsson
37f4889851 nixos/libvirt: Remove non-functional service libvirt-guests
It doesn't have a start script, so it hasn't worked at all in
a long time.
2016-06-27 10:34:29 +00:00
Zack Piper
f36c8f5f54 lxd: pkg.lxd does not point to the binaries
`pkg.lxd.bin` does
2016-06-19 20:30:36 +01:00
Benno Fünfstück
3850123f32 nixos/docker: use wrapped modprobe
We need to use wrapped modprobe, so that it finds the right
modules. Docker needs modprobe to load overlay kernel module
for example.

This fixes an an error starting docker if the booted system's kernel
version is different from the /run/current-system profile's one.
2016-06-11 21:13:37 +02:00
Eelco Dolstra
7c19b395eb Explicitly specify the subsystem for /dev/vboxguest
Otherwise systemd gets confused and forgets about device units after
reloading.

https://github.com/NixOS/nixops/issues/391
https://github.com/systemd/systemd/issues/3423
2016-06-03 00:33:15 +02:00
aszlig
dc38003af9
nixos/containers: Create an empty machine-id file
Since systemd version 230, it is required to have a machine-id file
prior to the startup of the container. If the file is empty, a transient
machine ID is generated by systemd-nspawn.

See systemd/systemd#3014 for more details on the matter.

This unbreaks all of the containers-* NixOS tests.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @edolstra
Closes: #15808
2016-05-29 18:38:37 +02:00
Eelco Dolstra
b37d6d8996 Fix failure to start old containers
The existence of $root/var/lib/private/host-notify as a socket
prevented a bind mount:

  container foo[8083]: Failed to create mount point /var/lib/containers/foo/var/lib/private/host-notify: No such device or address
2016-05-26 16:19:40 +02:00
Eelco Dolstra
845c9b50bf boot.initrd.luks.devices: Change into an attribute set
This allows setting options for the same LUKS device in different
modules. For example, the auto-generated hardware-configuration.nix
can contain

  boot.initrd.luks.devices.crypted.device = "/dev/disk/...";

while configuration.nix can add

  boot.initrd.luks.devices.crypted.allowDiscards = true;

Also updated the examples/docs to use /disk/disk/by-uuid instead of
/dev/sda, since we shouldn't promote the use of the latter.
2016-05-25 18:04:21 +02:00
Eelco Dolstra
32bed83b18 Remove boot.loader.grub.timeout and boot.loader.gummiboot.timeout
There is a generic boot.loader.timeout option.
2016-05-25 11:39:17 +02:00
zimbatm
3ade1e7d3e Merge branch 'pr/14911' 2016-05-05 21:28:27 +01:00
Joaquim Pedro França Simão
133dc10e5a open-vm-tools: fixes host VMware errors 2016-05-05 21:27:54 +01:00
Eelco Dolstra
ecfc523d32 Update EC2 AMIs to 16.03.659.011ea84
This includes the binutils mass rebuild.
2016-04-29 10:28:35 +02:00
Tuomas Tynkkynen
60f5659dad treewide: Use correct output in ${config.nix.package}/bin 2016-04-25 16:44:37 +02:00
Tuomas Tynkkynen
bee04a37ad amazon-init.nix: Use makeBinPath
This also fixes the incorrect use of 'dev' outputs from
config.nix.package and pkgs.systemd.
2016-04-25 16:44:37 +02:00
Franz Pletz
8cca66f774 Merge pull request #14018 from kampfschlaefer/feature/hostbridge_and_ipv6_for_containers
containers: hostbridge and IPv6
2016-04-24 20:33:46 +02:00
Tuomas Tynkkynen
d0c127487f qemu-img: Fix module paths
They are compressed nowadays.

Not sure if these are really needed since nobody noticed they were
broken, but anyway...
2016-04-22 10:42:31 +03:00
Tuomas Tynkkynen
01854a850a treewide: Replace module_init_tools -> kmod
The former is deprecated and doesn't handle compressed kernel modules,
so all current usages of it are broken.
2016-04-22 10:40:57 +03:00
Nikolay Amiantov
8b7ebaffeb replace makeSearchPath tree-wise to take care of possible multiple outputs 2016-04-13 22:09:41 +03:00
Vladimír Čunát
30f14243c3 Merge branch 'master' into closure-size
Comparison to master evaluations on Hydra:
  - 1255515 for nixos
  - 1255502 for nixpkgs
2016-04-10 11:17:52 +02:00
Vladimír Čunát
d1df28f8e5 Merge 'staging' into closure-size
This is mainly to get the update of bootstrap tools.
Otherwise there were mysterious segfaults:
https://github.com/NixOS/nixpkgs/pull/7701#issuecomment-203389817
2016-04-07 14:40:51 +02:00
Eelco Dolstra
ab2855b975 Add 16.03 AMIs 2016-04-05 11:25:12 +02:00
Arnold Krille
3c819f28f5 containers: Make declarative containers real systemd services
Without the templating (which is still present for imperative containers), it
will be possible to set individual dependencies. Like depending on the network
only if the hostbridge or hardware interfaces are used.

Ported from #3021
2016-04-02 17:07:41 +02:00
Arnold Krille
aa46904490 containers: Add a hostbridge and ipv6 addresses
This allows the containers to have their interface in a bridge on the host.
Also this adds IPv6 addresses to the containers both with bridged and unbridged
network.
2016-04-02 17:07:41 +02:00
Vladimír Čunát
ab15a62c68 Merge branch 'master' into closure-size
Beware that stdenv doesn't build. It seems something more will be needed
than just resolution of merge conflicts.
2016-04-01 10:06:01 +02:00
Eelco Dolstra
4e356cefd7 Move the EC2 AMI registry from the NixOps repo
NixOps has infrequent releases, so it's not the best place for keeping
the list of current AMIs. Putting them in Nixpkgs means that AMI
updates will be delivered as part of the NixOS channels.
2016-03-31 14:16:51 +02:00
Franz Pletz
e5334ceca2 Merge pull request #14305 from benwbooth/xe-guest-utilities-6.2.0
xe-guest-utilities: init at 6.2.0
2016-03-31 10:12:42 +02:00
Eelco Dolstra
0d3738cdcc Fix the EC2 test
We now generate a qcow2 image to prevent hitting Hydra's output size
limit. Also updated /root/user-data -> /etc/ec2-metadata/user-data.

http://hydra.nixos.org/build/33843133
2016-03-30 21:50:23 +02:00
Ben Booth
449d908b88 xe-guest-utilities: init at 6.2.0
use mkEnableOption

use sha256

add xe-guest-utilities to module-list.nix
2016-03-30 09:27:40 -07:00
Domen Kožar
e2e56a902f fix eval 2016-03-30 16:43:36 +01:00
Domen Kožar
96be420e44 move growpart out of nixos into cloud-init package 2016-03-30 14:40:24 +01:00
Eelco Dolstra
5cc7bcda30 Combine OVA generation steps
Previously this was done in three derivations (one to build the raw
disk image, one to convert to OVA, one to add a hydra-build-products
file). Now it's done in one step to reduce the amount of copying
to/from S3. In particular, not uploading the raw disk image prevents
us from hitting hydra-queue-runner's size limit of 2 GiB.
2016-03-15 14:15:12 +01:00
Evgeny Egorochkin
cc947ef934 virtualization/azure: reorder WALA and SSHD 2016-03-13 13:57:31 +02:00
Evgeny Egorochkin
6f47b2c16d virtualization/azure: turn off verbose logging 2016-03-13 13:57:31 +02:00
Evgeny Egorochkin
0d4e5649dc virtualization/azure: make the image dynamic again since azure-cli upload bug is fixed 2016-03-13 13:57:30 +02:00
Evgeny Egorochkin
7a4684bee1 virtualization/azure: take entropy handling code out of WALA and execute it before SSHD generates the host keys 2016-03-13 13:57:30 +02:00
Cole Mickens
73487f4619 virtualization/azure: fixes
azure-agent: add option for verbose logging
azure-agent: disable ssh host key regeneration
azure-common: set verbose logging on
azure-image: increase size to 30GB
2016-03-13 13:57:30 +02:00
Rob Vermaas
ed5920ec65 Remove kill -9 -1 from initrd of amazon-image.nix. This causes a kernel panic. 2016-03-09 09:55:25 +00:00
Vladimír Čunát
09af15654f Merge master into closure-size
The kde-5 stuff still didn't merge well.
I hand-fixed what I saw, but there may be more problems.
2016-03-08 09:58:19 +01:00
Evgeny Egorochkin
18d43d74f6 azure-image: provide configuration.nix which allows nixos-rebuild to build a working generation and add helpful comments 2016-03-03 04:03:07 +02:00
Tanner Doshier
4e5ef470a7 ec2-data: ensure providing a SSH host key is actually optional
2701665904 broke this.
2016-02-25 20:11:49 -06:00
zimbatm
cfa99e5a99 Merge pull request #13114 from colemickens/azure
azure: package qemu 2.2.0 to fix VHD creation
2016-02-23 22:47:44 +00:00
Cole Mickens
86cbd505c5 azure-agent: switch back to upstream WALinuxAgent 2016-02-18 21:11:21 -08:00
Cole Mickens
718848d5aa azure: package qemu @ 2.2.0
This commit packages qemu-220. This package is qemu-2.2.0
and is only used with Azure.
2016-02-18 21:08:28 -08:00
Rob Vermaas
b2f2d2fef3 Fix azure image, by adding subformat=fixed to disk generation. 2016-02-17 12:02:52 +00:00
Vladimír Čunát
e9520e81b3 Merge branch 'master' into staging 2016-02-17 10:06:31 +01:00
Vladimír Čunát
d039c87984 Merge branch 'master' into closure-size 2016-02-14 08:33:51 +01:00
Eelco Dolstra
4d760edb94 Add FIXME 2016-02-09 16:15:57 +01:00
Rob Vermaas
fdbbcef8a2 Fix waagent revision, previous did not exist anymore. 2016-02-09 14:52:54 +00:00
Vladimír Čunát
a115bff08c Merge branch 'master' into staging 2016-02-07 13:52:42 +01:00
Aneesh Agrawal
3c5fca9618 filesystems: use list of strings for fs options
Allow usage of list of strings instead of a comma-separated string
for filesystem options. Deprecate the comma-separated string style
with a warning message; convert this to a hard error after 16.09.
15.09 was just released, so this provides a deprecation period during
the 16.03 release.

closes #10518

Signed-off-by: Robin Gloster <mail@glob.in>
2016-02-06 19:48:30 +00:00
Eelco Dolstra
2701665904 Fetch all EC2 metadata / user data in the initrd
Since we're already fetching one datum, we may as well fetch the
others needed by fetch-ec2-data. This also eliminates the dependency
on wget.
2016-02-04 15:45:54 +01:00
Eelco Dolstra
5c72b20dde amazon-init.nix: Be less spammy 2016-02-04 15:45:54 +01:00
Eelco Dolstra
95584666e9 amazon-init.nix: Don't run nixos-rebuild if we don't have to 2016-02-04 15:45:54 +01:00
Vladimír Čunát
ae74c356d9 Merge recent 'staging' into closure-size
Let's get rid of those merge conflicts.
2016-02-03 16:57:19 +01:00
Guillaume Maudoux
9f358f809d Configure a default trust store for openssl 2016-02-03 12:42:01 +01:00
Eelco Dolstra
e618492168 Revert "Do not relocate /nix and /tmp to small disks on AWS"
This reverts commit f10bead8fd because
it doesn't work - there is no lsblk in the initrd, and there is a
missing backslash.
2016-02-02 19:59:28 +01:00
Eelco Dolstra
cc925d0506 boot.initrd.network: Support DHCP
This allows us to use it for EC2 instances.
2016-02-02 19:59:27 +01:00
Eelco Dolstra
06731dfcae ec2: Don't use ephemeral disks for /nix unionfs
This is a regression introduced by merging the EBS and S3 images. The
EBS images had a special marker /.ebs to prevent the initrd from using
ephemeral storage for the unionfs, but this marker was missing in the
consolidated image.

The fix is to check the file ami-manifest-path on the metadata server
to see if we're an S3-based instance. This does require networking in
the initrd.

Issue #12613.
2016-02-02 19:59:27 +01:00
cransom user
f10bead8fd Do not relocate /nix and /tmp to small disks on AWS
The default behavior with an m3.medium instance is to relocate
/nix and /tmp to /disk0 because an assumption is made that any
ephemeral disk is larger than the root volume.  Rather than make
that assumption, add a check to see if the disk is larger, and
only then relocate /nix and /tmp.

This addresses https://github.com/NixOS/nixpkgs/issues/12613
2016-02-02 01:40:41 +00:00
Eelco Dolstra
2352e2589e audit: Disable in containers
This barfs:

Jan 18 12:46:32 machine 522i0x9l80z7gw56iahxjjsdjp0xi10q-audit-start[506]: The audit system is disabled
2016-01-26 16:25:40 +01:00
Domen Kožar
b39c51a362 Merge pull request #12323 from kragniz/rkt-v0.15.0
rkt: 0.14.0 -> 0.15.0
2016-01-21 22:27:33 +01:00
aszlig
c92d7481a5
multipath_tools: Rename to multipath-tools
See http://nixos.org/nixpkgs/manual/#sec-package-naming

I've added an alias for multipath_tools to make sure that we don't break
existing configurations referencing the old name.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-01-21 16:18:38 +01:00
Peter Jones
5b8c871842 If container name is already unique, don't append "-0"
When using `--ensure-unique-name`, don't needlessly append `"-0"` if the
container name is already unique.

This is especially helpful with NixOps since when it deploys to a
container it uses `--ensure-unique-name`.  This means that the container
name will never match the deployment host due to the `"-0"`.  Having the
container name and the host name match isn't exactly a requirement, but
it's nice to have and a small change.
2016-01-20 03:46:19 +01:00
Vladimír Čunát
716aac2519 Merge branch 'staging' into closure-size 2016-01-19 09:55:31 +01:00
Thomas Strobel
a04a7272aa Add missing 'type', 'defaultText' and 'literalExample' in module definitions
- add missing types in module definitions
- add missing 'defaultText' in module definitions
- wrap example with 'literalExample' where necessary in module definitions
2016-01-17 19:41:23 +01:00
Louis Taylor
6309f48137 rkt: 0.14.0 -> 0.15.0 2016-01-15 18:09:58 +00:00
Tristan Helmich
bce59a1a8b libvirtd service: Move mutable configs to /var
Modifies libvirt package to search for configs in /var/lib and changes
libvirtd service to copy the default configs to the new location.

This enables the user to change e.g. the networking configuration with
virsh or virt-manager and keep those settings.
2016-01-15 14:26:20 +01:00
Domen Kožar
7b0613d51e Revert "nixos/qemu-vm: Disable cache for $NIX_DISK_IMAGE"
This reverts commit 6353f580f9.

Unfortunately cache=none doesn't work with all filesystem options.

Hydra tests error out with: file system may not support O_DIRECT

See http://hydra.nixos.org/build/30323625/
2016-01-11 11:29:16 +01:00
Evgeny Egorochkin
ada9b3b666 azure-image: azure resource manager doesn't base64-encode custom data, unlike azure service manager 2016-01-10 11:35:44 +02:00
Arseniy Seroka
c03fe79265 Merge pull request #10996 from oxij/nixos-label
nixos: introduce system.nixosLabel support
2016-01-09 20:52:08 +03:00
Jan Malakhovski
119c8f91e7 nixos: introduce system.nixosLabel option and use it where appropriate
Setting nixosVersion to something custom is useful for meaningful GRUB
menus and /nix/store paths, but actuallly changing it rebulids the
whole system path (because of `nixos-version` script and manual
pages). Also, changing it is not a particularly good idea because you
can then be differentitated from other NixOS users by a lot of
programs that read /etc/os-release.

This patch introduces an alternative option that does all you want
from nixosVersion, but rebuilds only the very top system level and
/etc while using your label in the names of system /nix/store paths,
GRUB and other boot loaders' menus, getty greetings and so on.
2016-01-08 22:26:15 +00:00
Robin Gloster
88292fdf09 jobs -> systemd.services 2016-01-07 06:39:06 +00:00
Tobias Geerinckx-Rice
82419575aa btrfsProgs -> canonical btrfs-progs 2016-01-03 20:38:44 +01:00
Vladimír Čunát
f9f6f41bff Merge branch 'master' into closure-size
TODO: there was more significant refactoring of qtbase and plasma 5.5
on master, and I'm deferring pointing to correct outputs to later.
2015-12-31 09:53:02 +01:00
Dan Peebles
cd7612b841 amazon-image: enable configure-from-userdata and the corresponding VM test 2015-12-30 04:59:52 +00:00
Eelco Dolstra
74aac17878 Force rebuild of some corrupted files 2015-12-29 16:39:26 +01:00
Benno Fünfstück
79b4e5a8d7 docker module: fix kernel module loading
The docker module used different code for socket-activated docker daemon than for the non-socket activated daemon.
In particular, if the socket-activated daemon is used, then modprobe wasn't set up to be usable and in PATH for
the docker daemon, which resulted in a failure to start the daemon with overlayfs as storageDriver if the
`overlay` kernel module wasn't already loaded. This commit fixes that bug (which only appears if socket
activation is used), and also reduces the duplication between code paths so that it's easier to keep
both in sync in future.
2015-12-24 12:07:45 +01:00
Evgeny Egorochkin
dac2c65109 azure agent service: provide SSL certificates path 2015-12-19 22:10:35 +02:00
aszlig
6353f580f9
nixos/qemu-vm: Disable cache for $NIX_DISK_IMAGE
As @domenkozar noted in #10828, cache=writeback seems to do more harm
than good:

https://github.com/NixOS/nixpkgs/issues/10828#issuecomment-164426821

He has tested it using the openstack NixOS tests and found that
cache=none significantly improves startup performance.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2015-12-14 17:36:22 +01:00
aszlig
a5bc11f9eb
nixos/vm-tests: Remove msize mount option
This seems to be the root cause of the random page allocation failures
and @wizeman did a very good job on not only finding the root problem
but also giving a detailed explanation of it in #10828.

Here is an excerpt:

  The problem here is that the kernel is trying to allocate a contiguous
  section of 2^7=128 pages, which is 512 KB. This is way too much:
  kernel pages tend to get fragmented over time and kernel developers
  often go to great lengths to try allocating at most only 1 contiguous
  page at a time whenever they can.

  From the error message, it looks like the culprit is unionfs, but this
  is misleading: unionfs is the name of the userspace process that was
  running when the system ran out of memory, but it wasn't unionfs who
  was allocating the memory: it was the kernel; specifically it was the
  v9fs_dir_readdir_dotl() function, which is the code for handling the
  readdir() function in the 9p filesystem (the filesystem that is used
  to share a directory structure between a qemu host and its VM).

  If you look at the code, here's what it's doing at the moment it tries
  to allocate memory:

    buflen = fid->clnt->msize - P9_IOHDRSZ;

    rdir = v9fs_alloc_rdir_buf(file, buflen);

  If you look into v9fs_alloc_rdir_buf(), you will see that it will try
  to allocate a contiguous buffer of memory (using kzalloc(), which is a
  wrapper around kmalloc()) of size buflen + 8 bytes or so.

  So in reality, this code actually allocates a buffer of size
  proportional to fid->clnt->msize. What is this msize? If you follow
  the definition of the structures, you will see that it's the
  negotiated buffer transfer size between 9p client and 9p server. On
  the client side, it can be controlled with the msize mount option.

  What this all means is that, the reason for running out of memory is
  that the code (which we can't easily change) tries to allocate a
  contiguous buffer of size more or less equal to "negotiated 9p
  protocol buffer size", which seems to be way too big (in our NixOS
  tests, at least).

After that initial finding, @lethalman tested the gnome3 gdm test
without setting the msize parameter at all and it seems to have resolved
the problem.

The reason why I'm committing this without testing against all of the
NixOS VM test is basically that I think we can only go better but not
worse than the current state.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2015-12-14 17:26:24 +01:00
Domen Kožar
3fca941aeb virtualisation.qemu.options: specify type 2015-12-13 19:06:22 +01:00
Luca Bruno
5b0352a6a4 Merge branch 'master' into closure-size 2015-12-11 18:31:00 +01:00
Arseniy Seroka
79d0fc45a9 Merge pull request #11565 from jgillich/rkt
rkt: add service
2015-12-11 08:04:44 +03:00
Jakob Gillich
c85ada394f rkt: add service 2015-12-11 05:53:20 +01:00
Evgeny Egorochkin
c16f90f515 Azure image: update ssh key type, start before the Azure agent 2015-12-09 07:42:37 +02:00
Evgeny Egorochkin
6db67186f2 Azure image: package and add azure agent 2015-12-09 07:42:37 +02:00
Domen Kožar
7402dd4197 nova-image: don't use ec2-data since it delays the bootup time 2015-12-03 11:10:32 +01:00
Luca Bruno
920b1d3591 Merge branch 'master' into closure-size 2015-11-29 16:50:26 +01:00
lethalman
b97f5e8b33 Merge pull request #7993 from wavewave/extra-binds
nixos-container: support user-defined extra binds
2015-11-29 15:42:58 +01:00
Luca Bruno
a412927924 Merge remote-tracking branch 'origin/master' into closure-size 2015-11-25 21:37:30 +01:00
Luca Bruno
a6c42b5945 nixos/docker: enable socketActivation by default 2015-11-20 23:01:59 +01:00
Vladimír Čunát
333d69a5f0 Merge staging into closure-size
The most complex problems were from dealing with switches reverted in
the meantime (gcc5, gmp6, ncurses6).
It's likely that darwin is (still) broken nontrivially.
2015-11-20 14:32:58 +01:00
Tomasz Kontusz
d3f6434579 virtualbox service: hide vboxnet0 from NetworkManager, fixes #10862 2015-11-10 12:21:35 +01:00
Tuomas Tynkkynen
55b0097c4c nixos/virtualbox-guest: Reference correct output of xorgserver 2015-10-28 10:22:58 +01:00
Domen Kožar
f1508b3a23 nova-image: use make-disk-image.nix 2015-10-26 16:16:45 +01:00
Bjørn Forsman
5f17aeb403 nixos/docker: default storageDriver to "devicemapper"
Commit 9bfe92ecee ("docker: Minor improvements, fix failing test") added
the services.docker.storageDriver option, made it mandatory but didn't
give it a default value. This results in an ugly traceback when users
enable docker, if they don't pay enough attention to also set the
storageDriver option. (An attempt was made to add an assertion, but it
didn't work, possibly because of how "mkMerge" works.)

The arguments against a default value were that the optimal value
depends on the filesystem on the host. This is, AFAICT, only in part
true. (It seems some backends are filesystem agnostic.) Also, docker
itself uses a default storage driver, "devicemapper", when no
--storage-driver=x options are given. Hence, we use the same value as
default.

Add a FIXME comment that 'devicemapper' breaks NixOS VM tests (for yet
unknown reasons), so we still run those with the 'overlay' driver.

Closes #10100 and #10217.
2015-10-04 14:34:38 +02:00
Bjørn Forsman
424e6e501a nixos/modules: simplify pkgs.zfs handling
Thanks, @lethalman.
2015-10-04 14:31:16 +02:00
Casey Ransom
791b600aac nixos/docker: Include ZFS commands in PATH for ZFS storagedriver
When using the ZFS storagedriver in docker, it shells out for the ZFS
commands. The path configuration for the systemd task does not include
ZFS, so if the driver is set to ZFS, add ZFS utilities to the PATH.

This will resolve https://github.com/NixOS/nixpkgs/issues/10127

[Bjørn: prefix commit message with "nixos/docker:", remove extra space
before ';']
2015-10-04 14:13:56 +02:00
Eelco Dolstra
cab1483a95 Blacklist the xen_fbfront kernel module
This gets rid of a 30 second delay during boot. See e.g
https://github.com/coreos/bugs/issues/208.
2015-09-28 22:15:47 +02:00