pyrox.dev / nixpkgs
lol
fork atom

Merge pull request #260595 from adamcstephens/lxc/squashfs

lxc-container: add squashfs image support and release output

Maciej Krüger 1ecbbb6e 5fb48709

options
unified split
Changed files
+54 -5
nixos
lib
make-squashfs.nix
modules
virtualisation
lxc-container.nix
release.nix
tests
lxd
container.nix
+10 -3
nixos/lib/make-squashfs.nix 
···

       
1

       
1

       
 

       
{ lib, stdenv, squashfsTools, closureInfo


     

       
2

       
2

       
 

       



     

       

       
3

       
+

       
,  fileName ? "squashfs"


     

       
3

       
4

       
 

       
, # The root directory of the squashfs filesystem is filled with the


     

       
4

       
5

       
 

       
  # closures of the Nix store paths listed here.


     

       
5

       
6

       
 

       
  storeContents ? []


     

       

       
7

       
+

       
  # Pseudo files to be added to squashfs image


     

       

       
8

       
+

       
, pseudoFiles ? []


     

       

       
9

       
+

       
, noStrip ? false


     

       
6

       
10

       
 

       
, # Compression parameters.


     

       
7

       
11

       
 

       
  # For zstd compression you can use "zstd -Xcompression-level 6".


     

       
8

       
12

       
 

       
  comp ? "xz -Xdict-size 100%"


     

       
9

       
13

       
 

       
}:


     

       
10

       
14

       
 

       



     

       

       
15

       
+

       
let


     

       

       
16

       
+

       
  pseudoFilesArgs = lib.concatMapStrings (f: ''-p "${f}" '') pseudoFiles;


     

       

       
17

       
+

       
in


     

       
11

       
18

       
 

       
stdenv.mkDerivation {


     

       
12

       

       
-

       
  name = "squashfs.img";


     

       

       
19

       
+

       
  name = "${fileName}.img";


     

       
13

       
20

       
 

       
  __structuredAttrs = true;


     

       
14

       
21

       
 

       



     

       
15

       
22

       
 

       
  nativeBuildInputs = [ squashfsTools ];


     
···

       
31

       
38

       
 

       
    '' + ''


     

       
32

       
39

       
 

       



     

       
33

       
40

       
 

       
      # Generate the squashfs image.


     

       
34

       

       
-

       
      mksquashfs nix-path-registration $(cat $closureInfo/store-paths) $out \


     

       
35

       

       
-

       
        -no-hardlinks -keep-as-directory -all-root -b 1048576 -comp ${comp} \


     

       

       
41

       
+

       
      mksquashfs nix-path-registration $(cat $closureInfo/store-paths) $out ${pseudoFilesArgs} \


     

       

       
42

       
+

       
        -no-hardlinks ${lib.optionalString noStrip "-no-strip"} -keep-as-directory -all-root -b 1048576 -comp ${comp} \


     

       
36

       
43

       
 

       
        -processors $NIX_BUILD_CORES


     

       
37

       
44

       
 

       
    '';


     

       
38

       
45

       
 

       
}
+17 -1
nixos/modules/virtualisation/lxc-container.nix 
···

       
37

       
37

       
 

       
        ${config.nix.package.out}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system


     

       
38

       
38

       
 

       
      '';


     

       
39

       
39

       
 

       



     

       
40

       

       
-

       
    # TODO: build rootfs as squashfs for faster unpack


     

       
41

       
40

       
 

       
    system.build.tarball = pkgs.callPackage ../../lib/make-system-tarball.nix {


     

       
42

       
41

       
 

       
      extraArgs = "--owner=0";


     

       
43

       
42

       
 

       



     
···

       
62

       
61

       
 

       
      ];


     

       
63

       
62

       
 

       



     

       
64

       
63

       
 

       
      extraCommands = "mkdir -p proc sys dev";


     

       

       
64

       
+

       
    };


     

       

       
65

       
+

       



     

       

       
66

       
+

       
    system.build.squashfs = pkgs.callPackage ../../lib/make-squashfs.nix {


     

       

       
67

       
+

       
      fileName = "nixos-lxc-image-${pkgs.stdenv.hostPlatform.system}";


     

       

       
68

       
+

       



     

       

       
69

       
+

       
      noStrip = true; # keep directory structure


     

       

       
70

       
+

       
      comp = "zstd -Xcompression-level 6";


     

       

       
71

       
+

       



     

       

       
72

       
+

       
      storeContents = [config.system.build.toplevel];


     

       

       
73

       
+

       



     

       

       
74

       
+

       
      pseudoFiles = [


     

       

       
75

       
+

       
        "/sbin d 0755 0 0"


     

       

       
76

       
+

       
        "/sbin/init s 0555 0 0 ${config.system.build.toplevel}/init"


     

       

       
77

       
+

       
        "/dev d 0755 0 0"


     

       

       
78

       
+

       
        "/proc d 0555 0 0"


     

       

       
79

       
+

       
        "/sys d 0555 0 0"


     

       

       
80

       
+

       
      ];


     

       
65

       
81

       
 

       
    };


     

       
66

       
82

       
 

       



     

       
67

       
83

       
 

       
    system.build.installBootLoader = pkgs.writeScript "install-lxd-sbin-init.sh" ''
+15
nixos/release.nix 
···

       
328

       
328

       
 

       



     

       
329

       
329

       
 

       
  );


     

       
330

       
330

       
 

       



     

       

       
331

       
+

       
  lxdContainerImageSquashfs = forMatchingSystems [ "x86_64-linux" "aarch64-linux" ] (system:


     

       

       
332

       
+

       



     

       

       
333

       
+

       
    with import ./.. { inherit system; };


     

       

       
334

       
+

       



     

       

       
335

       
+

       
    hydraJob ((import lib/eval-config.nix {


     

       

       
336

       
+

       
      inherit system;


     

       

       
337

       
+

       
      modules =


     

       

       
338

       
+

       
        [ configuration


     

       

       
339

       
+

       
          versionModule


     

       

       
340

       
+

       
          ./maintainers/scripts/lxd/lxd-container-image.nix


     

       

       
341

       
+

       
        ];


     

       

       
342

       
+

       
    }).config.system.build.squashfs)


     

       

       
343

       
+

       



     

       

       
344

       
+

       
  );


     

       

       
345

       
+

       



     

       
331

       
346

       
 

       
  # Metadata for the lxd image


     

       
332

       
347

       
 

       
  lxdContainerMeta = forMatchingSystems [ "x86_64-linux" "aarch64-linux" ] (system:


     

       
333

       
348
+12 -1
nixos/tests/lxd/container.nix 
···

       
13

       
13

       
 

       



     

       
14

       
14

       
 

       
  lxd-image-metadata = releases.lxdContainerMeta.${pkgs.stdenv.hostPlatform.system};


     

       
15

       
15

       
 

       
  lxd-image-rootfs = releases.lxdContainerImage.${pkgs.stdenv.hostPlatform.system};


     

       

       
16

       
+

       
  lxd-image-rootfs-squashfs = releases.lxdContainerImageSquashfs.${pkgs.stdenv.hostPlatform.system};


     

       
16

       
17

       
 

       



     

       
17

       
18

       
 

       
in {


     

       
18

       
19

       
 

       
  name = "lxd-container";


     
···

       
23

       
24

       
 

       



     

       
24

       
25

       
 

       
  nodes.machine = { lib, ... }: {


     

       
25

       
26

       
 

       
    virtualisation = {


     

       
26

       

       
-

       
      diskSize = 4096;


     

       

       
27

       
+

       
      diskSize = 6144;


     

       
27

       
28

       
 

       



     

       
28

       
29

       
 

       
      # Since we're testing `limits.cpu`, we've gotta have a known number of


     

       
29

       
30

       
 

       
      # cores to lean on


     
···

       
60

       
61

       
 

       



     

       
61

       
62

       
 

       
    with subtest("Container can be managed"):


     

       
62

       
63

       
 

       
        machine.succeed("lxc launch nixos container")


     

       

       
64

       
+

       
        with machine.nested("Waiting for instance to start and be usable"):


     

       

       
65

       
+

       
          retry(instance_is_up)


     

       

       
66

       
+

       
        machine.succeed("echo true | lxc exec container /run/current-system/sw/bin/bash -")


     

       

       
67

       
+

       
        machine.succeed("lxc delete -f container")


     

       

       
68

       
+

       



     

       

       
69

       
+

       
    with subtest("Squashfs image is functional"):


     

       

       
70

       
+

       
        machine.succeed(


     

       

       
71

       
+

       
            "lxc image import ${lxd-image-metadata}/*/*.tar.xz ${lxd-image-rootfs-squashfs} --alias nixos-squashfs"


     

       

       
72

       
+

       
        )


     

       

       
73

       
+

       
        machine.succeed("lxc launch nixos-squashfs container")


     

       
63

       
74

       
 

       
        with machine.nested("Waiting for instance to start and be usable"):


     

       
64

       
75

       
 

       
          retry(instance_is_up)


     

       
65

       
76

       
 

       
        machine.succeed("echo true | lxc exec container /run/current-system/sw/bin/bash -")