diff options
| author | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2013-01-21 12:45:50 +0100 |
|---|---|---|
| committer | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2013-01-21 12:45:50 +0100 |
| commit | 1aaa726e7538df8dec5c462079f3239c3f4fcb4b (patch) | |
| tree | 62420745a9627c7f62363a506b6262831dad0a75 /modules/virtualisation | |
| parent | c30b65df4b3763a23616d59ffea6c8674b9ab9b3 (diff) | |
| parent | 1440e92ae8f7a7c3654307bcbf19ddf4c7f51f40 (diff) | |
| download | nixlib-1aaa726e7538df8dec5c462079f3239c3f4fcb4b.tar nixlib-1aaa726e7538df8dec5c462079f3239c3f4fcb4b.tar.gz nixlib-1aaa726e7538df8dec5c462079f3239c3f4fcb4b.tar.bz2 nixlib-1aaa726e7538df8dec5c462079f3239c3f4fcb4b.tar.lz nixlib-1aaa726e7538df8dec5c462079f3239c3f4fcb4b.tar.xz nixlib-1aaa726e7538df8dec5c462079f3239c3f4fcb4b.tar.zst nixlib-1aaa726e7538df8dec5c462079f3239c3f4fcb4b.zip | |
Merge remote-tracking branch 'origin/systemd'
Diffstat (limited to 'modules/virtualisation')
| -rw-r--r-- | modules/virtualisation/amazon-image.nix | 44 | ||||
| -rw-r--r-- | modules/virtualisation/ec2-data.nix | 31 | ||||
| -rw-r--r-- | modules/virtualisation/libvirtd.nix | 38 | ||||
| -rw-r--r-- | modules/virtualisation/nova-image.nix | 23 | ||||
| -rw-r--r-- | modules/virtualisation/qemu-vm.nix | 76 | ||||
| -rw-r--r-- | modules/virtualisation/virtualbox-guest.nix | 16 | ||||
| -rw-r--r-- | modules/virtualisation/virtualbox-image.nix | 10 |
7 files changed, 118 insertions, 120 deletions
diff --git a/modules/virtualisation/amazon-image.nix b/modules/virtualisation/amazon-image.nix index 9ada2b176fe3..38885d12b35c 100644 --- a/modules/virtualisation/amazon-image.nix +++ b/modules/virtualisation/amazon-image.nix @@ -50,6 +50,10 @@ with pkgs.lib; mkdir -p /mnt/etc touch /mnt/etc/NIXOS + # `switch-to-configuration' requires a /bin/sh + mkdir -p /mnt/bin + ln -s ${config.system.build.binsh}/bin/sh /mnt/bin/sh + # Install a configuration.nix. mkdir -p /mnt/etc/nixos cp ${./amazon-config.nix} /mnt/etc/nixos/configuration.nix @@ -62,17 +66,11 @@ with pkgs.lib; '' ); - fileSystems = - [ { mountPoint = "/"; - device = "/dev/disk/by-label/nixos"; - } - ]; + fileSystems."/".device = "/dev/disk/by-label/nixos"; - boot.initrd.kernelModules = [ "xen-blkfront" "aufs" ]; + boot.initrd.kernelModules = [ "xen-blkfront" ]; boot.kernelModules = [ "xen-netfront" ]; - boot.extraModulePackages = [ config.boot.kernelPackages.aufs ]; - # Generate a GRUB menu. Amazon's pv-grub uses this to boot our kernel/initrd. boot.loader.grub.device = "nodev"; boot.loader.grub.timeout = 0; @@ -93,12 +91,12 @@ with pkgs.lib; # while "m1.large" has two ephemeral filesystems and no swap # devices). Also, put /tmp and /var on /disk0, since it has a lot # more space than the root device. Similarly, "move" /nix to /disk0 - # by layering an AUFS on top of it so we have a lot more space for + # by layering a unionfs-fuse mount on top of it so we have a lot more space for # Nix operations. boot.initrd.postMountCommands = '' diskNr=0 - diskForAufs= + diskForUnionfs= for device in /dev/xvd[abcde]*; do if [ "$device" = /dev/xvda -o "$device" = /dev/xvda1 ]; then continue; fi fsType=$(blkid -o value -s TYPE "$device" || true) @@ -110,25 +108,31 @@ with pkgs.lib; diskNr=$((diskNr + 1)) echo "mounting $device on $mp..." if mountFS "$device" "$mp" "" ext3; then - if [ -z "$diskForAufs" ]; then diskForAufs="$mp"; fi + if [ -z "$diskForUnionfs" ]; then diskForUnionfs="$mp"; fi fi else echo "skipping unknown device type $device" fi done - if [ -n "$diskForAufs" ]; then - mkdir -m 755 -p $targetRoot/$diskForAufs/root + if [ -n "$diskForUnionfs" ]; then + mkdir -m 755 -p $targetRoot/$diskForUnionfs/root - mkdir -m 1777 -p $targetRoot/$diskForAufs/root/tmp $targetRoot/tmp - mount --bind $targetRoot/$diskForAufs/root/tmp $targetRoot/tmp + mkdir -m 1777 -p $targetRoot/$diskForUnionfs/root/tmp $targetRoot/tmp + mount --bind $targetRoot/$diskForUnionfs/root/tmp $targetRoot/tmp if [ ! -e $targetRoot/.ebs ]; then - mkdir -m 755 -p $targetRoot/$diskForAufs/root/var $targetRoot/var - mount --bind $targetRoot/$diskForAufs/root/var $targetRoot/var + mkdir -m 755 -p $targetRoot/$diskForUnionfs/root/var $targetRoot/var + mount --bind $targetRoot/$diskForUnionfs/root/var $targetRoot/var + + mkdir -p /unionfs-chroot/ro-nix + mount --rbind $targetRoot/nix /unionfs-chroot/ro-nix - mkdir -m 755 -p $targetRoot/$diskForAufs/root/nix - mount -t aufs -o dirs=$targetRoot/$diskForAufs/root/nix=rw:$targetRoot/nix=rr none $targetRoot/nix + mkdir -m 755 -p $targetRoot/$diskForUnionfs/root/nix + mkdir -p /unionfs-chroot/rw-nix + mount --rbind $targetRoot/$diskForUnionfs/root/nix /unionfs-chroot/rw-nix + + unionfs -o allow_other,cow,nonempty,chroot=/unionfs-chroot /rw-nix=RW:/ro-nix=RO $targetRoot/nix fi fi ''; @@ -153,4 +157,6 @@ with pkgs.lib; # Always include cryptsetup so that Charon can use it. environment.systemPackages = [ pkgs.cryptsetup ]; + + boot.initrd.supportedFilesystems = [ "unionfs-fuse" ]; } diff --git a/modules/virtualisation/ec2-data.nix b/modules/virtualisation/ec2-data.nix index e094ae54093c..42c50d857e42 100644 --- a/modules/virtualisation/ec2-data.nix +++ b/modules/virtualisation/ec2-data.nix @@ -19,21 +19,21 @@ in { require = [options]; - jobs.fetchEC2Data = - { name = "fetch-ec2-data"; + systemd.services."fetch-ec2-data" = + { description = "Fetch EC2 Data"; - startOn = "ip-up"; - - task = true; + wantedBy = [ "multi-user.target" ]; + before = [ "sshd.service" ]; + after = [ "network.target" ]; path = [ pkgs.curl pkgs.iproute ]; script = '' ip route del blackhole 169.254.169.254/32 || true - + curl="curl --retry 3 --retry-delay 0 --fail" - + echo "setting host name..." ${optionalString (config.networking.hostName == "") '' ${pkgs.nettools}/bin/hostname $($curl http://169.254.169.254/1.0/meta-data/hostname) @@ -73,12 +73,15 @@ in ip route add blackhole 169.254.169.254/32 ''} ''; + + serviceConfig.Type = "oneshot"; + serviceConfig.RemainAfterExit = true; }; - jobs.printHostKey = - { name = "print-host-key"; - task = true; - startOn = "started sshd"; + systemd.services."print-host-key" = + { description = "Print SSH Host Key"; + wantedBy = [ "multi-user.target" ]; + after = [ "sshd.service" ]; script = '' # Print the host public key on the console so that the user @@ -88,10 +91,8 @@ in ${pkgs.openssh}/bin/ssh-keygen -l -f /etc/ssh/ssh_host_dsa_key.pub > /dev/console echo "-----END SSH HOST KEY FINGERPRINTS-----" > /dev/console ''; + serviceConfig.Type = "oneshot"; + serviceConfig.RemainAfterExit = true; }; - # Only start sshd after we've obtained the host key (if given in the - # user data), otherwise the sshd job will generate one itself. - jobs.sshd.startOn = mkOverride 90 "stopped fetch-ec2-data"; - } diff --git a/modules/virtualisation/libvirtd.nix b/modules/virtualisation/libvirtd.nix index 66bbb757c705..757a20f61648 100644 --- a/modules/virtualisation/libvirtd.nix +++ b/modules/virtualisation/libvirtd.nix @@ -49,11 +49,11 @@ in boot.kernelModules = [ "tun" ]; - jobs.libvirtd = - { description = "Libvirtd virtual machine management daemon"; + systemd.services.libvirtd = + { description = "Libvirt Virtual Machine Management Daemon"; - startOn = "stopped udevtrigger"; - stopOn = ""; + wantedBy = [ "multi-user.target" ]; + after = [ "systemd-udev-settle.service" ]; path = [ pkgs.bridge_utils pkgs.dmidecode pkgs.dnsmasq @@ -83,7 +83,9 @@ in done ''; # */ - exec = "${pkgs.libvirt}/sbin/libvirtd --daemon --verbose"; + serviceConfig.ExecStart = "@${pkgs.libvirt}/sbin/libvirtd libvirtd --daemon --verbose"; + serviceConfig.Type = "forking"; + serviceConfig.KillMode = "process"; # when stopping, leave the VMs alone # Wait until libvirtd is ready to accept requests. postStart = @@ -94,18 +96,17 @@ in done exit 1 # !!! seems to be ignored ''; - - daemonType = "daemon"; }; - # !!! Split this into save and restore tasks. jobs."libvirt-guests" = - { description = "Job to save/restore libvirtd VMs"; + { description = "Libvirt Virtual Machines"; - startOn = "started libvirtd"; + wantedBy = [ "multi-user.target" ]; + wants = [ "libvirtd.service" ]; + after = [ "libvirtd.service" ]; # We want to suspend VMs only on shutdown, but Upstart is broken. - stopOn = ""; + #stopOn = ""; restartIfChanged = false; @@ -119,19 +120,8 @@ in postStop = "${pkgs.libvirt}/etc/rc.d/init.d/libvirt-guests stop"; - respawn = false; - }; - - jobs."stop-libvirt" = - { description = "Helper task to stop libvirtd and libvirt-guests on shutdown"; - task = true; - restartIfChanged = false; - startOn = "starting shutdown"; - script = - '' - stop libvirt-guests || true - stop libvirtd || true - ''; + serviceConfig.Type = "oneshot"; + serviceConfig.RemainAfterExit = true; }; }; diff --git a/modules/virtualisation/nova-image.nix b/modules/virtualisation/nova-image.nix index ea4dbcc4dd4c..0ce5d218cdb4 100644 --- a/modules/virtualisation/nova-image.nix +++ b/modules/virtualisation/nova-image.nix @@ -68,18 +68,10 @@ with pkgs.lib; '' ); - fileSystems = - [ { mountPoint = "/"; - device = "/dev/disk/by-label/nixos"; - } - ]; + fileSystems."/".device = "/dev/disk/by-label/nixos"; boot.kernelParams = [ "console=ttyS0" ]; - boot.initrd.kernelModules = [ "aufs" ]; - - boot.extraModulePackages = [ config.boot.kernelPackages.aufs ]; - boot.loader.grub.version = 2; boot.loader.grub.device = "/dev/vda"; boot.loader.grub.timeout = 0; @@ -87,8 +79,8 @@ with pkgs.lib; # Put /tmp and /var on /ephemeral0, which has a lot more space. # Unfortunately we can't do this with the `fileSystems' option # because it has no support for creating the source of a bind - # mount. Also, "move" /nix to /ephemeral0 by layering an AUFS - # on top of it so we have a lot more space for Nix operations. + # mount. Also, "move" /nix to /ephemeral0 by layering a unionfs-fuse + # mount on top of it so we have a lot more space for Nix operations. /* boot.initrd.postMountCommands = '' @@ -100,9 +92,16 @@ with pkgs.lib; mkdir -m 755 -p $targetRoot/var mount --bind $targetRoot/ephemeral0/var $targetRoot/var + mkdir -p /unionfs-chroot/ro-nix + mount --rbind $targetRoot/nix /unionfs-chroot/ro-nix + + mkdir -p /unionfs-chroot/rw-nix mkdir -m 755 -p $targetRoot/ephemeral0/nix - mount -t aufs -o dirs=$targetRoot/ephemeral0/nix=rw:$targetRoot/nix=rr none $targetRoot/nix + mount --rbind $targetRoot/ephemeral0/nix /unionfs-chroot/rw-nix + unionfs -o allow_other,cow,nonempty,chroot=/unionfs-chroot /rw-nix=RW:/ro-nix=RO $targetRoot/nix ''; + + boot.initrd.supportedFilesystems = [ "unionfs-fuse" ]; */ # Since Nova allows VNC access to instances, it's nice to start to diff --git a/modules/virtualisation/qemu-vm.nix b/modules/virtualisation/qemu-vm.nix index c30086487a74..b35b311819a8 100644 --- a/modules/virtualisation/qemu-vm.nix +++ b/modules/virtualisation/qemu-vm.nix @@ -95,7 +95,7 @@ let description = '' If enabled, the Nix store in the VM is made writable by - layering an AUFS/tmpfs filesystem on top of the host's Nix + layering a unionfs-fuse/tmpfs filesystem on top of the host's Nix store. ''; }; @@ -252,11 +252,9 @@ in # CIFS. Also use paravirtualised network and block devices for # performance. boot.initrd.availableKernelModules = - [ "cifs" "nls_utf8" "hmac" "md4" "ecb" "des_generic" ] - ++ optional cfg.writableStore [ "aufs" ]; + [ "cifs" "nls_utf8" "hmac" "md4" "ecb" "des_generic" ]; - boot.extraModulePackages = - optional cfg.writableStore config.boot.kernelPackages.aufs; + boot.initrd.supportedFilesystems = optional cfg.writableStore "unionfs-fuse"; boot.initrd.extraUtilsCommands = '' @@ -290,9 +288,12 @@ in mkdir -p $targetRoot/boot mount -o remount,ro $targetRoot/nix/store ${optionalString cfg.writableStore '' - mkdir /mnt-store-tmpfs - mount -t tmpfs -o "mode=755" none /mnt-store-tmpfs - mount -t aufs -o dirs=/mnt-store-tmpfs=rw:$targetRoot/nix/store=rr none $targetRoot/nix/store + mkdir -p /unionfs-chroot/ro-store + mount --rbind $targetRoot/nix/store /unionfs-chroot/ro-store + + mkdir /unionfs-chroot/rw-store + mount -t tmpfs -o "mode=755" none /unionfs-chroot/rw-store + unionfs -o allow_other,cow,nonempty,chroot=/unionfs-chroot /rw-store=RW:/ro-store=RO $targetRoot/nix/store ''} ''; @@ -322,35 +323,33 @@ in # where the regular value for the `fileSystems' attribute should be # disregarded for the purpose of building a VM test image (since # those filesystems don't exist in the VM). - fileSystems = mkOverride 50 ( - [ { mountPoint = "/"; - device = "/dev/vda"; - } - { mountPoint = "/nix/store"; - device = "//10.0.2.4/store"; - fsType = "cifs"; - options = "guest,sec=none,noperm,noacl"; - neededForBoot = true; - } - { mountPoint = "/tmp/xchg"; - device = "//10.0.2.4/xchg"; - fsType = "cifs"; - options = "guest,sec=none,noperm,noacl"; - neededForBoot = true; - } - { mountPoint = "/tmp/shared"; - device = "//10.0.2.4/shared"; - fsType = "cifs"; - options = "guest,sec=none,noperm,noacl"; - neededForBoot = true; - } - ] ++ optional cfg.useBootLoader - { mountPoint = "/boot"; - device = "/dev/disk/by-label/boot"; - fsType = "ext4"; - options = "ro"; - noCheck = true; # fsck fails on a r/o filesystem - }); + fileSystems = + { "/".device = "/dev/vda"; + "/nix/store" = + { device = "//10.0.2.4/store"; + fsType = "cifs"; + options = "guest,sec=none,noperm,noacl"; + }; + "/tmp/xchg" = + { device = "//10.0.2.4/xchg"; + fsType = "cifs"; + options = "guest,sec=none,noperm,noacl"; + neededForBoot = true; + }; + "/tmp/shared" = + { device = "//10.0.2.4/shared"; + fsType = "cifs"; + options = "guest,sec=none,noperm,noacl"; + neededForBoot = true; + }; + } // optionalAttrs cfg.useBootLoader + { "/boot" = + { device = "/dev/disk/by-label/boot"; + fsType = "ext4"; + options = "ro"; + noCheck = true; # fsck fails on a r/o filesystem + }; + }; swapDevices = mkOverride 50 [ ]; @@ -365,6 +364,7 @@ in networking.interfaces = singleton { name = "eth0"; ipAddress = "10.0.2.15"; + prefixLength = 24; }; # Don't run ntpd in the guest. It should get the correct time from KVM. @@ -397,8 +397,6 @@ in VertRefresh 50-160 ''; - services.mingetty.ttys = ttys ++ optional (!cfg.graphics) "ttyS0"; - # Wireless won't work in the VM. networking.wireless.enable = mkOverride 50 false; diff --git a/modules/virtualisation/virtualbox-guest.nix b/modules/virtualisation/virtualbox-guest.nix index a204f56b2eed..262afae2cf6e 100644 --- a/modules/virtualisation/virtualbox-guest.nix +++ b/modules/virtualisation/virtualbox-guest.nix @@ -11,7 +11,7 @@ let in -if (pkgs.stdenv.isi686 || pkgs.stdenv.isx86_64) then +optionalAttrs (pkgs.stdenv.isi686 || pkgs.stdenv.isx86_64) # ugly... { ###### interface @@ -41,9 +41,11 @@ if (pkgs.stdenv.isi686 || pkgs.stdenv.isx86_64) then users.extraGroups = singleton { name = "vboxsf"; }; jobs.virtualbox = - { description = "VirtualBox service"; + { description = "VirtualBox Guest Services"; - startOn = "started udev"; + wantedBy = [ "multi-user.target" ]; + requires = [ "dev-vboxguest.device" ]; + after = [ "dev-vboxguest.device" ]; exec = "${kernel.virtualboxGuestAdditions}/sbin/VBoxService --foreground"; }; @@ -62,7 +64,7 @@ if (pkgs.stdenv.isi686 || pkgs.stdenv.isx86_64) then '' InputDevice "VBoxMouse" ''; - + services.xserver.displayManager.sessionCommands = '' PATH=${makeSearchPath "bin" [ pkgs.gnugrep pkgs.which pkgs.xorg.xorgserver ]}:$PATH \ @@ -74,12 +76,14 @@ if (pkgs.stdenv.isi686 || pkgs.stdenv.isx86_64) then # /dev/vboxuser is necessary for VBoxClient to work. Maybe we # should restrict this to logged-in users. KERNEL=="vboxuser", OWNER="root", GROUP="root", MODE="0666" + + # Allow systemd dependencies on vboxguest. + KERNEL=="vboxguest", TAG+="systemd" ''; - # Make the ACPI Shutdown command to do the right thing. + # Make the ACPI Shutdown command to do the right thing. services.acpid.enable = true; services.acpid.powerEventCommands = "poweroff"; }; } -else {} diff --git a/modules/virtualisation/virtualbox-image.nix b/modules/virtualisation/virtualbox-image.nix index f049c5eb348a..373195a9d688 100644 --- a/modules/virtualisation/virtualbox-image.nix +++ b/modules/virtualisation/virtualbox-image.nix @@ -63,6 +63,10 @@ with pkgs.lib; mkdir -p /mnt/etc/nixos cp ${./nova-config.nix} /mnt/etc/nixos/configuration.nix + # `switch-to-configuration' requires a /bin/sh + mkdir -p /mnt/bin + ln -s ${config.system.build.binsh}/bin/sh /mnt/bin/sh + # Generate the GRUB menu. chroot /mnt ${config.system.build.toplevel}/bin/switch-to-configuration boot @@ -71,11 +75,7 @@ with pkgs.lib; '' ); - fileSystems = - [ { mountPoint = "/"; - device = "/dev/disk/by-label/nixos"; - } - ]; + fileSystems."/".device = "/dev/disk/by-label/nixos"; boot.loader.grub.version = 2; boot.loader.grub.device = "/dev/sda"; |