From 362d1d6218e04aad7d9bbf93227d227666f29e6d Mon Sep 17 00:00:00 2001 From: ilian Date: Sat, 17 Apr 2021 21:09:25 +0200 Subject: [PATCH 01/12] oci-image: init scripts to build and upload image Add image configuration for Oracle Cloud Infrastructure and scripts to build and upload the image as a Custom Image. --- nixos/maintainers/scripts/oci/create-image.sh | 10 ++ nixos/maintainers/scripts/oci/upload-image.sh | 98 +++++++++++++++++++ nixos/modules/virtualisation/oci-common.nix | 39 ++++++++ .../virtualisation/oci-config-user.nix | 12 +++ nixos/modules/virtualisation/oci-image.nix | 49 ++++++++++ 5 files changed, 208 insertions(+) create mode 100755 nixos/maintainers/scripts/oci/create-image.sh create mode 100755 nixos/maintainers/scripts/oci/upload-image.sh create mode 100644 nixos/modules/virtualisation/oci-common.nix create mode 100644 nixos/modules/virtualisation/oci-config-user.nix create mode 100644 nixos/modules/virtualisation/oci-image.nix diff --git a/nixos/maintainers/scripts/oci/create-image.sh b/nixos/maintainers/scripts/oci/create-image.sh new file mode 100755 index 000000000000..f876872289cd --- /dev/null +++ b/nixos/maintainers/scripts/oci/create-image.sh @@ -0,0 +1,10 @@ +#! /usr/bin/env bash + +export NIX_PATH=nixpkgs=$(dirname $(readlink -f $0))/../../../.. +export NIXOS_CONFIG=$(dirname $(readlink -f $0))/../../../modules/virtualisation/oci-image.nix + +nix-build '' \ + -A config.system.build.OCIImage \ + --argstr system x86_64-linux \ + --option system-features kvm \ + -o oci-image diff --git a/nixos/maintainers/scripts/oci/upload-image.sh b/nixos/maintainers/scripts/oci/upload-image.sh new file mode 100755 index 000000000000..ef5413b26ba2 --- /dev/null +++ b/nixos/maintainers/scripts/oci/upload-image.sh @@ -0,0 +1,98 @@ +#! /usr/bin/env bash + +script_dir="$(dirname $(readlink -f $0))" +nixpkgs_root="$script_dir/../../../.." +export NIX_PATH="nixpkgs=$nixpkgs_root" + +cat - < Date: Fri, 28 May 2021 21:49:44 -0400 Subject: [PATCH 02/12] maintainers/scripts/oci: Allow A1 image builds --- nixos/maintainers/scripts/oci/create-image.sh | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/nixos/maintainers/scripts/oci/create-image.sh b/nixos/maintainers/scripts/oci/create-image.sh index f876872289cd..30583a20a1c6 100755 --- a/nixos/maintainers/scripts/oci/create-image.sh +++ b/nixos/maintainers/scripts/oci/create-image.sh @@ -3,8 +3,20 @@ export NIX_PATH=nixpkgs=$(dirname $(readlink -f $0))/../../../.. export NIXOS_CONFIG=$(dirname $(readlink -f $0))/../../../modules/virtualisation/oci-image.nix +if (( $# < 1 )); then + ( + echo "Usage: create-image.sh " + echo + echo "Where is one of:" + echo " x86_64-linux" + echo " aarch64-linux" + ) >&2 +fi + +system="$1"; shift + nix-build '' \ -A config.system.build.OCIImage \ - --argstr system x86_64-linux \ + --argstr system "$system" \ --option system-features kvm \ -o oci-image From 3a35abf1697862b109230cd1ba89637a01b76c0d Mon Sep 17 00:00:00 2001 From: Samuel Dionne-Riel Date: Fri, 28 May 2021 21:52:04 -0400 Subject: [PATCH 03/12] nixos/oci-image: Minor cleanup --- nixos/modules/virtualisation/oci-image.nix | 3 --- 1 file changed, 3 deletions(-) diff --git a/nixos/modules/virtualisation/oci-image.nix b/nixos/modules/virtualisation/oci-image.nix index 6466d20c9168..58a32b16aada 100644 --- a/nixos/modules/virtualisation/oci-image.nix +++ b/nixos/modules/virtualisation/oci-image.nix @@ -1,8 +1,5 @@ - { config, lib, pkgs, ... }: -with lib; - { imports = [ ./oci-common.nix ]; From 9849ccb2417d8de68b2c568bee8d58d41953d6b4 Mon Sep 17 00:00:00 2001 From: Samuel Dionne-Riel Date: Fri, 28 May 2021 21:57:58 -0400 Subject: [PATCH 04/12] nixos: Add OCI image options Follows what amazon images does. --- nixos/modules/module-list.nix | 1 + nixos/modules/virtualisation/oci-options.nix | 14 ++++++++++++++ 2 files changed, 15 insertions(+) create mode 100644 nixos/modules/virtualisation/oci-options.nix diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index e17d430e59b6..2911e3c2d69a 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -1484,6 +1484,7 @@ ./virtualisation/nixos-containers.nix ./virtualisation/oci-containers.nix ./virtualisation/openstack-options.nix + ./virtualisation/oci-options.nix ./virtualisation/openvswitch.nix ./virtualisation/parallels-guest.nix ./virtualisation/podman/default.nix diff --git a/nixos/modules/virtualisation/oci-options.nix b/nixos/modules/virtualisation/oci-options.nix new file mode 100644 index 000000000000..15c7b30863db --- /dev/null +++ b/nixos/modules/virtualisation/oci-options.nix @@ -0,0 +1,14 @@ +{ config, lib, pkgs, ... }: +{ + options = { + oci = { + efi = lib.mkOption { + default = pkgs.stdenv.hostPlatform.isAarch64; + internal = true; + description = '' + Whether the OCI instance is using EFI. + ''; + }; + }; + }; +} From d944fb4a19bc55729e7dac824bde69e600df3d8f Mon Sep 17 00:00:00 2001 From: Samuel Dionne-Riel Date: Fri, 28 May 2021 22:00:37 -0400 Subject: [PATCH 05/12] nixos/virtualization: Allow building EFI OCI images --- nixos/modules/virtualisation/oci-image.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/nixos/modules/virtualisation/oci-image.nix b/nixos/modules/virtualisation/oci-image.nix index 58a32b16aada..d4af5016dd71 100644 --- a/nixos/modules/virtualisation/oci-image.nix +++ b/nixos/modules/virtualisation/oci-image.nix @@ -1,5 +1,8 @@ { config, lib, pkgs, ... }: +let + cfg = config.oci; +in { imports = [ ./oci-common.nix ]; @@ -10,6 +13,7 @@ configFile = ./oci-config-user.nix; format = "qcow2"; diskSize = 8192; + partitionTableType = if cfg.efi then "efi" else "legacy"; }; systemd.services.fetch-ssh-keys = { From 2eb41eb2087cbf7ae51c3fbe09888f1df19aaad3 Mon Sep 17 00:00:00 2001 From: Samuel Dionne-Riel Date: Fri, 28 May 2021 22:02:14 -0400 Subject: [PATCH 06/12] nixos/virtualization: Allow building EFI / A1 OCI images A couple notes: --------------- Adding invalid `console=` parameters is not an issue. Any invalid console is unused. The kernel will use the "rightmost" (last) valid `console=` parameter as the default output. Thus the SBBR-mandated AMA0 on A1, and ttyS0 on x86_64 as documented by Oracle. `nvme_core.shutdown_timeout=10` was added as it was written this way in the A1 images. Unclear whether `nvme.shutdown_timeout=10` is wrong. At worst this is a no-op. --- nixos/modules/virtualisation/oci-common.nix | 28 +++++++++++++++++---- 1 file changed, 23 insertions(+), 5 deletions(-) diff --git a/nixos/modules/virtualisation/oci-common.nix b/nixos/modules/virtualisation/oci-common.nix index f6327445a328..edca4144c089 100644 --- a/nixos/modules/virtualisation/oci-common.nix +++ b/nixos/modules/virtualisation/oci-common.nix @@ -1,16 +1,26 @@ -{ lib, pkgs, ... }: +{ config, lib, pkgs, ... }: -with lib; +let + cfg = config.oci; +in { imports = [ ../profiles/qemu-guest.nix ]; # Taken from /proc/cmdline of Ubuntu 20.04.2 LTS on OCI boot.kernelParams = [ - "console=tty1" - "console=ttyS0" "nvme.shutdown_timeout=10" + "nvme_core.shutdown_timeout=10" "libiscsi.debug_libiscsi_eh=1" "crash_kexec_post_notifiers" + + # VNC console + "console=tty1" + + # x86_64-linux + "console=ttyS0" + + # aarch64-linux + "console=ttyAMA0,115200" ]; boot.growPartition = true; @@ -21,15 +31,23 @@ with lib; autoResize = true; }; + fileSystems."/boot" = lib.mkIf cfg.efi { + device = "/dev/disk/by-label/ESP"; + fsType = "vfat"; + }; + + boot.loader.efi.canTouchEfiVariables = false; boot.loader.grub = { version = 2; - device = "/dev/sda"; + device = if cfg.efi then "nodev" else "/dev/sda"; splashImage = null; extraConfig = '' serial --unit=0 --speed=115200 --word=8 --parity=no --stop=1 terminal_input --append serial terminal_output --append serial ''; + efiInstallAsRemovable = cfg.efi; + efiSupport = cfg.efi; }; # https://docs.oracle.com/en-us/iaas/Content/Compute/Tasks/configuringntpservice.htm#Configuring_the_Oracle_Cloud_Infrastructure_NTP_Service_for_an_Instance From e8fc4d22e9dcf37d5296225d4416945bda5c66e2 Mon Sep 17 00:00:00 2001 From: ilian Date: Mon, 31 May 2021 14:46:51 +0200 Subject: [PATCH 07/12] maintainers/scripts/oci: Fix indentation --- nixos/maintainers/scripts/oci/create-image.sh | 22 +++++++++---------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/nixos/maintainers/scripts/oci/create-image.sh b/nixos/maintainers/scripts/oci/create-image.sh index 30583a20a1c6..c01b49e0cce4 100755 --- a/nixos/maintainers/scripts/oci/create-image.sh +++ b/nixos/maintainers/scripts/oci/create-image.sh @@ -4,19 +4,19 @@ export NIX_PATH=nixpkgs=$(dirname $(readlink -f $0))/../../../.. export NIXOS_CONFIG=$(dirname $(readlink -f $0))/../../../modules/virtualisation/oci-image.nix if (( $# < 1 )); then - ( - echo "Usage: create-image.sh " - echo - echo "Where is one of:" - echo " x86_64-linux" - echo " aarch64-linux" - ) >&2 + ( + echo "Usage: create-image.sh " + echo + echo "Where is one of:" + echo " x86_64-linux" + echo " aarch64-linux" + ) >&2 fi system="$1"; shift nix-build '' \ - -A config.system.build.OCIImage \ - --argstr system "$system" \ - --option system-features kvm \ - -o oci-image + -A config.system.build.OCIImage \ + --argstr system "$system" \ + --option system-features kvm \ + -o oci-image From 5eae6db9e330856e0799429c4496d3edd5f1271b Mon Sep 17 00:00:00 2001 From: Thiago Kenji Okada Date: Thu, 21 Sep 2023 22:05:34 +0100 Subject: [PATCH 08/12] nixos/virtualisation: remove deprecated option from OCI common --- nixos/modules/virtualisation/oci-common.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/nixos/modules/virtualisation/oci-common.nix b/nixos/modules/virtualisation/oci-common.nix index edca4144c089..19e4c9fa898b 100644 --- a/nixos/modules/virtualisation/oci-common.nix +++ b/nixos/modules/virtualisation/oci-common.nix @@ -38,7 +38,6 @@ in boot.loader.efi.canTouchEfiVariables = false; boot.loader.grub = { - version = 2; device = if cfg.efi then "nodev" else "/dev/sda"; splashImage = null; extraConfig = '' From cd67657ae2dfcf2634e983030b544638ef9beb1b Mon Sep 17 00:00:00 2001 From: Thiago Kenji Okada Date: Thu, 21 Sep 2023 22:05:52 +0100 Subject: [PATCH 09/12] nixos/virtualisation: use systemd-networkd for OCI --- nixos/modules/virtualisation/oci-common.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/nixos/modules/virtualisation/oci-common.nix b/nixos/modules/virtualisation/oci-common.nix index 19e4c9fa898b..ac9405e3ecfa 100644 --- a/nixos/modules/virtualisation/oci-common.nix +++ b/nixos/modules/virtualisation/oci-common.nix @@ -53,4 +53,8 @@ in networking.timeServers = [ "169.254.169.254" ]; services.openssh.enable = true; + + # Otherwise the instance may not have a working network-online.target, + # making the fetch-ssh-keys.service fail + networking.useNetworkd = true; } From d5d4b08488077f46ed701537951abae8f6a7ff76 Mon Sep 17 00:00:00 2001 From: Thiago Kenji Okada Date: Thu, 21 Sep 2023 22:06:15 +0100 Subject: [PATCH 10/12] nixos/virtualisation: always use EFI for OCI --- nixos/modules/virtualisation/oci-options.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/modules/virtualisation/oci-options.nix b/nixos/modules/virtualisation/oci-options.nix index 15c7b30863db..0dfedc6a530c 100644 --- a/nixos/modules/virtualisation/oci-options.nix +++ b/nixos/modules/virtualisation/oci-options.nix @@ -3,7 +3,7 @@ options = { oci = { efi = lib.mkOption { - default = pkgs.stdenv.hostPlatform.isAarch64; + default = true; internal = true; description = '' Whether the OCI instance is using EFI. From c655cdb53639febca043b56ce022f510b1bc6814 Mon Sep 17 00:00:00 2001 From: Thiago Kenji Okada Date: Thu, 21 Sep 2023 22:08:22 +0100 Subject: [PATCH 11/12] maintainers/scripts/oci: make scripts fail on error --- nixos/maintainers/scripts/oci/create-image.sh | 2 ++ nixos/maintainers/scripts/oci/upload-image.sh | 2 ++ 2 files changed, 4 insertions(+) diff --git a/nixos/maintainers/scripts/oci/create-image.sh b/nixos/maintainers/scripts/oci/create-image.sh index c01b49e0cce4..0d7332a0b272 100755 --- a/nixos/maintainers/scripts/oci/create-image.sh +++ b/nixos/maintainers/scripts/oci/create-image.sh @@ -1,5 +1,7 @@ #! /usr/bin/env bash +set -euo pipefail + export NIX_PATH=nixpkgs=$(dirname $(readlink -f $0))/../../../.. export NIXOS_CONFIG=$(dirname $(readlink -f $0))/../../../modules/virtualisation/oci-image.nix diff --git a/nixos/maintainers/scripts/oci/upload-image.sh b/nixos/maintainers/scripts/oci/upload-image.sh index ef5413b26ba2..aa187db04564 100755 --- a/nixos/maintainers/scripts/oci/upload-image.sh +++ b/nixos/maintainers/scripts/oci/upload-image.sh @@ -1,5 +1,7 @@ #! /usr/bin/env bash +set -euo pipefail + script_dir="$(dirname $(readlink -f $0))" nixpkgs_root="$script_dir/../../../.." export NIX_PATH="nixpkgs=$nixpkgs_root" From 371cebacb56399b439185c9461f8494f5f57f77a Mon Sep 17 00:00:00 2001 From: Thiago Kenji Okada Date: Thu, 21 Sep 2023 22:10:16 +0100 Subject: [PATCH 12/12] maintainers/scripts/oci: add missing parameter --- nixos/maintainers/scripts/oci/upload-image.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nixos/maintainers/scripts/oci/upload-image.sh b/nixos/maintainers/scripts/oci/upload-image.sh index aa187db04564..e4870e94bf54 100755 --- a/nixos/maintainers/scripts/oci/upload-image.sh +++ b/nixos/maintainers/scripts/oci/upload-image.sh @@ -18,8 +18,8 @@ EOF qcow="oci-image/nixos.qcow2" if [ ! -f "$qcow" ]; then echo "OCI image $qcow does not exist" - echo "Building image with create-image.sh" - "$script_dir/create-image.sh" + echo "Building image with create-image.sh for 'x86_64-linux'" + "$script_dir/create-image.sh" x86_64-linux [ -f "$qcow" ] || { echo "Build failed: image not present after build"; exit 1; } else echo "Using prebuilt image $qcow"