Commit graph

219 commits

Author SHA1 Message Date
aszlig 707b7ad1bd
vm/windows: Generate mounts from an attribute set.
This is mainly to make it easier to quickly change mappings, without
making room for errors such as typos.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-02-26 04:51:59 +01:00
aszlig 5258bbe4c9
vm/windows: Create fstab entries in suspended VM.
Cygwin initializes mounts on _every_ login via SSH and doesn't keep them
consistently like on Unix systems, that's why we need to also add fstab
entries for the bind mounts to the store and xchg shares.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-02-26 04:51:59 +01:00
aszlig d16dae8d32
vm/windows: Use &&, not set -e in runAndSuspend.
We now have proper quoting, so we no longer need the workaround using
"set -e".

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-02-26 04:51:59 +01:00
aszlig 084238c6ec
vm/windows: Fix perms of the Samba shares.
We now map all guest accounts to the root user, because in the end the
permissions of the current user boil down to the build user of the Nix
builder of the host. That way it's not possible to gain more permissions
at all and just makes the VM communication a lot easier.

However, setting "writable" to yes instead of "read only" to no doesn't
change anything here, I just found it to be clearer.

Also, we now no longer need to have a "nobody" user.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-02-26 04:51:59 +01:00
aszlig 5241bb1d5e
vm/windows: Avoid shadowing the Nix store.
This is done by putting the non-initrd /nix/store into a subdirectory,
which we then chroot to and pass along the SSH command.

Also, we now collect the exit code after the chroot command and power
off the VM thereafter, because the store is no longer shadowed and we
have still access to the busybox inside the initrd.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-02-26 04:51:58 +01:00
aszlig a1d7974acd
vm/windows: Remove Samba from installMode.
This should trim down possible dependencies on the base installation and
hereby reduce the need for reinstallation of the damn VM to only changes
that affect the Windows installation and the base Cygwin + OpenSSH
setup.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-02-26 04:51:58 +01:00
aszlig fedf13e6cf
vm/windows: Implement and use "xchg" share.
This now finally introduces our xchg share and also uses it for
exchanging state while suspending a VM. However, accessing the _real_
Nix store still isn't possible because we're shadowing the directory in
the initrd.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-02-26 04:51:58 +01:00
aszlig 0ce1fd07fe
vm/windows: Reintroduce setting up /nix/store.
Now we're doing this at the point where we're saving the VM state.
Unfortunately it's not quite right, because the controller VM is shut
down _before_ we're saving the state, so the share gets disconnected
despite autodisconnect being deactivated during setup.

We can get around this issue by finally introducing the xchg share,
which is the last item to be implemented before we can merge to master.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-02-26 04:51:57 +01:00
aszlig aa65a7057f
vm/windows: Properly escape shell command.
Security-wise it's not a big issue because we're still sandboxed, but I
really don't want to write something like \\\\\\\\192.168.0.2\\\\share
in order to set up network shares.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-02-26 04:51:57 +01:00
aszlig cfa859d792
vm/windows: Don't init /nix/store on install.
We're going to do this during the suspendedVM phase, so we're able to
more easily change the shares without reinstalling the whole VM.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-02-26 04:51:57 +01:00
aszlig 3e91192f07
vm/windows: Wait for VDE switch to startup.
This could possibly cause flapping whenever qemu is too fast in starting
up. As we are running with the shell's -e flag, the socat check also
ensures that the VDE switch is properly started and causes the whole
build to fail, should it not start up within 20 seconds.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-02-26 04:51:56 +01:00
aszlig c731467e2c
vm/windows: Split install into several stages.
These stages are in particular:

 * Install of the bare Windows VM with Cygwin and shut down.
 * Boot up the same VM again without the installation media and dump the
   VMs memory to state.gz.
 * Resume from state.gz and build whatever we want to build.

Every single stage involves a new "controller", which is more like an
abstraction on the Nix side that constructs the madness described in
276b72fb93.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-02-26 04:51:56 +01:00
aszlig 5105e7f0bf
vm/windows: Update sha256 of Cygwin's setup.ini.
This is kinda stupid to do every little time the file is automatically
regenerated upstream. But let's see how often that happens and whether
it will become a major annoyance or not, and if yes, we might be forced
to include it in our source tree.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-02-26 04:50:55 +01:00
aszlig 9b1862ca1f
vm/windows: Move creating SSH key into install/.
This SSH key is specifically only for accessing the installed Cygwin
within the Windows VM, so we only need to expose the private key. Yes,
you heard right, the private key. It's not security-relevant because the
machine is completely read-only, only exposed to the filesystem and
networking is not available.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-02-26 04:50:54 +01:00
aszlig 4e21215d52
vm/windows: Move the installer into install/.
At least the largest portion of the installer, because in the end we
don't want the installer to *actually* save the state but only prepare
the base image.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-02-26 04:50:54 +01:00
aszlig 276b72fb93
vm: Introduce new Windows VM installer for Cygwin.
After quite a lot of fighting against Windows and its various
limitations, this new is the base architecture for installing and
accessing the Windows VM and thus the Cygwin environment inside it:

                .------------.
          .---> | vde_switch |
          |     `-[#]----[#]-'
          |        |      |
         ,'       .'      `---.___
       ,'    192.168.0.1          `.
       |          |            192.168.0.2
      ,'    _____[#]____           |
    ,'     |            |   ______[#]______
    |      | Windows VM |  |    .--'       |
    |      |____________|  |    |          |
    |             |  /|\   |  .-|          |
    | .---------. |   |    |  | |          |
  .-|-| manager |-'   |    |  | |          |
  | | `---------'     |    |  | |          |
  | |                 |    |  | |          |
  | | .-------------. |    | Samba         |
  | | | BOOTSTRAP   | |    |  | |          |
  | | |-------------| |    |  | |   .------|
  | `-| spawn VMs   |-+--> |  | `---| xchg | <-------.
  |   |-------------|      |  | .---^------|         |
  |   | install     |---.  |  `-| nixstore | <----.  |
  |   |-------------|   |  |    `----------|      |  |
  |---| suspend VM  |   |  |               |      |  |
  |   `------.------'   |  | Controller VM |      |  |
  |          |          |  |_______________|      |  |
  |       .--'          |         /|\            VirtIO
  |       |           __|__________:____________  |  |
  |      \|/         |  |          `.           | |  |
  | .------------.   |  |           :           | |  |
  | | REAL BUILD |   |  |   .-------^--------.  | |  |
  | |------------|   |  `-> | serial console |  | |  |
  `-| revive VM  |   |      `----------------'  | |  |
    |------------|   |------------.             | |  |
    | build      |-->| /nix/store >>>-----------|-'  |
    |------------|   |------------|             |    |
    | collect    |<--| xchg       >>>-----------|----'
    `-----.------'   |------------'             |
          |          |                          |
         \|/         |    |  |  __   ___  |     |
                     |    |--| |  | (__  -|-    |
    F I N I S H E D  |    |  | |__| ___)  |     |
                     |__________________________|

This might look a bit overwhelming, but let me try to explain:

We're starting at the base derivation ("BOOTSTRAP" above), where we
actually install the Cygwin envirenment. Over there we basically fire up
a vde_switch process and two virtual machines: One is the Windows
machine, the other is a NixOS machine, which serves as some kind of
proxy between the host and the Windows machine.

The reason we're doing this, is because we don't have a lot of options
for sharing files between a stock Windows machine and the host. In
earlier experiments, I've tried to communicate with the Windows guest by
using pipes and OpenSSH, but obviously this wasn't a big speed rush (or
to say it bluntly: It was fucking slow).

Using TCP/IP directly for accessing the guest would have been another
option, but it could lead to possible errors when the port or a range of
ports are in use at the Host system. Also, we would need to punch a hole
into the sandbox of the Nix builder (as it doesn't allow networking),
which in turn will possibly undermine deterministic builds/runs (well,
at least as deterministic as it can be, we're running Windows,
remember?).

So, let's continue: The responsibility of the NixOS (controller) VM is
to just wait until an SSH port becomes available on the Windows VM,
whereas the Windows VM itself is installed using an unattended
installation file provided via a virtual floppy image.

With the installation of the basic Windows OS, we directly install
Cygwin and start up an OpenSSH service.

At this point the bootstrapping is almost finished and as soon as the
port is available, the controller VM sets up Samba shares and makes it
available as drive letters within Windows and as bind mounts (for
example /nix/store) within Cygwin.

Finally we're making a snapshot of the memory of the Windows VM in order
to revive it within a few seconds when we want to build something.

Now, the build process itself is fairly straightforward: Revive VM and
build based on existing store derivations and collect the result _and_
the exit code from the xchg share/directory.

Conclusion: This architecture may sound a bit complicated, but we're
trying to achieve deterministic and reproducable builds and/or test
runs.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-02-26 04:50:53 +01:00
Petr Rockai 97721af469 VMs: Add Fedora 17 to the list of distros (only had 16 and 18). 2014-02-15 12:57:21 +01:00
Eelco Dolstra 8ba1fdef00 debian: Update to 7.4 2014-02-14 20:29:43 +01:00
Shea Levy b529a34b4a Add Fedora 20
Signed-off-by: Shea Levy <shea@shealevy.com>
2014-01-19 20:50:46 -05:00
Rob Vermaas 1625743902 Fix Fedora8 vm builds. 2014-01-15 21:32:38 +01:00
Rob Vermaas ed9520bfb5 Allow specifying extra qemu flags using QEMU_OPTS. Replace CentOS 6.3 with CentOS 6.5 (6.3 is removed from site). 2014-01-14 22:51:26 +01:00
Eelco Dolstra 3abcd7e268 debian: Update to 7.3 2014-01-06 15:51:00 +01:00
Eelco Dolstra 4747796a9e Build RPMs for i686 rather than i386
The default target (i386-linux) causes flags like "-march i386" to be
added, which breaks on recent Fedora releases (18 and up), resulting
in errors like:

  /usr/lib/gcc/i686-redhat-linux/4.7.2/../../../../include/c++/4.7.2/ext/atomicity.h:48: undefined reference to `__atomic_fetch_add_4'

So set the target to i686-linux.

http://hydra.nixos.org/build/6567357
2013-10-23 12:55:07 +02:00
Eelco Dolstra 391de89913 Debian 7: Update to 7.2
Also rename "debian70" to "debian7" to reflect the Wheezy's new
versioning scheme.
2013-10-23 11:30:51 +02:00
Eelco Dolstra d6f97c3601 Debian 6: Update to 6.0.8 2013-10-23 11:17:20 +02:00
Eelco Dolstra 27e91e0044 Add Fedora 19 2013-10-23 11:15:45 +02:00
Eelco Dolstra 34fcf33c0b Add Ubuntu 13.10 2013-10-23 11:08:12 +02:00
Eelco Dolstra d846e97656 VM builds: Use Linux 3.10
3.4 apparently gives corrupt 9pfs data on x86.  See e.g.

  http://hydra.nixos.org/build/5661036

where reading /nix/store/kfldnrrsq0lbbv13gjxdfb3vb1sbaz88-vm-run-stage2
gives garbage.  Strangely it doesn't happen here:

  http://hydra.nixos.org/build/5658978

Ah well.
2013-08-07 14:48:22 +02:00
Eelco Dolstra 4342a32deb VM builds: Reduce kernel verbosity 2013-08-01 14:35:31 +02:00
Eelco Dolstra d077851b7d VM builds: Use the default kernel 2013-08-01 14:35:31 +02:00
Eelco Dolstra b5fcb5b67d Use the qemu-kvm wrapper 2013-07-31 14:53:35 +02:00
aszlig 69dccda3c0
VM builds: Update debian Wheezy image to v7.1.
Wheezy has been released on June 15th and on all mirrors the SHA256 hash
of Packages.bz2 has changed to reflect the new release, so let's update.

Here is the release announcement from Debian:

http://www.debian.org/News/2013/20130615

It also seems that the versioning scheme has changed in version 7.x, so
they seem to have switched to a two digit versioning scheme. This means,
that the attribute name "debian70..." should really be something like
"debian7...", but I'm keeping the attribute as-is to not break
references.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2013-07-30 05:59:59 +02:00
aszlig cd4b5e1a35
fillDiskWithDebs: Create fake start-stop-daemon.
This is needed in order to prevent services from starting while
populating the image with the contents of the .deb files. The procedure
used here is exactly the same as used in debootstrap.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2013-07-30 05:59:40 +02:00
Eelco Dolstra 59aca26975 * Use 'or'. 2013-07-15 14:33:27 +02:00
Rob Vermaas da7db90068 Add CentOS 6.4 to vm images 2013-07-05 17:52:42 +02:00
Rob Vermaas 51a22a8f8a Add loopback network device and localhost entry to /etc/hosts for VM tests. 2013-07-05 15:02:43 +02:00
Eelco Dolstra 9f5f30a7e6 Remove runInGenericVM
It's not used anywhere and probably doesn't work anymore.
2013-07-05 00:17:04 +02:00
Eelco Dolstra 0e386d0c13 VM builds: Use 9p/virtfs instead of CIFS
9p (with caching enabled) is much faster than CIFS and doesn't require
Samba or virtual networking.  For instance, building GNU Hello with
CIFS takes ~323s on my laptop, but with 9p it takes 54s.

More measurements will be needed to see if "cache=fscache" is really
faster than "cache=loose" (the former seems to be a little bit
faster).
2013-07-05 00:17:04 +02:00
Eelco Dolstra 9efe759dd8 VM builds: Increase the default memory size to 512 MB 2013-07-05 00:17:04 +02:00
Eelco Dolstra 2321f2d55c VM builds: Panic on OOM 2013-07-05 00:17:04 +02:00
Eelco Dolstra 5f8571405b VM builds: Use ext4 instead of ext2 2013-07-05 00:17:03 +02:00
Eelco Dolstra ed37a6b465 VM builds: Use qemu instead of the obsolete qemu-kvm 2013-07-05 00:17:03 +02:00
Eelco Dolstra 7afc1149d9 testRPMImage: Use x86_64 image 2013-07-04 18:27:26 +02:00
Eelco Dolstra 5cfa68ab50 Reinstate sec=none
Seems to be required, despite the subsequent sec=ntlm. But the NixOS
VM tests work fine without this flag :-S

http://hydra.nixos.org/build/5451901
2013-07-03 14:38:56 +02:00
Eelco Dolstra 75e34854f6 Remove redundant cifs option 2013-07-02 17:03:29 +02:00
Shea Levy dd42dd480b runInLinuxImage: Fix derivation overriding.
This only ever worked because runInLinuxVM happened to call
overrideDerivation, which itself erroneously passed arbitrarily-added
attributes to the new call to derivation.

Hopefully this time Eelco won't have to revert my change ;)

Signed-off-by: Shea Levy <shea@shealevy.com>
2013-05-15 01:15:16 -04:00
Eelco Dolstra 9f9620f566 Doh 2013-05-13 22:04:33 +02:00
Eelco Dolstra 278b255388 Restore unintentionally deleted line 2013-05-13 18:15:02 +02:00
Eelco Dolstra 9df603b300 Use Linux 3.9 for VM builds
This seems to fix CIFS hangs like: http://hydra.nixos.org/build/4916655
2013-05-13 18:12:12 +02:00
Eelco Dolstra 6fb4c62f25 Fix some old Fedora builds
http://hydra.nixos.org/build/4949447
2013-05-13 17:47:20 +02:00