Commit Graph

21 Commits

Author SHA1 Message Date
Nikita Uvarov
7cb100b683
nixos-container: use systemd-run instead of nsenter
This is the first step for unprivileged nixos containers support.
Fixes #30019. See also #18825, #57083, and #67130.
2019-08-23 12:21:22 +02:00
Maximilian Bosch
c957341ef5
nixos-container: allow setting custom local and host address
I have a nixops network where I deploy containers using the `container`
backend which uses `nixos-container` intenrally to deploy several
containers to a certain host.

During that time I removed and added new containers and while trying to
deploy those to a different host I realized that it isn't guaranteed
that each container gets the same IP address which is a problem as some
parts of the deployment need to know which container is using which IP
(i.e. to configure port forwarding on the host).

With this change you can specify the container's IP like this (and don't
have to use the arbitrarily used 10.233.0.0/16 subnet):

```
$ nixos-container create test --config-file test-container.nix \
    --local-address 10.235.1.2 --host-address 10.235.1.1
```
2019-04-22 18:13:45 +02:00
volth
bb9557eb7c lib.makePerlPath -> perlPackages.makePerlPath 2018-12-15 03:50:31 +00:00
Peter Hoeg
b95a24fdf1 nixos-container: support restarts 2018-04-20 11:07:07 +08:00
Niklas Hambüchen
5d83988c1e nixos-container: Fix destroy terminating before it's done. Fixes #32545.
This also fixes the race condition found in #32551.

And it fixes nixops's repeated destroy/deploy being broken
(https://github.com/NixOS/nixops/issues/809).
2017-12-29 16:26:18 +01:00
Martin Bornhold
ac7edeebfd nixos-container: Make show-ip work together with ipv4 + netmask
The containers local address can be given as ipv4 only or with a subnetmask in
CIDR notation in the container configuration, see [1]. This works fine but the
'nixos-container show-ip' only supports plain ipv4 addresses without the netmask
suffix.

Changed the regex to also match in case of a CIDR netmask suffix.

[1] 9939032e35/nixos/modules/virtualisation/containers.nix (L382)
2017-11-16 20:25:45 +01:00
Robin Gloster
91e74ed3b2
nixos-container: check for correct path for chattr
Could fail on destroy if the container wasn't created correctly
2017-03-22 15:15:42 +01:00
Robin Gloster
3ac02dfc40
nixos-container: allow _ in container name
fixes #15089
2017-03-22 15:15:41 +01:00
Robin Gloster
9b9416cca4
nixos-container: don't use host's $NIXOS_CONFIG
fixes #22948
2017-03-22 15:15:41 +01:00
Eelco Dolstra
cb49c14324
Revert "nixos-container: Use machinectl shell (#18825)"
This reverts commit
c37e76b4d2. Unfortunately, using
"machinectl shell" has two bad side effects:

* It sends the command's stderr to stdout.

* It doesn't propagate the command's exit status.

This broke NixOps.

PR #18825.
2017-03-21 16:51:08 +01:00
Robin Gloster
492101dfce
nixos-container: fix destroy with immutable /var/empty
fixes #21573
2017-02-18 22:51:21 +01:00
Ian-Woo Kim
a238c8a575 nixos-container: add --port option for nixos-container (forward network ports to systemd-nspawn container) 2017-02-15 05:12:46 +01:00
Ian-Woo Kim
3490508ed1 nixos-container: support bridge. 2017-02-15 05:12:46 +01:00
Wilhelm Schuster
c37e76b4d2 nixos-container: Use machinectl shell (#18825)
Using nsenter+su was suboptimal since the environment they provided was
not quite the same as the real container environment. See [1] for more
background.

Note that we directly invoke /bin/sh for `nixos-container root-login`
since setting the user's shell is quite complex. See [2] for a related
systemd issue.

[1]: https://github.com/systemd/systemd/issues/825#issuecomment-127917622
[2]: https://github.com/systemd/systemd/issues/1395
2016-09-24 00:40:41 +02:00
aszlig
9f0acda7eb
nixos-container: Fix missing comma in GetOptions
Regression introduced by fe8f0dbd53.

Tested using "nix-build nixos/tests/containers-imperative.nix".

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @ericbmerritt
2016-08-07 14:29:33 +02:00
Joachim F
dece583a94 Merge pull request #17484 from srp/nixos-container-terminate
nixos-container: add 'terminate' command which 'destroy' now uses
2016-08-05 23:03:38 +02:00
Eric Merritt
a2feaf6d79 nixos-container: feature add 'config-file' option
This adds a config file option to nixos-container.pl that makes it quite
a bit easier to use.
2016-08-04 07:08:56 -07:00
Eric Merritt
fe8f0dbd53 nixos-container: fix allow alternative nixos paths
This should be completely backwards compatible. It allows the '-f' part
of the nix-env command to be configured. This greatly eases using
nixos-container as part of development where several nixpkgs
repositories might be tested at the same time.
2016-08-04 07:08:05 -07:00
Scott R. Parish
d6c55c16f6 nixos-container: replace 'kill' command with 'terminate'
My earlier commit to have `nixos-container destroy` use `kill` broke
the `container-imperative` test, see[1]. As suggested by @aszlig,
`machinectl terminate` doesn't have that problem, and is the command
that should have been used to begin with rather then `kill`.

1| 60c6c7bc9a (commitcomment-18478032)
2016-08-03 11:08:32 -07:00
Scott R. Parish
60c6c7bc9a nixos-container: add 'kill' command, 'destroy' to use 'kill'
Using 'machinectl kill' is much faster then gracefully stopping the
container.

In the case of 'destroy', since we're destroying it anyway, there's no
reason to do a graceful shutdown.
2016-07-21 14:58:05 -07:00
Eric Merritt
eb92804f91 nixos-containers: init package (#16959)
This moves nixos-containers into its own package so that it can be
relied upon by other packages/systems. This should make development
using dynamic containers much easier.
2016-07-19 08:13:06 +02:00