fix docker image builds on main branch HEAD
samrose opened this issue · comments
Chore
On the latest main HEAD commit, while the nix flake check -L , nix build .#psql_14/bin and nix build .#psql_15/bin succeed,
nix build .#psql_14/docker and nix build .#psql_15/bin .#psql_15/docker fail due to not being able to access kvm
Additional context
When running locally, the problem reported is
Formatting './image/disk-image.qcow2', fmt=qcow2 cluster_size=65536 extended_l2=off compression_type=zlib size=1073741824 lazy_refcounts=off refcount_bits=16
Could not access KVM kernel module: Permission denied
qemu-kvm: failed to initialize kvm: Permission denied
qemu-kvm: falling back to tcg
SeaBIOS (version rel-1.16.2-0-gea1b7a073390-prebuilt.qemu.org)
iPXE (http://ipxe.org) 00:03.0 CA00 PCI2.10 PnP PMM+1EFD0F00+1EF30F00 CA00
Press Ctrl-B to configure iPXE (PCI 00:03.0)...^M
Booting from ROM...
Probing EDD (edd=off to disable)... oqemu-kvm: ../softmmu/physmem.c:2419: iotlb_to_section: Assertion `section_index < d->map.sections_nb' failed.
./run-vm: line 5: 12 Aborted (core dumped) /nix/store/kycv8h9adan0zvs2cabp60xsjw1iabq7-qemu-host-cpu-only-8.1.1/bin/qemu-kvm -cpu max -nographic -no-reboot -device virtio-rng-pci -virt
I'll troubleshoot and work out a PR to fix this problem soon
just build-all command fails
for now we'd like to stick with plain nix commands rather than wrapping them with make or just. the references to just haven't are still hanging out from the prototype but we didn't intend to keep them
@olirice ok that makes sense! I'll focus on the underlying nix commands instead as I work through this.
I'll edit the issue description etc as well
for now we'd like to stick with plain nix commands rather than wrapping them with make or just.
One idea we had before was using a prefix for all the nix-postgres commands. Similar to postgREST nix commands. This for consistency and to also get some nice autocompletion hitting prefix-<tab>.
Maybe the prefix can be np- for now. It could also be configurable in case we want to change it later.
I believe you should be able to get the failing pipeline to run sucessfully by disabling kvm. In actuality, kvm isn't needed for builds to run (see NixOS/nix#8316); its purpose is mainly for running nixos-tests when existing packages are modified (or new packages are added) since it, more-or-less, allows one to provision a fleet of machines to run tests on.
Looking at the default.nix file for docker in nixpkgs, I see vmTools.runInLinuxVM being called which led me to looking at the source code for runInLinuxVM. From here I noticed that the kvm entry from the requiredSystemFeatures attribute would need to be removed, and this could be done via an overlay of dockerTools, that would look something like
self: super:
let
runInLinuxVMNoKVM = drv: self.lib.overrideDerivation (self.vmTools.runInLinuxVM drv) (_: { requiredSystemFeatures = []; });
modifiedVmTools = super.vmTools // { runInLinuxVM = runInLinuxVMNoKVM; };
in
{
dockerTools = super.dockerTools.override { vmTools = modifiedVmTools; };
}
…made a bit more progress on nix2container. Will pr that once I get it together + chat with folks on it prior to pr when I start 😀