Official NixOS Wiki

Talk:Proxmox Linux Container: Difference between revisions

← Older edit
VisualWikitext
imported>Vater
No edit summary
Vater (talk | contribs)
50 edits
 
(14 intermediate revisions by one other user not shown)
Line 152: Line 152:
|  
|  
----
----
<!--
: <code>ping -c 5 cache.nixos.org</code>
<pre>
PING dualstack.v2.shared.global.fastly.net (151.101.114.217) 56(84) bytes of data.
64 bytes from 151.101.114.217 (151.101.114.217): icmp_seq=1 ttl=57 time=14.3 ms
64 bytes from 151.101.114.217 (151.101.114.217): icmp_seq=2 ttl=57 time=14.3 ms
64 bytes from 151.101.114.217 (151.101.114.217): icmp_seq=3 ttl=57 time=14.3 ms
64 bytes from 151.101.114.217 (151.101.114.217): icmp_seq=4 ttl=57 time=14.3 ms
64 bytes from 151.101.114.217 (151.101.114.217): icmp_seq=5 ttl=57 time=14.3 ms
--- dualstack.v2.shared.global.fastly.net ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4003ms
rtt min/avg/max/mdev = 14.302/14.312/14.325/0.009 ms
</pre>
-->
|-
|-
| customize the (pve) lxc startup setup routine (on every node where you want to start a NixOS container)
| customize the (pve) lxc startup setup routine (on every node where you want to start a NixOS container)
Line 208: Line 223:
|  
|  
|  
|  
[[NixOS]] is using "Sandboxing" by default.<ref>https://search.nixos.org/options?query=nix.useSandbox</ref> Therefore the option <code>nesting</code> for the  container on Proxmox Virtual Environment for NixOS must be acitivated.
----
if nesting is not acitivated
(try to) update (download and build) Nix expressions (<code>nix-env</code>) in a NixOS container on Proxmox Virtual Environment
: <code>nix-channel --update</code>
<pre>
unpacking channels...
warning: Nix search path entry '/nix/var/nix/profiles/per-user/root/channels' does not exist, ignoring
error: while setting up the build environment: mounting /proc: Operation not permitted
error: program '/nix/store/rphxpqbsxgmykf8nyyr0pqi53nm78xa5-nix-2.3.15/bin/nix-env' failed with exit code 1
</pre>
(try to) rebuild NixOS
: <code>nixos-rebuild switch</code>
<pre>
warning: Nix search path entry '/nix/var/nix/profiles/per-user/root/channels/nixos' does not exist, ignoring
warning: Nix search path entry '/nix/var/nix/profiles/per-user/root/channels' does not exist, ignoring
error: file 'nixpkgs/nixos' was not found in the Nix search path (add it using $NIX_PATH or -I), at (string):1:13
building Nix...
warning: Nix search path entry '/nix/var/nix/profiles/per-user/root/channels/nixos' does not exist, ignoring
warning: Nix search path entry '/nix/var/nix/profiles/per-user/root/channels' does not exist, ignoring
error: file 'nixpkgs/nixos' was not found in the Nix search path (add it using $NIX_PATH or -I)
warning: Nix search path entry '/nix/var/nix/profiles/per-user/root/channels/nixos' does not exist, ignoring
warning: Nix search path entry '/nix/var/nix/profiles/per-user/root/channels' does not exist, ignoring
error: file 'nixpkgs' was not found in the Nix search path (add it using $NIX_PATH or -I)
warning: Nix search path entry '/nix/var/nix/profiles/per-user/root/channels/nixos' does not exist, ignoring
warning: Nix search path entry '/nix/var/nix/profiles/per-user/root/channels' does not exist, ignoring
error: file 'nixpkgs/nixos/modules/installer/tools/nix-fallback-paths.nix' was not found in the Nix search path (add it using $NIX_PATH or -I)
/tmp/nixos-rebuild.qaFefR/nix
warning: Nix search path entry '/nix/var/nix/profiles/per-user/root/channels/nixos' does not exist, ignoring
warning: Nix search path entry '/nix/var/nix/profiles/per-user/root/channels' does not exist, ignoring
error: file 'nixpkgs' was not found in the Nix search path (add it using $NIX_PATH or -I)
building the system configuration...
warning: Nix search path entry '/nix/var/nix/profiles/per-user/root/channels/nixos' does not exist, ignoring
warning: Nix search path entry '/nix/var/nix/profiles/per-user/root/channels' does not exist, ignoring
error: file 'nixpkgs/nixos' was not found in the Nix search path (add it using $NIX_PATH or -I)
</pre>
----
if nesting is acitivated
update (download and build) Nix expressions (<code>nix-env</code>) in a NixOS container on Proxmox Virtual Environment sucessfully
: <code>nix-channel --update</code>
<pre>
unpacking channels...
warning: Nix search path entry '/nix/var/nix/profiles/per-user/root/channels' does not exist, ignoring
created 1 symlinks in user environment
</pre>
: <code>nix-channel --update</code>
<pre>
unpacking channels...
</pre>
rebuild NixOS sucessfully
: <code>nixos-rebuild switch</code>
<pre>
building Nix...
building the system configuration...
</pre>
<pre></pre>
<pre>
activating the configuration...
setting up /etc...
setting up tmpfiles
</pre>
----
----
how to configure that the option <code>nesting</code> is aciviated
(optional you can) check the (pve) lxc config file (and it should look like something like the following with ''nesting=1'' on the line ''features:'')
(optional you can) check the (pve) lxc config file (and it should look like something like the following with ''nesting=1'' on the line ''features:'')
<code>less /etc/pve/lxc/1000.conf</code>
<code>less /etc/pve/lxc/1000.conf</code>
<pre></pre>
<pre>
<pre>
arch: amd64
cores: 2
features: nesting=1
features: nesting=1
hostname: CT1000
memory: 1024
net0: name=eth0,bridge=vmbr0,hwaddr=A1:B2:C3:D4:E5:F6,ip=dhcp,type=veth
ostype: unmanaged
rootfs: storage:vm-1000-disk-0,size=4G
swap: 512
unprivileged: 1
</pre>
</pre>
<pre></pre>
After changing (adding) the option for <code>nesting</code> the container must be restarted.
|-
|-
| start the NixOS container with Proxmox Virtual Environment
| start the NixOS container with Proxmox Virtual Environment
Line 299: Line 381:
</pre>
</pre>
: <code>nixos-rebuild test</code>
: <code>nixos-rebuild test</code>
<!--
<pre>
building Nix...
building the system configuration...
</pre>
-->
<pre>
<pre>
building Nix...
building Nix...
Line 325: Line 413:
</pre>
</pre>
|-
|-
| fixing the configuration file for NixOS
| checking systemd
|  
|  
|  
|  
(optional) check the default configuration file for NixOS
: <code>systemctl list-units --failed</code>
: <code>cat /etc/nixos/configuration.nix</code>
<pre>
<pre>
{ config, pkgs, ... }:
  UNIT                  LOAD  ACTIVE SUB    DESCRIPTION           
● sys-kernel-debug.mount loaded failed failed Kernel Debug File System


{
LOAD  = Reflects whether the unit definition was properly loaded.
  imports = [ <nixpkgs/nixos/modules/virtualisation/lxc-container.nix> ];
ACTIVE = The high-level unit activation state, i.e. generalization of SUB.
SUB    = The low-level unit activation state, values depend on unit type.
1 loaded units listed.


 
}
</pre>
</pre>
|-
| fixing the configuration file for NixOS
|
|
: <code>nano /etc/nixos/configuration.nix</code>
: <code>nano /etc/nixos/configuration.nix</code>
<pre>
<pre>
Line 354: Line 446:
<pre>
<pre>
}
}
</pre>
: <code>nixos-rebuild switch</code>
<pre>
building Nix...
building the system configuration...
these derivations will be built:
  /nix/store/4c6mbv3y3i6m9qzv48j0ncy7163x3m7b-system-units.drv
  /nix/store/nfc7hz3shyrc1jm2nqsgh5m7izcj8psc-etc.drv
  /nix/store/fmx0v41zcyr7g38qjvdsdk5fifkjxfhx-nixos-system-nixos-21.05.3787.564cb4d81d4.drv
building '/nix/store/4c6mbv3y3i6m9qzv48j0ncy7163x3m7b-system-units.drv'...
building '/nix/store/nfc7hz3shyrc1jm2nqsgh5m7izcj8psc-etc.drv'...
building '/nix/store/fmx0v41zcyr7g38qjvdsdk5fifkjxfhx-nixos-system-nixos-21.05.3787.564cb4d81d4.drv'...
activating the configuration...
setting up /etc...
reloading user units for root...
setting up tmpfiles
</pre>
: <code>systemctl list-units --failed</code>
<pre>
  UNIT LOAD ACTIVE SUB DESCRIPTION
0 loaded units listed.
</pre>
</pre>
| https://github.com/NixOS/nixpkgs/issues/9735#issuecomment-783535726
| https://github.com/NixOS/nixpkgs/issues/9735#issuecomment-783535726
|-
| (optional) test changing the configuration of the NixOS container by installing a package (''ddate'') and disabling a (default running) service
|
|
: <code>nano /etc/nixos/configuration.nix</code>
<pre>
{
  imports = [ <nixpkgs/nixos/modules/virtualisation/lxc-container.nix> ];
</pre>
<pre></pre>
<pre>
services.openssh.enable = false;
</pre>
<pre></pre>
<pre>
  environment.systemPackages = with pkgs; [
    ddate
  ]; 
</pre>
<pre></pre>
<pre>
}
</pre>
: <code>nixos-rebuild switch</code>
<pre>
building Nix...
building the system configuration...
</pre>
<pre></pre>
: <code>ddate</code>
<pre>
Today is Prickle-Prickle, the 65th day of Bureaucracy in the YOLD 3187
</pre>
|-
| (optional) check status of systemd
|
|
: <code>systemctl status</code>
<pre>
● nixos
    State: running
    Jobs: 0 queued
  Failed: 0 units
    Since: Mon 2021-10-11 11:52:39 UTC; 1h 24min ago
  CGroup: /
          ├─user.slice
          │ └─user-0.slice
          │  ├─session-c1.scope
          │  │ ├─393 /nix/store/61z6l8p3f14hgz29j607bg1d37sn5d86-shadow-4.8.1/bin/login --
          │  │ ├─506 -bash
          │  │ └─527 top
          │  └─user@0.service
          │    └─init.scope
          │      ├─499 /run/current-system/systemd/lib/systemd/systemd --user --deserialize 17
          │      └─500 (sd-pam
          ├─.lxc
          │ ├─ 290 /bin/sh
          │ ├─3315 systemctl status
          │ └─3316 less
          ├─init.scope
          │ └─1 systemd
          └─system.slice
            ├─systemd-journald.service
            │ └─200 /nix/store/n5j5fjn60nhck658j9ab84k8n9z24n1r-systemd-247.6/lib/systemd/systemd-journald
            ├─nix-daemon.service
            │ └─473 nix-daemon --daemon
            ├─console-getty.service
            │ └─392 agetty --login-program /nix/store/61z6l8p3f14hgz29j607bg1d37sn5d86-shadow-4.8.1/bin/login --noclear --keep-baud console 115200,38400,9600 linux
            ├─dhcpcd.service
            │ └─468 dhcpcd: [master] [ip4] [ip6]
            ├─nscd.service
            │ └─450 nscd
            ├─system-container\x2dgetty.slice
            │ └─container-getty@1.service
            │  └─394 agetty --login-program /nix/store/61z6l8p3f14hgz29j607bg1d37sn5d86-shadow-4.8.1/bin/login --noclear --keep-baud pts/1 115200,38400,9600 vt220
            ├─dbus.service
            │ └─390 /nix/store/qxpxg30bmj99rvvsacqzkgayzvxz6bb1-dbus-1.12.20/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
            └─systemd-logind.service
              └─364 /nix/store/n5j5fjn60nhck658j9ab84k8n9z24n1r-systemd-247.6/lib/systemd/systemd-logind
</pre>
|-
|-
| …
| …
Line 367: Line 563:
; Is there a scenario where you would like to have a privileged (<code>unprivileged = 0</code>) container?: I do not know.
; Is there a scenario where you would like to have a privileged (<code>unprivileged = 0</code>) container?: I do not know.


==== Is there a cgroup2 only NixOS containers? ====
==== Is there a cgroup2 only NixOS container? ====


; Is there a configuration with cgroups versions 2 only - where cgroups version 1 is not needed - (so that is possible to rollback the manipulation of the pve lxc startup script (<code>/usr/share/perl5/PVE/LXC/Setup.pm</code>))? Or can we create such a (pre)build image (''tar'')?: I do not know.
; Is there a configuration with cgroups versions 2 only - where cgroups version 1 is not needed - (so that is possible to rollback the manipulation of the pve lxc startup script (<code>/usr/share/perl5/PVE/LXC/Setup.pm</code>))? Or can we create such a (pre)build image (''tar'')?: I do not know.
Line 390: Line 586:


https://git.proxmox.com/?p=pve-container.git;a=blob;f=src/PVE/LXC/Setup/Base.pm;h=a5b77d32f82747ea558d0398919414945b133dc0;hb=HEAD#l523
https://git.proxmox.com/?p=pve-container.git;a=blob;f=src/PVE/LXC/Setup/Base.pm;h=a5b77d32f82747ea558d0398919414945b133dc0;hb=HEAD#l523
: <code>nano /etc/nixos/configuration.nix</code>
<pre>
  systemd.enableUnifiedCgroupHierarchy = true;
</pre>
==== Why there is a ''Service'' section in the service manager configuration in a NixOS container? ====
<pre></pre>
<pre>
starting systemd...
/etc/systemd/system.conf:13: Unknown section 'Service'. Ignoring.
</pre>
<pre></pre>
<code>/etc/systemd/system.conf</code>
<pre></pre>
<pre>
[Service]
ProtectProc=default
ProtectControlGroups=no
ProtectKernelTunables=no
</pre>
<pre></pre>


== documentation ==
== documentation ==
Line 406: Line 626:
linux
linux
* …
* …
== articles ==
* https://blog.xirion.net/posts/nixos-proxmox-lxc/
*: with
** (PVE 6.3?)
** (NixOS 21.05?)
== upgrade (a PCT) to 21.11 ==
==== the folder ''/sbin/'' is missing ====
----
in your NixOS PCT
: <code>nix-channel --add https://nixos.org/channels/nixos-21.11 nixos</code>
: <code>nixos-rebuild switch --upgrade</code>
<pre></pre>
<pre>
ln: failed to create symbolic link '/sbin/init': No such file or directory
Activation script snippet 'installInitScript' failed (1)
</pre>
<pre></pre>
<pre>
warning: error(s) occurred while switching to the new configuration
</pre>
: <code>mkdir /sbin</code>
: <code>nixos-rebuild switch --upgrade</code>
<pre></pre>
----
on your PVE host
(for all the following starts of your NixOS PCT)
: <code>nano /etc/pve/lxc/1001.conf</code>
<pre></pre>
<pre>
#lxc.init.cmd: /init
lxc.init.cmd: /sbin/init
</pre>
<pre></pre>
----
== best (and easiest) way to get a "default" (working) shell in a pve ct after entering (<code>pct enter</code>) ==
:: <code>source /etc/set-environment</code>
: or
::: <code>/bin/sh -l</code>
:: or
::: <code>sh -l</code>
: or
:: <code>. /etc/profile</code>
or is possible to set an option in nixos or pve?
--[[User:Vater|Vater]] ([[User talk:Vater|talk]]) 17:47, 15 July 2024 (UTC)
Add topic
Retrieved from "https://wiki.nixos.org/wiki/Talk:Proxmox_Linux_Container"
Return to "Proxmox Linux Container" page.