Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use systemd-run for nixos-container run again #83432

Open
Ma27 opened this issue Mar 26, 2020 · 9 comments
Open

Use systemd-run for nixos-container run again #83432

Ma27 opened this issue Mar 26, 2020 · 9 comments
Labels
0.kind: bug 0.kind: regression Something that worked before working no longer 6.topic: nixos-container Imperative and declarative systemd-nspawn containers
Milestone
23.11

Comments

@Ma27
Copy link
Member

Ma27 commented Mar 26, 2020

Describe the bug

In #83392 I had to revert 7cb100b which used systemd-run for nixos-container run as a first step towards unprivileged containers.

The problem is that when deploying a nixos-container e.g. using the container-backend from nixops, the backend will run nixos-container run -- [...] switch-to-configuration on the container's host which will reload systemd. This will make the systemd-run call hanging due to the reload and the deployment never finishes, also the new configuration is never activated.

See also #67332 (comment)

cc @worldofpeace @arianvp @uvNikita
@Ma27 Ma27 added 0.kind: bug 0.kind: regression Something that worked before working no longer 6.topic: nixos-container Imperative and declarative systemd-nspawn containers labels Mar 26, 2020
@Ma27 Ma27 added this to the 20.09 milestone Mar 26, 2020
Ma27 added a commit that referenced this issue Mar 26, 2020
@Ma27
Revert "nixos-container: use systemd-run instead of nsenter"
ebb6e38 
This reverts commit 7cb100b.

See also #83432.

This appears to break at least the `container`-backend of `nixops`: when
running `switch-to-configuration` within `nixos-container run`, the
running `systemd`-instance gets reloaded which appears to kill the
`systemd-run` command and causes `nixos-container run` to hang.

The full issue is reported in the original PR[1].

[1] #67332 (comment)

(cherry picked from commit 7f1ba60)
@Ma27 Ma27 mentioned this issue Mar 26, 2020
Merged
10 tasks
@arianvp
Copy link
Member

arianvp commented Mar 27, 2020
edited
Loading

I think systemd-run might be the wrong command here to be honest! Stupid oversight on my side. systemd-run starts a new transient unit inside the container; which probably gets confused as it gets reloaded (Sounds like a systemd bug too to me? not sure) We should be running machinectl shell <container-name> switch-to-configuration that will probably just work

@arianvp
Copy link
Member

arianvp commented Mar 27, 2020

Also from the systemd-run docs on systemd-run --pty:

  Note that machinectl(1)'s shell command is usually a better alternative for requesting a new, interactive login
           session on the local host or a local container.

@Ma27
Copy link
Member Author

Ma27 commented Apr 16, 2020

Thanks for sharing those insights! Interestingly this breaks the config-activation when using the container-backend in nixops, but works fine when activating a new configuration for a .nspawn-unit as demonstrated in #84608.

Since this issue reproducibly fixes the config-activation for nixops, we may want to think of a solution for 20.09 that covers use-cases for this as far as possible. I'm currently working on improved nspawn-containers for the sake of improved networkd-integration (#69414), so when we have a draft to discuss, we can decide how to proceed with nixos-containers IMHO :)

@uvNikita
Copy link
Contributor

uvNikita commented May 5, 2020

Note that, as far as I know, machinectl shell does not propagate the return code of the executed command. This means that the error will be hidden if the container fails to switch the configuration. I'm not sure if this is something we want.

Other than that, machinectl shell works fine in my custom nixos containers module.

@stale
Copy link

stale bot commented Nov 1, 2020

I marked this as stale due to inactivity. → More info

@stale stale bot added the 2.status: stale https://github.com/NixOS/nixpkgs/blob/master/.github/STALE-BOT.md label Nov 1, 2020
@kirelagin
Copy link
Member

Is there anything that can be done here to keep this work moving?

@stale stale bot removed the 2.status: stale https://github.com/NixOS/nixpkgs/blob/master/.github/STALE-BOT.md label Dec 2, 2020
@FRidh FRidh modified the milestones: 20.09, 21.03 Dec 20, 2020
@stale
Copy link

stale bot commented Jun 18, 2021

I marked this as stale due to inactivity. → More info

@stale stale bot added the 2.status: stale https://github.com/NixOS/nixpkgs/blob/master/.github/STALE-BOT.md label Jun 18, 2021
@uvNikita
Copy link
Contributor

I think the most recent effort related to this is happening here: #69414 (comment)

@stale stale bot removed the 2.status: stale https://github.com/NixOS/nixpkgs/blob/master/.github/STALE-BOT.md label Jun 19, 2021
@Ma27 Ma27 mentioned this issue Jan 3, 2022
Merged
@stale
Copy link

stale bot commented May 2, 2022

I marked this as stale due to inactivity. → More info

@stale stale bot added the 2.status: stale https://github.com/NixOS/nixpkgs/blob/master/.github/STALE-BOT.md label May 2, 2022
@Artturin Artturin modified the milestones: 21.05, 23.05 Dec 31, 2022
@stale stale bot removed 2.status: stale https://github.com/NixOS/nixpkgs/blob/master/.github/STALE-BOT.md labels Dec 31, 2022
@RaitoBezarius RaitoBezarius modified the milestones: 23.05, 23.11 May 31, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
0.kind: bug 0.kind: regression Something that worked before working no longer 6.topic: nixos-container Imperative and declarative systemd-nspawn containers
Projects
None yet
Milestone
23.11
Development

No branches or pull requests
7 participants
@RaitoBezarius @kirelagin @arianvp @uvNikita @FRidh @Ma27 @Artturin