Skip to content

Make it easy to create docker images with Nix #2742

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 21 commits into from
Dec 17, 2022
Merged

Make it easy to create docker images with Nix #2742

merged 21 commits into from
Dec 17, 2022

Conversation

tobim
Copy link
Member

@tobim tobim commented Nov 28, 2022

This can be used with

nix run .#stream-image | docker load

It reuses the regular static binary output so it won't rebuild VAST if the static binary is already available.

According to docker image ls the resulting image weighs 117 Mb,
significantly lighter than the Debian based image which is ~330 Mb.

@tobim tobim requested review from dispanser and dit7ya November 28, 2022 11:09
@dominiklohmann
Copy link
Member

This is not a drop-in replacement for the existing tenzir/vast image, right?

dit7ya
dit7ya reviewed Nov 28, 2022
View reviewed changes
Copy link
Member

@dit7ya dit7ya left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tried testing it with

➜ nix run github:tenzir/vast/topic/flake-docker-image#stream-image | docker load

but

➜ docker run -dt --name=vast --rm tenzir/vast start
f2d5f2f1ece9b652cd6b5c8d52c31319b2dcc764deaec28a6e3fd89525bb548f
docker: Error response from daemon: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: exec: "start": executable file not found in $PATH: unknown.

Probably due to NixOS/nixpkgs#99760

Edit: See suggestion below.

dit7ya
dit7ya reviewed Nov 28, 2022
View reviewed changes
dit7ya
dit7ya previously requested changes Nov 28, 2022
View reviewed changes
@tobim
Copy link
Member Author

tobim commented Nov 28, 2022
edited
Loading

This is not a drop-in replacement for the existing tenzir/vast image, right?

With the config changes I just added there are only 3 remaining differences:

  1. The container doesn't have any applications besides VAST, so no bash, coreutils, etc. This is not a problem because you should use nsenter for inspection / debugging anyways.
  2. We use the static binary to build this container, so injecting additional plugins via bind-mount is not possible. (I don't think anybody does this yet).
  3. When built remotely aka nix run github:tenzir/vast#stream-image Nix will use the archived version of the sources, meaning it will only have the fallback version number. We can add support for our versioning theme with nix run git+https://github.com/tenzir/vast#stream-image, but not the former.

dominiklohmann
dominiklohmann reviewed Nov 28, 2022
View reviewed changes
@GTrunSec
Copy link
Contributor

GTrunSec commented Dec 6, 2022
edited
Loading

if you want to drop the existing tenzir/vast image, I would recommend using the nix2container as an image builder instead. smaller granularity -> example? also tested with the podman.

@dit7ya
Copy link
Member

dit7ya commented Dec 6, 2022

I tested nix2container for this PR locally, the size was not smaller, but the build time was faster though.

@dominiklohmann
Copy link
Member

I don't think we want to drop the regular image, as that supports mounting in additional plugins. This one doesn't. I'm still all for calling this vast-slim.

@dominiklohmann dominiklohmann force-pushed the topic/flake-docker-image branch 4 times, most recently from 8231d46 to 1b9757c Compare December 14, 2022 21:54
dominiklohmann
dominiklohmann approved these changes Dec 14, 2022
View reviewed changes
Copy link
Member

@dominiklohmann dominiklohmann left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

From my point of view this is all good to go. @tobim, please take a look through the changes I've made before merging.

@tobim tobim force-pushed the topic/flake-docker-image branch 2 times, most recently from f0dd59b to 8061f98 Compare December 16, 2022 11:46
@tobim tobim enabled auto-merge December 16, 2022 11:46
@tobim tobim disabled auto-merge December 16, 2022 12:04
@tobim tobim dismissed dit7ya’s stale review December 16, 2022 12:48

The change request was implemented

tobim and others added 6 commits December 16, 2022 22:03
@tobim
Disable install checks in when cross compiling
d378aa4
@tobim
Remove nix support files for the static binary
d10d2d9
@tobim
Add a docker image to the flake outputs
5c8c1d0 
This can be used with
```
nix run .#stream-image | docker load
```
It reuses the regular static binary output so it won't rebuild VAST
if the static binary is already available.

According to `docker image ls` the resulting image wheighs 117 Mb,
significantly lighter than the Debian based image which is ~330 Mb.
@tobim
Add a working clangd to the development shell
2174357
@tobim
Align with image config with the dockerfile
47713f9
@dominiklohmann @tobim
Rename Nix-created container image to tenzir/vast-slim
208f2d2
dominiklohmann and others added 13 commits December 16, 2022 22:03
@dominiklohmann @tobim
Upload tenzir/vast-slim in CI
bbf534e
@dominiklohmann @tobim
Remove unused matrix from Nix build
276c69d
@dominiklohmann @tobim
Document tenzir/vast-slim image
223ab12
@tobim
Print plugin search path on failure
58efbc2
@tobim
Normalize plugin library names unconditionally
a2c912d
@tobim
Fix plugin version string if no revision available
2e6b556
@tobim
Build the image from current commit
3b3472c
@tobim
Rename the output to stream-static-image
517433f
@tobim
Add openssl as a dependency for restinio
21a3b7f
@tobim
Merge package build into regular static build
9b68993 
The `vast-static` package now has a dedicated `package` output that
contains the `tar.gz` and `deb` installable packages.
@tobim
Shuffle some build options around
2d7f365
@tobim
Fix derivation of relative install dirs
c49f3f2 
A bug in the CMake macro to strip the install prefix from specific
installation dirs triggered an unwanted rebuild of libvast as part
of the packaging step.
@tobim
Fix CMake formatting
053f936
@tobim tobim force-pushed the topic/flake-docker-image branch from a66be13 to 053f936 Compare December 16, 2022 21:04
@tobim tobim enabled auto-merge December 16, 2022 21:05
@dominiklohmann
Handle previously discarded errors
55daf16 
Authored-by: Benno Evers <benno.evers@tenzir.com>
@dominiklohmann dominiklohmann force-pushed the topic/flake-docker-image branch from 59eeb21 to 55daf16 Compare December 16, 2022 22:51
@tobim tobim merged commit dff3cd3 into master Dec 17, 2022
@tobim tobim deleted the topic/flake-docker-image branch December 17, 2022 17:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dominiklohmann dominiklohmann dominiklohmann approved these changes

@dit7ya dit7ya dit7ya left review comments

@dispanser dispanser Awaiting requested review from dispanser

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@tobim @dominiklohmann @GTrunSec @dit7ya