Make any NixOS system netbootable with 10s cycle times.

Last update: Dec 24, 2022

Related tags

Overview

nix-netboot-serve

Dynamically generate netboot images for arbitrary NixOS system closures, profiles, or configurations with 10s iteration times.

Usage

Create working directories for it:

mkdir ./gc-roots ./profiles ./configurations ./cpio-cache

Then start up the server:

RUST_LOG=info cargo run -- --gc-root-dir ./gc-roots --config-dir ./configurations --profile-dir ./profiles/ --cpio-cache-dir ./cpio-cache/ --listen 127.0.0.1:3030

See ./boot.sh for an example of booting with QEMU.

Booting an absolute closure

How To

To boot from a specific closure like /nix/store/0m60ngchp6ki34jpwmpbdx3fby6ya0sf-nixos-system-nginx-21.11pre307912.fe01052444c, use /boot/0m60ngchp6ki34jpwmpbdx3fby6ya0sf-nixos-system-nginx-21.11pre307912.fe01052444c/netboot.ipxe as your chain url.

Behavior

As long as that closure exists on the host, that closure will always be booted, unchanged.

Booting a profile

How To

In the profiles directory, create symlinks to top level system paths. For example:

$ ls -la profiles/
example-host -> /nix/store/4y829p7lljdvwnmsk6pnig3mlh6ygklj-nixos-system-example-host-21.11pre130979.gfedcba

then use /dispatch/profile/example-host to boot it.

Behavior

The symlink will be resolved every time a machine boots.

Booting a configuration

How To

In the configurations directory, create a directory for each system, and create a default.nix inside. For example:

$ tree configurations/
configurations/
└── m1.small
    └── default.nix

In the default.nix, create an expression with your NixOS configuration ready to be built:

(import 
    {
    configuration = { pkgs, ... }: {
        networking.hostName = "m1small";
        environment.systemPackages = [ pkgs.hello ];
        fileSystems."/" = {
            device = "/dev/bogus";
            fsType = "ext4";
        };
        boot.loader.grub.devices = [ "/dev/bogus" ];
        boot.postBootCommands = ''
            PATH=${pkgs.nix}/bin /nix/.nix-netboot-serve-db/register
        '';
    };
}).system

Then use /dispatch/configuration/m1.small to boot it.

Behavior

The configuration will be nix-build once per boot, and create a symlink in the --gc-root-dir directory with the same name as the configuration.

If the build fails, the ipxe client will be told to retry in 5s.

Note: there is currently a buggy race condition. In the following circumstance:

machine A turns on
machine B turns on
machine A hits the build URL and a long build starts
you change the configuration to have a very short build
machine B hits the build URL and the short build starts
machine B's configuration finishes building
machine B boots the short build configuration
machine A's configuration finishes building
machine A boots the short configuration instead of the long configuration

Notes on NixOS Configuration

Booting a machine from this server will completely ignore any of the defined fileSystems, everything will run out of RAM.

This system assumes a normal NixOS system booting off a regular disk: trying to use this to netboot a USB installer will not work.

If you don't have an existing configuration to start with, you could start with this:

{
    fileSystems."/" = {
        device = "/dev/bogus";
        fsType = "ext4";
    };
    boot.loader.grub.devices = [ "/dev/bogus" ];
}

Theory of Operation

Linux's boot process starts with two things:

the kernel
an initrd, or an initial ram disk

The ramdisk has all the files needed to mount any disks and start any software needed for the machine. Typically the ramdisk is constructed of a CPIO, a very simple file archive.

Linux supports a special case of its initrd being comprised of multiple CPIOs. By simply concatenating two CPIOs together, Linux's boot process will see the merged contents of both CPIOs.

Furthermore, individual CPIOs can be compressed independently, merged together with concatenation, and Linux will decompress and read each CPIO independently.

A NixOS system is comprised of hundreds of independent, immutable /nix/store paths.

Merging these together, we can dynamically create a single, compressed CPIO per Nix store path and cache it for later.

When a new boot request comes in, the software fetches the list of Nix store paths for the requested NixOS system. Then, every path has a CPIO built for it. Once each store path has a CPIO, the results are streamed back to the iPXE client. By caching the resulting CPIO, iterative development on a system configuration can result in just 3-5 new CPIOs per change.

Improvements over NixOS's NetBoot Support

NixOS's NetBoot image creation support works well, however iterating on a single closure involves recreating the CPIO and recompressing for every store path every time. This can add several minutes to cycle time.

Caveats

Loading the Nix Database

Before using Nix inside the booted machine, make sure to load the Nix database. To do that, add this to your NixOS configuration:

{ pkgs, ... }: {
    boot.postBootCommands = ''
        PATH=${pkgs.nix}/bin /nix/.nix-netboot-serve-db/register
    '';
}

This is not necessary if the system will not execute Nix commands.

Comments

[feat] pure-rust-cpio

This adds a private function to make a cpio archive of a given directory, but lacks integration testing or roundtrip testing with gnu cpio currently. Will pick this up and complete tests when i get a moment!

opened by emattiza 2

Doesn't support UEFI

When trying to boot a VM over iPXE utilizing OVMF (QEMU EFI software), the following error can be observed:

>>Start PXE over IPv4.
  Station IP address is 10.0.2.26

  Server IP address is 10.0.2.1
  NBP filename is http://10.0.2.1:3030/dispatch/configuration/small
  NBP filesize is 0 Bytes
  PXE-E99: Unexpected network error.
BdsDxe: failed to load Boot0005 "UEFI PXEv4 (MAC:000000000000)" from PciRoot(0x0)/Pci(0x3,0x0)/MAC(000000000000,0x1)/IPv4(0.0.0.0,0x0,DHCP,0.0.0.0,0.0.0.0,0.0.0.0): Not Found

After reading https://ipxe.org/appnote/uefihttp, it appears that iPXE expects an EFI file to be served, while this is serving the standard ipxe file.

opened by cole-h 2

Deleting CPIOs can cause problems serving initrds
Getting a cpio from the in-memory CpioCache can cause a false-positive cache hit:

fn get_cached(&self, path: &Path) -> Option<Cpio> { let cpio = self.cache .read() .expect("Failed to get a read lock on the cpio cache") .get(path) .map(|entry| entry.clone())?; }

The problem is the new cpio won't have an open handle to the cpio on disk, and it can't be read. We should verify the cpio actually exists and return None if it doesn't.

We may also want to explicitly close the handle in the CpioCache so that deleting CPIOs off disk actually works. Also, this is screaming out for "help! we need a garbage collector!"
opened by grahamc 1

hydra: pass --indirect to work on older Nix's

nix-store --realise used to require --indirect to make a GC root anywhere:

Jan 05 17:24:44 netboot-springboard nix-netboot-serve[2317232]: error: path '/var/cache/nix-netboot-serve/gc-roots/01ad16e6.packethost.net-nixos-install-equinix-metal-prs-pr-36-small' is not a valid garbage collector root; it's not in the directory '/nix/var/nix/gcroots'
Jan 05 17:24:44 netboot-springboard nix-netboot-serve[2314216]:  WARN  nix_netboot_serve::dispatch_hydra > Failed to realize output /nix/store/mm5614whs2i7x6vl98q1k7nzx3bbpp33-nixos-system-nixos-21.11pre-git for "small"

opened by grahamc 1

dispatch: support passing further kernel cmdline arguments

Passing cmdline_prefix_args and/or cmdline_suffix_args to any dispatcher as query parameters will allow the caller to prefix / suffix kernel cmdline arguments in addition to the arguments defined by the system.

For example: /dispatch/profile/system?cmdline_suffix_args=loglevel%3D7

Use case A: passing in dynamically generated password hashes.

Use case B: passing in a Vault AppRole Role ID, while passing the response-wrapped Secret ID through some other mechanism, like a metadata API service.

opened by grahamc 0
Make smaller things

Instead of a megafile, break the code up in to smaller, digestable chunks.

Note that basically nothing changed other than moving code from one file to another.

opened by grahamc 0
boot.rs: serve_extlinux variant for serving extlinux to u-boot clients?

Hi,

Skimming through this, I'm curious if there's opposition to having another url that would serve up an extlinux.conf instead of the ipxe script? Then I could just have a small reverse proxy setup to redirect PXE boot requests to their given profile endpoint within nix-netboot-serve. This would allow me to leverage this same code/module/etc to run a local netboot server for my various in-progress tow-boot clients.

I did consider that I could throw iPXE into the mix, but I've always gotten the impression that getting that going on certain embedded platforms can be a bit of a hassle.

opened by colemickens 1

Releases(v0.1.0)

v0.1.0(Sep 3, 2021)

Source code(tar.gz)
Source code(zip)

Owner

Determinate Systems

GitHub

Fake ping times.

Pong A Linux program that replies to ping but modifies the payload of the ICMP package to get lower ping times in some ping implementations. See https

136 Sep 21, 2022

Showcase for pathological compile times when using knuffel / chumsky / VERY LARGE types

netherquote Showcase for pathological compile times when using knuffel / chumsky / VERY LARGE types. How to reproduce The rust toolchain version is pi

7 Jan 1, 2023

Stopwatch lib for rust. Start, pause, reset and lap like any stopwatch.

Chronometer Stopwatch lib for rust. Start, pause, reset and lap like any stopwatch. Nothing special I'm just learning rust. Getting Started Add this l

2 Sep 29, 2022

messloc is a drop in replacement for malloc that can transparently recover from memory fragmentation without any changes to application code.

messloc is a drop in replacement for malloc that can transparently recover from memory fragmentation without any changes to application code. Goals Al

11 Dec 10, 2022

Rust Lambda Extension for any Runtime to preload SSM Parameters as 🔐 Secure Environment Variables!

?? Crypteia Rust Lambda Extension for any Runtime to preload SSM Parameters as Secure Environment Variables! Super fast and only performaned once duri

34 Jan 7, 2023

Select any exported function in a dll as the new dll's entry point.

Description This tool will patch the entry point of the input dll and replace it with the RVA of another exported function in that same dll. This allo

43 Jun 7, 2023

Make ELF formatted apps configurable

elfredo `elfredo` is a library that allows you to patch executables after they were compiled. It utilize an extra embedded section to store data/confi

7 Sep 5, 2021

cargo, make me a project

cargo-generate cargo, make me a project cargo-generate is a developer tool to help you get up and running quickly with a new Rust project by leveragin

1.2k Jan 3, 2023

Make the github cli even better with fuzzy finding

github-repo-clone (grc) Github Repo Clone is a command line utility written in rust that leverages the power of fuzzy finding with the github cli Usag

2 Jul 9, 2022

Rust macro to make recursive function run on the heap (i.e. no stack overflow).

Decurse Example #[decurse::decurse] // ?? Slap this on your recursive function and stop worrying about stack overflow! fn factorial(x: u32) -> u32 {

18 Dec 28, 2022

Make friends while searching.

searchbuddy Make friends while searching! Searchbuddy is a browser extension that lets you chat with people that are searching for what you're searchi