nixos/cri-o, cri-o: add wrapper
This commit is contained in:
parent
4b0d5ecee8
commit
9e7fbc6f2c
@ -5,6 +5,8 @@ with lib;
|
|||||||
let
|
let
|
||||||
cfg = config.virtualisation.cri-o;
|
cfg = config.virtualisation.cri-o;
|
||||||
|
|
||||||
|
crioPackage = (pkgs.cri-o.override { inherit (cfg) extraPackages; });
|
||||||
|
|
||||||
# Copy configuration files to avoid having the entire sources in the system closure
|
# Copy configuration files to avoid having the entire sources in the system closure
|
||||||
copyFile = filePath: pkgs.runCommandNoCC (builtins.unsafeDiscardStringContext (builtins.baseNameOf filePath)) {} ''
|
copyFile = filePath: pkgs.runCommandNoCC (builtins.unsafeDiscardStringContext (builtins.baseNameOf filePath)) {} ''
|
||||||
cp ${filePath} $out
|
cp ${filePath} $out
|
||||||
@ -23,13 +25,13 @@ in
|
|||||||
enable = mkEnableOption "Container Runtime Interface for OCI (CRI-O)";
|
enable = mkEnableOption "Container Runtime Interface for OCI (CRI-O)";
|
||||||
|
|
||||||
storageDriver = mkOption {
|
storageDriver = mkOption {
|
||||||
type = types.enum ["btrfs" "overlay" "vfs"];
|
type = types.enum [ "btrfs" "overlay" "vfs" ];
|
||||||
default = "overlay";
|
default = "overlay";
|
||||||
description = "Storage driver to be used";
|
description = "Storage driver to be used";
|
||||||
};
|
};
|
||||||
|
|
||||||
logLevel = mkOption {
|
logLevel = mkOption {
|
||||||
type = types.enum ["trace" "debug" "info" "warn" "error" "fatal"];
|
type = types.enum [ "trace" "debug" "info" "warn" "error" "fatal" ];
|
||||||
default = "info";
|
default = "info";
|
||||||
description = "Log level to be used";
|
description = "Log level to be used";
|
||||||
};
|
};
|
||||||
@ -45,13 +47,34 @@ in
|
|||||||
default = "/pause";
|
default = "/pause";
|
||||||
description = "Pause command to be executed";
|
description = "Pause command to be executed";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
extraPackages = mkOption {
|
||||||
|
type = with types; listOf package;
|
||||||
|
default = [ ];
|
||||||
|
example = lib.literalExample ''
|
||||||
|
[
|
||||||
|
pkgs.gvisor
|
||||||
|
]
|
||||||
|
'';
|
||||||
|
description = ''
|
||||||
|
Extra packages to be installed in the CRI-O wrapper.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
package = lib.mkOption {
|
||||||
|
type = types.package;
|
||||||
|
default = crioPackage;
|
||||||
|
internal = true;
|
||||||
|
description = ''
|
||||||
|
The final CRI-O package (including extra packages).
|
||||||
|
'';
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
environment.systemPackages = with pkgs;
|
environment.systemPackages = [ cfg.package pkgs.cri-tools ];
|
||||||
[ cri-o cri-tools conmon iptables runc utillinux ];
|
|
||||||
|
|
||||||
environment.etc."crictl.yaml".source = copyFile "${pkgs.cri-o.src}/crictl.yaml";
|
environment.etc."crictl.yaml".source = copyFile "${pkgs.cri-o-unwrapped.src}/crictl.yaml";
|
||||||
|
|
||||||
environment.etc."crio/crio.conf".text = ''
|
environment.etc."crio/crio.conf".text = ''
|
||||||
[crio]
|
[crio]
|
||||||
@ -63,16 +86,14 @@ in
|
|||||||
|
|
||||||
[crio.network]
|
[crio.network]
|
||||||
plugin_dirs = ["${pkgs.cni-plugins}/bin/"]
|
plugin_dirs = ["${pkgs.cni-plugins}/bin/"]
|
||||||
network_dir = "/etc/cni/net.d/"
|
|
||||||
|
|
||||||
[crio.runtime]
|
[crio.runtime]
|
||||||
conmon = "${pkgs.conmon}/bin/conmon"
|
|
||||||
cgroup_manager = "systemd"
|
cgroup_manager = "systemd"
|
||||||
log_level = "${cfg.logLevel}"
|
log_level = "${cfg.logLevel}"
|
||||||
manage_ns_lifecycle = true
|
manage_ns_lifecycle = true
|
||||||
'';
|
'';
|
||||||
|
|
||||||
environment.etc."cni/net.d/10-crio-bridge.conf".source = copyFile "${pkgs.cri-o.src}/contrib/cni/10-crio-bridge.conf";
|
environment.etc."cni/net.d/10-crio-bridge.conf".source = copyFile "${pkgs.cri-o-unwrapped.src}/contrib/cni/10-crio-bridge.conf";
|
||||||
|
|
||||||
# Enable common /etc/containers configuration
|
# Enable common /etc/containers configuration
|
||||||
virtualisation.containers.enable = true;
|
virtualisation.containers.enable = true;
|
||||||
@ -82,10 +103,10 @@ in
|
|||||||
documentation = [ "https://github.com/cri-o/cri-o" ];
|
documentation = [ "https://github.com/cri-o/cri-o" ];
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
after = [ "network.target" ];
|
after = [ "network.target" ];
|
||||||
path = [ pkgs.utillinux pkgs.runc pkgs.iptables ];
|
path = [ cfg.package ];
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
Type = "notify";
|
Type = "notify";
|
||||||
ExecStart = "${pkgs.cri-o}/bin/crio";
|
ExecStart = "${cfg.package}/bin/crio";
|
||||||
ExecReload = "/bin/kill -s HUP $MAINPID";
|
ExecReload = "/bin/kill -s HUP $MAINPID";
|
||||||
TasksMax = "infinity";
|
TasksMax = "infinity";
|
||||||
LimitNOFILE = "1048576";
|
LimitNOFILE = "1048576";
|
||||||
|
53
pkgs/applications/virtualization/cri-o/wrapper.nix
Normal file
53
pkgs/applications/virtualization/cri-o/wrapper.nix
Normal file
@ -0,0 +1,53 @@
|
|||||||
|
{ cri-o-unwrapped
|
||||||
|
, runCommand
|
||||||
|
, makeWrapper
|
||||||
|
, lib
|
||||||
|
, extraPackages ? []
|
||||||
|
, cri-o
|
||||||
|
, runc # Default container runtime
|
||||||
|
, crun # Container runtime (default with cgroups v2 for podman/buildah)
|
||||||
|
, conmon # Container runtime monitor
|
||||||
|
, utillinux # nsenter
|
||||||
|
, cni-plugins # not added to path
|
||||||
|
, iptables
|
||||||
|
, socat
|
||||||
|
}:
|
||||||
|
|
||||||
|
let
|
||||||
|
cri-o = cri-o-unwrapped;
|
||||||
|
|
||||||
|
binPath = lib.makeBinPath ([
|
||||||
|
runc
|
||||||
|
crun
|
||||||
|
conmon
|
||||||
|
utillinux
|
||||||
|
iptables
|
||||||
|
socat
|
||||||
|
] ++ extraPackages);
|
||||||
|
|
||||||
|
in runCommand cri-o.name {
|
||||||
|
name = "${cri-o.pname}-wrapper-${cri-o.version}";
|
||||||
|
inherit (cri-o) pname version;
|
||||||
|
|
||||||
|
meta = builtins.removeAttrs cri-o.meta [ "outputsToInstall" ];
|
||||||
|
|
||||||
|
outputs = [
|
||||||
|
"out"
|
||||||
|
"man"
|
||||||
|
];
|
||||||
|
|
||||||
|
nativeBuildInputs = [
|
||||||
|
makeWrapper
|
||||||
|
];
|
||||||
|
|
||||||
|
} ''
|
||||||
|
ln -s ${cri-o.man} $man
|
||||||
|
|
||||||
|
mkdir -p $out/bin
|
||||||
|
ln -s ${cri-o-unwrapped}/share $out/share
|
||||||
|
|
||||||
|
for p in ${cri-o-unwrapped}/bin/*; do
|
||||||
|
makeWrapper $p $out/bin/''${p##*/} \
|
||||||
|
--prefix PATH : ${binPath}
|
||||||
|
done
|
||||||
|
''
|
@ -23438,7 +23438,8 @@ in
|
|||||||
|
|
||||||
crispyDoom = callPackage ../games/crispy-doom { };
|
crispyDoom = callPackage ../games/crispy-doom { };
|
||||||
|
|
||||||
cri-o = callPackage ../applications/virtualization/cri-o { };
|
cri-o = callPackage ../applications/virtualization/cri-o/wrapper.nix { };
|
||||||
|
cri-o-unwrapped = callPackage ../applications/virtualization/cri-o { };
|
||||||
|
|
||||||
ckan = callPackage ../games/ckan { };
|
ckan = callPackage ../games/ckan { };
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user