-
-
Notifications
You must be signed in to change notification settings - Fork 13.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Amazon Images for Aarch64 #62042
Amazon Images for Aarch64 #62042
Conversation
@@ -51,7 +51,9 @@ in { | |||
inherit lib config; | |||
inherit (cfg) contents format name; | |||
pkgs = import ../../../.. { inherit (pkgs) system; }; # ensure we use the regular qemu-kvm package | |||
partitionTableType = if config.ec2.hvm then "legacy" else "none"; | |||
partitionTableType = if config.ec2.efi then "efi" | |||
else if config.ec2.hvm then "legacy" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ec2.hvm
is blocked by an assertion, but the implementation still seems to support it. I preserved the existing behavior.
@@ -61,6 +63,9 @@ in { | |||
${optionalString config.ec2.hvm '' | |||
ec2.hvm = true; | |||
''} | |||
${optionalString config.ec2.efi '' | |||
ec2.efi = true; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Implemented in the same pattern as ec2.hvm
, but I don't know the reason for this.
@@ -25,6 +25,9 @@ in | |||
{ assertion = cfg.hvm; | |||
message = "Paravirtualized EC2 instances are no longer supported."; | |||
} | |||
{ assertion = cfg.efi -> cfg.hvm; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't know if this is a strict requirement, but it reduces the possible configurations to support.
6174864
to
83b54f9
Compare
83b54f9
to
fb44e07
Compare
If you can add some documentation too, which would make it possible to use this in 10 minutes, this is the kind of thing that would make me want to run Great to see arm support coming, regardless. |
us-east-1 us-east-2 us-west-1 us-west-2 | ||
ca-central-1 | ||
ap-southeast-1 ap-southeast-2 ap-northeast-1 ap-northeast-2 | ||
ap-south-1 ap-east-1 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ap-east-1
is new here, and may required additional configuration to enable this region
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think we have to do any region-specific configuration.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Some regions can be individually disabled and enabled, see the Amazon docs on Managing AWS Regions. I think ap-east-1
is the only region that this applies to, and is disabled by default.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, looks like ap-east-1
and me-south-1
are currently disabled.
|
||
# configuration | ||
state_dir=/home/deploy/amis/ec2-images | ||
home_region=us-west-2 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I can't tell the home region of the nixos-amis
bucket, this is probably wrong.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's in eu-west-1
(or EU
if it needs the old S3 location constraint).
fe34388
to
65e0249
Compare
nixos/release.nix
Outdated
@@ -196,6 +196,22 @@ in rec { | |||
); | |||
|
|||
|
|||
# A disk image that can be imported to Amazon EC2 and registered as an AMI | |||
amazon_image = forMatchingSystems [ "x86_64-linux" "aarch64-linux" ] (system: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
amazon_image
-> amazonImage
.
@@ -42,7 +42,7 @@ in { | |||
|
|||
format = mkOption { | |||
type = types.enum [ "raw" "qcow2" "vpc" ]; | |||
default = "qcow2"; | |||
default = "vpc"; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is vpc
a sparse / compressed disk format? For Hydra it's important not to increase the size of the images a lot.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I believe it's sparse but not compressed, comparisons:
└── [ 1193577472] nixos-amazon-image-19.09pre130979.gfedcba-aarch64-linux.vhd
└── [ 1177550848] nixos-amazon-image-19.09pre130979.gfedcba-aarch64-linux.qcow2
└── [ 1132745216] nixos-amazon-image-19.09pre130979.gfedcba-x86_64-linux.vhd
└── [ 1116078080] nixos-amazon-image-19.09pre130979.gfedcba-x86_64-linux.qcow2
d82bec8
to
ec7d1db
Compare
@thefloweringash Can you resolve the merge conflict? Then I'll merge this. Thanks! |
These can be imported without converison.
ec7d1db
to
84742e2
Compare
Rebased on current master. I haven't tested it since the rebase, but the rebase itself was straightforward. |
I've now successfully tested booting both amd64 and aarch64 AMIs on current master (after fixing the ceph entry in the release notes). |
I’m trying to use this image and I am importing it manually (since there seem to be no images on the nixos.org website currently), however the
🤔 |
Hm, ok, apparently EFI is specifically for aarch64, and one has to pass
|
Are you using I've created an aarch64 ami with create-amis.sh and successfully booted an a1.medium on it. If this is still failing for you, can you share more details so I can try to reproduce it? |
Motivation for this change
AMIs for Amazon's A1 instance type. Following advice from
#nixos-dev
, this adds a hydra job to build the images, and a script that will upload and register the prebuilt images given the store path. The uploader does not require a configured aarch64 builder.While rewriting the
create-amis.sh
script I only used theawscli
package. I haven't seen it written anywhere, but it seems like the ec2-* tools do not support current AWS features like session tokens and assume-role based access to s3. I find this version more compatible with my authentication scheme (short lived tokens), but recognize this is a large change from the existing behavior.Configuration details adapted from #52779
Tested booting both "arm64" and "x86_64" images produced from
nix-build nixos/release.nix -A amazon_image
.Things done
sandbox
innix.conf
on non-NixOS)nix-shell -p nix-review --run "nix-review wip"
./result/bin/
)nix path-info -S
before and after)