-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
The podman statically compiled and QEMU #15
Comments
In an Mac M2 inside an UTM VM Mac M2 (like the host), nix, qemu-system-aarch, podman --remotenix \
profile \
install \
nixpkgs#qemu \
nixpkgs#jq \
nixpkgs#podman podman \
--log-level=trace \
machine \
init \
--cpus=4 \
--disk-size=30 \
--log-level=trace \
--memory=3072 \
--rootful=false \
--timezone=local \
--volume="$HOME":"$HOME" \
vm This file must be created or update after each less ~/.config/containers/podman/machine/qemu/$(podman machine info --format "{{ .Host.CurrentMachine }}").json What it means?
Is this about And this workaround? https://podman-desktop.io/docs/troubleshooting/troubleshooting-podman-on-macos#podman-machine-on-apple-silicon The fix. Edit it to have this: ...
"-accel",
"tcg",
"-cpu",
"cortex-a57",
"-M",
"virt,highmem=off",
... Refs.: TODO: why brew maintainers did it like that? containers/podman#18073 (comment) TODO: test the difference in TODO: what about An Mac M2 VM worked with this configuration: {
"ConfigPath": {
"Path": "/Users/alvaro/.config/containers/podman/machine/qemu/vm.json"
},
"CmdLine": [
"/Users/alvaro/.nix-profile/bin/qemu-system-aarch64",
"-m",
"3072",
"-smp",
"4",
"-fw_cfg",
"name=opt/com.coreos/config,file=/Users/alvaro/.config/containers/podman/machine/qemu/vm.ign",
"-qmp",
"unix:/var/folders/qf/2qlrk7g97yvbsfjgkjwrs8rw0000gn/T/podman/qmp_vm.sock,server=on,wait=off",
"-netdev",
"socket,id=vlan,fd=3",
"-device",
"virtio-net-pci,netdev=vlan,mac=5a:94:ef:e4:0c:ee",
"-device",
"virtio-serial",
"-chardev",
"socket,path=/var/folders/qf/2qlrk7g97yvbsfjgkjwrs8rw0000gn/T/podman/vm_ready.sock,server=on,wait=off,id=avm_ready",
"-device",
"virtserialport,chardev=avm_ready,name=org.fedoraproject.port.0",
"-pidfile",
"/var/folders/qf/2qlrk7g97yvbsfjgkjwrs8rw0000gn/T/podman/vm_vm.pid",
"-accel",
"tcg",
"-cpu",
"cortex-a57",
"-M",
"virt,highmem=off",
"-drive",
"file=/Users/alvaro/.nix-profile/share/qemu/edk2-aarch64-code.fd,if=pflash,format=raw,readonly=on",
"-drive",
"file=/Users/alvaro/.local/share/containers/podman/machine/qemu/vm_ovmf_vars.fd,if=pflash,format=raw",
"-virtfs",
"local,path=/Users/alvaro,mount_tag=vol0,security_model=mapped-xattr",
"-drive",
"if=virtio,file=/Users/alvaro/.local/share/containers/podman/machine/qemu/vm_fedora-coreos-38.20230918.2.0-qemu.aarch64.qcow2"
],
"Rootful": false,
"UID": 501,
"IgnitionFilePath": {
"Path": "/Users/alvaro/.config/containers/podman/machine/qemu/vm.ign"
},
"ImageStream": "testing",
"ImagePath": {
"Path": "/Users/alvaro/.local/share/containers/podman/machine/qemu/vm_fedora-coreos-38.20230918.2.0-qemu.aarch64.qcow2"
},
"Mounts": [
{
"ReadOnly": false,
"Source": "/Users/alvaro",
"Tag": "vol0",
"Target": "/Users/alvaro",
"Type": "9p"
}
],
"Name": "vm",
"PidFilePath": {
"Path": "/var/folders/qf/2qlrk7g97yvbsfjgkjwrs8rw0000gn/T/podman/vm_proxy.pid"
},
"VMPidFilePath": {
"Path": "/var/folders/qf/2qlrk7g97yvbsfjgkjwrs8rw0000gn/T/podman/vm_vm.pid"
},
"QMPMonitor": {
"Address": {
"Path": "/var/folders/qf/2qlrk7g97yvbsfjgkjwrs8rw0000gn/T/podman/qmp_vm.sock"
},
"Network": "unix",
"Timeout": 2000000000
},
"ReadySocket": {
"Path": "/var/folders/qf/2qlrk7g97yvbsfjgkjwrs8rw0000gn/T/podman/vm_ready.sock"
},
"CPUs": 4,
"DiskSize": 30,
"Memory": 3072,
"IdentityPath": "/Users/alvaro/.ssh/vm",
"Port": 49228,
"RemoteUsername": "core",
"Starting": false,
"Created": "2023-10-03T14:13:43.403789-03:00",
"LastUp": "2023-10-03T14:13:43.403789-03:00"
} Start the podman machine VM: echo First start the podman virtual machine \
&& podman --log-level=trace machine start vm \
&& echo The machine must have started \
&& podman --remote --log-level=ERROR run quay.io/podman/hello
Other detailspodman --version podman version 4.3.1 qemu-kvm --version QEMU emulator version 7.1.0
Copyright (c) 2003-2022 Fabrice Bellard and the QEMU Project developers Oldnix \
profile \
install \
nixpkgs#qemu \
nixpkgs#jq \
nixpkgs#podman % qemu-kvm --version
QEMU emulator version 7.1.0
Copyright (c) 2003-2022 Fabrice Bellard and the QEMU Project developers nix profile install nixpkgs#podman warning: skipping dangling symlink '/private/tmp/nix-841-0/bin/virtiofsd' ehh... broken, of course... Tip, maybe qemu-system-aarch64 -accel help alvaro@Maquina-Virtual-de-Alvaro ~ % less ~/.config/containers/podman/machine/qemu/$(podman machine info --format "{{ .Host.CurrentMachine }}").json alvaro@Maquina-Virtual-de-Alvaro ~ % less ~/.config/containers/podman/machine/qemu/$(podman machine info --format "{{ .Host.CurrentMachine }}").json
alvaro@Maquina-Virtual-de-Alvaro ~ % PODMAN_MACHINE_CONFIG_FULL_PATH=$(echo ~/.config/containers/podman/machine/qemu/$(podman machine info --format "{{ .Host.CurrentMachine }}").json) \
&& jq -c '.CmdLine += ["-nographic"]' "$PODMAN_MACHINE_CONFIG_FULL_PATH" > "$PODMAN_MACHINE_CONFIG_FULL_PATH".temp \
&& mv -v "$PODMAN_MACHINE_CONFIG_FULL_PATH".temp "$PODMAN_MACHINE_CONFIG_FULL_PATH" \
&& echo
/Users/alvaro/.config/containers/podman/machine/qemu/vm.json.temp -> /Users/alvaro/.config/containers/podman/machine/qemu/vm.json
alvaro@Maquina-Virtual-de-Alvaro ~ % less ~/.config/containers/podman/machine/qemu/$(podman machine info --format "{{ .Host.CurrentMachine }}").json
alvaro@Maquina-Virtual-de-Alvaro ~ % echo First start the podman virtual machine \
&& podman --log-level=trace machine start vm \
&& echo The machine must have started \
&& podman --remote --log-level=ERROR run quay.io/podman/hello
First start the podman virtual machine
INFO[0000] /nix/store/sfw92crhskck0gp1czazdgjn09sd0a7l-podman-4.3.1/bin/podman filtering at log level trace
Starting machine "vm"
DEBU[0000] qemu cmd: [/Users/alvaro/.nix-profile/bin/qemu-system-aarch64 -m 3072 -smp 4 -fw_cfg name=opt/com.coreos/config,file=/Users/alvaro/.config/containers/podman/machine/qemu/vm.ign -qmp unix:/var/folders/qf/2qlrk7g97yvbsfjgkjwrs8rw0000gn/T/podman/qmp_vm.sock,server=on,wait=off -netdev socket,id=vlan,fd=3 -device virtio-net-pci,netdev=vlan,mac=5a:94:ef:e4:0c:ee -device virtio-serial -chardev socket,path=/var/folders/qf/2qlrk7g97yvbsfjgkjwrs8rw0000gn/T/podman/vm_ready.sock,server=on,wait=off,id=avm_ready -device virtserialport,chardev=avm_ready,name=org.fedoraproject.port.0 -pidfile /var/folders/qf/2qlrk7g97yvbsfjgkjwrs8rw0000gn/T/podman/vm_vm.pid -accel hvf -accel tcg -cpu host -M virt,highmem=on -drive file=/Users/alvaro/.nix-profile/share/qemu/edk2-aarch64-code.fd,if=pflash,format=raw,readonly=on -drive file=/Users/alvaro/.local/share/containers/podman/machine/qemu/vm_ovmf_vars.fd,if=pflash,format=raw -virtfs local,path=/Users/alvaro,mount_tag=vol0,security_model=mapped-xattr -drive if=virtio,file=/Users/alvaro/.local/share/containers/podman/machine/qemu/vm_fedora-coreos-38.20230918.2.0-qemu.aarch64.qcow2 -nographic]
Waiting for VM ...
Error: qemu exited unexpectedly with exit code -1, stderr: qemu-system-aarch64: -accel hvf: Error: HV_UNSUPPORTED Read https://devangtomar.medium.com/colima-containers-on-linux-on-mac-f6396c27e39b Updating qemu and trying againnix profile install github:NixOS/nixpkgs/f3dab3509afca932f3f4fd0908957709bb1c1f57#podman github:NixOS/nixpkgs/f3dab3509afca932f3f4fd0908957709bb1c1f57#qemu github:NixOS/nixpkgs/f3dab3509afca932f3f4fd0908957709bb1c1f57#jq Still broken nix run github:NixOS/nixpkgs/nixpkgs-unstable#darwin.builder error: 'darwin.builder' has been changed and renamed to 'darwin.linux-builder'. The default ssh port is now 31022. Please update your configuration or override the port back to 22. See https://nixos.org/manual/nixpkgs/unstable/#sec-darwin-builder Broken QEMU_OPTS="-m 8192" nix run github:NixOS/nixpkgs/nixpkgs-unstable#darwin.linux-builder Refs.: Maybe newer qemu? nix \
profile \
install \
github:NixOS/nixpkgs/c0838e12afa82d81668ab8550983e0521f117790#podman \
github:NixOS/nixpkgs/c0838e12afa82d81668ab8550983e0521f117790#qemu \
github:NixOS/nixpkgs/c0838e12afa82d81668ab8550983e0521f117790#jq codesign -d --entitlements - $(readlink -f $(which qemu-system-aarch64)) Refs.:
Executable=/nix/store/7iman6fw62bbicihx8l9c0i68d22dl91-qemu-8.1.1/bin/qemu-system-aarch64
[Dict]
[Key] com.apple.security.hypervisor
[Value]
[Bool] true cat << 'EOF' > entitlements.xml
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0"> <dict> <key>com.apple.security.hypervisor</key> <true/> </dict> </plist>
EOF Refs.:
codesign -s -- --entitlements entitlements.xml --force $(readlink -f $(which qemu-system-aarch64)) Refs.:
error: The specified item could not be found in the keychain. ColimaNow trying colima... nix profile install github:abiosoft/colima/f2c91a1b5bd4d0764ac3c4d889ad5d4d9837f639 Of course it is broken, it the default... what would be the fun right?! error: hash mismatch in fixed-output derivation '/nix/store/4y54rj0y2zfp1aq4d9d6cpgr16lkya7j-colima-go-modules.drv':
specified: sha256-lsTvzGFoC3Brnr1Q0Hl0ZqEDfcTeQ8vWGe+xylTyvts=
got: sha256-IQKfv+bwDQMuDytfYvirBfrmGexj3LGnIQjoJv1NEoU=
error: 1 dependencies of derivation '/nix/store/59cm2wgmc5cz9y2ifmkbzf6a553ikl70-colima.drv' failed to build |
podman machine
The status is:
https://blog.replit.com/nix-vs-docker
Fact: since https://github.com/containers/podman/releases/tag/v4.3.1 exists the static version.
TODO: watch
Volumes with podman machine
What may still be broken but unnoticed?
-v "$HOME/git:$HOME/git:ro,security_model=none"
Refs.:
Imperative way
In .yaml format
Refs.:
TODO:
Other
podman \ run \ --annotation=run.oci.keep_original_groups=1 \ --device=/dev/fuse:rw \ --device=/dev/kvm:rw \ --env="DISPLAY=${DISPLAY:-:0}" \ --group-add=keep-groups \ --hostname=container-nix \ --interactive=true \ --mount=type=tmpfs,tmpfs-size=3G,destination=/tmp \ --mount=type=tmpfs,tmpfs-size=2G,destination=/var/tmp \ --name=conteiner-unprivileged-nix \ --privileged=true \ --tty=true \ --userns=keep-id \ --rm=true \ --volume=/tmp/.X11-unix:/tmp/.X11-unix:ro \ localhost/alpine-with-nix:latest
Refs.:
Helper: TODO test it
Refs.:
TODO: try to help containers/podman#14303 (comment)
TODO: Test it
https://github.com/containers/podman/issues/18111#issuecomment-1520316665
TODO: make an patch with that commit and try override it in nix.
Other commads
TODO: read and try to make work
https://github.com/ES-Nix/get-nix/tree/draft-in-wip#single-user
https://github.com/ES-Nix/podman-rootless/tree/from-nixpkgs#podman-rootless
Refs.:
Adapted from: containers/podman#14303 (comment)
What about dowload the image upfront?
Refs.:
About socat
socat -u OPEN:/dev/null UNIX-CONNECT:"${XDG_RUNTIME_DIR}"/podman/podman-machine-default_ready.sock
From: https://unix.stackexchange.com/a/556790
socat -u OPEN:/dev/null UNIX-CONNECT:"${XDG_RUNTIME_DIR}"/podman/podman.sock
From: https://docs.podman.io/en/latest/markdown/podman-system-service.1.html
The text was updated successfully, but these errors were encountered: