[Nix-dev] [RFC] Declarative Virtual Machines

Volth volth at volth.com
Sat Apr 22 23:07:57 CEST 2017 

Hello.

There are few objections against qemu with shared /nix/store:

1. It is fast to create but slow to run. Boot time with shared
/nix/store is about twice slow than with everything on qcow2.

2. 9P is unstable, every couple of months there is a new bug (real
bugs, not CVEs: wrong data read, the driver got stuck, etc)

3. host GC cannot see the runtime roots inside the VM, so all the
guest system closures from its last boot should be preserved from host
GC. It may be tricky to debug.


Also, the whole idea could be splited to simpler building blocks and
generalized to use with Virtualbox and different kind of containers.
One of the block could be, say, "nix-slave" - the NixOS install which
is always configured on an external machine and then run inside VM or
container or deployed to the cloud.
So it cannot do "nixos-rebuild" from inside and has limited set of
features, no profiles (no need to "boot previous version" if the
previous version could be written to the .qcow2 of a powered-off VM),
no "nix-env", etc
Then, a tool to make container/VM out of configuation.
Then, a VM-agnistic tool to configure network of that slaves.

Well, it sounds very familiar.
We indeed have this pattern in so many places: NixOS containers,
NixOps, test-driver, "nixos-install build-vm", runInLinuxVM,
make-disk-image.nix, your proposal, etc
Each of them solves one narrow task and the code is not reuseful. For
example, when I need to create .qcow2 outside the nix store, or
install/repair nixos on exising .qcow2, I end up writing by own set of
tools (or using RedHat's libguestfs, which is... another VM appliance)
Perhaps, there could be some common ground which unifies that kind of
tasks as an alternative to creating new bloated tools with many
options?

On 4/22/17, Leo Gaspard <leo at gaspard.io> wrote:
> Hello world!
>
> Just wanting to bump [1] ; as I opened it two weeks ago and still don't
> have a single comment, despite trying to put the link on IRC twice. (and
> I don't really get whether these "thumbs up" mean "good to go")
>
> So here it is, feel free to say I'm advocating nonsense, I just don't
> really know what to do next :)
>
> Cheers,
> Leo
>
>
> [1] https://github.com/NixOS/rfcs/pull/12
>
>

More information about the nix-dev mailing list