From mboxrd@z Thu Jan  1 00:00:00 1970
From: Christopher Baines <mail@cbaines.net>
Subject: Re: Building Docker images of GuixSD
Date: Mon, 27 Nov 2017 22:13:25 +0000
Message-ID: <87609vid4q.fsf@cbaines.net>
References: <87bmldavre.fsf@gmail.com> <87efq8pwrf.fsf@gnu.org>
	<87mv4viknx.fsf@gmail.com> <87she5kz6i.fsf@gmail.com>
	<87inez3tnb.fsf_-_@gnu.org> <87tvyg9g5f.fsf@gmail.com>
	<87o9ogsp9j.fsf@gnu.org> <87y3ngvuyd.fsf@gmail.com>
Mime-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
	micalg=pgp-sha512; protocol="application/pgp-signature"
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:53290)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <mail@cbaines.net>) id 1eJRej-000520-WD
	for guix-devel@gnu.org; Mon, 27 Nov 2017 17:13:39 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <mail@cbaines.net>) id 1eJRef-000330-0q
	for guix-devel@gnu.org; Mon, 27 Nov 2017 17:13:37 -0500
In-reply-to: <87y3ngvuyd.fsf@gmail.com>
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel/>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
To: Chris Marusich <cmmarusich@gmail.com>
Cc: guix-devel@gnu.org

--=-=-=
Content-Type: text/plain


Chris Marusich writes:

> Hi Ludo and others following along,

...

> Thanks for reading this far.  I look forward to hearing your thoughts!

Awesome stuff Chris, I've tried this myself, on a Debian machine with
Docker installed.

I struggled getting root, as su and sudo didn't seem to work, until I
realised I could just replace alice with root in the "docker exec"
command...

Anyway, when I got root, I could tell that the system hadn't come up
correctly. The problem seemed to be related to cgroups.

  root@komputilo /# mount -t cgroup /sys/fs/cgroup/cpu
  mount: /sys/fs/cgroup/cpu: cgroup already mounted on
  /sys/fs/cgroup/systemd.

  root@komputilo /# herd status
  Started:
   + file-system-/sys/fs/cgroup/perf_event
   + file-system-/dev/shm
   + host-name
   + root
   + file-system-/sys/fs/cgroup
   + file-system-/sys/fs/cgroup/cpuset
   + file-system-/dev/pts
   + user-file-systems
   + root-file-system
   + file-system-/gnu/store
   + file-system-/sys/fs/cgroup/freezer
   + file-system-/sys/fs/cgroup/memory
   + file-system-/sys/fs/cgroup/devices
   + file-system-/sys/fs/cgroup/blkio
  Stopped:
   - file-system-/sys/fs/cgroup/hugetlb
   - file-system-/sys/fs/cgroup/cpuacct
   - file-system-/sys/fs/cgroup/cpu
   - guix-daemon
   - file-systems
   - syslogd
   - urandom-seed
   - nscd
   - user-homes
   - user-processes

  root@komputilo /# herd start guix-daemon
  herd: exception caught while executing 'start' on service 'file-system-/sys/fs/cgroup/cpu':
  ERROR: In procedure mount: mount "cgroup" on "///sys/fs/cgroup/cpu": Device or resource busy


I changed the %base-file-systems in the very-bare-bones system with
%container-file-systems, and then things started working.

I tried without privileged mode, and got a error related to the firmware
service. This isn't included when you build call
operating-system-derivation with the #:container? #t argument, and sure
enough I was able to get the system up without the Docker --privileged
flag. I think Ludo mentioned this in his reply.

Unfortunately, while I could get a shell using "docker exec ...", I had
to start the guix-daemon manually as the shepherd service didn't seem to
work, at least initially. Also, when I had started it, I tried
installing a package, and there was some promising output to start off
with, but then it failed with:

  guix package: error: build failed: cloning builder process: Operation
  not permitted

Anyway, this is all pretty great! Awesome work getting this far. I'm
very excited to see what services will run this way, as Docker could
provide, albeit with some overhead, a layer of interoperability between
software that can handle Docker containers, and Guix.

Thanks again,

Chris

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEPonu50WOcg2XVOCyXiijOwuE9XcFAlocjgVfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDNF
ODlFRUU3NDU4RTcyMEQ5NzU0RTBCMjVFMjhBMzNCMEI4NEY1NzcACgkQXiijOwuE
9XdUBg/+L1B3jQFWLuxN+Ijvyt0g9Fop11KPxVK7B3Wmocn/AKAjMJV3X6Mv5IM+
MpOBbW9j+mpBr50nIA5qmfN26g82THs8SNo2qex7l/wkPlh2ciLm+ZP7gt3tYw/I
mVHzKvyXXZPg/pTckO2KZWXQgoRwEz3dzqZyloBO7z20HILNSsSZDIJ3BdTGqruX
NpIv65vUSNf4tHKRs1xRYJNA8kn8whd+jNRJFO/Hp842o80+Main2GON25xLCbVQ
SHUiWfuLzpXMyUHwQqv9/kgcaLNhK6HVvD35CjjN8KUIO64rERT+dFy/tCGap1Bk
kYY7ym7zyG/p1kxIodvV/0BYwXvNBPezBT2HTHUMAsOO9EiM4Qt8aKsdtivyUMQ1
rv0oD+0I7A6oWp+y/CgPLs95ZYYvxCQIvD+rbGnm+zXvi6wrpaYwb78MpoNpXgoy
mPVWWRq8SH0xzpqm2KChZrwl8SjWHaaPx3b0zDkk2iv+729k99ZWWWqM91PZO+kU
mCOBSYZ7/z2/FuWrMBjbGcri9UCvm3WUdmAYOSHyk5G/vY6x9IjEA/A9LYNRnkOm
wwlfJwhEd9b9ZrzgzWwv5U04idhNdxIuenHrTIuSXCDStMVilEG501VyJ15KkrpQ
iie9S2GlVMMvepEFRVU5yihL0iBWuC9bvPmGhFziU65kOItlp9M=
=yNfa
-----END PGP SIGNATURE-----
--=-=-=--