-
Notifications
You must be signed in to change notification settings - Fork 896
MountTag hashing using ":" instead of "\0" separator #5081
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Open
ciderale
wants to merge
1
commit into
lima-vm:master
Choose a base branch
from
ciderale:mount-tag-nonnull-separator
base: master
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
+1
−1
Open
Changes from all commits
Commits
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The hash is expected to be stable across versions, so I don't think we can accept this change.
Why does https://github.com/ciderale/nixos-lima need to compute the hash by itself?
If it is really necessary it may invoke another scripting language such as bash or Python
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for the quick reply. In NixOS, the aim is to declaratively define the system configuration using the nix language and its module system. My nixos-lima setup can essentially avoid configuration via cloud-init (except for writing the "lima-boot-done" files). Technically, there is a way to call external programs and read them back into the nix configuration, but that should generally be avoided and causes other issues in this MacOS/Linux setup.
My impression was, that the mountTag is an opaque implementation detail as cloud-init gets the tag as configuration and mounts them accordingly. I was more worried, that my implementation now depends on this hashing -- I have a locally patched lima version. Is there a possibility to change that in some (not too far) future version?
Another idea was: Would it make sense to allow to provide a mountTag in the configuration explicitly? The current hash computation would be used if no mountTag was specified. That would be a bit more of a change, but that way, there is no coupling to this hashing.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't quite understand the issue: if you don't use the tag generated by Lima, then it shouldn't matter what kind of tag you calculate in Nix, as long as it is stable. Why do they have to match?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Lima-vm is "registering" the tags that eventually are "mountable" in the guest -- the tag is kind of the interface.
The NixOS configuration only does the latter. With my lima-nixos configuration, I also generate the lima configuration yaml. However, since the mountTag is currently not configurable in the lima configuration, I have to match the hashing scheme.
With the idea of making the mountTag configurable (in lima.yaml), my nix configuration could define both sides. In that case, there would not be a need to match the hashing.
Making the mountTag (optionally) configurable would be backward compatible, I suppose. The hashing would be used if the configuration has no explicit mountTag. But it is slightly more complex than changing the separator and one still had to use some hashing to configure the mountTag.
May I ask, in which scenario would a change of the hashing (as in this PR) have a noticeable impact? I currently don't see it, but I guess you have a concrete example where it matters.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The whole point of switching from an index to a hash (c30cc31) was to have a stable mapping across reboots, so
fstabentries would remain correct early during the boot, even before cloud-init is being processed. Otherwise you would need 2 reboot cycles when the mounts changed.Changing the hashing function would break existing instances when you upgrade Lima.
I still don't understand why Nix can't extract the tags from
user-data, which should get written even if you don't use cloud-init. You should never need to recompute hash values in the guest; they should be opaque tags. The fact that they are hashes is an implementation detail.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let me close this PR, feel free to open a new one for defining the tag in the yaml
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Given that changing the hashing algorithm is not going to break existing instance (they will all remount because all the tags have changed, so there should be no risk of mounting the wrong device), isn't it better not to expose this implementation detail to the end user (well, template author)?
Because now a Nix user would have to manually specify a tag for each mount point.
So unless I misunderstand that changing the hash doesn't break anything, I would prefer the fix from the current PR.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Was it confirmed that it does not leave old entries in fstab?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry, I totally misunderstood that this calculation happens again on the host and not inside the guest.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It was not confirmed yet, and I had no chance to try, but it sounded convincing:
fstab.This was a problem before because the tags were re-used and would point to the wrong location. The mounts were not removed during reboot because the tag, e.g.
mount1still existed, it just now pointed somewhere else.But with a changed hash function, none of the old tags should exist anymore, so
fstabshould be clean by the timecloud-initstarts.It is like deleting all mounts and adding them all back in a single boot cycle.