| 1 Apr 2023 |
 SomeoneSerge (Ever OOMed by Element) | In reply to @ryantalo:matrix.org
Kind of a meta question - I am trying to run static nix on an HPC cluster and am running into some roadblocks (with a custom path and disabling the sandbox as much as possible I am still running into permission denied errors - can't chroot or run bubblewrap); given that I have the ability to run arbitrary binaries - is there a way to disable all "special" path modification etc in such a way that common HPC access limitations can allow nix to still build derivations?
disable all "special" path modification etc
Hi, which path modifications are you referring to?
| 23:46:27 |
| 2 Apr 2023 |
 Ryan Swart | That describes using chroot - which I don't have permissions to do; nix seems to get to a point of reading/writing source files, and takes forever to work through them (like 5 mins+, log example here: https://gist.github.com/ryanswrt/3ebf02bd10e25319f153014698a14c63) and then eventually dies | 13:40:48 |
| 3 Apr 2023 |
| Ryan Swart | It ends up dying with error: setting up a private mount namespace: Operation not permitted | 00:50:04 |
 @jb:vk3.wtf | In reply to @ss:someonex.net
singularity run --bind /abc:/efg something.sif works, but I want to use singularity-tools.buildImage and that puts e.g. the shell into /nix/store, which then is hidden by the --bind =' i use singularity on a hpc to bind in a nix store, but not in conjunction with a singularity image as since i have a nix store in the container i just use the nix in that store | 01:19:37 |
| SomeoneSerge (Ever OOMed by Element) | In reply to @jb:vk3.wtf
i use singularity on a hpc to bind in a nix store, but not in conjunction with a singularity image as since i have a nix store in the container i just use the nix in that store Is it a prepoppulated store, or a writable image? | 11:15:52 |
|  @peddie:matrix.org joined the room. | 17:29:11 |
| @jb:vk3.wtf | I prepopulate a nix store in project/scratch area with a copy of nix then bind mount it in the container so it's writable | 20:53:52 |
| @jb:vk3.wtf | The singularity image I use is completely empty, really just using singularity to bind mount as there's no namespaces | 20:54:42 |
| 4 Apr 2023 |
 tpw_rules | i've done hax with singularity too. i need to document them sometime | 03:43:20 |
| Ryan Swart | Have you benched the performance profile of nix-in-singularity? How close is it to native? | 09:28:23 |
| @jb:vk3.wtf | no i haven't but i expect it to be close to native as it's just a bunch of binds handled by the kernel | 11:39:46 |
| SomeoneSerge (Ever OOMed by Element) | @jbedo do you also disable the sandbox?
I suppose what I'm seeing is nix trying to set up mount namespaces for the builds, but idk:
Singularity> nix-shell -p gh
error: executing shell '/nix/store/k4j76vg58c6j90s8l46kx3843vysx732-bash-interactive-5.2-p15/bin/bash': No such file or directory
Singularity> nix shell nixpkgs#gh
error: setting up a private mount namespace: Operation not permitted
Singularity>
| 17:00:50 |
| 6 Apr 2023 |
| Ryan Swart | Ok, managed to get things building + running using the singularity method jbedo described; alas inode limits are killing me now. It seems that nix build nixpkgs#hello is essentially evaluating every nix package for some reason; why would /nix/store/tmp-1759374-1/x/pkgs/development/python-modules/qimage2ndarray be getting built for a simple c binary otherwise... | 02:12:15 |
| @jb:vk3.wtf | In reply to @ss:someonex.net
@jbedo do you also disable the sandbox?
I suppose what I'm seeing is nix trying to set up mount namespaces for the builds, but idk:
Singularity> nix-shell -p gh
error: executing shell '/nix/store/k4j76vg58c6j90s8l46kx3843vysx732-bash-interactive-5.2-p15/bin/bash': No such file or directory
Singularity> nix shell nixpkgs#gh
error: setting up a private mount namespace: Operation not permitted
Singularity>
yeah i disable sandbox and a few other things that don't work on luster (WAL & luster.lov ACL) | 02:47:49 |
| @jb:vk3.wtf | In reply to @ryantalo:matrix.org
Ok, managed to get things building + running using the singularity method jbedo described; alas inode limits are killing me now. It seems that nix build nixpkgs#hello is essentially evaluating every nix package for some reason; why would /nix/store/tmp-1759374-1/x/pkgs/development/python-modules/qimage2ndarray be getting built for a simple c binary otherwise... it shouldn't be building anything you don't need, but it does need to unpack nixpkgs which might be your problem since there's quite a lot of files | 02:49:23 |
| 7 Apr 2023 |
|  Aaron Siddhartha Mondal joined the room. | 03:56:57 |
| 24 Apr 2023 |
|  @emilytrau:matrix.org changed their display name from emilytrau (she/her) to emilytrau. | 08:37:39 |
| 1 May 2023 |
|  @twesterhout:matrix.org joined the room. | 12:46:05 |
| 2 May 2023 |
| @twesterhout:matrix.org | Hello, has anybody managed to run MPI-aware applications via nix-portable or Nixie on an HPC cluster where Nix isn't installed? Single-node executables work fine, but I'm struggling to do anything with multi-node stuff. Currently trying to go through Singularity with pkgs.singularity-tools, but no luck so far. So if anybody has an example, that'd very much appreciated. | 07:33:55 |
| 18 May 2023 |
|  @yuu:matrix.org joined the room. | 14:04:45 |
| @yuu:matrix.org left the room. | 14:13:45 |
| 20 May 2023 |
|  ShamrockLee (Yueh-Shun Li) joined the room. | 03:41:55 |
|  @tp:inreto.de joined the room. | 07:12:22 |
| @tp:inreto.de changed their display name from tp to posch. | 07:13:58 |
| ShamrockLee (Yueh-Shun Li) | In reply to @twesterhout:matrix.org
Hello, has anybody managed to run MPI-aware applications via nix-portable or Nixie on an HPC cluster where Nix isn't installed? Single-node executables work fine, but I'm struggling to do anything with multi-node stuff. Currently trying to go through Singularity with pkgs.singularity-tools, but no luck so far. So if anybody has an example, that'd very much appreciated. I'm not familliar with MPI. Does it rely on certain device file or top-level directory? | 12:49:27 |
| 21 May 2023 |
| ShamrockLee (Yueh-Shun Li) changed their display name from Yueh-Shun Li to Yueh-Shun Li (Shamrock). | 19:02:31 |
| 23 May 2023 |
| SomeoneSerge (Ever OOMed by Element) changed their display name from Someone S to Someone (hates setup hooks). | 09:58:24 |
| 26 May 2023 |
| SomeoneSerge (Ever OOMed by Element) changed their display name from Someone (hates setup hooks) to Someone (still unhappy about setup hooks but oh well). | 10:47:06 |
| 27 May 2023 |
|  NixOS Moderation Botchanged room power levels. | 16:40:16 |
| 7 Jun 2023 |
| ShamrockLee (Yueh-Shun Li) changed their display name from Yueh-Shun Li (Shamrock) to ShamrockLee (Yueh-Shun Li). | 08:52:41 |
