trentdocs_website/site/nspawn/index.html

348 lines
12 KiB
HTML

<!DOCTYPE html>
<!--[if IE 8]><html class="no-js lt-ie9" lang="en" > <![endif]-->
<!--[if gt IE 8]><!--> <html class="no-js" lang="en" > <!--<![endif]-->
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link rel="shortcut icon" href="../img/favicon.ico">
<title>Nspawn - Trent Docs</title>
<link href='https://fonts.googleapis.com/css?family=Lato:400,700|Roboto+Slab:400,700|Inconsolata:400,700' rel='stylesheet' type='text/css'>
<link rel="stylesheet" href="../css/theme.css" type="text/css" />
<link rel="stylesheet" href="../css/theme_extra.css" type="text/css" />
<link rel="stylesheet" href="../css/highlight.css">
<script>
// Current page data
var mkdocs_page_name = "Nspawn";
var mkdocs_page_input_path = "nspawn.md";
var mkdocs_page_url = "/nspawn/";
</script>
<script src="../js/jquery-2.1.1.min.js"></script>
<script src="../js/modernizr-2.8.3.min.js"></script>
<script type="text/javascript" src="../js/highlight.pack.js"></script>
</head>
<body class="wy-body-for-nav" role="document">
<div class="wy-grid-for-nav">
<nav data-toggle="wy-nav-shift" class="wy-nav-side stickynav">
<div class="wy-side-nav-search">
<a href=".." class="icon icon-home"> Trent Docs</a>
<div role="search">
<form id ="rtd-search-form" class="wy-form" action="../search.html" method="get">
<input type="text" name="q" placeholder="Search docs" />
</form>
</div>
</div>
<div class="wy-menu wy-menu-vertical" data-spy="affix" role="navigation" aria-label="main navigation">
<ul class="current">
<li class="toctree-l1">
<a class="" href="..">Home</a>
</li>
<li class="toctree-l1">
<a class="" href="../lxd_container_home_server_networking_for_dummies/">LXD Container Home Server Networking For Dummies</a>
</li>
<li class="toctree-l1">
<a class="" href="../serve_and_share_apps_from_your_phone_with_fdroid/">Serve And Share Apps From Your Phone With Fdroid</a>
</li>
<li class="toctree-l1 current">
<a class="current" href="./">Nspawn</a>
<ul class="subnav">
<li class="toctree-l2"><a href="#nspawn-containers">Nspawn Containers</a></li>
<ul>
<li><a class="toctree-l3" href="#create-a-filesystem">Create a FileSystem</a></li>
<li><a class="toctree-l3" href="#first-boot-and-create-root-password">First boot and create root password</a></li>
<li><a class="toctree-l3" href="#networking">Networking</a></li>
<li><a class="toctree-l3" href="#automatically-starting-the-container">Automatically Starting the Container</a></li>
<li><a class="toctree-l3" href="#initial-configuration-inside-the-container">Initial Configuration Inside The Container</a></li>
<li><a class="toctree-l3" href="#final-observations">Final Observations</a></li>
</ul>
</ul>
</li>
<li class="toctree-l1">
<a class="" href="../mastodon_on_arch/">Mastodon on Arch</a>
</li>
<li class="toctree-l1">
<a class="" href="../debian_nspawn_container_on_arch_for_testing_apache_configurations/">Debian Nspawn Container On Arch For Testing Apache Configurations</a>
</li>
<li class="toctree-l1">
<a class="" href="../dynamic_cacheing_nginx_reverse_proxy_for_pacman/">Dynamic Cacheing Nginx Reverse Proxy For Pacman</a>
</li>
<li class="toctree-l1">
<a class="" href="../freebsd_jails_on_freenas/">FreeBSD Jails on FreeNAS</a>
</li>
<li class="toctree-l1">
<a class="" href="../arch_redis_nspawn/">Quick Dirty Redis Nspawn Container on Arch Linux</a>
</li>
<li class="toctree-l1">
<a class="" href="../arch_postgresql_nspawn/">Quick Dirty Postgresql Nspawn Container on Arch Linux</a>
</li>
<li class="toctree-l1">
<a class="" href="../self_signed_certs/">Self Signed Certs</a>
</li>
</ul>
</div>
&nbsp;
</nav>
<section data-toggle="wy-nav-shift" class="wy-nav-content-wrap">
<nav class="wy-nav-top" role="navigation" aria-label="top navigation">
<i data-toggle="wy-nav-top" class="fa fa-bars"></i>
<a href="..">Trent Docs</a>
</nav>
<div class="wy-nav-content">
<div class="rst-content">
<div role="navigation" aria-label="breadcrumbs navigation">
<ul class="wy-breadcrumbs">
<li><a href="..">Docs</a> &raquo;</li>
<li>Nspawn</li>
<li class="wy-breadcrumbs-aside">
</li>
</ul>
<hr/>
</div>
<div role="main">
<div class="section">
<h1 id="nspawn-containers">Nspawn Containers</h1>
<p><a href="https://wiki.archlinux.org/index.php/Systemd-nspawn">This Link For Arch Linux Wiki for Nspawn Containers</a></p>
<p>I like the idea of starting with the easy containers first.</p>
<h3 id="create-a-filesystem">Create a FileSystem</h3>
<pre><code class="bash">cd /var/lib/machines
# create a directory
mkdir &lt;container&gt;
# use pacstrap to create a file system
pacstrap -i -c -d &lt;container&gt; base --ignore linux
</code></pre>
<p>At this point you might want to copy over some configs to save time later.</p>
<ul>
<li>/etc/locale.conf</li>
<li>/root/.bashrc</li>
<li>/etc/locale.gen</li>
</ul>
<h3 id="first-boot-and-create-root-password">First boot and create root password</h3>
<pre><code class="bash">systemd-nspawn -b -D &lt;container&gt;
passwd
# assuming you copied over /etc/locale.gen
locale-gen
# set timezone
timedatectl set-timezone &lt;timezone&gt;
# enable network time
timedatectl set-ntp 1
# enable networking
systemctl enable systemd-networkd
systemctl enable systemd-resolved
poweroff
# if you want to nat the container add *-n* flag
systemd-nspawn -b -D &lt;container&gt; -n
# and to bind mount the package cache
systemd-nspawn -b -D &lt;container&gt; -n --bind=/var/cache/pacman/pkg
</code></pre>
<h3 id="networking">Networking</h3>
<p>Here's a link that skips ahead to <a href="#automatically-starting-the-container">Automatically Starting the Container</a></p>
<p>On Arch, assuming you have systemd-networkd and systemd-resolved
set up correctly, networking from the host end of things should
just work.<br />
However on Linode it does not. What does work on Linode is to create
a bridge interface. Two files for br0 will get the job done.</p>
<pre><code class="text"># /etc/systemd/network/50-br0.netdev
[NetDev]
Name=br0
Kind=bridge
</code></pre>
<pre><code class="text"># /etc/systemd/network/50-br0.netdev
[Match]
Name=br0
[Network]
Address=10.0.55.1/24 # arbitrarily pick a subnet range to taste
DHCPServer=yes
IPMasquerade=yes
</code></pre>
<p>Notice how the configuration file tells systemd-networkd to offer
DHCP service and to perform masquerade. You can modify the <code>systemd-nspawn</code>
command to use the bridge interface. Every container attached to this bridge
will be on the same subnet and able to talk to each other.</p>
<pre><code class="bash"># first restart systemd-networkd to bring up the new bridge interface
systemctl restart systemd-networkd
# and add --network-bridge=br0 to systemd-nspawn command
systemd-nspawn -b -D &lt;container&gt; --network-bridge=br0 --bind=/var/cache/pacman/pkg
</code></pre>
<h3 id="automatically-starting-the-container">Automatically Starting the Container</h3>
<p>Here's a link back up to <a href="#networking">Networking</a>
in case you previously skipped ahead.</p>
<p>There are two ways to automate starting the container. You can override
<code>systemd-nspawn@.service</code> or create an <em>nspawn</em> file. </p>
<p>First enable machines.target</p>
<pre><code class="bash"># to override the systemd-nspawn@.service file
cp /lib/systemd/system/systemd-nspawn@.service /etc/systemd/system/systemd-nspawn@&lt;container&gt;.service
</code></pre>
<p>Edit <code>/etc/systemd/system/systemd-nspawn@&lt;container&gt;.service</code> to add the <code>systemd-nspawn</code> options
you want to the <code>ExecStart</code> command.</p>
<p>Or create <code>/etc/systemd/nspawn/&lt;container&gt;.nspawn</code></p>
<pre><code class="text"># /etc/systemd/nspawn/&lt;container&gt;.nspawn
[Files]
Bind=/var/cache/pacman/pkg
[Network]
Bridge=br0
</code></pre>
<pre><code class="text"># /etc/systemd/nspawn/&lt;container&gt;.nspawn
[Files]
Bind=/var/cache/pacman/pkg
[Network]
VirtualEthernet=1 # this seems to be the default sometimes, though
</code></pre>
<pre><code class="bash"># in either case
systemctl start/enable systemd-nspawn@&lt;container&gt;
# to get a shell
machinectl shell &lt;container&gt;
# and then to get an environment
bash
</code></pre>
<p>This would be a good time to check for network and name resolution,
symlink resolv.conf if need be.</p>
<h3 id="initial-configuration-inside-the-container">Initial Configuration Inside The Container</h3>
<pre><code class="bash"># set time zone if you don't want UTC
timedatectl set-timezone &lt;timezone&gt;
# enable ntp, networktime
timedatectl set-ntp 1
# enable networking from inside the container
systemctl enable systemd-networkd
systemctl start systemd-networkd
systemctl enable systemd-resolved
systemctl start systemd-resolved
rm /etc/resolv.conf
ln -s /run/systemd/resolve/resolv.conf /etc/
# ping google
ping -c 3 google.com
</code></pre>
<p><a href="https://wiki.archlinux.org/index.php/locale">If you want to change the locale</a></p>
<h2 id="final-observations">Final Observations</h2>
<ul>
<li>You can start/stop nspawn containers with <code>machinectl</code> command. </li>
<li>You can start nspawn containers with <code>systemd-nspawn</code> command.</li>
<li>You can configure the systemd service for a container with @nspawn.service file override</li>
<li>Or you can configure an nspawn container with a dot.nspawn file</li>
</ul>
<p>But in regards to the above list
I have noticed differences in behaviour,
in some scenarios, concerning file attributes
for bind mounts.</p>
<p>Another curiosity: when you have nspawn containers natted on VirtualEthernet connections,
they might be able to ping each other at 10.x.y.z, but not resolve each other. But they might
be able to resolve each other if they are all connected to the same bridge interface or nspawn
network zone, but will randomly resolve each other in any of the 10.x.y.z, 169.x.y.z,
or fe80::....:....:....%host (ipv6 local) spaces, which would complicate configuring the containers
to talk to each other. But I intend to look into this some more.</p>
</div>
</div>
<footer>
<div class="rst-footer-buttons" role="navigation" aria-label="footer navigation">
<a href="../mastodon_on_arch/" class="btn btn-neutral float-right" title="Mastodon on Arch">Next <span class="icon icon-circle-arrow-right"></span></a>
<a href="../serve_and_share_apps_from_your_phone_with_fdroid/" class="btn btn-neutral" title="Serve And Share Apps From Your Phone With Fdroid"><span class="icon icon-circle-arrow-left"></span> Previous</a>
</div>
<hr/>
<div role="contentinfo">
<!-- Copyright etc -->
</div>
Built with <a href="http://www.mkdocs.org">MkDocs</a> using a <a href="https://github.com/snide/sphinx_rtd_theme">theme</a> provided by <a href="https://readthedocs.org">Read the Docs</a>.
</footer>
</div>
</div>
</section>
</div>
<div class="rst-versions" role="note" style="cursor: pointer">
<span class="rst-current-version" data-toggle="rst-current-version">
<span><a href="../serve_and_share_apps_from_your_phone_with_fdroid/" style="color: #fcfcfc;">&laquo; Previous</a></span>
<span style="margin-left: 15px"><a href="../mastodon_on_arch/" style="color: #fcfcfc">Next &raquo;</a></span>
</span>
</div>
<script src="../js/theme.js"></script>
</body>
</html>