systemd-nspawn may be used to run a command or OS in a light-weight namespace container. It is more powerful than chroot
debootstrap is a tool which will install a Debian base system into a subdirectory of another, already installed system. It doesn’t require an installation CD, just access to a Debian repository
sudo su
cd /var/lib/machines
yum install debootstrap
# Sample values.
DISTRO=stretch
MACH=my_container
Install base system.
$ debootstrap $DISTRO /var/lib/machines/$MACH
You need dbus for proper integration from the host.
$ chroot /var/lib/machines/$MACH apt install dbus
Now it is the time to do any other customisation directly on the filesystem (see below).
Place your customisations in the override file.
$ mkdir -p /etc/systemd/system/systemd-nspawn@$MACH.service.d/
$ echo $CUSTOM > /etc/systemd/system/systemd-nspawn@$MACH.service.d/override.conf
# Reload systemd, and enable and start the container.
$ systemctl daemon-reload
$ systemctl enable systemd-nspawn@$MACH
$ systemctl start systemd-nspawn@$MACH
# Profit!
$ machinectl shell $MACH /bin/bash
The override file is important if we want to use the containers in the same network namespace as the host.
The default configuration for systemd-nspawn uses the following arguments:
$ grep ExecStart /lib/systemd/system/systemd-nspawn@.service
ExecStart=/usr/bin/systemd-nspawn --quiet --keep-unit --boot --link-journal=try-guest --network-veth -U --settings=override --machine=%i
$ cat /etc/systemd/system/systemd-nspawn@$MACH.service.d/override.conf
[Service]
ExecStart=
ExecStart=/usr/bin/systemd-nspawn --quiet --keep-unit --boot --link-journal=try-guest -U --settings=override --machine=%i
$ cp /etc/hosts /etc/resolv.conf /var/lib/machines/$MACH/etc/$machinectl list-images
At this point your container is not running, so you can start your container with:
$machinectl start mycontainer
You should then see your container in the list of running containers:
$machinectl list
To invoke a shell to your container simply run:
$machinectl login mycontainer
And just like before you can terminate the connection to the container by hitting Ctrl+ ] three times.
If you are no longer going to use your container you can shut it down with this command:
$machinectl terminate container
Create below in file test_container.service
sudo vi /etc/systemd/system/test_container.service
[Unit]
Description=Test Container
[Service]
LimitNOFILE=100000
ExecStart=/usr/bin/systemd-nspawn --machine=test_container --directory=/var/lib/machines/my_container -b
Restart=always
[Install]
Also=dbus.service
Then run systecmctl start test_container
systemctl status test_container
machinectl list
machinectl login test_container
Could not login with command machinectl login mycontainer which throws error so use commands as below
sudo su
systemd-nspawn -M mycontainer
set password using passwdthis gives console access and then remove or backup /etc/securetty from the container which will allow root login on all ttys.
Once done use command machinectl login mycontainer and then login as root and with the password set before to get shell access to the container
Example 1. Download an Ubuntu image and open a shell in it
# machinectl pull-tar https://cloud-images.ubuntu.com/trusty/current/trusty-server-cloudimg-amd64-root.tar.gz
# systemd-nspawn -M trusty-server-cloudimg-amd64-rootThis downloads and verifies the specified .tar image, and then uses systemd-nspawn(1) to open a shell in it.
Example 2. Download a Fedora image, set a root password in it, start it as service
# machinectl pull-raw --verify=no http://ftp.halifax.rwth-aachen.de/fedora/linux/releases/31/Cloud/x86_64/images/Fedora-Cloud-Base-31-1.9.x86_64.raw.xz
# systemd-nspawn -M Fedora-Cloud-Base-20141203-21
# passwd
# exit
# machinectl start Fedora-Cloud-Base-20141203-21
# machinectl login Fedora-Cloud-Base-20141203-21dnf install nginx
sudo systemctl status nginx
sudo systemctl start nginx
conf file located at nginx.conf under /etc/nginx the conf files are usually under /etc/nginx/conf.dinstall systemd-nspawn on ubuntu or debian
sudo su
apt-get install systemd-container
machinectl pull-tar --verify=no http://dl-cdn.alpinelinux.org/alpine/v3.10/releases/x86_64/alpine-minirootfs-3.10.0-x86_64.tar.gz alp
machinectl