systemd-nspawn

Posted on Sa 30 Juli 2011 in Notebook

Systemd

Kernel

You need support for namespaces and multiple devpts instances in your kernel:

CONFIG_UTS_NS=y
CONFIG_IPC_NS=y
CONFIG_USER_NS=y
CONFIG_PID_NS=y
CONFIG_NET_NS=y
CONFIG_DEVPTS_MULTIPLE_INSTANCES=y

Container

Downloading the Stage Tarball:

mkdir /var/lib/machines/gentoo-stage3-amd64 && cd /var/lib/machines/gentoo-stage3-amd64
wget https://gentoo.osuosl.org/releases/amd64/autobuilds/current-stage3-amd64/stage3-amd64-\*.tar.xz
tar xpvf stage3-*.tar.xz --xattrs-include='*.*' --numeric-owner

Install systemd:

systemd-nspawn -D /var/lib/machines/gentoo-stage3-amd64
emerge-webrsync
USE=systemd emerge --deep --newuse --ask  @system
passwd
exit
systemd-nspawn -D /var/lib/machines/gentoo-stage3-amd64 -b

Symlink mtab and clear fstab to prevent warnings:

ln -sf '/proc/self/mounts' '/etc/mtab'
echo "" > /etc/fstab

Remove securetty from pam otherwise machinectl login doesn't work:

sed -i '/pam_securetty.so/d' /etc/pam.d/login

Additional mounts:

/usr/bin/systemd-nspawn --machine=gentoo-stage3-amd64 \
        --boot \
        --bind-ro=/var/portage \
        --bind=/var/tmp/portage

Enable direct rendering and pulseaudio in a 32bit container, configured in /etc/systemd/nspawn/gentoo-stage3-i686.nspawn

[Exec]
Personality=x86
Boot=1

[Files]
BindReadOnly=/var/portage
Bind=/var/tmp/portage

# for nvidia-install
BindReadOnly=/usr/src

# enable nvidia-opengl
Bind=/tmp/.X11-unix
Bind=/dev/dri
Bind=/dev/shm
Bind=/dev/nvidia0
Bind=/dev/nvidiactl
Bind=/dev/nvidia-modeset

# enable pulseaudio
Bind=/run/user/1000/pulse:/run/user/host/pulse

To log in:

machinectl shell USER@gentoo-stage3-i686 --setenv=DISPLAY=:1 --setenv=PULSE_SERVER=unix:/run/user/host/pulse/native

machinectl and unit file:

[OVERRIDDEN] /etc/systemd/system/systemd-nspawn@.service → /usr/lib/systemd/system/systemd-nspawn@.service

--- /usr/lib/systemd/system/systemd-nspawn@.service
+++ /etc/systemd/system/systemd-nspawn@.service
@@ -13,7 +13,7 @@
 After=network.target

 [Service]
-ExecStart=/usr/bin/systemd-nspawn --quiet --keep-unit --boot --link-journal=try-guest --network-veth --settings=override --machine=%I
+ExecStart=/usr/bin/systemd-nspawn --quiet --keep-unit --boot --link-journal=guest --settings=override --machine=%I
 KillMode=mixed
 Type=notify
 RestartForceExitStatus=133
@@ -35,5 +35,11 @@
 DeviceAllow=/dev/pts/ptmx rw
 DeviceAllow=char-pts rw

+DeviceAllow=/dev/dri rw
+DeviceAllow=/dev/shm rw
+DeviceAllow=/dev/nvidia0 rw
+DeviceAllow=/dev/nvidiactl rw
+DeviceAllow=/dev/nvidia-modeset rw
+
 [Install]
 WantedBy=machines.target

chroot

mount --types proc /proc /mnt/gentoo/proc
mount --rbind /sys /mnt/gentoo/sys
mount --make-rslave /mnt/gentoo/sys
mount --rbind /dev /mnt/gentoo/dev
mount --make-rslave /mnt/gentoo/dev
chroot /mnt/gentoo /bin/bash
env-update
source /etc/profile
export PS1="(chroot) $PS1"

to install/update grub: mount /boot in chroot!

flushing the environment during chroot

env -i HOME=$HOME TERM=$TERM chroot /mnt/gentoo /bin/bash

notebook linux utilities