Not today... - Systemd-nspawn

Tue May 19 2015

comments

Systemd-nspawn

I am a huge fan of docker for my dev environments, it helps me keeping things clear and understanding what are the ressources needed for a project. A few month ago a friend told me that there already is a similar feature on Linux, and this feature is systemd-nspawn.

Creating your first container

So like docker I wanted to first start a container. Nspawn has no environment so everything has to be done “by hand”. First, as long as we do not have any registery we need to retrieve an “image” of the distribution we need.

(all the commands are ran on behalf of the root user)

apt-get install debootstrap
debootstrap --arch=amd64 stable /tmp/my-debian-machine

This is a quite long to retrieve, so you can go and take a coffee during the download ;)

Now, we have a folder containing the debian basic configuration, we can “spawn” it.

systemd-nspawn -D /tmp/my-debian-machine

And that’s it! You now have your own container up and running. The main difference is that, it is not running on AUFS, and every change will be definitive.

Your machine is now visible if you run machinectl.

Booting a container like a real VM

Now, we will see a feature that I didn’t find in docker, the ability to boot your system.

systemd-nspawn -D /tmp/my-debian-machine -b

And a prompt will appear, so to log in just ’type the root password’. I’m sure you forget to set that before ;). Just stop your container, relaunch it without boot and set the password.

# stop the container
machinectl poweroff my-debian-machine
# launch without boot
systemd-nspawn -D /tmp/my-debian-machine

# when you have the prompt type a new password
passwd

Now, you can reboot and loggin normally. And the most interesting thing about the normal boot, is that now you can profit of all the power of systemd.

Autologin at startup

I have a normal boot, so I have to loggin, but I am in a container and I want to automatically be logged when I start it.

So, here is how we can do, note: I have tested it on a debian image, the path may not been the same:

When we connect into our container we are using the system console, so we will override the systemd service handling the console to force the autologin. In linux, the console manager is getty and the service dedicated to the console is console-getty@.service

To override a service, you just have to create a service_name.service.d directory in /etc/systemd/system and a file whatever_name.conf.

So, I created the dedicated file and put this inside:

# /etc/systemd/system/console-getty.service.d/autologin.conf
[Service]
ExecStart=
ExecStart=-/sbin/agetty --noclear --autologin root --keep-baud console 115200,38400,9600 $TERM

The first ExecStart= clean the old call so that we can override it in the following line.

First conclusion

Systemd-nspawn comes with great features and is directly shipped in the system, it is a good tool for stuff you want to do in a closed environment. I wanted to ship Steam in a Docker container after reading this, but I think I will use systemd instead.

For development, I will continue to stick with Docker because of the ecosystem and the community. I have started to use docker-compose and it allows a lot of interesting suffs.