LoginSignup
1
5

More than 5 years have passed since last update.

@ftakao2007(san Fukui)

systemd-nspawn覚書

Last updated at Posted at 2017-04-23

概要

systemd-nspawnの覚書です。Arch Linuxでやりたいところですが、基本的には業務で良く使うCentOS7でやります

インストール

### updateする
$ sudo yum update

### grubの設定変更
### rhgb quietの前に「audit=0」を追加しただけ。それ以外はデフォルト
$ sudo vi /etc/default/grub
================================================
GRUB_TIMEOUT=5
GRUB_DEFAULT=saved
GRUB_DISABLE_SUBMENU=true
GRUB_TERMINAL_OUTPUT="console"
GRUB_CMDLINE_LINUX="rd.lvm.lv=centos/root rd.lvm.lv=centos/swap audit=0 rhgb quiet"
GRUB_DISABLE_RECOVERY="true"
================================================

### grubを再構成して再起動
$ sudo grub2-mkconfig -o /boot/grub2/grub.cfg
================================================
Generating grub configuration file ...
Found linux image: /boot/vmlinuz-3.10.0-229.el7.x86_64
Found initrd image: /boot/initramfs-3.10.0-229.el7.x86_64.img
Found linux image: /boot/vmlinuz-0-rescue-c746b24aa74d470789d9d3714c6df50a
Found initrd image: /boot/initramfs-0-rescue-c746b24aa74d470789d9d3714c6df50a.img
done
================================================
$ sudo shutdown -r now

### コンテナ格納用ディレクトリの作成
$ sudo mkdir /var/lib/systemd-nspawn

### コンテナの作成
### 最小構成
$ sudo yum -y --releasever=7 --nogpgcheck --installroot=/var/lib/systemd-spawn/centos7_container --disablerepo='*' --enablerepo=base install systemd yum passwd sudo vim-minimal

### 自分的必要なツールコミコミ
$ sudo yum -y --releasever=7 --nogpgcheck --installroot=/var/lib/systemd-spawn/centos7_container --disablerepo='*' --enablerepo=base install systemd yum passwd sudo vim-minimal gcc make gcc-c++ wget git openssh-clients openssh-server telnet traceroute perl patch tcpdump screen bind-utils strace sysstat lsof mailx zip bzip2 unzip net-tools pv which yum-cron rsyslog iputils 


### コンテナを起動し、コンテナに入る
### 警告はsystemdのバージョンが上がると表示されなくなる予定なのでスルー
$ sudo systemd-nspawn -D /var/lib/systemd-spawn/centos7_container
================================================
Spawning container centos7_container on /var/lib/systemd-spawn/centos7_container.
Press ^] three times within 1s to kill container.
Failed to create directory /var/lib/systemd-spawn/centos7_container//sys/fs/selinux: No such file or directory
Failed to create directory /var/lib/systemd-spawn/centos7_container//sys/fs/selinux: No such file or directory
-bash-4.2#
================================================

### rootパスワードの設定
### 簡単なパスワードなのでWarningが出てます
### machinectlのコンソールからは何故かrootでログインできないが一応設定
-bash-4.2# passwd
================================================
Changing password for user root.
New password:
BAD PASSWORD: The password is shorter than 8 characters
Retype new password:
passwd: all authentication tokens updated successfully.
================================================

### ユーザの作成
# useradd joruri -G wheel -m

### ユーザのパスワード設定
# passwd joruri
================================================
Changing password for user joruri.
New password:
BAD PASSWORD: The password is shorter than 8 characters
Retype new password:
passwd: all authentication tokens updated successfully.
================================================


### exitで出た後にデーモンモードで起動
-bash-4.2# exit
================================================
logout
Container centos7_container exited successfully.
================================================

$ sudo vi /etc/systemd/system/centos7_container.service
================================================
[Service]
ExecStart=/usr/bin/systemd-nspawn -bD /var/lib/systemd-spawn/centos7_container
================================================

### サービスとして起動
$ sudo systemctl daemon-reload
$ sudo systemctl start centos7_container
$ sudo systemctl status centos7_container
================================================
● centos7_container.service
   Loaded: loaded (/etc/systemd/system/centos7_container.service; static; vendor preset: disabled)
   Active: active (running) since 月 2017-04-24 10:04:59 JST; 4s ago
 Main PID: 1907 (systemd-nspawn)
   CGroup: /system.slice/centos7_container.service
           mq1907 /usr/bin/systemd-nspawn -bD /var/lib/systemd-spawn/centos7_container

 4月 24 10:04:59 localhost.localdomain systemd-nspawn[1907]: [  OK  ] Started Console Getty.
 4月 24 10:04:59 localhost.localdomain systemd-nspawn[1907]: Starting Console Getty...
 4月 24 10:04:59 localhost.localdomain systemd-nspawn[1907]: [  OK  ] Reached target Login Prompts.
 4月 24 10:04:59 localhost.localdomain systemd-nspawn[1907]: [  OK  ] Started Login Service.
 4月 24 10:04:59 localhost.localdomain systemd-nspawn[1907]: [  OK  ] Reached target Multi-User System.
 4月 24 10:04:59 localhost.localdomain systemd-nspawn[1907]: [  OK  ] Reached target Graphical Interface.
 4月 24 10:04:59 localhost.localdomain systemd-nspawn[1907]: Starting Update UTMP about System Runlevel Changes...
 4月 24 10:04:59 localhost.localdomain systemd-nspawn[1907]: [  OK  ] Started Update UTMP about System Runlevel Changes.
 4月 24 10:05:00 localhost.localdomain systemd-nspawn[1907]: CentOS Linux 7 (Core)
 4月 24 10:05:00 localhost.localdomain systemd-nspawn[1907]: Kernel 3.10.0-514.16.1.el7.x86_64 on an x86_64
================================================

コンテナ操作

### 登録コンテナのリストを表示
$ machinectl list
================================================
MACHINE           CLASS     SERVICE
centos7_container container nspawn

1 machines listed.
================================================

### コンテナの詳細を表示
$ machinectl status centos7_container
================================================
centos7_container
           Since: 月 2017-04-24 10:04:59 JST; 30s ago
          Leader: 1908 (systemd)
         Service: nspawn; class container
            Root: /var/lib/systemd-spawn/centos7_container
         Address: 10.136.3.164
                  fe80::250:56ff:feb3:314e
              OS: CentOS Linux 7 (Core)
            Unit: machine-centos7_container.scope
                  tq1908 /usr/lib/systemd/systemd
                  mqsystem.slice
                    tqconsole-getty.service
                    x mq1952 /sbin/agetty --noclear --keep-baud console 115200 38400 9600 vt220
                    tqdbus.service
                    x mq1948 /bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
                    tqsystemd-logind.service
                    x mq1946 /usr/lib/systemd/systemd-logind
                    mqsystemd-journald.service
                      mq1929 /usr/lib/systemd/systemd-journald

 4月 24 10:04:59 localhost.localdomain systemd[1]: Started Container centos7_container.
 4月 24 10:04:59 localhost.localdomain systemd[1]: Starting Container centos7_container.
================================================

### コンテナにログイン
$ sudo machinectl login centos7_container
================================================
Connected to machine centos7_container. Press ^] three times within 1s to exit session.

CentOS Linux 7 (Core)
Kernel 3.10.0-514.16.1.el7.x86_64 on an x86_64

centos7_container login: joruri
Password:
[joruri@centos7_container ~]$
================================================

### コンテナを抜ける
$ exit
================================================
logout

CentOS Linux 7 (Core)
Kernel 3.10.0-514.16.1.el7.x86_64 on an x86_64

centos7_container login:    ### <- (この状態でCtrl + ] を押し続ける)
Connection to machine centos7_container terminated.
[joruri@localhost ~]$
================================================

その他

  • systemdに登録せずにデーモンモードで起動する
    • このやり方だとrootでログインできる
### コンテナを起動し、コンテナに入る
$ sudo systemd-nspawn -D /var/lib/systemd-spawn/centos7_container
================================================
Spawning container centos7_container on /var/lib/systemd-spawn/centos7_container.
Press ^] three times within 1s to kill container.
Failed to create directory /var/lib/systemd-spawn/centos7_container//sys/fs/selinux: No such file or directory
Failed to create directory /var/lib/systemd-spawn/centos7_container//sys/fs/selinux: No such file or directory
-bash-4.2#
================================================

### パスワードの設定
### 簡単なパスワードなのでWarningが出てます
-bash-4.2# passwd
================================================
Changing password for user root.
New password:
BAD PASSWORD: The password is shorter than 8 characters
Retype new password:
passwd: all authentication tokens updated successfully.
================================================

### systemdに登録せずにデーモンモードで起動する
$ sudo systemd-nspawn -bD /var/lib/systemd-spawn/centos7_container
================================================
Spawning container centos7_container on /var/lib/systemd-spawn/centos7_container.
Press ^] three times within 1s to kill container.
Failed to create directory /var/lib/systemd-spawn/centos7_container//sys/fs/selinux: No such file or directory
Failed to create directory /var/lib/systemd-spawn/centos7_container//sys/fs/selinux: No such file or directory
systemd 219 running in system mode. (+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ -LZ4 -SECCOMP +BLKID +ELFUTILS +KMOD +IDN)
Detected virtualization systemd-nspawn.
Detected architecture x86-64.

Welcome to CentOS Linux 7 (Core)!

Initializing machine ID from random generator.
Cannot add dependency job for unit display-manager.service, ignoring: Unit not found.
[  OK  ] Reached target Swap.
[  OK  ] Reached target Encrypted Volumes.
[  OK  ] Created slice Root Slice.
[  OK  ] Created slice System Slice.
[  OK  ] Created slice system-getty.slice.
[  OK  ] Listening on Delayed Shutdown Socket.
[  OK  ] Listening on Journal Socket.
         Starting Journal Service...
         Starting Load/Save Random Seed...
         Mounting Huge Pages File System...
         Mounting POSIX Message Queue File System...
[  OK  ] Listening on /dev/initctl Compatibility Named Pipe.
[  OK  ] Created slice User and Session Slice.
[  OK  ] Reached target Slices.
         Starting Rebuild Hardware Database...
[  OK  ] Reached target Paths.
[  OK  ] Reached target Remote File Systems.
[  OK  ] Reached target Local File Systems (Pre).
[  OK  ] Reached target Local File Systems.
         Starting Rebuild Journal Catalog...
[  OK  ] Mounted POSIX Message Queue File System.
[  OK  ] Mounted Huge Pages File System.
[  OK  ] Started Journal Service.
[  OK  ] Started Load/Save Random Seed.
[  OK  ] Started Rebuild Journal Catalog.
         Starting Flush Journal to Persistent Storage...
[  OK  ] Started Flush Journal to Persistent Storage.
         Starting Create Volatile Files and Directories...
[  OK  ] Started Create Volatile Files and Directories.
         Starting Update UTMP about System Boot/Shutdown...
[  OK  ] Started Update UTMP about System Boot/Shutdown.
[  OK  ] Started Rebuild Hardware Database.
         Starting Update is Completed...
[  OK  ] Started Update is Completed.
[  OK  ] Reached target System Initialization.
[  OK  ] Reached target Timers.
[  OK  ] Listening on D-Bus System Message Bus Socket.
[  OK  ] Reached target Sockets.
[  OK  ] Reached target Basic System.
         Starting Permit User Sessions...
[  OK  ] Started D-Bus System Message Bus.
         Starting D-Bus System Message Bus...
         Starting Login Service...
[  OK  ] Started Permit User Sessions.
[  OK  ] Started Console Getty.
         Starting Console Getty...
[  OK  ] Reached target Login Prompts.
[  OK  ] Started Login Service.
[  OK  ] Reached target Multi-User System.
[  OK  ] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
[  OK  ] Started Update UTMP about System Runlevel Changes.

CentOS Linux 7 (Core)
Kernel 3.10.0-514.16.1.el7.x86_64 on an x86_64

centos7_container login:
================================================

### ログイン
================================================
centos7_container login: root
Password:
-bash-4.2#
================================================

sshで接続できるようにする

参考

1
5
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
1
5