small language changes. Great feature, great expansion, thanks Gabx!
← Older revision
Revision as of 17:27, 20 March 2014
Line 17:
Line 17:
Before you start installing the container, please take note of the following necessities:
Before you start installing the container, please take note of the following necessities:
* You need to build a custom [[Kernel#Compilation]] as the Archlinux [[kernel]] does not enable by default the user namespace. This setting is under {{ic|General setup ---> Namespaces support --->}}.
* You need to build a custom [[Kernel#Compilation]] as the Archlinux [[kernel]] does not enable by default the user namespace. This setting is under {{ic|General setup ---> Namespaces support --->}}.
−
Once
your
kernel is
build
, you can verify the feature is
enables when running
this command:
+
Once
the
kernel is
built
, you can verify the feature is
enabled using
this command:
{{hc|$ zgrep USER_NS /proc/config.gz|CONFIG_USER_NS = y}}
{{hc|$ zgrep USER_NS /proc/config.gz|CONFIG_USER_NS = y}}
* You need to add "audit=0" to the kernel parameters, as compatibility with the kernel auditing subsystem is currently broken.
* You need to add "audit=0" to the kernel parameters, as compatibility with the kernel auditing subsystem is currently broken.
* You need to run {{Pkg|systemd}} >= 209. As it is still under heavy development, best is to run the more recent version.
* You need to run {{Pkg|systemd}} >= 209. As it is still under heavy development, best is to run the more recent version.
−
===
installation
with pacstrap ===
+
===
Installation
with pacstrap ===
You need to [[pacman|install]] the package {{Pkg|arch-install-scripts}} from the [[official repositories]].
You need to [[pacman|install]] the package {{Pkg|arch-install-scripts}} from the [[official repositories]].
−
Then
, make
a directory where you want. For example {{ic|$ mkdir ~/''MyContainer''}}.
+
Then
create
a directory where you want. For example {{ic|$ mkdir ~/''MyContainer''}}.
−
The next command will install all packages
form
the {{Grp|base}} group. It is strongly recommended to install packages from the {{Grp|base-devel}} group too.
+
The next command will install all packages
from
the {{Grp|base}} group. It is strongly recommended to install packages from the {{Grp|base-devel}} group too.
{{ic|pacstrap -i -c -d ~/''MyContainer'' base}}
{{ic|pacstrap -i -c -d ~/''MyContainer'' base}}
{{Tip| the '''-i''' option will avoid auto-confirmation of package selections. As you don't need to install the Linux kernel on the container, you want to [[Pacman#Usage|remove]] it from the package list selection.}}
{{Tip| the '''-i''' option will avoid auto-confirmation of package selections. As you don't need to install the Linux kernel on the container, you want to [[Pacman#Usage|remove]] it from the package list selection.}}
−
Once your installation is finished, boot the
conatainer
:
+
Once your installation is finished, boot the
container
:
systemd-nspawn -bD ~/''MyContainer''
systemd-nspawn -bD ~/''MyContainer''
And that's it! Log in as "root" with no password.
And that's it! Log in as "root" with no password.
−
===
installation
with the Arch Linux ISO ===
+
===
Installation
with the Arch Linux ISO ===
−
Depending on
your
host machine filesystem setup, ''pacstrap'' can leave you with a broken filesystem with a lot of missing libraries. Thus, a
safest
way to install
your
container is to boot from the [https://www.archlinux.org/download/ Arch
Iso
] and follow the [[Installation guide]]. Unless you plan to mount at boot any external devices, you do not want to edit
any
[[Fstab]]. Do not install a [[Boot loaders]] neither the [[Kernel]] (see Tip above).
+
Depending on
the
host machine filesystem setup, ''pacstrap'' can leave you with a broken filesystem with a lot of missing libraries. Thus, a
safer
way to install
the
container is to boot from the [https://www.archlinux.org/download/ Arch
ISO
] and follow the [[Installation guide]]. Unless you plan to mount at boot any external devices, you do not want to edit [[Fstab]]. Do not install a [[Boot loaders]] neither the [[Kernel]] (see Tip above).
== Usage ==
== Usage ==
Line 42:
Line 42:
Managing your container is essentially done with the {{ic|$ machinectl}} command. This service is used to introspect and control the state of your virtual machines. Please refer to {{ic|MACHINECTL(1)}} for an exhaustive list of options.
Managing your container is essentially done with the {{ic|$ machinectl}} command. This service is used to introspect and control the state of your virtual machines. Please refer to {{ic|MACHINECTL(1)}} for an exhaustive list of options.
=== Boot your container at your machine startup ===
=== Boot your container at your machine startup ===
−
If you
need
to
make a frequent
use
of your
container, an easy way is to boot
the container when you
[[Init]]
your
machine. Then
,
you will be able to login using the ''machinectl'' mechanism.
+
If you
want
to use
the
container
frequently
, an easy way is to boot
it on
[[Init]]
of the
machine. Then you will be able to login using the ''machinectl'' mechanism.
−
First, you need to ''register'' your container on the host. To do this, you can either {{ic|# mv /path/to/''MyContainer'' /var/lib/container/''MyContainer''}}
OR
just create a directory symlink:
+
First, you need to ''register'' your container on the host. To do this, you can either {{ic|# mv /path/to/''MyContainer'' /var/lib/container/''MyContainer''}}
'''or'''
just create a directory symlink:
{{bc|$ cd /var/lib/container
{{bc|$ cd /var/lib/container
# ln -s /path/to/''MyContainer'' ''MyContainer''}}
# ln -s /path/to/''MyContainer'' ''MyContainer''}}
−
Then, you will
[[systemd#Basic systemctl usage|enable and start]] the {{ic|systemd-nspawn@''MyContainer''.service}}. To be sure
your
container is now registered, run the following command:
+
Following that
[[systemd#Basic systemctl usage|enable and start]] the {{ic|systemd-nspawn@''MyContainer''.service}}. To be sure
the
container is now registered, run the following command:
{{hc|$ machinectl list|
{{hc|$ machinectl list|
Line 56:
Line 56:
1 machines listed.}}
1 machines listed.}}
{{Tip|
{{Tip|
−
*the ''systemd-nspawn'' service will execute this command : {{ic|<nowiki>/usr/bin/systemd-nspawn --quiet --keep-unit --boot --link-journal=guest --directory=/var/lib/container/%i </nowiki>}}. You will need to modify this file and add some more options in case your container directory is not symlinked {{ic|/var/lib/container/MyCoantainer}}, you want to use an disk image file or set the '''SELinux''' security to container. To isolate network setting for your container, please refer to
the
[[systemd-networkd]]. Further boot option information can be found in {{ic|SYSTEMD-NSPAWN(1)}}.
+
*the ''systemd-nspawn'' service will execute this command : {{ic|<nowiki>/usr/bin/systemd-nspawn --quiet --keep-unit --boot --link-journal=guest --directory=/var/lib/container/%i </nowiki>}}. You will need to modify this file and add some more options in case your container directory is not symlinked {{ic|/var/lib/container/MyCoantainer}}, you want to use an disk image file or set the '''SELinux''' security to container. To isolate network setting for your container, please refer to [[systemd-networkd]]. Further boot option information can be found in {{ic|SYSTEMD-NSPAWN(1)}}.
−
*
you can manually boot your container when
disabling {{ic|systemd-nspawn@.service}}
and run
{{ic|# systemd-nspawn -bD /path/to/container}}
command
. Once you are logged in the container, run {{ic|# systemctl poweroff}} to shut it down
+
*
When
disabling {{ic|systemd-nspawn@.service}}
, you can manually boot the container by executing
{{ic|# systemd-nspawn -bD /path/to/container}}. Once you are logged in the container, run {{ic|# systemctl poweroff}} to shut it down
}}
}}
If you want to see the [[control group|controle group]] contents, run {{ic|$ systemd-cgls}}
If you want to see the [[control group|controle group]] contents, run {{ic|$ systemd-cgls}}
−
=== Login
your
container ===
+
=== Login
to the
container ===
Open a new terminal window and run the following command :
Open a new terminal window and run the following command :
{{hc|# machinectl login ''MyContainer''|
{{hc|# machinectl login ''MyContainer''|
Line 67:
Line 67:
Arch Linux ''Custom Kernel'' (pts/1)
Arch Linux ''Custom Kernel'' (pts/1)
''MyContainer'' login: }}
''MyContainer'' login: }}
−
You can open more than one session by
login
from
other
terminal
windows
.
+
You can open more than one session by
logging in
from
another
terminal.
−
=== Shutdown
your
container ===
+
=== Shutdown
the
container ===
−
{{ic|# machinectl terminate ''MyContainer''}}
. This
will kill all container processes and
deallocates
all resources attached to that instance.
+
{{ic|# machinectl terminate ''MyContainer''}} will kill all container processes and
deallocate
all resources attached to that instance.
See [http://www.freedesktop.org/software/systemd/man/machinectl.html man machinectl] for more options.
See [http://www.freedesktop.org/software/systemd/man/machinectl.html man machinectl] for more options.