Virtual container technology options for management, security
A comprehensive collection of articles, videos and more, hand-picked by our editors
Systemd Linux containers offer great new possibilities and flexibility for specific workloads. Different solutions...
do exist, but none are as available or fast to deploy as systemd containers, created with systemd-nspawn. If you've got five minutes, this article shows how to get started.
The best environment to get started with systemd-nspawn, is a test system that runs CentOS 7.1 or later. Make sure that you're using a recent enough distribution to ensure optimal working of systemd-nspawn.
Create a directory for systemd-nspawn
To start with, you'll need a directory that systemd-nspawn can use for the container system root. In this example, I'll use the /var/lib/container directory for this purpose. Type mkdir /var/lib/container to create this directory.
Before moving on, it's a good idea to switch off SELinux. Or, at least, set it to permissive mode using setenforce Permissive before you continue. It will be easier to change the password from within the systemd environment, and this article is about systemd-nspawn, not about SELinux.
Next, you'll need to install a minimal operating system in this root directory. The command yum -y --releaseserver=7Server --installroot=/var/lib/container/centos7 install systemd passwd yum redhat-release vim-minimal will do this for you. This command ensures that the required packages are copied to the container root you've specified. Notice that the amount of packages installed here really is a minimum to get a proof-of-concept up and running. After the install part of the yum command, you can add any additional packages that you might need.
After installing the required packages to this directory, you can start the container. At first try, it's a good idea to use just the command systemd-nspawn -D /var/lib/container/centos7 -b. This will boot the container and ask you for a root password. The problem is that you haven't set a root password yet.
Get out of chroot jail
That is because you're in a chroot jail. From within the chroot environment, there's no way to fetch the password of the root user on the container host operating system. So, the only thing that you can do now is open another shell and terminate the systemd-nspawn process.
To get yourself into a complete environment where you can actually log in, you'll need to add the passwd command to the systemd-nspawn command. While you're at it, it's a good idea to disable some unnecessary services. The complete command to do all of this will be as follows:
systemd-nspawn -D /var/lib/container/centos7 passwd; systemctl disable kdump postfix firewalld tuned
You can now set the root password in the chroot environment. After doing so, you'll get back to the prompt on your host operating system. From there, you can now use the systemd nspawn -D /var/lib/container/centos7 -b command.
Within a second you'll see a running container, which you can start using immediately. You can use the systemd-analyze command to find out how long it took the container to boot. From this container environment, you can now start offering any services you want. To shut down the computer, you can treat it like any other virtual machine. Just use the "shutdown" or "poweroff" commands to shut it down.
In this article you've read how to use systemd-nspawn to create a Linux systemd container. To do this, you don't need anything complicated. All that is required is a part of modern operating systems by default. Being so simple, systemd-nspawn has everything it needs to become a serious player on the market of Linux container solutions.
Docker leads the container charge
Making the case for containers over VMs
Comparing VM and container performance
How Linux systemd manages mounting file systems
Why systemd Linux containers make sense