0

I have a variety of containers that I would like to spin up on a host, and have them immediately get an IP from my DHCP server, just as my bare metal devices do (phone, laptop, NAS, etc)

I would like to be able to destroy these containers at will without a lot of cruft (bridges, VLANS, etc) leftover on my host system.

what are some simple spinup.sh and teardown.sh commands I could use in that workflow? Or maybe everything could be neatly contained in /etc/systemd/nspawn/container-x.nspawn?

Note: I am specifically looking for a non-docker solution. Something that is only reliant on systemd

code_monk
  • 9,451
  • 2
  • 42
  • 41
  • do you have the networking sorted already? I'm not sure how you get from "container" which is "just" a namespaced process and isolated filesystem, to dhcp lease from the physical network, without assigning each docker container a unique MAC address on that physical network, which I can't think of how to do either – erik258 Oct 03 '19 at 01:45
  • no. networking is not sorted already. It's the machinectl and systemd-nspawn layers that offer ways to provide networking by connecting to the host system. Exactly how, is the essence of my question – code_monk Oct 03 '19 at 02:21
  • https://docs.docker.com/network/macvlan/ this might be said cruft – erik258 Oct 03 '19 at 02:53
  • 1
    I'm sorry for confusion. I meant containers in the more general, non-docker way. I mean images that live in `/var/lib/machines`. I'm looking for the nspawn equivilant of docker networking – code_monk Oct 03 '19 at 02:57

1 Answers1

1

The networking is actually surprisingly easy. By default (at least with the versions that I've used), the container will use the host's network interfaces. There are many ways of doing this, but the following recipe to set up a container to run a VNC client using systemd-nspawn (on a console only host) should provide a good basis for further experimentation:-

The host will need the following packages to be installed: debootstrap, systemd-container, sway, xwayland (xwayland is only required because tigervnc-viewer is not a native Wayland app).

To create the container:

debootstrap --force-check-gpg --include=systemd-container,dbus,tigervnc-viewer bookworm /var/lib/machines/vncviewer/ https://deb.debian.org/debian

Then set up the container. Get a root prompt with:

systemd-nspawn -D /var/lib/machines/vncviewer/

Then add a non-root user (e.g. 'theuser'):

adduser theuser

Finally, enable basic networking in the container, and exit it:

systemctl enable systemd-networkd
exit

Some config for the container is required. Create the file /etc/systemd/nspawn/vncviewer.nspawn with this content :

[Exec]
Environment=DISPLAY=:0

To run the container:

systemd-nspawn -D /var/lib/machines/vncviewer/ --user=theuser vncviewer <IP address of a VNC server>

To stop it, you can either kill the systemd-nspawn process, or (IIRC) machinectl poweroff vncviewer

To completely remove it, you can just delete /var/lib/machines/vncviewer and /etc/systemd/nspawn/vncviewer.nspawn.

Clydog
  • 108
  • 8