As a follow up to https://lists.linuxcontainers.org/pipermail/lxc-users/2015-March/008658.html , I've tested similar setup but with systemd-224. My build is available on https://goo.gl/XpKFxS
Tested and works: - container start & stop - lxc-console - lxc-attach - login via ssh What DOESN'T work: - systemd-journald. This means (among others) you won't have any additional output from "systemctl status" Improvement from before: no more crash on unprivileged container poweroff Host: - ubuntu vivid with wily's 4.1.0-3-generic kernel (I didn't test vivid's kernel, but should work as well) - lxc 1.1.2-0ubuntu5~ubuntu15 and lxcfs 0.9-0ubuntu1~ubuntu15.04.1~ppa1 from ppa:ubuntu-lxc/lxc-stable Container: - unprivileged centos 7 container, with custom systemd and related packages Howto: Note that lines starting with "$" is executed as normal user on the host, while lines starting with "[root@c7-test" is executed inside the container. (1) As a normal, non-root user, setup unprivileged container (see https://help.ubuntu.com/lts/serverguide/lxc.html#lxc-unpriv for prequisites, including making sure you have subuid/subgid assigned, editing /etc/lxc/lxc-usernet, and editing ~/.config/lxc/default.conf). I name the container "c7-test" $ id -u 1000 $ lxc-create -n c7-test -t download -- -d centos -r 7 -a amd64 (2) Edit its config $ vi ~/.local/share/lxc/c7-test/config Replace lxc.include = /usr/share/lxc/config/centos.common.conf lxc.include = /usr/share/lxc/config/centos.userns.conf ... with lxc.include = /usr/share/lxc/config/fedora.common.conf lxc.include = /usr/share/lxc/config/fedora.userns.conf (3) Install "tar" on the container. We need this to transfer files to the container without having to worry about permission 3.a) start the container directly using bash as init (do NOT use normal container startup method as this point as centos bundled systemd doesn't work) $ lxc-execute -n c7-test -- bash --login 3.b) start networking on the container. You should already have dhcp working if you use the default bridge (lxcbr0). Verify you get a working address (it should be printed since you use "-v") [root@c7-test /]# dhclient -v eth0 3.c) install tar [root@c7-test /]# yum -y install tar 4) set container root password [root@c7-test /]# passwd 5) On another terminal window, download the RPMS from the two directories inside "RPMS-install", put it on a directory on the host (I put it on "RPMS" directory) 6) Copy the RPMS directory to the container (I copy it to "/" inside the container) $ tar cf - RPMS | lxc-attach -n c7-test -- bash -c "cd / && tar xvf -" 7) Back to the first terminal (the container), install the RPMS with yum (so that all dependencies from centos repo will be automatically installed as well) [root@c7-test /]# yum -y install /RPMS/*.rpm 8) Disable systemd-journald service, and enable poweroff from the host [root@c7-test /]# ln -s /dev/null /etc/systemd/system/systemd-journald.service [root@c7-test /]# ln -s /usr/lib/systemd/system/poweroff.target /etc/systemd/system/sigpwr.target 9) Kill dhclient, and then exit [root@c7-test /]# pkill dhclient [root@c7-test /]# exit 10) Start the container in foreground so you can see its boot process. Note that you will see "FAILED" lines, just ignore it. $ lxc-start -F -n c7-test systemd 224 running in system mode. (+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ -LZ4 +SECCOMP -BLKID +ELFUTILS +KMOD +IDN) Detected virtualization lxc. Detected architecture x86-64. Welcome to CentOS Linux 7 (Core)! ... systemd-journald-audit.socket: Socket service systemd-journald.service not loaded, refusing. [FAILED] Failed to listen on Journal Audit Socket. ... Failed to reset devices.list on /user.slice/user-1000.slice/session-c2.scope/lxc/c7-test/system.slice/systemd-update-utmp-runlevel.service: Permission denied Starting Update UTMP about System Runlevel Changes... [ OK ] Reached target Network is Online. Startup finished in 5.296s. CentOS Linux 7 (Core) Kernel 4.1.0-3-generic on an x86_64 c7-test login: 11) Login as root with password set on step (4) 12) Install ssh server [root@c7-test ~]# yum -y install openssh-server 13) Start ssh server. You will see lots of "Failed" lines, just ignore it. Also note the container's IP address. [root@c7-test ~]# systemctl status sshd [root@c7-test ~]# systemctl start sshd [root@c7-test ~]# systemctl status sshd [root@c7-test ~]# ip ad li eth0 14) From the host, ssh to the container, do some tests, then logout 15) Back to the container terminal window, power it down [root@c7-test ~]# poweroff [ OK ] Stopped Session c1 of user root. Stopping User Manager for UID 0... ... [ OK ] Reached target Shutdown. dev-null.mount: Mount process exited, code=exited status=32 Failed to reset devices.list on /user.slice/user-1000.slice/session-c2.scope/lxc/c7-test/system.slice/systemd-poweroff.service: Permission denied sys-devices-virtual-net.mount: Mount process exited, code=exited status=32 sys-devices-virtual-net.mount: Unit entered failed state. Shutting down. Sending SIGTERM to remaining processes... Sending SIGKILL to remaining processes... Powering off. 16) After you verify that everything is working, you can now start/stop the container again in the background $ lxc-start -n c7-test $ lxc-ls -f --running NAME STATE IPV4 IPV6 GROUPS AUTOSTART ---------------------------------------------------------- c7-test RUNNING A.B.C.D - - NO $ lxc-stop -n c7-test -- Fajar _______________________________________________ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
