On Di, 03.10.17 17:04, bugs-syst...@aquazul.com (bugs-syst...@aquazul.com) wrote:
> Hi, > > I'm trying to figure out the right way of using an LUKS-encrypted LV > with systemd-nspawn. > > I've got an LV called "containername" which is LUKS-encrypted, and I > start the container using: > > systemd-nspawn --boot --image=/dev/vg/containername > > it asks me for the LUKS passphrase, and it seems to work OK on the > command line. > > However, just a few questions: > > 1) is there any advantage to using a single-partition GPT instead of no > partition and a filesystem? The image dissection logic can deal with either. The GPT approach is a bit nicer I think since the root partition can be marked as such, and carries information about the CPU architecture this image is for (and nspawn derives the --personality= from that). Hence, things are a lot more discoverable this way, as images suitable for nspawn are easily recognized as such. And then of course it offers you things like having multiple partitions in the same image. For example, a single image that contains a read-only squashfs /usr, combined with an ext4 writable /home or so. Last but not least, by doing GPT it is easy to make images that boot under both KVM (or physical systems) and nspawn in pretty much the same way. If neither of that is interesting to you, i.e. not discoverability, no architecture support, no multiple partitions and no KVM compat, then you can happily do without GPT. (mkosi makes building images easy that take benefit of GPT features btw) > 2) machinectl list-images doesn't detect the images in LVs; am I > supposed to (auto)mount them in /var/lib/machines/ ? Yeah, that's how discovery works. You can alos place a symlink there. > 3) how do I best enable this on boot? "machinectl enable" won't work > since it doesn't know which image to use. Is there an example of a > systemd unit file for an image-based nspawn container? It should work, if you make them available in /var/lib/machines, either by mounting them there or by symlinking them there. Lennart -- Lennart Poettering, Red Hat _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
