[systemd-devel] How to provision a container after creation via a script
I am trying to configure a container after creation using machinectl but I'm coming up against problems in my implementation. If this isn't the correct way to set up a container after creation please let me know the right way. -My Implementation-- I'm running a bash loop installing modules via systemd-nspawn on the machine systemd-nspawn -m MACHINE dnf -y install PACKAGE The machine was created via this command sudo machinectl pull-raw --verify=no httppath to fed22 MACHINE -My Problem--- The script installs a few packages then hangs saying the command for systemd-nspawn was killed. Each attempt installs a few more packages. Once the script hangs - I have to reboot the system, as systemd-nspawn says the file system is busy. There is no way to cancel the script unless you close the terminal. -My System I'm on a macbook pro running parallels 9 - the VM is a fedora 22 install. ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] How to provision a container after creation via a script
I have a few gigs - so it shouldn't be a problem. I'm using parallels 9. I will try manually when I have the time. On Tue, Jun 23, 2015 at 2:18 PM, Johannes Ernst johannes.er...@gmail.com wrote: On Jun 23, 2015, at 7:45, Matthew Karas mkarasc...@gmail.com wrote: I am trying to configure a container after creation using machinectl but I'm coming up against problems in my implementation. If this isn't the correct way to set up a container after creation please let me know the right way. -My Implementation-- I'm running a bash loop installing modules via systemd-nspawn on the machine systemd-nspawn -m MACHINE dnf -y install PACKAGE The machine was created via this command sudo machinectl pull-raw --verify=no httppath to fed22 MACHINE -My Problem--- The script installs a few packages then hangs saying the command for systemd-nspawn was killed. Each attempt installs a few more packages. Once the script hangs - I have to reboot the system, as systemd-nspawn says the file system is busy. There is no way to cancel the script unless you close the terminal. -My System I'm on a macbook pro running parallels 9 - the VM is a fedora 22 install. I’m doing something rather similar on a macbook pro running VirtualBox and Arch. Have not run into problems. Does your scenario work if you do the installation manually from the shell instead of from a script? Just to state the obvious: the virtual machine has enough memory? ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] Fedora 21 and systemd-nspawn
I'm trying to use systemd-nspawn but when I launch it and try to login as root - it still asks for a password and I can't seem to set one. The docs for fedora mentioned turning off auditing - which I've done. My cmd line says audit=0 at the end. $ cat /proc/cmdline BOOT_IMAGE=/vmlinuz-3.19.7-200.fc21.x86_64 root=/dev/mapper/fedora_localhost-root ro rd.lvm.lv=fedora_localhost/swap rd.lvm.lv=fedora_localhost/root rhgb audit=0 quiet (This is fedora 21) Using these docs https://fedoraproject.org/wiki/Features/SystemdLightweightContainers When I try to change the password it tells me I have a auth token manipulation error. $ sudo systemd-nspawn -D /srv/eq1 Spawning container eq1 on /srv/eq1. Press ^] three times within 1s to kill container. -bash-4.3# passwd Changing password for user root. New password: Retype new password: passwd: Authentication token manipulation error -bash-4.3# ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Fedora 21 and systemd-nspawn
Here is my output https://gist.github.com/mkcybi/eae6a2a67c5dc864 -- Forwarded message -- From: Lennart Poettering lenn...@poettering.net Date: Mon, Jun 15, 2015 at 11:32 AM Subject: Re: [systemd-devel] Fedora 21 and systemd-nspawn To: Matthew Karas mkarasc...@gmail.com Cc: systemd-devel@lists.freedesktop.org On Mon, 15.06.15 11:30, Matthew Karas (mkarasc...@gmail.com) wrote: I'm trying to use systemd-nspawn but when I launch it and try to login as root - it still asks for a password and I can't seem to set one. The docs for fedora mentioned turning off auditing - which I've done. My cmd line says audit=0 at the end. $ cat /proc/cmdline BOOT_IMAGE=/vmlinuz-3.19.7-200.fc21.x86_64 root=/dev/mapper/fedora_localhost-root ro rd.lvm.lv=fedora_localhost/swap rd.lvm.lv=fedora_localhost/root rhgb audit=0 quiet (This is fedora 21) Using these docs https://fedoraproject.org/wiki/Features/SystemdLightweightContainers When I try to change the password it tells me I have a auth token manipulation error. $ sudo systemd-nspawn -D /srv/eq1 Spawning container eq1 on /srv/eq1. Press ^] three times within 1s to kill container. -bash-4.3# passwd Changing password for user root. New password: Retype new password: passwd: Authentication token manipulation error -bash-4.3# Hmm, this is weird. This should just work if audit=0 is set on the kernel cmdline. Is this f21 both inside and on the host? If you strace what passwd is doing there, do you see anything interesting? If in doubt, paste the output on some pastebin and link it here. Lennart -- Lennart Poettering, Red Hat ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Fedora 21 and systemd-nspawn
Yes - that seems to have let me set the password. Now I can get started learning about this. Thanks a lot! Though it does return an error about selinux when I start the shell to set the password $ sudo systemd-nspawn -bD /srv/srv1 Spawning container srv1 on /srv/srv1. Press ^] three times within 1s to kill container. Failed to create directory /srv/srv1//sys/fs/selinux: Read-only file system Failed to create directory /srv/srv1//sys/fs/selinux: Read-only file system On Mon, Jun 15, 2015 at 12:24 PM, Lennart Poettering lenn...@poettering.net wrote: On Mon, 15.06.15 12:21, Matthew Karas (mkarasc...@gmail.com) wrote: Here is my output https://gist.github.com/mkcybi/eae6a2a67c5dc864 This line is probably the error: rename(/etc/nshadow, /etc/shadow) = -1 EACCES (Permission denied) For some reason the container cannot reply /etc/shadow in it. MAybe an SELinux problem? Have you tried turning it off? Lennart -- Lennart Poettering, Red Hat ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Starting up service after my openvpn connection turns up
Andrei - I'm making good progress on your suggestion but I've hit a snag getting the socket for port 22. Since I'm not starting dropbear through systemd but in the up script, how do I get the system to define port 22? If I tell systemctl to start dropbear.socket - it starts up the dropbear service without my special configs (as it starts dropbear.service). If I don't start dropbear.socket - my script errors out because port22 isn't a socket. On Mon, Jun 1, 2015 at 11:37 PM, Andrei Borzenkov arvidj...@gmail.com wrote: В Mon, 1 Jun 2015 16:36:38 -0400 Matthew Karas mkarasc...@gmail.com пишет: I am trying to start a dropbear service after my openvpn service starts up. --- [Unit] Description=SSH Per-Connection Server Wants=dropbearkey.service After=syslog.target dropbearkey.service Wants=openvpn@equipment.service After=openvpn@equipment.service --- But I would like to start up the service after tun0 interface is available (made by openvpn). How do I find out what to put in Wants and After for tun0? I can't seem to find anything related Also if there is a better way to get dropbear to start after tun0 has appeared I'm open to doing that as well. My goal is to have my ssh server only look at my openvpn address and ignore ssh requests that are not from the vpn iface. I'm thinking I can do this with a script setting up drop bear with the -p option (and looking for my tun0 ip4 address and using it). What about using OpenVPN hooks to start service after connection is established? You can pass it (service) interface name and bind it to interface so it is automatically stopped when interface is teared down. ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] Starting up service after my openvpn connection turns up
I am trying to start a dropbear service after my openvpn service starts up. --- [Unit] Description=SSH Per-Connection Server Wants=dropbearkey.service After=syslog.target dropbearkey.service Wants=openvpn@equipment.service After=openvpn@equipment.service --- But I would like to start up the service after tun0 interface is available (made by openvpn). How do I find out what to put in Wants and After for tun0? I can't seem to find anything related Also if there is a better way to get dropbear to start after tun0 has appeared I'm open to doing that as well. My goal is to have my ssh server only look at my openvpn address and ignore ssh requests that are not from the vpn iface. I'm thinking I can do this with a script setting up drop bear with the -p option (and looking for my tun0 ip4 address and using it). Many Thanks, Matt Karas ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel