> Hmm, to implement something like this I think the best option would be > to set up the interface to later pass to the container first on the > host, then listen on the container's IP address on the host. When a > connection comes in the container would have to be started via socket > activation, and would then have to take over the container interface > (with --network-interface=), so that all further connections are > delivered directly to the container and the host is not involved > anymore.
I managed to set this up. In short: # ip link add type veth # ip addr add 192.168.10.10/24 brd + dev veth1 # ip addr add 192.168.10.20/24 brd + dev veth0 # ip link set veth1 up # ip link set veth0 up # brctl addif br_lxc veth0 This sets two interfaces, one of which (veth1) goes to the container via the following service file: [Unit] Description=My little container [Service] Type=simple KillMode=process ExecStart=/usr/bin/systemd-nspawn -jbD /media/Kabi/debian-tree/ \ --network-interface=veth1 \ --bind /media/Kabi/apache/:/apache/ \ --bind /media/Kabi/backup_packages/apt/archives/:/var/cache/apt/archives/ \ --bind /media/Kabi/repozytorium:/repozytorium \ 3 In addition, I have my bridge interface set: auto br_lxc iface br_lxc inet static address 192.168.10.100 netmask 255.255.255.0 broadcast 192.168.10.255 bridge_ports none bridge_waitport 0 bridge_fd 0 The next thing is to socket activate the container through this file: [Unit] Description=The HTTP/HTTPS socket of my little container [Socket] ListenStream=192.168.10.10:80 ListenStream=192.168.10.10:443 When I start the socket, I get: root:~# systemctl start mycontainer.socket root:~# systemctl status mycontainer.socket ● mycontainer.socket - The HTTP/HTTPS socket of my little container Loaded: loaded (/etc/systemd/system/mycontainer.socket; static; vendor preset: enabled) Active: active (listening) since Wed 2015-02-04 04:00:51 CET; 1s ago Listen: 192.168.10.10:80 (Stream) 192.168.10.10:443 (Stream) Feb 04 04:00:51 morfikownia systemd[1]: Listening on The HTTP/HTTPS socket of my little container. That's all for the host. In the container I had to configure the passed interface via /etc/network/interface : auto veth1 iface veth1 inet static address 192.168.10.10 netmask 255.255.255.0 broadcast 192.168.10.255 gateway 192.168.10.100 And that's it. This setup works. I mean, when I type in my firefox http://192.168.10.10, the container boots and I'm able to browse the page. Now I have some questions: 1. When I try to connect for the very first time, I get a timeout, even though the container is working. I can cancel the connection immediately, and reconnect after 2-3 sec and then the page shows up. All subsequent connections work without a problem, just the first one gets a timeout. Is there a way to fix this, so the first connection that boots the system could be somehow delayed, so after a while the page would show up? 2. Is there a way to shut down the container automatically after some period of inactivity? Let's say there's no traffic for 30min, and after this time the container goes down. 3. How to stop the container manually? I'm asking because when I try via "systemctl stop mycontainer.service" , it stops, but: ... Feb 04 04:15:58 morfikownia systemd-nspawn[14346]: Halting system. Feb 04 04:15:58 morfikownia systemd-machined[14353]: Machine debian-tree terminated. Feb 04 04:15:58 morfikownia systemd-nspawn[14346]: Container debian-tree has been shut down. Feb 04 04:15:58 morfikownia systemd[1]: Starting My little container... Feb 04 04:15:58 morfikownia systemd[1]: Stopping Container debian-tree. Feb 04 04:15:58 morfikownia systemd[1]: Stopped Container debian-tree. Feb 04 04:15:58 morfikownia kernel: br_lxc: port 1(veth0) entered disabled state Feb 04 04:15:58 morfikownia kernel: device veth0 left promiscuous mode Feb 04 04:15:58 morfikownia kernel: br_lxc: port 1(veth0) entered disabled state Feb 04 04:15:58 morfikownia systemd-nspawn[15325]: Spawning container debian-tree on /media/Kabi/debian-tree. Feb 04 04:15:58 morfikownia systemd-nspawn[15325]: Press ^] three times within 1s to kill container. Feb 04 04:15:58 morfikownia systemd[1]: mycontainer.service: main process exited, code=exited, status=237/n/a Feb 04 04:15:58 morfikownia systemd[1]: Failed to start My little container. Feb 04 04:15:58 morfikownia systemd[1]: Unit mycontainer.service entered failed state. Feb 04 04:15:58 morfikownia systemd[1]: mycontainer.service failed. Feb 04 04:15:58 morfikownia systemd[1]: Starting My little container... Feb 04 04:15:58 morfikownia systemd[1]: mycontainer.service: main process exited, code=exited, status=237/n/a Feb 04 04:15:58 morfikownia systemd[1]: Failed to start My little container. Feb 04 04:15:58 morfikownia systemd[1]: Unit mycontainer.service entered failed state. Feb 04 04:15:58 morfikownia systemd[1]: mycontainer.service failed. Feb 04 04:15:58 morfikownia systemd[1]: Starting My little container... Feb 04 04:15:58 morfikownia systemd-nspawn[15325]: Failed to resolve interface veth1: No such device Feb 04 04:15:58 morfikownia systemd-nspawn[15338]: Spawning container debian-tree on /media/Kabi/debian-tree. Feb 04 04:15:58 morfikownia systemd-nspawn[15338]: Press ^] three times within 1s to kill container. Feb 04 04:15:58 morfikownia systemd-nspawn[15338]: Failed to resolve interface veth1: No such device Feb 04 04:15:58 morfikownia systemd[1]: mycontainer.service: main process exited, code=exited, status=237/n/a Feb 04 04:15:58 morfikownia systemd[1]: Failed to start My little container. ... Why does it boot immediately after shutdown? 4. Is there a way to persist the interfaces (veth0 and veth1)? Because after the container goes down, they're deleted, so I have to create them anew.
pgppaWx_JnCD_.pgp
Description: OpenPGP digital signature
_______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel