On Mon, 2015-06-15 at 21:15 -0400, Chris Morgan wrote: > On Monday, June 15, 2015, Lennart Poettering <lenn...@poettering.net> > wrote: > > On Mon, 15.06.15 13:22, Matthew Karas (mkarasc...@gmail.com) wrote: > > > > > Yes - that seems to have let me set the password. Now I can get > > > started learning about this. > > > > > > Thanks a lot! > > > > > > Though it does return an error about selinux when I start the > > shell to > > > set the password > > > > > > $ sudo systemd-nspawn -bD /srv/srv1 > > > Spawning container srv1 on /srv/srv1. > > > Press ^] three times within 1s to kill container. > > > Failed to create directory /srv/srv1//sys/fs/selinux: Read-only > > file system > > > Failed to create directory /srv/srv1//sys/fs/selinux: Read-only > > file system > > > > Hmm, weird. Is /srv/srv1 read-only or so? > > > > Lennart > > > > -- > > Lennart Poettering, Red Hat > > _______________________________________________ > > systemd-devel mailing list > > systemd-devel@lists.freedesktop.org > > http://lists.freedesktop.org/mailman/listinfo/systemd-devel > > > > On a somewhat related topic, are many people making use of nspawn > containers in production or test environments? I was a little > surprised by the issues I had when trying them out with f21. f22 > seems smoother but still required the audit=0 and I think I had to > disable selinux to set the password but I was trying for a while with > a blank password so... > > But yeah, was wondering if there were known users of nspawn > containers that discussed their use cases. > > Chris
I am using it to host instances of webservers. It's much easier and more intuitive than using docker. I haven't tried rkt, but that appears to use nspawn as the back end anyways. Docker expects you to create separate "containers" for each application, and expects to expose network in a certain specific way. nspawn was able to simulate virtual machines, ie: full user space systems. docker I had a lot of trouble trying to get setup and started, and configured. With nspawn, I just install the packages, run it as nspawn and away I go. Since I'm just using it to provision network devices via macvlans and separating processes, I did not worry about the security. Basically, I assumed that since i controlled all the container applications anyways, it should be fine. So far it's worked out great. Far better than trying to manage something as complex as docker, and it worked much more intuitively with how virtual machines have worked in the past. Regards, Jake _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
