Bug#770275: nspawn units a bit hard to get working

Martin Pitt mpitt at debian.org
Thu Nov 20 09:14:35 GMT 2014 

Control: tag -1 confirmed upstream

Hey Joey,

Joey Hess [2014-11-20  2:33 -0400]:
> * /var/lib/container doesn't exist, so the admin will have to make
>   the directory in order to put containers where systemd expects to find
>   them.
>   So, I think the debian package should create the directory with an
>   appropriate locked down mode like 700. (Which works fine.)

Indeed, no problem with that. LXC uses 0700 as well, so it's
consistent with that in spirit.

So we want this tmpfiles.d line:

  d /var/lib/containers 0700 - - -

I'll ask upstream whether they consider adding it to
/usr/lib/tmpfiles.d/var.conf, otherwise I'll add it to debian.conf.

> * Once a nspawn unit is enabled and started, it will fail to run.
> 
>   This is because persistent journaling is not enabled by default,
>   and the default for the service file is to use --link-journal=guest,
>   which doesn't work w/o at least the journal directory existing
>   (I don't know if it works when the directory exists but persistent
>   journaling is otherwise disabled.
> 
>   Workaround: Edit the service file (or override the ExecStart line)
>   to remove that switch after systemctl enable creates the file.
> 
>   It seems to me that --link-journal=auto would be a better value.

This isn't so clear. With auto the journal doesn't get linked even if
/var/log/journal/ does exist on the host. As the manpage says, you
need to boot with guest at least once to create the
/var/log/journal/<machineid> symlink, and then auto will work.

So I think we want "guest" if /var/log/journal/ exists, and no
--link-journal at all if not? I'll discuss this upstream.

BTW, I just wrote/committed an autopkgtest for nspawn (for a simple
direct invocation). I can easily reproduce this failure (or confirm
the fix) for systemd-nspawn at .service with that, but I won't commit it
just yet until it actually works.

Thanks,

Martin

-- 
Martin Pitt                        | http://www.piware.de
Ubuntu Developer (www.ubuntu.com)  | Debian Developer  (www.debian.org)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-systemd-maintainers/attachments/20141120/94a2259d/attachment.sig>

More information about the Pkg-systemd-maintainers mailing list