Add README
This commit is contained in:
parent
333df38852
commit
2214086cd5
2 changed files with 87 additions and 1 deletions
86
README.md
Normal file
86
README.md
Normal file
|
|
@ -0,0 +1,86 @@
|
|||
# Archlinux provisioning
|
||||
|
||||
This repository contains several playbooks created to provision specific hosts.
|
||||
A playbook can be ran as follows:
|
||||
|
||||
```
|
||||
$ ansible-playbook --limit desktop desktop.yml
|
||||
```
|
||||
|
||||
The `--limit` parameter is required to run the playbook only for the specified host(s)
|
||||
as the default playbook that is included uses `hosts: all`.
|
||||
|
||||
## Using systemd-nspawn
|
||||
|
||||
Hosts with wired network devices can configure a MACVLAN device to allow networking
|
||||
between systemd-nspawn containers and the host (or vice-versa) aswell as between containers
|
||||
and the outside world (through the hosts network device).
|
||||
|
||||
### Creating a debian container
|
||||
|
||||
First bootstrap a directory containing the files required for the container:
|
||||
|
||||
```
|
||||
$ debootstrap --include=dbus,libpam-systemd,libnss-systemd,systemd-resolved stable /var/lib/machines/foo
|
||||
```
|
||||
|
||||
Afterwards a root password can be set:
|
||||
|
||||
```
|
||||
$ systemd-nspawn --directory /var/lib/machines/foo
|
||||
# passwd
|
||||
```
|
||||
|
||||
To configure networking for the container, a configuration file can be made
|
||||
in `/etc/systemd-nspawn/foo.nspawn` on the host. It should contain the following options:
|
||||
|
||||
```
|
||||
[Exec]
|
||||
# Invokes the init program (usually systemd) when the container starts
|
||||
Boot=yes
|
||||
Hostname=foo
|
||||
|
||||
[Network]
|
||||
MACVLAN=enp1s0
|
||||
|
||||
# Used for communication between containers in the same zone
|
||||
Zone=test
|
||||
```
|
||||
|
||||
This allows the container to be managed with `machinectl` with the configured options
|
||||
in the nspawn configuration file without specifying these through commandline options.
|
||||
It is possible through skip this step, which can come in handy whenever a throwaway
|
||||
container is to be made, and specify these options through the commandline:
|
||||
|
||||
```
|
||||
$ systemd-nspawn \
|
||||
--boot \
|
||||
--network-macvlan enp1s0 \
|
||||
--network-zone test \
|
||||
--hostname foo \
|
||||
--directory /var/lib/machines/foo
|
||||
```
|
||||
|
||||
See `man systemd.nspawn` for more configurable options for the `.nspawn` file.
|
||||
|
||||
Inside the container create a network configuration file for the MACVLAN device
|
||||
in `/etc/systemd/network/10-mv-ensp1s0.network`:
|
||||
|
||||
```
|
||||
[Match]
|
||||
Name=mv-enp1s0
|
||||
|
||||
[Link]
|
||||
RequiredForOnline=routable
|
||||
|
||||
[Network]
|
||||
DHCP=yes
|
||||
```
|
||||
|
||||
Note that the example above can be adjusted to your likings. Afterwards enable (and start) the
|
||||
`systemd-networkd` service and verify the configuration is correctly applied.
|
||||
|
||||
To setup DNS resolution don't forget to enable the `systemd-resolved` service inside
|
||||
the container.
|
||||
|
||||
See the [Archlinux wiki](https://wiki.archlinux.org/title/Systemd-nspawn) for more information.
|
||||
Loading…
Add table
Add a link
Reference in a new issue