More Notes on Running Ubuntu under systemd-nspawn (on a CentOS Host)

  1. Create base Ubuntu image:
    • "bionic" is newest supported by debootstrap on CentOS 7 (at the time of this writing). Bionic corresponds to 18.04, according to the Ubuntu Releases page

    • Focal (20.04 LTS) is availabe at the time of this writing

    • ${ROOT_DIR} is the directory where you want this container to be stored, typically under /var/lib/machines, for example /var/lib/machines/my_ubuntu_container:

      # debootstrap --arch amd64 bionic  ${ROOT_DIR}  http://archive.ubuntu.com/ubuntu
      
  1. Initial boot into system:

    # systemd-nspawn --directory=${ROOT_DIR}
    
  2. Install crucial packages:

    # apt install vim openssh-server openssh-client manpages man update-manager-core
    
  3. Upgrade to Focal
    • Initially, I tried to follow these Ubuntu upgrade instructions, which say to use do-release-upgrade -d. The "do-release-upgrade" script is part of package update-manager-core. This did not work for me:

      root@ubuntu_focal_minecraft:/etc/apt# do-release-upgrade -d
      Checking for a new Ubuntu release
      Get:1 Upgrade tool signature [1554 B]
      Get:2 Upgrade tool [1337 kB]
      Fetched 1338 kB in 0s (0 B/s)
      authenticate 'focal.tar.gz' against 'focal.tar.gz.gpg'
      Authentication failed
      Authenticating the upgrade failed. There may be a problem with the network or with the server.
      
    • Instead, I upgraded the Debian way:

      # sed -i 's/bionic/focal/g' /etc/apt/sources.list
      # for f in /etc/apt/sources.list.d/* ; do
      #     sed -i 's/bionic/focal/g' $f
      # done
      

    Note: on a fresh install, /etc/apt/sources.list.d/ is likely empty.

  1. Setup ssh
    • change Port
    • change PermitRootLogin
    • NOTE: If an existing machine is copied from another, rather than rebuilt from scratch, the new machine will also need new ssh host keys generated:: # rm /etc/ssh/key # dpkg-reconfigure openssh-server
  2. Auto boot on host:
    • create /etc/systemd/system/machines.target.wants/systemd-nspawn@<machine_name>.service make sure unit file ends in ".service", otherwise all kinds of hair-pulling ensues
    • start:: # systemctl daemon-reload # machinectl start <machine_name>