[systemd-devel] Socket activation of container with private network

[Lennart Poettering]

On Fri, 17.04.15 23:27, sbaugh at catern.com (sbaugh at catern.com) wrote:

> Hi,
> 
> I am having trouble with socket-activated containers, where the socket
> is first opened outside the container, on an interface/IP address that
> is then passed in to the container.
> 
> In short, when I try to ssh to the IP address of the container, the
> container is indeed activated as it should be, but ssh fails with:
> 
>   Read from socket failed: Connection reset by peer
> 
> I believe this is due to the ssh connection successfully starting then
> being interrupted by something unknown before it can prompt for a
> password, but not sure what this unknown thing is - systemd, networking
> setup, something else?
> 
> In more detail, I have a script, interface-setup.sh, to create a
> veth. (Contents of the script are at the end of this email.) One end of
> the veth is added to a bridge, and the other end gets an IPv6
> address. That end will be sent into the container. Outside of the
> container, I bind to that address with the following .socket unit.

Hmm, so you say the initial connection does not work but triggers the
container, but the subsequent one will?

This is indication that systemd inside the container does not properly
adopt the socket passed in. 

Can you try to make this work first without using private networking
in the container? i.e. just listen on the port on the host, and pass
it into the container without using any networking related switches on
the nspawn cmdline. After making that work it makes sense to go to the
next step.

Lennart

-- 
Lennart Poettering, Red Hat