[systemd-devel] Starting a container with machinectl vs nspawn

Yassine Chaouche a.chaouche at algerian-radio.dz
Tue Feb 18 12:32:22 UTC 2025 

I tried systemctl on the host


   root at messagerie-recup[10.10.10.20] ~ # systemctl status -M clone-messagerie
   Failed to read server status: Transport endpoint is not connected
   root at messagerie-recup[10.10.10.20] ~ #


Best,
-- 
Yassine -- Sysadmin and SMTP Whisperer, delivering mail and bad puns since 2014.
57 70
023 50 01 11


Le 2/18/25 à 11:53, Yassine Chaouche a écrit :
> Hello all,
> 
> I have been advised to use systemd-nspawn and machinectl in place of chroot to run services from a cloned, working remote host.
> The cloning was done using rsync of the root filesystem (/) into a location in the new host,
> then linking that location from /var/lib/machines/
> 
> When I start the machine with nspawn -bD
> I get the login prompt from both the nspawn command itself
> and from subsequent machinectl login commands (additional shells),
> but the UID shifting doesn't happen,
> and this is adds a layer of troubleshooting I'd like to avoid when diagnosing why a particular service isn't running in the container
> (mysql for example)
> 
> If I then stop the container,
> and start with machinectl start instead,
> I have no errors when starting it,
> but when I try to login with machinectl login I get the following error about dbus,
> which I didn't have with nspawn:
> 
> 
>    # machinectl login clone-messagerie
>    Failed to get login PTY: There is no system bus in container clone-messagerie.
>    #
> 
> 
> but the machine seems to be running just fine,
> and UID shift is applied:
> 
> 
>    root at messagerie-recup[10.10.10.20] ~ # machinectl status clone-messagerie
>    clone-messagerie(823952398253425ab703ecef4bdd936e)
>               Since: Tue 2025-02-18 11:31:43 CET; 9min ago
>              Leader: 251356 (systemd)
>             Service: systemd-nspawn; class container
>                Root: /mnt/anciennevar/clone-messagerie
>               Iface: ve-clone-me-Nbp
>                  OS: Debian GNU/Linux 8 (jessie)
>           UID Shift: 38928384
>                Unit: systemd-nspawn at clone-messagerie.service
>                      ├─payload
>                      │ ├─251356 /lib/systemd/systemd
>                      │ ├─251426 /lib/systemd/systemd-journald
>                      │ ├─251669 /usr/bin/freshclam -d --foreground=true
>                      │ ├─251670 /usr/sbin/atd -f
>                      │ ├─251673 /usr/sbin/cron -f
>                      │ ├─251704 /usr/sbin/opendkim -x /etc/opendkim.conf -u postfix -P /var/run/opendkim/opendkim.pid
>                      │ ├─251763 /usr/sbin/irqbalance --pid=/var/run/irqbalance.pid
>                      │ ├─251768 /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 112:119
>                      │ ├─251947 /usr/sbin/apache2 -k start
>                      │ ├─251993 /usr/sbin/apache2 -k start
>                      │ ├─251994 /usr/sbin/apache2 -k start
>                      │ ├─251997 /usr/sbin/apache2 -k start
>                      │ ├─251999 /usr/sbin/apache2 -k start
>                      │ ├─252000 /usr/sbin/apache2 -k start
>                      │ ├─252166 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid
>                      │ ├─252572 /usr/sbin/rsyslogd -n
>                      │ ├─252574 /usr/sbin/acpid
>                      │ └─252579 /usr/sbin/sshd -D
>                      └─supervisor
>                        └─251354 systemd-nspawn --quiet --keep-unit --boot --link-journal=try-guest --network-veth -U --settings=override --machine=clone-messagerie
>    Feb 18 11:32:59 messagerie-recup systemd-nspawn[251354]: [  OK  ] Started LSB: starts FusionInventory Agent.
>    Feb 18 11:32:59 messagerie-recup systemd-nspawn[251354]: [  OK  ] Started LSB: Apache2 web server.
>    Feb 18 11:32:59 messagerie-recup systemd-nspawn[251354]: [  OK  ] Started LSB: Starts and daemonize Glances server.
>    Feb 18 11:32:59 messagerie-recup systemd-nspawn[251354]: [  OK  ] Started LSB: disk temperature monitoring daemon.
>    Feb 18 11:32:59 messagerie-recup systemd-nspawn[251354]: [  OK  ] Started LSB: Start NTP daemon.
>    Feb 18 11:32:59 messagerie-recup systemd-nspawn[251354]: [  OK  ] Started LSB: Starts amavisd-new mailfilter.
>    Feb 18 11:32:59 messagerie-recup systemd-nspawn[251354]: [  OK  ] Started LSB: Start/stop fail2ban.
>    Feb 18 11:32:59 messagerie-recup systemd-nspawn[251354]: [  OK  ] Started Permit User Sessions.
>    Feb 18 11:32:59 messagerie-recup systemd-nspawn[251354]: [  OK  ] Started Initialize hardware monitoring sensors.
>    Feb 18 11:32:59 messagerie-recup systemd-nspawn[251354]: [  OK  ] Started System Logging Service.
>    root at messagerie-recup[10.10.10.20] ~ #
> 
> 
> After a few minutes,
> a second attempt at login in resulted in a different error message:
> 
>    root at messagerie-recup[10.10.10.20] ~ # machinectl login clone-messagerie
>    Failed to get login PTY: Connection timed out
>    root at messagerie-recup[10.10.10.20] ~ #
> 
> same with machinectl shell:
> 
>    root at messagerie-recup[10.10.10.20] ~ # machinectl shell clone-messagerie
>    Failed to get login PTY: Connection timed out
>    root at messagerie-recup[10.10.10.20] ~ #
> 
> 
> I would really appreciate a little help to get me started using nspawn and machinectl.
> By the way, I have added the pts lines (pts/{0..9}) in the container's /etc/securetty file.
> 
> 
> The host OS is :
> 
>    systemd 252
>    debian 12
> 
> 
> Container OS is :
>    systemd 215
>    debian 8
> 
> Best,
> 


-- 
yassine -- sysadm
http://about.me/ychaouche
Looking for side gigs.

More information about the systemd-devel mailing list