systemd-nspawn
Today I first heard about systemd-nspawn when andrewstuart mentioned it on HN.
Doesn't look like there has been much mention of nspawn here on LES, but there is a Debian wiki page and an Arch wiki page. There is a man page on FreeDesktop.org.
Quoting from the Arch wiki: "systemd-nspawn may be used to run a command or OS in a light-weight namespace container. . . . systemd-nspawn is a simpler tool to configure than LXC or Libvirt." Hmm, simple configuration sounds pretty good!
There seems to be an nspawn.org website, which talks about a wrapper script for easier install, and there is a Github repo as well.
Might a server with a bunch of nspawn containers create an easily configured Low End Empire? 💰
Does anybody here have experience using nspawn?
Comments
Here's what at first glance looks like a pretty complete tutorial:
Using systemd-nspawn containers with publicly routable ips (IPv6 and IPv4) via bridged mode for high density testing whilst balancing tenant isolation
Added to archive.org.
MetalVPS
I have never heard of this, but it sounds interesting. Time to do some reading.
LES • About • Donate • Rules • Support
Here is what a developer of "system-level software" says about how use systemd-nspawn to run development code while being "reasonably sure it cannot destroy or otherwise negatively affect my host system." Running a Container off the Host /usr/
MetalVPS
NixOS's native container uses systemd-nspawn as underlying technology.
I have spun up several nspawn containers and from the outside, it does not feel any differently from LXC.
I am sure there are some security concerns that may be exploited some day (you don't know what you don't know), but pretty legit for my use case.
If time permits, I would like to convert my proxmox homelab into a NixOS hypervisor running several systemd-nspawn containers.
The all seeing eye sees everything...
Interesting! TIL!
MetalVPS
Whats the benefit of NixOS over proxmox's KVM/LXC? I found that you can create containers for proxmox using NixOS, but I did not find any comparisons showing why it is better.
Somik.org - Server admins cheat codes
You're comparing apples to oranges. NixOS is a distribution KVM/LXC are virtualization technologies.
If you're talking about them being the "hypervisor OS", then the benefit is the same as if you ran NixOS in a container: you can declaratively configure the host.
tl;dr: declarative configuration
Ya, found that AFTER i posted the comment... Thanks!
So basically Nix hypervisor os is a "text based" container creator while proxmox is a gui based. So you can run NixOS inside proxmox KVMs, and even in docker/lxc containers... But why would i do that if i can run ubuntu/debian/alpine?
Somik.org - Server admins cheat codes
It gets tired after a while doing
Or any other repetitive tasks.
NixOS allows you to have your system defined in a collection of configuration files.
"Write once, run everywhere" at the OS level.
Google "NixOS" and you'll have more people telling you the advantage of running NixOS better than I can.
The all seeing eye sees everything...
There's been a bit of discussion about systemd-nspawn on the Truenas forum as an alternative to FreeBSD jails on Truenas Scale that is Linux based.
IXSystems opted for Kubernetes as their main container orchestration on Truenas Scale and people are looking for some of the features from jails available on Truenas Core that are not easily mapped to containers.
Gave nspawn a try and actually got a container online with secondary ipv4 address using the link provided by @Not_Oles (thank you). However the link while very good seems to fizzle out when it comes to setting up ipv6.
So does anyone have a guide for ipv6 nspawn container setup ?