Posted by & filed under Programming & Sysadmin, Web development.

Here is a simple way to quickly create three (or more) containers running apache/php/sshd using systemd-nspawn.

Everywhere it says “username” below, change to your username.

cd ~username
su –

Create the container root:
mkdir fake1

Install fedora into the container root:
yum -y –releasever=21 –nogpg –installroot=/home/username/fake1 \
–disablerepo=’*’ –enablerepo=fedora groupinstall “Web Server”

Fix the root password in the container (the lazy way):
grep root /etc/shadow (on host system)
cut and paste the encrypted password into fake1/etc/shadow

Startup the container and login as root:
systemd-nspawn -M fake1 -bD /home/username/fake1

After logging in, disable some things that are not needed:

systemctl disable NetworkManager.service
systemctl disable abrt-ccpp.service
systemctl disable auditd.service
systemctl disable smartd.service

Update the container:
yum update

Shut down the container (from inside):
halt

Make copies of the container:
cp -rp fake1 fake2
cp -rp fake1 fake3

Because the containers share the host’s network interface, you must change the ports used in each container so that they are different:

vi fake1/etc/ssh/sshd_config
set Port to 2221
vi fake1/etc/httpd/conf/httpd.conf
set Listen to 8001

vi fake1/etc/ssh/sshd_config
set Port to 2222
vi fake1/etc/httpd/conf/httpd.conf
set Listen to 8002

vi fake1/etc/ssh/sshd_config
set Port to 2223
vi fake1/etc/httpd/conf/httpd.conf
set Listen to 8003

 

Create a shell script to launch the containers without entering them:

#/bin/bash
echo “launching three containers”
nohup systemd-nspawn -M fake1 -bD /home/username/fake1 &
nohup systemd-nspawn -M fake2 -bD /home/username/fake2 &
nohup systemd-nspawn -M fake3 -bD /home/username/fake3 &
exit;
Run the script!

You should now see sshd listening on ports 2221, 2222, 2223 and httpd listening on 8001, 8002, 8003.

To shut the containers down from outside, use machinectl:
machinectl poweroff fake1 fake2 fake3

 

Leave a Reply

  • (will not be published)