Using systemd-nspawn in Arch Linux ARM for Kerberos.io
Since I started using kerberos.io, I had to decide how to install it on my Raspberry Pi 3 running Arch Linux ARM. First I tried to repackage the official .deb for pacman: PKGCONFIG. It worked out for a while until another Arch update. Then I tried to build the machinery by myself. It turned out not to be easy, ending up with lot of functionality disabled or not reliable. Finally, I’ve come to yet another solution: running the genuine raspbian contained systemd-nspawn to enable official builds following the guide.
-
So I installed Raspbian into
/var/lib/machines
using debootstrap first (I wish I could find aconfmgr for Debian!). - To launch it manually from the command line:
cd /var/lib/machines && systemd-nspawn --bind /dev/video0 --bind /dev/vchiq -bD raspbian`
-
It took some effort to tune the system, install kerberos.io,
libraspberrypi-bin
and other dependencies (Update: created a script to prepare the raspbian for chroot automatically: prepare-raspbian-kerberosio.sh). -
Then I created configuration and service files to start raspbian automatically on boot: the change.
-
NOTE: the guest uses host networking for simplicity and interoperability with tinc.
-
NOTE: it’s required to explicitly specify which mapped dev files to allow the access.
- Finally, I could remove kerberos.io from the host system.
As an illustration, here is the status of the container:
[sakhnik@alarmpi3 ~]$ machinectl status raspbian
raspbian(d2c01930a9414d59a6e15d4f40770785)
Since: Mon 2018-06-25 09:35:34 EEST; 22h ago
Leader: 27119 (systemd)
Service: systemd-nspawn; class container
Root: /var/lib/machines/raspbian
OS: Raspbian GNU/Linux 9 (stretch)
Unit: systemd-nspawn@raspbian.service
├─ 956 /usr/bin/kerberosio
├─27117 /usr/bin/systemd-nspawn --quiet --keep-unit --boot --link-journal=try-guest --network-veth -U --sett>
├─27119 /lib/systemd/systemd
├─27133 /lib/systemd/systemd-journald
├─27174 php-fpm: master process (/etc/php/7.0/fpm/php-fpm.conf)
├─27175 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
├─27178 /usr/sbin/cron -f
├─27180 /lib/systemd/systemd-logind
├─27182 /usr/sbin/rsyslogd -n
├─27190 /sbin/agetty --noclear --keep-baud console 115200,38400,9600 vt220
├─27192 php-fpm: pool www
├─27193 php-fpm: pool www
├─27194 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
├─27195 nginx: worker process
├─27196 nginx: worker process
├─27197 nginx: worker process
├─27198 nginx: worker process
└─27561 php-fpm: pool www