Original link: https://blog.lilydjwg.me/posts/216651.html
This article comes from Evian’s Blog , please indicate when reprinting.
A server needs maintenance, so all services on it need to be temporarily migrated away. I plan to throw it directly on another server that is relatively idle, and run it directly with systemd-nspawn. Simple and convenient, no additional configuration is required except for the network. But the question is, these services include an ElasticSearch running with docker, will there be any problems running in nspawn, which is also a container?
Tried it, there are still some problems. dockerd will report a permission error and cannot run. But a little searching found the solution:
SYSTEMD_SECCOMP=0 systemd-nspawn --capability=all --network-bridge=br0 --boot -D rootfs
nspawn restricts some permissions by default. This allows it to be unrestricted, which is equivalent to the --privileged parameter of docker. Then you can nest and run.
Check after running, all services are working normally without any problems. Configure the network well, and the nginx outside is responsible for forwarding (because it is lazy, so it does not have an external network IP), and then it can take over the work.
PS: I encountered a small pit during the migration. If rsync does not add --numeric-ids it will try to keep the user name unchanged, and various permission problems will occur when the system inside runs. So remember to add --numeric-ids when transferring rootfs.
This article is transferred from: https://blog.lilydjwg.me/posts/216651.html
This site is only for collection, and the copyright belongs to the original author.