Running NetworkManager in a container
LXC (with libvirt)
The guest needs to be running a at least 0b9a4cd8 (post-1.0). Host can run any version.
For Fedora 22, libvirt as of April 13, 2015, the LXC container startup is broken. The fix is expected to land soon. To work around the issue do the following:
# mkdir /var/run/libvirt/lxc
First, initialize the container tree:
# dnf -y --releasever=22 --nogpg --installroot=/var/lib/machines/fedora22 \
--disablerepo='*' --enablerepo=fedora groupinstall core
# dnf -y --installroot=/var/lib/machines/fedora22 copr enable lkundrak/NetworkManager
# dnf -y --installroot=/var/lib/machines/fedora22 install NetworkManager
# chroot /var/lib/machines/fedora22 passwdNext, create a libvirt domain:
# virsh -c lxc:/// define /dev/stdin <<EOF
<domain type='lxc'>
<name>fedora22</name>
<!-- Any amount you like: -->
<memory unit='MiB'>512</memory>
<os>
<type>exe</type>
<init>/sbin/init</init>
</os>
<devices>
<emulator>/usr/libexec/libvirt_lxc</emulator>
<filesystem type='mount' accessmode='passthrough'>
<source dir='/var/lib/machines/fedora22'/>
<target dir='/'/>
</filesystem>
<interface type='network'>
<source network='default'/>
<guest dev='eth0'/>
<!-- This is important: if you let libvirt up
the device, an IPv6 LL address will be generated
and NetworkManager will assume it's configured: -->
<link state='down'/>
</interface>
<!-- Add this if you need tunnels to work (VPN) -->
<hostdev mode='capabilities' type='misc'>
<source>
<char>/dev/net/tun</char>
</source>
</hostdev>
<!-- You can assign host network interfaces too.
To share a WiFi device (useful with mac80211_hwsim to create a
virtual wireless network) a fix in libvirt is needed (not yet
submitted upstream):
http://people.freedesktop.org/~lkundrak/0001-lxc-move-wireless-phys.patch -->
<!--
<hostdev mode='capabilities' type='net'>
<source>
<interface>wlan0</interface>
</source>
</hostdev>
-->
<console type='pty'>
<target type='lxc' port='0'/>
</console>
</devices>
</domain>
EOFDone.
Docker
In Docker, the docker daemon configures networking and NetworkManager merely assumes the connection.
The lkundrak/network-manager repository available from the public registry contains an image with systemd and NetworkManager installed.
systemd-nspawn
Both host and guest need to be running a at least 0b9a4cd8 (post-1.0).
You can reuse the same image as used for LXC, or pull a Docker image.
Note that systemd-importd is currently not able to pull Fedora images. To work around the issue, do this first:
# sed 's/\(CapabilityBoundingSet=.*\)/\1 CAP_DAC_OVERRIDE/' \
</usr/lib/systemd/system/systemd-importd.service \
>/etc/systemd/system/systemd-importd.service;
# systemctl daemon-reload && systemctl restart systemd-importdYou can then pull the image:
# machinectl pull-dkr --verify=no --dkr-index-url=https://registry.hub.docker.com \
lkundrak/network-managerThen make enable management of the host part of the veth pair and create a shared IPv4 connection for it:
# echo 'SUBSYSTEM=="net", ENV{INTERFACE}=="ve-*", ENV{NM_UNMANAGED}="0"' >/etc/udev/rules.d/99-nm.rules
# udevadm control --reload-rules
# nmcli c add type ethernet autoconnect no con-name ve-fedora22 ifname ve-network-man
# nmcli c modify ve-network-man ipv4.method shared connection.autoconnect trueYou can now start the machine:
# systemd-nspawn --network-veth -b -D /var/lib/machines/network-manager
Or:
# machinectl start network-manager
Or even enable it persistently:
# machinectl enable network-manager # systemctl start systemd-nspawn@network-manager # machinectl login network-manager