super lightweight containers with systemd-nspawn

systemd-nspawn containers on centos

assumes centos 7 host, typical configuration

- disable selinux: SELINUX=permissive in /etc/sysconfig/selinux
- disable auditd: systemctl disable auditd.service
- enable journald persistence: `Storage=persistent` in /etc/systemd/journald.conf
- mkdir /var/lib/container
- yum -y --nogpg --releasever=7 --installroot=/var/lib/container/centos install systemd passwd yum vim-minimal openssh-server
- systemd-nspawn -D /var/lib/container/centos
- set root passwd, set ssh port (e.g. 2222)
- set up systemd-nspawn service:

```bash
[root@valhalla ~]# cat /usr/lib/systemd/system/systemd-nspawn\@.service 
#  This file is part of systemd.
#
#  systemd is free software; you can redistribute it and/or modify it
#  under the terms of the GNU Lesser General Public License as published by
#  the Free Software Foundation; either version 2.1 of the License, or
#  (at your option) any later version.

[Unit]
Description=Container %i
Documentation=man:systemd-nspawn(1)

[Service]
ExecStart=/usr/bin/systemd-nspawn -bjD /var/lib/container/%i
Type=notify
Delegate=yes

[Install]
WantedBy=multi-user.target
```

- systemctl enable systemd-nspawn@centos.service
- systemctl start systemd-nspawn@centos.service
- machinectl list
- expose your container ssh port on host: firewall-cmd --zone=public --add-port=2222/tcp --permanent
- connect to container sshd via host IP and container-sshd port: ssh my.ip.ad.dr -p 2222