First-class support for testing OSTree deployments in a lightweight container

[copumpkin]

From an IRC conversation on the topic:

[2016-04-19T16:16:10-0400] <walters> systemd-nspawn --register=no -D /ostree/deploy/centos-atomic-host/deploy/378538275fd9029a92435dc8c1efdb7a3486b04de47a2e6ac96752015b8352e5.0 /bin/bash
[2016-04-19T16:16:23-0400] <walters> almost worked...except nspawn barfs at the tmp -> sysroot/tmp symlink
[2016-04-19T16:17:12-0400] <walters> this works as is: systemd-nspawn --bind /tmp:/sysroot/tmp --register=no -D /ostree/deploy/centos-atomic-host/deploy/378538275fd9029a92435dc8c1efdb7a3486b04de47a2e6ac96752015b8352e5.0 /bin/bash
[2016-04-19T16:17:34-0400] <walters> that directory is the previous booted deployment
[2016-04-19T16:17:56-0400] <walters> it'd probably make sense to teach nspawn about the ostree conventions

In my case, adding the --bind /tmp:/sysroot/tmp doesn't seem to help the container boot (systemd-nspawn just gives an opaque error and exits) but if I manually remove /tmp from the tree it boots up properly.

I then run into issues with private networking, but that probably has more to do with the tree I'm using rpm-ostree to build than raw OSTree.

[cgwalters]

The closest active effort to this right now is: https://github.com/projectatomic/atomic/issues/298

Which is currently using runc and not nspawn, though any architectural issues would be similar between the two.

[copumpkin]

Hmm, I'm trying to disentangle that ticket from all the Docker/Etcd/Flannel stuff, which I don't use at all. All I'm looking for is a simple way to boot an OSTree tree in detached namespaces from the host. Does that still do what I need? I've experimented with runc but it doesn't appear to boot my tree (just seems to "hang" on init), so I stuck to systemd-nspawn for now.