CentOS containers in Fedora: a semi-comprehensive way

As someone who runs CentOS Stream on his production server and Fedora on his desktop, I recently had the need for a CentOS container where I could just “try stuff out”.

Because I was used to LXD's simplicity and practicality, where I could just lxc launch images:centos/8-Stream, having to bring myself to use only things based around (and made for) the RHEL/Fedora ecosystem meant switching from LXD to systemd-nspawn: a complete pain in the ass, especially because of one missing feature: downloadable images.

If you need to setup a quick container with distro X, the command above will do the job on LXD, but with nspawn the only users/guides I saw using it just debootstrapped a Debian/Ubuntu chroot and coped with that; users/guides on the Internet that show how to set up Arch (or even things like OpenSUSE) are incredibly rare, although you can find the how-to inside the systemd-nspawn(1) manual.

Having just come across the mkosi tool by the Lennart himself, I figured that I could kinda automate setting up nspawn containers by using this tool. According to the man page, the following distros are supported as of 2/1/2021:

fedora, debian, ubuntu, arch, opensuse, mageia, centos, centos_epel, clear, photon, openmandriva, rocky, rocky_epel, alma, alma_epel

I perfectly know that the tool just uses debootstrap, zypper, dnf and so on to basically create a chroot, but this is pretty much what I needed: an lxc launch images:X kind of command where the container is ready to use (or really close to that).

Show me how!

As we want to set up a CentOS Stream 8 container here, because there is (currenly) no way to immediately to do that, we will install the regular CentOS Linux 8 distro and upgrade it to Stream 8.

The obvious first step to do so is installing the actual mkosi tool, which would pull other package managers like pacman and zypper with it.

Now, I want the rootfs to sit inside a folder named c8s and to do that, we need to do the following:

sudo mkosi -d centos -r 8 -t directory -o c8s --package=@minimal-environment --password=weed

The command above does the following things:

As Fedora is using enforcing SELinux (I HOPE), we need to relabel things inside the rootfs to not be denied some actions by the host when inside it:

restorecon -Rv c8s

Now, boot the container with the usual:

sudo systemd-nspawn -bD c8s

And login as root with password weed. Before touching dnf, we need to fix the rpm database as it results broken after the install (maybe because mkosi installs things like it was a mock container), so we need to:

rpm --rebuilddb -vv

After that, add a DNS to resolv.conf e.g. with echo nameserver > /etc/resolv.conf and do a dnf upgrade to check for any weird errors/warnings coming from the package manager: it should not give anything.

Now we just need to follow the regular c8 –> c8s upgrade procedure:

dnf swap centos-linux-repos centos-stream-repos
dnf distro-sync

Exit out of the nspawn container and you should be all set! Have fun with your fancy CentOS Stream 8 container!