Run UBOS in an aarch64
Linux container
/docs/linux/installation/aarch64_container/
These instructions are the same for all ARM 64bit-based devices. This includes single-board computers like the Marvell EXPRESSObin, but also Apple Silicon-based Macs and MacBooks.
If you already run Linux on an aarch64
-based device,
you can run UBOS in a Linux container with systemd-nspawn
. This allows you to try
out UBOS without having to do a bare metal installation. The only requirement is that
your Linux machine runs systemd
in a reasonably recent version.
Note
You can run UBOS in an aarch64
Linux container on Apple Silicon, such as from within
a Parallels Desktop or UTM virtual machine.
To do so:
-
Download a UBOS container image from the Depot. Images for
aarch64
containers are at depot.ubosfiles.net/green/aarch64/images/index.html. Look for a file namedubos_green_aarch64-container_LATEST.tar.xz
. -
Optionally, you may now verify that your image downloaded correctly by following Verify your downloaded UBOS image.
-
Uncompress and unpack the downloaded file into a suitable directory by executing:
% mkdir ubos % sudo tar -x -J -C ubos -f ubos_green_aarch64-container_LATEST.tar.xz
on the Linux command line.
If you are running btrfs as your filesystem, you may want to create a subvolume and unpack into that subvolume instead, as
systemd-nspawn
is btrfs-aware and that can speed up things and save some disk space. However, use of btrfs is optional. -
Consider adding some virtual memory if you do this on an embedded device, if you have an attached hard drive. This will alleviate memory pressures on the embedded device if it has little RAM.
-
Run both IPv4 and IPv6 based
iptables
on your host, otherwise UBOS cannot set up its own firewall and the UBOS container will boot into adegraded
state. If you aren’t already doing this, on the host:% [[ -e /etc/iptables/iptables.rules ]] || sudo cp /etc/iptables/empty.rules /etc/iptables/iptables.rules % [[ -e /etc/iptables/ip6tables.rules ]] || sudo cp /etc/iptables/empty.rules /etc/iptables/ip6tables.rules % sudo systemctl enable iptables ip6tables % sudo systemctl start iptables ip6tables
This will not actually perform any firewall functionality (the ruleset is empty), but it will allow the UBOS container to set up its own firewall.
-
Boot the container.
systemd-nspawn
has a wide variety of options, in particular for how to set up networking. A private network, as we do it here, is one simple option, but you may want to choose a different option, depending on your needs:% sudo systemd-nspawn --boot --network-veth --machine ubos --directory ubos
-
When the boot process is finished, log in as user
root
. For password, see I need root. -
Now: wait. UBOS needs to generate a few cryptographic keys before it is ready to use and initialize a few other things on the first boot. That might take 5 or 10 minutes on slower platforms. To determine whether UBOS ready, execute:
% systemctl is-system-running
The container takes entropy from the host computer, so make sure the host Linux system provides enough. Depending your Linux distro, you may be able to generate more by typing on the keyboard, moving the mouse, generating hard drive activity etc. You can also run:
% sudo systemctl start haveged
on your host (not container).
-
Your container should automatically acquire an IP address. You can check with:
% ip addr
Make sure you are connected to the internet before attempting to proceed. If you have difficulties reaching the internet from your container, consult Cannot connect to the public internet from a UBOS container.
-
Update UBOS to the latest and greatest:
% sudo ubos-admin update
-
You are now ready for Setting up your first Site and App. Note that with the private networking setup described on this page, you will only be able to access Apps installed in your UBOS container from the host computer. If you like to access them from anywhere else, you either need to give your container a non-private IP address, or port forward from the host to the container.
-
To shut down your container, either:
- hit ^] three times, or
- in a separate shell, execute
sudo machinectl poweroff ubos