use chroot to install python3 at bootstrap time

README.md

@@ -130,15 +130,16 @@ apt update && apt install lxc-utils
 ```
 For the time being, it is necessary to manually create each container and to
 install python3 in it before running the corresponding playbooks. For example,
-to setup the DNS container:
+to setup the DNS container, run the following **as root**:
 ```
 lxc-create -t download -n dns -- -d debian -r buster -a amd64
-lxc-start dns
-lxc-attach dns
+chroot /var/lib/lxc/dns/rootfs
 apt update
 apt install -y python3
+exit
 ```
-You can now press Ctrl+D to exit the LXC shell.
+We are using chroot because the network interfaces have not been setup in the
+container yet (they will be setup via a playbook).
 
 The containers should be privileged since the CSC currently uses privileged
 LXC containers. If we switch to unprivileged containers in the future, this
@@ -149,10 +150,13 @@ on the host where the LXC containers are running. e.g. for Debian:
 ```
 apt install -y ansible python3-lxc
 ```
+
 Now we are ready to run the playbook:
 ```
+lxc-start -n dns
 ansible-playbook dns/main.yml
 ```
+
 If you see a whole bunch of errors like
 ```
 RuntimeError: cannot release un-acquired lock