The version of LXC that is being installed on our Trusty labs instances (1.0.8-0ubuntu0.4) does not support running containers with systemd init (https://github.com/lxc/lxc/issues/685).
There are newer versions of LXC available in trusty-backports. Rather than just the LXC 1.1.4 mentioned in the upstream bug the current backport version is 2.0.6-0ubuntu1~ubuntu14.04.1.
I've manually hacked up a testing instance in Labs. I upgraded the LXC install using sudo apt-get -t trusty-backports install lxc lxc-templates. Unfortunately Puppet's package define doesn't support this type of pinning. We will need to figure out the exact dependency packages and pin all of them with apt config.
I haven't figured out the exact apparmor policy changes that are needed. Upon creation, this error is logged in syslog:
audit(1483072595.366:61): apparmor="DENIED" operation="mount" info="failed type match" error=-13 profile="lxc-container-default" name="/sys/fs/cgroup/systemd/" pid=18924 comm="systemd" fstype="cgroup" srcname="cgroup" flags="rw, nosuid, nodev, noexec"
Following this, the container is created, but it does not have networking support or the systemd init system running. Vagrant can not talk to the container properly either because of certain probe commands that it sends which rely on networking being up inside the container.
Just to prove to myself that things will work eventually I used lxc.customize 'aa_profile', 'unconfined' in the lxc section of Vagrantfile to disable apparmor for the generated container. With this change the container comes up as expected with a systemd init system and working networking and wiki!