mirror of
https://github.com/systemd/systemd
synced 2024-11-05 18:25:39 +00:00
885a4e6ca7
This is almost all of #17177.
139 lines
7.6 KiB
XML
139 lines
7.6 KiB
XML
<?xml version='1.0'?> <!--*-nxml-*-->
|
|
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
|
|
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
|
|
<!-- SPDX-License-Identifier: LGPL-2.1+ -->
|
|
|
|
<refentry id="systemd-machined.service" conditional='ENABLE_MACHINED'>
|
|
|
|
<refentryinfo>
|
|
<title>systemd-machined.service</title>
|
|
<productname>systemd</productname>
|
|
</refentryinfo>
|
|
|
|
<refmeta>
|
|
<refentrytitle>systemd-machined.service</refentrytitle>
|
|
<manvolnum>8</manvolnum>
|
|
</refmeta>
|
|
|
|
<refnamediv>
|
|
<refname>systemd-machined.service</refname>
|
|
<refname>systemd-machined</refname>
|
|
<refpurpose>Virtual machine and container registration manager</refpurpose>
|
|
</refnamediv>
|
|
|
|
<refsynopsisdiv>
|
|
<para><filename>systemd-machined.service</filename></para>
|
|
<para><filename>/usr/lib/systemd/systemd-machined</filename></para>
|
|
</refsynopsisdiv>
|
|
|
|
<refsect1>
|
|
<title>Description</title>
|
|
|
|
<para><command>systemd-machined</command> is a system service that keeps track of locally running virtual
|
|
machines and containers.</para>
|
|
|
|
<para><command>systemd-machined</command> is useful for registering and keeping track of both OS
|
|
containers (containers that share the host kernel but run a full init system of their own and behave in
|
|
most regards like a full virtual operating system rather than just one virtualized app) and full virtual
|
|
machines (virtualized hardware running normal operating systems and possibly different kernels).</para>
|
|
|
|
<para><command>systemd-machined</command> should <emphasis>not</emphasis> be used for registering/keeping
|
|
track of application sandbox containers. A <emphasis>machine</emphasis> in the context of
|
|
<command>systemd-machined</command> is supposed to be an abstract term covering both OS containers and
|
|
full virtual machines, but not application sandboxes.</para>
|
|
|
|
<para>Machines registered with machined are exposed in various ways in the system. For example:
|
|
<itemizedlist>
|
|
<listitem><para>Tools like
|
|
<citerefentry project='man-pages'><refentrytitle>ps</refentrytitle><manvolnum>1</manvolnum></citerefentry>
|
|
will show to which machine a specific process belongs in a column of
|
|
its own, and so will
|
|
<ulink url="https://help.gnome.org/users/gnome-system-monitor/">gnome-system-monitor</ulink> or
|
|
<citerefentry><refentrytitle>systemd-cgls</refentrytitle><manvolnum>1</manvolnum></citerefentry>.</para>
|
|
</listitem>
|
|
|
|
<listitem><para>systemd's various tools
|
|
(<citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
|
|
<citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
|
|
<citerefentry><refentrytitle>loginctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
|
|
<citerefentry><refentrytitle>hostnamectl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
|
|
<citerefentry><refentrytitle>timedatectl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
|
|
<citerefentry><refentrytitle>localectl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
|
|
<citerefentry><refentrytitle>machinectl</refentrytitle><manvolnum>1</manvolnum></citerefentry>, ...)
|
|
support the <option>-M</option> switch to operate on local containers instead of the host system.
|
|
</para></listitem>
|
|
|
|
<listitem><para><command>systemctl list-machines</command> will show the system state of all local
|
|
containers, connecting to the container's init system for that.</para></listitem>
|
|
|
|
<listitem><para>systemctl's <option>--recursive</option> switch has the effect of not only showing the
|
|
locally running services, but recursively showing the services of all registered containers.</para></listitem>
|
|
|
|
<listitem><para>The <command>machinectl</command> command provides access to a number of useful
|
|
operations on registered containers, such as introspecting them, rebooting, shutting them down, and
|
|
getting a login prompt on them.</para></listitem>
|
|
|
|
<listitem><para>The
|
|
<citerefentry><refentrytitle>sd-bus</refentrytitle><manvolnum>3</manvolnum></citerefentry> library
|
|
exposes the
|
|
<citerefentry><refentrytitle>sd_bus_open_system_machine</refentrytitle><manvolnum>3</manvolnum></citerefentry>
|
|
call to connect to the system bus of any registered container.</para></listitem>
|
|
|
|
<listitem><para>The
|
|
<citerefentry><refentrytitle>nss-mymachines</refentrytitle><manvolnum>8</manvolnum></citerefentry>
|
|
module makes sure all registered containers can be resolved via normal glibc
|
|
<citerefentry project='man-pages'><refentrytitle>gethostbyname</refentrytitle><manvolnum>3</manvolnum></citerefentry>
|
|
or
|
|
<citerefentry project='man-pages'><refentrytitle>getaddrinfo</refentrytitle><manvolnum>3</manvolnum></citerefentry>
|
|
calls.</para></listitem>
|
|
</itemizedlist></para>
|
|
|
|
<para>See
|
|
<citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry>
|
|
for some examples on how to run containers with OS tools.</para>
|
|
|
|
<para>If you are interested in writing a VM or container manager that makes use of machined, please have
|
|
look at <ulink url="https://www.freedesktop.org/wiki/Software/systemd/writing-vm-managers">Writing
|
|
Virtual Machine or Container Managers</ulink>. Also see the <ulink
|
|
url="https://www.freedesktop.org/wiki/Software/systemd/ControlGroupInterface/">New Control Group
|
|
Interfaces</ulink>.</para>
|
|
|
|
<para>The daemon provides both a C library interface
|
|
(which is shared with <citerefentry><refentrytitle>systemd-logind.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>)
|
|
as well as a D-Bus interface.
|
|
The library interface may be used to introspect and watch the state of virtual machines/containers.
|
|
The bus interface provides the same but in addition may also be used to register or terminate
|
|
machines.
|
|
For more information please consult
|
|
<citerefentry><refentrytitle>sd-login</refentrytitle><manvolnum>3</manvolnum></citerefentry>
|
|
and
|
|
<citerefentry><refentrytitle>org.freedesktop.machine1</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
|
and
|
|
<citerefentry><refentrytitle>org.freedesktop.LogControl1</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
|
|
</para>
|
|
|
|
<para>A small companion daemon
|
|
<citerefentry><refentrytitle>systemd-importd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
|
|
is also available, which implements importing, exporting, and downloading of container and VM images.
|
|
</para>
|
|
|
|
<para>For each container registered with <filename>systemd-machined.service</filename> that employs user
|
|
namespacing, users/groups are synthesized for the used UIDs/GIDs. These are made available to the system
|
|
using the <ulink url="https://systemd.io/USER_GROUP_API">User/Group Record Lookup API via
|
|
Varlink</ulink>, and thus may be resolved with
|
|
<citerefentry><refentrytitle>userdbctl</refentrytitle><manvolnum>1</manvolnum></citerefentry> or the
|
|
usual glibc NSS calls.</para>
|
|
</refsect1>
|
|
|
|
<refsect1>
|
|
<title>See Also</title>
|
|
<para>
|
|
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
|
|
<citerefentry><refentrytitle>machinectl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
|
|
<citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
|
|
<citerefentry><refentrytitle>nss-mymachines</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
|
|
<citerefentry><refentrytitle>systemd.special</refentrytitle><manvolnum>7</manvolnum></citerefentry>
|
|
</para>
|
|
</refsect1>
|
|
|
|
</refentry>
|