summaryrefslogtreecommitdiff
path: root/man/systemd-nspawn.xml
AgeCommit message (Collapse)Author
2016-08-03nspawn: deprecate --share-system supportLennart Poettering
This removes the --share-system switch: from the documentation, the --help text as well as the command line parsing. It's an ugly option, given that it kinda contradicts the whole concept of PID namespaces that nspawn implements. Since it's barely ever used, let's just deprecate it and remove it from the options. It might be useful as a debugging option, hence the functionality is kept around for now, exposed via an undocumented $SYSTEMD_NSPAWN_SHARE_SYSTEM environment variable.
2016-07-25man: make chroot less prominent in discussion of nspawnZbigniew Jędrzejewski-Szmek
Not as many people use chroot as before, so make the flow a bit nicer by talking less about chroot. "change to the either" is awkward and unclear. Just remove that part, because all changes are lost, period.
2016-07-04treewide: fix typosTorstein Husebø
2016-06-22nspawn: improve man page (#3577)Lennart Poettering
This change documents the existance of the systemd-nspawn@.service template unit file, which was previously not mentioned at all. Since the unit file uses slightly different default than nspawn invoked from the command line, these defaults are now explicitly documented too. A couple of further additions and changes are made, too. Replaces: #3497
2016-06-10nspawn: introduce --notify-ready=[no|yes] (#3474)Alessandro Puccetti
This the patch implements a notificaiton mechanism from the init process in the container to systemd-nspawn. The switch --notify-ready=yes configures systemd-nspawn to wait the "READY=1" message from the init process in the container to send its own to systemd. --notify-ready=no is equivalent to the previous behavior before this patch, systemd-nspawn notifies systemd with a "READY=1" message when the container is created. This notificaiton mechanism uses socket file with path relative to the contanier "/run/systemd/nspawn/notify". The default values it --notify-ready=no. It is also possible to configure this mechanism from the .nspawn files using NotifyReady. This parameter takes the same options of the command line switch. Before this patch, systemd-nspawn notifies "ready" after the inner child was created, regardless the status of the service running inside it. Now, with --notify-ready=yes, systemd-nspawn notifies when the service is ready. This is really useful when there are dependencies between different contaniers. Fixes https://github.com/systemd/systemd/issues/1369 Based on the work from https://github.com/systemd/systemd/pull/3022 Testing: Boot a OS inside a container with systemd-nspawn. Note: modify the commands accordingly with your filesystem. 1. Create a filesystem where you can boot an OS. 2. sudo systemd-nspawn -D ${HOME}/distros/fedora-23/ sh 2.1. Create the unit file /etc/systemd/system/sleep.service inside the container (You can use the example below) 2.2. systemdctl enable sleep 2.3 exit 3. sudo systemd-run --service-type=notify --unit=notify-test ${HOME}/systemd/systemd-nspawn --notify-ready=yes -D ${HOME}/distros/fedora-23/ -b 4. In a different shell run "systemctl status notify-test" When using --notify-ready=yes the service status is "activating" for 20 seconds before being set to "active (running)". Instead, using --notify-ready=no the service status is marked "active (running)" quickly, without waiting for the 20 seconds. This patch was also test with --private-users=yes, you can test it just adding it at the end of the command at point 3. ------ sleep.service ------ [Unit] Description=sleep After=network.target [Service] Type=oneshot ExecStart=/bin/sleep 20 [Install] WantedBy=multi-user.target ------------ end ------------
2016-05-09man: add documentation for the new --network-zone= concept of nspawnLennart Poettering
2016-05-09man: document that nspawn's host0 and ve-* interfaces have default config in ↵Lennart Poettering
networkd
2016-04-25nspawn: make -U a tiny bit smarterLennart Poettering
With this change -U will turn on user namespacing only if the kernel actually supports it and otherwise gracefully degrade to non-userns mode.
2016-04-25man: document the new user namespacing optionsLennart Poettering
2016-04-21tree-wide: use mdash instead of a two minusesZbigniew Jędrzejewski-Szmek
2016-04-20nspawn: add -E as alias for --setenvZbigniew Jędrzejewski-Szmek
v2: - "=" is required, so remove the <optional> tags that v1 added
2016-04-12man: minor nspawn doc fixesLennart Poettering
2016-04-11nspawn: always setup machine idMichal Sekletar
We check /etc/machine-id of the container and if it is already populated we use value from there, possibly ignoring value of --uuid option from the command line. When dealing with R/O image we setup transient machine id. Once we determined machine id of the container, we use this value for registration with systemd-machined and we also export it via container_uuid environment variable. As registration with systemd-machined is done by the main nspawn process we communicate container machine id established by setup_machine_id from outer child to the main process by unix domain socket. Similarly to PID of inner child.
2016-03-15man: document missing KillSignal= .nspawn optionPetros Angelatos
Signed-off-by: Petros Angelatos <petrosagg@gmail.com>
2016-02-03nspawn: optionally run a stub init process as PID 1Lennart Poettering
This adds a new switch --as-pid2, which allows running commands as PID 2, while a stub init process is run as PID 1. This is useful in order to run arbitrary commands in a container, as PID1's semantics are different from all other processes regarding reaping of unknown children or signal handling.
2016-02-03nspawn: add new --chdir= switchLennart Poettering
Fixes: #2192
2016-01-28doc: improved wording in some placesJan Engelhardt
Avoid "mountpoint mounted" (word repetition), "queriable" (no match in m-w.com and dict.cc).
2015-11-12nspawn: add new --network-veth-extra= switch for defining additional veth linksLennart Poettering
The new switch operates like --network-veth, but may be specified multiple times (to define multiple link pairs) and allows flexible definition of the interface names. This is an independent reimplementation of #1678, but defines different semantics, keeping the behaviour completely independent of --network-veth. It also comes will full hook-up for .nspawn files, and the matching documentation.
2015-11-06doc: correct orthography, word forms and missing/extraneous wordsJan Engelhardt
2015-11-06doc: correct punctuation and improve typography in documentationJan Engelhardt
2015-10-24man: let's enclose * in shell examples in ''Lennart Poettering
Technically, it's safer that way, since dnf is supposed to parse the "*", not the shell. It doesn't really matter too much in real life (as the expression is too complex), but let's better be safe than sorry, and make sure people won't file bugs about this...
2015-10-22man: also add --enablerepo=updates to dnf invocationZbigniew Jędrzejewski-Szmek
Without the updates repo, we are installing packages from the time that that version of Fedora was released. Normally, during the lifetime of the release most packages are updated, so most of the packages installed would be outdated, and the first update after installation would update a massive set of packages. Avoid all this by installing from the updates repo from the start.
2015-10-22man: remove --nogpg from dnf install command lineZbigniew Jędrzejewski-Szmek
Keys for previous and future Fedora distributions were added for the fedora-repos package recently: https://bugzilla.redhat.com/show_bug.cgi?id=1246701. There is no need to skip signature checking. Also, update to the latest and greatest and remove unnecessary quotes.
2015-09-22man: drop reference to yum from man pagesLennart Poettering
Apparently, yum is obsolete, and dnf is the new yum. Mention only dnf hence, and don't mention yum anymore.
2015-09-07man: typo fixesThomas Hindoe Paaboel Andersen
2015-09-06nspawn: add new .nspawn files for container settingsLennart Poettering
.nspawn fiels are simple settings files that may accompany container images and directories and contain settings otherwise passed on the nspawn command line. This provides an efficient way to attach execution data directly to containers.
2015-08-28nspawn: add (no)rbind option to --bind and --bind-roEugene Yakubovich
--bind and --bind-ro perform the bind mount non-recursively. It is sometimes (often?) desirable to do a recursive mount. This patch adds an optional set of bind mount options in the form of: --bind=src-path:dst-path:options options are comma separated and currently only "rbind" and "norbind" are allowed. Default value is "rbind".
2015-08-07man: Document \: escapes in nspawn's --overlay optionRichard Maw
2015-08-07man: Document \: escapes in nspawn's --bind optionRichard Maw
2015-08-07man: Document \: escapes in nspawn's --tmpfs optionRichard Maw
2015-08-05man: point nspawn --machine to machinectl search-pathRichard Maw
The --machine option used to describe searching for machines in /var/lib/machines, which is not the whole story, so let's link to where it's described in more detail.
2015-06-18man: revert dynamic paths for split-usr setupsTom Gundersen
This did not really work out as we had hoped. Trying to do this upstream introduced several problems that probably makes it better suited as a downstream patch after all. At any rate, it is not releaseable in the current state, so we at least need to revert this before the release. * by adjusting the path to binaries, but not do the same thing to the search path we end up with inconsistent man-pages. Adjusting the search path too would be quite messy, and it is not at all obvious that this is worth the effort, but at any rate it would have to be done before we could ship this. * this means that distributed man-pages does not make sense as they depend on config options, and for better or worse we are still distributing man pages, so that is something that definitely needs sorting out before we could ship with this patch. * we have long held that split-usr is only minimally supported in order to boot, and something we hope will eventually go away. So before we start adding even more magic/effort in order to make this work nicely, we should probably question if it makes sense at all.
2015-05-28man: generate configured paths in manpagesFilipe Brandenburger
In particular, use /lib/systemd instead of /usr/lib/systemd in distributions like Debian which still have not adopted a /usr merge setup. Use XML entities from man/custom-entities.ent to replace configured paths while doing XSLT processing of the original XML files. There was precedent of some files (such as systemd.generator.xml) which were already using this approach. This addresses most of the (manual) fixes from this patch: http://anonscm.debian.org/cgit/pkg-systemd/systemd.git/tree/debian/patches/Fix-paths-in-man-pages.patch?h=experimental-220 The idea of using generic XML entities was presented here: http://lists.freedesktop.org/archives/systemd-devel/2015-May/032240.html This patch solves almost all the issues, with the exception of: - Path to /bin/mount and /bin/umount. - Generic statements about preference of /lib over /etc. These will be handled separately by follow up patches. Tested: - With default configure settings, ran "make install" to two separate directories and compared the output to confirm they matched exactly. - Used a set of configure flags including $CONFFLAGS from Debian: http://anonscm.debian.org/cgit/pkg-systemd/systemd.git/tree/debian/rules Installed the tree and confirmed the paths use /lib/systemd instead of /usr/lib/systemd and that no other unexpected differences exist. - Confirmed that `make distcheck` still passes.
2015-05-23fix typos in systemd-nspawn man pageJonathan Boulle
2015-05-21nspawn: finish user namespace supportLennart Poettering
2015-05-13nspawn: rework custom mount point order, and add support for overlayfsLennart Poettering
Previously all bind mount mounts were applied in the order specified, followed by all tmpfs mounts in the order specified. This is problematic, if bind mounts shall be placed within tmpfs mounts. This patch hence reworks the custom mount point logic, and alwas applies them in strict prefix-first order. This means the order of mounts specified on the command line becomes irrelevant, the right operation will always be executed. While we are at it this commit also adds native support for overlayfs mounts, as supported by recent kernels.
2015-05-11treewide: Correct typos and spell plural of bus consistentTorstein Husebø
2015-05-05man: document that nspawn -x, --template= and machinectl clone leave ↵Lennart Poettering
hostname and machine id unmodified
2015-05-05man: nspawn is used in production these days, admit thatLennart Poettering
Previously, the man page suggested to only use nspawn for testing, building, and debugging things. However, it is nowadays used in production and used as building block for rocket, hence let's just admit that it's pretty much production ready.
2015-04-27man: document that nspawn's --bind= switch may be used multiple timesLennart Poettering
2015-03-13man: fix a bunch of linksZbigniew Jędrzejewski-Szmek
All hail linkchecker!
2015-02-25nspawn: make kill signal to use for PID 1 configurableLennart Poettering
2015-02-18nspawn: add support for --property= to set scope propertiesLennart Poettering
This is similar to systemd-run's --property= setting.
2015-02-03Reindent man pages to 2chZbigniew Jędrzejewski-Szmek
2015-02-01man: switch yum to dnf for FedoraZbigniew Jędrzejewski-Szmek
The dnf name is here to stay, we might as well adjust.
2015-01-22man: document new download magicLennart Poettering
2015-01-20nspawn: add ipvlan supportTom Gundersen
2015-01-15nspawn,machined: change default container image location from ↵Lennart Poettering
/var/lib/container to /var/lib/machines Given that this is also the place to store raw disk images which are very much bootable with qemu/kvm it sounds like a misnomer to call the directory "container". Hence, let's change this sooner rather than later, and use the generic name, in particular since we otherwise try to use the generic "machine" preferably over the more specific "container" or "vm".
2015-01-13nspawn: add "-n" shortcut for "--network-veth"Lennart Poettering
Now that networkd's IP masquerading support means that running containers with "--network-veth" will provide network access out of the box for the container, let's add a shortcut "-n" for it, to make it easily accessible.
2015-01-13nspawn: add new option "--port=" for exposing container ports on the local hostLennart Poettering
This exposes an IP port on the container as local port using DNAT.