From 992afc106dd0ee5ecb02c86dc7fc49a52e4db10a Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 23 Feb 2016 16:23:42 +0100
Subject: man: add minimal man page for systemd-importd.service

---
 man/systemd-importd.service.xml | 82 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 82 insertions(+)
 create mode 100644 man/systemd-importd.service.xml

(limited to 'man')

diff --git a/man/systemd-importd.service.xml b/man/systemd-importd.service.xml
new file mode 100644
index 0000000000..1da065df69
--- /dev/null
+++ b/man/systemd-importd.service.xml
@@ -0,0 +1,82 @@
+<?xml version='1.0'?> <!--*-nxml-*-->
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+  "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
+
+<!--
+  This file is part of systemd.
+
+  Copyright 2016 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+-->
+
+<refentry id="systemd-importd.service" conditional='ENABLE_IMPORTD'>
+
+  <refentryinfo>
+    <title>systemd-importd.service</title>
+    <productname>systemd</productname>
+
+    <authorgroup>
+      <author>
+        <contrib>Developer</contrib>
+        <firstname>Lennart</firstname>
+        <surname>Poettering</surname>
+        <email>lennart@poettering.net</email>
+      </author>
+    </authorgroup>
+  </refentryinfo>
+
+  <refmeta>
+    <refentrytitle>systemd-importd.service</refentrytitle>
+    <manvolnum>8</manvolnum>
+  </refmeta>
+
+  <refnamediv>
+    <refname>systemd-importd.service</refname>
+    <refname>systemd-importd</refname>
+    <refpurpose>Virtual machine and container import and export service</refpurpose>
+  </refnamediv>
+
+  <refsynopsisdiv>
+    <para><filename>systemd-importd.service</filename></para>
+    <para><filename>/usr/lib/systemd/systemd-importd</filename></para>
+  </refsynopsisdiv>
+
+  <refsect1>
+    <title>Description</title>
+
+    <para><command>systemd-importd</command> is a system service that allows importing, exporting and downloading of
+    system images suitable for running as VM or containers. It is a companion service for
+    <citerefentry><refentrytitle>systemd-machined.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>, and
+    used to implement <citerefentry><refentrytitle>machinectl</refentrytitle><manvolnum>1</manvolnum></citerefentry>'s
+    <command>pull-raw</command>, <command>pull-tar</command>, <command>import-raw</command>,
+    <command>import-tar</command>, <command>export-raw</command> and <command>export-tar</command> commands.</para>
+
+    <para>See the
+    <ulink url="http://www.freedesktop.org/wiki/Software/systemd/importd">
+    importd D-Bus API Documentation</ulink> for information about the
+    APIs <filename>systemd-importd</filename> provides.</para>
+  </refsect1>
+
+  <refsect1>
+    <title>See Also</title>
+    <para>
+      <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
+      <citerefentry><refentrytitle>machinectl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
+      <citerefentry><refentrytitle>systemd-machined.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
+      <citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry>
+    </para>
+  </refsect1>
+
+</refentry>
-- 
cgit v1.2.3-54-g00ecf


From 9053aaad4255a1d01a50f8e44784cd7eebe8f95c Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 23 Feb 2016 18:24:03 +0100
Subject: man: change recommended order of NSS modules in /etc/nsswitch.conf

So far we recommended placing "nss-mymachines" after "nss-resolve" in the order
of preference in /etc/nsswitch.conf. This change reverse this order.

Rationale: single-label names are resolved via LLMNR by resolved, which has to
time out if no peer by that name exists. By placing "nss-mymachines" first
(which always responds immediately) we avoid running into this timeout for most
containers. Both modules should return the same data if LLMNR is used by the
container anyway.

While we are at it, improve the man pages of the three NSS modules in other
ways a bit.
---
 man/nss-myhostname.xml | 32 +++++++++++++-------------------
 man/nss-mymachines.xml | 43 +++++++++++++++++++------------------------
 man/nss-resolve.xml    | 45 +++++++++++++++++++--------------------------
 3 files changed, 51 insertions(+), 69 deletions(-)

(limited to 'man')

diff --git a/man/nss-myhostname.xml b/man/nss-myhostname.xml
index 251bdecbad..f8837745ae 100644
--- a/man/nss-myhostname.xml
+++ b/man/nss-myhostname.xml
@@ -57,12 +57,11 @@
   <refsect1>
     <title>Description</title>
 
-    <para><command>nss-myhostname</command> is a plugin for the GNU
-    Name Service Switch (NSS) functionality of the GNU C Library
-    (<command>glibc</command>), primarily providing hostname resolution
-    for the locally configured system hostname as returned by
-    <citerefentry><refentrytitle>gethostname</refentrytitle><manvolnum>2</manvolnum></citerefentry>.
-    The precise hostnames resolved by this module are:</para>
+    <para><command>nss-myhostname</command> is a plug-in module for the GNU Name Service Switch (NSS) functionality of
+    the GNU C Library (<command>glibc</command>), primarily providing hostname resolution for the locally configured
+    system hostname as returned by
+    <citerefentry><refentrytitle>gethostname</refentrytitle><manvolnum>2</manvolnum></citerefentry>.  The precise
+    hostnames resolved by this module are:</para>
 
     <itemizedlist>
       <listitem><para>The local, configured hostname is resolved to
@@ -80,7 +79,6 @@
       ordered by their metric. This assigns a stable hostname to the
       current gateway, useful for referencing it independently of the
       current network configuration state.</para></listitem>
-
     </itemizedlist>
 
     <para>Various software relies on an always-resolvable local
@@ -93,29 +91,25 @@
     changing <filename>/etc/hosts</filename> is unnecessary, and on
     many systems, the file becomes entirely optional.</para>
 
-    <para>To activate the NSS modules, <literal>myhostname</literal>
-    has to be added to the line starting with
-    <literal>hosts:</literal> in
-    <filename>/etc/nsswitch.conf</filename>.</para>
+    <para>To activate the NSS modules, add <literal>myhostname</literal> to the line starting with
+    <literal>hosts:</literal> in <filename>/etc/nsswitch.conf</filename>.</para>
 
-    <para>It is recommended to place <literal>myhostname</literal>
-    last in the <filename>nsswitch.conf</filename> line to make sure
-    that this mapping is only used as fallback, and that any DNS or
-    <filename>/etc/hosts</filename> based mapping takes
-    precedence.</para>
+    <para>It is recommended to place <literal>myhostname</literal> last in the <filename>nsswitch.conf</filename>'
+    <literal>hosts:</literal> line to make sure that this mapping is only used as fallback, and that any DNS or
+    <filename>/etc/hosts</filename> based mapping takes precedence.</para>
   </refsect1>
 
   <refsect1>
     <title>Example</title>
 
-    <para>Here is an example <filename>/etc/nsswitch.conf</filename>
-    file that enables <command>myhostname</command> correctly:</para>
+    <para>Here is an example <filename>/etc/nsswitch.conf</filename> file that enables
+    <command>nss-myhostname</command> correctly:</para>
 
 <programlisting>passwd:         compat mymachines
 group:          compat mymachines
 shadow:         compat
 
-hosts:          files resolve mymachines <command>myhostname</command>
+hosts:          files mymachines resolve <command>myhostname</command>
 networks:       files
 
 protocols:      db files
diff --git a/man/nss-mymachines.xml b/man/nss-mymachines.xml
index d2bec763bb..ec047449bf 100644
--- a/man/nss-mymachines.xml
+++ b/man/nss-mymachines.xml
@@ -56,42 +56,37 @@
   <refsect1>
     <title>Description</title>
 
-    <para><command>nss-mymachines</command> is a plugin for the GNU
-    Name Service Switch (NSS) functionality of the GNU C Library
-    (<command>glibc</command>), providing hostname resolution for
-    container names of containers running locally that are registered
-    with
-    <citerefentry><refentrytitle>systemd-machined.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
-    The container names are resolved to the IP addresses of the
-    specific container, ordered by their scope.</para>
-
-    <para>The module also resolves user IDs used by containers to user
-    names indicating the container name, and back.</para>
-
-    <para>To activate the NSS modules, <literal>mymachines</literal>
-    has to be added to the lines starting with
-    <literal>hosts:</literal>, <literal>passwd:</literal> and
-    <literal>group:</literal> in
+    <para><command>nss-mymachines</command> is a plug-in module for the GNU Name Service Switch (NSS) functionality of
+    the GNU C Library (<command>glibc</command>), providing hostname resolution for the names of containers running
+    locally that are registered with
+    <citerefentry><refentrytitle>systemd-machined.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.  The
+    container names are resolved to the IP addresses of the specific container, ordered by their scope. This
+    functionality only applies to containers using network namespacing.</para>
+
+    <para>The module also resolves user and group IDs used by containers to user and group names indicating the
+    container name, and back. This functionality only applies to containers using user namespacing.</para>
+
+    <para>To activate the NSS module, add <literal>mymachines</literal> to the lines starting with
+    <literal>hosts:</literal>, <literal>passwd:</literal> and <literal>group:</literal> in
     <filename>/etc/nsswitch.conf</filename>.</para>
 
-    <para>It is recommended to place <literal>mymachines</literal>
-    near the end of the <filename>nsswitch.conf</filename> lines to
-    make sure that its mappings are only used as fallback, and that any
-    other mappings, such as DNS or <filename>/etc/hosts</filename>
-    based mappings, take precedence.</para>
+    <para>It is recommended to place <literal>mymachines</literal> after the <literal>files</literal> or
+    <literal>compat</literal> entry of the <filename>/etc/nsswitch.conf</filename> lines to make sure that its mappings
+    are preferred over other resolvers such as DNS, but so that <filename>/etc/hosts</filename>,
+    <filename>/etc/passwd</filename> and <filename>/etc/group</filename> based mappings take precedence.</para>
   </refsect1>
 
   <refsect1>
     <title>Example</title>
 
-    <para>Here is an example <filename>/etc/nsswitch.conf</filename>
-    file that enables <command>mymachines</command> correctly:</para>
+    <para>Here is an example <filename>/etc/nsswitch.conf</filename> file that enables
+    <command>nss-mymachines</command> correctly:</para>
 
     <programlisting>passwd:         compat <command>mymachines</command>
 group:          compat <command>mymachines</command>
 shadow:         compat
 
-hosts:          files resolve <command>mymachines</command> myhostname
+hosts:          files <command>mymachines</command> resolve myhostname
 networks:       files
 
 protocols:      db files
diff --git a/man/nss-resolve.xml b/man/nss-resolve.xml
index 8b0928145f..d9e56453e8 100644
--- a/man/nss-resolve.xml
+++ b/man/nss-resolve.xml
@@ -56,37 +56,36 @@
   <refsect1>
     <title>Description</title>
 
-    <para><command>nss-resolve</command> is a plugin module for the
-    GNU Name Service Switch (NSS) functionality of the GNU C Library
-    (<command>glibc</command>) enabling it to resolve host names via
-    the
-    <citerefentry><refentrytitle>systemd-resolved</refentrytitle><manvolnum>8</manvolnum></citerefentry>
-    local network name resolution service.</para>
-
-    <para>To activate the NSS module, <literal>resolve</literal>
-    has to be added to the line starting with
-    <literal>hosts:</literal> in
-    <filename>/etc/nsswitch.conf</filename>.</para>
-
-    <para>It is recommended to place <literal>resolve</literal> early
-    in the <filename>nsswitch.conf</filename> line (but after the
-    <literal>files</literal> entry), replacing the
-    <literal>dns</literal> entry if it exists, to ensure DNS queries
-    are always routed via
+    <para><command>nss-resolve</command> is a plug-in module for the GNU Name Service Switch (NSS) functionality of the
+    GNU C Library (<command>glibc</command>) enabling it to resolve host names via the
+    <citerefentry><refentrytitle>systemd-resolved</refentrytitle><manvolnum>8</manvolnum></citerefentry> local network
+    name resolution service. It replaces the <command>nss-dns</command> plug-in module that traditionally resolves
+    hostnames via DNS.</para>
+
+    <para>To activate the NSS module, add <literal>resolve</literal> to the line starting with
+    <literal>hosts:</literal> in <filename>/etc/nsswitch.conf</filename>.</para>
+
+    <para>It is recommended to place <literal>resolve</literal> early in <filename>/etc/nsswitch.conf</filename>'
+    <literal>hosts:</literal> line (but after the <literal>files</literal> or <literal>mymachines</literal> entries),
+    replacing the <literal>dns</literal> entry if it exists, to ensure DNS queries are always routed via
     <citerefentry><refentrytitle>systemd-resolved</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
+
+    <para>Note that <command>nss-resolve</command> will chain-load <command>nss-dns</command> if
+    <filename>systemd-resolved.service</filename> is not running, ensuring that basic DNS resolution continues to work
+    if the service is down.</para>
   </refsect1>
 
   <refsect1>
     <title>Example</title>
 
-    <para>Here is an example <filename>/etc/nsswitch.conf</filename>
-    file that enables <command>resolve</command> correctly:</para>
+    <para>Here is an example <filename>/etc/nsswitch.conf</filename> file that enables <command>nss-resolve</command>
+    correctly:</para>
 
 <programlisting>passwd:         compat mymachines
 group:          compat mymachines
 shadow:         compat
 
-hosts:          files <command>resolve</command> mymachines myhostname
+hosts:          files mymachines <command>resolve</command> myhostname
 networks:       files
 
 protocols:      db files
@@ -96,12 +95,6 @@ rpc:            db files
 
 netgroup:       nis</programlisting>
 
-    <para>Note that <command>nss-resolve</command> will chain-load
-    <command>nss-dns</command> if
-    <filename>systemd-resolved.service</filename> is not running,
-    ensuring that basic DNS resolution continues to work if the
-    service is down.</para>
-
   </refsect1>
 
   <refsect1>
-- 
cgit v1.2.3-54-g00ecf


From ecb465354d5d4b3a16ac3c23ac39751c1a4fbd3d Mon Sep 17 00:00:00 2001
From: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Date: Tue, 23 Feb 2016 13:46:16 -0500
Subject: man: style fixes

---
 man/systemd-importd.service.xml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'man')

diff --git a/man/systemd-importd.service.xml b/man/systemd-importd.service.xml
index 1da065df69..8fdced475c 100644
--- a/man/systemd-importd.service.xml
+++ b/man/systemd-importd.service.xml
@@ -45,7 +45,7 @@
   <refnamediv>
     <refname>systemd-importd.service</refname>
     <refname>systemd-importd</refname>
-    <refpurpose>Virtual machine and container import and export service</refpurpose>
+    <refpurpose>VM and container image import and export service</refpurpose>
   </refnamediv>
 
   <refsynopsisdiv>
@@ -58,10 +58,10 @@
 
     <para><command>systemd-importd</command> is a system service that allows importing, exporting and downloading of
     system images suitable for running as VM or containers. It is a companion service for
-    <citerefentry><refentrytitle>systemd-machined.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>, and
-    used to implement <citerefentry><refentrytitle>machinectl</refentrytitle><manvolnum>1</manvolnum></citerefentry>'s
+    <citerefentry><refentrytitle>systemd-machined.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>, and provides the implementation for
+    <citerefentry><refentrytitle>machinectl</refentrytitle><manvolnum>1</manvolnum></citerefentry>'s
     <command>pull-raw</command>, <command>pull-tar</command>, <command>import-raw</command>,
-    <command>import-tar</command>, <command>export-raw</command> and <command>export-tar</command> commands.</para>
+    <command>import-tar</command>, <command>export-raw</command>, and <command>export-tar</command> commands.</para>
 
     <para>See the
     <ulink url="http://www.freedesktop.org/wiki/Software/systemd/importd">
-- 
cgit v1.2.3-54-g00ecf