projects / thirdparty / systemd.git / blame
| Commit | Line | Data |
|---|---|---|
| c454426c | 1 | <?xml version='1.0'?> <!--*- Mode: nxml; nxml-child-indent: 2; indent-tabs-mode: nil -*--> |
| 19887cd0 | 2 | <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" |
| 12b42c76 | 3 | "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"> |
| 19887cd0 ZJS |
4 | |
| 5 | <!-- | |
| 6 | This file is part of systemd. | |
| 7 | ||
| 8 | Copyright 2013 Zbigniew Jędrzejewski-Szmek | |
| 9 | ||
| 10 | systemd is free software; you can redistribute it and/or modify it | |
| 11 | under the terms of the GNU Lesser General Public License as published by | |
| 12 | the Free Software Foundation; either version 2.1 of the License, or | |
| 13 | (at your option) any later version. | |
| 14 | ||
| 15 | systemd is distributed in the hope that it will be useful, but | |
| 16 | WITHOUT ANY WARRANTY; without even the implied warranty of | |
| 17 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
| 18 | Lesser General Public License for more details. | |
| 19 | ||
| 20 | You should have received a copy of the GNU Lesser General Public License | |
| 21 | along with systemd; If not, see <http://www.gnu.org/licenses/>. | |
| 22 | --> | |
| 23 | ||
| 21ac6ff1 | 24 | <refentry id="machinectl" conditional='ENABLE_MACHINED' |
| 798d3a52 ZJS |
25 | xmlns:xi="http://www.w3.org/2001/XInclude"> |
| 26 | ||
| 27 | <refentryinfo> | |
| 28 | <title>machinectl</title> | |
| 29 | <productname>systemd</productname> | |
| 30 | ||
| 31 | <authorgroup> | |
| 32 | <author> | |
| 33 | <contrib>Developer</contrib> | |
| 34 | <firstname>Lennart</firstname> | |
| 35 | <surname>Poettering</surname> | |
| 36 | <email>lennart@poettering.net</email> | |
| 37 | </author> | |
| 38 | </authorgroup> | |
| 39 | </refentryinfo> | |
| 40 | ||
| 41 | <refmeta> | |
| 42 | <refentrytitle>machinectl</refentrytitle> | |
| 43 | <manvolnum>1</manvolnum> | |
| 44 | </refmeta> | |
| 45 | ||
| 46 | <refnamediv> | |
| 47 | <refname>machinectl</refname> | |
| 48 | <refpurpose>Control the systemd machine manager</refpurpose> | |
| 49 | </refnamediv> | |
| 50 | ||
| 51 | <refsynopsisdiv> | |
| 52 | <cmdsynopsis> | |
| 53 | <command>machinectl</command> | |
| 54 | <arg choice="opt" rep="repeat">OPTIONS</arg> | |
| 55 | <arg choice="req">COMMAND</arg> | |
| 56 | <arg choice="opt" rep="repeat">NAME</arg> | |
| 57 | </cmdsynopsis> | |
| 58 | </refsynopsisdiv> | |
| 59 | ||
| 60 | <refsect1> | |
| 61 | <title>Description</title> | |
| 62 | ||
| 63 | <para><command>machinectl</command> may be used to introspect and | |
| 64 | control the state of the | |
| 65 | <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry> | |
| 66 | virtual machine and container registration manager | |
| 67 | <citerefentry><refentrytitle>systemd-machined.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para> | |
| 91913f58 LP |
68 | |
| 69 | <para><command>machinectl</command> may be used to execute | |
| 70 | operations on machines and images. Machines in this sense are | |
| 71 | considered running instances of:</para> | |
| 72 | ||
| 73 | <itemizedlist> | |
| 74 | <listitem><para>Virtual Machines (VMs) that virtualize hardware | |
| 75 | to run full operating system (OS) instances (including their kernels) | |
| 76 | in a virtualized environment on top of the host OS.</para></listitem> | |
| 77 | ||
| 78 | <listitem><para>Containers that share the hardware and | |
| 79 | OS kernel with the host OS, in order to run | |
| 80 | OS userspace instances on top the host OS.</para></listitem> | |
| 81 | ||
| 82 | <listitem><para>The host system itself</para></listitem> | |
| 83 | </itemizedlist> | |
| 84 | ||
| 85 | <para>Machines are identified by names that follow the same rules | |
| 86 | as UNIX and DNS host names, for details see below. Machines are | |
| 87 | instantiated from disk or file system images, that frequently but not | |
| 88 | necessarily carry the same name as machines running from | |
| 89 | them. Images in this sense are considered:</para> | |
| 90 | ||
| 91 | <itemizedlist> | |
| 92 | <listitem><para>Directory trees containing an OS, including its | |
| 93 | top-level directories <filename>/usr</filename>, | |
| 94 | <filename>/etc</filename>, and so on.</para></listitem> | |
| 95 | ||
| 96 | <listitem><para>btrfs subvolumes containing OS trees, similar to | |
| 97 | normal directory trees.</para></listitem> | |
| 98 | ||
| 99 | <listitem><para>Binary "raw" disk images containing MBR or GPT | |
| 100 | partition tables and Linux file system partitions.</para></listitem> | |
| 101 | ||
| 102 | <listitem><para>The file system tree of the host OS itself.</para></listitem> | |
| 103 | </itemizedlist> | |
| 104 | ||
| 798d3a52 ZJS |
105 | </refsect1> |
| 106 | ||
| 107 | <refsect1> | |
| 108 | <title>Options</title> | |
| 109 | ||
| 110 | <para>The following options are understood:</para> | |
| 111 | ||
| 112 | <variablelist> | |
| 113 | <varlistentry> | |
| 114 | <term><option>-p</option></term> | |
| 115 | <term><option>--property=</option></term> | |
| 116 | ||
| 117 | <listitem><para>When showing machine or image properties, | |
| 118 | limit the output to certain properties as specified by the | |
| 119 | argument. If not specified, all set properties are shown. The | |
| 120 | argument should be a property name, such as | |
| 121 | <literal>Name</literal>. If specified more than once, all | |
| 122 | properties with the specified names are | |
| 123 | shown.</para></listitem> | |
| 124 | </varlistentry> | |
| 125 | ||
| 126 | <varlistentry> | |
| 127 | <term><option>-a</option></term> | |
| 128 | <term><option>--all</option></term> | |
| 129 | ||
| 130 | <listitem><para>When showing machine or image properties, show | |
| 131 | all properties regardless of whether they are set or | |
| 132 | not.</para> | |
| 133 | ||
| 134 | <para>When listing VM or container images, do not suppress | |
| 135 | images beginning in a dot character | |
| 136 | (<literal>.</literal>).</para></listitem> | |
| 137 | </varlistentry> | |
| 138 | ||
| 139 | <varlistentry> | |
| 140 | <term><option>-l</option></term> | |
| 141 | <term><option>--full</option></term> | |
| 142 | ||
| 143 | <listitem><para>Do not ellipsize process tree entries.</para> | |
| 144 | </listitem> | |
| 145 | </varlistentry> | |
| 146 | ||
| 147 | <varlistentry> | |
| 148 | <term><option>--no-ask-password</option></term> | |
| 149 | ||
| 150 | <listitem><para>Do not query the user for authentication for | |
| 151 | privileged operations.</para></listitem> | |
| 152 | </varlistentry> | |
| 153 | ||
| 154 | <varlistentry> | |
| 155 | <term><option>--kill-who=</option></term> | |
| 156 | ||
| 157 | <listitem><para>When used with <command>kill</command>, choose | |
| 158 | which processes to kill. Must be one of | |
| 159 | <option>leader</option>, or <option>all</option> to select | |
| 160 | whether to kill only the leader process of the machine or all | |
| 161 | processes of the machine. If omitted, defaults to | |
| 162 | <option>all</option>.</para></listitem> | |
| 163 | </varlistentry> | |
| 164 | ||
| 165 | <varlistentry> | |
| 166 | <term><option>-s</option></term> | |
| 167 | <term><option>--signal=</option></term> | |
| 168 | ||
| 169 | <listitem><para>When used with <command>kill</command>, choose | |
| 170 | which signal to send to selected processes. Must be one of the | |
| 171 | well-known signal specifiers, such as | |
| 172 | <constant>SIGTERM</constant>, <constant>SIGINT</constant> or | |
| 173 | <constant>SIGSTOP</constant>. If omitted, defaults to | |
| 174 | <constant>SIGTERM</constant>.</para></listitem> | |
| 175 | </varlistentry> | |
| 176 | ||
| c454426c LP |
177 | <varlistentry> |
| 178 | <term><option>--uid=</option></term> | |
| 179 | ||
| 180 | <listitem><para>When used with the <command>shell</command> | |
| 181 | command, chooses the user ID to open the interactive shell | |
| 182 | session as. If this switch is not specified, defaults to | |
| 183 | <literal>root</literal>. Note that this switch is not | |
| 184 | supported for the <command>login</command> command (see | |
| 185 | below).</para></listitem> | |
| 186 | </varlistentry> | |
| 187 | ||
| 188 | <varlistentry> | |
| 189 | <term><option>--setenv=</option></term> | |
| 190 | ||
| 191 | <listitem><para>When used with the <command>shell</command> | |
| 192 | command, sets an environment variable to pass to the executed | |
| 193 | shell. Takes a pair of environment variable name and value, | |
| 194 | separated by <literal>=</literal> as argument. This switch | |
| 195 | may be used multiple times to set multiple environment | |
| 196 | variables. Note that this switch is not supported for the | |
| 197 | <command>login</command> command (see | |
| 198 | below).</para></listitem> | |
| 199 | </varlistentry> | |
| 200 | ||
| 798d3a52 ZJS |
201 | <varlistentry> |
| 202 | <term><option>--mkdir</option></term> | |
| 203 | ||
| 204 | <listitem><para>When used with <command>bind</command> creates | |
| 205 | the destination directory before applying the bind | |
| 206 | mount.</para></listitem> | |
| 207 | </varlistentry> | |
| 208 | ||
| 798d3a52 ZJS |
209 | <varlistentry> |
| 210 | <term><option>--read-only</option></term> | |
| 211 | ||
| 212 | <listitem><para>When used with <command>bind</command> applies | |
| 213 | a read-only bind mount.</para></listitem> | |
| 214 | </varlistentry> | |
| 215 | ||
| 216 | ||
| 217 | <varlistentry> | |
| 218 | <term><option>-n</option></term> | |
| 219 | <term><option>--lines=</option></term> | |
| 220 | ||
| 221 | <listitem><para>When used with <command>status</command>, | |
| 222 | controls the number of journal lines to show, counting from | |
| 223 | the most recent ones. Takes a positive integer argument. | |
| 224 | Defaults to 10.</para> | |
| 225 | </listitem> | |
| 226 | </varlistentry> | |
| 227 | ||
| 228 | <varlistentry> | |
| 229 | <term><option>-o</option></term> | |
| 230 | <term><option>--output=</option></term> | |
| 231 | ||
| 232 | <listitem><para>When used with <command>status</command>, | |
| 233 | controls the formatting of the journal entries that are shown. | |
| 234 | For the available choices, see | |
| 235 | <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>. | |
| 236 | Defaults to <literal>short</literal>.</para></listitem> | |
| 237 | </varlistentry> | |
| 238 | ||
| 239 | <varlistentry> | |
| 240 | <term><option>--verify=</option></term> | |
| 241 | ||
| 242 | <listitem><para>When downloading a container or VM image, | |
| 243 | specify whether the image shall be verified before it is made | |
| 244 | available. Takes one of <literal>no</literal>, | |
| 245 | <literal>checksum</literal> and <literal>signature</literal>. | |
| 246 | If <literal>no</literal> no verification is done. If | |
| 247 | <literal>checksum</literal> is specified the download is | |
| 248 | checked for integrity after transfer is complete, but no | |
| 249 | signatures are verified. If <literal>signature</literal> is | |
| 250 | specified, the checksum is verified and the images's signature | |
| 251 | is checked against a local keyring of trustable vendors. It is | |
| 252 | strongly recommended to set this option to | |
| 253 | <literal>signature</literal> if the server and protocol | |
| 254 | support this. Defaults to | |
| 255 | <literal>signature</literal>.</para></listitem> | |
| 256 | </varlistentry> | |
| 257 | ||
| 258 | <varlistentry> | |
| 259 | <term><option>--force</option></term> | |
| 260 | ||
| 261 | <listitem><para>When downloading a container or VM image, and | |
| 262 | a local copy by the specified local machine name already | |
| 263 | exists, delete it first and replace it by the newly downloaded | |
| 264 | image.</para></listitem> | |
| 265 | </varlistentry> | |
| 266 | ||
| 267 | <varlistentry> | |
| 268 | <term><option>--dkr-index-url</option></term> | |
| 269 | ||
| 270 | <listitem><para>Specifies the index server to use for | |
| 271 | downloading <literal>dkr</literal> images with the | |
| 272 | <command>pull-dkr</command>. Takes a | |
| 273 | <literal>http://</literal>, <literal>https://</literal> | |
| 274 | URL.</para></listitem> | |
| 275 | </varlistentry> | |
| 276 | ||
| 6e9efa59 LP |
277 | <varlistentry> |
| 278 | <term><option>--format=</option></term> | |
| 279 | ||
| 280 | <listitem><para>When used with the <option>export-tar</option> | |
| 281 | or <option>export-raw</option> commands specifies the | |
| 282 | compression format to use for the resulting file. Takes one of | |
| 283 | <literal>uncompressed</literal>, <literal>xz</literal>, | |
| 284 | <literal>gzip</literal>, <literal>bzip2</literal>. By default | |
| 285 | the format is determined automatically from the image file | |
| 286 | name passed.</para></listitem> | |
| 287 | </varlistentry> | |
| 288 | ||
| 798d3a52 ZJS |
289 | <xi:include href="user-system-options.xml" xpointer="host" /> |
| 290 | <xi:include href="user-system-options.xml" xpointer="machine" /> | |
| 291 | ||
| 292 | <xi:include href="standard-options.xml" xpointer="no-pager" /> | |
| 293 | <xi:include href="standard-options.xml" xpointer="no-legend" /> | |
| 294 | <xi:include href="standard-options.xml" xpointer="help" /> | |
| 295 | <xi:include href="standard-options.xml" xpointer="version" /> | |
| 296 | </variablelist> | |
| 297 | </refsect1> | |
| 298 | ||
| 299 | <refsect1> | |
| 300 | <title>Commands</title> | |
| 301 | ||
| 302 | <para>The following commands are understood:</para> | |
| 303 | ||
| 304 | <refsect2><title>Machine Commands</title><variablelist> | |
| 305 | ||
| 306 | <varlistentry> | |
| 307 | <term><command>list</command></term> | |
| 308 | ||
| 309 | <listitem><para>List currently running (online) virtual | |
| 91913f58 LP |
310 | machines and containers. To enumerate machine images that can |
| 311 | be started, use <command>list-images</command> (see | |
| 312 | below). Note that this command hides the special | |
| 313 | <literal>.host</literal> machine by default. Use the | |
| 314 | <option>--all</option> switch to show it.</para></listitem> | |
| 798d3a52 ZJS |
315 | </varlistentry> |
| 316 | ||
| 317 | <varlistentry> | |
| 318 | <term><command>status</command> <replaceable>NAME</replaceable>...</term> | |
| 319 | ||
| 320 | <listitem><para>Show terse runtime status information about | |
| 321 | one or more virtual machines and containers, followed by the | |
| 322 | most recent log data from the journal. This function is | |
| 323 | intended to generate human-readable output. If you are looking | |
| 324 | for computer-parsable output, use <command>show</command> | |
| 325 | instead. Note that the log data shown is reported by the | |
| 326 | virtual machine or container manager, and frequently contains | |
| 327 | console output of the machine, but not necessarily journal | |
| 328 | contents of the machine itself.</para></listitem> | |
| 329 | </varlistentry> | |
| 330 | ||
| 331 | <varlistentry> | |
| 91913f58 | 332 | <term><command>show</command> [<replaceable>NAME</replaceable>...]</term> |
| 798d3a52 ZJS |
333 | |
| 334 | <listitem><para>Show properties of one or more registered | |
| 335 | virtual machines or containers or the manager itself. If no | |
| 336 | argument is specified, properties of the manager will be | |
| 337 | shown. If an NAME is specified, properties of this virtual | |
| 338 | machine or container are shown. By default, empty properties | |
| 339 | are suppressed. Use <option>--all</option> to show those too. | |
| 340 | To select specific properties to show, use | |
| 341 | <option>--property=</option>. This command is intended to be | |
| 342 | used whenever computer-parsable output is required. Use | |
| 343 | <command>status</command> if you are looking for formatted | |
| 344 | human-readable output.</para></listitem> | |
| 345 | </varlistentry> | |
| 346 | ||
| 347 | <varlistentry> | |
| 348 | <term><command>start</command> <replaceable>NAME</replaceable>...</term> | |
| 349 | ||
| 350 | <listitem><para>Start a container as a system service, using | |
| 351 | <citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry>. | |
| 352 | This starts <filename>systemd-nspawn@.service</filename>, | |
| 353 | instantiated for the specified machine name, similar to the | |
| 354 | effect of <command>systemctl start</command> on the service | |
| 355 | name. <command>systemd-nspawn</command> looks for a container | |
| 356 | image by the specified name in | |
| 357 | <filename>/var/lib/machines/</filename> (and other search | |
| 358 | paths, see below) and runs it. Use | |
| 359 | <command>list-images</command> (see below), for listing | |
| 360 | available container images to start.</para> | |
| 361 | ||
| 362 | <para>Note that | |
| 363 | <citerefentry><refentrytitle>systemd-machined.service</refentrytitle><manvolnum>8</manvolnum></citerefentry> | |
| 364 | also interfaces with a variety of other container and VM | |
| 365 | managers, <command>systemd-nspawn</command> is just one | |
| 366 | implementation of it. Most of the commands available in | |
| 367 | <command>machinectl</command> may be used on containers or VMs | |
| 368 | controlled by other managers, not just | |
| 369 | <command>systemd-nspawn</command>. Starting VMs and container | |
| 370 | images on those managers requires manager-specific | |
| 371 | tools.</para> | |
| 372 | ||
| 373 | <para>To interactively start a container on the command line | |
| 374 | with full access to the container's console, please invoke | |
| 375 | <command>systemd-nspawn</command> directly. To stop a running | |
| 376 | container use <command>machinectl poweroff</command>, see | |
| 377 | below.</para></listitem> | |
| 378 | </varlistentry> | |
| 379 | ||
| 380 | <varlistentry> | |
| 91913f58 | 381 | <term><command>login</command> [<replaceable>NAME</replaceable>]</term> |
| 798d3a52 | 382 | |
| c454426c | 383 | <listitem><para>Open an interactive terminal login session in |
| 91913f58 LP |
384 | a container or on the local host. If an argument is supplied |
| 385 | it refers to the container machine to connect to. If none is | |
| 386 | specified, or the container name is specified as the empty | |
| 387 | string, or the special machine name <literal>.host</literal> | |
| 388 | (see below) is specified, the connection is made to the local | |
| 389 | host instead. This will create a TTY connection to a specific | |
| 390 | container or the local host and asks for the execution of a | |
| 391 | getty on it. Note that this is only supported for containers | |
| 392 | running | |
| 798d3a52 ZJS |
393 | <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry> |
| 394 | as init system.</para> | |
| 395 | ||
| 396 | <para>This command will open a full login prompt on the | |
| 91913f58 LP |
397 | container or the local host, which then asks for username and |
| 398 | password. Use <command>shell</command> (see below) or | |
| 798d3a52 | 399 | <citerefentry><refentrytitle>systemd-run</refentrytitle><manvolnum>1</manvolnum></citerefentry> |
| 91913f58 LP |
400 | with the <option>--machine=</option> switch to directly invoke |
| 401 | a single command, either interactively or in the | |
| 402 | background.</para></listitem> | |
| 798d3a52 ZJS |
403 | </varlistentry> |
| 404 | ||
| c454426c | 405 | <varlistentry> |
| ef3100e9 | 406 | <term><command>shell</command> [[<replaceable>NAME</replaceable>@]<replaceable>NAME</replaceable> [<replaceable>PATH</replaceable> [<replaceable>ARGUMENTS</replaceable>...]]] </term> |
| c454426c LP |
407 | |
| 408 | <listitem><para>Open an interactive shell session in a | |
| 91913f58 LP |
409 | container or on the local host. The first argument refers to |
| 410 | the container machine to connect to. If none is specified, or | |
| 411 | the machine name is specified as the empty string, or the | |
| 412 | special machine name <literal>.host</literal> (see below) is | |
| 413 | specified, the connection is made to the local host | |
| 414 | instead. This works similar to <command>login</command> but | |
| 415 | immediately invokes a user process. This command runs the | |
| 416 | specified executable with the specified arguments, or | |
| c454426c | 417 | <filename>/bin/sh</filename> if none is specified. By default |
| ef3100e9 LP |
418 | opens a <literal>root</literal> shell, but by using |
| 419 | <option>--uid=</option>, or by prefixing the machine name with | |
| 420 | a username and an <literal>@</literal> character, a different | |
| 421 | user may be selected. Use <option>--setenv=</option> to set | |
| 422 | environment variables for the executed process.</para> | |
| 423 | ||
| 424 | <para>When using the <command>shell</command> command without | |
| 425 | arguments (thus invoking the executed shell or command on the | |
| 426 | local host) it is similar in many ways to a <citerefentry | |
| 427 | project='die-net'><refentrytitle>su</refentrytitle><manvolnum>1</manvolnum></citerefentry> | |
| 428 | session, but unlike <command>su</command> completely isolates | |
| 429 | the new session from the originating session, so that it | |
| 430 | shares no process or session properties, and is in a clean and | |
| 431 | well-defined state. It will be tracked in a new utmp, login, | |
| 432 | audit and keyring session, and will not inherit an environment | |
| 433 | variables or resource limits, among other properties.</para> | |
| 434 | ||
| 435 | <para>Note that the | |
| 436 | <citerefentry><refentrytitle>systemd-run</refentrytitle><manvolnum>1</manvolnum></citerefentry> | |
| 437 | may be used in place of the <command>shell</command> command, | |
| 438 | and allows more detailed, low-level configuration of the | |
| 439 | invoked unit. However, it is frequently more privileged than | |
| 440 | the <command>shell</command> command.</para></listitem> | |
| c454426c LP |
441 | </varlistentry> |
| 442 | ||
| 798d3a52 ZJS |
443 | <varlistentry> |
| 444 | <term><command>enable</command> <replaceable>NAME</replaceable>...</term> | |
| 445 | <term><command>disable</command> <replaceable>NAME</replaceable>...</term> | |
| 446 | ||
| 447 | <listitem><para>Enable or disable a container as a system | |
| 448 | service to start at system boot, using | |
| 449 | <citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry>. | |
| 450 | This enables or disables | |
| 451 | <filename>systemd-nspawn@.service</filename>, instantiated for | |
| 452 | the specified machine name, similar to the effect of | |
| 453 | <command>systemctl enable</command> or <command>systemctl | |
| 454 | disable</command> on the service name.</para></listitem> | |
| 455 | </varlistentry> | |
| 456 | ||
| 457 | <varlistentry> | |
| 458 | <term><command>poweroff</command> <replaceable>NAME</replaceable>...</term> | |
| 459 | ||
| 460 | <listitem><para>Power off one or more containers. This will | |
| 461 | trigger a reboot by sending SIGRTMIN+4 to the container's init | |
| 462 | process, which causes systemd-compatible init systems to shut | |
| 463 | down cleanly. This operation does not work on containers that | |
| 464 | do not run a | |
| 465 | <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>-compatible | |
| 466 | init system, such as sysvinit. Use | |
| 467 | <command>terminate</command> (see below) to immediately | |
| 468 | terminate a container or VM, without cleanly shutting it | |
| 469 | down.</para></listitem> | |
| 470 | </varlistentry> | |
| 471 | ||
| 472 | <varlistentry> | |
| 473 | <term><command>reboot</command> <replaceable>NAME</replaceable>...</term> | |
| 474 | ||
| 475 | <listitem><para>Reboot one or more containers. This will | |
| 476 | trigger a reboot by sending SIGINT to the container's init | |
| 477 | process, which is roughly equivalent to pressing Ctrl+Alt+Del | |
| 478 | on a non-containerized system, and is compatible with | |
| 479 | containers running any system manager.</para></listitem> | |
| 480 | </varlistentry> | |
| 481 | ||
| 482 | <varlistentry> | |
| 483 | <term><command>terminate</command> <replaceable>NAME</replaceable>...</term> | |
| 484 | ||
| 485 | <listitem><para>Immediately terminates a virtual machine or | |
| 486 | container, without cleanly shutting it down. This kills all | |
| 487 | processes of the virtual machine or container and deallocates | |
| 488 | all resources attached to that instance. Use | |
| 489 | <command>poweroff</command> to issue a clean shutdown | |
| 490 | request.</para></listitem> | |
| 491 | </varlistentry> | |
| 492 | ||
| 493 | <varlistentry> | |
| 494 | <term><command>kill</command> <replaceable>NAME</replaceable>...</term> | |
| 495 | ||
| 496 | <listitem><para>Send a signal to one or more processes of the | |
| 497 | virtual machine or container. This means processes as seen by | |
| 498 | the host, not the processes inside the virtual machine or | |
| 499 | container. Use <option>--kill-who=</option> to select which | |
| 500 | process to kill. Use <option>--signal=</option> to select the | |
| 501 | signal to send.</para></listitem> | |
| 502 | </varlistentry> | |
| 503 | ||
| 504 | <varlistentry> | |
| 505 | <term><command>bind</command> <replaceable>NAME</replaceable> <replaceable>PATH</replaceable> [<replaceable>PATH</replaceable>]</term> | |
| 506 | ||
| 507 | <listitem><para>Bind mounts a directory from the host into the | |
| 508 | specified container. The first directory argument is the | |
| 509 | source directory on the host, the second directory argument | |
| cb7bb815 MK |
510 | is the destination directory in the container. When the |
| 511 | latter is omitted the destination path in the container is | |
| 512 | the same as the source path on the host. When combined with | |
| 513 | the <option>--read-only</option> switch a ready-only bind | |
| 514 | mount is created. When combined with the | |
| 515 | <option>--mkdir</option> switch the destination path is first | |
| 516 | created before the mount is applied. Note that this option is | |
| 517 | currently only supported for | |
| 798d3a52 ZJS |
518 | <citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry> |
| 519 | containers.</para></listitem> | |
| 520 | </varlistentry> | |
| 521 | ||
| 522 | <varlistentry> | |
| 523 | <term><command>copy-to</command> <replaceable>NAME</replaceable> <replaceable>PATH</replaceable> [<replaceable>PATH</replaceable>]</term> | |
| 524 | ||
| 525 | <listitem><para>Copies files or directories from the host | |
| 526 | system into a running container. Takes a container name, | |
| 527 | followed by the source path on the host and the destination | |
| 528 | path in the container. If the destination path is omitted the | |
| 529 | same as the source path is used.</para></listitem> | |
| 530 | </varlistentry> | |
| 531 | ||
| 532 | ||
| 533 | <varlistentry> | |
| 534 | <term><command>copy-from</command> <replaceable>NAME</replaceable> <replaceable>PATH</replaceable> [<replaceable>PATH</replaceable>]</term> | |
| 535 | ||
| 536 | <listitem><para>Copies files or directories from a container | |
| 537 | into the host system. Takes a container name, followed by the | |
| 538 | source path in the container the destination path on the host. | |
| 539 | If the destination path is omitted the same as the source path | |
| 540 | is used.</para></listitem> | |
| 541 | </varlistentry> | |
| 542 | </variablelist></refsect2> | |
| 543 | ||
| 544 | <refsect2><title>Image Commands</title><variablelist> | |
| 545 | ||
| 546 | <varlistentry> | |
| 547 | <term><command>list-images</command></term> | |
| 548 | ||
| 549 | <listitem><para>Show a list of locally installed container and | |
| 550 | VM images. This enumerates all raw disk images and container | |
| 551 | directories and subvolumes in | |
| 552 | <filename>/var/lib/machines/</filename> (and other search | |
| 553 | paths, see below). Use <command>start</command> (see above) to | |
| 554 | run a container off one of the listed images. Note that by | |
| 555 | default containers whose name begins with a dot | |
| 556 | (<literal>.</literal>) are not shown. To show these too, | |
| 557 | specify <option>--all</option>. Note that a special image | |
| 558 | <literal>.host</literal> always implicitly exists and refers | |
| 559 | to the image the host itself is booted from.</para></listitem> | |
| 560 | </varlistentry> | |
| 561 | ||
| 562 | <varlistentry> | |
| 91913f58 | 563 | <term><command>image-status</command> [<replaceable>NAME</replaceable>...]</term> |
| 798d3a52 ZJS |
564 | |
| 565 | <listitem><para>Show terse status information about one or | |
| 566 | more container or VM images. This function is intended to | |
| 567 | generate human-readable output. Use | |
| 568 | <command>show-image</command> (see below) to generate | |
| 569 | computer-parsable output instead.</para></listitem> | |
| 570 | </varlistentry> | |
| 571 | ||
| 572 | <varlistentry> | |
| 91913f58 | 573 | <term><command>show-image</command> [<replaceable>NAME</replaceable>...]</term> |
| 798d3a52 ZJS |
574 | |
| 575 | <listitem><para>Show properties of one or more registered | |
| 576 | virtual machine or container images, or the manager itself. If | |
| 577 | no argument is specified, properties of the manager will be | |
| 578 | shown. If an NAME is specified, properties of this virtual | |
| 579 | machine or container image are shown. By default, empty | |
| 580 | properties are suppressed. Use <option>--all</option> to show | |
| 581 | those too. To select specific properties to show, use | |
| 582 | <option>--property=</option>. This command is intended to be | |
| 583 | used whenever computer-parsable output is required. Use | |
| 584 | <command>image-status</command> if you are looking for | |
| 585 | formatted human-readable output.</para></listitem> | |
| 586 | </varlistentry> | |
| 587 | ||
| 588 | <varlistentry> | |
| 589 | <term><command>clone</command> <replaceable>NAME</replaceable> <replaceable>NAME</replaceable></term> | |
| 590 | ||
| d6ce17c7 | 591 | <listitem><para>Clones a container or VM image. The |
| 798d3a52 ZJS |
592 | arguments specify the name of the image to clone and the name |
| 593 | of the newly cloned image. Note that plain directory container | |
| 594 | images are cloned into subvolume images with this command. | |
| 595 | Note that cloning a container or VM image is optimized for | |
| 596 | btrfs file systems, and might not be efficient on others, due | |
| 3fe22bb4 LP |
597 | to file system limitations.</para> |
| 598 | ||
| 599 | <para>Note that this command leaves host name, machine ID and | |
| 600 | all other settings that could identify the instance | |
| 601 | unmodified. The original image and the cloned copy will hence | |
| 602 | share these credentials, and it might be necessary to manually | |
| 603 | change them in the copy.</para></listitem> | |
| 798d3a52 ZJS |
604 | </varlistentry> |
| 605 | ||
| 606 | <varlistentry> | |
| 607 | <term><command>rename</command> <replaceable>NAME</replaceable> <replaceable>NAME</replaceable></term> | |
| 608 | ||
| d6ce17c7 | 609 | <listitem><para>Renames a container or VM image. The |
| 798d3a52 ZJS |
610 | arguments specify the name of the image to rename and the new |
| 611 | name of the image.</para></listitem> | |
| 612 | </varlistentry> | |
| 613 | ||
| 614 | <varlistentry> | |
| 615 | <term><command>read-only</command> <replaceable>NAME</replaceable> [<replaceable>BOOL</replaceable>]</term> | |
| 616 | ||
| d6ce17c7 | 617 | <listitem><para>Marks or (unmarks) a container or VM image |
| 798d3a52 ZJS |
618 | read-only. Takes a VM or container image name, followed by a |
| 619 | boolean as arguments. If the boolean is omitted, positive is | |
| 620 | implied, i.e. the image is marked read-only.</para></listitem> | |
| 621 | </varlistentry> | |
| 622 | ||
| 798d3a52 ZJS |
623 | <varlistentry> |
| 624 | <term><command>remove</command> <replaceable>NAME</replaceable>...</term> | |
| 625 | ||
| d6ce17c7 | 626 | <listitem><para>Removes one or more container or VM images. |
| 798d3a52 ZJS |
627 | The special image <literal>.host</literal>, which refers to |
| 628 | the host's own directory tree may not be | |
| 629 | removed.</para></listitem> | |
| 630 | </varlistentry> | |
| 631 | ||
| d6ce17c7 LP |
632 | <varlistentry> |
| 633 | <term><command>set-limit</command> [<replaceable>NAME</replaceable>] <replaceable>BYTES</replaceable></term> | |
| 634 | ||
| 635 | <listitem><para>Sets the maximum size in bytes a specific | |
| 7de30452 LP |
636 | container or VM image, or all images may grow up to on disk |
| 637 | (disk quota). Takes either one or two parameters. The first, | |
| d6ce17c7 | 638 | optional parameter refers to a container or VM image name. If |
| 7de30452 LP |
639 | specified the size limit of the specified image is changed. If |
| 640 | omitted the overall size limit of the sum of all images stored | |
| 641 | locally is changed. The final argument specifies the size | |
| 642 | limit in bytes, possibly suffixed by the usual K, M, G, T | |
| 643 | units. If the size limit shall be disabled, specify | |
| 644 | <literal>-</literal> as size.</para> | |
| 645 | ||
| 646 | <para>Note that per-container size limits are only supported | |
| 647 | on btrfs file systems. Also note that if | |
| 648 | <command>set-limit</command> is invoked without image | |
| 649 | parameter, and <filename>/var/lib/machines</filename> is | |
| 650 | empty, and the directory is not located on btrfs, a btrfs | |
| 651 | loopback file is implicitly created as | |
| 652 | <filename>/var/lib/machines.raw</filename> with the given | |
| 653 | size, and mounted to | |
| 654 | <filename>/var/lib/machines</filename>. The size of the | |
| 655 | loopback may later be readjusted with | |
| 656 | <command>set-limit</command>, as well. If such a | |
| 657 | loopback-mounted <filename>/var/lib/machines</filename> | |
| 658 | directory is used <command>set-limit</command> without image | |
| 659 | name alters both the quota setting within the file system as | |
| 660 | well as the loopback file and file system size | |
| 661 | itself.</para></listitem> | |
| d6ce17c7 LP |
662 | </varlistentry> |
| 663 | ||
| 798d3a52 ZJS |
664 | </variablelist></refsect2> |
| 665 | ||
| 666 | <refsect2><title>Image Transfer Commands</title><variablelist> | |
| 667 | ||
| 668 | <varlistentry> | |
| 669 | <term><command>pull-tar</command> <replaceable>URL</replaceable> [<replaceable>NAME</replaceable>]</term> | |
| 670 | ||
| 671 | <listitem><para>Downloads a <filename>.tar</filename> | |
| 672 | container image from the specified URL, and makes it available | |
| 673 | under the specified local machine name. The URL must be of | |
| 674 | type <literal>http://</literal> or | |
| 675 | <literal>https://</literal>, and must refer to a | |
| 676 | <filename>.tar</filename>, <filename>.tar.gz</filename>, | |
| 677 | <filename>.tar.xz</filename> or <filename>.tar.bz2</filename> | |
| f8b07704 | 678 | archive file. If the local machine name is omitted it |
| 798d3a52 ZJS |
679 | is automatically derived from the last component of the URL, |
| 680 | with its suffix removed.</para> | |
| 681 | ||
| 682 | <para>The image is verified before it is made available, | |
| 683 | unless <option>--verify=no</option> is specified. Verification | |
| 684 | is done via SHA256SUMS and SHA256SUMS.gpg files, that need to | |
| 685 | be made available on the same web server, under the same URL | |
| 686 | as the <filename>.tar</filename> file, but with the last | |
| 687 | component (the filename) of the URL replaced. With | |
| 688 | <option>--verify=checksum</option> only the SHA256 checksum | |
| 689 | for the file is verified, based on the | |
| 690 | <filename>SHA256SUMS</filename> file. With | |
| 691 | <option>--verify=signature</option> the SHA256SUMS file is | |
| 692 | first verified with detached GPG signature file | |
| 693 | <filename>SHA256SUMS.gpg</filename>. The public key for this | |
| 694 | verification step needs to be available in | |
| 12b42c76 TG |
695 | <filename>/usr/lib/systemd/import-pubring.gpg</filename> or |
| 696 | <filename>/etc/systemd/import-pubring.gpg</filename>.</para> | |
| 798d3a52 ZJS |
697 | |
| 698 | <para>The container image will be downloaded and stored in a | |
| 699 | read-only subvolume in | |
| 700 | <filename>/var/lib/machines/</filename>, that is named after | |
| 701 | the specified URL and its HTTP etag. A writable snapshot is | |
| 702 | then taken from this subvolume, and named after the specified | |
| dd2b607b | 703 | local name. This behavior ensures that creating multiple |
| 798d3a52 ZJS |
704 | container instances of the same URL is efficient, as multiple |
| 705 | downloads are not necessary. In order to create only the | |
| 706 | read-only image, and avoid creating its writable snapshot, | |
| 707 | specify <literal>-</literal> as local machine name.</para> | |
| 708 | ||
| 709 | <para>Note that the read-only subvolume is prefixed with | |
| 6b94875f | 710 | <filename>.tar-</filename>, and is thus not shown by |
| 798d3a52 ZJS |
711 | <command>list-images</command>, unless <option>--all</option> |
| 712 | is passed.</para> | |
| 713 | ||
| 714 | <para>Note that pressing C-c during execution of this command | |
| 715 | will not abort the download. Use | |
| 716 | <command>cancel-transfer</command>, described | |
| 717 | below.</para></listitem> | |
| 718 | </varlistentry> | |
| 719 | ||
| 720 | <varlistentry> | |
| 721 | <term><command>pull-raw</command> <replaceable>URL</replaceable> [<replaceable>NAME</replaceable>]</term> | |
| 722 | ||
| 723 | <listitem><para>Downloads a <filename>.raw</filename> | |
| 724 | container or VM disk image from the specified URL, and makes | |
| 725 | it available under the specified local machine name. The URL | |
| 726 | must be of type <literal>http://</literal> or | |
| 727 | <literal>https://</literal>. The container image must either | |
| 728 | be a <filename>.qcow2</filename> or raw disk image, optionally | |
| 729 | compressed as <filename>.gz</filename>, | |
| 730 | <filename>.xz</filename>, or <filename>.bz2</filename>. If the | |
| f8b07704 | 731 | local machine name is omitted it is automatically |
| 798d3a52 ZJS |
732 | derived from the last component of the URL, with its suffix |
| 733 | removed.</para> | |
| 734 | ||
| 735 | <para>Image verification is identical for raw and tar images | |
| 736 | (see above).</para> | |
| 737 | ||
| 1d3eaa93 | 738 | <para>If the downloaded image is in |
| 6b94875f | 739 | <filename>.qcow2</filename> format it is converted into a raw |
| 798d3a52 ZJS |
740 | image file before it is made available.</para> |
| 741 | ||
| 742 | <para>Downloaded images of this type will be placed as | |
| 743 | read-only <filename>.raw</filename> file in | |
| 744 | <filename>/var/lib/machines/</filename>. A local, writable | |
| 745 | (reflinked) copy is then made under the specified local | |
| 746 | machine name. To omit creation of the local, writable copy | |
| 747 | pass <literal>-</literal> as local machine name.</para> | |
| 748 | ||
| dd2b607b | 749 | <para>Similar to the behavior of <command>pull-tar</command>, |
| 798d3a52 | 750 | the read-only image is prefixed with |
| 6b94875f | 751 | <filename>.raw-</filename>, and thus not shown by |
| 798d3a52 ZJS |
752 | <command>list-images</command>, unless <option>--all</option> |
| 753 | is passed.</para> | |
| 754 | ||
| 755 | <para>Note that pressing C-c during execution of this command | |
| 756 | will not abort the download. Use | |
| 757 | <command>cancel-transfer</command>, described | |
| 758 | below.</para></listitem> | |
| 759 | </varlistentry> | |
| 760 | ||
| 761 | <varlistentry> | |
| 762 | <term><command>pull-dkr</command> <replaceable>REMOTE</replaceable> [<replaceable>NAME</replaceable>]</term> | |
| 763 | ||
| 764 | <listitem><para>Downloads a <literal>dkr</literal> container | |
| 765 | image and makes it available locally. The remote name refers | |
| 766 | to a <literal>dkr</literal> container name. If omitted, the | |
| 767 | local machine name is derived from the <literal>dkr</literal> | |
| 768 | container name.</para> | |
| 769 | ||
| 770 | <para>Image verification is not available for | |
| 771 | <literal>dkr</literal> containers, and thus | |
| 772 | <option>--verify=no</option> must always be specified with | |
| 773 | this command.</para> | |
| 774 | ||
| 775 | <para>This command downloads all (missing) layers for the | |
| 776 | specified container and places them in read-only subvolumes in | |
| 777 | <filename>/var/lib/machines/</filename>. A writable snapshot | |
| 778 | of the newest layer is then created under the specified local | |
| 779 | machine name. To omit creation of this writable snapshot, pass | |
| 780 | <literal>-</literal> as local machine name.</para> | |
| 781 | ||
| 782 | <para>The read-only layer subvolumes are prefixed with | |
| 6b94875f | 783 | <filename>.dkr-</filename>, and thus not shown by |
| 798d3a52 ZJS |
784 | <command>list-images</command>, unless <option>--all</option> |
| 785 | is passed.</para> | |
| 786 | ||
| 787 | <para>To specify the <literal>dkr</literal> index server to | |
| 788 | use for looking up the specified container, use | |
| 789 | <option>--dkr-index-url=</option>.</para> | |
| 790 | ||
| 791 | <para>Note that pressing C-c during execution of this command | |
| 792 | will not abort the download. Use | |
| 793 | <command>cancel-transfer</command>, described | |
| 794 | below.</para></listitem> | |
| 795 | </varlistentry> | |
| 796 | ||
| af40e5d3 LP |
797 | <varlistentry> |
| 798 | <term><command>import-tar</command> <replaceable>FILE</replaceable> [<replaceable>NAME</replaceable>]</term> | |
| 799 | <term><command>import-raw</command> <replaceable>FILE</replaceable> [<replaceable>NAME</replaceable>]</term> | |
| 800 | <listitem><para>Imports a TAR or RAW container or VM image, | |
| 801 | and places it under the specified name in | |
| 802 | <filename>/var/lib/machines/</filename>. When | |
| 803 | <command>import-tar</command> is used the file specified as | |
| 804 | first argument should be a tar archive, possibly compressed | |
| 805 | with xz, gzip or bzip2. It will then be unpacked into its own | |
| 806 | subvolume in <filename>/var/lib/machines</filename>. When | |
| 807 | <command>import-raw</command> is used the file should be a | |
| 808 | qcow2 or raw disk image, possibly compressed with xz, gzip or | |
| 809 | bzip2. If the second argument (the resulting image name) is | |
| 810 | not specified it is automatically derived from the file | |
| 811 | name. If the file name is passed as <literal>-</literal> the | |
| 812 | image is read from standard input, in which case the second | |
| 813 | argument is mandatory.</para> | |
| 814 | ||
| 815 | <para>Similar as with <command>pull-tar</command>, | |
| 816 | <command>pull-raw</command> the file system | |
| 817 | <filename>/var/lib/machines.raw</filename> is increased in | |
| 818 | size of necessary and appropriate. Optionally the | |
| 819 | <option>--read-only</option> switch may be used to create a | |
| 820 | read-only container or VM image. No cryptographic validation | |
| 821 | is done when importing the images.</para> | |
| 822 | ||
| 823 | <para>Much like image downloads, ongoing imports may be listed | |
| 824 | with <command>list-transfers</command> and aborted with | |
| 825 | <command>cancel-transfer</command>.</para></listitem> | |
| 826 | </varlistentry> | |
| 827 | ||
| 6e9efa59 LP |
828 | <varlistentry> |
| 829 | <term><command>export-tar</command> <replaceable>NAME</replaceable> [<replaceable>FILE</replaceable>]</term> | |
| 830 | <term><command>export-raw</command> <replaceable>NAME</replaceable> [<replaceable>FILE</replaceable>]</term> | |
| 831 | <listitem><para>Exports a TAR or RAW container or VM image and | |
| 832 | stores it in the specified file. The first parameter should be | |
| 833 | a VM or container image name. The second parameter should be a | |
| 834 | file path the TAR or RAW image is written to. If the path ends | |
| 835 | in <literal>.gz</literal> the file is compressed with gzip, if | |
| 836 | it ends in <literal>.xz</literal> with xz, and if it ends in | |
| 837 | <literal>.bz2</literal> with bzip2. If the path ends in | |
| 838 | neither the file is left uncompressed. If the second argument | |
| 839 | is missing the image is written to standard output. The | |
| 840 | compression may also be explicitly selected with the | |
| 841 | <option>--format=</option> switch. This is in particular | |
| 842 | useful if the second parameter is left unspecified.</para> | |
| 843 | ||
| 844 | <para>Much like image downloads and imports, ongoing exports | |
| 845 | may be listed with <command>list-transfers</command> and | |
| 846 | aborted with | |
| 847 | <command>cancel-transfer</command>.</para> | |
| 848 | ||
| 849 | <para>Note that currently only directory and subvolume images | |
| 850 | may be exported as TAR images, and only raw disk images as RAW | |
| 851 | images.</para></listitem> | |
| 852 | </varlistentry> | |
| 853 | ||
| 798d3a52 ZJS |
854 | <varlistentry> |
| 855 | <term><command>list-transfers</command></term> | |
| 856 | ||
| 857 | <listitem><para>Shows a list of container or VM image | |
| 6e9efa59 | 858 | downloads, imports and exports that are currently in |
| af40e5d3 | 859 | progress.</para></listitem> |
| 798d3a52 ZJS |
860 | </varlistentry> |
| 861 | ||
| 862 | <varlistentry> | |
| 863 | <term><command>cancel-transfers</command> <replaceable>ID</replaceable>...</term> | |
| 864 | ||
| 6e9efa59 LP |
865 | <listitem><para>Aborts a download, import or export of the |
| 866 | container or VM image with the specified ID. To list ongoing | |
| 867 | transfers and their IDs, use | |
| af40e5d3 | 868 | <command>list-transfers</command>. </para></listitem> |
| 798d3a52 ZJS |
869 | </varlistentry> |
| 870 | ||
| 871 | </variablelist></refsect2> | |
| 872 | ||
| 873 | </refsect1> | |
| 874 | ||
| 91913f58 LP |
875 | <refsect1> |
| 876 | <title>Machine and Image Names</title> | |
| 877 | ||
| 878 | <para>The <command>machinectl</command> tool operates on machines | |
| 879 | and images, whose names must be chosen following strict | |
| 880 | rules. Machine names must be suitable for use as host names | |
| 881 | following a conservative subset of DNS and UNIX/Linux | |
| 882 | semantics. Specifically, they must consist of one or more | |
| 883 | non-empty label strings, separated by dots. No leading or trailing | |
| 884 | dots are allowed. No sequences of multiple dots are allowed. The | |
| 885 | label strings may only consists of alphanumeric characters as well | |
| 886 | as the dash and underscore. The maximum length of a machine name | |
| 887 | is 64 characters.</para> | |
| 888 | ||
| 889 | <para>A special machine with the name <literal>.host</literal> | |
| 890 | refers to the running host system itself. This is useful for execution | |
| 891 | operations or inspecting the host system as well. Not that | |
| 892 | <command>machinectl list</command> will not show this special | |
| 893 | machine unless the <option>--all</option> switch is specified.</para> | |
| 894 | ||
| 895 | <para>Requirements on image names are less strict, however must be | |
| 896 | valid UTF-8, must be suitable as file names (hence not be the | |
| 897 | single or double dot, and not include a slash), and may not | |
| 898 | contain control characters. Since many operations search for an | |
| 899 | image by the name of a requested machine it is recommended to name | |
| 900 | images in the same strict fashion as machines.</para> | |
| 901 | ||
| 902 | <para>A special image with the name <literal>.host</literal> | |
| 903 | refers to the image of the running host system. It is hence | |
| 904 | conceptually maps to the special <literal>.host</literal> machine | |
| 905 | name described above. Note that <command>machinectl | |
| 906 | list-images</command> won't show this special image either, unless | |
| 907 | <option>--all</option> is specified.</para> | |
| 908 | </refsect1> | |
| 909 | ||
| 798d3a52 ZJS |
910 | <refsect1> |
| 911 | <title>Files and Directories</title> | |
| 912 | ||
| 913 | <para>Machine images are preferably stored in | |
| 914 | <filename>/var/lib/machines/</filename>, but are also searched for | |
| 915 | in <filename>/usr/local/lib/machines/</filename> and | |
| 916 | <filename>/usr/lib/machines/</filename>. For compatibility reasons | |
| 917 | the directory <filename>/var/lib/container/</filename> is | |
| 918 | searched, too. Note that images stored below | |
| 919 | <filename>/usr</filename> are always considered read-only. It is | |
| 920 | possible to symlink machines images from other directories into | |
| 921 | <filename>/var/lib/machines/</filename> to make them available for | |
| 922 | control with <command>machinectl</command>.</para> | |
| 923 | ||
| 7de30452 LP |
924 | <para>Note that many image operations are only supported, |
| 925 | efficient or atomic on btrfs file systems. Due to this, if the | |
| 926 | <command>pull-tar</command>, <command>pull-raw</command>, | |
| af40e5d3 LP |
927 | <command>pull-dkr</command>, <command>import-tar</command>, |
| 928 | <command>import-raw</command> and <command>set-limit</command> | |
| 7de30452 LP |
929 | commands notice that <filename>/var/lib/machines</filename> is |
| 930 | empty and not located on btrfs, they will implicitly set up a | |
| 931 | loopback file <filename>/var/lib/machines.raw</filename> | |
| 932 | containing a btrfs file system that is mounted to | |
| 933 | <filename>/var/lib/machines</filename>. The size of this loopback | |
| af40e5d3 LP |
934 | file may be controlled dynamically with |
| 935 | <command>set-limit</command>.</para> | |
| 7de30452 | 936 | |
| 798d3a52 ZJS |
937 | <para>Disk images are understood by |
| 938 | <citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry> | |
| 939 | and <command>machinectl</command> in three formats:</para> | |
| 940 | ||
| 941 | <itemizedlist> | |
| 942 | <listitem><para>A simple directory tree, containing the files | |
| 943 | and directories of the container to boot.</para></listitem> | |
| 944 | ||
| 945 | <listitem><para>A subvolume (on btrfs file systems), which are | |
| 946 | similar to the simple directories, described above. However, | |
| 947 | they have additional benefits, such as efficient cloning and | |
| 948 | quota reporting.</para></listitem> | |
| 949 | ||
| 950 | <listitem><para>"Raw" disk images, i.e. binary images of disks | |
| 951 | with a GPT or MBR partition table. Images of this type are | |
| 952 | regular files with the suffix | |
| 953 | <literal>.raw</literal>.</para></listitem> | |
| 954 | </itemizedlist> | |
| 955 | ||
| 956 | <para>See | |
| 957 | <citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry> | |
| 958 | for more information on image formats, in particular it's | |
| 959 | <option>--directory=</option> and <option>--image=</option> | |
| 960 | options.</para> | |
| 961 | </refsect1> | |
| 962 | ||
| 963 | <refsect1> | |
| 964 | <title>Examples</title> | |
| 965 | <example> | |
| 966 | <title>Download an Ubuntu image and open a shell in it</title> | |
| 967 | ||
| 968 | <programlisting># machinectl pull-tar https://cloud-images.ubuntu.com/trusty/current/trusty-server-cloudimg-amd64-root.tar.gz | |
| e0ea94c1 LP |
969 | # systemd-nspawn -M trusty-server-cloudimg-amd64-root</programlisting> |
| 970 | ||
| 798d3a52 ZJS |
971 | <para>This downloads and verifies the specified |
| 972 | <filename>.tar</filename> image, and then uses | |
| 973 | <citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry> | |
| 974 | to open a shell in it.</para> | |
| 975 | </example> | |
| 976 | ||
| 977 | <example> | |
| 978 | <title>Download a Fedora image, set a root password in it, start | |
| 979 | it as service</title> | |
| 980 | ||
| ac92ced5 BF |
981 | <programlisting># machinectl pull-raw --verify=no http://ftp.halifax.rwth-aachen.de/fedora/linux/releases/21/Cloud/Images/x86_64/Fedora-Cloud-Base-20141203-21.x86_64.raw.xz |
| 982 | # systemd-nspawn -M Fedora-Cloud-Base-20141203-21 | |
| 983 | # passwd | |
| 984 | # exit | |
| 985 | # machinectl start Fedora-Cloud-Base-20141203-21 | |
| 986 | # machinectl login Fedora-Cloud-Base-20141203-21</programlisting> | |
| 798d3a52 ZJS |
987 | |
| 988 | <para>This downloads the specified <filename>.raw</filename> | |
| 989 | image with verification disabled. Then a shell is opened in it | |
| 990 | and a root password is set. Afterwards the shell is left, and | |
| 991 | the machine started as system service. With the last command a | |
| 992 | login prompt into the container is requested.</para> | |
| 993 | </example> | |
| 994 | ||
| 995 | <example> | |
| 996 | <title>Download a Fedora <literal>dkr</literal> image</title> | |
| 997 | ||
| 998 | <programlisting># machinectl pull-dkr --verify=no mattdm/fedora | |
| e0ea94c1 LP |
999 | # systemd-nspawn -M fedora</programlisting> |
| 1000 | ||
| 798d3a52 ZJS |
1001 | <para>Downloads a <literal>dkr</literal> image and opens a shell |
| 1002 | in it. Note that the specified download command might require an | |
| 1003 | index server to be specified with the | |
| 1004 | <literal>--dkr-index-url=</literal>.</para> | |
| 1005 | </example> | |
| 6e9efa59 LP |
1006 | |
| 1007 | <example> | |
| 1008 | <title>Exports a container image as tar file</title> | |
| 1009 | ||
| 1010 | <programlisting># machinectl export-tar fedora myfedora.tar.xz</programlisting> | |
| 1011 | ||
| 1012 | <para>Exports the container <literal>fedora</literal> in an | |
| 1013 | xz-compress tar file <filename>myfedora.tar.xz</filename> in the | |
| 1014 | current directory.</para> | |
| 1015 | </example> | |
| 1016 | ||
| ef3100e9 LP |
1017 | <example> |
| 1018 | <title>Create a new shell session</title> | |
| 1019 | ||
| 1020 | <programlisting># machinectl shell --uid=lennart</programlisting> | |
| 1021 | ||
| 1022 | <para>This creates a new shell session on the local host, for | |
| 1023 | the user ID <literal>lennart</literal>, in a <citerefentry | |
| 1024 | project='die-net'><refentrytitle>su</refentrytitle><manvolnum>1</manvolnum></citerefentry>-like | |
| 1025 | fashion.</para> | |
| 1026 | </example> | |
| 1027 | ||
| 798d3a52 ZJS |
1028 | </refsect1> |
| 1029 | ||
| 1030 | <refsect1> | |
| 1031 | <title>Exit status</title> | |
| 1032 | ||
| 1033 | <para>On success, 0 is returned, a non-zero failure code | |
| 1034 | otherwise.</para> | |
| 1035 | </refsect1> | |
| 1036 | ||
| 1037 | <xi:include href="less-variables.xml" /> | |
| 1038 | ||
| 1039 | <refsect1> | |
| 1040 | <title>See Also</title> | |
| 1041 | <para> | |
| 1042 | <citerefentry><refentrytitle>systemd-machined.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>, | |
| 1043 | <citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry>, | |
| 6e9efa59 | 1044 | <citerefentry><refentrytitle>systemd.special</refentrytitle><manvolnum>7</manvolnum></citerefentry>, |
| 16eb4024 ZJS |
1045 | <citerefentry project='die-net'><refentrytitle>tar</refentrytitle><manvolnum>1</manvolnum></citerefentry>, |
| 1046 | <citerefentry project='die-net'><refentrytitle>xz</refentrytitle><manvolnum>1</manvolnum></citerefentry>, | |
| 1047 | <citerefentry project='die-net'><refentrytitle>gzip</refentrytitle><manvolnum>1</manvolnum></citerefentry>, | |
| 1048 | <citerefentry project='die-net'><refentrytitle>bzip2</refentrytitle><manvolnum>1</manvolnum></citerefentry> | |
| 798d3a52 ZJS |
1049 | </para> |
| 1050 | </refsect1> | |
| 19887cd0 ZJS |
1051 | |
| 1052 | </refentry> |