]>
Commit | Line | Data |
---|---|---|
19887cd0 ZJS |
1 | <?xml version='1.0'?> <!--*-nxml-*--> |
2 | <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" | |
681eb9cf FB |
3 | "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [ |
4 | <!ENTITY % entities SYSTEM "custom-entities.ent" > | |
5 | %entities; | |
6 | ]> | |
19887cd0 ZJS |
7 | |
8 | <!-- | |
9 | This file is part of systemd. | |
10 | ||
11 | Copyright 2013 Zbigniew Jędrzejewski-Szmek | |
12 | ||
13 | systemd is free software; you can redistribute it and/or modify it | |
14 | under the terms of the GNU Lesser General Public License as published by | |
15 | the Free Software Foundation; either version 2.1 of the License, or | |
16 | (at your option) any later version. | |
17 | ||
18 | systemd is distributed in the hope that it will be useful, but | |
19 | WITHOUT ANY WARRANTY; without even the implied warranty of | |
20 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
21 | Lesser General Public License for more details. | |
22 | ||
23 | You should have received a copy of the GNU Lesser General Public License | |
24 | along with systemd; If not, see <http://www.gnu.org/licenses/>. | |
25 | --> | |
26 | ||
21ac6ff1 | 27 | <refentry id="machinectl" conditional='ENABLE_MACHINED' |
798d3a52 ZJS |
28 | xmlns:xi="http://www.w3.org/2001/XInclude"> |
29 | ||
30 | <refentryinfo> | |
31 | <title>machinectl</title> | |
32 | <productname>systemd</productname> | |
33 | ||
34 | <authorgroup> | |
35 | <author> | |
36 | <contrib>Developer</contrib> | |
37 | <firstname>Lennart</firstname> | |
38 | <surname>Poettering</surname> | |
39 | <email>lennart@poettering.net</email> | |
40 | </author> | |
41 | </authorgroup> | |
42 | </refentryinfo> | |
43 | ||
44 | <refmeta> | |
45 | <refentrytitle>machinectl</refentrytitle> | |
46 | <manvolnum>1</manvolnum> | |
47 | </refmeta> | |
48 | ||
49 | <refnamediv> | |
50 | <refname>machinectl</refname> | |
51 | <refpurpose>Control the systemd machine manager</refpurpose> | |
52 | </refnamediv> | |
53 | ||
54 | <refsynopsisdiv> | |
55 | <cmdsynopsis> | |
56 | <command>machinectl</command> | |
57 | <arg choice="opt" rep="repeat">OPTIONS</arg> | |
58 | <arg choice="req">COMMAND</arg> | |
59 | <arg choice="opt" rep="repeat">NAME</arg> | |
60 | </cmdsynopsis> | |
61 | </refsynopsisdiv> | |
62 | ||
63 | <refsect1> | |
64 | <title>Description</title> | |
65 | ||
66 | <para><command>machinectl</command> may be used to introspect and | |
67 | control the state of the | |
68 | <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry> | |
69 | virtual machine and container registration manager | |
70 | <citerefentry><refentrytitle>systemd-machined.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para> | |
71 | </refsect1> | |
72 | ||
73 | <refsect1> | |
74 | <title>Options</title> | |
75 | ||
76 | <para>The following options are understood:</para> | |
77 | ||
78 | <variablelist> | |
79 | <varlistentry> | |
80 | <term><option>-p</option></term> | |
81 | <term><option>--property=</option></term> | |
82 | ||
83 | <listitem><para>When showing machine or image properties, | |
84 | limit the output to certain properties as specified by the | |
85 | argument. If not specified, all set properties are shown. The | |
86 | argument should be a property name, such as | |
87 | <literal>Name</literal>. If specified more than once, all | |
88 | properties with the specified names are | |
89 | shown.</para></listitem> | |
90 | </varlistentry> | |
91 | ||
92 | <varlistentry> | |
93 | <term><option>-a</option></term> | |
94 | <term><option>--all</option></term> | |
95 | ||
96 | <listitem><para>When showing machine or image properties, show | |
97 | all properties regardless of whether they are set or | |
98 | not.</para> | |
99 | ||
100 | <para>When listing VM or container images, do not suppress | |
101 | images beginning in a dot character | |
102 | (<literal>.</literal>).</para></listitem> | |
103 | </varlistentry> | |
104 | ||
105 | <varlistentry> | |
106 | <term><option>-l</option></term> | |
107 | <term><option>--full</option></term> | |
108 | ||
109 | <listitem><para>Do not ellipsize process tree entries.</para> | |
110 | </listitem> | |
111 | </varlistentry> | |
112 | ||
113 | <varlistentry> | |
114 | <term><option>--no-ask-password</option></term> | |
115 | ||
116 | <listitem><para>Do not query the user for authentication for | |
117 | privileged operations.</para></listitem> | |
118 | </varlistentry> | |
119 | ||
120 | <varlistentry> | |
121 | <term><option>--kill-who=</option></term> | |
122 | ||
123 | <listitem><para>When used with <command>kill</command>, choose | |
124 | which processes to kill. Must be one of | |
125 | <option>leader</option>, or <option>all</option> to select | |
126 | whether to kill only the leader process of the machine or all | |
127 | processes of the machine. If omitted, defaults to | |
128 | <option>all</option>.</para></listitem> | |
129 | </varlistentry> | |
130 | ||
131 | <varlistentry> | |
132 | <term><option>-s</option></term> | |
133 | <term><option>--signal=</option></term> | |
134 | ||
135 | <listitem><para>When used with <command>kill</command>, choose | |
136 | which signal to send to selected processes. Must be one of the | |
137 | well-known signal specifiers, such as | |
138 | <constant>SIGTERM</constant>, <constant>SIGINT</constant> or | |
139 | <constant>SIGSTOP</constant>. If omitted, defaults to | |
140 | <constant>SIGTERM</constant>.</para></listitem> | |
141 | </varlistentry> | |
142 | ||
143 | <varlistentry> | |
144 | <term><option>--mkdir</option></term> | |
145 | ||
146 | <listitem><para>When used with <command>bind</command> creates | |
147 | the destination directory before applying the bind | |
148 | mount.</para></listitem> | |
149 | </varlistentry> | |
150 | ||
151 | ||
152 | <varlistentry> | |
153 | <term><option>--read-only</option></term> | |
154 | ||
155 | <listitem><para>When used with <command>bind</command> applies | |
156 | a read-only bind mount.</para></listitem> | |
157 | </varlistentry> | |
158 | ||
159 | ||
160 | <varlistentry> | |
161 | <term><option>-n</option></term> | |
162 | <term><option>--lines=</option></term> | |
163 | ||
164 | <listitem><para>When used with <command>status</command>, | |
165 | controls the number of journal lines to show, counting from | |
166 | the most recent ones. Takes a positive integer argument. | |
167 | Defaults to 10.</para> | |
168 | </listitem> | |
169 | </varlistentry> | |
170 | ||
171 | <varlistentry> | |
172 | <term><option>-o</option></term> | |
173 | <term><option>--output=</option></term> | |
174 | ||
175 | <listitem><para>When used with <command>status</command>, | |
176 | controls the formatting of the journal entries that are shown. | |
177 | For the available choices, see | |
178 | <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>. | |
179 | Defaults to <literal>short</literal>.</para></listitem> | |
180 | </varlistentry> | |
181 | ||
182 | <varlistentry> | |
183 | <term><option>--verify=</option></term> | |
184 | ||
185 | <listitem><para>When downloading a container or VM image, | |
186 | specify whether the image shall be verified before it is made | |
187 | available. Takes one of <literal>no</literal>, | |
188 | <literal>checksum</literal> and <literal>signature</literal>. | |
189 | If <literal>no</literal> no verification is done. If | |
190 | <literal>checksum</literal> is specified the download is | |
191 | checked for integrity after transfer is complete, but no | |
192 | signatures are verified. If <literal>signature</literal> is | |
193 | specified, the checksum is verified and the images's signature | |
194 | is checked against a local keyring of trustable vendors. It is | |
195 | strongly recommended to set this option to | |
196 | <literal>signature</literal> if the server and protocol | |
197 | support this. Defaults to | |
198 | <literal>signature</literal>.</para></listitem> | |
199 | </varlistentry> | |
200 | ||
201 | <varlistentry> | |
202 | <term><option>--force</option></term> | |
203 | ||
204 | <listitem><para>When downloading a container or VM image, and | |
205 | a local copy by the specified local machine name already | |
206 | exists, delete it first and replace it by the newly downloaded | |
207 | image.</para></listitem> | |
208 | </varlistentry> | |
209 | ||
210 | <varlistentry> | |
211 | <term><option>--dkr-index-url</option></term> | |
212 | ||
213 | <listitem><para>Specifies the index server to use for | |
214 | downloading <literal>dkr</literal> images with the | |
215 | <command>pull-dkr</command>. Takes a | |
216 | <literal>http://</literal>, <literal>https://</literal> | |
217 | URL.</para></listitem> | |
218 | </varlistentry> | |
219 | ||
6e9efa59 LP |
220 | <varlistentry> |
221 | <term><option>--format=</option></term> | |
222 | ||
223 | <listitem><para>When used with the <option>export-tar</option> | |
224 | or <option>export-raw</option> commands specifies the | |
225 | compression format to use for the resulting file. Takes one of | |
226 | <literal>uncompressed</literal>, <literal>xz</literal>, | |
227 | <literal>gzip</literal>, <literal>bzip2</literal>. By default | |
228 | the format is determined automatically from the image file | |
229 | name passed.</para></listitem> | |
230 | </varlistentry> | |
231 | ||
798d3a52 ZJS |
232 | <xi:include href="user-system-options.xml" xpointer="host" /> |
233 | <xi:include href="user-system-options.xml" xpointer="machine" /> | |
234 | ||
235 | <xi:include href="standard-options.xml" xpointer="no-pager" /> | |
236 | <xi:include href="standard-options.xml" xpointer="no-legend" /> | |
237 | <xi:include href="standard-options.xml" xpointer="help" /> | |
238 | <xi:include href="standard-options.xml" xpointer="version" /> | |
239 | </variablelist> | |
240 | </refsect1> | |
241 | ||
242 | <refsect1> | |
243 | <title>Commands</title> | |
244 | ||
245 | <para>The following commands are understood:</para> | |
246 | ||
247 | <refsect2><title>Machine Commands</title><variablelist> | |
248 | ||
249 | <varlistentry> | |
250 | <term><command>list</command></term> | |
251 | ||
252 | <listitem><para>List currently running (online) virtual | |
253 | machines and containers. To enumerate container images that | |
254 | can be started, use <command>list-images</command> (see | |
255 | below).</para></listitem> | |
256 | </varlistentry> | |
257 | ||
258 | <varlistentry> | |
259 | <term><command>status</command> <replaceable>NAME</replaceable>...</term> | |
260 | ||
261 | <listitem><para>Show terse runtime status information about | |
262 | one or more virtual machines and containers, followed by the | |
263 | most recent log data from the journal. This function is | |
264 | intended to generate human-readable output. If you are looking | |
265 | for computer-parsable output, use <command>show</command> | |
266 | instead. Note that the log data shown is reported by the | |
267 | virtual machine or container manager, and frequently contains | |
268 | console output of the machine, but not necessarily journal | |
269 | contents of the machine itself.</para></listitem> | |
270 | </varlistentry> | |
271 | ||
272 | <varlistentry> | |
273 | <term><command>show</command> <replaceable>NAME</replaceable>...</term> | |
274 | ||
275 | <listitem><para>Show properties of one or more registered | |
276 | virtual machines or containers or the manager itself. If no | |
277 | argument is specified, properties of the manager will be | |
278 | shown. If an NAME is specified, properties of this virtual | |
279 | machine or container are shown. By default, empty properties | |
280 | are suppressed. Use <option>--all</option> to show those too. | |
281 | To select specific properties to show, use | |
282 | <option>--property=</option>. This command is intended to be | |
283 | used whenever computer-parsable output is required. Use | |
284 | <command>status</command> if you are looking for formatted | |
285 | human-readable output.</para></listitem> | |
286 | </varlistentry> | |
287 | ||
288 | <varlistentry> | |
289 | <term><command>start</command> <replaceable>NAME</replaceable>...</term> | |
290 | ||
291 | <listitem><para>Start a container as a system service, using | |
292 | <citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry>. | |
293 | This starts <filename>systemd-nspawn@.service</filename>, | |
294 | instantiated for the specified machine name, similar to the | |
295 | effect of <command>systemctl start</command> on the service | |
296 | name. <command>systemd-nspawn</command> looks for a container | |
297 | image by the specified name in | |
298 | <filename>/var/lib/machines/</filename> (and other search | |
299 | paths, see below) and runs it. Use | |
300 | <command>list-images</command> (see below), for listing | |
301 | available container images to start.</para> | |
302 | ||
303 | <para>Note that | |
304 | <citerefentry><refentrytitle>systemd-machined.service</refentrytitle><manvolnum>8</manvolnum></citerefentry> | |
305 | also interfaces with a variety of other container and VM | |
306 | managers, <command>systemd-nspawn</command> is just one | |
307 | implementation of it. Most of the commands available in | |
308 | <command>machinectl</command> may be used on containers or VMs | |
309 | controlled by other managers, not just | |
310 | <command>systemd-nspawn</command>. Starting VMs and container | |
311 | images on those managers requires manager-specific | |
312 | tools.</para> | |
313 | ||
314 | <para>To interactively start a container on the command line | |
315 | with full access to the container's console, please invoke | |
316 | <command>systemd-nspawn</command> directly. To stop a running | |
317 | container use <command>machinectl poweroff</command>, see | |
318 | below.</para></listitem> | |
319 | </varlistentry> | |
320 | ||
321 | <varlistentry> | |
322 | <term><command>login</command> <replaceable>NAME</replaceable></term> | |
323 | ||
324 | <listitem><para>Open an interactive terminal login session to | |
325 | a container. This will create a TTY connection to a specific | |
326 | container and asks for the execution of a getty on it. Note | |
327 | that this is only supported for containers running | |
328 | <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry> | |
329 | as init system.</para> | |
330 | ||
331 | <para>This command will open a full login prompt on the | |
332 | container, which then asks for username and password. Use | |
333 | <citerefentry><refentrytitle>systemd-run</refentrytitle><manvolnum>1</manvolnum></citerefentry> | |
334 | with the <option>--machine=</option> switch to invoke a single | |
335 | command, either interactively or in the background within a | |
336 | local container.</para></listitem> | |
337 | </varlistentry> | |
338 | ||
339 | <varlistentry> | |
340 | <term><command>enable</command> <replaceable>NAME</replaceable>...</term> | |
341 | <term><command>disable</command> <replaceable>NAME</replaceable>...</term> | |
342 | ||
343 | <listitem><para>Enable or disable a container as a system | |
344 | service to start at system boot, using | |
345 | <citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry>. | |
346 | This enables or disables | |
347 | <filename>systemd-nspawn@.service</filename>, instantiated for | |
348 | the specified machine name, similar to the effect of | |
349 | <command>systemctl enable</command> or <command>systemctl | |
350 | disable</command> on the service name.</para></listitem> | |
351 | </varlistentry> | |
352 | ||
353 | <varlistentry> | |
354 | <term><command>poweroff</command> <replaceable>NAME</replaceable>...</term> | |
355 | ||
356 | <listitem><para>Power off one or more containers. This will | |
357 | trigger a reboot by sending SIGRTMIN+4 to the container's init | |
358 | process, which causes systemd-compatible init systems to shut | |
359 | down cleanly. This operation does not work on containers that | |
360 | do not run a | |
361 | <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>-compatible | |
362 | init system, such as sysvinit. Use | |
363 | <command>terminate</command> (see below) to immediately | |
364 | terminate a container or VM, without cleanly shutting it | |
365 | down.</para></listitem> | |
366 | </varlistentry> | |
367 | ||
368 | <varlistentry> | |
369 | <term><command>reboot</command> <replaceable>NAME</replaceable>...</term> | |
370 | ||
371 | <listitem><para>Reboot one or more containers. This will | |
372 | trigger a reboot by sending SIGINT to the container's init | |
373 | process, which is roughly equivalent to pressing Ctrl+Alt+Del | |
374 | on a non-containerized system, and is compatible with | |
375 | containers running any system manager.</para></listitem> | |
376 | </varlistentry> | |
377 | ||
378 | <varlistentry> | |
379 | <term><command>terminate</command> <replaceable>NAME</replaceable>...</term> | |
380 | ||
381 | <listitem><para>Immediately terminates a virtual machine or | |
382 | container, without cleanly shutting it down. This kills all | |
383 | processes of the virtual machine or container and deallocates | |
384 | all resources attached to that instance. Use | |
385 | <command>poweroff</command> to issue a clean shutdown | |
386 | request.</para></listitem> | |
387 | </varlistentry> | |
388 | ||
389 | <varlistentry> | |
390 | <term><command>kill</command> <replaceable>NAME</replaceable>...</term> | |
391 | ||
392 | <listitem><para>Send a signal to one or more processes of the | |
393 | virtual machine or container. This means processes as seen by | |
394 | the host, not the processes inside the virtual machine or | |
395 | container. Use <option>--kill-who=</option> to select which | |
396 | process to kill. Use <option>--signal=</option> to select the | |
397 | signal to send.</para></listitem> | |
398 | </varlistentry> | |
399 | ||
400 | <varlistentry> | |
401 | <term><command>bind</command> <replaceable>NAME</replaceable> <replaceable>PATH</replaceable> [<replaceable>PATH</replaceable>]</term> | |
402 | ||
403 | <listitem><para>Bind mounts a directory from the host into the | |
404 | specified container. The first directory argument is the | |
405 | source directory on the host, the second directory argument | |
406 | the source directory on the host. When the latter is omitted | |
407 | the destination path in the container is the same as the | |
408 | source path on the host. When combined with the | |
409 | <option>--read-only</option> switch a ready-only bind mount is | |
410 | created. When combined with the <option>--mkdir</option> | |
411 | switch the destination path is first created before the mount | |
412 | is applied. Note that this option is currently only supported | |
413 | for | |
414 | <citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry> | |
415 | containers.</para></listitem> | |
416 | </varlistentry> | |
417 | ||
418 | <varlistentry> | |
419 | <term><command>copy-to</command> <replaceable>NAME</replaceable> <replaceable>PATH</replaceable> [<replaceable>PATH</replaceable>]</term> | |
420 | ||
421 | <listitem><para>Copies files or directories from the host | |
422 | system into a running container. Takes a container name, | |
423 | followed by the source path on the host and the destination | |
424 | path in the container. If the destination path is omitted the | |
425 | same as the source path is used.</para></listitem> | |
426 | </varlistentry> | |
427 | ||
428 | ||
429 | <varlistentry> | |
430 | <term><command>copy-from</command> <replaceable>NAME</replaceable> <replaceable>PATH</replaceable> [<replaceable>PATH</replaceable>]</term> | |
431 | ||
432 | <listitem><para>Copies files or directories from a container | |
433 | into the host system. Takes a container name, followed by the | |
434 | source path in the container the destination path on the host. | |
435 | If the destination path is omitted the same as the source path | |
436 | is used.</para></listitem> | |
437 | </varlistentry> | |
438 | </variablelist></refsect2> | |
439 | ||
440 | <refsect2><title>Image Commands</title><variablelist> | |
441 | ||
442 | <varlistentry> | |
443 | <term><command>list-images</command></term> | |
444 | ||
445 | <listitem><para>Show a list of locally installed container and | |
446 | VM images. This enumerates all raw disk images and container | |
447 | directories and subvolumes in | |
448 | <filename>/var/lib/machines/</filename> (and other search | |
449 | paths, see below). Use <command>start</command> (see above) to | |
450 | run a container off one of the listed images. Note that by | |
451 | default containers whose name begins with a dot | |
452 | (<literal>.</literal>) are not shown. To show these too, | |
453 | specify <option>--all</option>. Note that a special image | |
454 | <literal>.host</literal> always implicitly exists and refers | |
455 | to the image the host itself is booted from.</para></listitem> | |
456 | </varlistentry> | |
457 | ||
458 | <varlistentry> | |
459 | <term><command>image-status</command> <replaceable>NAME</replaceable>...</term> | |
460 | ||
461 | <listitem><para>Show terse status information about one or | |
462 | more container or VM images. This function is intended to | |
463 | generate human-readable output. Use | |
464 | <command>show-image</command> (see below) to generate | |
465 | computer-parsable output instead.</para></listitem> | |
466 | </varlistentry> | |
467 | ||
468 | <varlistentry> | |
469 | <term><command>show-image</command> <replaceable>NAME</replaceable>...</term> | |
470 | ||
471 | <listitem><para>Show properties of one or more registered | |
472 | virtual machine or container images, or the manager itself. If | |
473 | no argument is specified, properties of the manager will be | |
474 | shown. If an NAME is specified, properties of this virtual | |
475 | machine or container image are shown. By default, empty | |
476 | properties are suppressed. Use <option>--all</option> to show | |
477 | those too. To select specific properties to show, use | |
478 | <option>--property=</option>. This command is intended to be | |
479 | used whenever computer-parsable output is required. Use | |
480 | <command>image-status</command> if you are looking for | |
481 | formatted human-readable output.</para></listitem> | |
482 | </varlistentry> | |
483 | ||
484 | <varlistentry> | |
485 | <term><command>clone</command> <replaceable>NAME</replaceable> <replaceable>NAME</replaceable></term> | |
486 | ||
d6ce17c7 | 487 | <listitem><para>Clones a container or VM image. The |
798d3a52 ZJS |
488 | arguments specify the name of the image to clone and the name |
489 | of the newly cloned image. Note that plain directory container | |
490 | images are cloned into subvolume images with this command. | |
491 | Note that cloning a container or VM image is optimized for | |
492 | btrfs file systems, and might not be efficient on others, due | |
3fe22bb4 LP |
493 | to file system limitations.</para> |
494 | ||
495 | <para>Note that this command leaves host name, machine ID and | |
496 | all other settings that could identify the instance | |
497 | unmodified. The original image and the cloned copy will hence | |
498 | share these credentials, and it might be necessary to manually | |
499 | change them in the copy.</para></listitem> | |
798d3a52 ZJS |
500 | </varlistentry> |
501 | ||
502 | <varlistentry> | |
503 | <term><command>rename</command> <replaceable>NAME</replaceable> <replaceable>NAME</replaceable></term> | |
504 | ||
d6ce17c7 | 505 | <listitem><para>Renames a container or VM image. The |
798d3a52 ZJS |
506 | arguments specify the name of the image to rename and the new |
507 | name of the image.</para></listitem> | |
508 | </varlistentry> | |
509 | ||
510 | <varlistentry> | |
511 | <term><command>read-only</command> <replaceable>NAME</replaceable> [<replaceable>BOOL</replaceable>]</term> | |
512 | ||
d6ce17c7 | 513 | <listitem><para>Marks or (unmarks) a container or VM image |
798d3a52 ZJS |
514 | read-only. Takes a VM or container image name, followed by a |
515 | boolean as arguments. If the boolean is omitted, positive is | |
516 | implied, i.e. the image is marked read-only.</para></listitem> | |
517 | </varlistentry> | |
518 | ||
798d3a52 ZJS |
519 | <varlistentry> |
520 | <term><command>remove</command> <replaceable>NAME</replaceable>...</term> | |
521 | ||
d6ce17c7 | 522 | <listitem><para>Removes one or more container or VM images. |
798d3a52 ZJS |
523 | The special image <literal>.host</literal>, which refers to |
524 | the host's own directory tree may not be | |
525 | removed.</para></listitem> | |
526 | </varlistentry> | |
527 | ||
d6ce17c7 LP |
528 | <varlistentry> |
529 | <term><command>set-limit</command> [<replaceable>NAME</replaceable>] <replaceable>BYTES</replaceable></term> | |
530 | ||
531 | <listitem><para>Sets the maximum size in bytes a specific | |
7de30452 LP |
532 | container or VM image, or all images may grow up to on disk |
533 | (disk quota). Takes either one or two parameters. The first, | |
d6ce17c7 | 534 | optional parameter refers to a container or VM image name. If |
7de30452 LP |
535 | specified the size limit of the specified image is changed. If |
536 | omitted the overall size limit of the sum of all images stored | |
537 | locally is changed. The final argument specifies the size | |
538 | limit in bytes, possibly suffixed by the usual K, M, G, T | |
539 | units. If the size limit shall be disabled, specify | |
540 | <literal>-</literal> as size.</para> | |
541 | ||
542 | <para>Note that per-container size limits are only supported | |
543 | on btrfs file systems. Also note that if | |
544 | <command>set-limit</command> is invoked without image | |
545 | parameter, and <filename>/var/lib/machines</filename> is | |
546 | empty, and the directory is not located on btrfs, a btrfs | |
547 | loopback file is implicitly created as | |
548 | <filename>/var/lib/machines.raw</filename> with the given | |
549 | size, and mounted to | |
550 | <filename>/var/lib/machines</filename>. The size of the | |
551 | loopback may later be readjusted with | |
552 | <command>set-limit</command>, as well. If such a | |
553 | loopback-mounted <filename>/var/lib/machines</filename> | |
554 | directory is used <command>set-limit</command> without image | |
555 | name alters both the quota setting within the file system as | |
556 | well as the loopback file and file system size | |
557 | itself.</para></listitem> | |
d6ce17c7 LP |
558 | </varlistentry> |
559 | ||
798d3a52 ZJS |
560 | </variablelist></refsect2> |
561 | ||
562 | <refsect2><title>Image Transfer Commands</title><variablelist> | |
563 | ||
564 | <varlistentry> | |
565 | <term><command>pull-tar</command> <replaceable>URL</replaceable> [<replaceable>NAME</replaceable>]</term> | |
566 | ||
567 | <listitem><para>Downloads a <filename>.tar</filename> | |
568 | container image from the specified URL, and makes it available | |
569 | under the specified local machine name. The URL must be of | |
570 | type <literal>http://</literal> or | |
571 | <literal>https://</literal>, and must refer to a | |
572 | <filename>.tar</filename>, <filename>.tar.gz</filename>, | |
573 | <filename>.tar.xz</filename> or <filename>.tar.bz2</filename> | |
f8b07704 | 574 | archive file. If the local machine name is omitted it |
798d3a52 ZJS |
575 | is automatically derived from the last component of the URL, |
576 | with its suffix removed.</para> | |
577 | ||
578 | <para>The image is verified before it is made available, | |
579 | unless <option>--verify=no</option> is specified. Verification | |
580 | is done via SHA256SUMS and SHA256SUMS.gpg files, that need to | |
581 | be made available on the same web server, under the same URL | |
582 | as the <filename>.tar</filename> file, but with the last | |
583 | component (the filename) of the URL replaced. With | |
584 | <option>--verify=checksum</option> only the SHA256 checksum | |
585 | for the file is verified, based on the | |
586 | <filename>SHA256SUMS</filename> file. With | |
587 | <option>--verify=signature</option> the SHA256SUMS file is | |
588 | first verified with detached GPG signature file | |
589 | <filename>SHA256SUMS.gpg</filename>. The public key for this | |
590 | verification step needs to be available in | |
681eb9cf FB |
591 | <filename>&rootlibexecdir;/import-pubring.gpg</filename> or |
592 | <filename>&pkgsysconfdir;/import-pubring.gpg</filename>.</para> | |
798d3a52 ZJS |
593 | |
594 | <para>The container image will be downloaded and stored in a | |
595 | read-only subvolume in | |
596 | <filename>/var/lib/machines/</filename>, that is named after | |
597 | the specified URL and its HTTP etag. A writable snapshot is | |
598 | then taken from this subvolume, and named after the specified | |
599 | local name. This behaviour ensures that creating multiple | |
600 | container instances of the same URL is efficient, as multiple | |
601 | downloads are not necessary. In order to create only the | |
602 | read-only image, and avoid creating its writable snapshot, | |
603 | specify <literal>-</literal> as local machine name.</para> | |
604 | ||
605 | <para>Note that the read-only subvolume is prefixed with | |
6b94875f | 606 | <filename>.tar-</filename>, and is thus not shown by |
798d3a52 ZJS |
607 | <command>list-images</command>, unless <option>--all</option> |
608 | is passed.</para> | |
609 | ||
610 | <para>Note that pressing C-c during execution of this command | |
611 | will not abort the download. Use | |
612 | <command>cancel-transfer</command>, described | |
613 | below.</para></listitem> | |
614 | </varlistentry> | |
615 | ||
616 | <varlistentry> | |
617 | <term><command>pull-raw</command> <replaceable>URL</replaceable> [<replaceable>NAME</replaceable>]</term> | |
618 | ||
619 | <listitem><para>Downloads a <filename>.raw</filename> | |
620 | container or VM disk image from the specified URL, and makes | |
621 | it available under the specified local machine name. The URL | |
622 | must be of type <literal>http://</literal> or | |
623 | <literal>https://</literal>. The container image must either | |
624 | be a <filename>.qcow2</filename> or raw disk image, optionally | |
625 | compressed as <filename>.gz</filename>, | |
626 | <filename>.xz</filename>, or <filename>.bz2</filename>. If the | |
f8b07704 | 627 | local machine name is omitted it is automatically |
798d3a52 ZJS |
628 | derived from the last component of the URL, with its suffix |
629 | removed.</para> | |
630 | ||
631 | <para>Image verification is identical for raw and tar images | |
632 | (see above).</para> | |
633 | ||
634 | <para>If the the downloaded image is in | |
6b94875f | 635 | <filename>.qcow2</filename> format it is converted into a raw |
798d3a52 ZJS |
636 | image file before it is made available.</para> |
637 | ||
638 | <para>Downloaded images of this type will be placed as | |
639 | read-only <filename>.raw</filename> file in | |
640 | <filename>/var/lib/machines/</filename>. A local, writable | |
641 | (reflinked) copy is then made under the specified local | |
642 | machine name. To omit creation of the local, writable copy | |
643 | pass <literal>-</literal> as local machine name.</para> | |
644 | ||
645 | <para>Similar to the behaviour of <command>pull-tar</command>, | |
646 | the read-only image is prefixed with | |
6b94875f | 647 | <filename>.raw-</filename>, and thus not shown by |
798d3a52 ZJS |
648 | <command>list-images</command>, unless <option>--all</option> |
649 | is passed.</para> | |
650 | ||
651 | <para>Note that pressing C-c during execution of this command | |
652 | will not abort the download. Use | |
653 | <command>cancel-transfer</command>, described | |
654 | below.</para></listitem> | |
655 | </varlistentry> | |
656 | ||
657 | <varlistentry> | |
658 | <term><command>pull-dkr</command> <replaceable>REMOTE</replaceable> [<replaceable>NAME</replaceable>]</term> | |
659 | ||
660 | <listitem><para>Downloads a <literal>dkr</literal> container | |
661 | image and makes it available locally. The remote name refers | |
662 | to a <literal>dkr</literal> container name. If omitted, the | |
663 | local machine name is derived from the <literal>dkr</literal> | |
664 | container name.</para> | |
665 | ||
666 | <para>Image verification is not available for | |
667 | <literal>dkr</literal> containers, and thus | |
668 | <option>--verify=no</option> must always be specified with | |
669 | this command.</para> | |
670 | ||
671 | <para>This command downloads all (missing) layers for the | |
672 | specified container and places them in read-only subvolumes in | |
673 | <filename>/var/lib/machines/</filename>. A writable snapshot | |
674 | of the newest layer is then created under the specified local | |
675 | machine name. To omit creation of this writable snapshot, pass | |
676 | <literal>-</literal> as local machine name.</para> | |
677 | ||
678 | <para>The read-only layer subvolumes are prefixed with | |
6b94875f | 679 | <filename>.dkr-</filename>, and thus not shown by |
798d3a52 ZJS |
680 | <command>list-images</command>, unless <option>--all</option> |
681 | is passed.</para> | |
682 | ||
683 | <para>To specify the <literal>dkr</literal> index server to | |
684 | use for looking up the specified container, use | |
685 | <option>--dkr-index-url=</option>.</para> | |
686 | ||
687 | <para>Note that pressing C-c during execution of this command | |
688 | will not abort the download. Use | |
689 | <command>cancel-transfer</command>, described | |
690 | below.</para></listitem> | |
691 | </varlistentry> | |
692 | ||
af40e5d3 LP |
693 | <varlistentry> |
694 | <term><command>import-tar</command> <replaceable>FILE</replaceable> [<replaceable>NAME</replaceable>]</term> | |
695 | <term><command>import-raw</command> <replaceable>FILE</replaceable> [<replaceable>NAME</replaceable>]</term> | |
696 | <listitem><para>Imports a TAR or RAW container or VM image, | |
697 | and places it under the specified name in | |
698 | <filename>/var/lib/machines/</filename>. When | |
699 | <command>import-tar</command> is used the file specified as | |
700 | first argument should be a tar archive, possibly compressed | |
701 | with xz, gzip or bzip2. It will then be unpacked into its own | |
702 | subvolume in <filename>/var/lib/machines</filename>. When | |
703 | <command>import-raw</command> is used the file should be a | |
704 | qcow2 or raw disk image, possibly compressed with xz, gzip or | |
705 | bzip2. If the second argument (the resulting image name) is | |
706 | not specified it is automatically derived from the file | |
707 | name. If the file name is passed as <literal>-</literal> the | |
708 | image is read from standard input, in which case the second | |
709 | argument is mandatory.</para> | |
710 | ||
711 | <para>Similar as with <command>pull-tar</command>, | |
712 | <command>pull-raw</command> the file system | |
713 | <filename>/var/lib/machines.raw</filename> is increased in | |
714 | size of necessary and appropriate. Optionally the | |
715 | <option>--read-only</option> switch may be used to create a | |
716 | read-only container or VM image. No cryptographic validation | |
717 | is done when importing the images.</para> | |
718 | ||
719 | <para>Much like image downloads, ongoing imports may be listed | |
720 | with <command>list-transfers</command> and aborted with | |
721 | <command>cancel-transfer</command>.</para></listitem> | |
722 | </varlistentry> | |
723 | ||
6e9efa59 LP |
724 | <varlistentry> |
725 | <term><command>export-tar</command> <replaceable>NAME</replaceable> [<replaceable>FILE</replaceable>]</term> | |
726 | <term><command>export-raw</command> <replaceable>NAME</replaceable> [<replaceable>FILE</replaceable>]</term> | |
727 | <listitem><para>Exports a TAR or RAW container or VM image and | |
728 | stores it in the specified file. The first parameter should be | |
729 | a VM or container image name. The second parameter should be a | |
730 | file path the TAR or RAW image is written to. If the path ends | |
731 | in <literal>.gz</literal> the file is compressed with gzip, if | |
732 | it ends in <literal>.xz</literal> with xz, and if it ends in | |
733 | <literal>.bz2</literal> with bzip2. If the path ends in | |
734 | neither the file is left uncompressed. If the second argument | |
735 | is missing the image is written to standard output. The | |
736 | compression may also be explicitly selected with the | |
737 | <option>--format=</option> switch. This is in particular | |
738 | useful if the second parameter is left unspecified.</para> | |
739 | ||
740 | <para>Much like image downloads and imports, ongoing exports | |
741 | may be listed with <command>list-transfers</command> and | |
742 | aborted with | |
743 | <command>cancel-transfer</command>.</para> | |
744 | ||
745 | <para>Note that currently only directory and subvolume images | |
746 | may be exported as TAR images, and only raw disk images as RAW | |
747 | images.</para></listitem> | |
748 | </varlistentry> | |
749 | ||
798d3a52 ZJS |
750 | <varlistentry> |
751 | <term><command>list-transfers</command></term> | |
752 | ||
753 | <listitem><para>Shows a list of container or VM image | |
6e9efa59 | 754 | downloads, imports and exports that are currently in |
af40e5d3 | 755 | progress.</para></listitem> |
798d3a52 ZJS |
756 | </varlistentry> |
757 | ||
758 | <varlistentry> | |
759 | <term><command>cancel-transfers</command> <replaceable>ID</replaceable>...</term> | |
760 | ||
6e9efa59 LP |
761 | <listitem><para>Aborts a download, import or export of the |
762 | container or VM image with the specified ID. To list ongoing | |
763 | transfers and their IDs, use | |
af40e5d3 | 764 | <command>list-transfers</command>. </para></listitem> |
798d3a52 ZJS |
765 | </varlistentry> |
766 | ||
767 | </variablelist></refsect2> | |
768 | ||
769 | </refsect1> | |
770 | ||
771 | <refsect1> | |
772 | <title>Files and Directories</title> | |
773 | ||
774 | <para>Machine images are preferably stored in | |
775 | <filename>/var/lib/machines/</filename>, but are also searched for | |
776 | in <filename>/usr/local/lib/machines/</filename> and | |
777 | <filename>/usr/lib/machines/</filename>. For compatibility reasons | |
778 | the directory <filename>/var/lib/container/</filename> is | |
779 | searched, too. Note that images stored below | |
780 | <filename>/usr</filename> are always considered read-only. It is | |
781 | possible to symlink machines images from other directories into | |
782 | <filename>/var/lib/machines/</filename> to make them available for | |
783 | control with <command>machinectl</command>.</para> | |
784 | ||
7de30452 LP |
785 | <para>Note that many image operations are only supported, |
786 | efficient or atomic on btrfs file systems. Due to this, if the | |
787 | <command>pull-tar</command>, <command>pull-raw</command>, | |
af40e5d3 LP |
788 | <command>pull-dkr</command>, <command>import-tar</command>, |
789 | <command>import-raw</command> and <command>set-limit</command> | |
7de30452 LP |
790 | commands notice that <filename>/var/lib/machines</filename> is |
791 | empty and not located on btrfs, they will implicitly set up a | |
792 | loopback file <filename>/var/lib/machines.raw</filename> | |
793 | containing a btrfs file system that is mounted to | |
794 | <filename>/var/lib/machines</filename>. The size of this loopback | |
af40e5d3 LP |
795 | file may be controlled dynamically with |
796 | <command>set-limit</command>.</para> | |
7de30452 | 797 | |
798d3a52 ZJS |
798 | <para>Disk images are understood by |
799 | <citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry> | |
800 | and <command>machinectl</command> in three formats:</para> | |
801 | ||
802 | <itemizedlist> | |
803 | <listitem><para>A simple directory tree, containing the files | |
804 | and directories of the container to boot.</para></listitem> | |
805 | ||
806 | <listitem><para>A subvolume (on btrfs file systems), which are | |
807 | similar to the simple directories, described above. However, | |
808 | they have additional benefits, such as efficient cloning and | |
809 | quota reporting.</para></listitem> | |
810 | ||
811 | <listitem><para>"Raw" disk images, i.e. binary images of disks | |
812 | with a GPT or MBR partition table. Images of this type are | |
813 | regular files with the suffix | |
814 | <literal>.raw</literal>.</para></listitem> | |
815 | </itemizedlist> | |
816 | ||
817 | <para>See | |
818 | <citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry> | |
819 | for more information on image formats, in particular it's | |
820 | <option>--directory=</option> and <option>--image=</option> | |
821 | options.</para> | |
822 | </refsect1> | |
823 | ||
824 | <refsect1> | |
825 | <title>Examples</title> | |
826 | <example> | |
827 | <title>Download an Ubuntu image and open a shell in it</title> | |
828 | ||
829 | <programlisting># machinectl pull-tar https://cloud-images.ubuntu.com/trusty/current/trusty-server-cloudimg-amd64-root.tar.gz | |
e0ea94c1 LP |
830 | # systemd-nspawn -M trusty-server-cloudimg-amd64-root</programlisting> |
831 | ||
798d3a52 ZJS |
832 | <para>This downloads and verifies the specified |
833 | <filename>.tar</filename> image, and then uses | |
834 | <citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry> | |
835 | to open a shell in it.</para> | |
836 | </example> | |
837 | ||
838 | <example> | |
839 | <title>Download a Fedora image, set a root password in it, start | |
840 | it as service</title> | |
841 | ||
ac92ced5 BF |
842 | <programlisting># machinectl pull-raw --verify=no http://ftp.halifax.rwth-aachen.de/fedora/linux/releases/21/Cloud/Images/x86_64/Fedora-Cloud-Base-20141203-21.x86_64.raw.xz |
843 | # systemd-nspawn -M Fedora-Cloud-Base-20141203-21 | |
844 | # passwd | |
845 | # exit | |
846 | # machinectl start Fedora-Cloud-Base-20141203-21 | |
847 | # machinectl login Fedora-Cloud-Base-20141203-21</programlisting> | |
798d3a52 ZJS |
848 | |
849 | <para>This downloads the specified <filename>.raw</filename> | |
850 | image with verification disabled. Then a shell is opened in it | |
851 | and a root password is set. Afterwards the shell is left, and | |
852 | the machine started as system service. With the last command a | |
853 | login prompt into the container is requested.</para> | |
854 | </example> | |
855 | ||
856 | <example> | |
857 | <title>Download a Fedora <literal>dkr</literal> image</title> | |
858 | ||
859 | <programlisting># machinectl pull-dkr --verify=no mattdm/fedora | |
e0ea94c1 LP |
860 | # systemd-nspawn -M fedora</programlisting> |
861 | ||
798d3a52 ZJS |
862 | <para>Downloads a <literal>dkr</literal> image and opens a shell |
863 | in it. Note that the specified download command might require an | |
864 | index server to be specified with the | |
865 | <literal>--dkr-index-url=</literal>.</para> | |
866 | </example> | |
6e9efa59 LP |
867 | |
868 | <example> | |
869 | <title>Exports a container image as tar file</title> | |
870 | ||
871 | <programlisting># machinectl export-tar fedora myfedora.tar.xz</programlisting> | |
872 | ||
873 | <para>Exports the container <literal>fedora</literal> in an | |
874 | xz-compress tar file <filename>myfedora.tar.xz</filename> in the | |
875 | current directory.</para> | |
876 | </example> | |
877 | ||
798d3a52 ZJS |
878 | </refsect1> |
879 | ||
880 | <refsect1> | |
881 | <title>Exit status</title> | |
882 | ||
883 | <para>On success, 0 is returned, a non-zero failure code | |
884 | otherwise.</para> | |
885 | </refsect1> | |
886 | ||
887 | <xi:include href="less-variables.xml" /> | |
888 | ||
889 | <refsect1> | |
890 | <title>See Also</title> | |
891 | <para> | |
892 | <citerefentry><refentrytitle>systemd-machined.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>, | |
893 | <citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry>, | |
6e9efa59 | 894 | <citerefentry><refentrytitle>systemd.special</refentrytitle><manvolnum>7</manvolnum></citerefentry>, |
16eb4024 ZJS |
895 | <citerefentry project='die-net'><refentrytitle>tar</refentrytitle><manvolnum>1</manvolnum></citerefentry>, |
896 | <citerefentry project='die-net'><refentrytitle>xz</refentrytitle><manvolnum>1</manvolnum></citerefentry>, | |
897 | <citerefentry project='die-net'><refentrytitle>gzip</refentrytitle><manvolnum>1</manvolnum></citerefentry>, | |
898 | <citerefentry project='die-net'><refentrytitle>bzip2</refentrytitle><manvolnum>1</manvolnum></citerefentry> | |
798d3a52 ZJS |
899 | </para> |
900 | </refsect1> | |
19887cd0 ZJS |
901 | |
902 | </refentry> |