]>
Commit | Line | Data |
---|---|---|
19887cd0 ZJS |
1 | <?xml version='1.0'?> <!--*-nxml-*--> |
2 | <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" | |
798d3a52 | 3 | "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"> |
19887cd0 ZJS |
4 | |
5 | <!-- | |
6 | This file is part of systemd. | |
7 | ||
8 | Copyright 2013 Zbigniew Jędrzejewski-Szmek | |
9 | ||
10 | systemd is free software; you can redistribute it and/or modify it | |
11 | under the terms of the GNU Lesser General Public License as published by | |
12 | the Free Software Foundation; either version 2.1 of the License, or | |
13 | (at your option) any later version. | |
14 | ||
15 | systemd is distributed in the hope that it will be useful, but | |
16 | WITHOUT ANY WARRANTY; without even the implied warranty of | |
17 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
18 | Lesser General Public License for more details. | |
19 | ||
20 | You should have received a copy of the GNU Lesser General Public License | |
21 | along with systemd; If not, see <http://www.gnu.org/licenses/>. | |
22 | --> | |
23 | ||
21ac6ff1 | 24 | <refentry id="machinectl" conditional='ENABLE_MACHINED' |
798d3a52 ZJS |
25 | xmlns:xi="http://www.w3.org/2001/XInclude"> |
26 | ||
27 | <refentryinfo> | |
28 | <title>machinectl</title> | |
29 | <productname>systemd</productname> | |
30 | ||
31 | <authorgroup> | |
32 | <author> | |
33 | <contrib>Developer</contrib> | |
34 | <firstname>Lennart</firstname> | |
35 | <surname>Poettering</surname> | |
36 | <email>lennart@poettering.net</email> | |
37 | </author> | |
38 | </authorgroup> | |
39 | </refentryinfo> | |
40 | ||
41 | <refmeta> | |
42 | <refentrytitle>machinectl</refentrytitle> | |
43 | <manvolnum>1</manvolnum> | |
44 | </refmeta> | |
45 | ||
46 | <refnamediv> | |
47 | <refname>machinectl</refname> | |
48 | <refpurpose>Control the systemd machine manager</refpurpose> | |
49 | </refnamediv> | |
50 | ||
51 | <refsynopsisdiv> | |
52 | <cmdsynopsis> | |
53 | <command>machinectl</command> | |
54 | <arg choice="opt" rep="repeat">OPTIONS</arg> | |
55 | <arg choice="req">COMMAND</arg> | |
56 | <arg choice="opt" rep="repeat">NAME</arg> | |
57 | </cmdsynopsis> | |
58 | </refsynopsisdiv> | |
59 | ||
60 | <refsect1> | |
61 | <title>Description</title> | |
62 | ||
63 | <para><command>machinectl</command> may be used to introspect and | |
64 | control the state of the | |
65 | <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry> | |
66 | virtual machine and container registration manager | |
67 | <citerefentry><refentrytitle>systemd-machined.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para> | |
68 | </refsect1> | |
69 | ||
70 | <refsect1> | |
71 | <title>Options</title> | |
72 | ||
73 | <para>The following options are understood:</para> | |
74 | ||
75 | <variablelist> | |
76 | <varlistentry> | |
77 | <term><option>-p</option></term> | |
78 | <term><option>--property=</option></term> | |
79 | ||
80 | <listitem><para>When showing machine or image properties, | |
81 | limit the output to certain properties as specified by the | |
82 | argument. If not specified, all set properties are shown. The | |
83 | argument should be a property name, such as | |
84 | <literal>Name</literal>. If specified more than once, all | |
85 | properties with the specified names are | |
86 | shown.</para></listitem> | |
87 | </varlistentry> | |
88 | ||
89 | <varlistentry> | |
90 | <term><option>-a</option></term> | |
91 | <term><option>--all</option></term> | |
92 | ||
93 | <listitem><para>When showing machine or image properties, show | |
94 | all properties regardless of whether they are set or | |
95 | not.</para> | |
96 | ||
97 | <para>When listing VM or container images, do not suppress | |
98 | images beginning in a dot character | |
99 | (<literal>.</literal>).</para></listitem> | |
100 | </varlistentry> | |
101 | ||
102 | <varlistentry> | |
103 | <term><option>-l</option></term> | |
104 | <term><option>--full</option></term> | |
105 | ||
106 | <listitem><para>Do not ellipsize process tree entries.</para> | |
107 | </listitem> | |
108 | </varlistentry> | |
109 | ||
110 | <varlistentry> | |
111 | <term><option>--no-ask-password</option></term> | |
112 | ||
113 | <listitem><para>Do not query the user for authentication for | |
114 | privileged operations.</para></listitem> | |
115 | </varlistentry> | |
116 | ||
117 | <varlistentry> | |
118 | <term><option>--kill-who=</option></term> | |
119 | ||
120 | <listitem><para>When used with <command>kill</command>, choose | |
121 | which processes to kill. Must be one of | |
122 | <option>leader</option>, or <option>all</option> to select | |
123 | whether to kill only the leader process of the machine or all | |
124 | processes of the machine. If omitted, defaults to | |
125 | <option>all</option>.</para></listitem> | |
126 | </varlistentry> | |
127 | ||
128 | <varlistentry> | |
129 | <term><option>-s</option></term> | |
130 | <term><option>--signal=</option></term> | |
131 | ||
132 | <listitem><para>When used with <command>kill</command>, choose | |
133 | which signal to send to selected processes. Must be one of the | |
134 | well-known signal specifiers, such as | |
135 | <constant>SIGTERM</constant>, <constant>SIGINT</constant> or | |
136 | <constant>SIGSTOP</constant>. If omitted, defaults to | |
137 | <constant>SIGTERM</constant>.</para></listitem> | |
138 | </varlistentry> | |
139 | ||
140 | <varlistentry> | |
141 | <term><option>--mkdir</option></term> | |
142 | ||
143 | <listitem><para>When used with <command>bind</command> creates | |
144 | the destination directory before applying the bind | |
145 | mount.</para></listitem> | |
146 | </varlistentry> | |
147 | ||
148 | ||
149 | <varlistentry> | |
150 | <term><option>--read-only</option></term> | |
151 | ||
152 | <listitem><para>When used with <command>bind</command> applies | |
153 | a read-only bind mount.</para></listitem> | |
154 | </varlistentry> | |
155 | ||
156 | ||
157 | <varlistentry> | |
158 | <term><option>-n</option></term> | |
159 | <term><option>--lines=</option></term> | |
160 | ||
161 | <listitem><para>When used with <command>status</command>, | |
162 | controls the number of journal lines to show, counting from | |
163 | the most recent ones. Takes a positive integer argument. | |
164 | Defaults to 10.</para> | |
165 | </listitem> | |
166 | </varlistentry> | |
167 | ||
168 | <varlistentry> | |
169 | <term><option>-o</option></term> | |
170 | <term><option>--output=</option></term> | |
171 | ||
172 | <listitem><para>When used with <command>status</command>, | |
173 | controls the formatting of the journal entries that are shown. | |
174 | For the available choices, see | |
175 | <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>. | |
176 | Defaults to <literal>short</literal>.</para></listitem> | |
177 | </varlistentry> | |
178 | ||
179 | <varlistentry> | |
180 | <term><option>--verify=</option></term> | |
181 | ||
182 | <listitem><para>When downloading a container or VM image, | |
183 | specify whether the image shall be verified before it is made | |
184 | available. Takes one of <literal>no</literal>, | |
185 | <literal>checksum</literal> and <literal>signature</literal>. | |
186 | If <literal>no</literal> no verification is done. If | |
187 | <literal>checksum</literal> is specified the download is | |
188 | checked for integrity after transfer is complete, but no | |
189 | signatures are verified. If <literal>signature</literal> is | |
190 | specified, the checksum is verified and the images's signature | |
191 | is checked against a local keyring of trustable vendors. It is | |
192 | strongly recommended to set this option to | |
193 | <literal>signature</literal> if the server and protocol | |
194 | support this. Defaults to | |
195 | <literal>signature</literal>.</para></listitem> | |
196 | </varlistentry> | |
197 | ||
198 | <varlistentry> | |
199 | <term><option>--force</option></term> | |
200 | ||
201 | <listitem><para>When downloading a container or VM image, and | |
202 | a local copy by the specified local machine name already | |
203 | exists, delete it first and replace it by the newly downloaded | |
204 | image.</para></listitem> | |
205 | </varlistentry> | |
206 | ||
207 | <varlistentry> | |
208 | <term><option>--dkr-index-url</option></term> | |
209 | ||
210 | <listitem><para>Specifies the index server to use for | |
211 | downloading <literal>dkr</literal> images with the | |
212 | <command>pull-dkr</command>. Takes a | |
213 | <literal>http://</literal>, <literal>https://</literal> | |
214 | URL.</para></listitem> | |
215 | </varlistentry> | |
216 | ||
6e9efa59 LP |
217 | <varlistentry> |
218 | <term><option>--format=</option></term> | |
219 | ||
220 | <listitem><para>When used with the <option>export-tar</option> | |
221 | or <option>export-raw</option> commands specifies the | |
222 | compression format to use for the resulting file. Takes one of | |
223 | <literal>uncompressed</literal>, <literal>xz</literal>, | |
224 | <literal>gzip</literal>, <literal>bzip2</literal>. By default | |
225 | the format is determined automatically from the image file | |
226 | name passed.</para></listitem> | |
227 | </varlistentry> | |
228 | ||
798d3a52 ZJS |
229 | <xi:include href="user-system-options.xml" xpointer="host" /> |
230 | <xi:include href="user-system-options.xml" xpointer="machine" /> | |
231 | ||
232 | <xi:include href="standard-options.xml" xpointer="no-pager" /> | |
233 | <xi:include href="standard-options.xml" xpointer="no-legend" /> | |
234 | <xi:include href="standard-options.xml" xpointer="help" /> | |
235 | <xi:include href="standard-options.xml" xpointer="version" /> | |
236 | </variablelist> | |
237 | </refsect1> | |
238 | ||
239 | <refsect1> | |
240 | <title>Commands</title> | |
241 | ||
242 | <para>The following commands are understood:</para> | |
243 | ||
244 | <refsect2><title>Machine Commands</title><variablelist> | |
245 | ||
246 | <varlistentry> | |
247 | <term><command>list</command></term> | |
248 | ||
249 | <listitem><para>List currently running (online) virtual | |
250 | machines and containers. To enumerate container images that | |
251 | can be started, use <command>list-images</command> (see | |
252 | below).</para></listitem> | |
253 | </varlistentry> | |
254 | ||
255 | <varlistentry> | |
256 | <term><command>status</command> <replaceable>NAME</replaceable>...</term> | |
257 | ||
258 | <listitem><para>Show terse runtime status information about | |
259 | one or more virtual machines and containers, followed by the | |
260 | most recent log data from the journal. This function is | |
261 | intended to generate human-readable output. If you are looking | |
262 | for computer-parsable output, use <command>show</command> | |
263 | instead. Note that the log data shown is reported by the | |
264 | virtual machine or container manager, and frequently contains | |
265 | console output of the machine, but not necessarily journal | |
266 | contents of the machine itself.</para></listitem> | |
267 | </varlistentry> | |
268 | ||
269 | <varlistentry> | |
270 | <term><command>show</command> <replaceable>NAME</replaceable>...</term> | |
271 | ||
272 | <listitem><para>Show properties of one or more registered | |
273 | virtual machines or containers or the manager itself. If no | |
274 | argument is specified, properties of the manager will be | |
275 | shown. If an NAME is specified, properties of this virtual | |
276 | machine or container are shown. By default, empty properties | |
277 | are suppressed. Use <option>--all</option> to show those too. | |
278 | To select specific properties to show, use | |
279 | <option>--property=</option>. This command is intended to be | |
280 | used whenever computer-parsable output is required. Use | |
281 | <command>status</command> if you are looking for formatted | |
282 | human-readable output.</para></listitem> | |
283 | </varlistentry> | |
284 | ||
285 | <varlistentry> | |
286 | <term><command>start</command> <replaceable>NAME</replaceable>...</term> | |
287 | ||
288 | <listitem><para>Start a container as a system service, using | |
289 | <citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry>. | |
290 | This starts <filename>systemd-nspawn@.service</filename>, | |
291 | instantiated for the specified machine name, similar to the | |
292 | effect of <command>systemctl start</command> on the service | |
293 | name. <command>systemd-nspawn</command> looks for a container | |
294 | image by the specified name in | |
295 | <filename>/var/lib/machines/</filename> (and other search | |
296 | paths, see below) and runs it. Use | |
297 | <command>list-images</command> (see below), for listing | |
298 | available container images to start.</para> | |
299 | ||
300 | <para>Note that | |
301 | <citerefentry><refentrytitle>systemd-machined.service</refentrytitle><manvolnum>8</manvolnum></citerefentry> | |
302 | also interfaces with a variety of other container and VM | |
303 | managers, <command>systemd-nspawn</command> is just one | |
304 | implementation of it. Most of the commands available in | |
305 | <command>machinectl</command> may be used on containers or VMs | |
306 | controlled by other managers, not just | |
307 | <command>systemd-nspawn</command>. Starting VMs and container | |
308 | images on those managers requires manager-specific | |
309 | tools.</para> | |
310 | ||
311 | <para>To interactively start a container on the command line | |
312 | with full access to the container's console, please invoke | |
313 | <command>systemd-nspawn</command> directly. To stop a running | |
314 | container use <command>machinectl poweroff</command>, see | |
315 | below.</para></listitem> | |
316 | </varlistentry> | |
317 | ||
318 | <varlistentry> | |
319 | <term><command>login</command> <replaceable>NAME</replaceable></term> | |
320 | ||
321 | <listitem><para>Open an interactive terminal login session to | |
322 | a container. This will create a TTY connection to a specific | |
323 | container and asks for the execution of a getty on it. Note | |
324 | that this is only supported for containers running | |
325 | <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry> | |
326 | as init system.</para> | |
327 | ||
328 | <para>This command will open a full login prompt on the | |
329 | container, which then asks for username and password. Use | |
330 | <citerefentry><refentrytitle>systemd-run</refentrytitle><manvolnum>1</manvolnum></citerefentry> | |
331 | with the <option>--machine=</option> switch to invoke a single | |
332 | command, either interactively or in the background within a | |
333 | local container.</para></listitem> | |
334 | </varlistentry> | |
335 | ||
336 | <varlistentry> | |
337 | <term><command>enable</command> <replaceable>NAME</replaceable>...</term> | |
338 | <term><command>disable</command> <replaceable>NAME</replaceable>...</term> | |
339 | ||
340 | <listitem><para>Enable or disable a container as a system | |
341 | service to start at system boot, using | |
342 | <citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry>. | |
343 | This enables or disables | |
344 | <filename>systemd-nspawn@.service</filename>, instantiated for | |
345 | the specified machine name, similar to the effect of | |
346 | <command>systemctl enable</command> or <command>systemctl | |
347 | disable</command> on the service name.</para></listitem> | |
348 | </varlistentry> | |
349 | ||
350 | <varlistentry> | |
351 | <term><command>poweroff</command> <replaceable>NAME</replaceable>...</term> | |
352 | ||
353 | <listitem><para>Power off one or more containers. This will | |
354 | trigger a reboot by sending SIGRTMIN+4 to the container's init | |
355 | process, which causes systemd-compatible init systems to shut | |
356 | down cleanly. This operation does not work on containers that | |
357 | do not run a | |
358 | <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>-compatible | |
359 | init system, such as sysvinit. Use | |
360 | <command>terminate</command> (see below) to immediately | |
361 | terminate a container or VM, without cleanly shutting it | |
362 | down.</para></listitem> | |
363 | </varlistentry> | |
364 | ||
365 | <varlistentry> | |
366 | <term><command>reboot</command> <replaceable>NAME</replaceable>...</term> | |
367 | ||
368 | <listitem><para>Reboot one or more containers. This will | |
369 | trigger a reboot by sending SIGINT to the container's init | |
370 | process, which is roughly equivalent to pressing Ctrl+Alt+Del | |
371 | on a non-containerized system, and is compatible with | |
372 | containers running any system manager.</para></listitem> | |
373 | </varlistentry> | |
374 | ||
375 | <varlistentry> | |
376 | <term><command>terminate</command> <replaceable>NAME</replaceable>...</term> | |
377 | ||
378 | <listitem><para>Immediately terminates a virtual machine or | |
379 | container, without cleanly shutting it down. This kills all | |
380 | processes of the virtual machine or container and deallocates | |
381 | all resources attached to that instance. Use | |
382 | <command>poweroff</command> to issue a clean shutdown | |
383 | request.</para></listitem> | |
384 | </varlistentry> | |
385 | ||
386 | <varlistentry> | |
387 | <term><command>kill</command> <replaceable>NAME</replaceable>...</term> | |
388 | ||
389 | <listitem><para>Send a signal to one or more processes of the | |
390 | virtual machine or container. This means processes as seen by | |
391 | the host, not the processes inside the virtual machine or | |
392 | container. Use <option>--kill-who=</option> to select which | |
393 | process to kill. Use <option>--signal=</option> to select the | |
394 | signal to send.</para></listitem> | |
395 | </varlistentry> | |
396 | ||
397 | <varlistentry> | |
398 | <term><command>bind</command> <replaceable>NAME</replaceable> <replaceable>PATH</replaceable> [<replaceable>PATH</replaceable>]</term> | |
399 | ||
400 | <listitem><para>Bind mounts a directory from the host into the | |
401 | specified container. The first directory argument is the | |
402 | source directory on the host, the second directory argument | |
403 | the source directory on the host. When the latter is omitted | |
404 | the destination path in the container is the same as the | |
405 | source path on the host. When combined with the | |
406 | <option>--read-only</option> switch a ready-only bind mount is | |
407 | created. When combined with the <option>--mkdir</option> | |
408 | switch the destination path is first created before the mount | |
409 | is applied. Note that this option is currently only supported | |
410 | for | |
411 | <citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry> | |
412 | containers.</para></listitem> | |
413 | </varlistentry> | |
414 | ||
415 | <varlistentry> | |
416 | <term><command>copy-to</command> <replaceable>NAME</replaceable> <replaceable>PATH</replaceable> [<replaceable>PATH</replaceable>]</term> | |
417 | ||
418 | <listitem><para>Copies files or directories from the host | |
419 | system into a running container. Takes a container name, | |
420 | followed by the source path on the host and the destination | |
421 | path in the container. If the destination path is omitted the | |
422 | same as the source path is used.</para></listitem> | |
423 | </varlistentry> | |
424 | ||
425 | ||
426 | <varlistentry> | |
427 | <term><command>copy-from</command> <replaceable>NAME</replaceable> <replaceable>PATH</replaceable> [<replaceable>PATH</replaceable>]</term> | |
428 | ||
429 | <listitem><para>Copies files or directories from a container | |
430 | into the host system. Takes a container name, followed by the | |
431 | source path in the container the destination path on the host. | |
432 | If the destination path is omitted the same as the source path | |
433 | is used.</para></listitem> | |
434 | </varlistentry> | |
435 | </variablelist></refsect2> | |
436 | ||
437 | <refsect2><title>Image Commands</title><variablelist> | |
438 | ||
439 | <varlistentry> | |
440 | <term><command>list-images</command></term> | |
441 | ||
442 | <listitem><para>Show a list of locally installed container and | |
443 | VM images. This enumerates all raw disk images and container | |
444 | directories and subvolumes in | |
445 | <filename>/var/lib/machines/</filename> (and other search | |
446 | paths, see below). Use <command>start</command> (see above) to | |
447 | run a container off one of the listed images. Note that by | |
448 | default containers whose name begins with a dot | |
449 | (<literal>.</literal>) are not shown. To show these too, | |
450 | specify <option>--all</option>. Note that a special image | |
451 | <literal>.host</literal> always implicitly exists and refers | |
452 | to the image the host itself is booted from.</para></listitem> | |
453 | </varlistentry> | |
454 | ||
455 | <varlistentry> | |
456 | <term><command>image-status</command> <replaceable>NAME</replaceable>...</term> | |
457 | ||
458 | <listitem><para>Show terse status information about one or | |
459 | more container or VM images. This function is intended to | |
460 | generate human-readable output. Use | |
461 | <command>show-image</command> (see below) to generate | |
462 | computer-parsable output instead.</para></listitem> | |
463 | </varlistentry> | |
464 | ||
465 | <varlistentry> | |
466 | <term><command>show-image</command> <replaceable>NAME</replaceable>...</term> | |
467 | ||
468 | <listitem><para>Show properties of one or more registered | |
469 | virtual machine or container images, or the manager itself. If | |
470 | no argument is specified, properties of the manager will be | |
471 | shown. If an NAME is specified, properties of this virtual | |
472 | machine or container image are shown. By default, empty | |
473 | properties are suppressed. Use <option>--all</option> to show | |
474 | those too. To select specific properties to show, use | |
475 | <option>--property=</option>. This command is intended to be | |
476 | used whenever computer-parsable output is required. Use | |
477 | <command>image-status</command> if you are looking for | |
478 | formatted human-readable output.</para></listitem> | |
479 | </varlistentry> | |
480 | ||
481 | <varlistentry> | |
482 | <term><command>clone</command> <replaceable>NAME</replaceable> <replaceable>NAME</replaceable></term> | |
483 | ||
d6ce17c7 | 484 | <listitem><para>Clones a container or VM image. The |
798d3a52 ZJS |
485 | arguments specify the name of the image to clone and the name |
486 | of the newly cloned image. Note that plain directory container | |
487 | images are cloned into subvolume images with this command. | |
488 | Note that cloning a container or VM image is optimized for | |
489 | btrfs file systems, and might not be efficient on others, due | |
490 | to file system limitations.</para></listitem> | |
491 | </varlistentry> | |
492 | ||
493 | <varlistentry> | |
494 | <term><command>rename</command> <replaceable>NAME</replaceable> <replaceable>NAME</replaceable></term> | |
495 | ||
d6ce17c7 | 496 | <listitem><para>Renames a container or VM image. The |
798d3a52 ZJS |
497 | arguments specify the name of the image to rename and the new |
498 | name of the image.</para></listitem> | |
499 | </varlistentry> | |
500 | ||
501 | <varlistentry> | |
502 | <term><command>read-only</command> <replaceable>NAME</replaceable> [<replaceable>BOOL</replaceable>]</term> | |
503 | ||
d6ce17c7 | 504 | <listitem><para>Marks or (unmarks) a container or VM image |
798d3a52 ZJS |
505 | read-only. Takes a VM or container image name, followed by a |
506 | boolean as arguments. If the boolean is omitted, positive is | |
507 | implied, i.e. the image is marked read-only.</para></listitem> | |
508 | </varlistentry> | |
509 | ||
798d3a52 ZJS |
510 | <varlistentry> |
511 | <term><command>remove</command> <replaceable>NAME</replaceable>...</term> | |
512 | ||
d6ce17c7 | 513 | <listitem><para>Removes one or more container or VM images. |
798d3a52 ZJS |
514 | The special image <literal>.host</literal>, which refers to |
515 | the host's own directory tree may not be | |
516 | removed.</para></listitem> | |
517 | </varlistentry> | |
518 | ||
d6ce17c7 LP |
519 | <varlistentry> |
520 | <term><command>set-limit</command> [<replaceable>NAME</replaceable>] <replaceable>BYTES</replaceable></term> | |
521 | ||
522 | <listitem><para>Sets the maximum size in bytes a specific | |
7de30452 LP |
523 | container or VM image, or all images may grow up to on disk |
524 | (disk quota). Takes either one or two parameters. The first, | |
d6ce17c7 | 525 | optional parameter refers to a container or VM image name. If |
7de30452 LP |
526 | specified the size limit of the specified image is changed. If |
527 | omitted the overall size limit of the sum of all images stored | |
528 | locally is changed. The final argument specifies the size | |
529 | limit in bytes, possibly suffixed by the usual K, M, G, T | |
530 | units. If the size limit shall be disabled, specify | |
531 | <literal>-</literal> as size.</para> | |
532 | ||
533 | <para>Note that per-container size limits are only supported | |
534 | on btrfs file systems. Also note that if | |
535 | <command>set-limit</command> is invoked without image | |
536 | parameter, and <filename>/var/lib/machines</filename> is | |
537 | empty, and the directory is not located on btrfs, a btrfs | |
538 | loopback file is implicitly created as | |
539 | <filename>/var/lib/machines.raw</filename> with the given | |
540 | size, and mounted to | |
541 | <filename>/var/lib/machines</filename>. The size of the | |
542 | loopback may later be readjusted with | |
543 | <command>set-limit</command>, as well. If such a | |
544 | loopback-mounted <filename>/var/lib/machines</filename> | |
545 | directory is used <command>set-limit</command> without image | |
546 | name alters both the quota setting within the file system as | |
547 | well as the loopback file and file system size | |
548 | itself.</para></listitem> | |
d6ce17c7 LP |
549 | </varlistentry> |
550 | ||
798d3a52 ZJS |
551 | </variablelist></refsect2> |
552 | ||
553 | <refsect2><title>Image Transfer Commands</title><variablelist> | |
554 | ||
555 | <varlistentry> | |
556 | <term><command>pull-tar</command> <replaceable>URL</replaceable> [<replaceable>NAME</replaceable>]</term> | |
557 | ||
558 | <listitem><para>Downloads a <filename>.tar</filename> | |
559 | container image from the specified URL, and makes it available | |
560 | under the specified local machine name. The URL must be of | |
561 | type <literal>http://</literal> or | |
562 | <literal>https://</literal>, and must refer to a | |
563 | <filename>.tar</filename>, <filename>.tar.gz</filename>, | |
564 | <filename>.tar.xz</filename> or <filename>.tar.bz2</filename> | |
565 | archive file. If the local machine name is omitted the name it | |
566 | is automatically derived from the last component of the URL, | |
567 | with its suffix removed.</para> | |
568 | ||
569 | <para>The image is verified before it is made available, | |
570 | unless <option>--verify=no</option> is specified. Verification | |
571 | is done via SHA256SUMS and SHA256SUMS.gpg files, that need to | |
572 | be made available on the same web server, under the same URL | |
573 | as the <filename>.tar</filename> file, but with the last | |
574 | component (the filename) of the URL replaced. With | |
575 | <option>--verify=checksum</option> only the SHA256 checksum | |
576 | for the file is verified, based on the | |
577 | <filename>SHA256SUMS</filename> file. With | |
578 | <option>--verify=signature</option> the SHA256SUMS file is | |
579 | first verified with detached GPG signature file | |
580 | <filename>SHA256SUMS.gpg</filename>. The public key for this | |
581 | verification step needs to be available in | |
582 | <filename>/usr/lib/systemd/import-pubring.gpg</filename> or | |
583 | <filename>/etc/systemd/import-pubring.gpg</filename>.</para> | |
584 | ||
585 | <para>The container image will be downloaded and stored in a | |
586 | read-only subvolume in | |
587 | <filename>/var/lib/machines/</filename>, that is named after | |
588 | the specified URL and its HTTP etag. A writable snapshot is | |
589 | then taken from this subvolume, and named after the specified | |
590 | local name. This behaviour ensures that creating multiple | |
591 | container instances of the same URL is efficient, as multiple | |
592 | downloads are not necessary. In order to create only the | |
593 | read-only image, and avoid creating its writable snapshot, | |
594 | specify <literal>-</literal> as local machine name.</para> | |
595 | ||
596 | <para>Note that the read-only subvolume is prefixed with | |
597 | <filename>.tar-</filename>, and is thus now shown by | |
598 | <command>list-images</command>, unless <option>--all</option> | |
599 | is passed.</para> | |
600 | ||
601 | <para>Note that pressing C-c during execution of this command | |
602 | will not abort the download. Use | |
603 | <command>cancel-transfer</command>, described | |
604 | below.</para></listitem> | |
605 | </varlistentry> | |
606 | ||
607 | <varlistentry> | |
608 | <term><command>pull-raw</command> <replaceable>URL</replaceable> [<replaceable>NAME</replaceable>]</term> | |
609 | ||
610 | <listitem><para>Downloads a <filename>.raw</filename> | |
611 | container or VM disk image from the specified URL, and makes | |
612 | it available under the specified local machine name. The URL | |
613 | must be of type <literal>http://</literal> or | |
614 | <literal>https://</literal>. The container image must either | |
615 | be a <filename>.qcow2</filename> or raw disk image, optionally | |
616 | compressed as <filename>.gz</filename>, | |
617 | <filename>.xz</filename>, or <filename>.bz2</filename>. If the | |
618 | local machine name is omitted the name it is automatically | |
619 | derived from the last component of the URL, with its suffix | |
620 | removed.</para> | |
621 | ||
622 | <para>Image verification is identical for raw and tar images | |
623 | (see above).</para> | |
624 | ||
625 | <para>If the the downloaded image is in | |
626 | <filename>.qcow2</filename> format it es converted into a raw | |
627 | image file before it is made available.</para> | |
628 | ||
629 | <para>Downloaded images of this type will be placed as | |
630 | read-only <filename>.raw</filename> file in | |
631 | <filename>/var/lib/machines/</filename>. A local, writable | |
632 | (reflinked) copy is then made under the specified local | |
633 | machine name. To omit creation of the local, writable copy | |
634 | pass <literal>-</literal> as local machine name.</para> | |
635 | ||
636 | <para>Similar to the behaviour of <command>pull-tar</command>, | |
637 | the read-only image is prefixed with | |
638 | <filename>.raw-</filename>, and thus now shown by | |
639 | <command>list-images</command>, unless <option>--all</option> | |
640 | is passed.</para> | |
641 | ||
642 | <para>Note that pressing C-c during execution of this command | |
643 | will not abort the download. Use | |
644 | <command>cancel-transfer</command>, described | |
645 | below.</para></listitem> | |
646 | </varlistentry> | |
647 | ||
648 | <varlistentry> | |
649 | <term><command>pull-dkr</command> <replaceable>REMOTE</replaceable> [<replaceable>NAME</replaceable>]</term> | |
650 | ||
651 | <listitem><para>Downloads a <literal>dkr</literal> container | |
652 | image and makes it available locally. The remote name refers | |
653 | to a <literal>dkr</literal> container name. If omitted, the | |
654 | local machine name is derived from the <literal>dkr</literal> | |
655 | container name.</para> | |
656 | ||
657 | <para>Image verification is not available for | |
658 | <literal>dkr</literal> containers, and thus | |
659 | <option>--verify=no</option> must always be specified with | |
660 | this command.</para> | |
661 | ||
662 | <para>This command downloads all (missing) layers for the | |
663 | specified container and places them in read-only subvolumes in | |
664 | <filename>/var/lib/machines/</filename>. A writable snapshot | |
665 | of the newest layer is then created under the specified local | |
666 | machine name. To omit creation of this writable snapshot, pass | |
667 | <literal>-</literal> as local machine name.</para> | |
668 | ||
669 | <para>The read-only layer subvolumes are prefixed with | |
670 | <filename>.dkr-</filename>, and thus now shown by | |
671 | <command>list-images</command>, unless <option>--all</option> | |
672 | is passed.</para> | |
673 | ||
674 | <para>To specify the <literal>dkr</literal> index server to | |
675 | use for looking up the specified container, use | |
676 | <option>--dkr-index-url=</option>.</para> | |
677 | ||
678 | <para>Note that pressing C-c during execution of this command | |
679 | will not abort the download. Use | |
680 | <command>cancel-transfer</command>, described | |
681 | below.</para></listitem> | |
682 | </varlistentry> | |
683 | ||
af40e5d3 LP |
684 | <varlistentry> |
685 | <term><command>import-tar</command> <replaceable>FILE</replaceable> [<replaceable>NAME</replaceable>]</term> | |
686 | <term><command>import-raw</command> <replaceable>FILE</replaceable> [<replaceable>NAME</replaceable>]</term> | |
687 | <listitem><para>Imports a TAR or RAW container or VM image, | |
688 | and places it under the specified name in | |
689 | <filename>/var/lib/machines/</filename>. When | |
690 | <command>import-tar</command> is used the file specified as | |
691 | first argument should be a tar archive, possibly compressed | |
692 | with xz, gzip or bzip2. It will then be unpacked into its own | |
693 | subvolume in <filename>/var/lib/machines</filename>. When | |
694 | <command>import-raw</command> is used the file should be a | |
695 | qcow2 or raw disk image, possibly compressed with xz, gzip or | |
696 | bzip2. If the second argument (the resulting image name) is | |
697 | not specified it is automatically derived from the file | |
698 | name. If the file name is passed as <literal>-</literal> the | |
699 | image is read from standard input, in which case the second | |
700 | argument is mandatory.</para> | |
701 | ||
702 | <para>Similar as with <command>pull-tar</command>, | |
703 | <command>pull-raw</command> the file system | |
704 | <filename>/var/lib/machines.raw</filename> is increased in | |
705 | size of necessary and appropriate. Optionally the | |
706 | <option>--read-only</option> switch may be used to create a | |
707 | read-only container or VM image. No cryptographic validation | |
708 | is done when importing the images.</para> | |
709 | ||
710 | <para>Much like image downloads, ongoing imports may be listed | |
711 | with <command>list-transfers</command> and aborted with | |
712 | <command>cancel-transfer</command>.</para></listitem> | |
713 | </varlistentry> | |
714 | ||
6e9efa59 LP |
715 | <varlistentry> |
716 | <term><command>export-tar</command> <replaceable>NAME</replaceable> [<replaceable>FILE</replaceable>]</term> | |
717 | <term><command>export-raw</command> <replaceable>NAME</replaceable> [<replaceable>FILE</replaceable>]</term> | |
718 | <listitem><para>Exports a TAR or RAW container or VM image and | |
719 | stores it in the specified file. The first parameter should be | |
720 | a VM or container image name. The second parameter should be a | |
721 | file path the TAR or RAW image is written to. If the path ends | |
722 | in <literal>.gz</literal> the file is compressed with gzip, if | |
723 | it ends in <literal>.xz</literal> with xz, and if it ends in | |
724 | <literal>.bz2</literal> with bzip2. If the path ends in | |
725 | neither the file is left uncompressed. If the second argument | |
726 | is missing the image is written to standard output. The | |
727 | compression may also be explicitly selected with the | |
728 | <option>--format=</option> switch. This is in particular | |
729 | useful if the second parameter is left unspecified.</para> | |
730 | ||
731 | <para>Much like image downloads and imports, ongoing exports | |
732 | may be listed with <command>list-transfers</command> and | |
733 | aborted with | |
734 | <command>cancel-transfer</command>.</para> | |
735 | ||
736 | <para>Note that currently only directory and subvolume images | |
737 | may be exported as TAR images, and only raw disk images as RAW | |
738 | images.</para></listitem> | |
739 | </varlistentry> | |
740 | ||
798d3a52 ZJS |
741 | <varlistentry> |
742 | <term><command>list-transfers</command></term> | |
743 | ||
744 | <listitem><para>Shows a list of container or VM image | |
6e9efa59 | 745 | downloads, imports and exports that are currently in |
af40e5d3 | 746 | progress.</para></listitem> |
798d3a52 ZJS |
747 | </varlistentry> |
748 | ||
749 | <varlistentry> | |
750 | <term><command>cancel-transfers</command> <replaceable>ID</replaceable>...</term> | |
751 | ||
6e9efa59 LP |
752 | <listitem><para>Aborts a download, import or export of the |
753 | container or VM image with the specified ID. To list ongoing | |
754 | transfers and their IDs, use | |
af40e5d3 | 755 | <command>list-transfers</command>. </para></listitem> |
798d3a52 ZJS |
756 | </varlistentry> |
757 | ||
758 | </variablelist></refsect2> | |
759 | ||
760 | </refsect1> | |
761 | ||
762 | <refsect1> | |
763 | <title>Files and Directories</title> | |
764 | ||
765 | <para>Machine images are preferably stored in | |
766 | <filename>/var/lib/machines/</filename>, but are also searched for | |
767 | in <filename>/usr/local/lib/machines/</filename> and | |
768 | <filename>/usr/lib/machines/</filename>. For compatibility reasons | |
769 | the directory <filename>/var/lib/container/</filename> is | |
770 | searched, too. Note that images stored below | |
771 | <filename>/usr</filename> are always considered read-only. It is | |
772 | possible to symlink machines images from other directories into | |
773 | <filename>/var/lib/machines/</filename> to make them available for | |
774 | control with <command>machinectl</command>.</para> | |
775 | ||
7de30452 LP |
776 | <para>Note that many image operations are only supported, |
777 | efficient or atomic on btrfs file systems. Due to this, if the | |
778 | <command>pull-tar</command>, <command>pull-raw</command>, | |
af40e5d3 LP |
779 | <command>pull-dkr</command>, <command>import-tar</command>, |
780 | <command>import-raw</command> and <command>set-limit</command> | |
7de30452 LP |
781 | commands notice that <filename>/var/lib/machines</filename> is |
782 | empty and not located on btrfs, they will implicitly set up a | |
783 | loopback file <filename>/var/lib/machines.raw</filename> | |
784 | containing a btrfs file system that is mounted to | |
785 | <filename>/var/lib/machines</filename>. The size of this loopback | |
af40e5d3 LP |
786 | file may be controlled dynamically with |
787 | <command>set-limit</command>.</para> | |
7de30452 | 788 | |
798d3a52 ZJS |
789 | <para>Disk images are understood by |
790 | <citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry> | |
791 | and <command>machinectl</command> in three formats:</para> | |
792 | ||
793 | <itemizedlist> | |
794 | <listitem><para>A simple directory tree, containing the files | |
795 | and directories of the container to boot.</para></listitem> | |
796 | ||
797 | <listitem><para>A subvolume (on btrfs file systems), which are | |
798 | similar to the simple directories, described above. However, | |
799 | they have additional benefits, such as efficient cloning and | |
800 | quota reporting.</para></listitem> | |
801 | ||
802 | <listitem><para>"Raw" disk images, i.e. binary images of disks | |
803 | with a GPT or MBR partition table. Images of this type are | |
804 | regular files with the suffix | |
805 | <literal>.raw</literal>.</para></listitem> | |
806 | </itemizedlist> | |
807 | ||
808 | <para>See | |
809 | <citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry> | |
810 | for more information on image formats, in particular it's | |
811 | <option>--directory=</option> and <option>--image=</option> | |
812 | options.</para> | |
813 | </refsect1> | |
814 | ||
815 | <refsect1> | |
816 | <title>Examples</title> | |
817 | <example> | |
818 | <title>Download an Ubuntu image and open a shell in it</title> | |
819 | ||
820 | <programlisting># machinectl pull-tar https://cloud-images.ubuntu.com/trusty/current/trusty-server-cloudimg-amd64-root.tar.gz | |
e0ea94c1 LP |
821 | # systemd-nspawn -M trusty-server-cloudimg-amd64-root</programlisting> |
822 | ||
798d3a52 ZJS |
823 | <para>This downloads and verifies the specified |
824 | <filename>.tar</filename> image, and then uses | |
825 | <citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry> | |
826 | to open a shell in it.</para> | |
827 | </example> | |
828 | ||
829 | <example> | |
830 | <title>Download a Fedora image, set a root password in it, start | |
831 | it as service</title> | |
832 | ||
ac92ced5 BF |
833 | <programlisting># machinectl pull-raw --verify=no http://ftp.halifax.rwth-aachen.de/fedora/linux/releases/21/Cloud/Images/x86_64/Fedora-Cloud-Base-20141203-21.x86_64.raw.xz |
834 | # systemd-nspawn -M Fedora-Cloud-Base-20141203-21 | |
835 | # passwd | |
836 | # exit | |
837 | # machinectl start Fedora-Cloud-Base-20141203-21 | |
838 | # machinectl login Fedora-Cloud-Base-20141203-21</programlisting> | |
798d3a52 ZJS |
839 | |
840 | <para>This downloads the specified <filename>.raw</filename> | |
841 | image with verification disabled. Then a shell is opened in it | |
842 | and a root password is set. Afterwards the shell is left, and | |
843 | the machine started as system service. With the last command a | |
844 | login prompt into the container is requested.</para> | |
845 | </example> | |
846 | ||
847 | <example> | |
848 | <title>Download a Fedora <literal>dkr</literal> image</title> | |
849 | ||
850 | <programlisting># machinectl pull-dkr --verify=no mattdm/fedora | |
e0ea94c1 LP |
851 | # systemd-nspawn -M fedora</programlisting> |
852 | ||
798d3a52 ZJS |
853 | <para>Downloads a <literal>dkr</literal> image and opens a shell |
854 | in it. Note that the specified download command might require an | |
855 | index server to be specified with the | |
856 | <literal>--dkr-index-url=</literal>.</para> | |
857 | </example> | |
6e9efa59 LP |
858 | |
859 | <example> | |
860 | <title>Exports a container image as tar file</title> | |
861 | ||
862 | <programlisting># machinectl export-tar fedora myfedora.tar.xz</programlisting> | |
863 | ||
864 | <para>Exports the container <literal>fedora</literal> in an | |
865 | xz-compress tar file <filename>myfedora.tar.xz</filename> in the | |
866 | current directory.</para> | |
867 | </example> | |
868 | ||
798d3a52 ZJS |
869 | </refsect1> |
870 | ||
871 | <refsect1> | |
872 | <title>Exit status</title> | |
873 | ||
874 | <para>On success, 0 is returned, a non-zero failure code | |
875 | otherwise.</para> | |
876 | </refsect1> | |
877 | ||
878 | <xi:include href="less-variables.xml" /> | |
879 | ||
880 | <refsect1> | |
881 | <title>See Also</title> | |
882 | <para> | |
883 | <citerefentry><refentrytitle>systemd-machined.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>, | |
884 | <citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry>, | |
6e9efa59 LP |
885 | <citerefentry><refentrytitle>systemd.special</refentrytitle><manvolnum>7</manvolnum></citerefentry>, |
886 | <citerefentry><refentrytitle>tar</refentrytitle><manvolnum>1</manvolnum></citerefentry>, | |
887 | <citerefentry><refentrytitle>xz</refentrytitle><manvolnum>1</manvolnum></citerefentry>, | |
888 | <citerefentry><refentrytitle>gzip</refentrytitle><manvolnum>1</manvolnum></citerefentry>, | |
889 | <citerefentry><refentrytitle>bzip2</refentrytitle><manvolnum>1</manvolnum></citerefentry> | |
798d3a52 ZJS |
890 | </para> |
891 | </refsect1> | |
19887cd0 ZJS |
892 | |
893 | </refentry> |