]>
Commit | Line | Data |
---|---|---|
dbda6dce | 1 | <?xml version='1.0'?> <!--*-nxml-*--> |
3a54a157 | 2 | <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" |
12b42c76 | 3 | "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"> |
db9ecf05 | 4 | <!-- SPDX-License-Identifier: LGPL-2.1-or-later --> |
dbda6dce | 5 | |
08540a95 | 6 | <refentry id="nss-mymachines" conditional='ENABLE_NSS_MYMACHINES'> |
dbda6dce | 7 | |
798d3a52 ZJS |
8 | <refentryinfo> |
9 | <title>nss-mymachines</title> | |
10 | <productname>systemd</productname> | |
798d3a52 ZJS |
11 | </refentryinfo> |
12 | ||
13 | <refmeta> | |
14 | <refentrytitle>nss-mymachines</refentrytitle> | |
15 | <manvolnum>8</manvolnum> | |
16 | </refmeta> | |
17 | ||
18 | <refnamediv> | |
19 | <refname>nss-mymachines</refname> | |
20 | <refname>libnss_mymachines.so.2</refname> | |
e9dd6984 | 21 | <refpurpose>Hostname resolution for local container instances</refpurpose> |
798d3a52 ZJS |
22 | </refnamediv> |
23 | ||
24 | <refsynopsisdiv> | |
25 | <para><filename>libnss_mymachines.so.2</filename></para> | |
26 | </refsynopsisdiv> | |
27 | ||
28 | <refsect1> | |
29 | <title>Description</title> | |
30 | ||
9053aaad LP |
31 | <para><command>nss-mymachines</command> is a plug-in module for the GNU Name Service Switch (NSS) functionality of |
32 | the GNU C Library (<command>glibc</command>), providing hostname resolution for the names of containers running | |
33 | locally that are registered with | |
f2cca38e | 34 | <citerefentry><refentrytitle>systemd-machined.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>. The |
9053aaad | 35 | container names are resolved to the IP addresses of the specific container, ordered by their scope. This |
f2cca38e ZJS |
36 | functionality only applies to containers using network namespacing (see the description of |
37 | <option>--private-network</option> in | |
38 | <citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry>). | |
39 | Note that the name that is resolved is the one registered with <command>systemd-machined</command>, which | |
40 | may be different than the hostname configured inside of the container.</para> | |
41 | ||
74c88a25 LP |
42 | <para>Note that this NSS module only makes available names of the containers running immediately below |
43 | the current system context. It does not provide host name resolution for containers running side-by-side | |
44 | with the invoking system context, or containers further up or down the container hierarchy. Or in other | |
45 | words, on the host system it provides host name resolution for the containers running immediately below | |
46 | the host environment. When used inside a container environment however, it will not be able to provide | |
47 | name resolution for containers running on the host (as those are siblings and not children of the current | |
48 | container environment), but instead only for nested containers running immediately below its own | |
49 | container environment.</para> | |
50 | ||
38ccb557 LP |
51 | <para>To activate the NSS module, add <literal>mymachines</literal> to the line starting with |
52 | <literal>hosts:</literal> in <filename>/etc/nsswitch.conf</filename>.</para> | |
798d3a52 | 53 | |
d296c20f LP |
54 | <para>It is recommended to place <literal>mymachines</literal> before the <literal>resolve</literal> or |
55 | <literal>dns</literal> entry of the <literal>hosts:</literal> line of | |
56 | <filename>/etc/nsswitch.conf</filename> in order to make sure that its mappings are preferred over other | |
57 | resolvers such as DNS.</para> | |
798d3a52 ZJS |
58 | </refsect1> |
59 | ||
60 | <refsect1> | |
f2cca38e | 61 | <title>Configuration in <filename>/etc/nsswitch.conf</filename></title> |
798d3a52 | 62 | |
9053aaad LP |
63 | <para>Here is an example <filename>/etc/nsswitch.conf</filename> file that enables |
64 | <command>nss-mymachines</command> correctly:</para> | |
798d3a52 | 65 | |
94f760ec | 66 | <!-- synchronize with other nss-* man pages and factory/etc/nsswitch.conf --> |
02e93087 LP |
67 | <programlisting>passwd: files systemd |
68 | group: files [SUCCESS=merge] systemd | |
69 | shadow: files systemd | |
f43a19ec | 70 | gshadow: files systemd |
798d3a52 | 71 | |
d296c20f | 72 | hosts: <command>mymachines</command> resolve [!UNAVAIL=return] files myhostname dns |
dbda6dce LP |
73 | networks: files |
74 | ||
75 | protocols: db files | |
76 | services: db files | |
c01ff965 LP |
77 | ethers: db files |
78 | rpc: db files | |
dbda6dce LP |
79 | |
80 | netgroup: nis</programlisting> | |
81 | ||
798d3a52 ZJS |
82 | </refsect1> |
83 | ||
f2cca38e | 84 | <refsect1> |
38ccb557 | 85 | <title>Example: Mappings provided by <filename>nss-mymachines</filename></title> |
f2cca38e ZJS |
86 | |
87 | <para>The container <literal>rawhide</literal> is spawned using | |
88 | <citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry>: | |
89 | </para> | |
90 | ||
91 | <programlisting># systemd-nspawn -M rawhide --boot --network-veth --private-users=pick | |
92 | Spawning container rawhide on /var/lib/machines/rawhide. | |
93 | Selected user namespace base 20119552 and range 65536. | |
94 | ... | |
95 | ||
96 | $ machinectl --max-addresses=3 | |
97 | MACHINE CLASS SERVICE OS VERSION ADDRESSES | |
98 | rawhide container systemd-nspawn fedora 30 169.254.40.164 fe80::94aa:3aff:fe7b:d4b9 | |
99 | ||
f2cca38e ZJS |
100 | $ ping -c1 rawhide |
101 | PING rawhide(fe80::94aa:3aff:fe7b:d4b9%ve-rawhide (fe80::94aa:3aff:fe7b:d4b9%ve-rawhide)) 56 data bytes | |
102 | 64 bytes from fe80::94aa:3aff:fe7b:d4b9%ve-rawhide (fe80::94aa:3aff:fe7b:d4b9%ve-rawhide): icmp_seq=1 ttl=64 time=0.045 ms | |
103 | ... | |
104 | $ ping -c1 -4 rawhide | |
105 | PING rawhide (169.254.40.164) 56(84) bytes of data. | |
106 | 64 bytes from 169.254.40.164 (169.254.40.164): icmp_seq=1 ttl=64 time=0.064 ms | |
107 | ... | |
108 | ||
109 | # machinectl shell rawhide /sbin/ip a | |
110 | Connected to machine rawhide. Press ^] three times within 1s to exit session. | |
111 | 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 | |
112 | ... | |
113 | 2: host0@if21: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000 | |
114 | link/ether 96:aa:3a:7b:d4:b9 brd ff:ff:ff:ff:ff:ff link-netnsid 0 | |
115 | inet 169.254.40.164/16 brd 169.254.255.255 scope link host0 | |
116 | valid_lft forever preferred_lft forever | |
117 | inet6 fe80::94aa:3aff:fe7b:d4b9/64 scope link | |
118 | valid_lft forever preferred_lft forever | |
119 | Connection to machine rawhide terminated. | |
120 | </programlisting> | |
121 | </refsect1> | |
122 | ||
798d3a52 ZJS |
123 | <refsect1> |
124 | <title>See Also</title> | |
13a69c12 DT |
125 | <para><simplelist type="inline"> |
126 | <member><citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry></member> | |
127 | <member><citerefentry><refentrytitle>systemd-machined.service</refentrytitle><manvolnum>8</manvolnum></citerefentry></member> | |
128 | <member><citerefentry><refentrytitle>machinectl</refentrytitle><manvolnum>1</manvolnum></citerefentry></member> | |
129 | <member><citerefentry><refentrytitle>nss-systemd</refentrytitle><manvolnum>8</manvolnum></citerefentry></member> | |
130 | <member><citerefentry><refentrytitle>nss-resolve</refentrytitle><manvolnum>8</manvolnum></citerefentry></member> | |
131 | <member><citerefentry><refentrytitle>nss-myhostname</refentrytitle><manvolnum>8</manvolnum></citerefentry></member> | |
132 | <member><citerefentry project='man-pages'><refentrytitle>nsswitch.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry></member> | |
133 | <member><citerefentry project='man-pages'><refentrytitle>getent</refentrytitle><manvolnum>1</manvolnum></citerefentry></member> | |
134 | </simplelist></para> | |
798d3a52 | 135 | </refsect1> |
dbda6dce LP |
136 | |
137 | </refentry> |