- tool may be used by installer tools to initialize the machine ID
- at install time. Use
- <citerefentry><refentrytitle>systemd-firstboot</refentrytitle><manvolnum>1</manvolnum></citerefentry>
- to initialize it on mounted (but not booted) system images.</para>
-
- <para>The machine-id may also be set, for example when network
- booting, by setting the <varname>systemd.machine_id=</varname>
- kernel command line parameter or passing the option
- <option>--machine-id=</option> to systemd. A machine-id may not
- be set to all zeros.</para>
+ may be used by installer tools to initialize the machine ID at install time, but
+ <filename>/etc/machine-id</filename> may also be written using any other means.
+ </para>
+
+ <para>For operating system images which are created once and used on multiple
+ machines, for example for containers or in the cloud,
+ <filename>/etc/machine-id</filename> should be an empty file in the generic file
+ system image. An ID will be generated during boot and saved to this file if
+ possible. Having an empty file in place is useful because it allows a temporary file
+ to be bind-mounted over the real file, in case the image is used read-only.</para>
+
+ <para><citerefentry><refentrytitle>systemd-firstboot</refentrytitle><manvolnum>1</manvolnum></citerefentry>
+ may be used to initialize <filename>/etc/machine-id</filename> on mounted (but not
+ booted) system images.</para>
+
+ <para>When a machine is booted with
+ <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>
+ the ID of the machine will be established. If <varname>systemd.machine_id=</varname>
+ or <option>--machine-id=</option> options (see first section) are specified, this
+ value will be used. Otherwise, the value in <filename>/etc/machine-id</filename> will
+ be used. If this file is empty or missing, <filename>systemd</filename> will attempt
+ to use the D-Bus machine ID from <filename>/var/lib/dbus/machine-id</filename>, the
+ value of the kernel command line option <varname>container_uuid</varname>, the KVM DMI
+ <filename>product_uuid</filename> (on KVM systems), and finally a randomly generated
+ UUID.</para>
+
+ <para>After the machine ID is established,
+ <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>
+ will attempt to save it to <filename>/etc/machine-id</filename>. If this fails, it
+ will attempt to bind-mount a temporary file over <filename>/etc/machine-id</filename>.
+ It is an error if the file system is read-only and does not contain a (possibly empty)
+ <filename>/etc/machine-id</filename> file.</para>
+
+ <para><citerefentry><refentrytitle>systemd-machine-id-commit.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+ will attempt to write the machine ID to the file system if
+ <filename>/etc/machine-id</filename> or <filename>/etc</filename> are read-only during
+ early boot but become writable later on.</para>