<refsect1>
<title>Description</title>
- <para><command>systemd-vmspawn</command> may be used to start a virtual machine from an OS image. In many ways it is similar to <citerefentry
- project='man-pages'><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry>, but
+ <para><command>systemd-vmspawn</command> may be used to start a virtual machine from an OS image. In many ways it is similar to <citerefentry>
+ <refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry>, but
launches a full virtual machine instead of using namespaces.</para>
<para>File descriptors for <filename>/dev/kvm</filename> and <filename>/dev/vhost-vsock</filename> can be
<variablelist>
<varlistentry>
- <term><option>--cpus=</option><replaceable>CPUS</replaceable></term>
+ <term><option>--cpus=<replaceable>CPUS</replaceable></option></term>
<listitem><para>Configures the number of CPUs to start the virtual machine with.
Defaults to 1.</para>
</varlistentry>
<varlistentry>
- <term><option>--ram=</option><replaceable>BYTES</replaceable></term>
+ <term><option>--ram=<replaceable>BYTES</replaceable></option></term>
<listitem><para>Configures the amount of memory to start the virtual machine with.
Defaults to 2G.</para>
</varlistentry>
<varlistentry>
- <term><option>--kvm=</option><replaceable>BOOL</replaceable></term>
+ <term><option>--kvm=<replaceable>BOOL</replaceable></option></term>
<listitem><para>Configures whether to use KVM. If the option is not specified KVM support will be
detected automatically. If true, KVM is always used, and if false, KVM is never used.</para>
</varlistentry>
<varlistentry>
- <term><option>--vsock=</option><replaceable>BOOL</replaceable></term>
+ <term><option>--vsock=<replaceable>BOOL</replaceable></option></term>
<listitem>
<para>Configure whether to use VSOCK networking.</para>
</varlistentry>
<varlistentry>
- <term><option>--vsock-cid=</option><replaceable>CID</replaceable></term>
+ <term><option>--vsock-cid=<replaceable>CID</replaceable></option></term>
<listitem>
<para>Configure vmspawn to use a specific CID for the guest.</para>
</varlistentry>
<varlistentry>
- <term><option>--tpm=</option><replaceable>BOOL</replaceable></term>
+ <term><option>--tpm=<replaceable>BOOL</replaceable></option></term>
<listitem>
<para>Configure whether to use VM with a virtual TPM or not.</para>
- <para>If the option is not specified vmspawn will detect the presence of <citerefentry project='man-pages'>
+ <para>If the option is not specified vmspawn will detect the presence of <citerefentry project='debian'>
<refentrytitle>swtpm</refentrytitle><manvolnum>8</manvolnum></citerefentry> and use it if available.
- If yes is specified <citerefentry project='man-pages'><refentrytitle>swtpm</refentrytitle><manvolnum>8</manvolnum></citerefentry>
- is always used, and vice versa if no is set <citerefentry project='man-pages'><refentrytitle>swtpm</refentrytitle>
+ If yes is specified <citerefentry project='debian'><refentrytitle>swtpm</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+ is always used, and vice versa if no is set <citerefentry project='debian'><refentrytitle>swtpm</refentrytitle>
<manvolnum>8</manvolnum></citerefentry> is never used.</para>
<para>Note: the virtual TPM used may change in future.</para>
</varlistentry>
<varlistentry>
- <term><option>--linux=</option><replaceable>PATH</replaceable></term>
+ <term><option>--linux=<replaceable>PATH</replaceable></option></term>
<listitem>
<para>Set the linux kernel image to use for direct kernel boot.</para>
</varlistentry>
<varlistentry>
- <term><option>--initrd=</option><replaceable>PATH</replaceable></term>
+ <term><option>--initrd=<replaceable>PATH</replaceable></option></term>
<listitem>
<para>Set the initrd to use for direct kernel boot.</para>
</varlistentry>
<varlistentry>
- <term><option>--firmware=</option><replaceable>PATH</replaceable></term>
+ <term><option>--firmware=<replaceable>PATH</replaceable></option></term>
<listitem><para>Takes an absolute path, or a relative path beginning with
<filename>./</filename>. Specifies a JSON firmware definition file, which allows selecting the
</varlistentry>
<varlistentry>
- <term><option>--secure-boot=</option><replaceable>BOOL</replaceable></term>
+ <term><option>--discard-disk=<replaceable>BOOL</replaceable></option></term>
+
+ <listitem><para>Controls whether qemu processes discard requests from the VM.
+ This prevents long running VMs from using more disk space than required.
+ This is enabled by default.</para>
+
+ <xi:include href="version-info.xml" xpointer="v256"/></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>--secure-boot=<replaceable>BOOL</replaceable></option></term>
<listitem><para>Configure whether to search for firmware which supports Secure Boot.</para>
<variablelist>
<varlistentry>
- <term><option>--private-users=</option><replaceable>UID_SHIFT[:UID_RANGE]</replaceable></term>
+ <term><option>--private-users=<replaceable>UID_SHIFT[:UID_RANGE]</replaceable></option></term>
<listitem><para>Controls user namespacing under <option>--directory=</option>.
- If enabled, <citerefentry project='man-pages'><refentrytitle>virtiofsd</refentrytitle><manvolnum>1</manvolnum></citerefentry>
- is instructed to map user and group ids (UIDs and GIDs). This involves mapping the private UIDs/GIDs used in the virtual machine
- (starting with the virtual machine's root user 0 and up) to a range of UIDs/GIDs on the host that are not used for other
- purposes (usually in the range beyond the host's UID/GID 65536).</para>
+ If enabled, <command>virtiofsd</command> is instructed to map user and group ids (UIDs and GIDs).
+ This involves mapping the private UIDs/GIDs used in the virtual machine (starting with the virtual machine's
+ root user 0 and up) to a range of UIDs/GIDs on the host that are not used for other purposes (usually in the
+ range beyond the host's UID/GID 65536).</para>
<para>If one or two colon-separated numbers are specified, user namespacing is turned on. <replaceable>UID_SHIFT</replaceable>
specifies the first host UID/GID to map, <replaceable>UID_RANGE</replaceable> is optional and specifies number of host
<variablelist>
<varlistentry>
- <term><option>--bind=</option><replaceable>PATH</replaceable></term>
- <term><option>--bind-ro=</option><replaceable>PATH</replaceable></term>
+ <term><option>--bind=<replaceable>PATH</replaceable></option></term>
+ <term><option>--bind-ro=<replaceable>PATH</replaceable></option></term>
<listitem><para>Mount a directory from the host into the virtual machine. Takes one of: a path
argument — in which case the specified path will be mounted from the host to the same path in the virtual machine, or
</varlistentry>
<varlistentry>
- <term><option>--extra-drive=</option><replaceable>PATH</replaceable></term>
+ <term><option>--extra-drive=<replaceable>PATH</replaceable></option></term>
<listitem><para>Takes a disk image or block device on the host and supplies it to the virtual machine as another drive.</para>
<variablelist>
<varlistentry>
- <term><option>--forward-journal=</option><replaceable>FILE|DIR</replaceable></term>
+ <term><option>--forward-journal=<replaceable>FILE|DIR</replaceable></option></term>
<listitem><para>Forward the virtual machine's journal to the host.
<citerefentry><refentrytitle>systemd-journal-remote</refentrytitle><manvolnum>8</manvolnum></citerefentry>
<xi:include href="version-info.xml" xpointer="v256"/>
</listitem>
</varlistentry>
+
+ <varlistentry>
+ <term><option>--pass-ssh-key=<replaceable>BOOL</replaceable></option></term>
+
+ <listitem><para>By default an SSH key is generated to allow <command>systemd-vmspawn</command> to open
+ a D-Bus connection to the VM's systemd bus. Setting this to "no" will disable SSH key generation.</para>
+
+ <para>The generated keys are ephemeral. That is they are valid only for the current invocation of <command>systemd-vmspawn</command>,
+ and are typically not persisted.</para>
+
+ <xi:include href="version-info.xml" xpointer="v256"/>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>--ssh-key-type=<replaceable>TYPE</replaceable></option></term>
+
+ <listitem><para>Configures the type of SSH key to generate, see
+ <citerefentry project="man-pages"><refentrytitle>ssh-keygen</refentrytitle><manvolnum>1</manvolnum></citerefentry>
+ for more information.</para>
+
+ <para>By default <literal>ed25519</literal> keys are generated, however <literal>rsa</literal> keys
+ may also be useful if the VM has a particularly old version of <command>sshd</command></para>.
+
+ <xi:include href="version-info.xml" xpointer="v256"/>
+ </listitem>
+ </varlistentry>
</variablelist>
</refsect2>
<variablelist>
<varlistentry>
- <term><option>--console=</option><replaceable>MODE</replaceable></term>
+ <term><option>--console=<replaceable>MODE</replaceable></option></term>
<listitem><para>Configures how to set up the console of the VM. Takes one of
<literal>interactive</literal>, <literal>read-only</literal>, <literal>native</literal>,
<variablelist>
<varlistentry>
- <term><option>--load-credential=</option><replaceable>ID</replaceable>:<replaceable>PATH</replaceable></term>
- <term><option>--set-credential=</option><replaceable>ID</replaceable>:<replaceable>VALUE</replaceable></term>
+ <term><option>--load-credential=<replaceable>ID</replaceable>:<replaceable>PATH</replaceable></option></term>
+ <term><option>--set-credential=<replaceable>ID</replaceable>:<replaceable>VALUE</replaceable></option></term>
<listitem><para>Pass a credential to the virtual machine. These two options correspond to the
<varname>LoadCredential=</varname> and <varname>SetCredential=</varname> settings in unit files. See
<title>See Also</title>
<para><simplelist type="inline">
<member><citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
- <member><citerefentry><refentrytitle>mkosi</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
+ <member><citerefentry project='debian'><refentrytitle>mkosi</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>machinectl</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>importctl</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
</simplelist></para>