<refnamediv>
<refname>systemd-vmspawn</refname>
- <refpurpose>Spawn an OS in a virtual machine.</refpurpose>
+ <refpurpose>Spawn an OS in a virtual machine</refpurpose>
</refnamediv>
<refsynopsisdiv>
<refsect1>
<title>Description</title>
- <para><command>systemd-vmspawn</command> may be used to start a virtual machine from an OS image. In many ways it is similar to <citerefentry
- project='man-pages'><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry>, but
+ <para><command>systemd-vmspawn</command> may be used to start a virtual machine from an OS image. In many ways it is similar to <citerefentry>
+ <refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry>, but
launches a full virtual machine instead of using namespaces.</para>
<para>File descriptors for <filename>/dev/kvm</filename> and <filename>/dev/vhost-vsock</filename> can be
<variablelist>
<varlistentry>
- <term><option>--cpus=</option><replaceable>CPUS</replaceable></term>
+ <term><option>--cpus=<replaceable>CPUS</replaceable></option></term>
<listitem><para>Configures the number of CPUs to start the virtual machine with.
Defaults to 1.</para>
</varlistentry>
<varlistentry>
- <term><option>--ram=</option><replaceable>BYTES</replaceable></term>
+ <term><option>--ram=<replaceable>BYTES</replaceable></option></term>
<listitem><para>Configures the amount of memory to start the virtual machine with.
Defaults to 2G.</para>
</varlistentry>
<varlistentry>
- <term><option>--kvm=</option><replaceable>BOOL</replaceable></term>
+ <term><option>--kvm=<replaceable>BOOL</replaceable></option></term>
<listitem><para>Configures whether to use KVM. If the option is not specified KVM support will be
detected automatically. If true, KVM is always used, and if false, KVM is never used.</para>
</varlistentry>
<varlistentry>
- <term><option>--vsock=</option><replaceable>BOOL</replaceable></term>
+ <term><option>--vsock=<replaceable>BOOL</replaceable></option></term>
<listitem>
<para>Configure whether to use VSOCK networking.</para>
</varlistentry>
<varlistentry>
- <term><option>--vsock-cid=</option><replaceable>CID</replaceable></term>
+ <term><option>--vsock-cid=<replaceable>CID</replaceable></option></term>
<listitem>
<para>Configure vmspawn to use a specific CID for the guest.</para>
</varlistentry>
<varlistentry>
- <term><option>--tpm=</option><replaceable>BOOL</replaceable></term>
+ <term><option>--tpm=<replaceable>BOOL</replaceable></option></term>
<listitem>
<para>Configure whether to use VM with a virtual TPM or not.</para>
- <para>If the option is not specified vmspawn will detect the presence of <citerefentry project='man-pages'>
+ <para>If the option is not specified vmspawn will detect the presence of <citerefentry project='debian'>
<refentrytitle>swtpm</refentrytitle><manvolnum>8</manvolnum></citerefentry> and use it if available.
- If yes is specified <citerefentry project='man-pages'><refentrytitle>swtpm</refentrytitle><manvolnum>8</manvolnum></citerefentry>
- is always used, and vice versa if no is set <citerefentry project='man-pages'><refentrytitle>swtpm</refentrytitle>
+ If yes is specified <citerefentry project='debian'><refentrytitle>swtpm</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+ is always used, and vice versa if no is set <citerefentry project='debian'><refentrytitle>swtpm</refentrytitle>
<manvolnum>8</manvolnum></citerefentry> is never used.</para>
<para>Note: the virtual TPM used may change in future.</para>
</varlistentry>
<varlistentry>
- <term><option>--linux=</option><replaceable>PATH</replaceable></term>
+ <term><option>--linux=<replaceable>PATH</replaceable></option></term>
<listitem>
<para>Set the linux kernel image to use for direct kernel boot.</para>
</varlistentry>
<varlistentry>
- <term><option>--initrd=</option><replaceable>PATH</replaceable></term>
+ <term><option>--initrd=<replaceable>PATH</replaceable></option></term>
<listitem>
<para>Set the initrd to use for direct kernel boot.</para>
</listitem>
</varlistentry>
- <varlistentry>
- <term><option>--qemu-gui</option></term>
-
- <listitem><para>Start QEMU in graphical mode.</para>
-
- <xi:include href="version-info.xml" xpointer="v255"/></listitem>
- </varlistentry>
-
<varlistentry>
<term><option>-n</option></term>
<term><option>--network-tap</option></term>
</varlistentry>
<varlistentry>
- <term><option>--firmware=</option><replaceable>PATH</replaceable></term>
+ <term><option>--firmware=<replaceable>PATH</replaceable></option></term>
<listitem><para>Takes an absolute path, or a relative path beginning with
<filename>./</filename>. Specifies a JSON firmware definition file, which allows selecting the
</varlistentry>
<varlistentry>
- <term><option>--secure-boot=</option><replaceable>BOOL</replaceable></term>
+ <term><option>--discard-disk=<replaceable>BOOL</replaceable></option></term>
+
+ <listitem><para>Controls whether qemu processes discard requests from the VM.
+ This prevents long running VMs from using more disk space than required.
+ This is enabled by default.</para>
+
+ <xi:include href="version-info.xml" xpointer="v256"/></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>--secure-boot=<replaceable>BOOL</replaceable></option></term>
<listitem><para>Configure whether to search for firmware which supports Secure Boot.</para>
<xi:include href="version-info.xml" xpointer="v255"/>
</listitem>
</varlistentry>
+
+ <varlistentry>
+ <term><option>--uuid=</option></term>
+
+ <listitem><para>Set the specified UUID for the virtual machine. The
+ init system will initialize
+ <filename>/etc/machine-id</filename> from this if this file is
+ not set yet. Note that this option takes effect only if
+ <filename>/etc/machine-id</filename> in the virtual machine is
+ unpopulated.</para>
+
+ <xi:include href="version-info.xml" xpointer="v256"/></listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect2>
+
+ <refsect2>
+ <title>Property Options</title>
+
+ <variablelist>
+ <varlistentry>
+ <term><option>--register=</option></term>
+
+ <listitem><para>Controls whether the virtual machine is registered with
+ <citerefentry><refentrytitle>systemd-machined</refentrytitle><manvolnum>8</manvolnum></citerefentry>. Takes a
+ boolean argument, which defaults to <literal>yes</literal> when running as root, and <literal>no</literal> when
+ running as a regular user. This ensures that the virtual machine is accessible via
+ <citerefentry><refentrytitle>machinectl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.</para>
+
+ <para>Note: root privileges are required to use this option as registering with
+ <citerefentry><refentrytitle>systemd-machined</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+ requires privileged D-Bus method calls.</para>
+
+ <xi:include href="version-info.xml" xpointer="v256"/></listitem>
+ </varlistentry>
</variablelist>
</refsect2>
<variablelist>
<varlistentry>
- <term><option>--private-users=</option><replaceable>UID_SHIFT[:UID_RANGE]</replaceable></term>
+ <term><option>--private-users=<replaceable>UID_SHIFT[:UID_RANGE]</replaceable></option></term>
<listitem><para>Controls user namespacing under <option>--directory=</option>.
- If enabled, <citerefentry project='man-pages'><refentrytitle>virtiofsd</refentrytitle><manvolnum>1</manvolnum></citerefentry>
- is instructed to map user and group ids (UIDs and GIDs). This involves mapping the private UIDs/GIDs used in the virtual machine
- (starting with the virtual machine's root user 0 and up) to a range of UIDs/GIDs on the host that are not used for other
- purposes (usually in the range beyond the host's UID/GID 65536).</para>
+ If enabled, <command>virtiofsd</command> is instructed to map user and group ids (UIDs and GIDs).
+ This involves mapping the private UIDs/GIDs used in the virtual machine (starting with the virtual machine's
+ root user 0 and up) to a range of UIDs/GIDs on the host that are not used for other purposes (usually in the
+ range beyond the host's UID/GID 65536).</para>
<para>If one or two colon-separated numbers are specified, user namespacing is turned on. <replaceable>UID_SHIFT</replaceable>
specifies the first host UID/GID to map, <replaceable>UID_RANGE</replaceable> is optional and specifies number of host
<variablelist>
<varlistentry>
- <term><option>--bind=</option><replaceable>PATH</replaceable></term>
- <term><option>--bind-ro=</option><replaceable>PATH</replaceable></term>
+ <term><option>--bind=<replaceable>PATH</replaceable></option></term>
+ <term><option>--bind-ro=<replaceable>PATH</replaceable></option></term>
<listitem><para>Mount a directory from the host into the virtual machine. Takes one of: a path
argument — in which case the specified path will be mounted from the host to the same path in the virtual machine, or
</varlistentry>
<varlistentry>
- <term><option>--extra-drive=</option><replaceable>PATH</replaceable></term>
+ <term><option>--extra-drive=<replaceable>PATH</replaceable></option></term>
<listitem><para>Takes a disk image or block device on the host and supplies it to the virtual machine as another drive.</para>
<variablelist>
<varlistentry>
- <term><option>--forward-journal=</option><replaceable>FILE|DIR</replaceable></term>
+ <term><option>--forward-journal=<replaceable>FILE|DIR</replaceable></option></term>
<listitem><para>Forward the virtual machine's journal to the host.
<citerefentry><refentrytitle>systemd-journal-remote</refentrytitle><manvolnum>8</manvolnum></citerefentry>
<xi:include href="version-info.xml" xpointer="v256"/>
</listitem>
</varlistentry>
+
+ <varlistentry>
+ <term><option>--pass-ssh-key=<replaceable>BOOL</replaceable></option></term>
+
+ <listitem><para>By default an SSH key is generated to allow <command>systemd-vmspawn</command> to open
+ a D-Bus connection to the VM's systemd bus. Setting this to "no" will disable SSH key generation.</para>
+
+ <para>The generated keys are ephemeral. That is they are valid only for the current invocation of <command>systemd-vmspawn</command>,
+ and are typically not persisted.</para>
+
+ <xi:include href="version-info.xml" xpointer="v256"/>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>--ssh-key-type=<replaceable>TYPE</replaceable></option></term>
+
+ <listitem><para>Configures the type of SSH key to generate, see
+ <citerefentry project="man-pages"><refentrytitle>ssh-keygen</refentrytitle><manvolnum>1</manvolnum></citerefentry>
+ for more information.</para>
+
+ <para>By default <literal>ed25519</literal> keys are generated, however <literal>rsa</literal> keys
+ may also be useful if the VM has a particularly old version of <command>sshd</command></para>.
+
+ <xi:include href="version-info.xml" xpointer="v256"/>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect2>
+
+ <refsect2>
+ <title>Input/Output Options</title>
+
+ <variablelist>
+ <varlistentry>
+ <term><option>--console=<replaceable>MODE</replaceable></option></term>
+
+ <listitem><para>Configures how to set up the console of the VM. Takes one of
+ <literal>interactive</literal>, <literal>read-only</literal>, <literal>native</literal>,
+ <literal>gui</literal>. Defaults to <literal>interactive</literal>. <literal>interactive</literal>
+ provides an interactive terminal interface to the VM. <literal>read-only</literal> is similar, but
+ is strictly read-only, i.e. does not accept any input from the user. <literal>native</literal> also
+ provides a TTY-based interface, but uses qemu native implementation (which means the qemu monitor
+ is available). <literal>gui</literal> shows the qemu graphical UI.</para>
+
+ <xi:include href="version-info.xml" xpointer="v256"/></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>--background=<replaceable>COLOR</replaceable></option></term>
+
+ <listitem><para>Change the terminal background color to the specified ANSI color as long as the VM
+ runs. The color specified should be an ANSI X3.64 SGR background color, i.e. strings such as
+ <literal>40</literal>, <literal>41</literal>, …, <literal>47</literal>, <literal>48;2;…</literal>,
+ <literal>48;5;…</literal>. See <ulink
+ url="https://en.wikipedia.org/wiki/ANSI_escape_code#SGR_(Select_Graphic_Rendition)_parameters">ANSI
+ Escape Code (Wikipedia)</ulink> for details. Assign an empty string to disable any coloring. This
+ only has an effect in <option>--console=interactive</option> and
+ <option>--console=read-only</option> modes.</para>
+
+ <xi:include href="version-info.xml" xpointer="v256"/>
+ </listitem>
+ </varlistentry>
</variablelist>
</refsect2>
<variablelist>
<varlistentry>
- <term><option>--load-credential=</option><replaceable>ID</replaceable>:<replaceable>PATH</replaceable></term>
- <term><option>--set-credential=</option><replaceable>ID</replaceable>:<replaceable>VALUE</replaceable></term>
+ <term><option>--load-credential=<replaceable>ID</replaceable>:<replaceable>PATH</replaceable></option></term>
+ <term><option>--set-credential=<replaceable>ID</replaceable>:<replaceable>VALUE</replaceable></option></term>
<listitem><para>Pass a credential to the virtual machine. These two options correspond to the
<varname>LoadCredential=</varname> and <varname>SetCredential=</varname> settings in unit files. See
<para>In order to embed binary data into the credential data for <option>--set-credential=</option>,
use C-style escaping (i.e. <literal>\n</literal> to embed a newline, or <literal>\x00</literal> to
embed a <constant>NUL</constant> byte). Note that the invoking shell might already apply unescaping
- once, hence this might require double escaping!.</para>
+ once, hence this might require double escaping!</para>
<xi:include href="version-info.xml" xpointer="v255"/></listitem>
</varlistentry>
<title>See Also</title>
<para><simplelist type="inline">
<member><citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
- <member><citerefentry><refentrytitle>mkosi</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
+ <member><citerefentry project='debian'><refentrytitle>mkosi</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
+ <member><citerefentry><refentrytitle>machinectl</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
+ <member><citerefentry><refentrytitle>importctl</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
</simplelist></para>
</refsect1>
</refentry>
projects / thirdparty / systemd.git / blobdiff