[thirdparty/systemd.git] / man / nss-mymachines.xml

<?xml version='1.0'?> <!--*-nxml-*-->
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
  "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
<!-- SPDX-License-Identifier: LGPL-2.1+ -->

<refentry id="nss-mymachines" conditional='ENABLE_NSS_MYMACHINES'>

  <refentryinfo>
    <title>nss-mymachines</title>
    <productname>systemd</productname>
  </refentryinfo>

  <refmeta>
    <refentrytitle>nss-mymachines</refentrytitle>
    <manvolnum>8</manvolnum>
  </refmeta>

  <refnamediv>
    <refname>nss-mymachines</refname>
    <refname>libnss_mymachines.so.2</refname>
    <refpurpose>Hostname resolution for local container instances</refpurpose>
  </refnamediv>

  <refsynopsisdiv>
    <para><filename>libnss_mymachines.so.2</filename></para>
  </refsynopsisdiv>

  <refsect1>
    <title>Description</title>

    <para><command>nss-mymachines</command> is a plug-in module for the GNU Name Service Switch (NSS) functionality of
    the GNU C Library (<command>glibc</command>), providing hostname resolution for the names of containers running
    locally that are registered with
    <citerefentry><refentrytitle>systemd-machined.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>. The
    container names are resolved to the IP addresses of the specific container, ordered by their scope. This
    functionality only applies to containers using network namespacing (see the description of
    <option>--private-network</option> in
    <citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry>).
    Note that the name that is resolved is the one registered with <command>systemd-machined</command>, which
    may be different than the hostname configured inside of the container.</para>

    <para>To activate the NSS module, add <literal>mymachines</literal> to the line starting with
    <literal>hosts:</literal> in <filename>/etc/nsswitch.conf</filename>.</para>

    <para>It is recommended to place <literal>mymachines</literal> after the <literal>files</literal> or
    <literal>compat</literal> entry of the <filename>/etc/nsswitch.conf</filename> line to make sure that its
    mappings are preferred over other resolvers such as DNS, but so that <filename>/etc/hosts</filename>
    based mappings take precedence.</para>
  </refsect1>

  <refsect1>
    <title>Configuration in <filename>/etc/nsswitch.conf</filename></title>

    <para>Here is an example <filename>/etc/nsswitch.conf</filename> file that enables
    <command>nss-mymachines</command> correctly:</para>

    <!-- synchronize with other nss-* man pages and factory/etc/nsswitch.conf -->
    <programlisting>passwd:         compat systemd
group:          compat systemd
shadow:         compat

hosts:          <command>mymachines</command> resolve [!UNAVAIL=return] myhostname files dns
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis</programlisting>

  </refsect1>

  <refsect1>
    <title>Example: Mappings provided by <filename>nss-mymachines</filename></title>

    <para>The container <literal>rawhide</literal> is spawned using
    <citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry>:
    </para>

    <programlisting># systemd-nspawn -M rawhide --boot --network-veth --private-users=pick
Spawning container rawhide on /var/lib/machines/rawhide.
Selected user namespace base 20119552 and range 65536.
...

$ machinectl --max-addresses=3
MACHINE CLASS     SERVICE        OS     VERSION ADDRESSES
rawhide container systemd-nspawn fedora 30      169.254.40.164 fe80::94aa:3aff:fe7b:d4b9

$ ping -c1 rawhide
PING rawhide(fe80::94aa:3aff:fe7b:d4b9%ve-rawhide (fe80::94aa:3aff:fe7b:d4b9%ve-rawhide)) 56 data bytes
64 bytes from fe80::94aa:3aff:fe7b:d4b9%ve-rawhide (fe80::94aa:3aff:fe7b:d4b9%ve-rawhide): icmp_seq=1 ttl=64 time=0.045 ms
...
$ ping -c1 -4 rawhide
PING rawhide (169.254.40.164) 56(84) bytes of data.
64 bytes from 169.254.40.164 (169.254.40.164): icmp_seq=1 ttl=64 time=0.064 ms
...

# machinectl shell rawhide /sbin/ip a
Connected to machine rawhide. Press ^] three times within 1s to exit session.
1: lo: &lt;LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    ...
2: host0@if21: &lt;BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 96:aa:3a:7b:d4:b9 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 169.254.40.164/16 brd 169.254.255.255 scope link host0
       valid_lft forever preferred_lft forever
    inet6 fe80::94aa:3aff:fe7b:d4b9/64 scope link
       valid_lft forever preferred_lft forever
Connection to machine rawhide terminated.
</programlisting>
  </refsect1>

  <refsect1>
    <title>See Also</title>
    <para>
      <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>systemd-machined.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>machinectl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>nss-systemd</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>nss-resolve</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>nss-myhostname</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
      <citerefentry project='man-pages'><refentrytitle>nsswitch.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
      <citerefentry project='man-pages'><refentrytitle>getent</refentrytitle><manvolnum>1</manvolnum></citerefentry>
    </para>
  </refsect1>

</refentry>
Commit	Line	Data
dbda6dce	1	<?xml version='1.0'?> <!---nxml--->
3a54a157	2	<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
12b42c76	3	"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
0307f791	4	<!-- SPDX-License-Identifier: LGPL-2.1+ -->
dbda6dce	5
08540a95	6	<refentry id="nss-mymachines" conditional='ENABLE_NSS_MYMACHINES'>
dbda6dce	7
798d3a52 ZJS	8	<refentryinfo>
	9	<title>nss-mymachines</title>
	10	<productname>systemd</productname>
798d3a52 ZJS	11	</refentryinfo>
	12
	13	<refmeta>
	14	<refentrytitle>nss-mymachines</refentrytitle>
	15	<manvolnum>8</manvolnum>
	16	</refmeta>
	17
	18	<refnamediv>
	19	<refname>nss-mymachines</refname>
	20	<refname>libnss_mymachines.so.2</refname>
e9dd6984	21	<refpurpose>Hostname resolution for local container instances</refpurpose>
798d3a52 ZJS	22	</refnamediv>
	23
	24	<refsynopsisdiv>
	25	<para><filename>libnss_mymachines.so.2</filename></para>
	26	</refsynopsisdiv>
	27
	28	<refsect1>
	29	<title>Description</title>
	30
9053aaad LP	31	<para><command>nss-mymachines</command> is a plug-in module for the GNU Name Service Switch (NSS) functionality of
	32	the GNU C Library (<command>glibc</command>), providing hostname resolution for the names of containers running
	33	locally that are registered with
f2cca38e	34	<citerefentry><refentrytitle>systemd-machined.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>. The
9053aaad	35	container names are resolved to the IP addresses of the specific container, ordered by their scope. This
f2cca38e ZJS	36	functionality only applies to containers using network namespacing (see the description of
	37	<option>--private-network</option> in
	38	<citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry>).
	39	Note that the name that is resolved is the one registered with <command>systemd-machined</command>, which
	40	may be different than the hostname configured inside of the container.</para>
	41
38ccb557 LP	42	<para>To activate the NSS module, add <literal>mymachines</literal> to the line starting with
38ccb557 LP	43	<literal>hosts:</literal> in <filename>/etc/nsswitch.conf</filename>.</para>
798d3a52	44
9053aaad	45	<para>It is recommended to place <literal>mymachines</literal> after the <literal>files</literal> or
38ccb557 LP	46	<literal>compat</literal> entry of the <filename>/etc/nsswitch.conf</filename> line to make sure that its
	47	mappings are preferred over other resolvers such as DNS, but so that <filename>/etc/hosts</filename>
	48	based mappings take precedence.</para>
798d3a52 ZJS	49	</refsect1>
	50
	51	<refsect1>
f2cca38e	52	<title>Configuration in <filename>/etc/nsswitch.conf</filename></title>
798d3a52	53
9053aaad LP	54	<para>Here is an example <filename>/etc/nsswitch.conf</filename> file that enables
9053aaad LP	55	<command>nss-mymachines</command> correctly:</para>
798d3a52	56
94f760ec	57	<!-- synchronize with other nss-* man pages and factory/etc/nsswitch.conf -->
38ccb557 LP	58	<programlisting>passwd: compat systemd
38ccb557 LP	59	group: compat systemd
c01ff965	60	shadow: compat
798d3a52	61
f2a20e99	62	hosts: <command>mymachines</command> resolve [!UNAVAIL=return] myhostname files dns
dbda6dce LP	63	networks: files
	64
	65	protocols: db files
	66	services: db files
c01ff965 LP	67	ethers: db files
c01ff965 LP	68	rpc: db files
dbda6dce LP	69
	70	netgroup: nis</programlisting>
	71
798d3a52 ZJS	72	</refsect1>
798d3a52 ZJS	73
f2cca38e	74	<refsect1>
38ccb557	75	<title>Example: Mappings provided by <filename>nss-mymachines</filename></title>
f2cca38e ZJS	76
	77	<para>The container <literal>rawhide</literal> is spawned using
	78	<citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry>:
	79	</para>
	80
	81	<programlisting># systemd-nspawn -M rawhide --boot --network-veth --private-users=pick
	82	Spawning container rawhide on /var/lib/machines/rawhide.
	83	Selected user namespace base 20119552 and range 65536.
	84	...
	85
	86	$ machinectl --max-addresses=3
	87	MACHINE CLASS SERVICE OS VERSION ADDRESSES
	88	rawhide container systemd-nspawn fedora 30 169.254.40.164 fe80::94aa:3aff:fe7b:d4b9
	89
f2cca38e ZJS	90	$ ping -c1 rawhide
	91	PING rawhide(fe80::94aa:3aff:fe7b:d4b9%ve-rawhide (fe80::94aa:3aff:fe7b:d4b9%ve-rawhide)) 56 data bytes
	92	64 bytes from fe80::94aa:3aff:fe7b:d4b9%ve-rawhide (fe80::94aa:3aff:fe7b:d4b9%ve-rawhide): icmp_seq=1 ttl=64 time=0.045 ms
	93	...
	94	$ ping -c1 -4 rawhide
	95	PING rawhide (169.254.40.164) 56(84) bytes of data.
	96	64 bytes from 169.254.40.164 (169.254.40.164): icmp_seq=1 ttl=64 time=0.064 ms
	97	...
	98
	99	# machinectl shell rawhide /sbin/ip a
	100	Connected to machine rawhide. Press ^] three times within 1s to exit session.
	101	1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
	102	...
	103	2: host0@if21: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
	104	link/ether 96:aa:3a:7b:d4:b9 brd ff:ff:ff:ff:ff:ff link-netnsid 0
	105	inet 169.254.40.164/16 brd 169.254.255.255 scope link host0
	106	valid_lft forever preferred_lft forever
	107	inet6 fe80::94aa:3aff:fe7b:d4b9/64 scope link
	108	valid_lft forever preferred_lft forever
	109	Connection to machine rawhide terminated.
	110	</programlisting>
	111	</refsect1>
	112
798d3a52 ZJS	113	<refsect1>
	114	<title>See Also</title>
	115	<para>
	116	<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
	117	<citerefentry><refentrytitle>systemd-machined.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
f2cca38e	118	<citerefentry><refentrytitle>machinectl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
409093fe	119	<citerefentry><refentrytitle>nss-systemd</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
0d6868f9	120	<citerefentry><refentrytitle>nss-resolve</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
798d3a52 ZJS	121	<citerefentry><refentrytitle>nss-myhostname</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
	122	<citerefentry project='man-pages'><refentrytitle>nsswitch.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
	123	<citerefentry project='man-pages'><refentrytitle>getent</refentrytitle><manvolnum>1</manvolnum></citerefentry>
	124	</para>
	125	</refsect1>
dbda6dce LP	126
dbda6dce LP	127	</refentry>