diff --git a/man/nss-mymachines.xml b/man/nss-mymachines.xml index a0a0f99684..5742d89779 100644 --- a/man/nss-mymachines.xml +++ b/man/nss-mymachines.xml @@ -35,12 +35,21 @@ nss-mymachines is a plug-in module for the GNU Name Service Switch (NSS) functionality of the GNU C Library (glibc), providing hostname resolution for the names of containers running locally that are registered with - systemd-machined.service8. The + systemd-machined.service8. The container names are resolved to the IP addresses of the specific container, ordered by their scope. This - functionality only applies to containers using network namespacing. + functionality only applies to containers using network namespacing (see the description of + in + systemd-nspawn1). + Note that the name that is resolved is the one registered with systemd-machined, which + may be different than the hostname configured inside of the container. - The module also resolves user and group IDs used by containers to user and group names indicating the - container name, and back. This functionality only applies to containers using user namespacing. + The module also provides name resolution for user and group identifiers mapped to containers. All names from + the range allocated to a given container container are exposed on the host as + vu-container-uid and + vg-container-gid (see example below). This + functionality only applies to containers using user namespacing (see the description of + in + systemd-nspawn1). To activate the NSS module, add mymachines to the lines starting with hosts:, passwd: and group: in @@ -53,7 +62,7 @@ - Example + Configuration in <filename>/etc/nsswitch.conf</filename> Here is an example /etc/nsswitch.conf file that enables nss-mymachines correctly: @@ -75,11 +84,74 @@ netgroup: nis + + Mappings provided by <filename>nss-mymachines</filename> + + The container rawhide is spawned using + systemd-nspawn1: + + + # systemd-nspawn -M rawhide --boot --network-veth --private-users=pick +Spawning container rawhide on /var/lib/machines/rawhide. +Selected user namespace base 20119552 and range 65536. +... + +$ machinectl --max-addresses=3 +MACHINE CLASS SERVICE OS VERSION ADDRESSES +rawhide container systemd-nspawn fedora 30 169.254.40.164 fe80::94aa:3aff:fe7b:d4b9 + +$ getent passwd vu-rawhide-0 vu-rawhide-81 +vu-rawhide-0:*:20119552:65534:vu-rawhide-0:/:/sbin/nologin +vu-rawhide-81:*:20119633:65534:vu-rawhide-81:/:/sbin/nologin + +$ getent group vg-rawhide-0 vg-rawhide-81 +vg-rawhide-0:*:20119552: +vg-rawhide-81:*:20119633: + +$ ps -o user:15,pid,tty,command -e|grep '^vu-rawhide' +vu-rawhide-0 692 ? /usr/lib/systemd/systemd +vu-rawhide-0 731 ? /usr/lib/systemd/systemd-journald +vu-rawhide-192 734 ? /usr/lib/systemd/systemd-networkd +vu-rawhide-193 738 ? /usr/lib/systemd/systemd-resolved +vu-rawhide-0 742 ? /usr/lib/systemd/systemd-logind +vu-rawhide-81 744 ? /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only +vu-rawhide-0 746 ? /usr/sbin/sshd -D ... +vu-rawhide-0 752 ? /usr/lib/systemd/systemd --user +vu-rawhide-0 753 ? (sd-pam) +vu-rawhide-0 1628 ? login -- zbyszek +vu-rawhide-1000 1630 ? /usr/lib/systemd/systemd --user +vu-rawhide-1000 1631 ? (sd-pam) +vu-rawhide-1000 1637 pts/8 -zsh + +$ ping -c1 rawhide +PING rawhide(fe80::94aa:3aff:fe7b:d4b9%ve-rawhide (fe80::94aa:3aff:fe7b:d4b9%ve-rawhide)) 56 data bytes +64 bytes from fe80::94aa:3aff:fe7b:d4b9%ve-rawhide (fe80::94aa:3aff:fe7b:d4b9%ve-rawhide): icmp_seq=1 ttl=64 time=0.045 ms +... +$ ping -c1 -4 rawhide +PING rawhide (169.254.40.164) 56(84) bytes of data. +64 bytes from 169.254.40.164 (169.254.40.164): icmp_seq=1 ttl=64 time=0.064 ms +... + +# machinectl shell rawhide /sbin/ip a +Connected to machine rawhide. Press ^] three times within 1s to exit session. +1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 + ... +2: host0@if21: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000 + link/ether 96:aa:3a:7b:d4:b9 brd ff:ff:ff:ff:ff:ff link-netnsid 0 + inet 169.254.40.164/16 brd 169.254.255.255 scope link host0 + valid_lft forever preferred_lft forever + inet6 fe80::94aa:3aff:fe7b:d4b9/64 scope link + valid_lft forever preferred_lft forever +Connection to machine rawhide terminated. + + + See Also systemd1, systemd-machined.service8, + machinectl1, nss-systemd8, nss-resolve8, nss-myhostname8, diff --git a/src/machine/machinectl.c b/src/machine/machinectl.c index a49b11e7b0..5023acb5e2 100644 --- a/src/machine/machinectl.c +++ b/src/machine/machinectl.c @@ -332,7 +332,7 @@ static int list_machines(int argc, char *argv[], void *userdata) { name, 0, "", - "", + " ", arg_addrs, &addresses); @@ -475,20 +475,6 @@ static int show_unit_cgroup(sd_bus *bus, const char *unit, pid_t leader) { return 0; } -static int print_addresses(sd_bus *bus, const char *name, int ifi, const char *prefix, const char *prefix2, int n_addr) { - _cleanup_free_ char *s = NULL; - int r; - - r = call_get_addresses(bus, name, ifi, prefix, prefix2, n_addr, &s); - if (r < 0) - return r; - - if (r > 0) - fputs(s, stdout); - - return r; -} - static int print_os_release(sd_bus *bus, const char *method, const char *name, const char *prefix) { _cleanup_free_ char *pretty = NULL; int r; @@ -561,6 +547,7 @@ static void machine_status_info_clear(MachineStatusInfo *info) { static void print_machine_status_info(sd_bus *bus, MachineStatusInfo *i) { char since1[FORMAT_TIMESTAMP_RELATIVE_MAX]; char since2[FORMAT_TIMESTAMP_MAX]; + _cleanup_free_ char *addresses = NULL; const char *s1, *s2; int ifi = -1; @@ -630,11 +617,12 @@ static void print_machine_status_info(sd_bus *bus, MachineStatusInfo *i) { fputc('\n', stdout); } - if (print_addresses(bus, i->name, ifi, - "\t Address: ", - "\n\t ", - ALL_IP_ADDRESSES) > 0) + if (call_get_addresses(bus, i->name, ifi, + "\t Address: ", "\n\t ", ALL_IP_ADDRESSES, + &addresses) > 0) { + fputs(addresses, stdout); fputc('\n', stdout); + } print_os_release(bus, "GetMachineOSRelease", i->name, "\t OS: ");