projects / systemd.git / blame
| Commit | Line | Data |
|---|---|---|
| e735f4d4 | 1 | <?xml version='1.0'?> <!--*-nxml-*--> |
| bb4f798a | 2 | <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" |
| e735f4d4 | 3 | "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"> |
| a032b68d | 4 | <!-- SPDX-License-Identifier: LGPL-2.1-or-later --> |
| e735f4d4 | 5 | |
| 6e866b33 | 6 | <refentry id="nss-mymachines" conditional='ENABLE_NSS_MYMACHINES'> |
| e735f4d4 MP |
7 | |
| 8 | <refentryinfo> | |
| 9 | <title>nss-mymachines</title> | |
| 10 | <productname>systemd</productname> | |
| e735f4d4 MP |
11 | </refentryinfo> |
| 12 | ||
| 13 | <refmeta> | |
| 14 | <refentrytitle>nss-mymachines</refentrytitle> | |
| 15 | <manvolnum>8</manvolnum> | |
| 16 | </refmeta> | |
| 17 | ||
| 18 | <refnamediv> | |
| 19 | <refname>nss-mymachines</refname> | |
| 20 | <refname>libnss_mymachines.so.2</refname> | |
| a10f5d05 | 21 | <refpurpose>Hostname resolution for local container instances</refpurpose> |
| e735f4d4 MP |
22 | </refnamediv> |
| 23 | ||
| 24 | <refsynopsisdiv> | |
| 25 | <para><filename>libnss_mymachines.so.2</filename></para> | |
| 26 | </refsynopsisdiv> | |
| 27 | ||
| 28 | <refsect1> | |
| 29 | <title>Description</title> | |
| 30 | ||
| aa27b158 MP |
31 | <para><command>nss-mymachines</command> is a plug-in module for the GNU Name Service Switch (NSS) functionality of |
| 32 | the GNU C Library (<command>glibc</command>), providing hostname resolution for the names of containers running | |
| 33 | locally that are registered with | |
| 6e866b33 | 34 | <citerefentry><refentrytitle>systemd-machined.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>. The |
| aa27b158 | 35 | container names are resolved to the IP addresses of the specific container, ordered by their scope. This |
| 6e866b33 MB |
36 | functionality only applies to containers using network namespacing (see the description of |
| 37 | <option>--private-network</option> in | |
| 38 | <citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry>). | |
| 39 | Note that the name that is resolved is the one registered with <command>systemd-machined</command>, which | |
| 40 | may be different than the hostname configured inside of the container.</para> | |
| 41 | ||
| 8b3d4ff0 MB |
42 | <para>Note that this NSS module only makes available names of the containers running immediately below |
| 43 | the current system context. It does not provide host name resolution for containers running side-by-side | |
| 44 | with the invoking system context, or containers further up or down the container hierarchy. Or in other | |
| 45 | words, on the host system it provides host name resolution for the containers running immediately below | |
| 46 | the host environment. When used inside a container environment however, it will not be able to provide | |
| 47 | name resolution for containers running on the host (as those are siblings and not children of the current | |
| 48 | container environment), but instead only for nested containers running immediately below its own | |
| 49 | container environment.</para> | |
| 50 | ||
| a10f5d05 MB |
51 | <para>To activate the NSS module, add <literal>mymachines</literal> to the line starting with |
| 52 | <literal>hosts:</literal> in <filename>/etc/nsswitch.conf</filename>.</para> | |
| e735f4d4 | 53 | |
| a032b68d MB |
54 | <para>It is recommended to place <literal>mymachines</literal> before the <literal>resolve</literal> or |
| 55 | <literal>dns</literal> entry of the <literal>hosts:</literal> line of | |
| 56 | <filename>/etc/nsswitch.conf</filename> in order to make sure that its mappings are preferred over other | |
| 57 | resolvers such as DNS.</para> | |
| e735f4d4 MP |
58 | </refsect1> |
| 59 | ||
| 60 | <refsect1> | |
| 6e866b33 | 61 | <title>Configuration in <filename>/etc/nsswitch.conf</filename></title> |
| e735f4d4 | 62 | |
| aa27b158 MP |
63 | <para>Here is an example <filename>/etc/nsswitch.conf</filename> file that enables |
| 64 | <command>nss-mymachines</command> correctly:</para> | |
| e735f4d4 | 65 | |
| 6e866b33 | 66 | <!-- synchronize with other nss-* man pages and factory/etc/nsswitch.conf --> |
| a10f5d05 | 67 | <programlisting>passwd: compat systemd |
| a032b68d | 68 | group: compat [SUCCESS=merge] systemd |
| 8b3d4ff0 MB |
69 | shadow: compat systemd |
| 70 | gshadow: files systemd | |
| e735f4d4 | 71 | |
| a032b68d | 72 | hosts: <command>mymachines</command> resolve [!UNAVAIL=return] files myhostname dns |
| e735f4d4 MP |
73 | networks: files |
| 74 | ||
| 75 | protocols: db files | |
| 76 | services: db files | |
| 7035cd9e MP |
77 | ethers: db files |
| 78 | rpc: db files | |
| e735f4d4 MP |
79 | |
| 80 | netgroup: nis</programlisting> | |
| 81 | ||
| 82 | </refsect1> | |
| 83 | ||
| 6e866b33 | 84 | <refsect1> |
| a10f5d05 | 85 | <title>Example: Mappings provided by <filename>nss-mymachines</filename></title> |
| 6e866b33 MB |
86 | |
| 87 | <para>The container <literal>rawhide</literal> is spawned using | |
| 88 | <citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry>: | |
| 89 | </para> | |
| 90 | ||
| 91 | <programlisting># systemd-nspawn -M rawhide --boot --network-veth --private-users=pick | |
| 92 | Spawning container rawhide on /var/lib/machines/rawhide. | |
| 93 | Selected user namespace base 20119552 and range 65536. | |
| 94 | ... | |
| 95 | ||
| 96 | $ machinectl --max-addresses=3 | |
| 97 | MACHINE CLASS SERVICE OS VERSION ADDRESSES | |
| 98 | rawhide container systemd-nspawn fedora 30 169.254.40.164 fe80::94aa:3aff:fe7b:d4b9 | |
| 99 | ||
| 6e866b33 MB |
100 | $ ping -c1 rawhide |
| 101 | PING rawhide(fe80::94aa:3aff:fe7b:d4b9%ve-rawhide (fe80::94aa:3aff:fe7b:d4b9%ve-rawhide)) 56 data bytes | |
| 102 | 64 bytes from fe80::94aa:3aff:fe7b:d4b9%ve-rawhide (fe80::94aa:3aff:fe7b:d4b9%ve-rawhide): icmp_seq=1 ttl=64 time=0.045 ms | |
| 103 | ... | |
| 104 | $ ping -c1 -4 rawhide | |
| 105 | PING rawhide (169.254.40.164) 56(84) bytes of data. | |
| 106 | 64 bytes from 169.254.40.164 (169.254.40.164): icmp_seq=1 ttl=64 time=0.064 ms | |
| 107 | ... | |
| 108 | ||
| 109 | # machinectl shell rawhide /sbin/ip a | |
| 110 | Connected to machine rawhide. Press ^] three times within 1s to exit session. | |
| 111 | 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 | |
| 112 | ... | |
| 113 | 2: host0@if21: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000 | |
| 114 | link/ether 96:aa:3a:7b:d4:b9 brd ff:ff:ff:ff:ff:ff link-netnsid 0 | |
| 115 | inet 169.254.40.164/16 brd 169.254.255.255 scope link host0 | |
| 116 | valid_lft forever preferred_lft forever | |
| 117 | inet6 fe80::94aa:3aff:fe7b:d4b9/64 scope link | |
| 118 | valid_lft forever preferred_lft forever | |
| 119 | Connection to machine rawhide terminated. | |
| 120 | </programlisting> | |
| 121 | </refsect1> | |
| 122 | ||
| e735f4d4 MP |
123 | <refsect1> |
| 124 | <title>See Also</title> | |
| 125 | <para> | |
| 126 | <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, | |
| 127 | <citerefentry><refentrytitle>systemd-machined.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>, | |
| 6e866b33 | 128 | <citerefentry><refentrytitle>machinectl</refentrytitle><manvolnum>1</manvolnum></citerefentry>, |
| 8a584da2 | 129 | <citerefentry><refentrytitle>nss-systemd</refentrytitle><manvolnum>8</manvolnum></citerefentry>, |
| 13d276d0 | 130 | <citerefentry><refentrytitle>nss-resolve</refentrytitle><manvolnum>8</manvolnum></citerefentry>, |
| e735f4d4 MP |
131 | <citerefentry><refentrytitle>nss-myhostname</refentrytitle><manvolnum>8</manvolnum></citerefentry>, |
| 132 | <citerefentry project='man-pages'><refentrytitle>nsswitch.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
| 133 | <citerefentry project='man-pages'><refentrytitle>getent</refentrytitle><manvolnum>1</manvolnum></citerefentry> | |
| 134 | </para> | |
| 135 | </refsect1> | |
| 136 | ||
| 137 | </refentry> |