What’s the difference between
machinectl start foo
and
systemctl start systemd-nspawn@foo
? They look the same to me.
Thanks,
Johannes.
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
I realized later that this virtual machine had ended up with a borked btrfs
filesystem. I blame it on a problem with the outer OSX filesystem, but
regardless, it does not seem to be a systemd problem.
So disregard this error.
Cheers,
Johannes.
On Jun 23, 2015, at 7:45, Matthew Karas mkarasc...@gmail.com wrote:
I am trying to configure a container after creation using machinectl
but I'm coming up against problems in my implementation. If this
isn't the correct way to set up a container after creation please let
me know the right
I can import-tar, list-images, image-status, start, rename, and remove, but
sudo machinectl clone depot depot2
Could not clone image: Access denied
Am I doing this wrong?
This is systemd 221-1 on Arch.
$ sudo machinectl list-images
NAME TYPE RO USAGE CREATED
(Morale: in doubt, lean hard on your booleans)
1. Reboot host. (Arch running in VirtualBox on Mac)
2. host sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 1
3. host sudo systemd-nspawn -M container -b -j -n --bind /home:/home
(Arch subset / UBOS)
4. container ping 8.8.8.8
7 packets
Hallo Andreas,
On Jun 25, 2015, at 7:57, Andreas Buschmann busch...@tech.net.de wrote:
Hello,
I am writing a systemd .service file to handle NVDIMMs.
- start
- stop
- reload
all work
The problem child is restart.
Restart is internally implemented as stop followed by start.
The
Not sure how I just managed to do that, but after an nspawn run with -n, I have
a leftover ve-xxx interface on the host. The container/machine is gone, the
(ephemeral) file system is gone, just the interface is still there.
Also sometimes it seems that the ephemeral subvolume stays around if
$ systemctl restart systemd-networkd
Failed to restart systemd-networkd.service: The name org.freedesktop.PolicyKit1
was not provided by any .service files
$ sudo systemctl restart systemd-networkd
Works.
Presumably this error message could be improved, in particular because that
name is
On Jun 19, 2015, at 23:37, Daniel Mack dan...@zonque.org wrote:
On 06/19/2015 09:31 PM, Johannes Ernst wrote:
After a reboot, root gets this:
# journalctl
Error was encountered while opening journal files: Invalid argument
No other output.
What does 'strace journalctl' say
After a reboot, root gets this:
# journalctl
Error was encountered while opening journal files: Invalid argument
No other output.
Non-root gets user-specific output.
What might have happened here. and how do I fix it? I upgraded from 220 to 221:
same behavior.
I briefly ran out of space on a
I have a root filesystem in directory foo/
It has symlink
foo/etc/resolv.conf - /run/systemd/resolve/resolv.conf
When I’m booting the container:
sudo systemd-nspawn --directory foo --boot
I’m getting:
Failed to copy /etc/resolv.conf to /home/…./foo/etc/resolv.conf: Too many
levels
I have a root filesystem directory in foo/
I boot with nspawn, and immediately, in the container:
systemctl poweroff
This works fine if invoked as:
sudo systemd-nspawn --directory foo --boot -n
But if I add --ephemeral (and it is a btrfs filesystem)
sudo systemd-nspawn --directory
Aha! Works in 220. (It’s still in testing in Arch, so I had been on 219)
I’m still unclear why there’s an (empty) /var/lib/machines in the container.
On Jun 16, 2015, at 15:22, Lennart Poettering lenn...@poettering.net wrote:
On Tue, 16.06.15 14:53, Johannes Ernst (johannes.er...@gmail.com
...@gmail.com) wrote:
Hi
On Wed, Jun 17, 2015 at 5:53 AM, Johannes Ernst
johannes.er...@gmail.com wrote:
Are those supposed to produce the same information, just formatted
differently (man vs machine per man page)?
I’m failing to convince ‘show’ to give me the container’s IP address, while
On Jun 17, 2015, at 1:07, David Herrmann dh.herrm...@gmail.com wrote:
Hi
On Tue, Jun 16, 2015 at 11:39 PM, Johannes Ernst
johannes.er...@gmail.com wrote:
I have a root filesystem in directory foo/
It has symlink
foo/etc/resolv.conf - /run/systemd/resolve/resolv.conf
When I’m
On Jun 17, 2015, at 14:09, Lennart Poettering lenn...@poettering.net wrote:
On Wed, 17.06.15 13:34, Johannes Ernst (johannes.er...@gmail.com) wrote:
2. So how do I get at the IP address of the container in a way that
is easily parseable?
make sure nss-mymachines is installed
Are those supposed to produce the same information, just formatted differently
(man vs machine per man page)?
I’m failing to convince ‘show’ to give me the container’s IP address, while
‘status’ has all of them.
Cheers,
Johannes.
___
My host obtains an IP address and DNS server via DHCP from upstream via
Ethernet like this (systemd 219, Arch Linux)
[Match]
Name=en*
[Network]
DHCP=ipv4
It has the resolv.conf symlink to /run/systemd/resolve/resolv.conf, and the DNS
server from DHCP shows up there.
It also
On Jun 13, 2015, at 2:33, joerg.syst...@higgsboson.tk
mailto:joerg.syst...@higgsboson.tk wrote:
13. Juni 2015 02:32 Uhr, Johannes Ernst johannes.er...@gmail.com
mailto:johannes.er...@gmail.com schrieb:
My host obtains an IP address and DNS server via DHCP from upstream via
Ethernet
On Jun 15, 2015, at 11:32, Lennart Poettering lenn...@poettering.net wrote:
On Mon, 15.06.15 10:39, Johannes Ernst (johannes.er...@gmail.com) wrote:
On Jun 15, 2015, at 10:33, Lennart Poettering lenn...@poettering.net
wrote:
On Mon, 15.06.15 10:32, Johannes Ernst (johannes.er
On Jun 14, 2015, at 15:27, Lennart Poettering lenn...@poettering.net wrote:
On Fri, 12.06.15 17:32, Johannes Ernst (johannes.er...@gmail.com) wrote:
* host and container can ping test (if test is the name of the
* container machine per machinectl): FAILS, neither can
Do you have nss
On Jun 15, 2015, at 10:33, Lennart Poettering lenn...@poettering.net wrote:
On Mon, 15.06.15 10:32, Johannes Ernst (johannes.er...@gmail.com
mailto:johannes.er...@gmail.com) wrote:
On Jun 14, 2015, at 15:27, Lennart Poettering lenn...@poettering.net
wrote:
On Fri, 12.06.15 17:32
This is a best-practice question.
I’d like to automate testing of a web application (running in a container) by
running curl from the host. The logical sequence should be:
* boot container using local tar file or existing directory
* wait until container is-system-running=true
* on the
My container is degraded because systemd-tmpfiles-setup.service failed. My
understanding is that it should not run in the container anyway. (Right?)
How do I find out why it was started?
This is probably a noob question.
Thanks,
Johannes.
___
Hey Martin,
thanks, but:
My container is degraded because systemd-tmpfiles-setup.service
failed. My understanding is that it should not run in the container
anyway. (Right?)
It should run in a container; its purpose is both necessary, and I
don't see why a container would have any
If I run systemd-nspawn with —ephemeral, it creates a new temporary btrfs
subvolume, the documentation says.
Mine takes an awful long time — blocking IO on the device in the awful long
meantime — and I’m puzzled why. Does it perhaps copy (deep? references only?)
the entire drive?
Should I
I was hoping that
getent hosts containername
would work, just like
getent hosts hostname
where hostname can be anything else in the hosts: field in nsswitch.conf. But
no such luck.
The containername does get resolved correctly in other cases, e.g. when
pinging it.
Not knowing
On Jul 3, 2015, at 4:01, Lennart Poettering lenn...@poettering.net wrote:
On Wed, 01.07.15 13:50, Johannes Ernst (johannes.er...@gmail.com
mailto:johannes.er...@gmail.com) wrote:
Hey Martin,
thanks, but:
My container is degraded because systemd-tmpfiles-setup.service
failed. My
On Jun 29, 2015, at 10:32, Johannes Ernst johannes.er...@gmail.com wrote:
I was hoping that
getent hosts containername
would work, just like
getent hosts hostname
where hostname can be anything else in the hosts: field in nsswitch.conf.
But no such luck.
The containername
On Jul 1, 2015, at 14:59, Michael Biebl mbi...@gmail.com wrote:
2015-07-01 22:50 GMT+02:00 Johannes Ernst johannes.er...@gmail.com
mailto:johannes.er...@gmail.com:
Hey Martin,
thanks, but:
My container is degraded because systemd-tmpfiles-setup.service
failed. My understanding
/var/lib/machines is intended to be, as I understand it, for (virtual) machines
that are or could be started at every boot.
Would it make sense to have a similar convention for templates?
Use cases:
1. Testing. Pull base image once, run lots of containers from the same base
image
2. Hosting.
The strange sysctl fails to setup IP forwarding #468”, closed after ordering
systemd-sysctl and systemd-networkd, unfortunately still occurs for me.
https://github.com/systemd/systemd/issues/468#issuecomment-117904714
Cheers,
Johannes.
___
On Jun 15, 2015, at 18:15, Chris Morgan chmor...@gmail.com wrote:
But yeah, was wondering if there were known users of nspawn containers that
discussed their use cases.
I’m starting to us it for testing of installation and upgrades of various web
apps on UBOS [1] using webapptest [2].
On Jul 3, 2015, at 4:01, Lennart Poettering lenn...@poettering.net wrote:
On Wed, 01.07.15 13:50, Johannes Ernst (johannes.er...@gmail.com
mailto:johannes.er...@gmail.com) wrote:
My container is degraded because systemd-tmpfiles-setup.service
failed. My understanding is that it should
TL;DR: I propose to have IPForward default to “no change”, rather than 0, as 0
has unexpected consequences for non-expert users.
Details: A few months ago there where some threads about ip_forwarding needing
a toggle from 1 to 0 and back to 1 before it would work. [1][2][3]
It appears I found
This makes my point. The default = 0 is counter intuitive and costs much time
for the lucky ones among us who can figure it out. The rest will just give up...
Sent from my iPad.
> On Nov 5, 2015, at 22:32, Peter Paule wrote:
>
> Hi Johannes,
>
> I had the same
> On Nov 6, 2015, at 1:09, Reindl Harald wrote:
>
> defaults should have security in mind, …
IMHO the current behavior is actually less secure:
If I set net.ipv4.ip_forward=1, I intentionally set forwarding on all
interfaces, as documented in countless tutorials, so
I’m trying to set up two different Avahi configurations, using foo.service and
bar.service.
Error message:
Two services allocated for the same bus name org.freedesktop.Avahi, refusing
operation.
On the face of it, that seems to be correct: indeed foo.service and bar.service
both declare
I understand that if foo.service specifies:
PropagatesReloadTo=bar.service
and I execute “systemctl reload foo”, this will trigger a reload of bar as
well. Typically I might do that if I have changed some config file, and I want
the daemon(s) to pick it up.
Is there a similar mechanism that
> On Oct 10, 2015, at 22:54, Andrei Borzenkov <arvidj...@gmail.com> wrote:
>
> 11.10.2015 06:09, Johannes Ernst пишет:
>> I’m trying to set up two different Avahi configurations, using foo.service
>> and bar.service.
>>
>> Error message:
>>
&g
On Oct 10, 2015, at 23:16, Andrei Borzenkov <arvidj...@gmail.com> wrote:
>
> 11.10.2015 07:14, Johannes Ernst пишет:
>> I understand that if foo.service specifies:
>>
>> PropagatesReloadTo=bar.service
>>
>> and I execute “systemctl reload foo”, thi
On Oct 12, 2015, at 1:20, Andrei Borzenkov <arvidj...@gmail.com> wrote:On Mon, Oct 12, 2015 at 1:40 AM, Johannes Ernst<johannes.er...@gmail.com> wrote:I guess I need to explain what I’m trying to do:I want a single command to reconfigure networking for different situationsthat a de
> On Oct 6, 2015, at 6:19, Lennart Poettering <lenn...@poettering.net> wrote:
>
> On Mon, 05.10.15 09:04, Johannes Ernst (johannes.er...@gmail.com) wrote:
>
>> I have a foo@.service. When started as
>> systemctl start foo@abc
>> I’d like all other cur
> On Oct 9, 2015, at 13:00, Dan Williams <d...@redhat.com> wrote:
>
> On Fri, 2015-10-09 at 12:53 -0700, Johannes Ernst wrote:
>> man systemd-nspawn, section on --network-veth
>>"The container side of the Ethernet link will be named
>> host0."
&
man systemd-nspawn, section on --network-veth
"The container side of the Ethernet link will be named
host0."
container> ip link
...
2: host0@if9: mtu 1500 qdisc fq_codel state
UP mode DEFAULT group default qlen 1000
link/ether ce:d3:4f:6c:44:5f brd
This sounds silly but I do think this used to work for me (current: v225 on
Arch, perhaps something broke?)
> systemctl -M foo enable sshd.service
creates the symlink on the host, not in the container.
Other sub-commands also work on the host, not the container.
machine foo doesn’t actually
> On Oct 5, 2015, at 14:29, David Timothy Strauss <da...@davidstrauss.net>
> wrote:
>
> If you only want one instance running, why not just create one service and
> reconfigure/restart it?
>
Because the service dependencies are totally different.
>
> On Mo
I have a foo@.service. When started as
systemctl start foo@abc
I’d like all other currently active foo@… services to stop, and vice versa. All
of the foo@.services are supposed to be mutually exclusive with each other.
In foo@.service, I attempted:
Conflicts: foo@.service
but
Setting IPMasquerade on a systemd-managed interface (e.g. for running an nspawn
container) automatically sets up a “masquerade" netfilter entry. If an iptables
ruleset exists already, it adds to it. (I think)
But what if I want to change other my firewall rules (unrelated to the
container)
> On Jan 25, 2016, at 4:43, Lennart Poettering <lenn...@poettering.net> wrote:
>
> On Sat, 23.01.16 14:22, Johannes Ernst (johannes.er...@gmail.com) wrote:
>
>> Is there a way to receive a callback when a dhcp client-side IP address
>> changes?
>&
Is there a way to receive a callback when a dhcp client-side IP address changes?
Use case: dynamic DNS update.
Thanks,
Johannes.
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
I’m running systemd 235.38 on an ARM64 device called the EspressoBin [1]. The
EspressoBin board has an on-board Ethernet switch, which I configure with
systemd-networkd (configuration is below). The device is intended as a home
router that runs IPv4 masquerading, local DNS server etc.
I’m
this? Is there an inverse of the systemd-networkd-wait-online executable?
Thanks,
Johannes.
> On Dec 6, 2017, at 3:30, Lennart Poettering <lenn...@poettering.net> wrote:
>
> On Di, 05.12.17 12:21, Johannes Ernst (johannes.er...@gmail.com) wrote:
>
> See the discussion on
> ht
It appears systemd-sysusers does not create home directories. On the other
hand, it picks (largely unpredictable) UIDs from a range.
So I have to run systemd-sysusers, and after that, find the UID of the user and
chown the home directory? Or is there the equivalent of the “useradd -m” flag
> On Feb 4, 2018, at 21:56, Michael Chapman <m...@very.puzzling.org> wrote:
>
> On Mon, 5 Feb 2018, Johannes Ernst wrote:
>> It appears systemd-sysusers does not create home directories. On the other
>> hand, it picks (largely unpredictable) UIDs from a range.
>
> On Feb 5, 2018, at 10:31, Zbigniew Jędrzejewski-Szmek
> wrote:
>> systemd-sysusers
>> [[ -d /var/lib/foo ]] && mkdir -m755 /var/lib/foo
>> chown $(id -u foo):$(id -g foo) /var/lib/foo
>
> # /usr/lib/tmpfiles.d/foo.conf
> d /var/lib/foo 0755 foo foo -
>
> (BTW, chown
I’m running with
systemd-nspawn —capability=all
but now I also need /dev/fuse and I’m not permitted to create it.
man systemd-nspawn says that "Device nodes may not be created.” which sounds
like game over and no Fuse in the container. Is it?
Thanks,
Johannes.
Here is what I do:
mkdir /etc/systemd/dnssd
cat > /etc/systemd/dnssd/http.dnssd
(the exact example file from "man systemd.dnssd”, minus leading white space)
systemctl restart systemd-resolved
Then
avahi-browse -a -r
or
systemd-resolve —-service myhost._http._tcp.local
After running a bunch of systemd-nspawn containers, I am left with a few that
seem to be empty, running nothing, but refuse to die or be killed after they
did their useful work (so they did run correctly, the problem seems to occur on
poweroff). What might be going on here?
This is:
* x86_64
> On Oct 15, 2018, at 16:17, Uoti Urpala wrote:
>
> On Mon, 2018-10-15 at 15:09 -0700, Johannes Ernst wrote:
>> I have several programs A, B and C that, while they are running, require
>> memcached.service to be running.
>> When none of A, B, or C is running, I want m
I have a oneshot .service (certbot) that is run by its .timer with:
OnCalendar=daily
RandomizedDelaySec=1day
I also have a sometimes long-running script that may modify the same data. So
the script and the oneshot service should never run at the same time.
Is there a good systemd pattern for
> On Aug 2, 2019, at 22:45, Andrei Borzenkov wrote:
>
> 02.08.2019 23:24, Johannes Ernst пишет:
>> I have a oneshot .service (certbot) that is run by its .timer with:
>>
>> OnCalendar=daily
>> RandomizedDelaySec=1day
>>
>> I also have a sometimes
I've been running the same systemd-nspawn container for some time, always with
the same options:
systemd-nspawn -b -n -D dir -M name --bind /home -x
It would always bring up the virtual ethernet link immediately during boot of
the container. But since a recent Arch (host) upgrade (I
> On Sep 9, 2019, at 12:16, Ansgar Burchardt wrote:
>
> Johannes Ernst writes:
>> I've been running the same systemd-nspawn container for some time, always
>> with the same options:
>>
>> systemd-nspawn -b -n -D dir -M name --bind /home -x
>>
Is there a best practice for scheduling .timers based on what happened in a
previous run?
Pseudocode:
while( true ) :
delta = runService();
sleep( delta );
I can think of …
1) run the job frequently, but skip the bulk of its execution most of the time
(e.g. decrementing a counter
I can run a full Arch system (with systemd as PID 1) in a Docker container in
Docker privileged mode:
sudo docker run -i -t --privileged archlinux /usr/lib/systemd/systemd
but privileged mode is, well, a bit privileged. I believe used to be able to
tone this down with something like:
> On Jun 18, 2021, at 16:02, Silvio Knizek wrote:
>
> Am Freitag, dem 18.06.2021 um 14:52 -0700 schrieb Johannes Ernst:
>>
>> Thanks, Silvio, but no luck:
>>
>> I have host, container a and container b.
>>
>> In both containers, .network for ho
I’d like to be able to DNS lookup container b from within container a, if both
were started with systemd-nspawn as siblings of each other, and shown as a and
b in machinectl list.
man nss-mymachines specifically notes it won’t do that.
What’s the proper way of doing this?
Thanks,
> On Jun 18, 2021, at 2:02, Silvio Knizek wrote:
>
> Am Donnerstag, dem 17.06.2021 um 20:26 -0700 schrieb Johannes Ernst:
>> I’d like to be able to DNS lookup container b from within container a, if
>> both were started with systemd-nspawn as siblings of each other, and
69 matches
Mail list logo