[systemd-devel] machinectl start vs. systemctl enable systemd-nspawn@...

What’s the difference between machinectl start foo and systemctl start systemd-nspawn@foo ? They look the same to me. Thanks, Johannes. ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org

Re: [systemd-devel] journalctl - Error was encountered while opening journal files: Invalid argument

I realized later that this virtual machine had ended up with a borked btrfs filesystem. I blame it on a problem with the outer OSX filesystem, but regardless, it does not seem to be a systemd problem. So disregard this error. Cheers, Johannes.

Re: [systemd-devel] How to provision a container after creation via a script

On Jun 23, 2015, at 7:45, Matthew Karas mkarasc...@gmail.com wrote: I am trying to configure a container after creation using machinectl but I'm coming up against problems in my implementation. If this isn't the correct way to set up a container after creation please let me know the right

[systemd-devel] machinectl clone -- access denied

I can import-tar, list-images, image-status, start, rename, and remove, but sudo machinectl clone depot depot2 Could not clone image: Access denied Am I doing this wrong? This is systemd 221-1 on Arch. $ sudo machinectl list-images NAME TYPE RO USAGE CREATED

[systemd-devel] ip_forward

(Morale: in doubt, lean hard on your booleans) 1. Reboot host. (Arch running in VirtualBox on Mac) 2. host sysctl net.ipv4.ip_forward net.ipv4.ip_forward = 1 3. host sudo systemd-nspawn -M container -b -j -n --bind /home:/home (Arch subset / UBOS) 4. container ping 8.8.8.8 7 packets

Re: [systemd-devel] howto handle one time shutdown programs

Hallo Andreas, On Jun 25, 2015, at 7:57, Andreas Buschmann busch...@tech.net.de wrote: Hello, I am writing a systemd .service file to handle NVDIMMs. - start - stop - reload all work The problem child is restart. Restart is internally implemented as stop followed by start. The

[systemd-devel] leftover interface

Not sure how I just managed to do that, but after an nspawn run with -n, I have a leftover ve-xxx interface on the host. The container/machine is gone, the (ephemeral) file system is gone, just the interface is still there. Also sometimes it seems that the ephemeral subvolume stays around if

[systemd-devel] Confusing error message

$ systemctl restart systemd-networkd Failed to restart systemd-networkd.service: The name org.freedesktop.PolicyKit1 was not provided by any .service files $ sudo systemctl restart systemd-networkd Works. Presumably this error message could be improved, in particular because that name is

Re: [systemd-devel] journalctl - Error was encountered while opening journal files: Invalid argument

On Jun 19, 2015, at 23:37, Daniel Mack dan...@zonque.org wrote: On 06/19/2015 09:31 PM, Johannes Ernst wrote: After a reboot, root gets this: # journalctl Error was encountered while opening journal files: Invalid argument No other output. What does 'strace journalctl' say

[systemd-devel] journalctl - Error was encountered while opening journal files: Invalid argument

After a reboot, root gets this: # journalctl Error was encountered while opening journal files: Invalid argument No other output. Non-root gets user-specific output. What might have happened here. and how do I fix it? I upgraded from 220 to 221: same behavior. I briefly ran out of space on a

[systemd-devel] /etc/resolv.conf link in container

I have a root filesystem in directory foo/ It has symlink foo/etc/resolv.conf - /run/systemd/resolve/resolv.conf When I’m booting the container: sudo systemd-nspawn --directory foo --boot I’m getting: Failed to copy /etc/resolv.conf to /home/…./foo/etc/resolv.conf: Too many levels

[systemd-devel] nspawn --ephemeral

I have a root filesystem directory in foo/ I boot with nspawn, and immediately, in the container: systemctl poweroff This works fine if invoked as: sudo systemd-nspawn --directory foo --boot -n But if I add --ephemeral (and it is a btrfs filesystem) sudo systemd-nspawn --directory

Re: [systemd-devel] nspawn --ephemeral

Aha! Works in 220. (It’s still in testing in Arch, so I had been on 219) I’m still unclear why there’s an (empty) /var/lib/machines in the container. On Jun 16, 2015, at 15:22, Lennart Poettering lenn...@poettering.net wrote: On Tue, 16.06.15 14:53, Johannes Ernst (johannes.er...@gmail.com

Re: [systemd-devel] machinectl status vs show

...@gmail.com) wrote: Hi On Wed, Jun 17, 2015 at 5:53 AM, Johannes Ernst johannes.er...@gmail.com wrote: Are those supposed to produce the same information, just formatted differently (man vs machine per man page)? I’m failing to convince ‘show’ to give me the container’s IP address, while

Re: [systemd-devel] /etc/resolv.conf link in container

On Jun 17, 2015, at 1:07, David Herrmann dh.herrm...@gmail.com wrote: Hi On Tue, Jun 16, 2015 at 11:39 PM, Johannes Ernst johannes.er...@gmail.com wrote: I have a root filesystem in directory foo/ It has symlink foo/etc/resolv.conf - /run/systemd/resolve/resolv.conf When I’m

Re: [systemd-devel] machinectl status vs show

On Jun 17, 2015, at 14:09, Lennart Poettering lenn...@poettering.net wrote: On Wed, 17.06.15 13:34, Johannes Ernst (johannes.er...@gmail.com) wrote: 2. So how do I get at the IP address of the container in a way that is easily parseable? make sure nss-mymachines is installed

[systemd-devel] machinectl status vs show

Are those supposed to produce the same information, just formatted differently (man vs machine per man page)? I’m failing to convince ‘show’ to give me the container’s IP address, while ‘status’ has all of them. Cheers, Johannes. ___

[systemd-devel] Understanding DHCP, DNS and IPMasquerade

My host obtains an IP address and DNS server via DHCP from upstream via Ethernet like this (systemd 219, Arch Linux) [Match] Name=en* [Network] DHCP=ipv4 It has the resolv.conf symlink to /run/systemd/resolve/resolv.conf, and the DNS server from DHCP shows up there. It also

Re: [systemd-devel] Understanding DHCP, DNS and IPMasquerade

On Jun 13, 2015, at 2:33, joerg.syst...@higgsboson.tk mailto:joerg.syst...@higgsboson.tk wrote: 13. Juni 2015 02:32 Uhr, Johannes Ernst johannes.er...@gmail.com mailto:johannes.er...@gmail.com schrieb: My host obtains an IP address and DNS server via DHCP from upstream via Ethernet

Re: [systemd-devel] Understanding DHCP, DNS and IPMasquerade

On Jun 15, 2015, at 11:32, Lennart Poettering lenn...@poettering.net wrote: On Mon, 15.06.15 10:39, Johannes Ernst (johannes.er...@gmail.com) wrote: On Jun 15, 2015, at 10:33, Lennart Poettering lenn...@poettering.net wrote: On Mon, 15.06.15 10:32, Johannes Ernst (johannes.er

Re: [systemd-devel] Understanding DHCP, DNS and IPMasquerade

On Jun 14, 2015, at 15:27, Lennart Poettering lenn...@poettering.net wrote: On Fri, 12.06.15 17:32, Johannes Ernst (johannes.er...@gmail.com) wrote: * host and container can ping test (if test is the name of the * container machine per machinectl): FAILS, neither can Do you have nss

Re: [systemd-devel] Understanding DHCP, DNS and IPMasquerade

On Jun 15, 2015, at 10:33, Lennart Poettering lenn...@poettering.net wrote: On Mon, 15.06.15 10:32, Johannes Ernst (johannes.er...@gmail.com mailto:johannes.er...@gmail.com) wrote: On Jun 14, 2015, at 15:27, Lennart Poettering lenn...@poettering.net wrote: On Fri, 12.06.15 17:32

[systemd-devel] Scripting a server test

This is a best-practice question. I’d like to automate testing of a web application (running in a container) by running curl from the host. The logical sequence should be: * boot container using local tar file or existing directory * wait until container is-system-running=true * on the

[systemd-devel] How do I find out why a service was started? (systemd-tmpfiles-setup failed in container)

My container is degraded because systemd-tmpfiles-setup.service failed. My understanding is that it should not run in the container anyway. (Right?) How do I find out why it was started? This is probably a noob question. Thanks, Johannes. ___

Re: [systemd-devel] How do I find out why a service was started? (systemd-tmpfiles-setup failed in container)

Hey Martin, thanks, but: My container is degraded because systemd-tmpfiles-setup.service failed. My understanding is that it should not run in the container anyway. (Right?) It should run in a container; its purpose is both necessary, and I don't see why a container would have any

[systemd-devel] what does --ephemeral really do on btrfs?

If I run systemd-nspawn with —ephemeral, it creates a new temporary btrfs subvolume, the documentation says. Mine takes an awful long time — blocking IO on the device in the awful long meantime — and I’m puzzled why. Does it perhaps copy (deep? references only?) the entire drive? Should I

[systemd-devel] getent hosts machine

I was hoping that getent hosts containername would work, just like getent hosts hostname where hostname can be anything else in the hosts: field in nsswitch.conf. But no such luck. The containername does get resolved correctly in other cases, e.g. when pinging it. Not knowing

Re: [systemd-devel] How do I find out why a service was started? (systemd-tmpfiles-setup failed in container)

On Jul 3, 2015, at 4:01, Lennart Poettering lenn...@poettering.net wrote: On Wed, 01.07.15 13:50, Johannes Ernst (johannes.er...@gmail.com mailto:johannes.er...@gmail.com) wrote: Hey Martin, thanks, but: My container is degraded because systemd-tmpfiles-setup.service failed. My

Re: [systemd-devel] getent hosts machine

On Jun 29, 2015, at 10:32, Johannes Ernst johannes.er...@gmail.com wrote: I was hoping that getent hosts containername would work, just like getent hosts hostname where hostname can be anything else in the hosts: field in nsswitch.conf. But no such luck. The containername

Re: [systemd-devel] How do I find out why a service was started? (systemd-tmpfiles-setup failed in container)

On Jul 1, 2015, at 14:59, Michael Biebl mbi...@gmail.com wrote: 2015-07-01 22:50 GMT+02:00 Johannes Ernst johannes.er...@gmail.com mailto:johannes.er...@gmail.com: Hey Martin, thanks, but: My container is degraded because systemd-tmpfiles-setup.service failed. My understanding

[systemd-devel] directory for machine templates

/var/lib/machines is intended to be, as I understand it, for (virtual) machines that are or could be started at every boot. Would it make sense to have a similar convention for templates? Use cases: 1. Testing. Pull base image once, run lots of containers from the same base image 2. Hosting.

[systemd-devel] ip_forward issue again

The strange sysctl fails to setup IP forwarding #468”, closed after ordering systemd-sysctl and systemd-networkd, unfortunately still occurs for me. https://github.com/systemd/systemd/issues/468#issuecomment-117904714 Cheers, Johannes. ___

Re: [systemd-devel] Fedora 21 and systemd-nspawn

On Jun 15, 2015, at 18:15, Chris Morgan chmor...@gmail.com wrote: But yeah, was wondering if there were known users of nspawn containers that discussed their use cases. I’m starting to us it for testing of installation and upgrades of various web apps on UBOS [1] using webapptest [2].

Re: [systemd-devel] How do I find out why a service was started? (systemd-tmpfiles-setup failed in container)

On Jul 3, 2015, at 4:01, Lennart Poettering lenn...@poettering.net wrote: On Wed, 01.07.15 13:50, Johannes Ernst (johannes.er...@gmail.com mailto:johannes.er...@gmail.com) wrote: My container is degraded because systemd-tmpfiles-setup.service failed. My understanding is that it should

[systemd-devel] ip forwarding

TL;DR: I propose to have IPForward default to “no change”, rather than 0, as 0 has unexpected consequences for non-expert users. Details: A few months ago there where some threads about ip_forwarding needing a toggle from 1 to 0 and back to 1 before it would work. [1][2][3] It appears I found

Re: [systemd-devel] ip forwarding

This makes my point. The default = 0 is counter intuitive and costs much time for the lucky ones among us who can figure it out. The rest will just give up... Sent from my iPad. > On Nov 5, 2015, at 22:32, Peter Paule wrote: > > Hi Johannes, > > I had the same

Re: [systemd-devel] ip forwarding

> On Nov 6, 2015, at 1:09, Reindl Harald wrote: > > defaults should have security in mind, … IMHO the current behavior is actually less secure: If I set net.ipv4.ip_forward=1, I intentionally set forwarding on all interfaces, as documented in countless tutorials, so

[systemd-devel] Two services allocated for the same bus name ...

I’m trying to set up two different Avahi configurations, using foo.service and bar.service. Error message: Two services allocated for the same bus name org.freedesktop.Avahi, refusing operation. On the face of it, that seems to be correct: indeed foo.service and bar.service both declare

[systemd-devel] propagate reload from other events

I understand that if foo.service specifies: PropagatesReloadTo=bar.service and I execute “systemctl reload foo”, this will trigger a reload of bar as well. Typically I might do that if I have changed some config file, and I want the daemon(s) to pick it up. Is there a similar mechanism that

Re: [systemd-devel] Two services allocated for the same bus name ...

> On Oct 10, 2015, at 22:54, Andrei Borzenkov <arvidj...@gmail.com> wrote: > > 11.10.2015 06:09, Johannes Ernst пишет: >> I’m trying to set up two different Avahi configurations, using foo.service >> and bar.service. >> >> Error message: >> &g

[systemd-devel] One-Command complex network reconfiguration, was: propagate reload from other events

On Oct 10, 2015, at 23:16, Andrei Borzenkov <arvidj...@gmail.com> wrote: > > 11.10.2015 07:14, Johannes Ernst пишет: >> I understand that if foo.service specifies: >> >> PropagatesReloadTo=bar.service >> >> and I execute “systemctl reload foo”, thi

Re: [systemd-devel] One-Command complex network reconfiguration, was: propagate reload from other events

On Oct 12, 2015, at 1:20, Andrei Borzenkov <arvidj...@gmail.com> wrote:On Mon, Oct 12, 2015 at 1:40 AM, Johannes Ernst<johannes.er...@gmail.com> wrote:I guess I need to explain what I’m trying to do:I want a single command to reconfigure networking for different situationsthat a de

Re: [systemd-devel] run no more than one of foo@.service at a time

> On Oct 6, 2015, at 6:19, Lennart Poettering <lenn...@poettering.net> wrote: > > On Mon, 05.10.15 09:04, Johannes Ernst (johannes.er...@gmail.com) wrote: > >> I have a foo@.service. When started as >> systemctl start foo@abc >> I’d like all other cur

Re: [systemd-devel] container virtual Ethernet link naming

> On Oct 9, 2015, at 13:00, Dan Williams <d...@redhat.com> wrote: > > On Fri, 2015-10-09 at 12:53 -0700, Johannes Ernst wrote: >> man systemd-nspawn, section on --network-veth >>"The container side of the Ethernet link will be named >> host0." &

[systemd-devel] container virtual Ethernet link naming

man systemd-nspawn, section on --network-veth "The container side of the Ethernet link will be named host0." container> ip link ... 2: host0@if9: mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000 link/ether ce:d3:4f:6c:44:5f brd

[systemd-devel] systemctl -M foo operates on host not container foo

This sounds silly but I do think this used to work for me (current: v225 on Arch, perhaps something broke?) > systemctl -M foo enable sshd.service creates the symlink on the host, not in the container. Other sub-commands also work on the host, not the container. machine foo doesn’t actually

Re: [systemd-devel] run no more than one of foo@.service at a time

> On Oct 5, 2015, at 14:29, David Timothy Strauss <da...@davidstrauss.net> > wrote: > > If you only want one instance running, why not just create one service and > reconfigure/restart it? > Because the service dependencies are totally different. > > On Mo

[systemd-devel] run no more than one of foo@.service at a time

I have a foo@.service. When started as systemctl start foo@abc I’d like all other currently active foo@… services to stop, and vice versa. All of the foo@.services are supposed to be mutually exclusive with each other. In foo@.service, I attempted: Conflicts: foo@.service but

[systemd-devel] container networking and iptables

Setting IPMasquerade on a systemd-managed interface (e.g. for running an nspawn container) automatically sets up a “masquerade" netfilter entry. If an iptables ruleset exists already, it adds to it. (I think) But what if I want to change other my firewall rules (unrelated to the container)

Re: [systemd-devel] dhcp address change callback?

> On Jan 25, 2016, at 4:43, Lennart Poettering <lenn...@poettering.net> wrote: > > On Sat, 23.01.16 14:22, Johannes Ernst (johannes.er...@gmail.com) wrote: > >> Is there a way to receive a callback when a dhcp client-side IP address >> changes? >&

[systemd-devel] dhcp address change callback?

Is there a way to receive a callback when a dhcp client-side IP address changes? Use case: dynamic DNS update. Thanks, Johannes. ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org

[systemd-devel] systemd-networkd-wait-online

I’m running systemd 235.38 on an ARM64 device called the EspressoBin [1]. The EspressoBin board has an on-board Ethernet switch, which I configure with systemd-networkd (configuration is below). The device is intended as a home router that runs IPv4 masquerading, local DNS server etc. I’m

Re: [systemd-devel] systemd-networkd-wait-online

this? Is there an inverse of the systemd-networkd-wait-online executable? Thanks, Johannes. > On Dec 6, 2017, at 3:30, Lennart Poettering <lenn...@poettering.net> wrote: > > On Di, 05.12.17 12:21, Johannes Ernst (johannes.er...@gmail.com) wrote: > > See the discussion on > ht

[systemd-devel] systemd-sysusers

It appears systemd-sysusers does not create home directories. On the other hand, it picks (largely unpredictable) UIDs from a range. So I have to run systemd-sysusers, and after that, find the UID of the user and chown the home directory? Or is there the equivalent of the “useradd -m” flag

Re: [systemd-devel] systemd-sysusers

> On Feb 4, 2018, at 21:56, Michael Chapman <m...@very.puzzling.org> wrote: > > On Mon, 5 Feb 2018, Johannes Ernst wrote: >> It appears systemd-sysusers does not create home directories. On the other >> hand, it picks (largely unpredictable) UIDs from a range. >

Re: [systemd-devel] systemd-sysusers

> On Feb 5, 2018, at 10:31, Zbigniew Jędrzejewski-Szmek > wrote: >> systemd-sysusers >> [[ -d /var/lib/foo ]] && mkdir -m755 /var/lib/foo >> chown $(id -u foo):$(id -g foo) /var/lib/foo > > # /usr/lib/tmpfiles.d/foo.conf > d /var/lib/foo 0755 foo foo - > > (BTW, chown

[systemd-devel] Run fuse in nspawn container?

I’m running with systemd-nspawn —capability=all but now I also need /dev/fuse and I’m not permitted to create it. man systemd-nspawn says that "Device nodes may not be created.” which sounds like game over and no Fuse in the container. Is it? Thanks, Johannes.

[systemd-devel] getting dns-sd to work

Here is what I do: mkdir /etc/systemd/dnssd cat > /etc/systemd/dnssd/http.dnssd (the exact example file from "man systemd.dnssd”, minus leading white space) systemctl restart systemd-resolved Then avahi-browse -a -r or systemd-resolve —-service myhost._http._tcp.local

[systemd-devel] leftover machines

After running a bunch of systemd-nspawn containers, I am left with a few that seem to be empty, running nothing, but refuse to die or be killed after they did their useful work (so they did run correctly, the problem seems to occur on poweroff). What might be going on here? This is: * x86_64

Re: [systemd-devel] dependency-only .service

> On Oct 15, 2018, at 16:17, Uoti Urpala wrote: > > On Mon, 2018-10-15 at 15:09 -0700, Johannes Ernst wrote: >> I have several programs A, B and C that, while they are running, require >> memcached.service to be running. >> When none of A, B, or C is running, I want m

[systemd-devel] "semaphore" for .timer-triggered run

I have a oneshot .service (certbot) that is run by its .timer with: OnCalendar=daily RandomizedDelaySec=1day I also have a sometimes long-running script that may modify the same data. So the script and the oneshot service should never run at the same time. Is there a good systemd pattern for

Re: [systemd-devel] "semaphore" for .timer-triggered run

> On Aug 2, 2019, at 22:45, Andrei Borzenkov wrote: > > 02.08.2019 23:24, Johannes Ernst пишет: >> I have a oneshot .service (certbot) that is run by its .timer with: >> >> OnCalendar=daily >> RandomizedDelaySec=1day >> >> I also have a sometimes

[systemd-devel] host0 virtual link suddenly default down in systemd-nspawn container

I've been running the same systemd-nspawn container for some time, always with the same options: systemd-nspawn -b -n -D dir -M name --bind /home -x It would always bring up the virtual ethernet link immediately during boot of the container. But since a recent Arch (host) upgrade (I

Re: [systemd-devel] host0 virtual link suddenly default down in systemd-nspawn container

> On Sep 9, 2019, at 12:16, Ansgar Burchardt wrote: > > Johannes Ernst writes: >> I've been running the same systemd-nspawn container for some time, always >> with the same options: >> >> systemd-nspawn -b -n -D dir -M name --bind /home -x >>

[systemd-devel] Dynamic .timer scheduling

Is there a best practice for scheduling .timers based on what happened in a previous run? Pseudocode: while( true ) : delta = runService(); sleep( delta ); I can think of … 1) run the job frequently, but skip the bulk of its execution most of the time (e.g. decrementing a counter

[systemd-devel] Running systemd unprivileged in Docker container

I can run a full Arch system (with systemd as PID 1) in a Docker container in Docker privileged mode: sudo docker run -i -t --privileged archlinux /usr/lib/systemd/systemd but privileged mode is, well, a bit privileged. I believe used to be able to tone this down with something like:

Re: [systemd-devel] sibling DNS lookup of nspawn containers

> On Jun 18, 2021, at 16:02, Silvio Knizek wrote: > > Am Freitag, dem 18.06.2021 um 14:52 -0700 schrieb Johannes Ernst: >> >> Thanks, Silvio, but no luck: >> >> I have host, container a and container b. >> >> In both containers, .network for ho

[systemd-devel] sibling DNS lookup of nspawn containers

I’d like to be able to DNS lookup container b from within container a, if both were started with systemd-nspawn as siblings of each other, and shown as a and b in machinectl list. man nss-mymachines specifically notes it won’t do that. What’s the proper way of doing this? Thanks,

Re: [systemd-devel] sibling DNS lookup of nspawn containers

> On Jun 18, 2021, at 2:02, Silvio Knizek wrote: > > Am Donnerstag, dem 17.06.2021 um 20:26 -0700 schrieb Johannes Ernst: >> I’d like to be able to DNS lookup container b from within container a, if >> both were started with systemd-nspawn as siblings of each other, and