'\" t .TH "SYSTEMD\-MACHINED\&.SERVICE" "8" "" "systemd 256.7" "systemd-machined.service" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" systemd-machined.service, systemd-machined \- Virtual machine and container registration manager .SH "SYNOPSIS" .PP systemd\-machined\&.service .PP /usr/lib/systemd/systemd\-machined .SH "DESCRIPTION" .PP \fBsystemd\-machined\fR is a system service that keeps track of locally running virtual machines and containers\&. .PP \fBsystemd\-machined\fR is useful for registering and keeping track of both OS containers (containers that share the host kernel but run a full init system of their own and behave in most regards like a full virtual operating system rather than just one virtualized app) and full virtual machines (virtualized hardware running normal operating systems and possibly different kernels)\&. .PP \fBsystemd\-machined\fR should \fInot\fR be used for registering/keeping track of application sandbox containers\&. A \fImachine\fR in the context of \fBsystemd\-machined\fR is supposed to be an abstract term covering both OS containers and full virtual machines, but not application sandboxes\&. .PP Machines registered with machined are exposed in various ways in the system\&. For example: .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} Tools like \fBps\fR(1) will show to which machine a specific process belongs in a column of its own, and so will \m[blue]\fBgnome\-system\-monitor\fR\m[]\&\s-2\u[1]\d\s+2 or \fBsystemd-cgls\fR(1)\&. .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} systemd\*(Aqs various tools (\fBsystemctl\fR(1), \fBjournalctl\fR(1), \fBloginctl\fR(1), \fBhostnamectl\fR(1), \fBtimedatectl\fR(1), \fBlocalectl\fR(1), \fBmachinectl\fR(1), \&.\&.\&.) support the \fB\-M\fR switch to operate on local containers instead of the host system\&. .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} \fBsystemctl list\-machines\fR will show the system state of all local containers, connecting to the container\*(Aqs init system for that\&. .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} systemctl\*(Aqs \fB\-\-recursive\fR switch has the effect of not only showing the locally running services, but recursively showing the services of all registered containers\&. .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} The \fBmachinectl\fR command provides access to a number of useful operations on registered containers, such as introspecting them, rebooting, shutting them down, and getting a login prompt on them\&. .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} The \fBsd-bus\fR(3) library exposes the \fBsd_bus_open_system_machine\fR(3) call to connect to the system bus of any registered container\&. .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} The \fBnss-mymachines\fR(8) module makes sure all registered containers can be resolved via normal glibc \fBgethostbyname\fR(3) or \fBgetaddrinfo\fR(3) calls\&. .RE .PP See \fBsystemd-nspawn\fR(1) for some examples on how to run containers with OS tools\&. .PP If you are interested in writing a VM or container manager that makes use of machined, please have look at \m[blue]\fBWriting Virtual Machine or Container Managers\fR\m[]\&\s-2\u[2]\d\s+2\&. Also see the \m[blue]\fBNew Control Group Interfaces\fR\m[]\&\s-2\u[3]\d\s+2\&. .PP The daemon provides both a C library interface (which is shared with \fBsystemd-logind.service\fR(8)) as well as a D\-Bus interface and a Varlink interface\&. The library interface may be used to introspect and watch the state of virtual machines/containers\&. The bus interface provides the same but in addition may also be used to register or terminate machines\&. The Varlink interface may be used to register machines with optional extensions, e\&.g\&. with an SSH key / address; it can be queried with \fBvarlinkctl introspect /run/systemd/machine/io\&.systemd\&.Machine io\&.systemd\&.Machine\fR\&. For more information please consult \fBsd-login\fR(3) and \fBorg.freedesktop.machine1\fR(5) and \fBorg.freedesktop.LogControl1\fR(5)\&. .PP A small companion daemon \fBsystemd-importd.service\fR(8) is also available, which implements importing, exporting, and downloading of container and VM images\&. .PP For each container registered with systemd\-machined\&.service that employs user namespacing, users/groups are synthesized for the used UIDs/GIDs\&. These are made available to the system using the \m[blue]\fBUser/Group Record Lookup API via Varlink\fR\m[]\&\s-2\u[4]\d\s+2, and thus may be resolved with \fBuserdbctl\fR(1) or the usual glibc NSS calls\&. .SH "SEE ALSO" .PP \fBsystemd\fR(1), \fBmachinectl\fR(1), \fBsystemd-nspawn\fR(1), \fBnss-mymachines\fR(8), \fBsystemd.special\fR(7) .SH "NOTES" .IP " 1." 4 gnome-system-monitor .RS 4 \%https://help.gnome.org/users/gnome-system-monitor/ .RE .IP " 2." 4 Writing Virtual Machine or Container Managers .RS 4 \%https://systemd.io/WRITING_VM_AND_CONTAINER_MANAGERS .RE .IP " 3." 4 New Control Group Interfaces .RS 4 \%https://systemd.io/CONTROL_GROUP_INTERFACE .RE .IP " 4." 4 User/Group Record Lookup API via Varlink .RS 4 \%https://systemd.io/USER_GROUP_API .RE