1<?xml version='1.0'?> <!--*-nxml-*-->
2<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3  "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
4<!-- SPDX-License-Identifier: LGPL-2.1-or-later -->
5
6<refentry id="nss-mymachines" conditional='ENABLE_NSS_MYMACHINES'>
7
8  <refentryinfo>
9    <title>nss-mymachines</title>
10    <productname>systemd</productname>
11  </refentryinfo>
12
13  <refmeta>
14    <refentrytitle>nss-mymachines</refentrytitle>
15    <manvolnum>8</manvolnum>
16  </refmeta>
17
18  <refnamediv>
19    <refname>nss-mymachines</refname>
20    <refname>libnss_mymachines.so.2</refname>
21    <refpurpose>Hostname resolution for local container instances</refpurpose>
22  </refnamediv>
23
24  <refsynopsisdiv>
25    <para><filename>libnss_mymachines.so.2</filename></para>
26  </refsynopsisdiv>
27
28  <refsect1>
29    <title>Description</title>
30
31    <para><command>nss-mymachines</command> is a plug-in module for the GNU Name Service Switch (NSS) functionality of
32    the GNU C Library (<command>glibc</command>), providing hostname resolution for the names of containers running
33    locally that are registered with
34    <citerefentry><refentrytitle>systemd-machined.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>. The
35    container names are resolved to the IP addresses of the specific container, ordered by their scope. This
36    functionality only applies to containers using network namespacing (see the description of
37    <option>--private-network</option> in
38    <citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry>).
39    Note that the name that is resolved is the one registered with <command>systemd-machined</command>, which
40    may be different than the hostname configured inside of the container.</para>
41
42    <para>Note that this NSS module only makes available names of the containers running immediately below
43    the current system context. It does not provide host name resolution for containers running side-by-side
44    with the invoking system context, or containers further up or down the container hierarchy. Or in other
45    words, on the host system it provides host name resolution for the containers running immediately below
46    the host environment. When used inside a container environment however, it will not be able to provide
47    name resolution for containers running on the host (as those are siblings and not children of the current
48    container environment), but instead only for nested containers running immediately below its own
49    container environment.</para>
50
51    <para>To activate the NSS module, add <literal>mymachines</literal> to the line starting with
52    <literal>hosts:</literal> in <filename>/etc/nsswitch.conf</filename>.</para>
53
54    <para>It is recommended to place <literal>mymachines</literal> before the <literal>resolve</literal> or
55    <literal>dns</literal> entry of the <literal>hosts:</literal> line of
56    <filename>/etc/nsswitch.conf</filename> in order to make sure that its mappings are preferred over other
57    resolvers such as DNS.</para>
58  </refsect1>
59
60  <refsect1>
61    <title>Configuration in <filename>/etc/nsswitch.conf</filename></title>
62
63    <para>Here is an example <filename>/etc/nsswitch.conf</filename> file that enables
64    <command>nss-mymachines</command> correctly:</para>
65
66    <!-- synchronize with other nss-* man pages and factory/etc/nsswitch.conf -->
67    <programlisting>passwd:         compat systemd
68group:          compat [SUCCESS=merge] systemd
69shadow:         compat systemd
70gshadow:        files systemd
71
72hosts:          <command>mymachines</command> resolve [!UNAVAIL=return] files myhostname dns
73networks:       files
74
75protocols:      db files
76services:       db files
77ethers:         db files
78rpc:            db files
79
80netgroup:       nis</programlisting>
81
82  </refsect1>
83
84  <refsect1>
85    <title>Example: Mappings provided by <filename>nss-mymachines</filename></title>
86
87    <para>The container <literal>rawhide</literal> is spawned using
88    <citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry>:
89    </para>
90
91    <programlisting># systemd-nspawn -M rawhide --boot --network-veth --private-users=pick
92Spawning container rawhide on /var/lib/machines/rawhide.
93Selected user namespace base 20119552 and range 65536.
94...
95
96$ machinectl --max-addresses=3
97MACHINE CLASS     SERVICE        OS     VERSION ADDRESSES
98rawhide container systemd-nspawn fedora 30      169.254.40.164 fe80::94aa:3aff:fe7b:d4b9
99
100$ ping -c1 rawhide
101PING rawhide(fe80::94aa:3aff:fe7b:d4b9%ve-rawhide (fe80::94aa:3aff:fe7b:d4b9%ve-rawhide)) 56 data bytes
10264 bytes from fe80::94aa:3aff:fe7b:d4b9%ve-rawhide (fe80::94aa:3aff:fe7b:d4b9%ve-rawhide): icmp_seq=1 ttl=64 time=0.045 ms
103...
104$ ping -c1 -4 rawhide
105PING rawhide (169.254.40.164) 56(84) bytes of data.
10664 bytes from 169.254.40.164 (169.254.40.164): icmp_seq=1 ttl=64 time=0.064 ms
107...
108
109# machinectl shell rawhide /sbin/ip a
110Connected to machine rawhide. Press ^] three times within 1s to exit session.
1111: lo: &lt;LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
112    ...
1132: host0@if21: &lt;BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
114    link/ether 96:aa:3a:7b:d4:b9 brd ff:ff:ff:ff:ff:ff link-netnsid 0
115    inet 169.254.40.164/16 brd 169.254.255.255 scope link host0
116       valid_lft forever preferred_lft forever
117    inet6 fe80::94aa:3aff:fe7b:d4b9/64 scope link
118       valid_lft forever preferred_lft forever
119Connection to machine rawhide terminated.
120</programlisting>
121  </refsect1>
122
123  <refsect1>
124    <title>See Also</title>
125    <para>
126      <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
127      <citerefentry><refentrytitle>systemd-machined.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
128      <citerefentry><refentrytitle>machinectl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
129      <citerefentry><refentrytitle>nss-systemd</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
130      <citerefentry><refentrytitle>nss-resolve</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
131      <citerefentry><refentrytitle>nss-myhostname</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
132      <citerefentry project='man-pages'><refentrytitle>nsswitch.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
133      <citerefentry project='man-pages'><refentrytitle>getent</refentrytitle><manvolnum>1</manvolnum></citerefentry>
134    </para>
135  </refsect1>
136
137</refentry>
138