> On Jun 18, 2021, at 16:02, Silvio Knizek wrote:
>
> Am Freitag, dem 18.06.2021 um 14:52 -0700 schrieb Johannes Ernst:
>>
>> Thanks, Silvio, but no luck:
>>
>> I have host, container a and container b.
>>
>> In both containers, .network for ho
> On Jun 18, 2021, at 2:02, Silvio Knizek wrote:
>
> Am Donnerstag, dem 17.06.2021 um 20:26 -0700 schrieb Johannes Ernst:
>> I’d like to be able to DNS lookup container b from within container a, if
>> both were started with systemd-nspawn as siblings of each other, and sh
I’d like to be able to DNS lookup container b from within container a, if both
were started with systemd-nspawn as siblings of each other, and shown as a and
b in machinectl list.
man nss-mymachines specifically notes it won’t do that.
What’s the proper way of doing this?
Thanks,
Johannes.
I can run a full Arch system (with systemd as PID 1) in a Docker container in
Docker privileged mode:
sudo docker run -i -t --privileged archlinux /usr/lib/systemd/systemd
but privileged mode is, well, a bit privileged. I believe used to be able to
tone this down with something like:
sud
Is there a best practice for scheduling .timers based on what happened in a
previous run?
Pseudocode:
while( true ) :
delta = runService();
sleep( delta );
I can think of …
1) run the job frequently, but skip the bulk of its execution most of the time
(e.g. decrementing a counter save
> On Sep 9, 2019, at 12:16, Ansgar Burchardt wrote:
>
> Johannes Ernst writes:
>> I've been running the same systemd-nspawn container for some time, always
>> with the same options:
>>
>> systemd-nspawn -b -n -D dir -M name --bind /home -x
>&
I've been running the same systemd-nspawn container for some time, always with
the same options:
systemd-nspawn -b -n -D dir -M name --bind /home -x
It would always bring up the virtual ethernet link immediately during boot of
the container. But since a recent Arch (host) upgrade (I thi
> On Aug 2, 2019, at 22:45, Andrei Borzenkov wrote:
>
> 02.08.2019 23:24, Johannes Ernst пишет:
>> I have a oneshot .service (certbot) that is run by its .timer with:
>>
>> OnCalendar=daily
>> RandomizedDelaySec=1day
>>
>> I also have a sometimes
I have a oneshot .service (certbot) that is run by its .timer with:
OnCalendar=daily
RandomizedDelaySec=1day
I also have a sometimes long-running script that may modify the same data. So
the script and the oneshot service should never run at the same time.
Is there a good systemd pattern for so
> On Oct 15, 2018, at 16:17, Uoti Urpala wrote:
>
> On Mon, 2018-10-15 at 15:09 -0700, Johannes Ernst wrote:
>> I have several programs A, B and C that, while they are running, require
>> memcached.service to be running.
>> When none of A, B, or C is running, I want m
I have several programs A, B and C that, while they are running, require
memcached.service to be running.
When none of A, B, or C is running, I want memcached.service to not run either.
A, B and C should share the same memcached instance.
How do I best express this?
I was thinking I would have a
This is Arch. I boot the system, and ssh in as user “shepherd”. Something goes
wrong, but from the log (below) I cannot tell what it is. I do get a shell and
everything seems to work fine. If I terminate ssh and re-log in, everything is
fine.
This happens often enough I’m wondering … ideas?
Ch
Here is what I do:
mkdir /etc/systemd/dnssd
cat > /etc/systemd/dnssd/http.dnssd
(the exact example file from "man systemd.dnssd”, minus leading white space)
systemctl restart systemd-resolved
Then
avahi-browse -a -r
or
systemd-resolve —-service myhost._http._tcp.local
as
I’m running with
systemd-nspawn —capability=all
but now I also need /dev/fuse and I’m not permitted to create it.
man systemd-nspawn says that "Device nodes may not be created.” which sounds
like game over and no Fuse in the container. Is it?
Thanks,
Johannes.
_
After running a bunch of systemd-nspawn containers, I am left with a few that
seem to be empty, running nothing, but refuse to die or be killed after they
did their useful work (so they did run correctly, the problem seems to occur on
poweroff). What might be going on here?
This is:
* x86_64
*
> On Feb 5, 2018, at 10:31, Zbigniew Jędrzejewski-Szmek
> wrote:
>> systemd-sysusers
>> [[ -d /var/lib/foo ]] && mkdir -m755 /var/lib/foo
>> chown $(id -u foo):$(id -g foo) /var/lib/foo
>
> # /usr/lib/tmpfiles.d/foo.conf
> d /var/lib/foo 0755 foo foo -
>
> (BTW, chown $(id -u foo):$(id -g f
> On Feb 4, 2018, at 21:56, Michael Chapman wrote:
>
> On Mon, 5 Feb 2018, Johannes Ernst wrote:
>> It appears systemd-sysusers does not create home directories. On the other
>> hand, it picks (largely unpredictable) UIDs from a range.
>>
>> So I have to run
It appears systemd-sysusers does not create home directories. On the other
hand, it picks (largely unpredictable) UIDs from a range.
So I have to run systemd-sysusers, and after that, find the UID of the user and
chown the home directory? Or is there the equivalent of the “useradd -m” flag
some
there an inverse of the systemd-networkd-wait-online executable?
Thanks,
Johannes.
> On Dec 6, 2017, at 3:30, Lennart Poettering wrote:
>
> On Di, 05.12.17 12:21, Johannes Ernst (johannes.er...@gmail.com) wrote:
>
> See the discussion on
> https://github.com/systemd/s
I’m running systemd 235.38 on an ARM64 device called the EspressoBin [1]. The
EspressoBin board has an on-board Ethernet switch, which I configure with
systemd-networkd (configuration is below). The device is intended as a home
router that runs IPv4 masquerading, local DNS server etc.
I’m attem
> On Jan 25, 2016, at 4:43, Lennart Poettering wrote:
>
> On Sat, 23.01.16 14:22, Johannes Ernst (johannes.er...@gmail.com) wrote:
>
>> Is there a way to receive a callback when a dhcp client-side IP address
>> changes?
>>
>> Use case: dynamic DNS update
Is there a way to receive a callback when a dhcp client-side IP address changes?
Use case: dynamic DNS update.
Thanks,
Johannes.
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-
Setting IPMasquerade on a systemd-managed interface (e.g. for running an nspawn
container) automatically sets up a “masquerade" netfilter entry. If an iptables
ruleset exists already, it adds to it. (I think)
But what if I want to change other my firewall rules (unrelated to the
container) with
> On Nov 6, 2015, at 1:09, Reindl Harald wrote:
>
> defaults should have security in mind, …
IMHO the current behavior is actually less secure:
If I set net.ipv4.ip_forward=1, I intentionally set forwarding on all
interfaces, as documented in countless tutorials, so it’s very unlikely I
didn’
This makes my point. The default = 0 is counter intuitive and costs much time
for the lucky ones among us who can figure it out. The rest will just give up...
Sent from my iPad.
> On Nov 5, 2015, at 22:32, Peter Paule wrote:
>
> Hi Johannes,
>
> I had the same problem, I even wrote an article
TL;DR: I propose to have IPForward default to “no change”, rather than 0, as 0
has unexpected consequences for non-expert users.
Details: A few months ago there where some threads about ip_forwarding needing
a toggle from 1 to 0 and back to 1 before it would work. [1][2][3]
It appears I found t
systemctl list-units foo.service bar.service
produces
Too many arguments.
now in 227. This used to work in 226. Apparently only one argument is allowed
now? Is that intended? (I prefer not.)
Manpage still says "list-units [PATTERN…]”
Cheers,
Johannes.
_
On Oct 12, 2015, at 1:20, Andrei Borzenkov wrote:On Mon, Oct 12, 2015 at 1:40 AM, Johannes Ernst wrote:I guess I need to explain what I’m trying to do:I want a single command to reconfigure networking for different situationsthat a device running UBOS [2] might encounter. Example syntax:ubos
On Oct 10, 2015, at 23:16, Andrei Borzenkov wrote:
>
> 11.10.2015 07:14, Johannes Ernst пишет:
>> I understand that if foo.service specifies:
>>
>> PropagatesReloadTo=bar.service
>>
>> and I execute “systemctl reload foo”, this will trigger a reload of b
> On Oct 10, 2015, at 22:54, Andrei Borzenkov wrote:
>
> 11.10.2015 06:09, Johannes Ernst пишет:
>> I’m trying to set up two different Avahi configurations, using foo.service
>> and bar.service.
>>
>> Error message:
>>
>> Two services allocate
I understand that if foo.service specifies:
PropagatesReloadTo=bar.service
and I execute “systemctl reload foo”, this will trigger a reload of bar as
well. Typically I might do that if I have changed some config file, and I want
the daemon(s) to pick it up.
Is there a similar mechanism that tr
I’m trying to set up two different Avahi configurations, using foo.service and
bar.service.
Error message:
Two services allocated for the same bus name org.freedesktop.Avahi, refusing
operation.
On the face of it, that seems to be correct: indeed foo.service and bar.service
both declare
[Ser
> On Oct 9, 2015, at 13:00, Dan Williams wrote:
>
> On Fri, 2015-10-09 at 12:53 -0700, Johannes Ernst wrote:
>> man systemd-nspawn, section on --network-veth
>>"The container side of the Ethernet link will be named
>> host0."
>>
>> con
man systemd-nspawn, section on --network-veth
"The container side of the Ethernet link will be named
host0."
container> ip link
...
2: host0@if9: mtu 1500 qdisc fq_codel state
UP mode DEFAULT group default qlen 1000
link/ether ce:d3:4f:6c:44:5f brd ff:ff:ff:ff:ff:ff link-netnsid 0
Wher
> On Oct 6, 2015, at 6:19, Lennart Poettering wrote:
>
> On Mon, 05.10.15 09:04, Johannes Ernst (johannes.er...@gmail.com) wrote:
>
>> I have a foo@.service. When started as
>> systemctl start foo@abc
>> I’d like all other currently active foo@… services to
> On Oct 5, 2015, at 14:29, David Timothy Strauss
> wrote:
>
> If you only want one instance running, why not just create one service and
> reconfigure/restart it?
>
Because the service dependencies are totally different.
>
> On Mon, Oct 5, 2015, 09:04 Johannes Er
I have a foo@.service. When started as
systemctl start foo@abc
I’d like all other currently active foo@… services to stop, and vice versa. All
of the foo@.services are supposed to be mutually exclusive with each other.
In foo@.service, I attempted:
Conflicts: foo@.service
but that
This sounds silly but I do think this used to work for me (current: v225 on
Arch, perhaps something broke?)
> systemctl -M foo enable sshd.service
creates the symlink on the host, not in the container.
Other sub-commands also work on the host, not the container.
machine foo doesn’t actually exi
/var/lib/machines is intended to be, as I understand it, for (virtual) machines
that are or could be started at every boot.
Would it make sense to have a similar convention for templates?
Use cases:
1. Testing. Pull base image once, run lots of containers from the same base
image
2. Hosting. Pu
The strange "sysctl fails to setup IP forwarding #468”, closed after ordering
systemd-sysctl and systemd-networkd, unfortunately still occurs for me.
https://github.com/systemd/systemd/issues/468#issuecomment-117904714
Cheers,
Johannes.
___
systemd
> On Jun 15, 2015, at 18:15, Chris Morgan wrote:
>
> But yeah, was wondering if there were known users of nspawn containers that
> discussed their use cases.
I’m starting to us it for testing of installation and upgrades of various web
apps on UBOS [1] using webapptest [2]. This means spinnin
> On Jul 3, 2015, at 4:01, Lennart Poettering wrote:
>
> On Wed, 01.07.15 13:50, Johannes Ernst (johannes.er...@gmail.com
> <mailto:johannes.er...@gmail.com>) wrote:
>
>>>> My container is degraded because systemd-tmpfiles-setup.service
>>>> faile
> On Jul 3, 2015, at 4:01, Lennart Poettering wrote:
>
> On Wed, 01.07.15 13:50, Johannes Ernst (johannes.er...@gmail.com
> <mailto:johannes.er...@gmail.com>) wrote:
>
>> Hey Martin,
>>
>> thanks, but:
>>
>>>> My container is degrad
If I run systemd-nspawn with —ephemeral, it creates a new temporary btrfs
subvolume, the documentation says.
Mine takes an awful long time — blocking IO on the device in the awful long
meantime — and I’m puzzled why. Does it perhaps copy (deep? references only?)
the entire drive?
Should I put
> On Jul 1, 2015, at 14:59, Michael Biebl wrote:
>
> 2015-07-01 22:50 GMT+02:00 Johannes Ernst <mailto:johannes.er...@gmail.com>>:
>> Hey Martin,
>>
>> thanks, but:
>>
>>>> My container is degraded because systemd-tmpfiles-setup.service
&
Hey Martin,
thanks, but:
>> My container is degraded because systemd-tmpfiles-setup.service
>> failed. My understanding is that it should not run in the container
>> anyway. (Right?)
>
> It should run in a container; its purpose is both necessary, and I
> don't see why a container would have any
My container is degraded because systemd-tmpfiles-setup.service failed. My
understanding is that it should not run in the container anyway. (Right?)
How do I find out why it was started?
This is probably a noob question.
Thanks,
Johannes.
___
syst
> On Jun 29, 2015, at 10:32, Johannes Ernst wrote:
>
> I was hoping that
> getent hosts
> would work, just like
> getent hosts
> where can be anything else in the hosts: field in nsswitch.conf.
> But no such luck.
>
> The does get resolved corre
I was hoping that
getent hosts
would work, just like
getent hosts
where can be anything else in the hosts: field in nsswitch.conf. But
no such luck.
The does get resolved correctly in other cases, e.g. when
pinging it.
Not knowing how getent actually works, I don’t know why
Hallo Andreas,
> On Jun 25, 2015, at 7:57, Andreas Buschmann wrote:
>
> Hello,
>
> I am writing a systemd .service file to handle NVDIMMs.
>
> - start
> - stop
> - reload
> all work
>
> The problem child is "restart".
> Restart is internally implemented as stop followed by start.
>
> The pro
How can I convince systemd-nspawn to let me create loop devices inside a
container?
I just learned that docker apparently has a —privileged=true, which allows
this. man docker says:
> The --privileged flag gives all capabilities to the container, and it also
> lifts all the limitations enforce
(Morale: in doubt, lean hard on your booleans)
1. Reboot host. (Arch running in VirtualBox on Mac)
2. host> sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 1
3. host> sudo systemd-nspawn -M container -b -j -n --bind /home:/home
(Arch subset / UBOS)
4. container> ping 8.8.8.8
7 packets transmit
I realized later that this virtual machine had ended up with a borked btrfs
filesystem. I blame it on a problem with the outer OSX filesystem, but
regardless, it does not seem to be a systemd problem.
So disregard this error.
Cheers,
Johannes.
___
> On Jun 23, 2015, at 7:45, Matthew Karas wrote:
>
> I am trying to configure a container after creation using machinectl
> but I'm coming up against problems in my implementation. If this
> isn't the correct way to set up a container after creation please let
> me know the right way.
>
>
$ systemctl restart systemd-networkd
Failed to restart systemd-networkd.service: The name org.freedesktop.PolicyKit1
was not provided by any .service files
$ sudo systemctl restart systemd-networkd
Works.
Presumably this error message could be improved, in particular because that
name is indeed
I can import-tar, list-images, image-status, start, rename, and remove, but
> sudo machinectl clone depot depot2
Could not clone image: Access denied
Am I doing this wrong?
This is systemd 221-1 on Arch.
$ sudo machinectl list-images
NAME TYPE RO USAGE CREATED MOD
What’s the difference between
machinectl start foo
and
systemctl start systemd-nspawn@foo
? They look the same to me.
Thanks,
Johannes.
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/l
> On Jun 19, 2015, at 23:37, Daniel Mack wrote:
>
> On 06/19/2015 09:31 PM, Johannes Ernst wrote:
>> After a reboot, root gets this:
>>
>> # journalctl
>> Error was encountered while opening journal files: Invalid argument
>>
>> No other o
After a reboot, root gets this:
# journalctl
Error was encountered while opening journal files: Invalid argument
No other output.
Non-root gets user-specific output.
What might have happened here. and how do I fix it? I upgraded from 220 to 221:
same behavior.
I briefly ran out of space on a
Not sure how I just managed to do that, but after an nspawn run with -n, I have
a leftover ve-xxx interface on the host. The container/machine is gone, the
(ephemeral) file system is gone, just the interface is still there.
Also sometimes it seems that the ephemeral subvolume stays around if the
> On Jun 17, 2015, at 14:09, Lennart Poettering wrote:
>
> On Wed, 17.06.15 13:34, Johannes Ernst (johannes.er...@gmail.com) wrote:
>
>> 2. So how do I get at the IP address of the container in a way that
>> is easily parseable?
>
> make sure "nss-mymachines
> On Jun 17, 2015, at 1:07, David Herrmann wrote:
>
> Hi
>
> On Tue, Jun 16, 2015 at 11:39 PM, Johannes Ernst
> wrote:
>> I have a root filesystem in directory foo/
>> It has symlink
>>foo/etc/resolv.conf -> /run/systemd/resolve/resolv.con
t;mailto:dh.herrm...@gmail.com>) wrote:
>
>> Hi
>>
>> On Wed, Jun 17, 2015 at 5:53 AM, Johannes Ernst
>> wrote:
>>> Are those supposed to produce the same information, just formatted
>>> differently (man vs machine per man page)?
>>>
>>&g
Are those supposed to produce the same information, just formatted differently
(man vs machine per man page)?
I’m failing to convince ‘show’ to give me the container’s IP address, while
‘status’ has all of them.
Cheers,
Johannes.
___
systemd-devel
Aha! Works in 220. (It’s still in testing in Arch, so I had been on 219)
I’m still unclear why there’s an (empty) /var/lib/machines in the container.
> On Jun 16, 2015, at 15:22, Lennart Poettering wrote:
>
> On Tue, 16.06.15 14:53, Johannes Ernst (johannes.er...@
I have a root filesystem directory in foo/
I boot with nspawn, and immediately, in the container:
systemctl poweroff
This works fine if invoked as:
sudo systemd-nspawn --directory foo --boot -n
But if I add --ephemeral (and it is a btrfs filesystem)
sudo systemd-nspawn --directory fo
I have a root filesystem in directory foo/
It has symlink
foo/etc/resolv.conf -> /run/systemd/resolve/resolv.conf
When I’m booting the container:
sudo systemd-nspawn --directory foo --boot
I’m getting:
Failed to copy /etc/resolv.conf to /home/…./foo/etc/resolv.conf: Too many
levels o
This is a best-practice question.
I’d like to automate testing of a web application (running in a container) by
running curl from the host. The logical sequence should be:
* boot container using local tar file or existing directory
* wait until container is-system-running=true
* on the container
> On Jun 15, 2015, at 11:32, Lennart Poettering wrote:
>
> On Mon, 15.06.15 10:39, Johannes Ernst (johannes.er...@gmail.com) wrote:
>
>>
>>> On Jun 15, 2015, at 10:33, Lennart Poettering
>>> wrote:
>>>
>>> On Mon, 15
> On Jun 15, 2015, at 10:33, Lennart Poettering wrote:
>
> On Mon, 15.06.15 10:32, Johannes Ernst (johannes.er...@gmail.com
> <mailto:johannes.er...@gmail.com>) wrote:
>
>>
>>> On Jun 14, 2015, at 15:27, Lennart Poettering
>>> wrote:
&g
> On Jun 14, 2015, at 15:27, Lennart Poettering wrote:
>
> On Fri, 12.06.15 17:32, Johannes Ernst (johannes.er...@gmail.com) wrote:
>
>> * host and container can ping test (if test is the name of the
>> * container machine per machinectl): FAILS, neither can
>
&
> On Jun 13, 2015, at 2:33, joerg.syst...@higgsboson.tk
> <mailto:joerg.syst...@higgsboson.tk> wrote:
>
> 13. Juni 2015 02:32 Uhr, "Johannes Ernst" <mailto:johannes.er...@gmail.com>> schrieb:
>
>> My host obtains an IP address and DNS server via
My host obtains an IP address and DNS server via DHCP from upstream via
Ethernet like this (systemd 219, Arch Linux)
[Match]
Name=en*
[Network]
DHCP=ipv4
It has the resolv.conf symlink to /run/systemd/resolve/resolv.conf, and the DNS
server from DHCP shows up there.
It also ha
73 matches
Mail list logo
