1NSS-MYMACHINES(8)               nss-mymachines               NSS-MYMACHINES(8)
2
3
4

NAME

6       nss-mymachines, libnss_mymachines.so.2 - Provide hostname resolution
7       for local container instances.
8

SYNOPSIS

10       libnss_mymachines.so.2
11

DESCRIPTION

13       nss-mymachines is a plug-in module for the GNU Name Service Switch
14       (NSS) functionality of the GNU C Library (glibc), providing hostname
15       resolution for the names of containers running locally that are
16       registered with systemd-machined.service(8). The container names are
17       resolved to the IP addresses of the specific container, ordered by
18       their scope. This functionality only applies to containers using
19       network namespacing (see the description of --private-network in
20       systemd-nspawn(1)). Note that the name that is resolved is the one
21       registered with systemd-machined, which may be different than the
22       hostname configured inside of the container.
23
24       The module also provides name resolution for user and group identifiers
25       mapped to containers. All names from the range allocated to a given
26       container container are exposed on the host as "vu-container-uid" and
27       "vg-container-gid" (see example below). This functionality only applies
28       to containers using user namespacing (see the description of
29       --private-users in systemd-nspawn(1)).
30
31       To activate the NSS module, add "mymachines" to the lines starting with
32       "hosts:", "passwd:" and "group:" in /etc/nsswitch.conf.
33
34       It is recommended to place "mymachines" after the "files" or "compat"
35       entry of the /etc/nsswitch.conf lines to make sure that its mappings
36       are preferred over other resolvers such as DNS, but so that /etc/hosts,
37       /etc/passwd and /etc/group based mappings take precedence.
38

CONFIGURATION IN /ETC/NSSWITCH.CONF

40       Here is an example /etc/nsswitch.conf file that enables nss-mymachines
41       correctly:
42
43           passwd:         compat mymachines systemd
44           group:          compat mymachines systemd
45           shadow:         compat
46
47           hosts:          files mymachines resolve [!UNAVAIL=return] dns myhostname
48           networks:       files
49
50           protocols:      db files
51           services:       db files
52           ethers:         db files
53           rpc:            db files
54
55           netgroup:       nis
56

MAPPINGS PROVIDED BY NSS-MYMACHINES

58       The container "rawhide" is spawned using systemd-nspawn(1):
59
60           # systemd-nspawn -M rawhide --boot --network-veth --private-users=pick
61           Spawning container rawhide on /var/lib/machines/rawhide.
62           Selected user namespace base 20119552 and range 65536.
63           ...
64
65           $ machinectl --max-addresses=3
66           MACHINE CLASS     SERVICE        OS     VERSION ADDRESSES
67           rawhide container systemd-nspawn fedora 30      169.254.40.164 fe80::94aa:3aff:fe7b:d4b9
68
69           $ getent passwd vu-rawhide-0 vu-rawhide-81
70           vu-rawhide-0:*:20119552:65534:vu-rawhide-0:/:/usr/sbin/nologin
71           vu-rawhide-81:*:20119633:65534:vu-rawhide-81:/:/usr/sbin/nologin
72
73           $ getent group vg-rawhide-0 vg-rawhide-81
74           vg-rawhide-0:*:20119552:
75           vg-rawhide-81:*:20119633:
76
77           $ ps -o user:15,pid,tty,command -e|grep '^vu-rawhide'
78           vu-rawhide-0      692 ?        /usr/lib/systemd/systemd
79           vu-rawhide-0      731 ?        /usr/lib/systemd/systemd-journald
80           vu-rawhide-192    734 ?        /usr/lib/systemd/systemd-networkd
81           vu-rawhide-193    738 ?        /usr/lib/systemd/systemd-resolved
82           vu-rawhide-0      742 ?        /usr/lib/systemd/systemd-logind
83           vu-rawhide-81     744 ?        /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
84           vu-rawhide-0      746 ?        /usr/sbin/sshd -D ...
85           vu-rawhide-0      752 ?        /usr/lib/systemd/systemd --user
86           vu-rawhide-0      753 ?        (sd-pam)
87           vu-rawhide-0     1628 ?        login -- zbyszek
88           vu-rawhide-1000  1630 ?        /usr/lib/systemd/systemd --user
89           vu-rawhide-1000  1631 ?        (sd-pam)
90           vu-rawhide-1000  1637 pts/8    -zsh
91
92           $ ping -c1 rawhide
93           PING rawhide(fe80::94aa:3aff:fe7b:d4b9%ve-rawhide (fe80::94aa:3aff:fe7b:d4b9%ve-rawhide)) 56 data bytes
94           64 bytes from fe80::94aa:3aff:fe7b:d4b9%ve-rawhide (fe80::94aa:3aff:fe7b:d4b9%ve-rawhide): icmp_seq=1 ttl=64 time=0.045 ms
95           ...
96           $ ping -c1 -4 rawhide
97           PING rawhide (169.254.40.164) 56(84) bytes of data.
98           64 bytes from 169.254.40.164 (169.254.40.164): icmp_seq=1 ttl=64 time=0.064 ms
99           ...
100
101           # machinectl shell rawhide /sbin/ip a
102           Connected to machine rawhide. Press ^] three times within 1s to exit session.
103           1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
104               ...
105           2: host0@if21: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
106               link/ether 96:aa:3a:7b:d4:b9 brd ff:ff:ff:ff:ff:ff link-netnsid 0
107               inet 169.254.40.164/16 brd 169.254.255.255 scope link host0
108                  valid_lft forever preferred_lft forever
109               inet6 fe80::94aa:3aff:fe7b:d4b9/64 scope link
110                  valid_lft forever preferred_lft forever
111           Connection to machine rawhide terminated.
112

SEE ALSO

114       systemd(1), systemd-machined.service(8), machinectl(1), nss-systemd(8),
115       nss-resolve(8), nss-myhostname(8), nsswitch.conf(5), getent(1)
116
117
118
119systemd 245                                                  NSS-MYMACHINES(8)
Impressum