1 <?xml version='1.0'?> <!--*-nxml-*-->
2 <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
3 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
6 This file is part of systemd.
8 Copyright 2013 Zbigniew Jędrzejewski-Szmek
10 systemd is free software; you can redistribute it and/or modify it
11 under the terms of the GNU Lesser General Public License as published by
12 the Free Software Foundation; either version 2.1 of the License, or
13 (at your option) any later version.
15 systemd is distributed in the hope that it will be useful, but
16 WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
18 Lesser General Public License for more details.
20 You should have received a copy of the GNU Lesser General Public License
21 along with systemd; If not, see <http://www.gnu.org/licenses/>.
24 <refentry id="machinectl" conditional='ENABLE_MACHINED'
25 xmlns:xi="http://www.w3.org/2001/XInclude">
28 <title>machinectl</title>
29 <productname>systemd</productname>
33 <contrib>Developer</contrib>
34 <firstname>Lennart</firstname>
35 <surname>Poettering</surname>
36 <email>lennart@poettering.net</email>
42 <refentrytitle>machinectl</refentrytitle>
43 <manvolnum>1</manvolnum>
47 <refname>machinectl</refname>
48 <refpurpose>Control the systemd machine manager</refpurpose>
53 <command>machinectl</command>
54 <arg choice="opt" rep="repeat">OPTIONS</arg>
55 <arg choice="req">COMMAND</arg>
56 <arg choice="opt" rep="repeat">NAME</arg>
61 <title>Description</title>
63 <para><command>machinectl</command> may be used to
64 introspect and control the state of the
65 <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>
66 virtual machine and container registration manager <citerefentry><refentrytitle>systemd-machined.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
70 <title>Options</title>
72 <para>The following options are understood:</para>
76 <term><option>-p</option></term>
77 <term><option>--property=</option></term>
79 <listitem><para>When showing machine
80 or image properties, limit the output
81 to certain properties as specified by
82 the argument. If not specified, all
83 set properties are shown. The argument
84 should be a property name, such as
85 <literal>Name</literal>. If specified
86 more than once, all properties with
87 the specified names are
88 shown.</para></listitem>
92 <term><option>-a</option></term>
93 <term><option>--all</option></term>
95 <listitem><para>When showing machine
96 or image properties, show all
97 properties regardless of whether they
98 are set or not.</para>
100 <para>When listing VM or container
101 images, do not suppress images
102 beginning in a dot character
103 (<literal>.</literal>).</para></listitem>
107 <term><option>-l</option></term>
108 <term><option>--full</option></term>
110 <listitem><para>Do not ellipsize
111 process tree entries.</para>
116 <term><option>--no-ask-password</option></term>
118 <listitem><para>Do not query the user
119 for authentication for privileged
120 operations.</para></listitem>
124 <term><option>--kill-who=</option></term>
126 <listitem><para>When used with
127 <command>kill</command>,
128 choose which processes to kill. Must
129 be one of <option>leader</option>, or
130 <option>all</option> to select whether
131 to kill only the leader process of the
132 machine or all processes of the
133 machine. If omitted, defaults to
134 <option>all</option>.</para></listitem>
138 <term><option>-s</option></term>
139 <term><option>--signal=</option></term>
141 <listitem><para>When used with
142 <command>kill</command>, choose
143 which signal to send to selected
144 processes. Must be one of the
145 well-known signal specifiers, such as
146 <constant>SIGTERM</constant>,
147 <constant>SIGINT</constant> or
148 <constant>SIGSTOP</constant>. If
150 <constant>SIGTERM</constant>.</para></listitem>
154 <term><option>--mkdir</option></term>
156 <listitem><para>When used with
157 <command>bind</command> creates the
158 destination directory before applying
159 the bind mount.</para></listitem>
164 <term><option>--read-only</option></term>
166 <listitem><para>When used with
167 <command>bind</command> applies a
169 mount.</para></listitem>
174 <term><option>-n</option></term>
175 <term><option>--lines=</option></term>
177 <listitem><para>When used with
178 <command>status</command>, controls
179 the number of journal lines to show,
180 counting from the most recent
181 ones. Takes a positive integer
182 argument. Defaults to 10.</para>
187 <term><option>-o</option></term>
188 <term><option>--output=</option></term>
190 <listitem><para>When used with
191 <command>status</command>, controls
192 the formatting of the journal entries
193 that are shown. For the available
195 <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
197 <literal>short</literal>.</para></listitem>
201 <term><option>--verify=</option></term>
203 <listitem><para>When downloading a
204 container or VM image, specify whether
205 the image shall be verified before it
206 is made available. Takes one of
207 <literal>no</literal>,
208 <literal>checksum</literal> and
209 <literal>signature</literal>. If
210 <literal>no</literal> no verification
212 <literal>checksum</literal> is
213 specified the download is checked for
214 integrity after transfer is complete,
215 but no signatures are verified. If
216 <literal>signature</literal> is
217 specified, the checksum is verified
218 and the images's signature is checked
219 against a local keyring of trustable
220 vendors. It is strongly recommended to
222 <literal>signature</literal> if the
223 server and protocol support this.
225 <literal>signature</literal>.</para></listitem>
229 <term><option>--force</option></term>
231 <listitem><para>When downloading a
232 container or VM image, and a local
233 copy by the specified local machine
234 name already exists, delete it first
235 and replace it by the newly downloaded
236 image.</para></listitem>
240 <term><option>--dkr-index-url</option></term>
242 <listitem><para>Specifies the index
243 server to use for downloading
244 <literal>dkr</literal> images with the
245 <command>pull-dkr</command>. Takes a
246 <literal>http://</literal>,
247 <literal>https://</literal> URL.</para></listitem>
250 <xi:include href="user-system-options.xml" xpointer="host" />
251 <xi:include href="user-system-options.xml" xpointer="machine" />
253 <xi:include href="standard-options.xml" xpointer="no-pager" />
254 <xi:include href="standard-options.xml" xpointer="no-legend" />
255 <xi:include href="standard-options.xml" xpointer="help" />
256 <xi:include href="standard-options.xml" xpointer="version" />
261 <title>Commands</title>
263 <para>The following commands are understood:</para>
265 <refsect2><title>Machine Commands</title><variablelist>
268 <term><command>list</command></term>
270 <listitem><para>List currently running
271 (online) virtual machines and
272 containers. To enumerate container
273 images that can be started,
274 use <command>list-images</command>
275 (see below).</para></listitem>
279 <term><command>status</command> <replaceable>NAME</replaceable>...</term>
281 <listitem><para>Show terse runtime
282 status information about one or more
283 virtual machines and containers,
284 followed by the most recent log data
285 from the journal. This function is
286 intended to generate human-readable
287 output. If you are looking for
288 computer-parsable output, use
289 <command>show</command> instead. Note
290 that the log data shown is reported by
291 the virtual machine or container
292 manager, and frequently contains
293 console output of the machine, but not
294 necessarily journal contents of the
295 machine itself.</para></listitem>
299 <term><command>show</command> <replaceable>NAME</replaceable>...</term>
301 <listitem><para>Show properties of one
302 or more registered virtual machines or
303 containers or the manager itself. If
304 no argument is specified, properties
305 of the manager will be shown. If an
306 NAME is specified, properties of this
307 virtual machine or container are
308 shown. By default, empty properties
310 <option>--all</option> to show those
311 too. To select specific properties to
313 <option>--property=</option>. This
314 command is intended to be used
315 whenever computer-parsable output is
317 <command>status</command> if you are
318 looking for formatted human-readable
319 output.</para></listitem>
323 <term><command>start</command> <replaceable>NAME</replaceable>...</term>
325 <listitem><para>Start a container as a
326 system service, using
327 <citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
329 <filename>systemd-nspawn@.service</filename>,
330 instantiated for the specified machine
331 name, similar to the effect of
332 <command>systemctl start</command> on
334 name. <command>systemd-nspawn</command>
335 looks for a container image by the
337 <filename>/var/lib/machines/</filename>
338 (and other search paths, see below) and runs
339 it. Use <command>list-images</command>
340 (see below), for listing available
341 container images to start.</para>
344 <citerefentry><refentrytitle>systemd-machined.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
345 also interfaces with a variety of
346 other container and VM managers,
347 <command>systemd-nspawn</command> is
348 just one implementation of it. Most of
349 the commands available in
350 <command>machinectl</command> may be
351 used on containers or VMs controlled
352 by other managers, not just
353 <command>systemd-nspawn</command>. Starting
354 VMs and container images on those
355 managers requires manager-specific
358 <para>To interactively start a
359 container on the command line with
360 full access to the container's
361 console, please invoke
362 <command>systemd-nspawn</command>
363 directly. To stop a running container
364 use <command>machinectl
365 poweroff</command>, see
366 below.</para></listitem>
370 <term><command>login</command> <replaceable>NAME</replaceable></term>
372 <listitem><para>Open an interactive terminal login
373 session to a container. This will
374 create a TTY connection to a specific
375 container and asks for the execution of a
376 getty on it. Note that this is only
377 supported for containers running
378 <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>
379 as init system.</para>
381 <para>This command will open a full
382 login prompt on the container, which
383 then asks for username and
385 <citerefentry><refentrytitle>systemd-run</refentrytitle><manvolnum>1</manvolnum></citerefentry>
386 with the <option>--machine=</option>
387 switch to invoke a single command,
388 either interactively or in the
389 background within a local
390 container.</para></listitem>
394 <term><command>enable</command> <replaceable>NAME</replaceable>...</term>
395 <term><command>disable</command> <replaceable>NAME</replaceable>...</term>
397 <listitem><para>Enable or disable a
398 container as a system service to start
399 at system boot, using
400 <citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
401 This enables or disables
402 <filename>systemd-nspawn@.service</filename>,
403 instantiated for the specified machine
404 name, similar to the effect of
405 <command>systemctl enable</command> or
406 <command>systemctl disable</command>
407 on the service name.</para></listitem>
411 <term><command>poweroff</command> <replaceable>NAME</replaceable>...</term>
413 <listitem><para>Power off one or more
414 containers. This will trigger a reboot
415 by sending SIGRTMIN+4 to the
416 container's init process, which causes
417 systemd-compatible init systems to
418 shut down cleanly. This operation does
419 not work on containers that do not run
421 <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>-compatible
422 init system, such as sysvinit. Use
423 <command>terminate</command> (see
424 below) to immediately terminate a
425 container or VM, without cleanly
426 shutting it down.</para></listitem>
430 <term><command>reboot</command> <replaceable>NAME</replaceable>...</term>
432 <listitem><para>Reboot one or more
433 containers. This will trigger a reboot
434 by sending SIGINT to the container's
435 init process, which is roughly
436 equivalent to pressing Ctrl+Alt+Del on
437 a non-containerized system, and is
438 compatible with containers running any
439 system manager.</para></listitem>
443 <term><command>terminate</command> <replaceable>NAME</replaceable>...</term>
445 <listitem><para>Immediately terminates
446 a virtual machine or container,
447 without cleanly shutting it down. This
448 kills all processes of the virtual
449 machine or container and deallocates
450 all resources attached to that
452 <command>poweroff</command> to issue a
453 clean shutdown request.</para></listitem>
457 <term><command>kill</command> <replaceable>NAME</replaceable>...</term>
459 <listitem><para>Send a signal to one
460 or more processes of the virtual
461 machine or container. This means
462 processes as seen by the host, not the
463 processes inside the virtual machine
465 Use <option>--kill-who=</option> to
466 select which process to kill. Use
467 <option>--signal=</option> to select
468 the signal to send.</para></listitem>
472 <term><command>bind</command> <replaceable>NAME</replaceable> <replaceable>PATH</replaceable> [<replaceable>PATH</replaceable>]</term>
474 <listitem><para>Bind mounts a
475 directory from the host into the
476 specified container. The first
477 directory argument is the source
478 directory on the host, the second
479 directory argument the source
480 directory on the host. When the latter
481 is omitted the destination path in the
482 container is the same as the source
483 path on the host. When combined with
484 the <option>--read-only</option>
485 switch a ready-only bind mount is
486 created. When combined with the
487 <option>--mkdir</option> switch the
488 destination path is first created
489 before the mount is applied. Note that
490 this option is currently only
492 <citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry>
493 containers.</para></listitem>
497 <term><command>copy-to</command> <replaceable>NAME</replaceable> <replaceable>PATH</replaceable> [<replaceable>PATH</replaceable>]</term>
499 <listitem><para>Copies files or
500 directories from the host system into
501 a running container. Takes a container
502 name, followed by the source path on
503 the host and the destination path in
504 the container. If the destination path
505 is omitted the same as the source path
506 is used.</para></listitem>
511 <term><command>copy-from</command> <replaceable>NAME</replaceable> <replaceable>PATH</replaceable> [<replaceable>PATH</replaceable>]</term>
513 <listitem><para>Copies files or
514 directories from a container into the
515 host system. Takes a container name,
516 followed by the source path in the
517 container the destination path on the
518 host. If the destination path is
519 omitted the same as the source path is
520 used.</para></listitem>
522 </variablelist></refsect2>
524 <refsect2><title>Image Commands</title><variablelist>
527 <term><command>list-images</command></term>
529 <listitem><para>Show a list of locally
530 installed container and VM
531 images. This enumerates all raw disk
532 images and container directories and
534 <filename>/var/lib/machines/</filename> (and other search paths, see below). Use
535 <command>start</command> (see above)
536 to run a container off one of the
537 listed images. Note that by default
538 containers whose name begins with a
539 dot (<literal>.</literal>) are not
540 shown. To show these too, specify
541 <option>--all</option>. Note that a
542 special image <literal>.host</literal>
543 always implicitly exists and refers to
544 the image the host itself is booted
545 from.</para></listitem>
549 <term><command>image-status</command> <replaceable>NAME</replaceable>...</term>
551 <listitem><para>Show terse status
552 information about one or more
553 container or VM images. This function
554 is intended to generate human-readable
556 <command>show-image</command> (see
557 below) to generate computer-parsable
558 output instead.</para></listitem>
562 <term><command>show-image</command> <replaceable>NAME</replaceable>...</term>
564 <listitem><para>Show properties of one
565 or more registered virtual machine or
566 container images, or the manager
567 itself. If no argument is specified,
568 properties of the manager will be
569 shown. If an NAME is specified,
570 properties of this virtual machine or
571 container image are shown. By default,
572 empty properties are suppressed. Use
573 <option>--all</option> to show those
574 too. To select specific properties to
576 <option>--property=</option>. This
577 command is intended to be used
578 whenever computer-parsable output is
580 <command>image-status</command> if you
581 are looking for formatted
583 output.</para></listitem>
587 <term><command>clone</command> <replaceable>NAME</replaceable> <replaceable>NAME</replaceable></term>
589 <listitem><para>Clones a container or
590 disk image. The arguments specify the
591 name of the image to clone and the
592 name of the newly cloned image. Note
593 that plain directory container images
594 are cloned into subvolume images with
595 this command. Note that cloning a
596 container or VM image is optimized for
597 btrfs file systems, and might not be
598 efficient on others, due to file
599 system limitations.</para></listitem>
603 <term><command>rename</command> <replaceable>NAME</replaceable> <replaceable>NAME</replaceable></term>
605 <listitem><para>Renames a container or
606 disk image. The arguments specify the
607 name of the image to rename and the
609 image.</para></listitem>
613 <term><command>read-only</command> <replaceable>NAME</replaceable> [<replaceable>BOOL</replaceable>]</term>
615 <listitem><para>Marks or (unmarks) a
616 container or disk image
617 read-only. Takes a VM or container
618 image name, followed by a boolean as
619 arguments. If the boolean is omitted,
620 positive is implied, i.e. the image is
621 marked read-only.</para></listitem>
626 <term><command>remove</command> <replaceable>NAME</replaceable>...</term>
628 <listitem><para>Removes one or more
629 container or disk images. The special
630 image <literal>.host</literal>, which
631 refers to the host's own directory
633 removed.</para></listitem>
636 </variablelist></refsect2>
638 <refsect2><title>Image Transfer Commands</title><variablelist>
641 <term><command>pull-tar</command> <replaceable>URL</replaceable> [<replaceable>NAME</replaceable>]</term>
643 <listitem><para>Downloads a
644 <filename>.tar</filename> container
645 image from the specified URL, and
646 makes it available under the specified
647 local machine name. The URL must be of
648 type <literal>http://</literal> or
649 <literal>https://</literal>, and must
650 refer to a <filename>.tar</filename>,
651 <filename>.tar.gz</filename>,
652 <filename>.tar.xz</filename> or
653 <filename>.tar.bz2</filename> archive
654 file. If the local machine name is
655 omitted the name it is automatically
656 derived from the last component of the
657 URL, with its suffix removed.</para>
659 <para>The image is verified before it
660 is made available, unless
661 <option>--verify=no</option> is
662 specified. Verification is done via
663 SHA256SUMS and SHA256SUMS.gpg files,
664 that need to be made available on the
665 same web server, under the same URL as
666 the <filename>.tar</filename> file,
667 but with the last component (the
668 filename) of the URL replaced. With
669 <option>--verify=checksum</option>
670 only the SHA256 checksum for the file
671 is verified, based on the
672 <filename>SHA256SUMS</filename>
674 <option>--verify=signature</option>
675 the SHA256SUMS file is first verified
676 with detached GPG signature file
677 <filename>SHA256SUMS.gpg</filename>. The
678 public key for this verification step
679 needs to be available in
680 <filename>/usr/lib/systemd/import-pubring.gpg</filename>
682 <filename>/etc/systemd/import-pubring.gpg</filename>.</para>
684 <para>The container image will be
685 downloaded and stored in a read-only
687 <filename>/var/lib/machines/</filename>,
688 that is named after the specified URL
689 and its HTTP etag. A writable snapshot
690 is then taken from this subvolume, and
691 named after the specified local
692 name. This behaviour ensures that
693 creating multiple container instances
694 of the same URL is efficient, as
695 multiple downloads are not
696 necessary. In order to create only the
697 read-only image, and avoid creating
698 its writable snapshot, specify
699 <literal>-</literal> as local machine
702 <para>Note that the read-only
703 subvolume is prefixed with
704 <filename>.tar-</filename>, and
706 <command>list-images</command>, unless
707 <option>--all</option> is passed.</para>
709 <para>Note that pressing C-c during
710 execution of this command will not
711 abort the download. Use
712 <command>cancel-transfer</command>,
713 described below.</para></listitem>
717 <term><command>pull-raw</command> <replaceable>URL</replaceable> [<replaceable>NAME</replaceable>]</term>
719 <listitem><para>Downloads a
720 <filename>.raw</filename> container or
721 VM disk image from the specified URL,
722 and makes it available under the
723 specified local machine name. The URL
725 <literal>http://</literal> or
726 <literal>https://</literal>. The
727 container image must either be a
728 <filename>.qcow2</filename> or raw
729 disk image, optionally compressed as
730 <filename>.gz</filename>,
731 <filename>.xz</filename>, or
732 <filename>.bz2</filename>. If the
733 local machine name is omitted the name
734 it is automatically derived from the
735 last component of the URL, with its
736 suffix removed.</para>
738 <para>Image verification is identical
739 for raw and tar images (see above).</para>
741 <para>If the the downloaded image is
742 in <filename>.qcow2</filename> format
743 it es converted into a raw image file
744 before it is made available.</para>
746 <para>Downloaded images of this type
747 will be placed as read-only
748 <filename>.raw</filename> file in
749 <filename>/var/lib/machines/</filename>. A
750 local, writable (reflinked) copy is
751 then made under the specified local
752 machine name. To omit creation of the
753 local, writable copy pass
754 <literal>-</literal> as local machine
757 <para>Similar to the behaviour of
758 <command>pull-tar</command>, the
759 read-only image is prefixed with
760 <filename>.raw-</filename>, and thus
762 <command>list-images</command>, unless
763 <option>--all</option> is
766 <para>Note that pressing C-c during
767 execution of this command will not
768 abort the download. Use
769 <command>cancel-transfer</command>,
770 described below.</para></listitem>
774 <term><command>pull-dkr</command> <replaceable>REMOTE</replaceable> [<replaceable>NAME</replaceable>]</term>
776 <listitem><para>Downloads a
777 <literal>dkr</literal> container image
778 and makes it available locally. The
779 remote name refers to a
780 <literal>dkr</literal> container
781 name. If omitted, the local machine
782 name is derived from the
783 <literal>dkr</literal> container
786 <para>Image verification is not
787 available for <literal>dkr</literal>
789 <option>--verify=no</option> must
790 always be specified with this
793 <para>This command downloads all
794 (missing) layers for the specified
795 container and places them in read-only
797 <filename>/var/lib/machines/</filename>. A
798 writable snapshot of the newest layer
799 is then created under the specified
800 local machine name. To omit creation
801 of this writable snapshot, pass
802 <literal>-</literal> as local machine
805 <para>The read-only layer subvolumes
807 <filename>.dkr-</filename>, and thus
809 <command>list-images</command>, unless
810 <option>--all</option> is
814 <literal>dkr</literal> index server to
815 use for looking up the specified
817 <option>--dkr-index-url=</option>.</para>
819 <para>Note that pressing C-c during
820 execution of this command will not
821 abort the download. Use
822 <command>cancel-transfer</command>,
823 described below.</para></listitem>
827 <term><command>list-transfers</command></term>
829 <listitem><para>Shows a list of
830 container or VM image downloads that
832 progress.</para></listitem>
836 <term><command>cancel-transfers</command> <replaceable>ID</replaceable>...</term>
838 <listitem><para>Aborts download of the
839 container or VM image with the
840 specified ID. To list ongoing
841 transfers and their IDs, use
842 <command>list-transfers</command>.
846 </variablelist></refsect2>
851 <title>Files and Directories</title>
853 <para>Machine images are preferably stored in
854 <filename>/var/lib/machines/</filename>, but are also
856 <filename>/usr/local/lib/machines/</filename> and
857 <filename>/usr/lib/machines/</filename>. For
858 compatibility reasons the directory
859 <filename>/var/lib/container/</filename> is searched,
860 too. Note that images stored below
861 <filename>/usr</filename> are always considered
862 read-only. It is possible to symlink machines images
863 from other directories into
864 <filename>/var/lib/machines/</filename> to make them
865 available for control with
866 <command>machinectl</command>.</para>
868 <para>Disk images are understood by
869 <citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry>
870 and <command>machinectl</command> in three
874 <listitem><para>A simple directory tree,
875 containing the files and directories of the
876 container to boot.</para></listitem>
878 <listitem><para>A subvolume (on btrfs file
879 systems), which are similar to the simple
880 directories, described above. However, they
881 have additional benefits, such as efficient
882 cloning and quota reporting.</para></listitem>
884 <listitem><para>"Raw" disk images, i.e. binary
885 images of disks with a GPT or MBR partition
886 table. Images of this type are regular
887 files with the suffix
888 <literal>.raw</literal>.</para></listitem>
892 <citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry>
893 for more information on image formats, in particular
894 it's <option>--directory=</option> and
895 <option>--image=</option> options.</para>
899 <title>Examples</title>
901 <title>Download an Ubuntu image and open a shell in it</title>
903 <programlisting># machinectl pull-tar https://cloud-images.ubuntu.com/trusty/current/trusty-server-cloudimg-amd64-root.tar.gz
904 # systemd-nspawn -M trusty-server-cloudimg-amd64-root</programlisting>
906 <para>This downloads and verifies the
907 specified <filename>.tar</filename> image, and
909 <citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry>
910 to open a shell in it.</para>
914 <title>Download a Fedora image, set a root password in it, start it as service</title>
916 <programlisting># machinectl pull-raw --verify=no http://ftp.halifax.rwth-aachen.de/fedora/linux/releases/21/Cloud/Images/x86_64/Fedora-Cloud-Base-20141203-21.x86_64.raw.xz
917 # systemd-nspawn -M Fedora-Cloud-Base-20141203-21
920 # machinectl start Fedora-Cloud-Base-20141203-21
921 # machinectl login Fedora-Cloud-Base-20141203-21</programlisting>
923 <para>This downloads the specified
924 <filename>.raw</filename> image with
925 verification disabled. Then a shell is opened
926 in it and a root password is set. Afterwards
927 the shell is left, and the machine started as
928 system service. With the last command a login
929 prompt into the container is requested.</para>
933 <title>Download a Fedora <literal>dkr</literal> image</title>
935 <programlisting># machinectl pull-dkr --verify=no mattdm/fedora
936 # systemd-nspawn -M fedora</programlisting>
938 <para>Downloads a <literal>dkr</literal> image
939 and opens a shell in it. Note that the
940 specified download command might require an
941 index server to be specified with the
942 <literal>--dkr-index-url=</literal>.</para>
947 <title>Exit status</title>
949 <para>On success, 0 is returned, a non-zero failure
950 code otherwise.</para>
953 <xi:include href="less-variables.xml" />
956 <title>See Also</title>
958 <citerefentry><refentrytitle>systemd-machined.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
959 <citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
960 <citerefentry><refentrytitle>systemd.special</refentrytitle><manvolnum>7</manvolnum></citerefentry>
~ianmdlvl / elogind.git / blob