DOKK / manpages / debian 11 / libnss-mymachines / nss-mymachines.8.en
NSS-MYMACHINES(8) nss-mymachines NSS-MYMACHINES(8)

nss-mymachines, libnss_mymachines.so.2 - Hostname resolution for local container instances

libnss_mymachines.so.2

nss-mymachines is a plug-in module for the GNU Name Service Switch (NSS) functionality of the GNU C Library (glibc), providing hostname resolution for the names of containers running locally that are registered with systemd-machined.service(8). The container names are resolved to the IP addresses of the specific container, ordered by their scope. This functionality only applies to containers using network namespacing (see the description of --private-network in systemd-nspawn(1)). Note that the name that is resolved is the one registered with systemd-machined, which may be different than the hostname configured inside of the container.

To activate the NSS module, add "mymachines" to the line starting with "hosts:" in /etc/nsswitch.conf.

It is recommended to place "mymachines" before the "resolve" or "dns" entry of the "hosts:" line of /etc/nsswitch.conf in order to make sure that its mappings are preferred over other resolvers such as DNS.

Here is an example /etc/nsswitch.conf file that enables nss-mymachines correctly:

passwd:         compat systemd
group:          compat [SUCCESS=merge] systemd
shadow:         compat
hosts:          mymachines resolve [!UNAVAIL=return] files myhostname dns
networks:       files
protocols:      db files
services:       db files
ethers:         db files
rpc:            db files
netgroup:       nis

The container "rawhide" is spawned using systemd-nspawn(1):

# systemd-nspawn -M rawhide --boot --network-veth --private-users=pick
Spawning container rawhide on /var/lib/machines/rawhide.
Selected user namespace base 20119552 and range 65536.
...
$ machinectl --max-addresses=3
MACHINE CLASS     SERVICE        OS     VERSION ADDRESSES
rawhide container systemd-nspawn fedora 30      169.254.40.164 fe80::94aa:3aff:fe7b:d4b9
$ ping -c1 rawhide
PING rawhide(fe80::94aa:3aff:fe7b:d4b9%ve-rawhide (fe80::94aa:3aff:fe7b:d4b9%ve-rawhide)) 56 data bytes
64 bytes from fe80::94aa:3aff:fe7b:d4b9%ve-rawhide (fe80::94aa:3aff:fe7b:d4b9%ve-rawhide): icmp_seq=1 ttl=64 time=0.045 ms
...
$ ping -c1 -4 rawhide
PING rawhide (169.254.40.164) 56(84) bytes of data.
64 bytes from 169.254.40.164 (169.254.40.164): icmp_seq=1 ttl=64 time=0.064 ms
...
# machinectl shell rawhide /sbin/ip a
Connected to machine rawhide. Press ^] three times within 1s to exit session.
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000

... 2: host0@if21: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 96:aa:3a:7b:d4:b9 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 169.254.40.164/16 brd 169.254.255.255 scope link host0
valid_lft forever preferred_lft forever
inet6 fe80::94aa:3aff:fe7b:d4b9/64 scope link
valid_lft forever preferred_lft forever Connection to machine rawhide terminated.

systemd(1), systemd-machined.service(8), machinectl(1), nss-systemd(8), nss-resolve(8), nss-myhostname(8), nsswitch.conf(5), getent(1)

systemd 247