Here's the 25th post highlighting key new features of the upcoming v257 release of systemd. #systemd257
When working with systemd-nspawn container images, portable service images, system extension (sysext) images, and configuraiton extension (confext) images, one key operation is to actually get the images onto the target system. Since it is sufficient to just place the images in some well-known drop-in dirs (for example /var/lib/extensions/ for sysext images) basically…
… any tool works, e.g. cp, rsync, scp, you name it.
However, one of the most common ways to deploy an image is to simply download them from an HTTP source, authenticate them and put them into place.
In systemd v256 we added a tool importctl for that (which itself was just a generalization of long-existing functionality in machinectl). With v257 we are extending this: there's now a systemd "generator" that will look for a kernel command line option and for a systemd system credential…
…which may be used to pass in the URL of an image to download at boot, and the system will then do so, as part of the regular boot process, right after networking is available.
This is particularly useful in VM and full OS containers: you can just boot a base image, and then tell it via the two mechanisms what payload to actually run on the system.
For details see the man page:
https://www.freedesktop.org/software/systemd/man/devel/systemd-import-generator.html
@pid_eins can we use images made for incus/lxd like this?
And are there plans maybe to improve 'user friendliness' to deal with use cases like incus/lxd?
@pid_eins interesting... I'm actually thinking of using this for kiosks and signage instead of typical mechanisms like pxe. It would make them less dependent on network topology and ipam/dhcp.
@pid_eins *very excited* that's literally the thing i had to think about recently when I evaluated using ststemd-nspawn instead of podman+generators 0:-)