Found using linkchecker.
For virtiofsd, the man page is maintained upstream, but doesn't seem to be
available in any of the usual places. So let's link to the Debian version.
systemd.filter I have no idea what it is.
This mimics the switch of the same name from nspawn: it controls whether
we expect a READY=1 message from the payload or not. Previously we'd
always expect that. This makes it configurable, just like it is in
nspawn.
There's one fundamental difference in behaviour though: in nspawn it
defaults to off, in vmspawn it defaults to on. (for historical reasons,
ideally we'd default to on in both cases, but changing is quite a compat
break both directly and indirectly: since timeouts might get triggered).
This beefs up the cgroup logic, adding --slice=, --property= to vmspawn
the same way it already exists in nspawn.
There are a bunch of differences though: we don't delegate the cgroup
access in the allocated unit (since qemu wouldn't need that), and we do
registration via varlink not dbus. Hence, while this follows a similar
logic now, it differs in a lot of details.
This makes in particular one change: when invoked on the command line
we'll only add the qemu instance to the allocated scope, not the vmspawn
process itself (this follows more closely how nspawn does this where
only the container payload has its scope, not nspawn itself). This is
quite tricky to implement: unlike in nspawn we have auxiliary services
to start, with depencies to the scope. This means we need to start the
scope early, so that we know the scope's name. But the command line to
invoke is only assembled from the data we learn about the auxiliary
services, hence much later. To addres we'll now fork off the child that
eventually will become early, then move it to a scope, prepare the
cmdline and then very late send the cmdline (and the fds we want to
pass) to the prepared child, which then execs it.
When using vmspawn on particleos image we really want that the TPM state
is retained between invocation, since the encryption key is locked to
the TPM after all. Hence let's support that.
This adds --tpm-state= which can be used to configure a path to store
the TPM state in. It can also be used to force tpm state to be transient
or to let vmpsawn pick the path automatically.
While we are at it, let's also revamp the runtime dir handling in
vmspawn: let's no longer place the sockets the auxiliary services listen
on within their own runtime directories. Instead, just drop the runtime
directories for them entirely (since neither virtiofsd, nor swtpm
actually use them). Also, let systemd clean up the sockets
automatically.
In the troff output, this doesn't seem to make any difference. But in the
html output, the whitespace is sometimes preserved, creating an additional
gap before the following content. Drop it everywhere to avoid this.
This also replaces the Fedora download example with another one from
Ubuntu, since Fedora's images these days no longer qualify as DDIs, they
have no distinctive partition type UUIDs set for multiple of their
partitions, hence the images cannot be booted. A bit sad. Let's provide
a command that just works in its place.
Let's make systemd-nspawn use our own ptyfwd logic to handle the TTY by
default.
This adds a new setting --console=, inspired by nspawn's setting of the
same name. If --console=interactive= is used, then we'll do the TTY
dance on our own via ptyfwd, and thus get tinting, our usual hotkey
handling and similar.
Since qemu's own console is useful too, let's keep it around via
--console=native.
FInally, replace the --qemu-gui switch by --console=gui.
This renames a few of the switches vmspawn takes, such as --qemu-mem=
and --qemu-smp= to names without the "qemu" moniker and uses less
cryptic names (i.e. --ram= and --cpus=).
I think it's a bit unsystematic that so far we use the "qemu" prefix for
some options but not for others. At least I could not figure out a
system when we use it and when we don't. Hence let's clean it up and
just use simpler names without suffix.
After all we might want to plug other hypervisors behind vmspawn one
day, hence I think there's value in sticking to generic names for these
switches that allow us to switch out backends easily. In particular for
--ram= and --cpus= which are probably the most fundamental of VM settings
there are.
The old switches are support for compat, but not advertised in man page
or --help text anymore.
I left "--qemu-gui" under its current name, since it fundamentally is a
a qemu concept, exposing a qemu specific graphical UI.
Let's make the firmware file to choose configurable, and enumeratable.
This adds --firmware= to select the formare, and in particular
--firmware=list to show available options.
