systemd machinectl vs docker

machinectl (and machined) are part of systemd and offer container control similar to Docker.

systemd attempts to be much more narrow in the scope of the containers than Docker.  It considers image creation, distribution, and versioning to be out-of-band and best handled by exiting technologies.

For example, images can simply be (compressed) tarballs with sha256sum for integrity checking and gpg signing for trust.  They can be distributed and any way that any other file is distributed (HTTP, FTP, USB drive, etc).  They are versioned and snapshotted using Btrfs.

In other words, image creation, distribution, and versioning can be done with tools that are common and have existed for a very long time.

machined can also boot most docker containers (pull-dkr) and raw disk images (pull-raw), in addition the tarball case above (pull-tar).

systemd also considers multi-node container orchestration to be out-of-band. systemd focuses on single-node container management and allows for much easier persistent container management, like a VM, where docker tends to assume containers are short-lived and ephemeral.

systemd contains a service template for systemd-nspawn, making it very simple to boot containers when the the system boots and monitor container state, just like any other systemd service.

Here is a table of the analogous subcommands between machinectl and docker.

machinectl docker operation
list ps show running containers
status (none) show detailed information about the status of a single container
start start start a named container
login attach get login prompt inside container
enable (none) start container on boot
disable (none) do not start container on boot
poweroff stop shutdown container
reboot restart restart container
terminate kill immediately stop container
kill (none) send signals to processes inside the container
copy-from cp copy file from container to host
copy-to (none) copy file to container from host
bind run with -v bind mount from host to container (system can bind at start time with “systemd-nspwan –bind” or at runtime with “machinectl bind”)
list-images ps -a show existing containers
clone (none) create new container as snapshot of another (docker run does this implicitly)
rename rename rename a container
remove rm/rmi remove a container/image (systemd doesn’t make the distinction)
clone+start run create a container as a snapshot of a base image and start the container
pull-[tar|raw|dkr] pull retrieve image

Much of this code is still new in systemd.  I’m hoping to have a tutorial up soon showing how machined is very good at single-node persistent container management.