Salve a tutti. Oggi fortunatamete ho un’oretta libera dal lavoro e prima di tornare a casa vorrei sistemare un tema che da anni ormai sto rimandando. Sulla VM dove eseguo il mio blog ed accolli.it ho tantissimi container lanciati con Podman e che non sono servizi Systemd.
La cosa mi crea un senso di confusione per cui meglio procedere sistemando la situazione.
Inizierò usando podman-generate-systemd ma è deprecato (lo trovavo molto comodo) in favore di Podman Quadlet dalla versione 4.4 di Podman. In realtà mi ci devo abituare perché in effetti è molto più sensato e ci permette di definire il container stesso nella unit Systemd. Come riportato nell’articolo https://blogs.gnome.org/alexl/2021/10/12/quadlet-an-easier-way-to-run-system-containers/ di Alexander Larsson verrebbe più o meno così:
[Unit]
Description=Redis container
[Container]
Image=docker.io/redis
PublishPort=6379:6379
User=999
[Service]
Restart=always
[Install]
WantedBy=local.targetAlla vecchia maniera ho dovuto svolgere i seguenti passi che lascio per chi dovesse avere una versione antecedente alla 4.4 di Podman.
Prima di tutto prendere la lista di tutti in container running sul nodo con un for per generare i file .service.
[root@web01]:~ >> mkdir my_systemd_units
[root@web01]:~ >>
[root@web01]:~ >>
[root@web01]:~ >>
[root@web01]:~ >> cd my_systemd_units/
[root@web01]:~/my_systemd_units >> for i in $(podman ps --format '{{.Names}}' | grep -v infra); do podman generate systemd --restart-policy=always --new --files --name -t 1 $i; done
Please refer to podman-systemd.unit(5) for details.
/root/container-mysql.service
Please refer to podman-systemd.unit(5) for details.
/root/container-devopstribe.service
Please refer to podman-systemd.unit(5) for details.
/root/container-cartediaccollo2.service
Please refer to podman-systemd.unit(5) for details.
/root/container-mongodb.service
Please refer to podman-systemd.unit(5) for details.
/root/container-grafana.service
Please refer to podman-systemd.unit(5) for details.
/root/container-registry.service
Please refer to podman-systemd.unit(5) for details.
/root/container-prometheus.service
[root@web01]:~/my_systemd_units >> cp *.service /usr/lib/systemd/system/
[root@web01]:~/my_systemd_units >> Riavvio i servizi e li abilito al boot
[root@web01]:~/my_systemd_units >> for i in $(ls -lart /usr/lib/systemd/system/ | grep 'container-' | awk '{ print $9}'); do systemctl restart $i && systemctl enable $i; done
See system logs and 'systemctl status container-getty@.service' for details.
Created symlink /etc/systemd/system/default.target.wants/container-registry.service → /usr/lib/systemd/system/container-registry.service.
Created symlink /etc/systemd/system/default.target.wants/container-prometheus.service → /usr/lib/systemd/system/container-prometheus.service.
Created symlink /etc/systemd/system/default.target.wants/container-mysql.service → /usr/lib/systemd/system/container-mysql.service.
Created symlink /etc/systemd/system/default.target.wants/container-mongodb.service → /usr/lib/systemd/system/container-mongodb.service.
Created symlink /etc/systemd/system/default.target.wants/container-grafana.service → /usr/lib/systemd/system/container-grafana.service.
Created symlink /etc/systemd/system/default.target.wants/container-devopstribe.service → /usr/lib/systemd/system/container-devopstribe.service.
Created symlink /etc/systemd/system/default.target.wants/container-cartediaccollo2.service → /usr/lib/systemd/system/container-cartediaccollo2.service.Controllo che sia tutto running da systemctl
[root@web01]:~/my_systemd_units >> for i in $(ls -lart /usr/lib/systemd/system/ | grep 'container-' | awk '{ print $9}'); do systemctl status $i; done
Failed to get properties: Unit name container-getty@.service is neither a valid invocation ID nor unit name.
● container-registry.service - Podman container-registry.service
Loaded: loaded (/usr/lib/systemd/system/container-registry.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2024-11-12 17:58:46 UTC; 2min 6s ago
Docs: man:podman-generate-systemd(1)
Main PID: 2542077 (conmon)
Tasks: 1 (limit: 22914)
Memory: 1.3M
CGroup: /system.slice/container-registry.service
└─2542077 /usr/bin/conmon --api-version 1 -c 91c8e4006588b0c0595660280cde6b54560e5896cbeec7ce2e2d56ec739052f1 -u 91c8e4006588b0c0595660280cde6b54560e5896cbeec7ce2e2d56ec739052f1 -r /usr/bin/runc -b /var/lib/con>
Nov 12 17:58:45 web01 systemd[1]: Starting Podman container-registry.service...
Nov 12 17:58:46 web01 systemd[1]: Started Podman container-registry.service.
Nov 12 17:58:46 web01 podman[2541923]: 91c8e4006588b0c0595660280cde6b54560e5896cbeec7ce2e2d56ec739052f1
● container-prometheus.service - Podman container-prometheus.service
Loaded: loaded (/usr/lib/systemd/system/container-prometheus.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2024-11-12 17:58:48 UTC; 2min 8s ago
Docs: man:podman-generate-systemd(1)
Main PID: 2542169 (conmon)
Tasks: 1 (limit: 22914)
Memory: 1.7M
CGroup: /system.slice/container-prometheus.service
└─2542169 /usr/bin/conmon --api-version 1 -c 6c3bd4ffe7195989b448ffa6bed8891812912398b39ac4d8a5e6bf278ff64d9f -u 6c3bd4ffe7195989b448ffa6bed8891812912398b39ac4d8a5e6bf278ff64d9f -r /usr/bin/runc -b /var/lib/con>
Nov 12 17:58:47 web01 systemd[1]: Starting Podman container-prometheus.service...
Nov 12 17:58:48 web01 systemd[1]: Started Podman container-prometheus.service.
Nov 12 17:58:48 web01 podman[2542127]: 6c3bd4ffe7195989b448ffa6bed8891812912398b39ac4d8a5e6bf278ff64d9f
● container-mysql.service - Podman container-mysql.service
Loaded: loaded (/usr/lib/systemd/system/container-mysql.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2024-11-12 17:58:52 UTC; 2min 5s ago
Docs: man:podman-generate-systemd(1)
Main PID: 2542262 (conmon)
Tasks: 1 (limit: 22914)
Memory: 1.2M
CGroup: /system.slice/container-mysql.service
└─2542262 /usr/bin/conmon --api-version 1 -c b8279692cb99652dedfa4d59b88d2ec4d50d8e1c4541e4cc5bf00ad1e32062b2 -u b8279692cb99652dedfa4d59b88d2ec4d50d8e1c4541e4cc5bf00ad1e32062b2 -r /usr/bin/runc -b /var/lib/con>
Nov 12 17:58:49 web01 systemd[1]: Starting Podman container-mysql.service...
Nov 12 17:58:52 web01 systemd[1]: Started Podman container-mysql.service.
Nov 12 17:58:52 web01 podman[2542221]: b8279692cb99652dedfa4d59b88d2ec4d50d8e1c4541e4cc5bf00ad1e32062b2
● container-mongodb.service - Podman container-mongodb.service
Loaded: loaded (/usr/lib/systemd/system/container-mongodb.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2024-11-12 17:58:56 UTC; 2min 1s ago
Docs: man:podman-generate-systemd(1)
Main PID: 2542589 (conmon)
Tasks: 1 (limit: 22914)
Memory: 1.2M
CGroup: /system.slice/container-mongodb.service
└─2542589 /usr/bin/conmon --api-version 1 -c 289a78dcf214c4c27dac624d4c74a44037697a85f954bb63212c51d15565d99e -u 289a78dcf214c4c27dac624d4c74a44037697a85f954bb63212c51d15565d99e -r /usr/bin/runc -b /var/lib/con>
Nov 12 17:58:53 web01 systemd[1]: Starting Podman container-mongodb.service...
Nov 12 17:58:56 web01 systemd[1]: Started Podman container-mongodb.service.
Nov 12 17:58:56 web01 podman[2542345]: 289a78dcf214c4c27dac624d4c74a44037697a85f954bb63212c51d15565d99e
● container-grafana.service - Podman container-grafana.service
Loaded: loaded (/usr/lib/systemd/system/container-grafana.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2024-11-12 17:59:00 UTC; 1min 58s ago
Docs: man:podman-generate-systemd(1)
Main PID: 2542713 (conmon)
Tasks: 1 (limit: 22914)
Memory: 1.2M
CGroup: /system.slice/container-grafana.service
└─2542713 /usr/bin/conmon --api-version 1 -c bc437bff8a6a9548d72f22d75dc9bfb97cf60d1f9b1bd5b5add5b3197e3778c9 -u bc437bff8a6a9548d72f22d75dc9bfb97cf60d1f9b1bd5b5add5b3197e3778c9 -r /usr/bin/runc -b /var/lib/con>
Nov 12 17:58:57 web01 systemd[1]: Starting Podman container-grafana.service...
Nov 12 17:59:00 web01 systemd[1]: Started Podman container-grafana.service.
Nov 12 17:59:00 web01 podman[2542652]: bc437bff8a6a9548d72f22d75dc9bfb97cf60d1f9b1bd5b5add5b3197e3778c9
● container-devopstribe.service - Podman container-devopstribe.service
Loaded: loaded (/usr/lib/systemd/system/container-devopstribe.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2024-11-12 17:59:05 UTC; 1min 53s ago
Docs: man:podman-generate-systemd(1)
Main PID: 2542851 (conmon)
Tasks: 1 (limit: 22914)
Memory: 2.6M
CGroup: /system.slice/container-devopstribe.service
└─2542851 /usr/bin/conmon --api-version 1 -c c044fc2a723700585572e34d889425266f12b9c226b3f86dd8921c0b54979aed -u c044fc2a723700585572e34d889425266f12b9c226b3f86dd8921c0b54979aed -r /usr/bin/runc -b /var/lib/con>
Nov 12 17:59:00 web01 systemd[1]: Starting Podman container-devopstribe.service...
Nov 12 17:59:05 web01 systemd[1]: Started Podman container-devopstribe.service.
Nov 12 17:59:05 web01 podman[2542771]: c044fc2a723700585572e34d889425266f12b9c226b3f86dd8921c0b54979aed
● container-cartediaccollo2.service - Podman container-cartediaccollo2.service
Loaded: loaded (/usr/lib/systemd/system/container-cartediaccollo2.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2024-11-12 17:59:10 UTC; 1min 48s ago
Docs: man:podman-generate-systemd(1)
Main PID: 2543177 (conmon)
Tasks: 1 (limit: 22914)
Memory: 1.2M
CGroup: /system.slice/container-cartediaccollo2.service
└─2543177 /usr/bin/conmon --api-version 1 -c fc9be83b3cc3514d0439a47badc195c358c14f77e6c209c77394281255327f57 -u fc9be83b3cc3514d0439a47badc195c358c14f77e6c209c77394281255327f57 -r /usr/bin/runc -b /var/lib/con>
Nov 12 17:59:08 web01 systemd[1]: container-cartediaccollo2.service: Failed with result 'exit-code'.
Nov 12 17:59:08 web01 systemd[1]: Stopped Podman container-cartediaccollo2.service.
Nov 12 17:59:08 web01 systemd[1]: Starting Podman container-cartediaccollo2.service...
Nov 12 17:59:10 web01 systemd[1]: Started Podman container-cartediaccollo2.service.
Nov 12 17:59:10 web01 podman[2543019]: fc9be83b3cc3514d0439a47badc195c358c14f77e6c209c77394281255327f57Come sarebbe usando Podman Quadlet?
Come riportato anche in questo articolo https://www.redhat.com/en/blog/quadlet-podman con Quadlet è possibile istrumentare delle unit Systemd che abbiano al loro interno direttamente i parametri che esprimono i nostri container… Ne riporto di seguito un estratto.
| ContainerName=name | –name name |
| ContainersConfModule=/etc/nvd.conf | –module=/etc/nvd.conf |
| DNS=192.168.55.1 | –dns=192.168.55.1 |
| DNSOption=ndots:1 | –dns-option=ndots:1 |
| DNSSearch=example.com | –dns-search example.com |
| DropCapability=CAP | –cap-drop=CAP |
| Entrypoint=/foo.sh | –entrypoint=/foo.sh |
| Environment=foo=bar | –env foo=bar |
| EnvironmentFile=/tmp/env | –env-file /tmp/env |
| EnvironmentHost=true | –env-host |
| Exec=/usr/bin/command | Command after image specification – /usr/bin/command |
Ricapitolando, una unit system verrebbe più o meno così:
[Unit]
Description=The sleep container
After=local-fs.target
[Container]
Image=registry.access.redhat.com/ubi9-minimal:latest
Exec=sleep 1000
[Install]
# Start by default on boot
WantedBy=multi-user.target default.targetSupporta file .kube (manifest di pod Kubernetes) .network (container network) .container (definizione container) .volume (volumi per la persistenza dei container)
Non andiamo più a definire nelle unit .service dei container espandendo il comando “podman run… ” sostanzialmente, ma andiamo ad esprimere una unit che definisce i parametri necessari al container.
Direi che è molto utile e come sempre, per alcuni tipi di workload e quando non è necessario usare Kubernetes, anche delle VMs con Podman vanno più che bene.
A presto!