1:28 p.m.
That seems like the more sensible solution, I will change the unit file to
be start/stop instead.
Thanks for your help Daniel,
Eric Gustavsson
He / Him
Associate Software Engineer
Red Hat <https://www.redhat.com>
IM: Telegram: @SpyTec
<https://www.redhat.com>
On Thu, 11 Jul 2019 at 19:11, Daniel Walsh <dwalsh(a)redhat.com> wrote:
On 7/9/19 4:48 PM, Eric Gustavsson wrote:
On Tue, 9 Jul 2019 at 22:03, Daniel Walsh <dwalsh(a)redhat.com> wrote:
> On 7/9/19 3:52 PM, Eric Gustavsson wrote:
> > [Unit]
> > Description=Bitwarden
> > Wants=syslog.service
> >
> > [Service]
> > User=spytec
> > Group=spytec
> > TimeoutStartSec=0
> > ExecStart=/usr/bin/podman run \
> > --security-opt label=disable \
> > --userns keep-id \
> > -e ROCKET_PORT=8080 \
> > -e SIGNUPS_ALLOWED=false \
> > -e ADMIN_TOKEN=key \
> > -p 8080:8080 \
> > -v /home/spytec/Bitwarden/bw-data/:/data/ \
> > --rm --name 'bitwarden' bitwardenrs/server:latest
> > ExecReload=-/usr/bin/podman stop 'bitwarden'
> > ExecReload=-/usr/bin/podman rm 'bitwarden'
> > ExecStop=-/usr/bin/podman stop 'bitwarden'
> > Restart=always
> > RestartSec=30s
> > KillMode=none
> > SyslogIdentify=bitwarden
> >
> > [Install]
> > WantedBy=multi-user.target
>
> [Unit]
> Description=Bitwarden
> Wants=syslog.service
>
> [Service]
> User=spytec
> Group=spytec
> TimeoutStartSec=0
> ExecStart=/usr/bin/podman run \
> --security-opt label=disable \
> --userns keep-id \
> -e ROCKET_PORT=8080 \
> -e SIGNUPS_ALLOWED=false \
> -e ADMIN_TOKEN=key \
> -p 8080:8080 \
> -v /home/spytec/Bitwarden/bw-data/:/data/ \
> --rm --name 'bitwarden' bitwardenrs/server:latest
> ExecReload=-/usr/bin/podman stop 'bitwarden'
> ExecReload=-/usr/bin/podman rm 'bitwarden'
> ExecStop=-/usr/bin/podman stop 'bitwarden'
> Restart=always
> RestartSec=30s
> KillMode=none
> SyslogIdentify=bitwarden
>
> [Install]
> WantedBy=multi-user.target
>
> Why are you recreating the service each time. Why not just create the
> container and then start and stop the container within the unit file.
>
I wanted to always keep the image up to date, so if I restart the service
it would fetch the latest image as well. I've seen articles doing this, is
this not good practise?
>
> /usr/bin/podman create \
> --security-opt label=disable \
> --userns keep-id \
> -e ROCKET_PORT=8080 \
> -e SIGNUPS_ALLOWED=false \
> -e ADMIN_TOKEN=key \
> -p 8080:8080 \
> -v /home/spytec/Bitwarden/bw-data/:/data/ \
> --rm --name 'bitwarden' bitwardenrs/server:latest
>
>
> ExecStart=/usr/bin/podman start bitwarden
> ExecStop=-/usr/bin/podman stop bitwarden
> ExecReload-/usr/bin/podman restart bitwarden
>
>
> Also why do yo need to disable SELinux separation?
>
> Does
> -v /home/spytec/Bitwarden/bw-data/:/data/:Z \
>
>
> Allow you to work?
>
That does indeed work, thank you. Forgot about the :Z annotation.
_______________________________________________
> Podman mailing list -- podman(a)lists.podman.io
> To unsubscribe send an email to podman-leave(a)lists.podman.io
>
_______________________________________________
Podman mailing list -- podman(a)lists.podman.io
To unsubscribe send an email to podman-leave(a)lists.podman.io
Might be better to have a daily cron job that recreates the container when
a new version shows up, and restarts the service.
_______________________________________________
Podman mailing list -- podman(a)lists.podman.io
To unsubscribe send an email to podman-leave(a)lists.podman.io