3:52 p.m.
Hi all,
I've been having issues with systemd and Podman. Especially when the
service is restarting.
Starting it initially works without problem, though when restarting I run
into one of two issues.
--reboot--
Jul 08 10:00:49 KeyraGuest1 systemd[1]: Started Bitwarden.
Jul 08 10:00:59 KeyraGuest1 podman[536]: Error: could not get runtime:
error creating tmpdir /run/user/1000/libpod/tmp: mkdir /run/user/1000:
permission denied
Jul 08 10:00:59 KeyraGuest1 systemd[1]: bitwarden.service: Main process
exited, code=exited, status=125/n/a
Jul 08 10:00:59 KeyraGuest1 systemd[1]: bitwarden.service: Failed with
result 'exit-code'.
Jul 08 10:01:29 KeyraGuest1 systemd[1]: bitwarden.service: Service
RestartSec=30s expired, scheduling restart.
Jul 08 10:01:29 KeyraGuest1 systemd[1]: bitwarden.service: Scheduled
restart job, restart counter is at 1.
Jul 08 10:01:29 KeyraGuest1 systemd[1]: Stopped Bitwarden.
And:
Jul 08 10:01:29 KeyraGuest1 systemd[1]: Started Bitwarden.
Jul 08 10:01:39 KeyraGuest1 podman[914]: 2019-07-08 10:01:39.067436802
+0000 UTC m=+1.076662432 system refresh
Jul 08 10:01:53 KeyraGuest1 podman[894]: Error: error creating container
storage: the container name "bitwarden" is already in use by
"34fb34844382c9118be3d377e9f41de6f21485329c824cdd0da109304a2506f3". You
have to remove that container to be able to reuse that name.: that name is
already in use
Jul 08 10:01:53 KeyraGuest1 systemd[1]: bitwarden.service: Main process
exited, code=exited, status=125/n/a
Jul 08 10:01:53 KeyraGuest1 systemd[1]: bitwarden.service: Failed with
result 'exit-code'.
Jul 08 10:02:23 KeyraGuest1 systemd[1]: bitwarden.service: Service
RestartSec=30s expired, scheduling restart.
Jul 08 10:02:23 KeyraGuest1 systemd[1]: bitwarden.service: Scheduled
restart job, restart counter is at 2.
Jul 08 10:02:23 KeyraGuest1 systemd[1]: Stopped Bitwarden.
I've attached the bitwarden_service, which runs podman with --rm, so it
should automatically remove the pod from before. With the first issue with
permission denied, I'm not sure what's causing that either.
Any help would be appreciated :)
Thanks,
Eric Gustavsson
He / Him
Associate Software Engineer
Red Hat <https://www.redhat.com>
IM: Telegram: @SpyTec
<https://www.redhat.com>
4:02 p.m.
On 7/9/19 3:52 PM, Eric Gustavsson wrote:
[Unit]
Description=Bitwarden
Wants=syslog.service
[Service]
User=spytec
Group=spytec
TimeoutStartSec=0
ExecStart=/usr/bin/podman run \
--security-opt label=disable \
--userns keep-id \
-e ROCKET_PORT=8080 \
-e SIGNUPS_ALLOWED=false \
-e ADMIN_TOKEN=key \
-p 8080:8080 \
-v /home/spytec/Bitwarden/bw-data/:/data/ \
--rm --name 'bitwarden' bitwardenrs/server:latest
ExecReload=-/usr/bin/podman stop 'bitwarden'
ExecReload=-/usr/bin/podman rm 'bitwarden'
ExecStop=-/usr/bin/podman stop 'bitwarden'
Restart=always
RestartSec=30s
KillMode=none
SyslogIdentify=bitwarden
[Install]
WantedBy=multi-user.target
[Unit]
Description=Bitwarden
Wants=syslog.service
[Service]
User=spytec
Group=spytec
TimeoutStartSec=0
ExecStart=/usr/bin/podman run \
--security-opt label=disable \
--userns keep-id \
-e ROCKET_PORT=8080 \
-e SIGNUPS_ALLOWED=false \
-e ADMIN_TOKEN=key \
-p 8080:8080 \
-v /home/spytec/Bitwarden/bw-data/:/data/ \
--rm --name 'bitwarden' bitwardenrs/server:latest
ExecReload=-/usr/bin/podman stop 'bitwarden'
ExecReload=-/usr/bin/podman rm 'bitwarden'
ExecStop=-/usr/bin/podman stop 'bitwarden'
Restart=always
RestartSec=30s
KillMode=none
SyslogIdentify=bitwarden
[Install]
WantedBy=multi-user.target
Why are you recreating the service each time. Why not just create the container and then
start and stop the container within the unit file.
/usr/bin/podman create \
--security-opt label=disable \
--userns keep-id \
-e ROCKET_PORT=8080 \
-e SIGNUPS_ALLOWED=false \
-e ADMIN_TOKEN=key \
-p 8080:8080 \
-v /home/spytec/Bitwarden/bw-data/:/data/ \
--rm --name 'bitwarden' bitwardenrs/server:latest
ExecStart=/usr/bin/podman start bitwarden
ExecStop=-/usr/bin/podman stop bitwarden
ExecReload-/usr/bin/podman restart bitwarden
Also why do yo need to disable SELinux separation?
Does
-v /home/spytec/Bitwarden/bw-data/:/data/:Z \
Allow you to work?
4:48 p.m.
On Tue, 9 Jul 2019 at 22:03, Daniel Walsh <dwalsh(a)redhat.com> wrote:
On 7/9/19 3:52 PM, Eric Gustavsson wrote:
> [Unit]
> Description=Bitwarden
> Wants=syslog.service
>
> [Service]
> User=spytec
> Group=spytec
> TimeoutStartSec=0
> ExecStart=/usr/bin/podman run \
> --security-opt label=disable \
> --userns keep-id \
> -e ROCKET_PORT=8080 \
> -e SIGNUPS_ALLOWED=false \
> -e ADMIN_TOKEN=key \
> -p 8080:8080 \
> -v /home/spytec/Bitwarden/bw-data/:/data/ \
> --rm --name 'bitwarden' bitwardenrs/server:latest
> ExecReload=-/usr/bin/podman stop 'bitwarden'
> ExecReload=-/usr/bin/podman rm 'bitwarden'
> ExecStop=-/usr/bin/podman stop 'bitwarden'
> Restart=always
> RestartSec=30s
> KillMode=none
> SyslogIdentify=bitwarden
>
> [Install]
> WantedBy=multi-user.target
[Unit]
Description=Bitwarden
Wants=syslog.service
[Service]
User=spytec
Group=spytec
TimeoutStartSec=0
ExecStart=/usr/bin/podman run \
--security-opt label=disable \
--userns keep-id \
-e ROCKET_PORT=8080 \
-e SIGNUPS_ALLOWED=false \
-e ADMIN_TOKEN=key \
-p 8080:8080 \
-v /home/spytec/Bitwarden/bw-data/:/data/ \
--rm --name 'bitwarden' bitwardenrs/server:latest
ExecReload=-/usr/bin/podman stop 'bitwarden'
ExecReload=-/usr/bin/podman rm 'bitwarden'
ExecStop=-/usr/bin/podman stop 'bitwarden'
Restart=always
RestartSec=30s
KillMode=none
SyslogIdentify=bitwarden
[Install]
WantedBy=multi-user.target
Why are you recreating the service each time. Why not just create the
container and then start and stop the container within the unit file.
I wanted to always keep the image up to date, so if I restart the service
it would fetch the latest image as well. I've seen articles doing this, is
this not good practise?
/usr/bin/podman create \
--security-opt label=disable \
--userns keep-id \
-e ROCKET_PORT=8080 \
-e SIGNUPS_ALLOWED=false \
-e ADMIN_TOKEN=key \
-p 8080:8080 \
-v /home/spytec/Bitwarden/bw-data/:/data/ \
--rm --name 'bitwarden' bitwardenrs/server:latest
ExecStart=/usr/bin/podman start bitwarden
ExecStop=-/usr/bin/podman stop bitwarden
ExecReload-/usr/bin/podman restart bitwarden
Also why do yo need to disable SELinux separation?
Does
-v /home/spytec/Bitwarden/bw-data/:/data/:Z \
Allow you to work?
That does indeed work, thank you. Forgot about the :Z annotation.
_______________________________________________
Podman mailing list -- podman(a)lists.podman.io
To unsubscribe send an email to podman-leave(a)lists.podman.io
1:11 p.m.
On 7/9/19 4:48 PM, Eric Gustavsson wrote:
On Tue, 9 Jul 2019 at 22:03, Daniel Walsh <dwalsh(a)redhat.com
<mailto:dwalsh@redhat.com>> wrote:
On 7/9/19 3:52 PM, Eric Gustavsson wrote:
> [Unit]
> Description=Bitwarden
> Wants=syslog.service
>
> [Service]
> User=spytec
> Group=spytec
> TimeoutStartSec=0
> ExecStart=/usr/bin/podman run \
> --security-opt label=disable \
> --userns keep-id \
> -e ROCKET_PORT=8080 \
> -e SIGNUPS_ALLOWED=false \
> -e ADMIN_TOKEN=key \
> -p 8080:8080 \
> -v /home/spytec/Bitwarden/bw-data/:/data/ \
> --rm --name 'bitwarden' bitwardenrs/server:latest
> ExecReload=-/usr/bin/podman stop 'bitwarden'
> ExecReload=-/usr/bin/podman rm 'bitwarden'
> ExecStop=-/usr/bin/podman stop 'bitwarden'
> Restart=always
> RestartSec=30s
> KillMode=none
> SyslogIdentify=bitwarden
>
> [Install]
> WantedBy=multi-user.target
[Unit]
Description=Bitwarden
Wants=syslog.service
[Service]
User=spytec
Group=spytec
TimeoutStartSec=0
ExecStart=/usr/bin/podman run \
--security-opt label=disable \
--userns keep-id \
-e ROCKET_PORT=8080 \
-e SIGNUPS_ALLOWED=false \
-e ADMIN_TOKEN=key \
-p 8080:8080 \
-v /home/spytec/Bitwarden/bw-data/:/data/ \
--rm --name 'bitwarden' bitwardenrs/server:latest
ExecReload=-/usr/bin/podman stop 'bitwarden'
ExecReload=-/usr/bin/podman rm 'bitwarden'
ExecStop=-/usr/bin/podman stop 'bitwarden'
Restart=always
RestartSec=30s
KillMode=none
SyslogIdentify=bitwarden
[Install]
WantedBy=multi-user.target
Why are you recreating the service each time. Why not just create
the container and then start and stop the container within the
unit file.
I wanted to always keep the image up to date, so if I restart the
service it would fetch the latest image as well. I've seen articles
doing this, is this not good practise?
/usr/bin/podman create \
--security-opt label=disable \
--userns keep-id \
-e ROCKET_PORT=8080 \
-e SIGNUPS_ALLOWED=false \
-e ADMIN_TOKEN=key \
-p 8080:8080 \
-v /home/spytec/Bitwarden/bw-data/:/data/ \
--rm --name 'bitwarden' bitwardenrs/server:latest
ExecStart=/usr/bin/podman start bitwarden
ExecStop=-/usr/bin/podman stop bitwarden
ExecReload-/usr/bin/podman restart bitwarden
Also why do yo need to disable SELinux separation?
Does
-v /home/spytec/Bitwarden/bw-data/:/data/:Z \
Allow you to work?
That does indeed work, thank you. Forgot about the :Z annotation.
_______________________________________________
Podman mailing list -- podman(a)lists.podman.io
<mailto:podman@lists.podman.io>
To unsubscribe send an email to podman-leave(a)lists.podman.io
<mailto:podman-leave@lists.podman.io>
_______________________________________________
Podman mailing list -- podman(a)lists.podman.io
To unsubscribe send an email to podman-leave(a)lists.podman.io
Might be better to have a daily cron job that recreates the container
when a new version shows up, and restarts the service.
1:28 p.m.
That seems like the more sensible solution, I will change the unit file to
be start/stop instead.
Thanks for your help Daniel,
Eric Gustavsson
He / Him
Associate Software Engineer
Red Hat <https://www.redhat.com>
IM: Telegram: @SpyTec
<https://www.redhat.com>
On Thu, 11 Jul 2019 at 19:11, Daniel Walsh <dwalsh(a)redhat.com> wrote:
On 7/9/19 4:48 PM, Eric Gustavsson wrote:
On Tue, 9 Jul 2019 at 22:03, Daniel Walsh <dwalsh(a)redhat.com> wrote:
> On 7/9/19 3:52 PM, Eric Gustavsson wrote:
> > [Unit]
> > Description=Bitwarden
> > Wants=syslog.service
> >
> > [Service]
> > User=spytec
> > Group=spytec
> > TimeoutStartSec=0
> > ExecStart=/usr/bin/podman run \
> > --security-opt label=disable \
> > --userns keep-id \
> > -e ROCKET_PORT=8080 \
> > -e SIGNUPS_ALLOWED=false \
> > -e ADMIN_TOKEN=key \
> > -p 8080:8080 \
> > -v /home/spytec/Bitwarden/bw-data/:/data/ \
> > --rm --name 'bitwarden' bitwardenrs/server:latest
> > ExecReload=-/usr/bin/podman stop 'bitwarden'
> > ExecReload=-/usr/bin/podman rm 'bitwarden'
> > ExecStop=-/usr/bin/podman stop 'bitwarden'
> > Restart=always
> > RestartSec=30s
> > KillMode=none
> > SyslogIdentify=bitwarden
> >
> > [Install]
> > WantedBy=multi-user.target
>
> [Unit]
> Description=Bitwarden
> Wants=syslog.service
>
> [Service]
> User=spytec
> Group=spytec
> TimeoutStartSec=0
> ExecStart=/usr/bin/podman run \
> --security-opt label=disable \
> --userns keep-id \
> -e ROCKET_PORT=8080 \
> -e SIGNUPS_ALLOWED=false \
> -e ADMIN_TOKEN=key \
> -p 8080:8080 \
> -v /home/spytec/Bitwarden/bw-data/:/data/ \
> --rm --name 'bitwarden' bitwardenrs/server:latest
> ExecReload=-/usr/bin/podman stop 'bitwarden'
> ExecReload=-/usr/bin/podman rm 'bitwarden'
> ExecStop=-/usr/bin/podman stop 'bitwarden'
> Restart=always
> RestartSec=30s
> KillMode=none
> SyslogIdentify=bitwarden
>
> [Install]
> WantedBy=multi-user.target
>
> Why are you recreating the service each time. Why not just create the
> container and then start and stop the container within the unit file.
>
I wanted to always keep the image up to date, so if I restart the service
it would fetch the latest image as well. I've seen articles doing this, is
this not good practise?
>
> /usr/bin/podman create \
> --security-opt label=disable \
> --userns keep-id \
> -e ROCKET_PORT=8080 \
> -e SIGNUPS_ALLOWED=false \
> -e ADMIN_TOKEN=key \
> -p 8080:8080 \
> -v /home/spytec/Bitwarden/bw-data/:/data/ \
> --rm --name 'bitwarden' bitwardenrs/server:latest
>
>
> ExecStart=/usr/bin/podman start bitwarden
> ExecStop=-/usr/bin/podman stop bitwarden
> ExecReload-/usr/bin/podman restart bitwarden
>
>
> Also why do yo need to disable SELinux separation?
>
> Does
> -v /home/spytec/Bitwarden/bw-data/:/data/:Z \
>
>
> Allow you to work?
>
That does indeed work, thank you. Forgot about the :Z annotation.
_______________________________________________
> Podman mailing list -- podman(a)lists.podman.io
> To unsubscribe send an email to podman-leave(a)lists.podman.io
>
_______________________________________________
Podman mailing list -- podman(a)lists.podman.io
To unsubscribe send an email to podman-leave(a)lists.podman.io
Might be better to have a daily cron job that recreates the container when
a new version shows up, and restarts the service.
_______________________________________________
Podman mailing list -- podman(a)lists.podman.io
To unsubscribe send an email to podman-leave(a)lists.podman.io
1961
days inactive
1963
days old
4 comments
2 participants
participants (2)
-
Daniel Walsh -
Eric Gustavsson