[Podman] Re: Problems with Podman in systemd

Thursday, 11 July 2019

On 7/9/19 4:48 PM, Eric Gustavsson wrote:
...

 On Tue, 9 Jul 2019 at 22:03, Daniel Walsh <dwalsh(a)redhat.com
 <mailto:dwalsh@redhat.com>> wrote:

     On 7/9/19 3:52 PM, Eric Gustavsson wrote:
     > [Unit]
     > Description=Bitwarden
     > Wants=syslog.service
     >
     > [Service]
     > User=spytec
     > Group=spytec
     > TimeoutStartSec=0
     > ExecStart=/usr/bin/podman run \
     >   --security-opt label=disable \
     >   --userns keep-id \
     >   -e ROCKET_PORT=8080 \
     >   -e SIGNUPS_ALLOWED=false \
     >   -e ADMIN_TOKEN=key \
     >   -p 8080:8080 \
     >   -v /home/spytec/Bitwarden/bw-data/:/data/ \
     >   --rm --name 'bitwarden' bitwardenrs/server:latest
     > ExecReload=-/usr/bin/podman stop 'bitwarden'
     > ExecReload=-/usr/bin/podman rm 'bitwarden'
     > ExecStop=-/usr/bin/podman stop 'bitwarden'
     > Restart=always
     > RestartSec=30s
     > KillMode=none
     > SyslogIdentify=bitwarden
     >
     > [Install]
     > WantedBy=multi-user.target

     [Unit]
     Description=Bitwarden
     Wants=syslog.service

     [Service]
     User=spytec
     Group=spytec
     TimeoutStartSec=0
     ExecStart=/usr/bin/podman run \
       --security-opt label=disable \
       --userns keep-id \
       -e ROCKET_PORT=8080 \
       -e SIGNUPS_ALLOWED=false \
       -e ADMIN_TOKEN=key \
       -p 8080:8080 \
       -v /home/spytec/Bitwarden/bw-data/:/data/ \
       --rm --name 'bitwarden' bitwardenrs/server:latest
     ExecReload=-/usr/bin/podman stop 'bitwarden'
     ExecReload=-/usr/bin/podman rm 'bitwarden'
     ExecStop=-/usr/bin/podman stop 'bitwarden'
     Restart=always
     RestartSec=30s
     KillMode=none
     SyslogIdentify=bitwarden

     [Install]
     WantedBy=multi-user.target

     Why are you recreating the service each time.  Why not just create
     the container and then start and stop the container within the
     unit file.

 I wanted to always keep the image up to date, so if I restart the
 service it would fetch the latest image as well. I've seen articles
 doing this, is this not good practise?

     /usr/bin/podman create \
       --security-opt label=disable \
       --userns keep-id \
       -e ROCKET_PORT=8080 \
       -e SIGNUPS_ALLOWED=false \
       -e ADMIN_TOKEN=key \
       -p 8080:8080 \
       -v /home/spytec/Bitwarden/bw-data/:/data/ \
       --rm --name 'bitwarden' bitwardenrs/server:latest

     ExecStart=/usr/bin/podman start bitwarden
     ExecStop=-/usr/bin/podman stop bitwarden
     ExecReload-/usr/bin/podman restart bitwarden

     Also why do yo need to disable SELinux separation?

     Does
       -v /home/spytec/Bitwarden/bw-data/:/data/:Z \

     Allow you to work?

 That does indeed work, thank you. Forgot about the :Z annotation.

     _______________________________________________
     Podman mailing list -- podman(a)lists.podman.io
     <mailto:podman@lists.podman.io>
     To unsubscribe send an email to podman-leave(a)lists.podman.io
     <mailto:podman-leave@lists.podman.io>

 _______________________________________________
 Podman mailing list -- podman(a)lists.podman.io
 To unsubscribe send an email to podman-leave(a)lists.podman.io 
Might be better to have a daily cron job that recreates the container
when a new version shows up, and restarts the service.

2025

2024

2023

2022

2021

2020

2019

[Podman] Re: Problems with Podman in systemd