Hi Jacques,

Thanks for reaching out.

Are you always running the service as root?  Can you share the logs of this service?

Since you're running Podman in systemd, you may be interested in looking into Quadlet [1] [2].

[1] https://www.redhat.com/sysadmin/quadlet-podman
[2] https://docs.podman.io/en/latest/markdown/podman-systemd.unit.5.html

On Thu, Aug 31, 2023 at 10:39 PM Jacques Jessen <jacques.jessen@gmail.com> wrote:
Running Podman as root and created a container for Symantec's HSM Agent.

When manually started, it reports as working:


[root@PoC ~]# podman ps
CONTAINER ID  IMAGE                                    COMMAND          CREATED        STATUS        PORTS                                                                   NAMES
b53be5503ca7  localhost/symantec_hsm_agent:2.1_269362  catalina.sh run  4 minutes ago  Up 4 minutes  0.0.0.0:8080->8080/tcp, 0.0.0.0:8082->8082/tcp, 0.0.0.0:8443->8443/tcp  symhsm_agent

[root@PoC ~]# podman stats
ID            NAME          CPU %       MEM USAGE / LIMIT  MEM %       NET IO           BLOCK IO      PIDS        CPU TIME      AVG CPU %
b53be5503ca7  symhsm_agent  3.55%       216MB / 4.112GB    5.25%       1.93kB / 1.09kB  249.2MB / 0B  29          3.759969275s  3.55%


You can successfully access the 8080, 8082, 8443 ports with a browser.

However, if the server is rebooted, while Podman will show results as above that it is working, from a browser you will be told:


ERR_CONNECTION_TIMED_OUT


If you manually Stop and Start the container, you can successfully access the 8080, 8082, 8443 ports with a browser.

Given there's no change in the configuration, this feels like there's a timing issue with the initial start.  I used the Podman provided response to create the Service file:


[root@PoC ~]# podman generate systemd --new --name symhsm_agent
# container-symhsm_agent.service
# autogenerated by Podman

[Unit]
Description=Podman container-symhsm_agent.service
Documentation=man:podman-generate-systemd(1)
Wants=network-online.target
After=network-online.target
RequiresMountsFor=%t/containers

[Service]
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
ExecStart=/usr/bin/podman run \
        --cidfile=%t/%n.ctr-id \
        --cgroups=no-conmon \
        --rm \
        --sdnotify=conmon \
        --replace \
        -d \
        --name symhsm_agent \
        -p 8443:8443 \
        -p 8082:8082 \
        -p 8080:8080 \
        -v /opt/podman/:/usr/local/luna symantec_hsm_agent:2.1_269362
ExecStop=/usr/bin/podman stop \
        --ignore -t 10 \
        --cidfile=%t/%n.ctr-id
ExecStopPost=/usr/bin/podman rm \
        -f \
        --ignore -t 10 \
        --cidfile=%t/%n.ctr-id
Type=notify
NotifyAccess=all

[Install]
WantedBy=default.target


Having to manually login and restart the container kind of defeats the purpose.

Thoughts and feedback appreciated.
_______________________________________________
Podman mailing list -- podman@lists.podman.io
To unsubscribe send an email to podman-leave@lists.podman.io