That seems like the more sensible solution, I will change the unit file to be start/stop instead.

Thanks for your help Daniel,

Eric Gustavsson

He / Him

Associate Software Engineer

Red Hat

IM: Telegram: @SpyTec



On Thu, 11 Jul 2019 at 19:11, Daniel Walsh <dwalsh@redhat.com> wrote:
On 7/9/19 4:48 PM, Eric Gustavsson wrote:



On Tue, 9 Jul 2019 at 22:03, Daniel Walsh <dwalsh@redhat.com> wrote:
On 7/9/19 3:52 PM, Eric Gustavsson wrote:
> [Unit]
> Description=Bitwarden
> Wants=syslog.service
>
> [Service]
> User=spytec
> Group=spytec
> TimeoutStartSec=0
> ExecStart=/usr/bin/podman run \
>   --security-opt label=disable \
>   --userns keep-id \
>   -e ROCKET_PORT=8080 \
>   -e SIGNUPS_ALLOWED=false \
>   -e ADMIN_TOKEN=key \
>   -p 8080:8080 \
>   -v /home/spytec/Bitwarden/bw-data/:/data/ \
>   --rm --name 'bitwarden' bitwardenrs/server:latest
> ExecReload=-/usr/bin/podman stop 'bitwarden'
> ExecReload=-/usr/bin/podman rm 'bitwarden'
> ExecStop=-/usr/bin/podman stop 'bitwarden'
> Restart=always
> RestartSec=30s
> KillMode=none
> SyslogIdentify=bitwarden
>
> [Install]
> WantedBy=multi-user.target

[Unit]
Description=Bitwarden
Wants=syslog.service

[Service]
User=spytec
Group=spytec
TimeoutStartSec=0
ExecStart=/usr/bin/podman run \
  --security-opt label=disable \
  --userns keep-id \
  -e ROCKET_PORT=8080 \
  -e SIGNUPS_ALLOWED=false \
  -e ADMIN_TOKEN=key \
  -p 8080:8080 \
  -v /home/spytec/Bitwarden/bw-data/:/data/ \
  --rm --name 'bitwarden' bitwardenrs/server:latest
ExecReload=-/usr/bin/podman stop 'bitwarden'
ExecReload=-/usr/bin/podman rm 'bitwarden'
ExecStop=-/usr/bin/podman stop 'bitwarden'
Restart=always
RestartSec=30s
KillMode=none
SyslogIdentify=bitwarden

[Install]
WantedBy=multi-user.target

Why are you recreating the service each time.  Why not just create the container and then start and stop the container within the unit file.
I wanted to always keep the image up to date, so if I restart the service it would fetch the latest image as well. I've seen articles doing this, is this not good practise?
 

/usr/bin/podman create \
  --security-opt label=disable \
  --userns keep-id \
  -e ROCKET_PORT=8080 \
  -e SIGNUPS_ALLOWED=false \
  -e ADMIN_TOKEN=key \
  -p 8080:8080 \
  -v /home/spytec/Bitwarden/bw-data/:/data/ \
  --rm --name 'bitwarden' bitwardenrs/server:latest


ExecStart=/usr/bin/podman start bitwarden
ExecStop=-/usr/bin/podman stop bitwarden
ExecReload-/usr/bin/podman restart bitwarden


Also why do yo need to disable SELinux separation?

Does
  -v /home/spytec/Bitwarden/bw-data/:/data/:Z \


Allow you to work?
That does indeed work, thank you. Forgot about the :Z annotation.

_______________________________________________
Podman mailing list -- podman@lists.podman.io
To unsubscribe send an email to podman-leave@lists.podman.io

_______________________________________________
Podman mailing list -- podman@lists.podman.io
To unsubscribe send an email to podman-leave@lists.podman.io

Might be better to have a daily cron job that recreates the container when a new version shows up, and restarts the service.

_______________________________________________
Podman mailing list -- podman@lists.podman.io
To unsubscribe send an email to podman-leave@lists.podman.io