So upon Valentin's suggestion I updated the podman systemd demo to be used by a rootless user(https://github.com/edhaynes/podman_systemd_usermode_demo.)  My only issue is when I systemctl --user start my containerized application it returns a 'protocol' failure in the logs with no other explanation.  Systemd dutifully restarts the service and voila - it then works.  So the demo "works" but has an unexplained systemd failure first run.  I'm seeing very little on google re: such error and this behaves exactly the same way on Fedora33, Rhel8.3, and Ubuntu20.10.  If anyone has a few cycles could they run this and see if they have any idea how to resolve this?

#!/bin/sh
podman pull redis
sudo setsebool -P container_manage_cgroup on
podman run -d --name redis_server -p 6379:6379 redis
podman generate systemd redis_server --restart-policy=always -t 5 -f -n
mkdir -p ~/.config/systemd/user
cp ./container-redis_server.service ~/.config/systemd/user/redis_server.service
systemctl enable --user redis_server.service
systemctl start --user redis_server.service **THIS IS WHERE IT THROWS ERROR
systemctl status --user redis_server.service

redis_server.service - Podman container-redis_server.service
     Loaded: loaded (/home/ehaynes/.config/systemd/user/redis_server.service; enabled; vendor preset: disable>
     Active: activating (auto-restart) (Result: protocol) since Tue 2020-12-08 17:49:54 EST; 10ms ago
       Docs: man:podman-generate-systemd(1)
    Process: 8054 ExecStart=/usr/bin/podman start redis_server (code=exited, status=0/SUCCESS)
    Process: 8064 ExecStopPost=/usr/bin/podman stop -t 5 redis_server (code=exited, status=0/SUCCESS)
        CPU: 101ms

Dec 08 17:49:54 localhost.localdomain systemd[906]: redis_server.service: Failed with result 'protocol'.
Dec 08 17:49:54 localhost.localdomain systemd[906]: Failed to start Podman container-redis_server.service.

https://github.com/edhaynes/podman_systemd_usermode_demo




On Mon, Dec 7, 2020 at 4:33 AM Valentin Rothberg <rothberg@redhat.com> wrote:
Hi Ed,

Thanks for sharing your demo, I love it.  I think it's a nice showcase for using Podman and Systemd in combination.  It really blurs the line between traditional Linux services and containers and how well they integrate when using Podman.

Note that being root is not a technical requirement.  We can do everything as an ordinary rootless user. The podman-generate-systemd man page [1] covers how rootless users can install the generated files and how lingering can be enabled so that rootless systemd services are started at boot time.

Kind regards,
 Valentin


On Fri, Dec 4, 2020 at 10:00 PM Ed Haynes <ehaynes@redhat.com> wrote:
I put together a small podman systemd demo for one of my customers and would be happy for comments or suggestions.    It's here:


In my case the customer is pretty new to both podman and also the idea of using systemd to manage things so I wanted to keep it pretty simple and spell things out.   Let me know what you think -

Ed


podman_systemd_demo

Showing podman integration with Systemd to manage lifecycle of container

For this project I created a vm based on fedora33 to act as a sandbox. Go into the fedora vm and git clone this project to run locally.

Purpose is to show how podman can easily use systemd to manage lifecycle of a container. Think of a small edge device, too small to run kubernetes, but you would like to run containerized applications on it so that you can isolate application dependencies from the OS. The OS is minimal and just enough to run containers, but you would like for containers to restart if they crash and also restart automatically on reboot. For this example I'm running redis, an in-memory key value database as an example.

This demo should be run as root - in fedora

sudo su -

There are 3 scripts.

"launch_redis_container.sh" will pull the redis container, then set appropriate SELinux permissions. The containerized redis server is launched and mapped to the normal redis networking ports. Then 'podman generate systemd' creates a systemd unit file based on this container which is enabled and started. Now your containerized database is running and systemd is managing its lifecycle as a normal linux service.

At this point the status of the redis-server will be shown (press "q" to get out).

"test_redis_container.sh" exercises the redis database api by setting a value and then retrieving it to show the database is working. The database is then killed using pkill and you're shown how systemd creates a new container to replace it and also the recovered database is working. The systemd unit file also specifies the container to restart at startup so if you like restart the VM and verify the database is still working.

cleanup.sh stops the redis-server, disables the service, and cleans up the systemd unit file and the container so you can run this demo again from the top if you like.



--
Ed Haynes

SOLUTIONS ARCHITECT

ehaynes@redhat.com    M: (978)-551-0057    


TRIED. TESTED. TRUSTED.
_______________________________________________
Podman mailing list -- podman@lists.podman.io
To unsubscribe send an email to podman-leave@lists.podman.io


--
Ed Haynes

SOLUTIONS ARCHITECT

ehaynes@redhat.com    M: (978)-551-0057    


TRIED. TESTED. TRUSTED.