diff --git a/Using-Podman.md b/Using-Podman.md new file mode 100644 index 0000000..3bbefc4 --- /dev/null +++ b/Using-Podman.md @@ -0,0 +1,55 @@ +[Podman](https://podman.io/) is a daemonless alternative to Docker, which is mostly compatible with Docker containers. + +# Creating a systemd service file +Podman is easier to run in systemd than Docker due to its daemonless architechture. It comes with a handy generate command which can generate systemd files, here's a [good article going into more detail](https://www.redhat.com/sysadmin/podman-shareable-systemd-services). +```sh +$ podman run -d --name bitwarden -v /bw-data/:/data/:Z -e ROCKET_PORT=8080 -p 8080:8080 bitwardenrs/server:latest +54502f309f3092d32b4c496ef3d099b270b2af7b5464e7cb4887bc16a4d38597 +$ podman generate systemd --name bitwarden +# container-foo.service +# autogenerated by Podman 1.6.2 +# Tue Nov 19 15:49:15 CET 2019 + +[Unit] +Description=Podman container-foo.service +Documentation=man:podman-generate-systemd(1) + +[Service] +Restart=on-failure +ExecStart=/usr/bin/podman start bitwarden +ExecStop=/usr/bin/podman stop -t 10 bitwarden +KillMode=none +Type=forking +PIDFile=/run/user/1000/overlay-containers/54502f309f3092d32b4c496ef3d099b270b2af7b5464e7cb4887bc16a4d38597/userdata/conmon.pid +``` + +You can provide a `--files` flag to dedicate a specific file to output the systemd service file to. With this we can enable and start the container as any normal service file. +```sh +$ systemctl --user enable /etc/systemd/system/container-bitwarden.service +$ systemctl --user start container-bitwarden.service +``` + +## New container every restart +If we want to create a new container every time the service starts we can edit the service file to contain the following: +```sh +[Service] +Restart=on-failure +ExecStartPre=/usr/bin/rm -f /%t/%n-pid /%t/%n-cid +ExecStart=/usr/bin/podman run --conmon-pidfile /%t/%n-pid --env-file=/home/spytec/Bitwarden/bitwarden.conf -d -p 8080:8080 -v /home/spytec/Bitwarden/bw-data:/data/:Z bitwardenrs/server:latest +ExecStop=/usr/bin/podman rm -f --cid-file /%t/%n-cid +KillMode=none +Type=forking +PIDFile=/%t/%n-pid +``` +Where `bitwarden.conf` environment file can contain all the container environment values you need +```conf +ROCKET_PORT=8080 +``` + +If you want the container to have a specific name, you might need to add `ExecStartPre=/usr/bin/podman rm -i -f bitwarden` if the process isn't cleaned up correctly. + +# Troubleshooting +## Debugging systemd service file +If the host goes down or the container crashes, the systemd service file should automatically stop the existing container and spin it up again. We can find the error through `journalctl --user -u container-bitwarden -t 100`. + +Most of the time the errors we see can be fixed by simply upping the timeout in podman command in the service file. \ No newline at end of file