10.f Configure a container to start automatically as a systemd service

...

We can use podman generate systemd to create a systemd unit file.

Change into the Systemd unit files folder

# cd /etc/systemd/system
Copy

📝 NOTE: The systemd unit files folder can be /etc/systemd/system or /usr/lib/systemd/system.

Create the systemd unit file

# podman generate systemd -f -n -t 2 naughty_albattani  
/etc/systemd/system/container-naughty_albattani.service
Copy

The new systemd unit file looks like this

# container-naughty_albattani.service
# autogenerated by Podman 2.0.5
# Fri Dec  4 12:04:22 EST 2020

[Unit]
Description=Podman container-naughty_albattani.service
Documentation=man:podman-generate-systemd(1)
Wants=network.target
After=network-online.target

[Service]
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
ExecStart=/usr/bin/podman start naughty_albattani
ExecStop=/usr/bin/podman stop -t 2 naughty_albattani
ExecStopPost=/usr/bin/podman stop -t 2 naughty_albattani
PIDFile=/var/run/containers/storage/overlay-containers/435cb8153beaae5d92668bd83965d9169f8718fe0849bf398661f340d998e5cc/userdata/conmon.pid
KillMode=none
Type=forking

[Install]
WantedBy=multi-user.target default.target
Copy

Start and enable the service

# systemctl enable –-now container-naughty_albattani.service
Copy

Make sure that it's running

# systemctl status container-naughty_albattani.service
● container-naughty_albattani.service - Podman container-naughty_albattani.service
   Loaded: loaded (/etc/systemd/system/container-httpd_systemd.service; enabled; vendor preset: disabled)
   Active: active (running) since Sat 2020-12-05 18:12:39 EST; 34min ago
     Docs: man:podman-generate-systemd(1)
  Process: 55913 ExecStart=/usr/bin/podman start naughty_albattani (code=exited, status=0/SUCCESS)
Main PID: 56006 (conmon)
    Tasks: 2 (limit: 12285)
   Memory: 2.0M
   CGroup: /system.slice/container-naughty_albattani.service
           └─56006 /usr/bin/conmon --api-version 1 -c 443cbcf1ec10662140c904417ea36520418f6f8c02817c0f05746b07a3dea84b -u 443cbcf1ec10662140c904417ea36520418f6f8c02817c0f05746b07a3dea84b -r /usr/bin/runc -b /va>
Dec 05 18:12:38 rhel8-lab systemd[1]: Starting Podman container-naughty_albattani.service...
Dec 05 18:12:39 rhel8-lab podman[55913]: naughty_albattani
Dec 05 18:12:39 rhel8-lab systemd[1]: Started Podman container-naughty_albattani.service.
Copy

And double check with 'podman ps'

# podman ps -a
CONTAINER ID  IMAGE                                 COMMAND               CREATED       STATUS                  PORTS                 NAMES
435cb8153bea  docker.io/library/httpd:latest        httpd-foreground      46 hours ago  Up 24 hours ago         0.0.0.0:8080->80/tcp  naughty_albattani
Copy

It's always a good approach to run rootless containers. This will provide another layer of security by downgrading the possible access that the container could have.

📝 IMPORTANT NOTES:

• Users run the Systemd commands with systemctl –user
• User unit files are stored at ~/.config/systemd/user/
• User Systemd services by default only run when a user logs in (they do not start with the server)
• When creating a new account, make sure to create a non-system account, otherwise you will not be able to start the services
• You cannot run systemctl as user after changing into the user with sudo or su. You will need to ssh or fully login as the user