Running Podman in production for years now, and I don't miss the Docker daemon one bit.
-
@Larvitz yeah but it won't keep containers as is I guess, so I won't be able to keep using lxc commands directly…
@mmu_man Yeah for sure. LXC and Podman are different technologies.
-
Running Podman
in production for years now, and I don't miss the Docker daemon one bit.I just published a deep dive on managing OCI containers the Unix way: daemonless, rootless, and natively integrated with systemd via Quadlets.
I cover:
- Real secrets management
- Auto-updates via systemd timers
- The Docker compatibility layerThis is the guide I wish I had when making the switch.
Read it here: https://blog.hofstede.it/podman-in-production-quadlets-secrets-auto-updates-and-docker-compatibility/
#Podman #Linux #DevOps #Systemd #Homelab #Sysadmin #Containers
@Larvitz this is awesome, thanks for putting it together. I've been using podman for a few years and got started after generating the unit files from running containers. I wish I had a guide like this for getting started.
Quick question if you don't mind; I have a separate container running user and put the unit files in~/.config/systemd/user/instead. You suggest~/.config/containers/systemd/which seems to make sense as a path but I was hoping to understand the difference better. Could you please point me to a resource? -
@Larvitz this is awesome, thanks for putting it together. I've been using podman for a few years and got started after generating the unit files from running containers. I wish I had a guide like this for getting started.
Quick question if you don't mind; I have a separate container running user and put the unit files in~/.config/systemd/user/instead. You suggest~/.config/containers/systemd/which seems to make sense as a path but I was hoping to understand the difference better. Could you please point me to a resource?~/.config/systemd/user/ is for systmd units (podman generate systemd). That was the old way to do it.
~/.config/containers/systemd/ is for Quadlet files, the modern way to describe containers declaratively:
https://docs.podman.io/en/latest/markdown/podman-systemd.unit.5.html
Quadlets files are similar to Systemd units and describe a container with all it's attributes.
-
@Larvitz been wondering about switching to either podman or libvirt for the plain LXC things I have on a server, because some other admins are not used to it and want GUI tools, but I suppose that means migrating… ?
-
~/.config/systemd/user/ is for systmd units (podman generate systemd). That was the old way to do it.
~/.config/containers/systemd/ is for Quadlet files, the modern way to describe containers declaratively:
https://docs.podman.io/en/latest/markdown/podman-systemd.unit.5.html
Quadlets files are similar to Systemd units and describe a container with all it's attributes.
@Larvitz ahhhhh perfect, this made it click finally. I was just generically describing how to run an application (happened to be a container) and Quadlets use the unit file approach but describes the container itself (which I read in the unit file but didn't make the connection). Thanks so much!!
-
@oldsysops not sure, I'll have to check that
-
Running Podman
in production for years now, and I don't miss the Docker daemon one bit.I just published a deep dive on managing OCI containers the Unix way: daemonless, rootless, and natively integrated with systemd via Quadlets.
I cover:
- Real secrets management
- Auto-updates via systemd timers
- The Docker compatibility layerThis is the guide I wish I had when making the switch.
Read it here: https://blog.hofstede.it/podman-in-production-quadlets-secrets-auto-updates-and-docker-compatibility/
#Podman #Linux #DevOps #Systemd #Homelab #Sysadmin #Containers
@Larvitz another person of culture I see…/me tips hat
I’ve been operating with a mixture of quadlets and manual podman-compose containers for quite some time. I’ve found compatibility issues with some projects, but I decided those do not justify switching to docker. There’s also an annoying race condition with CNI coming up before networkmanager, but manual fix is easy enough for those times.
Great blog post! Thanks
-
@Larvitz another person of culture I see…/me tips hat
I’ve been operating with a mixture of quadlets and manual podman-compose containers for quite some time. I’ve found compatibility issues with some projects, but I decided those do not justify switching to docker. There’s also an annoying race condition with CNI coming up before networkmanager, but manual fix is easy enough for those times.
Great blog post! Thanks
@andrew That blog article took me the longest of them all. A first draft had been lingering in my blog's git repo since November last year, and I went through numerous rewrites of various parts until I found them good enough. Today, I added the final paragraph about Ansible and decided to publish it before I end up waiting another 6 months
-
Running Podman
in production for years now, and I don't miss the Docker daemon one bit.I just published a deep dive on managing OCI containers the Unix way: daemonless, rootless, and natively integrated with systemd via Quadlets.
I cover:
- Real secrets management
- Auto-updates via systemd timers
- The Docker compatibility layerThis is the guide I wish I had when making the switch.
Read it here: https://blog.hofstede.it/podman-in-production-quadlets-secrets-auto-updates-and-docker-compatibility/
#Podman #Linux #DevOps #Systemd #Homelab #Sysadmin #Containers
@Larvitz Maybe you could add the hint, that automatic starting of rootless quadlets needs an user, where lingering is enabled.
It can be found at the examples.
https://docs.podman.io/en/latest/markdown/podman-system-service.1.html
```
loginctl enable-linger <USER>
``` -
Running Podman
in production for years now, and I don't miss the Docker daemon one bit.I just published a deep dive on managing OCI containers the Unix way: daemonless, rootless, and natively integrated with systemd via Quadlets.
I cover:
- Real secrets management
- Auto-updates via systemd timers
- The Docker compatibility layerThis is the guide I wish I had when making the switch.
Read it here: https://blog.hofstede.it/podman-in-production-quadlets-secrets-auto-updates-and-docker-compatibility/
#Podman #Linux #DevOps #Systemd #Homelab #Sysadmin #Containers
@Larvitz I love podman too, but recently I’ve been wondering about running rootless containers that aren’t tied to a specific host user. I’ve posted this as a discussion topic here - thoughts? https://github.com/containers/podman/discussions/28445
-
Running Podman
in production for years now, and I don't miss the Docker daemon one bit.I just published a deep dive on managing OCI containers the Unix way: daemonless, rootless, and natively integrated with systemd via Quadlets.
I cover:
- Real secrets management
- Auto-updates via systemd timers
- The Docker compatibility layerThis is the guide I wish I had when making the switch.
Read it here: https://blog.hofstede.it/podman-in-production-quadlets-secrets-auto-updates-and-docker-compatibility/
#Podman #Linux #DevOps #Systemd #Homelab #Sysadmin #Containers
@Larvitz Thanks for the article.
I never went beyond podman compose because I couldn't really find beginner-friendly examples on how to use Quadlets in production, so this is a great reference on how to get started. -
Running Podman
in production for years now, and I don't miss the Docker daemon one bit.I just published a deep dive on managing OCI containers the Unix way: daemonless, rootless, and natively integrated with systemd via Quadlets.
I cover:
- Real secrets management
- Auto-updates via systemd timers
- The Docker compatibility layerThis is the guide I wish I had when making the switch.
Read it here: https://blog.hofstede.it/podman-in-production-quadlets-secrets-auto-updates-and-docker-compatibility/
#Podman #Linux #DevOps #Systemd #Homelab #Sysadmin #Containers
@Larvitz very good starter pack for podman! I'd say all the normal operations described well and then some. Only thing more I use is exec for various debugging things or fixing something in storage. But if this is for docker users, there is no difference.
-
Running Podman
in production for years now, and I don't miss the Docker daemon one bit.I just published a deep dive on managing OCI containers the Unix way: daemonless, rootless, and natively integrated with systemd via Quadlets.
I cover:
- Real secrets management
- Auto-updates via systemd timers
- The Docker compatibility layerThis is the guide I wish I had when making the switch.
Read it here: https://blog.hofstede.it/podman-in-production-quadlets-secrets-auto-updates-and-docker-compatibility/
#Podman #Linux #DevOps #Systemd #Homelab #Sysadmin #Containers
@Larvitz Now I know what I'll be reading tomorrow!
I made the switch about two years ago and use Podman for embedded systems development. It's much easier than spinning up a VM and combined with VSCodium makes a nice IDE that allows remote debugging.
-
Running Podman
in production for years now, and I don't miss the Docker daemon one bit.I just published a deep dive on managing OCI containers the Unix way: daemonless, rootless, and natively integrated with systemd via Quadlets.
I cover:
- Real secrets management
- Auto-updates via systemd timers
- The Docker compatibility layerThis is the guide I wish I had when making the switch.
Read it here: https://blog.hofstede.it/podman-in-production-quadlets-secrets-auto-updates-and-docker-compatibility/
#Podman #Linux #DevOps #Systemd #Homelab #Sysadmin #Containers
@Larvitz Interesting.
For me, the poor Compose support is one of the reasons I'm still sticking with Docker for development. Although, I think, the advantage of Compose files is simplicity (not having to commit to the whole systemd units system). -
@Larvitz I might be wrong but, don't you lose basically all advantages of Podman by doing so? Having to give up daemonless and rootless.
-
Running Podman
in production for years now, and I don't miss the Docker daemon one bit.I just published a deep dive on managing OCI containers the Unix way: daemonless, rootless, and natively integrated with systemd via Quadlets.
I cover:
- Real secrets management
- Auto-updates via systemd timers
- The Docker compatibility layerThis is the guide I wish I had when making the switch.
Read it here: https://blog.hofstede.it/podman-in-production-quadlets-secrets-auto-updates-and-docker-compatibility/
#Podman #Linux #DevOps #Systemd #Homelab #Sysadmin #Containers
@Larvitz I have been planning tot migrate tot podman but life has many priorities
Will read -
@Larvitz Thank you. I might have to dig a bit further into this.
-
Running Podman
in production for years now, and I don't miss the Docker daemon one bit.I just published a deep dive on managing OCI containers the Unix way: daemonless, rootless, and natively integrated with systemd via Quadlets.
I cover:
- Real secrets management
- Auto-updates via systemd timers
- The Docker compatibility layerThis is the guide I wish I had when making the switch.
Read it here: https://blog.hofstede.it/podman-in-production-quadlets-secrets-auto-updates-and-docker-compatibility/
#Podman #Linux #DevOps #Systemd #Homelab #Sysadmin #Containers
@Larvitz nice!
I am halfway with podman; still have compose files launched from systemd units that I write myself - they are all basically identical except the home directory setting
I deliberately use compose start only, not run. I do not want restarts to be messing about pulling new images when I dont expect it!
Is there an equivalent to quadlets for alternative init tools? I would not want to lock myself into systemd right now
seriousky looking at BSD. -
@Larvitz nice!
I am halfway with podman; still have compose files launched from systemd units that I write myself - they are all basically identical except the home directory setting
I deliberately use compose start only, not run. I do not want restarts to be messing about pulling new images when I dont expect it!
Is there an equivalent to quadlets for alternative init tools? I would not want to lock myself into systemd right now
seriousky looking at BSD.@Slash909uk I doin't know of any alternatives. Quadlets are transniently transformed into systemd units by a generator. That's all very systemd specific.
FreeBSD's Podman port ships with rc.d service scripts already. You enable them with:
sysrc podman_enable=YES
service podman start
sysrc podman_service_enable=YES
service podman_service startThen, containers started with --restart=always will be automatically restarted after a host reboot. Podman's internal restart logic handles this, with the podman service acting as the supervisor. This is the closest equivalent to what quadlets do on Linux.
-
@Slash909uk I doin't know of any alternatives. Quadlets are transniently transformed into systemd units by a generator. That's all very systemd specific.
FreeBSD's Podman port ships with rc.d service scripts already. You enable them with:
sysrc podman_enable=YES
service podman start
sysrc podman_service_enable=YES
service podman_service startThen, containers started with --restart=always will be automatically restarted after a host reboot. Podman's internal restart logic handles this, with the podman service acting as the supervisor. This is the closest equivalent to what quadlets do on Linux.
@Larvitz thanks, good to know there is BSD support already
