6 Working With Podman Services
Podman can integrate with Systemd services to manage pods and containers as system services. By using Podman service wrappers, you can configure containers or pods to start at system boot and you can manage them similarly as other services that run on the host system.
Podman provides the tools to automatically generate Systemd service wrapper configuration files for any containers or pods on the system, so that you can manage container infrastructure using Systemd.
You can use Systemd user services if you're running containers as a standard user, or you can configure system level services if you're running containers as the root user.
Setting SELinux Permissions for Container and Pod Service Wrappers
If you have set SELinux to enforcing mode on the system, you must turn on
the container_manage_cgroup permission so that Systemd can be used to start,
stop, and monitor containers:
sudo setsebool -P container_manage_cgroup on
Generating Podman Service Wrappers
Instead of writing a Systemd service wrapper from scratch, use the podman generate systemd command to automatically generate the service configuration file.
If you intend to run containers as root user system services, store the container service
wrapper configuration files in /etc/systemd/system/. If you intend to run
containers as a standard user, save the container service wrapper configuration files in
$HOME/.config/systemd/user/.
Generating Podman Service Wrappers for Containers
To generate a Systemd service wrapper for an individual
container and store it in the
$HOME/.config/systemd/user directory:
podman generate systemd --name containername > $HOME/.config/systemd/user/container-containername.service
Generating Podman Service Wrappers for Pods
To generate a Podman service wrapper for a specific pod, use the following command:
podman generate systemd --name podnameHowever, to include generating service wrapper configuration files for all the containers
within a pod itself, use the --file option with the command. In this case,
run the command in the directory where you intend to generate the files.
Suppose that in $HOME/.config/systemd/user, you want to generate Podman
service wrappers for both mypod and its containers. You would run the
following commands:
cd $HOME/.config/systemd/user/ podman generate systemd --files --name mypod
With this command, the service wrapper that's responsible for mypod
includes dependencies on each of the container wrappers that are required for the pod to run
successfully.
If you start or stop the pod by using its Systemd service wrapper, the container services automatically trigger the same action.
Managing Podman Services
Systemd services are all managed by using the systemctl command.
After you have configured Systemd service wrappers for any containers or pods, you can use systemctl commands to manage those containers or pods as services.
If you're running containers as a standard user, all systemctl
commands must use the --user option.
Starting and Restarting Podman Services
Caution:
If a container or pod is already running outside of the Systemd service wrapper, the service wrapper is unable to start the container or pod. If so, use the podman stop or podman pod stop command to stop the container or pod first.
As a root user, you can start a container if its service configuration is stored in
/etc/systemd/system/, for example:
sudo systemctl start container-containername.service As a standard user, if you stored a service configuration in
$HOME/.config/systemd/user, you can start the container in the same
way but you must use the --user option:
systemctl --user start container-containername.serviceStarting the service wrapper for a pod uses a parallel command syntax, as follows:
sudo systemctl start pod-podname.service You can restart the service wrapper for a container or pod by using the systemctl
restart command. The following command restarts a pod as a standard user:
systemctl --user restart pod-podname.serviceIf you start or restart a pod, all containers that are part of the pod are equally started or restarted.
Enabling Automated Restore for Podman Services
You can add custom configuration steps when you generate service wrappers for Podman containers.
For example, to create a service wrapper that always restarts after a one second timeout, set
the --restart-policy flag with a parameter value, as shown:
sudo systemctl generate systemd --restart-policy=always -t 1 containername > /etc/systemd/user/container-containername.service
To set the service wrapper to run automatically when the system starts up, type:
sudo systemctl enable container-containername.serviceYou can use the same commands with the service wrapper for a pod:
sudo systemctl enable pod-podname.serviceIf services are running as a standard user, you would need to give the user permission to run processes when they're not logged in. Otherwise, the user can't enable the service. Type the following command as the root user:
sudo loginctl enable-linger userFor more information, see https://docs.oracle.com/en/learn/use_systemd/index.html .
Changing Podman Service Wrapper Configuration
The Systemd service wrapper configuration files that are generated by Podman follow standard Systemd configuration format and specification. You can change any of the service wrapper configuration files that are generated by manually editing these files within a text editor.
Change the behavior of Systemd services wrappers on Oracle Linux 8 by following the instructions at Oracle Linux 8: Managing Core System Configuration. On Oracle Linux 9, see Oracle Linux 9: Managing Core System Configuration for more information.
For more information about how you can make modifications to the
service wrapper you have generated with the podman
generate systemd command, see
https://docs.podman.io/en/latest/markdown/podman-generate-systemd.1.html.