RHCSA Practical Lab Series – Configuring a Container as a Systemd Service

Expertise in Cloud, Networking & DevOps
Photo by Alexandre Debiève / Unsplash

πŸ” Lab 14: Running a Container as a Systemd Service

πŸ“Œ Objective

In this lab, you will:

βœ” Set up a systemd service for a container using Podman
βœ” Ensure the container automatically starts on system boot
βœ” Use persistent storage by binding host directories to the container
βœ” Run the service as a non-root user (devops)


πŸ“Œ Step 1: Prepare the Required Directories

πŸ”Ή Create directories for persistent storage and ensure correct ownership:

[root@node1 ~]# sudo mkdir /opt/{data,logs}
[root@node1 ~]# sudo chown devops:devops /opt/{data,logs}

πŸ“Œ Explanation:

  • /opt/data β†’ Mounted inside the container for application files.
  • /opt/logs β†’ Stores application logs persistently.
  • chown devops:devops β†’ Grants ownership to devops, preventing permission issues.

βœ… Proceed to Step 2 once directories are set up.


πŸ“Œ Step 2: Run the Container in Detached Mode

πŸ”Ή Start a new container named appservice with persistent storage:

[devops@node1 ~]$ podman run -d --name appservice \
    -v /opt/data:/app/data:Z \
    -v /opt/logs:/app/logs:Z \
    localhost/appserver:latest

πŸ“Œ Explanation:

  • -d β†’ Runs the container in detached mode.
  • --name appservice β†’ Assigns a recognizable name.
  • -v /opt/data:/app/data:Z β†’ Mounts /opt/data to /app/data inside the container.
  • -v /opt/logs:/app/logs:Z β†’ Mounts /opt/logs to /app/logs inside the container.
  • localhost/appserver:latest β†’ Uses the locally built appserver image.

βœ… Check if the container is running:

[devops@node1 ~]$ podman ps -a

πŸ”Ή Expected Output:

CONTAINER ID  IMAGE                   STATUS        PORTS  NAMES
a1b2c3d4e5f6  localhost/appserver:latest  Up 10s         appservice

βœ… If the container is running, proceed to Step 3.


πŸ“Œ Step 3: Generate a systemd Service File for Podman

πŸ”Ή Create the required systemd user directory:

[devops@node1 ~]$ mkdir -p ~/.config/systemd/user

πŸ”Ή Generate the systemd service unit for appservice:

[devops@node1 ~]$ podman generate systemd --name appservice --new > ~/.config/systemd/user/container-appservice.service

πŸ“Œ Explanation:

  • podman generate systemd β†’ Generates a systemd service file for the container.
  • --name appservice β†’ Specifies the container name.
  • --new β†’ Ensures the service creates a new instance of the container when restarted.
  • > ~/.config/systemd/user/container-appservice.service β†’ Saves the output as a service file.

βœ… List the generated systemd service files:

[devops@node1 ~]$ ls ~/.config/systemd/user/

πŸ”Ή Expected Output:

container-appservice.service

βœ… If the file exists, proceed to Step 4.


πŸ“Œ Step 4: Enable and Start the Container Service

πŸ”Ή Reload systemd to recognize the new service:

[devops@node1 ~]$ systemctl --user daemon-reload

πŸ”Ή Enable and start the container as a service:

[devops@node1 ~]$ systemctl --user enable --now container-appservice

πŸ“Œ Explanation:

  • --user β†’ Runs the service as a non-root user.
  • enable β†’ Enables the service to start at boot.
  • --now β†’ Starts the service immediately.

βœ… Check service status:

[devops@node1 ~]$ systemctl --user status container-appservice

πŸ”Ή Expected Output:

● container-appservice.service - Podman container-appservice
   Loaded: loaded (/home/devops/.config/systemd/user/container-appservice.service; enabled)
   Active: active (running) since Mon 2024-03-25 10:00:00 UTC; 5s ago

βœ… If Active: running appears, the service is running successfully.


πŸ“Œ Step 5: Enable Lingering for Automatic Startup

πŸ”Ή Allow devops user services to run without logging in:

[root@node1 ~]# loginctl enable-linger devops

πŸ“Œ Explanation:

  • Ensures user systemd services start automatically on boot, even if the user isn’t logged in.

βœ… Verify lingering is enabled:

[root@node1 ~]# loginctl show-user devops

πŸ”Ή Expected Output (Contains Linger=yes)

Linger=yes

βœ… If Linger=yes, the container service will start automatically on boot.


πŸ“Œ Step 6: Reboot and Verify Automatic Startup

πŸ”Ή Restart the system:

[root@node1 ~]# reboot

πŸ”Ή Once the system reboots, log back in as devops:

[root@node1 ~]# ssh devops@node1

πŸ”Ή Check if the container is running:

[devops@node1 ~]$ podman ps

πŸ”Ή Expected Output:

CONTAINER ID  IMAGE                   STATUS        PORTS  NAMES
a1b2c3d4e5f6  localhost/appserver:latest  Up 20s         appservice

βœ… If the container is running after reboot, the configuration is successful!


βœ… Final Summary

βœ” Created a persistent container service with Podman
βœ” Configured systemd service management for the container
βœ” Enabled automatic startup using loginctl enable-linger
βœ” Verified the container runs after a system reboot


πŸ“Œ Next Lab: Granting a User Group Sudo Privileges Without a Password

πŸ“© Subscribe for more RHCSA exam labs and hands-on tutorials! πŸš€


Read more