RHCSA Practical Lab Series – Configuring a Container as a Systemd Service

🔍 Lab 14: Running a Container as a Systemd Service

📌 Objective

In this lab, you will:

✔ Set up a systemd service for a container using Podman
✔ Ensure the container automatically starts on system boot
✔ Use persistent storage by binding host directories to the container
✔ Run the service as a non-root user (devops)

📌 Step 1: Prepare the Required Directories

🔹 Create directories for persistent storage and ensure correct ownership:

[root@node1 ~]# sudo mkdir /opt/{data,logs}
[root@node1 ~]# sudo chown devops:devops /opt/{data,logs}

📌 Explanation:

• /opt/data → Mounted inside the container for application files.
• /opt/logs → Stores application logs persistently.
• chown devops:devops → Grants ownership to devops, preventing permission issues.

✅ Proceed to Step 2 once directories are set up.

📌 Step 2: Run the Container in Detached Mode

🔹 Start a new container named appservice with persistent storage:

[devops@node1 ~]$ podman run -d --name appservice \
    -v /opt/data:/app/data:Z \
    -v /opt/logs:/app/logs:Z \
    localhost/appserver:latest

📌 Explanation:

• -d → Runs the container in detached mode.
• --name appservice → Assigns a recognizable name.
• -v /opt/data:/app/data:Z → Mounts /opt/data to /app/data inside the container.
• -v /opt/logs:/app/logs:Z → Mounts /opt/logs to /app/logs inside the container.
• localhost/appserver:latest → Uses the locally built appserver image.

✅ Check if the container is running:

[devops@node1 ~]$ podman ps -a

🔹 Expected Output:

CONTAINER ID  IMAGE                   STATUS        PORTS  NAMES
a1b2c3d4e5f6  localhost/appserver:latest  Up 10s         appservice

✅ If the container is running, proceed to Step 3.

📌 Step 3: Generate a systemd Service File for Podman

🔹 Create the required systemd user directory:

[devops@node1 ~]$ mkdir -p ~/.config/systemd/user

🔹 Generate the systemd service unit for appservice:

[devops@node1 ~]$ podman generate systemd --name appservice --new > ~/.config/systemd/user/container-appservice.service

📌 Explanation:

• podman generate systemd → Generates a systemd service file for the container.
• --name appservice → Specifies the container name.
• --new → Ensures the service creates a new instance of the container when restarted.
• > ~/.config/systemd/user/container-appservice.service → Saves the output as a service file.

✅ List the generated systemd service files:

[devops@node1 ~]$ ls ~/.config/systemd/user/

🔹 Expected Output:

container-appservice.service

✅ If the file exists, proceed to Step 4.

📌 Step 4: Enable and Start the Container Service

🔹 Reload systemd to recognize the new service:

[devops@node1 ~]$ systemctl --user daemon-reload

🔹 Enable and start the container as a service:

[devops@node1 ~]$ systemctl --user enable --now container-appservice

📌 Explanation:

• --user → Runs the service as a non-root user.
• enable → Enables the service to start at boot.
• --now → Starts the service immediately.

✅ Check service status:

[devops@node1 ~]$ systemctl --user status container-appservice

🔹 Expected Output:

● container-appservice.service - Podman container-appservice
   Loaded: loaded (/home/devops/.config/systemd/user/container-appservice.service; enabled)
   Active: active (running) since Mon 2024-03-25 10:00:00 UTC; 5s ago

✅ If Active: running appears, the service is running successfully.

📌 Step 5: Enable Lingering for Automatic Startup

🔹 Allow devops user services to run without logging in:

[root@node1 ~]# loginctl enable-linger devops

📌 Explanation:

• Ensures user systemd services start automatically on boot, even if the user isn’t logged in.

✅ Verify lingering is enabled:

[root@node1 ~]# loginctl show-user devops

🔹 Expected Output (Contains Linger=yes)

Linger=yes

✅ If Linger=yes, the container service will start automatically on boot.

📌 Step 6: Reboot and Verify Automatic Startup

🔹 Restart the system:

[root@node1 ~]# reboot

🔹 Once the system reboots, log back in as devops:

[root@node1 ~]# ssh devops@node1

🔹 Check if the container is running:

[devops@node1 ~]$ podman ps

🔹 Expected Output:

CONTAINER ID  IMAGE                   STATUS        PORTS  NAMES
a1b2c3d4e5f6  localhost/appserver:latest  Up 20s         appservice

✅ If the container is running after reboot, the configuration is successful!

✅ Final Summary

✔ Created a persistent container service with Podman
✔ Configured systemd service management for the container
✔ Enabled automatic startup using loginctl enable-linger
✔ Verified the container runs after a system reboot

📌 Next Lab: Granting a User Group Sudo Privileges Without a Password

📩 Subscribe for more RHCSA exam labs and hands-on tutorials! 🚀