RHCSA Practical Lab Series β Configuring a Container as a Systemd Service
π Lab 14: Running a Container as a Systemd Service
π Objective
In this lab, you will:
β Set up a systemd service for a container using Podman
β Ensure the container automatically starts on system boot
β Use persistent storage by binding host directories to the container
β Run the service as a non-root user (devops
)
π Step 1: Prepare the Required Directories
πΉ Create directories for persistent storage and ensure correct ownership:
[root@node1 ~]# sudo mkdir /opt/{data,logs}
[root@node1 ~]# sudo chown devops:devops /opt/{data,logs}
π Explanation:
/opt/data
β Mounted inside the container for application files./opt/logs
β Stores application logs persistently.chown devops:devops
β Grants ownership todevops
, preventing permission issues.
β Proceed to Step 2 once directories are set up.
π Step 2: Run the Container in Detached Mode
πΉ Start a new container named appservice
with persistent storage:
[devops@node1 ~]$ podman run -d --name appservice \
-v /opt/data:/app/data:Z \
-v /opt/logs:/app/logs:Z \
localhost/appserver:latest
π Explanation:
-d
β Runs the container in detached mode.--name appservice
β Assigns a recognizable name.-v /opt/data:/app/data:Z
β Mounts/opt/data
to/app/data
inside the container.-v /opt/logs:/app/logs:Z
β Mounts/opt/logs
to/app/logs
inside the container.localhost/appserver:latest
β Uses the locally builtappserver
image.
β Check if the container is running:
[devops@node1 ~]$ podman ps -a
πΉ Expected Output:
CONTAINER ID IMAGE STATUS PORTS NAMES
a1b2c3d4e5f6 localhost/appserver:latest Up 10s appservice
β If the container is running, proceed to Step 3.
π Step 3: Generate a systemd Service File for Podman
πΉ Create the required systemd user directory:
[devops@node1 ~]$ mkdir -p ~/.config/systemd/user
πΉ Generate the systemd service unit for appservice
:
[devops@node1 ~]$ podman generate systemd --name appservice --new > ~/.config/systemd/user/container-appservice.service
π Explanation:
podman generate systemd
β Generates a systemd service file for the container.--name appservice
β Specifies the container name.--new
β Ensures the service creates a new instance of the container when restarted.> ~/.config/systemd/user/container-appservice.service
β Saves the output as a service file.
β List the generated systemd service files:
[devops@node1 ~]$ ls ~/.config/systemd/user/
πΉ Expected Output:
container-appservice.service
β If the file exists, proceed to Step 4.
π Step 4: Enable and Start the Container Service
πΉ Reload systemd to recognize the new service:
[devops@node1 ~]$ systemctl --user daemon-reload
πΉ Enable and start the container as a service:
[devops@node1 ~]$ systemctl --user enable --now container-appservice
π Explanation:
--user
β Runs the service as a non-root user.enable
β Enables the service to start at boot.--now
β Starts the service immediately.
β Check service status:
[devops@node1 ~]$ systemctl --user status container-appservice
πΉ Expected Output:
β container-appservice.service - Podman container-appservice
Loaded: loaded (/home/devops/.config/systemd/user/container-appservice.service; enabled)
Active: active (running) since Mon 2024-03-25 10:00:00 UTC; 5s ago
β
If Active: running
appears, the service is running successfully.
π Step 5: Enable Lingering for Automatic Startup
πΉ Allow devops
user services to run without logging in:
[root@node1 ~]# loginctl enable-linger devops
π Explanation:
- Ensures user systemd services start automatically on boot, even if the user isnβt logged in.
β Verify lingering is enabled:
[root@node1 ~]# loginctl show-user devops
πΉ Expected Output (Contains Linger=yes
)
Linger=yes
β
If Linger=yes
, the container service will start automatically on boot.
π Step 6: Reboot and Verify Automatic Startup
πΉ Restart the system:
[root@node1 ~]# reboot
πΉ Once the system reboots, log back in as devops
:
[root@node1 ~]# ssh devops@node1
πΉ Check if the container is running:
[devops@node1 ~]$ podman ps
πΉ Expected Output:
CONTAINER ID IMAGE STATUS PORTS NAMES
a1b2c3d4e5f6 localhost/appserver:latest Up 20s appservice
β If the container is running after reboot, the configuration is successful!
β Final Summary
β Created a persistent container service with Podman
β Configured systemd service management for the container
β Enabled automatic startup using loginctl enable-linger
β Verified the container runs after a system reboot
π Next Lab: Granting a User Group Sudo Privileges Without a Password
π© Subscribe for more RHCSA exam labs and hands-on tutorials! π