Running container with Podman Quadlet

Up until recently, my preferred method of creating Podman containers is to use Ansible, and that has been working fine for me. However, I just stumble the new-to-me method called “quadlet”. So far, I really like it, and already started moving some containers to quadlet.

To learn more about Quadlet, check out [1]. But, today I’m going to share an example of creating a simple container with Quadlet.

In this example, the container whoami is run in rootless mode, under a non-privileged user.

First, create a new directory to separate and store each container as a good practice.

[kenno@xoa2 ~]$ mkdir -p ~/.config/containers/systemd/whoami/
[kenno@xoa2 ~]$ cd ~/.config/containers/systemd/whoami/

Next, create a whoami.container unit file. Note, you can just use regular text editor like vim or nano.

[kenno@xoa2 whoami]$ cat << EOF | tee whoami.container
> [Unit]
Description=Whoami container

[Container]
ContainerName=whoami
Image=docker.io/traefik/whoami:latest
AutoUpdate=registry
Environment=WHOAMI_PORT_NUMBER=3000
PublishPort=3000:3000

[Service]
Restart=always

[Install]
WantedBy=default.target
> EOF

Like usual, we need to inform systemd about the new unit file.

[kenno@xoa2 whoami]$ systemctl --user daemon-reload

We are now ready to enable or star it up.

[kenno@xoa2 whoami]$ systemctl --user start whoami.service

[kenno@xoa2 whoami]$ systemctl --user status whoami.service
● whoami.service - Whoami container
     Loaded: loaded (/home/kenno/.config/containers/systemd/whoami/whoami.container; generated)
     Active: active (running) since Tue 2024-12-17 11:28:01 AEDT; 13s ago
   Main PID: 109579 (conmon)
      Tasks: 6 (limit: 11038)
     Memory: 30.6M
        CPU: 499ms
     CGroup: /user.slice/user-1000.slice/user@1000.service/app.slice/whoami.service
             ├─libpod-payload-77786fe447f7427f05f856cb7ed32a6e6d0c9f691676038aefd194aaee250342
             │ └─109582 /whoami
             └─runtime
               ├─109577 /usr/bin/pasta --config-net --dns-forward 169.254.0.1 -t none -u none -T none -U none --no-map-gw --quiet -->
               └─109579 /usr/bin/conmon --api-version 1 -c 77786fe447f7427f05f856cb7ed32a6e6d0c9f691676038aefd194aaee250342 -u 77786>
...

Verify that the whoami container is listening on port 3000.

[kenno@xoa2 whoami]$ ss -tpln | grep 3000
LISTEN 0      128                *:3000            *:*    users:(("pasta.avx2",pid=109682,fd=6))

[kenno@xoa2 whoami]$ curl localhost:3000
Hostname: d53dd6de2c7f
IP: 127.0.0.1
IP: ::1
IP: 192.168.1.14
IP: 2400:3400:200:5300:6800:ca00:fe00:4600
IP: fe80::6c40:7eff:fe1d:c397
RemoteAddr: [::1]:60812
GET / HTTP/1.1
Host: localhost:3000
User-Agent: curl/7.76.1
Accept: */*

References:

• [1] Make systemd better for Podman with Quadlet
• [2] podman-systemd.unit