I don’t really have anyone else to shout at about this, but it’s an amazing way to host services in rootless containers entirely in user space using systemd (systemctl --user).
https://docs.podman.io/en/latest/markdown/podman-systemd.unit.5.html
Agreed. Quadlets and podman are amazing.
I like them very much as well, only thing I’m annoyed about is that you always need to drag that
--useroption… I mean, if I’m not using root or sudo, shouldn’t it be clear that I’m talking about the user space?Agreed! That would be a huge QoL improvement (and work just like the podman command does). Now I’m thinking about other commands that force this silliness, like
pip.I’ll probably just make an alias
If you want to use caddy as proxy for other containers running as quadlets have a look at this repo: https://github.com/eriksjolund/podman-caddy-socket-activation
It certainly demystified some network shenanigans for me.
Just want to chime in here to say I use containerized caddy as a reverse proxy with quadlets and did nothing special.
Absolutely possible if you keep the network setup simple. However, I run different sets of containers as different users, some of which also use services from the host itself (such as a PostgreSQL instance), and things quickly become more complex in these situations. The examples on the github helped me a lot to realise everything I wanted.
Gotcha, makes sense. Yeah my setup is very straightforward
Nice, did the same for some services I run at home. Now in the process of migrating my stuff on my vps from docker compose to quadlets. It’s a bit more involved but worth the QoL stuff quadlets bring with them, like automatic updates and systemd integration. I’m curious, which is your Linux distro of choice to run your podman quadlets on?
I’m now running quadlets on Garuda (my gaming/devbox), and Fedora. The impetus for this was needing to host service in an unprivileged way at work on RHEL9, so I got paid to do some learning with my own services.
My laptop is running Bazzite, but no services there. I’ll move the server to silverblue or another image based distro when I finish extracting the rest of my misadventures to containers.
openSUSE MicroOS is amazing
I love the concept too and I just hope it will catch on much more than this. To convert your compose files you could use Podlet. I’m also working on converting it to JavaScript(PodletJS) so it’s available in it-tools.
Go for Podlet though, really nice for command lines.
Sorry for all the links, I got overly excited 😆
Thank you for telling me about Podlet. I’ve been using
podman-composefor all my containers but I’ve thought about converting them to systemd units. The only thing I’m unsure about is whether it’ll still be easy to access the container files. Currently I have acontainersfolder with a folder for each service inside it. Inside that, there’s thecompose.ymland the folders with the container data. I map all container folders, with data that needs to be kept, to a folder that sits right next to the compose file. If it’s just temporary data (like caches), I oftentimes map it to a volume because it doesn’t matter if I lose it. Do you know if I can still do it like this (or in a similar way) if I use systemd units?The spec for quadlets has a few dedicated homes for the .pod, .container, etc. files. You can absolutely mount directories or files wherever (
%his$HOMEfor systemd unit files). See the Volume description for Container unit files: https://docs.podman.io/en/latest/markdown/podman-systemd.unit.5.html#volume
I used podlet on my compose file. I was a little disappointed in the limitations, as a lot of things like variable interpolation isn’t available.
That said, the output made me wonder why I’ve waited! It was so much simpler than I imagined. It also helped demystify unit files a bit more.
They are generally pretty good but troubleshooting them is a pain. Quadlets are also a bit more more complex than Docker compose.
Note: User space includes root and anything not running in kernel space.
I hate docker compose and find that much more complicated. It’s a whole other structure that’s essentially unneeded.
But I started with podman and not docker, so that’s probably why
I’m definitely interested in your experience and why you came to those conclusions because I’m not sure I can agree on the primary points.
But I have to give you the note. Root is also user space (if privileged). I’ve barely ever done anything actually in kernel space, so I guess it’s easy for me to screw that up.
Yeah I agree.
I moved my stack from podman run to quadlets, but god damn was it frustrating to deal with them. I kept running into weird issues such as: the containers not starting every time on reboot, all containers taking like two minutes to start even without needing to download the image, the unit files not being found by systemd.
I ended up moving back to podman run, because they just worked. It is a shame, to be honest, because I would like to use quadlets.
hell yeah! i moved my whole setup from docker to podman with systemd with quadlets. auto updates and everything. so smooth.
Ah yes, a fellow quadlet enjoyer. Cheers!
Did
$ /usr/lib/systemd/system-generators/podman-system-generator --user --dryrunAlso prove to be really valuable, too?
I didn’t use that! I had a docker-compose file and used podlet to translate (which took a little massaging due to it not supporting interpolations).
/usr/libexec/podman/quadlet --user --dryrunwas quite helpful though!
Yeah, those are very convenient and much easier than having to deal with Kubernetes or such.
Yeah replacing my k3s -> microk8s -> k3s multi-month headache with like 5 basic quadlet files in an evening was so wonderful and a relief
Quadlets changed my life.
