Podman Quadlets are so cool
from Botzo@lemmy.world to selfhosted@lemmy.world on 25 Jul 20:59
https://lemmy.world/post/33473580

I don’t really have anyone else to shout at about this, but it’s an amazing way to host services in rootless containers entirely in user space using systemd (systemctl --user).

docs.podman.io/en/…/podman-systemd.unit.5.html

#selfhosted

threaded - newest

dust_accelerator@discuss.tchncs.de on 25 Jul 22:11 next collapse

Ah yes, a fellow quadlet enjoyer. Cheers!

Did

$ /usr/lib/systemd/system-generators/podman-system-generator --user --dryrun

Also prove to be really valuable, too?

Botzo@lemmy.world on 25 Jul 23:22 collapse

I didn’t use that! I had a docker-compose file and used podlet to translate (which took a little massaging due to it not supporting interpolations).

/usr/libexec/podman/quadlet --user --dryrun was quite helpful though!

poVoq@slrpnk.net on 25 Jul 22:38 next collapse

Yeah, those are very convenient and much easier than having to deal with Kubernetes or such.

mongoose@sopuli.xyz on 25 Jul 23:09 collapse

Yeah replacing my k3s -> microk8s -> k3s multi-month headache with like 5 basic quadlet files in an evening was so wonderful and a relief

AmbiguousProps@lemmy.today on 25 Jul 23:31 next collapse

Quadlets changed my life.

k_rol@lemmy.ca on 25 Jul 23:40 next collapse

I love the concept too and I just hope it will catch on much more than this. To convert your compose files you could use Podlet. I’m also working on converting it to JavaScript(PodletJS) so it’s available in it-tools.

Go for Podlet though, really nice for command lines.

Sorry for all the links, I got overly excited 😆

Botzo@lemmy.world on 25 Jul 23:53 next collapse

I used podlet on my compose file. I was a little disappointed in the limitations, as a lot of things like variable interpolation isn’t available.

That said, the output made me wonder why I’ve waited! It was so much simpler than I imagined. It also helped demystify unit files a bit more.

Fisch@discuss.tchncs.de on 26 Jul 09:00 collapse

Thank you for telling me about Podlet. I’ve been using podman-compose for all my containers but I’ve thought about converting them to systemd units. The only thing I’m unsure about is whether it’ll still be easy to access the container files. Currently I have a containers folder with a folder for each service inside it. Inside that, there’s the compose.yml and the folders with the container data. I map all container folders, with data that needs to be kept, to a folder that sits right next to the compose file. If it’s just temporary data (like caches), I oftentimes map it to a volume because it doesn’t matter if I lose it. Do you know if I can still do it like this (or in a similar way) if I use systemd units?

Botzo@lemmy.world on 26 Jul 13:34 collapse

The spec for quadlets has a few dedicated homes for the .pod, .container, etc. files. You can absolutely mount directories or files wherever (%h is $HOME for systemd unit files). See the Volume description for Container unit files: docs.podman.io/en/…/podman-systemd.unit.5.html#vo…

giacomo@lemmy.dbzer0.com on 26 Jul 00:15 next collapse

hell yeah! i moved my whole setup from docker to podman with systemd with quadlets. auto updates and everything. so smooth.

possiblylinux127@lemmy.zip on 26 Jul 04:50 next collapse

They are generally pretty good but troubleshooting them is a pain. Quadlets are also a bit more more complex than Docker compose.

Note: User space includes root and anything not running in kernel space.

Botzo@lemmy.world on 26 Jul 05:53 next collapse

I’m definitely interested in your experience and why you came to those conclusions because I’m not sure I can agree on the primary points.

But I have to give you the note. Root is also user space (if privileged). I’ve barely ever done anything actually in kernel space, so I guess it’s easy for me to screw that up.

Svinhufvud@sopuli.xyz on 26 Jul 07:02 next collapse

Yeah I agree.

I moved my stack from podman run to quadlets, but god damn was it frustrating to deal with them. I kept running into weird issues such as: the containers not starting every time on reboot, all containers taking like two minutes to start even without needing to download the image, the unit files not being found by systemd.

I ended up moving back to podman run, because they just worked. It is a shame, to be honest, because I would like to use quadlets.

Nico_198X@europe.pub on 26 Jul 18:51 collapse

I hate docker compose and find that much more complicated. It’s a whole other structure that’s essentially unneeded.

But I started with podman and not docker, so that’s probably why

Eldaroth@lemmy.world on 26 Jul 06:36 next collapse

Nice, did the same for some services I run at home. Now in the process of migrating my stuff on my vps from docker compose to quadlets. It’s a bit more involved but worth the QoL stuff quadlets bring with them, like automatic updates and systemd integration. I’m curious, which is your Linux distro of choice to run your podman quadlets on?

Botzo@lemmy.world on 26 Jul 13:24 next collapse

I’m now running quadlets on Garuda (my gaming/devbox), and Fedora. The impetus for this was needing to host service in an unprivileged way at work on RHEL9, so I got paid to do some learning with my own services.

My laptop is running Bazzite, but no services there. I’ll move the server to silverblue or another image based distro when I finish extracting the rest of my misadventures to containers.

Nico_198X@europe.pub on 26 Jul 18:48 collapse

openSUSE MicroOS is amazing

dabe@lemmy.zip on 28 Jul 11:22 collapse

ucore (soon to be cayo) on my home server!

Overspark@feddit.nl on 26 Jul 07:31 next collapse

If you want to use caddy as proxy for other containers running as quadlets have a look at this repo: github.com/…/podman-caddy-socket-activation

It certainly demystified some network shenanigans for me.

Nico_198X@europe.pub on 26 Jul 18:47 collapse

Just want to chime in here to say I use containerized caddy as a reverse proxy with quadlets and did nothing special.

Overspark@feddit.nl on 26 Jul 19:02 next collapse

Absolutely possible if you keep the network setup simple. However, I run different sets of containers as different users, some of which also use services from the host itself (such as a PostgreSQL instance), and things quickly become more complex in these situations. The examples on the github helped me a lot to realise everything I wanted.

Nico_198X@europe.pub on 26 Jul 19:26 collapse

Gotcha, makes sense. Yeah my setup is very straightforward

xinayder@infosec.pub on 06 Aug 14:09 collapse

If you have caddy as a reverse proxy inside podman user namespace separated networks, they don’t take the upstream client IP address and instead you get local IP addresses assigned to logs. Socket activation is kinda required if you want to get the client’s real IP address in your logs.

justme@lemmy.dbzer0.com on 26 Jul 13:24 next collapse

I like them very much as well, only thing I’m annoyed about is that you always need to drag that –user option… I mean, if I’m not using root or sudo, shouldn’t it be clear that I’m talking about the user space?

Botzo@lemmy.world on 26 Jul 13:40 collapse

Agreed! That would be a huge QoL improvement (and work just like the podman command does). Now I’m thinking about other commands that force this silliness, like pip.

justme@lemmy.dbzer0.com on 26 Jul 14:21 collapse

I’ll probably just make an alias

Nico_198X@europe.pub on 26 Jul 18:52 next collapse

Agreed. Quadlets and podman are amazing.

K3can@lemmy.radio on 28 Jul 22:47 collapse

Using them here to run everything. My whole *arr stack is running in a Quadlet pod. Really convenient, especially the auto update and rollbacks.