Quadlets or: How I learned to stop worrying and love dot containers
I come from old school sysadmin roots - I cut my teeth on Sun and HP Unix systems, and my first install of Red Hat Linux was on a little Sun IPX workstation. When I wanted my system to start and stop services, I used init.d or inetd - I was super late in adoption of Systemd, a server hugger - all of that.
That's not to say I havent come around to Systemd - it's certainly helped to standardize the implementation of services, and you have to admit a Systemd unit file is a pretty clean way of describing what we want Systemd to do.
Accordingly - when containers came to be, I honestly thought they were pretty hamfisted and ugly - certainly inelegant. Gone were calls to simple scripts that started and shut down services. Instead, we were calling these overly complex command lines - prone to error and mistakes. A clear departure from the clean, simple and concise approach Systemd brought us. I'd even say that early iterations of containers were a step backwards from a systems administration perspective.
Fortunately in 2014, Compose was introduced, and started to bring some semblance of organization to the world of containers. Compose is really cool because you can easily build out a multi-container compose file & start lots of services at once But it also brought its own breed of complexity. Its not perfect, and you'll quickly find yourself debugging YAML, and we're no closer to automating the startup and shutdown of our containers.
When most folks get to this point - they often look to Kubernetes. After all, kubernetes provides some amazing capabilities for technologists looking to deploy and manage containers at scale. But often, kubernetes brings its own deployment, management and financial footprint along with it - and here we're just looking to deploy a MS SQL server.
Podman has a (now deprecated) tool built into it which will take a running container and build a Systemd unit file for us, happily helping us start and stop our container. Its a great feature - but the Systemd unit file it produces doesn't tell us very much about what its running - and in some cases, can be downright cryptic about what the container is.
Enter the Quadlet!
Merged into Podman a few months ago, and available in the latest versions of Red Hat Enterprise Linux, Quadlets are "an opinionated tool for easily running podman system containers under systemd in an optimal way", or in other words - they provide a fairly elegant way to combine the best of compose files and Systemd.
As you can see - all of our container options are here - from the container image and environment variables to the volumes and even command line arguments we want to send to Podman. We can drop this into /etc/containers/systemd - systemd will pick it up and automatically generate a systemd unit file for us and start our container on bootup.
I used a handy tool on github called podlet to generate my quadlet from the compose file we used earlier.
Now we've got our container running as a nice little service under systemd, and it will be automatically started and stopped by the OS. Much more elegant than any previous iteration.
That's all fine and good - but what If I wanted to allow a user to run a container under systemd?
I'm glad you asked - its pretty simple! For this section, I've changed the deployment of MSSQL server a little - based on the recommendations over at redhat.com/blog - I'll link to those articles at the end of this post.
Lets add a mssql user and give them permission to have long running processes.
After that, we'll add some directories to their home directory, and tell podman to change the permissions on those directories so that the container can write to them.
领英推荐
I've used the podlet tool again to create my quadlet, but this time it's going to live in /home/mssqldba/.config/containers/systemd - where systemd will find it and once again automatically start this container for us.
As you can see - our sqlserver is now running in a user namespace. The user can still see the container via the podman command, and systemd is handling startup and shutdown for us. This is a great way to allow users to deploy services quickly and securely.
If you sudo to your mssql user from root - you'll run into this dbus error. You can either ssh into the host, or call systemctl with the --machine flag, like this.
In Conclusion:
Quadlets represent a monumental step forward when it comes to managing containers. There are a lot of organizations that are looking to containerize workloads without deploying kubernetes. Whether that be in their datacenter, at the edge or in the cloud. Quadlets provide a standardized and (dare I say it, elegant) method that integrates cleanly with systemd.
For more info - Check out these posts on redhat.com/blog :
This started its life as a presentation - I've made that available here.
Finally - thanks to Dan Walsh & Louis Imershein - their work was instrumental in the creation of this blog & presentation.
I'm old school UNIX too, and I LOVE LOVE LOVE this!!!
Ansible Product Management at Red Hat
1 年Cracking article Adam! We're using RHEL rootless podman services as the foundation under our soon to launch new Tech Preview containerized AAP! Thanks to all for the hard work on podman it's simply epic!
Angela Andrews - here ya go :) Thanks for inspiring me to write it down.