diff options
Diffstat (limited to 'contrib')
-rw-r--r-- | contrib/gate/Dockerfile | 4 | ||||
-rw-r--r-- | contrib/systemd/README.md | 102 | ||||
-rw-r--r-- | contrib/systemd/system/podman.service | 17 | ||||
-rw-r--r-- | contrib/systemd/system/podman.socket | 10 | ||||
-rw-r--r-- | contrib/systemd/user/podman.service | 17 | ||||
-rw-r--r-- | contrib/systemd/user/podman.socket | 10 |
6 files changed, 157 insertions, 3 deletions
diff --git a/contrib/gate/Dockerfile b/contrib/gate/Dockerfile index 1939d7ad1..c6aacead5 100644 --- a/contrib/gate/Dockerfile +++ b/contrib/gate/Dockerfile @@ -1,6 +1,5 @@ -FROM fedora:30 +FROM fedora:31 RUN dnf -y install \ - atomic-registries \ btrfs-progs-devel \ bzip2 \ container-selinux \ @@ -46,7 +45,6 @@ WORKDIR $GOSRC # Install dependencies RUN set -x && \ - make install.tools && \ install -D -m 755 $GOSRC/contrib/gate/entrypoint.sh /usr/local/bin/ && \ rm -rf "$GOSRC" diff --git a/contrib/systemd/README.md b/contrib/systemd/README.md new file mode 100644 index 000000000..20f11467a --- /dev/null +++ b/contrib/systemd/README.md @@ -0,0 +1,102 @@ +# Setting up Podman service for systemd socket activation + +## system-wide (podman service run as root) + +The following unit file examples assume: + 1. copied the `service` executable into `/usr/local/bin` + 1. `chcon system_u:object_r:container_runtime_exec_t:s0 /usr/local/bin/service` + +then: + 1. copy the `podman.service` and `podman.socket` files into `/etc/systemd/system` + 1. `systemctl daemon-reload` + 1. `systemctl enable podman.socket` + 1. `systemctl start podman.socket` + 1. `systemctl status podman.socket podman.service` + +Assuming the status messages show no errors, the libpod service is ready to respond to the APIv2 on the unix domain socket `/run/podman/podman.sock` + +### podman.service +```toml +[Unit] +Description=Podman API Service +Requires=podman.socket +After=podman.socket +Documentation=man:podman-api(1) +StartLimitIntervalSec=0 + +[Service] +Type=oneshot +Environment=REGISTRIES_CONFIG_PATH=/etc/containers/registries.conf +ExecStart=/usr/local/bin/service +TimeoutStopSec=30 +KillMode=process + +[Install] +WantedBy=multi-user.target +Also=podman.socket +``` +### podman.socket + +```toml +[Unit] +Description=Podman API Socket +Documentation=man:podman-api(1) + +[Socket] +ListenStream=%t/podman/podman.sock +SocketMode=0660 + +[Install] +WantedBy=sockets.target +``` +## user (podman service run as given user aka "rootless") + +The following unit file examples assume: + 1. you have a created a directory `~/bin` + 1. copied the `service` executable into `~/bin` + 1. `chcon system_u:object_r:container_runtime_exec_t:s0 ~/bin/service` + +then: + 1. `mkdir -p ~/.config/systemd/user` + 1. copy the `podman.service` and `podman.socket` files into `~/.config/systemd/user` + 1. `systemctl --user enable podman.socket` + 1. `systemctl --user start podman.socket` + 1. `systemctl --user status podman.socket podman.service` + +Assuming the status messages show no errors, the libpod service is ready to respond to the APIv2 on the unix domain socket `/run/user/$(id -u)/podman/podman.sock` + +### podman.service + +```toml +[Unit] +Description=Podman API Service +Requires=podman.socket +After=podman.socket +Documentation=man:podman-api(1) +StartLimitIntervalSec=0 + +[Service] +Type=oneshot +Environment=REGISTRIES_CONFIG_PATH=/etc/containers/registries.conf +ExecStart=%h/bin/service +TimeoutStopSec=30 +KillMode=process + +[Install] +WantedBy=multi-user.target +Also=podman.socket +``` +### podman.socket + +```toml +[Unit] +Description=Podman API Socket +Documentation=man:podman-api(1) + +[Socket] +ListenStream=%t/podman/podman.sock +SocketMode=0660 + +[Install] +WantedBy=sockets.target +``` diff --git a/contrib/systemd/system/podman.service b/contrib/systemd/system/podman.service new file mode 100644 index 000000000..13d858627 --- /dev/null +++ b/contrib/systemd/system/podman.service @@ -0,0 +1,17 @@ +[Unit] +Description=Podman API Service +Requires=podman.socket +After=podman.socket +Documentation=man:podman-api(1) +StartLimitIntervalSec=0 + +[Service] +Type=oneshot +Environment=REGISTRIES_CONFIG_PATH=/etc/containers/registries.conf +ExecStart=/usr/local/bin/service +TimeoutStopSec=30 +KillMode=process + +[Install] +WantedBy=multi-user.target +Also=podman.socket diff --git a/contrib/systemd/system/podman.socket b/contrib/systemd/system/podman.socket new file mode 100644 index 000000000..8b22e31e4 --- /dev/null +++ b/contrib/systemd/system/podman.socket @@ -0,0 +1,10 @@ +[Unit] +Description=Podman API Socket +Documentation=man:podman-api(1) + +[Socket] +ListenStream=%t/podman/podman.sock +SocketMode=0660 + +[Install] +WantedBy=sockets.target diff --git a/contrib/systemd/user/podman.service b/contrib/systemd/user/podman.service new file mode 100644 index 000000000..81fa55cf8 --- /dev/null +++ b/contrib/systemd/user/podman.service @@ -0,0 +1,17 @@ +[Unit] +Description=Podman API Service +Requires=podman.socket +After=podman.socket +Documentation=man:podman-api(1) +StartLimitIntervalSec=0 + +[Service] +Type=oneshot +Environment=REGISTRIES_CONFIG_PATH=/etc/containers/registries.conf +ExecStart=%h/bin/service +TimeoutStopSec=30 +KillMode=process + +[Install] +WantedBy=multi-user.target +Also=podman.socket diff --git a/contrib/systemd/user/podman.socket b/contrib/systemd/user/podman.socket new file mode 100644 index 000000000..8b22e31e4 --- /dev/null +++ b/contrib/systemd/user/podman.socket @@ -0,0 +1,10 @@ +[Unit] +Description=Podman API Socket +Documentation=man:podman-api(1) + +[Socket] +ListenStream=%t/podman/podman.sock +SocketMode=0660 + +[Install] +WantedBy=sockets.target |