It’s Podman, man

Hunleyd, Jul 30, 2020, Computers Linux

As mentioned (very) briefly in other posts, I run Home Assistant as the ‘control hub’ for all my “smart” devices in my home. I originally ran it via their ‘HASSOS’ Docker image but was never really happy with it. So when I most recently rebuilt my NUC, I decided to give this Podman thing a look. And so far, I seem to like it better. I’m still not entirely sold on this whole container bullshit, but whatever ;)

When I first decided to use Podman, the install directions for Ubuntu on the Podman site were not updated to point to the proper Apt source, and I had to dig around on various GitHub issues for the project before finding the correct info:

. /etc/os-release
echo "deb https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_${VERSION_ID}/ /" | sudo tee /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list
curl -L https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_${VERSION_ID}/Release.key | sudo apt-key add -
sudo apt-get update -qq
sudo apt-get -qq -y install podman

These are now on the site and they work for today but if you’re visiting this"post"in the future it might have changed.

So anyway, after installing and playing with Podman for a while, I ended up deciding to run three containers (pods?) under rootfull Podman (technically, two of them could run rootless, but I’d rather be consistent). My next step was to use podman-generate-systemd to write some systemd service scripts for me. I can’t recall exactly why now, but I ended up tweaking the service files by hand and they now look like this:

Home Assistant:

[Unit]
description=homeassistant system monitor Podman container

[Service]
Type=simple
TimeoutStartSec=30s
ExecStartPre=-/usr/bin/podman rm homeassistant
ExecStart=/usr/bin/podman run --name=homeassistant -v /root/podman/hassio:/config --net=host -v /proc
:/host/proc:ro -v /sys:/host/sys:ro --cap-add SYS_PTRACE --security-opt apparmor=unconfined -v /:/mnt
 -v /home:/srv homeassistant/home-assistant
ExecReload=-/usr/bin/podman stop homeassistant
ExecReload=-/usr/bin/podman rm homeassistant
ExecStop=-/usr/bin/podman stop homeassistant
Restart=never
RestartSec=30

[Install]
WantedBy=multi-user.target

Netdata:

[Unit]
description=netdata system monitor Podman container

[Service]
Type=simple
TimeoutStartSec=30s
ExecStartPre=-/usr/bin/podman rm netdata
ExecStart=/usr/bin/podman run --name netdata -p 19999:19999 -v /proc:/host/proc:ro -v /sys:/host/sys:ro -v /root/podman/netdata:/etc/netdata --cap-add SYS_PTRACE --security-opt apparmor=unconfined netdata/netdata
ExecReload=-/usr/bin/podman stop netdata
ExecReload=-/usr/bin/podman rm netdata
ExecStop=-/usr/bin/podman stop netdata
Restart=never
RestartSec=30

[Install]
WantedBy=multi-user.target

BOINC:

[Unit]
description=boinc system monitor Podman container

[Service]
Type=simple
TimeoutStartSec=30s
ExecStartPre=-/usr/bin/podman rm boinc
ExecStart=/usr/bin/podman run --name boinc --net=host -v /root/podman/boinc:/var/lib/boinc --security-opt apparmor=unconfined -e BOINC_GUI_RPC_PASSWORD="123" -e BOINC_CMD_LINE_OPTIONS="--allow_remote_gui_rpc" boinc/client
ExecReload=-/usr/bin/podman stop boinc
ExecReload=-/usr/bin/podman rm boinc
ExecStop=-/usr/bin/podman stop boinc
Restart=never
RestartSec=30

[Install]
WantedBy=multi-user.target

It’s been running like this now for a while and I’m pretty happy with things. I was eagerly watching the planned Podman feature that would self-update the pods, but I think I’m gonna leave that process manual for now since Home Assistant has been pushing a lot of ‘breaking changes’ lately and I need to review my configs before updating anyway.

In any case, I kinda like Podman for when I need to use a container. So if you’re running Docker at home and don’t have a specific need for Docker itself, see if Podman will meet your needs.

#Computers, #Linux,

See Also