Pod and containers handled by systemd services

ncounter · ncounter · commit dd7a36291f7a · 2022-03-01T09:17:48.000+01:00
diff --git a/containers/container-proxy-httpd.service b/containers/container-proxy-httpd.service
@@ -0,0 +1,25 @@
+# container-proxy-httpd.service
+# autogenerated by Podman 2.1.1
+# Tue Mar  1 09:09:51 CET 2022
+
+[Unit]
+Description=Podman container-proxy-httpd.service
+Documentation=man:podman-generate-systemd(1)
+Wants=network.target
+After=network-online.target
+BindsTo=pod-proxy-pod.service
+After=pod-proxy-pod.service
+
+[Service]
+Environment=PODMAN_SYSTEMD_UNIT=%n
+Restart=on-failure
+ExecStartPre=/bin/rm -f %t/container-proxy-httpd.pid %t/container-proxy-httpd.ctr-id
+ExecStart=/usr/bin/podman run --conmon-pidfile %t/container-proxy-httpd.pid --cidfile %t/container-proxy-httpd.ctr-id --cgroups=no-conmon --pod-id-file %t/pod-proxy-pod.pod-id -d --replace -dt -v /root/proxy-config:/etc/uyuni -v /root/proxy-rhn-cache:/var/cache/rhn -v /root/proxy-tftpboot:/srv/tftpboot --name proxy-httpd registry.tf.local/proxy-httpd
+ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-proxy-httpd.ctr-id -t 10
+ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-proxy-httpd.ctr-id
+PIDFile=%t/container-proxy-httpd.pid
+TimeoutStopSec=60
+Type=forking
+
+[Install]
+WantedBy=multi-user.target default.target
diff --git a/containers/container-proxy-salt-broker.service b/containers/container-proxy-salt-broker.service
@@ -0,0 +1,25 @@
+# container-proxy-salt-broker.service
+# autogenerated by Podman 2.1.1
+# Tue Mar  1 09:09:51 CET 2022
+
+[Unit]
+Description=Podman container-proxy-salt-broker.service
+Documentation=man:podman-generate-systemd(1)
+Wants=network.target
+After=network-online.target
+BindsTo=pod-proxy-pod.service
+After=pod-proxy-pod.service
+
+[Service]
+Environment=PODMAN_SYSTEMD_UNIT=%n
+Restart=on-failure
+ExecStartPre=/bin/rm -f %t/container-proxy-salt-broker.pid %t/container-proxy-salt-broker.ctr-id
+ExecStart=/usr/bin/podman run --conmon-pidfile %t/container-proxy-salt-broker.pid --cidfile %t/container-proxy-salt-broker.ctr-id --cgroups=no-conmon --pod-id-file %t/pod-proxy-pod.pod-id -d --replace -dt -v /root/proxy-config:/etc/uyuni --name proxy-salt-broker registry.tf.local/proxy-salt-broker
+ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-proxy-salt-broker.ctr-id -t 10
+ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-proxy-salt-broker.ctr-id
+PIDFile=%t/container-proxy-salt-broker.pid
+TimeoutStopSec=60
+Type=forking
+
+[Install]
+WantedBy=multi-user.target default.target
diff --git a/containers/container-proxy-squid.service b/containers/container-proxy-squid.service
@@ -0,0 +1,25 @@
+# container-proxy-squid.service
+# autogenerated by Podman 2.1.1
+# Tue Mar  1 09:09:51 CET 2022
+
+[Unit]
+Description=Podman container-proxy-squid.service
+Documentation=man:podman-generate-systemd(1)
+Wants=network.target
+After=network-online.target
+BindsTo=pod-proxy-pod.service
+After=pod-proxy-pod.service
+
+[Service]
+Environment=PODMAN_SYSTEMD_UNIT=%n
+Restart=on-failure
+ExecStartPre=/bin/rm -f %t/container-proxy-squid.pid %t/container-proxy-squid.ctr-id
+ExecStart=/usr/bin/podman run --conmon-pidfile %t/container-proxy-squid.pid --cidfile %t/container-proxy-squid.ctr-id --cgroups=no-conmon --pod-id-file %t/pod-proxy-pod.pod-id --replace -d -v /root/proxy-config:/etc/uyuni -v /root/proxy-squid-cache:/var/cache/squid --name proxy-squid registry.tf.local/proxy-squid
+ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-proxy-squid.ctr-id -t 10
+ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-proxy-squid.ctr-id
+PIDFile=%t/container-proxy-squid.pid
+TimeoutStopSec=60
+Type=forking
+
+[Install]
+WantedBy=multi-user.target default.target
diff --git a/containers/container-proxy-ssh.service b/containers/container-proxy-ssh.service
@@ -0,0 +1,25 @@
+# container-proxy-ssh.service
+# autogenerated by Podman 2.1.1
+# Tue Mar  1 09:09:51 CET 2022
+
+[Unit]
+Description=Podman container-proxy-ssh.service
+Documentation=man:podman-generate-systemd(1)
+Wants=network.target
+After=network-online.target
+BindsTo=pod-proxy-pod.service
+After=pod-proxy-pod.service
+
+[Service]
+Environment=PODMAN_SYSTEMD_UNIT=%n
+Restart=on-failure
+ExecStartPre=/bin/rm -f %t/container-proxy-ssh.pid %t/container-proxy-ssh.ctr-id
+ExecStart=/usr/bin/podman run --conmon-pidfile %t/container-proxy-ssh.pid --cidfile %t/container-proxy-ssh.ctr-id --cgroups=no-conmon --pod-id-file %t/pod-proxy-pod.pod-id -d --replace -dt -v /root/proxy-config:/etc/uyuni --name proxy-ssh registry.tf.local/proxy-ssh
+ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-proxy-ssh.ctr-id -t 10
+ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-proxy-ssh.ctr-id
+PIDFile=%t/container-proxy-ssh.pid
+TimeoutStopSec=60
+Type=forking
+
+[Install]
+WantedBy=multi-user.target default.target
diff --git a/containers/container-proxy-tftpd.service b/containers/container-proxy-tftpd.service
@@ -0,0 +1,25 @@
+# container-proxy-tftpd.service
+# autogenerated by Podman 2.1.1
+# Tue Mar  1 09:09:51 CET 2022
+
+[Unit]
+Description=Podman container-proxy-tftpd.service
+Documentation=man:podman-generate-systemd(1)
+Wants=network.target
+After=network-online.target
+BindsTo=pod-proxy-pod.service
+After=pod-proxy-pod.service
+
+[Service]
+Environment=PODMAN_SYSTEMD_UNIT=%n
+Restart=on-failure
+ExecStartPre=/bin/rm -f %t/container-proxy-tftpd.pid %t/container-proxy-tftpd.ctr-id
+ExecStart=/usr/bin/podman run --conmon-pidfile %t/container-proxy-tftpd.pid --cidfile %t/container-proxy-tftpd.ctr-id --cgroups=no-conmon --pod-id-file %t/pod-proxy-pod.pod-id -d --replace -dt -v /root/proxy-config:/etc/uyuni --name proxy-tftpd registry.tf.local/proxy-tftpd
+ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-proxy-tftpd.ctr-id -t 10
+ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-proxy-tftpd.ctr-id
+PIDFile=%t/container-proxy-tftpd.pid
+TimeoutStopSec=60
+Type=forking
+
+[Install]
+WantedBy=multi-user.target default.target
diff --git a/containers/pod-proxy-pod.service b/containers/pod-proxy-pod.service
@@ -0,0 +1,26 @@
+# pod-proxy-pod.service
+# autogenerated by Podman 2.1.1
+# Tue Mar  1 09:09:51 CET 2022
+
+[Unit]
+Description=Podman pod-proxy-pod.service
+Documentation=man:podman-generate-systemd(1)
+Wants=network.target
+After=network-online.target
+Requires=container-proxy-httpd.service container-proxy-salt-broker.service container-proxy-squid.service container-proxy-ssh.service container-proxy-tftpd.service
+Before=container-proxy-httpd.service container-proxy-salt-broker.service container-proxy-squid.service container-proxy-ssh.service container-proxy-tftpd.service
+
+[Service]
+Environment=PODMAN_SYSTEMD_UNIT=%n
+Restart=on-failure
+ExecStartPre=/bin/rm -f %t/pod-proxy-pod.pid %t/pod-proxy-pod.pod-id
+ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-proxy-pod.pid --pod-id-file %t/pod-proxy-pod.pod-id --name proxy-pod --publish 22:22 --publish 8080:8080 --publish 443:443 --publish 4505:4505 --publish 4506:4506 --add-host server.tf.local:192.168.122.254 --add-host client.tf.local:192.168.122.89 --replace
+ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-proxy-pod.pod-id
+ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-proxy-pod.pod-id -t 10
+ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-proxy-pod.pod-id
+PIDFile=%t/pod-proxy-pod.pid
+TimeoutStopSec=60
+Type=forking
+
+[Install]
+WantedBy=multi-user.target default.target
diff --git a/containers/run-proxy-with-services.sh b/containers/run-proxy-with-services.sh
@@ -0,0 +1,77 @@
+#!/bin/bash
+
+set -x
+
+CURDIR=$(dirname $(realpath $0))
+CONFIG_DIR="$CURDIR/proxy-config"
+SQUID_CACHE_DIR="$CURDIR/proxy-squid-cache"
+RHN_CACHE_DIR="$CURDIR/proxy-rhn-cache"
+TFTPBOOT_DIR="$CURDIR/proxy-tftpboot"
+
+export REGISTRY=registry.tf.local
+
+# HACK: overcome the inavailability of avahi in containers
+export ADD_HOST=server.tf.local:192.168.122.254
+export ADD_CLIENT=client.tf.local:192.168.122.89
+
+IMAGES=(proxy-ssh proxy-httpd proxy-salt-broker proxy-squid proxy-tftpd)
+
+for image in "${IMAGES[@]}"
+do
+  podman pull --tls-verify=false $REGISTRY/$image
+done
+
+###
+# POD
+###
+podman pod create --name proxy-pod \
+  --publish 22:22 \
+  --publish 8080:8080 \
+  --publish 443:443 \
+  --publish 4505:4505 \
+  --publish 4506:4506 \
+  --add-host $ADD_HOST \
+  --add-host $ADD_CLIENT
+
+###
+# CONTAINERS
+###
+podman create -dt --pod proxy-pod \
+  -v $CONFIG_DIR:/etc/uyuni \
+  --name proxy-ssh \
+  $REGISTRY/proxy-ssh
+
+podman create -dt --pod proxy-pod \
+  -v $CONFIG_DIR:/etc/uyuni \
+  -v $RHN_CACHE_DIR:/var/cache/rhn \
+  -v $TFTPBOOT_DIR:/srv/tftpboot \
+  --name proxy-httpd \
+  $REGISTRY/proxy-httpd
+
+podman create -dt --pod proxy-pod \
+  -v $CONFIG_DIR:/etc/uyuni \
+  --name proxy-salt-broker \
+  $REGISTRY/proxy-salt-broker
+
+podman create -d --pod proxy-pod \
+  -v $CONFIG_DIR:/etc/uyuni \
+  -v $SQUID_CACHE_DIR:/var/cache/squid \
+  --name proxy-squid \
+  $REGISTRY/proxy-squid
+
+podman create -dt --pod proxy-pod \
+  -v $CONFIG_DIR:/etc/uyuni \
+  --name proxy-tftpd \
+  $REGISTRY/proxy-tftpd
+
+
+# generate systemd services
+podman generate systemd --files --name --new proxy-pod
+# replace KillMode=none with TimeoutStopSec=60 as per https://github.com/containers/podman/pull/8889
+sed -i 's/KillMode=none/TimeoutStopSec=60/' *-proxy-*.service
+
+mv *-proxy-*.service /etc/systemd/system/.
+
+# start services
+systemctl daemon-reload
+systemctl start pod-proxy-pod.service
