Running containers from systemd¶
When you embed a container in an operating system (OS) image, you can start the container manually in the booted system with the podman run
command. However, the container does not start automatically at boot time. To configure a container to start at boot time, you must create a
systemd service that starts the container at the right time, in the right way.
Quadlet is a tool that optimally runs Podman containers under systemd. Rather than creating the systemd service manually, use Quadlet to
automatically generate the corresponding systemd service unit file at boot time. Quadlet simplifies container management by allowing you
to create declarative configurations in .container files instead of lengthy, complex systemd unit files.
Quadlet unit files configure containers in both the root and QM partitions. In the AutoSD OS filesystem, store your .container files in
/etc/containers/systemd.
At a minimum, include the following sections and options in a .container file:
[Unit]
Description=<A human-readable title>
[Container]
Image=<The container image>
Exec=<The command that runs in the container>
[Install]
WantedBy=multi-user.target default.target
Include additional sections and options to meet your container requirements. Any section or option permitted in a systemd.unit file is also permitted in a Quadlet unit file.
Containers within containers¶
The QM partition is a container within the root partition of an AutoSD OS image. The QM partition houses containers that run non-critical application workloads.
To add containers to the QM partition, you create Quadlet unit files and add them to the add_files section of your
Automotive Image Builder manifest, for example:
qm:
content:
...
add_files:
- path: /etc/containers/systemd/ipc_client.container
source_path: ./ipc_client.container
The example shows an ipc_client.container unit file added to the add_files section of the qm partition. The path section is the location
for all container files, /etc/containers/systemd.
You can also create Quadlet unit files directly in the manifest, for example:
qm:
...
content:
...
add_files:
- path: /etc/containers/systemd/nginx.container
text: |
[Container]
Image=localhost/nginx
PublishPort=8080:80
[Install]
WantedBy=multi-user.target
The example shows an nginx container image created directly from the manifest. The text section contains the contents of the .container file.
Configuring communication between QM containers demonstrates additional Quadlet unit file use cases.
Creating Quadlet files for sample applications¶
In this example, create Quadlet files for the sample applications that are available in the AutoSD sample-images/files repository. If you want to use your own containerized software, see the Podman documentation for more information about creating your own Quadlet configuration files.
Prerequisites
- A container image available inside your OS image at
localhost/auto-appsembedded according to Embedding local containerized applications in the root partition. - A custom manifest file, such as the manifest file you created in Embedding RPM packages from local storage into the AutoSD image.
- You have installed the
automotive-image-buildertool. For more information, see Installing Automotive Image Builder.
Procedure
-
Create Quadlet unit files for the
radio-serviceandengine-serviceservices in your sample applicationauto-apps:radio.container file[Unit] Description=Demo radio service container Requires=routingmanagerd.socket After=routingmanagerd.socket Wants=engine.service [Container] Image=localhost/auto-apps Exec=/usr/bin/radio-service Volume=/run/vsomeip:/run/vsomeip [Service] Restart=always [Install] WantedBy=multi-user.target -
Create an Automotive Image Builder manifest named
quadlet_radio_engine.aib.ymlthat contains the following code, which copies the Quadlet unit files to the/etc/containers/systemd/directory during the OS image build process:Manifest configuration to copy Quadlet unit files# Example manifest building an image with, pre-installed, a container image # hosted in a remote container registry name: quadlet_radio_engine content: repos: - id: copr-sample-apps baseurl: https://download.copr.fedorainfracloud.org/results/alexl/cs9-sample-images/centos-stream-9-$arch/ rpms: - podman - containernetworking-plugins - vsomeip3-routingmanager - dlt-daemon # For testing the image only: - openssh-server - openssh-clients container_images: # Get the auto-apps container image from gitlab - source: registry.gitlab.com/centos/automotive/sample-images/demo/auto-apps tag: latest name: localhost/auto-apps add_files: - path: /etc/containers/systemd/radio.container source_path: ../radio.container - path: /etc/containers/systemd/engine.container source_path: ../engine.container # Required for testing the image only: systemd: enabled_services: # Enable ssh daemon - sshd.service # Enable the dlt daemon - dlt auth: # "password" root_password: $6$xoLqEUz0cGGJRx01$H3H/bFm0myJPULNMtbSsOFd/2BnHqHkMD92Sfxd.EKM9hXTWSmELG8cf205l6dktomuTcgKGGtGDgtvHVXSWU. # Required for testing the image only: sshd_config: PasswordAuthentication: true PermitRootLogin: trueNote
The
path:option resolves a relative path. In this example, your Quadlet unit files are in the../directory. -
Run the
automotive-image-buildertool to build an OS image: -
Verify that the script has created an AutoSD image file named
quadlet_radio_engine.<arch>.qcow2in your present working directory. -
Assuming that you have installed QEMU, boot the AutoSD image in a virtual machine, substituting the name of your
.qcow2image file (if necessary): -
After the image boots in QEMU, log in with the user name
rootand the passwordpassword.
Additional resources