What does everyone think of quadlet?

Project Discussion
1

It’s a brand new project and I haven’t even used it yet, but I think it’s got some promising ideas in terms of automating using systemd to bring up your containers from a minimal definition.

There’s podman generate systemd that exists but I think there are some clear advantages to this new approach.

WDYT?

1 Like
2

Copy/pasting some thoughts from IRC:

A good potential contrast for FCOS is having this be Butane sugar.

On a different vein, since this project hardcodes invoking podman and there’s already podman generate systemd, this could also just be part of podman directly (e.g. the binary could run as a systemd generator).

3

I like the idea of a higher level and well integrated systemd-like config for podman. I’ll give it a try to see how much is missing for my usage right now.

It’s a bit of shame that it’s in C as it’s a fresh code base but meh, I can live with that as it is not security critical.

4

With the long awaited integration into podman 4.4.0, will there be best practices documentation and/or changes to FCOS with regards to .container files?

I’m playing with 4.4.0rc2 in the most recent rawhide nightly build of FCOS and can’t seem to get .service files to be automatically generated.

5

See Include new `podman` with `quadlet` functionality · Issue #998 · coreos/fedora-coreos-tracker · GitHub & Add basic test for podman-quadlet by travier · Pull Request #2216 · coreos/fedora-coreos-config · GitHub

6

Note that my previous comment does not stand anymore given that the code has been rewritten in Go.

7

The really great thing that it could add is the management of “user level services”, enabling them as part of ignition process ^^ and the last time I looked for quadlet it wasn’t managed
my 2 “golden” cents :wink:

8

Quadlet has been merged in podman and will be the upcoming Fedora CoreOS releases.

1 Like
9

I’m sure this will all be ironed out over time, but the reason I asked about “best practices” was for three reasons (so far :slight_smile: ).

  1. Since quadlet generated service files do not pull images, is the best approach a one-shot systemd file such as below? While this is sure to slow down the first boot, I’m not sure of a better way.
[Unit]
Description=Pull OCI images for use with podman-quadlet
After=network.target network-online.target nss-lookup.target

[Service]
Type=oneshot
ExecStart=/usr/bin/podman pull docker.io/portainer/portainer-ce:latest
ExecStart=/usr/bin/podman pull docker.io/library/caddy:latest
ExecStart=/usr/bin/podman pull docker.io/vaultwarden/server:latest
ExecStart=/usr/bin/podman pull ghcr.io/klutchell/unbound:latest
RemainAfterExit=yes

[Install]
WantedBy=default.target
  1. I haven’t had any luck getting quadlet to auto-create directories and have had to resort to using named volumes. Perhaps this functionality doesn’t exist, or maybe it has to do with directory ownership and/or SELinux. I really should pick up Dan’s book to understand this all better. For example, the below example only works if I manually create all four subdirectories beforehand.
[Unit]
Description=MeshCentral Container
After=network-online.target

[Container]
Image=ghcr.io/ylianst/meshcentral:1.1.4
PublishPort=443:443
Volume=/home/jason/mesh/data:/opt/meshcentral/meshcentral-data:Z
Volume=/home/jason/mesh/user_files:/opt/meshcentral/meshcentral-files:Z
Volume=/home/jason/mesh/backup:/opt/meshcentral/meshcentral-backups:Z
Volume=/home/jason/mesh/web:/opt/meshcentral/meshcentral-web:Z
EnvironmentFile=/etc/containers/systemd/mesh_env

[Service]
Restart=no

[Install]
WantedBy=multi-user.target default.target
  1. In the context of FCOS specifically, what should be used for the WantedBy line under [Install]?

Thanks!

1 Like