-
-
Notifications
You must be signed in to change notification settings - Fork 2k
Using Podman
Podman is a daemonless alternative to Docker, which is mostly compatible with Docker containers.
Podman is easier to run in systemd than Docker due to its daemonless architechture. It comes with a handy generate command which can generate systemd files, here's a good article going into more detail.
$ podman run -d --name bitwarden -v /bw-data/:/data/:Z -e ROCKET_PORT=8080 -p 8080:8080 bitwardenrs/server:latest
54502f309f3092d32b4c496ef3d099b270b2af7b5464e7cb4887bc16a4d38597
$ podman generate systemd --name bitwarden
# container-foo.service
# autogenerated by Podman 1.6.2
# Tue Nov 19 15:49:15 CET 2019
[Unit]
Description=Podman container-foo.service
Documentation=man:podman-generate-systemd(1)
[Service]
Restart=on-failure
ExecStart=/usr/bin/podman start bitwarden
ExecStop=/usr/bin/podman stop -t 10 bitwarden
KillMode=none
Type=forking
PIDFile=/run/user/1000/overlay-containers/54502f309f3092d32b4c496ef3d099b270b2af7b5464e7cb4887bc16a4d38597/userdata/conmon.pidYou can provide a --files flag to dedicate a specific file to output the systemd service file to. With this we can enable and start the container as any normal service file.
$ systemctl --user enable /etc/systemd/system/container-bitwarden.service
$ systemctl --user start container-bitwarden.serviceIf we want to create a new container every time the service starts we can edit the service file to contain the following:
[Service]
Restart=on-failure
ExecStartPre=/usr/bin/rm -f /%t/%n-pid /%t/%n-cid
ExecStart=/usr/bin/podman run --conmon-pidfile /%t/%n-pid --cidfile /%t/%n-pid --env-file=/home/spytec/Bitwarden/bitwarden.conf -d -p 8080:8080 -v /home/spytec/Bitwarden/bw-data:/data/:Z bitwardenrs/server:latest
ExecStop=/usr/bin/podman rm -f --cidfile /%t/%n-cid
KillMode=none
Type=forking
PIDFile=/%t/%n-pidWhere bitwarden.conf environment file can contain all the container environment values you need
ROCKET_PORT=8080
If you want the container to have a specific name, you might need to add ExecStartPre=/usr/bin/podman rm -i -f bitwarden if the process isn't cleaned up correctly. Note that this method currently doesn't work with the User= options users (see https://github.com/containers/podman/issues/5572).
If the host goes down or the container crashes, the systemd service file should automatically stop the existing container and spin it up again. We can find the error through journalctl --user -u container-bitwarden -t 100.
Most of the time the errors we see can be fixed by simply upping the timeout in podman command in the service file.
- Which container image to use
- Starting a container
- Updating the vaultwarden image
- Using Docker Compose
- Using Podman
- Building your own docker image
- Building binary
- Pre-built binaries
- Third-party packages
- Deployment examples
- Proxy examples
- Logrotate example
- Overview
- Disable registration of new users
- Disable invitations
- Enabling admin page
- Disable the admin token
- Enabling WebSocket notifications
- Enabling Mobile Client push notification
- Enabling U2F and FIDO2 WebAuthn authentication
- Enabling YubiKey OTP authentication
- Changing persistent data location
- Changing the API request size limit
- Changing the number of workers
- SMTP configuration
- Translating the email templates
- Password hint display
- Disabling or overriding the Vault interface hosting
- Logging
- Creating a systemd service
- Syncing users from LDAP
- Using an alternate base dir (subdir/subpath)
- Other configuration