Deploying Nextcloud Part 2
If you followed along with the previous post, you should have a fully working Nextcloud setup, all running in a pod called ‘nextcloud’. In this article, we’re going to use podman to generate systemd service units and set them to run at boot in a user’s context.
In order to accomplish this, we have to first tell logind to let our user’s account to be ‘logged in’ even when it’s logged out. In order to do that, we’ll use loginctl:
# Substitute your logged in username for <user>
~$ sudo loginctl enable-linger user
Generate files
Here’s yet another place where the Podman team is making life (almost) too easy: podman-generate-systemd and podman auto-update.
The docs on generating systemd services and enabling auto-update are very clear and concise, so I won’t go too much into the mechanisms themselves. The ‘tl;dr’ of it is that we can create portable systemd service files that will update our containers when they’re updated in the registry.
We can generate our unit files quickly like so:
# Still using a non-root user with no sudo!
# Using the --new switch doesn't require the
# containers to exist already
~$ podman generate systemd --name nextcloud --files --new
~$ ll *.service
-rw-r--r--. 1 user user 1297 Apr 12 11:51 container-nextcloud-app.service
-rw-r--r--. 1 user user 1156 Apr 12 11:52 container-nextcloud-cron.service
-rw-r--r--. 1 user user 1291 Apr 12 11:52 container-nextcloud-db.service
-rw-r--r--. 1 user user 1213 Apr 12 11:52 container-nextcloud-nginx.service
-rw-r--r--. 1 user user 1128 Apr 12 11:53 container-nextcloud-redis.service
-rw-r--r--. 1 user user 1249 Apr 12 11:46 pod-nextcloud.service
As you can see, podman generate created five container service unit files and one pod service file, which is the ‘infra’ container mentioned in the previous article. Let’s take a look at that file:
~$ cat pod-nextcloud.service
# pod-nextcloud.service
# autogenerated by Podman 3.0.1
# Mon Apr 12 11:46:09 PDT 2021
[Unit]
Description=Podman pod-nextcloud.service
Documentation=man:podman-generate-systemd(1)
Wants=network.target
After=network-online.target
Requires=container-nextcloud-app.service container-nextcloud-cron.service container-nextcloud-db.service container-nextcloud-nginx.service container-nextcloud-redis.service
Before=container-nextcloud-app.service container-nextcloud-cron.service container-nextcloud-db.service container-nextcloud-nginx.service container-nextcloud-redis.service
[Service]
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
ExecStartPre=/bin/rm -f %t/pod-nextcloud.pid %t/pod-nextcloud.pod-id
ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-nextcloud.pid --pod-id-file %t/pod-nextcloud.pod-id --hostname nextcloud --name nextcloud -p 8080:80 --replace
ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-nextcloud.pod-id
ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-nextcloud.pod-id -t 10
ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-nextcloud.pod-id
PIDFile=%t/pod-nextcloud.pid
Type=forking
Configure and Install Unit files
Pretty simple, the unit file declares what services the pod requires and the podman exec scripts. According to the documentation, to take advantage of auto updating, we need to label our containers with “io.containers.autoupdate=image”, so let’s edit our nextcloud-app service file:
# container-nextcloud-app.service
# autogenerated by Podman 3.0.1
# Mon Apr 12 11:46:09 PDT 2021
[Unit]
Description=Podman container-nextcloud-app.service
Documentation=man:podman-generate-systemd(1)
Wants=network.target
After=network-online.target
BindsTo=pod-nextcloud.service
After=pod-nextcloud.service
[Service]
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
ExecStartPre=/bin/rm -f %t/container-nextcloud-app.pid %t/container-nextcloud-app.ctr-id
# Add --label "io.containers.autoupdate=image" after "podman run" here:
ExecStart=/usr/bin/podman run --label "io.containers.autoupdate=image" --conmon-pidfile %t/container-nextcloud-app.pid --cidfile %t/container-nextcloud-app.ctr-id --cgroups=no-conmon --pod-id-file %t/pod-nextcloud.pod-id --replace -d --restart=always -e REDIS_HOST=localhost -e REDIS_HOST_PASSWORD=RedisPasswordInPlainText -e MYSQL_HOST=localhost -e MYSQL_USER=nextcloud -e MYSQL_PASSWORD=MYSQLPasswordInPlainText -e MYSQL_DATABASE=nextcloud -v /data/containers/nextcloud/html:/var/www/html:z --name=nextcloud-app docker.io/library/nextcloud:fpm-alpine
ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-nextcloud-app.ctr-id -t 10
ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-nextcloud-app.ctr-id
PIDFile=%t/container-nextcloud-app.pid
Type=forking
# If this line doesn't include "default.target" add it, or it won't start at boot!
[Install]
WantedBy=multi-user.target default.target
Make sure to add the label to each service file as appropripriate. You should also notice that these files have all your super secret passwords stored in them in plain text. You’ll want to handle these carefully, and make sure they aren’t pushed to public configuration management systems or otherwise compromised.
Once you’ve got your files edited, let’s get them installed so Nextcloud will be running at system boot up:
# User's systemd directories don't generally exist:
~$ mkdir -p ~/.config/systemd/user/
~$ mv *.service ~/config/systemd/user/
# Enable the user level service:
~$ systemctl enable --user pod-nextcloud.service
~$ systemctl status --user pod-nextcloud.service
● pod-nextcloud.service - Podman pod-nextcloud.service
Loaded: loaded (/home/user/.config/systemd/user/pod-nextcloud.service; enabled; vendor preset: disabled)
Active: active (running) since Mon 2021-04-12 12:21:33 PDT; 3h 8min ago
Docs: man:podman-generate-systemd(1)
Process: 816 ExecStartPre=/bin/rm -f /run/user/1000/pod-nextcloud.pid /run/user/1000/pod-nextcloud.pod-id (code=exited, status=0/SUCCESS)
Process: 817 ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile /run/user/1000/pod-nextcloud.pid --pod-id-file /run/user/1000/pod-nextclo>
Process: 863 ExecStart=/usr/bin/podman pod start --pod-id-file /run/user/1000/pod-nextcloud.pod-id (code=exited, status=0/SUCCESS)
Main PID: 914 (conmon)
Tasks: 29 (limit: 2326)
Memory: 106.8M
CPU: 7.466s
CGroup: /user.slice/user-1000.slice/[email protected]/pod-nextcloud.service
At this point you should be able to restart your virtual machine and Nextcloud will be running when it’s back up!