Repository: GitHub

This is a work in progress.

Remember, by default, Podman runs containers root-less. This is a good thing. This means that when we want to start a container on system boot via SystemD then we need to conform to this. The way to do this is via SystemD user level unit files.

1. How to Enable

First create the container manually. For this example we have chosen to run the Ubiquiti Networks UniFi Controller:

Listing 1. Start the Controller
podman run -d \
  --name=unifi-controller \
  -e PUID=1000 \
  -e PGID=1000 \
  -e MEM_LIMIT=1024 `#optional` \
  -e MEM_STARTUP=1024 `#optional` \
  -p 8443:8443 \
  -p 3478:3478/udp \
  -p 10001:10001/udp \
  -p 8080:8080 \
  -p 1900:1900/udp `#optional` \
  -p 8843:8843 `#optional` \
  -p 8880:8880 `#optional` \
  -p 6789:6789 `#optional` \
  -p 5514:5514/udp `#optional` \
  -v unifi-config:/config \
  --restart unless-stopped \
  lscr.io/linuxserver/unifi-controller

Next we generate the SystemD unit for the controller and arrange for this container to be run on system boot:

Listing 2. SystemD Enablement
podman generate systemd --name unifi-controller --files --container-prefix podman          (1)
sudo install -o root -g root -m 0644 podman-unifi-controller.service /etc/systemd/user/    (2)
loginctl enable-linger core                                                                (3)
systemctl --user daemon-reload                                                             (4)
systemctl --user enable podman-unifi-controller.service                                    (5)
systemctl --user start podman-unifi-controller.service                                     (6)
systemctl --user status podman-unifi-controller.service                                    (7)
podman ps                                                                                  (8)
1 Generates the SystemD service unit file from the running container and prefixes the unit file with podman-
2 Installs the SystemD unit file at the SystemD user scope
3 Allows the user scoped SystemD unit file to be spawned at system boot
4 Refreshes SystemD’s knowledge of all unit files
5 Enables the SystemD unit file for this specific container only to be be started at system boot
6 Starts the SystemD unit file for this specific container only for the current session
7 Verifies that the SystemD service status
8 Pulls all active Podman running containers

The real proof is when you reboot the host:

Listing 3. Validation
sudo systemctl reboot
podman ps

Once it reboots we should be able to connect to our user level rootless container. Since we are using the Unifi Controller this means directing a web browser to the host that is running the container on port 8443 for the web UI. If you are doing this locally then your URL would be on your localhost.

2. References