Quadlet: Running Podman containers under systemd

298 点作者 gjvc大约 2 个月前

23 条评论

stryan大约 2 个月前

Quadlet is one of the best things to have come out of Podman and I highly recommend anyone curious about Podman or switch to container-based workloads to check them out. Being able to slot containers in and treat them like essentially any other system service feels great, plus I don't have to learn some extra orchestration layer to get them to work together or depend on non-container resources. I can just write the same systemd units I'm already writing. The auto-updating and service restart/notify on failure/etc is just icing on the cake. I've seen the equivalent Docker versions before and they're awful; giant messy run commands to try to work around the Docker daemon and half the time you end up with phantom services and containers anyway. Quadlet's end up being much cleaner; plus it means your whole setup (besides volume contents) exists with your other systemd units (/etc/systemd/, .config/systemd, /usr/local/lib/systemd, etc) so it's easy for backups.The only downside is they're not really an answer to docker-compose on the local development side and the podman team doesn't seem super interested in tackling that segment. User containers are nice for long running local test infra (i.e. a background database) but are too clunky for a normal compile-> docker compose up -> test -> docker compose down loop. The best answer is either .kube Quadlets (kubernetes plays) or using docker compose [0] against the podman socket.Either way, I've enjoyed using quadlets enough that I've spent the last few months writing a gitops tool for managing them in my spare time. They just feel like the right way of managing containerized servers.[0] NOT podman-compose, which the article points out as being not very good and under-developed. Podman implements most of the compose spec so you can use docker compose for most situations. I suspect many people who tried Podman when RH first started pushing it ran into Podman 3 being kinda of bleh and podman-compose being awful and bounced off it.

评论 #43457892 未加载

评论 #43457989 未加载

评论 #43468874 未加载

l11r大约 2 个月前

I recently discovered them and made an entire homelab based on the atomic OS and rootless Quadlets, can highly recommend them. They also allow to use systemd socket activation. Which means you can create systemd http/https sockets for example and activate Traefik automatically just like ssh.socket and podman.socket activates sshd.service and podman.service accordingly. It's a lifesaver since this is basically the only way to preserve source IP in rootless setups (rootless Podman/Docker usually doesn't easily allow to preserve source IP without major drawbacks).<a href="https://github.com/savely-krasovsky/homelab" rel="nofollow">https://github.com/savely-krasovsky/homelab</a>

评论 #43461906 未加载

psadauskas大约 2 个月前

Quadlet is a nice alternative for use-case of docker compose to "run all these interdependent containers in a production-like environment". I wish it (or something) was better about the other use-case of docker compose: development. docker compose will bring up the db, redis, opensearch, and other random dependencies, an nginx proxy, and a dev container with `.:/app` mounted as a volume. You can bring up all those containers together, destroy them together, check in the docker-compose.yml file, etc...Quadlet wants me to have all the files in `~/.config/containers/systemd`, so they're really not isolated to the project any more, and not in a convenient place to be checked in and shared with other devs (who also have to be using podman). Most still use docker, its what's availabile on codespaces and other hosted dev envs.So we use docker compose, with a checked-in yaml file. I use podman, so I have to manually add `:Z` to all the volumes, but regular docker chokes on that. I wouldn't mind having an alternative to docker compose for development, but Quadlet doesn't seem like a good fit.

评论 #43464051 未加载

评论 #43465191 未加载

评论 #43465852 未加载

评论 #43469398 未加载

评论 #43466485 未加载

brirec大约 2 个月前

It’s funny to me that this post calls out Podman-Compose as “not actively maintained” with its last commit being 5 months ago, then turns around to recommend Podlet (whose last commit was…5 months ago) as an alternative.Podlet can be useful and helpful, but ultimately it doesn’t support many of the features of Docker Compose and doesn’t always provide a clean translation. In particular, Podlet doesn’t support stacking multiple yaml files (e.g., -f docker-compose.yml -f docker-compose.override.yml)

评论 #43457927 未加载

评论 #43457724 未加载

评论 #43457673 未加载

muti大约 2 个月前

I wanted to try something different when I reset my self host set up several years ago, and went with openSUSE MicroOS. Ultimately it has led to podman containers running under systemd/quadlet and I'm quite happy with the current set up.Containers auto update with built in podman tooling, getting at logs and monitoring is through the usual systemd tools. When I need to change something, it's easy to work out where the config files are if I have forgotten and they are easy to read and change. Rootless and daemonless is nice too.I tried a few things along the way, podman compose felt clunky so I'm glad it is deprecated and it's clear quadlets are the way to go.There was a learning curve and there's less information out there than with docker, so keep that in mind. I would still lean towards docker and docker compose for local dev to bring a stack of services up and down.

评论 #43458031 未加载

评论 #43457978 未加载

cvhc大约 2 个月前

The format is clearer than podman generate systemd or kubernetes YAML. And the integration with systemd is great.What annoys me is Podman upstream doesn't offer a repo for Debian/Ubuntu. I was stuck at version 4.3.1 on Debian stable, missed many new features and eventually decided to go back to Docker compose.

评论 #43460126 未加载

smjburton大约 2 个月前

> ... the old method was too hacky and involved the usage of redundant commands.> There must be an easier way, you might think. Especially if you experienced the convenience that Docker Compose provides.I really hope this new approach helps people migrate from Docker to Podman. Docker-Compose is the reason a lot of people resist switching (including myself), and admittedly, Podman didn't really have an answer until Quadlets. If you were hesitant about migrating from Docker because of Docker-Compose, Podman with Quadlets is a much more comparable alternative. You probably won't miss Docker as much as you think, and you'll benefit from enhanced security running rootless containers.

评论 #43463325 未加载

eulenteufel大约 2 个月前

I really like quadlets as they enable using containers like normal system services. That said the UX for rootless containers does not play well with this conceptualization.Normally system services run as system users in the system systemd-session, but for rootless containers the services reside in the user systemd sessions of the system user. I'd love to be able to run rootless quadlets within the system session.

评论 #43458695 未加载

评论 #43553891 未加载

alexellisuk大约 2 个月前

Interesting to see Qualet on the front page of Hacker News. I don't think it has had enough attention. We had Ygal & Valentin from the project submit a guest post on how to run an inlets tunnel client (think of Ngrok/Cloudflared, but self-hosted without any SaaS limits) - <a href="https://inlets.dev/blog/2023/10/03/client-quadlet.html" rel="nofollow">https://inlets.dev/blog/2023/10/03/client-quadlet.html</a>Rather than using [container] they used [kube] and were able to bring along standard Kubernetes YAML making it quite portable.

mati365大约 2 个月前

If anyone interested - I made recently Ansible template for Quadlet deployment that shows how easy is it.GH: <a href="https://github.com/Mati365/hetzner-podman-bunjs-deploy" rel="nofollow">https://github.com/Mati365/hetzner-podman-bunjs-deploy</a>

评论 #43460503 未加载

axel7083大约 2 个月前

I am part of the Podman Desktop[1] team, and I am personally a big fan of Podman Quadlets!Recently I took the journey to deep dive into Quadlets, and see how it can be integrated into Podman Desktop. With the extension system we have (very similar to VS-Code), I created an extension called `Podman Quadlets` and wrote a blog on our website[2].It integrate with Podlet[3] (but I am trying to move away from it, as I am not able to contact the author to address some issues, especially on Windows[4])With this extension, you can list, generate, remove, edit, access journalctl logs of Quadlets from Podman Desktop. I will continue to work on it, improving it, and adding new features, so if you have some feedback don't hesitate! Suggestion, bug report, all are welcome[5]You can check it out on the extension repository[6] or, if you have Podman Desktop installed, you can found it in `Extensions > Catalog > Podman Quadlet`If you are curious to learn some basics about Podman Quadlets, I made a talk at FOSDEM 2025 on the topic[7][1] <a href="https://podman-desktop.io/" rel="nofollow">https://podman-desktop.io/</a>[2] <a href="https://podman-desktop.io/blog/podman-quadlet" rel="nofollow">https://podman-desktop.io/blog/podman-quadlet</a>[3] <a href="https://github.com/containers/podlet" rel="nofollow">https://github.com/containers/podlet</a>[4] <a href="https://github.com/podman-desktop/extension-podman-quadlet/issues/298" rel="nofollow">https://github.com/podman-desktop/extension-podman-quadlet/i...</a>[5]<a href="https://github.com/podman-desktop/extension-podman-quadlet/issues" rel="nofollow">https://github.com/podman-desktop/extension-podman-quadlet/i...</a>[6] <a href="https://github.com/podman-desktop/extension-podman-quadlet" rel="nofollow">https://github.com/podman-desktop/extension-podman-quadlet</a>[7] <a href="https://fosdem.org/2025/schedule/event/fosdem-2025-5383-running-containers-under-systemd-exploring-podman-quadlet/" rel="nofollow">https://fosdem.org/2025/schedule/event/fosdem-2025-5383-runn...</a>

eriksjolund大约 2 个月前

Socket activation can be used with quadlets but not with docker-compose. That is a big advantage.<a href="https://github.com/containers/podman/blob/main/docs/tutorials/socket_activation.md" rel="nofollow">https://github.com/containers/podman/blob/main/docs/tutorial...</a>

bityard大约 2 个月前

I think I understand that quadlets are containers managed by systemd. But I'm still in the dark about why they are called that, or why they need a special opaque name.

评论 #43457718 未加载

sunshine-o大约 2 个月前

I have been trying to adopt Quadlet since before Covid if I remember correctly (it wasn't named Quadlet yet) because this is such a key piece of the puzzle.I kept using things like Docker Compose for simple services until now but it always felt like a temporary solution.So I try every year and every time I am not convince this thing is solid/polished enough yet. I am confident 2025 is gonna be a go according to the positive comments here.My sincere question is: why did it took about 10 years to have a basic working integration between the service manager and containers (and by containers I mean the way we run most non system services nowadays)?My intuition is there must be some ugly politics involved between IBM/Redhat, Systemd and some other actors but I can't figure it out....

geenat大约 2 个月前

Big fan of the unification of systemd and podman.> <a href="https://mo8it.com/blog/quadlet/#too-many-files" rel="nofollow">https://mo8it.com/blog/quadlet/#too-many-files</a>IMHO bad take- give people an option to consolidate build/orchestration into 1 file without relying on an external image repository (... like the author is doing with docker.io... ugh).Being "all in one" makes docker-compose still competitive. In the year 2025, quadlet makes top-level project directories very busy.Could be OK if all the files ended up in a sub-directory but systemd highly restricts usage of ".." traversal; so there's an explosion of files at the top level of your project.

aprilfoo大约 2 个月前

I'm happily using quadlets as a lightweight container orchestration tool for few months now and i also think it deserves more attention. RH is doing a great integration job pushing the systemd ecosystem.As many projects still only mention docker/compose, it would be great to have a community maintained quadlet store - something like <a href="https://github.com/dwedia/podmanQuadlets" rel="nofollow">https://github.com/dwedia/podmanQuadlets</a>?

lukaslalinsky大约 2 个月前

I've been using this method on a few servers where I don't want to run Kubernetes and I really like it. It feels like native support for docker-like containers in Linux, instead of a foreign concept that needs it's own management/logging. This is the killer feature of Podman, it doesn't make sense for me to use Docker in prod.

评论 #43463330 未加载

bogwog大约 2 个月前

I use these all the time and I LOVE them! They simplify such a tedious and annoying process, and it makes Docker compose (and Docker in general) look obsolete. It's definitely worth the effort to learn them.The only issue is that they're not widespread yet, so often I have to spend the time to port a Dockerfile to a set of quadlet files. I've gotten fairly proficient at it by now, but I can see why most people would rather use podman compose instead.

udev4096大约 2 个月前

docker compose is way too good to be fiddling around with alternatives. Podman is nice but the quadlet solution doesn't even come close to what docker compose offers

评论 #43457965 未加载

评论 #43458673 未加载

perrygeo大约 2 个月前

I was an early adopter of Docker (because Python) and I immediately hit the "now how do I run it in prod?" question. K8s quickly jumped in to fill that space. But I like to imagine a saner world where Quadlet came first and became the standard.

kccqzy大约 2 个月前

Huh TIL this is called a quadlet. It turns out I already wrote several files in ~/.config/containers/systemd following some other tutorial online and didn't know this is called a quadlet.

robertlagrant大约 2 个月前

We ship a preinstalled device that uses systemd. I would love to use containerisation to isolate different software dependencies. Is it possible to ship a podman container in a package install, e.g. a .deb?

评论 #43462060 未加载

anonfordays大约 2 个月前

HashiCorp Nomad is a great alternative to this that scales to thousands of nodes. It's super lightweight and supports Podman directly.

评论 #43465020 未加载