2

I have a host service managed by systemd which listens on the Podman default network interface (cni-podman0) so that containers can talk to it.

The problem I have, is that Podman only creates the network interface when the first container is started. That means when the host service which the containers depend on is started, the network interface isn't up and the service fails to listen on it.

So the dependency chain is: Podman container -needs> Host Service -needs> CNI network interface

But currently the only way I know of to bring up the interface is starting the container.

How can I make systemd tell Podman / CNI to start the default bridge network interface, so that I can depend on that in the host service unit?

Is there a command to bring up the interface explicitly, I could put in a unit file?

fahrradflucht
  • 1,563
  • 3
  • 14
  • 22

2 Answers2

1

Unless I misunderstood the question, it's possible to use the After and Wants parameters in your systemd service file.

Open your service file, e.g. vim /etc/systemd/system/my_custom_daemon.service and make sure you have the following:

[Unit]
After=network.target
Wants=network.target

If it's not the host network that you need to satisfy as a precondition then you'd need to create a custom systemd target and reference it in your After/Wants.

ccpizza
  • 28,968
  • 18
  • 162
  • 169
  • Yes, it's not the host network, it's the Podman CNI bridge network so if I'm not mistaken something has to start it. So to phrase my question in terms of your answer what do it put in the custom systemd target? – fahrradflucht Jun 14 '20 at 10:29
  • @fahrradflucht: see https://unix.stackexchange.com/a/301999/15312 – ccpizza Jun 14 '20 at 12:59
  • Sorry, I probably should have phrased this more clearly. I still need a service I reference in the after / wants of the target, no? And what would that be for the CNI interface that Podman creates on container startup? This is basically what the core of my question is about, not general systemd mechanics (which I more or less understand). If this wasn't clear from my question, I would be happy if you could help me rephrase it. – fahrradflucht Jun 14 '20 at 13:10
  • yes, you will need two services; you can use systemd to start the podman container: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux_atomic_host/7/html/managing_containers/running_containers_as_systemd_services_with_podman; and if you prefer to not start it via systemd then you'd still need to create a dummy service that will for example poll some endpoint or check some preconditions and unblock only when the container is detected to be up. – ccpizza Jun 14 '20 at 13:18
  • I really appreciate your efforts but I'm already using systemd for the container. My problem is really about the fact that I don't know a way to start the interface without starting the container. I edited the question to make this clearer. – fahrradflucht Jun 14 '20 at 13:26
  • 1
    Your use case seems to fit into the systemd mechanism of targets and `Requires=xyz`. I would suspect that the issue you are facing might already have a solution and somebody in their team might be able to help if it's not already in the docs. In case you think you ran into a bug I would check out if they have slack/irc/discord channel or any kind of support forum. – ccpizza Jun 14 '20 at 13:37
1

I solved it for now by adding a oneshot systemd service unit to the host service dependencies, which runs an immediately exiting alpine container using Podman. This "tricks" Podman into bringing up the bridge network interface.

Less hacky solutions are still more than welcome.

fahrradflucht
  • 1,563
  • 3
  • 14
  • 22