NAME 名称

podman-generate-systemd - [DEPRECATED] Generate systemd unit file(s) for a container or pod
podman-generate-systemd - [已弃用] 为容器或 Pod 生成 systemd 单元文件

SYNOPSIS 概要

podman generate systemd [options] container|pod
podman generate systemd [选项] 容器|pod

DESCRIPTION 描述

DEPRECATED: Note: podman generate systemd is deprecated. We recommend using Quadlet files when running Podman containers or pods under systemd. There are no plans to remove the command. It will receive urgent bug fixes but no new features.
已弃用:注意:podman generate systemd 已弃用。我们建议在 systemd 下运行 Podman 容器或 Pod 时使用 Quadlet 文件。不计划删除该命令。它将接收紧急错误修复,但不会添加新功能。

podman generate systemd creates a systemd unit file that can be used to control a container or pod. By default, the command prints the content of the unit files to stdout.
podman generate systemd 创建一个 systemd 单元文件,可用于控制容器或 pod。默认情况下,该命令将单元文件的内容打印到标准输出。

Generating unit files for a pod requires the pod to be created with an infra container (see --infra=true). An infra container runs across the entire lifespan of a pod and is hence required for systemd to manage the life cycle of the pod’s main unit.
为 pod 生成单元文件需要使用 infra 容器创建 pod(请参见 --infra=true )。Infra 容器在整个 pod 的生命周期内运行,因此对于 systemd 来管理 pod 的主单元的生命周期是必需的。

  • Note: When using this command with the remote client, including Mac and Windows (excluding WSL2) machines, place the generated units on the remote system. Moreover, make sure that the XDG_RUNTIME_DIR environment variable is set. If unset, set it via export XDG_RUNTIME_DIR=/run/user/$(id -u)._
    注意:在使用此命令与远程客户端时,包括 Mac 和 Windows(不包括 WSL2)机器时,将生成的单元文件放在远程系统上。此外,请确保设置 XDG_RUNTIME_DIR 环境变量。如果未设置,请通过 export XDG_RUNTIME_DIR=/run/user/$(id -u) 设置。

  • Note: The generated podman run command contains an --sdnotify option with the value taken from the container. If the container does not have any explicitly set value or the value is set to ignore, the value conmon is used. The reason for overriding the default value container is that almost no container workloads send notify messages. Systemd waits for a ready message that never comes, if the value container is used for a container that does not send notify messages. The use of the default value might have been unintentional by the user, therefore the overridden default value._
    注意:生成的 podman run 命令包含一个 --sdnotify 选项,其值取自容器。如果容器没有明确设置值或值设置为忽略,则使用值 conmon。覆盖默认值容器的原因是几乎没有容器工作负载发送通知消息。如果值容器用于不发送通知消息的容器,systemd 将等待一个永远不会到来的准备消息。用户可能无意中使用了默认值,因此被覆盖的默认值。_

Kubernetes Integration Kubernetes 集成 ¶

A Kubernetes YAML can be executed in systemd via the podman-kube@.service systemd template. The template’s argument is the path to the YAML file. Given a workload.yaml file in the home directory, it can be executed as follows:
通过 podman-kube@.service systemd 模板,可以在 systemd 中执行 Kubernetes YAML。模板的参数是 YAML 文件的路径。假设在主目录中有一个 workload.yaml 文件,可以按如下方式执行:

$ escaped=$(systemd-escape ~/workload.yaml)
$ systemctl --user start podman-kube@$escaped.service
$ systemctl --user is-active podman-kube@$escaped.service
active

OPTIONS 选项

--after=dependency_name

Add the systemd unit after (After=) option, that ordering dependencies between the list of dependencies and this service. This option may be specified more than once.
在 systemd 单元之后添加( After= )选项,用于在依赖列表和此服务之间排序依赖关系。此选项可以指定多次。

User-defined dependencies are appended to the generated unit file, but any existing options needed or defined by default (e.g., online.target) are not removed or overridden.
用户定义的依赖项将附加到生成的单元文件中,但不会删除或覆盖任何现有默认需要或默认定义的选项(例如, online.target )。

--container-prefix=prefix
--container-prefix=前缀 ¶

Set the systemd unit name prefix for containers. The default is container.
为容器设置 systemd 单元名称前缀。默认值为 container。

--env, -e=env

Set environment variables to the systemd unit files.
为 systemd 单元文件设置环境变量。

If an environment variable is specified without a value, Podman checks the host environment for a value and sets the variable only if it is set on the host. As a special case, if an environment variable ending in * is specified without a value, Podman searches the host environment for variables starting with the prefix and adds those variables to the systemd unit files.
如果指定了环境变量但没有值,Podman 会检查主机环境是否有值,并仅在主机上设置了该变量时才设置该变量。作为特例,如果指定了以 * 结尾的环境变量但没有值,Podman 会在主机环境中搜索以该前缀开头的变量,并将这些变量添加到 systemd 单元文件中。

--files, -f

Generate files instead of printing to stdout. The generated files are named {container,pod}-{ID,name}.service and are placed in the current working directory.
生成文件而不是打印到标准输出。生成的文件名为 {container,pod}-{ID,name}.service,并放置在当前工作目录中。

Note: On a system with SELinux enabled, the generated files inherits contexts from the current working directory. Depending on the SELinux setup, changes to the generated files using restorecon, chcon, or semanage may be required to allow systemd to access these files. Alternatively, use the -Z option when running mv or cp.
注意:在启用 SELinux 的系统上,生成的文件会继承当前工作目录的上下文。根据 SELinux 的设置,可能需要使用 restoreconchconsemanage 对生成的文件进行更改,以允许 systemd 访问这些文件。或者,在运行 mvcp 时使用 -Z 选项。

--format=format

Print the created units in the specified format (json). If --files is specified, the paths to the created files are printed instead of the unit content.
以指定的格式(json)打印创建的单元。如果指定了 --files ,则打印创建文件的路径,而不是单元内容。

--name, -n --名称, -n ¶

Use the name of the container for the start, stop, and description in the unit file
在单元文件中使用容器的名称作为启动、停止和描述。

--new

This option yields unit files that do not expect containers and pods to exist. Instead, new containers and pods are created based on their configuration files. The unit files are created best effort and may need further editing; please review the generated files carefully before using them in production.
此选项生成的单元文件不需要容器和 Pod 存在。相反,根据其配置文件创建新的容器和 Pod。单元文件尽力创建,可能需要进一步编辑;请在将其用于生产环境之前仔细审查生成的文件。

Note that --new only works on containers and pods created directly via Podman (i.e., podman [container] {create,run} or podman pod create). It does not work on containers or pods created via the REST API or via podman kube play. For podman kube play, use the podman-kube@.service systemd template instead.
请注意, --new 仅适用于通过 Podman 直接创建的容器和 Pod(即 podman [container] {create,run}podman pod create )。它不适用于通过 REST API 或 podman kube play 创建的容器或 Pod。对于 podman kube play ,请改用 podman-kube@.service systemd 模板。

--no-header

Do not generate the header including meta data such as the Podman version and the timestamp.
不生成包括 Podman 版本和时间戳等元数据的标题。

--pod-prefix=prefix

Set the systemd unit name prefix for pods. The default is pod.
为 pod 设置 pods 的 systemd 单元名称前缀。默认值为 pod。

--requires=dependency_name

Set the systemd unit requires (Requires=) option. Similar to wants, but declares a stronger requirement dependency.
设置 systemd 单元的 requires ( Requires= ) 选项。类似于 wants,但声明了更强的依赖关系要求。

--restart-policy=policy

Set the systemd restart policy. The restart-policy must be one of: “no”, “on-success”, “on-failure”, “on-abnormal”, “on-watchdog”, “on-abort”, or “always”. The default policy is on-failure unless the container was created with a custom restart policy.
设置 systemd 重启策略。重启策略必须是以下之一: “no”, “on-success”, “on-failure”, “on-abnormal”, “on-watchdog”, “on-abort”, 或 “always”。默认策略是 on-failure,除非容器是使用自定义重启策略创建的。

Note that generating a unit without --new on a container with a custom restart policy can lead to issues on shutdown; systemd attempts to stop the unit while Podman tries to restart it. Creating the container without --restart and using the --restart-policy option when generating the unit file is recommended.
请注意,在具有自定义重启策略的容器上生成一个没有 --new 的单元可能会导致关机时出现问题; systemd 尝试停止单元,而 Podman 尝试重新启动它。建议在生成单元文件时不使用 --restart 并使用 --restart-policy 选项来创建容器。

--restart-sec=time

Set the systemd service restartsec value. Configures the time to sleep before restarting a service (as configured with restart-policy). Takes a value in seconds.
设置 systemd 服务的 restartsec 值。配置在重新启动服务之前休眠的时间(根据 restart-policy 配置)。以秒为单位设置值。

--separator=separator

Set the systemd unit name separator between the name/id of a container/pod and the prefix. The default is -.
设置容器/ Pod 的名称/ ID 与前缀之间的 systemd 单元名称分隔符。默认值为 -。

--start-timeout=value

Override the default start timeout for the container with the given value in seconds.
使用给定的值(以秒为单位)覆盖容器的默认启动超时时间。

--stop-timeout=value

Override the default stop timeout for the container with the given value in seconds.
使用给定的值(以秒为单位)覆盖容器的默认停止超时时间。

--template

Add template specifiers to run multiple services from the systemd unit file.
将模板说明符添加到 systemd 单元文件中以运行多个服务。

Note that if --new was not set to true, it is set to true by default. However, the command fails if --new is set to false explicitly.
请注意,如果 --new 未设置为 true,则默认设置为 true。但是,如果 --new 显式设置为 false ,则命令将失败。

--wants=dependency_name

Add the systemd unit wants (Wants=) option, that this service is (weak) dependent on. This option may be specified more than once. This option does not influence the order in which services are started or stopped.
添加 systemd 单元 wants ( Wants= ) 选项,表示此服务是 (弱) 依赖的。此选项可以指定多次。此选项不影响服务启动或停止的顺序。

User-defined dependencies are appended to the generated unit file, but any existing options needed or defined by default (e.g., online.target) are not removed or overridden.
用户定义的依赖项将附加到生成的单元文件中,但不会删除或覆盖任何现有选项(例如, online.target )。

EXAMPLES 示例

Generate and print a systemd unit file for a container
为容器生成并打印一个 systemd 单元文件 ¶

Generate a systemd unit file for a container running nginx with an always restart policy and 1-second timeout to stdout. Note that the RequiresMountsFor option in the Unit section ensures that the container storage for both the GraphRoot and the RunRoot are mounted prior to starting the service. For systems with container storage on disks like iSCSI or other remote block protocols, this ensures that Podman is not executed prior to any necessary storage operations coming online.
为运行 nginx 的容器生成一个 systemd 单元文件,具有始终重启策略和 1 秒超时到标准输出。请注意,Unit 部分中的 RequiresMountsFor 选项确保在启动服务之前挂载 GraphRoot 和 RunRoot 的容器存储。对于像 iSCSI 或其他远程块协议上的磁盘上的容器存储的系统,这确保 Podman 不会在任何必要的存储操作上线之前执行。

$ podman create --name nginx nginx:latest
$ podman generate systemd --restart-policy=always -t 1 nginx
# container-de1e3223b1b888bc02d0962dd6cb5855eb00734061013ffdd3479d225abacdc6.service
# autogenerated by Podman 1.8.0
# Wed Mar 09 09:46:45 CEST 2020

[Unit]
Description=Podman container-de1e3223b1b888bc02d0962dd6cb5855eb00734061013ffdd3479d225abacdc6.service
Documentation=man:podman-generate-systemd(1)
Wants=network-online.target
After=network-online.target
RequiresMountsFor=/var/run/container/storage

[Service]
Restart=always
ExecStart=/usr/bin/podman start de1e3223b1b888bc02d0962dd6cb5855eb00734061013ffdd3479d225abacdc6
ExecStop=/usr/bin/podman stop \
        -t 1 de1e3223b1b888bc02d0962dd6cb5855eb00734061013ffdd3479d225abacdc6
KillMode=none
Type=forking
PIDFile=/run/user/1000/overlay-containers/de1e3223b1b888bc02d0962dd6cb5855eb00734061013ffdd3479d225abacdc6/userdata/conmon.pid

[Install]
WantedBy=default.target

Generate systemd unit file for a container with --new flag
为具有 --new 标志的容器生成 systemd 单元文件 ¶

The --new flag generates systemd unit files that create and remove containers at service start and stop commands (see ExecStartPre and ExecStopPost service actions). Such unit files are not tied to a single machine and can easily be shared and used on other machines.
--new 标志生成 systemd 单元文件,这些文件在服务启动和停止命令(参见 ExecStartPre 和 ExecStopPost 服务操作)时创建和删除容器。这种单元文件不与单个机器绑定,可以轻松共享并在其他机器上使用。

$ sudo podman generate systemd --new --files --name bb310a0780ae
# container-busy_moser.service
# autogenerated by Podman 1.8.3
# Fri Apr  3 09:40:47 EDT 2020

[Unit]
Description=Podman container-busy_moser.service
Documentation=man:podman-generate-systemd(1)
Wants=network-online.target
After=network-online.target
RequiresMountsFor=/var/run/container/storage

[Service]
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
ExecStartPre=/bin/rm -f %t/%n-pid %t/%n-cid
ExecStart=/usr/local/bin/podman run \
        --conmon-pidfile %t/%n-pid \
	--cidfile %t/%n-cid \
	--cgroups=no-conmon \
	-d \
	-dit alpine
ExecStop=/usr/local/bin/podman stop \
        --ignore \
        --cidfile %t/%n-cid -t 10
ExecStopPost=/usr/local/bin/podman rm \
        --ignore \
        -f \
	--cidfile %t/%n-cid
PIDFile=%t/%n-pid
KillMode=none
Type=forking

[Install]
WantedBy=default.target

Generate systemd unit files for a pod with two simple alpine containers
为一个包含两个简单的 alpine 容器的 pod 生成 systemd 单元文件 ¶

Note systemctl must only be used on the pod unit and not used to start or stop containers individually. The containers are managed by the pod service along with the internal infra-container.
注意 systemctl 只能用于 pod 单元,不能用于单独启动或停止容器。容器由 pod 服务管理,同时还有内部基础设施容器。

Use systemctl status or journalctl to examine container or pod unit files.
使用 systemctl statusjournalctl 来检查容器或 pod 单元文件。

$ podman pod create --name systemd-pod
$ podman create --pod systemd-pod alpine top
$ podman create --pod systemd-pod alpine top
$ podman generate systemd --files --name systemd-pod
/home/user/pod-systemd-pod.service
/home/user/container-amazing_chandrasekhar.service
/home/user/container-jolly_shtern.service
$ cat pod-systemd-pod.service
# pod-systemd-pod.service
# autogenerated by Podman 1.8.0
# Wed Mar 09 09:52:37 CEST 2020

[Unit]
Description=Podman pod-systemd-pod.service
Documentation=man:podman-generate-systemd(1)
Requires=container-amazing_chandrasekhar.service container-jolly_shtern.service
Before=container-amazing_chandrasekhar.service container-jolly_shtern.service
Wants=network-online.target
After=network-online.target
RequiresMountsFor=/var/run/container/storage

[Service]
Restart=on-failure
ExecStart=/usr/bin/podman start 77a818221650-infra
ExecStop=/usr/bin/podman stop \
        -t 10 77a818221650-infra
KillMode=none
Type=forking
PIDFile=/run/user/1000/overlay-containers/ccfd5c71a088768774ca7bd05888d55cc287698dde06f475c8b02f696a25adcd/userdata/conmon.pid

[Install]
WantedBy=default.target

Installation of generated systemd unit files.
生成的 systemd 单元文件的安装。¶

Podman-generated unit files include an [Install] section, which carries installation information for the unit. It is used by the enable and disable commands of systemctl(1) during installation.
Podman 生成的单元文件包括一个 [Install] 部分,其中包含单元的安装信息。在安装过程中,systemctl(1) 的 enable 和 disable 命令会使用它。

Once the systemd unit file is generated, install it to /etc/systemd/system to be run by the root user or to $HOME/.config/systemd/user for installing it as a non-root user. Enable the copied unit file or files using systemctl enable.
生成 systemd 单元文件后,将其安装到 /etc/systemd/system 以供 root 用户运行,或者安装到 $HOME/.config/systemd/user 以供非 root 用户安装。使用 systemctl enable 启用复制的单元文件。

Note: Copying unit files to /etc/systemd/system and enabling it marks the unit file to be automatically started at boot. And similarly, copying a unit file to $HOME/.config/systemd/user and enabling it marks the unit file to be automatically started on user login.
注意:将单元文件复制到 /etc/systemd/system 并启用它会将该单元文件标记为在启动时自动启动。类似地,将单元文件复制到 $HOME/.config/systemd/user 并启用它会将该单元文件标记为在用户登录时自动启动。

# Generated systemd files.
$ podman pod create --name systemd-pod
$ podman create --pod systemd-pod alpine top
$ podman generate systemd --files --name systemd-pod

# Copy all the generated files.

$ sudo cp pod-systemd-pod.service container-great_payne.service /etc/systemd/system
$ systemctl enable pod-systemd-pod.service
Created symlink /etc/systemd/system/multi-user.target.wants/pod-systemd-pod.service → /etc/systemd/system/pod-systemd-pod.service.
Created symlink /etc/systemd/system/default.target.wants/pod-systemd-pod.service → /etc/systemd/system/pod-systemd-pod.service.
$ systemctl is-enabled pod-systemd-pod.service
enabled

To run the user services placed in $HOME/.config/systemd/user on first login of that user, enable the service with --user flag.
要在用户首次登录时运行放置在 $HOME/.config/systemd/user 中的用户服务,请使用 --user 标志启用该服务。

$ systemctl --user enable <.service>

The systemd user instance is killed after the last session for the user is closed. The systemd user instance can be started at boot and kept running even after the user logs out by enabling lingering using
当用户的最后一个会话关闭后,systemd 用户实例将被终止。通过启用 lingering ,可以在启动时启动 systemd 用户实例,并在用户注销后继续运行。

$ loginctl enable-linger <username>

Use systemctl to perform operations on generated installed unit files.
使用 systemctl 来执行对生成的已安装单元文件的操作。

Create and enable systemd unit files for a pod using the above examples as reference and use systemctl to perform operations.
创建并启用一个 pod 的 systemd 单元文件,使用上面的示例作为参考,并使用 systemctl 来执行操作。

Since systemctl defaults to using the root user, all the changes using the systemctl can be seen by appending sudo to the podman cli commands. To perform systemctl actions as a non-root user use the --user flag when interacting with systemctl.
由于 systemctl 默认使用 root 用户,通过在 podman cli 命令后附加 sudo 可以看到使用 systemctl 进行的所有更改。要作为非 root 用户执行 systemctl 操作,请在与 systemctl 交互时使用 --user 标志。

Note: If the previously created containers or pods are using shared resources, such as ports, make sure to remove them before starting the generated systemd units.
注意: 如果先前创建的容器或 pod 正在使用共享资源,例如端口,请确保在启动生成的 systemd 单元之前将它们删除。

$ systemctl --user start pod-systemd-pod.service
$ podman pod ps
POD ID         NAME          STATUS    CREATED          # OF CONTAINERS   INFRA ID
0815c7b8e7f5   systemd-pod   Running   29 minutes ago   2                 6c5d116f4bbe
$ sudo podman ps # 0 Number of pods on root.
CONTAINER ID  IMAGE  COMMAND  CREATED  STATUS  PORTS  NAMES
$ systemctl stop pod-systemd-pod.service
$ podman pod ps
POD ID         NAME          STATUS   CREATED          # OF CONTAINERS   INFRA ID
272d2813c798   systemd-pod   Exited   29 minutes ago   2                 6c5d116f4bbe

Create a simple alpine container and generate the systemd unit file with --new flag. Enable the service and control operations using the systemctl commands.
创建一个简单的 alpine 容器,并使用 --new 标志生成 systemd 单元文件。 使用 systemctl 命令启用服务和控制操作。

Note: When starting the container using systemctl start rather than altering the already running container it spins up a “new” container with similar configuration.
注意: 使用 systemctl start 启动容器时,而不是修改已经运行的容器,它会启动一个具有类似配置的“新”容器。

# Enable the service.

$ sudo podman ps -a
CONTAINER ID  IMAGE                            COMMAND  CREATED        STATUS     PORTS  NAMES
bb310a0780ae  docker.io/library/alpine:latest  /bin/sh  2 minutes ago  Created           busy_moser
$ sudo systemctl start container-busy_moser.service
$ sudo podman ps -a
CONTAINER ID  IMAGE                            COMMAND  CREATED        STATUS        PORTS      NAMES
772df2f8cf3b  docker.io/library/alpine:latest  /bin/sh  1 second ago   Up 1 second              distracted_albattani
bb310a0780ae  docker.io/library/alpine:latest  /bin/sh  3 minutes ago  Created                  busy_moser

SEE ALSO 参见 ¶

podman(1), podman-container(1), systemctl(1), systemd.unit(5), systemd.service(5), conmon(8), podman-systemd.unit(5)

HISTORY 历史 ¶

April 2020, Updated details and added use case to use generated .service files as root and non-root, by Sujil Shah (sushah at redhat dot com)
2020 年 4 月,由 Sujil Shah(sushah at redhat dot com)更新了详细信息并添加了使用生成的 .service 文件作为根用户和非根用户的用例

August 2019, Updated with pod support by Valentin Rothberg (rothberg at redhat dot com)
2019 年 8 月,由 Valentin Rothberg(rothberg at redhat dot com)更新了对 pod 支持

April 2019, Originally compiled by Brent Baude (bbaude at redhat dot com)
2019 年 4 月,最初由 Brent Baude(bbaude at redhat dot com)编写