Larvitz  20h ago

Running Podman  in production for years now, and I don't miss the Docker daemon one bit.

I just published a deep dive on managing OCI containers the Unix way: daemonless, rootless, and natively integrated with systemd via Quadlets.

I cover:
- Real secrets management
- Auto-updates via systemd timers
- The Docker compatibility layer

This is the guide I wish I had when making the switch.

Read it here: https://blog.hofstede.it/podman-in-production-quadlets-secrets-auto-updates-and-docker-compatibility/

#Podman #Linux #DevOps #Systemd #Homelab #Sysadmin #Containers

Podman in Production: Quadlets, Secrets, Auto-Updates, and Docker Compatibility

An opinionated production-ops guide to Podman on Linux servers - why I prefer it over Docker, how Quadlets replace Compose files, and practical patterns from real deployments including secrets mana...

Larvitz Blog
Show threadAndrew Furrow

@Larvitz another person of culture I see…/me tips hat

I’ve been operating with a mixture of quadlets and manual podman-compose containers for quite some time. I’ve found compatibility issues with some projects, but I decided those do not justify switching to docker. There’s also an annoying race condition with CNI coming up before networkmanager, but manual fix is easy enough for those times.

Great blog post! Thanks

Apr 5 at 4:47pmWeb
Show threadLarvitz  17h ago
@andrew That blog article took me the longest of them all. A first draft had been lingering in my blog's git repo since November last year, and I went through numerous rewrites of various parts until I found them good enough. Today, I added the final paragraph about Ansible and decided to publish it before I end up waiting another 6 months 😂
Show threado/1MS\o ⌨️🐧 | #WeAreNatenom16h ago
@andrew @Larvitz I had a similar issue with NetworkManager and WLAN on my Laptop.
NetworkManager gets an IP-address after KDE login, but the quadlets starts directly after boot.
The dependency on podman-user-wait-network-online.service didn't helps.
So I added an "ExecStartPre" in the network quadlet, which helped for me.
```
[Service]
ExecStartPre=/bin/sh -c 'until hostname --ip-addresses | grep --quiet \"192.168.\"; do sleep 10; echo \"%n: Wait for IPv4 home network address ...\"; done'
```