Lightweight container orchestration in SUSE Linux Micro
In a previous blog post , we explored how SUSE Linux Micro (SL Micro) consistently runs your workloads (containerized or in VM) and how to futher enhance your SL Micro deployment health, using health-checker
. Today, we will delve into running containers on SUSE Linux Micro.
We will use a straightforward example: setting up and running a blog, using the popular WordPress.org platform.
Running Containers, the Old-Fashioned Way
For our blog, we need a web server with PHP support, a database and WordPress as a PHP application.
We will leverage SUSE Base Container Images (BCI) for trusted software:
- registry.suse.com/suse/mariadb:10.6 for our database
- registry.suse.com/bci/php-apache:8 as web-server and therefore the base for our WordPress container.
Creating a WordPress container is easily done, with this Containerfile
:
FROM registry.suse.com/bci/php-apache:8
RUN zypper --non-interactive in php8-mysql
RUN curl --output-dir /tmp -O -L https://wordpress.org/latest.tar.gz
RUN tar --strip-components=1 -C /srv/www/htdocs -xvf /tmp/latest.tar.gz
COPY wp-config.php /srv/www/htdocs/
Container build can be done locally using podman build .
but we prefer to rely on Open Build Service to handle this part: https://build.opensuse.org/package/show/home:fcrozat:SUSECON/wordpress-demo will build the container from this github project ) and make it available at registry.opensuse.org/home/fcrozat/susecon/containerfile/wordpress:latest after each Github commit..
We also need a database container. Let’s deploy:
- Prepare:
mkdir /var/lib/mysql
(to store the database)/usr/bin/chcon -R system_u:object_r:container_file_t:s0 -P /var/lib/mysql
(for SELinux permissions)
- Start the database container:
podman run –detach -v /var/lib/mysql:/var/lib/mysql:Z -e MARIADB_ROOT_PASSWORD=rootpassword -e MARIADB_DATABASE=wordpress -e MARIADB_USER=MY_USER -e MARIADB_PASSWORD=my_user_password –replace –name mariadb registry.suse.com/suse/mariadb:10.6
- Start the WordPress container:
podman run –detach -p 80:80 –name wordpress registry.opensuse.org/home/fcrozat/susecon/containerfile/wordpress:latest
Now, WordPress is available on http://localhost:80/ (you can connect to it and run wordpress configuration wizard using a web browser).
Light Container Orchestration with Podman and Systemd
While the command-line manual approach works, it’s not ideal for production. We need automation and to ensure containers keep running. And we want something simple, without having to learn an entire new way of running containers. Fortunately, we already have a service orchestration on SUSE Linux Micro, which is always running : systemd
!
Podman’s systemd integration simplifies this with configuration files (formely known as quadlet) similar to systemd unit files.
Let’s convert the first podman CLI call:
podman run –detach -v /var/lib/mysql:/var/lib/mysql:Z -e MARIADB_ROOT_PASSWORD=rootpassword -e MARIADB_DATABASE=wordpress -e MARIADB_USER=MY_USER -e MARIADB_PASSWORD=my_user_password –replace –name mariadb registry.suse.com/suse/mariadb:10.6
into a descriptive file in /etc/containers/systemd/mariadb.container
.
We add the following content:
[Unit]
Description=MariaDB server
After=network-online.target
[Container]
Image=registry.suse.com/suse/mariadb:10.6
Environment=MARIADB_ROOT_PASSWORD=rootpassword
Environment=MARIADB_DATABASE=wordpress
Environment=MARIADB_USER=MY_USER
Environment=MARIADB_PASSWORD=my_user_password
ContainerName=mariadb
Volume=/var/lib/mysql:/var/lib/mysql:Z
Timezone=local
[Service]
Restart=on-failure
ExecStartPre=-/usr/bin/mkdir -p /var/lib/mysql
ExecStartPre=-/usr/bin/chcon -R system_u:object_r:container_file_t:s0 -P /var/lib/mysql
TimeoutStartSec=500
[Install]
WantedBy=multi-user.target default.target
[Container]
section is specific to podman and will control how the container is created and running. The other sections are regular systemd unit configurations.
Then run systemctl daemon-reload
followed by systemctl start mariadb
(or reboot the system, the container will be automatically started).
MariaDB will be running in a container but will look like a regular systemd service and managed like any other services. You can therefore use all the nice systemd features you were using on regular services, such as auto-restart if failing or inter-services dependencies. For this example, we add After=mariadb.service
in the [Unit]
section of systemd service of each application relying on MariaDB.
Similarly, let’s convert wordpress container from:
podman run –detach -p 80:80 –name wordpress registry.opensuse.org/home/fcrozat/susecon/containerfile/wordpress:latest
to /etc/containers/systemd/wordpress.container
:
[Unit]
Description=Wordpress
After=network-online.target mariadb.service
[Container]
Image=registry.opensuse.org/home/fcrozat/susecon/containerfile/wordpress:latest
PublishPort=80:80
Timezone=local
[Service]
Restart=on-failure
[Install]
WantedBy=multi-user.target default.target
Now, we run systemctl daemon-reload
followed by systemctl start wordpress
.
We can connect to http://localhost:80/ and WordPress will be running.
The containers will be automatically started on systemd reboot and if for any reason, one container stops, systemd will restart it automatically.
Conclusion
Today, we look how to run containers on SUSE Linux Micro, manually and using podman/systemd integration.
As a reference, all the files (and a few additional ones) for this example are available on https://github.com/fcrozat/SUSECON-demos/tree/main/containers/wordpress, for you to experiment with.
In a previous blog post, we were discussing health management for the host. Wouldn’t it be great to have similar health management for containers ? We will look into it in a future blog post.
Related Articles
Jul 20th, 2023
Check it out: documentation.suse.com featuring new search!
Jan 31st, 2023
Running SLE Micro on Apple Silicon has never been easier!
Jul 05th, 2023