Quadlet for adhoc units

[antdking]

Feature request description

2 main usecases I'm looking to solve:

• basic validation of unit files before they're deployed to a server
• generate unit files ahead of time for manual modification

Suggest potential solution

a super quick implementation would be to document QUADLET_UNIT_DIRS.

A more ideal solution is to expose something like podman generate quadlet ./path/to/dir, as quadlet doesn't have a fixed location or is available on PATH.

Have you considered any alternatives?

Currently using this as a workaround:

QUADLET_UNIT_DIRS=path/to/files /usr/lib/podman/quadlet -dryrun -user

---

why not podman systemd generate:
the .container files provide subjectively nicer interface in the context of provisioning a server, and the generated output requires less manual modification

Additional context

No response

[antdking]

It looks like the exit code doesn't get set if there's a conversion failure, too (ie, using an unsupported key).

$ /usr/libexec/podman/quadlet -v -user -dryrun
...
quadlet-generator[27250]: Error converting 'ns-server.container', ignoring: unsupported key 'XYZ' in group 'Container' in /home/nstack/.config/containers/systemd/ns-server.container
...

$ echo $?
0

Could this result in the previous version of the service being deleted (behaviour I'm seeing at the moment, and why being able to run adhoc dryruns is important to me)?

[vrothberg]

Thanks for reaching out, @antdking!

basic validation of unit files before they're deployed to a server

You can do that via quadlet -dryrun as you did in the other comment.

generate unit files ahead of time for manual modification

Can you elaborate on which parts you want to modify?

It looks like the exit code doesn't get set if there's a conversion failure, too (ie, using an unsupported key).

@rhatdan is working on that in #18828.

[antdking]

Thanks for #18828, this will be a big help for doing validation before daemon-reload.

You can do that via quadlet -dryrun as you did in the other comment.

Yes; and the workaround is good enough provided env QUADLET_UNIT_DIRS exists.

This lets us run validation on the .container files before they're copied into the load path, where daemon-reload or a system restart can inadvertently happen before validation.

Can you elaborate on which parts you want to modify?

At this point, we're not modifying it now; instead just using the output as a good up-to-date reference.

It's not a need anymore, but we had ExecStartPre and ExecStopPre that ran inside the container, to do volume initialisation and more reliable cleanup.
Equivalent would be initContainers and lifecycle.preStop for k8s pods.

[vrothberg]

It's not a need anymore [...]

That is good news, thanks!

[computator]

I'm not sure this should be closed as it only addresses a few of the concerns in this ticket. It doesn't address having a good way to manually run quadlet etc.

[vrothberg]

It doesn't address having a good way to manually run quadlet etc.

Manually running Quadlet is documented: https://github.com/containers/podman/blob/main/docs/source/markdown/podman-systemd.unit.5.md#debugging-unit-files

Note that it's not supported to manually edit the generated files.