Lightweight container orchestration in SUSE Linux Micro

In a previous blog post , we explored how SUSE Linux Micro (SL Micro) consistently runs your workloads (containerized or in VM) and how to futher enhance your SL Micro deployment health, using health-checker. Today, we will delve into running containers on SUSE Linux Micro.

We will use a straightforward example: setting up and running a blog, using the popular WordPress.org platform.

Running Containers, the Old-Fashioned Way

For our blog, we need a web server with PHP support, a database and WordPress as a PHP application.

We will leverage SUSE Base Container Images (BCI) for trusted software:

Creating a WordPress container is easily done, with this Containerfile:
FROM registry.suse.com/bci/php-apache:8
RUN zypper --non-interactive in php8-mysql
RUN curl --output-dir /tmp -O -L https://wordpress.org/latest.tar.gz
RUN tar --strip-components=1 -C /srv/www/htdocs -xvf /tmp/latest.tar.gz
COPY wp-config.php /srv/www/htdocs/

Container build can be done locally using podman build . but we prefer to rely on Open Build Service to handle this part: https://build.opensuse.org/package/show/home:fcrozat:SUSECON/wordpress-demo will build the container from this github project ) and make it available at registry.opensuse.org/home/fcrozat/susecon/containerfile/wordpress:latest after each Github commit..

We also need a database container. Let’s deploy:

1. Prepare:
   • mkdir /var/lib/mysql (to store the database)
   • /usr/bin/chcon -R system_u:object_r:container_file_t:s0 -P /var/lib/mysql (for SELinux permissions)
2. Start the database container:
   • podman run –detach -v /var/lib/mysql:/var/lib/mysql:Z -e MARIADB_ROOT_PASSWORD=rootpassword -e MARIADB_DATABASE=wordpress -e MARIADB_USER=MY_USER -e MARIADB_PASSWORD=my_user_password –replace –name mariadb registry.suse.com/suse/mariadb:10.6
3. Start the WordPress container:
   • podman run –detach -p 80:80 –name wordpress registry.opensuse.org/home/fcrozat/susecon/containerfile/wordpress:latest

---

• Google Ad Manager Launches Programmatic Email Ads
  Google Ad Manager has quietly published documentation for a beta version of an advertising tag for email newsletters.
  Email ads are cookie-proof. They do not depend on third-party tracking cookies for targeting. The end of tracking cookies in web browsers (as soon as 2025) has publishers and advertisers searching for new channels.
  Email’s targeting capability could be the primary reason GAM is adding support.
• 
  Multilingual WordPress Sites to Reach a Global Audience

  If you are seeking to broaden the reach of your WordPress site to target an international audience, the following discussion on the leading multilingual WordPress plugins will be of interest. The plugins to be covered include WPML, Polylang, Weglot, TranslatePress, and GTranslate.

• 
  How to Reset Forgotten Root Password in RHEL Systems
  Read moreVisual Studio Code October 2019

  This article will guide you through simple steps to reset forgotten root password in RHEL-based Linux distributions such as Fedora, CentOS Stream, Rocky and Alma Linux.

• 
  VMware NSX Multi-tenancy; True Tenant Isolation?

  What is VMware NSX multi-tenancy? Historically multi-tenancy in VMware NSX was a Tier-0 gateway, otherwise known as the provider router, with one or many child Tier-1 gateways.

• 
  How To Install Elasticsearch On RunCloud

  Elasticsearch is a powerful, open-source search engine and analytics platform for storing, searching, and analyzing large volumes of data in real time.

• 
  WooCommerce vs BigCommerce: What’s the Best Choice?

  If you’re starting an online store, one of the first decisions you’ll need to make is the eCommerce platform you’re going to use.

• 
  Top WordPress Backup Plugins to Safeguard Your Website Data and Ensure Recovery

  Given the abundance of backup plugins available, the process of selecting the most suitable one can be daunting. This article aims to examine prominent WordPress backup plugins such as UpdraftPlus, BackupBuddy, BlogVault, among others.

---

Now, WordPress is available on http://localhost:80/ (you can connect to it and run wordpress configuration wizard using a web browser).

Light Container Orchestration with Podman and Systemd

While the command-line manual approach works, it’s not ideal for production. We need automation and to ensure containers keep running. And we want something simple, without having to learn an entire new way of running containers. Fortunately, we already have a service orchestration on SUSE Linux Micro, which is always running : systemd !

Podman’s systemd integration simplifies this with configuration files (formely known as quadlet) similar to systemd unit files.

Let’s convert the first podman CLI call:
podman run –detach -v /var/lib/mysql:/var/lib/mysql:Z -e MARIADB_ROOT_PASSWORD=rootpassword -e MARIADB_DATABASE=wordpress -e MARIADB_USER=MY_USER -e MARIADB_PASSWORD=my_user_password –replace –name mariadb registry.suse.com/suse/mariadb:10.6
into a descriptive file in /etc/containers/systemd/mariadb.container.

We add the following content:
[Unit]
Description=MariaDB server
After=network-online.target

[Container]
Image=registry.suse.com/suse/mariadb:10.6
Environment=MARIADB_ROOT_PASSWORD=rootpassword
Environment=MARIADB_DATABASE=wordpress
Environment=MARIADB_USER=MY_USER
Environment=MARIADB_PASSWORD=my_user_password
ContainerName=mariadb
Volume=/var/lib/mysql:/var/lib/mysql:Z
Timezone=local

[Service]
Restart=on-failure
ExecStartPre=-/usr/bin/mkdir -p /var/lib/mysql
ExecStartPre=-/usr/bin/chcon -R system_u:object_r:container_file_t:s0 -P /var/lib/mysql
TimeoutStartSec=500

[Install]
WantedBy=multi-user.target default.target

[Container] section is specific to podman and will control how the container is created and running. The other sections are regular systemd unit configurations.

Then run systemctl daemon-reload followed by systemctl start mariadb (or reboot the system, the container will be automatically started).

MariaDB will be running in a container but will look like a regular systemd service and managed like any other services. You can therefore use all the nice systemd features you were using on regular services, such as auto-restart if failing or inter-services dependencies. For this example, we add After=mariadb.service in the [Unit] section of systemd service of each application relying on MariaDB.

Similarly, let’s convert wordpress container from:
podman run –detach -p 80:80 –name wordpress registry.opensuse.org/home/fcrozat/susecon/containerfile/wordpress:latest
to /etc/containers/systemd/wordpress.container:
[Unit]
Description=Wordpress
After=network-online.target mariadb.service

[Container]
Image=registry.opensuse.org/home/fcrozat/susecon/containerfile/wordpress:latest
PublishPort=80:80
Timezone=local

[Service]
Restart=on-failure

[Install]
WantedBy=multi-user.target default.target

Now, we run systemctl daemon-reload followed by systemctl start wordpress.

We can connect to http://localhost:80/ and WordPress will be running.

The containers will be automatically started on systemd reboot and if for any reason, one container stops, systemd will restart it automatically.

Conclusion

Today, we look how to run containers on SUSE Linux Micro, manually and using podman/systemd integration.

As a reference, all the files (and a few additional ones) for this example are available on https://github.com/fcrozat/SUSECON-demos/tree/main/containers/wordpress, for you to experiment with.

In a previous blog post, we were discussing health management for the host. Wouldn’t it be great to have similar health management for containers ? We will look into it in a future blog post.

(Visited 1 times, 1 visits today)