Home Assistant at Podman

Home Assistant at Podman

This post is for all automation junkies. I successfully kept home assistant running with podman on CentOS Stream 9 which is the container software developed and maintained by Red Hat directly.

Podman was developed as an equivalent to the famous docker software some time ago. From scaling and security point of view it has some benefits compared to docker. However there are some additional things to consider (e.g. autostart of containers).

Before we start I want to store the container images on another location. At podman configuration file “/etc/containers/storage.conf” and section “[storage]” you have to modify variable “graphroot” to the desired location. In my case “/data/container/storage”

[storage]
# Default Storage Driver, Must be set for proper operation.
driver = "overlay"

# Temporary storage location
runroot = "/run/containers/storage"

# Primary Read/Write location of container storage
# When changing the graphroot location on an SELINUX system, you must
# ensure  the labeling matches the default locations labels with the
# following commands:
# semanage fcontext -a -e /var/lib/containers/storage /NEWSTORAGEPATH
# restorecon -R -v /NEWSTORAGEPATH
#graphroot = "/var/lib/containers/storage"
graphroot = "/data/container/storage"
Code-Sprache: PHP (php)

Firstly you have to understand that from installation perspective we are using “Home Assistant Container” which is the container image. Documentation from home-assistant.io. The guide just describes docker but because of the great compatibility between docker and podman, commands can be copied one-by-one just replacing the executable name to podman, example

[root] $ podman run -d \
--name homeassistant \
--privileged \
--restart=unless-stopped \
-e TZ=MY_TIME_ZONE \
-v /data/container/homeassistant:/config \
-v /run/dbus:/run/dbus:ro \
--network=host \
ghcr.io/home-assistant/home-assistant:stable
Code-Sprache: Bash (bash)

-v /data/container/homeassistant:/config \” should be the location where you want to store the container-config. I would prefer a location where you can backup this file too.

Now your container with HA should start. You can control it with podman ps:

[root] $ podman ps
CONTAINER ID  IMAGE                                         COMMAND     CREATED      STATUS      PORTS       NAMES
9507cf394e97  ghcr.io/home-assistant/home-assistant:stable              11 days ago  Up 11 days              homeassistant

As a next step we want to make HA auto start once the server starts. As podman does not run as daemon there is the possibility to create systemd-start and stop scripts.

First stop container, and restart it with systemctl, so that systemd can take full control:

[root] $ podman stop
### Generate new systemd autostart files
[root] $ podman generate systemd --new --name homeassistant > /etc/systemd/system/container-homeassistant.service

#### Enable autostart and start container too
[root] $ systemctl enable --now container-homeassistant.service
Code-Sprache: PHP (php)

As last step you can verify is service running fine as follows:

[root] $ systemctl status container-homeassistant.service
● container-homeassistant.service - Podman container-homeassistant.service
Loaded: loaded (/etc/systemd/system/container-homeassistant.service; enabled; preset: disabled)
Active: active (running) since Mon 2024-10-14 16:55:59 CEST; 3 days ago
Docs: man:podman-generate-systemd(1)
Main PID: 1291 (conmon)
Tasks: 1 (limit: 98845)
Memory: 1.2M
CPU: 187ms
CGroup: /system.slice/container-homeassistant.service
└─1291 /usr/bin/conmon --api-version 1 -c 9507cf394e972bd9e88403118fd6
Code-Sprache: Bash (bash)

As you have recognized I let run HA run as container in the root context. It would be even more secure to create a dedicated OS user and let the container run in that user context, but there must be always room for improvements 😉

FIN