4.3 KiB
openSUSE Operator Kit (container-first)
This guide describes a practical, operator-first way to run Likwid on openSUSE Leap using Podman (rootless) and a reverse proxy that is already present.
Assumptions
- You have an SSH-accessible server running openSUSE Leap.
- You run Likwid as a dedicated non-root user (recommended:
deploy). - A reverse proxy (Caddy/nginx) terminates TLS and forwards:
/to the frontend/apito the backend
- You operate via
podman compose.
Recommended directory layout
Use a predictable directory layout under the deploy user:
~/likwid/(git checkout)~/likwid/compose/.env.production(production env)~/likwid/compose/.env.demo(demo env)~/likwid/backups/(operator-managed backups)
Install required packages (openSUSE)
Install Podman and Git:
sudo zypper in -y podman git
Verify podman compose is available:
podman compose version
If your Podman build does not provide podman compose, install the compose integration package available for your openSUSE release.
Initial bootstrap (production)
- Clone the repository as the
deployuser:
git clone https://codeberg.org/likwid/likwid.git ~/likwid
- Create the production env file:
cp ~/likwid/compose/.env.production.example ~/likwid/compose/.env.production
- Edit
~/likwid/compose/.env.production:
POSTGRES_PASSWORDJWT_SECRETAPI_BASE(should be your public URL, e.g.https://your.domain)
- Start services:
cd ~/likwid
podman compose --env-file compose/.env.production -f compose/production.yml up -d --build
- Create the first admin and complete setup:
- Register the first user at
/register(first user becomes platform admin) - Complete
/setup
Demo deployment on the VPS
If you operate the public demo style deployment:
cd ~/likwid
podman compose --env-file compose/.env.demo -f compose/demo.yml -f compose/demo.vps.override.yml up -d --build
Health check (backend):
curl -fsS http://127.0.0.1:3001/health
Upgrade procedure (safe, repeatable)
Use a fetch + hard reset strategy to keep the server in a known state:
cd ~/likwid
git fetch origin
git reset --hard origin/main
podman compose --env-file compose/.env.demo -f compose/demo.yml -f compose/demo.vps.override.yml up -d --build
For production deployments, swap the compose files/env file accordingly.
Rollback to a known commit
If an upgrade fails, roll back to a previously known-good commit:
cd ~/likwid
git fetch origin
git reset --hard <KNOWN_GOOD_COMMIT>
podman compose --env-file compose/.env.demo -f compose/demo.yml -f compose/demo.vps.override.yml up -d --build
Log inspection
Container logs:
podman logs -f likwid-demo-backend
podman logs -f likwid-demo-frontend
podman logs -f likwid-demo-db
Container status:
podman ps
Firewall and port exposure
- Prefer binding backend/frontend ports to
127.0.0.1and letting your reverse proxy access them locally. - Publicly expose only
80/tcpand443/tcp. - If your compose file binds services on
0.0.0.0, restrict access via firewall rules.
Start services on boot (systemd user service)
Podman is most reliable on openSUSE when managed as a rootless user service.
- Enable lingering for the
deployuser so services can run without an active SSH session:
sudo loginctl enable-linger deploy
- Create a systemd user unit:
- File:
~/.config/systemd/user/likwid-demo.service
[Unit]
Description=Likwid demo (podman compose)
Wants=network-online.target
After=network-online.target
[Service]
Type=oneshot
RemainAfterExit=yes
WorkingDirectory=%h/likwid
ExecStart=/usr/bin/podman compose --env-file compose/.env.demo -f compose/demo.yml -f compose/demo.vps.override.yml up -d --build
ExecStop=/usr/bin/podman compose --env-file compose/.env.demo -f compose/demo.yml -f compose/demo.vps.override.yml down
TimeoutStartSec=0
[Install]
WantedBy=default.target
- Enable and start it:
systemctl --user daemon-reload
systemctl --user enable --now likwid-demo.service
- Inspect service logs:
journalctl --user -u likwid-demo.service -f
For production, create a separate unit (for example likwid-prod.service) with the production env file and compose file.