Container template, generate extra container if it is in a pod

[onlyati]

Issue Description

I create template file based on the information from the document: https://docs.podman.io/en/v5.2.2/markdown/podman-systemd.unit.5.html#template-files. But when I put this template into a pod, then one extra container is automatically created where the pod name will be the instance name. I am not sure this is works as designed or a bug, but based on document it should not happen, if I understand correctly.

My use case would be to host multiple webapp/api with the same template but within same pod (for network simpilicity).

Steps to reproduce the issue

Create a pod file, for example test.pod:

[Pod]

Create container teamplate, for example test-server@.container:

[Unit]
Description=Test container #%i

[Container]
Image=docker.io/library/debian
Pod=test.pod
Exec=tail -f /dev/null

Then create some symlink:

• ln -s test-server@.container test-server@1.container
• ln -s test-server@.container test-server@2.container
• ln -s test-server@.container test-server@3.container

Then reload the daemon systemctl --user daemon-reload and start the pod systemctl --user start test-pod.

Describe the results you received

$ systemctl --user --type=service | grep test
  test-pod.service               loaded active running test-pod.service
  test-server@1.service          loaded active running test-server@1.service
  test-server@2.service          loaded active running test-server@2.service
  test-server@3.service          loaded active running test-server@3.service
  test-server@test-pod.service   loaded active running test-server@test-pod.service

$ podman ps --pod --filter pod=systemd-test
CONTAINER ID  IMAGE                                    COMMAND            CREATED        STATUS        PORTS       NAMES                         POD ID        PODNAME
166c5ed6a36c  localhost/podman-pause:5.2.2-1738677241                     9 minutes ago  Up 9 minutes              483a8d6b0238-infra            483a8d6b0238  systemd-test
161dfe5a7819  docker.io/library/debian:latest          tail -f /dev/null  9 minutes ago  Up 9 minutes              systemd-test-server_2         483a8d6b0238  systemd-test
818027e8dfdf  docker.io/library/debian:latest          tail -f /dev/null  9 minutes ago  Up 9 minutes              systemd-test-server_1         483a8d6b0238  systemd-test
6cd32478e587  docker.io/library/debian:latest          tail -f /dev/null  9 minutes ago  Up 9 minutes              systemd-test-server_3         483a8d6b0238  systemd-test
a03475f748ce  docker.io/library/debian:latest          tail -f /dev/null  9 minutes ago  Up 9 minutes              systemd-test-server_test-pod  483a8d6b0238  systemd-test

Describe the results you expected

Since I did not define DefaultInstance= parameter, no default container should be started just the symlink ones. So test-server@test-pod.service should not been started. It also seems, if I set something for DefaultInstance, it is ignored when template is in pod.

podman info output

host:
  arch: amd64
  buildahVersion: 1.37.6
  cgroupControllers:
  - memory
  - pids
  cgroupManager: systemd
  cgroupVersion: v2
  conmon:
    package: conmon-2.1.12-1.el9.x86_64
    path: /usr/bin/conmon
    version: 'conmon version 2.1.12, commit: 5859d6167f22954414ce804d3f2ae9cf6208f929'
  cpuUtilization:
    idlePercent: 97.48
    systemPercent: 1.11
    userPercent: 1.41
  cpus: 2
  databaseBackend: sqlite
  distribution:
    distribution: rocky
    version: "9.5"
  eventLogger: journald
  freeLocks: 2023
  hostname: controller-01
  idMappings:
    gidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 100000
      size: 65536
    uidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 100000
      size: 65536
  kernel: 5.14.0-503.26.1.el9_5.x86_64
  linkmode: dynamic
  logDriver: journald
  memFree: 308297728
  memTotal: 3735650304
  networkBackend: netavark
  networkBackendInfo:
    backend: netavark
    dns:
      package: aardvark-dns-1.12.2-1.el9_5.x86_64
      path: /usr/libexec/podman/aardvark-dns
      version: aardvark-dns 1.12.2
    package: netavark-1.12.2-1.el9.x86_64
    path: /usr/libexec/podman/netavark
    version: netavark 1.12.2
  ociRuntime:
    name: crun
    package: crun-1.16.1-1.el9.x86_64
    path: /usr/bin/crun
    version: |-
      crun version 1.16.1
      commit: afa829ca0122bd5e1d67f1f38e6cc348027e3c32
      rundir: /run/user/1000/crun
      spec: 1.0.0
      +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +YAJL
  os: linux
  pasta:
    executable: /usr/bin/pasta
    package: passt-0^20240806.gee36266-6.el9_5.x86_64
    version: |
      pasta 0^20240806.gee36266-6.el9_5.x86_64
      Copyright Red Hat
      GNU General Public License, version 2 or later
        <https://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
      This is free software: you are free to change and redistribute it.
      There is NO WARRANTY, to the extent permitted by law.
  remoteSocket:
    exists: false
    path: /run/user/1000/podman/podman.sock
  rootlessNetworkCmd: pasta
  security:
    apparmorEnabled: false
    capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
    rootless: true
    seccompEnabled: true
    seccompProfilePath: /usr/share/containers/seccomp.json
    selinuxEnabled: true
  serviceIsRemote: false
  slirp4netns:
    executable: /usr/bin/slirp4netns
    package: slirp4netns-1.3.1-1.el9.x86_64
    version: |-
      slirp4netns version 1.3.1
      commit: e5e368c4f5db6ae75c2fce786e31eef9da6bf236
      libslirp: 4.4.0
      SLIRP_CONFIG_VERSION_MAX: 3
      libseccomp: 2.5.2
  swapFree: 0
  swapTotal: 0
  uptime: 90h 50m 32.00s (Approximately 3.75 days)
  variant: ""
plugins:
  authorization: null
  log:
  - k8s-file
  - none
  - passthrough
  - journald
  network:
  - bridge
  - macvlan
  - ipvlan
  volume:
  - local
registries:
  search:
  - registry.access.redhat.com
  - registry.redhat.io
  - docker.io
store:
  configFile: /home/ati/.config/containers/storage.conf
  containerStore:
    number: 18
    paused: 0
    running: 17
    stopped: 1
  graphDriverName: overlay
  graphOptions: {}
  graphRoot: /home/ati/.local/share/containers/storage
  graphRootAllocated: 40165670912
  graphRootUsed: 12203323392
  graphStatus:
    Backing Filesystem: extfs
    Native Overlay Diff: "true"
    Supports d_type: "true"
    Supports shifting: "false"
    Supports volatile: "true"
    Using metacopy: "false"
  imageCopyTmpDir: /var/tmp
  imageStore:
    number: 17
  runRoot: /run/user/1000/containers
  transientStore: false
  volumePath: /home/ati/.local/share/containers/storage/volumes
version:
  APIVersion: 5.2.2
  Built: 1738677241
  BuiltTime: Tue Feb  4 13:54:01 2025
  GitCommit: ""
  GoVersion: go1.22.9 (Red Hat 1.22.9-2.el9_5)
  Os: linux
  OsArch: linux/amd64
  Version: 5.2.2

Podman in a container

No

Privileged Or Rootless

Rootless

Upstream Latest Release

No

Additional environment details

This data is gathered from 5.2.2 version, but I have tested on a test system with podman 5.4, produced the same issue.

Additional information

No response

[github-actions]

A friendly reminder that this issue had no activity for 30 days.