-e5651c91ea8f4875ab4272337398cabe.JPG)
什么是Podman
Podman 是一个开源项目,可在大多数 Linux 平台上使用并驻留在GitHub 上。Podman 是一个无守护进程的容器引擎,用于在 Linux 系统上开发、管理和运行 Open Container Initiative (OCI) 容器和容器映像。Podman 提供了一个与 Docker 兼容的命令行前端,它可以简单地为 Docker cli 取别名,别名 docker=podman。Podman 还提供了一个套接字激活的 REST API 服务,以允许远程应用程序启动按需容器。这个 REST API 还支持 Docker API,允许 docker-py 和 docker-compose 的用户与 Podman 作为服务进行交互。
Podman 控制下的容器可以由 root 或非特权用户运行。Podman 使用libpod库管理整个容器生态系统,包括 pod、容器、容器镜像和容器卷。Podman 专注于帮助您维护和修改 OCI 容器映像的所有命令和功能,例如拉取和标记。它允许您在生产环境中创建、运行和维护从这些映像创建的容器。
Podman 服务仅运行在 Linux 平台上,但 Podman 远程 REST API 客户端存在于 Mac 和 Windows 平台上,并且可以通过 ssh 与运行在 Linux 机器或 VM 上的 Podman 服务进行通信。
Podman的安装
[root@podman ~]# yum makecache | yum -y install podman-docker
非ROOT用户安装
[root@podman ~]# sudo yum -y install podman-docker
Podman常用命令
podman search:查找镜像
[root@podman ~]# podman search httpd
INDEX NAME DESCRIPTION STARS OFFICIAL AUTOMATED
fedoraproject.org registry.fedoraproject.org/f29/httpd 0
redhat.com registry.access.redhat.com/rhscl/httpd-24-rhel7 Apache HTTP 2.4 Server 0
redhat.com registry.access.redhat.com/cloudforms46-beta/cfme-openshift-httpd CloudForms is a management and automation pl... 0
使用过滤器增强搜索
[root@podman ~]# podman search httpd --filter=is-official
INDEX NAME DESCRIPTION STARS OFFICIAL AUTOMATED
docker.io docker.io/library/httpd The Apache HTTP Server Project 3794 [OK]
podman pull:拉取镜像
[root@podman ~]# podman pull docker.io/library/httpd
Trying to pull docker.io/library/httpd:latest...
Getting image source signatures
Copying blob e5ae68f74026 done
Copying blob bc36ee1127ec done
Copying blob f1aa5f54b226 done
Copying blob d3576f2b6317 done
Copying blob aa379c0cedc2 done
Copying config ea28e1b82f done
Writing manifest to image destination
Storing signatures
ea28e1b82f314092abd3f90a69e57d6ccf506382821ee0b8d9b48c3e47440c1f
注意:与docker不同的地方是podman拉取镜像需要写上路径,不然会出现其他路径供你选择
[root@podman ~]# podman pull nginx
? Please select an image:
registry.fedoraproject.org/nginx:latest
registry.access.redhat.com/nginx:latest
registry.centos.org/nginx:latest
▸ docker.io/library/nginx:latest //选择docker官方源
[root@podman ~]# podman pull nginx
✔ docker.io/library/nginx:latest
Trying to pull docker.io/library/nginx:latest...
Getting image source signatures
Copying blob e5ae68f74026 skipped: already exists
Copying blob 44be98c0fab6 done
Copying blob 21e0df283cd6 done
Copying blob 881ff011f1c9 done
Copying blob 77700c52c969 done
Copying blob ed835de16acd done
Copying config f652ca386e done
Writing manifest to image destination
Storing signatures
f652ca386ed135a4cbe356333e08ef0816f81b2ac8d0619af01e2b256837ed3e
podman images:列出所有镜像
[root@podman ~]# podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/library/httpd latest ea28e1b82f31 11 days ago 148 MB
podman run:运行容器
[root@podman ~]# podman run -dt -p 8080:80/tcp docker.io/library/httpd
a239890454a6a849761a64e9b4b80a5ea91d98e4071ac8dc30985fbd2aeb6f81
podman ps:查看正在运行容器
[root@podman ~]# podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a239890454a6 docker.io/library/httpd:latest httpd-foreground 40 seconds ago Up 41 seconds ago 0.0.0.0:8080->80/tcp affectionate_shamir
podman ps -a:查看所有容器
[root@podman ~]# podman ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
bd3e5c430773 docker.io/library/httpd:latest httpd-foreground 7 minutes ago Created 0.0.0.0:8080->80/tcp flamboyant_noyce
a239890454a6 docker.io/library/httpd:latest httpd-foreground About a minute ago Up About a minute ago 0.0.0.0:8080->80/tcp affectionate_shamir
podman rm:删除容器
[root@podman ~]# podman rm bd3e5c430773
bd3e5c43077334625bfc3281d65d5651d6b19728ece1b3d1939415b62aa8477d
[root@podman ~]# podman ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a239890454a6 docker.io/library/httpd:latest httpd-foreground 2 minutes ago Up 2 minutes ago 0.0.0.0:8080->80/tcp affectionate_shamir
podman create:创建一个新的容器
[root@podman ~]# podman create httpd
3b4565632759ef531c4cb953b76221c60c84db2cd2879fc72e279001e7982e17
[root@podman ~]# docker ps -a
Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg.
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a239890454a6 docker.io/library/httpd:latest httpd-foreground 4 minutes ago Up 4 minutes ago 0.0.0.0:8080->80/tcp affectionate_shamir
3b4565632759 docker.io/library/httpd:latest httpd-foreground 4 seconds ago Created
指定版本:
[root@podman ~]# podman create httpd:2.4.51
✔ docker.io/library/httpd:2.4.51
Trying to pull docker.io/library/httpd:2.4.51...
Getting image source signatures
Copying blob aa379c0cedc2 skipped: already exists
Copying blob bc36ee1127ec skipped: already exists
Copying blob e5ae68f74026 skipped: already exists
Copying blob d3576f2b6317 [--------------------------------------] 0.0b / 0.0b
Copying blob f1aa5f54b226 [--------------------------------------] 0.0b / 0.0b
Copying config ea28e1b82f done
Writing manifest to image destination
Storing signatures
479020c1685c53e4ef61b909f59dac341c8be76dc371aa6bf698d1fc85907103
podman start:启动一个或多个容器
[root@podman ~]# podman ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a239890454a6 docker.io/library/httpd:latest httpd-foreground 14 minutes ago Up 14 minutes ago 0.0.0.0:8080->80/tcp affectionate_shamir
479020c1685c docker.io/library/httpd:2.4.51 httpd-foreground 7 minutes ago Created interesting_ramanujan
[root@podman ~]# podman start 479020c1685c
479020c1685c
[root@podman ~]# podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a239890454a6 docker.io/library/httpd:latest httpd-foreground 14 minutes ago Up 14 minutes ago 0.0.0.0:8080->80/tcp affectionate_shamir
479020c1685c docker.io/library/httpd:2.4.51 httpd-foreground 8 minutes ago Up 5 seconds ago interesting_ramanujan
podman stop:停止一个或多个容器容器
[root@podman ~]# podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
3b4565632759 docker.io/library/httpd:latest httpd-foreground 8 hours ago Up 3 seconds ago reverent_germain
[root@podman ~]# podman stop 3b4565632759
3b4565632759
[root@podman ~]# podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
podman rm:删除一个或多个容器
[root@podman ~]# podman ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a239890454a6 docker.io/library/httpd:latest httpd-foreground 8 hours ago Exited (0) 5 minutes ago 0.0.0.0:8080->80/tcp affectionate_shamir
3b4565632759 docker.io/library/httpd:latest httpd-foreground 8 hours ago Exited (0) 2 minutes ago reverent_germain
479020c1685c docker.io/library/httpd:2.4.51 httpd-foreground 8 hours ago Created interesting_ramanujan
3a38dce9e89a docker.io/library/httpd:2.4.51 httpd-foreground 8 hours ago Created admiring_poincare
940de24349f2 docker.io/library/httpd:2.4.51 httpd-foreground 4 minutes ago Exited (0) 4 minutes ago 0.0.0.0:8080->80/tcp httpd
[root@podman ~]# podman rm a239890454a6 3b4565632759 479020c1685c 3a38dce9e89a
a239890454a6a849761a64e9b4b80a5ea91d98e4071ac8dc30985fbd2aeb6f81
3b4565632759ef531c4cb953b76221c60c84db2cd2879fc72e279001e7982e17
479020c1685c53e4ef61b909f59dac341c8be76dc371aa6bf698d1fc85907103
3a38dce9e89a41eb8d779b64cd21c6537445980f7ac2337579dc88098d80b761
[root@podman ~]# podman ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
940de24349f2 docker.io/library/httpd:2.4.51 httpd-foreground 4 minutes ago Exited (0) 4 minutes ago 0.0.0.0:8080->80/tcp httpd
podman inspect:查看容器/镜像详细信息
[root@podman nginx_podman]# podman ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
77297313d770 docker.io/library/httpd:2.4.51 httpd-foreground 8 seconds ago Up 8 seconds ago clever_noyce
[root@podman nginx_podman]# podman inspect 77297313d770
[
{
"Id": "77297313d77058f8bc4a085bf69af3b58c9aec384ccf7c8ec33c6c23581cf74c",
"Created": "2021-12-14T03:31:41.050682878+08:00",
"Path": "httpd-foreground",
"Args": [
"httpd-foreground"
],
"State": {
"OciVersion": "1.0.2-dev",
"Status": "running",
"Running": true,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
余下部分省略
podman 构建镜像
使用Dockerfile构建一个Nginx镜像
[root@podman nginx_podman]# tree
.
├── Dockerfile
└── files
└── nginx-1.20.2.tar.gz
1 directory, 2 files
[root@podman nginx_podman]# cat Dockerfile
FROM docker.io/library/centos
ENV PATH /usr/local/nginx/sbin:$PATH
ADD files/nginx-1.20.1.tar.gz /usr/src
RUN useradd -r -M -s /sbin/nologin nginx && \
yum -y install pcre-devel openssl openssl-devel gd-devel gcc gcc-c++ make && \
mkdir -p /var/log/nginx && \
cd /usr/src/nginx-1.20.1 && \
./configure \
--prefix=/usr/local/nginx \
--user=nginx \
--group=nginx \
--with-debug \
--with-http_ssl_module \
--with-http_realip_module \
--with-http_image_filter_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_stub_status_module \
--http-log-path=/var/log/nginx/access.log \
--error-log-path=/var/log/nginx/error.log && \
make && make install
CMD ["nginx","-g","daemon off"]
使用podman build -t [镜像名] [Dockerfile文件地址]来构建镜像
[root@podman nginx_podman]# podman build -t docker.io/dengzichen/nginx:latest .
[root@podman nginx_podman]# podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/dengzichen/nginx latest 09277fcabe03 18 seconds ago 566 MB
docker.io/library/nginx latest f652ca386ed1 11 days ago 146 MB
docker.io/library/httpd 2.4.51 ea28e1b82f31 11 days ago 148 MB
docker.io/library/httpd latest ea28e1b82f31 11 days ago 148 MB
docker.io/library/centos latest 5d0da3dc9764 2 months ago 239 MB
登录
[root@podman nginx_podman]# podman login
Username: dengzichen
Password:
Login Succeeded!
上传镜像
[root@podman ~]# podman push dengzichen/nginx:latest
Failed to read /etc/containers/storage.conf Near line 8 (last key parsed 'storage.driver'): expected value but found "overlay" instead
Getting image source signatures
Copying blob 48fa1bdd59e5 done
Copying blob cc3d2335699c done
Copying blob 74ddd0ec08fa skipped: already exists
Copying config 09277fcabe done
Writing manifest to image destination
Storing signatures
普通用户使用podman
修改配置文件
[root@podman ~]# vim /etc/containers/storage.conf
[storage]
# Default Storage Driver, Must be set for proper operation.
driver = overlay //去掉引号
# Path to an helper program to use for mounting the file system instead of mounting it
# directly.
mount_program = "/usr/bin/fuse-overlayfs" //取消此行注释
启动用户命名空间
查看系统版本
[root@podman ~]# cat /etc/redhat-release
CentOS Linux release 8.5.2111
如果版本为8以下,则需要做以下操作:
sysctl user.max_user_namepaces=15000
配置suid与sgid
[root@podman ~]# useradd dzc
[root@podman ~]# cat /etc/subuid
admin:100000:65536
dzc:165536:65536
[root@podman ~]# cat /etc/subgid
admin:100000:65536
dzc:165536:65536
记录用户登录信息
[root@podman ~]# find / -name auth.json
/run/user/0/containers/auth.json
[root@podman ~]# cat /run/user/0/containers/auth.json
{
"auths": {
"docker.io": {
"auth": "ZGVuZ3ppY2hlbjpkZW5nemljaGVu"
},
"registry.fedoraproject.org": {
"auth": "ZGVuZ3ppY2hlbjpkZW5nemljaGVu"
}
}
普通用户使用容器
安装crun
[root@podman ~]# yum -y install crun
[root@podman containers]# vim containers.conf
# Default OCI runtime
#
runtime = "crun" //取消注释
#runtime = "runc" //注释掉
创建卷
[root@podman containers]# su - admin
[admin@podman ~]$ mkdir data
[admin@podman ~]$ podman run -it -v "$(pwd)"/data:/data docker.io/library/busybox /bin/sh
Failed to read /etc/containers/storage.conf Near line 8 (last key parsed 'storage.driver'): expected value but found "overlay" instead
Failed to read /etc/containers/storage.conf Near line 8 (last key parsed 'storage.driver'): expected value but found "overlay" instead
Trying to pull docker.io/library/busybox:latest...
Getting image source signatures
Copying blob 3cb635b06aa2 done
Copying config ffe9d497c3 done
Writing manifest to image destination
Storing signatures
/ # cd data/
/data # ls
/data # touch dzc
/data # ls -l
total 0
-rw-r--r-- 1 root root 0 Dec 13 19:47 dzc
在主机上查看
[admin@podman ~]$ ll data/
总用量 0
-rw-r--r-- 1 admin admin 0 12月 14 03:47 dzc
在主机上创建
[admin@podman ~]$ touch data/zcd
容器里查看
/data # ls -l
total 0
-rw-r--r-- 1 root root 0 Dec 13 19:47 dzc
-rw-rw-r-- 1 root root 0 Dec 13 19:49 zcd
评论区