podman的简介、配置及常用命令的使用
podman的简介、配置及常用命令的使用1. 什么是podman2. podman安装1. 什么是podmanPodman 是一个无守护进程的容器引擎,用于在 Linux 系统上开发、管理和运行 OCI 容器。容器可以以 root 或无根模式运行。Podman 是一个开源项目,可在大多数 Linux 平台上使用并驻留在GitHub上。Podman 是一个无守护进程的容器引擎,用于在 Linux 系
podman的简介、配置及常用命令的使用
1. 什么是podman
Podman 是一个无守护进程的容器引擎,用于在 Linux 系统上开发、管理和运行 OCI 容器。容器可以以 root 或无根模式运行。
Podman 是一个开源项目,可在大多数 Linux 平台上使用并驻留在GitHub上。Podman 是一个无守护进程的容器引擎,用于在 Linux 系统上开发、管理和运行 Open Container Initiative (OCI) 容器和容器映像。
Podman 还提供了一个套接字激活的 REST API 服务,以允许远程应用程序启动按需容器。这个 REST API 还支持 Docker API,允许 docker-py 和 docker-compose 的用户与 Podman 作为服务进行交互。
Podman 服务仅运行在 Linux 平台上,但 Podman 远程 REST API 客户端存在于 Mac 和 Windows 平台上,并且可以通过 ssh 与运行在 Linux 机器或 VM 上的 Podman 服务进行通信。
2. podman安装
podman可以在windows、linux、mac等众多平台上安装
podman官网安装教程
[root@localhost ~]# yum -y install podman-docker.noarch
3. podman的使用
[root@localhost ~]# podman search busybox //搜索busybox镜像,默认到docker官方的镜像仓库去找
INDEX NAME DESCRIPTION STARS OFFICIAL AUTOMATED
docker.io docker.io/library/busybox Busybox base image. 2415 [OK]
docker.io docker.io/radial/busyboxplus Full-chain, Internet enabled, busybox made f... 43 [OK]
docker.io docker.io/yauritux/busybox-curl Busybox with CURL 16
docker.io docker.io/arm64v8/busybox Busybox base image. 3
docker.io docker.io/vukomir/busybox busybox and curl 1
docker.io docker.io/amd64/busybox Busybox base image. 0
docker.io docker.io/odise/busybox-curl 4 [OK]
docker.io docker.io/ppc64le/busybox Busybox base image. 1
docker.io docker.io/arm32v7/busybox Busybox base image. 10
docker.io docker.io/s390x/busybox Busybox base image. 2
docker.io docker.io/prom/busybox Prometheus Busybox Docker base images 2 [OK]
docker.io docker.io/i386/busybox Busybox base image. 2
docker.io docker.io/joeshaw/busybox-nonroot Busybox container with non-root user nobody 2
docker.io docker.io/p7ppc64/busybox Busybox base image for ppc64. 2
docker.io docker.io/arm32v6/busybox Busybox base image. 3
docker.io docker.io/arm32v5/busybox Busybox base image. 0
docker.io docker.io/armhf/busybox Busybox base image. 6
docker.io docker.io/mips64le/busybox Busybox base image. 1
docker.io docker.io/spotify/busybox Spotify fork of https://hub.docker.com/_/bus... 1
docker.io docker.io/aarch64/busybox Busybox base image. 3
docker.io docker.io/progrium/busybox 70 [OK]
docker.io docker.io/lqshow/busybox-curl Busybox image adds a curl binary to /usr/bin 1 [OK]
docker.io docker.io/ggtools/busybox-ubuntu Busybox ubuntu version with extra goodies 0 [OK]
docker.io docker.io/odise/busybox-python 4 [OK]
// 运行 busybox 容器镜像
[root@localhost ~]# podman run -it docker.io/library/busybox
Trying to pull docker.io/library/busybox:latest...
Getting image source signatures
Copying blob 3cb635b06aa2 done
Copying config ffe9d497c3 done
Writing manifest to image destination
Storing signatures
/ # ls
bin dev etc home proc root run sys tmp usr var
// 使用dockerfile构建一个nginx
[root@localhost nginx]# tree
.
├── Dockerfile
└── files
└── nginx-1.20.1.tar.gz
[root@localhost nginx]# cat Dockerfile
FROM docker.io/library/centos
ENV PATH /usr/local/nginx/sbin:$PATH
ADD files/nginx-1.20.1.tar.gz /usr/src
RUN useradd -r -M -s /sbin/nologin nginx && \
yum -y install pcre-devel openssl openssl-devel gd-devel gcc gcc-c++ make && \
mkdir -p /var/log/nginx && \
cd /usr/src/nginx-1.20.1 && \
./configure \
--prefix=/usr/local/nginx \
--user=nginx \
--group=nginx \
--with-debug \
--with-http_ssl_module \
--with-http_realip_module \
--with-http_image_filter_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_stub_status_module \
--http-log-path=/var/log/nginx/access.log \
--error-log-path=/var/log/nginx/error.log && \
make && make install
CMD ["nginx","-g","daemon off"]
[root@localhost nginx]# podman build -t nginx .
// 修改镜像名
[root@localhost nginx]# podman tag docker.io/library/nginx:latest docker.io/dockerimages123/nginx:latest
// 登录并上传镜像
[root@localhost nginx]# podman login docker.io // 需要告诉其要登录到docker仓库
[root@localhost nginx]# podman login docker.io
Username: dockerimages123 //输入账号
Password: // 密码
Login Succeeded!
[root@localhost nginx]# podman push docker.io/dockerimages123/nginx:latest //上传镜像
// 查看指定镜像的详细信息
[root@localhost files]# podman inspect docker.io/dockerimages123/nginx:latest
[
{
"Id": "a432520ebad933f3a0a1432569537d95c92022c29d83fd176fb18ef7cc074079",
"Digest": "sha256:d7114b87335f35e6aac63f172f9e57cf2f58692bf599dcfe54e746e51976f148",
"RepoTags": [
"docker.io/library/nginx:latest",
"docker.io/dockerimages123/nginx:latest"
],
"RepoDigests": [
"docker.io/dockerimages123/nginx@sha256:d7114b87335f35e6aac63f172f9e57cf2f58692bf599dcfe54e746e51976f148",
"docker.io/library/nginx@sha256:d7114b87335f35e6aac63f172f9e57cf2f58692bf599dcfe54e746e51976f148"
],
"Parent": "588db823a5cb53d34030ec14e9e8da1044555ecc42a23c1a67a905240d16687b",
"Comment": "",
"Created": "2021-12-14T02:47:17.933445186Z",
"Config": {
"Env": [
"PATH=/usr/local/nginx/sbin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
],
"Cmd": [
"nginx",
"-g",
"daemon off"
],
省略N行
4. podman的常用操作
// 查看容器的详细信息
[root@localhost nginx]# podman inspect nginx
[
{
"Id": "6818139482c6b6c5482769724a6cd5c858b4d96456d01a4101d9da7c1fa9c2f5",
"Created": "2021-12-14T10:20:42.249764947+08:00",
"Path": "/docker-entrypoint.sh",
"Args": [
"nginx",
"-g",
"daemon off;"
"NetworkSettings": {
"EndpointID": "",
"Gateway": "10.88.0.1",
"IPAddress": "10.88.0.5", //容器的IP地址
"IPPrefixLen": 16,
"IPv6Gateway": "",
// 通过IP地址访问容器
[root@localhost ~]# curl 10.88.0.5
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
// 查看某个容器的访问日志
[root@localhost ~]# podman logs --latest // 默认使最近的一个容器的访文信息
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf
10-listen-on-ipv6-by-default.sh: info: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf
/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
/docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh
/docker-entrypoint.sh: Configuration complete; ready for start up
2021/12/14 02:20:42 [notice] 1#1: using the "epoll" event method
2021/12/14 02:20:42 [notice] 1#1: nginx/1.21.4
2021/12/14 02:20:42 [notice] 1#1: built by gcc 10.2.1 20210110 (Debian 10.2.1-6)
2021/12/14 02:20:42 [notice] 1#1: OS: Linux 4.18.0-257.el8.x86_64
2021/12/14 02:20:42 [notice] 1#1: getrlimit(RLIMIT_NOFILE): 1048576:1048576
2021/12/14 02:20:42 [notice] 1#1: start worker processes
2021/12/14 02:20:42 [notice] 1#1: start worker process 30
2021/12/14 02:20:42 [notice] 1#1: start worker process 31
10.88.0.1 - - [14/Dec/2021:03:38:59 +0000] "GET / HTTP/1.1" 200 615 "-" "curl/7.61.1" "-"
// 运行容器测试访问信息
[root@localhost ~]# podman run -d --name web docker.io/library/httpd
Trying to pull docker.io/library/httpd:latest...
Getting image source signatures
Copying blob e5ae68f74026 skipped: already exists
Copying blob aa379c0cedc2 done
Copying blob d3576f2b6317 done
Copying blob bc36ee1127ec done
Copying blob f1aa5f54b226 done
Copying config ea28e1b82f done
Writing manifest to image destination
Storing signatures
54edf15ce189f0694120698566e7488c839d89b33a34bf130389b6f30e96f265
// 运行一个apache容器
[root@localhost ~]# podman run -d --name web docker.io/library/httpd
[root@localhost ~]# podman inspect web //查看详细信息
"Mounts": [],
"Dependencies": [],
"NetworkSettings": {
"EndpointID": "",
"Gateway": "10.88.0.1",
"IPAddress": "10.88.0.6",
[root@localhost ~]# curl 10.88.0.6
<html><body><h1>It works!</h1></body></html>
// 访问两次apache
[root@localhost ~]# curl 10.88.0.6
<html><body><h1>It works!</h1></body></html>
[root@localhost ~]# curl 10.88.0.6
<html><body><h1>It works!</h1></body></html>
// 默认查看最新的一个容器的访问日志
[root@localhost ~]# podman logs --latest
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 10.88.0.6. Set the 'ServerName' directive globally to suppress this message
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 10.88.0.6. Set the 'ServerName' directive globally to suppress this message
[Tue Dec 14 03:42:42.797618 2021] [mpm_event:notice] [pid 1:tid 139840743701824] AH00489: Apache/2.4.51 (Unix) configured -- resuming normal operations
[Tue Dec 14 03:42:42.798545 2021] [core:notice] [pid 1:tid 139840743701824] AH00094: Command line: 'httpd -D FOREGROUND'
10.88.0.1 - - [14/Dec/2021:03:46:56 +0000] "GET / HTTP/1.1" 200 45
10.88.0.1 - - [14/Dec/2021:03:47:32 +0000] "GET / HTTP/1.1" 200 45
// 查看指定容器的访问信息
[root@localhost ~]# podman logs nginx //可以通过容器的名称或id进行查看
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf
10-listen-on-ipv6-by-default.sh: info: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf
/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
/docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh
/docker-entrypoint.sh: Configuration complete; ready for start up
2021/12/14 02:20:42 [notice] 1#1: using the "epoll" event method
2021/12/14 02:20:42 [notice] 1#1: nginx/1.21.4
2021/12/14 02:20:42 [notice] 1#1: built by gcc 10.2.1 20210110 (Debian 10.2.1-6)
2021/12/14 02:20:42 [notice] 1#1: OS: Linux 4.18.0-257.el8.x86_64
2021/12/14 02:20:42 [notice] 1#1: getrlimit(RLIMIT_NOFILE): 1048576:1048576
2021/12/14 02:20:42 [notice] 1#1: start worker processes
2021/12/14 02:20:42 [notice] 1#1: start worker process 30
2021/12/14 02:20:42 [notice] 1#1: start worker process 31
10.88.0.1 - - [14/Dec/2021:03:38:59 +0000] "GET / HTTP/1.1" 200 615 "-" "curl/7.61.1" "-"
// 查看指定容器的进程信息
[root@localhost ~]# podman top nginx
USER PID PPID %CPU ELAPSED TTY TIME COMMAND
root 1 0 0.000 1h31m9.485762974s ? 0s nginx: master process nginx -g daemon off;
nginx 30 1 0.000 1h31m9.486477743s ? 0s nginx: worker process
nginx 31 1 0.000 1h31m9.486828771s ? 0s nginx: worker process
// 容器的备份与恢复
注意此功能只有管理员才可以使用
// 若此命令使用不了请安装 criu3.11版本
[root@localhost ~]# podman container checkpoint web // 备份
54edf15ce189f0694120698566e7488c839d89b33a34bf130389b6f30e96f265
[root@localhost ~]# podman container restore web // 恢复
54edf15ce189f0694120698566e7488c839d89b33a34bf130389b6f30e96f265
// 容器的停止与启动
[root@localhost ~]# podman stop web //这个使停止指定的容器
[root@localhost ~]# podman stop --latest //停止最新的一个容器
[root@localhost ~]# podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
6818139482c6 docker.io/library/nginx:latest nginx -g daemon o... 2 hours ago Up 2 hours ago nginx
54edf15ce189 docker.io/library/httpd:latest httpd-foreground 26 minutes ago Up 26 minutes ago web
[root@localhost ~]# podman stop --latest
[root@localhost ~]# podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
6818139482c6 docker.io/library/nginx:latest nginx -g daemon o... 2 hours ago Up 2 hours ago nginx
[root@localhost ~]# podman start web //启动容器
web
// 删除容器
[root@localhost ~]# podman rm nginx //删除指定的容器
[root@localhost ~]# podman rm --latest //删除最新的容器,删除之前需要先停止容器,-f可以强制删除,不需要停止容器
54edf15ce189f0694120698566e7488c839d89b33a34bf130389b6f30e96f265
5. podman通过普通用户进行操作
// 需要做以下操作
[root@localhost containers]# pwd
/etc/containers
[root@localhost containers]# vim storage.conf
22 mount_program="/usr/bin/fuse-overlayfs"
//修改storage.conf文件
[root@localhost ~]# vim /etc/containers/storage.conf
driver = "overlay" //保证这个为overlay
[storage.options] //在此内容下面
# Storage options to be passed to underlying storage drivers
mount_program = "/usr/bin/fuse-overlayfs" //添加此行内容
[root@localhost ~]# yum -y install crun //安装crun包
[root@localhost ~]# vim /usr/share/containers/containers.conf //修改如下
448 runtime = "crun"
449 #runtime = "runc"
[root@localhost containers]# sysctl user.max_user_namespaces=15000 //RHEL7上需要做此操作,8不需要做
[root@localhost containers]# useradd tom //创建用户之后会在此文件自动生成此内容
[root@localhost containers]# cat /etc/subuid
tom:100000:65536
// 启动非特权ping
[root@localhost containers]# sysctl -w "net.ipv4.ping_group_range=0 200000" //大于100000这个就表示tom可以操作podman
net.ipv4.ping_group_range = 0 200000
// 用户配置文件
[root@localhost containers]# cat /usr/share/containers/containers.conf
[root@localhost containers]# cat /etc/containers/containers.conf
[root@localhost ~]# cat ~/.config/containers/containers.conf //优先级最高
[root@localhost containers]# cat /run/user/0/containers/auth.json //此文件里面写了docker账号的密码,以加密方式显示
// 报错
[tom@localhost ~]$ podman images
ERRO[0000] XDG_RUNTIME_DIR directory "/run/user/0" is not owned by the current user
// 解决
[root@localhost ~]# chown -R tom.tom /run/user/0/
[tom@localhost ~]$ podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
非根用户使用容器
[tom@localhost ~]$ mkdir data
[tom@localhost ~]$ podman run -it -v "$(pwd)"/data:/data docker.io/library/busybox /bin/sh
[tom@localhost data]$ pwd
/home/tom/data
[tom@localhost data]$ touch 123
/ # cd data/
/data # ls
123
[tom@localhost data]$ cat 123
hello world
/data # cat 123
hello world
// 我们可以发现在容器里面的文件的属主和属组都属于root,那么如何才能让其属于tom用户呢?下面告诉你答案
/data # ls -l
total 4
-rw-rw-r-- 1 root root 12 Dec 14 11:02 123
// 只要在运行容器的时候加上一个--userns=keep-id即可。
[tom@localhost ~]$ podman run -it --name test -v "$(pwd)"/data:/data --userns=keep-id docker.io/library/busybox /bin/sh
~ $ cd data/
data $ ls -l
total 4
-rw-rw-r-- 1 tom tom 12 Dec 14 11:02 123
开放原子开发者工作坊旨在鼓励更多人参与开源活动,与志同道合的开发者们相互交流开发经验、分享开发心得、获取前沿技术趋势。工作坊有多种形式的开发者活动,如meetup、训练营等,主打技术交流,干货满满,真诚地邀请各位开发者共同参与!
更多推荐
所有评论(0)