1、 配置加速器
[root@JLIN ~]# vim /etc/containers/registries.conf
# unqualified-search-registries = ["registry.fedoraproject.org", "registry.access.redhat.com", "registry.centos.org", "docker.io"]
unqualified-search-registries = ["docker.io"]
# [[registry]]
[[registry]]
# prefix = "example.com/foo"
prefix = "docker.io"
# location = internal-registry-for-example.com/bar"
location = "tnj022g0.mirror.aliyuncs.com"
2、podman容器的开机自启
root用户
[root@JLIN ~]# podman pull busybox
Resolved "busybox" as an alias (/etc/containers/registries.conf.d/000-shortnames.conf)
Trying to pull docker.io/library/busybox:latest...
Getting image source signatures
Copying blob 3cb635b06aa2 done
Copying config ffe9d497c3 done
Writing manifest to image destination
Storing signatures
ffe9d497c32414b1c5cdad8178a85602ee72453082da2463f1dede592ac7d5af
[root@JLIN ~]# podman run --name test -dit busybox
d02d549c95926f559048e6881037adaae51f02ef83f5f5fbf54674a62000b2c7
[root@JLIN ~]# podman ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d02d549c9592 docker.io/library/busybox:latest sh 18 seconds ago Up 18 seconds ago test
// 创建容器自启动service文件
[root@JLIN ~]# podman generate systemd --files --name test
/root/container-test.service
// 如果希望每次启动容器都会删除旧的容器,启动一个全新的容器,则使用--new选项(推荐用法)
[root@JLIN ~]# podman generate systemd --files --name test --new
// 转移service文件
[root@JLIN ~]# ls
anaconda-ks.cfg container-test.service
[root@JLIN ~]# mv container-test.service /usr/lib/systemd/system/
// 重新加载
[root@JLIN ~]# systemctl daemon-reload
// 关闭selinux
[root@JLIN ~]# setenforce 0
[root@JLIN ~]# vim /etc/selinux/config
SELINUX=disabled
// 设置容器自启动
[root@JLIN ~]# systemctl enable --now container-test.service
Created symlink /etc/systemd/system/multi-user.target.wants/container-test.service → /usr/lib/systemd/system/container-test.service.
Created symlink /etc/systemd/system/default.target.wants/container-test.service → /usr/lib/systemd/system/container-test.service.
// 重启虚拟机
[root@JLIN ~]# reboot
[root@JLIN ~]# podman ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
657b37366d95 docker.io/library/busybox:latest sh 8 hours ago Up 2 seconds ago JLtest
普通用户
// 切换用户
[root@JLIN ~]# su - jlin
[jlin@JLIN ~]$ podman pull busybox
Resolved "busybox" as an alias (/etc/containers/registries.conf.d/000-shortnames.conf)
Trying to pull docker.io/library/busybox:latest...
Getting image source signatures
Copying blob 3cb635b06aa2 done
Copying config ffe9d497c3 done
Writing manifest to image destination
Storing signatures
ffe9d497c32414b1c5cdad8178a85602ee72453082da2463f1dede592ac7d5af
[jlin@JLIN ~]$ podman run --name test -dit busybox
f2fa941f63f97eec2798cfbf4a17f3b725403f72f9215b2f41fcea78e48692d2
[jlin@JLIN ~]$ podman ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f2fa941f63f9 docker.io/library/busybox:latest sh 5 seconds ago Up 5 seconds ago test
#创建service文件
[jlin@JLIN ~]$ podman generate systemd --files --name test --new
/home/jlin/container-test.service
[jlin@JLIN ~]$ ls
container-test.service
[jlin@JLIN ~]$ mkdir -p ~/.config/systemd/user
[jlin@JLIN ~]$ mv container-test.service ~/.config/systemd/user
// ssh远程连接
[root@localhost ~]# ssh jlin@jlin
ssh: Could not resolve hostname jlin: Name or service not known
[root@localhost ~]# ssh jlin@192.168.23.180
The authenticity of host '192.168.23.180 (192.168.23.180)' can't be established.
ECDSA key fingerprint is SHA256:2WJ2sblbQsrvu2FRFbUTfcf9zxCQVloCJ5TsHP0DYRw.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.23.180' (ECDSA) to the list of known hosts.
jlin@192.168.23.180's password:
Activate the web console with: systemctl enable --now cockpit.socket
Last failed login: Wed Dec 15 11:56:09 EST 2021 from 192.168.23.181 on ssh:notty
There was 1 failed login attempt since the last successful login.
Last login: Wed Dec 15 11:50:38 2021
[jlin@JLIN ~]$ systemctl --user enable --now container-test.service
Created symlink /home/jlin/.config/systemd/user/multi-user.target.wants/container-test.service → /home/jlin/.config/systemd/user/container-test.service.
Created symlink /home/jlin/.config/systemd/user/default.target.wants/container-test.service → /home/jlin/.config/systemd/user/container-test.service.
[jlin@JLIN ~]$ systemctl --user enable --now container-test.service
Created symlink /home/jlin/.config/systemd/user/multi-user.target.wants/container-test.service → /home/jlin/.config/systemd/user/container-test.service.
● container-test.service - Podman container-test.service
Loaded: loaded (/home/jlin/.config/systemd/user/container-test.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2021-12-15 11:57:36 EST; 15s ago
Docs: man:podman-generate-systemd(1)
Process: 85477 ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=/run/user/1000/container-test.service.ctr-id (code=exite>
Process: 85578 ExecStartPre=/bin/rm -f /run/user/1000/container-test.service.ctr-id (code=exited, status=0/SUCCESS)
Main PID: 85660 (conmon)
CGroup: /user.slice/user-1000.slice/user@1000.service/container-test.service
├─85657 /usr/bin/slirp4netns --disable-host-loopback --mtu=65520 --enable-sandbox --enable-seccomp -c -e 3 -r 4 --ne>
├─85660 /usr/bin/conmon --api-version 1 -c 1ac5290f6a6c81d4a1e4cd7c2969e3b2d2af0416f47761f27b2580e0c492d5d4 -u 1ac52>
└─1ac5290f6a6c81d4a1e4cd7c2969e3b2d2af0416f47761f27b2580e0c492d5d4
└─85671 sh
[jlin@JLIN ~]$ podman ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
1ac5290f6a6c docker.io/library/busybox:latest sh About a minute ago Up About a minute ago test
3、podman网络设置
创建一个网络
[root@JLIN ~]# podman network create JLnet
/etc/cni/net.d/JLnet.conflist
–subnet指定subnet创建网络
[root@JLIN ~]# podman network create --subnet 192.168.1.0/24 net1
/etc/cni/net.d/net1.conflist
–gateway 指定网关
[root@JLIN ~]# podman network create --subnet 192.168.2.0/24 --gateway 192.168.2.1 net2
/etc/cni/net.d/net2.conflist
–ip-range 指定ip起始地址
[root@JLIN ~]# podman network create --subnet 192.168.3.0/24 --gateway 192.168.3.1 --ip-range 192.168.3.2/24 net3
/etc/cni/net.d/net3.conflist
查看刚刚创建的网络
[root@JLIN ~]# podman network ls
NETWORK ID NAME VERSION PLUGINS
2f259bab93aa podman 0.4.0 bridge,portmap,firewall,tuning
418787a48f21 JLnet 0.4.0 bridge,portmap,firewall,tuning
6c270ef2f251 net1 0.4.0 bridge,portmap,firewall,tuning
2daa9a9645f3 net2 0.4.0 bridge,portmap,firewall,tuning
3b20bf89a26e net3 0.4.0 bridge,portmap,firewall,tuning
使用刚刚创建的网络net1,并运行一个容器
[root@JLIN ~]# podman run --name JLtest -it --network net1 busybox
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0@if8: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 36:83:62:6b:e5:08 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.2/24 brd 192.168.1.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::3483:62ff:fe6b:e508/64 scope link
valid_lft forever preferred_lft forever
4、podman网络管理
查看容器网路
[root@JLIN ~]# podman network ls
NETWORK ID NAME VERSION PLUGINS
2f259bab93aa podman 0.4.0 bridge,portmap,firewall,tuning
418787a48f21 JLnet 0.4.0 bridge,portmap,firewall,tuning
6c270ef2f251 net1 0.4.0 bridge,portmap,firewall,tuning
2daa9a9645f3 net2 0.4.0 bridge,portmap,firewall,tuning
3b20bf89a26e net3 0.4.0 bridge,portmap,firewall,tuning
断开网络(disconnect)
[root@JLIN ~]# podman network disconnect net1 JLtest
重启容器网络(reload)
[root@JLIN ~]# podman network reload JLtest
657b37366d95e41ad0d5f1599a2a8f52fb6399dc76d232acffb2ab495661005a
删除podman网络(rm)
[root@JLIN ~]# podman network rm net2 net3
net2
net3
[root@JLIN ~]# podman network ls
NETWORK ID NAME VERSION PLUGINS
2f259bab93aa podman 0.4.0 bridge,portmap,firewall,tuning
418787a48f21 JLnet 0.4.0 bridge,portmap,firewall,tuning
6c270ef2f251 net1 0.4.0 bridge,portmap,firewall,tuning