podman简介
Podman是一个开源项目,可在大多数Linux平台上使用并开源在GitHub上。Podman是一个无守护进程的容器引擎,用于在Linux系统上开发,管理和运行Open Container Initiative(OCI)容器和容器镜像。Podman提供了一个与Docker兼容的命令行前端,它可以简单地作为Docker cli,简单地说你可以直接添加别名:alias docker = podman来使用podman。
Podman控制下的容器可以由root用户运行,也可以由非特权用户运行。Podman管理整个容器的生态系统,其包括pod,容器,容器镜像,和使用libpod library的容器卷。Podman专注于帮助您维护和修改OCI容器镜像的所有命令和功能,例如拉取和标记。它允许您在生产环境中创建,运行和维护从这些映像创建的容器。
podman安装
[root@localhost ~]# yum -y install podman
[root@localhost ~]# rpm -qa|grep podman
podman-3.4.1-3.module_el8.6.0+954+963caf36.x86_64
podman-catatonit-3.4.1-3.module_el8.6.0+954+963caf36.x86_64
# 定义别名
[root@localhost ~]# alias docker=podman
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
[root@localhost ~]# podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
podman常用命令
podman search(查找)
# --filter=is-official:指定查找官方版本的镜像
[root@localhost ~]# podman search httpd --filter=is-official
INDEX NAME DESCRIPTION STARS OFFICIAL AUTOMATED
docker.io docker.io/library/httpd The Apache HTTP Server Project 3794 [OK]
podman pull(拉取镜像)
注意: Podman在不同的注册管理机构中搜索。因此,建议使用完整的映像名称(docker.io/library/httpd而不是httpd)来确保使用正确的映像
[root@localhost ~]# podman pull docker.io/library/httpd
Trying to pull docker.io/library/httpd:latest...
Getting image source signatures
Copying blob f1aa5f54b226 done
Copying blob aa379c0cedc2 done
Copying blob e5ae68f74026 done
Copying blob bc36ee1127ec done
Copying blob d3576f2b6317 done
Copying config ea28e1b82f done
Writing manifest to image destination
Storing signatures
ea28e1b82f314092abd3f90a69e57d6ccf506382821ee0b8d9b48c3e47440c1f
# 当不知道镜像准确位置,无法确定的时候,直接podman pull + 镜像名,然后上下滑动选择要指定拉取镜像的位置
[root@localhost ~]# podman pull nginx
? Please select an image:
▸ registry.fedoraproject.org/nginx:latest
registry.access.redhat.com/nginx:latest
registry.centos.org/nginx:latest
docker.io/library/nginx:latest
podman images(显示所有镜像)
[root@localhost ~]# podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/library/httpd latest ea28e1b82f31 12 days ago 148 MB
podman run(运行容器)
[root@localhost ~]# podman run -d -p 80:80 docker.io/library/httpd
27498ddddd8c20c45b980802e7508bcf59b27127ea04d3d5060f62e06f9e9435
注意: 由于容器在分离模式下运行,由命令中的 表示,Podman将在执行命令后打印容器ID。它还添加了一个伪 tty,用于在交互式 shell 中运行任意命令。-dpodman run
-t
注意: 使用端口转发来访问HTTP服务器。要成功运行,至少需要 slirp4netns v0.3.0。
podman ps(列出正在运行的容器)
[root@localhost ~]# podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
27498ddddd8c docker.io/library/httpd:latest httpd-foreground 2 minutes ago Up 2 minutes ago 0.0.0.0:80->80/tcp xenodochial_jepsen
# 如果添加 -a 命令,Podman 将显示所有容器(已创建、已退出、正在运行等)
[root@localhost ~]# podman ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
27498ddddd8c docker.io/library/httpd:latest httpd-foreground 3 minutes ago Up 3 minutes ago 0.0.0.0:80->80/tcp xenodochial_jepsen
podman inspect(查看容器详细信息)
- -l:查看最新信息(最新的信息以最新的时间来定义)
您可以"检查"正在运行的容器,以查找有关其自身的元数据和详细信息。 将提供许多有用的信息,如环境变量,网络设置或分配的资源。podman inspect
由于容器在无根模式下运行,因此不会为容器分配 IP 地址。
[root@localhost ~]# podman ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
27498ddddd8c docker.io/library/httpd:latest httpd-foreground 3 minutes ago Up 3 minutes ago 0.0.0.0:80->80/tcp xenodochial_jepsen
[root@localhost ~]# podman inspect 27498ddddd8c
[
{
"Id": "27498ddddd8c20c45b980802e7508bcf59b27127ea04d3d5060f62e06f9e9435",
"Created": "2021-12-15T09:36:46.786942411+08:00",
"Path": "httpd-foreground",
"Args": [
"httpd-foreground"
],
"State": {
"OciVersion": "1.0.2-dev",
"Status": "running",
"Running": true,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 4243,
"ConmonPid": 4233,
"ExitCode": 0,
"Error": "",
"StartedAt": "2021-12-15T09:36:47.528002563+08:00",
"FinishedAt": "0001-01-01T00:00:00Z",
"Healthcheck": {
"Status": "",
"FailingStreak": 0,
"Log": null
}
},
......
[root@localhost ~]# podman inspect -l | grep IPAddress
"IPAddress": "10.88.0.2",
"IPAddress": "10.88.0.2",
curl + IP(访问测试页面)
[root@localhost ~]# curl 192.168.111.151
<html><body><h1>It works!</h1></body></html>
在另一台计算机上,需要使用运行容器的主机的 IP 地址。
$ curl http://<IP_Address>:80
注意: 除了使用curl之外,您还可以将浏览器指向http://localhost:80。
podman logs(查看容器日志)
- -l:查看最新日志
[root@localhost ~]# podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
27498ddddd8c docker.io/library/httpd:latest httpd-foreground 12 minutes ago Up 12 minutes ago 0.0.0.0:80->80/tcp xenodochial_jepsen
[root@localhost ~]# podman logs 27498ddddd8c
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 10.88.0.2. Set the 'ServerName' directive globally to suppress this message
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 10.88.0.2. Set the 'ServerName' directive globally to suppress this message
[Wed Dec 15 01:36:47.543302 2021] [mpm_event:notice] [pid 1:tid 139958750227776] AH00489: Apache/2.4.51 (Unix) configured -- resuming normal operations
[Wed Dec 15 01:36:47.543519 2021] [core:notice] [pid 1:tid 139958750227776] AH00094: Command line: 'httpd -D FOREGROUND'
192.168.111.1 - - [15/Dec/2021:01:39:35 +0000] "GET / HTTP/1.1" 200 45
192.168.111.1 - - [15/Dec/2021:01:39:35 +0000] "GET /favicon.ico HTTP/1.1" 404 196
192.168.111.1 - - [15/Dec/2021:01:40:26 +0000] "-" 408 -
192.168.111.151 - - [15/Dec/2021:01:45:42 +0000] "GET / HTTP/1.1" 200 45
[root@localhost ~]# podman logs -l
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 10.88.0.2. Set the 'ServerName' directive globally to suppress this message
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 10.88.0.2. Set the 'ServerName' directive globally to suppress this message
[Wed Dec 15 01:36:47.543302 2021] [mpm_event:notice] [pid 1:tid 139958750227776] AH00489: Apache/2.4.51 (Unix) configured -- resuming normal operations
[Wed Dec 15 01:36:47.543519 2021] [core:notice] [pid 1:tid