Podman
podman与docker的关系
podman的定位也是与docker兼容,因此在使用上面尽量靠近docker。在使用方面,可以分成两个方面来说,一是系统构建者的角度,二是使用者的角度。
在系统构建者方面,用podman的默认软件,与docker的区别不大,只是在进程模型、进程关系方面有所区别。如果习惯了docker几个关联进程的调试方法,在podman中则需要适应。可以通过pstree命令查看进程的树状结构。总体来看,podman比docker要简单。由于podman比docker少了一层daemon,因此重启的机制也就不同了
在使用者方面,podman与docker的命令基本兼容,都包括容器运行时(run/start/kill/ps/inspect),本地镜像(images/rmi/build)、镜像仓库(login/pull/push)等几个方面。因此podman的命令行工具与docker类似,比如构建镜像、启停容器等。甚至可以通过alias docker=podman可以进行替换。因此,即便使用了podman,仍然可以使用docker.io作为镜像仓库,这也是兼容性最关键的部分
podman简介
Podman是一个开源项目,可在大多数Linux平台上使用并开源在GitHub上。Podman是一个无守护进程的容器引擎,用于在Linux系统上开发,管理和运行Open Container Initiative(OCI)容器和容器镜像。Podman提供了一个与Docker兼容的命令行前端,它可以简单地作为Docker cli,简单地说你可以直接添加别名:alias docker = podman来使用podman。
Podman控制下的容器可以由root用户运行,也可以由非特权用户运行。Podman管理整个容器的生态系统,其包括pod,容器,容器镜像,和使用libpod library的容器卷。Podman专注于帮助您维护和修改OCI容器镜像的所有命令和功能,例如拉取和标记。它允许您在生产环境中创建,运行和维护从这些映像创建的容器。
podman的简单使用
podman的安装
[root@localhost ~]# yum -y install podman-docker
[root@node3 ~]# which podman
/usr/bin/podman
[root@node3 ~]# which docker
/usr/bin/docker
podman的应用
[root@node3 ~]# podman run -it docker.io/library/busybox /bin/sh
Trying to pull docker.io/library/busybox:latest...
Getting image source signatures
Copying blob 3cb635b06aa2 done
Copying config ffe9d497c3 done
Writing manifest to image destination
Storing signatures
/ # ls
bin dev etc home proc root run sys tmp usr var
[root@node3 ~]# podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
90b54aeda1da docker.io/library/busybox:latest /bin/sh 48 seconds ago Up 48 seconds ago inspiring_lewin
//拉取镜像 选择docker.io开头的镜像源
[root@node3 ~]# podman pull nginx
✔ docker.io/library/nginx:latest
Trying to pull docker.io/library/nginx:latest...
Getting image source signatures
Copying blob 44be98c0fab6 done
Copying blob 77700c52c969 done
Copying blob ed835de16acd done
Copying blob 21e0df283cd6 done
Copying blob 881ff011f1c9 done
Copying blob e5ae68f74026 done
Copying config f652ca386e done
Writing manifest to image destination
Storing signatures
f652ca386ed135a4cbe356333e08ef0816f81b2ac8d0619af01e2b256837ed3e
//查看镜像 运行容器
[root@node3 ~]# podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/library/busybox latest ffe9d497c324 6 days ago 1.46 MB
docker.io/library/nginx latest f652ca386ed1 11 days ago 146 MB
[root@node3 ~]# podman run -d --name t1 -p 80 docker.io/library/nginx
fbe21e1bb31be3ba385e32b8ee5ca65b3fc3e6395fd9acf52ac1e98330023cb6
[root@node3 ~]# podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
90b54aeda1da docker.io/library/busybox:latest /bin/sh 7 minutes ago Up 7 minutes ago inspiring_lewin
fbe21e1bb31b docker.io/library/nginx:latest nginx -g daemon o... 8 seconds ago Up 9 seconds ago 0.0.0.0:46197->80/tcp t1
//查看容器信息
[root@node3 ~]# podman inspect -l
[
{
"Id": "fbe21e1bb31be3ba385e32b8ee5ca65b3fc3e6395fd9acf52ac1e98330023cb6",
"Created": "2021-12-14T12:49:15.671101418+08:00",
"Path": "/docker-entrypoint.sh",
"Args": [
"nginx",
"-g",
"daemon off;"
],
"State": {
"OciVersion": "1.0.2-dev",
"Status": "running",
"Running": true,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 60829,
"ConmonPid": 60818,
"ExitCode": 0,
"Error": "",
"StartedAt": "2021-12-14T12:49:15.957355861+08:00",
"FinishedAt": "0001-01-01T00:00:00Z",
"Healthcheck": {
"Status": "",
"FailingStreak": 0,
"Log": null
}
...................................................
//查看容器日志信息
[root@node3 ~]# podman logs -l
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf
普通用户使用pomdan的方式
在允许没有root特权的用户运行Podman之前,管理员必须安装或构建Podman并完成以下配置
cgroup V2Linux内核功能允许用户限制普通用户容器可以使用的资源,如果使用cgroup V2启用了运行Podman的Linux发行版,则可能需要更改默认的OCI运行时。某些较旧的版本runc不适用于cgroup V2,必须切换到备用OCI运行时crun。
[root@localhost ~]# yum -y install crun //centos8系统自带
[root@localhost ~]# vi /usr/share/containers/containers.conf
446 # Default OCI runtime
447 #
448 runtime = "crun" //取消注释并将值改为crun
[root@localhost ~]# podman run -d --name t2 -p 80 docker.io/library/nginx
d869cc283561d6a4a07267ac2f71e4b09c0799f22bfe5c27516cccb7272fab4d
[root@localhost ~]# podman inspect t2 | grep crun
"OCIRuntime": "crun",
"crun",
slirp4nets
slirp4netns包为普通用户提供一种网络模式
[root@localhost ~]# yum -y install slirp4netns
安装fuse-overlayfs
在普通用户环境中使用Podman时,建议使用fuse-overlayfs而不是VFS文件系统,至少需要版本0.7.6。现在默认新版本
[root@localhost ~]# yum -y install fuse-overlayfs
[root@localhost ~]# vi /etc/containers/storage.conf
77 mount_program = "/usr/bin/fuse-overlayfs"
/etc/subuid和/etc/subgid配置
Podman要求运行它的用户在/etc/subuid和/etc/subgid文件中列出一系列UID,shadow-utils或newuid包提供这些文件
[root@localhost ~]# yum -y install shadow-utils\
#可以在/etc/subuid和/etc/subgid查看,每个用户的值必须唯一且没有任何重叠。
[root@localhost ~]# podman exec -it t2 /bin/bash
root@d869cc283561:/# id
uid=0(root) gid=0(root) groups=0(root)
root@d869cc283561:/# useradd yy
root@d869cc283561:/# cat /etc/subuid
yaya:100000:65536
root@d869cc283561:/# useradd zz
root@d869cc283561:/# cat /etc/subuid
yy:100000:65536
zz:165536:65536
该文件的格式为USERNAME:UID:RANGE
- 在/ etc / passwd或getpwent中列出的用户名。
- 为用户分配的初始uid。
- 为用户分配的UID范围的大小
用户的配置文件
三个主要的配置文件是container.conf,storage.conf和registries.conf。用户可以根据需要修改这些文件。
container.conf
Podman读取时,按照循序来了,当前面一位找不到时,就去找下一个
1./usr/share/containers/containers.conf
2./etc/containers/containers.conf
3.$HOME/.config/containers/containers.conf
storage.conf
对于storge.conf则是
1./etc/containers/storage.conf
2.$HOME/.config/containers/storage.conf
在普通用户中/etc/containers/storage.conf的一些字段将被忽略
graphroot=``""`` ``container storage graph ``dir` `(default: ``"/var/lib/containers/storage"``)`` ``Default directory to store all writable content created by container storage programs.` `runroot=``""`` ``container storage run ``dir` `(default: ``"/run/containers/storage"``)`` ``Default directory to store all temporary writable content created by container storage programs.
在普通用户中这些字段默认
graphroot=``"$HOME/.local/share/containers/storage"``runroot=``"$XDG_RUNTIME_DIR/containers"
registries.conf
配置按此顺序读入,这些文件不是默认创建的,可以从/usr/share/containers或复制文件/etc/containers并进行修改。
1./etc/containers/registries.conf
2./etc/containers/registries.d/*
3.HOME/.config/containers/registries.conf
授权文件
podman login 登录,默认授权文件位于中${XDG_RUNTIME_DIR}/containers/auth.json
[root@localhost ~]# cat /run/user/0/containers/auth.json
{
"auths": {
"docker.io": {
"auth": "**********************="
}
}
}
podman网络
port
[root@node3 ~]# podman run -itd --name nginx -p 80:80 docker.io/library/nginx /bin/bash
c98364311734f82767dff17ed611098ddd20a16ad46e512c135a1531035e1748
[root@node3 ~]# podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c98364311734 docker.io/library/nginx:latest /bin/bash 9 seconds ago Up 9 seconds ago 0.0.0.0:80->80/tcp nginx
[root@node3 ~]# podman port nginx
80/tcp -> 0.0.0.0:80
共享网络
[root@node3 ~]# podman run -it docker.io/library/busybox /bin/sh
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0@if8: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether f6:7e:55:cf:4b:0c brd ff:ff:ff:ff:ff:ff
inet 10.88.0.6/16 brd 10.88.255.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::f47e:55ff:fecf:4b0c/64 scope link
valid_lft forever preferred_lft forever
[root@node3 ~]# podman run -it docker.io/library/busybox /bin/sh
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0@if9: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 0e:2d:e4:c6:f9:80 brd ff:ff:ff:ff:ff:ff
inet 10.88.0.7/16 brd 10.88.255.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::c2d:e4ff:fec6:f980/64 scope link tentative
valid_lft forever preferred_lft forever
/ # ping 10.88.0.6
PING 10.88.0.6 (10.88.0.6): 56 data bytes
64 bytes from 10.88.0.6: seq=0 ttl=64 time=0.033 ms
64 bytes from 10.88.0.6: seq=1 ttl=64 time=0.036 ms
64 bytes from 10.88.0.6: seq=2 ttl=64 time=0.042 ms
64 bytes from 10.88.0.6: seq=3 ttl=64 time=0.039 ms
//容器启动时会生成网卡,容器退出后网卡也会没有,但cni网卡依然存在
[root@node3 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:ce:db:69 brd ff:ff:ff:ff:ff:ff
inet 192.168.136.142/24 brd 192.168.136.255 scope global dynamic noprefixroute ens33
valid_lft 1499sec preferred_lft 1499sec
inet6 fe80::20c:29ff:fece:db69/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: cni-podman0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 2e:4b:37:8f:3e:2e brd ff:ff:ff:ff:ff:ff
inet 10.88.0.1/16 brd 10.88.255.255 scope global cni-podman0
valid_lft forever preferred_lft forever
inet6 fe80::2c4b:37ff:fe8f:3e2e/64 scope link
valid_lft forever preferred_lft forever
6: vethb294eb0d@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master cni-podman0 state UP group default
link/ether 5a:db:74:82:f8:21 brd ff:ff:ff:ff:ff:ff link-netns cni-27782592-b929-f5e6-ce01-12aef3f66436
inet6 fe80::58db:74ff:fe82:f821/64 scope link
valid_lft forever preferred_lft forever
8: veth3892bfcc@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master cni-podman0 state UP group default
link/ether 82:63:54:33:7a:3d brd ff:ff:ff:ff:ff:ff link-netns cni-a0f0b158-d3fd-b502-c55e-65383bebc14d
inet6 fe80::8063:54ff:fe33:7a3d/64 scope link
valid_lft forever preferred_lft forever
//退出删除容器后查看网络
[root@node3 ~]# podman rm -fl
dd058ac6c11ba2cfbee5fc22d9800b22a3d2b707b0075e52e9cb80f1e81137e1
[root@node3 ~]# podman rm -fl
aca4eecb963d5a635e90e0bbeab95add9005f0cfd9f38eb4c671a87e6c539997
[root@node3 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:ce:db:69 brd ff:ff:ff:ff:ff:ff
inet 192.168.136.142/24 brd 192.168.136.255 scope global dynamic noprefixroute ens33
valid_lft 1313sec preferred_lft 1313sec
inet6 fe80::20c:29ff:fece:db69/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: cni-podman0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 2e:4b:37:8f:3e:2e brd ff:ff:ff:ff:ff:ff
inet 10.88.0.1/16 brd 10.88.255.255 scope global cni-podman0
valid_lft forever preferred_lft forever
inet6 fe80::2c4b:37ff:fe8f:3e2e/64 scope link
valid_lft forever preferred_lft forever
创建新网络
[root@node3 ~]# docker network create mynetwork
Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg.
/etc/cni/net.d/mynetwork.conflist
[root@node3 ~]# docker network ls
Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg.
NETWORK ID NAME VERSION PLUGINS
2f259bab93aa podman 0.4.0 bridge,portmap,firewall,tuning
6d1b23123e26 mynetwork 0.4.0 bridge,portmap,firewall,tuning
podman容器的开机自启
由于 Podman 不再使用守护进程管理服务,所以不能通过守护进程去实现自动重启容器的功能。那如果要实现开机自动重启容器,又该如何实现呢?
其实方法很简单,现在大多数系统都已经采用 Systemd 作为守护进程管理工具。这里我们就可以使用 Systemd 来实现 Podman 开机重启容器,这里我们以启动一个容器为例子。
podman root用户
//后台运行一个web容器
[root@node3 ~]# podman run --name web -d -p 8080:80 docker.io/library/nginx
b7ac6bf7e366f5d91a3bd05bda532fdec1baa740f69c53a97fdb799c6767ed5c
[root@node3 ~]# docker ps
Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg.
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b7ac6bf7e366 docker.io/library/nginx:latest nginx -g daemon o... 6 seconds ago Up 6 seconds ago 0.0.0.0:8080->80/tcp web
[root@node3 ~]# podman inspect web|grep IPAddress
"IPAddress": "10.88.0.8",
"IPAddress": "10.88.0.8",
在/etc/systemd/system内创建.service单元文件
[root@node3 ~]# cd /etc/systemd/system/
[root@node3 system]# ls
basic.target.wants remote-fs.target.wants
dbus-org.freedesktop.nm-dispatcher.service sockets.target.wants
dbus-org.freedesktop.timedate1.service sysinit.target.wants
default.target syslog.service
getty.target.wants systemd-timedated.service
multi-user.target.wants timers.target.wants
network-online.target.wants vmtoolsd.service.requires
[root@node3 system]# podman generate systemd --name web --files --new
/etc/systemd/system/container-web.service
//查看生成的service文件
[root@node3 system]# cat container-web.service
# container-web.service
# autogenerated by Podman 3.3.1
# Wed Dec 15 01:40:52 CST 2021
[Unit]
Description=Podman container-web.service
Documentation=man:podman-generate-systemd(1)
Wants=network-online.target
After=network-online.target
RequiresMountsFor=%t/containers
[Service]
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
ExecStartPre=/bin/rm -f %t/%n.ctr-id
ExecStart=/usr/bin/podman run --cidfile=%t/%n.ctr-id --sdnotify=conmon --cgroups=no-conmon --rm --replace --name web -d -p 8080:80 docker.io/library/nginx
ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id
ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id
Type=notify
NotifyAccess=all
[Install]
WantedBy=multi-user.target default.target
//删除刚刚创建的容器
[root@node3 system]# podman rm -fl
b7ac6bf7e366f5d91a3bd05bda532fdec1baa740f69c53a97fdb799c6767ed5c
[root@node3 system]# podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
设置开机自启
[root@node3 system]# systemctl daemon-reload
[root@node3 system]# systemctl enable --now container-web.service
Created symlink /etc/systemd/system/multi-user.target.wants/container-web.service → /etc/systemd/system/container-web.service.
Created symlink /etc/systemd/system/default.target.wants/container-web.service → /etc/systemd/system/container-web.service.
[root@node3 system]# podman ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
6cb8438ec71a docker.io/library/nginx:latest nginx -g daemon o... 7 seconds ago Up 7 seconds ago 0.0.0.0:8080->80/tcp web
[root@node3 system]# systemctl status container-web.service
● container-web.service - Podman container-web.service
Loaded: loaded (/etc/systemd/system/container-web.service; enabled; vendo>
Active: active (running) since Wed 2021-12-15 01:44:09 CST; 31s ago
Docs: man:podman-generate-systemd(1)
Process: 126067 ExecStartPre=/bin/rm -f /run/container-web.service.ctr-id >
Main PID: 126210 (conmon)
Tasks: 2 (limit: 25324)
Memory: 1.9M
CGroup: /system.slice/container-web.service
└─126210 /usr/bin/conmon --api-version 1 -c 6cb8438ec71a5a3bc2e79>
podman 普通用户
要使用ssh命令远程进入普通用户
创建普通用户
[root@node3 ~]# useradd yyy
//设置密码
[root@node3 ~]# echo "1" |passwd --stdin yyy
更改用户 yyy 的密码 。
passwd:所有的身份验证令牌已经成功更新。
//使用ssh登录主机
[root@node3 ~]# ssh yyy@192.168.136.142
The authenticity of host '192.168.136.142 (192.168.136.142)' can't be established.
ECDSA key fingerprint is SHA256:7KwpGLz0YAzviv31TOyPssShs0i1towRZXMNkJ68bE0.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.136.142' (ECDSA) to the list of known hosts.
yyy@192.168.136.142's password:
Last login: Wed Dec 15 01:46:28 2021
启动容器
[yyy@node3 ~]$ podman run --name web -d docker.io/library/nginx
Trying to pull docker.io/library/nginx:latest...
Getting image source signatures
Copying blob ed835de16acd done
Copying blob 44be98c0fab6 done
Copying blob 21e0df283cd6 done
Copying blob 77700c52c969 done
Copying blob e5ae68f74026 done
Copying blob 881ff011f1c9 done
Copying config f652ca386e done
Writing manifest to image destination
Storing signatures
ee85314a383367a9603a3a07bcc23fc069ba98458055a0777bbe2ac3db84fb71
[yyy@node3 ~]$ podman ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ee85314a3833 docker.io/library/nginx:latest nginx -g daemon o... 15 seconds ago Up 15 seconds ago web
创建systemd目录生成相关文件
[yyy@node3 ~]$ mkdir ~/.config/systemd/user -p
[yyy@node3 ~]$ podman generate systemd --name web --files --new
/home/yyy/container-web.service
[yyy@node3 ~]$ mv container-web.service ~/.config/systemd/user/
[yyy@node3 ~]$ cd ~/.config/systemd/user/
[yyy@node3 user]$ cat container-web.service
# container-web.service
# autogenerated by Podman 3.3.1
# Wed Dec 15 01:51:04 CST 2021
[Unit]
Description=Podman container-web.service
Documentation=man:podman-generate-systemd(1)
Wants=network-online.target
After=network-online.target
RequiresMountsFor=%t/containers
[Service]
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
ExecStartPre=/bin/rm -f %t/%n.ctr-id
ExecStart=/usr/bin/podman run --cidfile=%t/%n.ctr-id --sdnotify=conmon --cgroups=no-conmon --rm --replace --name web -d docker.io/library/nginx
ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id
ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id
Type=notify
NotifyAccess=all
[Install]
WantedBy=multi-user.target default.target
查看当前用户是否拥有执行systemd的权限
[yyy@node3 user]$ loginctl
SESSION UID USER SEAT TTY
3 0 root
4 0 root
5 0 root
6 0 root
7 1001 yyy
5 sessions listed.
查看用户的systemd的权限
[yyy@node3 user]$ loginctl user-status yyy
yyy (1001)
Since: Wed 2021-12-15 01:59:55 CST; 7min ago
State: active
Sessions: *7
以普通用户执行systemd开机自启容器
# 普通用户执行systemd重新加载systemd配置
[yyy@node3 user]$ systemctl --user daemon-reload
[yyy@node3 user]$ systemctl --user enable --now container-web.service
Created symlink /home/yyy/.config/systemd/user/multi-user.target.wants/container-web.service → /home/yyy/.config/systemd/user/container-web.service.
Created symlink /home/yyy/.config/systemd/user/default.target.wants/container-web.service → /home/yyy/.config/systemd/user/container-web.service.
Job for container-web.service failed because the control process exited with error code.
See "systemctl --user status container-web.service" and "journalctl --user -xe" for details.
[yyy@node3 user]$ systemctl status container-web.service
● container-web.service - Podman container-web.service
Loaded: loaded (/etc/systemd/system/container-web.service; enabled; vendo>
Active: active (running) since Wed 2021-12-15 01:44:09 CST; 25min ago
Docs: man:podman-generate-systemd(1)
Process: 126067 ExecStartPre=/bin/rm -f /run/container-web.service.ctr-id >
Main PID: 126210 (conmon)
Tasks: 2 (limit: 25324)
Memory: 1.9M
CGroup: /system.slice/container-web.service
└─126210 /usr/bin
重启测试
//切换到root用户执行reboot命令
[root@node3 ~]# reboot
//ssh远程进入主机查看
[root@node3 ~]# ssh yyy@192.168.136.142
yyy@192.168.136.142's password:
Last login: Wed Dec 15 01:59:55 2021 from 192.168.136.142
[yyy@node3 ~]$ cd ~/.config/systemd/user/
[yyy@node3 user]$ systemctl status container-web.service
● container-web.service - Podman container-web.service
Loaded: loaded (/etc/systemd/system/container-web.service; enabled; vendo>
Active: active (running) since Wed 2021-12-15 02:11:21 CST; 52s ago
Docs: man:podman-generate-systemd(1)
Process: 981 ExecStartPre=/bin/rm -f /run/container-web.service.ctr-id (co>
Main PID: 1543 (conmon)
Tasks: 2 (limit: 25324)
[[yyy@node3 user]$ podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
bfaa077b857d docker.io/library/nginx:latest nginx -g daemon o... 6 minutes ago Up 2 seconds ago web
5822
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
