podman介绍
什么是 Podman?简而言之: alias docker = podman
Podman 是一个开源的容器管理工具,其可在大多数 Linux 平台上使用,它是一种无守护程序的容器引擎,用于在 Linux 系统上开发,管理和运行任何符合 Open Container Initiative(OCI)标准的容器和容器镜像,提供了一个与Docker兼容的命令行前端,该前端可以简单地为Docker CLI别名,即“ alias docker = podman”。Podman控制下的容器既可以由root用户运行,也可以由非特权用户运行,这个是Podman与Docker最大的差别之一。
podman使用
1. 安装podman
[root@localhost ~]# yum -y install podman
2. 查看podman命令的帮助
[root@localhost ~]# podman --help
manage pods and images
Usage:
podman [flags]
podman [command]
Available Commands:
attach Attach to a running container
build Build an image using instructions from Containerfiles
commit Create new image based on the changed container
container Manage Containers
cp Copy files/folders between a container and the local filesystem
create Create but do not start a container
diff Inspect changes on container's file systems
events Show podman events
......
3. 查看podman具体命令的帮助
[root@localhost ~]# podman ps --help
List containers
Description:
Prints out information about the containers
Usage:
podman ps [flags]
Examples:
podman ps -a
podman ps -a --format "{{.ID}} {{.Image}} {{.Labels}} {{.Mounts}}"
podman ps --size --sort names
......
4. 查看podman命令man手册
[root@localhost ~]# man podman
5. 查看podman具体命令的man手册
[root@localhost ~]# man podman ps
6. 查找httpd镜像
[root@localhost ~]# podman search httpd
INDEX NAME DESCRIPTION STARS OFFICIAL AUTOMATED
redhat.com registry.access.redhat.com/rhscl/httpd-24-rhel7 Apache HTTP 2.4 Server 0
redhat.com registry.access.redhat.com/rhmap45/httpd Provides an extension to the RHSCL Httpd ima... 0
redhat.com registry.access.redhat.com/cloudforms46-beta/cfme-openshift-httpd CloudForms is a management and automation pl... 0
redhat.com registry.access.redhat.com/rhmap44/httpd Provides an extension to the RHSCL Httpd Doc... 0
redhat.com registry.access.redhat.com/cloudforms46/cfme-openshift-httpd Web Server image for a multi-pod Red Hat® C... 0
redhat.com registry.access.redhat.com/rhmap42/httpd Provides an extension to the RHSCL Httpd Doc... 0
redhat.com registry.access.redhat.com/rhmap46/httpd Provides an extension to the RHSCL Httpd ima... 0
redhat.com registry.access.redhat.com/cloudforms47/cfme-openshift-httpd CloudForms 4.7 APP image for OpenShift 0
redhat.com registry.access.redhat.com/rhmap43/httpd Provides an extension to the RHSCL Httpd Doc... 0
redhat.com registry.access.redhat.com/rhmap47/httpd Provides an extension to the RHSCL Httpd ima... 0
redhat.com registry.access.redhat.com/ubi8/httpd-24 Platform for running Apache httpd 2.4 or bui... 0
7. 查找官方的httpd镜像
[root@localhost ~]# podman search httpd --filter=is-official
INDEX NAME DESCRIPTION STARS OFFICIAL AUTOMATED
docker.io docker.io/library/httpd The Apache HTTP Server Project 3794 [OK]
8. 拉取httpd镜像
[root@localhost ~]# podman pull docker.io/library/httpd
Trying to pull docker.io/library/httpd...
Getting image source signatures
Copying blob aa379c0cedc2 done
Copying blob e5ae68f74026 done
Copying blob f1aa5f54b226 done
Copying blob d3576f2b6317 done
Copying blob bc36ee1127ec done
Copying config ea28e1b82f done
Writing manifest to image destination
Storing signatures
ea28e1b82f314092abd3f90a69e57d6ccf506382821ee0b8d9b48c3e47440c1f
9. 列出镜像
[root@localhost ~]# podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/library/httpd latest ea28e1b82f31 12 days ago 148 MB
10. 运行容器
此示例容器将运行一个非常基本的 httpd 服务器,该服务器仅为其索引页提供服务
[root@localhost ~]# podman run -dt -p 80:80 docker.io/library/httpd
c9bb7438aaf04d6807087f9cac703eeba1b0ca43a62ba208283c71b0056da706
11. 列出正在运行的容器
[root@localhost ~]# podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c9bb7438aaf0 docker.io/library/httpd:latest httpd-foreground 9 seconds ago Up 9 seconds ago 0.0.0.0:80->80/tcp dreamy_raman
12. 查看容器信息
[root@localhost ~]# podman inspect dreamy_raman |grep -i ipAddress
"SecondaryIPAddresses": null,
"IPAddress": "10.88.0.2",
13. 查看最新创建的容器信息
[root@localhost ~]# podman inspect -l |grep -i ipAddress
"SecondaryIPAddresses": null,
"IPAddress": "10.88.0.2",
14. 查看最新创建的容器的日志
[root@localhost ~]# podman logs -l
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 10.88.0.2. Set the 'ServerName' directive globally to suppress this message
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 10.88.0.2. Set the 'ServerName' directive globally to suppress this message
[Tue Dec 14 10:05:42.976520 2021] [mpm_event:notice] [pid 1:tid 140299619630400] AH00489: Apache/2.4.51 (Unix) configured -- resuming normal operations
[Tue Dec 14 10:05:42.976630 2021] [core:notice] [pid 1:tid 140299619630400] AH00094: Command line: 'httpd -D FOREGROUND'
15. 查看最新创建容器的进程
[root@localhost ~]# podman top -l
USER PID PPID %CPU ELAPSED TTY TIME COMMAND
root 1 0 0.000 10m23.606023575s pts/0 0s httpd -DFOREGROUND
www-data 7 1 0.000 10m23.606078625s pts/0 0s httpd -DFOREGROUND
www-data 8 1 0.000 10m23.606112801s pts/0 0s httpd -DFOREGROUND
www-data 9 1 0.000 10m23.60614431s pts/0 0s httpd -DFOREGROUND
16. 删除最新创建的容器
[root@localhost ~]# podman rm -f -l
c9bb7438aaf04d6807087f9cac703eeba1b0ca43a62ba208283c71b0056da706
17. 查看所有容器
[root@localhost ~]# podman ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
普通用户的使用方式
1. 普通用户使用的配置
在允许没有root特权的用户运行Podman之前,管理员必须安装或构建Podman并完成以下配置
cgroup V2Linux内核功能允许用户限制普通用户容器可以使用的资源,如果使用cgroup V2启用了运行Podman的Linux发行版,则可能需要更改默认的OCI运行时。某些较旧的版本runc不适用于cgroup V2,必须切换到备用OCI运行时crun。
[root@podman containers]# yum -y install crun
可以使用–runtime选项在命令行中打开对cgroup V2的替代OCI运行时支持
podman --runtime crun
也可以修改containers.conf文件runtime = "runc"到runtime = “crun”
[root@podman ~]# vim /usr/share/containers/containers.conf
runtime = "crun"
#runtime = "runc"
2. 安装slirp4netns
slirp4nets包为普通用户提供一种网络模式
[root@podman ~]# yum -y install slirp4netns
3. 安装fuse-overlayfs
在普通用户环境中使用Podman时,建议使用fuse-overlayfs而不是VFS文件系统,至少需要版本0.7.6。
[root@podman ~]# yum -y install fuse-overlayfs
配置storage.conf文件
[root@podman ~]# vim /etc/containers/storage.conf
mount_program = "/usr/bin/fuse-overlayfs" #取消注释
4. /etc/subuid和/etc/subgid配置
/etc/subuid文件的格式为USERNAME:UID:RANGE
- 在/ etc / passwd或getpwent中列出的用户名。
- 为用户分配的初始uid。
- 为用户分配的UID范围的大小
[root@localhost yum.repos.d]# podman exec -it httpd /bin/bash
root@700a85cd10ee:/usr/local/apache2# useradd apache
root@700a85cd10ee:/usr/local/apache2# cat /etc/subuid
apache:100000:65536
root@700a85cd10ee:/usr/local/apache2# cat /etc/subgid
apache:100000:65536