podman部署及应用
什么是 Podman
Podman是一个无守护程序、开源的 Linux原生工具,旨在使用Open ContainersInitiative ( OCI )容器和容器映像轻松查找、运行、构建、共享和部署应用程序。
Podman提供了任何使用过Docker容器引擎的人都熟悉的命令行界面(CLI)。大多数用户可以简单地将Docker 别名为Podman (别名docker=podman)而不会出现任何问题。与其他常见的容器引擎(Docker、CRI-O、containerd)类似,Podman依赖于符合OCI的容器运行时(runc、crun、runv等)与操作系统交互并创建正在运行的容器。这使得Podman创建的正在运行的容器与任何其他常见容器引擎创建的容器几乎没有区别。
Podman控制下的容器可以由root或非特权用户运行。Podman使用libpod库管理整个容器生态系统,包括pod、容器、容器映像和容器卷。Podman专注于帮助您维护和修改OCI容器镜像的所有命令和功能,例如拉取和标记。它允许您在生产环境中创建、运行和维护这些容器和容器映像。
安装podman
[root@localhost ~]# yum -y install podman
Failed to set locale, defaulting to C.UTF-8
CentOS Stream 8 - AppStream 5.0 MB/s | 24 MB 00:04
CentOS Stream 8 - BaseOS 6.7 MB/s | 25 MB 00:03
CentOS Stream 8 - Extras 23 kB/s | 18 kB 00:00
Dependencies resolved.
==================================================================
Package Arch Version Repo Size
==================================================================
Installing:
podman x86_64 2:4.0.2-1.module_el8.7.0+1106+45480ee0
appstream 13 M
..........................................................
python3-libsemanage-2.9-8.el8.x86_64
python3-policycoreutils-2.9-19.el8.noarch
python3-setools-4.3.0-3.el8.x86_64
runc-1.0.2-1.module_el8.6.0+926+8bef8ae7.x86_64
shadow-utils-subid-2:4.6-17.el8.x86_64
slirp4netns-1.1.8-2.module_el8.7.0+1106+45480ee0.x86_64
Complete!
[root@localhost ~]# which podman
/usr/bin/podman
[root@localhost ~]# podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
配置加速器
[root@localhost ~]# cd /etc/containers/
[root@localhost containers]# ls
certs.d policy.json registries.conf.d storage.conf
oci registries.conf registries.d
[root@localhost containers]# vim registries.conf
unqualified-search-registries = ["docker.io"]
[[registry]]
prefix = "docker.io"
location = "chg2yeus.mirror.aliyuncs.com" //加速器
//查看加速器
[root@localhost containers]# podman info
.....................
Blocked: false
Insecure: false
Location: chg2yeus.mirror.aliyuncs.com
MirrorByDigestOnly: false
Mirrors: null
Prefix: docker.io
..............................
//拉取镜像
[root@localhost ~]# podman pull centos
Resolved "centos" as an alias (/etc/containers/registries.conf.d/000-shortnames.conf)
Trying to pull quay.io/centos/centos:latest...
Getting image source signatures
Copying blob 7a0437f04f83 done
Copying config 300e315adb done
Writing manifest to image destination
Storing signatures
300e315adb2f96afe5f0b2780b87f28ae95231fe3bdd1e16b9ba606307728f55
[root@localhost ~]# podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
quay.io/centos/centos latest 300e315adb2f 20 months ago 217 MB
podman命令
//管理容器
[root@localhost ~]# podman container
Manage containers
Description:
Manage containers
Usage:
podman container [command]
Available Commands:
attach Attach to a running container
checkpoint Checkpoints one or more containers
cleanup Cleanup network and mountpoints of one or more containers
commit Create new image based on the changed container
cp Copy files/folders between a container and the local filesystem
create Create but do not start a container
diff Inspect changes to the container's file systems
exec Run a process in a running container
exists Check if a container exists in local storage
export Export container's filesystem contents as a tar archive
init Initialize one or more containers
inspect Display the configuration of a container
kill Kill one or more running containers with a specific signal
list List containers
logs Fetch the logs of one or more containers
mount Mount a working container's root filesystem
pause Pause all the processes in one or more containers
port List port mappings or a specific mapping for the container
prune Remove all non running containers
ps List containers
rename Rename an existing container
restart Restart one or more containers
restore Restores one or more containers from a checkpoint
rm Remove one or more containers
run Run a command in a new container
runlabel Execute the command described by an image label
start Start one or more containers
stats Display a live stream of container resource usage statistics
stop Stop one or more containers
top Display the running processes of a container
unmount Unmounts working container's root filesystem
unpause Unpause the processes in one or more containers
wait Block on one or more containers
//复制命令
[root@localhost ~]# podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e0b2c3115119 docker.io/library/busybox:latest sh 6 minutes ago Up 6 minutes ago modest_hellman
[root@localhost ~]# ls
anaconda-ks.cfg
[root@localhost ~]# podman cp anaconda-ks.cfg e0b2c3115119:/
//另一台查看
[root@localhost ~]# podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@localhost ~]# podman run -it busybox
/ # ls
bin etc proc run tmp var
dev home root sys usr
/ # ls
anaconda-ks.cfg home sys
bin proc tmp
dev root usr
etc run var
//只创建不启动
[root@localhost ~]# podman create --name web httpd
d4e4125ed4578d624d28bf1d05e120f16bced71d3f7b88f31e6a953d0ca74873
[root@localhost ~]# podman ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f310b5a6107c docker.io/library/busybox:latest sh 24 minutes ago Exited (0) 21 minutes ago blissful_chaum
e0b2c3115119 docker.io/library/busybox:latest sh 13 minutes ago Up 13 minutes ago modest_hellman
d4e4125ed457 docker.io/library/httpd:latest httpd-foreground 2 minutes ago Created web
//检查容器文件系统上的更改
[root@localhost ~]# podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e0b2c3115119 docker.io/library/busybox:latest sh 16 minutes ago Up 16 minutes ago modest_hellman
[root@localhost ~]# podman diff e0b2c3115119
A /anaconda-ks.cfg
C /root
A /root/.ash_history
C /etc
//显示podman的事件
[root@localhost ~]# podman events --help
Show podman events
Description:
Monitor podman events.
By default, streaming mode is used, printing new events as they occur. Previous events can be listed via --since and --until.
Usage:
podman events [options]
Examples:
podman events
podman events --filter event=create
podman events --format {{.Image}}
podman events --since 1h30s
Options:
--filter stringArray filter output
--format string format the output using a Go template
--no-trunc do not truncate the output (default true)
--since string show all events created since timestamp
--until string show all events until timestamp
//进入容器
[root@localhost ~]# podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e0b2c3115119 docker.io/library/busybox:latest sh 20 minutes ago Up 20 minutes ago modest_hellman
[root@localhost ~]# podman exec -it e0b2c3115119 /bin/sh
/ #
//检查容器状态
[root@localhost ~]# podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e0b2c3115119 docker.io/library/busybox:latest sh 22 minutes ago Up 22 minutes ago modest_hellman
[root@localhost ~]# podman healthcheck run e0b2c3115119
Error: container e0b2c3115119144fd41ea4af745b92ceee0772b8a200ef4f69d3c80db2c2bf2d has no defined healthcheck
//查看历史
[root@localhost ~]# podman history centos
ID CREATED CREATED BY SIZE COMMENT
300e315adb2f 20 months ago /bin/sh -c #(nop) CMD ["/bin/bash"] 0 B
<missing> 20 months ago /bin/sh -c #(nop) LABEL org.label-schema.... 0 B
<missing> 20 months ago /bin/sh -c #(nop) ADD file:bd7a2aed6ede423... 217 MB
//管理镜像
[root@localhost ~]# podman image
Manage images
Description:
Manage images
Usage:
podman image [command]
Available Commands:
build Build an image using instructions from Containerfiles
diff Inspect changes to the image's file systems
exists Check if an image exists in local storage
history Show history of a specified image
import Import a tarball to create a filesystem image
inspect Display the configuration of an image
list List images in local storage
load Load image(s) from a tar archive
mount Mount an image's root filesystem
prune Remove unused images
pull Pull an image from a registry
push Push an image to a specified destination
rm Removes one or more images from local storage
save Save image(s) to an archive
scp securely copy images
search Search registry for image
sign Sign an image
tag Add an additional name to a local image
tree Prints layer hierarchy of an image in a tree format
trust Manage container image trust policy
unmount Unmount an image's root filesystem
untag Remove a name from a local image
//查看镜像
[root@localhost ~]# podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/library/busybox latest beae173ccac6 7 months ago 1.46 MB
docker.io/library/httpd latest dabbfbe0c57b 7 months ago 148 MB
quay.io/centos/centos latest 300e315adb2f 20 months ago 217 MB
//显示podman系统信息
[root@localhost ~]# podman info
host:
arch: amd64
buildahVersion: 1.24.1
cgroupControllers:
- cpuset
- cpu
- cpuacct
- blkio
- memory
- devices
- freezer
- net_cls
- perf_event
- net_prio
- hugetlb
- pids
- rdma
....................
//显示容器或映像的配置
[root@localhost ~]# podman inspect --help
Display the configuration of object denoted by ID
Description:
Displays the low-level information on an object identified by name or ID.
For more inspection options, see:
podman container inspect
podman image inspect
podman network inspect
podman pod inspect
podman volume inspect
Usage:
podman inspect [options] {CONTAINER|IMAGE|POD|NETWORK|VOLUME} [...]
Examples:
podman inspect fedora
podman inspect --type image fedora
podman inspect CtrID ImgID
podman inspect --format "imageId: {{.Id}} size: {{.Size}}" fedora
Options:
-f, --format string Format the output to a Go template or json (default "json")
-l, --latest Act on the latest container podman is aware of
Not supported with the "--remote" flag
-s, --size Display total file size
-t, --type string Specify inspect-object type ("image", "container" or "all") (default "all")
//管理网络
[root@localhost ~]# podman network ls
NETWORK ID NAME DRIVER
2f259bab93aa podman bridge
[root@localhost ~]# podman run -it busybox
/ # ping www.baidu.com
PING www.baidu.com (14.215.177.39): 56 data bytes
64 bytes from 14.215.177.39: seq=0 ttl=127 time=24.169 ms
64 bytes from 14.215.177.39: seq=1 ttl=127 time=23.657 ms
^C
--- www.baidu.com ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 23.657/23.913/24.169 ms