podman安装
[root@localhost ~]# yum -y install podman-docker
[root@localhost ~]# which podman
/usr/bin/podman
[root@localhost ~]# which docker
/usr/bin/docker
podman常用命令
podman version # 显示podman的版本信息
podman info # 显示podman的系统信息,包括镜像和容器的数量
podman 命令xxx --help # 帮助命令
//修改配置文件,只留下docker官方镜像仓库位置
[root@localhost ~]# head -22 /etc/containers/registries.conf | tail -1
unqualified-search-registries = ["docker.io"]
//拉取镜像
[root@localhost ~]# podman pull nginx
Resolving "nginx" using unqualified-search registries (/etc/containers/registries.conf)
Trying to pull docker.io/library/nginx:latest...
Getting image source signatures
Copying blob e5ae68f74026 skipped: already exists
Copying blob 44be98c0fab6 done
Copying blob ed835de16acd done
Copying blob 21e0df283cd6 done
Copying blob 881ff011f1c9 done
Copying blob 77700c52c969 done
Copying config f652ca386e done
Writing manifest to image destination
Storing signatures
f652ca386ed135a4cbe356333e08ef0816f81b2ac8d0619af01e2b256837ed3e
//查看镜像
[root@localhost ~]# podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/library/busybox latest ffe9d497c324 6 days ago 1.46 MB
docker.io/library/nginx latest f652ca386ed1 11 days ago 146 MB
docker.io/library/httpd latest ea28e1b82f31 11 days ago 148 MB
//使用nginx镜像运行容器
[root@localhost ~]# podman run -d --name web -p 80:80 nginx
4b9795b736158a716ab513fcd12159b1203bd3a326f94e6e7f244cfb93f7a92c
[root@localhost ~]# podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
4b9795b73615 docker.io/library/nginx:latest nginx -g daemon o... 3 seconds ago Up 3 seconds ago 0.0.0.0:80->80/tcp web
//查看容器详细信息
[root@localhost ~]# podman inspect -l //-l,最新的容器
...省略
"Networks": {
"podman": {
"EndpointID": "",
"Gateway": "10.88.0.1",
"IPAddress": "10.88.0.3",
...省略
//本机访问
[root@localhost ~]# curl 10.88.0.3
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
...省略
//查看容器的日志
[root@localhost ~]# podman logs -l //-l,最新的容器
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf
10-listen-on-ipv6-by-default.sh: info: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf
/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
/docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh
/docker-entrypoint.sh: Configuration complete; ready for start up
2021/12/14 04:08:39 [notice] 1#1: using the "epoll" event method
2021/12/14 04:08:39 [notice] 1#1: nginx/1.21.4
2021/12/14 04:08:39 [notice] 1#1: built by gcc 10.2.1 20210110 (Debian 10.2.1-6)
2021/12/14 04:08:39 [notice] 1#1: OS: Linux 4.18.0-305.3.1.el8.x86_64
2021/12/14 04:08:39 [notice] 1#1: getrlimit(RLIMIT_NOFILE): 1048576:1048576
2021/12/14 04:08:39 [notice] 1#1: start worker processes
2021/12/14 04:08:39 [notice] 1#1: start worker process 30
2021/12/14 04:08:39 [notice] 1#1: start worker process 31
10.88.0.1 - - [14/Dec/2021:04:12:04 +0000] "GET / HTTP/1.1" 200 615 "-" "curl/7.61.1" "-"
//查看容器的PID和CPU使用率
[root@localhost ~]# podman top -l //-l,最新的容器
USER PID PPID %CPU ELAPSED TTY TIME COMMAND
root 1 0 0.000 5m53.229833796s ? 0s nginx: master process nginx -g daemon off;
nginx 30 1 0.000 5m53.230318664s ? 0s nginx: worker process
nginx 31 1 0.000 5m53.230376293s ? 0s nginx: worker process
//上传镜像
[root@localhost ~]# podman login //登录仓库
Username: wyus
Password:
Login Succeeded!
[root@localhost ~]# podman tag docker.io/library/httpd:latest wyus/httpd:v0.7 //给镜像打标签
[root@localhost ~]# podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/library/busybox latest ffe9d497c324 6 days ago 1.46 MB
docker.io/library/nginx latest f652ca386ed1 11 days ago 146 MB
docker.io/library/httpd latest ea28e1b82f31 11 days ago 148 MB
localhost/wyus/httpd v0.7 ea28e1b82f31 11 days ago 148 MB
[root@localhost ~]# podman push wyus/httpd:v0.7 //上传
Getting image source signatures
Copying blob de86fc8fb2bd skipped: already exists
Copying blob f2ca16412796 skipped: already exists
Copying blob 7b17db00576b skipped: already exists
Copying blob 9321ff862abb skipped: already exists
Copying blob afd73b741139 [--------------------------------------] 0.0b / 0.0b
Copying config ea28e1b82f done
Writing manifest to image destination
Storing signatures
//停止容器
[root@localhost ~]# podman stop web
web
//删除容器
[root@localhost ~]# podman rm -l //-l,最新的容器
24602bf7164ee7e019555177a3d0eaf190b61120434882224e8168515ff7ac05
普通用户使用podman的方式
在允许没有root特权的用户运行Podman之前,管理员必须安装或构建Podman并完成以下配置
cgroup V2Linux内核功能允许用户限制普通用户容器可以使用的资源,如果使用cgroup V2启用了运行Podman的Linux发行版,则可能需要更改默认的OCI运行时。某些较旧的版本runc不适用于cgroup V2,必须切换到备用OCI运行时crun。
[root@localhost ~]# yum -y install crun
上次元数据过期检查:0:03:49 前,执行于 2021年12月14日 星期二 12时17分59秒。
软件包 crun-1.0-1.module_el8.5.0+911+f19012f9.x86_64 已安装。
依赖关系解决。
无需任何处理。
完毕!
[root@localhost ~]# head -434 /usr/share/containers/containers.conf | tail -1
runtime = "crun"
[root@localhost ~]# podman run -d -p 80:80 httpd
6d1b7ce56ec6e96219e7891b423716b9b4148b5af85d6246ac0f65c1856fbbf2
[root@localhost ~]# podman inspect -l | grep crun
"OCIRuntime": "crun",
"crun",
slirp4netns
slirp4netns包为普通用户提供一种网络模式
[root@localhost ~]# yum -y install slirp4netns
上次元数据过期检查:0:09:54 前,执行于 2021年12月14日 星期二 12时17分59秒。
软件包 slirp4netns-1.1.8-1.module_el8.5.0+890+6b136101.x86_64 已安装。
依赖关系解决。
无需任何处理。
完毕!
fuse-overlayfs
在普通用户环境中使用Podman时,建议使用fuse-overlayfs而不是VFS文件系统,至少需要版本0.7.6。
[root@localhost ~]# yum -y install fuse-overlayfs
上次元数据过期检查:0:11:01 前,执行于 2021年12月14日 星期二 12时17分59秒。
软件包 fuse-overlayfs-1.7.1-1.module_el8.5.0+890+6b136101.x86_64 已安装。
依赖关系解决。
无需任何处理。
完毕!
[root@localhost ~]# head -77 /etc/containers/storage.conf|tail -1
mount_program = "/usr/bin/fuse-overlayfs" //取消注释
/etc/subuid
和/etc/subgid
配置
Podman要求运行它的用户在/etc/subuid
和/etc/subgid
文件中列出一系列UID,shadow-utils或newuid包提供这些文件。
[root@localhost ~]# yum -y install shadow-utils
[root@localhost ~]# podman exec -it -l /bin/bash
root@6d1b7ce56ec6:/usr/local/apache2# id
uid=0(root) gid=0(root) groups=0(root)
root@6d1b7ce56ec6:/usr/local/apache2# useradd abc
root@6d1b7ce56ec6:/usr/local/apache2# useradd test
root@6d1b7ce56ec6:/usr/local/apache2# cat /etc/subuid
abc:100000:65536
test:165536:65536
该文件的格式为USERNAME:UID:RANGE
- 在/ etc / passwd或getpwent中列出的用户名。
- 为用户分配的初始uid。
- 为用户分配的UID范围的大小
用户的配置文件
三个主要的配置文件是container.conf
,storage.conf
和registries.conf
。用户可以根据需要修改这些文件。
container.conf
优先级
- usr/share/containers/containers.conf
- etc/containers/containers.conf
- HOME/.config/containers/containers.conf
storage.conf
优先级
- /etc/containers/storage.conf
- $HOME/.config/containers/storage.conf
在普通用户中/etc/containers/storage.conf的一些字段将被忽略
graphroot=``""`` ``container storage graph ``dir` `(default: ``"/var/lib/containers/storage"``)`` ``Default directory to store all writable content created by container storage programs.` `runroot=``""`` ``container storage run ``dir` `(default: ``"/run/containers/storage"``)`` ``Default directory to store all temporary writable content created by container storage programs.
在普通用户中这些字段默认
graphroot=``"$HOME/.local/share/containers/storage"``runroot=``"$XDG_RUNTIME_DIR/containers"
registries.conf
配置按此顺序读入,这些文件不是默认创建的,可以从/usr/share/containers
或复制文件/etc/containers
并进行修改。
/etc/containers/registries.conf
/etc/containers/registries.d/*
HOME/.config/containers/registries.conf