《OpenShift / RHEL / DevSecOps 汇总目录》
配置 REST API 服务,访问远程 Podman
环境:测试在 2 个节点上进行,在节点 1 上安装 podman。
- 关闭 2 个节点的防火墙
$ systemctl stop firewalld
- 在节点 1 上运行一个 pod。
$ podman run -dt --pod new:frontend -p 8080:80 --name nginx nginx
$ podman pod ls --ctr-names
POD ID NAME STATUS CREATED INFRA ID NAMES
cdd27cba7571 frontend Running 20 hours ago 884cf9704fe1 cdd27cba7571-infra,frontend-nginx
- 在节点 1 上运行命令,在 8888 端口启动 REST API 监听服务。
$ podman system service tcp:${NODE_1_IP}:8888 --time=0 &
$ ps -ef | grep socket
dawnsky 1500 1465 5 17:43 pts/0 00:00:00 podman system service tcp:localhost:8088 --time=0
dawnsky 1508 1500 4 17:43 pts/0 00:00:00 podman system service tcp:localhost:8088 --time=0
dawnsky 1529 1465 0 17:43 pts/0 00:00:00 grep --color=auto podman
- 在节点 2 上运行命令,远程查看节点1 的 podman 运行环境。
$ curl -s http://${NODE_1_IP}:8888/v1.40.0/libpod/info | jq
{
"host": {
"arch": "amd64",
"buildahVersion": "1.24.3",
"cgroupManager": "systemd",
"cgroupVersion": "v2",
"cgroupControllers": [
"memory",
"pids"
],
"conmon": {
"package": "conmon-2.1.0-1.el9.x86_64",
"path": "/usr/bin/conmon",
"version": "conmon version 2.1.0, commit: 8ef5de138efb6f0aad657082cdea22cf037792cb"
},
"cpus": 2,
"distribution": {
"distribution": "\"centos\"",
"version": "9"
},
"eventLogger": "journald",
"hostname": "centos",
"idMappings": {
"gidmap": [
{
"container_id": 0,
"host_id": 1000,
"size": 1
},
{
"container_id": 1,
"host_id": 100000,
"size": 65536
}
],
"uidmap": [
{
"container_id": 0,
"host_id": 1000,
"size": 1
},
{
"container_id": 1,
"host_id": 100000,
"size": 65536
}
]
},
"kernel": "5.14.0-86.el9.x86_64",
"logDriver": "journald",
"memFree": 1146925056,
"memTotal": 2060308480,
"networkBackend": "cni",
"ociRuntime": {
"name": "crun",
"package": "crun-1.4.5-1.el9.x86_64",
"path": "/usr/bin/crun",
"version": "crun version 1.4.5\ncommit: c381048530aa750495cf502ddb7181f2ded5b400\nspec: 1.0.0\n+SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +YAJL"
},
"os": "linux",
"remoteSocket": {
"path": "/run/user/1000/podman/podman.sock"
},
"serviceIsRemote": false,
"security": {
"apparmorEnabled": false,
"capabilities": "CAP_NET_RAW,CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT",
"rootless": true,
"seccompEnabled": true,
"seccompProfilePath": "/usr/share/containers/seccomp.json",
"selinuxEnabled": true
},
"slirp4netns": {
"executable": "/usr/bin/slirp4netns",
"package": "slirp4netns-1.2.0-1.el9.x86_64",
"version": "slirp4netns version 1.2.0\ncommit: 656041d45cfca7a4176f6b7eed9e4fe6c11e8383\nlibslirp: 4.4.0\nSLIRP_CONFIG_VERSION_MAX: 3\nlibseccomp: 2.5.2"
},
"swapFree": 2197811200,
"swapTotal": 2197811200,
"uptime": "27m 36.6s",
"linkmode": "dynamic"
},
"store": {
"configFile": "/home/dawnsky/.config/containers/storage.conf",
"containerStore": {
"number": 3,
"paused": 0,
"running": 2,
"stopped": 1
},
"graphDriverName": "overlay",
"graphOptions": {},
"graphRoot": "/home/dawnsky/.local/share/containers/storage",
"graphStatus": {
"Backing Filesystem": "xfs",
"Native Overlay Diff": "true",
"Supports d_type": "true",
"Using metacopy": "false"
},
"imageCopyTmpDir": "/var/tmp",
"imageStore": {
"number": 3
},
"runRoot": "/run/user/1000/containers",
"volumePath": "/home/dawnsky/.local/share/containers/storage/volumes"
},
"registries": {
"search": [
"registry.fedoraproject.org",
"registry.access.redhat.com",
"registry.centos.org",
"quay.io",
"docker.io"
]
},
"plugins": {
"volume": [
"local"
],
"network": [
"bridge",
"macvlan",
"ipvlan"
],
"log": [
"k8s-file",
"none",
"passthrough",
"journald"
]
},
"version": {
"APIVersion": "4.0.3",
"Version": "4.0.3",
"GoVersion": "go1.17.5",
"GitCommit": "",
"BuiltTime": "Sat Apr 2 01:56:38 2022",
"Built": 1648835798,
"OsArch": "linux/amd64"
}
}
- 在节点 2 上运行命令,查看 pod 运行情况。
$ curl -s http://${NODE_1_IP}:8888/v1.40.0/libpod/pods/json | jq .[].Name
"frontend"
- 在节点 2 上运行命令,查看 container 运行情况。
$ curl -s http://${NODE_1_IP}:8888/v1.40.0/libpod/containers/json?all=true | jq .[].State
"exited"
"running"
"running"
- 在节点 2 上运行命令,查看 image 情况。
$ curl -s http://${NODE_1_IP}:8888/v1.40.0/libpod/images/json | jq .[].Names
[
"docker.io/library/httpd:latest"
]
[
"localhost/podman-pause:4.0.3-1648835798"
]
[
"docker.io/library/nginx:latest"
]
- 在节点 2 上运行命令,查看 frontend-nginx 容器的状态。
$ curl -s http://${NODE_1_IP}:8888/v1.40.0/libpod/containers/frontend-nginx/stats
- 在节点 2 上运行命令,为节点 1 拉取镜像 quay.io/podman/hello:latest。完成后可在节点 1 中确认。
$ curl -XPOST http://${NODE_1_IP}:8888/v1.40.0/libpod/images/pull?reference=quay.io/podman/hello:latest
{"stream":"Trying to pull quay.io/podman/hello:latest...\n"}
{"stream":"Getting image source signatures\n"}
{"stream":"Copying blob sha256:f11656b0bc64345fd33f98397564064ad321c6aed1cf356003f7a4c0558a83b2\n"}
{"stream":"Copying blob sha256:f11656b0bc64345fd33f98397564064ad321c6aed1cf356003f7a4c0558a83b2\n"}
{"stream":"Copying config sha256:1b33cca41a84e34a955aae5c1d5691ef220403213dc66d272b6e659c9ebd8b8a\n"}
{"stream":"Writing manifest to image destination\n"}
{"stream":"Storing signatures\n"}
{"images":["1b33cca41a84e34a955aae5c1d5691ef220403213dc66d272b6e659c9ebd8b8a"],"id":"1b33cca41a84e34a955aae5c1d5691ef220403213dc66d272b6e659c9ebd8b8a"}
REST API 参考
https://docs.podman.io/en/latest/_static/api.html