Podman基础
什么是Podman?
Podman 是一个开源的容器运行时项目,可在大多数 Linux 平台上使用。Podman 提供与 Docker
非常相似的功能。正如前面提到的那样,它不需要在你的系统上运行任何守护进程,并且它也可以
在没有 root 权限的情况下运行。
Podman 可以管理和运行任何符合 OCI(Open Container Initiative)规范的容器和容器镜像。
Podman 提供了一个与 Docker 兼容的命令行前端来管理 Docker 镜像。
Podman 官网地址:https://podman.io/
Podman和Docker的主要区别
区别:
dockers在实现CRI的时候,它需要一个守护进程,其次需要以root运行,因此这也带来了安全
隐患。
podman不需要守护程序,也不需要root用户运行,从逻辑架构上,比docker更加合理。
在docker的运行体系中,需要多个daemon才能调用到OCI的实现RunC。
在容器管理的链路中,Docker Engine的实现就是dockerd
daemon,它在linux中需要以root运行,dockerd调用containerd,containerd调用containerdshim,然后才能调用runC。顾名思义shim起的作用也就是“垫片”,避免父进程退出影响容器的
运训
podman直接调用OCI,runtime(runC),通过common作为容器进程的管理工具,但不需要
dockerd这种以root身份运行的守护进程。
在podman体系中,有个称之为common的守护进程,其运行路径通常
是/usr/libexec/podman/conmon,它是各个容器进程的父进程,每个容器各有一个,common
的父则通常是1号进程。podman中的common其实相当于docker体系中的containerdshim。
Podman的使用与docker有什么区别
podman的定位也是与docker兼容,因此在使用上面尽量靠近docker。在使用方面,可以分成两个
方面来说,一是系统构建者的角度,二是使用者的角度。
在系统构建者方面,用podman的默认软件,与docker的区别不大,只是在进程模型、进程关系方
面有所区别。如果习惯了docker几个关联进程的调试方法,在podman中则需要适应。可以通过
pstree命令查看进程的树状结构。总体来看,podman比docker要简单。由于podman比docker少了
一层daemon,因此重启的机制也就不同了。
在使用者方面,podman与docker的命令基本兼容,都包括容器运行时
(run/start/kill/ps/inspect),本地镜像(images/rmi/build)、镜像仓库(login/pull/push)等几个
方面。因此podman的命令行工具与docker类似,比如构建镜像、启停容器等。甚至可以通过alias
docker=podman可以进行替换。因此,即便使用了podman,仍然可以使用http://docker.io作为镜
像仓库,这也是兼容性最关键的部分。
部署podman
安装podman
[root@localhost ~]# cd /etc/yum.repos.d/
[root@localhost yum.repos.d]# ls
CentOS-Stream-AppStream.repo CentOS-Stream-HighAvailability.repo
CentOS-Stream-BaseOS.repo CentOS-Stream-Media.repo
CentOS-Stream-Debuginfo.repo CentOS-Stream-PowerTools.repo
CentOS-Stream-Extras.repo CentOS-Stream-RealTime.repo
[root@localhost yum.repos.d]# rm -rf *
[root@localhost yum.repos.d]# curl -o /etc/yum.repos.d/CentOS-Base.repo h ttps://mirrors.aliyun.com/repo/Centos-vault-8.5.2111.repo
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- 0:00:14 --:--:-- 0curl: (6) Could not resolve host: h
curl: (1) Protocol "ttps" not supported or disabled in libcurl
[root@localhost yum.repos.d]# sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo
[root@localhost yum.repos.d]# cd
[root@localhost ~]# yum -y install podman
CentOS-8.5.2111 - Base - mirrors.aliyun.com 4.5 MB/s | 4.6 MB 00:01
CentOS-8.5.2111 - Extras - mirrors.aliyun.com 4.5 kB/s | 10 kB 00:02
CentOS-8.5.2111 - AppStream - mirrors.aliyun.com 6.8 MB/s | 8.4 MB 00:01
Dependencies resolved.
==================================================================
[root@localhost ~]# ps -ef | grep podman
root 3991 1542 0 20:54 pts/0 00:00:00 grep --color=auto podman
[root@localhost ~]#
测试一下是否可以拉取镜像
[root@localhost ~]# podman pull centos
Resolved "centos" as an alias (/etc/containers/registries.conf.d/000-shortnames.conf)
Trying to pull quay.io/centos/centos:latest...
Getting image source signatures
Copying blob 7a0437f04f83 done
Copying config 300e315adb done
Writing manifest to image destination
Storing signatures
300e315adb2f96afe5f0b2780b87f28ae95231fe3bdd1e16b9ba606307728f55
Podman 加速器
[root@localhost ~]# yum -y install podman
CentOS-8.5.2111 - Base - mirrors.aliyun.com 4.5 MB/s | 4.6 MB 00:01
CentOS-8.5.2111 - Extras - mirrors.aliyun.com 4.5 kB/s | 10 kB 00:02
CentOS-8.5.2111 - AppStream - mirrors.aliyun.com 6.8 MB/s | 8.4 MB 00:01
Dependencies resolved.
=================================================================================
Package Arch Version Repo Size
=================================================================================
Installing:
podman x86_64 3.3.1-9.module_el8.5.0+988+b1f0b741 AppStream 12 M
Upgrading:
libsemanage x86_64 2.9-6.el8 base 165 k
policycoreutils x86_64 2.9-16.el8 base 373 k
[root@localhost ~]# vim /etc/containers/registries.conf
#unqualified-search-registries = ["registry.fedoraproject.org", "registry.access.redhat.com", "registry.centos.org", "docker.io"]
[[registry]]
location ="7i5kpmn4.mirror.aliyuncs.com"
[root@localhost ~]# podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
quay.io/centos/centos latest 300e315adb2f 20 months ago 217 MB
[root@localhost ~]# podman pull busybox
Resolved "busybox" as an alias (/etc/containers/registries.conf.d/000-shortnames.conf)
Trying to pull docker.io/library/busybox:latest...
Getting image source signatures
Copying blob 50783e0dfb64 done
Copying config 7a80323521 done
Writing manifest to image destination
Storing signatures
7a80323521ccd4c2b4b423fa6e38e5cea156600f40cd855e464cc52a321a24dd
[root@localhost ~]# podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/library/busybox latest 7a80323521cc 2 weeks ago 1.47 MB
quay.io/centos/centos latest 300e315adb2f 20 months ago 217 MB
tab键补全命令
[root@localhost ~]# yum -y install bash-completion
[root@localhost ~]# source /etc/profile.d/bash_completion.sh
拉取docker里面的镜像
[root@localhost ~]# podman login docker.io
Username: hh08042
Password:
Login Succeeded!
[root@localhost ~]# podman pull hh08042/centos-httpd:v3
Resolving "hh08042/centos-httpd" using unqualified-search registries (/etc/containers/registries.conf)
Trying to pull docker.io/hh08042/centos-httpd:v3...
Getting image source signatures
Copying blob a1d0c7532777 done
Copying config f7959409e3 done
Writing manifest to image destination
Storing signatures
f7959409e3c1fa6097daee87dabb5949a9bc27915a960e861a3a817a4e44e88b
[root@localhost ~]#
podman常用命令
镜像
podman search #查找镜像
[root@localhost ~]# podman search bosybox
INDEX NAME DESCRIPTION STARS OFFICIAL AUTOMATED
docker.io docker.io/deathknight2/bosybox 0
docker.io docker.io/messi110/bosybox 0
docker.io docker.io/demodocker07/bosybox 0
docker.io docker.io/bosybox/bosybox 0
docker.io docker.io/wan012q/bosybox 0
docker.io docker.io/xiaowen20/http bosybox http 0
docker.io docker.io/yushanshuai/httpd bosybox httpd 0
docker.io docker.io/15908168410/bosybox 测试bosybox 0
podman pull #获取镜像
[root@localhost ~]# podman pull busybox
Resolved "busybox" as an alias (/etc/containers/registries.conf.d/000-shortnames.conf)
Trying to pull docker.io/library/busybox:latest...
Getting image source signatures
Copying blob 50783e0dfb64 done
Copying config 7a80323521 done
Writing manifest to image destination
Storing signatures
7a80323521ccd4c2b4b423fa6e38e5cea156600f40cd855e464cc52a321a24dd
podman images #列出镜像
[root@localhost ~]# podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/library/busybox latest 7a80323521cc 2 weeks ago 1.47 MB
podman rmi #删除镜像
[root@localhost ~]# podman rmi busybox
Untagged: docker.io/library/busybox:latest
Deleted: 7a80323521ccd4c2b4b423fa6e38e5cea156600f40cd855e464cc52a321a24dd
[root@localhost ~]# podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
podman inspect 获取镜像的详细信息
[root@localhost ~]# docker inspect 镜像名:标签
......
podman tag 添加镜像别名,类似于别名
[root@localhost ~]# podman tag busybox:latest runtime:v1
[root@localhost ~]# podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/library/busybox latest 7a80323521cc 2 weeks ago 1.47 MB
localhost/runtime v1 7a80323521cc 2 weeks ago 1.47 MB
podman save #导出镜像
[root@localhost ~]# podman save > busybox.tar busybox
[root@localhost ~]# ls
anaconda-ks.cfg busybox.tar
podman load #导入镜像
[root@localhost ~]# podman load < busybox.tar
Getting image source signatures
Copying blob 084326605ab6 done
Copying config 7a80323521 done
Writing manifest to image destination
Storing signatures
Loaded image(s): docker.io/library/busybox:latest
[root@localhost ~]# podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/library/busybox latest 7a80323521cc 2 weeks ago 1.47 MB
容器
podman run #创建并启动容器
[root@localhost ~]# podman run -dit --name web1 httpd
8405d2772400fe8026cd45d538f8f391410e7213e7c0217fba37a970eba72ff4
podman create #创建容器
[root@localhost ~]# podman create httpd
podman ps # 查看容器
[root@localhost ~]# podman ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
8405d2772400 docker.io/library/httpd:latest httpd-foreground 2 minutes ago Up 2 minutes ago web1
3a7c9d32adf5 docker.io/library/httpd:latest httpd-foreground 33 seconds ago Created strange_neumann
podman start # 启动容器
[root@localhost ~]# podman start 3a7c9d32adf5
3a7c9d32adf5
[root@localhost ~]# podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
8405d2772400 docker.io/library/httpd:latest httpd-foreground 3 minutes ago Up 2 minutes ago web1
3a7c9d32adf5 docker.io/library/httpd:latest httpd-foreground About a minute ago Up 13 seconds ago strange_neumann
podman restart # 重启容器
[root@localhost ~]# podman restart 3a7c9d32adf5
3a7c9d32adf5e21ceba3b19a885fd595e2950ae7d3618efc443088367704ace3
podman stop # 停止容器
[root@localhost ~]# podman stop 3a7c9d32adf5
3a7c9d32adf5
[root@localhost ~]# podman ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
8405d2772400 docker.io/library/httpd:latest httpd-foreground 4 minutes ago Up 4 minutes ago web1
3a7c9d32adf5 docker.io/library/httpd:latest httpd-foreground 2 minutes ago Exited (0) 7 seconds ago strange_neumann
podman rm # 删除容器
[root@localhost ~]# podman rm 3a7c9d32adf5
3a7c9d32adf5e21ceba3b19a885fd595e2950ae7d3618efc443088367704ace3
[root@localhost ~]# podman ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
8405d2772400 docker.io/library/httpd:latest httpd-foreground 4 minutes ago Up 4 minutes ago web1
odman logs # 查看容器日志
[root@localhost ~]# podman logs web1
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 10.88.0.4. Set the 'ServerName' directive globally to suppress this message
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 10.88.0.4. Set the 'ServerName' directive globally to suppress this message
[Sat Aug 13 06:12:09.085347 2022] [mpm_event:notice] [pid 1:tid 140027846626624] AH00489: Apache/2.4.54 (Unix) configured -- resuming normal operations
[Sat Aug 13 06:12:09.085496 2022] [core:notice] [pid 1:tid 140027846626624] AH00094: Command line: 'httpd -D FOREGROUND'
podman attach # 进入容器
[root@localhost ~]#podman attach web2
(另开一个终端访问它)
[root@localhost ~]# curl 10.88.0.9
<html><body><h1>It works!</h1></body></html>
(内部出现访问信息)
10.88.0.1 - - [13/Aug/2022:06:27:11 +0000] "GET / HTTP/1.1" 200 45
podman exec # 进入容器
[root@localhost ~]# podman start web1
web1
[root@localhost ~]# podman exec -it web1 /bin/bash
root@8405d2772400:/usr/local/apache2#
podman export # 导出容器
[root@localhost ~]# podman export -o web.tar web1
[root@localhost ~]# ls
anaconda-ks.cfg busybox.tar web.tar
podman import # 导入容器快照
[root@localhost ~]# podman import web.tar
Getting image source signatures
Copying blob f8c5231b85bd done
Copying config 4166d975be done
Writing manifest to image destination
Storing signatures
sha256:4166d975beffdcb17b6a87b7f6b0878594b8e4d4d972e487c70fe60626b07724
[root@localhost ~]# podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
<none> <none> 4166d975beff 5 minutes ago 147 MB
docker.io/library/httpd latest f2a976f932ec 11 days ago 149 MB