简介!!
- Podman 是一个开源的容器运行时项目,可在大多数 Linux 平台上使用。Podman 提供与 Docker 非常相似的功能。正如前面提到的那样,它不需要在你的系统上运行任何守护进程,并且它也可以在没有 root 权限的情况下运行。
- Podman可以替换Docker中了大多数子命令(RUN,PUSH,PULL等)。Podman不需要守护进程,而是使用用户命名空间来模拟容器中的root,无需连接到具有root权限的套接字保证容器的体系安全。
Podman专注于维护和修改OCI镜像的所有命令和功能,例如拉动和标记。它还允许我们创建,运行和维护从这些图像创建的容器- Podman 可以管理和运行任何符合 OCI(Open Container Initiative)规范的容器和容器镜像
- Podman提供了一个与 Docker 兼容的命令行前端来管理 Docker 镜像。
工作机制!
Podman 原来是 CRI-O 项目的一部分,后来被分离成一个单独的项目叫 libpod。Podman 的使用体验和 Docker
类似,不同的是 Podman 没有 daemon。以前使用 Docker CLI 的时候,Docker CLI 会通过 gRPC API
去跟 Docker Engine 说「我要启动一个容器」,然后 Docker Engine 才会通过 OCI Container
runtime(默认是 runc)来启动一个容器。这就意味着容器的进程不可能是 Docker CLI 的子进程,而是 Docker
Engine 的子进程。Podman 比较简单粗暴,它不使用 Daemon,而是直接通过 OCI runtime(默认也是 runc)来启动容器,所以容器的进程是
podman 的子进程。这比较像 Linux 的 fork/exec 模型,而 Docker 采用的是 C/S(客户端/服务器)模型。与
C/S 模型相比,fork/exec 模型有很多优势,比如:
系统管理员可以知道某个容器进程到底是谁启动的。
如果利用 cgroup 对 podman 做一些限制,那么所有创建的容器都会被限制。
SD_NOTIFY : 如果将 podman 命令放入 systemd 单元文件中,容器进程可以通过 podman 返回通知,表明服务已准备好接收任务。
socket 激活 : 可以将连接的 socket 从 systemd 传递到 podman,并传递到容器进程以便使用它们。
与docker的区别!!
docker 需要在我们的系统上运行一个守护进程(docker daemon),而podman 不需要
启动容器的方式不同: docker cli 命令通过API跟 Docker Engine(引擎)交互告诉它我想创建一个container,然后docker Engine才会调用OCI container
runtime(runc)来启动一个container。这代表container的process(进程)不会是Docker
CLI的child process(子进程),而是Docker Engine的child process。 Podman是直接给OCI
containner runtime(runc)进行交互来创建container的,所以container
process直接是podman的child process。因为docke有docker daemon,所以docker启动的容器支持–restart策略,但是podman不支持,如果在k8s中就不存在这个问题,我们可以设置pod的重启策略,在系统中我们可以采用编写systemd服务来完成自启动
docker需要使用root用户来创建容器,但是podman不需要
部署podman!
[root@localhost ~]# yum -y install podman
上次元数据过期检查:0:00:39 前,执行于 2021年08月11日 星期三 23时08分59秒。
依赖关系解决。
========================================================================================================================================================
软件包 架构 版本 仓库 大小
========================================================================================================================================================
安装:
podman x86_64 3.3.0-2.module_el8.5.0+877+1c30e0c9 appstream 12 M
安装依赖关系:
conmon x86_64 2:2.0.29-1.module_el8.5.0+877+1c30e0c9 appstream 52 k
containernetworking-plugins x86_64 0.9.1-1.module_el8.5.0+877+1c30e0c9 appstream 20 M
containers-common x86_64 1:1.4.0-5.module_el8.5.0+878+851f435b appstream 99 k
criu x86_64 3.15-2.module_el8.5.0+877+1c30e0c9 appstream 518 k
配置仓库!!
[root@localhost ~]# vim /etc/containers/registries.conf
[registries.search]
registries = ['registry.access.redhat.com', 'registry.redhat.io', 'docker.io']
unqualified-search-registries = ["registry.fedoraproject.org", "registry.access.redhat.com", "registry.centos.org", "docker.io"]
配置加速!!
[registries.search]
registries = ['https://kmny1apu.mirror.aliyuncs.com','docker.io']
podman使用!!!
镜像拉取!!!!
[root@localhost ~]# podman pull nginx
✔ docker.io/library/nginx:latest
Trying to pull docker.io/library/nginx:latest...
Getting image source signatures
Copying blob b10cf527a02d done
Copying blob 33847f680f63 done
Copying blob c90b090c213b done
Copying blob 8a268f30c42a done
Copying blob dbb907d5159d done
Copying blob 1f41b2f2bf94 done
Copying config 08b152afcf done
Writing manifest to image destination
Storing signatures
08b152afcfae220e9709f00767054b824361c742ea03a9fe936271ba520a0a4b
[root@localhost ~]# podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/library/nginx latest 08b152afcfae 3 weeks ago 137 MB
运行一个容器!!
[root@localhost ~]# podman run -d --name laolin -p 80 docker.io/library/nginx
ce9d7c376cf1f444aef8a12786090ee5f2cd616eb8848b61e100f8a6efdf89fb
[root@localhost ~]# podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ce9d7c376cf1 docker.io/library/nginx:latest nginx -g daemon o... 9 seconds ago Up 8 seconds ago 0.0.0.0:34091->80/tcp laolin
[root@localhost ~]# podman inspect -l
[
{
"Id": "ce9d7c376cf1f444aef8a12786090ee5f2cd616eb8848b61e100f8a6efdf89fb",
"Created": "2021-08-12T23:49:55.25906528-04:00",
"Path": "/docker-entrypoint.sh",
"Args": [
"nginx",
"-g",
"daemon off;"
],
"State": {
"OciVersion": "1.0.2-dev",
"Status": "running",
"Running": true,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 18917,
"ConmonPid": 18906,
"ExitCode": 0,
"Error": "",
"StartedAt": "2021-08-12T23:49:56.13812755-04:00",
"FinishedAt": "0001-01-01T00:00:00Z",
"Healthcheck": {
"Status": "",
"FailingStreak": 0,
"Log": null
}
查看容器的PID!
[root@localhost ~]# podman top laolin
USER PID PPID %CPU ELAPSED TTY TIME COMMAND
root 1 0 0.000 1m27.952553655s ? 0s nginx: master process nginx -g daemon off;
nginx 30 1 0.000 1m27.952756721s ? 0s nginx: worker process
nginx 31 1 0.000 1m27.952813388s ? 0s nginx: worker process
查看容器日志!!
[root@localhost ~]# podman logs -l
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf
10-listen-on-ipv6-by-default.sh: info: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf
/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
/docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh
/docker-entrypoint.sh: Configuration complete; ready for start up
2021/08/13 03:49:56 [notice] 1#1: using the "epoll" event method
2021/08/13 03:49:56 [notice] 1#1: nginx/1.21.1
2021/08/13 03:49:56 [notice] 1#1: built by gcc 8.3.0 (Debian 8.3.0-6)
2021/08/13 03:49:56 [notice] 1#1: OS: Linux 4.18.0-257.el8.x86_64
2021/08/13 03:49:56 [notice] 1#1: getrlimit(RLIMIT_NOFILE): 1048576:1048576
2021/08/13 03:49:56 [notice] 1#1: start worker processes
2021/08/13 03:49:56 [notice] 1#1: start worker process 30
2021/08/13 03:49:56 [notice] 1#1: start worker process 31
## 实时查看!!!!
[root@localhost ~]# podman logs -f laolin
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf
10-listen-on-ipv6-by-default.sh: info: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf
/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
/docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh
/docker-entrypoint.sh: Configuration complete; ready for start up
2021/08/13 03:49:56 [notice] 1#1: using the "epoll" event method
2021/08/13 03:49:56 [notice] 1#1: nginx/1.21.1
2021/08/13 03:49:56 [notice] 1#1: built by gcc 8.3.0 (Debian 8.3.0-6)
2021/08/13 03:49:56 [notice] 1#1: OS: Linux 4.18.0-257.el8.x86_64
2021/08/13 03:49:56 [notice] 1#1: getrlimit(RLIMIT_NOFILE): 1048576:1048576
2021/08/13 03:49:56 [notice] 1#1: start worker processes
2021/08/13 03:49:56 [notice] 1#1: start worker process 30
2021/08/13 03:49:56 [notice] 1#1: start worker process 31
## 再开一个终端测试!!
[root@localhost ~]# curl 10.88.0.2
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
10.88.0.1 - - [13/Aug/2021:03:52:26 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.61.1" "-"
上传镜像!!!
[root@localhost ~]# podman login
Username: ailaolin
Password:
Login Succeeded!
[root@localhost ~]# podman tag docker.io/library/nginx:latest ailaolin/test:nginx
[root@localhost ~]# podman push ailaolin/test:nginx
Getting image source signatures
Copying blob e3135447ca3e skipped: already exists
Copying blob 59b01b87c9e7 skipped: already exists
Copying blob 7c0b223167b9 skipped: already exists
Copying blob 814bff734324 skipped: already exists
Copying blob 988d9a3509bb skipped: already exists
普通用户使用的配置
在允许没有root特权的用户运行Podman之前,管理员必须安装或构建Podman并完成以下配置
cgroup V2Linux内核功能允许用户限制普通用户容器可以使用的资源,如果使用cgroup V2启用了运行Podman的Linux发行版,则可能需要更改默认的OCI运行时。某些较旧的版本runc不适用于cgroupV2,必须切换到备用OCI运行时crun。
安装 crum!!
[root@localhost ~]# yum -y install crun
上次元数据过期检查:1 day, 0:56:03 前,执行于 2021年08月11日 星期三 23时08分59秒。
依赖关系解决。
========================================================================================================================================================
软件包 架构 版本 仓库 大小
========================================================================================================================================================
安装:
crun x86_64 0.21-3.module_el8.5.0+878+851f435b appstream 193 k
安装依赖关系:
yajl x86_64 2.1.0-10.el8 appstream 41 k
事务概要
========================================================================================================================================================
安装 2 软件包
总下载:234 k
安装大小:569 k
下载软件包:
(1/2): yajl-2.1.0-10.el8.x86_64.rpm 466 kB/s | 41 kB 00:00
修改配置文件!!!
[root@localhost ~]# vim /usr/share/containers/containers.conf
# Default OCI runtime
#
# runtime = "crun"
runtime = "crun"
创建容器!
[root@localhost ~]# podman run -d --name ljj -p 80 docker.io/library/nginx
adc239fd732ac699b8c2bdd5cd8dc371fadd5396c309ca9df9f888818c27179a
[root@localhost ~]# podman inspect ljj | grep crun
"OCIRuntime": "crun",
"crun",
slirp4netns
slirp4nets包为普通用户提供一种网络模式
安装fuse-overlayfs
[root@localhost ~]# yum -y install slirp4netns
上次元数据过期检查:1 day, 1:01:17 前,执行于 2021年08月11日 星期三 23时08分59秒。
软件包 slirp4netns-1.1.8-1.module_el8.5.0+733+9bb5dffa.x86_64 已安装。
依赖关系解决。
========================================================================================================================================================
软件包 架构 版本 仓库 大小
========================================================================================================================================================
升级:
slirp4netns x86_64 1.1.8-1.module_el8.5.0+877+1c30e0c9 appstream 51 k
事务概要
========================================================================================================================================================
升级 1 软件包
总下载:51 k
下载软件包:
[ === ] --- B/s | 0 B --:-- ET
配置文件!!!
[root@localhost ~]# vim /etc/containers/storage.conf
# Path to an helper program to use for mounting the file system instead of mounting it
# directly.
mount_program = "/usr/bin/fuse-overlayfs"
/etc/subuid和/etc/subgid配置
Podman要求运行它的用户在/ etc / subuid和/ etc /
subgid文件中列出一系列UID,shadow-utils或newuid包提供这些文件
[root@localhost ~]# yum -y install shadow-utils
上次元数据过期检查:1 day, 1:05:06 前,执行于 2021年08月11日 星期三 23时08分59秒。
软件包 shadow-utils-2:4.6-12.el8.x86_64 已安装。
依赖关系解决。
========================================================================================================================================================
软件包 架构 版本 仓库 大小
========================================================================================================================================================
升级:
shadow-utils x86_64 2:4.6-13.el8 baseos 1.2 M
事务概要
========================================================================================================================================================
升级 1 软件包
总下载:1.2 M
下载软件包:
shadow-utils-4.6-13.el8.x86_64.rpm 4.1 MB/s | 1.2 MB 00:00
--------------------------------------------------------------------------------------------------------------------------------------------------------
总计 1.3 MB/s | 1.2 MB 00:00
运行事务检查
事务检查成功。
可以在/ etc / subuid和/ etc / subgid查看,每个用户的值必须唯一
[root@localhost ~]# podman exec -it ljj /bin/bash
root@adc239fd732a:/# id
uid=0(root) gid=0(root) groups=0(root)
root@adc239fd732a:/# cat /etc/subuid
root@adc239fd732a:/# useradd test
root@adc239fd732a:/# cat /etc/subuid
test:100000:65536
root@adc239fd732a:/#
该文件的格式为USERNAME:UID:RANGE
- 在/ etc / passwd或getpwent中列出的用户名。
- 为用户分配的初始uid。
- 为用户分配的UID范围的大小
用户的配置文件
三个主要的配置文件是
- container.conf
- storage.conf
- registries.conf
container.conf
## Podman读取
/usr/share/containers/containers.conf
storage.conf
/etc/containers/storage.conf
# 在普通用户中/etc/containers/storage.conf的一些字段将被忽略
graphroot=``""`` ``container storage graph ``dir` `(default: ``"/var/lib/containers/storage"``)`` ``Default directory to store all writable content created by container storage programs.` `runroot=``""`` ``container storage run ``dir` `(default: ``"/run/containers/storage"``)`` ``Default directory to store all temporary writable content created by container storage programs.
registries.conf
## 如果这些文件不是默认创建的,可以从/usr/share/containers或复制文件/etc/containers并进行修改。
/etc/containers/registries.conf
/etc/containers/registries.d/
授权文件
[root@localhost ~]# cat /run/user/0/containers/auth.json
{
"auths": {
"registry.access.redhat.com": {
"auth": "YWlsYW9saW46bGl1emV6aGVuZzA4NTI="
}
}
使用卷!
容器与root用户一起运行,则root容器中的用户实际上就是主机上的用户。UID / GID 1是在/etc/subuid和/etc/subgid等中用户映射中指定的第一个UID / GID。如果普通用户的身份从主机目录挂载到容器中,并在该目录中以根用户身份创建文件,则会看到它实际上是你的用户在主机上拥有的。
[root@localhost ~]# useradd linjj
[root@localhost ~]# su - linjj
[linjj@localhost ~]$ pwd
/home/linjj
[linjj@localhost ~]$ mkdir test
[linjj@localhost ~]$ podman run -it --name linjunj -v "$(pwd)"/test:/abab busybox /bin/sh
Resolving "busybox" using unqualified-search registries (/etc/containers/registries.conf)
Trying to pull docker.io/library/busybox:latest...
Getting image source signatures
Copying blob b71f96345d44 done
Copying config 69593048aa done
Writing manifest to image destination
Storing signatures
/ # touch laolin/test
/ # ls -l laolin/test
-rw-r--r-- 1 root root 0 Aug 13 12:25 laolin/test
/ # exit
–userns=keep-id标志,以确保用户被映射到容器内自己的UID和GID
[linjj@localhost ~]$ podman run -it --name lss -v "$(pwd)"/test:/abab --userns=keep-id busybox /bin/sh
~ $ touch laolin/test
~ $ ls -l laolin/
total 0
-rw-r--r-- 1 linjj linjj 0 Aug 13 12:30 test
-rw-r--r-- 1 linjj linjj 0 Aug 13 12:30 ll
段口映射!!
# 可用映射>=1024的端口
[linjj@localhost ~]$ podman run --name lll -d -p 1025:80 nginx
✔ docker.io/library/nginx:latest
Trying to pull docker.io/library/nginx:latest...
Getting image source signatures
Copying blob 8a268f30c42a done
Copying blob 1f41b2f2bf94 done
Copying blob b10cf527a02d done
Copying blob c90b090c213b done
Copying blob dbb907d5159d done
Copying blob 33847f680f63 done
Copying config 08b152afcf done
Writing manifest to image destination
Storing signatures
2894ec0b80dc95fd6ac6fac246a2b6db27b71512e27dca8a614c93e2141e2330
[linjj@localhost ~]$ ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 0.0.0.0:35583 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 128 *:1025 *:*
## 用普通用户映射容器端口时会报“ permission denied”的错误
[linjj@localhost ~]$ podman run --name llll -d -p 80:80 nginx
Error: rootlessport cannot expose privileged port 80, you can add 'net.ipv4.ip_unprivileged_port_start=80' to /etc/sysctl.conf (currently 1024), or choose a larger port number (>= 1024): listen tcp 0.0.0.0:80: bind: permission denied
配置echo ‘net.ipv4.ip_unprivileged_port_start=80’ >> /etc/sysctl.conf
[root@localhost ~]# echo 'net.ipv4.ip_unprivileged_port_start=80' >> /etc/sysctl.conf
[root@localhost ~]# sysctl -p
net.ipv4.ip_unprivileged_port_start = 80
[root@localhost ~]# su linjj
[linjj@localhost ~]# podman run --name llll -d -p 80:80 nginx
f0087e2bc3765923e78306ae689093ca6111e07a7e9767361e963678da4e0507
[linjj@localhost ~]# podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
adc239fd732a docker.io/library/nginx:latest nginx -g daemon o... 32 minutes ago Up 32 minutes ago 0.0.0.0:35583->80/tcp ljj
f0087e2bc376 docker.io/library/nginx:latest nginx -g daemon o... 6 seconds ago Up 6 seconds ago 0.0.0.0:80->80/tcp llll
podman的网络应用
port
[root@localhost ~]# podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e234ty5634ef docker.io/library/nginx nginx -g daemon o... 10 days ago Up 2 seconds ago 0.0.0.0:39997->80/tcp t2
[root@localhost ~]# podman port e234ty5634ef
80/tcp -> 0.0.0.0:39997```
#### 共享网络
```powershell
[root@localhost ~]# podman run -it --rm --net slirp4netns:allow_host_loopback=true bash
Resolving "bash" using unqualified-search registries (/etc/containers/registries.conf)
Trying to pull docker.io/library/bash:latest...
Getting image source signatures
Copying blob ec83969a912d done
Copying blob 339de151aab4 done
Copying blob f0512d9ab85b done
Copying config d057f4d6e5 done
Writing manifest to image destination
Storing signatures
bash-5.1# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: tap0: <BROADCAST,UP,LOWER_UP> mtu 65520 qdisc fq_codel state UNKNOWN qlen 1000
link/ether b6:14:33:4e:82:95 brd ff:ff:ff:ff:ff:ff
inet 10.0.2.100/24 brd 10.0.2.255 scope global tap0
valid_lft forever preferred_lft forever
inet6 fe80::b414:33ff:fe4e:8295/64 scope link
valid_lft forever preferred_lft forever
[root@localhost ~]# podman run -it --rm --net slirp4netns:allow_host_loopback=true bash
bash-5.1# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: tap0: <BROADCAST,UP,LOWER_UP> mtu 65520 qdisc fq_codel state UNKNOWN qlen 1000
link/ether ce:42:fe:6e:96:f5 brd ff:ff:ff:ff:ff:ff
inet 10.0.2.100/24 brd 10.0.2.255 scope global tap0
valid_lft forever preferred_lft forever
inet6 fe80::cc42:feff:fe6e:96f5/64 scope link
valid_lft forever preferred_lft forever
查看网络模式!!
[root@localhost ~]# podman network ls
NAME VERSION PLUGINS
podman 0.4.0 bridge,portmap,firewall,tuning
指定网段!
[root@localhost ~]# podman network create mynetwork
/etc/cni/net.d/mynetwork.conflist
[root@localhost ~]# podman network ls
NAME VERSION PLUGINS
podman 0.4.0 bridge,portmap,firewall,tuning
mynetwork 0.4.0 bridge,portmap,firewall,tuning
#修改新生成的网络配置文件的子网和网关或者创建时使用--subnet 指定网段和子网掩码,--gateway指定网关
[root@localhost ~]# vim /etc/cni/net.d/mynetwork.conflist
{
"cniVersion": "0.4.0",
"name": "mynetwork",
"plugins": [
{
"type": "bridge",
"bridge": "cni-podman1",
"isGateway": true,
"ipMasq": true,
"hairpinMode": true,
"ipam": {
"type": "host-local",
"routes": [
{
"dst": "0.0.0.0/0"
}
],
"ranges": [
[
{
"subnet": "10.1.1.0/24",
"gateway": "10.1.1.1"
#修改/usr/share/containers/containers.conf文件设置默认网络为新创建的网络
[network]
# Path to directory where CNI plugin binaries are located.
#
# cni_plugin_dirs = ["/usr/libexec/cni"]
# Path to the directory where CNI configuration files are located.
#
# network_config_dir = "/etc/cni/net.d/"
default_network = "mynetwork"
#创建容器
[root@localhost ~]# podman run -it --rm bash
bash-5.1# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
3: eth0@if8: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP
link/ether 4e:b0:de:31:b7:92 brd ff:ff:ff:ff:ff:ff
inet 10.1.1.2/24 brd 10.1.1.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::4cb0:deff:fe31:b792/64 scope link
valid_lft forever preferred_lft forever
容器导入导出!!
[root@localhost ~]# vim /usr/share/containers/containers.conf
...
runtime = "runc"
...
[root@localhost ~]# podman run -dt --name httpd -p 8080:80/tcp httpd
[root@localhost ~]# podman inspect httpd | grep -i runtime
"OCIRuntime": "runc",
"--runtime",
"Runtime": "oci",
"CpuRealtimeRuntime": 0,
[root@localhost ~]# podman container checkpoint httpd -e /tmp/httpd.tar.gz
34fbc40074f1ac2c4f54a3dbf241817a9052cde340068d3d2dab3ec81072709e
[root@localhost ~]# ls /tmp/
httpd.tar.gz podman-run-1000 systemd-private-5dd59fc1c774458e9cbc863d264b0f0b-chronyd.service-48OWrh
容器删除再导入!
[root@localhost ~]# podman rm 34fbc40074f1
34fbc40074f1ac2c4f54a3dbf241817a9052cde340068d3d2dab3ec81072709e
[root@localhost ~]# podman container restore -i /tmp/httpd.tar.gz
34fbc40074f1ac2c4f54a3dbf241817a9052cde340068d3d2dab3ec81072709e
[root@localhost ~]# podman ps
[root@localhost ~]# podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e7818ccff6ff docker.io/library/nginx nginx -g daemon o... 10 days ago Up 30 minutes ago 0.0.0.0:39997->80/tcp t2
2418248f0821 docker.io/library/bash:latest bash 27 minutes ago Up 27 minutes ago sad_lehmann
34fbc40074f1 docker.io/library/httpd:latest httpd-foreground 6 seconds ago Up 7 seconds ago 0.0.0.0:8080->80/tcp httpd