podman基础命令
podman基础命令
podman cp 在容器和本地文件系统之间 复制文件/文件夹
//将本地文件传输到容器中
[root@localhost ~]# podman ps -a
C0ONTAINER ID IMAGE COMMAND CREATED
STATUS PORTS NAMES
9471fdc1f3b6 docker.io/library/httpd:latest httpd-foreground 23 second s ago Up 2 seconds ago wqe
[root@localhost ~]# ls
anaconda-ks.cfg
[root@localhost ~]# podman cp anaconda-ks.cfg wqe:/tmp/
[root@localhost ~]# podman exxec -it wqe /bin/bash
Error: unknown shorthand flag: 'i' in -it
[root@localhost ~]# podman exec -it wqe /bin/bash root@9471fdc1f3b6:/usr/local/apache2# cd /tmp/
root@9471fdc1f3b6:/tmp# ls anaconda-ks.cfg
//将容器中备份数据传输到主机
[root@localhost ~]# ls
anaconda-ks.cfg
[root@localhost ~]# rm -rf anaconda-ks.cfg
[root@localhost ~]# ls
//备份
root@9471fdc1f3b6:/tmp# ls
anaconda-ks.cfg
[root@localhost ~]# podman cp wqe:/tmp/anaconda-ks.cfg .
[root@localhost ~]# ls
anaconda-ks.cfg //成功
podman events 显示容器事件
//创建个容器
[root@localhost ~]# podman run -d httpd
248b6747cc3c50f88eb431559d2f3fa060b2758fa8777f3911e44f34eb4dc988
[root@localhost ~]# podman events
2022-08-16 17:23:54.423946966 +0800 CST container create 258b6747cc3c40f89eb43199d2f3fa060b2758fa8777f3911e44f34eb4dc988e (image=docker.io/librar y/httpd:latest, name=flamboyant_noyce)
2022-08-16 17:23:54.315246854 +0800 CST image pull httpd
2022-08-16 17:23:55.607816877 +0800 CST container init 258b6747cc3c40f89e
b43199d2f3fa060b2758fa8777f3911e44f34eb4dc988e (image=docker.io/library/httpd:latest, name=flamboyant_noyce)
2022-08-16 17:23:55.621392428 +0800 CST container start 258b6747cc3c40f89 eb43199d2f3fa060b2758fa8777f3911e44f34eb4dc988e
(image=docker.io/library/httpd:latest, name=flamboyant_noyce)
diff 检查容器文件系统上的更改
//查看这个容器发生了哪些改变
[root@localhost ~]# podman diff wqe
C /usr
C /usr/local
C /usr/local/apache2
C /usr/local/apache2/logs
A /usr/local/apache2/logs/httpd.pid //添加
C /etc
C /tmp
A /tmp/anaconda-ks.cfg
export 将容器的文件系统内容导出为 tar 存档
[root@localhost ~]# podman export -o web.tar web1
[root@localhost ~]# ls
anaconda-ks.cfg busybox.tar web.tar
podman import # 导入容器快照
[root@localhost ~]# podman import web.tar
Getting image source signatures
Copying blob f8c5231b85bd done
Copying config 4166d975be done
Writing manifest to image destination
Storing signatures
sha256:4166d975beffdcb17b6a87b7f6b0878594b8e4d4d972e487c70fe60626b07724
[root@localhost ~]# podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
<none> <none> 4166d975beff 5 minutes ago 147 MB
docker.io/library/httpd latest f2a976f932ec 11 days ago 149 MB
podman-generate 生成结构化数据,将容器生成一个数据
//拉取一个镜像
[root@localhost ~]# podman pull nginx
[root@localhost ~]# podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/library/nginx latest b692a91e4e15 2 weeks ago 146 MB
[root@localhost ~]# podman run -d --name nginx -p 1314:80 nginx
[root@localhost ~]# podman ps
CONTAINER ID IMAGE COMMAND CREAT
c6b30c7a6800 docker.io/library/nginx:latest nginx -g daemon o... 5 sec onds ago Up 5 seconds ago 0.0.0.0:1314->80/tcp nginx
[root@localhost ~]# cd /etc/systemd/system/
[root@localhost system]# ls
basic.target.wants network-online.target.wants
ctrl-alt-del.target sockets.target.wants
dbus-org.fedoraproject.FirewallD1.service sysinit.target.wants
dbus-org.freedesktop.nm-dispatcher.service syslog.service
default.target timers.target.wants
getty.target.wants vmtoolsd.service.requires
multi-user.target.wants
[root@localhost system]# podman generate systemd --files --name nginx
/etc/systemd/system/container-nginx.service
[root@localhost system]# ls
basic.target.wants multi-user.target.wants
container-nginx.service network-online.target.wants
ctrl-alt-del.target sockets.target.wants
dbus-org.fedoraproject.FirewallD1.service sysinit.target.wants
dbus-org.freedesktop.nm-dispatcher.service syslog.service
default.target timers.target.wants
getty.target.wants vmtoolsd.service.requires
//修改当前配置
[root@localhost system]# vim container-nginx.service
[root@localhost system]# cat container-nginx.service
# container-nginx.service
# autogenerated by Podman 3.3.1
# Tue Aug 16 18:54:54 CST 2022
[unit]
Description=Podman Nginx Service
After=network.target
After=network-online.target
[Service]
Type=simple
ExecStart=/usr/bin/podman start -a nginx ExecStop=/usr/bin/podman stop -t 10 nginx
Restart=always
[Install]
WantedBy=multi-user.target
//重启服务
[root@localhost system]# systemctl daemon-reload [root@localhost system]# systemctl enable --now container-nginx.service
Created symlink /etc/systemd/system/multi-user.target.wants/container-ngi nx.service → /etc/systemd/system/container-nginx.service
[root@localhost system]# systemctl status container-nginx.service
● container-nginx.service
Loaded: loaded (/etc/systemd/system/container-nginx.service; enabled; vend>
Active: active (running) since Tue 2022-08-16 18:58:48 CST; 4s ago
Main PID: 21928 (podman) //成功
Tasks: 6 (limit: 23460)
Memory: 20.8M
CGroup: /system.slice/container-nginx.service
└─21928 /usr/bin/podman start -a nginx
Aug 16 18:58:48 localhost.localdomain systemd[1]: Started container-ngin x.ser
history用于查看镜像信息操作
[root@localhost ~]# podman history busybox
ID CREATED CREATED BY SIZE COMMENT
beae173ccac6 7 months ago /bin/sh -c #(nop) CMD ["sh"] 0 B
<missing> 7 months ago /bin/sh -c #(nop) ADD file:6db446a57cbd2b7... 1.46 MB
info输出podma详细信息
[root@localhost ~]# podman info
host:
arch: amd64
buildahVersion: 1.22.3
cgroupControllers:
- cpuset
- cpu
- cpuacct
- blkio
- memory
- devices
- freezer
- net_cls
- perf_event
- net_prio
- hugetlb
- pids
- rdma
cgroupManager: systemd
cgroupVersion: v1
conmon:
package: conmon-2.0.29-1.module_el8.5.0+890+6b136101.x86_64
path: /usr/bin/conmon
version: 'conmon version 2.0.29, commit: 84384406047fae626269133e1951c4b92eed7603'
cpus: 1
init初始化容器,初始化一个或多个容器,例如之前在容器中做了挂载、修改文件系统,这时需要初始化容器配置才会生效
//必须先停止在初始化
[root@localhost ~]# podman stop hh
hh
[root@localhost ~]# podman ps -a | grep hh
a03f744e2987 docker.io/library/httpd:latest httpd-foreground 30 minutes ago Exited (0) 16 seconds ago hh
[root@localhost ~]# podman init hh
a03f744e298754a75a02538d5d2b94e18b7b640deed8003b2b5affec73e32351
[root@localhost ~]# podman ps -a | grep hh
a03f744e2987 docker.io/library/httpd:latest httpd-foreground 30 minutes ago created hh
[root@localhost ~]# podman start hh
hh
[root@localhost ~]# podman ps -a | grep hh
a03f744e2987 docker.io/library/httpd:latest httpd-foreground 30 minutes ago Up 2 seconds ago hh
[hh@localhost ~]$ cd /tmp/
[hh@localhost tmp]$ ll
total 141436
drwx------. 3 hh hh 24 Aug 15 16:50 containers-user-1000
drwx------. 6 hh hh 63 Aug 15 17:09 podman-run-1000
port查看印射的80端口
[hh@localhost tmp]$ podman ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
dbf856602146 docker.io/library/httpd:latest httpd-foreground 8 hours ago Up 24 minutes ago 0.0.0.0:81->80/tcp web
[hh@localhost tmp]$ podman port
Error: you must supply a running container name or id
[hh@localhost tmp]$ podman port web
80/tcp -> 0.0.0.0:81
Podman 远程启动连接
介绍
Podman远程客户端的目的是允许用户在单独的客户端上与Podman“后端”进行交互。远程客户端的命令行界面与常规 Podman 命令完全相同,只是删除了一些标志,因为它们不适用于远程客户端。
远程客户端利用客户端-服务器模型。您需要在运行 SSH 守护程序的 Linux 机器或虚拟机上安装 Podman。在本地操作系统上,当您执行 Podman 命令时,Podman 通过 SSH 连接到服务器。然后,它通过使用 systemd 套接字激活并点击我们的 Rest API 连接到 Podman 服务。Podman 命令在服务器上执行。从客户的角度来看,Podman似乎在本地运行。
root用户启动套接字
[root@localhost ~]# systemctl start podman //启动podman也就相对应套接字也随之启动
[root@localhost ~]# systemctl status podman.socket
● podman.socket - Podman API Socket
Loaded: loaded (/usr/lib/systemd/system/podman.socket; disabled; vendor pr>
Active: active (listening) since Mon 2022-08-15 16:41:46 CST; 24h ago
Docs: man:podman-system-service(1)
Listen: /run/podman/podman.sock (Stream)
Tasks: 0 (limit: 23460)
Memory: 0B
CGroup: /system.slice/podman.socket
Aug 15 16:41:46 localhost.localdomain systemd[1]: Listening on Podman API Soc>
lines 1-10/10 (END)
普通用户启动方式
在服务器机器上启用 Podman 服务。
在执行任何 Podman 客户端命令之前,必须在 Linux 服务器上启用 podman.sock SystemD 服务。在这些示例中,我们将 Podman 作为普通的非特权用户(也称为无根用户)运行。缺省情况下,无根套接字侦听 。您可以使用以下命令永久启用此套接字:/run/user/${UID}/podman/podman.sock
systemctl --user enable --now podman.socket
podman网络管理
注意:启动一个容器后,会出现cni-poman0网卡,容器启动时,默认会连接podman网络
[root@localhost ~]# ip a show cni-podman0
3: cni-podman0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether ae:fa:0b:90:77:8e brd ff:ff:ff:ff:ff:ff
inet 10.88.0.1/16 brd 10.88.255.255 scope global cni-podman0
valid_lft forever preferred_lft forever
inet6 fe80::acfa:bff:fe90:778e/64 scope link
valid_lft forever preferred_lft forever
[root@localhost ~]#
查看容器网路
[root@localhost ~]# podman network ls
NETWORK ID NAME VERSION PLUGINS
2f259bab93aa podman 0.4.0 bridge,portmap,firewall,tuning
884e74728f04 newnet 0.4.0 bridge,portmap,firewall,tuning
45b3499a170b newnet1 0.4.0 bridge,portmap,firewall,tuning
31213d4efd11 newnet2 0.4.0 bridge,portmap,firewall,tuning
4d24ca3baa36 podman2 0.4.0 bridge,portmap,firewall,tuning
断开网络(disconnect)
[root@localhost ~]# podman network disconnect podman2 nginx2
重启容器网络(reload)
[root@localhost ~]# podman network reload nginx2
b926e6a2a1b16b8275fa59813d30139c03ab6678933219fd551acc7105e8c742
删除podman网络(rm)
[root@localhost ~]# podman network ls
NETWORK ID NAME VERSION PLUGINS
2f259bab93aa podman 0.4.0 bridge,portmap,firewall,tuning
884e74728f04 newnet 0.4.0 bridge,portmap,firewall,tuning
45b3499a170b newnet1 0.4.0 bridge,portmap,firewall,tuning
31213d4efd11 newnet2 0.4.0 bridge,portmap,firewall,tuning
4d24ca3baa36 podman2 0.4.0 bridge,portmap,firewall,tuning
[root@localhost ~]# podman network rm newnet1 newnet2
newnet1
newnet2
[root@localhost ~]# podman network ls
NETWORK ID NAME VERSION PLUGINS
2f259bab93aa podman 0.4.0 bridge,portmap,firewall,tuning
884e74728f04 newnet 0.4.0 bridge,portmap,firewall,tuning
4d24ca3baa36 podman2 0.4.0 bridge,portmap,firewall,tuning
