podman
podman
1. podman文档
Podman 是一个无守护程序、开源的 Linux 原生工具,旨在使用开放容器计划 (OCI) 容器和容器映像轻松查找、运行、构建、共享和部署应用程序。Podman 提供了一个命令行界面 (CLI),任何使用过 Docker 容器引擎的人都熟悉。大多数用户可以简单地将Docker别名为Podman(别名docker=podman),而不会出现任何问题。与其他常见的容器引擎(Docker,CRI-O,containerd)类似,Podman依靠符合OCI的容器运行时(runc,crun,runv等)与操作系统接口并创建正在运行的容器。这使得Podman创建的正在运行的容器与任何其他常见容器引擎创建的容器几乎没有区别。Podman 控制下的容器可以由 root 用户或非特权用户运行。Podman 使用 libpod 库管理整个容器生态系统,其中包括 Pod、容器、容器映像和容器卷。Podman 专门研究所有帮助您维护和修改 OCI 容器映像(如拉取和标记)的命令和函数。它允许您在生产环境中创建、运行和维护这些容器和容器映像。
有一个 RESTFul API 来管理容器。我们还有一个远程Podman客户端,可以与RESTFul服务进行交互。我们目前支持 Linux、Mac 和 Windows 上的客户端。RESTFul 服务仅在 Linux 上受支持。
2.podman介绍
容器简化了应用程序的生产、分发、可发现性和使用,以及应用程序的所有依赖项和默认配置文件。用户使用一个或两个命令测试或部署新应用程序,而不是按照安装说明页面进行操作。
[root@mr ~]# podman run -it docker.io/library/busybox
/ # hostname
7ba888a54434
/ # exit
[root@mr ~]# docker run -it docker.io/library/busybox
Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg.
/ # hostname
072840b7d62e
/ # exit
[root@mr ~]#
有一句老话说,“没有人只是为了运行操作系统而运行操作系统”,容器也是如此。它是在操作系统或容器上运行的工作负载,既有趣又有价值。有时,我们可以为要查找的确切工作负载找到一个公开可用的容器映像,并且它已经按照我们想要的方式进行了打包。但是,通常情况下,我们想要添加,删除或自定义某些内容。它可以像安全性或性能的配置设置一样简单,也可以像添加复杂工作负载一样复杂。无论哪种方式,容器都可以相当容易地进行所需的更改。容器映像实际上不是映像,它们是通常由多个层组成的存储库。通过使用容器文件(Dockerfile),可以轻松添加,保存和与他人共享这些层。此单个文件通常包含构建新容器映像所需的所有说明,并且可以使用 GitHub 等工具轻松地与他人公开共享。
构建新映像固然很好,但是与他人共享我们的工作,让他们回顾我们的工作,批评我们如何构建它们,并提供改进的版本。我们新建的Nginx图像可以在 quay.io 或 docker.io 发布,以便与世界分享。运行Nginx应用程序所需的所有内容都在容器映像中提供。其他人可以很容易地将其拉下来并使用它,或者对其进行改进。容器映像和容器注册表的标准化通过简单使用将协作提升到新的水平。这种简单的消费模式是可能的,因为每个主要的容器引擎和注册表服务器都使用开放容器计划 (OCI) 格式。这允许用户在他们想要的任何地方查找、运行、构建、共享和部署容器。Podman 和其他容器引擎(如 CRI-O、Docker 或 containerd)可以从 docker.io、quay.io、内部部署注册表甚至云提供商提供的注册表中创建和使用容器映像。OCI 图像格式通过单一标准促进此生态系统。
总而言之,Podman使查找,运行,构建和共享容器变得容易。查找:无论是在 dockerhub.io 还是 quay.io、内部注册表服务器上查找容器,还是直接从供应商处查找容器,只需几个 podman 搜索和 podman pull 命令即可轻松实现运行:使用预构建的映像以及运行整个应用程序所需的一切很容易,或者使用 podman run 命令从 Linux 分发基础映像开始构建:通过小的调整创建新层,或者使用podman构建可以轻松进行大修分享:Podman 允许您使用单个 Podman 推送命令将新建的容器推送到任何您想要的位置
3. podman 安装
[root@mr ~]# rpm -qa|grep docker
[root@mr ~]# dnf list all|grep podman
Failed to set locale, defaulting to C.UTF-8
cockpit-podman.noarch 43-1.module_el8.7.0+1106+45480ee0 appstream
pcp-pmda-podman.x86_64 5.3.7-7.el8 appstream
podman.x86_64 2:4.0.2-1.module_el8.7.0+1106+45480ee0 appstream
podman-catatonit.x86_64 2:4.0.2-1.module_el8.7.0+1106+45480ee0 appstream
podman-docker.noarch 2:4.0.2-1.module_el8.7.0+1106+45480ee0 appstream
podman-gvproxy.x86_64 2:4.0.2-1.module_el8.7.0+1106+45480ee0 appstream
podman-plugins.x86_64 2:4.0.2-1.module_el8.7.0+1106+45480ee0 appstream
podman-remote.x86_64 2:4.0.2-1.module_el8.7.0+1106+45480ee0 appstream
podman-tests.x86_64 2:4.0.2-1.module_el8.7.0+1106+45480ee0 appstream
python3-podman.noarch 4.0.0-1.module_el8.7.0+1106+45480ee0 appstream
[root@mr ~]# which podman
/usr/bin/which: no podman in (/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/usr/local/mysql/bin)
[root@mr ~]# dnf -y install podman-docker
[root@mr ~]# which podman
/usr/bin/podman
[root@mr ~]# which docker
/usr/bin/docker
[root@mr ~]# rpm -qa|grep docker
podman-docker-4.0.2-1.module_el8.7.0+1106+45480ee0.noarch
[root@mr ~]# ll /usr/bin/docker
-rwxr-xr-x. 1 root root 163 Mar 16 03:16 /usr/bin/docker
[root@mr ~]# ll /usr/bin/podman
-rwxr-xr-x. 1 root root 50307664 Mar 16 03:17 /usr/bin/podman
[root@mr ~]# file /usr/bin/docker
/usr/bin/docker: POSIX shell script, ASCII text executable
[root@mr ~]# file /usr/bin/podman
/usr/bin/podman: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=16ee99ff383f7fb24a2fc7d97880bb15637bb88e, stripped
[root@mr ~]# rpm -qa|grep podman
podman-4.0.2-1.module_el8.7.0+1106+45480ee0.x86_64
podman-catatonit-4.0.2-1.module_el8.7.0+1106+45480ee0.x86_64
podman-docker-4.0.2-1.module_el8.7.0+1106+45480ee0.noarch
[root@mr ~]# dnf -y update libseccomp
[root@mr ~]# podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
[root@mr ~]# podman pull busybox
Resolved "busybox" as an alias (/etc/containers/registries.conf.d/000-shortnames.conf)
Trying to pull docker.io/library/busybox:latest...
Getting image source signatures
Copying blob 50783e0dfb64 done
Copying config 7a80323521 done
Writing manifest to image destination
Storing signatures
7a80323521ccd4c2b4b423fa6e38e5cea156600f40cd855e464cc52a321a24dd
配置加速器
[root@mr ~]# vim /etc/containers/registries.conf
unqualified-search-registries = [ "docker.io"]
#unqualified-search-registries = ["registry.fedoraproject.org", "registry.access.redhat.com", "registry.centos.org", "docker.io"]
[[registry]]
prefix = "docker.io"
location = "doxker.mirrors.ustc.edu.cn"
[root@mr ~]# docker pull httpd
Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg.
Resolving "httpd" using unqualified-search registries (/etc/containers/registries.conf)
Trying to pull docker.io/library/httpd:latest...
Getting image source signatures
Copying blob d982c879c57e done
Copying blob dcc4698797c8 done
Copying blob a2abf6c4d29d done
Copying blob 67283bbdd4a0 done
Copying blob 41c22baa66ec done
Copying config dabbfbe0c5 done
Writing manifest to image destination
Storing signatures
dabbfbe0c57b6e5cd4bc089818d3f664acfad496dc741c9a501e72d15e803b34
[root@mr ~]# docker images
Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg.
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/library/busybox latest 7a80323521cc 2 weeks ago 1.47 MB
docker.io/library/httpd latest dabbfbe0c57b 7 months ago 148 MB
[root@mr ~]# podman pull centos
Resolved "centos" as an alias (/etc/containers/registries.conf.d/000-shortnames.conf)
Trying to pull quay.io/centos/centos:latest...
Getting image source signatures
Copying blob 7a0437f04f83 done
Copying config 300e315adb done
Writing manifest to image destination
Storing signatures
300e315adb2f96afe5f0b2780b87f28ae95231fe3bdd1e16b9ba606307728f55
[root@mr ~]# podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/library/busybox latest 7a80323521cc 2 weeks ago 1.47 MB
docker.io/library/httpd latest dabbfbe0c57b 7 months ago 148 MB
quay.io/centos/centos latest 300e315adb2f 20 months ago 217 MB
[root@mr ~]# podman pull docker.io/library/centos
Trying to pull docker.io/library/centos:latest...
Getting image source signatures
Copying blob a1d0c7532777 done
Copying config 5d0da3dc97 done
Writing manifest to image destination
Storing signatures
5d0da3dc976460b72c77d94c8a1ad043720b0416bfc16c52c45d4847e53fadb6
[root@mr ~]# podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/library/busybox latest 7a80323521cc 2 weeks ago 1.47 MB
docker.io/library/httpd latest dabbfbe0c57b 7 months ago 148 MB
docker.io/library/centos latest 5d0da3dc9764 11 months ago 239 MB
quay.io/centos/centos latest 300e315adb2f 20 months ago 217 MB
[root@mr ~]#
4. podman命令
cp在容器和本地文件系统之间复制文件/文件夹
[root@mr ~]# podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@mr ~]# podman run -it busybox
/ # ls
bin dev etc home proc root run sys tmp usr var
[root@mr ~]# ls
anaconda-ks.cfg
[root@mr ~]# podman cp anaconda-ks.cfg 7d075afc57bc:/
/ # ls
anaconda-ks.cfg etc root tmp
bin home run usr
dev proc sys var
[root@mr ~]# ls /opt/
[root@mr ~]# podman cp 7d075afc57bc:/anaconda-ks.cfg /opt/
[root@mr ~]# ls /opt/
anaconda-ks.cfg
创造创建但不启动容器
[root@mr ~]# podman create --name web httpd
44303ee285107d8bf68273a21be1ce8f609ab5cce364e2671248773d235ef532
[root@mr ~]# podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
7d075afc57bc docker.io/library/busybox:latest sh About an hour ago Up About an hour ago clever_kare
[root@mr ~]# podman ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
7ba888a54434 docker.io/library/busybox:latest sh 2 hours ago Exited (0) 2 hours ago zealous_shaw
072840b7d62e docker.io/library/busybox:latest sh 2 hours ago Exited (0) 2 hours ago focused_pasteur
7d075afc57bc docker.io/library/busybox:latest sh About an hour ago Up About an hour ago clever_kare
44303ee28510 docker.io/library/httpd:latest httpd-foreground 50 seconds ago Created web
diff检查容器文件系统上的更改
[root@mr ~]# podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
7d075afc57bc docker.io/library/busybox:latest sh About an hour ago Up About an hour ago clever_kare
[root@mr ~]# podman diff 7d075afc57bc
C /root
A /root/.ash_history
A /anaconda-ks.cfg
C /etc
events显示事件
[root@mr ~]# podman events
exec 在正在运行的容器中运行进程
[root@mr ~]# podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
7d075afc57bc docker.io/library/busybox:latest sh About an hour ago Up About an hour ago clever_kare
[root@mr ~]# podman exec -it 7d075afc57bc /bin/sh
/ # ls
anaconda-ks.cfg etc root tmp
bin home run usr
dev proc sys var
/ # exit
health检查管理运行状况检查
[root@mr ~]# podman start web
web
[root@mr ~]# podman healthcheck run web
Error: container 44303ee285107d8bf68273a21be1ce8f609ab5cce364e2671248773d235ef532 has no defined healthcheck
history显示指定图像的历史记录
[root@mr ~]# podman history httpd
ID CREATED CREATED BY SIZE COMMENT
dabbfbe0c57b 7 months ago /bin/sh -c #(nop) CMD ["httpd-foreground"] 0 B
<missing> 7 months ago /bin/sh -c #(nop) EXPOSE 80 0 B
<missing> 7 months ago /bin/sh -c #(nop) COPY file:c432ff61c4993e... 3.58 kB
<missing> 7 months ago /bin/sh -c #(nop) STOPSIGNAL SIGWINCH 0 B
<missing> 7 months ago /bin/sh -c set -eux; savedAptMark="$(apt... 61.1 MB
<missing> 7 months ago /bin/sh -c #(nop) ENV HTTPD_PATCHES= 0 B
<missing> 7 months ago /bin/sh -c #(nop) ENV HTTPD_SHA256=0127f7... 0 B
<missing> 7 months ago /bin/sh -c #(nop) ENV HTTPD_VERSION=2.4.52 0 B
<missing> 7 months ago /bin/sh -c set -eux; apt-get update; apt... 2.72 MB
<missing> 7 months ago /bin/sh -c #(nop) WORKDIR /usr/local/apache2 0 B
<missing> 7 months ago /bin/sh -c mkdir -p "$HTTPD_PREFIX" && ch... 3.07 kB
<missing> 7 months ago /bin/sh -c #(nop) ENV PATH=/usr/local/apa... 0 B
<missing> 7 months ago /bin/sh -c #(nop) ENV HTTPD_PREFIX=/usr/l... 0 B
<missing> 7 months ago /bin/sh -c #(nop) CMD ["bash"] 0 B
<missing> 7 months ago /bin/sh -c #(nop) ADD file:09675d11695f65c... 83.9 MB
[root@mr ~]#
image管理图像
[root@mr ~]# podman image
Manage images
Description:
Manage images
Usage:
podman image [command]
Available Commands:
build Build an image using instructions from Containerfiles
diff Inspect changes to the image's file systems
exists Check if an image exists in local storage
history Show history of a specified image
import Import a tarball to create a filesystem image
inspect Display the configuration of an image
list List images in local storage
load Load image(s) from a tar archive
mount Mount an image's root filesystem
prune Remove unused images
pull Pull an image from a registry
push Push an image to a specified destination
rm Removes one or more images from local storage
save Save image(s) to an archive
scp securely copy images
search Search registry for image
sign Sign an image
tag Add an additional name to a local image
tree Prints layer hierarchy of an image in a tree format
trust Manage container image trust policy
unmount Unmount an image's root filesystem
untag Remove a name from a local image
Error: missing command 'podman image COMMAND'
[root@mr ~]#
images列出本地存储中的图像
[root@mr ~]# podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/library/busybox latest 7a80323521cc 2 weeks ago 1.47 MB
docker.io/library/httpd latest dabbfbe0c57b 7 months ago 148 MB
docker.io/library/centos latest 5d0da3dc9764 11 months ago 239 MB
quay.io/centos/centos latest 300e315adb2f 20 months ago 217 MB
[root@mr ~]#
network管理网络
[root@mr ~]# podman network ls
NETWORK ID NAME DRIVER
2f259bab93aa podman bridge
inspect显示容器或映像的配置
[root@mr ~]# docker inspect 2f259bab93aa
Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg.
[
{
"name": "podman",
"id": "2f259bab93aaaaa2542ba43ef33eb990d0999ee1b9924b557b7be53c0b7a1bb9",
"driver": "bridge",
"network_interface": "cni-podman0",
"created": "2022-08-14T21:44:58.871039094+08:00",
"subnets": [
{
"subnet": "10.88.0.0/16",
"gateway": "10.88.0.1"
}
],
"ipv6_enabled": false,
"internal": false,
"dns_enabled": false,
"ipam_options": {
"driver": "host-local"
}
}
]
[root@mr ~]#
generate生成的结构化数据
[root@mr ~]# docker ps
Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg.
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
7d075afc57bc docker.io/library/busybox:latest sh 8 hours ago Up 8 hours ago clever_kare
44303ee28510 docker.io/library/httpd:latest httpd-foreground 7 hours ago Up 7 hours ago web
[root@mr ~]# podman generate systemd --name web --files --new
/root/container-web.service
[root@mr ~]# ls
anaconda-ks.cfg container-web.service
[root@mr ~]# cp container-web.service /usr/lib/systemd/system/
[root@mr ~]# systemctl daemon-reload
[root@mr ~]# systemctl status container-web
● container-web.service - Podman container-web.service
Loaded: loaded (/usr/lib/systemd/system/container-web.service; disabled; v>
Active: inactive (dead)
Docs: man:podman-generate-systemd(1)
lines 1-4/4 (END)
logs获取容器的日志
[root@mr ~]# podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
7d075afc57bc docker.io/library/busybox:latest sh 9 hours ago Up 9 hours ago clever_kare
44303ee28510 docker.io/library/httpd:latest httpd-foreground 7 hours ago Up 7 hours ago web
[root@mr ~]# podman logs web
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 10.88.0.5. Set the 'ServerName' directive globally to suppress this message
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 10.88.0.5. Set the 'ServerName' directive globally to suppress this message
[Sun Aug 14 13:32:39.283366 2022] [mpm_event:notice] [pid 1:tid 140518434610496] AH00489: Apache/2.4.52 (Unix) configured -- resuming normal operations
[Sun Aug 14 13:32:39.291828 2022] [core:notice] [pid 1:tid 140518434610496] AH00094: Command line: 'httpd -D FOREGROUND'
port列出容器的端口映射或特定映射
[root@mr ~]# podman port web
80/tcp -> 0.0.0.0:80
[root@mr ~]#
rename重命名容器
[root@mr ~]# podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
3fcd4ad8f238 docker.io/library/httpd:latest httpd-foreground 12 minutes ago Up 12 minutes ago web
[root@mr ~]# podman rename web myweb
[root@mr ~]# podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
3fcd4ad8f238 docker.io/library/httpd:latest httpd-foreground 13 minutes ago Up 13 minutes ago myweb
systemctl管理 podman
[root@mr ~]# podman system df
TYPE TOTAL ACTIVE SIZE RECLAIMABLE
Images 4 2 604.3MB 455.1MB (0%)
Containers 4 1 1.167kB 1.153kB (0%)
Local Volumes 0 0 0B 0B (0%)
top显示容器的运行进程
[root@mr ~]# podman top web
USER PID PPID %CPU ELAPSED TTY TIME COMMAND
root 1 0 0.000 1h30m8.817901198s ? 0s httpd -DFOREGROUND
www-data 10 1 0.000 1h30m8.818242046s ? 0s httpd -DFOREGROUND
www-data 11 1 0.000 1h30m8.818336497s ? 0s httpd -DFOREGROUND
www-data 12 1 0.000 1h30m8.818442663s ? 0s httpd -DFOREGROUND
unmount卸载工作容器的根文件系统
[root@mr ~]# podman unmount web
web
version显示 Podman 版本信息
[root@mr ~]# podman version
Client: Podman Engine
Version: 4.0.2
API Version: 4.0.2
Go Version: go1.17.7
Built: Wed Mar 16 03:15:06 2022
OS/Arch: linux/amd64
[root@mr ~]#
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 震惊!C++程序真的从main开始吗?99%的程序员都答错了
· 单元测试从入门到精通
· 【硬核科普】Trae如何「偷看」你的代码?零基础破解AI编程运行原理
· 上周热点回顾(3.3-3.9)
· winform 绘制太阳,地球,月球 运作规律