podman
podman简介
Podman是一种开源的Linux原生工具,旨在根据开放容器倡议(Open Container Initiative,OCI)标准开发、管理和运行容器和Pod。Podman是RedHat开发的一个用户友好的容器调度器,是RedHat 8和CentOS 8中默认的容器引擎
这些工具还可以与任何OCI兼容的容器引擎(如Docker)一起工作,使其易于转换到Podman或与现有的Docker安装一起使用。Kubernetes可以使用Podman吗?答案是:是的。事实上,Kubernetes和Podman在某些方面是相似的。
Podman对于容器有着不同的方法论。正如它的名字所暗示的那样,Podman可以创建一起工作的容器“Pod”,这是一个类似Kubernetes里Pod的特性。Pod在一个共同的命名空间里,作为一个单元来管理容器。
比较主要的好处是开发人员可以共享资源,在一个Pod中为同一个应用程序使用不同的容器:一个容器用于前端,另一个容器用于后端,还有一个数据库。Pod的配置可以导到Kubernetes兼容的YAML文件,并应用到Kubernetes集群中,从而允许容器更快地进入生产。
Podman的另一个特性是它是无守护进程的。守护进程是在后台运行的程序,它处理服务、进程和请求,没有用户界面。Podman是一种独特的容器引擎,因为它实际上并不依赖于守护进程,而是作为子进程启动容器和Pod。
你可能会问:“我为什么要使用Podman?”作为一种开发和管理工具,Podman具有独特的优势,这使得它在适当的环境中成为Docker的可行和有趣的替代品。或者一个与Docker并肩工作的强大补充,因为它支持与Docker兼容的CLI接口
podman安装
Podman 在 CentOS 7 的默认 Extras 存储库和 CentOS 8 和 Stream 的 AppStream 存储库中可用
[root@localhost ~]# dnf -y install podman
加速
[root@localhost ~]# vim /etc/containers/registries.conf
unqualified-search-registries = ["docker.io"]
[[registry]]
prefix="docker.io"
location = "docker.mirrors.ustc.edu.cn"
podman基本命令
查看版本
[root@localhost ~]# podman -v
podman version 3.3.1
[root@localhost ~]# podman version
Version: 3.3.1
API Version: 3.3.1
Go Version: go1.16.7
Built: Wed Nov 10 05:23:56 2021
OS/Arch: linux/amd64
[root@localhost ~]# podman info
host:
arch: amd64
buildahVersion: 1.22.3
cgroupControllers:
- cpuset
- cpu
- cpuacct
- blkio
- memory
- devices
- freezer
- net_cls
- perf_event
- net_prio
- hugetlb
- pids
- rdma
cgroupManager: systemd
cgroupVersion: v1
conmon:
package: conmon-2.0.29-1.module_el8.5.0+890+6b136101.x86_64
path: /usr/bin/conmon
version: 'conmon version 2.0.29, commit: 84384406047fae626269133e1951c4b92eed7603'
镜像管理子命令
搜索镜像
[root@localhost ~]# podman image search httpd
INDEX NAME DESCRIPTION STARS OFFICIAL AUTOMATED
fedoraproject.org registry.fedoraproject.org/f29/httpd 0
redhat.com registry.access.redhat.com/ubi9/httpd-24 rhcc_registry.access.redhat.com_ubi9/httpd-2... 0
redhat.com registry.access.redhat.com/rhscl/httpd-24-rhel7 Apache HTTP 2.4 Server 0
redhat.com registry.access.redhat.com/rhmap45/httpd Provides an extension to the RHSCL Httpd ima... 0
......
拉取镜像
[root@localhost ~]# podman image pull busybox
Resolved "busybox" as an alias (/etc/containers/registries.conf.d/000-shortnames.conf)
Trying to pull docker.io/library/busybox:latest...
Getting image source signatures
Copying blob 50783e0dfb64 done
Copying config 7a80323521 done
Writing manifest to image destination
Storing signatures
7a80323521ccd4c2b4b423fa6e38e5cea156600f40cd855e464cc52a321a24dd
列出本地存储中镜像
[root@localhost ~]# podman image list
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/library/httpd latest f2a976f932ec 12 days ago 149 MB
docker.io/library/busybox latest 7a80323521cc 2 weeks ago 1.47 MB
对镜像修改标签
[root@localhost ~]# podman tag busybox zzking1/busybox:v0.1
[root@localhost ~]# podman image list
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/library/httpd latest f2a976f932ec 12 days ago 149 MB
docker.io/library/busybox latest 7a80323521cc 2 weeks ago 1.47 MB
localhost/zzking1/busybox v0.1 7a80323521cc 2 weeks ago 1.47 MB
删除未使用的镜像
[root@localhost ~]# podman image prune
WARNING! This will remove all dangling images.
Are you sure you want to continue? [y/N] y
显示指定镜像的历史记录
[root@localhost ~]# podman image history httpd
ID CREATED CREATED BY SIZE COMMENT
f2a976f932ec 12 days ago /bin/sh -c #(nop) CMD ["httpd-foreground"] 0 B
<missing> 12 days ago /bin/sh -c #(nop) EXPOSE 80 0 B
<missing> 12 days ago /bin/sh -c #(nop) COPY file:c432ff61c4993e... 3.58 kB
......
检查映像文件系统的更改
[root@localhost ~]# podman diff httpd
C /usr
C /usr/local
C /usr/local/bin
A /usr/local/bin/httpd-foreground
显示镜像的配置
[root@localhost ~]# podman image inspect httpd
[
{
"Id": "f2a976f932ec6fe48978c1cdde2c8217a497b1f080c80e49049e02757302cf74",
"Digest": "sha256:343452ec820a5d59eb3ab9aaa6201d193f91c3354f8c4f29705796d9353d4cc6",
"RepoTags": [
"docker.io/library/httpd:latest"
],
"RepoDigests": [
"docker.io/library/httpd@sha256:343452ec820a5d59eb3ab9aaa6201d193f91c3354f8c4f29705796d9353d4cc6",
"docker.io/library/httpd@sha256:98778663b10c3952e9d7dd8a10e1ca2a8ce31f11b5f0ff9d7b3b36ddb8201db8"
.......
删除镜像
[root@localhost ~]# podman image rm httpd
Untagged: docker.io/library/httpd:latest
Deleted: f2a976f932ec6fe48978c1cdde2c8217a497b1f080c80e49049e02757302cf74
[root@localhost ~]# podman image list
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/library/busybox latest 7a80323521cc 2 weeks ago 1.47 MB
localhost/zzking1/busybox v0.1 7a80323521cc 2 weeks ago 1.47 MB
将镜像保存到本地
[root@localhost ~]# podman image save httpd > http.tat
[root@localhost ~]# ls
anaconda-ks.cfg http.tat
容器管理子命令
创建一个或多个容器
[root@localhost ~]# podman container create httpd
af93472263b8653a09d1335fb144df1ac3253aafea7a4d7343c417d9d847a015
启动一个或多个容器
[root@localhost ~]# podman container start af93472263b8 zdz
af93472263b8
zdz
容器列表
//参数
-a 或 --all //列出所有容器,包括未运行
-s 或 --size //查看本地机上所有运行实例的大小
-q 或 --quiet //查看容器id
[root@localhost ~]# podman container list
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
af93472263b8 docker.io/library/httpd:latest httpd-foreground 7 minutes ago Up About a minute ago upbeat_joliot
a4bc7bfc67e1 docker.io/library/httpd:latest httpd-foreground About a minute ago Up About a minute ago zdz
[root@localhost ~]# podman container ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
af93472263b8 docker.io/library/httpd:latest httpd-foreground 7 minutes ago Up About a minute ago upbeat_joliot
a4bc7bfc67e1 docker.io/library/httpd:latest httpd-foreground 2 minutes ago Up About a minute ago zdz
重命名现有容器
[root@localhost ~]# podman container rename zdz z1
[root@localhost ~]# podman container list
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
af93472263b8 docker.io/library/httpd:latest httpd-foreground 8 minutes ago Up 3 minutes ago upbeat_joliot
a4bc7bfc67e1 docker.io/library/httpd:latest httpd-foreground 3 minutes ago Up 3 minutes ago z
停止一个或多个容器
[root@localhost ~]# podman stop z1
z1
[root@localhost ~]# podman container ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
af93472263b8 docker.io/library/httpd:latest httpd-foreground 9 minutes ago Up 3 minutes ago upbeat_joliot
重新启动一个或多个容器
[root@localhost ~]# podman container restart z1
a4bc7bfc67e1d1d76e35abd8807f4929113d816e8780b2d084b95b481c09a8c5
[root@localhost ~]# podman container ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
af93472263b8 docker.io/library/httpd:latest httpd-foreground 10 minutes ago Up 4 minutes ago upbeat_joliot
a4bc7bfc67e1 docker.io/library/httpd:latest httpd-foreground 5 minutes ago Up 4 seconds ago z1
在新容器中运行命令(可以理解为创建并启动容器)
//参数
--name 容器名 //指定容器名
--label 标记名 //加标记方便查找
-it //让容器的输入保持打开状态,并分配终端
-c //不进行登录执行命令
-d //将容器放入后台进行执行
-v //可以创建多个数据卷
也可挂载到宿主机的目录,如果本地没有目录,则自动生成一个目录
挂载方法 //宿主机目录:docker数据卷
-p //映射端口 宿主机端:容器端口
-P //发布所有公开的端口(随机映射端口号)
--volumes-from //容器和容器之间建立联系
[root@localhost ~]# podman container run -itd --name zz busybox
11ba82d498a144ffd4f563cb6c9d486a7200d6c1988ddab4f021d8dc4fe49177
[root@localhost ~]# podman container ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
af93472263b8 docker.io/library/httpd:latest httpd-foreground 11 minutes ago Up 5 minutes ago upbeat_joliot
a4bc7bfc67e1 docker.io/library/httpd:latest httpd-foreground 6 minutes ago Up 59 seconds ago z1
11ba82d498a1 docker.io/library/busybox:latest sh 3 seconds ago Up 4 seconds ago zz
attach 进入容器
[root@localhost ~]# podman attach zz
/ # ls
bin dev etc home proc root run sys tmp usr var
/ #
cp 在容器和本地文件之间复制文件/文件夹
[root@localhost ~]# podman cp 123 z1:/
[root@localhost ~]# podman container exec -it z1 /bin/sh
# ls /
123 bin dev home lib64 mnt proc run srv tmp var
abc boot etc lib media opt root sbin sys usr
检查对容器文件系统的更改
[root@localhost ~]# podman diff z1
A /123
A /abc
C /usr
C /usr/local
C /usr/local/apache2
C /usr/local/apache2/logs
A /usr/local/apache2/logs/httpd.pid
C /etc
显示容器的配置
[root@localhost ~]# podman inspect z1
[
{
"Id": "a4bc7bfc67e1d1d76e35abd8807f4929113d816e8780b2d084b95b481c09a8c5",
"Created": "2022-08-15T12:18:07.208547239+08:00",
"Path": "httpd-foreground",
"Args": [
"httpd-foreground"
],
"State": {
"OciVersion": "1.0.2-dev",
"Status": "running",
"Running": true,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
......
显示容器使用资源的状态
[root@localhost ~]# podman stats z1
ID NAME CPU % MEM USAGE / LIMIT MEM % NET IO BLOCK IO PIDS CPU TIME AVG CPU %
a4bc7bfc67e1 z1 5.60% 12.87MB / 986.6MB 1.30% 908B / 1.424kB -- / -- 82 929.091738ms 5.60%
显示容器的运行进程
[root@localhost ~]# podman top z1
USER PID PPID %CPU ELAPSED TTY TIME COMMAND
root 1 0 0.000 5m17.832133181s ? 0s httpd -DFOREGROUND
www-data 7 1 0.000 5m17.832330571s ? 0s httpd -DFOREGROUND
www-data 8 1 0.000 5m17.832445586s ? 0s httpd -DFOREGROUND
www-data 9 1 0.000 5m17.83247939s ? 0s httpd -DFOREGROUND
获取一个或多个容器的日志
[root@localhost ~]# podman logs z1
......
使用特定信号终止一个或多个正在运行的容器
[root@localhost ~]# podman kill z1
z1
[root@localhost ~]# podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
af93472263b8 docker.io/library/httpd:latest httpd-foreground 28 minutes ago Up 22 minutes ago upbeat_joliot
列出端口映射或容器的特定映射
[root@localhost ~]# podman run -d --name 123 -p 80:80 httpd
39412ac1eb3ae0072ae46e5f5f8e0f3861d91b55ed16ec14addd0faaf3978d7d
[root@localhost ~]# podman port 123
80/tcp -> 0.0.0.0:80
移除一个或多个容器
//-f 强制删除
[root@localhost ~]# podman rm 39412ac1eb3a 11ba82d498a1 da9105615013
da91056150134171f3c0fdfb67a2474f07d53ef9f591a4821302d17a71d93feb
39412ac1eb3ae0072ae46e5f5f8e0f3861d91b55ed16ec14addd0faaf3978d7d
11ba82d498a144ffd4f563cb6c9d486a7200d6c1988ddab4f021d8dc4fe49177
generate 生成结构化数据
[root@localhost ~]# podman generate systemd --name z1 --files --new
/root/container-z1.service
[root@localhost ~]# ls
anaconda-ks.cfg container-z1.service
[root@localhost ~]# cp container-z1.service /usr/lib/systemd/system/
[root@localhost ~]# systemctl daemon-reload
[root@localhost ~]# systemctl enable --now container-z1.service
unmount 卸载工作容器的根文件系统
[root@localhost ~]# podman unmount z1
z1
[root@localhost ~]# podman exec -it z1 /bin/bash
Error: exec failed: container_linux.go:380: starting container process caused: process_linux.go:99: starting setns process caused: fork/exec /proc/self/exe: no such file or directory: OCI runtime attempted to invoke a command that was not found
[root@localhost ~]# podman mount z1
/var/lib/containers/storage/overlay/0de9488c438d54d8cc937b8b5fcbdca5c5fcc55ae9fed4530dad1808deedf338/merged
[root@localhost ~]# podman exec -it z1 /bin/bash
root@35fda67fb669:/usr/local/apache2# ls
bin build cgi-bin conf error htdocs icons include logs modules
root@35fda67fb669:/usr/local/apache2#
对容器执行检查点操作
对容器执行检查点操作会停止容器,同时将容器中所有进程的状态写入磁盘。这样,容器以后可以还原,并在与检查点完全相同的时间点继续运行
[root@localhost ~]# podman container checkpoint 01528da1e044
01528da1e04476da03b7f5c89dab87af2a20b64c42f399ae527016bba06861ec
还原容器
[root@localhost ~]# podman container restore 01528da1e044
迁移容器
[root@localhost ~]# podman container checkpoint 01528da1e044 -e /tmp/checkpoint.tar.gz
01528da1e04476da03b7f5c89dab87af2a20b64c42f399ae527016bba06861ec
[root@localhost ~]# scp /tmp/checkpoint.tar.gz 192.168.26.138:/tmp
//在目标系统上:
[root@harbore ~]# podman container restore -i /tmp/checkpoint.tar.gz
Trying to pull registry.fedoraproject.org/f29/httpd:latest...
Getting image source signatures
Copying blob aaf5ad2e1aa3 done
Copying blob d77ff9f653ce done
Copying blob 7692efc5f81c done
Copying config 25c76f9dcd done
Writing manifest to image destination
Storing signatures
01528da1e04476da03b7f5c89dab87af2a20b64c42f399ae527016bba06861ec
[root@harbore ~]# podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
01528da1e044 registry.fedoraproject.org/f29/httpd:latest /usr/bin/run-http... 19 seconds ago Up 19 seconds ago 0.0.0.0:8080->8080/tcp upbeat_wozniak
Podman对容器映像进行签名和分发
//首先,我们必须创建一个 GPG 密钥对或选择一个已经在本地可用的密钥对。要生成新的 GPG 密钥,只需运行gpg --full-gen-key并按照交互式对话框操作。现在我们应该能够验证密钥在本地是否存在:
[root@localhost ~]# gpg --full-gen-key
gpg (GnuPG) 2.2.20; Copyright (C) 2020 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
gpg: directory '/root/.gnupg' created
gpg: keybox '/root/.gnupg/pubring.kbx' created
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
(14) Existing key from card
Your selection?
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)
Requested keysize is 2048 bits
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N) y
GnuPG needs to construct a user ID to identify your key.
Real name: zdz
Name must be at least 5 characters long
Real name: zhangdezhi
Email address: 1@2.com
Comment:
You selected this USER-ID:
"zhangdezhi <1@2.com>"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
//查看生成的秘钥
[root@localhost ~]# gpg --list-keys 1@2.com
gpg: checking the trustdb
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
pub rsa2048 2022-08-16 [SC]
577F1DA1830CED23659934C43B738373E5AFA130
uid [ultimate] zhangdezhi <1@2.com>
sub rsa2048 2022-08-16 [E]
//现在,让我们假设我们运行一个容器注册表。例如,我们可以简单地在本地机器上启动一个:
[root@localhost ~]# podman pull docker://docker.io/alpine:latest
Trying to pull docker.io/library/alpine:latest...
Getting image source signatures
Copying blob 59bf1c3509f3 done
Copying config c059bfaa84 done
Writing manifest to image destination
Storing signatures
c059bfaa849c4d8e4aecaeb3a10c2d9b3d85f5165c66ad3a4d937758128c4d18
[root@localhost ~]# podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/library/alpine latest c059bfaa849c 8 months ago 5.87 MB
//现在,我们可以重新标记映像以将其指向本地注册表:
[root@localhost ~]# podman tag alpine 192.168.26.132/apline:v0.1
[root@localhost ~]# podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/library/alpine latest c059bfaa849c 8 months ago 5.87 MB
192.168.26.132/apline v0.1 c059bfaa849c 8 months ago 5.87 MB
//Podman现在能够推送图像并在一个命令中签名。但是要让它工作,我们必须修改系统范围的注册表配置,网址为:/etc/containers/registries.d/default.yaml
[root@localhost ~]# vim /etc/containers/registries.conf
default-docker:
sigstore: http://192.168.26.132:80
sigstore-staging: file:///var/lib/containers/sigstore
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 被坑几百块钱后,我竟然真的恢复了删除的微信聊天记录!
· 没有Manus邀请码?试试免邀请码的MGX或者开源的OpenManus吧
· 【自荐】一款简洁、开源的在线白板工具 Drawnix
· 园子的第一款AI主题卫衣上架——"HELLO! HOW CAN I ASSIST YOU TODAY
· Docker 太简单,K8s 太复杂?w7panel 让容器管理更轻松!