podman的部署与应用
podman的部署及应用
1.什么是podman
Podman是一种无守护程序、开源的 Linux 原生工具,旨在使用 Open Containers Initiative(OCI)容器和容器映像轻松查找、运行、构建、共享和部署应用程序。Podman 提供了任何使用过 Docker容器引擎的人都熟悉的命令行界面 (CLI) 。大多数用户可以简单地将 Docker 别名为 Podman(docker=podman而不会出现任何问题。与其他常见的容器引擎(Docker、CRI-O、containerd)类似,Podman 依赖于符合 OCI 的容器运行时(runc、crun、runv 等)与操作系统交互并创建正在运行的容器。这使得 Podman 创建的正在运行的容器与任何其他常见容器引擎创建的容器几乎没有区别。
Podman 控制下的容器可以由 root 或非特权用户运行。Podman使用libpod库管理整个容器生态系统,包括 pod、容器、容器映像和容器卷。Podman 专注于帮助您维护和修改 OCI 容器镜像的所有命令和功能,例如拉取和标记。它允许您在生产环境中创建、运行和维护这些容器和容器映像。
podman官方提供了帮助文档:podman官网
2.podman的安装
centos8自带的源就可以直接安装podman,也可以是使用国内源,例如阿里,清华,163等
//安装podman [root@localhost ~]# dnf -y install podman-docker [root@localhost ~]# dnf list installed | grep podman Failed to set locale, defaulting to C.UTF-8 podman.x86_64 3.3.1-9.module_el8.5.0+988+b1f0b741 @AppStream podman-catatonit.x86_64 3.3.1-9.module_el8.5.0+988+b1f0b741 @AppStream podman-docker.noarch 3.3.1-9.module_el8.5.0+988+b1f0b741 @AppStream //查看podman版本号 [root@localhost ~]# podman -v podman version 3.3.1 [root@localhost ~]# podman version Version: 3.3.1 API Version: 3.3.1 Go Version: go1.16.7 Built: Wed Nov 10 05:23:56 2021 OS/Arch: linux/amd64 //编辑/etc/containers/registries.conf文件 [root@localhost ~]# vim /etc/containers/registries.conf //修改下列内容 unqualified-search-registries = ["registry.fedoraproject.org", "registry.access.redhat.com", "registry.centos.org", "docker.io"] ——> unqualified-search-registries = ["docker.io"] //添加如下内容,配置加速器 [[registry]] prefix = "docker.io" location = "docker.mirrors.ustc.edu.cn"
3.podman的常用命令
info
查看podman的详细信息
[root@localhost ~]# podman info host: arch: amd64 buildahVersion: 1.22.3 cgroupControllers: ……………… Version: 3.3.1
login
镜像仓库登入
[root@localhost ~]# podman login Username: ziczhou Password: Login Succeeded!
logout
镜像仓库登出
[root@localhost ~]# podman logout Removed login credentials for docker.io
build
基于dockerfile构建镜像
search
搜索镜像
//搜索httpd镜像 [root@localhost ~]# podman search httpd INDEX NAME DESCRIPTION STARS OFFICIAL AUTOMATED docker.io docker.io/library/httpd The Apache HTTP Server Project 4116 [OK] docker.io docker.io/clearlinux/httpd httpd HyperText Transfer Protocol (HTTP) ser... 2 docker.io docker.io/centos/httpd-24-centos7 Platform for running Apache httpd 2.4 or bui... 44 docker.io docker.io/manageiq/httpd Container with httpd, built on CentOS for Ma... 1 [OK] docker.io docker.io/centos/httpd-24-centos8 1 docker.io docker.io/dockerpinata/httpd 1 docker.io docker.io/19022021/httpd-connection_test This httpd image will test the connectivity ... 0 docker.io docker.io/publici/httpd httpd:latest 1 [OK] docker.io docker.io/paketobuildpacks/httpd 0 docker.io docker.io/manasip/httpd 0 docker.io docker.io/httpdocker/kubia 0 docker.io docker.io/centos/httpd 35 [OK] docker.io docker.io/e2eteam/httpd 0 docker.io docker.io/solsson/httpd-openidc mod_auth_openidc on official httpd image, ve... 2 [OK] docker.io docker.io/patrickha/httpd-err 0 docker.io docker.io/hypoport/httpd-cgi httpd-cgi 2 [OK] docker.io docker.io/manageiq/httpd_configmap_generator Httpd Configmap Generator 0 [OK] docker.io docker.io/dariko/httpd-rproxy-ldap Apache httpd reverse proxy with LDAP authent... 1 [OK] docker.io docker.io/amd64/httpd The Apache HTTP Server Project 0 docker.io docker.io/httpdss/archerysec ArcherySec repository 0 [OK] docker.io docker.io/inanimate/httpd-ssl A play container with httpd, ssl enabled, an... 1 [OK] docker.io docker.io/lead4good/httpd-fpm httpd server which connects via fcgi proxy h... 1 [OK] docker.io docker.io/jonathanheilmann/httpd-alpine-rewrite httpd:alpine with enabled mod_rewrite 1 [OK] docker.io docker.io/sandeep1988/httpd-new httpd-new 0 docker.io docker.io/nnasaki/httpd-ssi SSI enabled Apache 2.4 on Alpine Linux 1
pull
镜像的拉取
//拉取httpd镜像 [root@localhost ~]# podman pull httpd Resolving "httpd" using unqualified-search registries (/etc/containers/registries.conf) Trying to pull docker.io/library/httpd:latest... Getting image source signatures Copying blob dcc4698797c8 done Copying blob a2abf6c4d29d done Copying blob d982c879c57e done Copying blob 67283bbdd4a0 done Copying blob 41c22baa66ec done Copying config dabbfbe0c5 done Writing manifest to image destination Storing signatures dabbfbe0c57b6e5cd4bc089818d3f664acfad496dc741c9a501e72d15e803b34
images或image list
列出本地所有镜像
[root@localhost ~]# podman images REPOSITORY TAG IMAGE ID CREATED SIZE docker.io/library/httpd latest dabbfbe0c57b 7 months ago 148 MB
inspect
查看镜像或容器的详细信息
//查看httpd镜像的详细信息 [root@localhost ~]# podman inspect httpd
diff
检查容器或镜像文件系统上的更改
[root@localhost ~]# podman diff httpd C /usr C /usr/local C /usr/local/bin A /usr/local/bin/httpd-foreground
tag
修改镜像名和标签
[root@localhost ~]# podman tag docker.io/library/httpd:latest docker.io/ziczhou/httpd:v1.2 [root@localhost ~]# podman images REPOSITORY TAG IMAGE ID CREATED SIZE docker.io/library/httpd latest dabbfbe0c57b 7 months ago 148 MB docker.io/ziczhou/httpd v1.2 dabbfbe0c57b 7 months ago 148 MB
push
将本地容器推送到镜像仓库
//先登录到docker.io镜像仓库 [root@localhost ~]# podman login Username: ziczhou //使用自己的账号 Password: Login Succeeded! //将docker.io/ziczhou/httpd:v1.2推送到镜像仓库 [root@localhost ~]# podman push docker.io/ziczhou/httpd:v1.2 Getting image source signatures Copying blob 15e4bf5d0804 done Copying blob 1da636a1aa95 done Copying blob deefaa620a71 done Copying blob 2edcec3590a4 done Copying blob 9cff3206f9a6 done Copying config dabbfbe0c5 done Writing manifest to image destination Storing signatures
rmi或image rm
删除镜像
//删除docker.io/ziczhou/httpd:v1.2镜像 [root@localhost ~]# podman rmi docker.io/ziczhou/httpd:v1.2 Untagged: docker.io/ziczhou/httpd:v1.2 [root@localhost ~]# podman images REPOSITORY TAG IMAGE ID CREATED SIZE docker.io/library/httpd latest dabbfbe0c57b 7 months ago 148 MB
history
显示指定镜像的历史记录
[root@localhost ~]# podman history docker.io/library/httpd:latest ID CREATED CREATED BY SIZE COMMENT dabbfbe0c57b 7 months ago /bin/sh -c #(nop) CMD ["httpd-foreground"] 0 B <missing> 7 months ago /bin/sh -c #(nop) EXPOSE 80 0 B <missing> 7 months ago /bin/sh -c #(nop) COPY file:c432ff61c4993e... 3.58 kB <missing> 7 months ago /bin/sh -c #(nop) STOPSIGNAL SIGWINCH 0 B <missing> 7 months ago /bin/sh -c set -eux; savedAptMark="$(apt... 61.1 MB <missing> 7 months ago /bin/sh -c #(nop) ENV HTTPD_PATCHES= 0 B <missing> 7 months ago /bin/sh -c #(nop) ENV HTTPD_SHA256=0127f7... 0 B <missing> 7 months ago /bin/sh -c #(nop) ENV HTTPD_VERSION=2.4.52 0 B <missing> 7 months ago /bin/sh -c set -eux; apt-get update; apt... 2.72 MB <missing> 7 months ago /bin/sh -c #(nop) WORKDIR /usr/local/apache2 0 B <missing> 7 months ago /bin/sh -c mkdir -p "$HTTPD_PREFIX" && ch... 3.07 kB <missing> 7 months ago /bin/sh -c #(nop) ENV PATH=/usr/local/apa... 0 B <missing> 7 months ago /bin/sh -c #(nop) ENV HTTPD_PREFIX=/usr/l... 0 B <missing> 7 months ago /bin/sh -c #(nop) CMD ["bash"] 0 B <missing> 7 months ago /bin/sh -c #(nop) ADD file:09675d11695f65c... 83.9 MB
save
将镜像保存在本地
[root@localhost ~]# podman image save docker.io/library/httpd:latest > ~/httpd.tar [root@localhost ~]# ls anaconda-ks.cfg httpd.tar
load
从tar包加载镜像
//先删除httpd镜像 [root@localhost ~]# podman rmi docker.io/library/httpd:latest [root@localhost ~]# podman images REPOSITORY TAG IMAGE ID CREATED SIZE //导入镜像 [root@localhost ~]# podman image load < ~/httpd.tar Getting image source signatures Copying blob 2edcec3590a4 done Copying blob 1da636a1aa95 done Copying blob 15e4bf5d0804 done Copying blob 9cff3206f9a6 done Copying blob deefaa620a71 done Copying config dabbfbe0c5 done Writing manifest to image destination Storing signatures Loaded image(s): docker.io/library/httpd:latest [root@localhost ~]# podman images REPOSITORY TAG IMAGE ID CREATED SIZE docker.io/library/httpd latest dabbfbe0c57b 7 months ago 148 MB
create
创建但不启动容器
[root@localhost ~]# podman create --name web1 docker.io/library/httpd:latest 1769afb4963c65f82e48663a8859217b99c8ba3d735094b7f5a84a1a658ba20c
container ls或ps
查看正在运行的容器,加上参数-a是显示所有容器
[root@localhost ~]# podman container ls CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES [root@localhost ~]# podman container ls -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 1769afb4963c docker.io/library/httpd:latest httpd-foreground About a minute ago Created web1
start
启动一个或多个容器
//启动web1容器 [root@localhost ~]# podman start web1 web1 [root@localhost ~]# podman ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 1769afb4963c docker.io/library/httpd:latest httpd-foreground 2 minutes ago Up 8 seconds ago web1
stop
停止一个或多个容器
[root@localhost ~]# podman stop web1 web1 [root@localhost ~]# podman ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 1769afb4963c docker.io/library/httpd:latest httpd-foreground 4 minutes ago Exited (0) 32 seconds ago web1
restart
重启容器
[root@localhost ~]# podman restart web1
kill
用特定的信号杀死一个或多个正在运行的容器
//先启动web1容器 [root@localhost ~]# podman start web1 web1 //杀死web1容器 [root@localhost ~]# podman kill web1 web1 [root@localhost ~]# podman ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 1769afb4963c docker.io/library/httpd:latest httpd-foreground 5 minutes ago Exited (137) 4 seconds ago web1
attach
附加到一个正在运行的容器
[root@localhost ~]# podman start web1 web1 [root@localhost ~]# podman attach web1 ^C[Mon Aug 15 03:27:54.485757 2022] [mpm_event:notice] [pid 1:tid 139653943622976] AH00491: caught SIGTERM, shutting down //Ctrl+c停止,发现容器也停止了 [root@localhost ~]# podman ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 1769afb4963c docker.io/library/httpd:latest httpd-foreground 9 minutes ago Exited (0) About a minute ago web1
run
创建并运行容器
//利用镜像docker.io/library/httpd:latest创建web2容器并运行在后台(-d) [root@localhost ~]# podman run -itd --name web2 docker.io/library/httpd:latest 5134e5e6b87b102946a5ac0e5e98be1b0b74ef4720dfbe96d4b0a83e958d808d [root@localhost ~]# docker ps Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg. CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 5134e5e6b87b docker.io/library/httpd:latest httpd-foreground 3 seconds ago Up 3 seconds ago web2
exec
进入到一个正在运行的容器
[root@localhost ~]# podman exec -it web2 /bin/bash root@5134e5e6b87b:/usr/local/apache2# ls bin build cgi-bin conf error htdocs icons include logs modules root@5134e5e6b87b:/usr/local/apache2# exit exit [root@localhost ~]# podman ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 1769afb4963c docker.io/library/httpd:latest httpd-foreground 12 minutes ago Exited (0) 4 minutes ago web1 5134e5e6b87b docker.io/library/httpd:latest httpd-foreground 2 minutes ago Up 2 minutes ago web2 //exec不会随着退出而停止容器
cp
容器和本地文件系统之间复制文件/文件夹
//利用busybox镜像创建一个容器 [root@localhost ~]# podman run -itd docker.io/library/busybox:latest 10a19ed4cfddf9f6c4e0989cf90769ce51f14bb3f8a49c5229d93dd4c1f01a08 [root@localhost ~]# podman ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 5134e5e6b87b docker.io/library/httpd:latest httpd-foreground 9 minutes ago Up 9 minutes ago web2 10a19ed4cfdd docker.io/library/busybox:latest sh 7 seconds ago Up 7 seconds ago lucid_hamilton //将本地/root/anaconda-ks.cfg 文件复制到容器10a19ed4cfdd中的/下 [root@localhost ~]# podman cp /root/anaconda-ks.cfg 10a19ed4cfdd:/ //进行验证 [root@localhost ~]# podman exec -it 10a19ed4cfdd /bin/sh / # ls anaconda-ks.cfg dev home root sys usr bin etc proc run tmp var //将容器10a19ed4cfdd的/下的anaconda-ks.cfg文件复制到本地/opt目录下 [root@localhost ~]# podman cp 10a19ed4cfdd:/anaconda-ks.cfg /opt/ [root@localhost ~]# ls /opt/ anaconda-ks.cfg
rename
重命名容器
[root@localhost ~]# podman rename web2 web3 [root@localhost ~]# docker ps Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg. CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 489acb07b0d2 docker.io/library/httpd:latest httpd-foreground 25 seconds ago Up 25 seconds ago web3
top
显示容器的进程
[root@localhost ~]# podman top web3 USER PID PPID %CPU ELAPSED TTY TIME COMMAND root 1 0 0.000 1m20.424981024s pts/0 0s httpd -DFOREGROUND www-data 7 1 0.000 1m20.425123232s pts/0 0s httpd -DFOREGROUND www-data 8 1 0.000 1m20.42523535s pts/0 0s httpd -DFOREGROUND www-data 9 1 0.000 1m20.425280786s pts/0 0s httpd -DFOREGROUND
logs
查看容器的日志
[root@localhost ~]# podman logs web3 AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 10.88.0.9. Set the 'ServerName' directive globally to suppress this message AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 10.88.0.9. Set the 'ServerName' directive globally to suppress this message [Mon Aug 15 04:01:55.402143 2022] [mpm_event:notice] [pid 1:tid 140523647929664] AH00489: Apache/2.4.52 (Unix) configured -- resuming normal operations [Mon Aug 15 04:01:55.402536 2022] [core:notice] [pid 1:tid 140523647929664] AH00094: Command line: 'httpd -D FOREGROUND'
port
查看指定容器和本机映射的端口
[root@localhost ~]# podman run -itd --name web4 -p 8080:80 docker.io/library/httpd:latest 25637370711e9bf3c4a55132761eb1036b52c11e3e26d6ec2d009b8f32d0d551 [root@localhost ~]# podman port web4 80/tcp -> 0.0.0.0:8080
unmount与mount
卸载或挂载一个工作中的容器的根文件系统
//将web3容器的跟文件系统卸载 [root@localhost ~]# podman unmount web3 web3 //进入web3容器,会发现无法进入,因为跟文件系统被卸载了 [root@localhost ~]# podman exec -it web3 /bin/bash Error: exec failed: container_linux.go:380: starting container process caused: process_linux.go:99: starting setns process caused: fork/exec /proc/self/exe: no such file or directory: OCI runtime attempted to invoke a command that was not found //将web3容器的跟文件系统重新挂载 [root@localhost ~]# podman mount web3 /var/lib/containers/storage/overlay/c45f2b22d70e7dd2050c9e17e198c268a8d757a9ab3923d3dc403c158dad01d9/merged //可以进入容器 [root@localhost ~]# podman exec -it web3 /bin/bash root@cdda44cc1cf4:/usr/local/apache2# exit exit
generate
利用容器生成service文件,达到容器开机自启的目的
//新建一个容器 [root@localhost ~]# podman run -itd --name web -p 80:80 httpd 74ce1919ba758317df647a6f9698903242625fa6d89ffc2c735816fad3697adc //生成service文件,--new是每次重启都会重新创建一个容器,每次停止都会删除容器 [root@localhost ~]# podman generate systemd --name web --files --new /root/container-web.service //将service文件移动到/usr/lib/systemd/system目录下 [root@localhost ~]# cp container-web.service /usr/lib/systemd/system/ [root@localhost ~]# systemctl daemon-reload //删除web5容器 [root@localhost ~]# podman rm -f web 74ce1919ba758317df647a6f9698903242625fa6d89ffc2c735816fad3697adc //设置web5容器开机自启 [root@localhost ~]# systemctl enable --now container-web.service Created symlink /etc/systemd/system/multi-user.target.wants/container-web.service → /usr/lib/systemd/system/container-web.service. Created symlink /etc/systemd/system/default.target.wants/container-web.service → /usr/lib/systemd/system/container-web.service. //查看正在运行容器 [root@localhost ~]# podman ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 55360a692590 docker.io/library/httpd:latest httpd-foreground 30 seconds ago Up 30 seconds ago 0.0.0.0:80->80/tcp web
