Podman部署及應用 什麼是podman Podman是一個開源項目,可在大多數Linux平臺上使用並開源在GitHub上。Podman是一個無守護進程的容器引擎,用於在Linux系統上開發,管理和運行Open Container Initiative(OCI)容器和容器鏡像。Podman提供了一 ...
Podman部署及應用
目錄什麼是podman
Podman是一個開源項目,可在大多數Linux平臺上使用並開源在GitHub上。Podman是一個無守護進程的容器引擎,用於在Linux系統上開發,管理和運行Open Container Initiative(OCI)容器和容器鏡像。Podman提供了一個與Docker相容的命令行前端,它可以簡單地作為Docker cli,簡單地說你可以直接添加別名:alias docker = podman來使用podman。
Podman控制下的容器可以由root用戶運行,也可以由非特權用戶運行。Podman管理整個容器的生態系統,其包括pod,容器,容器鏡像,和使用libpod library的容器捲。Podman專註於幫助您維護和修改OCI容器鏡像的所有命令和功能,例如拉取和標記。它允許您在生產環境中創建,運行和維護從這些映像創建的容器
部署podman
安裝podman
[root@localhost ~]# dnf -y install podman
//配置podman鏡像加速器
[root@localhost ~]# vim /etc/containers/registries.conf
unqualified-search-registries = ["docker.io"] //修改設置拉取鏡像取docker官網拉取
[[registry]] //添加
prefix = "docker.io" //添加
location = "w673ojdv.mirror.aliyuncs.com" //配置加速器
[root@localhost ~]# systemctl enable --now podman
podman基礎操作
查看版本
[root@localhost ~]# podman -v
podman version 3.3.1
[root@localhost ~]# podman version
Version: 3.3.1
API Version: 3.3.1
Go Version: go1.16.7
Built: Wed Nov 10 05:23:56 2021
OS/Arch: linux/amd64
[root@localhost ~]#
查看詳細信息
[root@localhost ~]# podman info
host:
arch: amd64
buildahVersion: 1.22.3
cgroupManager: systemd
cgroupVersion: v1
conmon:
package: conmon-2.0.29-1.module_el8.5.0+890+6b136101.x86_64
path: /usr/bin/conmon
version: 'conmon version 2.0.29, commit: 84384406047fae626269133e1951c4b92eed7603'
cpus: 4
distribution:
distribution: '"centos"'
version: "8"
-----------------省略--------------------
imageStore:
number: 1
runRoot: /run/containers/storage
volumePath: /var/lib/containers/storage/volumes
version:
APIVersion: 3.3.1
Built: 1636493036
BuiltTime: Wed Nov 10 05:23:56 2021
GitCommit: ""
GoVersion: go1.16.7
OsArch: linux/amd64
Version: 3.3.1
搜索鏡像
[root@localhost ~]# podman search httpd
INDEX NAME DESCRIPTION STARS OFFICIAL AUTOMATED
docker.io docker.io/library/httpd The Apache HTTP Server Project 4116 [OK]
docker.io docker.io/clearlinux/httpd httpd HyperText Transfer Protocol (HTTP) ser... 2
docker.io docker.io/centos/httpd-24-centos7 Platform for running Apache httpd 2.4 or bui... 44
docker.io docker.io/manageiq/httpd Container with httpd, built on CentOS for Ma... 1 [OK]
拉取鏡像
[root@localhost ~]# podman pull httpd
Resolving "httpd" using unqualified-search registries (/etc/containers/registries.conf)
Trying to pull docker.io/library/httpd:latest...
Getting image source signatures
Copying blob dcc4698797c8 done
Copying blob 41c22baa66ec done
Copying blob d982c879c57e done
Copying blob a2abf6c4d29d done
Copying blob 67283bbdd4a0 done
Copying config dabbfbe0c5 done
Writing manifest to image destination
Storing signatures
dabbfbe0c57b6e5cd4bc089818d3f664acfad496dc741c9a501e72d15e803b34
列出鏡像
[root@localhost ~]# podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/library/httpd latest dabbfbe0c57b 7 months ago 148 MB
[root@localhost ~]# podman image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/library/httpd latest dabbfbe0c57b 7 months ago 148 MB
刪除鏡像
[root@localhost ~]# podman rmi httpd
Untagged: docker.io/library/httpd:latest
Deleted: dabbfbe0c57b6e5cd4bc089818d3f664acfad496dc741c9a501e72d15e803b34
[root@localhost ~]# podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
[root@localhost ~]# podman image rm httpd
Untagged: docker.io/library/httpd:latest
Deleted: dabbfbe0c57b6e5cd4bc089818d3f664acfad496dc741c9a501e72d15e803b34
[root@localhost ~]# podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
[root@localhost ~]# podman rmi -f httpd
Untagged: docker.io/library/httpd:latest
Deleted: dabbfbe0c57b6e5cd4bc089818d3f664acfad496dc741c9a501e72d15e803b34
[root@localhost ~]# podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
導出鏡像
[root@localhost ~]# podman image save httpd > httod.tar
[root@localhost ~]# ls
anaconda-ks.cfg httod.tar
導入鏡像
[root@localhost ~]# podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/library/httpd latest dabbfbe0c57b 7 months ago 148 MB
[root@localhost ~]# podman rmi httpd
Untagged: docker.io/library/httpd:latest
Deleted: dabbfbe0c57b6e5cd4bc089818d3f664acfad496dc741c9a501e72d15e803b34
[root@localhost ~]# podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
[root@localhost ~]# podman image load < httod.tar
Getting image source signatures
Copying blob deefaa620a71 done
Copying blob 1da636a1aa95 done
Copying blob 2edcec3590a4 done
Copying blob 15e4bf5d0804 done
Copying blob 9cff3206f9a6 done
Copying config dabbfbe0c5 done
Writing manifest to image destination
Storing signatures
Loaded image(s): docker.io/library/httpd:latest
[root@localhost ~]# podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/library/httpd latest dabbfbe0c57b 7 months ago 148 MB
創建容器
//podman create 創建容器
[root@localhost ~]# podman create httpd //創建但不啟動容器
5d0bd832c2d6477ba535819abc1c4072ce17fa4feab015b4e92c72c9fb053831
創建並啟動容器
//podman run 創建一個運行的容器
[root@localhost ~]# podman run -it --name web httpd /bin/bash
root@9868d220012a:~#
--name 容器名 //指定容器名
--label 標記名 //加標記方便查找
-it //讓容器的輸入保持打開狀態,並分配終端
-c //不進行登錄執行命令
-d //將容器放入後臺進行執行
-v //可以創建多個數據捲也可掛載到宿主機的目錄,如果本地沒有目錄,則自動生成一個目錄
//掛載方法:宿主機目錄:docker數據捲
-p //小寫p映射埠 宿主機端:容器埠
-P //大寫P發佈所有公開的埠(隨機映射埠號)
--volumes-from //容器和容器之間建立聯繫
----restart always //永久開啟容器,服務重啟後容器也會啟動,不會關閉
--rm //一次性容器,退出後直接刪除
列出容器
[root@localhost ~]# podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
//-a 查看全部容器,包含未啟動的容器
[root@localhost ~]# podman ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
5d0bd832c2d6 docker.io/library/httpd:latest httpd-foreground 2 minutes ago Created friendly_ritchie
啟動一個或多個容器
[root@localhost ~]# podman start web
web
停止一個或多個容器
[root@localhost ~]# podman stop web
web
重啟容器
[root@localhost ~]# podman restart web
1a779a889fd2d0758f1b1672a9142358153327f9ec00765e62641ce0fee79497
連接到運行的容器
[root@localhost ~]# podman attach web //退出會關閉
root@1a779a889fd2# exit
在正在運行的容器中運行命令
[root@localhost ~]# podman exec -it web /bin/sh //退出不會停止
# ls
bin build cgi-bin conf error htdocs icons include logs modules
# exit
[root@localhost ~]# podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
0118e5cab030 docker.io/library/httpd:latest /bin/bash 4 minutes ago Up 54 seconds ago 0.0.0.0:80->80/tcp web
刪除容器
[root@localhost ~]# podman ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
5d0bd832c2d6 docker.io/library/httpd:latest httpd-foreground 2 minutes ago Created friendly_ritchie
[root@localhost ~]# podman rm 5d0bd832c2d6
5d0bd832c2d6477ba535819abc1c4072ce17fa4feab015b4e92c72c9fb053831
[root@localhost ~]# podman ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@localhost ~]# podman ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
391246a3e97d docker.io/library/httpd:latest httpd-foreground 12 seconds ago Created condescending_cartwright
[root@localhost ~]# podman rm -f 391246a3e97d //-f 強制刪除
391246a3e97d071e4da2ac4dbe7b4414e99ac840edc67adaf1c7d9c04f5c9abf
[root@localhost ~]# podman ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
查看容器日誌
[root@localhost ~]# docker logs web
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message
[Fri Aug 05 15:17:38.444681 2022] [mpm_event:notice] [pid 1:tid 139833106722112] AH00489: Apache/2.4.52 (Unix) configured -- resuming normal operations
幹掉運行中的容器
[root@localhost ~]# docker kill web //kill強制關閉
web
[root@localhost ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
9fdaf3c409da httpd "httpd-foreground" 6 minutes ago Exited (137) 4 seconds ago web
顯示容器或鏡像的配置
[root@localhost ~]# podman inspect httpd
[
{
"Id": "dabbfbe0c57b6e5cd4bc089818d3f664acfad496dc741c9a501e72d15e803b34",
"Digest": "sha256:0954cc1af252d824860b2c5dc0a10720af2b7a3d3435581ca788dff8480c7b32",
"RepoTags": [
"docker.io/library/httpd:latest"
],
"RepoDigests": [
"docker.io/library/httpd@sha256:0954cc1af252d824860b2c5dc0a10720af2b7a3d3435581ca788dff8480c7b32",
"docker.io/library/httpd@sha256:57c1e4ff150e2782a25c8cebb80b574f81f06b74944caf972f27e21b76074194"
]
登錄鏡像倉庫
[root@localhost ~]# podman login docker.io
Username: xinruizhong
Password:
Login Succeeded!
登出鏡像倉庫
[root@localhost ~]# podman logout docker.io
Removed login credentials for docker.io
顯示指定鏡像的歷史記錄
[root@localhost ~]# podman image history httpd
ID CREATED CREATED BY SIZE COMMENT
dabbfbe0c57b 7 months ago /bin/sh -c #(nop) CMD ["httpd-foreground"] 0 B
<missing> 7 months ago /bin/sh -c #(nop) EXPOSE 80 0 B
<missing> 7 months ago /bin/sh -c #(nop) COPY file:c432ff61c4993e... 3.58 kB
<missing> 7 months ago /bin/sh -c #(nop) STOPSIGNAL SIGWINCH 0 B
<missing> 7 months ago /bin/sh -c set -eux; savedAptMark="$(apt... 61.1 MB
列出埠映射或容器的特定映射
[root@localhost ~]# podman port web
80/tcp -> 0.0.0.0:80
重命名現有的容器
[root@localhost ~]# podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
7403c4f042b4 docker.io/library/httpd:latest /bin/sh 2 minutes ago Up 2 minutes ago 0.0.0.0:80->80/tcp web
[root@localhost ~]# podman rename web httpd
[root@localhost ~]# podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
7403c4f042b4 docker.io/library/httpd:latest /bin/sh 3 minutes ago Up 2 minutes ago 0.0.0.0:80->80/tcp httpd
顯示一個容器的運行進程
[root@localhost ~]# podman top web
USER PID PPID %CPU ELAPSED TTY TIME COMMAND
root 1 0 0.000 5m56.414637232s ? 0s httpd -DFOREGROUND
www-data 8 1 0.000 5m55.414828093s ? 0s httpd -DFOREGROUND
www-data 9 1 0.000 5m55.414853952s ? 0s httpd -DFOREGROUND
www-data 10 1 0.000 5m55.414877937s ? 0s httpd -DFOREGROUND
給本地鏡像添加標簽
root@localhost ~]# podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/library/httpd latest dabbfbe0c57b 7 months ago 148 MB
[root@localhost ~]# podman tag docker.io/library/httpd docker.io/library/httpd:v0.1
[root@localhost ~]# podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/library/httpd latest dabbfbe0c57b 7 months ago 148 MB
docker.io/library/httpd v0.1 dabbfbe0c57b 7 months ago 148 MB
podman生成
[root@localhost ~]# podman generate systemd --help
Generate systemd units.
Description:
Generate systemd units for a pod or container.
The generated units can later be controlled via systemctl(1).
Usage:
podman generate systemd [options] {CONTAINER|POD}
Examples:
podman generate systemd CTR
podman generate systemd --new --time 10 CTR
podman generate systemd --files --name POD
Options:
--container-prefix string Systemd unit name prefix for containers (default "container")
-f, --files Generate .service files instead of printing to stdout
--format string Print the created units in specified format (json)
-n, --name Use container/pod names instead of IDs
--new Create a new container instead of starting an existing one
--no-header Skip header generation
--pod-prefix string Systemd unit name prefix for pods (default "pod")
--restart-policy string Systemd restart-policy (default "on-failure")
--separator string Systemd unit name separator between name/id and prefix (default "-")
-t, --time uint Stop timeout override (default 10)
//示例
[root@localhost ~]# podman generate systemd --name web --files --new
/root/container-web.service
[root@localhost ~]# cp /root/container-web.service /usr/lib/systemd/system/
[root@localhost ~]# systemctl daemon-reload
[root@localhost ~]# systemctl status container-web.service
● container-web.service - Podman container-web.service
Loaded: loaded (/usr/lib/systemd/system/container-web.service; disabled; vendor preset: disabl>
Active: inactive (dead)
Docs: man:podman-generate-systemd(1)
[root@localhost ~]# systemctl enable --now container-web.service
Created symlink /etc/systemd/system/multi-user.target.wants/container-web.service → /usr/lib/systemd/system/container-web.service.
Created symlink /etc/systemd/system/default.target.wants/container-web.service → /usr/lib/systemd/system/container-web.service.
顯示容器資源使用統計的實時流
[root@localhost ~]# podman stats web
ID NAME CPU % MEM USAGE / LIMIT MEM % NET IO BLOCK IO PIDS CPU TIME AVG CPU %
1d337a97c9a0 web 0.01% 27.96MB / 3.885GB 0.72% 1.604kB / 2.205kB 8.192kB / 0B 82 74.971194ms 0.00%
卸載工作容器的根文件系統
[root@localhost ~]# podman umount web
web
[root@localhost ~]# podman exec -it web /bin/sh //卸載後無法進入容器
Error: exec failed: container_linux.go:380: starting container process caused: process_linux.go:99: starting setns process caused: fork/exec /proc/self/exe: no such file or directory: OCI runtime attempted to invoke a command that was not found
掛載工作容器的根文件系統
[root@localhost ~]# podman mount web
/var/lib/containers/storage/overlay/e190e6ad8069bc29d32418a2eeb3f9d7d4a7d831a1a36cc97ef5f5d6111b8b2b/merged
[root@localhost ~]# podman exec -it web /bin/sh
# exit
