一、什么是Podman?
Podman 是
一种无守护程序、开源的 Linux 原生工具,旨在使用 Open Containers Initiative (OCI) 容器和容器映像轻松查找、运行、构建、共享和部署应用程序。
Podman 提供了任何使用过 Docker容器引擎的人都熟悉的命令行界面 (CLI)。 大多数用户可以简单地将 Docker 别名为 Podman(别名 docker=podman)而不会出现任何问题。 与其他常见的容器引擎(Docker、CRI-O、containerd)类似,Podman 依赖于符合 OCI 的容器运行时(runc、crun、runv 等)来与操作系统交互并创建正在运行的容器。 这使得 Podman 创建的正在运行的容器与任何其他常见容器引擎创建的容器几乎没有区别。
Podman 控制下的容器可以由 root 或非特权用户运行。
Podman 使用 libpod 库管理整个容器生态系统,包括 pod、容器、容器映像和容器卷。
Podman 专注于帮助维护和修改 OCI 容器镜像的所有命令和功能,例如拉取和标记。
允许在生产环境中创建、运行和维护这些容器和容器映像。
有一个 RESTFul API 来管理容器。还有一个可以与 RESTFul 服务交互的远程 Podman 客户端。
目前支持 Linux、Mac 和 Windows 上的客户端。 RESTFul 服务仅在 Linux 上受支持。
二、podman与docker之间的区别联系
在上手程度上
:Podman 的操作方式与 Docker 高度兼容,很适合docker用户转型使用podman。使用命令几乎和docker相同
在安全方面上:
Docker 与 Podman 之间的一个重大区别涉及到安全问题。Docker 守护进程需要 root 权限;Podman 可以以非特权用户启动容器。
在运行方式上:
Docker需要依赖于守护进程,Podman 不需要守护进程。
Podman 的使用方式及命令和 Docker 完全一致。
Docker 和 Podman 都使用 CLI 作为主要管理界面。
Podman 和 Docker 都符合 OCI 镜像标准。
三、基于centos系统安装podman
执行命令
# 使用YUM源搜索podman yum provides podman yum list | grep podman
执行命令结果
# 使用YUM源搜索podman [root@podman ~]# yum provides podman Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile podman-1.4.4-2.el7.centos.x86_64 : Manage Pods, Containers and Container Images Repo : extras podman-1.4.4-4.el7.centos.x86_64 : Manage Pods, Containers and Container Images Repo : extras podman-1.6.4-16.el7_8.x86_64 : Manage Pods, Containers and Container Images Repo : extras podman-1.6.4-18.el7_8.x86_64 : Manage Pods, Containers and Container Images Repo : extras podman-1.6.4-22.el7_9.x86_64 : Manage Pods, Containers and Container Images Repo : extras podman-1.6.4-27.el7_9.x86_64 : Manage Pods, Containers and Container Images Repo : extras podman-1.6.4-29.el7_9.x86_64 : Manage Pods, Containers and Container Images Repo : extras podman-1.6.4-32.el7_9.x86_64 : Manage Pods, Containers and Container Images Repo : extras [root@podman ~]# yum list | grep podman podman.x86_64 1.6.4-32.el7_9 extras podman-docker.noarch 1.6.4-32.el7_9 extras podman-remote.x86_64 1.6.4-32.el7_9 extras podman-tests.x86_64 1.6.4-32.el7_9 extras
安装podman
yum install -y podman
执行命令结果
[root@podman ~]# rpm -qa podman podman-1.6.4-32.el7_9.x86_64
配置阿里云镜像加速器
vim /etc/containers/registries.conf # 编辑以下内容,这里使用阿里云的镜像加速器。 unqualified-search-registries = ["w2kavmmf.mirror.aliyuncs.com"]
搜索hello-world镜像
# 搜索hello-world镜像 podman search hello-world
下载hello-world镜像
[root@podman ~]# podman pull hello-world Trying to pull registry.access.redhat.com/hello-world... name unknown: Repo not found Trying to pull registry.redhat.io/hello-world... unable to retrieve auth token: invalid username/password: unauthorized: Please login to the Red Hat Registry using your Customer Portal credentials. Further instructions can be found here: https://access.redhat.com/RegistryAuthentication Trying to pull docker.io/library/hello-world... Getting image source signatures Copying blob 2db29710123e done Copying config feb5d9fea6 done Writing manifest to image destination Storing signatures feb5d9fea6a5e9606aa995e879d862b825965ba48de054caab5ef356dc6b3412 [root@podman ~]#
运行hello-wolrd镜像
podman run --rm hello-world
四、使用podman相关命令
查看podman版本信息podman version
[root@podman ~]# podman version Version: 1.6.4 RemoteAPI Version: 1 Go Version: go1.12.12 OS/Arch: linux/amd64 [root@podman ~]#
查看podman详细信息podman info
[root@podman ~]# podman info host: BuildahVersion: 1.12.0-dev CgroupVersion: v1 Conmon: package: conmon-2.0.8-1.el7.x86_64 path: /usr/bin/conmon version: 'conmon version 2.0.8, commit: f85c8b1ce77b73bcd48b2d802396321217008762' Distribution: distribution: '"centos"' version: "7" MemFree: 3363446784 MemTotal: 4122746880 OCIRuntime: name: runc package: runc-1.0.0-69.rc10.el7_9.x86_64 path: /usr/bin/runc version: 'runc version spec: 1.0.1-dev' SwapFree: 2147479552 SwapTotal: 2147479552 arch: amd64 cpus: 2 eventlogger: journald hostname: podman kernel: 3.10.0-1160.66.1.el7.x86_64 os: linux rootless: false uptime: 46m 6.46s registries: blocked: null insecure: null search: - registry.access.redhat.com - registry.redhat.io - docker.io store: ConfigFile: /etc/containers/storage.conf ContainerStore: number: 0 GraphDriverName: overlay GraphOptions: {} GraphRoot: /var/lib/containers/storage GraphStatus: Backing Filesystem: xfs Native Overlay Diff: "true" Supports d_type: "true" Using metacopy: "false" ImageStore: number: 0 RunRoot: /var/run/containers/storage VolumePath: /var/lib/containers/storage/volumes [root@podman ~]#
查看镜像
[root@podman ~]# podman images REPOSITORY TAG IMAGE ID CREATED SIZE docker.io/library/hello-world latest feb5d9fea6a5 7 months ago 19.9 kB [root@podman ~]#
运行hello-wolrd镜像
[root@podman ~]# podman run --rm hello-world Hello from Docker! This message shows that your installation appears to be working correctly. To generate this message, Docker took the following steps: 1. The Docker client contacted the Docker daemon. 2. The Docker daemon pulled the "hello-world" image from the Docker Hub. (amd64) 3. The Docker daemon created a new container from that image which runs the executable that produces the output you are currently reading. 4. The Docker daemon streamed that output to the Docker client, which sent it to your terminal. To try something more ambitious, you can run an Ubuntu container with: $ docker run -it ubuntu bash Share images, automate workflows, and more with a free Docker ID: https://hub.docker.com/ For more examples and ideas, visit: https://docs.docker.com/get-started/ [root@podman ~]#
五、使用podman部署Nginx
# 搜索nginx镜像 podman search nginx # 拉取nginx镜像 podman pull docker.io/library/nginx # 查看nginx镜像 podman images # 运行nginx镜像 podman run -d -it --name nginx-xybdiy -p 8088:80 docker.io/library/nginx:latest # 查看正在运行的容器 podman ps # 查看nginx-xybdiy容器的详细信息 podman inspect nginx-xybdiy # 测试是否能够访问nginx curl http://192.168.200.11:8088 # 查看podman网络信息参数 podman network ls # 显示容器运行进程 podman top nginx-xybdiy # 进入正在运行的容器内 podman exec -it nginx-xybdiy /bin/bash
# 搜索nginx镜像 [root@podman ~]# podman search nginx INDEX NAME DESCRIPTION STARS OFFICIAL AUTOMATED ******省略内容****** docker.io docker.io/library/nginx Official build of Nginx. 16812 [OK] docker.io docker.io/bitnami/nginx Bitnami nginx Docker Image 126 [OK] docker.io docker.io/bitnami/nginx-ingress-controller Bitnami Docker Image for NGINX Ingress Contr... 18 [OK] ******省略内容****** [root@podman ~]# # 拉取nginx镜像 [root@podman ~]# podman pull docker.io/library/nginx Trying to pull docker.io/library/nginx... Getting image source signatures Copying blob 56fbf79cae7a done Copying blob 66eec13bb714 done Copying blob c4547ad15a20 done Copying blob d31373136b98 done Copying blob 17cb812420e3 done Copying blob 214ca5fb9032 done Copying config de2543b943 done Writing manifest to image destination Storing signatures de2543b9436b7b0e2f15919c0ad4eab06e421cecc730c9c20660c430d4e5bc47 # 查看nginx镜像 [root@podman ~]# podman images REPOSITORY TAG IMAGE ID CREATED SIZE docker.io/library/nginx latest de2543b9436b 2 days ago 146 MB docker.io/library/hello-world latest feb5d9fea6a5 7 months ago 19.9 kB [root@podman ~]# # 运行nginx镜像 [root@podman ~]# podman run -d -it --name nginx-xybdiy -p 8088:80 docker.io/library/nginx:latest 52bf996c92fc959a24c2153b6da8a23741f38bac976e2d310221978838a1f40e # 查看正在运行的容器 [root@podman ~]# podman ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 52bf996c92fc docker.io/library/nginx:latest nginx -g daemon o... 7 seconds ago Up 7 seconds ago 0.0.0.0:8088->80/tcp nginx-xybdiy # 测试是否能够访问nginx [root@podman ~]# curl http://192.168.200.11:8088 <!DOCTYPE html> <html> <head> <title>Welcome to nginx!</title> <style> html { color-scheme: light dark; } body { width: 35em; margin: 0 auto; font-family: Tahoma, Verdana, Arial, sans-serif; } </style> </head> <body> <h1>Welcome to nginx!</h1> <p>If you see this page, the nginx web server is successfully installed and working. Further configuration is required.</p> <p>For online documentation and support please refer to <a href="http://nginx.org/">nginx.org</a>.<br/> Commercial support is available at <a href="http://nginx.com/">nginx.com</a>.</p> <p><em>Thank you for using nginx.</em></p> </body> </html> [root@podman ~]#
# 查看nginx-xybdiy容器的详细信息 [root@podman ~]# podman inspect nginx-xybdiy [ { "Id": "52bf996c92fc959a24c2153b6da8a23741f38bac976e2d310221978838a1f40e", "Created": "2022-05-20T22:36:17.527099929+08:00", "Path": "/docker-entrypoint.sh", "Args": [ "nginx", "-g", "daemon off;" ], "State": { "OciVersion": "1.0.1-dev", "Status": "running", "Running": true, "Paused": false, "Restarting": false, "OOMKilled": false, "Dead": false, "Pid": 15128, "ConmonPid": 15117, "ExitCode": 0, "Error": "", "StartedAt": "2022-05-20T22:36:17.792384959+08:00", "FinishedAt": "0001-01-01T00:00:00Z", "Healthcheck": { "Status": "", "FailingStreak": 0, "Log": null } }, ******省略内容******
# 查看podman网络信息参数 [root@podman ~]# podman network ls NAME VERSION PLUGINS podman 0.4.0 bridge,portmap,firewall [root@podman ~]# podman network inspect podman [ { "cniVersion": "0.4.0", "name": "podman", "plugins": [ { "bridge": "cni-podman0", "ipMasq": true, "ipam": { "ranges": [ [ { "gateway": "10.88.0.1", "subnet": "10.88.0.0/16" } ] ], "routes": [ { "dst": "0.0.0.0/0" } ], "type": "host-local" }, "isGateway": true, "type": "bridge" }, { "capabilities": { "portMappings": true }, "type": "portmap" }, { "type": "firewall" } ] } ] [root@podman ~]#
显示容器运行进程
[root@podman ~]# podman top nginx-xybdiy USER PID PPID %CPU ELAPSED TTY TIME COMMAND root 1 0 0.000 7m15.694064578s pts/0 0s nginx: master process nginx -g daemon off; nginx 30 1 0.000 7m15.69421228s pts/0 0s nginx: worker process nginx 31 1 0.000 7m15.694257445s pts/0 0s nginx: worker process
进入正在运行的容器
[root@podman ~]# podman exec -it nginx-xybdiy /bin/bash root@52bf996c92fc:/# ls -l total 12 drwxr-xr-x 2 root root 4096 May 9 00:00 bin drwxr-xr-x 2 root root 6 Mar 19 13:46 boot drwxr-xr-x 5 root root 360 May 20 14:36 dev drwxr-xr-x 1 root root 41 May 17 22:36 docker-entrypoint.d -rwxrwxr-x 1 root root 1202 May 17 22:35 docker-entrypoint.sh drwxr-xr-x 1 root root 32 May 20 14:36 etc drwxr-xr-x 2 root root 6 Mar 19 13:46 home drwxr-xr-x 1 root root 45 May 9 00:00 lib drwxr-xr-x 2 root root 34 May 9 00:00 lib64 drwxr-xr-x 2 root root 6 May 9 00:00 media drwxr-xr-x 2 root root 6 May 9 00:00 mnt drwxr-xr-x 2 root root 6 May 9 00:00 opt dr-xr-xr-x 124 root root 0 May 20 14:36 proc drwx------ 1 root root 27 May 20 14:47 root drwxr-xr-x 1 root root 59 May 20 14:36 run drwxr-xr-x 2 root root 4096 May 9 00:00 sbin drwxr-xr-x 2 root root 6 May 9 00:00 srv dr-xr-xr-x 13 root root 0 May 20 14:47 sys drwxrwxrwt 1 root root 6 May 17 22:35 tmp drwxr-xr-x 1 root root 66 May 9 00:00 usr drwxr-xr-x 1 root root 19 May 9 00:00 var root@52bf996c92fc:/# exit exit [root@podman ~]#
停止并删除容器
[root@podman ~]# podman stop 52bf996c92fc 52bf996c92fc959a24c2153b6da8a23741f38bac976e2d310221978838a1f40e [root@podman ~]# podman rm 52bf996c92fc 52bf996c92fc959a24c2153b6da8a23741f38bac976e2d310221978838a1f40e [root@podman ~]#