一、什么是Podman?
Podman 是
一种无守护程序、开源的 Linux 原生工具,旨在使用 Open Containers Initiative (OCI) 容器和容器映像轻松查找、运行、构建、共享和部署应用程序。Podman 提供了任何使用过 Docker 容器引擎的人都熟悉的命令行界面 (CLI)。 大多数用户可以简单地将 Docker 别名为 Podman(别名 docker=podman)而不会出现任何问题。 与其他常见的容器引擎(Docker、CRI-O、containerd)类似,Podman 依赖于符合 OCI 的容器运行时(runc、crun、runv 等)来与操作系统交互并创建正在运行的容器。 这使得 Podman 创建的正在运行的容器与任何其他常见容器引擎创建的容器几乎没有区别。
Podman 控制下的容器可以由 root 或非特权用户运行。
Podman 使用 libpod 库管理整个容器生态系统,包括 pod、容器、容器映像和容器卷。
Podman 专注于帮助维护和修改 OCI 容器镜像的所有命令和功能,例如拉取和标记。
允许在生产环境中创建、运行和维护这些容器和容器映像。
有一个 RESTFul API 来管理容器。还有一个可以与 RESTFul 服务交互的远程 Podman 客户端。
目前支持 Linux、Mac 和 Windows 上的客户端。 RESTFul 服务仅在 Linux 上受支持。
二、podman与docker之间的区别联系
在上手程度上:Podman 的操作方式与 Docker 高度兼容,很适合docker用户转型使用podman。使用命令几乎和docker相同
在安全方面上: Docker 与 Podman 之间的一个重大区别涉及到安全问题。Docker 守护进程需要 root 权限;Podman 可以以非特权用户启动容器。
在运行方式上: Docker需要依赖于守护进程,Podman 不需要守护进程。
Podman 的使用方式及命令和 Docker 完全一致。
Docker 和 Podman 都使用 CLI 作为主要管理界面。
Podman 和 Docker 都符合 OCI 镜像标准。
三、基于centos系统安装podman
执行命令
# 使用YUM源搜索podman
yum provides podman
yum list | grep podman
执行命令结果
# 使用YUM源搜索podman
[root@podman ~]# yum provides podman
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
podman-1.4.4-2.el7.centos.x86_64 : Manage Pods, Containers and Container Images
Repo : extras
podman-1.4.4-4.el7.centos.x86_64 : Manage Pods, Containers and Container Images
Repo : extras
podman-1.6.4-16.el7_8.x86_64 : Manage Pods, Containers and Container Images
Repo : extras
podman-1.6.4-18.el7_8.x86_64 : Manage Pods, Containers and Container Images
Repo : extras
podman-1.6.4-22.el7_9.x86_64 : Manage Pods, Containers and Container Images
Repo : extras
podman-1.6.4-27.el7_9.x86_64 : Manage Pods, Containers and Container Images
Repo : extras
podman-1.6.4-29.el7_9.x86_64 : Manage Pods, Containers and Container Images
Repo : extras
podman-1.6.4-32.el7_9.x86_64 : Manage Pods, Containers and Container Images
Repo : extras
[root@podman ~]# yum list | grep podman
podman.x86_64 1.6.4-32.el7_9 extras
podman-docker.noarch 1.6.4-32.el7_9 extras
podman-remote.x86_64 1.6.4-32.el7_9 extras
podman-tests.x86_64 1.6.4-32.el7_9 extras
安装podman
yum install -y podman
执行命令结果
[root@podman ~]# rpm -qa podman
podman-1.6.4-32.el7_9.x86_64
配置阿里云镜像加速器
vim /etc/containers/registries.conf
# 编辑以下内容,这里使用阿里云的镜像加速器。
unqualified-search-registries = ["w2kavmmf.mirror.aliyuncs.com"]
搜索hello-world镜像
# 搜索hello-world镜像
podman search hello-world
下载hello-world镜像
[root@podman ~]# podman pull hello-world
Trying to pull registry.access.redhat.com/hello-world...
name unknown: Repo not found
Trying to pull registry.redhat.io/hello-world...
unable to retrieve auth token: invalid username/password: unauthorized: Please login to the Red Hat Registry using your Customer Portal credentials. Further instructions can be found here: https://access.redhat.com/RegistryAuthentication
Trying to pull docker.io/library/hello-world...
Getting image source signatures
Copying blob 2db29710123e done
Copying config feb5d9fea6 done
Writing manifest to image destination
Storing signatures
feb5d9fea6a5e9606aa995e879d862b825965ba48de054caab5ef356dc6b3412
[root@podman ~]#
运行hello-wolrd镜像
podman run --rm hello-world
四、使用podman相关命令
查看podman版本信息podman version
[root@podman ~]# podman version
Version: 1.6.4
RemoteAPI Version: 1
Go Version: go1.12.12
OS/Arch: linux/amd64
[root@podman ~]#
查看podman详细信息podman info
[root@podman ~]# podman info
host:
BuildahVersion: 1.12.0-dev
CgroupVersion: v1
Conmon:
package: conmon-2.0.8-1.el7.x86_64
path: /usr/bin/conmon
version: 'conmon version 2.0.8, commit: f85c8b1ce77b73bcd48b2d802396321217008762'
Distribution:
distribution: '"centos"'
version: "7"
MemFree: 3363446784
MemTotal: 4122746880
OCIRuntime:
name: runc
package: runc-1.0.0-69.rc10.el7_9.x86_64
path: /usr/bin/runc
version: 'runc version spec: 1.0.1-dev'
SwapFree: 2147479552
SwapTotal: 2147479552
arch: amd64
cpus: 2
eventlogger: journald
hostname: podman
kernel: 3.10.0-1160.66.1.el7.x86_64
os: linux
rootless: false
uptime: 46m 6.46s
registries:
blocked: null
insecure: null
search:
- registry.access.redhat.com
- registry.redhat.io
- docker.io
store:
ConfigFile: /etc/containers/storage.conf
ContainerStore:
number: 0
GraphDriverName: overlay
GraphOptions: {
}
GraphRoot: /var/lib/containers/storage
GraphStatus:
Backing Filesystem: xfs
Native Overlay Diff: "true"
Supports d_type: "true"
Using metacopy: "false"
ImageStore:
number: 0
RunRoot: /var/run/containers/storage
VolumePath: /var/lib/containers/storage/volumes
[root@podman ~]#
查看镜像
[root@podman ~]# podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/library/hello-world latest feb5d9fea6a5 7 months ago 19.9 kB
[root@podman ~]#
运行hello-wolrd镜像
[root@podman ~]# podman run --rm hello-world
Hello from Docker!
This message shows that your installation appears to be working correctly.
To generate this message, Docker took the following steps:
1. The Docker client contacted the Docker daemon.
2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
(amd64)
3. The Docker daemon created a new container from that image which runs the
executable that produces the output you are currently reading.
4. The Docker daemon streamed that output to the Docker client, which sent it
to your terminal.
To try something more ambitious, you can run an Ubuntu container with:
$ docker run -it ubuntu bash
Share images, automate workflows, and more with a free Docker ID:
https://hub.docker.com/
For more examples and ideas, visit:
https://docs.docker.com/get-started/
[root@podman ~]#
五、使用podman部署Nginx
# 搜索nginx镜像
podman search nginx
# 拉取nginx镜像
podman pull docker.io/library/nginx
# 查看nginx镜像
podman images
# 运行nginx镜像
podman run -d -it --name nginx-xybdiy -p 8088:80 docker.io/library/nginx:latest
# 查看正在运行的容器
podman ps
# 查看nginx-xybdiy容器的详细信息
podman inspect nginx-xybdiy
# 测试是否能够访问nginx
curl http://192.168.200.11:8088
# 查看podman网络信息参数
podman network ls
# 显示容器运行进程
podman top nginx-xybdiy
# 进入正在运行的容器内
podman exec -it nginx-xybdiy /bin/bash
# 搜索nginx镜像
[root@podman ~]# podman search nginx
INDEX NAME DESCRIPTION STARS OFFICIAL AUTOMATED
******省略内容******
docker.io docker.io/library/nginx Official build of Nginx. 16812 [OK]
docker.io docker.io/bitnami/nginx Bitnami nginx Docker Image 126 [OK]
docker.io docker.io/bitnami/nginx-ingress-controller Bitnami Docker Image for NGINX Ingress Contr... 18 [OK]
******省略内容******
[root@podman ~]#
# 拉取nginx镜像
[root@podman ~]# podman pull docker.io/library/nginx
Trying to pull docker.io/library/nginx...
Getting image source signatures
Copying blob 56fbf79cae7a done
Copying blob 66eec13bb714 done
Copying blob c4547ad15a20 done
Copying blob d31373136b98 done
Copying blob 17cb812420e3 done
Copying blob 214ca5fb9032 done
Copying config de2543b943 done
Writing manifest to image destination
Storing signatures
de2543b9436b7b0e2f15919c0ad4eab06e421cecc730c9c20660c430d4e5bc47
# 查看nginx镜像
[root@podman ~]# podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/library/nginx latest de2543b9436b 2 days ago 146 MB
docker.io/library/hello-world latest feb5d9fea6a5 7 months ago 19.9 kB
[root@podman ~]#
# 运行nginx镜像
[root@podman ~]# podman run -d -it --name nginx-xybdiy -p 8088:80 docker.io/library/nginx:latest
52bf996c92fc959a24c2153b6da8a23741f38bac976e2d310221978838a1f40e
# 查看正在运行的容器
[root@podman ~]# podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
52bf996c92fc docker.io/library/nginx:latest nginx -g daemon o... 7 seconds ago Up 7 seconds ago 0.0.0.0:8088->80/tcp nginx-xybdiy
# 测试是否能够访问nginx
[root@podman ~]# curl http://192.168.200.11:8088
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html {
color-scheme: light dark; }
body {
width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
[root@podman ~]#
# 查看nginx-xybdiy容器的详细信息
[root@podman ~]# podman inspect nginx-xybdiy
[
{
"Id": "52bf996c92fc959a24c2153b6da8a23741f38bac976e2d310221978838a1f40e",
"Created": "2022-05-20T22:36:17.527099929+08:00",
"Path": "/docker-entrypoint.sh",
"Args": [
"nginx",
"-g",
"daemon off;"
],
"State": {
"OciVersion": "1.0.1-dev",
"Status": "running",
"Running": true,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 15128,
"ConmonPid": 15117,
"ExitCode": 0,
"Error": "",
"StartedAt": "2022-05-20T22:36:17.792384959+08:00",
"FinishedAt": "0001-01-01T00:00:00Z",
"Healthcheck": {
"Status": "",
"FailingStreak": 0,
"Log": null
}
},
******省略内容******
# 查看podman网络信息参数
[root@podman ~]# podman network ls
NAME VERSION PLUGINS
podman 0.4.0 bridge,portmap,firewall
[root@podman ~]# podman network inspect podman
[
{
"cniVersion": "0.4.0",
"name": "podman",
"plugins": [
{
"bridge": "cni-podman0",
"ipMasq": true,
"ipam": {
"ranges": [
[
{
"gateway": "10.88.0.1",
"subnet": "10.88.0.0/16"
}
]
],
"routes": [
{
"dst": "0.0.0.0/0"
}
],
"type": "host-local"
},
"isGateway": true,
"type": "bridge"
},
{
"capabilities": {
"portMappings": true
},
"type": "portmap"
},
{
"type": "firewall"
}
]
}
]
[root@podman ~]#
显示容器运行进程
[root@podman ~]# podman top nginx-xybdiy
USER PID PPID %CPU ELAPSED TTY TIME COMMAND
root 1 0 0.000 7m15.694064578s pts/0 0s nginx: master process nginx -g daemon off;
nginx 30 1 0.000 7m15.69421228s pts/0 0s nginx: worker process
nginx 31 1 0.000 7m15.694257445s pts/0 0s nginx: worker process
进入正在运行的容器
[root@podman ~]# podman exec -it nginx-xybdiy /bin/bash
root@52bf996c92fc:/# ls -l
total 12
drwxr-xr-x 2 root root 4096 May 9 00:00 bin
drwxr-xr-x 2 root root 6 Mar 19 13:46 boot
drwxr-xr-x 5 root root 360 May 20 14:36 dev
drwxr-xr-x 1 root root 41 May 17 22:36 docker-entrypoint.d
-rwxrwxr-x 1 root root 1202 May 17 22:35 docker-entrypoint.sh
drwxr-xr-x 1 root root 32 May 20 14:36 etc
drwxr-xr-x 2 root root 6 Mar 19 13:46 home
drwxr-xr-x 1 root root 45 May 9 00:00 lib
drwxr-xr-x 2 root root 34 May 9 00:00 lib64
drwxr-xr-x 2 root root 6 May 9 00:00 media
drwxr-xr-x 2 root root 6 May 9 00:00 mnt
drwxr-xr-x 2 root root 6 May 9 00:00 opt
dr-xr-xr-x 124 root root 0 May 20 14:36 proc
drwx------ 1 root root 27 May 20 14:47 root
drwxr-xr-x 1 root root 59 May 20 14:36 run
drwxr-xr-x 2 root root 4096 May 9 00:00 sbin
drwxr-xr-x 2 root root 6 May 9 00:00 srv
dr-xr-xr-x 13 root root 0 May 20 14:47 sys
drwxrwxrwt 1 root root 6 May 17 22:35 tmp
drwxr-xr-x 1 root root 66 May 9 00:00 usr
drwxr-xr-x 1 root root 19 May 9 00:00 var
root@52bf996c92fc:/# exit
exit
[root@podman ~]#
停止并删除容器
[root@podman ~]# podman stop 52bf996c92fc
52bf996c92fc959a24c2153b6da8a23741f38bac976e2d310221978838a1f40e
[root@podman ~]# podman rm 52bf996c92fc
52bf996c92fc959a24c2153b6da8a23741f38bac976e2d310221978838a1f40e
[root@podman ~]#