文章目录
Podman基础
1、什么是Podman?
Podman是一种开源的Linux原生工具,旨在根据开放容器倡议(Open Container Initiative,OCI)标准开发、管理和运行容器和Pod。Podman是RedHat开发的一个用户友好的容器调度器,是RedHat 8和CentOS 8中默认的容器引擎。
它是一款集合了命令集的工具,设计初衷是为了处理容器化进程的不同任务,可以作为一个模块化框架工作。它的工具集包括:
- Podman:Pod和容器镜像管理器
- Buildah:容器镜像生成器
- Skopeo:容器镜像检查管理器
- Runc:容器运行器和特性构建器,并传递给Podman和Buildah
- Crun:可选运行时,为Rootless容器提供更大的灵活性、控制和安全性
Podman 官网地址:https://podman.io/
Podman 项目地址:https://github.com/containers/libpod
2、Podman和Docker的区别
- docker需要使用root用户来创建容器,但是podman不需要 ,这点很友好
- docker启动的容器支持 --restart 策略,但是 podman不支持,如果在k8s中就不存在这个问题,可以设置pod的重启策略,在系统中我们可以采用编写systemd服务来完成自启动
- 启动容器的方式不同:
- docker 需要在我们的系统上运行一个守护进程(docker daemon),而 podman 不需要
- docker cli 命令通过API跟 Docker Engine(引擎)交互告诉它我想创建一个container(容器),然后docker Engine才会调用OCI container runtime(runc)来启动一个container。这代表container的process(进程)不会是Docker CLI的child process(子进程),而是Docker Engine(引擎)的child process(子进程)。
- Podman是直接给OCI containner runtime(runc)进行交互来创建容器的,所以container(容器) process(进程)直接是podman的child process(子进程)。
图中所体现的事情是,podman不需要守护进程,而dorker需要守护进程。在这个图的示意中,dorcker的containerd-shim与podman的common被归在Container一层。
3、Podman的使用
3.1Podman的安装
# 1.首先配置yum仓库
[root@localhost yum.repos.d]#curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-vault-8.5.2111.repo
[root@localhost yum.repos.d]#sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo
# 2.安装Podman
[root@localhost ~]# yum -y install podman
[root@localhost ~]# podman version
Version: 3.3.1
API Version: 3.3.1
Go Version: go1.16.7
Built: Wed Nov 10 05:23:56 2021
OS/Arch: linux/amd64
配置加速器
这里使用的是阿里云加速器,获取方法见Docker基础用法
# 备份配置文件
[root@localhost ~]# cd /etc/containers/
[root@localhost containers]# ls
certs.d oci policy.json registries.conf registries.conf.d registries.d storage.conf
[root@localhost containers]# mv registries.conf registries.conf.backups
# 新建一个空的registries.conf文件,并进行配置
[root@localhost containers]# vim registries.conf
unqualified-search-registries = ["docker.io"] #镜像仓库地址,这里只用docker.io
[[registry]]
prefix = ""
location= "6vrrj6n2.mirror.aliyuncs.com" #镜像仓库地址,这里只用io
3.2 Podman常用命令
镜像
podman search #查找镜像
[root@localhost ~]# podman search bosybox
INDEX NAME DESCRIPTION STARS OFFICIAL AUTOMATED
docker.io docker.io/deathknight2/bosybox 0
docker.io docker.io/messi110/bosybox 0
docker.io docker.io/demodocker07/bosybox 0
docker.io docker.io/bosybox/bosybox 0
docker.io docker.io/wan012q/bosybox 0
docker.io docker.io/xiaowen20/http bosybox http 0
docker.io docker.io/yushanshuai/httpd bosybox httpd 0
docker.io docker.io/15908168410/bosybox 测试bosybox 0
podman pull #获取镜像
[root@localhost ~]# podman pull busybox
Resolved "busybox" as an alias (/etc/containers/registries.conf.d/000-shortnames.conf)
Trying to pull docker.io/library/busybox:latest...
Getting image source signatures
Copying blob 50783e0dfb64 done
Copying config 7a80323521 done
Writing manifest to image destination
Storing signatures
7a80323521ccd4c2b4b423fa6e38e5cea156600f40cd855e464cc52a321a24dd
podman images #列出镜像
[root@localhost ~]# podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/library/busybox latest 7a80323521cc 2 weeks ago 1.47 MB
podman rmi #删除镜像
[root@localhost ~]# podman rmi busybox
Untagged: docker.io/library/busybox:latest
Deleted: 7a80323521ccd4c2b4b423fa6e38e5cea156600f40cd855e464cc52a321a24dd
[root@localhost ~]# podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
podman inspect 获取镜像的详细信息
[root@localhost ~]# docker inspect 镜像名:标签
......
podman tag 添加镜像别名,类似于别名
[root@localhost ~]# docker tag 镜像名:标签 新镜像名:新标签
# 实例:
[root@localhost ~]# podman tag busybox:latest runtime:v1
[root@localhost ~]# podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/library/busybox latest 7a80323521cc 2 weeks ago 1.47 MB
localhost/runtime v1 7a80323521cc 2 weeks ago 1.47 MB
podman save #导出镜像
[root@localhost ~]# podman save > busybox.tar busybox
[root@localhost ~]# ls
anaconda-ks.cfg busybox.tar
podman load #导入镜像
[root@localhost ~]# podman load < busybox.tar
Getting image source signatures
Copying blob 084326605ab6 done
Copying config 7a80323521 done
Writing manifest to image destination
Storing signatures
Loaded image(s): docker.io/library/busybox:latest
[root@localhost ~]# podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/library/busybox latest 7a80323521cc 2 weeks ago 1.47 MB
容器
podman run #创建并启动容器
[root@localhost ~]# podman run -dit --name web1 httpd
8405d2772400fe8026cd45d538f8f391410e7213e7c0217fba37a970eba72ff4
podman create #创建容器
[root@localhost ~]# podman create httpd
podman ps # 查看容器
[root@localhost ~]# podman ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
8405d2772400 docker.io/library/httpd:latest httpd-foreground 2 minutes ago Up 2 minutes ago web1
3a7c9d32adf5 docker.io/library/httpd:latest httpd-foreground 33 seconds ago Created strange_neumann
podman start # 启动容器
[root@localhost ~]# podman start 3a7c9d32adf5
3a7c9d32adf5
[root@localhost ~]# podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
8405d2772400 docker.io/library/httpd:latest httpd-foreground 3 minutes ago Up 2 minutes ago web1
3a7c9d32adf5 docker.io/library/httpd:latest httpd-foreground About a minute ago Up 13 seconds ago strange_neumann
podman restart # 重启容器
[root@localhost ~]# podman restart 3a7c9d32adf5
3a7c9d32adf5e21ceba3b19a885fd595e2950ae7d3618efc443088367704ace3
podman stop # 停止容器
[root@localhost ~]# podman stop 3a7c9d32adf5
3a7c9d32adf5
[root@localhost ~]# podman ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
8405d2772400 docker.io/library/httpd:latest httpd-foreground 4 minutes ago Up 4 minutes ago web1
3a7c9d32adf5 docker.io/library/httpd:latest httpd-foreground 2 minutes ago Exited (0) 7 seconds ago strange_neumann
podman rm # 删除容器
# 使用rm删除容器(删除时容器应处于停止状态,若容器还在运行则删除失败,可以使用rm -f强制删除)
[root@localhost ~]# podman rm 3a7c9d32adf5
3a7c9d32adf5e21ceba3b19a885fd595e2950ae7d3618efc443088367704ace3
[root@localhost ~]# podman ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
8405d2772400 docker.io/library/httpd:latest httpd-foreground 4 minutes ago Up 4 minutes ago web1
odman logs # 查看容器日志
[root@localhost ~]# podman logs web1
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 10.88.0.4. Set the 'ServerName' directive globally to suppress this message
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 10.88.0.4. Set the 'ServerName' directive globally to suppress this message
[Sat Aug 13 06:12:09.085347 2022] [mpm_event:notice] [pid 1:tid 140027846626624] AH00489: Apache/2.4.54 (Unix) configured -- resuming normal operations
[Sat Aug 13 06:12:09.085496 2022] [core:notice] [pid 1:tid 140027846626624] AH00094: Command line: 'httpd -D FOREGROUND'
podman attach # 进入容器
# 使用attach进入到容器的内部,但不能操作且退出时容器也会停止,不推荐使用。
[root@localhost ~]#podman attach web2
(另开一个终端访问它)
[root@localhost ~]# curl 10.88.0.9
<html><body><h1>It works!</h1></body></html>
(内部出现访问信息)
10.88.0.1 - - [13/Aug/2022:06:27:11 +0000] "GET / HTTP/1.1" 200 45
podman exec # 进入容器
# 使用exec -it指定交互模式进入容器,比如/bin/bash或/bin/sh,由此可以实现操作且退出时容器不会停止
(需要先启动容器)
[root@localhost ~]# podman start web1
web1
[root@localhost ~]# podman exec -it web1 /bin/bash
root@8405d2772400:/usr/local/apache2#
podman export # 导出容器
[root@localhost ~]# podman export -o web.tar web1
[root@localhost ~]# ls
anaconda-ks.cfg busybox.tar web.tar
podman import # 导入容器快照
[root@localhost ~]# podman import web.tar
Getting image source signatures
Copying blob f8c5231b85bd done
Copying config 4166d975be done
Writing manifest to image destination
Storing signatures
sha256:4166d975beffdcb17b6a87b7f6b0878594b8e4d4d972e487c70fe60626b07724
[root@localhost ~]# podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
<none> <none> 4166d975beff 5 minutes ago 147 MB
docker.io/library/httpd latest f2a976f932ec 11 days ago 149 MB
4、Podman镜像的拉取与推送
# 1.设置镜像别名,名称为483607723/runtime,版本为v2
[root@localhost ~]# podman tag docker.io/library/httpd:latest docker.io/483607723/runtime:v2
[root@localhost ~]# podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/library/httpd latest f2a976f932ec 11 days ago 149 MB
docker.io/483607723/runtime v2 f2a976f932ec 11 days ago 149 MB
# 2.登陆我们dockerhub账号
[root@localhost ~]# podman login
Username: 483607723
Password:
Login Succeeded!
# 3.上传刚才修改的镜像
[root@localhost ~]# podman push docker.io/483607723/runtime:v2
Getting image source signatures
Copying blob eea65516ea3b skipped: already exists
Copying blob 92a4e8a3140f skipped: already exists
Copying blob 28a53545632f skipped: already exists
Copying blob 54fa52c69e00 skipped: already exists
Copying blob 0c2dead5c030 [--------------------------------------] 0.0b / 0.0b
Copying config f2a976f932 done
Writing manifest to image destination
Storing signatures
# 4.从网上下载我们刚上传的镜像
[root@localhost ~]# podman pull 483607723/runtime:v2
Trying to pull docker.io/483607723/runtime:v2...
Getting image source signatures
Copying blob 80cb79a80bbe skipped: already exists
Copying blob aed046121ed8 skipped: already exists
Copying blob 1efc276f4ff9 skipped: already exists
Copying blob 4340e7be3d7f skipped: already exists
Copying blob 80e368ef21fc [--------------------------------------] 0.0b / 0.0b
Copying config f2a976f932 done
Writing manifest to image destination
Storing signatures
f2a976f932ec6fe48978c1cdde2c8217a497b1f080c80e49049e02757302cf74