1. Introduction to Podman container
Podman (Pod Manager) is a container management tool launched by RedHat. It is positioned as a substitute for Docker, and its use is similar to that of Docker. Podman originated from the CRI-O project, which can directly access the implementation of OCI (such as runC), and the process is shorter than docker.
Podman is an open source container runtime project available on most Linux platforms. Podman provides very similar functionality to Docker. It doesn't require any daemons to run on the system, and it can also be run without root privileges. Podman can manage and run any container and container image that conforms to the OCI (Open Container Initiative) specification. Podman provides a Docker-compatible command-line front-end for managing Docker images.
2. The difference between Podman and Docker
In the link of container management, the implementation of Docker Engine is dockerd daemon, which needs to run as root in Linux, dockerd calls containerd, containerd calls containerd-shim, and then can call runc. As the name implies, shim acts as a "shim", preventing the parent process from exiting and affecting the operation of the container.
podman directly invokes the OCI runtime (runc), and uses common as a management tool for container processes, but does not require dockerd, a daemon process that runs as root.
In the podman system, there is a daemon process called common, whose running path is usually /usr/libexec/podman/conmon, which is the parent process of each container process, each container has one, and the parent of common is usually is process number 1. The common in podman is actually equivalent to the containerd-shim in the docker system.
What is reflected in the above figure is that podman does not require a daemon process, while docker requires a daemon process. Podman solves the above problems by directly interacting with Image Registry, Image and Container, rather than through the daemon process. Additionally, Podman allows users to run containers without full root privileges. More importantly, it also provides Docker-compatible commands, allowing users to easily switch from the original Docker commands to Podman.
3. Podman container common commands
3.1 Container related commands
podman run #创建并启动容器
podman start #启动容器
podman ps #查看容器
podman stop #终止容器
podman restart #重启容器
podman attach #进入容器
podman exec #进入容器
podman export #导出容器
podman import #导入容器快照
podman rm #删除容器
podman logs #查看日志
podman system migrate #为用户停止所有容器并终止暂停进程3.2 Mirror related commands
podman search #检索镜像
docke pull #获取镜像
podman images #列出镜像
podman image Is #列出镜像
podman rmi #删除镜像
podman image rm #删除镜像
podman save #导出镜像
podman load #导入镜像
podmanfile #定制镜像(三个)
podman build #构建镜像
podman run #运行镜像
podmanfile #常用指令(四个)
• COPY #复制文件
• ADD #高级复制
• CMD #容器启动命令
• ENV #环境变量
• EXPOSE #暴露端口4. Deploy and use Podman containers
4.1 Podman installation
4.1.1 Installation by yum
//安装podman
yum -y install podman
//仓库配置
vim /etc/containers/registries.conf
[registries.search]
registries = ['registry.access.redhat.com', 'registry.redhat.io', 'docker.io'] unqualified-search-registries = ["registry.fedoraproject.org", "registry.access.redhat.com", "registry.centos.org", "docker.io"] 4.1.2 Source code installation
git clone https://github.com/containers/podman/cd podman
make BUILDTAGS="selinux seccomp"
sudo make install PREFIX=/usr 4.2 Use of Podman
Verify that the installation was successful
run podman container
podman run -d --name httpd docker.io/library/httpd
podman images
list running containers
podman ps
Note: Podman will show all containers if you add -a to the ps command.
Check running containers
You can "inspect" a running container's metadata and details about itself. We can even use the inspect subcommand to see the IP address assigned to the container. Since the container is running in rootless mode, no IP address is assigned, and the value will be listed as "None" in the output of the inspection.
Note: -l is a convenience argument for the latest container. You can also use the ID of the container instead of -l.
podman inspect -l | grep IPAddress
View the logs of a running container
podman logs --latest
View process resource usage in a running container
podman top <container_id>
Stop a running container
podman stop --latest
delete a container
podman rm --latest