This article describes how to install podman and create a podman container |
environment
install podman
Podman is a container environment, first install Podman on the host. Execute the following command to install podman:
[root@localhost ~]# yum -y install podman
Then modify the size of the user namespace:
[root@localhost ~]# echo "user.max_user_namespaces=28633" >> /etc/sysctl.d/userns.conf [root@localhost ~]# sysctl -p /etc/sysctl.d/userns.conf user.max_user_namespaces = 28633
Let's create a podman container to take a look. The following is the UBI image of RHEL:
[root@localhost ~]# podman run ubi8/ubi cat /etc/os-release Resolved "ubi8/ubi" as an alias (/etc/containers/registries.conf.d/001-rhel-shortnames.conf) Trying to pull registry.access.redhat.com/ubi8/ubi:latest... Getting image source signatures Checking if image destination supports signatures Copying blob ce3c6836540f done Copying blob 63f9f4c31162 done Copying config cc06568478 done Writing manifest to image destination Storing signatures NAME="Red Hat Enterprise Linux" VERSION="8.5 (Ootpa)" ID="rhel" ID_LIKE="fedora" VERSION_ID="8.5" PLATFORM_ID="platform:el8" PRETTY_NAME="Red Hat Enterprise Linux 8.5 (Ootpa)" ANSI_COLOR="0;31" CPE_NAME="cpe:/o:redhat:enterprise_linux:8::baseos" HOME_URL="https://www.redhat.com/" DOCUMENTATION_URL="https://access.redhat.com/documentation/red_hat_enterprise_linux/8/" BUG_REPORT_URL="https://bugzilla.redhat.com/" REDHAT_BUGZILLA_PRODUCT="Red Hat Enterprise Linux 8" REDHAT_BUGZILLA_PRODUCT_VERSION=8.5 REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux" REDHAT_SUPPORT_PRODUCT_VERSION="8.5"
Create Dockerfile
A Dockerfile can now be created to specify how to build the new image. First you need to create a directory for the Dockerfile:
[root@localhost ~]# mkdir ~/myc [root@localhost ~]# cd ~/myc
Create a file Dockerfile to build a new image:
[root@localhost myc]# vim Dockerfile FROM ubi8/ubi:latest RUN dnf install -y nano
Start using podman build to create the container:
[root@localhost myc]# podman build -f Dockerfile -t ubi-with-nano [root@localhost myc]# podman build -f Dockerfile -t ubi-with-nano STEP 1/2: FROM ubi8/ubi:latest STEP 2/2: RUN dnf install -y nano Updating Subscription Management repositories. Unable to read consumer identity ...
Use podman images
to confirm whether to create a new image:
[root@localhost myc]# podman images
BestCentOS - Select every high-quality technical dry article
Now that you can run the container, check that the nano editor is available:
[root@localhost myc]# podman run localhost/ubi-with-nano /usr/bin/which nano /usr/bin/nano
Check if it is installed by looking at the location of the nano executable.
Nano is now installed in your custom container. You can also run the container interactively:
[root@localhost myc]# podman run -it localhost/ubi-with-nano /bin/bash [root@d1f0e46f2b6d /]# ls bin dev home lib64 media opt root sbin sys usr boot etc lib lost+found mnt proc run srv tmp var [root@d1f0e46f2b6d /]#
Run in a container exit
to exit the container.
You can use podman ps
to view running containers, if you need to view stopped containers, you can add -a
options:
[root@localhost myc]# podman ps [root@localhost myc]# podman ps -a
storage
One thing that often confuses new users is their ephemeral nature. For example, enter the file created in the container. After exiting, enter again and find that the file is gone. Next, we mount the folder in the container that needs to store permanent files to a folder in the system. The following creates a storage location locally:
[root@localhost ~]# mkdir /pod_data
Then start the container using your storage directory as some relative mount point. This example /pod_data
binds a local directory to a location named in the container /storage
, which must be appended at directory location :Z
so that SELinux can switch contexts between the host and Podman.
[root@localhost ~]# podman run -it --volume /pod_data:/storage:Z localhost/ubi-with-nano [root@d590bc344b76 /]# echo "hello podman" >> /storage/msg.txt [root@d590bc344b76 /]# exit exit [root@localhost ~]# cat /pod_data/msg.txt hello podman
You can see that after the directory is bound, write data in the container, exit the container, and /pod_data
you can see the written content on the local machine.
Summarize
This article describes how to install podman and create a podman container