Podman部署及应用
什么是podman
Podman是一个开源项目,可在大多数Linux平台上使用并开源在GitHub上。Podman是一个无守护进程的容器引擎,用于在Linux系统上开发,管理和运行Open Container Initiative(OCI)容器和容器镜像。Podman提供了一个与Docker兼容的命令行前端,它可以简单地作为Docker cli,简单地说你可以直接添加别名:alias docker = podman来使用podman。
Podman控制下的容器可以由root用户运行,也可以由非特权用户运行。Podman管理整个容器的生态系统,其包括pod,容器,容器镜像,和使用libpod library的容器卷。Podman专注于帮助您维护和修改OCI容器镜像的所有命令和功能,例如拉取和标记。它允许您在生产环境中创建,运行和维护从这些映像创建的容器
部署podman
安装podman
[root@localhost ~]# dnf -y install podman
//配置podman镜像加速器
[root@localhost ~]# vim /etc/containers/registries.conf
unqualified-search-registries = ["docker.io"] //修改设置拉取镜像取docker官网拉取
[[registry]] //添加
prefix = "docker.io" //添加
location = "w673ojdv.mirror.aliyuncs.com" //配置加速器
[root@localhost ~]# systemctl enable --now podman
podman基础操作
查看版本
[root@localhost ~]# podman -v
podman version 3.3.1
[root@localhost ~]# podman version
Version: 3.3.1
API Version: 3.3.1
Go Version: go1.16.7
Built: Wed Nov 10 05:23:56 2021
OS/Arch: linux/amd64
[root@localhost ~]#
查看详细信息
[root@localhost ~]# podman info
host:
arch: amd64
buildahVersion: 1.22.3
cgroupManager: systemd
cgroupVersion: v1
conmon:
package: conmon-2.0.29-1.module_el8.5.0+890+6b136101.x86_64
path: /usr/bin/conmon
version: 'conmon version 2.0.29, commit: 84384406047fae626269133e1951c4b92eed7603'
cpus: 4
distribution:
distribution: '"centos"'
version: "8"
-----------------省略--------------------
imageStore:
number: 1
runRoot: /run/containers/storage
volumePath: /var/lib/containers/storage/volumes
version:
APIVersion: 3.3.1
Built: 1636493036
BuiltTime: Wed Nov 10 05:23:56 2021
GitCommit: ""
GoVersion: go1.16.7
OsArch: linux/amd64
Version: 3.3.1
搜索镜像
[root@localhost ~]# podman search httpd
INDEX NAME DESCRIPTION STARS OFFICIAL AUTOMATED
docker.io docker.io/library/httpd The Apache HTTP Server Project 4116 [OK]
docker.io docker.io/clearlinux/httpd httpd HyperText Transfer Protocol (HTTP) ser... 2
docker.io docker.io/centos/httpd-24-centos7 Platform for running Apache httpd 2.4 or bui... 44
docker.io docker.io/manageiq/httpd Container with httpd, built on CentOS for Ma... 1 [OK]
拉取镜像
[root@localhost ~]# podman pull httpd
Resolving "httpd" using unqualified-search registries (/etc/containers/registries.conf)
Trying to pull docker.io/library/httpd:latest...
Getting image source signatures
Copying blob dcc4698797c8 done
Copying blob 41c22baa66ec done
Copying blob d982c879c57e done
Copying blob a2abf6c4d29d done
Copying blob 67283bbdd4a0 done
Copying config dabbfbe0c5 done
Writing manifest to image destination
Storing signatures
dabbfbe0c57b6e5cd4bc089818d3f664acfad496dc741c9a501e72d15e803b34
列出镜像
[root@localhost ~]# podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/library/httpd latest dabbfbe0c57b 7 months ago 148 MB
[root@localhost ~]# podman image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/library/httpd latest dabbfbe0c57b 7 months ago 148 MB
删除镜像
[root@localhost ~]# podman rmi httpd
Untagged: docker.io/library/httpd:latest
Deleted: dabbfbe0c57b6e5cd4bc089818d3f664acfad496dc741c9a501e72d15e803b34
[root@localhost ~]# podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
[root@localhost ~]# podman image rm httpd
Untagged: docker.io/library/httpd:latest
Deleted: dabbfbe0c57b6e5cd4bc089818d3f664acfad496dc741c9a501e72d15e803b34
[root@localhost ~]# podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
[root@localhost ~]# podman rmi -f httpd
Untagged: docker.io/library/httpd:latest
Deleted: dabbfbe0c57b6e5cd4bc089818d3f664acfad496dc741c9a501e72d15e803b34
[root@localhost ~]# podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
导出镜像
[root@localhost ~]# podman image save httpd > httod.tar
[root@localhost ~]# ls
anaconda-ks.cfg httod.tar
导入镜像
[root@localhost ~]# podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/library/httpd latest dabbfbe0c57b 7 months ago 148 MB
[root@localhost ~]# podman rmi httpd
Untagged: docker.io/library/httpd:latest
Deleted: dabbfbe0c57b6e5cd4bc089818d3f664acfad496dc741c9a501e72d15e803b34
[root@localhost ~]# podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
[root@localhost ~]# podman image load < httod.tar
Getting image source signatures
Copying blob deefaa620a71 done
Copying blob 1da636a1aa95 done
Copying blob 2edcec3590a4 done
Copying blob 15e4bf5d0804 done
Copying blob 9cff3206f9a6 done
Copying config dabbfbe0c5 done
Writing manifest to image destination
Storing signatures
Loaded image(s): docker.io/library/httpd:latest
[root@localhost ~]# podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/library/httpd latest dabbfbe0c57b 7 months ago 148 MB
创建容器
//podman create 创建容器
[root@localhost ~]# podman create httpd //创建但不启动容器
5d0bd832c2d6477ba535819abc1c4072ce17fa4feab015b4e92c72c9fb053831
创建并启动容器
//podman run 创建一个运行的容器
[root@localhost ~]# podman run -it --name web httpd /bin/bash
root@9868d220012a:~#
--name 容器名 //指定容器名
--label 标记名 //加标记方便查找
-it //让容器的输入保持打开状态,并分配终端
-c //不进行登录执行命令
-d //将容器放入后台进行执行
-v //可以创建多个数据卷也可挂载到宿主机的目录,如果本地没有目录,则自动生成一个目录
//挂载方法:宿主机目录:docker数据卷
-p //小写p映射端口 宿主机端:容器端口
-P //大写P发布所有公开的端口(随机映射端口号)
--volumes-from //容器和容器之间建立联系
----restart always //永久开启容器,服务重启后容器也会启动,不会关闭
--rm //一次性容器,退出后直接删除
列出容器
[root@localhost ~]# podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
//-a 查看全部容器,包含未启动的容器
[root@localhost ~]# podman ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
5d0bd832c2d6 docker.io/library/httpd:latest httpd-foreground 2 minutes ago Created friendly_ritchie
启动一个或多个容器
[root@localhost ~]# podman start web
web
停止一个或多个容器
[root@localhost ~]# podman stop web
web
重启容器
[root@localhost ~]# podman restart web
1a779a889fd2d0758f1b1672a9142358153327f9ec00765e62641ce0fee79497
连接到运行的容器
[root@localhost ~]# podman attach web //退出会关闭
root@1a779a889fd2# exit
在正在运行的容器中运行命令
[root@localhost ~]# podman exec -it web /bin/sh //退出不会停止
# ls
bin build cgi-bin conf error htdocs icons include logs modules
# exit
[root@localhost ~]# podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
0118e5cab030 docker.io/library/httpd:latest /bin/bash 4 minutes ago Up 54 seconds ago 0.0.0.0:80->80/tcp web
删除容器
[root@localhost ~]# podman ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
5d0bd832c2d6 docker.io/library/httpd:latest httpd-foreground 2 minutes ago Created friendly_ritchie
[root@localhost ~]# podman rm 5d0bd832c2d6
5d0bd832c2d6477ba535819abc1c4072ce17fa4feab015b4e92c72c9fb053831
[root@localhost ~]# podman ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@localhost ~]# podman ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
391246a3e97d docker.io/library/httpd:latest httpd-foreground 12 seconds ago Created condescending_cartwright
[root@localhost ~]# podman rm -f 391246a3e97d //-f 强制删除
391246a3e97d071e4da2ac4dbe7b4414e99ac840edc67adaf1c7d9c04f5c9abf
[root@localhost ~]# podman ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
查看容器日志
[root@localhost ~]# docker logs web
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message
[Fri Aug 05 15:17:38.444681 2022] [mpm_event:notice] [pid 1:tid 139833106722112] AH00489: Apache/2.4.52 (Unix) configured -- resuming normal operations
干掉运行中的容器
[root@localhost ~]# docker kill web //kill强制关闭
web
[root@localhost ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
9fdaf3c409da httpd "httpd-foreground" 6 minutes ago Exited (137) 4 seconds ago web
显示容器或镜像的配置
[root@localhost ~]# podman inspect httpd
[
{
"Id": "dabbfbe0c57b6e5cd4bc089818d3f664acfad496dc741c9a501e72d15e803b34",
"Digest": "sha256:0954cc1af252d824860b2c5dc0a10720af2b7a3d3435581ca788dff8480c7b32",
"RepoTags": [
"docker.io/library/httpd:latest"
],
"RepoDigests": [
"docker.io/library/httpd@sha256:0954cc1af252d824860b2c5dc0a10720af2b7a3d3435581ca788dff8480c7b32",
"docker.io/library/httpd@sha256:57c1e4ff150e2782a25c8cebb80b574f81f06b74944caf972f27e21b76074194"
]
登录镜像仓库
[root@localhost ~]# podman login docker.io
Username: xinruizhong
Password:
Login Succeeded!
登出镜像仓库
[root@localhost ~]# podman logout docker.io
Removed login credentials for docker.io
显示指定镜像的历史记录
[root@localhost ~]# podman image history httpd
ID CREATED CREATED BY SIZE COMMENT
dabbfbe0c57b 7 months ago /bin/sh -c #(nop) CMD ["httpd-foreground"] 0 B
<missing> 7 months ago /bin/sh -c #(nop) EXPOSE 80 0 B
<missing> 7 months ago /bin/sh -c #(nop) COPY file:c432ff61c4993e... 3.58 kB
<missing> 7 months ago /bin/sh -c #(nop) STOPSIGNAL SIGWINCH 0 B
<missing> 7 months ago /bin/sh -c set -eux; savedAptMark="$(apt... 61.1 MB
列出端口映射或容器的特定映射
[root@localhost ~]# podman port web
80/tcp -> 0.0.0.0:80
重命名现有的容器
[root@localhost ~]# podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
7403c4f042b4 docker.io/library/httpd:latest /bin/sh 2 minutes ago Up 2 minutes ago 0.0.0.0:80->80/tcp web
[root@localhost ~]# podman rename web httpd
[root@localhost ~]# podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
7403c4f042b4 docker.io/library/httpd:latest /bin/sh 3 minutes ago Up 2 minutes ago 0.0.0.0:80->80/tcp httpd
显示一个容器的运行进程
[root@localhost ~]# podman top web
USER PID PPID %CPU ELAPSED TTY TIME COMMAND
root 1 0 0.000 5m56.414637232s ? 0s httpd -DFOREGROUND
www-data 8 1 0.000 5m55.414828093s ? 0s httpd -DFOREGROUND
www-data 9 1 0.000 5m55.414853952s ? 0s httpd -DFOREGROUND
www-data 10 1 0.000 5m55.414877937s ? 0s httpd -DFOREGROUND
给本地镜像添加标签
root@localhost ~]# podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/library/httpd latest dabbfbe0c57b 7 months ago 148 MB
[root@localhost ~]# podman tag docker.io/library/httpd docker.io/library/httpd:v0.1
[root@localhost ~]# podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/library/httpd latest dabbfbe0c57b 7 months ago 148 MB
docker.io/library/httpd v0.1 dabbfbe0c57b 7 months ago 148 MB
podman生成
[root@localhost ~]# podman generate systemd --help
Generate systemd units.
Description:
Generate systemd units for a pod or container.
The generated units can later be controlled via systemctl(1).
Usage:
podman generate systemd [options] {CONTAINER|POD}
Examples:
podman generate systemd CTR
podman generate systemd --new --time 10 CTR
podman generate systemd --files --name POD
Options:
--container-prefix string Systemd unit name prefix for containers (default "container")
-f, --files Generate .service files instead of printing to stdout
--format string Print the created units in specified format (json)
-n, --name Use container/pod names instead of IDs
--new Create a new container instead of starting an existing one
--no-header Skip header generation
--pod-prefix string Systemd unit name prefix for pods (default "pod")
--restart-policy string Systemd restart-policy (default "on-failure")
--separator string Systemd unit name separator between name/id and prefix (default "-")
-t, --time uint Stop timeout override (default 10)
//示例
[root@localhost ~]# podman generate systemd --name web --files --new
/root/container-web.service
[root@localhost ~]# cp /root/container-web.service /usr/lib/systemd/system/
[root@localhost ~]# systemctl daemon-reload
[root@localhost ~]# systemctl status container-web.service
● container-web.service - Podman container-web.service
Loaded: loaded (/usr/lib/systemd/system/container-web.service; disabled; vendor preset: disabl>
Active: inactive (dead)
Docs: man:podman-generate-systemd(1)
[root@localhost ~]# systemctl enable --now container-web.service
Created symlink /etc/systemd/system/multi-user.target.wants/container-web.service → /usr/lib/systemd/system/container-web.service.
Created symlink /etc/systemd/system/default.target.wants/container-web.service → /usr/lib/systemd/system/container-web.service.
显示容器资源使用统计的实时流
[root@localhost ~]# podman stats web
ID NAME CPU % MEM USAGE / LIMIT MEM % NET IO BLOCK IO PIDS CPU TIME AVG CPU %
1d337a97c9a0 web 0.01% 27.96MB / 3.885GB 0.72% 1.604kB / 2.205kB 8.192kB / 0B 82 74.971194ms 0.00%
卸载工作容器的根文件系统
[root@localhost ~]# podman umount web
web
[root@localhost ~]# podman exec -it web /bin/sh //卸载后无法进入容器
Error: exec failed: container_linux.go:380: starting container process caused: process_linux.go:99: starting setns process caused: fork/exec /proc/self/exe: no such file or directory: OCI runtime attempted to invoke a command that was not found
挂载工作容器的根文件系统
[root@localhost ~]# podman mount web
/var/lib/containers/storage/overlay/e190e6ad8069bc29d32418a2eeb3f9d7d4a7d831a1a36cc97ef5f5d6111b8b2b/merged
[root@localhost ~]# podman exec -it web /bin/sh
# exit
内容来源于网络如有侵权请私信删除
文章来源: 博客园
- 还没有人评论,欢迎说说您的想法!
客服
