100) CentOS 8.2 mini 使用podman体验

1- podman介绍

1.1 官方地址

podman 官方地址：https://podman.io/

安装文档：https://podman.io/getting-started/installation.html

github:

https://github.com/containers/podman A tool for managing OCI containers and pods

https://github.com/containers/podman.io Repository for *podman*.io website using GitHub Pages.

podman-compose: https://github.com/containers/podman-compose a script to run docker-compose.yml using *podman*

https://github.com/cockpit-project/cockpit-podman Cockpit UI for *podman* containers

1.2- 简介

Podman（Pod Manager）是一个功能齐全的容器引擎，它是一个简单的无守护工具。 Podman提供了一个类似Docker-CLI的命令行，可以简化从其他容器引擎的转换，并允许管理pod，容器和图像。 简单地说：alias docker = podman。 大多数Podman命令可以作为普通用户运行，而无需额外的权限。

Podman在内部使用Buildah（1）来创建容器图像。 两个工具共享图像（而不是容器）存储，因此每个工具可以使用或操纵由另一个创建的图像（但不能操纵容器）。

注意！ podman 可以在非root账号下运行容器，所以，什么身份进行操作也是比较重要的。 以普通用户和以root身份pull下来的images存储位置不同，并且， “podman image list" 只显示当前用户拉取的镜像。

拉取的镜像的存储位置， 可以通过”podman info"来获取相关信息。

1.3- podman info

[root@podman ~]# podman info
host:
  BuildahVersion: 1.12.0-dev
  CgroupVersion: v1
  Conmon:
    package: conmon-2.0.6-1.module_el8.2.0+305+5e198a41.x86_64
    path: /usr/bin/conmon
    version: 'conmon version 2.0.6, commit: a2b11288060ebd7abd20e0b4eb1a834bbf0aec3e'
  Distribution:
    distribution: '"centos"'
    version: "8"
  MemFree: 2632916992
  MemTotal: 3850694656
  OCIRuntime:
    name: runc
    package: runc-1.0.0-65.rc10.module_el8.2.0+305+5e198a41.x86_64
    path: /usr/bin/runc
    version: 'runc version spec: 1.0.1-dev'
  SwapFree: 0
  SwapTotal: 0
  arch: amd64
  cpus: 2
  eventlogger: journald
  hostname: podman
  kernel: 4.18.0-193.el8.x86_64
  os: linux
  rootless: false
  uptime: 19h 29m 39.18s (Approximately 0.79 days)
registries:    ##镜像拉取的地址，默认在/etc/containers/registries.d/*  和/etc/containers/registries.conf 下配置
  blocked: null
  insecure: null
  search:
  - registry.access.redhat.com
  - registry.redhat.io
  - docker.io
store:
  ConfigFile: /etc/containers/storage.conf
  ContainerStore:
    number: 1
  GraphDriverName: overlay
  GraphOptions: {}
  GraphRoot: /var/lib/containers/storage
  GraphStatus:
    Backing Filesystem: xfs
    Native Overlay Diff: "true"
    Supports d_type: "true"
    Using metacopy: "false"
  ImageStore:
    number: 1
  RunRoot: /var/run/containers/storage
  VolumePath: /var/lib/containers/storage/volumes

2- 安装

2.1- 安装podman

• 配置阿里源

sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo

wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-8.repo

• 安装podman

dnf install podman -y

• 验证

podman pull nginx  #默认拉取docker.io的镜像
podman run -d -p 8000:80 nginx

• 查看

[root@podman ~]# podman ps
CONTAINER ID  IMAGE                           COMMAND               CREATED        STATUS            PORTS                 NAMES
230608d56568  docker.io/library/nginx:latest  nginx -g daemon o...  5 seconds ago  Up 4 seconds ago  0.0.0.0:8000->80/tcp  bold_moser
[root@podman ~]# podman images
REPOSITORY                TAG      IMAGE ID       CREATED       SIZE
docker.io/library/nginx   latest   7e4d58f0e5f3   10 days ago   137 MB

• 访问

[root@podman ~]# curl 127.0.0.1:8000
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
    body {
         35em;
        margin: 0 auto;
        font-family: Tahoma, Verdana, Arial, sans-serif;
    }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>

• 配置镜像国内源

Podman 默认注册表配置文件在 /etc/containers/registries.conf

[root@podman ~]# mv /etc/containers/registries.conf /etc/containers/registries.conf.bak

[root@podman containers]# cat /etc/containers/registries.conf|grep -v #
[registries.search]
registries = ['daocloud.io', 'docker.io']  ##使用dacloud.io


[registries.insecure] 
registries = ['127.0.0.1:5000']   #本地仓库

[registries.block]
registries = []

• 加速国外下载【可选】

mv /etc/containers/registries.conf /etc/containers/registries.conf.bak2
cat > /etc/containers/registries.conf <<EOF
unqualified-search-registries = ["docker.io"]
[[registry]]
prefix = "docker.io"
location = "wbuj86p5.mirror.aliyuncs.com"
EOF

• 安装本地仓库

[root@podman containers]# mkdir -p /var/lib/registry
pod


[root@podman containers]# podman run -d -p 5000:5000 -v /var/lib/registry/:/var/lib/registry/ --name registry -h registry registry
Trying to pull daocloud.io/registry...   ##默认使用了daocloud.io的镜像
Getting image source signatures
Copying blob c1cc712bcecd done
Copying blob cbdbe7a5bc2a done
Copying blob 47112e65547d done
Copying blob 46bcb632e506 done
Copying blob 3db6272dcbfa done
Copying config 2d4f4b5309 done
Writing manifest to image destination
Storing signatures
db80eb2dfb74ecad614886e5576b2312c35ba4727da87641dff80412b543eb73

• 上传镜像测试

[root@podman containers]# podman images
REPOSITORY                TAG      IMAGE ID       CREATED        SIZE
docker.io/library/nginx   latest   7e4d58f0e5f3   11 days ago    137 MB
daocloud.io/registry      latest   2d4f4b5309b1   3 months ago   26.8 MB

[root@podman containers]# podman push 127.0.0.1:5000/nginx
Getting image source signatures
Copying blob 908cf8238301 done
Copying blob 60c688e8765e done
Copying blob f431d0917d41 done
Copying blob eabfa4cd2d12 done
Copying blob 07cab4339852 done
Copying config 7e4d58f0e5 done
Writing manifest to image destination
Storing signatures

[root@podman containers]# podman rmi 127.0.0.1:5000/nginx
Untagged: 127.0.0.1:5000/nginx:latest
[root@podman containers]# podman images
REPOSITORY                TAG      IMAGE ID       CREATED        SIZE
docker.io/library/nginx   latest   7e4d58f0e5f3   11 days ago    137 MB
daocloud.io/registry      latest   2d4f4b5309b1   3 months ago   26.8 MB

[root@podman containers]# podman run -d -p 88:80 127.0.0.1:5000/nginx
Trying to pull 127.0.0.1:5000/nginx...
Getting image source signatures
Copying blob 42eade652e50 skipped: already exists
Copying blob c1b72aa51480 skipped: already exists
Copying blob bf264e730e63 skipped: already exists
Copying blob 2675cf39f47a skipped: already exists
Copying blob 3229408fe179 skipped: already exists
Copying config 7e4d58f0e5 done
Writing manifest to image destination
Storing signatures
a48b6ce735d285784d2555310b953b40f895f18ecae0318c9e81653047653fa1

[root@podman containers]# curl 127.0.0.1:88
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
    body {
         35em;
        margin: 0 auto;
        font-family: Tahoma, Verdana, Arial, sans-serif;
    }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>

2.2- 容器备份迁移

podman 会先把容器打包成一个 gz 包，然后可以到远程服务器上导入

[root@podman containers]# podman container --help
Manage containers

Usage:
  podman container [command]

Available Commands:
  attach      Attach to a running container
  checkpoint  Checkpoints one or more containers
  cleanup     Cleanup network and mountpoints of one or more containers
  commit      Create new image based on the changed container
  cp          Copy files/folders between a container and the local filesystem
  create      Create but do not start a container
  diff        Inspect changes on container's file systems
  exec        Run a process in a running container
  exists      Check if a container exists in local storage
  export      Export container's filesystem contents as a tar archive
  init        Initialize one or more containers
  inspect     Display the configuration of a container
  kill        Kill one or more running containers with a specific signal
  list        List containers
  logs        Fetch the logs of a container
  mount       Mount a working container's root filesystem
  pause       Pause all the processes in one or more containers
  port        List port mappings or a specific mapping for the container
  prune       Remove all stopped containers
  restart     Restart one or more containers
  restore     Restores one or more containers from a checkpoint
  rm          Remove one or more containers
  run         Run a command in a new container
  runlabel    Execute the command described by an image label
  start       Start one or more containers
  stats       Display a live stream of container resource usage statistics
  stop        Stop one or more containers
  top         Display the running processes of a container
  umount      Unmounts working container's root filesystem
  unpause     Unpause the processes in one or more containers
  wait        Block on one or more containers

[root@podman containers]# podman container checkpoint --help
Checkpoints one or more containers

Description:

   podman container checkpoint

   Checkpoints one or more running containers. The container name or ID can be used.


Usage:
  podman container checkpoint [flags] CONTAINER [CONTAINER...]

Examples:
  podman container checkpoint --keep ctrID
  podman container checkpoint --all
  podman container checkpoint --leave-running --latest

Flags:
  -a, --all               Checkpoint all running containers
  -e, --export string     Export the checkpoint image to a tar.gz
      --ignore-rootfs     Do not include root file-system changes when exporting
  -k, --keep              Keep all temporary checkpoint files
  -l, --latest            Act on the latest container podman is aware of
  -R, --leave-running     Leave the container running after writing checkpoint to disk
      --tcp-established   Checkpoint a container with established TCP connections

• 案例

[root@podman containers]# podman ps
CONTAINER ID  IMAGE                           COMMAND               CREATED         STATUS             PORTS                   NAMES
a48b6ce735d2  127.0.0.1:5000/nginx:latest     nginx -g daemon o...  21 minutes ago  Up 21 minutes ago  0.0.0.0:88->80/tcp      naughty_stonebraker
db80eb2dfb74  daocloud.io/registry:latest     /etc/docker/regis...  28 minutes ago  Up 28 minutes ago  0.0.0.0:5000->5000/tcp  registry
230608d56568  docker.io/library/nginx:latest  nginx -g daemon o...  20 hours ago    Up 20 hours ago    0.0.0.0:8000->80/tcp    bold_moser


[root@podman containers]# podman container checkpoint 2306 -e nginx.tar.gz
a48b6ce735d285784d2555310b953b40f895f18ecae0318c9e81653047653fa1

[root@podman containers]# podman rm  2306 -f
[root@podman containers]# podman rmi 7e4d -f


[root@podman containers]# podman container restore -i nginx.tar.gz
Trying to pull docker.io/library/nginx:latest...
Getting image source signatures
Copying blob d121f8d1c412 skipped: already exists
Copying blob ebd81fc8c071 done
Copying blob 2ee525c5c3cc done
Copying blob 655316c160af done
Copying blob d15953c0e0f8 done
Copying config 7e4d58f0e5 done
Writing manifest to image destination
Storing signatures
230608d56568ffb0564774bae89963baed0cdc5038a46ccbbeccc0ae7f193a11
[root@podman containers]# podman ps
CONTAINER ID  IMAGE                           COMMAND               CREATED         STATUS             PORTS                   NAMES
230608d56568  docker.io/library/nginx:latest  nginx -g daemon o...  6 seconds ago   Up 6 seconds ago   0.0.0.0:8000->80/tcp    bold_moser
db80eb2dfb74  daocloud.io/registry:latest     /etc/docker/regis...  43 minutes ago  Up 42 minutes ago  0.0.0.0:5000->5000/tcp  registry

3- 命令

podman大部分命令和docker一样

podman -h

Available Commands:
  attach      Attach to a running container
  build       Build an image using instructions from Dockerfiles
  commit      Create new image based on the changed container
  container   Manage Containers
  cp          Copy files/folders between a container and the local filesystem
  create      Create but do not start a container
  diff        Inspect changes on container's file systems   
  events      Show podman events
  exec        Run a process in a running container
  export      Export container's filesystem contents as a tar archive
  generate    Generated structured data  
  healthcheck Manage Healthcheck
  help        Help about any command
  history     Show history of a specified image
  image       Manage images  ##管理镜像
  images      List images in local storage
  import      Import a tarball to create a filesystem image
  info        Display podman system information
  init        Initialize one or more containers
  inspect     Display the configuration of a container or image
  kill        Kill one or more running containers with a specific signal
  load        Load an image from container archive
  login       Login to a container registry
  logout      Logout of a container registry
  logs        Fetch the logs of a container
  mount       Mount a working container's root filesystem
  pause       Pause all the processes in one or more containers
  play        Play a pod
  pod         Manage pods
  port        List port mappings or a specific mapping for the container
  ps          List containers
  pull        Pull an image from a registry
  push        Push an image to a specified destination
  restart     Restart one or more containers
  rm          Remove one or more containers
  rmi         Removes one or more images from local storage
  run         Run a command in a new container
  save        Save image to an archive
  search      Search registry for image
  start       Start one or more containers
  stats       Display a live stream of container resource usage statistics
  stop        Stop one or more containers
  system      Manage podman  ##管理podman
  tag         Add an additional name to a local image
  top         Display the running processes of a container
  umount      Unmounts working container's root filesystem
  unpause     Unpause the processes in one or more containers
  unshare     Run a command in a modified user namespace
  version     Display the Podman Version Information
  volume      Manage volumes
  wait        Block on one or more containers

Flags:
      --cgroup-manager string        Cgroup manager to use (cgroupfs or systemd) (default "systemd")
      --cni-config-dir string        Path of the configuration directory for CNI networks
      --config string                Path of a libpod config file detailing container server configuration options
      --conmon string                Path of the conmon binary
      --cpu-profile string           Path for the cpu profiling results
      --default-mounts-file string   Path to default mounts file
      --help                         Help for podman
      --hooks-dir strings            Set the OCI hooks directory path (may be set multiple times)
      --log-level string             Log messages above specified level: debug, info, warn, error, fatal or panic (default "error")
      --namespace string             Set the libpod namespace, used to create separate views of the containers and pods on the system
      --network-cmd-path string      Path to the command for configuring the network
      --root string                  Path to the root directory in which data, including images, is stored
      --runroot string               Path to the 'run directory' where all state information is stored
      --runtime string               Path to the OCI-compatible binary used to run containers, default is /usr/bin/runc
      --storage-driver string        Select which storage driver is used to manage storage of images and containers (default is overlay)
      --storage-opt stringArray      Used to pass an option to the storage driver
      --syslog                       Output logging information to syslog as well as the console
      --tmpdir string                Path to the tmp directory
      --trace                        Enable opentracing output
      --version                      Version for podman

Use "podman [command] --help" for more information about a command.