podman快速入门详解与实践

2022-11-21 20:22:52 浏览数 (1)

podman简介

Podman 原来是 CRI-O 项目的一部分,后来被分离成一个单独的项目叫 libpod。Podman 的使用体验和 Docker 类似,不同的是 Podman 没有 daemon。以前使用 Docker CLI 的时候,Docker CLI 会通过 gRPC API 去跟 Docker Engine 说「我要启动一个容器」,然后 Docker Engine 才会通过 OCI Container runtime(默认是 runc)来启动一个容器。这就意味着容器的进程不可能是 Docker CLI 的子进程,而是 Docker Engine 的子进程。

Podman 比较简单粗暴,它不使用 Daemon,而是直接通过 OCI runtime(默认也是 runc)来启动容器,所以容器的进程是 podman 的子进程。这比较像 Linux 的 fork/exec 模型,而 Docker 采用的是 C/S(客户端/服务器)模型。与 C/S 模型相比,fork/exec 模型有很多优势,比如:

  • 系统管理员可以知道某个容器进程到底是谁启动的。
  • 如果利用 cgroup 对 podman 做一些限制,那么所有创建的容器都会被限制。
  • SD_NOTIFY : 如果将 podman 命令放入 systemd 单元文件中,容器进程可以通过 podman 返回通知,表明服务已准备好接收任务。
  • socket 激活 : 可以将连接的 socket 从 systemd 传递到 podman,并传递到容器进程以便使用它们。

Podman 兼容 Docker吗? 大部分是兼容的,例如:

1.可以直接使用 Docker 镜像

2.命令非常相似

如果你非常怀念 docker命令,甚至可以给 Podman 设置别名为 docker:

代码语言:javascript复制
echo "alias docker=podman" >> .bashrc

source .bashrc

可以说podman大部分的命令与docker几乎一样 安装podman

代码语言:javascript复制
yum -y install pod man

查看版本号

代码语言:javascript复制
[root@ok ~]# podman -v
podman version 1.6.4

podman默认网段10.88.0.1/16

代码语言:javascript复制
10: cni-podman0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 1a:76:c4:35:8d:39 brd ff:ff:ff:ff:ff:ff
    inet 10.88.0.1/16 brd 10.88.255.255 scope global cni-podman0
       valid_lft forever preferred_lft forever

命令详解

代码语言:javascript复制
[root@ok ~]# podman --help
manage pods and images

Usage:
  podman [flags]
  podman [command]

Available Commands:
  attach      Attach to a running container
  build       Build an image using instructions from Containerfiles
  commit      Create new image based on the changed container
  container   Manage Containers
  cp          Copy files/folders between a container and the local filesystem
  create      Create but do not start a container
  diff        Inspect changes on container's file systems
  events      Show podman events
  exec        Run a process in a running container
  export      Export container's filesystem contents as a tar archive
  generate    Generated structured data
  healthcheck Manage Healthcheck
  help        Help about any command
  history     Show history of a specified image
  image       Manage images
  images      List images in local storage
  import      Import a tarball to create a filesystem image
  info        Display podman system information
  init        Initialize one or more containers
  inspect     Display the configuration of a container or image
  kill        Kill one or more running containers with a specific signal
  load        Load an image from container archive
  login       Login to a container registry
  logout      Logout of a container registry
  logs        Fetch the logs of a container
  mount       Mount a working container's root filesystem
  network     Manage Networks
  pause       Pause all the processes in one or more containers
  play        Play a pod
  pod         Manage pods
  port        List port mappings or a specific mapping for the container
  ps          List containers
  pull        Pull an image from a registry
  push        Push an image to a specified destination
  restart     Restart one or more containers
  rm          Remove one or more containers
  rmi         Removes one or more images from local storage
  run         Run a command in a new container
  save        Save image to an archive
  search      Search registry for image
  start       Start one or more containers
  stats       Display a live stream of container resource usage statistics
  stop        Stop one or more containers
  system      Manage podman
  tag         Add an additional name to a local image
  top         Display the running processes of a container
  umount      Unmounts working container's root filesystem
  unpause     Unpause the processes in one or more containers
  unshare     Run a command in a modified user namespace
  varlink     Run varlink interface
  version     Display the Podman Version Information
  volume      Manage volumes
  wait        Block on one or more containers

Flags:
      --cgroup-manager string     Cgroup manager to use (cgroupfs or systemd) (default "systemd")
      --cni-config-dir string     Path of the configuration directory for CNI networks
      --config string             Path of a libpod config file detailing container server configuration options
      --conmon string             Path of the conmon binary
      --cpu-profile string        Path for the cpu profiling results
      --events-backend string     Events backend to use
      --help                      Help for podman
      --hooks-dir strings         Set the OCI hooks directory path (may be set multiple times)
      --log-level string          Log messages above specified level: debug, info, warn, error, fatal or panic (default "error")
      --namespace string          Set the libpod namespace, used to create separate views of the containers and pods on the system
      --network-cmd-path string   Path to the command for configuring the network
      --root string               Path to the root directory in which data, including images, is stored
      --runroot string            Path to the 'run directory' where all state information is stored
      --runtime string            Path to the OCI-compatible binary used to run containers, default is /usr/bin/runc
      --storage-driver string     Select which storage driver is used to manage storage of images and containers (default is overlay)
      --storage-opt stringArray   Used to pass an option to the storage driver
      --syslog                    Output logging information to syslog as well as the console
      --tmpdir string             Path to the tmp directory
      --trace                     Enable opentracing output
  -v, --version                   Version of podman

Use "podman [command] --help" for more information about a command.

podman使用阿里云镜像加速

国内直接用 podman pull 拉取镜像会很慢,所以需要配置阿里云容器镜像来加速访问 Podman 默认注册表配置文件在 /etc/containers/registries.conf 清空并修改为以下内容:

代码语言:javascript复制
unqualified-search-registries = ["docker.io"]

[[registry]]
prefix = "docker.io"
location = "******.mirror.aliyuncs.com"

把 location 对应的值修改为你的阿里云容器加速镜像地址就可以了,现在拉取镜像就是用的阿里云加速

pull镜像并运行 下载镜像

代码语言:javascript复制
podman pull nginx

查看镜像

代码语言:javascript复制
[root@ok system]# podman images
REPOSITORY                TAG      IMAGE ID       CREATED        SIZE
docker.io/library/nginx   latest   f6d0b4767a6c   2 months ago   137 MB

运行容器

代码语言:javascript复制
[root@ok system]# podman run -itd --name nginx -p 9999:80 f6d0b4767a6c
15122785bee25e2987bbc0dff7060ff5b36e7f6cf994a72ef3a3ab3827ffa4b9

0 人点赞