2023年7月6日发(作者:)
podman—⼊门篇docker与podman区别:podman是⼀个容器⼯具,不使⽤守护进程来开发、管理和运⾏ OCI 容器,因此它必须在 Linux OS 上运⾏(可以由root⽤户运⾏,也可以由⾮特权⽤户运⾏)是开源的容器管理⼯具docker是⼀个容器引擎,Docker 需要在你的系统上运⾏⼀个守护进程,是以 root ⾝份在你的系统上运⾏该守护程序。什么是Podman?简⽽⾔之:alias docker = podmanpodmanPodman是⼀个开源项⽬,可在⼤多数Linux平台上使⽤并开源在GitHub上。Podman是⼀个⽆守护进程的容器引擎,⽤于在Linux系统上开发,管理和运⾏Open Container Initiative(OCI)容器和容器镜像要启动 Podman 管理的 VM:podman machine initpodman machine start安装podman[root@localhost ~]# yum list all|grep _el8.6.0+944+d413f95e appstream
pcp-pmda-podman.x86_64 8 appstream
podman.x86_64 1:_el8.6.0+954+963caf36 appstream
podman-catatonit.x86_64 1:_el8.6.0+954+963caf36 appstream
1:_el8.6.0+954+963caf36 appstream
[root@localhost ~]# yum -y install podman-docker[root@localhost ~]# which podman/usr/bin/podman[root@localhost ~]# which docker/usr/bin/docker安装完后是可以使⽤的[root@localhost ~]# podman search busyboxINDEX NAME DESCRIPTION STARS OFFICIAL /library/busybox Busybox base image. 2415 [OK]
/radial/busyboxplus Full-chain, Internet enabled, busybox 43 [OK] /yauritux/busybox-curl Busybox with CURL 16
/arm64v8/busybox Busybox base image. 3
/odise/busybox-curl 4 [OK] /vukomir/busybox busybox and curl 1
/amd64/busybox Busybox base image. 0
/prom/busybox Prometheus Busybox Docker base images 2 [OK] /ppc64le/busybox Busybox base image. 1
/arm32v7/busybox Busybox base image. 10
/s390x/busybox Busybox base image. 2
/i386/busybox Busybox base image. 2
/joeshaw/busybox-nonroot Busybox container with non-root user nobody 2
/arm32v5/busybox Busybox base image. 0
/p7ppc64/busybox Busybox base image for ppc64. 2
/arm32v6/busybox Busybox base image. 3
/armhf/busybox Busybox base image. 6
/mips64le/busybox Busybox base image. 1
/spotify/busybox Spotify fork of /_/ 1
/aarch64/busybox Busybox base image. 3
/progrium/busybox 70 [OK] /concourse/busyboxplus 0
/emccorp/busybox Busybox 0
/lqshow/busybox-curl Busybox image adds a curl binary to /usr/bin 1 [OK] /ggtools/busybox-ubuntu Busybox ubuntu version with extra goodies 0 [OK][root@localhost ~]# podman run -it /library/busybox /bin/shTrying to pull /library/Getting image source signaturesCopying blob 3cb635b06aa2 done
Copying config ffe9d497c3 done
Writing manifest to image destinationStoring signatures/ #
重新开⼀个终端查看[root@localhost ~]# docker psEmulate Docker CLI using podman. Create /etc/containers/nodocker to quiet NER ID IMAGE COMMAND CREATED STATUS PORTS NAMES146fae3dd23f /library/busybox:latest /bin/sh 11 seconds ago Up 10 seconds ago goofy_keldyshSUID和SDID/etc/subuid 和
/etc/subgid配置SUID 是 Set User ID 不管⽤哪⼀个⽤户去启动⼀个进程,SGID 是 Set Group ID 设置在⽬录⾥⾯设置东西,继承属主/etc/subuid中的配置含义是:uinnova:1000:1,uid为1000的uinnova⽤户,映射到容器内的rootuinnova:100000:65536,⽤户uinnova,在当前的 user namespace 中具有 65536 个从属⽤户,⽤户 ID 为 100000-165535,在⼀个⼦ user namespace 中,这些从属⽤户被映射成 ID 为 0-65535 的⽤户/etc/subgid是⽤户组的配置,与/etc/subuid同理上述配置中⽤到的uid、gid查询,可以通过以下命令获取# 获取uinnova⽤户的uidid uinnova# 获取uinnova⽤户组的gidcat /etc/group | grep uinnova实例:[root@localhost ~]# useradd cat[root@localhost ~]# cat /etc/subuidzhuzhu:100000:65536cat:165536:65536[root@localhost ~]# cat /etc/subgidzhuzhu:100000:65536cat:165536:65536启动命名空间sysctl _user_namespaces=15000 #在centos7上⾯需要做此命令,8上⾯不需要做普通⽤户使⽤podman的⽅式⽤户的配置⽂件三个主要的配置⽂件是,和。⽤户可以根据需要修改这些⽂件。dman读取时/usr/share/containers//etc/containers/$HOME/.config/containers/如果它们以该顺序存在。每个⽂件都可以覆盖特定字段的先前⽂件。对于则是/etc/containers/$HOME/.config/containers/在普通⽤户中/etc/containers/的⼀些字段将被忽略graphroot="" container storage graph dir (default: "/var/lib/containers/storage") Default directory to store all writable content created by container storage programs.
runroot="" container storage run dir (default: "/run/containers/storage") Default directory to store all temporary writable content created by container storage progr在普通⽤户中这些字段默认graphroot="$HOME/.local/share/containers/storage"runroot="$XDG_RUNTIME_DIR/containers"配置按此顺序读⼊,这些⽂件不是默认创建的,可以从/usr/share/containers或复制⽂件/etc/containers并进⾏修改。/etc/containers/ /etc/containers/registries.d/* HOME/.config/containers/授权⽂件podman login 登录,默认授权⽂件位于中
${XDG_RUNTIME_DIR}/containers/[root@localhost ~]# podman loginUsername: 1163582076Password:
Login Succeeded![root@localhost ~]# cat /run/user/0/containers/{ "auths": { "": { "auth": "MTE2MzU4MjA3Njp3dWxhaTUyMA==" } }普通⽤户使⽤的配置在允许没有root特权的⽤户运⾏Podman之前,管理员必须安装或构建Podman并完成以下配置cgroup V2Linux内核功能允许⽤户限制普通⽤户容器可以使⽤的资源,如果使⽤cgroup V2启⽤了运⾏Podman的Linux发⾏版,则可能需要更改默认的OCI运⾏时。某些较旧的版本runc不适⽤于cgroup V2,必须切换到备⽤OCI运⾏时crun[root@localhost ~]# yum -y install crun[root@localhost ~]# vim /usr/share/containers/448 runtime = "crun" 取消#449 #runtime = "runc"
注释掉配置⽂件[root@localhost ~]# vim /etc/containers/unt_program = "/usr/bin/fuse-overlayfs"–userns=keep-id标志,以确保⽤户被映射到容器内⾃⼰的UID和GID使⽤卷容器与root⽤户⼀起运⾏,则root容器中的⽤户实际上就是主机上的⽤户。UID / GID 1是在/etc/subuid和/etc/subgid等中⽤户映射中指定的第⼀个UID / GID 。如果普通⽤户的⾝份从主机⽬录挂载到容器中,并在该⽬录中以根⽤户⾝份创建⽂件,则会看到它实际上是你的⽤户在主机上拥有的。[root@localhost ~]# su - zhuzhu[zhuzhu@localhost ~]$ whoamizhuzhu[zhuzhu@localhost ~]$ pwd/home/zhuzhu[zhuzhu@localhost ~]$ podman imagesREPOSITORY TAG IMAGE ID CREATED SIZE[zhuzhu@localhost ~]$ podman ps -aCONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES[zhuzhu@localhost ~]$ mkdir test[zhuzhu@localhost ~]$ podman run -it -v "$(pwd)"/test:/test --userns=keep-id busybox /bin/sh~ $ lsbin dev etc home proc root run sys test tmp usr var~ $ cd test//test $ ls/test $ touch abc/test $ ls -l abc-rw-r--r-- 1 root root 0 Mar 10 23:05 abc/ # exit
[test@centos ~]$ ls -ltotal 0drwxrwxr-x 2 zhuzhu zhuzhu 17 Mar 11 07:05 test[zhuzhu@localhost ~]$ podman run -it --userns=keep-id -v "$(pwd)"/test:/test --userns=keep-id busybox /bin/sh~ $ iduid=1000(zhuzhu) gid=1000(zhuzhu)~ $ lsbin dev etc home proc root run sys test tmp usr var~ $ pwd/ cd test//test $ touch bcd/test $ ls -l xxxxx/total 0-rw-r--r-- 1 test test 0 Mar 10 23:05 abc-rw-r--r-- 1 test test 0 Mar 10 23:10 bcd~ $ exit[test@centos ~]$ ll test/total 0-rw-r--r-- 1 zhuzhu zhuzhu 0 Mar 11 07:05 abc-rw-r--r-- 1 zhuzhu zhuzhu 0 Mar 11 07:10 bcdpodman常⽤命令了解如何设置 Podman 并使⽤该实⽤程序执⾏⼀些基本命令帮助命令docker version # 显⽰docker的版本信息docker info # 显⽰docker的系统信息,包括镜像和容器的数量docker 命令xxx --help # 帮助命令podman logs查看⽇志[root@localhost ~]# podman logs --latest/: /docker-entrypoint.d/ is not empty, will attempt to perform configuration/: Looking for shell scripts in /docker-entrypoint.d//: Launching /docker-entrypoint.d/2021/12/13 10:26:30 [notice] 1#1: using the "epoll" event method2021/12/13 10:26:30 [notice] 1#1: nginx/1.21.42021/12/13 10:26:30 [notice] 1#1: built by gcc 10.2.1 20210110 (Debian 10.2.1-6)
2021/12/13 10:26:30 [notice] 1#1: OS: Linux 8.x86_642021/12/13 10:26:30 [notice] 1#1: getrlimit(RLIMIT_NOFILE): 1048576:1/12/13 10:26:30 [notice] 1#1: start worker processes2021/12/13 10:26:30 [notice] 1#1: start worker process 302021/12/13 10:26:30 [notice] 1#1: start worker process 31查看注册表上⾯镜像的信息[root@localhost nginx]# podman inspect /1163582076/nginx[ { "Id": "499e5864a5123928174a64aed9b456467ecebdf441501bd1f1cc8191b0905e03", "Digest": "sha256:1ff9b700e91035108bf80526a4c355b331f971202296bbcfa91ecef415e80b39", "RepoTags": [ "/library/nginx:latest", "/1163582076/nginx:latest" ], "RepoDigests": [ "/1163582076/nginx@sha256:1ff9b700e91035108bf80526a4c355b331f971202296bbcfa91ecef415e80b39", "/library/nginx@sha256:1ff9b700e91035108bf80526a4c355b331f971202296bbcfa91ecef415e80b39" ], "Parent": "ef9d1d21f5b6d4c9795f012a31c6981cfb5f3713feb108e01ebc01684069cc0d", "Comment": "", "Created": "2021-12-13T10:35:09.302512059Z", "Config": { "Env": [ "PATH=/usr/local/nginx/sbin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" ], "Cmd": [ "nginx", "-g", "daemon off" ], "Labels": { "n": "1.23.1", "-date": "20210915", "e": "GPLv2", "": "CentOS Base Image", "-version": "1.0", "": "CentOS" } }, "Version": "", "Author": "", "Architecture": "amd64", "Os": "linux", "Size": 565470342, "VirtualSize": 565470342, "GraphDriver": { "Name": "overlay", "Data": { "LowerDir":
------镜像命令docker images 查看所有本地主机上的镜像[root@AutoTestServer ~]# podman imagesREPOSITORY TAG IMAGE ID CREATED /library/redis latest 621ceef7494a 5 weeks ago 108 MB
解释REPOSITORY 镜像的仓库源TAG 镜像的标签IMAGE ID 镜像的idCREATED 镜像的创建时间#
可选项 -a, --all #
列出所有的镜像 -q, --quiet #
只显⽰镜像的iddocker search 搜索镜像[root@AutoTestServer ~]# docker search mysqlEmulate Docker CLI using podman. Create /etc/containers/nodocker to quiet NAME DESCRIPTION STARS OFFICIAL /rhscl/mysql-80-rhel7 This container image provides /library/mysql MySQL is a widely used, 10516 [OK] /mysql/mysql-server Optimized MySQL Server Docker images. 772 [OK] /bitnami/mysql Bitnami MySQL Docker Image 48 [OK] /circleci/mysql MySQL is a widely used, /mysql/mysql-cluster Experimental MySQL Cluster Docker images. Cr... /schickling/mysql-backup-s3 Backup MySQL to S3 (supports 29 [OK] /centos/mysql-57-centos7 MySQL 5.7 SQL database server /library/mariadb MariaDB is a community-developed fork 3927 [OK] /deitch/mysql-backup REPLACED! Please use /r... 41 [OK] /ansibleplaybookbundle/mysql-apb An APB which deploys RHSCL MySQL 2 [OK]#
可选项--filter , -f Filter output based on conditions provided#
选择starts
⼤于等于5000的镜像源[root@AutoTestServer ~]# docker search mysql -f=stars=5000Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet NAME DESCRIPTION STARS OFFICIAL /library/mysql MySQL is a widely used, 10516 [OK]docker pull 下载镜像[root@localhost ~]# docker pull /library/mysqlEmulate Docker CLI using podman. Create /etc/containers/nodocker to quiet to pull /library/Getting image source signaturesCopying blob df186527fc46 done
Copying blob fa362a6aa7bd done
Copying blob 5af7cb1a200e done
Copying blob 949da226cc6d done
Copying blob bce007079ee9 done
Copying blob ffbb094f4f9e done
Copying blob eab9f076e5a3 done
Copying blob b1ccc6ed6fc7 done
Copying blob 8a57a7529e8d done
Copying blob b4af75e64169 done
Copying blob 3aed6a9cd681 done
Copying blob 23390142f76f done
Copying config bbf6571db4 done
Writing manifest to image destinationStoring signaturesbbf6571db4977fe13c3f4e6289c1409fc6f98c2899eabad39bfe07cad8f64f67# /library/mysql,这个版本是我们搜索到的,stars
最多的版本#
默认下载最新的版本[root@localhost ~]# docker pull mysql:5.7#
指定某个版本下载docker rmi xxx 删除镜像docker images # 查看拉取的本地镜像docker rmi IMAGE ID # 删除镜像容器命令docker run 命令docker run [可选参数] image#
参数说明--name = "Name" 容器名字 tomcat01,tomcat02,⽤来区分容器-d 后台⽅式运⾏-it 使⽤交互⽅式运⾏,进⼊容器查看区分-p 指定容器的端⼝ -p 8080:8080 -p ip:主机端⼝:容器端⼝ -p 主机端⼝:容器端⼝(常⽤) -p 容器端⼝ 容器端⼝-p 随机指定端⼝docker rm 删除容器docker rm 容器id # 删除指定容器,不能删除正在运⾏的容器,如果要强制删除 rm -fdocker rm -f $(docker ps -aq) # 删除所有的容器docker ps -aq|xargs docker rm # 删除所有的容器启动和停⽌容器的操作:docker start 容器id # 启动容器docker restart 容器id # 重启容器docker stop 容器id # 停⽌当前正在运⾏的容器docker kill 容器id # 强制停⽌当前容器实例:[root@localhost ~]# podman run -d --name web2 /library/nginx
开启⼀个容器cae0fd208f352526f7d1e5aecd00f95295fcc4cde393c47c99e8a128804ecbb6[root@localhost ~]# docker ps -aEmulate Docker CLI using podman. Create /etc/containers/nodocker to quiet NER ID IMAGE COMMAND CREATED STATUS PORTS NAMES146fae3dd23f /library/busybox:latest /bin/sh 5 hours ago Exited (0) 5 hours ago goofy_keldysh0e4b728a1a83 /library/nginx:latest nginx -g 59 minutes ago Up 59 minutes ago web1cae0fd208f35 /library/nginx:latest nginx -g 25 seconds ago Exited (1) 24 seconds ago web2[root@localhost ~]# podman stop --latestcae0fd208f352526f7d1e5aecd00f95295fcc4cde393c47c99e8a128804ecbb6[root@localhost ~]# docker psEmulate Docker CLI using podman. Create /etc/containers/nodocker to quiet NER ID IMAGE COMMAND CREATED STATUS PORTS NAMES0e4b728a1a83 /library/nginx:latest nginx -g About an hour ago Up About an hour ago web1所有命令如图:做⼀个nginx镜像进⾏试验⼀下[root@localhost ~]# tree nginx/nginx/├── Dockerfile└── files └── 1 directory, 2 files[root@localhost ~]# cat /nginx/Dockerfile
FROM /library/centosENV PATH /usr/local/nginx/sbin:$PATHADD files/ /usr/src/RUN useradd -r -M -s /sbin/nologin nginx && yum -y install pcre-devel openssl openssl-devel gd-devel gcc gcc-c++ make && mkdir -p /var/log/nginx && cd /usr/src/nginx-1.20.1 && ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-debug --with-http_ssl_module --with-http_realip_module --with-http_image_filter_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_stub_status_module --http-log-path=/var/log/nginx/ --error-log-path=/var/log/nginx/ && make && make install[root@localhost ~]# podman run -d --rm --name web1 /library/nginxTrying to pull /library/Getting image source signaturesCopying blob 77700c52c969 done
Copying blob ed835de16acd done Copying blob ed835de16acd done
Copying blob 881ff011f1c9 done
Copying blob e5ae68f74026 done
Copying blob 44be98c0fab6 done
Copying blob 21e0df283cd6 done
Copying config f652ca386e done
Writing manifest to image destinationStoring signatures0e4b728a1a83ab744ec0d4017747a6ac785113177a96e4585eaf6b387d3bbec9在/nginx/Dockerfile ⽂件末尾加上这⼀句(开启命令),然后再做⼀个镜像CMD ["nginx","-g","daemon off"][root@localhost ~]# podman build -t nginx:latest nginxSTEP 1/5: FROM /library/centosTrying to pull /library/Getting image source signaturesCopying blob a1d0c7532777 done
Copying config 5d0da3dc97 done
Writing manifest to image destinationStoring signaturesSTEP 2/5: ENV PATH /usr/local/nginx/sbin:$PATH--> 723160973c2STEP 3/5: ADD files/ /usr/src/--> 1fa42b42440STEP 4/5: RUN useradd -r -M -s /sbin/nologin nginx && yum -y install pcre-devel openssl openssl-devel gd-devel gcc gcc-c++ make && mkdir -p /var/log/nginx && cd /usr/src/nginx-1.20.1 && ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-debug --with-http_ssl_module --with-http_realip_module --with-http_image_filter_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_stub_status_module --http-log-path=/var/log/nginx/ --error-log-path=/var/log/nginx/ && make && make install-----分界线----make[1]: Leaving directory '/usr/src/nginx-1.20.1'--> ef9d1d21f5bSTEP 5/5: CMD ["nginx","-g","daemon off"]COMMIT nginx:latest--> 499e5864a51Successfully tagged /library/nginx:latest499e5864a5123928174a64aed9b456467ecebdf441501bd1f1cc8191b0905e03[root@localhost ~]# docker imagesEmulate Docker CLI using podman. Create /etc/containers/nodocker to quiet TORY TAG IMAGE ID CREATED /library/nginx latest 499e5864a512 About a minute ago 565 /library/busybox latest ffe9d497c324 5 days ago 1.46 MB
Login Succeeded!上传镜像到docker⾥⾯[root@localhost ~]# podman push /1163582076/nginx:latestGetting image source signaturesCopying blob d582673dad29 done Copying blob d582673dad29 done
Copying blob 9bf41fbf1257 done
Copying blob 74ddd0ec08fa skipped: already exists
Copying config 499e5864a5 done
Writing manifest to image destinationStoring signatures
发布者:admin,转转请注明出处:http://www.yc00.com/web/1688592188a153121.html
评论列表(0条)