Howto podman: Difference between revisions
Mandulete1 (talk | contribs) |
Mandulete1 (talk | contribs) |
||
(46 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
= install podman archlinux = | = install podman archlinux = | ||
install podman packages: | install podman packages: | ||
pacman -Syu podman podman-compose | pacman -Syu podman podman-compose aardvark-dns | ||
= install podman centos/almalinux/rocky = | = install podman centos/almalinux/rocky = | ||
install podman packages: | install podman packages: | ||
Line 9: | Line 10: | ||
chmod +x /usr/local/bin/podman-compose | chmod +x /usr/local/bin/podman-compose | ||
= install podman debian | = install podman debian = | ||
install podman packages: | install podman packages: | ||
apt-get -y install podman | apt-get -y install podman | ||
install podman-compose: | |||
curl -o /usr/local/bin/podman-compose https://raw.githubusercontent.com/containers/podman-compose/devel/podman_compose.py | |||
chmod +x /usr/local/bin/podman-compose | |||
= install podman ubuntu = | |||
create the following directory: | |||
sudo mkdir -p /etc/apt/keyrings | |||
add kubic repo gpg key: | |||
curl -fsSL https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable/xUbuntu_$(lsb_release -rs)/Release.key \ | |||
| gpg --dearmor \ | |||
| sudo tee /etc/apt/keyrings/devel_kubic_libcontainers_stable.gpg > /dev/null | |||
add kubic repo: | |||
echo \ | |||
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/devel_kubic_libcontainers_stable.gpg]\ | |||
https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable/xUbuntu_$(lsb_release -rs)/ /" \ | |||
| sudo tee /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list > /dev/null | |||
install podman packages: | |||
sudo apt-get update | |||
sudo apt-get -y install podman | |||
install podman-compose: | install podman-compose: | ||
curl -o /usr/local/bin/podman-compose https://raw.githubusercontent.com/containers/podman-compose/devel/podman_compose.py | curl -o /usr/local/bin/podman-compose https://raw.githubusercontent.com/containers/podman-compose/devel/podman_compose.py | ||
Line 30: | Line 49: | ||
list all local images: | list all local images: | ||
podman images | podman images | ||
remove a local container image by its image: | remove a local container image by its image: | ||
podman rmi docker.io/library/almalinux:9 | podman rmi docker.io/library/almalinux:9 | ||
search local cache and remote registries for images: | search local cache and remote registries for images: | ||
podman search almalinux | podman search almalinux | ||
create (but don’t start) a container from an image: | create (but don’t start) a container from an image: | ||
podman create docker.io/library/almalinux:9 | podman create docker.io/library/almalinux:9 | ||
start an existing container from an image: | start an existing container from an image: | ||
podman start container | podman start container | ||
create a new image based on the current state of a running container: | |||
podman commit container mynewimage:tag | |||
restart an existing container: | restart an existing container: | ||
podman restart container | podman restart container | ||
Line 71: | Line 88: | ||
podman exec -it container /bin/sh | podman exec -it container /bin/sh | ||
create container image from file: | create container image from file: | ||
podman build -f | podman build -f Containerfile | ||
= create container image = | = create container image = | ||
Line 185: | Line 202: | ||
CMD ["/runconfig.sh"] | CMD ["/runconfig.sh"] | ||
EOF | EOF | ||
podman-compose.yml: | |||
cat > podman-compose.yml << EOF | cat > podman-compose.yml << EOF | ||
version: '3' | version: '3' | ||
Line 209: | Line 226: | ||
create your image with podman: | create your image with podman: | ||
podman build -t vidalinux/samba . | podman build -t vidalinux/samba . | ||
= local private registry = | = local private registry = | ||
create registry directory | create registry directory: | ||
mkdir ~/podman-registry | mkdir ~/podman-registry | ||
cd ~/podman-registry | cd ~/podman-registry | ||
Line 249: | Line 264: | ||
podman tag localhost/vidalinux/samba:latest localhost:5000/vidalinux/samba:latest | podman tag localhost/vidalinux/samba:latest localhost:5000/vidalinux/samba:latest | ||
podman push localhost:5000/vidalinux/samba:latest --tls-verify=false | podman push localhost:5000/vidalinux/samba:latest --tls-verify=false | ||
as root user edit /etc/containers/registries.conf: | |||
[registries.insecure] | |||
registries = ['localhost'] | |||
change directory to samba container and modify podman-compose: | |||
cd ~/podman-samba | |||
edit samba container podman-compose.yaml file and change the image name: | |||
image: localhost:5000/vidalinux/samba:latest | |||
run your samba container: | |||
cd ~/podman-samba | |||
sudo podman login --tls-verify=false http://localhost:5000 -u testuser -p testpassword | |||
sudo podman-compose up -d | |||
to stop the container using podman compose: | |||
cd ~/podman-samba | |||
sudo podman-compose down | |||
you can run the container manually without podman-compose: | |||
podman run \ | |||
-d --name "samba_server" \ | |||
-v /share:/share \ | |||
-e "SMB_USER=mytestuser" \ | |||
-e "SMB_PASS=mypassword" \ | |||
-e "SMB_GROUP=samba" \ | |||
-e "TZ=America/Puerto_Rico" \ | |||
-p 138:138/udp \ | |||
-p 445:445/udp \ | |||
-p 139:139 \ | |||
-p 445:445 \ | |||
localhost:5000/vidalinux/samba:latest | |||
to test the container we mount the samba share: | |||
mkdir /mnt/samba | |||
mount -t cifs //localhost/share /mnt/samba -o username=mytestuser,password=mypassword | |||
pull image from local registry: | pull image from local registry: | ||
podman pull localhost:5000/vidalinux/samba:latest --tls-verify=false | podman pull localhost:5000/vidalinux/samba:latest --tls-verify=false | ||
Line 256: | Line 301: | ||
= run container as service = | = run container as service = | ||
generate systemd service file of your samba_server: | generate systemd service file of your samba_server: | ||
podman generate systemd --new --name samba_server > /etc/systemd/system/samba_server.service | sudo podman generate systemd --new --name samba_server > /etc/systemd/system/samba_server.service | ||
generate systemd service file of your registry: | generate systemd service file of your registry: | ||
podman generate systemd --new --name registry > / | podman generate systemd --new --name registry > ~/.config/systemd/user/registry.service | ||
if you start your samba_server with podman-compose you need to stop it: | if you start your samba_server with podman-compose you need to stop it: | ||
cd ~/podman-samba | cd ~/podman-samba | ||
podman-compose down | sudo podman-compose down | ||
if you start your registry with podman-compose you need to stop it: | if you start your registry with podman-compose you need to stop it: | ||
cd ~/podman-registry | cd ~/podman-registry | ||
podman-compose down | podman-compose down | ||
start and enable your samba_server container using systemd: | start and enable your samba_server container using systemd: | ||
systemctl enable samba_server | sudo systemctl enable samba_server | ||
systemctl start samba_server | sudo systemctl start samba_server | ||
start and enable your registry container using systemd: | start and enable your registry container using systemd: | ||
systemctl enable registry | systemctl --user enable registry | ||
systemctl start registry | systemctl --user start registry | ||
= run pods with podman = | = run pods with podman = | ||
create pod with podman: | create pod with podman: | ||
Line 288: | Line 334: | ||
-e WORDPRESS_DB_HOST=127.0.0.1 \ | -e WORDPRESS_DB_HOST=127.0.0.1 \ | ||
wordpress:6.1.1-php8.1-apache | wordpress:6.1.1-php8.1-apache | ||
open your browser to access wordpress: | |||
http://localhost:8080 | |||
list pods: | list pods: | ||
podman pod list | podman pod list | ||
Line 296: | Line 344: | ||
create pod with yaml file: | create pod with yaml file: | ||
podman play kube wordpress_cms.yaml | podman play kube wordpress_cms.yaml | ||
= podman for windows = | = podman for windows = | ||
if you run windows on kvm virtual machine make sure you change | if you run windows on kvm virtual machine make sure you change the following settings: | ||
<features> | <features> | ||
<acpi/> | <acpi/> | ||
Line 327: | Line 373: | ||
</clock> | </clock> | ||
install wsl on windows: | install wsl on windows: | ||
* https:// | * https://wiki.vidalinux.org/index.php/Howto_wsl_windows | ||
initiate podman on windows: | initiate podman on windows: | ||
podman machine init | podman machine init | ||
Line 336: | Line 380: | ||
= podman for macosx = | = podman for macosx = | ||
you can log into macosx via ssh do the following: | |||
on your mac, choose apple menu > system Settings, click general in the sidebar, then click sharing on the right. | |||
turn on remote login, then click the info button on the right. | |||
if needed, select the "allow full disk access for remote users" checkbox. | |||
specify which users can log in. | |||
access your mac via ssh: | |||
ssh user@10.44.1.44 | |||
on mac shell use sudo to become root: | |||
sudo su - | |||
install podman on macosx: | install podman on macosx: | ||
open terminal and type the following command: | |||
xcode-select --install | |||
install homebrew: | |||
/bin/bash -c “$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)” | |||
when finished update homebrew to latest: | |||
brew update | |||
if necessary perform the upgrade: | |||
brew upgrade | |||
then install podman: | |||
brew install podman | |||
prepare the podman virtual machine by typing: | |||
podman machine init | |||
then start podman: | |||
podman machine start | |||
= references = | = references = | ||
[scoop] | [scoop] | ||
* https://scoop.sh/#/ | * https://scoop.sh/#/ | ||
[install podman macosx] | |||
* https://phoenixnap.com/kb/podman-macos | |||
[install podman on windows] | |||
* https://github.com/containers/podman/blob/main/docs/tutorials/podman-for-windows.md |
Latest revision as of 23:45, 22 August 2023
install podman archlinux
install podman packages:
pacman -Syu podman podman-compose aardvark-dns
install podman centos/almalinux/rocky
install podman packages:
yum -y install podman
install podman-compose:
curl -o /usr/local/bin/podman-compose https://raw.githubusercontent.com/containers/podman-compose/devel/podman_compose.py chmod +x /usr/local/bin/podman-compose
install podman debian
install podman packages:
apt-get -y install podman
install podman-compose:
curl -o /usr/local/bin/podman-compose https://raw.githubusercontent.com/containers/podman-compose/devel/podman_compose.py chmod +x /usr/local/bin/podman-compose
install podman ubuntu
create the following directory:
sudo mkdir -p /etc/apt/keyrings
add kubic repo gpg key:
curl -fsSL https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable/xUbuntu_$(lsb_release -rs)/Release.key \ | gpg --dearmor \ | sudo tee /etc/apt/keyrings/devel_kubic_libcontainers_stable.gpg > /dev/null
add kubic repo:
echo \ "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/devel_kubic_libcontainers_stable.gpg]\ https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable/xUbuntu_$(lsb_release -rs)/ /" \ | sudo tee /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list > /dev/null
install podman packages:
sudo apt-get update sudo apt-get -y install podman
install podman-compose:
curl -o /usr/local/bin/podman-compose https://raw.githubusercontent.com/containers/podman-compose/devel/podman_compose.py chmod +x /usr/local/bin/podman-compose
configure podman registries
add the following registries to /etc/containers/registries.conf
cat >> /etc/containers/registries.conf << "EOF" [registries.search] registries = ['docker.io', 'registry.fedoraproject.org', 'quay.io', 'registry.access.redhat.com', 'registry.centos.org'] EOF
commands
list containers that are running or have exited:
podman ps -a
pull a remote container image from docker.io:
podman pull docker.io/library/almalinux:9
list all local images:
podman images
remove a local container image by its image:
podman rmi docker.io/library/almalinux:9
search local cache and remote registries for images:
podman search almalinux
create (but don’t start) a container from an image:
podman create docker.io/library/almalinux:9
start an existing container from an image:
podman start container
create a new image based on the current state of a running container:
podman commit container mynewimage:tag
restart an existing container:
podman restart container
stop a running container gracefully
podman stop container
send a signal to a running container
podman kill container
Remove a container (use -f if the container is running)
podman rm -f container
display a live stream of a container resource usage:
podman stats container
return metadata about a running container:
podman inspect container
execute a command in a running container:
podman exec container command
display the running processes of a container:
podman top container
display the logs of a container:
podman logs -tail container
pause all the processes in a container
podman pause container
unpause all the processes in a container
podman unpause container
list the port mappings from a container to localhost
podman port container
attach to a running container:
podman attach container
enter container environment:
podman exec -it container /bin/sh
create container image from file:
podman build -f Containerfile
create container image
create podman-samba directory and the following files:
mkdir ~/podman-samba cd ~/podman-samba
runconfig.sh:
cat > runconfig.sh << 'EOF' #!/bin/bash VRFY_USER=$(grep -c "$SMB_USER" /etc/passwd) VRFY_GROUP=$(grep -c "$SMB_GROUP" /etc/group) # add username for samba if [ $VRFY_USER -ne 0 ]; then echo "user $SMB_USER already exist" else echo "adding user $SMB_USER" useradd $SMB_USER -s /bin/nologin echo -ne "$SMB_PASS\n$SMB_PASS\n" | smbpasswd -a -s $SMB_USER fi # add group if [ $VRFY_GROUP -ne 0 ]; then echo "user $SMB_USER already exist" else groupadd $SMB_GROUP gpasswd -a $SMB_USER $SMB_GROUP fi # set directory permissions chown root.$SMB_GROUP -R /share chmod 2770 /share unset SMB_USER unset SMB_PASS unset SMB_GROUP # start samba smbd --foreground --debug-stdout EOF
smb.conf:
cat > smb.conf << EOF #### Global Settings #### [global] smb passwd file = /etc/samba/smbpasswd printing = cups encrypt passwords = yes wins support = true max log size = 0 unix password sync = Yes workgroup = Samba Server server string = Samba Server log file = /var/log/samba/%m.log netbios name = Samba load printers = yes [printers] comment = All Printers path = /var/spool/samba browseable = no guest ok = no writable = no printable = yes [share] path = /share create mode = 770 writeable = yes directory mode = 770 user = @samba comment = samba valid users = @samba write list = @samba force group = samba EOF
Containerfile:
cat > Containerfile << EOF FROM almalinux:8 MAINTAINER http://www.vidalinux.com LABEL Vendor="Vidalinux" LABEL License=GPLv2 LABEL Version=1.0 RUN yum -y update && yum clean all && yum -y install samba samba-common samba-client -y && \ rm -fr /var/cache/* # Move the Samba Conf file ADD smb.conf /tmp/ RUN mv /etc/samba/smb.conf /etc/samba/smb.conf.orig && \ mv /tmp/smb.conf /etc/samba/ RUN mkdir /share ADD runconfig.sh / RUN chmod +x /runconfig.sh EXPOSE 138/udp EXPOSE 445/udp EXPOSE 139 EXPOSE 445 env SMB_USER samba env SMB_PASS samba env SMB_GROUP samba CMD ["/runconfig.sh"] EOF
podman-compose.yml:
cat > podman-compose.yml << EOF version: '3' services: samba: restart: always image: vidalinux/samba:latest container_name: samba_server ports: - "139:139/udp" - "445:445/udp" - "139:139" - "445:445" environment: SMB_USER: mytestuser SMB_PASS: mypassword SMB_GROUP: samba TZ: America/Puerto_Rico volumes: - /share:/share EOF
create your image with podman:
podman build -t vidalinux/samba .
local private registry
create registry directory:
mkdir ~/podman-registry cd ~/podman-registry
compose file to create registry:
cat > podman-compose.yml << EOF version: '3' services: registry: restart: always image: registry:2 container_name: registry ports: - "5000:5000" environment: REGISTRY_AUTH: htpasswd REGISTRY_AUTH_HTPASSWD_REALM: Registry REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: /data TZ: America/Puerto_Rico volumes: - ~/podman-registry/auth:/auth - ~/podman-registry/data:/data EOF
create password file:
mkdir ~/podman-registry/auth podman run --rm --entrypoint htpasswd httpd:2 -Bbn testuser testpassword > ~/podman-registry/auth/htpasswd
add another user to registry:
podman run --rm --entrypoint htpasswd httpd:2 -Bbn testuser2 testpassword2 >> ~/podman-registry/auth/htpasswd
run the registry by executing:
podman-compose up -d
log in to a private registry:
podman login --tls-verify=false http://localhost:5000 -u testuser -p testpassword
push image to local registry:
podman tag localhost/vidalinux/samba:latest localhost:5000/vidalinux/samba:latest podman push localhost:5000/vidalinux/samba:latest --tls-verify=false
as root user edit /etc/containers/registries.conf:
[registries.insecure] registries = ['localhost']
change directory to samba container and modify podman-compose:
cd ~/podman-samba
edit samba container podman-compose.yaml file and change the image name:
image: localhost:5000/vidalinux/samba:latest
run your samba container:
cd ~/podman-samba sudo podman login --tls-verify=false http://localhost:5000 -u testuser -p testpassword sudo podman-compose up -d
to stop the container using podman compose:
cd ~/podman-samba sudo podman-compose down
you can run the container manually without podman-compose:
podman run \ -d --name "samba_server" \ -v /share:/share \ -e "SMB_USER=mytestuser" \ -e "SMB_PASS=mypassword" \ -e "SMB_GROUP=samba" \ -e "TZ=America/Puerto_Rico" \ -p 138:138/udp \ -p 445:445/udp \ -p 139:139 \ -p 445:445 \ localhost:5000/vidalinux/samba:latest
to test the container we mount the samba share:
mkdir /mnt/samba mount -t cifs //localhost/share /mnt/samba -o username=mytestuser,password=mypassword
pull image from local registry:
podman pull localhost:5000/vidalinux/samba:latest --tls-verify=false
logout from local registry:
podman logout http://localhost:5000
run container as service
generate systemd service file of your samba_server:
sudo podman generate systemd --new --name samba_server > /etc/systemd/system/samba_server.service
generate systemd service file of your registry:
podman generate systemd --new --name registry > ~/.config/systemd/user/registry.service
if you start your samba_server with podman-compose you need to stop it:
cd ~/podman-samba sudo podman-compose down
if you start your registry with podman-compose you need to stop it:
cd ~/podman-registry podman-compose down
start and enable your samba_server container using systemd:
sudo systemctl enable samba_server sudo systemctl start samba_server
start and enable your registry container using systemd:
systemctl --user enable registry systemctl --user start registry
run pods with podman
create pod with podman:
podman pod create --name wordpress_cms -p 8080:80
create the pod for mariadb:
podman run -d --pod wordpress_cms \ -e MYSQL_DATABASE=wordpressdb \ -e MYSQL_ROOT_PASSWORD=root \ -e MYSQL_USER=wordpress \ -e MYSQL_PASSWORD=wordpress \ mariadb:10.7.7
add wordpress container to this pod:
podman run -d --pod wordpress_cms \ -e WORDPRESS_DB_USER=wordpress \ -e WORDPRESS_DB_PASSWORD=wordpress \ -e WORDPRESS_DB_NAME=wordpressdb \ -e WORDPRESS_DB_HOST=127.0.0.1 \ wordpress:6.1.1-php8.1-apache
open your browser to access wordpress:
http://localhost:8080
list pods:
podman pod list
export podman pod to yaml:
podman generate kube wordpress_cms > wordpress_cms.yaml
remove pod:
podman pod rm wordpress_cms
create pod with yaml file:
podman play kube wordpress_cms.yaml
podman for windows
if you run windows on kvm virtual machine make sure you change the following settings:
<features> <acpi/> <apic/> <hyperv mode="custom"> <relaxed state="on"/> <vapic state="off"/> <spinlocks state="on" retries="8191"/> <synic state="off"/> <stimer state="off"/> <vendor_id state="on" value="123456789ab"/> </hyperv> </features> <cpu mode="custom" match="exact" check="partial"> <model fallback="allow">Skylake-Client-noTSX-IBRS</model> <topology sockets="1" dies="1" cores="4" threads="2"/> <feature policy="disable" name="hypervisor"/> <feature policy="require" name="vmx"/> </cpu> <clock offset="localtime"> <timer name="rtc" tickpolicy="catchup"/> <timer name="pit" tickpolicy="discard"/> <timer name="hpet" present="no"/> <timer name="hypervclock" present="no"/> <timer name="tsc" present="no" mode="native"/> </clock>
install wsl on windows:
initiate podman on windows:
podman machine init
to start your machine run:
podman machine start
podman for macosx
you can log into macosx via ssh do the following:
on your mac, choose apple menu > system Settings, click general in the sidebar, then click sharing on the right. turn on remote login, then click the info button on the right. if needed, select the "allow full disk access for remote users" checkbox. specify which users can log in.
access your mac via ssh:
ssh user@10.44.1.44
on mac shell use sudo to become root:
sudo su -
install podman on macosx: open terminal and type the following command:
xcode-select --install
install homebrew:
/bin/bash -c “$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)”
when finished update homebrew to latest:
brew update
if necessary perform the upgrade:
brew upgrade
then install podman:
brew install podman
prepare the podman virtual machine by typing:
podman machine init
then start podman:
podman machine start
references
[scoop]
[install podman macosx]
[install podman on windows]