Howto podman: Difference between revisions

From Vidalinux Wiki
Jump to navigation Jump to search
 
(24 intermediate revisions by the same user not shown)
Line 1: Line 1:
= install podman archlinux =
= install podman archlinux =
install podman packages:
install podman packages:
  pacman -Syu podman podman-compose  
  pacman -Syu podman podman-compose aardvark-dns
 
= install podman centos/almalinux/rocky =
= install podman centos/almalinux/rocky =
install podman packages:
install podman packages:
Line 9: Line 10:
  chmod +x /usr/local/bin/podman-compose
  chmod +x /usr/local/bin/podman-compose


= install podman debian/ubuntu =
= install podman debian =
install podman packages:
install podman packages:
  apt-get -y install podman
  apt-get -y install podman
install podman-compose:
curl -o /usr/local/bin/podman-compose https://raw.githubusercontent.com/containers/podman-compose/devel/podman_compose.py
chmod +x /usr/local/bin/podman-compose
= install podman ubuntu =
create the following directory:
sudo mkdir -p /etc/apt/keyrings
add kubic repo gpg key:
curl -fsSL https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable/xUbuntu_$(lsb_release -rs)/Release.key \
  | gpg --dearmor \
  | sudo tee /etc/apt/keyrings/devel_kubic_libcontainers_stable.gpg > /dev/null
add kubic repo:
echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/devel_kubic_libcontainers_stable.gpg]\
    https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable/xUbuntu_$(lsb_release -rs)/ /" \
  | sudo tee /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list > /dev/null
install podman packages:
sudo apt-get update
sudo apt-get -y install podman
install podman-compose:
install podman-compose:
  curl -o /usr/local/bin/podman-compose https://raw.githubusercontent.com/containers/podman-compose/devel/podman_compose.py
  curl -o /usr/local/bin/podman-compose https://raw.githubusercontent.com/containers/podman-compose/devel/podman_compose.py
Line 207: Line 226:
create your image with podman:
create your image with podman:
  podman build -t vidalinux/samba .
  podman build -t vidalinux/samba .
run your container:
podman-compose up -d
you can run the container manually without podman-compose:
podman run \
-d --name "samba_server" \
-v /share:/share \
-e "SMB_USER=mytestuser" \
-e "SMB_PASS=mypassword" \
-e "SMB_GROUP=samba" \
-e "TZ=America/Puerto_Rico" \
-p 138:138/udp \
-p 445:445/udp \
-p 139:139 \
-p 445:445 \
vidalinux/samba
to test the container we mount the samba share:
mkdir /mnt/samba
mount -t cifs //localhost/share /mnt/samba -o username=mytestuser,password=mypassword


= local private registry =
= local private registry =
create registry directory and the following files:
create registry directory:
  mkdir ~/podman-registry
  mkdir ~/podman-registry
  cd ~/podman-registry
  cd ~/podman-registry
Line 263: Line 264:
  podman tag localhost/vidalinux/samba:latest localhost:5000/vidalinux/samba:latest
  podman tag localhost/vidalinux/samba:latest localhost:5000/vidalinux/samba:latest
  podman push localhost:5000/vidalinux/samba:latest --tls-verify=false
  podman push localhost:5000/vidalinux/samba:latest --tls-verify=false
as root user edit /etc/containers/registries.conf:
[registries.insecure]
registries = ['localhost']
change directory to samba container and modify podman-compose:
cd ~/podman-samba
edit samba container podman-compose.yaml file and change the image name:
image: localhost:5000/vidalinux/samba:latest
run your samba container:
cd ~/podman-samba
sudo podman login --tls-verify=false http://localhost:5000 -u testuser -p testpassword
sudo podman-compose up -d
to stop the container using podman compose:
cd ~/podman-samba
sudo podman-compose down
you can run the container manually without podman-compose:
podman run \
-d --name "samba_server" \
-v /share:/share \
-e "SMB_USER=mytestuser" \
-e "SMB_PASS=mypassword" \
-e "SMB_GROUP=samba" \
-e "TZ=America/Puerto_Rico" \
-p 138:138/udp \
-p 445:445/udp \
-p 139:139 \
-p 445:445 \
localhost:5000/vidalinux/samba:latest
to test the container we mount the samba share:
mkdir /mnt/samba
mount -t cifs //localhost/share /mnt/samba -o username=mytestuser,password=mypassword
pull image from local registry:
pull image from local registry:
  podman pull localhost:5000/vidalinux/samba:latest --tls-verify=false
  podman pull localhost:5000/vidalinux/samba:latest --tls-verify=false
Line 270: Line 301:
= run container as service =
= run container as service =
generate systemd service file of your samba_server:
generate systemd service file of your samba_server:
  podman generate systemd --new --name samba_server > /etc/systemd/system/samba_server.service
  sudo podman generate systemd --new --name samba_server > /etc/systemd/system/samba_server.service
generate systemd service file of your registry:
generate systemd service file of your registry:
  podman generate systemd --new --name registry > /etc/systemd/system/registry.service
  podman generate systemd --new --name registry > ~/.config/systemd/user/registry.service
if you start your samba_server with podman-compose you need to stop it:
if you start your samba_server with podman-compose you need to stop it:
  cd ~/podman-samba
  cd ~/podman-samba
  podman-compose down
  sudo podman-compose down
if you start your registry with podman-compose you need to stop it:  
if you start your registry with podman-compose you need to stop it:  
  cd ~/podman-registry
  cd ~/podman-registry
  podman-compose down
  podman-compose down
start and enable your samba_server container using systemd:
start and enable your samba_server container using systemd:
  systemctl enable samba_server
  sudo systemctl enable samba_server
  systemctl start samba_server
  sudo systemctl start samba_server
start and enable your registry container using systemd:
start and enable your registry container using systemd:
  systemctl enable registry
  systemctl --user enable registry
  systemctl start registry
  systemctl --user start registry
 
= run pods with podman =
= run pods with podman =
create pod with podman:
create pod with podman:

Latest revision as of 23:45, 22 August 2023

install podman archlinux

install podman packages:

pacman -Syu podman podman-compose aardvark-dns

install podman centos/almalinux/rocky

install podman packages:

yum -y install podman

install podman-compose:

curl -o /usr/local/bin/podman-compose https://raw.githubusercontent.com/containers/podman-compose/devel/podman_compose.py
chmod +x /usr/local/bin/podman-compose

install podman debian

install podman packages:

apt-get -y install podman

install podman-compose:

curl -o /usr/local/bin/podman-compose https://raw.githubusercontent.com/containers/podman-compose/devel/podman_compose.py
chmod +x /usr/local/bin/podman-compose

install podman ubuntu

create the following directory:

sudo mkdir -p /etc/apt/keyrings

add kubic repo gpg key:

curl -fsSL https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable/xUbuntu_$(lsb_release -rs)/Release.key \
 | gpg --dearmor \
 | sudo tee /etc/apt/keyrings/devel_kubic_libcontainers_stable.gpg > /dev/null

add kubic repo:

echo \
 "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/devel_kubic_libcontainers_stable.gpg]\
   https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable/xUbuntu_$(lsb_release -rs)/ /" \
 | sudo tee /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list > /dev/null

install podman packages:

sudo apt-get update
sudo apt-get -y install podman

install podman-compose:

curl -o /usr/local/bin/podman-compose https://raw.githubusercontent.com/containers/podman-compose/devel/podman_compose.py
chmod +x /usr/local/bin/podman-compose

configure podman registries

add the following registries to /etc/containers/registries.conf

cat >> /etc/containers/registries.conf << "EOF"
[registries.search]
registries = ['docker.io', 'registry.fedoraproject.org', 'quay.io', 'registry.access.redhat.com', 'registry.centos.org']
EOF

commands

list containers that are running or have exited:

podman ps -a

pull a remote container image from docker.io:

podman pull docker.io/library/almalinux:9

list all local images:

podman images

remove a local container image by its image:

podman rmi docker.io/library/almalinux:9

search local cache and remote registries for images:

podman search almalinux

create (but don’t start) a container from an image:

podman create docker.io/library/almalinux:9

start an existing container from an image:

podman start container

create a new image based on the current state of a running container:

podman commit container mynewimage:tag

restart an existing container:

podman restart container

stop a running container gracefully

podman stop container

send a signal to a running container

podman kill container

Remove a container (use -f if the container is running)

podman rm -f container

display a live stream of a container resource usage:

podman stats container 

return metadata about a running container:

podman inspect container

execute a command in a running container:

podman exec container command

display the running processes of a container:

podman top container

display the logs of a container:

podman logs -tail container

pause all the processes in a container

podman pause container

unpause all the processes in a container

podman unpause container

list the port mappings from a container to localhost

podman port container

attach to a running container:

podman attach container

enter container environment:

podman exec -it container /bin/sh

create container image from file:

podman build -f Containerfile

create container image

create podman-samba directory and the following files:

mkdir ~/podman-samba
cd ~/podman-samba

runconfig.sh:

cat > runconfig.sh << 'EOF'
#!/bin/bash

VRFY_USER=$(grep -c "$SMB_USER" /etc/passwd)
VRFY_GROUP=$(grep -c "$SMB_GROUP" /etc/group)

# add username for samba

if [ $VRFY_USER -ne 0 ];
then
echo "user $SMB_USER already exist"
else
echo "adding user $SMB_USER"
useradd $SMB_USER -s /bin/nologin
echo -ne "$SMB_PASS\n$SMB_PASS\n" | smbpasswd -a -s $SMB_USER
fi

# add group

if [ $VRFY_GROUP -ne 0 ];
then
echo "user $SMB_USER already exist"
else
groupadd $SMB_GROUP
gpasswd -a $SMB_USER $SMB_GROUP
fi

# set directory permissions

chown root.$SMB_GROUP -R /share
chmod 2770 /share

unset SMB_USER
unset SMB_PASS
unset SMB_GROUP

# start samba
smbd --foreground --debug-stdout
EOF

smb.conf:

cat > smb.conf << EOF
#### Global Settings ####

[global]
 smb passwd file = /etc/samba/smbpasswd
 printing = cups
 encrypt passwords = yes
 wins support = true
 max log size = 0
 unix password sync = Yes
 workgroup = Samba Server
 server string = Samba Server
 log file = /var/log/samba/%m.log
 netbios name = Samba
 load printers = yes

[printers]
   comment = All Printers
   path = /var/spool/samba
   browseable = no
   guest ok = no
   writable = no
   printable = yes 

[share]
   path = /share
   create mode = 770
   writeable = yes
   directory mode = 770
   user = @samba
   comment = samba
   valid users = @samba
   write list = @samba
   force group = samba 
EOF

Containerfile:

cat > Containerfile << EOF
FROM almalinux:8
MAINTAINER http://www.vidalinux.com
LABEL Vendor="Vidalinux"
LABEL License=GPLv2
LABEL Version=1.0

RUN yum -y update && yum clean all && yum -y install samba samba-common samba-client -y && \
rm -fr /var/cache/*

# Move the Samba Conf file 

ADD smb.conf /tmp/
RUN mv /etc/samba/smb.conf /etc/samba/smb.conf.orig && \
mv /tmp/smb.conf /etc/samba/
RUN mkdir /share

ADD runconfig.sh /
RUN chmod +x /runconfig.sh  

EXPOSE 138/udp
EXPOSE 445/udp
EXPOSE 139 
EXPOSE 445 

env SMB_USER samba
env SMB_PASS samba
env SMB_GROUP samba

CMD ["/runconfig.sh"]
EOF

podman-compose.yml:

cat > podman-compose.yml << EOF
version: '3'

services:
  samba:
    restart: always
    image: vidalinux/samba:latest
    container_name: samba_server
    ports:
    - "139:139/udp"
    - "445:445/udp"
    - "139:139"
    - "445:445"
    environment:
      SMB_USER: mytestuser
      SMB_PASS: mypassword
      SMB_GROUP: samba
      TZ: America/Puerto_Rico
    volumes:
      - /share:/share
EOF

create your image with podman:

podman build -t vidalinux/samba .

local private registry

create registry directory:

mkdir ~/podman-registry
cd ~/podman-registry

compose file to create registry:

cat > podman-compose.yml << EOF
version: '3'

services:
  registry:
    restart: always
    image: registry:2
    container_name: registry
    ports:
    - "5000:5000"
    environment:
      REGISTRY_AUTH: htpasswd
      REGISTRY_AUTH_HTPASSWD_REALM: Registry
      REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
      REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: /data
      TZ: America/Puerto_Rico
    volumes:
      - ~/podman-registry/auth:/auth
      - ~/podman-registry/data:/data
EOF

create password file:

mkdir ~/podman-registry/auth 
podman run --rm --entrypoint htpasswd httpd:2 -Bbn testuser testpassword > ~/podman-registry/auth/htpasswd

add another user to registry:

podman run --rm --entrypoint htpasswd httpd:2 -Bbn testuser2 testpassword2 >> ~/podman-registry/auth/htpasswd

run the registry by executing:

podman-compose up -d

log in to a private registry:

podman login --tls-verify=false http://localhost:5000 -u testuser -p testpassword

push image to local registry:

podman tag localhost/vidalinux/samba:latest localhost:5000/vidalinux/samba:latest
podman push localhost:5000/vidalinux/samba:latest --tls-verify=false

as root user edit /etc/containers/registries.conf:

[registries.insecure]
registries = ['localhost']

change directory to samba container and modify podman-compose:

cd ~/podman-samba

edit samba container podman-compose.yaml file and change the image name:

image: localhost:5000/vidalinux/samba:latest

run your samba container:

cd ~/podman-samba
sudo podman login --tls-verify=false http://localhost:5000 -u testuser -p testpassword
sudo podman-compose up -d

to stop the container using podman compose:

cd ~/podman-samba
sudo podman-compose down

you can run the container manually without podman-compose:

podman run \
-d --name "samba_server" \
-v /share:/share \
-e "SMB_USER=mytestuser" \
-e "SMB_PASS=mypassword" \
-e "SMB_GROUP=samba" \
-e "TZ=America/Puerto_Rico" \
-p 138:138/udp \
-p 445:445/udp \
-p 139:139 \
-p 445:445 \ 
localhost:5000/vidalinux/samba:latest

to test the container we mount the samba share:

mkdir /mnt/samba
mount -t cifs //localhost/share /mnt/samba -o username=mytestuser,password=mypassword

pull image from local registry:

podman pull localhost:5000/vidalinux/samba:latest --tls-verify=false

logout from local registry:

podman logout http://localhost:5000

run container as service

generate systemd service file of your samba_server:

sudo podman generate systemd --new --name samba_server > /etc/systemd/system/samba_server.service

generate systemd service file of your registry:

podman generate systemd --new --name registry > ~/.config/systemd/user/registry.service

if you start your samba_server with podman-compose you need to stop it:

cd ~/podman-samba
sudo podman-compose down

if you start your registry with podman-compose you need to stop it:

cd ~/podman-registry
podman-compose down

start and enable your samba_server container using systemd:

sudo systemctl enable samba_server
sudo systemctl start samba_server

start and enable your registry container using systemd:

systemctl --user enable registry
systemctl --user start registry

run pods with podman

create pod with podman:

podman pod create --name wordpress_cms -p 8080:80

create the pod for mariadb:

podman run -d --pod wordpress_cms \
-e MYSQL_DATABASE=wordpressdb \
-e MYSQL_ROOT_PASSWORD=root \
-e MYSQL_USER=wordpress \
-e MYSQL_PASSWORD=wordpress \
mariadb:10.7.7

add wordpress container to this pod:

podman run -d --pod wordpress_cms \
-e WORDPRESS_DB_USER=wordpress \
-e WORDPRESS_DB_PASSWORD=wordpress \
-e WORDPRESS_DB_NAME=wordpressdb \
-e WORDPRESS_DB_HOST=127.0.0.1 \
wordpress:6.1.1-php8.1-apache

open your browser to access wordpress:

http://localhost:8080

list pods:

podman pod list

export podman pod to yaml:

podman generate kube wordpress_cms > wordpress_cms.yaml

remove pod:

podman pod rm wordpress_cms

create pod with yaml file:

podman play kube wordpress_cms.yaml

podman for windows

if you run windows on kvm virtual machine make sure you change the following settings:

 <features>
   <acpi/>
   <apic/>
   <hyperv mode="custom">
     <relaxed state="on"/>
     <vapic state="off"/>
     <spinlocks state="on" retries="8191"/>
     <synic state="off"/>
     <stimer state="off"/>
     <vendor_id state="on" value="123456789ab"/>
   </hyperv>
 </features>
 <cpu mode="custom" match="exact" check="partial">
   <model fallback="allow">Skylake-Client-noTSX-IBRS</model>
   <topology sockets="1" dies="1" cores="4" threads="2"/>
   <feature policy="disable" name="hypervisor"/>
   <feature policy="require" name="vmx"/>
 </cpu>
 <clock offset="localtime">
   <timer name="rtc" tickpolicy="catchup"/>
   <timer name="pit" tickpolicy="discard"/>
   <timer name="hpet" present="no"/>
   <timer name="hypervclock" present="no"/>
   <timer name="tsc" present="no" mode="native"/>
 </clock>

install wsl on windows:

initiate podman on windows:

podman machine init

to start your machine run:

podman machine start

podman for macosx

you can log into macosx via ssh do the following:

on your mac, choose apple menu  > system Settings, click general in the sidebar, then click sharing on the right. 
turn on remote login, then click the info button on the right.
if needed, select the "allow full disk access for remote users" checkbox.
specify which users can log in.

access your mac via ssh:

ssh user@10.44.1.44

on mac shell use sudo to become root:

sudo su -

install podman on macosx: open terminal and type the following command:

xcode-select --install

install homebrew:

/bin/bash -c “$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)”

when finished update homebrew to latest:

brew update

if necessary perform the upgrade:

brew upgrade

then install podman:

brew install podman

prepare the podman virtual machine by typing:

podman machine init

then start podman:

podman machine start

references

[scoop]

[install podman macosx]

[install podman on windows]