Howto podman

From Vidalinux Wiki
Jump to navigation Jump to search

install podman archlinux

install podman packages:

pacman -Syu podman podman-compose 

install podman centos/almalinux/rocky

install podman packages:

yum -y install podman

install podman-compose:

curl -o /usr/local/bin/podman-compose https://raw.githubusercontent.com/containers/podman-compose/devel/podman_compose.py
chmod +x /usr/local/bin/podman-compose

install podman debian/ubuntu

install podman packages:

apt-get -y install podman

install podman-compose:

curl -o /usr/local/bin/podman-compose https://raw.githubusercontent.com/containers/podman-compose/devel/podman_compose.py
chmod +x /usr/local/bin/podman-compose

commands

create container image from file:

podman build -f Dockerfile

list containers that are running or have exited:

podman ps -a

remove a local container image by its image:

podman rmi docker.io/library/almalinux:9

pull a remote container image from docker.io:

podman pull docker.io/library/almalinux:9

list all local images:

podman images

display information about how an image was built:

podman history docker.io/library/almalinux:9

log in to a remote registry:

podman login registryURL -u username -p password

pull an image from a remote registry:

podman pull docker.io/library/almalinux:9

search local cache and remote registries for images:

podman search searchstring

create a new image based on the current state of a running container:

podman commit container mynewimage:tag

create (but don’t start) a container from an image:

podman create docker.io/library/almalinux:9

start an existing container from an image:

podman start container

restart an existing container:

podman restart container

stop a running container gracefully

podman stop container

send a signal to a running container

podman kill container

Remove a container (use -f if the container is running)

podman rm [-f] container

display a live stream of a container’s resource usage:

podman stats container 

return metadata about a running container:

podman inspect container

execute a command in a running container:

podman exec container command

display the running processes of a container:

podman top container

display the logs of a container:

podman logs [-tail] container

pause all the processes in a container

podman pause container

unpause all the processes in a container

podman unpause container

list the port mappings from a container to localhost

podman port container

attach to a running container:

podman attach container

enter container environment:

podman exec -it container /bin/sh

create container image

create podman-samba directory and the following files:

mkdir ~/podman-samba
cd ~/podman-samba

runconfig.sh:

cat > runconfig.sh << 'EOF'
#!/bin/bash

VRFY_USER=$(grep -c "$SMB_USER" /etc/passwd)
VRFY_GROUP=$(grep -c "$SMB_GROUP" /etc/group)

# add username for samba

if [ $VRFY_USER -ne 0 ];
then
echo "user $SMB_USER already exist"
else
echo "adding user $SMB_USER"
useradd $SMB_USER -s /bin/nologin
echo -ne "$SMB_PASS\n$SMB_PASS\n" | smbpasswd -a -s $SMB_USER
fi

# add group

if [ $VRFY_GROUP -ne 0 ];
then
echo "user $SMB_USER already exist"
else
groupadd $SMB_GROUP
gpasswd -a $SMB_USER $SMB_GROUP
fi

# set directory permissions

chown root.$SMB_GROUP -R /share
chmod 2770 /share

unset SMB_USER
unset SMB_PASS
unset SMB_GROUP

# start samba
smbd --foreground --debug-stdout
EOF

smb.conf:

cat > smb.conf << EOF
#### Global Settings ####

[global]
 smb passwd file = /etc/samba/smbpasswd
 printing = cups
 encrypt passwords = yes
 wins support = true
 max log size = 0
 unix password sync = Yes
 workgroup = Samba Server
 server string = Samba Server
 log file = /var/log/samba/%m.log
 netbios name = Samba
 load printers = yes

[printers]
   comment = All Printers
   path = /var/spool/samba
   browseable = no
   guest ok = no
   writable = no
   printable = yes 

[share]
   path = /share
   create mode = 770
   writeable = yes
   directory mode = 770
   user = @samba
   comment = samba
   valid users = @samba
   write list = @samba
   force group = samba 
EOF

Containerfile:

cat > Containerfile << EOF
FROM almalinux:8
MAINTAINER http://www.vidalinux.com
LABEL Vendor="Vidalinux"
LABEL License=GPLv2
LABEL Version=1.0

RUN yum -y update && yum clean all && yum -y install samba samba-common samba-client -y && \
rm -fr /var/cache/*

# Move the Samba Conf file 

ADD smb.conf /tmp/
RUN mv /etc/samba/smb.conf /etc/samba/smb.conf.orig && \
mv /tmp/smb.conf /etc/samba/
RUN mkdir /share

ADD runconfig.sh /
RUN chmod +x /runconfig.sh  

EXPOSE 138/udp
EXPOSE 445/udp
EXPOSE 139 
EXPOSE 445 

env SMB_USER samba
env SMB_PASS samba
env SMB_GROUP samba

CMD ["/runconfig.sh"]
EOF

docker-compose.yml:

cat > podman-compose.yml << EOF
version: '3'

services:
  samba:
    restart: always
    image: vidalinux/samba:latest
    container_name: samba_server
    ports:
    - "139:139/udp"
    - "445:445/udp"
    - "139:139"
    - "445:445"
    environment:
      SMB_USER: mytestuser
      SMB_PASS: mypassword
      SMB_GROUP: samba
      TZ: America/Puerto_Rico
    volumes:
      - /share:/share
EOF

create your image with podman:

podman build -t vidalinux/samba .

run your container:

podman-compose up -d

local private registry

create registry directory and the following files:

mkdir ~/podman-registry
cd ~/podman-registry

compose file to create registry:

cat > podman-compose.yml << EOF
version: '3'

services:
  registry:
    restart: always
    image: registry:2
    container_name: registry
    ports:
    - "5000:5000"
    environment:
      REGISTRY_AUTH: htpasswd
      REGISTRY_AUTH_HTPASSWD_REALM: Registry
      REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
      REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: /data
      TZ: America/Puerto_Rico
    volumes:
      - ~/podman-registry/auth:/auth
      - ~/podman-registry/data:/data
EOF

create password file:

mkdir ~/podman-registry/auth 
podman run --rm --entrypoint htpasswd httpd:2 -Bbn testuser testpassword > ~/podman-registry/auth/htpasswd

add another user to registry:

podman run --rm --entrypoint htpasswd httpd:2 -Bbn testuser2 testpassword2 >> ~/podman-registry/auth/htpasswd

run the registry by executing:

podman-compose up -d

log in to a private registry:

podman login --tls-verify=false http://localhost:5000 -u testuser testpassword

logout from local registry:

podman logout http://localhost:5000

run container as service

generate systemd service file of your samba_server:

podman generate systemd --new --name samba_server > /etc/systemd/system/samba_server.service

generate systemd service file of your registry:

podman generate systemd --new --name registry > /etc/systemd/system/registry.service

if you start your samba_server with podman-compose you need to stop it:

cd ~/podman-samba
podman-compose down

if you start your registry with podman-compose you need to stop it:

cd ~/podman-registry
podman-compose down

start and enable your samba_server container using systemd:

systemctl enable samba_server
systemctl start samba_server

start and enable your registry container using systemd:

systemctl enable registry
systemctl start registry