Howto podman

From Vidalinux Wiki
Jump to navigation Jump to search

install podman archlinux

install podman packages:

pacman -Syu podman podman-compose 

install podman centos/almalinux/rocky

install podman packages:

yum -y install podman

install podman-compose:

curl -o /usr/local/bin/podman-compose https://raw.githubusercontent.com/containers/podman-compose/devel/podman_compose.py
chmod +x /usr/local/bin/podman-compose

install podman debian/ubuntu

install podman packages:

apt-get -y install podman

install podman-compose:

curl -o /usr/local/bin/podman-compose https://raw.githubusercontent.com/containers/podman-compose/devel/podman_compose.py
chmod +x /usr/local/bin/podman-compose

configure podman registries

add the following registries to /etc/containers/registries.conf

cat >> /etc/containers/registries.conf << "EOF"
[registries.search]
registries = ['docker.io', 'registry.fedoraproject.org', 'quay.io', 'registry.access.redhat.com', 'registry.centos.org']
EOF

commands

list containers that are running or have exited:

podman ps -a

pull a remote container image from docker.io:

podman pull docker.io/library/almalinux:9

list all local images:

podman images

remove a local container image by its image:

podman rmi docker.io/library/almalinux:9

search local cache and remote registries for images:

podman search almalinux

create (but don’t start) a container from an image:

podman create docker.io/library/almalinux:9

start an existing container from an image:

podman start container

create a new image based on the current state of a running container:

podman commit container mynewimage:tag

restart an existing container:

podman restart container

stop a running container gracefully

podman stop container

send a signal to a running container

podman kill container

Remove a container (use -f if the container is running)

podman rm -f container

display a live stream of a container resource usage:

podman stats container 

return metadata about a running container:

podman inspect container

execute a command in a running container:

podman exec container command

display the running processes of a container:

podman top container

display the logs of a container:

podman logs -tail container

pause all the processes in a container

podman pause container

unpause all the processes in a container

podman unpause container

list the port mappings from a container to localhost

podman port container

attach to a running container:

podman attach container

enter container environment:

podman exec -it container /bin/sh

create container image from file:

podman build -f Containerfile

create container image

create podman-samba directory and the following files:

mkdir ~/podman-samba
cd ~/podman-samba

runconfig.sh:

cat > runconfig.sh << 'EOF'
#!/bin/bash

VRFY_USER=$(grep -c "$SMB_USER" /etc/passwd)
VRFY_GROUP=$(grep -c "$SMB_GROUP" /etc/group)

# add username for samba

if [ $VRFY_USER -ne 0 ];
then
echo "user $SMB_USER already exist"
else
echo "adding user $SMB_USER"
useradd $SMB_USER -s /bin/nologin
echo -ne "$SMB_PASS\n$SMB_PASS\n" | smbpasswd -a -s $SMB_USER
fi

# add group

if [ $VRFY_GROUP -ne 0 ];
then
echo "user $SMB_USER already exist"
else
groupadd $SMB_GROUP
gpasswd -a $SMB_USER $SMB_GROUP
fi

# set directory permissions

chown root.$SMB_GROUP -R /share
chmod 2770 /share

unset SMB_USER
unset SMB_PASS
unset SMB_GROUP

# start samba
smbd --foreground --debug-stdout
EOF

smb.conf:

cat > smb.conf << EOF
#### Global Settings ####

[global]
 smb passwd file = /etc/samba/smbpasswd
 printing = cups
 encrypt passwords = yes
 wins support = true
 max log size = 0
 unix password sync = Yes
 workgroup = Samba Server
 server string = Samba Server
 log file = /var/log/samba/%m.log
 netbios name = Samba
 load printers = yes

[printers]
   comment = All Printers
   path = /var/spool/samba
   browseable = no
   guest ok = no
   writable = no
   printable = yes 

[share]
   path = /share
   create mode = 770
   writeable = yes
   directory mode = 770
   user = @samba
   comment = samba
   valid users = @samba
   write list = @samba
   force group = samba 
EOF

Containerfile:

cat > Containerfile << EOF
FROM almalinux:8
MAINTAINER http://www.vidalinux.com
LABEL Vendor="Vidalinux"
LABEL License=GPLv2
LABEL Version=1.0

RUN yum -y update && yum clean all && yum -y install samba samba-common samba-client -y && \
rm -fr /var/cache/*

# Move the Samba Conf file 

ADD smb.conf /tmp/
RUN mv /etc/samba/smb.conf /etc/samba/smb.conf.orig && \
mv /tmp/smb.conf /etc/samba/
RUN mkdir /share

ADD runconfig.sh /
RUN chmod +x /runconfig.sh  

EXPOSE 138/udp
EXPOSE 445/udp
EXPOSE 139 
EXPOSE 445 

env SMB_USER samba
env SMB_PASS samba
env SMB_GROUP samba

CMD ["/runconfig.sh"]
EOF

podman-compose.yml:

cat > podman-compose.yml << EOF
version: '3'

services:
  samba:
    restart: always
    image: vidalinux/samba:latest
    container_name: samba_server
    ports:
    - "139:139/udp"
    - "445:445/udp"
    - "139:139"
    - "445:445"
    environment:
      SMB_USER: mytestuser
      SMB_PASS: mypassword
      SMB_GROUP: samba
      TZ: America/Puerto_Rico
    volumes:
      - /share:/share
EOF

create your image with podman:

podman build -t vidalinux/samba .

local private registry

create registry directory:

mkdir ~/podman-registry
cd ~/podman-registry

compose file to create registry:

cat > podman-compose.yml << EOF
version: '3'

services:
  registry:
    restart: always
    image: registry:2
    container_name: registry
    ports:
    - "5000:5000"
    environment:
      REGISTRY_AUTH: htpasswd
      REGISTRY_AUTH_HTPASSWD_REALM: Registry
      REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
      REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: /data
      TZ: America/Puerto_Rico
    volumes:
      - ~/podman-registry/auth:/auth
      - ~/podman-registry/data:/data
EOF

create password file:

mkdir ~/podman-registry/auth 
podman run --rm --entrypoint htpasswd httpd:2 -Bbn testuser testpassword > ~/podman-registry/auth/htpasswd

add another user to registry:

podman run --rm --entrypoint htpasswd httpd:2 -Bbn testuser2 testpassword2 >> ~/podman-registry/auth/htpasswd

run the registry by executing:

podman-compose up -d

log in to a private registry:

podman login --tls-verify=false http://localhost:5000 -u testuser -p testpassword

push image to local registry:

podman tag localhost/vidalinux/samba:latest localhost:5000/vidalinux/samba:latest
podman push localhost:5000/vidalinux/samba:latest --tls-verify=false

to successfully download the container image from our registry add the following to /etc/containers/registries.conf:

[registries.insecure]
registries = ['localhost']

edit samba container podman-compose.yaml file and change the image name:

image: localhost:5000/vidalinux/samba:latest

run your samba container:

cd ~/podman-samba
sudo podman login --tls-verify=false http://localhost:5000 -u testuser -p testpassword
sudo podman-compose up -d

to stop the container using podman compose:

cd ~/podman-samba
sudo podman-compose down

you can run the container manually without podman-compose:

podman run \
-d --name "samba_server" \
-v /share:/share \
-e "SMB_USER=mytestuser" \
-e "SMB_PASS=mypassword" \
-e "SMB_GROUP=samba" \
-e "TZ=America/Puerto_Rico" \
-p 138:138/udp \
-p 445:445/udp \
-p 139:139 \
-p 445:445 \ 
localhost:5000/vidalinux/samba:latest

to test the container we mount the samba share:

mkdir /mnt/samba
mount -t cifs //localhost/share /mnt/samba -o username=mytestuser,password=mypassword

pull image from local registry:

podman pull localhost:5000/vidalinux/samba:latest --tls-verify=false

logout from local registry:

podman logout http://localhost:5000

run container as service

generate systemd service file of your samba_server:

podman generate systemd --new --name samba_server > /etc/systemd/system/samba_server.service

generate systemd service file of your registry:

podman generate systemd --new --name registry > /etc/systemd/system/registry.service

if you start your samba_server with podman-compose you need to stop it:

cd ~/podman-samba
podman-compose down

if you start your registry with podman-compose you need to stop it:

cd ~/podman-registry
podman-compose down

start and enable your samba_server container using systemd:

systemctl enable samba_server
systemctl start samba_server

start and enable your registry container using systemd:

systemctl enable registry
systemctl start registry

run pods with podman

create pod with podman:

podman pod create --name wordpress_cms -p 8080:80

create the pod for mariadb:

podman run -d --pod wordpress_cms \
-e MYSQL_DATABASE=wordpressdb \
-e MYSQL_ROOT_PASSWORD=root \
-e MYSQL_USER=wordpress \
-e MYSQL_PASSWORD=wordpress \
mariadb:10.7.7

add wordpress container to this pod:

podman run -d --pod wordpress_cms \
-e WORDPRESS_DB_USER=wordpress \
-e WORDPRESS_DB_PASSWORD=wordpress \
-e WORDPRESS_DB_NAME=wordpressdb \
-e WORDPRESS_DB_HOST=127.0.0.1 \
wordpress:6.1.1-php8.1-apache

open your browser to access wordpress:

http://localhost:8080

list pods:

podman pod list

export podman pod to yaml:

podman generate kube wordpress_cms > wordpress_cms.yaml

remove pod:

podman pod rm wordpress_cms

create pod with yaml file:

podman play kube wordpress_cms.yaml

podman for windows

if you run windows on kvm virtual machine make sure you change the following settings:

 <features>
   <acpi/>
   <apic/>
   <hyperv mode="custom">
     <relaxed state="on"/>
     <vapic state="off"/>
     <spinlocks state="on" retries="8191"/>
     <synic state="off"/>
     <stimer state="off"/>
     <vendor_id state="on" value="123456789ab"/>
   </hyperv>
 </features>
 <cpu mode="custom" match="exact" check="partial">
   <model fallback="allow">Skylake-Client-noTSX-IBRS</model>
   <topology sockets="1" dies="1" cores="4" threads="2"/>
   <feature policy="disable" name="hypervisor"/>
   <feature policy="require" name="vmx"/>
 </cpu>
 <clock offset="localtime">
   <timer name="rtc" tickpolicy="catchup"/>
   <timer name="pit" tickpolicy="discard"/>
   <timer name="hpet" present="no"/>
   <timer name="hypervclock" present="no"/>
   <timer name="tsc" present="no" mode="native"/>
 </clock>

install wsl on windows:

initiate podman on windows:

podman machine init

to start your machine run:

podman machine start

podman for macosx

you can log into macosx via ssh do the following:

on your mac, choose apple menu  > system Settings, click general in the sidebar, then click sharing on the right. 
turn on remote login, then click the info button on the right.
if needed, select the "allow full disk access for remote users" checkbox.
specify which users can log in.

access your mac via ssh:

ssh user@10.44.1.44

on mac shell use sudo to become root:

sudo su -

install podman on macosx: open terminal and type the following command:

xcode-select --install

install homebrew:

/bin/bash -c “$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)”

when finished update homebrew to latest:

brew update

if necessary perform the upgrade:

brew upgrade

then install podman:

brew install podman

prepare the podman virtual machine by typing:

podman machine init

then start podman:

podman machine start

references

[scoop]

[install podman macosx]

[install podman on windows]