Howto podman
install podman archlinux
install podman packages:
pacman -Syu podman podman-compose aardvark-dns
install podman centos/almalinux/rocky
install podman packages:
yum -y install podman
install podman-compose:
curl -o /usr/local/bin/podman-compose https://raw.githubusercontent.com/containers/podman-compose/devel/podman_compose.py chmod +x /usr/local/bin/podman-compose
install podman debian
install podman packages:
apt-get -y install podman
install podman-compose:
curl -o /usr/local/bin/podman-compose https://raw.githubusercontent.com/containers/podman-compose/devel/podman_compose.py chmod +x /usr/local/bin/podman-compose
install podman ubuntu
create the following directory:
sudo mkdir -p /etc/apt/keyrings
add kubic repo gpg key:
curl -fsSL https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable/xUbuntu_$(lsb_release -rs)/Release.key \ | gpg --dearmor \ | sudo tee /etc/apt/keyrings/devel_kubic_libcontainers_stable.gpg > /dev/null
add kubic repo:
echo \ "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/devel_kubic_libcontainers_stable.gpg]\ https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable/xUbuntu_$(lsb_release -rs)/ /" \ | sudo tee /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list > /dev/null
install podman packages:
sudo apt-get update sudo apt-get -y install podman
install podman-compose:
curl -o /usr/local/bin/podman-compose https://raw.githubusercontent.com/containers/podman-compose/devel/podman_compose.py chmod +x /usr/local/bin/podman-compose
configure podman registries
add the following registries to /etc/containers/registries.conf
cat >> /etc/containers/registries.conf << "EOF" [registries.search] registries = ['docker.io', 'registry.fedoraproject.org', 'quay.io', 'registry.access.redhat.com', 'registry.centos.org'] EOF
commands
list containers that are running or have exited:
podman ps -a
pull a remote container image from docker.io:
podman pull docker.io/library/almalinux:9
list all local images:
podman images
remove a local container image by its image:
podman rmi docker.io/library/almalinux:9
search local cache and remote registries for images:
podman search almalinux
create (but don’t start) a container from an image:
podman create docker.io/library/almalinux:9
start an existing container from an image:
podman start container
create a new image based on the current state of a running container:
podman commit container mynewimage:tag
restart an existing container:
podman restart container
stop a running container gracefully
podman stop container
send a signal to a running container
podman kill container
Remove a container (use -f if the container is running)
podman rm -f container
display a live stream of a container resource usage:
podman stats container
return metadata about a running container:
podman inspect container
execute a command in a running container:
podman exec container command
display the running processes of a container:
podman top container
display the logs of a container:
podman logs -tail container
pause all the processes in a container
podman pause container
unpause all the processes in a container
podman unpause container
list the port mappings from a container to localhost
podman port container
attach to a running container:
podman attach container
enter container environment:
podman exec -it container /bin/sh
create container image from file:
podman build -f Containerfile
create container image
create podman-samba directory and the following files:
mkdir ~/podman-samba cd ~/podman-samba
runconfig.sh:
cat > runconfig.sh << 'EOF' #!/bin/bash VRFY_USER=$(grep -c "$SMB_USER" /etc/passwd) VRFY_GROUP=$(grep -c "$SMB_GROUP" /etc/group) # add username for samba if [ $VRFY_USER -ne 0 ]; then echo "user $SMB_USER already exist" else echo "adding user $SMB_USER" useradd $SMB_USER -s /bin/nologin echo -ne "$SMB_PASS\n$SMB_PASS\n" | smbpasswd -a -s $SMB_USER fi # add group if [ $VRFY_GROUP -ne 0 ]; then echo "user $SMB_USER already exist" else groupadd $SMB_GROUP gpasswd -a $SMB_USER $SMB_GROUP fi # set directory permissions chown root.$SMB_GROUP -R /share chmod 2770 /share unset SMB_USER unset SMB_PASS unset SMB_GROUP # start samba smbd --foreground --debug-stdout EOF
smb.conf:
cat > smb.conf << EOF #### Global Settings #### [global] smb passwd file = /etc/samba/smbpasswd printing = cups encrypt passwords = yes wins support = true max log size = 0 unix password sync = Yes workgroup = Samba Server server string = Samba Server log file = /var/log/samba/%m.log netbios name = Samba load printers = yes [printers] comment = All Printers path = /var/spool/samba browseable = no guest ok = no writable = no printable = yes [share] path = /share create mode = 770 writeable = yes directory mode = 770 user = @samba comment = samba valid users = @samba write list = @samba force group = samba EOF
Containerfile:
cat > Containerfile << EOF FROM almalinux:8 MAINTAINER http://www.vidalinux.com LABEL Vendor="Vidalinux" LABEL License=GPLv2 LABEL Version=1.0 RUN yum -y update && yum clean all && yum -y install samba samba-common samba-client -y && \ rm -fr /var/cache/* # Move the Samba Conf file ADD smb.conf /tmp/ RUN mv /etc/samba/smb.conf /etc/samba/smb.conf.orig && \ mv /tmp/smb.conf /etc/samba/ RUN mkdir /share ADD runconfig.sh / RUN chmod +x /runconfig.sh EXPOSE 138/udp EXPOSE 445/udp EXPOSE 139 EXPOSE 445 env SMB_USER samba env SMB_PASS samba env SMB_GROUP samba CMD ["/runconfig.sh"] EOF
podman-compose.yml:
cat > podman-compose.yml << EOF
version: '3'
services:
samba:
restart: always
image: vidalinux/samba:latest
container_name: samba_server
ports:
- "139:139/udp"
- "445:445/udp"
- "139:139"
- "445:445"
environment:
SMB_USER: mytestuser
SMB_PASS: mypassword
SMB_GROUP: samba
TZ: America/Puerto_Rico
volumes:
- /share:/share
EOF
create your image with podman:
podman build -t vidalinux/samba .
local private registry
create registry directory:
mkdir ~/podman-registry cd ~/podman-registry
compose file to create registry:
cat > podman-compose.yml << EOF
version: '3'
services:
registry:
restart: always
image: registry:2
container_name: registry
ports:
- "5000:5000"
environment:
REGISTRY_AUTH: htpasswd
REGISTRY_AUTH_HTPASSWD_REALM: Registry
REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: /data
TZ: America/Puerto_Rico
volumes:
- ~/podman-registry/auth:/auth
- ~/podman-registry/data:/data
EOF
create password file:
mkdir ~/podman-registry/auth podman run --rm --entrypoint htpasswd httpd:2 -Bbn testuser testpassword > ~/podman-registry/auth/htpasswd
add another user to registry:
podman run --rm --entrypoint htpasswd httpd:2 -Bbn testuser2 testpassword2 >> ~/podman-registry/auth/htpasswd
run the registry by executing:
podman-compose up -d
log in to a private registry:
podman login --tls-verify=false http://localhost:5000 -u testuser -p testpassword
push image to local registry:
podman tag localhost/vidalinux/samba:latest localhost:5000/vidalinux/samba:latest podman push localhost:5000/vidalinux/samba:latest --tls-verify=false
as root user edit /etc/containers/registries.conf:
[registries.insecure] registries = ['localhost']
change directory to samba container and modify podman-compose:
cd ~/podman-samba
edit samba container podman-compose.yaml file and change the image name:
image: localhost:5000/vidalinux/samba:latest
run your samba container:
cd ~/podman-samba sudo podman login --tls-verify=false http://localhost:5000 -u testuser -p testpassword sudo podman-compose up -d
to stop the container using podman compose:
cd ~/podman-samba sudo podman-compose down
you can run the container manually without podman-compose:
podman run \ -d --name "samba_server" \ -v /share:/share \ -e "SMB_USER=mytestuser" \ -e "SMB_PASS=mypassword" \ -e "SMB_GROUP=samba" \ -e "TZ=America/Puerto_Rico" \ -p 138:138/udp \ -p 445:445/udp \ -p 139:139 \ -p 445:445 \ localhost:5000/vidalinux/samba:latest
to test the container we mount the samba share:
mkdir /mnt/samba mount -t cifs //localhost/share /mnt/samba -o username=mytestuser,password=mypassword
pull image from local registry:
podman pull localhost:5000/vidalinux/samba:latest --tls-verify=false
logout from local registry:
podman logout http://localhost:5000
run container as service
generate systemd service file of your samba_server:
sudo podman generate systemd --new --name samba_server > /etc/systemd/system/samba_server.service
generate systemd service file of your registry:
podman generate systemd --new --name registry > ~/.config/systemd/user/registry.service
if you start your samba_server with podman-compose you need to stop it:
cd ~/podman-samba sudo podman-compose down
if you start your registry with podman-compose you need to stop it:
cd ~/podman-registry podman-compose down
start and enable your samba_server container using systemd:
sudo systemctl enable samba_server sudo systemctl start samba_server
start and enable your registry container using systemd:
systemctl --user enable registry systemctl --user start registry
run pods with podman
create pod with podman:
podman pod create --name wordpress_cms -p 8080:80
create the pod for mariadb:
podman run -d --pod wordpress_cms \ -e MYSQL_DATABASE=wordpressdb \ -e MYSQL_ROOT_PASSWORD=root \ -e MYSQL_USER=wordpress \ -e MYSQL_PASSWORD=wordpress \ mariadb:10.7.7
add wordpress container to this pod:
podman run -d --pod wordpress_cms \ -e WORDPRESS_DB_USER=wordpress \ -e WORDPRESS_DB_PASSWORD=wordpress \ -e WORDPRESS_DB_NAME=wordpressdb \ -e WORDPRESS_DB_HOST=127.0.0.1 \ wordpress:6.1.1-php8.1-apache
open your browser to access wordpress:
http://localhost:8080
list pods:
podman pod list
export podman pod to yaml:
podman generate kube wordpress_cms > wordpress_cms.yaml
remove pod:
podman pod rm wordpress_cms
create pod with yaml file:
podman play kube wordpress_cms.yaml
podman for windows
if you run windows on kvm virtual machine make sure you change the following settings:
<features>
<acpi/>
<apic/>
<hyperv mode="custom">
<relaxed state="on"/>
<vapic state="off"/>
<spinlocks state="on" retries="8191"/>
<synic state="off"/>
<stimer state="off"/>
<vendor_id state="on" value="123456789ab"/>
</hyperv>
</features>
<cpu mode="custom" match="exact" check="partial">
<model fallback="allow">Skylake-Client-noTSX-IBRS</model>
<topology sockets="1" dies="1" cores="4" threads="2"/>
<feature policy="disable" name="hypervisor"/>
<feature policy="require" name="vmx"/>
</cpu>
<clock offset="localtime">
<timer name="rtc" tickpolicy="catchup"/>
<timer name="pit" tickpolicy="discard"/>
<timer name="hpet" present="no"/>
<timer name="hypervclock" present="no"/>
<timer name="tsc" present="no" mode="native"/>
</clock>
install wsl on windows:
initiate podman on windows:
podman machine init
to start your machine run:
podman machine start
podman for macosx
you can log into macosx via ssh do the following:
on your mac, choose apple menu > system Settings, click general in the sidebar, then click sharing on the right. turn on remote login, then click the info button on the right. if needed, select the "allow full disk access for remote users" checkbox. specify which users can log in.
access your mac via ssh:
ssh user@10.44.1.44
on mac shell use sudo to become root:
sudo su -
install podman on macosx: open terminal and type the following command:
xcode-select --install
install homebrew:
/bin/bash -c “$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)”
when finished update homebrew to latest:
brew update
if necessary perform the upgrade:
brew upgrade
then install podman:
brew install podman
prepare the podman virtual machine by typing:
podman machine init
then start podman:
podman machine start
references
[scoop]
[install podman macosx]
[install podman on windows]