podman基础命令与普通用户配置

podman基础命令

//在官网查看镜像
[root@luyi ~]# podman search httpd
INDEX      NAME                                             DESCRIPTION                                      STARS   OFFICIAL  AUTOMATED
docker.io  docker.io/library/httpd                          The Apache HTTP Server Project                   3399    [OK]      
docker.io  docker.io/centos/httpd-24-centos7                Platform for running Apache httpd 2.4 or bui...  36                
docker.io  docker.io/manageiq/httpd                         Container with httpd, built on CentOS for Ma...  0                 [OK]
docker.io  docker.io/clearlinux/httpd                       httpd HyperText Transfer Protocol (HTTP) ser...  1                 
docker.io  docker.io/centos/httpd                                             

//从官网拉镜像
[root@luyi ~]# podman pull httpd
Using default tag: latest
latest: Pulling from library/httpd
a076a628af6f: Pull complete 
e444656f7792: Pull complete 
0ec35e191b09: Pull complete 
4aad5d8db1a6: Pull complete 
eb1da3ea630f: Pull complete 
Digest: sha256:2fab99fb3b1c7ddfa99d7dc55de8dad0a62dbe3e7c605d78ecbdf2c6c49fd636
Status: Downloaded newer image for httpd:latest
docker.io/library/httpd:latest

//查看镜像
[root@luyi ~]# podman images
REPOSITORY   TAG       IMAGE ID       CREATED       SIZE
httpd        latest    683a7aad17d3   6 weeks ago   138MB

//在镜像中创建容器
[root@luyi ~]# podman create httpd:2.4-alpine
e92a84c778e7768db0194a224283beed3ae778db85ae5114c8da752537af1baf

//启动容器
[root@luyi ~]# podman start e92a84c778e7
e92a84c778e7

//运行容器
[root@luyi ~]# podman run httpd:latest
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message
[Thu Feb 25 20:45:29.243123 2021] [mpm_event:notice] [pid 1:tid 140395745399936] AH00489: Apache/2.4.46 (Unix) configured -- resuming normal operations
[Thu Feb 25 20:45:29.243445 2021] [core:notice] [pid 1:tid 140395745399936] AH00094: Command line: 'httpd -D FOREGROUND'

//进入容器，不能操作
[root@luyi ~]# podman attach f59f43d50ef8
172.17.0.1 - - [25/Feb/2021:21:01:49 +0000] "GET / HTTP/1.1" 200 45
172.17.0.1 - - [25/Feb/2021:21:01:51 +0000] "GET / HTTP/1.1" 200 45
172.17.0.1 - - [25/Feb/2021:21:01:52 +0000] "GET / HTTP/1.1" 200 45
172.17.0.1 - - [25/Feb/2021:21:01:52 +0000] "GET / HTTP/1.1" 200 45

//查看容器
[root@luyi ~]# podman ps
CONTAINER ID   IMAGE     COMMAND   CREATED   STATUS    PORTS     NAMES
[root@luyi ~]# podman ps -a
CONTAINER ID   IMAGE              COMMAND              CREATED         STATUS    PORTS     NAMES
e92a84c778e7   httpd:2.4-alpine   "httpd-foreground"   5 minutes ago   Created             heuristic_mahavira

//查看容器日志
[root@luyi ~]# podman logs e9c0d6e23563 
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message
[Thu Feb 25 20:46:47.589331 2021] [mpm_event:notice] [pid 1:tid 139711880459392] AH00489: Apache/2.4.46 (Unix) configured -- resuming normal operations
[Thu Feb 25 20:46:47.589499 2021] [core:notice] [pid 1:tid 139711880459392] AH00094: Command line: 'httpd -D FOREGROUND'
[Thu Feb 25 20:47:18.936443 2021] [mpm_event:notice] [pid 1:tid 139711880459392] AH00491: caught SIGTERM, shutting down

//重启容器
[root@luyi ~]# podman restart e92a84c778e7
e92a84c778e7

//停止容器
[root@luyi ~]# podman stop e92a84c778e7
e92a84c778e7

//删除容器
[root@luyi ~]# podman rm e92a84c778e7
e92a84c778e7
[root@luyi ~]# podman ps 
CONTAINER ID   IMAGE     COMMAND   CREATED   STATUS    PORTS     NAMES

//指定交互模式进入容器
[root@luyi ~]# podman exec -it 2f51f41d2b26 /bin/bash
root@2f51f41d2b26:/usr/local/apache2# ls
bin  build  cgi-bin  conf  error  htdocs  icons  include  logs    modules
root@2f51f41d2b26:/usr/local/apache2# cd bin/
root@2f51f41d2b26:/usr/local/apache2/bin# ls
ab       checkgid   envvars-std   htdbm     httpd      rotatelogs
apachectl  dbmmanage  fcgistarter   htdigest  httxt2dbm   suexec
apxs       envvars    htcacheclean  htpasswd  logresolve
root@2f51f41d2b26:/usr/local/apache2/bin# exit
exit

//查看podman信息
[root@luyi ~]# podman info
host:
  arch: amd64
  buildahVersion: 1.18.0
  cgroupManager: systemd
  cgroupVersion: v1
  conmon:
    package: conmon-2.0.22-3.module_el8.3.0+699+d61d9c41.x86_64
    path: /usr/bin/conmon
    version: 'conmon version 2.0.22, commit: 01898f0a68e4bf403cba544b87ecd260545ae25a'
  cpus: 4
  distribution:
    distribution: '"rhel"'
    version: "8.0"
  eventLogger: file
  hostname: luyi
  idMappings:

普通用户配置

//创建用户并登录
[root@localhost ~]# ls /home/
panda
[root@luyi ~]# su - panda
Last login: Wed Mar 10 18:21:58 CST 2021 on pts/0
[panda@luyi ~]$ 

//配置containers.conf文件，把runc改成crun
[root@luyi ~]# vi /usr/share/containers/containers.conf 
。。。。。。
runtime = "crun"

# List of the OCI runtimes that support --format=json.  When json is supported
# engine will use it for reporting nicer errors.
#
# runtime_supports_json = ["crun", "runc", "kata"]

//在管理用户里查看
[root@luyi ~]# podman run -d --rm --name web1 nginx
96b6e055d725f216168f4c6b641a76c513f712951292b9faaf3951c883b9de06
[root@luyi ~]# podman inspect web1|grep crun
        "OCIRuntime": "crun",
            "crun",

//安装slirp4netns提供网络
[root@luyi ~]# yum -y install slirp4netns
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
CentOS-8 - AppStream - mirrors.aliyun.com         3.6 kB/s | 4.3 kB     00:01    
CentOS-8 - Base - mirrors.aliyun.com              3.4 kB/s | 3.9 kB     00:01    
CentOS-8 - Extras - mirrors.aliyun.com            1.4 kB/s | 1.5 kB     00:01    
Package slirp4netns-1.1.8-1.module_el8.3.0+699+d61d9c41.x86_64 is already installed.
Dependencies resolved.
Nothing to do.
Complete!

//拉取镜像
[panda@luyi ~]$ podman images
REPOSITORY                 TAG     IMAGE ID      CREATED       SIZE
docker.io/library/busybox  latest  a9d583973f65  16 hours ago  1.45 MB
docker.io/library/nginx    latest  35c43ace9216  2 weeks ago   137 MB

//创建容器映射端口
[root@luyi ~]# vi /etc/sysctl.conf

# sysctl settings are defined through files in
# /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/.
#
# Vendors settings live in /usr/lib/sysctl.d/.
# To override a whole file, create a new file with the same in
# /etc/sysctl.d/ and put new settings there. To override
# only specific settings, add a file with a lexically later
# name in /etc/sysctl.d/ and put new settings there.
#
# For more information, see sysctl.conf(5) and sysctl.d(5).
net.ipv4.ip_unprivileged_port_start=80

[root@luyi ~]# vi /etc/sysctl.conf
[root@luyi ~]# sysctl -p
net.ipv4.ip_unprivileged_port_start = 80

[panda@luyi ~]$ podman run -d --name web3 -p 80:80 nginx
48453b5f8ed0d0d7e9570429456481f10c46dc94f56d8b6653ee7922011a40e2
[panda@luyi ~]$ ss -antl
State    Recv-Q    Send-Q         Local Address:Port         Peer Address:Port    
LISTEN   0         128                  0.0.0.0:22                0.0.0.0:*       
LISTEN   0         128                     [::]:22                   [::]:*       
LISTEN   0         128                        *:80                      *:*       
[panda@luyi ~]$