podman部署及应用
podman简述
Podman 是一个无守护程序、开源的 Linux 原生工具,旨在使用开放容器计划 (OCI) 容器和容器映像轻松查找、运行、构建、共享和部署应用程序。Podman 提供了一个命令行界面 (CLI),任何使用过 Docker 容器引擎的人都熟悉。大多数用户可以简单地将Docker别名为Podman(别名docker=podman),而不会出现任何问题。与其他常见的容器引擎(Docker,CRI-O,containerd)类似,Podman依靠符合OCI的容器运行时(runc,crun,runv等)与操作系统接口并创建正在运行的容器。这使得Podman创建的正在运行的容器与任何其他常见容器引擎创建的容器几乎没有区别。
Podman 控制下的容器可以由 root 用户或非特权用户运行。Podman 使用 libpod 库管理整个容器生态系统,其中包括 Pod、容器、容器映像和容器卷。Podman 专门研究所有帮助您维护和修改 OCI 容器映像(如拉取和标记)的命令和函数。它允许您在生产环境中创建、运行和维护这些容器和容器映像。
podman部署
//Podman安装
[root@192 ~]# dnf -y install podman
//配置镜像加速
[root@192 ~]# vim /etc/containers/registries.conf
unqualified-search-registries = ["docker.io"]
[[registry]]
prefix = "docker.io"
location = "kb52svac.mirror.aliyuncs.com"
podman的应用
查看版本
//查看版本
[root@192 ~]# podman -v
podman version 3.3.1
[root@192 ~]# podman version
Version: 3.3.1
API Version: 3.3.1
Go Version: go1.16.7
Built: Wed Nov 10 05:23:56 2021
OS/Arch: linux/amd64
[root@192 ~]#
//查看详细信息
[root@192 ~]# podman info
host:
arch: amd64
buildahVersion: 1.22.3
cgroupControllers:
//登录和退出
[root@192 ~]# podman login docker.io
Username: 2012543034
Password:
Login Succeeded!
[root@192 ~]#
[root@192 ~]# podman logout
Removed login credentials for docker.io
image镜像管理子命令
//bulid 基于dockerfile创建镜像
//diff 检查映像文件系统的更改
[root@192 ~]# podman diff httpd
C /usr
C /usr/local
C /usr/local/bin
A /usr/local/bin/httpd-foreground
//history 显示指定镜像的历史记录
[root@192 ~]# podman image history httpd
ID CREATED CREATED BY SIZE COMMENT
dabbfbe0c57b 7 months ago /bin/sh -c #(nop) CMD ["httpd-foreground"] 0 B
<missing> 7 months ago /bin/sh -c #(nop) EXPOSE 80 0 B
<missing> 7 months ago /bin/sh -c #(nop) COPY file:c432ff61c4993e... 3.58 kB
<missing> 7 months ago /bin/sh -c #(nop) STOPSIGNAL SIGWINCH 0 B
<missing> 7 months ago /bin/sh -c set -eux; savedAptMark="$(apt... 61.1 MB
<missing> 7 months ago /bin/sh -c #(nop) ENV HTTPD_PATCHES= 0 B
<missing> 7 months ago /bin/sh -c #(nop) ENV HTTPD_SHA256=0127f7... 0 B
<missing> 7 months ago /bin/sh -c #(nop) ENV HTTPD_VERSION=2.4.52 0 B
<missing> 7 months ago /bin/sh -c set -eux; apt-get update; apt... 2.72 MB
<missing> 7 months ago /bin/sh -c #(nop) WORKDIR /usr/local/apache2 0 B
<missing> 7 months ago /bin/sh -c mkdir -p "$HTTPD_PREFIX" && ch... 3.07
//inspect 显示镜像的配置
[root@192 ~]# podman image inspect httpd
[
{
"Id": "dabbfbe0c57b6e5cd4bc089818d3f664acfad496dc741c9a501e72d15e803b34",
"Digest": "sha256:0954cc1af252d824860b2c5dc0a10720af2b7a3d3435581ca788dff8480c7b32",
"RepoTags": [
"docker.io/library/httpd:latest"
],
"RepoDigests": [
"docker.io/library/httpd@sha256:0954cc1af252d824860b2c5dc0a10720af2b7a3d3435581ca788dff8480c7b32",
"docker.io/library/httpd@sha256:57c1e4ff150e2782a25c8cebb80b574f81f06b74944caf972f27e21b76074194"
],
//list 列出本地存储中镜像
[root@192 ~]# podman image list
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/library/httpd latest dabbfbe0c57b 7 months ago 148 MB
//rm 删除镜像
[root@192 ~]# podman image rm httpd
Untagged: docker.io/library/httpd:latest
Deleted: dabbfbe0c57b6e5cd4bc089818d3f664acfad496dc741c9a501e72d15e803b34
[root@192 ~]# podman image list
REPOSITORY TAG IMAGE ID CREATED SIZE
//save 将镜像保存到本地
[root@192 ~]# podman image save httpd > httpd.tar
[root@192 ~]# ls
anaconda-ks.cfg httpd.tar
//load 从tar存档加载镜像
[root@192 ~]# podman image load < httpd.tar
Getting image source signatures
Copying blob deefaa620a71 done
Copying blob 2edcec3590a4 done
Copying blob 15e4bf5d0804 done
Copying blob 9cff3206f9a6 done
Copying blob 1da636a1aa95 done
Copying config dabbfbe0c5 done
Writing manifest to image destination
Storing signatures
Loaded image(s): docker.io/library/httpd:latest
[root@192 ~]# podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/library/httpd latest dabbfbe0c57b 7 months ago 148 MB
//prune 删除未使用的镜像
[root@192 ~]# podman image prune
WARNING! This will remove all dangling images.
Are you sure you want to continue? [y/N] y
//prune 删除未使用的镜像
[root@192 ~]# podman search busybox
INDEX NAME DESCRIPTION STARS OFFICIAL AUTOMATED
docker.io docker.io/library/busybox Busybox base image. 2712 [OK]
docker.io docker.io/rancher/busybox 0
docker.io docker.io/ibmcom/busybox 0
docker.io docker.io/openebs/busybox-client 0
docker.io docker.io/antrea/busybox
//search 搜索镜像
[root@192 ~]# podman image search busybox
INDEX NAME DESCRIPTION STARS OFFICIAL AUTOMATED
docker.io docker.io/library/busybox Busybox base image. 2712 [OK]
docker.io docker.io/rancher/busybox 0
docker.io docker.io/ibmcom/busybox 0
docker.io docker.io/openebs/busybox-client 0
docker.io docker.io/antrea/busybox 0
//pull 拉取镜像
[root@192 ~]# podman image pull busybox
Resolved "busybox" as an alias (/etc/containers/registries.conf.d/000-shortnames.conf)
Trying to pull docker.io/library/busybox:latest...
Getting image source signatures
Copying blob 5cc84ad355aa done
Copying config beae173cca done
Writing manifest to image destination
Storing signatures
beae173ccac6ad749f76713cf4440fe3d21d1043fe616dfbe30775815d1d0f6a
//tag 对镜像更爱标签
[root@192 ~]# podman tag busybox 2012543034/busybox:v0.1
[root@192 ~]# podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/library/busybox latest beae173ccac6 7 months ago 1.46 MB
localhost/2012543034/busybox v0.1 beae173ccac6 7 months ago 1.46 MB
//push 上传镜像
//tree 以树格式打印镜像的图层层次结构
[root@192 ~]# podman image tree busybox
Image ID: beae173ccac6
Tags: [docker.io/library/busybox:latest localhost/2012543034/busybox:v0.1]
Size: 1.464MB
Image Layers
└── ID: 01fd6df81c8e Size: 1.459MB Top Layer of: [docker.io/library/busybox:latest localhost/2012543034/busybox:v0.1]
container容器管理子命令
//create 创建一个或多个容器
[root@192 ~]# podman container create --name wed httpd
e8bdc10a1d1dfde8e4b1b69389a3359aeb0738c4e578e7f011f79fa94c16f42f
[root@192 ~]# podman ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e8bdc10a1d1d docker.io/library/httpd:latest httpd-foreground 14 seconds ago Created wed
//start 启动容器
[root@192 ~]# podman container start e8bdc10a1d1d
e8bdc10a1d1d
[root@192 ~]#
//ps、list 列出所有容器
[root@192 ~]# podman container ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e8bdc10a1d1d docker.io/library/httpd:latest httpd-foreground 2 minutes ago Up 55 seconds ago wed
[root@192 ~]# podman container list
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e8bdc10a1d1d docker.io/library/httpd:latest httpd-foreground 2 minutes ago Up 59 seconds ago wed
//rename 重命名现有容器
[root@192 ~]# podman container rename wed web
[root@192 ~]# podman container list
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e8bdc10a1d1d docker.io/library/httpd:latest httpd-foreground 4 minutes ago Up 3 minutes ago web
//stop 停止容器
[root@192 ~]# podman stop web
web
[root@192 ~]# podman container ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
//restart 重启容器
[root@192 ~]# podman restart web
e8bdc10a1d1dfde8e4b1b69389a3359aeb0738c4e578e7f011f79fa94c16f42f
[root@192 ~]# podman container ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e8bdc10a1d1d docker.io/library/httpd:latest httpd-foreground 6 minutes ago Up 9 seconds ago web
//run 在新容器中运行命令(可以理解为创建并启动容器)
[root@192 ~]# podman container run -itd --name web1 busybox
fafb15b0b00785c2b867a7701ec61f0d1475784f245903fa21abd0f34af5512b
[root@192 ~]# podman container ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e8bdc10a1d1d docker.io/library/httpd:latest httpd-foreground 7 minutes ago Up About a minute ago web
fafb15b0b007 docker.io/library/busybox:latest sh 4 seconds ago Up 4 seconds ago web1
参数
--name 容器名 //指定容器名
--label 标记名 //加标记方便查找
-it //让容器的输入保持打开状态,并分配终端
-c //不进行登录执行命令
-d //将容器放入后台进行执行
-v //可以创建多个数据卷
也可挂载到宿主机的目录,如果本地没有目录,则自动生成一个目录
挂载方法 //宿主机目录:docker数据卷
[root@docker ~]# docker run -d -v /var/www/:/www nginx //在本地创建一个/var/www目录 ,在容器里面创建一个/www目录;将本地目录映射到容器目录
-p //映射端口 宿主机端:容器端口
-P //发布所有公开的端口(随机映射端口号)
--volumes-from //容器和容器之间建立联系
将容器的所有目录共享给新创建的容器
[root@docker ~]# docker run --volumes-from 想要挂载的容器 --name 指定新容器名 镜像
[root@docker ~]# docker run -it --volumes-from wxh --name wwww nginx /bin/bash
----restart always //永久开启容器,服务重启后容器也会启动,不会关闭
--rm //一次性容器,退出后直接删除
//attach 连接到运行的容器
[root@192 ~]# podman container attach web1
/ # ls
bin dev etc home proc root run sys tmp usr var
/ # exit
//exec 在正在运行的容器中运行进程
[root@192 ~]# podman container start web1
web1
[root@192 ~]# podman container exec -it web1 /bin/sh
/ # ls
bin dev etc home proc root run sys tmp usr var
/ # exit
//diff 检查对容器文件系统的更改
[root@192 ~]# podman container diff web1
C /root
A /root/.ash_history
C /etc
inspect //显示容器配置
[root@192 ~]# podman container inspect web1
[
{
"Id": "fafb15b0b00785c2b867a7701ec61f0d1475784f245903fa21abd0f34af5512b",
"Created": "2022-08-15T09:15:57.522742519+08:00",
"Path": "sh",
"Args": [
"sh"
],
"State": {
"OciVersion": "1.0.2-dev",
"Status": "running",
"Running": true,
//stats 显示容器使用资源的状态
[root@192 ~]# podman container stats web1
ID NAME CPU % MEM USAGE / LIMIT MEM % NET IO BLOCK IO PIDS CPU TIME AVG CPU %
fafb15b0b007 web1 3.44% 262.1kB / 3.89GB 0.01% 978B / 1.494kB -- / -- 1 57.177047ms 3.44%
//top 显示容器的运行进程
[root@192 ~]# podman container top web1
USER PID PPID %CPU ELAPSED TTY TIME COMMAND
root 1 0 0.000 5m13.095211392s pts/0 0s sh
//logs 获取一个或多个容器的日志
[root@192 ~]# podman container logs web1
/ # ls
bin dev etc home proc root run sys tmp usr var
/ # exit
//kill 使用特定信号终止一个或多个正在运行的容器
[root@192 ~]# podman kill web1
web1
[root@192 ~]# podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e8bdc10a1d1d docker.io/library/httpd:latest httpd-foreground 20 minutes ago Up 13 minutes ago web
//port 列出端口映射或容器的特定映射
[root@192 ~]# podman container run -d --name web2 -p 80:80 httpd
ab2fe6e166dd7781ee53f210b85232b57fabad4e2135a9fb228b24d1d7a4f337
[root@192 ~]# podman container port web2
80/tcp -> 0.0.0.0:80
//rm 删除一个或多个容器 -f 强制删除,即可删除运行中的容器
[root@192 ~]# podman rm -f web2 web1 web
ab2fe6e166dd7781ee53f210b85232b57fabad4e2135a9fb228b24d1d7a4f337
fafb15b0b00785c2b867a7701ec61f0d1475784f245903fa21abd0f34af5512b
e8bdc10a1d1dfde8e4b1b69389a3359aeb0738c4e578e7f011f79fa94c16f42f
[root@192 ~]# podman container ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
166dd7781ee53f210b85232b57fabad4e2135a9fb228b24d1d7a4f337
fafb15b0b00785c2b867a7701ec61f0d1475784f245903fa21abd0f34af5512b
e8bdc10a1d1dfde8e4b1b69389a3359aeb0738c4e578e7f011f79fa94c16f42f
[root@192 ~]# podman container ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES