podman使用
安装
nix-env -iA nixpkgs.shadow
nix-env -iA nixpkgs.podman
# 这个安装时候会安装一个sleep命令, 和系统的冲突,这个sleep是问题的
nix-env -iA nixpkgs.cni
nix-env -iA nixpkgs.cni-plugins
nix-env -iA nixpkgs.conmon
nix-env -iA nixpkgs.runc
# 二进制安装
https://github.com/containers/podman/blob/main/DOWNLOADS.md
# 查看命令是否可用
sudo podman ps
国内源
# 查看基本信息
sudo podman info
# https://github.com/containers/podman/blob/main/test/registries.conf
cat /etc/containers/registries.conf
# 或
~/.config/containers/registries.conf
# 原文
unqualified-search-registries = ["docker.io"]
[[registry]]
prefix = "docker.io"
location = "docker.io"
cat /etc/containers/policy.json
# 原文
{
"default": [{ "type": "insecureAcceptAnything" }],
"transports": {
"docker": {
"localhost:5000": [
{
"type": "signedBy",
"keyType": "GPGKeys",
"keyPath": "/tmp/key.gpg"
}
]
}
}
}
创建网卡
# 会提示:
# WARN[0000] Error validating CNI config file /etc/cni/net.d/podman.conflist: [failed to find plugin "bridge" in path [/usr/libexec/cni /usr/lib/cni /usr/local/lib/cni /opt/cni/bin] failed to find plugin "portmap" in path [/usr/libexec/cni /usr/lib/cni /usr/local/lib/cni /opt/cni/bin] failed to find plugin "firewall" in path [/usr/libexec/cni /usr/lib/cni /usr/local/lib/cni /opt/cni/bin] failed to find plugin "tuning" in path [/usr/libexec/cni /usr/lib/cni /usr/local/lib/cni /opt/cni/bin]]
# 链接插件到指定/opt/cni/bin目录即可
sudo ln -s /nix/store/h5jqw6la5iz8j3awmrlmapr9y3pfm5vk-cni-plugins-0.9.1/bin /opt/cni/
# 查看网卡列表
sudo podman network ls
# 创建网卡
sudo podman network create podman
ls /etc/cni/net.d/podman.conflist
# 删除网卡
sudo podman network rm podman
运行hello-world
sudo podman run hello-world
sudo podman run --net=host hello-world
sudo podman run --net=host --rm -it docker.io/library/hello-world
sudo podman --cgroup-manager=cgroupfs --events-backend=file run --net=host --rm -it docker.io/library/hello-world
基本使用
# 搜索镜像
sudo podman search nginx
# 拉取nginx官方镜像
sudo podman pull docker.io/library/nginx
# 查看镜像
sudo podman images
# 运行容器
sudo podman run --name nginx_demo -p 8080:80 -p 3366:3306 -i -d -v /home/jcleng/work:/work -t docker.io/library/nginx /bin/bash
# 查看容器id
sudo podman ps -a
# 删除容器
sudo podman container rm af641c8521e4
sudo podman container rm -a
# 停止容器
sudo podman stop nginx_demo
sudo podman stop bbab2a037e78
# 开始容器
sudo podman start nginx_demo
sudo podman start bbab2a037e78
# 进入容器,并启动nginx
sudo podman exec -it nginx_demo /bin/bash -c /usr/sbin/nginx
sudo podman exec -it bbab2a037e78 /bin/bash -c /usr/sbin/nginx
# 查看容器top
sudo podman top fd22dc18b536
# 参看pod
podman pod ls
# docker-compose参数
links 可以让该容器别名连接对应的容器
使用pod
podman pod create --name hugo
podman run -d --pod hugo nginx:alpine
# 提示错误
# ERRO[0060] Error freeing pod lock after failed creation: no such file or directory
# Error: error adding Infra Container: error pulling infra-container image: Error initializing source docker://k8s.gcr.io/pause:3.5: error pinging docker registry k8s.gcr.io: Get "https://k8s.gcr.io/v2/": dial tcp 64.233.189.82:443: i/o timeout
# 手动拉取
# 国内下载
podman pull registry.aliyuncs.com/google_containers/pause:3.5
# 修改tag
podman tag registry.aliyuncs.com/google_containers/pause:3.5 k8s.gcr.io/pause:3.5
# 创建pod,并指定端口映射
podman pod create --name pod1 -p 8080:80
# 创建容器并归属到pod
podman run -itd --pod pod1 nginx
# 端口映射情况, 会显示pod的INFRA ID和container 的CONTAINER ID
podman port -a
podman-compose使用docker-compose.yml
# 创建文件夹,文件夹就是pod的名称
# 启动, -d 后台运行
podman-compose up -d
version: '2'
services:
qq:
image: bestwu/qq:office
container_name: qq_c
ipc: host
devices:
- /dev/snd #声音
volumes:
- /tmp/.X11-unix:/tmp/.X11-unix
- /home/jcleng/下载/podman_compose/qq:/TencentFiles #使用自己的用户路径
environment:
- DISPLAY=unix$DISPLAY
- XMODIFIERS=@im=fcitx #中文输入
- QT_IM_MODULE=fcitx
- GTK_IM_MODULE=fcitx
- AUDIO_GID=17 # 可选 默认63(fedora) 主机audio gid 解决声音设备访问权限问题
- GID=$GID # 可选 默认1000 主机当前用户 gid 解决挂载目录访问权限问题
- UID=$UID # 可选 默认1000 主机当前用户 uid 解决挂载目录访问权限问题
version: "3"
services:
web1:
image: busybox
command: ["/bin/busybox", "httpd", "-f", "-h", "/var/www/html", "-p", "8001"]
working_dir: /var/www/html
ports:
- 8001:8001
volumes:
- /home/jcleng/download/conpose:/data
podman打包
# 打包
podman commit e1b8e550356c docker.io/jcleng/alpine-php8:001
# 查看所有镜像
podman images -a
# 打包之后就可以用conpose自行运行了
podman上传镜像到dockerhub
# 注册账户 https://hub.docker.com
# 使用dockerid作为用户名登陆
podman login
Username: jcleng
Password:
Login Succeeded!
# 如果镜像tag和名称不对,需要修改, 修改本地镜像的tag名称, 修改为:docker.io/[用户名]/[镜像名称]:[版本tag] ,执行之后会新生成tag的镜像
podman tag localhost/lxx/alpine-nginx:003 docker.io/jcleng/alpine-nginx:003
# 提交
podman push jcleng/alpine-nginx:003
其他,运行容器的时候 状态是Exited
# 很多容器都没有进行交互式运行会导致podman run xxx bash之后直接停止,状态是
Exited (0) 4 seconds ago
# 需要运行的时候加上参数 -dit
podman run -dit library/php:7.1.33 /bin/bash
# 如果是docker-compose.yml方式运行就在对应服务加上参数 tty: true
# 是跟 volumes参数同级别的, 运行的时候 使用 podman-compose up -d 即可
tty: true
用 Dockerfile 构建一个自己的 swoole 镜像环境(编译安装)
# 获取swoole官方的构建源码
git clone --depth=1 https://github.com/swoole/docker-swoole.git
# 进入文件夹cd docker-swoole# 找到对应的文件.我使用php7.1的,查看并按照自己的需求进行修改, 里面有一个COPY命令是复制rootfilesystem目录的, 我们手动从源码目录复制到Dockerfil--depth=1e目录
cat ./dockerfiles/4.4.25/php7.1/cli/Dockerfile
# 复制目录rootfilesystem到需要构建的目录里面
cp -r ./rootfilesystem ./dockerfiles/4.4.25/php7.1/cli/
# 进入目录,进行构建
cd ./dockerfiles/4.4.25/php7.1/cli/
podman build -t jcleng/php71-swoole:test .
# 构建完成,查看podman images
一个配置
version: "3"
services:
nginx:
image: jcleng/alpine-nginx:003
container_name: nginx-c
ports:
- 8091:80
volumes:
- /home/jcleng/desk/work/podman/alpine-nginx/data:/data
- /home/jcleng/desk/work/www:/home/jcleng/desk/work/www
command: /bin/sh -c "/bin/mkdir -p /data/http.d && /bin/cp -r /etc/nginx/http.d/* /data/http.d && /usr/sbin/nginx && /bin/sleep 1000000"
tty: true
links:
- php71:php71
- php80:php80
- php74:php74
php80:
image: jcleng/alpine-php8:004
container_name: php80-c
ports:
- 9201:9201
volumes:
- /home/jcleng/desk/work/podman/alpine-php8/data:/data
- /home/jcleng/desk/work/www:/home/jcleng/desk/work/www
command: /bin/sh -c "cp /etc/php8/php.ini /data/php.ini.bak && /usr/bin/php-cgi8 -b 0.0.0.0:9201 -c /data/php.ini"
tty: true
php74:
image: jcleng/alpine-php71:latest
container_name: php74-c
ports:
- 8071:8071
volumes:
- /home/jcleng/desk/work/podman/alpine-php7/data:/data
- /home/jcleng/desk/work/www:/home/jcleng/desk/work/www
command: /usr/bin/php-cgi -b 0.0.0.0:8071
tty: true
php71:
image: chialab/php-dev:7.1
container_name: php71-c
ports:
- 8072:8072
volumes:
- /home/jcleng/desk/work/www:/home/jcleng/desk/work/www
command: /usr/local/bin/php-cgi -b 0.0.0.0:8072
tty: true
模板文件使用可以参考templates配置volumes等参数进行映射等
https://github.com/portainer/templates/blob/master/templates-2.0.json
# 源文件地址
https://raw.fastgit.org/portainer/templates/master/templates-2.0.json
links不用hosts模式
在caddy_compose即可ping redis_client和phpfpm_client
version: "3"
services:
caddy:
image: "caddy"
container_name: "caddy_compose"
volumes:
- "/vagrant_data:/vagrant_data"
- "/vagrant_data/caddy/Caddyfile:/etc/caddy/Caddyfile"
# 不用host,ports一个端口
# network_mode: host
ports:
- 80:80
tty: true
links:
- redis:redis_client
- phpfpm:phpfpm_client
phpfpm:
image: "php:7.4-fpm"
container_name: "phpfpm_compose"
volumes:
- "/vagrant_data:/vagrant_data"
# network_mode: host
tty: true
redis:
image: "library/redis:latest"
container_name: "redis_compose"
# network_mode: host
tty: true
常见问题
# ERRO[0000] User-selected graph driver "overlay" overwritten by graph driver "vfs" from database - delete libpod local files to resolve #5114
# https://github.com/containers/podman/issues/5114
https://github.com/containers/podman/issues/5114#issuecomment-779406347
# 处理
sudo rm -rf ~/.local/share/containers/
podman-desktop使用非官方的,支持多个引擎,如docker
# https://github.com/iongion/podman-desktop-companion
# 如果不需要docker,使用官方的
# https://podman-desktop.io/docs/intro
注册systemd服务
# 创建pod
podman pod create --name httpserver
# 在pod里面创建容器
podman run -itd --pod=httpserver --name=caddy caddy
# 注册systemd服务,会在当前文件夹生成
podman generate systemd --new --files --name httpserver
# /root/pod-httpserver.service
# /root/container-caddy.service
# 只需要一个pod服务管理就行了
systemctl enable --now ./pod-httpserver.service
# systemctl disable --now pod-httpserver.service
systemctl status pod-httpserver.service
systemctl stop pod-httpserver.service
systemctl restart pod-httpserver.service