- A+
podman的部署和应用
podman官方网站(https://podman.io/)
什么是podman
Podman是一个无守护进程的容器引擎,用于在Linux系统上开发、管理和运行OCI容器。容器可以作为根运行,也可以以无根模式运行。简单地说:别名docker=podman
-
它是一款集合了命令集的工具,设计初衷是为了处理容器化进程的不同任务,可以作为一个模块化框架工作。它的工具集包括:
Podman:Pod和容器镜像管理器
Buildah:容器镜像生成器
Skopeo:容器镜像检查管理器
Runc:容器运行器和特性构建器,并传递给Podman和Buildah
Crun:可选运行时,为Rootless容器提供更大的灵活性、控制和安全性 -
这些工具还可以与任何OCI兼容的容器引擎(如Docker)一起工作,使其易于转换到Podman或与现有的Docker安装一起使用。Kubernetes可以使用Podman吗?答案是:是的。事实上,Kubernetes和Podman在某些方面是相似的。
-
Podman是一个无守护进程的开源Linux本地工具,旨在使用开放容器倡议(open Containers Initiative, OCI)容器和容器映像轻松查找、运行、构建、共享和部署应用程序。Podman提供了一个命令行接口(CLI),任何使用过Docker容器引擎的人都很熟悉。大多数用户可以简单地将Docker别名为Podman(别名Docker = Podman),没有任何问题。与其他常见的容器引擎(Docker, CRI-O, containerd)类似,Podman依赖于一个兼容OCI的容器运行时(runc, crun, runv等)与操作系统接口,并创建运行的容器。这使得Podman创建的运行中的容器与其他任何普通容器引擎创建的容器几乎没有区别
-
Podman控制下的容器可以由root或非特权用户运行。Podman使用libpod库管理整个容器生态系统,包括pods、容器、容器映像和容器卷。Podman擅长于帮助维护和修改OCI容器映像的所有命令和功能,例如拉取和标记。它允许您在生产环境中创建、运行和维护这些容器和容器映像。
有一个用于管理容器的RESTFul API。我们还有一个可以与RESTFul服务交互的远程Podman客户端。我们目前支持Linux、Mac和Windows上的客户端。rest式服务仅支持Linux操作系统。
什么是docker
-
Docker是标准的容器管理技术。Docker在行业中举足轻重,以至于大多数人一想到容器,就会想到Docker。
-
Docker是容器编排世界的一把瑞士军刀,在其他替代方案出现之前就已经提供了诸多特性。随着容器管理复杂度的增加,它也必须成长为一个独立的、自给自足的工具,以便能提供开发人员的所有需求。
-
Docker也在很短的时间内,就成为All-in-one解决方案的关键工具之一。其中一款就是Docker Swarm,这是一款由Docker原生的,可以让你组建群集和调度Docker引擎,以及用来创建和管理容器群的解决方案。
-
Docker的诸多辅助工具处理所有与容器编排相关的任务,从负载均衡到网络,使其成为行业的首选,不光是作为行业技术参考。
-
尽管Docker是一个强大的系统,但这种自给自足的模式也有它的缺点。虽然可以在开发的所有阶段创建和运行容器,但其他工具在与Docker集成交互时或多或少存在些困难。
-
近年来,随着许多其他用于特定任务的专用工具的出现,Docker成为许多开发人员的起点,随之,他们将一些任务分配给其他更轻量级的平台和工具。
podman的使用与docker有什么区别
Podman和Docker有许多共同的特性,但也有一些根本的区别。技术不分好坏,只是着重于哪个更适用于某些特定的场景。
Podman与Linux内核交互,通过runC容器运行时进程而不是Daemon来管理容器。Buildah实用程序用于替代Docker build作为容器镜像构建工具,Docker push被Skopeo替代,用于在注册表和容器引擎之间移动容器镜像。
架构
Docker使用守护进程,一个正在后台运行的程序,来创建镜像和运行容器。Podman是无守护进程的架构,这意味着它可以在启动容器的用户下运行容器。Docker有一个由守护进程引导的客户端——服务器逻辑架构;但Podman不需要此类守护进程。
Root特权
由于Podman没有守护进程来管理其活动,也无需为其容器分配Root特权。Docker最近在其守护进程配置中添加了Rootless模式,但Podman首先使用了这种方法,并将其作为基本特性进行了推广。原因如下。
安全
Podman比Docker安全吗?Podman允许容器使用Rootless特权。Rootless容器被认为比Root特权的容器更安全。在Docker中,守护进程拥有Root权限,这使得它们易成为攻击者的首选入侵点。
Podman中的容器默认情况下不具有Root访问权限,这在Root级别和Rootless级别之间添加了一个自然屏障,提高了安全性。不过,Podman可以同时运行Root容器和Rootless容器。
Systemd
如果没有守护进程,Podman需要另一个工具来管理服务并支持后台运行的容器。Systemd为现有容器创建控制单元或用来生成新容器。Systemd还可以与Podman集成,允许它在默认情况下运行启用了Systemd的容器,从而无需进行任何修改。
通过使用Systemd,供应商可以将他们的应用程序封装为容器用来安装、运行和管理,因为现在大多数应用程序都是通过这种方式打包和交付的。
构建镜像
作为一款自给自足的工具,Docker可以自己构建容器镜像。Podman则需要另一种名为Buildah的工具的辅助,该工具充分体现了它的特殊性:它是为构建镜像而设计的,而不是为构建容器而生。
Docker Swarm
Podman不支持Docker Swarm,这可能会在某些项目中被刨除在外,因为使用Docker Swarm命令会产生一个错误。然而,Podman最近增加了对Docker Compose的支持,使其与Swarm兼容,从而克服了这个限制。当然,Docker由于其原生的特性,与Swarm当然融合得很好。
All in one vs 模块化
也许这就是这两种技术的关键区别:Docker是一个独立的、强大的工具,在整个循环中处理所有的容器化任务,有优点也有缺点。Podman采用模块化的方法,依靠专门的工具来完成特定的任务。
Podman vs Docker:他们能合作吗?
作为最好的、最易应用于Docker的替代方案——用户可以将Docker别名设置为Podman(alias docker=podman),且不会出现任何问题,正如上面图中中所示——Podman是一个非常强大的容器化任务工具。
Podman会是Docker的替代品吗?
如果你要从头开始一个项目,Podman可以是一个首要的容器化技术选项。如果项目正在进行,并且已经在使用Docker,这还需要具体情况具体分析,实际情况并不一定值得去改。而且作为一款Linux原生的应用,它要求相关开发人员具备Linux的相关技能。
开发人员可以在开发阶段依赖Docker,然后在运行时环境中将项目推向Podman,从而结合使用这两种工具,并受益于Podman所提供的更安全性。由于它们都是OCI兼容的,因此,兼容性不是个问题。
Docker和Podman能共存吗?
是的,而且会很好。许多开发人员一直在合用Docker和Podman来创建更安全、更高效、更敏捷的框架。它们有很多共同之处,无论是从Docker到Podman的转变,亦或是二者合并使用,都可以做到无缝衔接。
部署podman
[root@localhost ~]# ls /etc/yum.repos.d/ CentOS-Base.repo //此处我配置的是阿里源,可以直接去官网上面找 [root@localhost ~]# dnf list|grep podman Failed to set locale, defaulting to C.UTF-8 cockpit-podman.noarch 33-1.module_el8.5.0+890+6b136101 AppStream pcp-pmda-podman.x86_64 5.3.1-5.el8 AppStream podman.x86_64 3.3.1-9.module_el8.5.0+988+b1f0b741 AppStream podman-catatonit.x86_64 3.3.1-9.module_el8.5.0+988+b1f0b741 AppStream podman-docker.noarch 3.3.1-9.module_el8.5.0+988+b1f0b741 AppStream podman-gvproxy.x86_64 3.3.1-9.module_el8.5.0+988+b1f0b741 AppStream podman-plugins.x86_64 3.3.1-9.module_el8.5.0+988+b1f0b741 AppStream podman-remote.x86_64 3.3.1-9.module_el8.5.0+988+b1f0b741 AppStream podman-tests.x86_64 3.3.1-9.module_el8.5.0+988+b1f0b741 AppStream python3-podman.noarch 3.2.0-2.module_el8.5.0+890+6b136101 AppStream //列出系统中的podman,我们需要的是podman.x86_64,podman-docker.noarch,可以直接安装podman-docker.noarch [root@localhost ~]# which podman /usr/bin/which: no podman in (/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin) //查看系统中是否有podman命令 [root@localhost ~]# dnf -y install podman-docker //安装podman [root@localhost ~]# which podman /usr/bin/podman //现在可以查看到有podman命令 [root@localhost ~]# which docker /usr/bin/docker //虽然显示有docker命令但是是没有的 [root@localhost ~]# dnf list|grep docker //可以查看到没有安装docker Failed to set locale, defaulting to C.UTF-8 podman-docker.noarch 3.3.1-9.module_el8.5.0+988+b1f0b741 @AppStream pcp-pmda-docker.x86_64 5.3.1-5.el8 AppStream [root@localhost ~]# ll /usr/bin/docker -rwxr-xr-x. 1 root root 163 Nov 10 2021 /usr/bin/docker //查看docker的程序 [root@localhost ~]# ll /usr/bin/podman -rwxr-xr-x. 1 root root 49688376 Nov 10 2021 /usr/bin/podman //查看podman的程序 [root@localhost ~]# file /usr/bin/docker /usr/bin/docker: POSIX shell script, ASCII text executable //可以查看到docker是一个脚本 [root@localhost ~]# file /usr/bin/podman /usr/bin/podman: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=53954cc47243d7854d8d1bf5d09e919c728e4384, stripped //podman是一个程序 [root@localhost ~]# less /usr/bin/docker #!/bin/sh [ -f /etc/containers/nodocker ] || echo "Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg." >&2 exec /usr/bin/podman "$@" //可以查看到名字是docker但是执行的是podman [root@localhost ~]# podman pull busybox Resolved "busybox" as an alias (/etc/containers/registries.conf.d/000-shortnames.conf) Trying to pull docker.io/library/busybox:latest... Getting image source signatures Copying blob 50783e0dfb64 done Copying config 7a80323521 done Writing manifest to image destination Storing signatures 7a80323521ccd4c2b4b423fa6e38e5cea156600f40cd855e464cc52a321a24dd //安装好了podman不用启动可以直接拉取镜像,此处可以看见是/etc/containers/registries.conf.d/000-shortnames.conf这个仓库配置文件里面然后在docker.io官方仓库hub.harbor.com里面拉取下来了 [root@localhost ~]# vim /etc/containers/registries.conf.d/000-shortnames.conf //可以查看到这里全部是一些别名 因为我们不知道它会从哪个仓库里面去查找我们所需要东西,所以我们可以进行自定义仓库 [root@localhost ~]# cd /etc/containers/ [root@localhost containers]# ls certs.d oci policy.json registries.conf registries.conf.d registries.d storage.conf //在registries.conf.d 这个里面进行设置 [root@localhost containers]# vim registries.conf unqualified-search-registries = ["docker.io"] #unqualified-search-registries = ["registry.fedoraproject.org", "registry.access.redhat.com", "registry.centos.org", "docker.io"] //可以把原来的配置复制一下再注释,上面的就只保留docker.io [[registry]] prefix = "docker.io" location = "docker.mirrors.ustc.edu.cn" //配置加速器,此处是清华大学的(https://docker.mirrors.ustc.edu.cn/) [root@localhost containers]# podman info host: arch: amd64 buildahVersion: 1.22.3 cgroupControllers: - cpuset - cpu - cpuacct - blkio - memory - devices - freezer - net_cls - perf_event - net_prio - hugetlb - pids - rdma cgroupManager: systemd cgroupVersion: v1 conmon: package: conmon-2.0.29-1.module_el8.5.0+890+6b136101.x86_64 path: /usr/bin/conmon version: 'conmon version 2.0.29, commit: 84384406047fae626269133e1951c4b92eed7603' cpus: 4 distribution: distribution: '"centos"' version: "8" eventLogger: file hostname: localhost idMappings: gidmap: null uidmap: null kernel: 4.18.0-257.el8.x86_64 linkmode: dynamic memFree: 1109696512 memTotal: 2043572224 ociRuntime: name: runc package: runc-1.0.2-1.module_el8.5.0+911+f19012f9.x86_64 path: /usr/bin/runc version: |- runc version 1.0.2 spec: 1.0.2-dev go: go1.16.7 libseccomp: 2.4.3 os: linux remoteSocket: path: /run/podman/podman.sock security: apparmorEnabled: false capabilities: CAP_NET_RAW,CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT rootless: false seccompEnabled: true seccompProfilePath: /usr/share/containers/seccomp.json selinuxEnabled: true serviceIsRemote: false slirp4netns: executable: /usr/bin/slirp4netns package: slirp4netns-1.1.8-1.module_el8.5.0+890+6b136101.x86_64 version: |- slirp4netns version 1.1.8 commit: d361001f495417b880f20329121e3aa431a8f90f libslirp: 4.4.0 SLIRP_CONFIG_VERSION_MAX: 3 libseccomp: 2.4.3 swapFree: 2181033984 swapTotal: 2181033984 uptime: 48m 30.51s registries: docker.io: Blocked: false Insecure: false Location: docker.mirrors.ustc.edu.cn MirrorByDigestOnly: false Mirrors: null Prefix: docker.io search: - docker.io store: configFile: /etc/containers/storage.conf containerStore: number: 0 paused: 0 running: 0 stopped: 0 graphDriverName: overlay graphOptions: overlay.mountopt: nodev,metacopy=on graphRoot: /var/lib/containers/storage graphStatus: Backing Filesystem: xfs Native Overlay Diff: "false" Supports d_type: "true" Using metacopy: "true" imageStore: number: 1 runRoot: /run/containers/storage volumePath: /var/lib/containers/storage/volumes version: APIVersion: 3.3.1 Built: 1636493036 BuiltTime: Wed Nov 10 05:23:56 2021 GitCommit: "" GoVersion: go1.16.7 OsArch: linux/amd64 Version: 3.3.1 //查看podman的信息 [root@localhost ~]# podman pull centos Resolved "centos" as an alias (/etc/containers/registries.conf.d/000-shortnames.conf) Trying to pull quay.io/centos/centos:latest... Getting image source signatures Copying blob 7a0437f04f83 done Copying config 300e315adb done Writing manifest to image destination Storing signatures 300e315adb2f96afe5f0b2780b87f28ae95231fe3bdd1e16b9ba606307728f55 //拉取镜像尝试一下,可以看见是直接去官方网站里面拉取镜像的
podman的应用
podman的常用命令: podman create #创建容器 podman run #创建并启动容器 podman start #启动容器 podman ps #查看容器 podman stop #终止容器 podman restart #重启容器 podman attach #进入容器 podman exec #进入容器 podman export #导出容器 podman import #导入容器快照 podman rm #删除容器 podman logs #查看日志 podman search #检索镜像 podman pull #获取镜像 podman images #列出镜像 podman image Is #列出镜像 podman rmi #删除镜像 podman image rm #删除镜像 podman save #导出镜像 podman load #导入镜像 podmanfile #定制镜像(三个) podman build #构建镜像 podman diff #检查容器文件系统上的更改 podman events # 显示事件 podmanfile #常用指令(四个) copy/cp #复制文件 add #高级复制 cmd #容器启动命令 env #环境变量 expose #暴露端口 healthcheck #检查运行管理的状态 podman inspect #显示容器的信息
copy/cp #复制文件
[root@localhost ~]# podman ps //查看正在运行的容器 CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES [root@localhost ~]# podman images //列出镜像 REPOSITORY TAG IMAGE ID CREATED SIZE docker.io/library/busybox latest 7a80323521cc 2 weeks ago 1.47 MB quay.io/centos/centos latest 300e315adb2f 20 months ago 217 MB [root@localhost ~]# podman run -it centos //创建并运行这个容器 [root@a44e23e8b983 /]# ls bin etc lib lost+found mnt proc run srv tmp var dev home lib64 media opt root sbin sys usr 再打开一个终端: [root@localhost ~]# podman ps //查看正在运行的容器 CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES a44e23e8b983 quay.io/centos/centos:latest /bin/bash 8 minutes ago Up 8 minutes ago adoring_davinci [root@localhost ~]# podman cp anaconda-ks.cfg a44e23e8b983:/ //将这个外面的文件复制到容器里面的根目录下面 回到之前的终端查看 [root@a44e23e8b983 /]# ls anaconda-ks.cfg dev home lib64 media opt root sbin sys usr bin etc lib lost+found mnt proc run srv tmp var //在容器里面查看
开启/停止容器
[root@localhost ~]# podman start a44e23e8b983 a44e23e8b983 [root@localhost ~]# podman ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES a44e23e8b983 quay.io/centos/centos:latest /bin/bash 49 minutes ago Up 23 seconds ago adoring_davinci [root@localhost ~]# podman stop a44e23e8b983 a44e23e8b983 [root@localhost ~]# podman ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
创建容器
[root@localhost ~]# podman pull httpd Resolving "httpd" using unqualified-search registries (/etc/containers/registries.conf) Trying to pull docker.io/library/httpd:latest... Getting image source signatures Copying blob dcc4698797c8 done Copying blob a2abf6c4d29d done Copying blob 41c22baa66ec done Copying blob d982c879c57e done Copying blob 67283bbdd4a0 done Copying config dabbfbe0c5 done Writing manifest to image destination Storing signatures dabbfbe0c57b6e5cd4bc089818d3f664acfad496dc741c9a501e72d15e803b34 //拉取镜像 [root@localhost ~]# podman images REPOSITORY TAG IMAGE ID CREATED SIZE docker.io/library/busybox latest 7a80323521cc 2 weeks ago 1.47 MB docker.io/library/httpd latest dabbfbe0c57b 7 months ago 148 MB quay.io/centos/centos latest 300e315adb2f 20 months ago 217 MB //列出镜像 [root@localhost ~]# podman create --name web httpd //此命令只是创建容器但是没有启动,一般不建议使用 f7e53678f186f326ee687436b53693836ea63427986cfd15ef78c4b5ca99571a [root@localhost ~]# podman ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES [root@localhost ~]# podman ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES a44e23e8b983 quay.io/centos/centos:latest /bin/bash 53 minutes ago Exited (0) 3 minutes ago adoring_davinci f7e53678f186 docker.io/library/httpd:latest httpd-foreground 8 seconds ago Created web
podman diff #检查容器文件系统上的更改
[root@localhost ~]# podman ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES f7e53678f186 docker.io/library/httpd:latest httpd-foreground 5 minutes ago Up 4 seconds ago web [root@localhost ~]# podman diff f7e53678f186 C /usr C /usr/local C /usr/local/apache2 C /usr/local/apache2/logs A /usr/local/apache2/logs/httpd.pid C /etc
exec进入正在运行的容器
[root@localhost ~]# podman ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES f7e53678f186 docker.io/library/httpd:latest httpd-foreground 8 minutes ago Up 3 minutes ago web [root@localhost ~]# podman exec -it f7e53678f186 /bin/sh # ls bin build cgi-bin conf error htdocs icons include logs modules
healthcheck检查运行管理的状态
[root@localhost ~]# podman ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES f7e53678f186 docker.io/library/httpd:latest httpd-foreground 11 minutes ago Up 5 minutes ago web [root@localhost ~]# podman healthcheck run web Error: container f7e53678f186f326ee687436b53693836ea63427986cfd15ef78c4b5ca99571a has no defined healthcheck
inspect 显示容器的信息
[root@localhost ~]# podman inspect web [ { "Id": "f7e53678f186f326ee687436b53693836ea63427986cfd15ef78c4b5ca99571a", "Created": "2022-08-15T13:28:43.182514247+08:00", "Path": "httpd-foreground", "Args": [ "httpd-foreground" ], "State": { "OciVersion": "1.0.2-dev", "Status": "running", "Running": true, "Paused": false, "Restarting": false, "OOMKilled": false, "Dead": false, "Pid": 327830, "ConmonPid": 327818, "ExitCode": 0, "Error": "", "StartedAt": "2022-08-15T13:33:45.480354789+08:00", "FinishedAt": "2022-08-15T13:33:36.646016512+08:00", "Healthcheck": { "Status": "", "FailingStreak": 0, "Log": null } }, "Image": "dabbfbe0c57b6e5cd4bc089818d3f664acfad496dc741c9a501e72d15e803b34", "ImageName": "docker.io/library/httpd:latest", "Rootfs": "", "Pod": "", "ResolvConfPath": "/run/containers/storage/overlay-containers/f7e53678f186f326ee687436b53693836ea63427986cfd15ef78c4b5ca99571a/userdata/resolv.conf", "HostnamePath": "/run/containers/storage/overlay-containers/f7e53678f186f326ee687436b53693836ea63427986cfd15ef78c4b5ca99571a/userdata/hostname", "HostsPath": "/run/containers/storage/overlay-containers/f7e53678f186f326ee687436b53693836ea63427986cfd15ef78c4b5ca99571a/userdata/hosts", "StaticDir": "/var/lib/containers/storage/overlay-containers/f7e53678f186f326ee687436b53693836ea63427986cfd15ef78c4b5ca99571a/userdata", "OCIConfigPath": "/var/lib/containers/storage/overlay-containers/f7e53678f186f326ee687436b53693836ea63427986cfd15ef78c4b5ca99571a/userdata/config.json", "OCIRuntime": "runc", "ConmonPidFile": "/run/containers/storage/overlay-containers/f7e53678f186f326ee687436b53693836ea63427986cfd15ef78c4b5ca99571a/userdata/conmon.pid", "PidFile": "/run/containers/storage/overlay-containers/f7e53678f186f326ee687436b53693836ea63427986cfd15ef78c4b5ca99571a/userdata/pidfile", "Name": "web", "RestartCount": 0, "Driver": "overlay", "MountLabel": "system_u:object_r:container_file_t:s0:c556,c843", "ProcessLabel": "system_u:system_r:container_t:s0:c556,c843", "AppArmorProfile": "", "EffectiveCaps": [ "CAP_CHOWN", "CAP_DAC_OVERRIDE", "CAP_FOWNER", "CAP_FSETID", "CAP_KILL", "CAP_NET_BIND_SERVICE", "CAP_NET_RAW", "CAP_SETFCAP", "CAP_SETGID", "CAP_SETPCAP", "CAP_SETUID", "CAP_SYS_CHROOT" ], "BoundingCaps": [ "CAP_CHOWN", "CAP_DAC_OVERRIDE", "CAP_FOWNER", "CAP_FSETID", "CAP_KILL", "CAP_NET_BIND_SERVICE", "CAP_NET_RAW", "CAP_SETFCAP", "CAP_SETGID", "CAP_SETPCAP", "CAP_SETUID", "CAP_SYS_CHROOT" ], "ExecIDs": [], "GraphDriver": { "Name": "overlay", "Data": { "LowerDir": "/var/lib/containers/storage/overlay/f1aca06344b90a296c3935de55948a2e384af058b8026eff8d70367d9ba65eb4/diff:/var/lib/containers/storage/overlay/fbe4081f229c9bfb37ed4b0df548f053005c7268f32cce47ac3a5530b75565f5/diff:/var/lib/containers/storage/overlay/1e878596d57304e7f3aa17328742283948d033f9110501481771061e41cc34f2/diff:/var/lib/containers/storage/overlay/03f787f87707a04d0c7bc9a113e84d4618c1694280a63581dddd652d2084ad47/diff:/var/lib/containers/storage/overlay/2edcec3590a4ec7f40cf0743c15d78fb39d8326bc029073b41ef9727da6c851f/diff", "MergedDir": "/var/lib/containers/storage/overlay/db189872505617ea513a30152e77e54fe27a4acf555f34762646e5ecd1f7abcc/merged", "UpperDir": "/var/lib/containers/storage/overlay/db189872505617ea513a30152e77e54fe27a4acf555f34762646e5ecd1f7abcc/diff", "WorkDir": "/var/lib/containers/storage/overlay/db189872505617ea513a30152e77e54fe27a4acf555f34762646e5ecd1f7abcc/work" } }, "Mounts": [], "Dependencies": [], "NetworkSettings": { "EndpointID": "", "Gateway": "10.88.0.1", "IPAddress": "10.88.0.5", "IPPrefixLen": 16, "IPv6Gateway": "", "GlobalIPv6Address": "", "GlobalIPv6PrefixLen": 0, "MacAddress": "26:5d:42:f0:25:33", "Bridge": "", "SandboxID": "", "HairpinMode": false, "LinkLocalIPv6Address": "", "LinkLocalIPv6PrefixLen": 0, "Ports": {}, "SandboxKey": "/run/netns/cni-7d73fe83-e440-4ebe-6434-44b1f9ff7777", "Networks": { "podman": { "EndpointID": "", "Gateway": "10.88.0.1", "IPAddress": "10.88.0.5", "IPPrefixLen": 16, "IPv6Gateway": "", "GlobalIPv6Address": "", "GlobalIPv6PrefixLen": 0, "MacAddress": "26:5d:42:f0:25:33", "NetworkID": "podman", "DriverOpts": null, "IPAMConfig": null, "Links": null } } }, "ExitCommand": [ "/usr/bin/podman", "--root", "/var/lib/containers/storage", "--runroot", "/run/containers/storage", "--log-level", "warning", "--cgroup-manager", "systemd", "--tmpdir", "/run/libpod", "--runtime", "runc", "--storage-driver", "overlay", "--storage-opt", "overlay.mountopt=nodev,metacopy=on", "--events-backend", "file", "container", "cleanup", "f7e53678f186f326ee687436b53693836ea63427986cfd15ef78c4b5ca99571a" ], "Namespace": "", "IsInfra": false, "Config": { "Hostname": "f7e53678f186", "Domainname": "", "User": "", "AttachStdin": false, "AttachStdout": false, "AttachStderr": false, "Tty": false, "OpenStdin": false, "StdinOnce": false, "Env": [ "PATH=/usr/local/apache2/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "TERM=xterm", "container=podman", "HTTPD_VERSION=2.4.52", "HTTPD_SHA256=0127f7dc497e9983e9c51474bed75e45607f2f870a7675a86dc90af6d572f5c9", "HTTPD_PATCHES=", "HTTPD_PREFIX=/usr/local/apache2", "HOME=/root", "HOSTNAME=f7e53678f186" ], "Cmd": [ "httpd-foreground" ], "Image": "docker.io/library/httpd:latest", "Volumes": null, "WorkingDir": "/usr/local/apache2", "Entrypoint": "", "OnBuild": null, "Labels": null, "Annotations": { "io.container.manager": "libpod", "io.kubernetes.cri-o.Created": "2022-08-15T13:28:43.182514247+08:00", "io.kubernetes.cri-o.TTY": "false", "io.podman.annotations.autoremove": "FALSE", "io.podman.annotations.init": "FALSE", "io.podman.annotations.privileged": "FALSE", "io.podman.annotations.publish-all": "FALSE", "org.opencontainers.image.stopSignal": "28" }, "StopSignal": 28, "CreateCommand": [ "podman", "create", "--name", "web", "httpd" ], "Umask": "0022", "Timeout": 0, "StopTimeout": 10 }, "HostConfig": { "Binds": [], "CgroupManager": "systemd", "CgroupMode": "host", "ContainerIDFile": "", "LogConfig": { "Type": "k8s-file", "Config": null, "Path": "/var/lib/containers/storage/overlay-containers/f7e53678f186f326ee687436b53693836ea63427986cfd15ef78c4b5ca99571a/userdata/ctr.log", "Tag": "", "Size": "0B" }, "NetworkMode": "bridge", "PortBindings": {}, "RestartPolicy": { "Name": "", "MaximumRetryCount": 0 }, "AutoRemove": false, "VolumeDriver": "", "VolumesFrom": null, "CapAdd": [], "CapDrop": [ "CAP_AUDIT_WRITE", "CAP_MKNOD" ], "Dns": [], "DnsOptions": [], "DnsSearch": [], "ExtraHosts": [], "GroupAdd": [], "IpcMode": "private", "Cgroup": "", "Cgroups": "default", "Links": null, "OomScoreAdj": 0, "PidMode": "private", "Privileged": false, "PublishAllPorts": false, "ReadonlyRootfs": false, "SecurityOpt": [], "Tmpfs": {}, "UTSMode": "private", "UsernsMode": "", "ShmSize": 65536000, "Runtime": "oci", "ConsoleSize": [ 0, 0 ], "Isolation": "", "CpuShares": 0, "Memory": 0, "NanoCpus": 0, "CgroupParent": "", "BlkioWeight": 0, "BlkioWeightDevice": null, "BlkioDeviceReadBps": null, "BlkioDeviceWriteBps": null, "BlkioDeviceReadIOps": null, "BlkioDeviceWriteIOps": null, "CpuPeriod": 0, "CpuQuota": 0, "CpuRealtimePeriod": 0, "CpuRealtimeRuntime": 0, "CpusetCpus": "", "CpusetMems": "", "Devices": [], "DiskQuota": 0, "KernelMemory": 0, "MemoryReservation": 0, "MemorySwap": 0, "MemorySwappiness": 0, "OomKillDisable": false, "PidsLimit": 2048, "Ulimits": [ { "Name": "RLIMIT_NOFILE", "Soft": 1048576, "Hard": 1048576 }, { "Name": "RLIMIT_NPROC", "Soft": 4194304, "Hard": 4194304 } ], "CpuCount": 0, "CpuPercent": 0, "IOMaximumIOps": 0, "IOMaximumBandwidth": 0, "CgroupConf": null } } ]
podman image rm 删除镜像
[root@localhost ~]# podman images REPOSITORY TAG IMAGE ID CREATED SIZE docker.io/library/busybox latest 7a80323521cc 2 weeks ago 1.47 MB docker.io/library/httpd latest dabbfbe0c57b 7 months ago 148 MB quay.io/centos/centos latest 300e315adb2f 20 months ago 217 MB [root@localhost ~]# podman image rm busybox Untagged: docker.io/library/busybox:latest Deleted: 7a80323521ccd4c2b4b423fa6e38e5cea156600f40cd855e464cc52a321a24dd [root@localhost ~]# podman images REPOSITORY TAG IMAGE ID CREATED SIZE docker.io/library/httpd latest dabbfbe0c57b 7 months ago 148 MB quay.io/centos/centos latest 300e315adb2f 20 months ago 217 MB
podman rm 删除容器
[root@localhost ~]# docker ps -a Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg. CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES a44e23e8b983 quay.io/centos/centos:latest /bin/bash 2 hours ago Exited (0) 54 minutes ago adoring_davinci f7e53678f186 docker.io/library/httpd:latest httpd-foreground 50 minutes ago Exited (0) 28 minutes ago web [root@localhost ~]# podman rm web f7e53678f186f326ee687436b53693836ea63427986cfd15ef78c4b5ca99571a [root@localhost ~]# docker ps -a Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg. CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES a44e23e8b983 quay.io/centos/centos:latest /bin/bash 2 hours ago Exited (0) 54 minutes ago adoring_davinci