From c7f96c8ff6b0eca4a5aba79bb408be977901e2b1 Mon Sep 17 00:00:00 2001 From: Antoine Le Morvan Date: Wed, 3 Apr 2024 13:21:00 +0200 Subject: [PATCH 1/2] feat: Add informations about building images with podman --- docs/gemstones/containers/podman.md | 260 +++++++++++++++++++++++++++- 1 file changed, 256 insertions(+), 4 deletions(-) diff --git a/docs/gemstones/containers/podman.md b/docs/gemstones/containers/podman.md index b6f0169cb4..12a3bb22d2 100644 --- a/docs/gemstones/containers/podman.md +++ b/docs/gemstones/containers/podman.md @@ -1,6 +1,6 @@ --- title: Podman -author: Neel Chauhan +author: Neel Chauhan, Antoine Le Morvan contributors: Steven Spencer, Ganna Zhyrnova date: 2024-03-07 tags: @@ -10,21 +10,109 @@ tags: # Introduction -[Podman](https://podman.io/) is a Docker-compatible alternative container runtime that, unlike Docker, is included in the Rocky Linux repositories and can run containers as a `systemd` service. +[Podman](https://podman.io/) (Pod Manager) is a container and container image management tool compatible with the [OCI](https://opencontainers.org/) (Open Container Initiative). + +Podman: + +* works without daemon (it can run containers as a `systemd` service), +* allows you to manage containers as an unprivileged user (no need to be root), +* is included, unlike docker, in the Rocky Linux repositories. + +That makes Podman not only a docker-compatible alternative container runtime, but much more. ## Install Podman Use the `dnf` utility to install Podman: -``` +```bash dnf install podman ``` +```bash +$ podman --help + +Manage pods, containers and images + +Usage: + podman [options] [command] + +Available Commands: + attach Attach to a running container + auto-update Auto update containers according to their auto-update policy + build Build an image using instructions from Containerfiles + commit Create new image based on the changed container + container Manage containers + cp Copy files/folders between a container and the local filesystem + create Create but do not start a container + diff Display the changes to the object's file system + events Show podman system events + exec Run a process in a running container + export Export container's filesystem contents as a tar archive + generate Generate structured data based on containers, pods or volumes + healthcheck Manage health checks on containers + help Help about any command + history Show history of a specified image + image Manage images + images List images in local storage + import Import a tarball to create a filesystem image + info Display podman system information + init Initialize one or more containers + inspect Display the configuration of object denoted by ID + kill Kill one or more running containers with a specific signal + kube Play containers, pods or volumes from a structured file + load Load image(s) from a tar archive + login Log in to a container registry + logout Log out of a container registry + logs Fetch the logs of one or more containers + machine Manage a virtual machine + manifest Manipulate manifest lists and image indexes + mount Mount a working container's root filesystem + network Manage networks + pause Pause all the processes in one or more containers + pod Manage pods + port List port mappings or a specific mapping for the container + ps List containers + pull Pull an image from a registry + push Push an image to a specified destination + rename Rename an existing container + restart Restart one or more containers + rm Remove one or more containers + rmi Remove one or more images from local storage + run Run a command in a new container + save Save image(s) to an archive + search Search registry for image + secret Manage secrets + start Start one or more containers + stats Display a live stream of container resource usage statistics + stop Stop one or more containers + system Manage podman + tag Add an additional name to a local image + top Display the running processes of a container + unmount Unmount working container's root filesystem + unpause Unpause the processes in one or more containers + unshare Run a command in a modified user namespace + untag Remove a name from a local image + update Update an existing container + version Display the Podman version information + volume Manage volumes + wait Block on one or more containers +``` + +!!! NOTE + + Podman can execute almost any Docker commands thanks to its similar CLI interface. + +If you need to use a compose file, remember to install the ``podman-compose`` package : + +```bash +dnf install podman-compose +``` + ## Adding a container Let us run a [Nextcloud](https://nextcloud.com/) self-hosted cloud platform as an example: -``` +```bash podman run -d -p 8080:80 nextcloud ``` @@ -62,3 +150,167 @@ systemctl enable nextcloud Replace `compassionate_meninsky` with your container's assigned name. When your system reboots, Nextcloud will restart in Podman. + +## DockerFiles + +A DockerFile is a file used by docker to create custom container images, and good news, as Podman is fully compatible with Dockerfile, you can then build your container images with Podman in the same way as you would with Docker. + +We will create an httpd server based on a RockyLinux 9. + +Create a folder dedicated to our image: + +```bash +mkdir myrocky && cd myrocky +``` + +Create an `index.html` file that will be served by our webserver: + +```bash +echo "Welcome to Rocky" > index.html +``` + +Then, create a `Dockerfile` file with the following content: + +```text +# Use the latest rockylinux image as a start +FROM rockylinux:9 + +# Make it uptodate +RUN dnf -y update +# Install and enable httpd +RUN dnf -y install httpd +RUN systemctl enable httpd +# Copy the local index.html file into our image +COPY index.html /var/www/html/ + +# Expose the port 80 to the outside +EXPOSE 80 + +# Start the services +CMD [ "/sbin/init" ] +``` + +We are now ready to build our image called `myrockywebserver`: + +```bash +$ podman build -t myrockywebserver . + +STEP 1/7: FROM rockylinux:9 +Resolved "rockylinux" as an alias (/etc/containers/registries.conf.d/000-shortnames.conf) +Trying to pull docker.io/library/rockylinux:9... +Getting image source signatures +Copying blob 489e1be6ce56 skipped: already exists +Copying config b72d2d9150 done +Writing manifest to image destination +STEP 2/7: RUN dnf -y update +Rocky Linux 9 - BaseOS 406 kB/s | 2.2 MB 00:05 +Rocky Linux 9 - AppStream 9.9 MB/s | 7.4 MB 00:00 +Rocky Linux 9 - Extras 35 kB/s | 14 kB 00:00 +Dependencies resolved. +================================================================================ + Package Arch Version Repository Size +================================================================================ +Upgrading: + basesystem noarch 11-13.el9.0.1 baseos 6.4 k + binutils x86_64 2.35.2-42.el9_3.1 baseos 4.5 M +... +Complete! +--> 2e8b93d30f31 +STEP 3/7: RUN dnf -y install httpd +Last metadata expiration check: 0:00:34 ago on Wed Apr 3 07:29:56 2024. +Dependencies resolved. +================================================================================ + Package Arch Version Repository Size +================================================================================ +Installing: + httpd x86_64 2.4.57-5.el9 appstream 46 k +... +Complete! +--> 71db5cabef1e +STEP 4/7: RUN systemctl enable httpd +Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service. +--> 423d45a3cb2d +STEP 5/7: COPY index.html /var/www/html/ +--> dfaf9236ebae +STEP 6/7: EXPOSE 80 +--> 439bc5aee524 +STEP 7/7: CMD [ "/sbin/init" ] +COMMIT myrockywebserver +--> 7fcf202d3c8d +Successfully tagged localhost/myrockywebserver:latest +7fcf202d3c8d059837cc4e7bc083a526966874f978cd4ab18690efb0f893d583 +``` + +We can now launch our podman image and check if it was well started: + +```bash +$ podman run -d --name rockywebserver -p 8080:80 localhost/myrockywebserver +282c09eecf845c7d9390f6878f9340a802cc2e13d654da197d6c08111905f1bd + +$ podman ps +CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES +282c09eecf84 localhost/myrockywebserver:latest /sbin/init 16 seconds ago Up 16 seconds 0.0.0.0:8080->80/tcp rockywebserver +``` + +We launched our podman image in daemon mode (`-p`) and give it `rockywebserver` as a name (option `--name`). + +As we redirect the port 80 (protected) to the port 8080 with the `-p` option, let's check if we are listening on: + +```bash +ss -tuna | grep "*:8080" +tcp LISTEN 0 4096 *:8080 *:* +``` + +We can now check if the index.html file is accessible: + +```bash +$ curl http://localhost:8080 +Welcome to Rocky +``` + +Congrats! We can now stop and destroy our running image, giving its name we provided during its creation: + +```bash +podman stop rockywebserver && podman rm rockywebserver +``` + +If you relaunch the build process, you can observe that `podman` will use a cache at each step of the build: + +```bash +$ podman build -t myrockywebserver . + +STEP 1/7: FROM rockylinux:9 +STEP 2/7: RUN dnf -y update +--> Using cache 2e8b93d30f3104d77827a888fdf1d6350d203af18e16ae528b9ca612b850f844 +--> 2e8b93d30f31 +STEP 3/7: RUN dnf -y install httpd +--> Using cache 71db5cabef1e033c0d7416bc341848fbf4dfcfa25cd43758a8b264ac0cfcf461 +--> 71db5cabef1e +STEP 4/7: RUN systemctl enable httpd +--> Using cache 423d45a3cb2d9f5ef0af474e4f16721f4c84c1b80aa486925a3ae2b563ba3968 +--> 423d45a3cb2d +STEP 5/7: COPY index.html /var/www/html/ +--> Using cache dfaf9236ebaecf835ecb9049c657723bd9ec37190679dd3532e7d75c0ca80331 +--> dfaf9236ebae +STEP 6/7: EXPOSE 80 +--> Using cache 439bc5aee524338a416ae5080afbbea258a3c5e5cd910b2485559b4a908f81a3 +--> 439bc5aee524 +STEP 7/7: CMD [ "/sbin/init" ] +--> Using cache 7fcf202d3c8d059837cc4e7bc083a526966874f978cd4ab18690efb0f893d583 +COMMIT myrockywebserver +--> 7fcf202d3c8d +Successfully tagged localhost/myrockywebserver:latest +7fcf202d3c8d059837cc4e7bc083a526966874f978cd4ab18690efb0f893d583 +``` + +Hopefully, you can clear that cache thanks to the `prune` subcommand: + +```bash +podman system prune -a -f +``` + +| Options | Description | +| ----------- | ------------------------------------------------------- | +| `-a` | Remove all unused data, not only the external to podman | +| `-f` | No prompt for confirmation | +| `--volumes` | Prune volumes | From 75650cd2da8b3c931ffacfca4044e41c7c367c13 Mon Sep 17 00:00:00 2001 From: Antoine Le Morvan Date: Wed, 3 Apr 2024 13:32:57 +0200 Subject: [PATCH 2/2] feat: podman - add table to display subcommands --- docs/gemstones/containers/podman.md | 94 ++++++++++++----------------- 1 file changed, 37 insertions(+), 57 deletions(-) diff --git a/docs/gemstones/containers/podman.md b/docs/gemstones/containers/podman.md index 12a3bb22d2..3f9bd0ba1f 100644 --- a/docs/gemstones/containers/podman.md +++ b/docs/gemstones/containers/podman.md @@ -28,6 +28,7 @@ Use the `dnf` utility to install Podman: dnf install podman ``` +You can retrieve the list of available podman subcommands with the following command: ```bash $ podman --help @@ -39,65 +40,44 @@ Usage: Available Commands: attach Attach to a running container auto-update Auto update containers according to their auto-update policy - build Build an image using instructions from Containerfiles - commit Create new image based on the changed container - container Manage containers - cp Copy files/folders between a container and the local filesystem - create Create but do not start a container - diff Display the changes to the object's file system - events Show podman system events - exec Run a process in a running container - export Export container's filesystem contents as a tar archive - generate Generate structured data based on containers, pods or volumes - healthcheck Manage health checks on containers - help Help about any command - history Show history of a specified image - image Manage images - images List images in local storage - import Import a tarball to create a filesystem image - info Display podman system information - init Initialize one or more containers - inspect Display the configuration of object denoted by ID - kill Kill one or more running containers with a specific signal - kube Play containers, pods or volumes from a structured file - load Load image(s) from a tar archive - login Log in to a container registry - logout Log out of a container registry - logs Fetch the logs of one or more containers - machine Manage a virtual machine - manifest Manipulate manifest lists and image indexes - mount Mount a working container's root filesystem - network Manage networks - pause Pause all the processes in one or more containers - pod Manage pods - port List port mappings or a specific mapping for the container - ps List containers - pull Pull an image from a registry - push Push an image to a specified destination - rename Rename an existing container - restart Restart one or more containers - rm Remove one or more containers - rmi Remove one or more images from local storage - run Run a command in a new container - save Save image(s) to an archive - search Search registry for image - secret Manage secrets - start Start one or more containers - stats Display a live stream of container resource usage statistics - stop Stop one or more containers - system Manage podman - tag Add an additional name to a local image - top Display the running processes of a container - unmount Unmount working container's root filesystem - unpause Unpause the processes in one or more containers - unshare Run a command in a modified user namespace - untag Remove a name from a local image - update Update an existing container - version Display the Podman version information - volume Manage volumes - wait Block on one or more containers +... ``` +Here is a non-exhaustive list of the most commonly used subcommands: + +| Subcommand | Description | +| ----------- | --------------------------------------------------------------- | +| `build` | Build an image using instructions from Containerfiles | +| `commit` | Create new image based on the changed container | +| `container` | Manage containers | +| `cp` | Copy files/folders between a container and the local filesystem | +| `create` | Create but do not start a container | +| `exec` | Run a process in a running container | +| `image` | Manage images | +| `images` | List images in local storage | +| `info` | Display podman system information | +| `init` | Initialize one or more containers | +| `inspect` | Display the configuration of object denoted by ID | +| `kill` | Kill one or more running containers with a specific signal | +| `login` | Log in to a container registry | +| `logs` | Fetch the logs of one or more containers | +| `network` | Manage networks | +| `pause` | Pause all the processes in one or more containers | +| `ps` | List containers | +| `pull` | Pull an image from a registry | +| `push` | Push an image to a specified destination | +| `restart` | Restart one or more containers | +| `rm` | Remove one or more containers | +| `rmi` | Remove one or more images from local storage | +| `run` | Run a command in a new container | +| `start` | Start one or more containers | +| `stats` | Display a live stream of container resource usage statistics | +| `stop` | Stop one or more containers | +| `system` | Manage podman | +| `top` | Display the running processes of a container | +| `unpause` | Unpause the processes in one or more containers | +| `volume` | Manage volumes | + !!! NOTE Podman can execute almost any Docker commands thanks to its similar CLI interface.