podman 

配置加速器(最新版的配置方法)

[root@ming2 containers]# vim registries.conf
[root@ming2 containers]# cat registries.conf
unqualified-search-registries = ["docker.io"]

[[registry]]
prefix = ""
location = "https://8v1ihtvi.mirror.aliyuncs.com"

老版本则为

[registries.search]
registries = ['docker.io']
location = "mirrors.tuna.tsinghua.edu.cn/"

[registries.insecure]
registries = []

[registries.block]
registries = []

 拉取镜像

[root@ming2 containers]# podman pull nginx
Trying to pull docker.io/nginx:latest...Getting image source
Copying blob 45b42c59be33: 25.84 MiB / 25.84 MiB [==========
Copying blob 8acc495f1d91: 25.34 MiB / 25.34 MiB [==========
Copying blob ec3bd7de90d7: 599 B / 599 B [==================
Copying blob 19e2441aeeab: 894 B / 894 B [==================
Copying blob f5a38c5f8d4e: 666 B / 666 B [==================
Copying blob 83500d851118: 1.38 KiB / 1.38 KiB [============
Copying config 35c43ace9216: 7.55 KiB / 7.55 KiB [==========
Writing manifest to image destination
Storing signatures
35c43ace9216212c0f0e546a65eec93fa9fc8e96b25880ee222b7ed2ca1

登入普通用户

创建用户跟组

uid=994(wangming) gid=991(wangming) 组=991(wangming)
[root@ming2 ~]# userdel wangming
[root@ming2 ~]# useradd wm
[root@ming2 ~]# su - wm
[wm@ming2 ~]$ ls
[wm@ming2 ~]$ pwd
/home/wm
查询已启动容器

[wm@ming2 ~]$ podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
拉取容器
[wm@ming2 ~]$ podman pull nginx
[wm@ming2 ~]$ podman images
REPOSITORY                TAG      IMAGE ID       CREATED       SIZE
docker.io/library/nginx   latest   35c43ace9216   2 weeks ago   137 MB、
拉取并启动busybox
[wm@ming2 ~]$ podman run -it --rm busybox /bin/sh
Trying to pull docker.io/busybox:latest...Getting image source signatures
Copying blob 8b3d7e226fab: 746.79 KiB / 746.79 KiB [===] 3s
Copying config a9d583973f65: 1.42 KiB / 1.42 KiB [=====] 0s
Writing manifest to image destination
Storing signatures
/ # 
[wm@ming2 ~]$ podman ps
CONTAINER ID  IMAGE                             COMMAND  CREATED        STATUS            PORTS  NAMES
22e5631fe0e7  docker.io/library/busybox:latest  /bin/sh  2 minutes ago  Up 2 minutes ago         loving_wilson
不等入查看容器操作的内容
[wm@ming2 ~]$ podman attach 510b69c7bd27 (接容器id)
查看最新启动的容器信息
[wm@ming2 ~]$ podman inspect -l
查看容器的top信息
[wm@ming2 ~]$ podman top sharp_swartz 
USER    PID   PPID   %CPU    ELAPSED         TTY     TIME   COMMAND
root    1     0      0.000   21.286676886s   pts/0   0s     nginx: master process nginx -g daemon off; 
nginx   30    1      0.000   21.287218883s   pts/0   0s     nginx: worker process
删除一个最新的容器 
[wm@ming2 ~]$ podman run -d nginx
6df2d545b2ed7a707cac544f424fa9f2bdc553f6b2cb82b13e4638ff1ff5dbf5
[wm@ming2 ~]$ podman ps
CONTAINER ID  IMAGE                           COMMAND               CREATED        STATUS            PORTS  NAMES
6df2d545b2ed  docker.io/library/nginx:latest  /docker-entrypoin...  4 seconds ago  Up 4 seconds ago         stoic_bassi
[wm@ming2 ~]$ podman rm -f --latest 
6df2d545b2ed7a707cac544f424fa9f2bdc553f6b2cb82b13e4638ff1ff5dbf5
[wm@ming2 ~]$ podman ps
CONTAINER ID  IMAGE  COMMAND  CREATED  STATUS  PORTS  NAMES
每个容器的uuid的范围,可以在/ etc / subuid和/ etc / subgid查看每个一用户的有65536个值
[root@ming2 containers]# cat /etc/subuid
wm:100000:65536

该文件的格式为USERNAME:UID:RANGE

  • 在/ etc / passwd或getpwent中列出的用户名。
  • 为用户分配的初始uid。
  • 为用户分配的UID范围的大小

[root@ming2 ~]# yum -y install fuse-overlayfs

podman的基本命令

podman使用方法

 

用户的配置文件

三个主要的配置文件是container.confstorage.confregistries.conf用户可以根据需要修改这些文件。

container.conf

Podman读取时

1
2
3
1. /usr/share/containers/containers.conf
2. /etc/containers/containers.conf
3.$HOME/.config/containers/containers.conf

如果它们以该顺序存在。每个文件都可以覆盖特定字段的先前文件。

storage.conf

对于storge.conf则是

1
2
1./etc/containers/storage.conf
2.$HOME/.config/containers/storage.conf

 在普通用户中/etc/containers/storage.conf的一些字段将被忽略

1
2
3
4
5
6
7
graphroot=""
 container storage graph dir (default: "/var/lib/containers/storage")
 Default directory to store all writable content created by container storage programs.
 
runroot=""
 container storage run dir (default: "/run/containers/storage")
 Default directory to store all temporary writable content created by container storage programs.

 在普通用户中这些字段默认

1
2
graphroot="$HOME/.local/share/containers/storage"
runroot="$XDG_RUNTIME_DIR/containers"

 registries.conf

配置按此顺序读入,这些文件不是默认创建的,可以从/usr/share/containers复制文件/etc/containers并进行修改。

1
2
3
1./etc/containers/registries.conf
2./etc/containers/registries.d/*
3.HOME/.config/containers/registries.conf

存储卷

容器与root用户一起运行,则root容器中的用户实际上就是主机上的用户。UID / GID 1是在/etc/subuid/etc/subgid等中用户映射中指定的第一个UID / GID 。如果普通用户的身份从主机目录挂载到容器中,并在该目录中以根用户身份创建文件,则会看到它实际上是你的用户在主机上拥有的。

[wm@wm ~]$ whoami
wm
[wm@wm ~]$ pwd
/home/wm
[wm@wm ~]$ mkdir test
[wm@wm ~]$ ls
test
[wm@wm ~]$ podman run -it --name yqh1 -v /home/yqh/test:/data:Z busybox /bin/sh
/ # ls
bin   data  dev   etc   home  proc  root  run   sys   tmp   usr   var
/ # cd data/
/data # ls
/data # touch abc
/data # ls -l
total 0
-rw-r--r--    1 root     root             0 Mar 11 01:15 abc
/data # id
uid=0(root) gid=0(root) groups=10(wheel)
/data # id wm
id: unknown user wm

[wm@wm ~]$ ls
test
[wm@wm ~]$ cd test/
[wm@wm test]$ ls
abc
[wm@wm test]$ ll
total 0
-rw-r--r--. 1 wm wm 0 Mar 11 09:15 abc
[wm@wm test]$ id
uid=1000(wm) gid=1000(wm) groups=1000(wm) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
--userns=keep-id标志,以确保用户被映射到容器内自己的UID和GID。

[wm@wm ~]$ podman run -it --rm --userns keep-id -v /home/wm/test:/data:Z busybox /bin/sh
~ $ id
uid=1000(wm) gid=1000(wm) groups=10(wheel)
~ $ ls
bin   data  dev   etc   home  proc  root  run   sys   tmp   usr   var
~ $ cd /data/
/data $ ls -l
total 0
-rw-r--r--    1 wm      wm             0 Mar 11 01:15 abc

  

 

授权文件

podman login 登录,默认授权文件位于中${XDG_RUNTIME_DIR}/containers/auth.json

1
2
3
4
5
6
7
8
9
10
[root@centos ~]# podman login
Username: diqiyao
Password:
Login Succeeded!
[root@centos ~]# cat /run/user/0/containers/auth.json
{
    "auths": {
        "docker.io": {
..................................
posted @ 2021-03-10 16:59  海绵堡堡  阅读(221)  评论(0)    收藏  举报