Introduction
This guide provides a comprehensive walkthrough for installing and configuring Podman on Fedora 40, utilizing the 5W1H approach (What, Who, Where, When, Why, How), followed by an analysis of the consequences and a conclusion.
Overview
What
Podman is a container management tool that allows users to create, manage, and run containers without requiring a daemon. In this guide, we will cover the steps to install Podman on Fedora 40.
Who
This guide is intended for system administrators, developers, and Linux enthusiasts who want to manage containers on their Fedora 40 systems.
Where
The installation process should be performed on a Fedora 40 system with administrative privileges.
When
You should consider installing Podman when you need a lightweight and daemonless container management tool for your development and production environments on Fedora 40.
Why
The advantages and disadvantages of using Podman for container management on Fedora 40 are summarized in the table below.
| Pros | Cons |
|---|---|
| No need for a daemon, reducing overhead | Limited support for some Docker-specific features |
| Rootless mode for enhanced security | Smaller community and ecosystem compared to Docker |
| Compatible with Docker CLI | Potential learning curve for new users |
| Integration with Kubernetes | Some features still maturing |
How
Follow these steps to install and configure Podman on Fedora 40:
| Step 1 | Update your Fedora 40 system: sudo dnf update |
| Step 2 | Install Podman: sudo dnf install podman |
| Step 3 | Verify the installation: podman --version |
| Step 4 | Run your first container: podman run hello-world |
| Step 5 | Explore Podman commands and features to manage your containers efficiently. |
Consequences
The successful installation and configuration of Podman on Fedora 40 will enable you to manage containers in a lightweight and secure manner. However, improper setup or configuration might lead to issues with container management and deployment.
| Positive |
| |
| Negative |
|
Conclusion
Installing Podman on Fedora 40 provides a modern and secure container management solution. By following the outlined steps and understanding the pros and cons, you can effectively manage your containers tailored to your needs.
Install Podman
Install Podman that is the Container management tool.
Step [1]Install Podman.
[root@bizantum ~]# dnf -y install podman
Step [2]Download an official image and create a Container, next output the words [Welcome to the Podman World] inside the Container.
# download the official image
[root@bizantum ~]# podman pull fedora
Resolved "fedora" as an alias (/etc/containers/registries.conf.d/000-shortnames.conf)
Trying to pull registry.fedoraproject.org/fedora:latest...
Getting image source signatures
Copying blob 605514dc1a64 done |
Copying config 19f52f5823 done |
Writing manifest to image destination
19f52f5823316d07d071518185e05e3ed572109abbfeb898ca28655e4dca77fb
# run echo inside a container
[root@bizantum ~]# podman run fedora /bin/echo "Welcome to the Podman World"
Welcome to the Podman World
Step [3] Connect to the interactive session of a Container with [i] and [t] option like follows. If [exit] from the Container session, the process of a Container finishes.
[root@bizantum ~]# podman run -it fedora /bin/bash
[root@8d68b1cc62ff /]# # connected
[root@8d68b1cc62ff /]# uname -a
Linux 8d68b1cc62ff 6.8.7-300.fc40.x86_64 #1 SMP PREEMPT_DYNAMIC Wed Apr 17 19:21:08 UTC 2024 x86_64 GNU/Linux
[root@8d68b1cc62ff /]# exit
exit
[root@bizantum ~]# # come back
Step [4]If you'd like to run a Container as a Daemon, add [d] option.
[root@bizantum ~]# podman run -itd fedora /bin/bash
1f497e94dec18f8e0e9a04d70f33f3ed807b85a67b38aa31317eee5cdeec9dd8
# show podman processes
[root@bizantum ~]# podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
1f497e94dec1 registry.fedoraproject.org/fedora:latest /bin/bash 23 seconds ago Up 24 seconds dreamy_turing
# attach to container session
[root@bizantum ~]# podman exec -it 1f497e94dec1 /bin/bash
[root@1f497e94dec1 /]# # connected
[root@1f497e94dec1 /]# exit
# stop container process (if force stop, specify [kill])
[root@bizantum ~]# podman stop 1f497e94dec1
[root@bizantum ~]# podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
Add Container Images
Add new Container images you modified settings.
Step [1]For example, update an official image with installing [httpd] and add it as a new Container image.
# show container images
[root@bizantum ~]# podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
registry.fedoraproject.org/fedora latest 19f52f582331 43 minutes ago 229 MB
# run a container and install [httpd]
[root@bizantum ~]# podman run fedora /bin/bash -c "dnf -y upgrade; dnf -y install httpd"
[root@bizantum ~]# podman ps -a | tail -1
19b8a013fee0 registry.fedoraproject.org/fedora:latest /bin/bash -c dnf ... 18 seconds ago Exited (0) 3 seconds ago stoic_buck
# add the image that [httpd] was installed
[root@bizantum ~]# podman commit 19b8a013fee0 bizantum.lab/fedora-httpd
Getting image source signatures
Copying blob e3b1f55d8f37 skipped: already exists
Copying blob fe085ab8733b done |
Copying config 9d6d273370 done |
Writing manifest to image destination
9d6d273370e26cc6b7fbc53ada318eb2a61b6562d9b52d3830538c810df5ad89
# show container images
[root@bizantum ~]# podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
bizantum.lab/fedora-httpd latest 9d6d273370e2 22 seconds ago 343 MB
registry.fedoraproject.org/fedora latest 19f52f582331 45 minutes ago 229 MB
# confirm [httpd] to run a container
[root@bizantum ~]# podman run bizantum.lab/fedora-httpd /usr/sbin/httpd -V
Server version: Apache/2.4.59 (Fedora Linux)
Server built: Apr 15 2024 00:00:00
Server's Module Magic Number: 20120211:131
Server loaded: APR 1.7.3, APR-UTIL 1.6.3, PCRE 10.42 2022-12-11
Compiled using: APR 1.7.3, APR-UTIL 1.6.3, PCRE 10.42 2022-12-11
Architecture: 64-bit
Server MPM: event
threaded: yes (fixed thread count)
forked: yes (variable process count)
.....
.....
Access to Services on Containers
If you'd like to access to services like HTTP or SSH that are running on Containers as daemons, Configure like follows.
Step [1] For example, use a Container that [httpd] is installed.
[root@bizantum ~]# podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
bizantum.lab/fedora-httpd latest 9d6d273370e2 8 minutes ago 343 MB
registry.fedoraproject.org/fedora latest 19f52f582331 53 minutes ago 229 MB
# run a container and also start [httpd]
# map with [-p xxx:xxx] to [(Host Port):(Container Port)]
[root@bizantum ~]# podman run -dt -p 8081:80 bizantum.lab/fedora-httpd /usr/sbin/httpd -D FOREGROUND
ce0242745366bf3d1a371c271e14272141a1eba83a6988decba685282377f8cc
[root@bizantum ~]# podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ce0242745366 bizantum.lab/fedora-httpd:latest /usr/sbin/httpd -... 14 seconds ago Up 14 seconds 0.0.0.0:8081->80/tcp frosty_moore
# create a test page
[root@bizantum ~]# podman exec ce0242745366 /bin/bash -c 'echo "httpd on Podman Container" > /var/www/html/index.html'
# verify accesses
[root@bizantum ~]# curl localhost:8081
httpd on Podman Container
# also possible to access via container network
[root@bizantum ~]# podman inspect -l | grep \"IPAddress
"IPAddress": "10.88.0.7",
"IPAddress": "10.88.0.7",
[root@bizantum ~]# curl 10.88.0.7
httpd on Podman Container
Use Dockerfile
Use Dockerfile and create Container images automatically. It is also useful for configuration management for Container images.
Step [1]For example, Create a Dockerfile that Nginx is installed and started.
[root@bizantum ~]# vi Dockerfile
# create new
FROM fedora
MAINTAINER Bizantum <admin@bizantum.lab>
RUN dnf -y install nginx
RUN echo "Dockerfile Test on Nginx" > /usr/share/nginx/html/index.html
EXPOSE 80
CMD ["/usr/sbin/nginx", "-g", "daemon off;"]
# build image ⇒ docker build -t [image name]:[tag] .
[root@bizantum ~]# podman build -t bizantum.lab/fedora-nginx:latest .
STEP 1/6: FROM fedora
STEP 2/6: MAINTAINER Bizantum <admin@bizantum.lab>
--> 5e070e0d7ffc
STEP 3/6: RUN dnf -y install nginx
.....
.....
Successfully tagged bizantum.lab/fedora-nginx:latest
cf5af4219b133d07a1d9d12cec30e708045d304f60e515d453e64bd51553f1e3
[root@bizantum ~]# podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
bizantum.lab/fedora-nginx latest cf5af4219b13 34 seconds ago 340 MB
bizantum.lab/fedora-httpd latest 9d6d273370e2 11 minutes ago 343 MB
registry.fedoraproject.org/fedora latest 19f52f582331 57 minutes ago 229 MB
# run container
[root@bizantum ~]# podman run -d -p 80:80 bizantum.lab/fedora-nginx
ee6c14b34b70996c3d2c46a6aec16f99920b51de1fce7b7a25540c25a025c56d
[root@bizantum ~]# podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ee6c14b34b70 bizantum.lab/fedora-nginx:latest /usr/sbin/nginx -... 18 seconds ago Up 18 seconds 0.0.0.0:80->80/tcp flamboyant_almeida
# verify accesses
[root@bizantum ~]# curl localhost
Dockerfile Test on Nginx
# also possible to access via container network
[root@bizantum ~]# podman inspect -l | grep \"IPAddress
"IPAddress": "10.88.0.10",
"IPAddress": "10.88.0.10",
[root@bizantum ~]# curl 10.88.0.10
Dockerfile Test on Nginx
The format of Dockerfile is [INSTRUCTION arguments] . Refer to the following description for INSTRUCTION.
| Instruction | Description |
|---|---|
| FROM | It sets the Base Image for subsequent instructions. |
| MAINTAINER | It sets the Author field of the generated images. |
| RUN | It will execute any commands when Docker image will be created. |
| CMD | It will execute any commands when Docker container will be executed. |
| ENTRYPOINT | It will execute any commands when Docker container will be executed. |
| LABEL | It adds metadata to an image. |
| EXPOSE | It informs Docker that the container will listen on the specified network ports at runtime. |
| ENV | It sets the environment variable. |
| ADD | It copies new files, directories or remote file URLs. |
| COPY | It copies new files or directories. The differences of [ADD] are that it's impossible to specify remote URL and also it will not extract archive files automatically. |
| VOLUME | It creates a mount point with the specified name and marks it as holding externally mounted volumes from native host or other containers. |
| USER | It sets the user name or UID. |
| WORKDIR | It sets the working directory. |
Use External Storage
When a Container is removed, data in it are also lost, so it's necessary to use external storage on Containers if you'd like to save your data.
Step [1]It's possible to mount a directory on Podman Host into Containers.
# create a directory for containers data
[root@bizantum ~]# mkdir /var/lib/containers/disk01
[root@bizantum ~]# echo "persistent storage" >> /var/lib/containers/disk01/testfile.txt
# run a Container with mounting the directory above on [/mnt]
# if SELinux is [Enforcing], it needs to add [--privileged] option
[root@bizantum ~]# podman run --privileged -it -v /var/lib/containers/disk01:/mnt fedora /bin/bash
[root@27d1acb64b11 /]# df -hT /mnt
Filesystem Type Size Used Avail Use% Mounted on
/dev/mapper/fedora-root xfs 78G 3.9G 75G 5% /mnt
[root@27d1acb64b11 /]# cat /mnt/testfile.txt
persistent storage
Step [2]It's also possible to configure external storage by Podman Data Volume command.
# create [volume01] volume
[root@bizantum ~]# podman volume create volume01
volume01
# display volume list
[root@bizantum ~]# podman volume ls
DRIVER VOLUME NAME
local volume01
# display details of [volume01]
[root@bizantum ~]# podman volume inspect volume01
[
{
"Name": "volume01",
"Driver": "local",
"Mountpoint": "/var/lib/containers/storage/volumes/volume01/_data",
"CreatedAt": "2024-05-03T15:49:54.689374127+09:00",
"Labels": {},
"Scope": "local",
"Options": {},
"MountCount": 0,
"NeedsCopyUp": true,
"NeedsChown": true,
"LockNumber": 8
}
]
# run a container with mounting [volume01] to [/mnt] on container
[root@bizantum ~]# podman run -it -v volume01:/mnt fedora
[root@65acfb302856 /]# df -hT /mnt
Filesystem Type Size Used Avail Use% Mounted on
/dev/mapper/fedora-root xfs 78G 3.9G 75G 5% /mnt
[root@65acfb302856 /]# echo "Podman Volume test" > /mnt/testfile.txt
[root@65acfb302856 /]# exit
[root@bizantum ~]# cat /var/lib/containers/storage/volumes/volume01/_data/testfile.txt
Podman Volume test
# possible to mount from other containers
[root@bizantum ~]# podman run -v volume01:/var/volume01 fedora /usr/bin/cat /var/volume01/testfile.txt
Podman Volume test
# to remove volumes, do like follows
[root@bizantum ~]# podman volume rm volume01
Error: volume volume01 is being used by the following container(s): 65acfb30285667272ab73109cb7fa9b78076c7048852e14282737dcf5debce40, 3dac45d20b43ae4e352b508800fb0a53b43a125755eba07fe0460c48ff458518: volume is being used
# if some containers are using the voume you'd like to remove like above,
# it needs to remove target containers before removing a volume
[root@bizantum ~]# podman rm 65acfb30285667272ab73109cb7fa9b78076c7048852e14282737dcf5debce40
[root@bizantum ~]# podman rm 3dac45d20b43ae4e352b508800fb0a53b43a125755eba07fe0460c48ff458518
[root@bizantum ~]# podman volume rm volume01
volume01
Use External Storage (NFS)
This is an example to use NFS External Storage.
Step [1] NFS server is required to be running on your LAN, refer to here. On this example, configure [/home/nfsshare] directory on [nfs.bizantum.lab] as a shared directory.
Step [2]Create a volume for NFS and use it.
# create [nfs-volume] volume
[root@bizantum ~]# podman volume create \
--opt type=nfs4 \
--opt o=rw \
--opt device=10.0.0.35:/home/nfsshare nfs-volume
nfs-volume
# display volume list
[root@bizantum ~]# podman volume ls
DRIVER VOLUME NAME
local nfs-volume
# display details of [nfs-volume]
[root@bizantum ~]# podman volume inspect nfs-volume
[
{
"Name": "nfs-volume",
"Driver": "local",
"Mountpoint": "/var/lib/containers/storage/volumes/nfs-volume/_data",
"CreatedAt": "2024-05-03T16:04:42.675722385+09:00",
"Labels": {},
"Scope": "local",
"Options": {
"device": "10.0.0.35:/home/nfsshare",
"o": "rw",
"type": "nfs4"
},
"MountCount": 0,
"NeedsCopyUp": true,
"NeedsChown": true,
"LockNumber": 8
}
]
# run container with mounting [nfs-volume] to [/nfsshare] on container
[root@bizantum ~]# podman run -it -v nfs-volume:/nfsshare fedora
# verify
[root@37f799f023c4 /]# df -hT /nfsshare
Filesystem Type Size Used Avail Use% Mounted on
10.0.0.35:/home/nfsshare nfs4 15G 1.9G 14G 13% /nfsshare
[root@37f799f023c4 /]# echo "Podman NFS Volume Test" > /nfsshare/testfile.txt
[root@37f799f023c4 /]# cat /nfsshare/testfile.txt
Podman NFS Volume Test
Use Registry
Install Registry to build Private Registry for Container images.
Step [1]Install Registry.
[root@bizantum ~]# dnf -y install docker-distribution
Step [2]If Firewalld is running, allow registry port.
[root@bizantum ~]# firewall-cmd --add-port=5000/tcp
success
[root@bizantum ~]# firewall-cmd --runtime-to-permanent
success
Step [3]Configure Registry. This is the settings to use HTTP connection and no-authentication.
[root@bizantum ~]# vi /etc/docker-distribution/registry/config.yml
# this is the default
# no need to change on HTTP and no authentication
version: 0.1
log:
fields:
service: registry
storage:
cache:
layerinfo: inmemory
filesystem:
rootdirectory: /var/lib/registry
http:
addr: :5000
[root@bizantum ~]# systemctl enable --now docker-distribution
[root@bizantum ~]# podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
bizantum.lab/fedora-nginx latest cf5af4219b13 23 minutes ago 340 MB
bizantum.lab/fedora-httpd latest 9d6d273370e2 34 minutes ago 343 MB
registry.fedoraproject.org/fedora latest 19f52f582331 About an hour ago 229 MB
# [push] from localhost
[root@bizantum ~]# podman tag fedora dlp.bizantum.lab:5000/fedora:my-registry
[root@bizantum ~]# podman push dlp.bizantum.lab:5000/fedora:my-registry --tls-verify=false
[root@bizantum ~]# podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
bizantum.lab/fedora-nginx latest cf5af4219b13 23 minutes ago 340 MB
bizantum.lab/fedora-httpd latest 9d6d273370e2 35 minutes ago 343 MB
dlp.bizantum.lab:5000/fedora my-registry 19f52f582331 About an hour ago 229 MB
registry.fedoraproject.org/fedora latest 19f52f582331 About an hour ago 229 MB
# [pull] from another node
[root@node01 ~]# podman pull dlp.bizantum.lab:5000/fedora:my-registry --tls-verify=false
[root@node01 ~]# podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
dlp.bizantum.lab:5000/fedora my-registry 19f52f582331 About an hour ago 229 MB
Step [4]To enable Basic authentication, Configure like follows.
[root@bizantum ~]# dnf -y install httpd-tools
[root@bizantum ~]# vi /etc/docker-distribution/registry/config.yml
# add to last line
auth:
htpasswd:
realm: basic-realm
path: /etc/containers/registries.d/.htpasswd
[root@bizantum ~]# systemctl restart docker-distribution
# add users
# add [-c] only at initial file creation
[root@bizantum ~]# htpasswd -Bc /etc/containers/registries.d/.htpasswd fedora
New password:
Re-type new password:
Adding password for user fedora
# verify possible to access
# an error is shown if access with no-authentication
[root@node01 ~]# podman pull dlp.bizantum.lab:5000/fedora:my-registry --tls-verify=false
Trying to pull dlp.bizantum.lab:5000/fedora:my-registry...
Error: initializing source docker://dlp.bizantum.lab:5000/fedora:my-registry: reading manifest my-registry in dlp.bizantum.lab:5000/fedora: unauthorized: authentication required
# authenticate by a user added with [htpasswd]
[root@node01 ~]# podman login dlp.bizantum.lab:5000 --tls-verify=false
Username: fedora
Password:
Login Succeeded!
[root@node01 ~]# podman pull dlp.bizantum.lab:5000/fedora:my-registry --tls-verify=false
[root@node01 ~]# podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
dlp.bizantum.lab:5000/fedora my-registry 19f52f582331 About an hour ago 229 MB
Step [5]To access via HTTPS and use valid certificates like from Let's Encrypt and so on, Configure like follows. This example is based on the environment that certificates have been gotten under the [/etc/letsencrypt/live/dlp.bizantum.lab].
[root@bizantum ~]# cp -p /etc/letsencrypt/live/dlp.bizantum.lab/{fullchain,privkey}.pem /etc/containers/certs.d/
[root@bizantum ~]# vi /etc/docker-distribution/registry/config.yml
# add [tls] section under the [http] section like follows
.....
.....
http:
addr: :5000
tls:
certificate: /etc/containers/certs.d/fullchain.pem
key: /etc/containers/certs.d/privkey.pem
.....
.....
[root@bizantum ~]# systemctl restart docker-distribution
# verify possible to access
[root@node01 ~]# podman pull dlp.bizantum.lab:5000/fedora:my-registry
[root@node01 ~]# podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
dlp.bizantum.lab:5000/fedora my-registry 19f52f582331 About an hour ago 229 MB
Use Docker Command
Install a script named [docker] that emulates the Docker CLI by executes podman commands.
Step [1]Install Podman-docker package.
[root@bizantum ~]# dnf -y install podman-docker
# [docker] command is installed
[root@bizantum ~]# ll /usr/bin/docker
-rwxr-xr-x. 1 root root 167 Apr 17 09:00 /usr/bin/docker
# emulates the Docker CLI by executes podman
[root@bizantum ~]# cat /usr/bin/docker
#!/usr/bin/sh
[ -f /etc/containers/nodocker ] || \
echo "Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg." >&2
exec /usr/bin/podman "$@"
# test [docker] command
[root@bizantum ~]# docker images
Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg.
REPOSITORY TAG IMAGE ID CREATED SIZE
bizantum.lab/fedora-nginx latest cf5af4219b13 32 minutes ago 340 MB
bizantum.lab/fedora-httpd latest 9d6d273370e2 44 minutes ago 343 MB
dlp.bizantum.lab:5000/fedora my-registry 19f52f582331 About an hour ago 229 MB
registry.fedoraproject.org/fedora latest 19f52f582331 About an hour ago 229 MB
Use Docker Compose
To Install Docker Compose, it's easy to configure and run multiple containers as a Docker application.
Step [1]Install Podman-docker, refer to here.
Step [2]Install Docker Compose.
[root@bizantum ~]# dnf -y install docker-compose
Step [3]For example, Configure an application that has Web and DB services with Docker Compose.
# start podman.socket
[root@bizantum ~]# systemctl start podman.socket
# define Web service container
[root@bizantum ~]# vi Dockerfile
FROM fedora
MAINTAINER Bizantum <admin@bizantum.lab>
RUN dnf -y install nginx
EXPOSE 80
CMD ["/usr/sbin/nginx", "-g", "daemon off;"]
# define application configuration
[root@bizantum ~]# vi docker-compose.yml
version: '3.8'
services:
db:
image: docker.io/library/mariadb
volumes:
- /var/lib/containers/disk01:/var/lib/mysql
environment:
MYSQL_ROOT_PASSWORD: password
MYSQL_USER: fedora
MYSQL_PASSWORD: password
MYSQL_DATABASE: fedora_db
user: 0:0
privileged: true
ports:
- "3306:3306"
web:
build: .
ports:
- "80:80"
volumes:
- /var/lib/containers/disk02:/usr/share/nginx/html
privileged: true
# buid and run
[root@bizantum ~]# docker-compose up -d
Creating network "root_default" with the default driver
Pulling db (docker.io/library/mariadb:)...
Building web
Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg.
STEP 1/5: FROM fedora
.....
.....
Creating root_db_1 ... done
Creating root_web_1 ... done
[root@bizantum ~]# podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
1a00065423b8 localhost/root_web:latest /usr/sbin/nginx -... 3 seconds ago Up 4 seconds 0.0.0.0:80->80/tcp root_web_1
27e996781150 docker.io/library/mariadb:latest mariadbd 3 seconds ago Up 4 seconds 0.0.0.0:3306->3306/tcp root_db_1
# verify accesses
[root@bizantum ~]# mysql -h 127.0.0.1 -u root -p -e "show variables like 'hostname';"
Enter password:
+---------------+--------------+
| Variable_name | Value |
+---------------+--------------+
| hostname | 27e996781150 |
+---------------+--------------+
[root@bizantum ~]# mysql -h 127.0.0.1 -u fedora -p -e "show databases;"
Enter password:
+--------------------+
| Database |
+--------------------+
| fedora_db |
| information_schema |
+--------------------+
[root@bizantum ~]# echo "Hello Docker Compose World" > /var/lib/containers/disk02/index.html
[root@bizantum ~]# curl 127.0.0.1
Hello Docker Compose World
Step [4]Other basic operations of Docker Compose are follows.
# verify state of containers
[root@bizantum ~]# docker-compose ps
Name Command State Ports
----------------------------------------------------------------------------
root_db_1 docker-entrypoint.sh mariadbd Up 0.0.0.0:3306->3306/tcp
root_web_1 /usr/sbin/nginx -g daemon off; Up 0.0.0.0:80->80/tcp
# show logs of containers
[root@bizantum ~]# docker-compose logs
Attaching to root_web_1, root_db_1
db_1 | 2024-05-03 08:04:35+00:00 [Note] [Entrypoint]: Entrypoint script for MariaDB Server 1:11.3.2+maria~ubu2204 started.
db_1 | 2024-05-03 08:04:36+00:00 [Note] [Entrypoint]: Switching to dedicated user 'mysql'
db_1 | 2024-05-03 08:04:36+00:00 [Note] [Entrypoint]: Entrypoint script for MariaDB Server 1:11.3.2+maria~ubu2204 started.
db_1 | 2024-05-03 08:04:36+00:00 [Note] [Entrypoint]: MariaDB upgrade not required
db_1 | 2024-05-03 8:04:36 0 [Note] Starting MariaDB 11.3.2-MariaDB-1:11.3.2+maria~ubu2204 source revision 068a6819eb63bcb01fdfa037c9bf3bf63c33ee42 as process 1
.....
.....
db_1 | 2024-05-03 8:04:36 0 [Note] mariadbd: Event Scheduler: Loaded 0 events
db_1 | 2024-05-03 8:04:36 0 [Note] mariadbd: ready for connections.
db_1 | Version: '11.3.2-MariaDB-1:11.3.2+maria~ubu2204' socket: '/run/mysqld/mysqld.sock' port: 3306 mariadb.org binary distribution
# run any commands inside a container
# container name is just the one set in [docker-compose.yml]
[root@bizantum ~]# docker-compose exec db /bin/bash
Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg.
root@27e996781150:/#
# stop application and also shutdown all containers
[root@bizantum ~]# docker-compose stop
Stopping root_db_1 ...
Stopping root_web_1 ...
Stopping root_web_1 ... done
Stopping root_db_1 ... done
# start a service alone in application
# if set dependency, other container starts
[root@bizantum ~]# docker-compose up -d web
Starting root_web_1 ... done
[root@bizantum ~]# docker-compose ps
Name Command State Ports
-----------------------------------------------------------------------------
root_db_1 docker-entrypoint.sh mariadbd Exit 0 0.0.0.0:3306->3306/tcp
root_web_1 /usr/sbin/nginx -g daemon off; Up 0.0.0.0:80->80/tcp
# remove all containers in application
# if a container is running, it won't be removed
[root@bizantum ~]# docker-compose rm
Going to remove root_db_1
Are you sure? [yN] y
Removing root_db_1 ... done
Podman Network
This is the basic usage to configure Podman Network.
Step [1]When running containers without specifying network, default [podman] network is assigned.
# display network list
[root@bizantum ~]# podman network ls
NETWORK ID NAME DRIVER
2f259bab93aa podman bridge
9cae76b64e61 root_default bridge
# display details of [podman]
[root@bizantum ~]# podman network inspect podman
[
{
"name": "podman",
"id": "2f259bab93aaaaa2542ba43ef33eb990d0999ee1b9924b557b7be53c0b7a1bb9",
"driver": "bridge",
"network_interface": "podman0",
"created": "2024-05-03T17:10:20.447574588+09:00",
"subnets": [
{
"subnet": "10.88.0.0/16",
"gateway": "10.88.0.1"
}
],
"ipv6_enabled": false,
"internal": false,
"dns_enabled": false,
"ipam_options": {
"driver": "host-local"
},
"containers": {}
}
]
# [podman] is assigned as container network by default
[root@bizantum ~]# podman run fedora /bin/bash -c "dnf -y install iproute; /usr/sbin/ip route"
.....
.....
default via 10.88.0.1 dev eth0 proto static metric 100
10.88.0.0/16 dev eth0 proto kernel scope link src 10.88.0.16
[root@bizantum ~]# podman commit $(podman ps -a | tail -1 | awk '{print $1}') bizantum.lab/iproute
Step [2]If you'd like to assign another network, set like follows.
# create network [network01] with [192.168.100.0/24] subnet
[root@bizantum ~]# podman network create --subnet 192.168.100.0/24 network01
network01
[root@bizantum ~]# podman network ls
NETWORK ID NAME DRIVER
6d97e767f10f network01 bridge
2f259bab93aa podman bridge
9cae76b64e61 root_default bridge
# run a container with specifying [network01]
[root@bizantum ~]# podman run --network network01 bizantum.lab/iproute /usr/sbin/ip route
default via 192.168.100.1 dev eth0 proto static metric 100
192.168.100.0/24 dev eth0 proto kernel scope link src 192.168.100.2
# to attach the network to existing running container, set like follows
[root@bizantum ~]# podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
9a596b87f1cf bizantum.lab/fedora-httpd:latest /usr/sbin/httpd -... 2 seconds ago Up 2 seconds 0.0.0.0:8081-->80/tcp goofy_heisenberg
[root@bizantum ~]# podman exec 9a596b87f1cf /usr/sbin/ip route
default via 10.88.0.1 dev eth0 proto static metric 100
10.88.0.0/16 dev eth0 proto kernel scope link src 10.88.0.17
# attach network to specify an IP address in the subnet
[root@bizantum ~]# podman network connect network01 9a596b87f1cf
[root@bizantum ~]# podman exec 9a596b87f1cf /usr/sbin/ip route
default via 192.168.100.1 dev eth1 proto static metric 100
default via 10.88.0.1 dev eth0 proto static metric 100
10.88.0.0/16 dev eth0 proto kernel scope link src 10.88.0.17
192.168.100.0/24 dev eth1 proto kernel scope link src 192.168.100.3
# to disconnect the network, set like follows
[root@bizantum ~]# podman network disconnect network01 9a596b87f1cf
[root@bizantum ~]# podman exec 9a596b87f1cf /usr/sbin/ip route
default via 10.88.0.1 dev eth0 proto static metric 100
10.88.0.0/16 dev eth0 proto kernel scope link src 10.88.0.17
Step [3]To remove podman networks, set like follows.
[root@bizantum ~]# podman network ls
NETWORK ID NAME DRIVER
6d97e767f10f network01 bridge
2f259bab93aa podman bridge
9cae76b64e61 root_default bridge
# remove [network01]
[root@bizantum ~]# podman network rm network01
Error: "network01" has associated containers with it. Use -f to forcibly delete containers and pods: network is being used
# force remove containers with [-f] option
[root@bizantum ~]# podman network rm -f network01
network01
Create Pods
Create Pods like Kubernetes.
Step [1]Create a Pod and add a Container to it.
# create a empty pod
# -p [bind port] -n [pod name]
[root@bizantum ~]# podman pod create -p 8081:80 -n test-pod
e90986e6116193a3ab84c90d51a63eabb991696622899e1c04f483d70223cfd5
# show pods
[root@bizantum ~]# podman pod ls
POD ID NAME STATUS CREATED INFRA ID # OF CONTAINERS
e90986e61161 test-pod Created 15 seconds ago 74dd9de1cccf 1
# show details of pod
[root@bizantum ~]# podman pod inspect test-pod
[
{
"Id": "e90986e6116193a3ab84c90d51a63eabb991696622899e1c04f483d70223cfd5",
"Name": "test-pod",
"Created": "2024-05-03T17:21:16.430892437+09:00",
"CreateCommand": [
"podman",
"pod",
"create",
"-p",
"8081:80",
"-n",
"test-pod"
],
"ExitPolicy": "continue",
"State": "Created",
"Hostname": "",
"CreateCgroup": true,
"CgroupParent": "machine.slice",
"CgroupPath": "machine.slice/machine-libpod_pod_e90986e6116193a3ab84c90d51a63eabb991696622899e1c04f483d70223cfd5.slice",
"CreateInfra": true,
"InfraContainerID": "74dd9de1cccf8a8b7de83cff8083a4940f98a13e3c29e0bb63ded707454168b2",
"InfraConfig": {
"PortBindings": {
"80/tcp": [
{
"HostIp": "0.0.0.0",
"HostPort": "8081"
}
]
},
"HostNetwork": false,
"StaticIP": "",
"StaticMAC": "",
"NoManageResolvConf": false,
"DNSServer": null,
"DNSSearch": null,
"DNSOption": null,
"NoManageHosts": false,
"HostAdd": null,
"Networks": [
"podman"
],
"NetworkOptions": null,
"pid_ns": "private",
"userns": "host",
"uts_ns": "private"
},
"SharedNamespaces": [
"uts",
"ipc",
"net"
],
"NumContainers": 1,
"Containers": [
{
"Id": "74dd9de1cccf8a8b7de83cff8083a4940f98a13e3c29e0bb63ded707454168b2",
"Name": "e90986e61161-infra",
"State": "created"
}
],
"LockNumber": 10
}
]
[root@bizantum ~]# podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
localhost/podman-pause 5.0.2-1713312000 93b49289d5db 2 minutes ago 742 kB
bizantum.lab/iproute latest dafe2df281ae 10 minutes ago 307 MB
localhost/root_web latest 53d5fa92aef2 About an hour ago 340 MB
bizantum.lab/fedora-nginx latest cf5af4219b13 2 hours ago 340 MB
bizantum.lab/fedora-httpd latest 9d6d273370e2 2 hours ago 343 MB
dlp.bizantum.lab:5000/fedora my-registry 19f52f582331 3 hours ago 229 MB
registry.fedoraproject.org/fedora latest 19f52f582331 3 hours ago 229 MB
docker.io/library/mariadb latest 465bc4da7f09 2 months ago 411 MB
# run container and add it to pod
[root@bizantum ~]# podman run -dt --pod test-pod bizantum.lab/fedora-nginx
547cc61eb1b9342b71eebbaa7329f624b8e21e3ec38bb79901a294caa29aa3f4
[root@bizantum ~]# podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
74dd9de1cccf localhost/podman-pause:5.0.2-1713312000 3 minutes ago Up 18 seconds 0.0.0.0:8081->80/tcp e90986e61161-infra
547cc61eb1b9 bizantum.lab/fedora-nginx:latest /usr/sbin/nginx -... 17 seconds ago Up 18 seconds 0.0.0.0:8081->80/tcp bold_morse
# verify accesses
[root@bizantum ~]# curl localhost:8081
Podman Test on Nginx
# stop pod
[root@bizantum ~]# podman pod stop test-pod
e90986e6116193a3ab84c90d51a63eabb991696622899e1c04f483d70223cfd5
# remove pod (removed containers all)
[root@bizantum ~]# podman pod rm test-pod --force
e90986e6116193a3ab84c90d51a63eabb991696622899e1c04f483d70223cfd5
Step [2]It's possible to create Pod and add Container with one command.
[root@bizantum ~]# podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
localhost/podman-pause 5.0.2-1713312000 93b49289d5db 4 minutes ago 742 kB
bizantum.lab/iproute latest dafe2df281ae 12 minutes ago 307 MB
localhost/root_web latest 53d5fa92aef2 About an hour ago 340 MB
bizantum.lab/fedora-nginx latest cf5af4219b13 2 hours ago 340 MB
bizantum.lab/fedora-httpd latest 9d6d273370e2 2 hours ago 343 MB
dlp.bizantum.lab:5000/fedora my-registry 19f52f582331 3 hours ago 229 MB
registry.fedoraproject.org/fedora latest 19f52f582331 3 hours ago 229 MB
docker.io/library/mariadb latest 465bc4da7f09 2 months ago 411 MB
# create a [test-pod2] pod and add [bizantum.lab/fedora-nginx] container
[root@bizantum ~]# podman run -dt --pod new:test-pod2 -p 80:80 -p 3306:3306 bizantum.lab/fedora-nginx
8dcab2aa83c608b2486b562fc55eb6ca39fabe676f494619cd4348a176c180db
[root@bizantum ~]# podman pod ls
POD ID NAME STATUS CREATED INFRA ID # OF CONTAINERS
56f1b1035de2 test-pod2 Running 16 seconds ago adef50b5e6aa 2
[root@bizantum ~]# podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
adef50b5e6aa localhost/podman-pause:5.0.2-1713312000 41 seconds ago Up 41 seconds 0.0.0.0:80->80/tcp, 0.0.0.0:3306->3306/tcp 56f1b1035de2-infra
8dcab2aa83c6 bizantum.lab/fedora-nginx:latest /usr/sbin/nginx -... 41 seconds ago Up 41 seconds 0.0.0.0:80->80/tcp, 0.0.0.0:3306->3306/tcp frosty_blackwell
# run [mariadb] container and add it to the [test-pod2]
[root@bizantum ~]# podman run -dt --pod test-pod2 -e MYSQL_ROOT_PASSWORD=Password docker.io/library/mariadb
493f7d47fff1bc0802348ae033ae5758d37b8523dfe1792c879d1cdc95e4ee32
[root@bizantum ~]# podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
adef50b5e6aa localhost/podman-pause:5.0.2-1713312000 About a minute ago Up About a minute 0.0.0.0:80->80/tcp, 0.0.0.0:3306->3306/tcp 56f1b1035de2-infra
8dcab2aa83c6 bizantum.lab/fedora-nginx:latest /usr/sbin/nginx -... About a minute ago Up About a minute 0.0.0.0:80->80/tcp, 0.0.0.0:3306->3306/tcp frosty_blackwell
493f7d47fff1 docker.io/library/mariadb:latest mariadbd 29 seconds ago Up 29 seconds 0.0.0.0:80->80/tcp, 0.0.0.0:3306->3306/tcp recursing_lewin
[root@bizantum ~]# curl dlp.bizantum.lab
Dockerfile Test on Nginx
[root@bizantum ~]# mysql -u root -p -h dlp.bizantum.lab -e "show variables like 'hostname';"
Enter password:
+---------------+-----------+
| Variable_name | Value |
+---------------+-----------+
| hostname | test-pod2 |
+---------------+-----------+
Podman : Use by common users
It's possible to use Podman containers by common users.
Step [1]By default, sub UID/GID that are used on user name spaces are assigned to run containers.
# default name spaces number
[root@bizantum ~]# cat /proc/sys/user/max_user_namespaces
63769
# sub UID/GID mapping file
# 524288 to 589823 (524288 + 65536 - 1) UID are used for running processes in containers on [fedora] user
[root@bizantum ~]# cat /etc/subuid
fedora:524288:65536
[root@bizantum ~]# cat /etc/subgid
fedora:524288:65536
# when added new users, sub UID/GID are also added
# n=0, n++
# [start UID/GID = 524288 + (65536 * n)]
# [end UID/GID = (start UID/GID) + 65536 - 1]
[root@bizantum ~]# useradd redhat
[root@bizantum ~]# useradd centos
[root@bizantum ~]# cat /etc/subgid /etc/subgid
fedora:524288:65536
redhat:589824:65536
centos:655360:65536
fedora:524288:65536
redhat:589824:65536
centos:655360:65536
Step [2]It's possible to run [podman] by common users.
[fedora@dlp ~]$ podman pull fedora
[fedora@dlp ~]$ podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
registry.fedoraproject.org/fedora latest 19f52f582331 3 hours ago 229 MB
[fedora@dlp ~]$ podman run fedora echo "run rootless containers"
run rootless containers
# containers related files are located under the [$HOME/.local] directory
[fedora@dlp ~]$ ll ~/.local/share/containers/storage
total 128
-rw-r--r--. 1 fedora fedora 122880 May 3 17:33 db.sql
-rw-r--r--. 1 fedora fedora 8 May 3 17:32 defaultNetworkBackend
drwx------. 2 fedora fedora 6 May 3 17:32 libpod
drwx------. 2 fedora fedora 27 May 3 17:32 networks
drwx------. 5 fedora fedora 185 May 3 17:33 overlay
drwx------. 3 fedora fedora 124 May 3 17:33 overlay-containers
drwx------. 3 fedora fedora 116 May 3 17:32 overlay-images
drwx------. 2 fedora fedora 129 May 3 17:33 overlay-layers
-rw-r--r--. 1 fedora fedora 64 May 3 17:33 storage.lock
-rw-r--r--. 1 fedora fedora 0 May 3 17:32 userns.lock
# possible to create Pods
[fedora@dlp ~]$ podman pod create -p 8081:80 -n test-pod
[fedora@dlp ~]$ podman pod ls
POD ID NAME STATUS CREATED INFRA ID # OF CONTAINERS
c573652d3c48 test-pod Created 3 seconds ago 84cc75b1bd80 1
# for port mapping,
# it's impossible to use less than [1024] ports on Host machine by common users
# possible to use over [1024] ports
[fedora@dlp ~]$ podman run -d -p 1023:80 docker.io/library/nginx
Error: pasta failed with exit code 1:
Failed to bind port 1023 (Permission denied) for option '-t 1023-1023:80-80', exiting
[fedora@dlp ~]$ podman run -d -p 1024:80 docker.io/library/nginx
[fedora@dlp ~]$ podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
1e178c41e89c docker.io/library/nginx:latest nginx -g daemon o... 5 seconds ago Up 5 seconds 0.0.0.0:1024->80/tcp serene_maxwell
Generate Systemd unit file
It's possible to generate Systemd unit file an set auto-starting for containers.
Step [1]Configure container service by using Quadlet.
[root@bizantum ~]# podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
localhost/podman-pause 5.0.2-1713312000 93b49289d5db 17 minutes ago 742 kB
bizantum.lab/iproute latest dafe2df281ae 25 minutes ago 307 MB
localhost/root_web latest 53d5fa92aef2 About an hour ago 340 MB
bizantum.lab/fedora-nginx latest cf5af4219b13 2 hours ago 340 MB
bizantum.lab/fedora-httpd latest 9d6d273370e2 2 hours ago 343 MB
dlp.bizantum.lab:5000/fedora my-registry 19f52f582331 3 hours ago 229 MB
registry.fedoraproject.org/fedora latest 19f52f582331 3 hours ago 229 MB
docker.io/library/mariadb latest 465bc4da7f09 2 months ago 411 MB
# file name ⇒ (any name).container
[root@bizantum ~]# vi /etc/containers/systemd/fedora-nginx.container
[Unit]
Description=Nginx container
After=local-fs.target
[Container]
# any name
ContainerName=fedora-nginx
# container image to be used
Image=bizantum.lab/fedora-nginx
# port
PublishPort=80:80
[Service]
Restart=always
[Install]
WantedBy=multi-user.target default.target
[root@bizantum ~]# systemctl daemon-reload
[root@bizantum ~]# systemctl start fedora-nginx.service
Step [2]Configure pod service by using Quadlet.
[root@bizantum ~]# podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
localhost/podman-pause 5.0.2-1713312000 93b49289d5db 18 minutes ago 742 kB
bizantum.lab/iproute latest dafe2df281ae 26 minutes ago 307 MB
localhost/root_web latest 53d5fa92aef2 About an hour ago 340 MB
bizantum.lab/fedora-nginx latest cf5af4219b13 2 hours ago 340 MB
bizantum.lab/fedora-httpd latest 9d6d273370e2 2 hours ago 343 MB
dlp.bizantum.lab:5000/fedora my-registry 19f52f582331 3 hours ago 229 MB
registry.fedoraproject.org/fedora latest 19f52f582331 3 hours ago 229 MB
docker.io/library/mariadb latest 465bc4da7f09 2 months ago 411 MB
# create pod configuration file
# format is the same as Kubernetes
[root@bizantum ~]# vi /etc/containers/systemd/nginx-pod.yml
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-pod
labels:
name: nginx-pod
spec:
replicas: 1
selector:
matchLabels:
app: nginx-pod
template:
metadata:
labels:
app: nginx-pod
spec:
containers:
- name: nginx-pod
image: fedora-nginx
ports:
- name: web
containerPort: 80
# file name ⇒ (any name).kube
[root@bizantum ~]# vi /etc/containers/systemd/nginx-pod.kube
[Unit]
Description=Web service pod
After=local-fs.target
[Kube]
Yaml=/etc/containers/systemd/nginx-pod.yml
PublishPort=80:80
[Service]
Restart=always
[Install]
WantedBy=multi-user.target default.target
[root@bizantum ~]# systemctl daemon-reload
[root@bizantum ~]# systemctl start nginx-pod.service
Display Container resource usage
You can check percentage of CPU, memory, network I/O for Containers.
Step [1]Check the resource usage of each container.
# display usage statistics with streaming
[root@bizantum ~]# podman stats
ID NAME CPU % MEM USAGE / LIMIT MEM % NET IO BLOCK IO PIDS CPU TIME AVG CPU %
51b89ed10f3f 6c304dce5f16-service 0.07% 53.25kB / 16.76GB 0.00% 0B / 0B 0B / 0B 1 3.059ms 0.07%
b587d62ff7b4 82c9e6726e1e-infra 0.06% 53.25kB / 16.76GB 0.00% 1.628kB / 558B 0B / 0B 1 2.949ms 0.06%
d8b78c921bb7 nginx-pod-pod-nginx-pod 0.44% 6.353MB / 16.76GB 0.04% 1.628kB / 558B 0B / 0B 9 19.995ms 0.44%
# display without streaming
[root@bizantum ~]# podman stats --no-stream
ID NAME CPU % MEM USAGE / LIMIT MEM % NET IO BLOCK IO PIDS CPU TIME AVG CPU %
51b89ed10f3f 6c304dce5f16-service 0.01% 53.25kB / 16.76GB 0.00% 0B / 0B 0B / 0B 1 3.059ms 0.01%
b587d62ff7b4 82c9e6726e1e-infra 0.01% 53.25kB / 16.76GB 0.00% 1.978kB / 698B 0B / 0B 1 2.949ms 0.01%
d8b78c921bb7 nginx-pod-pod-nginx-pod 0.07% 6.353MB / 16.76GB 0.04% 1.978kB / 698B 0B / 4.096kB 9 19.995ms 0.07%
# display for a specific container
[root@bizantum ~]# podman stats d8b78c921bb7 --no-stream
ID NAME CPU % MEM USAGE / LIMIT MEM % NET IO BLOCK IO PIDS CPU TIME AVG CPU %
d8b78c921bb7 nginx-pod-pod-nginx-pod 0.02% 6.353MB / 16.76GB 0.04% 2.188kB / 838B 0B / 4.096kB 9 19.995ms 0.02%
# specify time interval for streaming display (sec)
# * default --interval is 5 sec
[root@bizantum ~]# podman stats d8b78c921bb7 --interval 10
ID NAME CPU % MEM USAGE / LIMIT MEM % NET IO BLOCK IO PIDS CPU TIME AVG CPU %
d8b78c921bb7 nginx-pod-pod-nginx-pod 0.02% 6.353MB / 16.76GB 0.04% 2.188kB / 838B 0B / 4.096kB 9 19.995ms 0.02%
# display with specific format
[root@bizantum ~]# podman stats --no-stream --format "table {{.ID}} {{.CPUPerc}} {{.MemPerc}}"
ID CPU % MEM %
51b89ed10f3f 0.00% 0.00%
b587d62ff7b4 0.00% 0.00%
d8b78c921bb7 0.01% 0.04%
- Get link
- X
- Other Apps
Bizantum
Fajar Vicky
Posts
Comments
Post a Comment
Thank you for your comment! We appreciate your feedback, feel free to check out more of our articles.
Best regards, Bizantum Blog Team.