1. Introduction
1.绪论
In this tutorial, we’ll look at Podman (short for “Pod Manager”), its features and usage.
在本教程中,我们将了解Podman(”Pod Manager “的缩写)、其功能和使用方法。
2. Podman
2.波德曼
Podman is an open-source container management tool for developing, managing and running OCI containers. Let’s take a look at some of the advantages of Podman, in comparison with other container management tools:
Podman是一个开源的容器管理工具,用于开发、管理和运行OCI>容器。让我们来看看与其他容器管理工具相比,Podman的一些优势。
- Images created by Podman are compatible with other container management tools. The images created by Podman adhere to OCI standard, and hence they can be pushed to other container registries like Docker Hub
- It can be run as a normal user without requiring root privileges. When running as a non-root user, Podman creates a user namespace inside which it acquires the root permission. This allows it to mount file systems and setup required containers
- It provides the ability to manage pods. Unlike the other container runtime tools, Podman lets the user manage pods (a group of one or more containers that operate together). Users can perform operations like create, list, inspect on the pods
However, there are certain limitations to Podman:
然而,Podman也有一定的局限性。
- It only runs on Linux based systems. Currently, Podman only runs on Linux-based operating systems and doesn’t have a wrapper for Windows and macOS.
- There is no alternative for Docker Compose. Podman doesn’t have support for managing multiple containers locally, similar to what Docker Compose does. An implementation of Docker Compose using the Podman backend is being developed as part of the podman-compose project, but this is still work in progress.
3. Comparison to Docker
3.与Docker的比较
Now that we have understood what Podman is and what’s its advantages and limitations are, let’s compare it with Docker, one of the most widely used container management tools.
现在我们已经了解了Podman是什么,它的优势和局限性是什么,让我们把它与Docker–最广泛使用的容器管理工具之一进行比较。
3.1. Command Line Interface (CLI)
3.1.命令行界面(CLI)
Podman offers the same set of commands exposed by the Docker client. In other words, there is a one-to-one mapping between the commands of these two utilities.
Podman提供与Docker客户端相同的命令集。换句话说,这两个工具的命令之间存在着一对一的映射。
However, the commands like podman ps and podman images will not show the containers or images created using Docker. This is because Podman’s local repository is /var/lib/containers as opposed to /var/lib/docker maintained by Docker.
然而,像podman ps和podman images这样的命令将不会显示使用Docker创建的容器或图像。这是因为Podman的本地仓库是/var/lib/containers,而不是由Docker维护的/var/lib/docker。
3.2. Container Model
3.2.容器模型
Docker uses a client-server architecture for the containers, whereas Podman uses the traditional fork-exec model common across Linux processes. The containers created using Podman, are the child process of the parent Podman process. This is the reason that when the version command is run for both Docker and Podman, Docker lists the versions of both client and server whereas Podman lists only it’s version.
Docker使用客户端-服务器架构的容器,而Podman使用传统的叉子-执行模式在Linux进程中很常见。使用Podman创建的容器,是Podman父进程的子进程。这就是为什么当Docker和Podman运行版本命令时,Docker会列出客户端和服务器的版本,而Podman只列出自己的版本。
Sample output for docker version:
docker版本的输出样本。
Client:
Version: 17.12.0-ce
API version: 1.35
Go version: go1.9.2
Git commit: c97c6d6
Built: Wed Dec 27 20:11:19 2017
OS/Arch: linux/amd64
Server:
Engine:
Version: 17.12.0-ce
API version: 1.35 (minimum version 1.12)
Go version: go1.9.2
Git commit: c97c6d6
Built: Wed Dec 27 20:09:53 2017
OS/Arch: linux/amd64
Experimental: falseSample output for podman version:
podman版本的输出样本。
Version: 0.3.2-dev
Go Version: go1.9.4
Git Commit: "4f4a78abb40fa0e8407e8a55d5a67a2650d8fd96"
Built: Mon Mar 5 11:10:35 2018
OS/Arch: linux/amd64Since Podman itself runs as a process, it doesn’t require any daemon processes in the background. Unlike Podman, Docker requires a daemon process, Docker daemon, to coordinate the API requests between the client and server.
由于Podman本身作为一个进程运行,它不需要在后台有任何守护进程。与Podman不同,Docker需要一个守护进程,即Docker daemon,来协调客户端和服务器之间的API请求。
3.3. Rootless Mode
3.3.无根模式
As mentioned earlier, Podman doesn’t require root access to run its commands. Docker, on the other hand, being dependent on the daemon process, requires root privileges or requires the user to be part of the docker group to be able to run the Docker commands without root privilege.
如前所述,Podman不需要root权限来运行其命令。另一方面,Docker依赖于守护进程,需要root权限或要求用户是docker组的一部分,以便能够在没有root权限的情况下运行Docker命令。
$ sudo usermod -aG docker $USER4. Installation and Usage
4.安装和使用
Let’s start by installing Podman. The podman info command displays Podman system information and helps check the installation status.
让我们从安装Podman>开始。 podman info命令显示Podman系统信息并帮助检查安装状态。
$ podman infoThis command displays the information related to the host such as the Kernel version, swap space used and available and also the information related to Podman such as registries it has access to pull and push images to, storage driver it uses, storage location and others:
该命令显示与主机相关的信息,如内核版本、已使用和可用的交换空间,以及与Podman相关的信息,如它可以访问的拉动和推送图像的注册表、它使用的存储驱动器、存储位置和其他。
host:
MemFree: 546578432
MemTotal: 1040318464
SwapFree: 4216320000
SwapTotal: 4216320000
arch: amd64
cpus: 2
hostname: base-xenial
kernel: 4.4.0-116-generic
os: linux
uptime: 1m 2.64s
insecure registries:
registries: []
registries:
registries:
- docker.io
- registry.fedoraproject.org
- registry.access.redhat.com
store:
ContainerStore:
number: 0
GraphDriverName: overlay
GraphOptions: null
GraphRoot: /var/lib/containers/storage
GraphStatus:
Backing Filesystem: extfs
Native Overlay Diff: "true"
Supports d_type: "true"
ImageStore:
number: 0
RunRoot: /var/run/containers/storageLet’s take a look at some of the basic Podman commands.
让我们来看看Podman的一些基本命令。
4.1. Creating an Image
4.1.创建一个图像
First, we’ll look at creating an image using Podman. Let’s start by creating a Dockerfile with the following content:
首先,我们来看看如何使用Podman创建一个图像。让我们先创建一个Dockerfile,内容如下。
FROM centos:latest
RUN yum -y install httpd
CMD ["/usr/sbin/httpd", "-D", "FOREGROUND"]
EXPOSE 80
Now let’s create the image using the build command:
现在让我们使用build命令来创建图像。
$ podman build .Here we are first pulling the base image of CentOS, installing Apache on top of it and then running it as a foreground process with the port 80 exposed. We can access the Apache server by running this image and mapping the exposed port to a host port.
在这里,我们首先拉出CentOS的基本镜像,在上面安装Apache,然后将其作为前台进程运行,并暴露端口80。我们可以通过运行这个镜像并将暴露的端口映射到一个主机端口来访问Apache服务器。
The build command recursively passes all the folders available in the context directory. The current working directory by default becomes the build context when no directory is specified. Hence, it is advisable not to have files and folders that aren’t required for the image creation, in the context directory.
build命令递归地传递上下文目录中的所有可用文件夹。当没有指定目录时,当前工作目录默认为构建环境。因此,建议在上下文目录中不要有图像创建不需要的文件和文件夹。
4.2. Listing Available Images
4.2.列出可用的图像
The podman images command lists all the images available. It also supports various options to filter the images.
podman images命令列出所有可用的图像。它还支持各种选项来过滤图像。
$ podman imagesThis command lists all the images available in the local repository. It contains the information on which repository the image was pulled from, the tag, its image id, created time and size.
这个命令列出了本地版本库中所有可用的图像。 它包含的信息有:图片来自哪个资源库、标签、图片ID、创建时间和大小。
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/library/centos latest 0f3e07c0138f 2 months ago 227MB
<none> <none 49030e844ce7 27 seconds ago 277MB4.3. Running Images
4.3.运行图像
The run command creates a container of a given image and then runs it. Let’s run the CentOS image we have created earlier
run命令创建一个指定镜像的容器,然后运行它。让我们来运行我们先前创建的CentOS镜像
$ podman run -p 80:80 -dit centosThis command first checks if there is a local image available for CentOS. If the image isn’t present locally, it tries to pull the image from the registries that were configured. If the image isn’t present in the registries, it shows an error about unable to find the image.
这个命令首先检查是否有CentOS的本地镜像。如果本地没有镜像,它会尝试从配置的注册表中提取镜像。如果镜像不在注册表中,它会显示无法找到镜像的错误。
The above run command specifies to map the exposed 80 port of the container to the port 80 of the host and the dit flag specifies to run the container in detached and interactive mode. The id of the container created will be the output.
上述运行命令指定将容器暴露的80端口映射到主机的80端口,dit flag指定以分离和交互模式运行容器。创建的容器的ID将被输出。
4.4. Deleting Images
4.4. 删除图像
The rmi command removes the images present in the local repository. Multiple images can be removed by providing their ids as space-separated in the input. Specifying the -a flag removes all the images
rmi命令删除本地资源库中的图像。通过在输入中提供以空格分隔的id,可以删除多个图像。 指定-a标志会删除所有图像
$ podman rmi 785188cd988c4.5. Listing the Containers
4.5.列出容器
All the available containers including the ones which aren’t running can be listed using the ps -a command. Similar to the images command, this can also be used with various options.
所有可用的容器,包括没有运行的,都可以用ps -a命令列出。与images命令类似,这也可以使用各种选项。
$ podman ps -aThe output for the above command lists all the containers with the information such as image it was created from, the command used to launch it, it’s status, ports it’s running on and the name assigned to it.
上述命令的输出列出了所有容器的信息,比如它是如何创建的,用来启动它的命令,它的状态,它运行的端口和分配给它的名字。
CONTAINER ID IMAGE COMMAND CREATED AT STATUS PORTS NAMES
eed30719cd37 centos /bin/bash 2019-12-09 02:57:37 +0000 UTC Up 14 minutes ago 0.0.0.0:80->80/udp, 0.0.0.0:80->80/tcp reverent_liskov4.6. Deleting Containers
4.6.删除容器
The rm command removes the containers. This command does not remove the containers in running or paused state. They need to be first stopped and then removed.
rm命令会删除容器。这个命令并不能移除处于运行或暂停状态的容器。它们需要先被停止,然后再被移除。
$ podman stop eed30719cd37
$ podman rm eed30719cd374.7. Creating Pods
4.7.创建花苞
The pod create command creates a pod. The create command supports different options.
pod create命令创建一个pod。 创建命令支持不同的选项。
$ podman pod createThe pod create command creates a pod with an infra container by default associated with it unless explicitly set with infra flag as false.
pod create命令创建的pod默认与一个infra容器关联,除非明确将infra标志设置为false。
$ podman pod create --infra = falseInfra container allows Podman to connect various containers in the pod.
Infra容器允许Podman连接吊舱中的各种容器。
4.8. Listing Pods
4.8.列表舱
The pod list command displays all the available pods
pod list 命令显示所有可用的pod
$ podman pod listThe output of this command displays the information such as the pod id, its name, number of associated containers, the id of the infra container if available:
这个命令的输出显示的信息有:pod id、它的名字、相关容器的数量、infra容器的id(如果有的话)。
POD ID NAME STATUS CREATED # OF CONTAINERS INFRA ID
7e0a68528aed gallant_raman Running 5 seconds ago 1 c6d06673c667All the available Podman commands and their usage can be found in the official documentation.
所有可用的Podman命令及其用法都可以在官方文档中找到。
5. Conclusion
5.总结
In this tutorial, we’ve looked at the basics of Podman and its features, its comparison to Docker and a few of the commands available.
在本教程中,我们已经了解了Podman的基础知识和它的功能,它与Docker的比较以及一些可用的命令。
As usual, the code sample used in this article is available over GitHub.
像往常一样,本文中使用的代码样本是可通过GitHub获得的。