投稿
  1. 首页
  2. 随笔

podman用户配置

单机连连看 2022-12-17 随笔 阅读 15

podman用户配置,第1张

podman用户配置 podman用户配置

podman普通用户创建容器

先关闭防火墙和selinux

[root@localhost ~]# systemctl disable enable firewalld
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.

关闭selinux

[root@localhost ~]# cat /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled

重启系统让selinux生效

[root@localhost ~]# reboot

下载 crun包

[root@localhost ~]# yum -y install crun
Failed to set locale, defaulting to C.UTF-8
Last metadata expiration check: 0:38:28 ago on Wed Dec 15 21:16:41 2021.
Dependencies resolved.
====================================================
 Package
      Arch   Version                Repo       Size
====================================================
Installing:
 crun x86_64 1.0-1.module_el8.5.0+911+f19012f9
                                    AppStream 193 k
Installing dependencies:
 yajl x86_64 2.1.0-10.el8           AppStream  41 k

Transaction Summary
====================================================
Install  2 Packages

Total download size: 234 k
Installed size: 569 k
Downloading Packages:
(1/2): yajl-2.1.0-1  42 kB/s |  41 kB     00:00    
(2/2): crun-1.0-1.m 195 kB/s | 193 kB     00:00    
----------------------------------------------------
Total               235 kB/s | 234 kB     00:00     
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                            1/1 
  Installing       : yajl-2.1.0-10.el8.x86_64   1/2 
  Installing       : crun-1.0-1.module_el8.5.   2/2 
  Running scriptlet: crun-1.0-1.module_el8.5.   2/2 
  Verifying        : crun-1.0-1.module_el8.5.   1/2 
  Verifying        : yajl-2.1.0-10.el8.x86_64   2/2 

Installed:
  crun-1.0-1.module_el8.5.0+911+f19012f9.x86_64     
  yajl-2.1.0-10.el8.x86_64                          

Complete!

修改配置文件

[root@localhost ~]# vim  /usr/share/containers/containers.conf 
.....
# Default OCI runtime
#
runtime = "crun"     #取消注释
#runtime = "runc"    #注释
........

为了拉取镜像更快

配置podman镜像加速

[root@localhost ~]# cd  /etc/containers/
[root@localhost containers]# ls
certs.d      registries.conf    storage.conf
oci          registries.conf.d
policy.json  registries.d
[root@localhost containers]# vim registries.conf
......
......
unqualified-search-registries = ["docker.io"]
[[registry]]
prefix="docker.io"
location="k654a2v7.mirror.aliyuncs.com"
......

创建普通用户

[root@localhost ~]# useradd tom
[root@localhost ~]# su - tom
[tom@localhost ~]$

拉取镜像

[tom@localhost ~]$ podman pull nginx
Resolving "nginx" using unqualified-search registries (/etc/containers/registries.conf)
Trying to pull docker.io/library/nginx:latest...
^C[tom@localhost ~]$ podman pull nginx
Resolving "nginx" using unqualified-search registries (/etc/containers/registries.conf)
Trying to pull docker.io/library/nginx:latest...
Getting image source signatures
Copying blob 77700c52c969 done  
Copying blob 881ff011f1c9 done  
Copying blob ed835de16acd done  
Copying blob 21e0df283cd6 done  
Copying blob e5ae68f74026 done  
Copying blob 44be98c0fab6 done  
Copying config f652ca386e done  
Writing manifest to image destination
Storing signatures
f652ca386ed135a4cbe356333e08ef0816f81b2ac8d0619af01e2b256837ed3e

以普通用户创建容器

[tom@localhost ~]$ podman images
REPOSITORY               TAG         IMAGE ID      CREATED      SIZE
docker.io/library/nginx  latest      f652ca386ed1  13 days ago  146 MB
[tom@localhost ~]$ podman run -it -p 8080:80  --name nginx  f652ca386ed1 /bin/bash
root@5ac26dbaebd4:/# ls
bin                   etc    mnt   sbin  var
boot                  home   opt   srv
dev                   lib    proc  sys
docker-entrypoint.d   lib64  root  tmp
docker-entrypoint.sh  media  run   usr

设置容器网络

[root@localhost ~]# podman images
REPOSITORY               TAG         IMAGE ID      CREATED      SIZE
docker.io/library/nginx  latest      f652ca386ed1  13 days ago  146 MB

创建一个容器

[root@localhost ~]# podman run -it -p 8080:80 --name nginx f652ca386ed1 /bin/bash
root@5df8ac598668:/# ls
bin                   etc    mnt   sbin  var
boot                  home   opt   srv
dev                   lib    proc  sys
docker-entrypoint.d   lib64  root  tmp
docker-entrypoint.sh  media  run   usr
root@5df8ac598668:/# pwd
/

IP a

[root@localhost net.d]# ip a
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens33:  mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:0c:29:8a:42:8b brd ff:ff:ff:ff:ff:ff
    inet 192.168.244.146/24 brd 192.168.244.255 scope global noprefixroute ens33
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fe8a:428b/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
3: cni-podman0:  mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether d6:5b:92:14:ba:ff brd ff:ff:ff:ff:ff:ff
    inet 10.88.0.1/16 brd 10.88.255.255 scope global cni-podman0
       valid_lft forever preferred_lft forever
    inet6 fe80::d45b:92ff:fe14:baff/64 scope link 
       valid_lft forever preferred_lft forever
4: veth02a51c31@if2:  mtu 1500 qdisc noqueue master cni-podman0 state UP group default 
    link/ether b6:f0:f1:d6:bd:9d brd ff:ff:ff:ff:ff:ff link-netns cni-0ce93740-89f7-2f42-aab4-b88868fe3c4f
    inet6 fe80::b4f0:f1ff:fed6:bd9d/64 scope link 
       valid_lft forever preferred_lft forever

podman 网卡配置信息(管理员

[root@localhost net.d]# pwd
/etc/cni/net.d
[root@localhost net.d]# ls
87-podman.conflist

非管理员在

[tom@localhost net.d]$ pwd
/home/tom/.config/cni/net.d
[tom@localhost net.d]$ ls
87-podman.conflist

查看文件

[tom@localhost net.d]$ cat 87-podman.conflist 
{
  "cniVersion": "0.4.0",
  "name": "podman",
  "plugins": [
    {
      "type": "bridge",
      "bridge": "cni-podman0",
      "isGateway": true,
      "ipMasq": true,
      "hairpinMode": true,
      "ipam": {
        "type": "host-local",
        "routes": [{ "dst": "0.0.0.0/0" }],
        "ranges": [
          [
            {
              "subnet": "10.88.0.0/16",
              "gateway": "10.88.0.1"
            }
          ]
        ]
      }
    },
    {
      "type": "portmap",
      "capabilities": {
        "portMappings": true
      }
    },
    {
      "type": "firewall"
    },
    {
      "type": "tuning"
    }
  ]
}

创建网卡

[root@localhost ~]#  ip  netns  list
cni-0ce93740-89f7-2f42-aab4-b88868fe3c4f (id: 0)
[root@localhost ~]# ip  netns  add na
[root@localhost ~]# ip  netns  list
na
cni-0ce93740-89f7-2f42-aab4-b88868fe3c4f (id: 0)
[root@localhost ~]# ip  netns  exec na ip addr
1: lo:  mtu 65536 qdisc noop state DOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
[root@localhost ~]#  ip netns exec na ip link set lo up
[root@localhost ~]# ip netns exec na ip addr
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
[root@localhost ~]# ip link add type veth
[root@localhost ~]# ip a
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens33:  mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:0c:29:8a:42:8b brd ff:ff:ff:ff:ff:ff
    inet 192.168.244.146/24 brd 192.168.244.255 scope global noprefixroute ens33
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fe8a:428b/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
3: cni-podman0:  mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether d6:5b:92:14:ba:ff brd ff:ff:ff:ff:ff:ff
    inet 10.88.0.1/16 brd 10.88.255.255 scope global cni-podman0
       valid_lft forever preferred_lft forever
    inet6 fe80::d45b:92ff:fe14:baff/64 scope link 
       valid_lft forever preferred_lft forever
4: veth02a51c31@if2:  mtu 1500 qdisc noqueue master cni-podman0 state UP group default 
    link/ether b6:f0:f1:d6:bd:9d brd ff:ff:ff:ff:ff:ff link-netns cni-0ce93740-89f7-2f42-aab4-b88868fe3c4f
    inet6 fe80::b4f0:f1ff:fed6:bd9d/64 scope link 
       valid_lft forever preferred_lft forever
5: veth0@veth1:  mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether 0a:d1:ee:c0:2a:7e brd ff:ff:ff:ff:ff:ff
6: veth1@veth0:  mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether c6:e1:3f:a7:ba:3b brd ff:ff:ff:ff:ff:ff
[root@localhost ~]# ip link set veth0 netns na
[root@localhost ~]# ip netns exec na ip link set veth0 up
[root@localhost ~]#  ip netns exec na ip addr add 192.168.244.161/24 dev veth0
[root@localhost ~]# ip netns exec na ip a
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
5: veth0@if6:  mtu 1500 qdisc noqueue state LOWERLAYERDOWN group default qlen 1000
    link/ether 0a:d1:ee:c0:2a:7e brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 192.168.244.161/24 scope global veth0
       valid_lft forever preferred_lft forever

设置容器开机自启

管理员用户

[root@localhost ~]# podman run -itd --name nginx f652ca386ed1 /bin/sh
0c261528a60b0590248d9ead9a0ef8f036b13179e54469c8d0cd0570317838be
[root@localhost ~]# podman ps
ConTAINER ID  IMAGE                           COMMAND     CREATED        STATUS             PORTS       NAMES
0c261528a60b  docker.io/library/nginx:latest  /bin/sh     9 seconds ago  Up 10 seconds ago              nginx
[root@localhost ~]# 

[root@localhost ~]# podman generate  systemd --files --name nginx 
/root/container-nginx.service
[root@localhost ~]# podman generate  systemd --files --name nginx 
/root/container-nginx.service
[root@localhost ~]# ls
anaconda-ks.cfg  container-nginx.service
[root@localhost ~]# mv container-nginx.service /usr/lib/systemd/system/
[root@localhost ~]# 


[root@localhost ~]# systemctl status  container-nginx
● container-nginx.service - Podman container-nginx.>
   Loaded: loaded (/usr/lib/systemd/system/containe>
   Active: inactive (dead)
     Docs: man:podman-generate-systemd(1)
[root@localhost ~]# podman stop nginx
nginx
[root@localhost ~]# systemctl enable --now container-nginx
Created symlink /etc/systemd/system/multi-user.target.wants/container-nginx.service → /usr/lib/systemd/system/container-nginx.service.
Created symlink /etc/systemd/system/default.target.wants/container-nginx.service → /usr/lib/systemd/system/container-nginx.service.
[root@localhost ~]# systemctl status  container-nginx
● container-nginx.service - Podman container-nginx.>
   Loaded: loaded (/usr/lib/systemd/system/containe>
   Active: active (running) since Thu 2021-12-16 00>
     Docs: man:podman-generate-systemd(1)
  Process: 507260 ExecStart=/usr/bin/podman start n>
 Main PID: 507352 (conmon)
    Tasks: 3 (limit: 23504)
   Memory: 2.5M
   CGroup: /system.slice/container-nginx.service
           ├─507302 /usr/bin/fuse-overlayfs -o meta>
           └─507352 /usr/bin/conmon --api-version 1>

Dec 16 00:12:22 localhost.localdomain systemd[1]: S>
Dec 16 00:12:22 localhost.localdomain podman[507260>
Dec 16 00:12:22 localhost.localdomain systemd[1]: S>
lines 1-15/15 (END)

重启系统看看是否开机自启

[root@localhost ~]# podman ps
ConTAINER ID  IMAGE                           COMMAND     CREATED         STATUS            PORTS       NAMES
0c261528a60b  docker.io/library/nginx:latest  /bin/sh     11 minutes ago  Up 8 minutes ago              nginx
[root@localhost ~]# reboot
连接断开
连接成功
Last login: Wed Dec 15 22:07:17 2021 from 192.168.244.1
[root@localhost ~]# podman ps
ConTAINER ID  IMAGE                           COMMAND     CREATED         STATUS             PORTS       NAMES
0c261528a60b  docker.io/library/nginx:latest  /bin/sh     12 minutes ago  Up 27 seconds ago              nginx

非管理员用户

[root@localhost ~]# su - tom
Last login: Wed Dec 15 22:28:24 CST 2021 on pts/0
[tom@localhost ~]$ 
[tom@localhost ~]$ podman run -itd --name nginx f652ca386ed1
d778724ec113438dff8d0f95e761da9bcfde8dfdcda6f88812232ce2bbd32790
[tom@localhost ~]$ podman ps 
ConTAINER ID  IMAGE                           COMMAND               CREATED        STATUS            PORTS       NAMES
d778724ec113  docker.io/library/nginx:latest  nginx -g daemon o...  5 seconds ago  Up 6 seconds ago              nginx

创建目录

[tom@localhost user]$ pwd
/home/tom/.config/systemd/user

生成文件

[tom@localhost user]$ podman generate  systemd --files --name nginx 
/home/tom/.config/systemd/user/container-nginx.service

欢迎分享,转载请注明来源:内存溢出

原文地址: http://outofmemory.cn/zaji/5676393.html

(0)
打赏 微信扫一扫 微信扫一扫 支付宝扫一扫 支付宝扫一扫
单机连连看 单机连连看 一级用户组
0 0
上一篇 2022-12-16
下一篇 2022-12-16

发表评论

登录后才能评论

评论列表(0条)

保存