podman用来替代docker,作为新一代容器管理软件。

安装go

cd /root/
wget https://golang.google.cn/dl/go1.21.0.linux-amd64.tar.gz
tar -xf go1.21.0.linux-amd64.tar.gz
mv go /usr/local/
ln -s /usr/local/go/bin/go /usr/local/bin/go
go version

安装conmon

cd /root/
yum install -y   btrfs-progs-devel   containernetworking-plugins   containers-common     device-mapper-devel   glib2-devel   glibc-devel   glibc-static      gpgme-devel   iptables   libassuan-devel   libgpg-error-devel   libseccomp-devel   libselinux-devel   make   pkgconfig

wget https://github.com/containers/conmon/archive/refs/tags/v2.1.12.tar.gz
tar -xf v2.1.12.tar.gz 
cd conmon-2.1.12/
export GOCACHE="$(mktemp -d)"
make
make podman

install  -d -m 755 /usr/local/libexec/podman
install  -m 755 bin/conmon /usr/local/libexec/podman/conmon
ln -s /usr/local/libexec/podman/conmon /usr/bin/conmon
conmon --version

安装runc

cd /root/
wget https://github.com/opencontainers/runc/releases/download/v1.1.13/runc.amd64
chmod +x runc.amd64 
mv runc.amd64 /usr/local/bin/runc
/usr/local/bin/runc --verison
/usr/local/bin/runc -v

设置CNI网络

• 默认情况下，CNI网络配置文件下载好后，无需配置，即可使用 podman
• registries.conf: 容器镜像注册配置文件，文件格式为 TOML
• policy.json：证书安全策略文件，文件格式为 JSON

mkdir /etc/containers

tee /etc/containers/policy.json << EOF
{
    "default": [
        {
            "type": "insecureAcceptAnything"
        }
    ],
    "transports":
        {
            "docker-daemon":
                {
                    "": [{"type":"insecureAcceptAnything"}]
                }
        }
}
EOF

tee /etc/containers/registries.conf << EOF
# # An array of host[:port] registries to try when pulling an unqualified image, in order.
unqualified-search-registries = ["docker.io"]
EOF

安装podman

cd /root/
dnf config-manager --add-repo https://repo.oepkgs.net/openeuler/rpm/openEuler-22.03-LTS/compatible/f36/x86_64/
echo "gpgcheck=0" >> repo.oepkgs.net_openeuler_rpm_openEuler-22.03-LTS_compatible_f36_x86_64_.repo 
dnf clean all && dnf makecache

dnf install golang-github-cpuguy83-md2man -y

wget https://github.com/containers/podman/archive/refs/tags/v3.4.4.tar.gz
tar -xf v3.4.4.tar.gz 
cd podman-3.4.4/
make BUILDTAGS="selinux seccomp"
make install PREFIX=/usr
podman --version
podman version

cat > /usr/lib/systemd/system/podman.service << EOF
[Unit]
Description=Podman API Service
Requires=podman.socket
After=podman.socket
Documentation=man:podman-system-service(1)
StartLimitIntervalSec=0

[Service]
Type=exec
KillMode=process
Environment=LOGGING="--log-level=info"
ExecStart=/usr/bin/podman $LOGGING system service tcp:127.0.0.1:8080 --time=0

[Install]
WantedBy=default.target
EOF


systemctl daemon-reload
systemctl restart podman.service
systemctl status podman

测试

podman pull nginx:alpine
podman run -it --rm -d -p 6080:80 --name web nginx:alpine

[root@op2203-01 podman-3.4.4]# podman ps
CONTAINER ID  IMAGE                           COMMAND               CREATED         STATUS             PORTS                 NAMES
18d68c09d465  docker.io/library/nginx:alpine  nginx -g daemon o...  34 minutes ago  Up 34 minutes ago  0.0.0.0:6080->80/tcp  web