一、 配置加速器
[root@localhost ~]# vim /etc/containers/registries.conf
#unqualified-search-registries = ["registry.fedoraproject.org", "registry.access.redhat.com", "registry.centos.org", "docker.io"] #取消注释,改为下行
unqualified-search-registries = ["docker.io"]
# [[registry]] #取消注释
[[registry]]
# prefix = "example.com/foo" #取消注释,改为下行
prefix = "docker.io"
# location = internal-registry-for-example.com/bar" #取消注释,改为下行
location = "in3617d8.mirror.aliyuncs.com" #此地址为自己的阿里云加速器地址
二、podman容器的开机自启
root用户
[root@localhost ~]# podman pull busybox
Resolved "busybox" as an alias (/etc/containers/registries.conf.d/000-shortnames.conf)
Trying to pull docker.io/library/busybox:latest...
Getting image source signatures
Copying blob 3cb635b06aa2 done
Copying config ffe9d497c3 done
Writing manifest to image destination
Storing signatures
ffe9d497c32414b1c5cdad8178a85602ee72453082da2463f1dede592ac7d5af
[root@localhost ~]# podman run --name test -dit docker.io/library/busybox
437fe6c8c8d100a59c2e2e71e7bf1418843995ba0a211b154dda124c8e9c0310
[root@localhost ~]# podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
437fe6c8c8d1 docker.io/library/busybox:latest sh 34 seconds ago Up 34 seconds ago test
#创建容器自启动service文件
[root@localhost ~]# podman generate systemd --files --name test
/root/container-test.service
#如果希望每次启动容器都会删除旧的容器,启动一个全新的容器,则使用--new选项(推荐用法)
[root@localhost ~]# podman generate systemd --files --name test --new
#转移service文件
[root@localhost ~]# ls
anaconda-ks.cfg container-test.service
[root@localhost ~]# mv container-test.service /usr/lib/systemd/system/
#重载
[root@localhost ~]# systemctl daemon-reload
#关闭selinux
[root@localhost ~]# setenforce 0
[root@localhost ~]# vim /etc/selinux/config
SELINUX=disabled
#设置容器自启动
[root@localhost ~]# systemctl enable --now container-test.service
Created symlink /etc/systemd/system/multi-user.target.wants/container-test.service → /usr/lib/systemd/system/container-test.service.
Created symlink /etc/systemd/system/default.target.wants/container-test.service → /usr/lib/systemd/system/container-test.service.
普通用户
#创建用户
[root@localhost ~]# useradd jerry
[root@localhost ~]# su - jerry
[jerry@localhost ~]$ podman pull busybox
Resolved "busybox" as an alias (/etc/containers/registries.conf.d/000-shortnames.conf)
Trying to pull docker.io/library/busybox:latest...
Getting image source signatures
Copying blob 3cb635b06aa2 done
Copying config ffe9d497c3 done
Writing manifest to image destination
Storing signatures
ffe9d497c32414b1c5cdad8178a85602ee72453082da2463f1dede592ac7d5af
[jerry@localhost ~]$ podman run --name test -dit docker.io/library/busybox
b1cbea168be3ced718bdae93c4c6cdc7405d0f0f9380c856e3d76d9496901c60
[jerry@localhost ~]$ podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b1cbea168be3 docker.io/library/busybox:latest sh 5 seconds ago Up 5 seconds ago test
#创建service文件
[jerry@localhost ~]$ podman generate systemd --files --name test --new
/home/jerry/container-test.service
[jerry@localhost ~]$ ls
container-test.service
[jerry@localhost ~]$ mkdir -p ~/.config/systemd/user
[jerry@localhost ~]$ mv container-test.service ~/.config/systemd/user
#ssh远程连接
[root@localhost ~]# ssh jerry@localhost
The authenticity of host 'localhost (::1)' can't be established.
ECDSA key fingerprint is SHA256:BycR/AEKrPbE2/K7IZGMQOaOky9SOcep6J4h0bMYt4Y.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 'localhost' (ECDSA) to the list of known hosts.
jerry@localhost's password:
Last login: Wed Dec 15 22:26:20 2021
[jerry@localhost ~]$ systemctl --user enable --now container-test.service
Created symlink /home/jerry/.config/systemd/user/multi-user.target.wants/container-test.service → /home/jerry/.config/systemd/user/container-test.service.
Created symlink /home/jerry/.config/systemd/user/default.target.wants/container-test.service → /home/jerry/.config/systemd/user/container-test.service.
[jerry@localhost ~]$ systemctl --user status container-test.service
● container-test.service - Podman container-test.service
Loaded: loaded (/home/jerry/.config/systemd/user/container-test.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2021-12-15 22:31:21 CST; 10s ago
Docs: man:podman-generate-systemd(1)
Process: 107992 ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=/run/user/1002/container-test.service.ctr-id (code=exited, status=125)
Process: 108050 ExecStartPre=/bin/rm -f /run/user/1002/container-test.service.ctr-id (code=exited, status=0/SUCCESS)
Main PID: 108141 (conmon)
CGroup: /user.slice/user-1002.slice/user@1002.service/container-test.service
├─108134 /usr/bin/fuse-overlayfs -o ,lowerdir=/home/jerry/.local/share/containers/storage/overlay/l/7EWWT2U3CWUJFPIPVXBNGBWGFI,upperdir=/home/jerry/.local/share/>
├─108138 /usr/bin/slirp4netns --disable-host-loopback --mtu=65520 --enable-sandbox --enable-seccomp -c -e 3 -r 4 --netns-type=path /run/user/1002/netns/cni-370af>
├─108141 /usr/bin/conmon --api-version 1 -c 4ca23486d3ab0cb9a230265df8b9d5a666bfdfbd42785ac90b92bf965a4b37cc -u 4ca23486d3ab0cb9a230265df8b9d5a666bfdfbd42785ac90>
└─108144 sh
[jerry@localhost ~]$ podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
4ca23486d3ab docker.io/library/busybox:latest sh 19 seconds ago Up 19 seconds ago test
podman网络设置
创建一个网络mynet
[root@localhost ~]# podman network create mynet
/etc/cni/net.d/mynet.conflist
–subnet指定subnet创建网络
[root@localhost ~]# podman network create --subnet 192.168.1.0/24 net1
/etc/cni/net.d/net1.conflist
–gateway 指定网关
[root@localhost ~]# podman network create --subnet 192.168.2.0/24 --gateway 192.168.2.1 net2
/etc/cni/net.d/net2.conflist
–ip-range 指定ip起始地址
[root@localhost ~]# podman network create --subnet 192.168.3.0/24 --gateway 192.168.3.1 --ip-range 192.168.3.2/24 net3
/etc/cni/net.d/net3.conflist
查看刚刚创建的网络
[root@localhost ~]# podman network ls
NETWORK ID NAME VERSION PLUGINS
2f259bab93aa podman 0.4.0 bridge,portmap,firewall,tuning
11c844f95e28 mynet 0.4.0 bridge,portmap,firewall,tuning
6c270ef2f251 net1 0.4.0 bridge,portmap,firewall,tuning
2daa9a9645f3 net2 0.4.0 bridge,portmap,firewall,tuning
3b20bf89a26e net3 0.4.0 bridge,portmap,firewall,tuning
使用刚刚创建的网络net1,并运行一个容器
[root@localhost ~]# podman run --name web -it --network net1 busybox
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0@if13: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 3e:7b:5e:72:2e:c7 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.2/24 brd 192.168.1.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::3c7b:5eff:fe72:2ec7/64 scope link
valid_lft forever preferred_lft forever
podman网络管理
查看容器网路
[root@localhost ~]# podman network ls
NETWORK ID NAME VERSION PLUGINS
2f259bab93aa podman 0.4.0 bridge,portmap,firewall,tuning
11c844f95e28 mynet 0.4.0 bridge,portmap,firewall,tuning
6c270ef2f251 net1 0.4.0 bridge,portmap,firewall,tuning
2daa9a9645f3 net2 0.4.0 bridge,portmap,firewall,tuning
3b20bf89a26e net3 0.4.0 bridge,portmap,firewall,tuning
断开网络(disconnect)
[root@localhost ~]# podman network disconnect net1 web
重启容器网络(reload)
[root@localhost ~]# podman network reload web
edf3830ea44b5cf8dd2ebe7c62ecd2d1d3e55977dedd8e96fbd346b58de43596
删除podman网络(rm)
[root@localhost ~]# podman network rm net2 net3
net2
net3
[root@localhost ~]# podman network ls
NETWORK ID NAME VERSION PLUGINS
2f259bab93aa podman 0.4.0 bridge,portmap,firewall,tuning
11c844f95e28 mynet 0.4.0 bridge,portmap,firewall,tuning
6c270ef2f251 net1 0.4.0 bridge,portmap,firewall,tuning
|