Podman

//podman查看镜像
[root@cb ~]# podman images
REPOSITORY                TAG     IMAGE ID      CREATED       SIZE
docker.io/library/nginx   latest  f6d0b4767a6c  8 weeks ago   137 MB
docker.io/library/centos  latest  300e315adb2f  3 months ago  217 MB

//podman删除镜像
[root@cb ~]# podman rmi b97242f89c8a
Untagged: docker.io/library/busybox:latest
Deleted: b97242f89c8a29d13aea12843a08441a4bbfc33528f55b60366c1d8f6923d0d4

//podman拉取镜像
[root@cb ~]# podman pull busybox
Completed short name "busybox" with unqualified-search registries (origin: /etc/containers/registries.conf)
Trying to pull docker.io/library/busybox:latest...
Getting image source signatures
Copying blob e5d9363303dd done  
Copying config b97242f89c done  
Writing manifest to image destination
Storing signatures
b97242f89c8a29d13aea12843a08441a4bbfc33528f55b60366c1d8f6923d0d4

//创建一个新的容器
[root@cb ~]# podman create centos:latest
519a59f646dcf1569ed6676020e64ab0d00d8f57cd743c1211ba547d7a95a8b6

//查看容器
[root@cb ~]# podman ps -a
CONTAINER ID  IMAGE   COMMAND  CREATED  STATUS  PORTS   NAMES

//删除容器
[root@lcb ~]# podman rm -f 519a59f646dc
519a59f646dc
[root@cb ~]# podman ps -a
CONTAINER ID   IMAGE     COMMAND   CREATED   STATUS    PORTS     NAMES

[root@cxx ~]# yum -y install podman
[root@cxx ~]# cd /etc/containers/
[root@cxx containers]# ls
policy.json      registries.conf.ori  storage.conf
registries.conf  registries.d
[root@cxx containers]# vim registries.conf

[registries.search]
registries = [‘docker.io‘]
location = ‘mirrors.tuna.tsinghua.edu.cn/‘

[registries.insecure]
registries = []


[registries.block]
registries = []

[root@cb ~]# yum -y install crun
[root@cb ~]# cd /usr/share/containers/
[root@cb containers]# vim containers.conf 
 runtime = "crun"   //取消注释改成crun
//安装slirp4netns包
[root@cb containers]# yum install slirp4netns

//安装fuse-overlayfs包
[root@cb containers]# yum -y install fuse-overlayfs
[root@cb containers]# rpm -qa|grep fuse-overlayfs
fuse-overlayfs-1.3.0-2.module_el8.3.0+699+d61d9c41.x86_64

[root@cb containers]# cd /etc/containers/
[root@cb containers]# vim storage.conf 
mount_program = "/usr/bin/fuse-overlayfs"    //取消注释

[root@cb containers]# useradd tom
[root@cb containers]# cat /etc/subuid 
tom:100000:65536
[root@cb containers]# useradd jerry
[root@cb containers]# cat /etc/subuid 
tom:100000:65536
jerry:165536:65536

[root@cb ~]# podman images
REPOSITORY                TAG     IMAGE ID      CREATED       SIZE
docker.io/library/nginx   latest  f6d0b4767a6c  8 weeks ago   137 MB
docker.io/library/centos  latest  300e315adb2f  3 months ago  217 MB
[root@cb ~]# ll /home/
总用量 0
drwx------. 2 jerry jerry 62 3月  11 04:37 jerry
drwx------. 2 tom   tom   62 3月  11 04:37 tom
[root@cb ~]# su - jerry
[jerry@cb ~]$ podman images
REPOSITORY  TAG     IMAGE ID  CREATED  SIZE
[jerry@cb ~]$ 
//root用户和普通用户拉的镜像不是放在同一位置

[jerry@cb ~]$ podman pull busybox
Completed short name "busybox" with unqualified-search registries (origin: /etc/containers/registries.conf)
Trying to pull docker.io/library/busybox:latest...
Getting image source signatures
Copying blob e5d9363303dd done  
Copying config b97242f89c done  
Writing manifest to image destination
Storing signatures
b97242f89c8a29d13aea12843a08441a4bbfc33528f55b60366c1d8f6923d0d4
[jerry@cb ~]$ podman images 
REPOSITORY                 TAG     IMAGE ID      CREATED      SIZE
docker.io/library/busybox  latest  b97242f89c8a  8 weeks ago  1.45 MB
[jerry@cb ~]$ podman pull nginx
Completed short name "nginx" with unqualified-search registries (origin: /etc/containers/registries.conf)
Trying to pull docker.io/library/nginx:latest...
Getting image source signatures
Copying blob 0732ab25fa22 done  
Copying blob a076a628af6f done  
Copying blob f72584a26f32 done  
Copying blob 7125e4df9063 done  
Copying blob d7f36f6fe38f done  
Copying config f6d0b4767a done  
Writing manifest to image destination
Storing signatures
f6d0b4767a6c466c178bf718f99bea0d3742b26679081e52dbf8e0c7c4c42d74
[jerry@cb ~]$ vim /etc/sysctl.conf 
[jerry@cb ~]$ podman run -d --name web -p 2000:80 nginx
ee1ab5325c065b4f4240b0666e2f4c2c249c6b7750946166136f5ff0238e03c8
[jerry@cb ~]$ podman ps -a
CONTAINER ID  IMAGE                           COMMAND               CREATED        STATUS            PORTS                 NAMES
ee1ab5325c06  docker.io/library/nginx:latest  nginx -g daemon o...  9 seconds ago  Up 9 seconds ago  0.0.0.0:2000->80/tcp  web
[jerry@cb ~]$ ss -antl
\State   Recv-Q   Send-Q      Local Address:Port       Peer Address:Port   
LISTEN  0        128               0.0.0.0:22              0.0.0.0:*      
LISTEN  0        128                  [::]:22                 [::]:*      
LISTEN  0        128                     *:2000                  *:*      

[jerry@cb ~]$ mkdir abc
[jerry@cb ~]$ podman run -it --rm -v /home/jerry/abc:/data busybox /bin/sh/ # ls
bin   data  dev   etc   home  proc  root  run   sys   tmp   usr   var
/ # cd data/
/data # touch abc
/data # ls
abc
/data # ll
/bin/sh: ll: not found
/data # ls -l
total 0
-rw-r--r--    1 root     root             0 Mar 10 22:10 abc
[jerry@cb ~]$ cd 123/
[jerry@cb 123]$ ll -h
总用量 0
-rw-r--r--. 1 jerry jerry 0 3月  11 06:10 abc

[jerry@cb 123]$ podman run -it --rm --userns=keep-id -v /home/jerry/test:/data busybox /bin/sh
Error: statfs /home/jerry/test: no such file or directory
[jerry@cb 123]$ podman run -it --rm --userns=keep-id -v /home/jerry/123:/data busybox /bin/sh
~ $ cd data/
/data $ ls -l
total 0
-rw-r--r--    1 jerry    jerry            0 Mar 10 22:10 abc
/data $