Podman: Difference between revisions

From CSCWiki
Jump to navigation Jump to search
Newer edit →
Content deleted Content added
VisualWikitext
Created page with "[https://podman.io/ Podman] is a very neat Docker-compatible container solution. Some of the advantages it has over Docker are: * no daemon (uses a fork-and-exec model) * sys..."
(No difference)

Revision as of 22:51, 28 October 2021

Podman is a very neat Docker-compatible container solution. Some of the advantages it has over Docker are:

  • no daemon (uses a fork-and-exec model)
  • systemd can run inside containers very easily
  • containers can become systemd services on the host
  • non-root users can run containers

Installation

As of bullseye, podman is available in the official Debian repositories. I suggest installing it from the unstable distribution, since podman 3.2 has many useful improvements over previous versions: 

apt install -t unstable podman podman-docker

The podman-docker package provides a wrapper script so that running the command 'docker' will invoke podman. Recent versions of podman also provide API compatibility with Docker, which means that docker-compose will actually work out of the box. (For non-root users, you will need to set the DOCKER_HOST environment variable to unix://$XDG_RUNTIME_DIR/podman/podman.sock).

I suggest adding the following to /etc/containers/registries.conf so that podman automatically pulls packages from docker.io instead of quay.io: 

[registries.search]
registries = ['docker.io']

Networking

Podman uses CNI plugins. If a container needs to be publicly accessible, you will want to create a bridge network. Here's how I did it.

If the host already uses a bridge interface as its primary interface (e.g. 'br0'), I suggest that you do not use this for the CNI bridge. I did that once, and when I brought down the CNI network, br0 came down with it. I suggest creating a dedicated bridge for the containers which is attached to the primary bridge via a veth pair. Here's an example from xylitol's /etc/network/interfaces: 

...
auto br0
iface br0 inet static
    bridge_ports eno1
    address 129.97.134.113
    netmask 255.255.255.0
    gateway 129.97.134.1

auto podbr1
iface podbr1 inet manual
    bridge_ports none
    up ip link add name podveth0 type veth peer name podveth1
    up ip link set podveth0 master br0
    up ip link set podveth1 master podbr1
    up ip link set dev podveth0 up
    up ip link set dev podveth1 up
    down ip link del podveth0

Let's say we want to create a container (or a pod) which has a public IP address 129.97.134.173. We will create a new network for it with an IP range of length 1. In the command below, I will initially create a macvlan network, then convert it into bridge; I find this easier than trying to modify the default bridge configuration which podman creates. 

podman network create -d macvlan -o parent=podbr1 --subnet 129.97.134.0/24 --ip-range 129.97.134.173/32 --gateway 129.97.134.1 bbbnet

Now open /etc/cni/net.d/bbbnet.conflist and make it look like the following: 

{
   "cniVersion": "0.4.0",
   "name": "bbbnet",
   "plugins": [
      {
         "type": "bridge",
         "bridge": "podbr1",
         "ipam": {
            "type": "host-local",
            "routes": [
               {
                  "dst": "0.0.0.0/0"
               }
            ],
            "ranges": [
               [
                  {
                     "subnet": "129.97.134.0/24",
                     "rangeStart": "129.97.134.173",
                     "rangeEnd": "129.97.134.173",
                     "gateway": "129.97.134.1"
                  }
               ]
            ]
         }
      }
   ]
}
Retrieved from "https://wiki.csclub.uwaterloo.ca/index.php?title=Podman&oldid=4568"