1. What is docker?
Docker is an open source application container engine, which belongs to the encapsulation of Linux containers. Docker provides a simple and easy-to-use container using interface, so that developers can package their applications and dependency packages into a portable container, and then publish them to any popular Linux machine. Containers are completely sandboxed and have no interface with each other.
2. What is Podman?
Podman is an open source container runtime project that can be used on most Linux platforms. Podman provides very similar functions to Docker. As mentioned earlier, it doesn't need to run any daemons on your system, and it can also run without root privileges.
Podman can manage and run any container and container image that conforms to the OCI (Open Container Initiative) specification. Podman provides a Docker compatible command-line front end to manage Docker images.
3. What is the difference between Podman and docker?
- Docker needs to run a docker daemon on our system, while podman doesn't
- Start the container in a different way:
The Docker CLI command interacts with the docker engine (engine) through the API to tell it that I want to create a container, and then the docker engine will call OCI container runtime(runc) to start a container. This means that the process of container is not the child process of Docker CLI, but the child process of docker engine.
Podman directly interacts with the OCI container runtime (runc) to create a container, so the container process is the child process of podman.
- Because docker daemon exists in docker, the container started by docker supports restart policy, but podman does not. If this problem does not exist in k8s, we can set the restart policy of pod. In the system, we can write systemd service to complete self startup
- docker needs to use root to create containers, but podman does not
4. Installation of podman
4.1，Arch Linux & Manjaro Linux
sudo pacman -S podman
sudo yum -y install podman
sudo emerge app-emulation/libpod
brew cask install podman
5. Introduction to Podman CLI
87% of the instructions in Podman CLI are the same as those in DOcker CLI. The official gives an example of alias docker=podman, so people who often use DOcker CLI can use podman very quickly
Run a container
podman run -dt -p 80:80 --name nginx -v /data:/data -e NGINX_VERSION=1.16 nginx:1.16.0
List all current containers
# podman ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 19f105d5dc1e docker.io/library/nginx:1.16.0 nginx -g daemon o... 2 minutes ago Up 2 minutes ago 0.0.0.0:80->80/tcp nginx
View a mirror image information
# podman inspect nginx | grep -i "ipaddress" "SecondaryIPAddresses": null, "IPAddress": "10.88.0.110",
View the log of the container running
podman logs nginx
View the usage of container resources in operation
# podman top nginx USER PID PPID %CPU ELAPSED TTY TIME COMMAND root 1 0 0.000 5m26.420969043s pts/0 0s nginx: master process nginx -g daemon off; nginx 6 1 0.000 5m26.421085502s pts/0 0s nginx: worker process # podman stats nginx ID NAME CPU % MEM USAGE / LIMIT MEM % NET IO BLOCK IO PIDS 19f105d5dc1e nginx -- 2.036MB / 1.893GB 0.11% 978B / 10.55kB -- / -- 2
Podman supports the migration of containers from one machine to another.
First, set a checkpoint on the source machine for the container and package the container to the specified location.
$ sudo podman container checkpoint <container_id> -e /tmp/checkpoint.tar.gz $ scp /tmp/checkpoint.tar.gz <destination_system>:/tmp
Secondly, the container is recovered on the target machine by using the package files transferred from the source machine.
$ sudo podman container restore -i /tmp/checkpoint.tar.gz
How to set the self start of podman program
Because Podman no longer uses daemons to manage services, it can't automatically restart containers through daemons. So if you want to start the container automatically, how to do it?
In fact, the method is very simple. Now most systems have adopted Systemd as the management tool of daemons. Here we can use Systemd to implement the Podman boot and restart container. Here we take the nginx just started as an example.
Create a system D service configuration file.
$ vim /etc/systemd/system/nginx_podman.service [Unit] Description=Podman Nginx Service After=network.target After=network-online.target [Service] Type=simple ExecStart=/usr/bin/podman start -a nginx ExecStop=/usr/bin/podman stop -t 10 nginx Restart=always [Install] WantedBy=multi-user.target
Next, enable the Systemd service
$ sudo systemctl daemon-reload $ sudo systemctl enable nginx_podman.service $ sudo systemctl start nginx_podman.service
After every system restart, Systemd will automatically start the container corresponding to this service. After the container dies, it will also start this container. We can use the following example to test
Call a docker package of sleep 30. This container can only run for 30s at a time
$ vim Dockerfile FROM busybox:latest CMD ["sh","-c","sleep 30"]
Then set the startup mode as above
Demonstrate that the container started under Podman is a child process of Podman
We just started a podman of nginx. Now let's take a look at his process
# ps -ef | grep [n]ginx root 19368 19359 0 11:38 pts/0 00:00:00 nginx: master process nginx -g daemon off; 101 19381 19368 0 11:38 pts/0 00:00:00 nginx: worker process
Then check that the parent process of nginx is
# ps -ef | grep 19359 root 19359 1 0 11:38 ? 00:00:00 /usr/libexec/podman/conmon . . . .
So it's verified what I said above