One place for hosting & domains

      Podman

      How to Install Podman for Running Containers


      Podman is an open source containerization tool. Like Docker, Podman is a solution for creating, running, and managing containers. But Podman goes beyond Docker, using a secure daemonless process to run containers in rootless mode.

      For more on what Podman is and how it compares to Docker, you can refer to our guide
      Podman vs Docker. The guide familiarizes you with the basics of Podman and Docker and compares and contrast the two tools.

      In this tutorial, learn everything you need to install and start using Podman on your Linux system. By the end, you can run and manage containers using Podman.

      Before You Begin

      1. Familiarize yourself with our
        Getting Started with Linode guide, and complete the steps for setting your Linode’s hostname and timezone.

      2. This guide uses sudo wherever possible. Complete the sections of our
        How to Secure Your Server guide to create a standard user account, harden SSH access, and remove unnecessary network services.

      3. Update your system.

        • Debian or Ubuntu:

          sudo apt update && sudo apt upgrade
          
        • AlmaLinux, CentOS Stream, Fedora, or Rocky Linux:

          sudo dnf upgrade
          

      Note

      This guide is written for a non-root user. Commands that require elevated privileges are prefixed with sudo. If you’re not familiar with the sudo command, see the
      Users and Groups guide.

      How to Install Podman

      1. Podman is available through the default package managers on most Linux distributions.

        • AlmaLinux, CentOS Stream, Fedora, or Rocky Linux:

          sudo dnf install podman
          
        • Debian or Ubuntu:

          sudo apt install podman
          

          Note

          Podman is only available through the APT package manager for Debian 11 or Ubuntu 20.10 and later.

      2. Afterward, verify your installation by checking the installed Podman version:

        podman -v
        

        Your output may vary from what is shown here, but you are just looking to see that Podman installed successfully:

        podman version 4.1.1

      Configuring Podman for Rootless Usage

      Podman operates using root privileges by default – for instance, using the sudo preface for commands. However, Podman is also capable of running in rootless mode, an appealing feature when you want limited users to execute container actions securely.

      Docker can allow you to run commands as a limited user, but the Docker daemon still runs as root. This is a potential security issue with Docker, one that may allow limited users to execute privileged commands through the Docker daemon.

      Podman solves this with the option of a completely rootless setup, where containers operate in a non-root environment. Below you can find the steps to set up your Podman instance for rootless usage.

      1. Install the slirp4netns and fuse-overlayfs tools to support your rootless Podman operations.

        • AlmaLinux, CentOS Stream, Fedora, or Rocky Linux:

          sudo dnf install slirp4netns fuse-overlayfs
          
        • Debian or Ubuntu:

          sudo apt install slirp4netns fuse-overlayfs
          
      2. Add subuids and subgids ranges for your limited user. This example does so for the user example-user. It gives that user a sub-UID and sub-GID of 100000, each with a range of 65535 IDs:

        sudo usermod --add-subuids 100000-165535 --add-subgids 100000-165535 example-user
        

      With Podman installed, everything is ready for you to start running containers with it. These next sections walk you through the major features of Podman for finding container images and running and managing containers.

      Getting an Image

      Podman offers a few methods for procuring container images, which you can follow along with below. These section also give you a couple of images to start with, and which are used in later sections for further examples.

      Searching for Images

      Perhaps the most straightforward way to get started with a container is by finding an existing image in a registry. With Podman’s search command, you can find matching images in any container registries you have set up.

      Note

      Podman may come with some registries configured by default. However, on some systems, it may first be necessary to configure these registries manually. You can do this by opening the /etc/containers/registries.conf file with your preferred text editor and adding a line like the following to the end:

      unqualified-search-registries=['registry.access.redhat.com', 'registry.fedoraproject.org', 'docker.io', 'quay.io']
      

      You can replace the registries listed here with ones that you would like to look for container images on.

      Podman’s GitHub also has a registries.conf file
      here that you can use as an initial reference.

      This example searches for images matching the term buildah:

      podman search buildah
      

      Keep in mind that your matches may differ depending on the registries your Podman instance is configured with:

      NAME                                                            DESCRIPTION
      registry.access.redhat.com/ubi8/buildah                         Containerized version of Buildah
      registry.access.redhat.com/ubi9/buildah                         rhcc_registry.access.redhat.com_ubi9/buildah
      registry.redhat.io/rhel8/buildah                                Containerized version of Buildah
      registry.redhat.io/rhel9/buildah                                rhcc_registry.access.redhat.com_rhel9/builda...
      [...]

      Downloading an Image

      After searching the registries, you can use Podman to download, or pull, a particular image. This can be accomplished with Podman’s pull command followed by the name of the container image:

      podman pull buildah
      

      As the search output shows, there may be multiple registries matching a given container image:

      Resolved "buildah" as an alias (/etc/containers/registries.conf.d/shortnames.conf)
      Trying to pull quay.io/buildah/stable:latest...
      Getting image source signatures
      [...]

      But you can also be more specific. You can specify the entire image name, with the registry path, to pull from a specific location.

      For instance, this next example pulls the Buildah image from the docker.io registry:

      podman pull docker.io/buildah/buildah
      

      As you can see, it skipped the part where it resolves the shortname alias and pulls the Buildah image directly from the specified source:

      Trying to pull docker.io/buildah/buildah:latest...
      Getting image source signatures
      [...]

      Building an Image

      Like Docker, Podman also gives you the ability to create a container image from a file. Typically, this build process uses the Dockerfile format, though Podman supports the Containerfile format as well.

      You can learn more about crafting Dockerfiles in our guide
      How to Use a Dockerfile to Build a Docker Image. This guide also includes links to further tutorials with more in-depth coverage of Dockerfiles.

      But for now, as an example to see Podman’s build capabilities in action, you can use the following Dockerfile:

      File: Dockerfile
       1
       2
       3
       4
       5
       6
       7
       8
       9
      10
      11
      12
      13
      
      # Base on the most recently released Fedora
      FROM fedora:latest
      MAINTAINER ipbabble email buildahboy@redhat.com # not a real email
      
      # Install updates and httpd
      RUN echo "Updating all fedora packages"; dnf -y update; dnf -y clean all
      RUN echo "Installing httpd"; dnf -y install httpd && dnf -y clean all
      
      # Expose the default httpd port 80
      EXPOSE 80
      
      # Run the httpd
      CMD ["/usr/sbin/httpd", "-DFOREGROUND"]

      Place these contents in a file named Dockerfile. Then, working from the same directory the file is stored in, you can use the following Podman command to build an image from the file:

      podman build -t fedora-http-server .
      

      The -t option allows you to give the image a tag, or name – fedora-http-server in this case. The . at the end of the command specifies the directory in which the Dockerfile can be found, where a . represents the current directory.

      Keep reading onto the section below titled
      Running a Container Image to see how you can run a container from an image built as shown above.

      Podman’s build command works much like Docker’s, but is actually a subset of the build functionality within Buildah. In fact, Podman uses a portion of Buildah’s source code to implement its build function.

      Buildah offers more features and fine-grained control when it comes to building containers. For that reason, many see Podman and Buildah as complementary tools. Buildah provides a robust tool for crafting container images from both container files (e.g. Dockerfiles) and from scratch. Podman then excels at running and managing the resulting containers.

      You can learn more about Buildah, including steps for setup and usage, in our guide
      How to Use Buildah to Build OCI Container Images.

      Listing Local Images

      Once you have one or more images locally on your system, you can see them using Podman’s images command. This gives you a list of images that have been created or downloaded onto your system:

      podman images
      

      Following the two sections above — on downloading and then building container images — you could expect an output similar to:

      REPOSITORY                         TAG         IMAGE ID      CREATED       SIZE
      localhost/fedora-http-server       latest      f6f5a66c8a4d  2 hours ago   328 MB
      quay.io/buildah/stable             latest      eef9e8be5fea  2 hours ago  358 MB
      registry.fedoraproject.org/fedora  latest      3a66698e6040  2 hours ago  169 MB

      Running a Container Image

      With images either downloaded or created, you can begin using Podman to run containers.

      The process can be relatively straightforward with Podman’s run command, which just takes the name of the image to run a container from.

      Here is an example using the Buildah image downloaded above. This example runs the Buildah image, specifically executing the buildah command on the resulting container:

      podman run buildah buildah -v
      

      The -v option is included to output the version of the application:

      buildah version 1.26.2 (image-spec 1.0.2-dev, runtime-spec 1.0.2-dev)

      Containers’ operations can get more complicated from there, and Podman has plenty of features to support a wide range of needs when it comes to running containers.

      Take the fedora-http-server example created from a Dockerfile above. This example runs an HTTP server on the container’s port 80. The following command demonstrates how Podman lets you control how that container operates.

      The command runs the container, which automatically starts up an HTTP server. The -p option given here publishes the container’s port 80 to the local machine’s port 8080, while the --rm option automatically stops the container when it finishes running — a fitting solution for a quick test.

      podman run -p 8080:80 --rm fedora-http-server
      

      Now, on the machine where the image is running, use a cURL command to verify that the default web page is being served on port 8080:

      curl localhost:8080
      

      You should see the HTML of the Fedora HTTP Server Test Page:

      <!doctype html>
      <html>
        <head>
          <meta charset='utf-8'>
          <meta name='viewport' content='width=device-width, initial-scale=1'>
          <title>Test Page for the HTTP Server on Fedora</title>
          <style type="text/css">
            /*<![CDATA[*/
      
            html {
              height: 100%;
              width: 100%;
            }
              body {
      [...]

      Managing Containers and Images

      Podman prioritizes effectively running and managing containers. As such, it comes with plenty of commands for keeping track of and operating your containers.

      These next several sections walk through some of the most useful Podman operations, and can help you get the most out of your containers.

      Listing Containers

      Often those working with containers may keep a container or two, sometimes several containers, running in the background.

      To keep track of these containers, you can use Podman’s ps command. This lists the currently running containers on your system.

      For instance, if you are in the process of running the fedora-http-server container shown above, you can expect something like:

      podman ps
      
      CONTAINER ID  IMAGE                                COMMAND               CREATED        STATUS            PORTS                 NAMES
      daadb647b880  localhost/fedora-http-server:latest  /usr/sbin/httpd -...  8 seconds ago  Up 8 seconds ago  0.0.0.0:8080->80/tcp  suspicious_goodall

      And if you want to list all containers, not just the ones that are currently running, you can add the -a option to the command:

      podman ps -a
      

      The output of this command also includes the buildah command executed using podman run further above:

      CONTAINER ID  IMAGE                                COMMAND               CREATED             STATUS                     PORTS                 NAMES
      db71818eda38  quay.io/buildah/stable:latest        buildah -v            12 minutes ago      Exited (0) 12 minutes ago                        exciting_kowalevski
      daadb647b880  localhost/fedora-http-server:latest  /usr/sbin/httpd -...  About a minute ago  Up About a minute ago      0.0.0.0:8080->80/tcp  suspicious_goodall

      Starting and Stopping Containers

      Podman can individually control when to stop and start containers, using the stop and start commands, respectively. Each of these commands takes either the container ID or container name as an argument, both of which you can find using the ps command, as shown above.

      For example, you can stop the fedora-http-server container above with:

      podman stop daadb647b880
      

      Had this container been run without the --rm option, which automatically removes the container when it has stopped running, you could start the container back up simply with:

      podman start daadb647b880
      

      For either command, you could substitute the container name for its ID, as so:

      podman stop suspicious_goodall
      

      Removing a Container

      You can manually remove a container using Podman’s rm command, which, like the stop and start commands, takes either a container ID or name as an argument.

      podman rm daadb647b880
      

      Creating an Image from a Container

      Podman can render a container into an image using the commit command. This can be used to manually create an updated container image after components have been added to, removed from, or modified on a container.

      Like other container-related commands, this command takes the container ID or name as an argument. It’s also good practice to include an author name along with the commit, via the --author option:

      podman commit --author "Example User" daadb647b880
      

      As noted in the section above on creating images with Podman, Buildah tends to offer more features and control when it comes to creating container images. But Podman is certainly capable in many cases and may be enough to fit your given needs.

      Conclusion

      Podman offers not just a simple alternative to Docker, but a powerful containerization tool with the weight of secure, rootless operations. And, with this tutorial, you have what you need to start using Podman for running and managing your containers.

      Keep learning about effective tools for working with containers through the links on Podman, Buildah, and Dockerfiles provided in the course of this tutorial. Continue sharpening your Podman knowledge through the links provided at the end of this tutorial.

      More Information

      You may wish to consult the following resources for additional information
      on this topic. While these are provided in the hope that they will be
      useful, please note that we cannot vouch for the accuracy or timeliness of
      externally hosted materials.



      Source link

      Podman vs Docker: Comparing the Two Containerization Tools


      Containers offer you powerful tools for developing and deploying applications. They give you distinct and portable virtual environments with a fraction of the overhead of traditional virtual machines.

      If you’re looking into containerization, you’ve likely seen Docker, the most popular and widely used containerization tool. But recently a capable and compelling alternative has risen, Podman.

      Both tools follow the Open Container Initiative (OCI) standards, and both offer robust capabilities for running and managing containers.

      So which one should you use? What features make Docker best for some use cases and Podman better for others?

      This tutorial aims to help you answer these questions. Learn the key characteristics of each tool, see a breakdown of their pros and cons, and walk through an analysis of each tool’s best use cases.

      What Are Containers?

      Containers are lightweight and standalone virtual environments for applications. With containers, you can run multiple application environments on a single system or package application environments as images for others to easily run on different systems.

      Each container works off a set of instructions, allowing it to replicate the necessary virtual infrastructure and applications. The container then houses and manages the applications and all of their dependencies.

      A container can be rendered to a container image. Such an image can then be used to construct the base container on other systems, only requiring a containerization tool, like Docker or Podman.

      Today, most containerization tools follow the OCI standards. Any containerization tools that conform to this standard can operate OCI containers built from other such tools. Thus, Podman can run containers built with Docker, and vice versa.

      What Is Docker?

      Docker is a platform for creating, deploying, and managing applications via containers. With Docker, you can create OCI-compliant containers using Dockerfiles (scripts for container creation) or existing container images.

      Docker has become an incredibly popular containerization tool, at least in part due to its relative simplicity. Its straightforward commands and the wealth of available documentation make Docker immanently approachable.

      Learn more about Docker in our guide
      An Introduction to Docker.

      What Is Podman?

      Podman, like Docker, is an open source engine for deploying and managing containerized applications. Podman builds OCI-compliant containers from existing images or from Containerfiles and Dockerfiles.

      The Podman engine was originally developed by Red Hat with the intention of providing a daemonless alternative to Docker. By employing a daemonless architecture, Podman seeks to remedy security concerns around Docker’s daemon-based process.

      Additionally, Podman’s daemonless architecture grants it a truly rootless mode. Docker commands can be run by non-root users, but its daemon that executes those commands continues to run on root. Podman, instead, executes commands directly and avoids the need for root privileges.

      Learn more about getting started with Podman in our guide
      How to Install Podman for Running Containers.

      Docker vs Podman

      Both Podman and Docker are containerization tools. With either one, you can fully start up, deploy, and manage containers.

      However, each tool has its pros and cons. These next couple of sections explore each, providing a list to compare and contrast the two containerization engines.

      Afterwards, keep on reading to see our advice on which tool to use when.

      Docker Pros and Cons

      Docker Pros:

      • Simple and approachable. Docker’s commands are designed to be relatively simple and easy to use. Alongside that, Docker maintains one of the most frequently used registries for container images.

        The Docker Hub holds a wide collection of well-maintained container images, many of which are composed and updated officially. This makes it relatively easy to, for example, pull a container image for a LAMP stack and start working quickly with Docker.

      • Popular. Docker’s widespread usage means you are more likely to encounter it anywhere that works with containers. It also means you have a vast and easily accessible collection of user documentation and troubleshooting to pull from.

      Docker Cons:

      • Daemon-based architecture. Docker runs on a long-running daemon process, which may pose security concerns for some. Additionally, that daemon process runs with root privileges. Thus, even limited users executing Docker commands are getting those commands fulfilled by a process with root privileges, a further security concern.

      Podman Pros and Cons

      Podman Pros:

      • Daemonless architecture. Podman directly interacts with containers and container images, without a long-running daemon process. Doing so reduces exposure to security risks.

      • Rootless processes. Because of its daemonless architecture, Podman can perform truly rootless operations. Users do not have to be granted root privileges to run Podman commands, and Podman does not have to rely on a root-privileged process.

      • Access to image registries. Podman can find and pull container images from numerous registries, including the Docker Hub. This means, with a little configuration, Podman can access the same image registries as Docker.

      Podman Cons:

      • Limited build features. Podman concerns itself primarily with running and managing containers. It can build containers and render them as images, often effectively for many use cases. However, its functionality for doing so represents a limited portion of the Buildah source code.

        Instead, Podman endorses using Buildah as a complimentary tool for more feature-rich container building and fine-tuned control over the process.

      Which One Should You Use?

      Docker and Podman each stand as viable containerization options. Each tool has a lot to offer, and for most containerization needs, either one works just as well as the other.

      But in what cases should you consider one of these two tools over the other?

      When to Use Docker

      Docker is best suited for when you want a more approachable containerization option. Docker’s design makes it relatively quick to pick up, and its feature set includes everything you’re likely to need when working with containers.

      Docker covers the full container life cycle, from container composition to deployment and maintenance. And it accomplishes this with a straightforward set of commands.

      Docker has established usage with many companies and has a proliferation of people experienced with it. When it comes to containerization tools, you are more likely to find people familiar with Docker than most other tools.

      Looking to go forward with Docker? Be sure to reference the guide linked above, as well as our guide
      When and Why to Use Docker. To see Docker in action, you may also want to look at our guide on
      How to install Docker and deploy a LAMP Stack.

      When to Use Podman

      Podman offers higher security options. Its daemonless architecture allows you to run rootless containers. This, combined with Podman’s direct (rather than long-running) processes for managing containers further secure them.

      Podman is a lightweight and specialized solution. It focuses on running, deploying, and managing containers, and gives you fine-grained control of these processes.

      At the same time, options for building containers and images are available, though limited. Podman keeps tightly focused on its specialization and prefers to work with Buildah as a complimentary tool for building containers and container images.

      This specialization and light footprint are useful in contexts where you want more control for running and managing containers, but don’t need the more advanced build capabilities (or are able to rely on another tool for them).

      In fact, you can effectively use Docker and Podman side-by-side, considering both tools are OCI-compliant. For instance, you can use Docker for your development environment, where you are creating application images but security is less of a concern. Then, use Podman to run and maintain those images in a production environment.

      Start moving forward with Podman by checking out our guide
      How to Install Podman for Running Containers. You may also be interested in taking a look at Buildah via our guide
      How to Use Buildah to Build OCI Container Images.

      Conclusion

      You now have the knowledge needed to make a decision between Podman and Docker. Both are OCI-compliant containerization tools, each offering particular advantages. Each tool stands as a robust option for running, deploying, and managing containers. Which one you choose comes down to what particular features and use cases you need to cover.

      More Information

      You may wish to consult the following resources for additional information
      on this topic. While these are provided in the hope that they will be
      useful, please note that we cannot vouch for the accuracy or timeliness of
      externally hosted materials.



      Source link