记录日常工作关于系统运维,虚拟化云计算,数据库,网络安全等各方面问题。

        Centos8安装podman容器+portainerUI+podman API启用方法


一,安装podman容器软件。

官方文档:https://podman.io/getting-started/installation
podman 目前只支持linux版本,windows和mac可以用Remote Client连接到远程的Podman上



sudo yum -y install podman


二,解决一些兼容问题。
问题1:

user namespaces are not enabled in /proc/sys/user/max_user_namespaces


解决办法:

# centos 7默认关闭了 user namespace,需要手动打开
echo 10000 > /proc/sys/user/max_user_namespaces
grubby --args="user_namespace.enable=1" --update-kernel="$(grubby --default-kernel)"
echo "user.max_user_namespaces=10000" >> /etc/sysctl.conf


问题2:

Error: failed to mount overlay for metacopy check with "nodev,metacopy=on" options: invalid argument
解决办法:


vi /etc/containers/storage.conf
# 旧版kernel配置不支持podman某些特性,需要注释掉mountopt
#mountopt = "nodev,metacopy=on"


问题3:

ERRO[0000] cannot find UID/GID for user xxxx: No subuid ranges found for user "xxx" in /etc/subuid - check rootless mode in man pages.


解决办法:

官方文档说明:
http://docs.podman.io/en/latest/markdown/podman.1.html?highlight=65536#rootless-mode


Podman can also be used as non-root user. When podman runs in rootless mode, a user namespace is automatically created for the user, defined in /etc/subuid and /etc/subgid.


Containers created by a non-root user are not visible to other users and are not seen or managed by Podman running as root.


It is required to have multiple uids/gids set for an user. Be sure the user is present in the files /etc/subuid and /etc/subgid.


If you have a recent version of usermod, you can execute the following commands to add the ranges to the files


$ sudo usermod --add-subuids 10000-75535 USERNAME
$ sudo usermod --add-subgids 10000-75535 USERNAME
Or just add the content manually.


$ echo USERNAME:10000:65536 >> /etc/subuid
$ echo USERNAME:10000:65536 >> /etc/subgid
See the subuid(5) and subgid(5) man pages for more information.

Images are pulled under XDG_DATA_HOME when specified, otherwise in the home directory of the user under .local/share/containers/storage.

Currently the slirp4netns package is required to be installed to create a network device, otherwise rootless containers need to run in the network namespace of the host.
# xxx为当前用户名
echo xxx:10000:65536 >> /etc/subuid
echo xxx:10000:65536 >> /etc/subgid


四,修改镜像拉取地址顺序:

vi /etc/containers/registries.conf
# 把docker.io 放到最前面
[registries.search]

registries = ["docker.io", "registry.fedoraproject.org", "registry.access.redhat.com", "registry.centos.org"]

或是直接配置一堆:

[registries.search]
registries = ['registry.redhat.io', 'quay.io', 'docker.io', 'docker.mirrors.ustc.edu.cn']


# If you need to access insecure registries, add the registry's fully-qualified name.
# An insecure registry is one that does not have a valid SSL certificate or only does HTTP.
[registries.insecure]
registries = ['registry.docker-cn.com', 'hub-mirror.c.163.com', 'docker.mirrors.ustc.edu.cn']


五,podamn安装个UI


给podamn安装个UI,避免命令出现审判疲劳,这里就安装6053537/portainer-ce的镜像,是汉化版本。

[root@centos-38 ~]#  podman run -d --name portainerUI -p 9000:9000 -v /var/run/docker.sock:/run/docker.sock 6053537/portainer-ce

通过此地址登陆: http://192.168.137.38:9000/


直接运行上面的命令,肯定是没法运行容器的。podman不像docker,有打开API功能,需要手动打开。

[root@centos-38 ~]#  yum install podman-docker          / 创建 /run/podman/podman.sock,如果portainer可以使用了。

[root@centos-38 ~]#  podman system service -t 0 &     /打开API服务

六,登陆portainer UI,添加网络名称 bridge,由于 UI默认使用的是bridge名称的网络,不创建网络的话,只能手动选择别的。
如下图 只需要填写以下两个,就可以了。
  1,名称 :  bridge 
  2,   驱动:  bridge 


七,然后,可以在UI上面测试创建容器,例如:nginx,映射端口80,如下图,
测试创建容器并启动容器成功,由此可见,portainer UI完全可以操作podman容器。




以下是官网文档关于API的说明。

Provides an API for the Libpod library (3.2.0)

Download OpenAPI specification:Download

This documentation describes the Podman v2.0 RESTful API. It replaces the Podman v1.0 API and was initially delivered along with Podman v2.0. It consists of a Docker-compatible API and a Libpod API providing support for Podman’s unique features such as pods.

To start the service and keep it running for 5,000 seconds (-t 0 runs forever):

podman system service -t 5000 &

You can then use cURL on the socket using requests documented below.

NOTE: if you install the package podman-docker, it will create a symbolic link for /run/docker.sock to /run/podman/podman.sock

NOTE: some fields in the API response JSON are set as omitempty, which means that if there is no value set for them, they will not show up in the API response. This is a feature to help reduce the size of the JSON responses returned via the API.

NOTE: due to the limitations of go-swagger, some field values that have a complex type show up as null in the docs as well as in the API responses. This is because the zero value for the field type is null. The field description in the docs will state what type the field is expected to be for such cases.

See podman-service(1) for more information.

Quick Examples:

'podman info'

curl --unix-socket /run/podman/podman.sock http://d/v3.0.0/libpod/info

'podman pull quay.io/containers/podman'

curl -XPOST --unix-socket /run/podman/podman.sock -v 'http://d/v3.0.0/images/create?fromImage=quay.io%2Fcontainers%2Fpodman'

'podman list images'

curl --unix-socket /run/podman/podman.sock -v 'http://d/v3.0.0/libpod/images/json' | jq

containers

Actions related to containers




转载请标明出处【Centos8安装podman容器+portainerUI+podman API启用方法】。

《www.92cto.com》 虚拟化云计算,系统运维,安全技术服务.

网站已经关闭评论