Podman kasutamine: erinevus redaktsioonide vahel
Allikas: Imre kasutab arvutit
Mine navigeerimisribaleMine otsikasti
(Uus lehekülg: '===Sissejuhatus=== TODO ===Kasulikud lisamaterjalid=== * TODO') |
|||
| (ei näidata sama kasutaja 13 vahepealset redaktsiooni) | |||
| 1. rida: | 1. rida: | ||
===Sissejuhatus=== |
===Sissejuhatus=== |
||
| + | |||
| + | TODO |
||
| + | |||
| + | ===Tööpõhimõte=== |
||
| + | |||
| + | * slirp4netns |
||
| + | * slip |
||
| + | * netavark |
||
| + | * uidmap |
||
| + | |||
| + | ===Ettevalmistamine=== |
||
| + | |||
| + | Antud juhuks kasutatakse Debian v. 13 operatsioonisüsteemi, siin on olemas |
||
| + | |||
| + | * kernel v. 6.12 |
||
| + | * podman v. 5 (mitte v. 4 nagu näiteks Ubuntu 24.04) |
||
| + | |||
| + | podman tarkvara paigaldamiseks |
||
| + | |||
| + | <pre> |
||
| + | root@ph-minio-01:~# apt-get install podman -d |
||
| + | Reading package lists... Done |
||
| + | Building dependency tree... Done |
||
| + | Reading state information... Done |
||
| + | The following additional packages will be installed: |
||
| + | aardvark-dns buildah catatonit conmon containernetworking-plugins containers-storage cpp cpp-14 cpp-14-x86-64-linux-gnu |
||
| + | cpp-x86-64-linux-gnu criu crun dirmngr fuse-overlayfs fuse3 gnupg gnupg-l10n gnupg-utils golang-github-containers-common |
||
| + | golang-github-containers-image gpg gpg-agent gpg-wks-client gpgconf gpgsm gpgv iptables libassuan9 libcompel1 libcriu2 libgcrypt20 |
||
| + | libgpg-error-l10n libgpg-error0 libgpgme11t64 libip4tc2 libip6tc2 libisl23 libksba8 libldap-common libldap2 libmpc3 libmpfr6 libnet1 |
||
| + | libnetfilter-conntrack3 libnfnetlink0 libnl-3-200 libnpth0t64 libprotobuf32t64 libsasl2-2 libsasl2-modules libsasl2-modules-db libslirp0 |
||
| + | libsubid5 libyajl2 netavark passt pinentry-curses python3-protobuf python3-pycriu slirp4netns uidmap |
||
| + | Suggested packages: |
||
| + | cpp-doc gcc-14-locales cpp-14-doc libwasmedge0 pinentry-gnome3 tor gpg-wks-server parcimonie xloadimage scdaemon tpm2daemon firewalld |
||
| + | rng-tools libsasl2-modules-gssapi-mit | libsasl2-modules-gssapi-heimdal libsasl2-modules-ldap libsasl2-modules-otp libsasl2-modules-sql |
||
| + | pinentry-doc docker-compose |
||
| + | |||
| + | ... |
||
| + | </pre> |
||
| + | |||
| + | kus |
||
| + | |||
| + | * paigaldatakse lisaks passt ja slirp4nets, uidmap conman, netavark, criu, crun |
||
| + | |||
| + | <pre> |
||
| + | # systemctl --user enable --now podman.socket |
||
| + | </pre> |
||
| + | |||
| + | chatgpt soovitus, 'you might need to increase your "unprivileged ports" or "max user namespaces" in /etc/sysctl.conf' |
||
| + | |||
| + | Võrgukontroll |
||
| + | |||
| + | <pre> |
||
| + | ps aux | grep -E 'pasta|slirp4netns' |
||
| + | </pre> |
||
| + | |||
| + | ===Quadlet kasutamine=== |
||
| + | |||
| + | <pre> |
||
| + | kasutaja@ph-minio-01:~$ systemctl --user mask podman-user-wait-network-online.service |
||
| + | |||
| + | kasutaja@ph-minio-01:~$ cat .config/containers/systemd/nginx-08.container |
||
| + | [Unit] |
||
| + | Description=My Nginx Quadlet Service |
||
| + | DefaultDependencies=no |
||
| + | After=network.target |
||
| + | |||
| + | [Container] |
||
| + | Image=docker.io/library/nginx:alpine |
||
| + | PublishPort=8098:80 |
||
| + | ContainerName=nginx-08 |
||
| + | |||
| + | [Install] |
||
| + | # This tells systemd to start it when you log in |
||
| + | WantedBy=default.target |
||
| + | |||
| + | kasutaja@ph-minio-01:~$ systemctl --user daemon-reload |
||
| + | kasutaja@ph-minio-01:~$ systemctl --user start nginx-08.service |
||
| + | </pre> |
||
| + | |||
| + | kus |
||
| + | |||
| + | * kuna unit genereeritakse, siis '... enable --now ...' vms ei ole asjakohane (saab veateate) |
||
| + | |||
| + | Tulemusena |
||
| + | |||
| + | <pre> |
||
| + | kasutaja@ph-minio-01:~$ systemctl --user status nginx-07 |
||
| + | ● nginx-07.service - My Nginx Quadlet Service - 07 |
||
| + | Loaded: loaded (/home/kasutaja/.config/containers/systemd/nginx-07.container; generated) |
||
| + | Active: active (running) since Sun 2026-04-19 20:26:21 EEST; 5min ago |
||
| + | Invocation: 2954482c56c64789a40f697e6d660f2f |
||
| + | Main PID: 4344 (conmon) |
||
| + | Tasks: 5 (limit: 6982) |
||
| + | Memory: 30.9M (peak: 46.6M) |
||
| + | CPU: 94ms |
||
| + | CGroup: /user.slice/user-1000.slice/user@1000.service/app.slice/nginx-07.service |
||
| + | ├─libpod-payload-448f5affd046e479f93a85fa1870aa1c9b1a9cc3d83b1f782999d464c7f41c70 |
||
| + | │ ├─4346 "nginx: master process nginx -g daemon off;" |
||
| + | │ ├─4372 "nginx: worker process" |
||
| + | │ └─4373 "nginx: worker process" |
||
| + | └─runtime |
||
| + | ├─4341 /usr/bin/pasta --config-net -t 8097-8097:80-80 --dns-forward 169.254.1.1 -u none -T none -U none --no-map-gw --quiet --netns /run/user/1000/netns/netns-5f134e7f-f63d-6728-4123-10ffea79d4e9 --map-guest-addr 169.254.1.2 |
||
| + | └─4344 /usr/bin/conmon --api-version 1 -c 448f5affd046e479f93a85fa1870aa1c9b1a9cc3d83b1f782999d464c7f41c70 -u 448f5affd046e479f93a85fa1870aa1c9b1a9cc3d83b1f782999d464c7f41c70 -r /usr/bin/crun -b /home/kasutaja/.local/share/containers/storage/overlay-containers/448f5affd046e479f93a85fa1870aa1c9b1a9cc3d83b1f782999d464c7f41c70/userdata -p /run/user/1000/containers/overlay-containers/448f5affd046e479f> |
||
| + | |||
| + | Apr 19 20:26:21 ph-minio-01 nginx-07[4324]: 448f5affd046e479f93a85fa1870aa1c9b1a9cc3d83b1f782999d464c7f41c70 |
||
| + | Apr 19 20:26:21 ph-minio-01 podman[4324]: 2026-04-19 20:26:21.222328815 +0300 EEST m=+0.015770124 image pull 5bd7bd52e5bcab15a093466b90e37472b0d0c0081052522afb8924cbdaf15f56 docker.io/library/nginx:alpine |
||
| + | Apr 19 20:26:21 ph-minio-01 nginx-07[4344]: 2026/04/19 17:26:21 [notice] 1#1: using the "epoll" event method |
||
| + | Apr 19 20:26:21 ph-minio-01 nginx-07[4344]: 2026/04/19 17:26:21 [notice] 1#1: nginx/1.29.8 |
||
| + | Apr 19 20:26:21 ph-minio-01 nginx-07[4344]: 2026/04/19 17:26:21 [notice] 1#1: built by gcc 15.2.0 (Alpine 15.2.0) |
||
| + | Apr 19 20:26:21 ph-minio-01 nginx-07[4344]: 2026/04/19 17:26:21 [notice] 1#1: OS: Linux 6.12.74+deb13+1-amd64 |
||
| + | Apr 19 20:26:21 ph-minio-01 nginx-07[4344]: 2026/04/19 17:26:21 [notice] 1#1: getrlimit(RLIMIT_NOFILE): 524288:524288 |
||
| + | Apr 19 20:26:21 ph-minio-01 nginx-07[4344]: 2026/04/19 17:26:21 [notice] 1#1: start worker processes |
||
| + | Apr 19 20:26:21 ph-minio-01 nginx-07[4344]: 2026/04/19 17:26:21 [notice] 1#1: start worker process 25 |
||
| + | Apr 19 20:26:21 ph-minio-01 nginx-07[4344]: 2026/04/19 17:26:21 [notice] 1#1: start worker process 26 |
||
| + | </pre> |
||
| + | |||
| + | Olukorra küsimine |
||
| + | |||
| + | <pre> |
||
| + | kasutaja@ph-minio-01:~$ loginctl user-status |
||
| + | kasutaja (1000) |
||
| + | Since: Sun 2026-04-19 18:59:50 EEST; 1h 15min ago |
||
| + | State: active |
||
| + | Sessions: *69 68 |
||
| + | Linger: no |
||
| + | Unit: user-1000.slice |
||
| + | ├─session-69.scope |
||
| + | │ ├─3556 "sshd-session: kasutaja [priv]" |
||
| + | │ ├─3563 "sshd-session: kasutaja@pts/1" |
||
| + | │ ├─3564 -bash |
||
| + | │ ├─3883 loginctl user-status |
||
| + | │ └─3884 pager |
||
| + | └─user@1000.service |
||
| + | ├─app.slice |
||
| + | │ ├─nginx-08.service |
||
| + | │ │ ├─libpod-payload-bc852e3e18307519d4aa9da53a695a32a41de08994596114cbe36b400b47e045 |
||
| + | │ │ │ ├─3485 "nginx: master process nginx -g daemon off;" |
||
| + | │ │ │ ├─3537 "nginx: worker process" |
||
| + | │ │ │ └─3538 "nginx: worker process" |
||
| + | │ │ └─runtime |
||
| + | │ │ ├─3464 /usr/bin/pasta --config-net -t 8098-8098:80-80 --dns-forward 169.254.1.1 -u none -T none -U none --no-map-gw --quiet --netns /run/user/1000/netns/netns-91377314-f55f-138d-42af-3d324176cd02 --map-guest-addr > |
||
| + | │ │ └─3480 /usr/bin/conmon --api-version 1 -c bc852e3e18307519d4aa9da53a695a32a41de08994596114cbe36b400b47e045 -u bc852e3e18307519d4aa9da53a695a32a41de08994596114cbe36b400b47e045 -r /usr/bin/crun -b /home/kasutaja/.lo> |
||
| + | │ └─nginx-09.service |
||
| + | │ ├─libpod-payload-a390c5429a53870b2175d1869d0e5aab0c990e9f8cb511b3cac04582b346c35a |
||
| + | │ │ ├─3484 "nginx: master process nginx -g daemon off;" |
||
| + | │ │ ├─3511 "nginx: worker process" |
||
| + | │ │ └─3512 "nginx: worker process" |
||
| + | │ └─runtime |
||
| + | │ ├─3476 /usr/bin/pasta --config-net -t 8099-8099:80-80 --dns-forward 169.254.1.1 -u none -T none -U none --no-map-gw --quiet --netns /run/user/1000/netns/netns-ec2cfa9a-6c8b-0edf-24a2-be75c53feb34 --map-guest-addr > |
||
| + | │ └─3481 /usr/bin/conmon --api-version 1 -c a390c5429a53870b2175d1869d0e5aab0c990e9f8cb511b3cac04582b346c35a -u a390c5429a53870b2175d1869d0e5aab0c990e9f8cb511b3cac04582b346c35a -r /usr/bin/crun -b /home/kasutaja/.lo> |
||
| + | ├─init.scope |
||
| + | │ ├─3376 /usr/lib/systemd/systemd --user |
||
| + | │ └─3378 "(sd-pam)" |
||
| + | ├─session.slice |
||
| + | │ └─dbus.service |
||
| + | │ └─3536 /usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only |
||
| + | └─user.slice |
||
| + | └─podman-pause-407bd36c.scope |
||
| + | └─3427 catatonit -P |
||
| + | </pre> |
||
| + | |||
| + | ===Misc=== |
||
TODO |
TODO |
||
| 5. rida: | 167. rida: | ||
===Kasulikud lisamaterjalid=== |
===Kasulikud lisamaterjalid=== |
||
| + | * https://passt.top/ |
||
| − | * TODO |
||
| + | * youtube 'Getting started with Podman' by SRKMasterStack |
||
| + | * 'Podman for DevOps - Second Edition' - Alessandro Arrichiello, Gianni Salinetti |
||
| + | * https://www.hackerstack.org/understanding-linux-namespaces/ |
||
Viimane redaktsioon: 20. aprill 2026, kell 12:03
Sissejuhatus
TODO
Tööpõhimõte
- slirp4netns
- slip
- netavark
- uidmap
Ettevalmistamine
Antud juhuks kasutatakse Debian v. 13 operatsioonisüsteemi, siin on olemas
- kernel v. 6.12
- podman v. 5 (mitte v. 4 nagu näiteks Ubuntu 24.04)
podman tarkvara paigaldamiseks
root@ph-minio-01:~# apt-get install podman -d Reading package lists... Done Building dependency tree... Done Reading state information... Done The following additional packages will be installed: aardvark-dns buildah catatonit conmon containernetworking-plugins containers-storage cpp cpp-14 cpp-14-x86-64-linux-gnu cpp-x86-64-linux-gnu criu crun dirmngr fuse-overlayfs fuse3 gnupg gnupg-l10n gnupg-utils golang-github-containers-common golang-github-containers-image gpg gpg-agent gpg-wks-client gpgconf gpgsm gpgv iptables libassuan9 libcompel1 libcriu2 libgcrypt20 libgpg-error-l10n libgpg-error0 libgpgme11t64 libip4tc2 libip6tc2 libisl23 libksba8 libldap-common libldap2 libmpc3 libmpfr6 libnet1 libnetfilter-conntrack3 libnfnetlink0 libnl-3-200 libnpth0t64 libprotobuf32t64 libsasl2-2 libsasl2-modules libsasl2-modules-db libslirp0 libsubid5 libyajl2 netavark passt pinentry-curses python3-protobuf python3-pycriu slirp4netns uidmap Suggested packages: cpp-doc gcc-14-locales cpp-14-doc libwasmedge0 pinentry-gnome3 tor gpg-wks-server parcimonie xloadimage scdaemon tpm2daemon firewalld rng-tools libsasl2-modules-gssapi-mit | libsasl2-modules-gssapi-heimdal libsasl2-modules-ldap libsasl2-modules-otp libsasl2-modules-sql pinentry-doc docker-compose ...
kus
- paigaldatakse lisaks passt ja slirp4nets, uidmap conman, netavark, criu, crun
# systemctl --user enable --now podman.socket
chatgpt soovitus, 'you might need to increase your "unprivileged ports" or "max user namespaces" in /etc/sysctl.conf'
Võrgukontroll
ps aux | grep -E 'pasta|slirp4netns'
Quadlet kasutamine
kasutaja@ph-minio-01:~$ systemctl --user mask podman-user-wait-network-online.service kasutaja@ph-minio-01:~$ cat .config/containers/systemd/nginx-08.container [Unit] Description=My Nginx Quadlet Service DefaultDependencies=no After=network.target [Container] Image=docker.io/library/nginx:alpine PublishPort=8098:80 ContainerName=nginx-08 [Install] # This tells systemd to start it when you log in WantedBy=default.target kasutaja@ph-minio-01:~$ systemctl --user daemon-reload kasutaja@ph-minio-01:~$ systemctl --user start nginx-08.service
kus
- kuna unit genereeritakse, siis '... enable --now ...' vms ei ole asjakohane (saab veateate)
Tulemusena
kasutaja@ph-minio-01:~$ systemctl --user status nginx-07
● nginx-07.service - My Nginx Quadlet Service - 07
Loaded: loaded (/home/kasutaja/.config/containers/systemd/nginx-07.container; generated)
Active: active (running) since Sun 2026-04-19 20:26:21 EEST; 5min ago
Invocation: 2954482c56c64789a40f697e6d660f2f
Main PID: 4344 (conmon)
Tasks: 5 (limit: 6982)
Memory: 30.9M (peak: 46.6M)
CPU: 94ms
CGroup: /user.slice/user-1000.slice/user@1000.service/app.slice/nginx-07.service
├─libpod-payload-448f5affd046e479f93a85fa1870aa1c9b1a9cc3d83b1f782999d464c7f41c70
│ ├─4346 "nginx: master process nginx -g daemon off;"
│ ├─4372 "nginx: worker process"
│ └─4373 "nginx: worker process"
└─runtime
├─4341 /usr/bin/pasta --config-net -t 8097-8097:80-80 --dns-forward 169.254.1.1 -u none -T none -U none --no-map-gw --quiet --netns /run/user/1000/netns/netns-5f134e7f-f63d-6728-4123-10ffea79d4e9 --map-guest-addr 169.254.1.2
└─4344 /usr/bin/conmon --api-version 1 -c 448f5affd046e479f93a85fa1870aa1c9b1a9cc3d83b1f782999d464c7f41c70 -u 448f5affd046e479f93a85fa1870aa1c9b1a9cc3d83b1f782999d464c7f41c70 -r /usr/bin/crun -b /home/kasutaja/.local/share/containers/storage/overlay-containers/448f5affd046e479f93a85fa1870aa1c9b1a9cc3d83b1f782999d464c7f41c70/userdata -p /run/user/1000/containers/overlay-containers/448f5affd046e479f>
Apr 19 20:26:21 ph-minio-01 nginx-07[4324]: 448f5affd046e479f93a85fa1870aa1c9b1a9cc3d83b1f782999d464c7f41c70
Apr 19 20:26:21 ph-minio-01 podman[4324]: 2026-04-19 20:26:21.222328815 +0300 EEST m=+0.015770124 image pull 5bd7bd52e5bcab15a093466b90e37472b0d0c0081052522afb8924cbdaf15f56 docker.io/library/nginx:alpine
Apr 19 20:26:21 ph-minio-01 nginx-07[4344]: 2026/04/19 17:26:21 [notice] 1#1: using the "epoll" event method
Apr 19 20:26:21 ph-minio-01 nginx-07[4344]: 2026/04/19 17:26:21 [notice] 1#1: nginx/1.29.8
Apr 19 20:26:21 ph-minio-01 nginx-07[4344]: 2026/04/19 17:26:21 [notice] 1#1: built by gcc 15.2.0 (Alpine 15.2.0)
Apr 19 20:26:21 ph-minio-01 nginx-07[4344]: 2026/04/19 17:26:21 [notice] 1#1: OS: Linux 6.12.74+deb13+1-amd64
Apr 19 20:26:21 ph-minio-01 nginx-07[4344]: 2026/04/19 17:26:21 [notice] 1#1: getrlimit(RLIMIT_NOFILE): 524288:524288
Apr 19 20:26:21 ph-minio-01 nginx-07[4344]: 2026/04/19 17:26:21 [notice] 1#1: start worker processes
Apr 19 20:26:21 ph-minio-01 nginx-07[4344]: 2026/04/19 17:26:21 [notice] 1#1: start worker process 25
Apr 19 20:26:21 ph-minio-01 nginx-07[4344]: 2026/04/19 17:26:21 [notice] 1#1: start worker process 26
Olukorra küsimine
kasutaja@ph-minio-01:~$ loginctl user-status
kasutaja (1000)
Since: Sun 2026-04-19 18:59:50 EEST; 1h 15min ago
State: active
Sessions: *69 68
Linger: no
Unit: user-1000.slice
├─session-69.scope
│ ├─3556 "sshd-session: kasutaja [priv]"
│ ├─3563 "sshd-session: kasutaja@pts/1"
│ ├─3564 -bash
│ ├─3883 loginctl user-status
│ └─3884 pager
└─user@1000.service
├─app.slice
│ ├─nginx-08.service
│ │ ├─libpod-payload-bc852e3e18307519d4aa9da53a695a32a41de08994596114cbe36b400b47e045
│ │ │ ├─3485 "nginx: master process nginx -g daemon off;"
│ │ │ ├─3537 "nginx: worker process"
│ │ │ └─3538 "nginx: worker process"
│ │ └─runtime
│ │ ├─3464 /usr/bin/pasta --config-net -t 8098-8098:80-80 --dns-forward 169.254.1.1 -u none -T none -U none --no-map-gw --quiet --netns /run/user/1000/netns/netns-91377314-f55f-138d-42af-3d324176cd02 --map-guest-addr >
│ │ └─3480 /usr/bin/conmon --api-version 1 -c bc852e3e18307519d4aa9da53a695a32a41de08994596114cbe36b400b47e045 -u bc852e3e18307519d4aa9da53a695a32a41de08994596114cbe36b400b47e045 -r /usr/bin/crun -b /home/kasutaja/.lo>
│ └─nginx-09.service
│ ├─libpod-payload-a390c5429a53870b2175d1869d0e5aab0c990e9f8cb511b3cac04582b346c35a
│ │ ├─3484 "nginx: master process nginx -g daemon off;"
│ │ ├─3511 "nginx: worker process"
│ │ └─3512 "nginx: worker process"
│ └─runtime
│ ├─3476 /usr/bin/pasta --config-net -t 8099-8099:80-80 --dns-forward 169.254.1.1 -u none -T none -U none --no-map-gw --quiet --netns /run/user/1000/netns/netns-ec2cfa9a-6c8b-0edf-24a2-be75c53feb34 --map-guest-addr >
│ └─3481 /usr/bin/conmon --api-version 1 -c a390c5429a53870b2175d1869d0e5aab0c990e9f8cb511b3cac04582b346c35a -u a390c5429a53870b2175d1869d0e5aab0c990e9f8cb511b3cac04582b346c35a -r /usr/bin/crun -b /home/kasutaja/.lo>
├─init.scope
│ ├─3376 /usr/lib/systemd/systemd --user
│ └─3378 "(sd-pam)"
├─session.slice
│ └─dbus.service
│ └─3536 /usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
└─user.slice
└─podman-pause-407bd36c.scope
└─3427 catatonit -P
Misc
TODO
Kasulikud lisamaterjalid
- https://passt.top/
- youtube 'Getting started with Podman' by SRKMasterStack
- 'Podman for DevOps - Second Edition' - Alessandro Arrichiello, Gianni Salinetti
- https://www.hackerstack.org/understanding-linux-namespaces/
