首页 > 其他分享 >podman的基本设置和使用

podman的基本设置和使用

时间:2022-08-16 01:33:13浏览次数:48  
标签:基本 httpd key harbor podman 设置 root localhost

podman的基本设置和使用

运行一个示例容器

[root@localhost ~]# podman run -dt -p 8080:8080/tcp -e HTTPD_VAR_RUN=/run/httpd -e HTTPD_MAIN_CONF_D_PATH=/etc/httpd/conf.d \
>  -e HTTPD_MAIN_CONF_PATH=/etc/httpd/conf \
>  -e HTTPD_CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/httpd/ \
>  registry.fedoraproject.org/f29/httpd /usr/bin/run-httpd
Trying to pull registry.fedoraproject.org/f29/httpd:latest...
Getting image source signatures
Copying blob aaf5ad2e1aa3 done  
Copying blob 7692efc5f81c done  
Copying blob d77ff9f653ce done  
Copying config 25c76f9dcd done  
Writing manifest to image destination
Storing signatures
32927806ea54e854e487362d39d738666ea7006767141a8a4f7af4ad9eb315d3
[root@localhost ~]# 
列出正在运行的容器
[root@localhost ~]# podman ps
CONTAINER ID  IMAGE                                        COMMAND               CREATED        STATUS            PORTS                   NAMES
32927806ea54  registry.fedoraproject.org/f29/httpd:latest  /usr/bin/run-http...  3 minutes ago  Up 3 minutes ago  0.0.0.0:8080->8080/tcp  hungry_visvesvaraya
[root@localhost ~]# 
检查正在运行的容器
[root@localhost ~]# podman inspect -l |grep -i ipaddres
            "IPAddress": "10.88.0.2",
                    "IPAddress": "10.88.0.2",
[root@localhost ~]# 
测试httpd服务器
[root@localhost ~]# curl 10.88.0.2:8080
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
        <head>
                <title>Test Page for the Apache HTTP Server on Fedora</title>
                <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
                <style type="text/css">
                        /*<![CDATA[*/

通过宿主机加上映射出来的端口进行访问

image

查看容器日志

[root@localhost ~]# podman logs -l
=> sourcing 10-set-mpm.sh ...
=> sourcing 20-copy-config.sh ...
=> sourcing 40-ssl-certs.sh ...
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 10.88.0.2. Set the 'ServerName' directive globally to suppress this message

查看容器的进程

可以使用top观察容器中的httpd pid

[root@localhost ~]# podman top -l
USER        PID         PPID        %CPU        ELAPSED           TTY         TIME        COMMAND
default     1           0           0.000       15m15.790891247s  pts/0       0s          httpd -D FOREGROUND 
default     23          1           0.000       15m15.791014584s  pts/0       0s          /usr/bin/coreutils --coreutils-prog-shebang=cat /usr/bin/cat 
default     24          1           0.000       15m15.791051976s  pts/0       0s          /usr/bin/coreutils --coreutils-prog-shebang=cat /usr/bin/cat 
default     25          1           0.000       15m15.791083142s  pts/0       0s          /usr/bin/coreutils --coreutils-prog-shebang=cat /usr/bin/cat 
default     26          1           0.000       15m15.79111865s   pts/0       0s          /usr/bin/coreutils --coreutils-prog-shebang=cat /usr/bin/cat 
default     27          1           0.000       15m15.791148096s  pts/0       0s          httpd -D FOREGROUND 
default     28          1           0.000       15m15.791178705s  pts/0       0s          httpd -D FOREGROUND 
default     30          1           0.000       15m15.791209738s  pts/0       0s          httpd -D FOREGROUND 
default     33          1           0.000       15m15.791243228s  pts/0       0s          httpd -D FOREGROUND 
[root@localhost ~]# 
检查点容器
检查点容器会停止容器,同时将容器中所有进程的状态写入磁盘。有了这个,容器可以稍后恢复并在与检查点完全相同的时间点继续运行。此功能需要在系统上安装 CRIU 3.11 或更高版本。此功能不支持为无根;因此,如果您想尝试它,您需要以 root 身份重新创建您的容器,使用相同的命令但使用 sudo。
[root@localhost ~]# podman container checkpoint  hungry_visvesvaraya
32927806ea54e854e487362d39d738666ea7006767141a8a4f7af4ad9eb315d3
[root@localhost ~]# 
[root@localhost ~]# podman ps -a
CONTAINER ID  IMAGE                                        COMMAND               CREATED         STATUS                     PORTS                   NAMES
0850f917a648  docker.io/library/busybox:latest             sh                    25 hours ago    Exited (0) 25 hours ago                            priceless_hermann
52def17049b0  docker.io/library/busybox:latest             sh                    25 hours ago    Exited (0) 25 hours ago                            trusting_wright
2968cb1c8253  docker.io/library/busybox:latest             sh                    25 hours ago    Exited (127) 25 hours ago                          hardcore_payne
120fd003c071  docker.io/library/busybox:latest             sh                    25

恢复容器

[root@localhost ~]# podman container restore hungry_visvesvaraya
32927806ea54e854e487362d39d738666ea7006767141a8a4f7af4ad9eb315d3
[root@localhost ~]# 
[root@localhost ~]# podman ps
CONTAINER ID  IMAGE                                        COMMAND               CREATED         STATUS             PORTS                   NAMES
32927806ea54  registry.fedoraproject.org/f29/httpd:latest  /usr/bin/run-http...  20 minutes ago  Up 20 minutes ago  0.0.0.0:8080->8080/tcp  hungry_visvesvaraya
[root@localhost ~]# 
[root@localhost ~]# curl 10.88.0.2:8080
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
        <head>
                <title>Test Page for the Apache HTTP Server on Fedora</title>
                <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
                <style type="text/css">
                        /*<![CDATA[*/

迁移容器

要将容器从一台主机实时迁移到另一台主机,容器会在迁移的源系统上设置检查点,转移到目标系统,然后在目标系统上恢复。传输检查点时,可以指定输出文件。

在源系统上:

[root@localhost ~]# podman container checkpoint hungry_visvesvaraya -e /tmp/algg.tar.gz
32927806ea54e854e487362d39d738666ea7006767141a8a4f7af4ad9eb315d3
[root@localhost ~]# 
[root@localhost ~]# scp /tmp/algg.tar.gz 192.168.10.150:/tmp
The authenticity of host '192.168.10.150 (192.168.10.150)' can't be established. //客户机的ip地址
ECDSA key fingerprint is SHA256:n0Dkwe1M34tJ4a5o5+F7/QfqfwCkHlPmjNl+BKqWjgY.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.10.150' (ECDSA) to the list of known hosts.
[email protected]'s password:  //客户机的密码
algg.tar.gz                                      100% 6703KB 162.4MB/s   00:00    
[root@localhost ~]# 

在目标系统上

[root@localhost ~]# podman container restore -i /tmp/algg.tar.gz
Trying to pull registry.fedoraproject.org/f29/httpd:latest...
Getting image source signatures
Copying blob d77ff9f653ce done  
Copying blob aaf5ad2e1aa3 done  
Copying blob 7692efc5f81c done  
Copying config 25c76f9dcd done  
Writing manifest to image destination
Storing signatures
Error: failed to mount shm tmpfs "/var/lib/containers/storage/overlay-containers/32927806ea54e854e487362d39d738666ea7006767141a8a4f7af4ad9eb315d3/userdata/shm": invalid argument
[root@localhost ~]# 

image

停止容器

[root@localhost ~]# podman stop -l
32927806ea54e854e487362d39d738666ea7006767141a8a4f7af4ad9eb315d3
[root@localhost ~]# 
[root@localhost ~]# podman ps -a
32927806ea54  registry.fedoraproject.org/f29/httpd:latest  /usr/bin/run-http...  39 minutes ago  Exited (0) 12 minutes ago  0.0.0.0:8080->8080/tcp  hungry_visvesvaraya

如何使用podman签署和分发容器镜像

[root@localhost ~]# gpg --full-gen-key
gpg (GnuPG) 2.2.20; Copyright (C) 2020 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
  (14) Existing key from card
Your selection? 
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 
Requested keysize is 2048 bits
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0) 
Key does not expire at all
Is this correct? (y/N) y

GnuPG needs to construct a user ID to identify your key.

Real name: daojiang
Email address: [email protected]
Comment: alg
You selected this USER-ID:
    "daojiang (alg) <[email protected]>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
         ┌─┐
             │ Please enter the passphrase to                       │
             │ protect your new key                                 │
             │                                                      │
             │ Passphrase: ******
             │                                                      │
             │       <OK>                              <Cancel>     │
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key 3503977B1F4F8C4F marked as ultimately trusted
gpg: directory '/root/.gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/root/.gnupg/openpgp-revocs.d/535227B0CA69106F3E93A5A23503977B1F4F8C4F.rev'
public and secret key created and signed.

pub   rsa2048 2022-08-15 [SC]
      535227B0CA69106F3E93A5A23503977B1F4F8C4F
uid                      daojiang (alg) <[email protected]>
sub   rsa2048 2022-08-15 [E]


查看生成的密钥
[root@localhost ~]# gpg --list-keys [email protected]
gpg: checking the trustdb
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
pub   rsa2048 2022-08-15 [SC]
      535227B0CA69106F3E93A5A23503977B1F4F8C4F
uid           [ultimate] daojiang (alg) <[email protected]>
sub   rsa2048 2022-08-15 [E]

[root@localhost ~]# 

alpine为签名实验选择一个标准镜像

[root@localhost ~]# podman pull docker://docker.io/alpine:latest
Trying to pull docker.io/library/alpine:latest...
Getting image source signatures
Copying blob 59bf1c3509f3 done  
Copying config c059bfaa84 done  
Writing manifest to image destination
Storing signatures
c059bfaa849c4d8e4aecaeb3a10c2d9b3d85f5165c66ad3a4d937758128c4d18
[root@localhost ~]# 
[root@localhost ~]# podman images
REPOSITORY                            TAG         IMAGE ID      CREATED       SIZE
docker.io/library/alpine              latest      c059bfaa849c  8 months ago  5.87 MB

部署harbor

[root@harbor ~]# wget https://github.com/goharbor/harbor/releases/download/v2.5.3/harbor-offline-installer-v2.5.3.tgz
将下载好的文件上传至root下
[root@harbor ~]# ls
anaconda-ks.cfg  harbor-offline-installer-v2.5.3.tgz
[root@harbor local]# cd harbor/
[root@harbor harbor]# ls
LICENSE  common.sh  harbor.v2.5.3.tar.gz  harbor.yml.tmpl  install.sh  prepare
[root@harbor harbor]# cp harbor.yml.tmpl harbor.yml
[root@harbor harbor]# vi harbor.yml
hostname: harbor.example.com
# http related config
http:
  # port for http, default is 80. If https enabled, this port will redirect to https port
  port: 80
# https related config
#https:
  # https port for harbor, default is 443
  #port: 443
  # The path of cert and key files for nginx
 #certificate: /your/certificate/path
 #private_key: /your/private/key/path
[root@harbor harbor]# ./install.sh
[+] Running 10/10
 ⠿ Network harbor_harbor        Created                                       0.2s
 ⠿ Container harbor-log         Started                                       0.6s
 ⠿ Container harbor-portal      Started                                       2.2s
 ⠿ Container registryctl        Started                                       2.2s
 ⠿ Container redis              Started                                       2.4s
 ⠿ Container registry           Started                                       2.2s
 ⠿ Container harbor-db          Started                                       2.4s
 ⠿ Container harbor-core        Started                                       2.8s
 ⠿ Container nginx              Started                                       3.6s
 ⠿ Container harbor-jobservice  Started                                       3.3s
✔ ----Harbor has been installed and started successfully.----
[root@harbor harbor]# 
[root@harbor harbor]# 
[root@harbor harbor]# ss -anlt
State    Recv-Q   Send-Q     Local Address:Port      Peer Address:Port   Process   
LISTEN   0        128              0.0.0.0:80             0.0.0.0:*                
LISTEN   0        128              0.0.0.0:22             0.0.0.0:*                
LISTEN   0        128            127.0.0.1:1514           0.0.0.0:*                
LISTEN   0        128                 [::]:80                [::]:*                
LISTEN   0        128                 [::]:22                [::]:*                
[root@harbor harbor]# 
重新标记镜像
[root@localhost ~]# podman tag alpine 192.168.10.145/alpine:v0.1
[root@localhost ~]# podman images 
REPOSITORY                TAG         IMAGE ID      CREATED       SIZE
docker.io/library/alpine  latest      c059bfaa849c  8 months ago  5.87 MB
192.168.10.145/alpine    v0.1        c059bfaa849c  8 months ago  5.87 MB
[root@localhost ~]#
修改系统范围的注册表配置 /etc/containers/registries.d/default.yaml:
sigstore: 引用 Web 服务器进行签名读取
sigstore-staging: 引用文件路径进行签名写入
[root@localhost ~]# vim /etc/containers/registries.d/default.yaml 
default-docker:
  sigstore: http://192.168.10.145
  sigstore-staging: file:///var/lib/containers/sigstore

标签:基本,httpd,key,harbor,podman,设置,root,localhost
From: https://www.cnblogs.com/nie123/p/16590236.html

相关文章

  • podman的基本设置与podman签名
    目录podman的基本设置和使用签名和分发podman的基本设置和使用//注:因为只有一个容器所有使用的-l参数创建一个容器并放在后台运行做一个端口映射-p[root@harborhar......
  • Day02 基本的Dos命令
    基本的DOS指令打开CMD的方式开始+系统+命令提示符win键+R输入cmd打开控制台(推荐使用)在任意的文件夹下面,按住shift键+鼠标右键点击,在此处打开命令行窗口资源管理器的......
  • php新建画布并设置颜色
    <?phpheader("Content-Type:image/png");$img=imagecreatetruecolor(400,300);//imagejpeg($img);//imagejpeg($img,"./img/copy_img01.jpg",10);$color1=imagecol......
  • centos7防火墙基本操作
    开启、关闭、查看防火墙状态systemctl方式systemctlstatusfirewalld  #查看状态(防火墙为开启状态active(running),防火墙为关闭状态inactive(dead))systemctl......
  • 设置SQL*Plus运行环境
    set命令基本语法在Oracle11g数据库中,用户可以使用set命令来设置SQL*Plus的运行环境;setsystem_variablevalue;system_variable:变量名;value:变量值;通过set命令设置......
  • CentOS系统中yum的基本用法
    最小化安装系统时,yum可能会因为网卡配置问题,随机启动配置,导致无法使用,在shell里面输入:yum--help ,结果显示yum已经正常安装了!!到底是哪里出了问题呢?经过网友的提示,我知......
  • python菜鸟学习: 5.字符串的基本用法
    #-*-coding:utf-8-*-str1="mynameisliyuzhoupan"#首字母大写print(str1.capitalize())#统计字符串中的字符出现的次数print(str1.count("n"))#自动补齐多......
  • Arthas(6):options全局设置
    options作用:全局开关名称默认值描述unsafefalse是否支持对系统级别的类进行增强,打开该开关可能导致把JVM搞挂,请慎重选择!dumpfalse是否支持被增强了的......
  • 字符串的基本运用
    cds 字符串的基本运用string(字符串)是c++中一种相当方便的数据类型,他由很多的字符组成,和char比较起来,他不必担心内存是否足够,而既然他自成一个类型,它的使用范围很......
  • CloseableHttpClient设置超时时间demo 未设置默认是2分钟
    #CloseableHttpClient设置超时时间demo未设置默认是2分钟importorg.apache.http.HttpHeaders;importorg.apache.http.client.config.RequestConfig;importorg.ap......