podman容器开机自启（root用户与普通用户）

文章目录podman容器开机自启（root用户与普通用户）1.运行容器2.配置开机自启动文件3.重新加载并启动查看4.podman普通用户的使用5.podman网络设置6.podman网络管理podman容器开机自启（root用户与普通用户）1.运行容器[root@localhost ~]# podman imagesREPOSITORYTAGIMAGE IDCREATEDSIZEdocker.i

Lfei5120

3722人浏览 · 2021-12-15 20:30:37

Lfei5120 · 2021-12-15 20:30:37 发布

文章目录

podman容器开机自启（root用户与普通用户）
- 1.运行容器

podman容器开机自启（root用户与普通用户）

1.运行容器

[root@localhost ~]# podman images
REPOSITORY               TAG         IMAGE ID      CREATED      SIZE
docker.io/library/nginx  latest      f652ca386ed1  13 days ago  146 MB
[root@localhost ~]# podman run -d --name nginx -p 1314:80 f652ca386ed1
c3869a4f0282c9492a0c35daed7af24d7eb7857c040d0b89a46fecdeb8c33c3f
[root@localhost ~]# podman ps 
CONTAINER ID  IMAGE                           COMMAND               CREATED        STATUS             PORTS                 NAMES
c3869a4f0282  docker.io/library/nginx:latest  nginx -g daemon o...  9 seconds ago  Up 10 seconds ago  0.0.0.0:1314->80/tcp  nginx
[root@localhost ~]#

2.配置开机自启动文件

[root@localhost ~]# cat /etc/systemd/system/nginx_conteainer.service
[Unit]
Description=Podman Nginx Service
After=network.target
After=network-online.target

[Service]
Type=simple
ExecStart=/usr/bin/podman start -a nginx
ExecStop=/usr/bin/podman stop -t 10 nginx
Restart=always

[Install]
WantedBy=multi-user.target
[root@localhost ~]#

3.重新加载并启动查看

[root@localhost ~]# systemctl daemon-reload
[root@localhost ~]# systemctl enable --now nginx_conteainer.service 
Created symlink /etc/systemd/system/multi-user.target.wants/nginx_conteainer.service → /etc/systemd/system/nginx_conteainer.service.
[root@localhost ~]# systemctl status nginx_conteainer.service 
● nginx_conteainer.service - Podman Nginx Service
   Loaded: loaded (/etc/systemd/system/nginx_conteainer.service; enabled; vendor preset: disabled)
   Active: active (running) since Wed 2021-12-15 06:19:09 EST; 54s ago
 Main PID: 2648 (podman)
    Tasks: 6 (limit: 4743)
   Memory: 21.7M
   CGroup: /system.slice/nginx_conteainer.service
           └─2648 /usr/bin/podman start -a nginx

12月 15 06:19:09 localhost.localdomain systemd[1]: Started Podman Nginx Service.
[root@localhost ~]#

4.podman普通用户的使用

用户切换

[root@localhost ~]# useradd shuaige
[root@localhost ~]# id shuaige
uid=1000(shuaige) gid=1000(shuaige) 组=1000(shuaige)
[root@localhost ~]# su - shuaige
[shuaige@localhost ~]$

拉取镜像

[shuaige@localhost ~]$ podman images
REPOSITORY  TAG         IMAGE ID    CREATED     SIZE
[shuaige@localhost ~]$ podman pull nginx
✔ docker.io/library/nginx:latest
Trying to pull docker.io/library/nginx:latest...
Getting image source signatures
Copying blob e5ae68f74026 done  
Copying blob 77700c52c969 done  
Copying blob 881ff011f1c9 done  
Copying blob 21e0df283cd6 done  
Copying blob 44be98c0fab6 done  
Copying blob ed835de16acd done  
Copying config f652ca386e done  
Writing manifest to image destination
Storing signatures
f652ca386ed135a4cbe356333e08ef0816f81b2ac8d0619af01e2b256837ed3e
[shuaige@localhost ~]$ podman images
REPOSITORY               TAG         IMAGE ID      CREATED      SIZE
docker.io/library/nginx  latest      f652ca386ed1  13 days ago  146 MB
[shuaige@localhost ~]$

启动容器

[shuaige@localhost ~]$ podman images
REPOSITORY               TAG         IMAGE ID      CREATED      SIZE
docker.io/library/nginx  latest      f652ca386ed1  13 days ago  146 MB
[shuaige@localhost ~]$ podman run -d --name nginx1   f652ca386ed1
7719240f82c4ce0de783191283b714752a37ceac6367bd735ec23c3662d78442
[shuaige@localhost ~]$ podman ps -a 
CONTAINER ID  IMAGE                           COMMAND               CREATED             STATUS            PORTS                 NAMES
6faf5d5d5f88  docker.io/library/nginx:latest  nginx -g daemon o...  About a minute ago  Created           0.0.0.0:1314->80/tcp  nginx
7719240f82c4  docker.io/library/nginx:latest  nginx -g daemon o...  4 seconds ago       Up 4 seconds ago                        nginx1
[shuaige@localhost ~]$

生成配置文件

[shuaige@localhost ~]$ mkdir -p .config/systemd/sb
[shuaige@localhost ~]$ cd .config/systemd/sb/
[shuaige@localhost sb]$ podman generate  systemd --files --name nginx
/home/shuaige/.config/systemd/sb/container-nginx.service
[shuaige@localhost sb]$ cat container-nginx.service 
# container-nginx.service
# autogenerated by Podman 3.4.1-dev
# Wed Dec 15 06:25:39 EST 2021

[Unit]
Description=Podman container-nginx.service
Documentation=man:podman-generate-systemd(1)
Wants=network-online.target
After=network-online.target
RequiresMountsFor=/tmp/podman-run-1000/containers

[Service]
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
ExecStart=/usr/bin/podman start nginx
ExecStop=/usr/bin/podman stop -t 10 nginx
ExecStopPost=/usr/bin/podman stop -t 10 nginx
PIDFile=/tmp/podman-run-1000/containers/overlay-containers/6faf5d5d5f88d3cf44e9bee36e03c3cb5f8808c22d8e3d82524acd7470a3f759/userdata/conmon.pid
Type=forking

[Install]
WantedBy=multi-user.target default.target
[shuaige@localhost sb]$

给刚刚创建的用户设置密码

[root@localhost ~]# passwd shuaige
更改用户 shuaige 的密码 。
新的 密码：
无效的密码： 密码是一个回文
重新输入新的 密码：
passwd：所有的身份验证令牌已经成功更新。
[root@localhost ~]#

远程连接刚刚创建的shuaige用户

[root@localhost ~]# ssh shuaige@localhost
The authenticity of host 'localhost (::1)' can't be established.
ECDSA key fingerprint is SHA256:oDBGQcnlTFVTQKBmNb4NuYln0Z9TDf2WhJo9gHNvbGs.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 'localhost' (ECDSA) to the list of known hosts.
shuaige@localhost's password: 
Last login: Wed Dec 15 06:28:18 2021
[shuaige@localhost ~]$

设置开机自启动

[shuaige@localhost sb]$ systemctl --user enable --now  container-nginx.service
Created symlink /home/shuaige/.config/systemd/user/multi-user.target.wants/container-nginx.service → /home/shuaige/.config/systemd/sb/container-nginx.service.
Created symlink /home/shuaige/.config/systemd/user/default.target.wants/container-nginx.service → /home/shuaige/.config/systemd/sb/container-nginx.service.
[shuaige@localhost sb]$ systemctl --user status container-nginx.service
● container-nginx.service - Podman container-nginx.service
   Loaded: loaded (/home/shuaige/.config/systemd/sb/container-nginx.service; enabled; vendor preset: enabled)
   Active: active (running) since Wed 2021-12-15 07:25:24 EST; 3min 24s ago
     Docs: man:podman-generate-systemd(1)
 Main PID: 7978 (conmon)
   CGroup: /user.slice/user-1000.slice/user@1000.service/container-nginx.service
           ├─7972 /usr/bin/slirp4netns --disable-host-loopback --mtu=65520 --enable-sandbox --enable-seccomp -c -e 3 -r 4 --netns>
           ├─7975 /usr/bin/fuse-overlayfs -o ,lowerdir=/home/shuaige/.local/share/containers/storage/overlay/l/UBB5BCEQLHQ2G7RFOR>
           ├─7978 /usr/bin/conmon --api-version 1 -c 7ed9063a90a9c3b48096ee8fcec60e799c6103fb8fe8ae9226bf8e7d5eee1591 -u 7ed9063a>
           ├─7981 nginx: master process nginx -g daemon off;
           └─8000 nginx: worker process
lines 1-11/11 (END)

5.podman网络设置

指定网络并运行一个容器

创建podman2网络

[root@localhost ~]# podman network create  podman2
/etc/cni/net.d/podman2.conflist
[root@localhost ~]#

–subnet指定subnet创建网络

podman network create --sunet 网段创建的网络名

[root@localhost ~]# podman network create --subnet  192.6.0.0/16 newnet
/etc/cni/net.d/newnet.conflist
[root@localhost ~]#

–gateway 指定网关

podman network create --subnet 网段 --gateway 网关地址 newnet1

[root@localhost ~]# podman network create --subnet 192.168.13.0/24  --gateway 192.168.13.2 newnet1
/etc/cni/net.d/newnet1.conflist
[root@localhost ~]#

–ip-range 指定ip起始地址

[root@localhost ~]# podman network create --subnet 192.168.14.0/24 --ip-range 192.168.14.13/25 newnet2
/etc/cni/net.d/newnet2.conflist
[root@localhost ~]#

查看刚刚创建的网络

[root@localhost ~]# podman network ls 
NETWORK ID    NAME        VERSION     PLUGINS
2f259bab93aa  podman      0.4.0       bridge,portmap,firewall,tuning
884e74728f04  newnet      0.4.0       bridge,portmap,firewall,tuning
45b3499a170b  newnet1     0.4.0       bridge,portmap,firewall,tuning
31213d4efd11  newnet2     0.4.0       bridge,portmap,firewall,tuning
4d24ca3baa36  podman2     0.4.0       bridge,portmap,firewall,tuning
[root@localhost ~]#

使用刚刚创建的网络，并运行一个容器

格式： podman run --name 容器名 --network 网络名称镜像名

[root@localhost ~]# podman run -dt --name nginx2 --network podman2  nginx:latest
b926e6a2a1b16b8275fa59813d30139c03ab6678933219fd551acc7105e8c742
[root@localhost ~]#

查看改容器的网络IP

[root@localhost ~]# podman inspect nginx | grep IP
            "IPAddress": "10.88.0.3",
            "IPPrefixLen": 16,
            "IPv6Gateway": "",
            "GlobalIPv6Address": "",
            "GlobalIPv6PrefixLen": 0,
            "LinkLocalIPv6Address": "",
            "LinkLocalIPv6PrefixLen": 0,
                    "IPAddress": "10.88.0.3",
                    "IPPrefixLen": 16,
                    "IPv6Gateway": "",
                    "GlobalIPv6Address": "",
                    "GlobalIPv6PrefixLen": 0,
                    "IPAMConfig": null,
[root@localhost ~]#

6.podman网络管理

注意：启动一个容器后,会出现cni-poman0网卡，容器启动时,默认会连接podman网络

[root@localhost ~]# ip a show cni-podman0
3: cni-podman0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether ae:fa:0b:90:77:8e brd ff:ff:ff:ff:ff:ff
    inet 10.88.0.1/16 brd 10.88.255.255 scope global cni-podman0
       valid_lft forever preferred_lft forever
    inet6 fe80::acfa:bff:fe90:778e/64 scope link 
       valid_lft forever preferred_lft forever
[root@localhost ~]#

查看容器网路

[root@localhost ~]# podman network ls
NETWORK ID    NAME        VERSION     PLUGINS
2f259bab93aa  podman      0.4.0       bridge,portmap,firewall,tuning
884e74728f04  newnet      0.4.0       bridge,portmap,firewall,tuning
45b3499a170b  newnet1     0.4.0       bridge,portmap,firewall,tuning
31213d4efd11  newnet2     0.4.0       bridge,portmap,firewall,tuning
4d24ca3baa36  podman2     0.4.0       bridge,portmap,firewall,tuning
[root@localhost ~]#

断开网络（disconnect）

[root@localhost ~]# podman network disconnect podman2 nginx2
[root@localhost ~]#

重启容器网络（reload）

[root@localhost ~]# podman network reload nginx2
b926e6a2a1b16b8275fa59813d30139c03ab6678933219fd551acc7105e8c742
[root@localhost ~]#

删除podman网络（rm）

[root@localhost ~]# podman network ls 
NETWORK ID    NAME        VERSION     PLUGINS
2f259bab93aa  podman      0.4.0       bridge,portmap,firewall,tuning
884e74728f04  newnet      0.4.0       bridge,portmap,firewall,tuning
45b3499a170b  newnet1     0.4.0       bridge,portmap,firewall,tuning
31213d4efd11  newnet2     0.4.0       bridge,portmap,firewall,tuning
4d24ca3baa36  podman2     0.4.0       bridge,portmap,firewall,tuning
[root@localhost ~]# podman network rm newnet1 newnet2
newnet1
newnet2
[root@localhost ~]# podman network ls 
NETWORK ID    NAME        VERSION     PLUGINS
2f259bab93aa  podman      0.4.0       bridge,portmap,firewall,tuning
884e74728f04  newnet      0.4.0       bridge,portmap,firewall,tuning
4d24ca3baa36  podman2     0.4.0       bridge,portmap,firewall,tuning
[root@localhost ~]#

向您推荐>>Eolink开发者社区

权威｜前沿｜技术｜干货｜国内首个API全生命周期开发者社区

更多推荐

ELK实现containerd的容器日志采集展示【基于logging的全栈监测】

企业级ELK Stack构建介绍

云原生

深入理解 Mocha 测试框架：从零实现一个 Mocha

前言什么是自动化测试自动化测试在很多团队中都是Devops环节中很难执行起来的一个环节，主要原因在于测试代码的编写工作很难抽象，99%的场景都需要和业务强绑定，而且写测试代码的编写工作量往往比编写实际业务代码的工作量更多。在一些很多业务场景中投入产出比很低，适合写自动化测试的应该是那些中长期业务以及一些诸如组件一样的基础库。自动化测试是个比较大的概念，其中分类也比较多，比如单元测试，端对端测试，集

云原生

(20200916 Solved)docker-compose up创建容器自动退出

问题描述如题，创建容器后自动退出了。并且docker start container无效解决方案原因是缺失了控制终端的配置，需要在docker-compose.yml中增加tty:true ，有时候这样也不行，需要再增加一个command:/bin/bash，命令不一定是这个，需要是一个不会退出的命令，然后用-d后台启动容器。Referencesdocker-compose启动容器后自动退出...