podman容器开机自启（root用户与普通用户）

文章目录podman容器开机自启（root用户与普通用户）1.运行容器2.配置开机自启动文件3.重新加载并启动查看4.podman普通用户的使用5.podman网络设置6.podman网络管理podman容器开机自启（root用户与普通用户）1.运行容器[root@localhost ~]# podman imagesREPOSITORYTAGIMAGE IDCREATEDSIZEdocker.i

Lfei5120

3566人浏览 · 2021-12-15 20:30:37

Lfei5120 · 2021-12-15 20:30:37 发布

文章目录

podman容器开机自启（root用户与普通用户）
- 1.运行容器

podman容器开机自启（root用户与普通用户）

1.运行容器

[root@localhost ~]# podman images
REPOSITORY               TAG         IMAGE ID      CREATED      SIZE
docker.io/library/nginx  latest      f652ca386ed1  13 days ago  146 MB
[root@localhost ~]# podman run -d --name nginx -p 1314:80 f652ca386ed1
c3869a4f0282c9492a0c35daed7af24d7eb7857c040d0b89a46fecdeb8c33c3f
[root@localhost ~]# podman ps 
CONTAINER ID  IMAGE                           COMMAND               CREATED        STATUS             PORTS                 NAMES
c3869a4f0282  docker.io/library/nginx:latest  nginx -g daemon o...  9 seconds ago  Up 10 seconds ago  0.0.0.0:1314->80/tcp  nginx
[root@localhost ~]#

2.配置开机自启动文件

[root@localhost ~]# cat /etc/systemd/system/nginx_conteainer.service
[Unit]
Description=Podman Nginx Service
After=network.target
After=network-online.target

[Service]
Type=simple
ExecStart=/usr/bin/podman start -a nginx
ExecStop=/usr/bin/podman stop -t 10 nginx
Restart=always

[Install]
WantedBy=multi-user.target
[root@localhost ~]#

3.重新加载并启动查看

[root@localhost ~]# systemctl daemon-reload
[root@localhost ~]# systemctl enable --now nginx_conteainer.service 
Created symlink /etc/systemd/system/multi-user.target.wants/nginx_conteainer.service → /etc/systemd/system/nginx_conteainer.service.
[root@localhost ~]# systemctl status nginx_conteainer.service 
● nginx_conteainer.service - Podman Nginx Service
   Loaded: loaded (/etc/systemd/system/nginx_conteainer.service; enabled; vendor preset: disabled)
   Active: active (running) since Wed 2021-12-15 06:19:09 EST; 54s ago
 Main PID: 2648 (podman)
    Tasks: 6 (limit: 4743)
   Memory: 21.7M
   CGroup: /system.slice/nginx_conteainer.service
           └─2648 /usr/bin/podman start -a nginx

12月 15 06:19:09 localhost.localdomain systemd[1]: Started Podman Nginx Service.
[root@localhost ~]#

4.podman普通用户的使用

用户切换

[root@localhost ~]# useradd shuaige
[root@localhost ~]# id shuaige
uid=1000(shuaige) gid=1000(shuaige) 组=1000(shuaige)
[root@localhost ~]# su - shuaige
[shuaige@localhost ~]$

拉取镜像

[shuaige@localhost ~]$ podman images
REPOSITORY  TAG         IMAGE ID    CREATED     SIZE
[shuaige@localhost ~]$ podman pull nginx
✔ docker.io/library/nginx:latest
Trying to pull docker.io/library/nginx:latest...
Getting image source signatures
Copying blob e5ae68f74026 done  
Copying blob 77700c52c969 done  
Copying blob 881ff011f1c9 done  
Copying blob 21e0df283cd6 done  
Copying blob 44be98c0fab6 done  
Copying blob ed835de16acd done  
Copying config f652ca386e done  
Writing manifest to image destination
Storing signatures
f652ca386ed135a4cbe356333e08ef0816f81b2ac8d0619af01e2b256837ed3e
[shuaige@localhost ~]$ podman images
REPOSITORY               TAG         IMAGE ID      CREATED      SIZE
docker.io/library/nginx  latest      f652ca386ed1  13 days ago  146 MB
[shuaige@localhost ~]$

启动容器

[shuaige@localhost ~]$ podman images
REPOSITORY               TAG         IMAGE ID      CREATED      SIZE
docker.io/library/nginx  latest      f652ca386ed1  13 days ago  146 MB
[shuaige@localhost ~]$ podman run -d --name nginx1   f652ca386ed1
7719240f82c4ce0de783191283b714752a37ceac6367bd735ec23c3662d78442
[shuaige@localhost ~]$ podman ps -a 
CONTAINER ID  IMAGE                           COMMAND               CREATED             STATUS            PORTS                 NAMES
6faf5d5d5f88  docker.io/library/nginx:latest  nginx -g daemon o...  About a minute ago  Created           0.0.0.0:1314->80/tcp  nginx
7719240f82c4  docker.io/library/nginx:latest  nginx -g daemon o...  4 seconds ago       Up 4 seconds ago                        nginx1
[shuaige@localhost ~]$

生成配置文件

[shuaige@localhost ~]$ mkdir -p .config/systemd/sb
[shuaige@localhost ~]$ cd .config/systemd/sb/
[shuaige@localhost sb]$ podman generate  systemd --files --name nginx
/home/shuaige/.config/systemd/sb/container-nginx.service
[shuaige@localhost sb]$ cat container-nginx.service 
# container-nginx.service
# autogenerated by Podman 3.4.1-dev
# Wed Dec 15 06:25:39 EST 2021

[Unit]
Description=Podman container-nginx.service
Documentation=man:podman-generate-systemd(1)
Wants=network-online.target
After=network-online.target
RequiresMountsFor=/tmp/podman-run-1000/containers

[Service]
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
ExecStart=/usr/bin/podman start nginx
ExecStop=/usr/bin/podman stop -t 10 nginx
ExecStopPost=/usr/bin/podman stop -t 10 nginx
PIDFile=/tmp/podman-run-1000/containers/overlay-containers/6faf5d5d5f88d3cf44e9bee36e03c3cb5f8808c22d8e3d82524acd7470a3f759/userdata/conmon.pid
Type=forking

[Install]
WantedBy=multi-user.target default.target
[shuaige@localhost sb]$

给刚刚创建的用户设置密码

[root@localhost ~]# passwd shuaige
更改用户 shuaige 的密码 。
新的 密码：
无效的密码： 密码是一个回文
重新输入新的 密码：
passwd：所有的身份验证令牌已经成功更新。
[root@localhost ~]#

远程连接刚刚创建的shuaige用户

[root@localhost ~]# ssh shuaige@localhost
The authenticity of host 'localhost (::1)' can't be established.
ECDSA key fingerprint is SHA256:oDBGQcnlTFVTQKBmNb4NuYln0Z9TDf2WhJo9gHNvbGs.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 'localhost' (ECDSA) to the list of known hosts.
shuaige@localhost's password: 
Last login: Wed Dec 15 06:28:18 2021
[shuaige@localhost ~]$

设置开机自启动

[shuaige@localhost sb]$ systemctl --user enable --now  container-nginx.service
Created symlink /home/shuaige/.config/systemd/user/multi-user.target.wants/container-nginx.service → /home/shuaige/.config/systemd/sb/container-nginx.service.
Created symlink /home/shuaige/.config/systemd/user/default.target.wants/container-nginx.service → /home/shuaige/.config/systemd/sb/container-nginx.service.
[shuaige@localhost sb]$ systemctl --user status container-nginx.service
● container-nginx.service - Podman container-nginx.service
   Loaded: loaded (/home/shuaige/.config/systemd/sb/container-nginx.service; enabled; vendor preset: enabled)
   Active: active (running) since Wed 2021-12-15 07:25:24 EST; 3min 24s ago
     Docs: man:podman-generate-systemd(1)
 Main PID: 7978 (conmon)
   CGroup: /user.slice/user-1000.slice/user@1000.service/container-nginx.service
           ├─7972 /usr/bin/slirp4netns --disable-host-loopback --mtu=65520 --enable-sandbox --enable-seccomp -c -e 3 -r 4 --netns>
           ├─7975 /usr/bin/fuse-overlayfs -o ,lowerdir=/home/shuaige/.local/share/containers/storage/overlay/l/UBB5BCEQLHQ2G7RFOR>
           ├─7978 /usr/bin/conmon --api-version 1 -c 7ed9063a90a9c3b48096ee8fcec60e799c6103fb8fe8ae9226bf8e7d5eee1591 -u 7ed9063a>
           ├─7981 nginx: master process nginx -g daemon off;
           └─8000 nginx: worker process
lines 1-11/11 (END)

5.podman网络设置

指定网络并运行一个容器

创建podman2网络

[root@localhost ~]# podman network create  podman2
/etc/cni/net.d/podman2.conflist
[root@localhost ~]#

–subnet指定subnet创建网络

podman network create --sunet 网段创建的网络名

[root@localhost ~]# podman network create --subnet  192.6.0.0/16 newnet
/etc/cni/net.d/newnet.conflist
[root@localhost ~]#

–gateway 指定网关

podman network create --subnet 网段 --gateway 网关地址 newnet1

[root@localhost ~]# podman network create --subnet 192.168.13.0/24  --gateway 192.168.13.2 newnet1
/etc/cni/net.d/newnet1.conflist
[root@localhost ~]#

–ip-range 指定ip起始地址

[root@localhost ~]# podman network create --subnet 192.168.14.0/24 --ip-range 192.168.14.13/25 newnet2
/etc/cni/net.d/newnet2.conflist
[root@localhost ~]#

查看刚刚创建的网络

[root@localhost ~]# podman network ls 
NETWORK ID    NAME        VERSION     PLUGINS
2f259bab93aa  podman      0.4.0       bridge,portmap,firewall,tuning
884e74728f04  newnet      0.4.0       bridge,portmap,firewall,tuning
45b3499a170b  newnet1     0.4.0       bridge,portmap,firewall,tuning
31213d4efd11  newnet2     0.4.0       bridge,portmap,firewall,tuning
4d24ca3baa36  podman2     0.4.0       bridge,portmap,firewall,tuning
[root@localhost ~]#

使用刚刚创建的网络，并运行一个容器

格式： podman run --name 容器名 --network 网络名称镜像名

[root@localhost ~]# podman run -dt --name nginx2 --network podman2  nginx:latest
b926e6a2a1b16b8275fa59813d30139c03ab6678933219fd551acc7105e8c742
[root@localhost ~]#

查看改容器的网络IP

[root@localhost ~]# podman inspect nginx | grep IP
            "IPAddress": "10.88.0.3",
            "IPPrefixLen": 16,
            "IPv6Gateway": "",
            "GlobalIPv6Address": "",
            "GlobalIPv6PrefixLen": 0,
            "LinkLocalIPv6Address": "",
            "LinkLocalIPv6PrefixLen": 0,
                    "IPAddress": "10.88.0.3",
                    "IPPrefixLen": 16,
                    "IPv6Gateway": "",
                    "GlobalIPv6Address": "",
                    "GlobalIPv6PrefixLen": 0,
                    "IPAMConfig": null,
[root@localhost ~]#

6.podman网络管理

注意：启动一个容器后,会出现cni-poman0网卡，容器启动时,默认会连接podman网络

[root@localhost ~]# ip a show cni-podman0
3: cni-podman0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether ae:fa:0b:90:77:8e brd ff:ff:ff:ff:ff:ff
    inet 10.88.0.1/16 brd 10.88.255.255 scope global cni-podman0
       valid_lft forever preferred_lft forever
    inet6 fe80::acfa:bff:fe90:778e/64 scope link 
       valid_lft forever preferred_lft forever
[root@localhost ~]#

查看容器网路

[root@localhost ~]# podman network ls
NETWORK ID    NAME        VERSION     PLUGINS
2f259bab93aa  podman      0.4.0       bridge,portmap,firewall,tuning
884e74728f04  newnet      0.4.0       bridge,portmap,firewall,tuning
45b3499a170b  newnet1     0.4.0       bridge,portmap,firewall,tuning
31213d4efd11  newnet2     0.4.0       bridge,portmap,firewall,tuning
4d24ca3baa36  podman2     0.4.0       bridge,portmap,firewall,tuning
[root@localhost ~]#

断开网络（disconnect）

[root@localhost ~]# podman network disconnect podman2 nginx2
[root@localhost ~]#

重启容器网络（reload）

[root@localhost ~]# podman network reload nginx2
b926e6a2a1b16b8275fa59813d30139c03ab6678933219fd551acc7105e8c742
[root@localhost ~]#

删除podman网络（rm）

[root@localhost ~]# podman network ls 
NETWORK ID    NAME        VERSION     PLUGINS
2f259bab93aa  podman      0.4.0       bridge,portmap,firewall,tuning
884e74728f04  newnet      0.4.0       bridge,portmap,firewall,tuning
45b3499a170b  newnet1     0.4.0       bridge,portmap,firewall,tuning
31213d4efd11  newnet2     0.4.0       bridge,portmap,firewall,tuning
4d24ca3baa36  podman2     0.4.0       bridge,portmap,firewall,tuning
[root@localhost ~]# podman network rm newnet1 newnet2
newnet1
newnet2
[root@localhost ~]# podman network ls 
NETWORK ID    NAME        VERSION     PLUGINS
2f259bab93aa  podman      0.4.0       bridge,portmap,firewall,tuning
884e74728f04  newnet      0.4.0       bridge,portmap,firewall,tuning
4d24ca3baa36  podman2     0.4.0       bridge,portmap,firewall,tuning
[root@localhost ~]#

向您推荐>>Eolink开发者社区

权威｜前沿｜技术｜干货｜国内首个API全生命周期开发者社区

更多推荐

沃云统一开发平台介绍

沃云集成平台研发平台介绍1.平台优势2.平台原理3.研发平台使用方法4.遇到的问题5.现阶段实现的功能6.后续需要补充的功能和优化内容研发平台介绍1.平台优势解决孤岛式应用，实现能力共享；现有系统框架过于复杂，跨系统业务处理成本居高不下，协同服务共享，降低运维成本；提高项目应用资源监控能力，改善资源利用率；业务微服务化，快速发布、快速部署，快速响应业务需求变化；沃云平台不仅提供了自动化的、可快速部

云原生

(20200916 Solved)docker-compose up创建容器自动退出

问题描述如题，创建容器后自动退出了。并且docker start container无效解决方案原因是缺失了控制终端的配置，需要在docker-compose.yml中增加tty:true ，有时候这样也不行，需要再增加一个command:/bin/bash，命令不一定是这个，需要是一个不会退出的命令，然后用-d后台启动容器。Referencesdocker-compose启动容器后自动退出...

云原生

基于docker的test-containers环境百宝箱

笔者语录：我开了个公众号【Java你我他】，欢迎大家关注。在很多时候，程序猿们更关注代码本身，而不愿意把时间花费在环境搭建上，这也是Docker变得越来越受欢迎的原因之一。test-containe是Docker生态圈中的一颗新星，其主要针对测试领域、背靠Docker实现环境百宝箱功能。 test-containers：你要的环境，我都有~ 假设我们现在需要一个redis-clust