Touch Podman that can be used with rootless instead of Docker
table of contents
Hello,
the vegetable room of the house
is cute in the burjaning invalid system solution.
It's cold again recently.
This time, I would like to write an article about podman for beginners.
.-- "-. /-\ / / (o) (o) \ ~~~ |-= (, y,) =- ~~ .----. ~~ | = (x) = | ~ / (o (o) \ ~~~~~~~ | ~~
What is podman?
Abbreviation for Pod Manager.
It is an OSS container tool made by Red Hat. It is compatible with Docker and is almost the same. See the official document below for details.
https://www.redhat.com/ja/topics/containers/what- is-podman
picture? So isn't Docker good? As you may have thought,
Podman can be used with rootless (no root authority) by default, so it has a superiority in terms of security.
( * Docker is possible, but additional settings are required)
The reason why Rootless is safe is that
Docker works as a demon that Root has started and communicates from the host machine via Rest API.
At that time, it is the theory that ROOT authority is required to use the domain socket → it becomes possible to attack the host from the container .
Let's use it immediately.
install
■Environment
Ubuntu 24.04 LTS
The installation itself is easy.
* If you use Docker-Compose, you can add Podman-Compose
$ sudo apt update $ sudo apt install podman $ podman --Version podman version 4.9.3
Check the rootless mode (OK if it is true)
$ podman INFO | Grep Rootless Rootless: True
Image Pull
Since the installation is done, I will try to pull the Apache image as a general user.
$ podMan Pull Docker.io/httpd Trying to Pull docker.io/library/httpd:latest ... Getting Image Source SignatureS Copying Blob 79624B E | Copying Blob D7AD38C6DD97 Done | Copying Blob 4F4FB700EF54 Done | Copying Blob 9bd25D4F77 Done | Copying BLOB 7D9F97915DB2 Done | Copying Blob BC0965B23A04 Done | EDA02B26C9450E26719AFAFAF191463583217C4CE
Start it because it is completed.
This time, I will use TCP/8888.
$ podMan Run -DT -P 888: 80/tcp Docker.io/httpd 6e5578b63E131593325AA61C602AA8B089B089AC12D0F Confirm PODM An PS Container ID Image Command Created Status Ports Names 6e5578B6AB93 Docker.io/library/httpd:latest Httpd-ForeGround 5 Seconds ago Up 5 Seconds 0.0.0.0:8888-> 80/tcp QUIZZICAL_THARP
Since it has started, I will access it immediately.
OK if "IT WORKS!"
$ CURL http://127.0.0.1:8888<html><body><h1> IT WORKS!</h1></body></html>
It was also displayed in the browser.
Like Docker, you can check the log and process status.
$ podman logs -L [Thu dec 12: 48: 15.89285 2024] [MPM_EVENT: Notice] [PID 1: TID 1] AH00489: Apache/2.4.62 (UNIX) Tions [Thu dec 12 02: 48: 15.893410 2024] [Core: Notice] [PID 1: TID 1] AH00094: COMMAND LINE: 'HTTPD -D Foreground' 10.0.2.100- [12/DEC/2024: 02: 57 +0000] Get /Http/1.1 "200 45 10.0.2.100- [12/Dec/2024: 02: 57 +0000]" Get /favicon.ico http/1.1 "404 196 10.0.2.100 - [12/Dec/2024 : 02: 50: 24 +0000] "GET/HTTP/1.1" 200 45 ~ $ PODMAN TOP -L User PPID %CPU Elapsed TTY TIME Command Root 1 0.000 4M36.020462289S HTTPD OREGROUND www-data 8 0.000 4M36.022222465S PTS/0 0S HTTPD -DFOREGROUND 1S PTS/0 0S httpd -dforeGround
Of course, although there are some differences, I think that anyone who is touching Docker can handle it without discomfort.
$ podman run quay.io/podman/hello trying to pull quay.io Opying Config 5DD467FCE5 Done | Writing Manifest to Image Destination! .. Hello Podman WORLD ...! .-- "- / --- \ / (o) (o) \ ~~~ |-= (, y,) =-| .--. /` \ | ~~ ~ ~ / oo \ ~~~ .---. ~~ | = (x) = | ~ / (o) \ ~~~~~~~~ | = (y _) =-| ~~~~ ~~~ | U | ~~ Project: https://github.com/containers/podman Website: https://podman.io desktop: https://podman- Desktop.io /docs.podman .io YouTube: https://youtube.com/@podman X/Twitter: @podman_io Mastodon: @ [Email Protected]
By the way, Podman official characters are not seals but " SELKIES ", a mythology creature of Scotland.
(It seems to come from calling the diplomatic flock "pods". Cute)
complete