Trying out Podman, a rootless alternative to Docker
table of contents
Hello,
the vegetable compartment in my house, which has versioning disabled
this is Kawai from the System Solutions Department regarding
It's gotten cold again recently.
This time, I'd like to write an article about Podman for beginners.
.--"--. / - - \ / (O) (O) \ ~~~| -=(,Y,)=- | .---. /` \ |~~ ~/ oo \~~~~.----. ~~ | =(X)= |~ / (O (O) \ ~~~~~~~ ~| =(Y_)=- | ~~~~ ~~~| U |~~
What is Podman?
Pod Manager
is an open-source container tool developed by Red Hat. It is compatible with Docker and is used in almost the same way. For more details, please refer to the official documentation below:
https://www.redhat.com/ja/topics/containers/what-is-podman
You might be thinking, "Wait, why not just use Docker?" But
Podmanhas an advantage in terms of security because it can be used rootless (without root privileges) by default.
(※It's also possible with Docker, but it requires additional configuration.)
The reason why rootless is considered safe is that
Docker runs as a daemon started by root and communicates with the host machine via a REST API.
Because it uses domain sockets, root privileges are required,attacks from the container to the host become possible.
Let's try it out right away
install
■Environment
Ubuntu 24.04 LTS
Installation itself is easy.
the equivalent "podman-compose, you can also install
$ sudo apt update $ sudo apt install podman $ podman --version podman version 4.9.3
Check rootless mode (if it's true, it's OK)
$ podman info | grep rootless rootless: true
Image pull
Now that the installation is complete, let's try pulling the Apache image as a normal user
$ podman pull docker.io/library/httpd Trying to pull docker.io/library/httpd:latest... Getting image source signatures Copying blob 79b49624e34b done | Copying blob d7ad38c6dd97 done | Copying blob 4f4fb700ef54 done | Copying blob 9bd25d4f7b77 done | Copying blob 7d9f97915db2 done | Copying blob bc0965b23a04 done | Copying config 494b2b45fd done | Writing manifest to image destination 494b2b45fd74cbf7eb7dc9cfeda02b26c9450e26719afaf1914635832217c4ce
It's finished, so I'll start it.
This time I'll use TCP/8888.
$ podman run -dt -p 8888:80/tcp docker.io/library/httpd 6e5578b6ab93e131593325aa61c8b78487d6d602a74c78b714aa8b089ac12d0f # Check startup status $ podman ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 6e5578b6ab93 docker.io/library/httpd:latest httpd-foreground 5 seconds ago Up 5 seconds 0.0.0.0:8888->80/tcp quizzical_tharp
It's started up, so let's try accessing it right away.
If it displays "It works!", then it's OK.
$ curl http://127.0.0.1:8888<html><body><h1> It works!</h1></body></html>
It also appears in the browser
Just like Docker, you can also check logs and process status
$ podman logs -l [Thu Dec 12 02:48:15.892285 2024] [mpm_event:notice] [pid 1:tid 1] AH00489: Apache/2.4.62 (Unix) configured -- resuming normal operations [Thu Dec 12 02:48:15.893410 2024] [core:notice] [pid 1:tid 1] AH00094: Command line: 'httpd -D FOREGROUND' 10.0.2.100 - - [12/Dec/2024:02:48:57 +0000] "GET / HTTP/1.1" 200 45 10.0.2.100 - - [12/Dec/2024:02:48:57 +0000] "GET /favicon.ico HTTP/1.1" 404 196 10.0.2.100 - - [12/Dec/2024:02:50:24 +0000] "GET / HTTP/1.1" 200 45 ~$ podman top -l USER PID PPID %CPU ELAPSED TTY TIME COMMAND root 1 0 0.000 4m36.020462289s pts/0 0s httpd -DFOREGROUND www-data 8 1 0.000 4m36.022522465s pts/0 0s httpd -DFOREGROUND www-data 9 1 0.000 4m36.02299156s pts/0 0s httpd -DFOREGROUND www-data 10 1 0.000 4m36.023751351s pts/0 0s httpd -DFOREGROUND
Of course, there are some differences, but I think anyone who has used Docker will be able to use it without any problems
$ podman run quay.io/podman/hello Trying to pull quay.io/podman/hello:latest... Getting image source signatures Copying blob 81df7ff16254 done | Copying config 5dd467fce5 done | Writing manifest to image destination !... Hello Podman World ...! .--"--. / - - \ / (O) (O) \ ~~~| -=(,Y,)=- | .---. /` \ |~~ ~/ oo \~~~~.----. ~~ | =(X)= |~ / (O (O) \ ~~~~~~~ ~| =(Y_)=- | ~~~~ ~~~| U |~~ Project: https://github.com/containers/podman Website: https://podman.io Desktop: https://podman-desktop.io Documents: https://docs.podman.io YouTube: https://youtube.com/@Podman X/Twitter: @Podman_io Mastodon: @[email protected]
Incidentally, Podman's official character isn't a seal, butSelkieapparently a mythical Scottish creature called
(It seems the name comes from the fact that a group of Selkies is called a "pods." So cute!)
complete
4
Loading...4 
The person who wrote this article
About the author
