[Osaka/Yokohama/Tokushima] Looking for infrastructure/server side engineers!

[Osaka/Yokohama/Tokushima] Looking for infrastructure/server side engineers!

[Deployed by over 500 companies] AWS construction, operation, maintenance, and monitoring services

[Deployed by over 500 companies] AWS construction, operation, maintenance, and monitoring services

[Successor to CentOS] AlmaLinux OS server construction/migration service

[Successor to CentOS] AlmaLinux OS server construction/migration service

[For WordPress only] Cloud server “Web Speed”

[For WordPress only] Cloud server “Web Speed”

[Cheap] Website security automatic diagnosis “Quick Scanner”

[Cheap] Website security automatic diagnosis “Quick Scanner”

[Reservation system development] EDISONE customization development service

[Reservation system development] EDISONE customization development service

[Registration of 100 URLs is 0 yen] Website monitoring service “Appmill”

[Registration of 100 URLs is 0 yen] Website monitoring service “Appmill”

[Compatible with over 200 countries] Global eSIM “Beyond SIM”

[Compatible with over 200 countries] Global eSIM “Beyond SIM”

[If you are traveling, business trip, or stationed in China] Chinese SIM service “Choco SIM”

[If you are traveling, business trip, or stationed in China] Chinese SIM service “Choco SIM”

[Global exclusive service] Beyond's MSP in North America and China

[Global exclusive service] Beyond's MSP in North America and China

[YouTube] Beyond official channel “Biyomaru Channel”

[YouTube] Beyond official channel “Biyomaru Channel”

Touch Podman that can be used with rootless instead of Docker

Hello,
the vegetable room of the house
is cute in the burjaning invalid system solution.

It's cold again recently.
This time, I would like to write an article about podman for beginners.

         .-- "-. /-\ / / (o) (o) \ ~~~ |-= (, y,) =- ~~ .----. ~~ | = (x) = | ~ / (o (o) \ ~~~~~~~ | ~~ 

What is podman?

Abbreviation for Pod Manager.
It is an OSS container tool made by Red Hat. It is compatible with Docker and is almost the same. See the official document below for details.
https://www.redhat.com/ja/topics/containers/what- is-podman

picture? So isn't Docker good? As you may have thought,
Podman can be used with rootless (no root authority) by default, so it has a superiority in terms of security.
( * Docker is possible, but additional settings are required)

The reason why Rootless is safe is that
Docker works as a demon that Root has started and communicates from the host machine via Rest API.
At that time, it is the theory that ROOT authority is required to use the domain socket → it becomes possible to attack the host from the container .

Let's use it immediately.

install

■Environment

Ubuntu 24.04 LTS

The installation itself is easy.
* If you use Docker-Compose, you can add Podman-Compose

$ sudo apt update $ sudo apt install podman $ podman --Version podman version 4.9.3

Check the rootless mode (OK if it is true)

$ podman INFO | Grep Rootless Rootless: True

Image Pull

Since the installation is done, I will try to pull the Apache image as a general user.

$ podMan Pull Docker.io/httpd Trying to Pull docker.io/library/httpd:latest ... Getting Image Source SignatureS Copying Blob 79624B E | Copying Blob D7AD38C6DD97 Done | Copying Blob 4F4FB700EF54 Done | Copying Blob 9bd25D4F77 Done | Copying BLOB 7D9F97915DB2 Done | Copying Blob BC0965B23A04 Done | EDA02B26C9450E26719AFAFAF191463583217C4CE

Start it because it is completed.
This time, I will use TCP/8888.

$ podMan Run -DT -P 888: 80/tcp Docker.io/httpd 6e5578b63E131593325AA61C602AA8B089B089AC12D0F ​​Confirm PODM An PS Container ID Image Command Created Status Ports Names 6e5578B6AB93 Docker.io/library/httpd:latest Httpd-ForeGround 5 Seconds ago Up 5 Seconds 0.0.0.0:8888-> 80/tcp QUIZZICAL_THARP

Since it has started, I will access it immediately.
OK if "IT WORKS!"

$ CURL http://127.0.0.1:8888<html><body><h1> IT WORKS!</h1></body></html>

It was also displayed in the browser.

Like Docker, you can check the log and process status.

$ podman logs -L [Thu dec 12: 48: 15.89285 2024] [MPM_EVENT: Notice] [PID 1: TID 1] AH00489: Apache/2.4.62 (UNIX) Tions [Thu dec 12 02: 48: 15.893410 2024] [Core: Notice] [PID 1: TID 1] AH00094: COMMAND LINE: 'HTTPD -D Foreground' 10.0.2.100- [12/DEC/2024: 02: 57 +0000] Get /Http/1.1 "200 45 10.0.2.100- [12/Dec/2024: 02: 57 +0000]" Get /favicon.ico http/1.1 "404 196 10.0.2.100 - [12/Dec/2024 : 02: 50: 24 +0000] "GET/HTTP/1.1" 200 45 ~ $ PODMAN TOP -L User PPID %CPU Elapsed TTY TIME Command Root 1 0.000 4M36.020462289S HTTPD OREGROUND www-data 8 0.000 4M36.022222465S PTS/0 0S HTTPD -DFOREGROUND 1S PTS/0 0S httpd -dforeGround 

Of course, although there are some differences, I think that anyone who is touching Docker can handle it without discomfort.

$ podman run quay.io/podman/hello trying to pull quay.io Opying Config 5DD467FCE5 Done | Writing Manifest to Image Destination! .. Hello Podman WORLD ...! .-- "- / --- \ / (o) (o) \ ~~~ |-= (, y,) =-| .--. /` \ | ~~ ~ ~ / oo \ ~~~ .---. ~~ | = (x) = | ~ / (o) \ ~~~~~~~~ | = (y _) =-| ~~~~ ~~~ | U | ~~ Project: https://github.com/containers/podman Website: https://podman.io desktop: https://podman- Desktop.io /docs.podman .io YouTube: https://youtube.com/@podman X/Twitter: @podman_io Mastodon: @ [Email Protected]

By the way, Podman official characters are not seals but " SELKIES ", a mythology creature of Scotland.
(It seems to come from calling the diplomatic flock "pods". Cute)

complete

If you found this article helpful , please give it a like!
2
Loading...
2 votes, average: 1.00 / 12
64
X facebook Hatena Bookmark pocket
[2025.6.30 Amazon Linux 2 support ended] Amazon Linux server migration solution

[2025.6.30 Amazon Linux 2 support ended] Amazon Linux server migration solution

The person who wrote this article

About the author

Kawa Ken


A curious Poke○n who belongs to the System Solution Department.