个人中心
gpt4 book ai didi

docker - Podman 中的 Podman,类似于 Docker 中的 Docker?

转载 作者:行者123 更新时间:2023-12-02 19:14:08 32 4
gpt4 key购买 nike

有没有办法在 Podman 中运行 Podman,类似于在 Docker 中运行 Docker 的方式?
这是我的 Dockerfile 的一个片段,它强烈基于 another question :

FROM debian:10.6

RUN apt update && apt upgrade -qqy && \
    apt install -qqy iptables bridge-utils \
                     qemu-kvm libvirt-daemon libvirt-clients virtinst libvirt-daemon-system \
                     cpu-checker kmod && \
    apt -qqy install curl sudo gnupg2 && \
    echo "deb https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/Debian_10/ /" > /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list && \
    curl -L https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/Debian_10/Release.key | sudo apt-key add - && \
    apt update && \
    apt -qqy install podman
现在尝试一些测试: 
$ podman run -it my/test bash -c "podman --storage-driver=vfs info"
... (long output; this works fine)

$ podman run -it my/test bash -c "podman --storage-driver=vfs images"
ERRO[0000] unable to write system event: "write unixgram @000ec->/run/systemd/journal/socket: sendmsg: no such file or directory" 
REPOSITORY  TAG     IMAGE ID  CREATED  SIZE

$ podman run -it my/test bash -c "podman --storage-driver=vfs run docker.io/library/hello-world"
ERRO[0000] unable to write system event: "write unixgram @000ef->/run/systemd/journal/socket: sendmsg: no such file or directory" 
Trying to pull docker.io/library/hello-world...
Getting image source signatures
Copying blob 0e03bdcc26d7 done  
Copying config bf756fb1ae done  
Writing manifest to image destination
Storing signatures
ERRO[0003] unable to write pod event: "write unixgram @000ef->/run/systemd/journal/socket: sendmsg: no such file or directory" 
ERRO[0003] Error preparing container 66692b7ff496775499d405d538769a078f2794549955cf2409fcbcbf87f42e94: error creating network namespace for container 66692b7ff496775499d405d538769a078f2794549955cf2409fcbcbf87f42e94: mount --make-rshared /var/run/netns failed: "operation not permitted" 
Error: failed to mount shm tmpfs "/var/lib/containers/storage/vfs-containers/66692b7ff496775499d405d538769a078f2794549955cf2409fcbcbf87f42e94/userdata/shm": operation not permitted
我也尝试过 other question 的建议,通过 --cgroup-manager=cgroupfs ,但没​​有成功: 
$ podman run -it my/test bash -c "podman --storage-driver=vfs --cgroup-manager=cgroupfs run docker.io/library/hello-world"
Trying to pull docker.io/library/hello-world...
Getting image source signatures
Copying blob 0e03bdcc26d7 done  
Copying config bf756fb1ae done  
Writing manifest to image destination
Storing signatures
ERRO[0003] unable to write pod event: "write unixgram @000f3->/run/systemd/journal/socket: sendmsg: no such file or directory" 
ERRO[0003] Error preparing container c3fff4d8161903aaebd6f89f3b3c06b55038e11e07b6b561dc6576ca675747a3: error creating network namespace for container c3fff4d8161903aaebd6f89f3b3c06b55038e11e07b6b561dc6576ca675747a3: mount --make-rshared /var/run/netns failed: "operation not permitted" 
Error: failed to mount shm tmpfs "/var/lib/containers/storage/vfs-containers/c3fff4d8161903aaebd6f89f3b3c06b55038e11e07b6b561dc6576ca675747a3/userdata/shm": operation not permitted
似乎需要一些网络配置。我发现下面的项目表明可能需要对网络配置进行一些调整,但我不知道它的上下文是什么以及它是否适用于此。
https://github.com/joshkunz/qemu-docker
编辑 :我刚刚发现 /var/run/podman.sock ,但也没有成功: 
$ sudo podman run -it -v /run/podman/podman.sock:/run/podman/podman.sock my/test bash -c "podman --storage-driver=vfs --cgroup-manager=cgroupfs run docker.io/library/hello-world"
Trying to pull my/test...
  denied: requested access to the resource is denied
Trying to pull my:test...
  unauthorized: access to the requested resource is not authorized
Error: unable to pull my/text: 2 errors occurred:
        * Error initializing source docker://my/test: Error reading manifest latest in docker.io/my/test: errors:
denied: requested access to the resource is denied
unauthorized: authentication required

        * Error initializing source docker://quay.io/my/test:latest: Error reading manifest latest in quay.io/my/test: unauthorized: access to the requested resource is not authorized
似乎 root 看不到我在我的用户下创建的图像。
有任何想法吗?谢谢。

最佳答案

假设我们想在 docker.io/library/alpine 容器中运行 ls /
标准 Podman

podman run --rm docker.io/library/alpine ls /
Podman 中的 Podman
让我们在 docker.io/library/alpine 容器中运行 ls /,但这次我们在 quay.io/podman/stable 容器中运行 podman
2021 年 6 月更新
GitHub issue comment 显示了如何在 Podman 中以非 root 用户身份在主机和外部容器中运行 Podman 的示例。稍微修改一下,它看起来像这样: 
podman \
  run \
    --rm \
    --security-opt label=disable \
    --user podman \
    quay.io/podman/stable \
      podman \
        run \
          --rm \
          docker.io/library/alpine \
            ls /
这是一个完整的例子: 
$ podman --version
podman version 3.2.1
$ cat /etc/fedora-release 
Fedora release 34 (Thirty Four)
$ uname -r
5.12.11-300.fc34.x86_64
$ podman \
  run \
    --rm \
    --security-opt label=disable \
    --user podman \
    quay.io/podman/stable \
      podman \
        run \
          --rm \
          docker.io/library/alpine \
            ls / 
Trying to pull docker.io/library/alpine:latest...
Getting image source signatures
Copying blob sha256:5843afab387455b37944e709ee8c78d7520df80f8d01cf7f861aae63beeddb6b
Copying config sha256:d4ff818577bc193b309b355b02ebc9220427090057b54a59e73b79bdfe139b83
Writing manifest to image destination
Storing signatures
bin
dev
etc
home
lib
media
mnt
opt
proc
root
run
sbin
srv
sys
tmp
usr
var
$
为避免重复下载内部容器镜像,
创建卷 
podman volume create mystorage
并添加命令行选项 -v mystorage:/home/podman/.local/share/containers:rw到外部 Podman 命令。换句话说 
podman \
  run \
    -v mystorage:/home/podman/.local/share/containers:rw \
    --rm \
    --security-opt label=disable \
    --user podman \
    quay.io/podman/stable \
      podman \
        run \
          --rm \
          docker.io/library/alpine \
            ls /
Podman 中的 Podman(过时的答案)
(2020 年 12 月的旧过时答案。当很明显此处描述的方法已过时时,我可能会删除它)
让我们在 docker.io/library/alpine 容器中运行 ls /,但这次我们在 quay.io/podman/stable 容器中运行 podman
该命令将如下所示: 
podman \
  run \
    --privileged \
    --rm \
    --ulimit host \
    -v /dev/fuse:/dev/fuse:rw \
    -v ./mycontainers:/var/lib/containers:rw \
    quay.io/podman/stable \
      podman \
        run \
          --rm \
          --user 0 \
          docker.io/library/alpine ls
(这里的目录./mycontainers用于容器存储)
这是一个完整的例子 
$ podman --version
podman version 2.1.1
$ mkdir mycontainers
$ podman run --privileged --rm --ulimit host -v /dev/fuse:/dev/fuse:rw -v ./mycontainers:/var/lib/containers:rw   quay.io/podman/stable podman run --rm --user 0 docker.io/library/alpine ls | head -5
Trying to pull docker.io/library/alpine...
Getting image source signatures
Copying blob sha256:188c0c94c7c576fff0792aca7ec73d67a2f7f4cb3a6e53a84559337260b36964
Copying config sha256:d6e46aa2470df1d32034c6707c8041158b652f38d2a9ae3d7ad7e7532d22ebe0
Writing manifest to image destination
Storing signatures
bin
dev
etc
home
lib
$ podman run --privileged --rm --ulimit host -v /dev/fuse:/dev/fuse:rw -v ./mycontainers:/var/lib/containers:rw  quay.io/podman/stable podman images
REPOSITORY                TAG     IMAGE ID      CREATED     SIZE
docker.io/library/alpine  latest  d6e46aa2470d  4 days ago  5.85 MB
如果您省略 -v ./mycontainers:/var/lib/containers:rw,您可能会看到稍微令人困惑的错误消息 
Error: executable file `ls` not found in $PATH: No such file or directory: OCI runtime command not found error
引用:
  • How to use Podman inside of a container 来自 2021 年 7 月的 Red Hat 博客文章。
  • discussion.fedoraproject.org(关于在 $PATH 中找不到的讨论)
  • github comment(提供有关在 Podman 中运行 Podman 的正确方法的建议)

    • 关于docker - Podman 中的 Podman,类似于 Docker 中的 Docker?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/64509618/

    32 4 0
    文章推荐: python - 如何在python中热重载grpc-server?
    文章推荐: python - 迭代 python 列表值,其中每个组合仅出现一次但位置独立
    文章推荐: assembly - DUP 运算符(operator)在哪里进行计数?
    文章推荐: r - ggplot : why is automated text printed in legend's fill?
    行者123
    个人简介

    我是一名优秀的程序员,十分优秀!

    滴滴打车优惠券免费领取
    滴滴打车优惠券
    全站热门文章
    Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
    广告合作:1813099741@qq.com 6ren.com