podman的基本设置和使用
目录
运行httpd示例容器
[root@localhost ~]# podman run -dt -p 8080:8080/tcp -e HTTPD_VAR_RUN=/run/httpd -e HTTPD_MAIN_CONF_D_PATH=/etc/httpd/conf.d \
> -e HTTPD_MAIN_CONF_PATH=/etc/httpd/conf \
> -e HTTPD_CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/httpd/ \
> registry.fedoraproject.org/f29/httpd /usr/bin/run-httpd
Trying to pull registry.fedoraproject.org/f29/httpd:latest...
Getting image source signatures
Copying blob aaf5ad2e1aa3 done
Copying blob d77ff9f653ce done
Copying blob 7692efc5f81c done
Copying config 25c76f9dcd done
Writing manifest to image destination
Storing signatures
995f7e14f01208bf6249253bb0e0d699790fb884c3c5974f1a35da1b486253f3
[root@localhost ~]# rpm -qa |grep slirp4netns
slirp4netns-1.1.8-1.module_el8.5.0+890+6b136101.x86_64
//由于容器在分离模式下运行(在命令中由 -d 表示),因此 Podman 将在运行后打印容器 ID。请注意,我们使用端口转发来访问 HTTP 服务器。要成功运行,至少需要 slirp4netns v0.3.0。
列出和检查正在运行的容器
[root@localhost ~]# podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
995f7e14f012 registry.fedoraproject.org/f29/httpd:latest /usr/bin/run-http... 3 minutes ago Up 3 minutes ago 0.0.0.0:8080->8080/tcp vibrant_cohen
[root@localhost ~]# podman inspect -l |grep -i ipaddress
"IPAddress": "10.88.0.7",
"IPAddress": "10.88.0.7",
//检查正在运行的容器您可以“检查”正在运行的容器,以获取有关其自身的元数据和详细信息。我们甚至可以使用 inspect 子命令来查看分配给容器的 IP 地址。由于容器在无根模式下运行,因此不会分配 IP 地址,并且该值将在检查的输出中列为“无”。
注意:-l 是最新容器的便利参数。还可以使用容器的 ID 而不是 -l。
测试httpd服务器
[root@localhost ~]# curl 10.88.0.7:8080
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Test Page for the Apache HTTP Server on Fedora</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<style type="text/css">
/*<![CDATA[*/
....
//由于我们没有容器的 IP 地址,我们可以使用 curl 测试宿主操作系统和容器之间的网络通信。
通过宿主机加上映射出来的端口进行访问:
查看容器日志
您可以使用 Podman 查看容器的日志:
[root@localhost ~]# podman logs -l
=> sourcing 10-set-mpm.sh ...
=> sourcing 20-copy-config.sh ...
=> sourcing 40-ssl-certs.sh ...
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 10.88.0.7. Set the 'ServerName' directive globally to suppress this message
[Tue Aug 16 03:20:25.159854 2022] [ssl:warn] [pid 1:tid 139622578482560] AH01882: Init: this version of mod_ssl was compiled against a newer library (OpenSSL 1.1.1b FIPS 26 Feb 2019, version currently loaded is OpenSSL 1.1.1 FIPS 11 Sep 2018) - may result in undefined or erroneous behavior
[Tue Aug 16 03:20:25.160887 2022] [ssl:warn] [pid 1:tid 139622578482560] AH01909: 10.88.0.7:8443:0 server certificate does NOT include an ID which matches the server name
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 10.88.0.7. Set the 'ServerName' directive globally to suppress this message
[Tue Aug 16 03:20:25.225009 2022] [ssl:warn] [pid 1:tid 139622578482560] AH01882: Init: this version of mod_ssl was comp