Podman
Common Commands
volume
# 创建名为 postgres_volume 的卷,为卷添加元数据标签(组织分类,筛选查询)
podman volume create --label purpose=database postgres_volume
podman volume ls --filter label=purpose=database
podman volume ls
# postgres_volume卷 在系统中的精确位置
podman volume inspect postgres_volumeLinux(Ubuntu)
⚠️ 在 podman images 时如果警告 WARN[0000] "/" is not a shared mount, this could cause issues or missing mounts with rootless containers,手动将挂载点设置为共享 sudo mount --make-shared /, 上述命令需要在每次系统重启后运行Podman之前执行。
也可以在powershell中执行以下(在WSL中以root用户身份执行mount --make-rshared /,这会将根目录(/)及其所有子目录的挂载点设置为递归共享)
wsl.exe -u root -e mount --make-rshared /sudo apt update
sudo apt install -y podman
podman pull docker.io/mysql:latest
podman pull docker.io/mysql:5.7 # 指定版本
podman image -h # Manage images: https://docs.podman.io/en/latest/markdown/podman-image.1.html
podman images # List images in local storage: https://docs.podman.io/en/latest/markdown/podman-images.1.html
podman rmi [Image ID]
podman ps -a # 查看所有容器
podman start [CONTAINER ID] # Start one or more containers: https://docs.podman.io/en/latest/markdown/podman-start.1.html
podman stop [CONTAINER ID] # Stop one or more containers: https://docs.podman.io/en/latest/markdown/podman-stop.1.html
podman rm [CONTAINER ID] # Remove one or more containers: https://docs.podman.io/en/latest/markdown/podman-rm.1.html或者先配置 sudo vim /etc/containers/registries.conf
unqualified-search-registries = ["docker.io", "quay.io"]podman pull mysql:latestpodman run --name mysql-container -p 3306:3306 -v ~/mysql_data:/var/lib/mysql -e MYSQL_ROOT_PASSWORD=root -d mysql:latest--name mysql-container:为容器指定一个名称-v ~/mysql_data:/var/lib/mysql:将宿主机上的~/mysql_data目录挂载到容器的/var/lib/mysql目录-p 3306:3306:将宿主机的 3306 端口映射到容器的 3306 端口-e MYSQL_ROOT_PASSWORD=root:设置 MySQL 的 root 密码为 root-d:后台运行容器,并返回容器 ID,否则关掉 shell 容器就停了
🔺 注意:如果已经运行过一次 mysql 容器,想修改 root 密码再次运行时,不仅要删除容器,还要删除 ~/mysql_data 目录下的所有内容
如果你之前已经运行过容器并使用~/mysql_data 作为数据目录,那么该目录可能已经被初始化并设置了一个密码。当你再次运行容器并试图使用不同的密码时,它仍然会使用旧的密码。为了解决这个问题,你可以停止并删除容器,然后删除~/mysql_data 目录下的所有内容,再次运行容器。
cd ~/mysql_data
sudo rm -rf *查看 mysql 容器的 root 密码
podman inspect mysql-container # 查看容器的详细信息
podman inspect mysql-container | grep MYSQL_ROOT_PASSWORD进入容器
podman exec -it 【容器 ID】 bashcommand
run
https://www.runoob.com/docker/docker-run-command.html
Podman for Debian(WSL2)
Ubuntu 基于 Debian,都可使用apt-get
podman
# Ubuntu 20.10 and newer
sudo apt-get -y update
sudo apt-get -y install podman
sudo apt -y update
sudo apt -y install podmanmysql
podman run --name mysql -p 3306:3306 -v ~/mypod/mysql/data:/var/lib/mysql -e MYSQL_ROOT_PASSWORD=root -d mysql:latestpodman logs mysql 查看报错:chown: changing ownership of '/var/lib/mysql/': Operation not permitted,该报错的本质原因可参考
https://github.com/docker-library/mysql/issues/396,
Since there is not a supervisor or init system running in the container, things like
service mysql startwill not do what you expect. There is a bunch of setup that is done by thedocker-entrypoint.shscript that is not done when you start the container with thebashprocess. There is also the problem ofbashbeing pid 1, so once it exits, that container exits and all child processes — like those spawned by an init script — are killed.As for the
chownfailing that is often caused by Docker for Mac/Windows (or Boot2Docker/Docker Toolbox) folder sharing from the Docker virtual machine to the Host OS. The workaround is to just run the container as the owner of the directory you are trying to use:bash$ docker run -d -e MYSQL_ROOT_PASSWORD=admin -v ~/mypod/mysql/data:/var/lib/mysql --user 1000:50 mysql:latest $ # or whatever user and group id that the container sees on the mounted folder: $ docker run -it --rm -v ~/mypod/mysql/data:/var/lib/mysql mysql:latest ls -aln /var/lib/mysql
我这里使用ll 命令查看到~/mypod/mysql/data文件夹由root用户创建,改成非根用户创建之后,给予权限可读可写可执行(危险)chmod 777 ~/mypod/mysql/data之后解决,这不是最佳办法,chmod 777是一个危险操作,可以用上面的方法
至于 3306 端口占用,powershell 执行:netstat -aon|findstr "3306",结束对应 PID 进程即可
redis & redisinsight
https://redis.io/docs/install/install-stack/docker/ > https://dockerproxy.com/
podman pull dockerproxy.com/library/redis-stack:latest
podman run -d --name redis-stack -p 127.0.0.1:6379:6379 -p 13333:8001 -v ~/database_data/redis/local-redis-stack.conf:/redis-stack.conf -v ~/database_data/redis/local_data:/data -e REDIS_ARGS="--requirepass 123456 --appendonly yes" redis/redis-stack:latest
podman run -d --name redis-stack -p 127.0.0.1:6379:6379 -p 13333:8001 -v ~/database_data/redis/local-redis-stack.conf:/redis-stack.conf -v ~/database_data/redis/local_data:/data redis/redis-stack:latest网页直接 localhost:13333 访问,输入上面的密码 123456
local-redis-stack.conf 配置如下
bind 0.0.0.0
protected-mode no
appendonly no
requirepass 123456Podman for Windows(WSL2)
podman/podman-for-windows.md at main · containers/podman · GitHub
简而言之,容器是针对 Linux 而言的,对于 windows 则是基于 WSL2
先下载安装 podman-v.#.#.#.msi,Releases · containers/podman · GitHub
- powershell
podman machine init podman machine start
mysql
mysql - Official Image | Docker Hub
podman pull mysql:latest将默认 mysql 数据目录挂载到 host system
- Where to Store Data
- volume-mounting
-p HostPort:ContainerPort
podman run -d --name mysql -p 3306:3306 -v ~/mypod/mysql/data:/var/lib/mysql -e MYSQL_ROOT_PASSWORD=root mysql:latestredis
redis - Docker Image | Docker Hub
podman pull redis最详细的 docker 中安装并配置 redis - 腾讯云开发者社区-腾讯云 (tencent.com)
redis-server /etc/redis/redis.conf这个是关键配置,让 redis 不是无配置启动,而是按照这个 redis.conf 的配置启动–appendonly yesredis 启动后数据持久化
podman run -d -p 6379:6379 --name redis -v ~/mypod/redis/conf/redis.conf:/etc/redis/redis.conf -v ~/mypod/redis/data:/data redis-server /etc/redis/redis.conf --appendonly yes redisredis & redisinsight
redis/redis-stack - Docker Image | Docker Hub
# 阿里云镜像目前没这个镜像,指定完整镜像源
podman pull docker.io/redis/redis-stack
# 或者pull的时候选择docker.io镜像源
podman pull redis/redis-stack-d:后台运行容器,并返回容器 ID,否则关掉 shell 容器就停了;--name redis-stack和最后的redis/redis-stack:latest可以理解为对象和类的关系,类可以创建无数个对象 ———— 使用镜像redis/redis-stack:latest以后台模式启动一个容器,并将容器命名为redis-stack
podman run -d --name redis-stack -p 6379:6379 -p 8001:8001 -v ~/mypod/redis/conf/local-redis-stack.conf:/redis-stack.conf -v ~/mypod/redis/data:/data -e REDIS_ARGS="--requirepass 12345" -e REDIS_ARGS="--appendonly yes" redis/redis-stack:latest2024年5月31日测试最新版redis,springboot中可以直接连接127.0.0.1:6379了
💔 Unable to connect to Redis server: localhost/127.0.0.1:6379
❤️ it works , 似乎是 ip 的问题,但是 podman mysql 就可以正常连接。解决办法目前是在 WSL2 下查到 WSL2 本身对应的 ip,curl ip:6379 可正常连接,但这不应该是一个科学的办法,因为 ip 会变
https://github.com/microsoft/WSL/issues/5728#issuecomment-674883029
ifconfigip addr show eth0 | grep 'inet\b' | awk '{print $2}' | cut -d/ -f1💔 下面的并没有作用
redis-with-wsl2-podman-connection-refused
顺便看看这个: Accessing network applications with WSL | Microsoft Docs
You probably run into this WSL2 issue:
Solution:
- option 1: use
[::1]:6379instead oflocalhost:6379from Windows side- option 2: use
-p 127.0.0.1:6379:6379instead of-p 6379:6379withpodman run.
切换至国内镜像
🎉 阿里云镜像
# 编辑需要root权限
sudo vi /etc/containers/registries.conf
# 只需要在unqualified-search-registries添加阿里镜像就可以,正常情况pull的时候会让你选择镜像源,ustc中国科学技术大学
unqualified-search-registries = ["docker.io", "docker.mirrors.ustc.edu.cn", "xxxxxx.mirror.aliyuncs.com"]
# 🚫不需要这么复杂;location为上面阿里云镜像地址,不需要https://
unqualified-search-registries = ["docker.io"]
[[registry]]
prefix = "docker.io"
location = "xxxxxx.mirror.aliyuncs.com"ssh
- 添加至 Hosts
127.0.0.1:4472 localhost - powershell
podman machine ssh sudo ...
Rootfull & Rootless
🎉 注意,切换用户之后记得重启 podman machine start
Note: Rootfull and Rootless containers are distinct and isolated from one another. Podman commands against one (e.g., podman ps) will not represent results/state for the other.
root
# 设置根用户
podman machine stop
podman machine set --rootfulrootless
# To restore rootless execution, set rootful to false:
Podman machine stop
Podman machine set --rootful=falsecockpit
基于 web 的 Linux 服务器管理工具
Running Cockpit — Cockpit Project (cockpit-project.org)
安装
UbuntuBackports - Community Help Wiki
sudo apt update
sudo apt upgrade
. /etc/os-release
sudo apt install -t ${VERSION_CODENAME}-backports cockpitModel: GPT-4
在 Linux 系统中,. (点) 命令表示用当前 shell 执行指定的脚本文件。
当您运行
. /etc/os-release时,实际上是在当前 shell 环境中执行 /etc/os-release 文件。这样,脚本中定义的变量会在当前 shell 环境中生效,而不是在子 shell 中。这与使用 source 命令具有相同的效果。例如,您也可以用 source /etc/os-release 代替 . /etc/os-release。/etc/os-release 文件包含了 Linux 发行版的信息,例如名称、版本号、ID 等。当您执行 . /etc/os-release 或 source /etc/os-release 时,这些信息会作为环境变量被加载到当前 shell 环境中,然后您可以使用这些变量来获取或显示系统信息。例如,使用 echo $PRETTY_NAME 命令可以显示当前系统的发行版名称和版本。
If you are unsure of your release name, you can check it with:
lsb_release -csecho ${VERSION_CODENAME}cat /etc/os-release
启动
If you already have Cockpit on your server, point your web browser to: https://*ip-address-of-machine*:9090
If your browser is on the same machine where Cockpit is running, then visit localhost:9090
How to Install Cockpit on Ubuntu 22.04 | 20.04 LTS - Linux Shout
With successful installation, this web-based server management will be on your system. However, we have to start its service manually to access it. Also, at the same time enable it to start automatically in case of crash or system reboot.
sudo systemctl status cockpit # 请注意 Active 一行,如果它显示为 active (running),则表示 Cockpit 服务已成功启动并正在运行
# 启动 Cockpit 网络服务(Web 服务),允许你通过浏览器访问管理界面
sudo systemctl start cockpit
# 启动与 Cockpit 服务相关的 socket
# 在 systemd 中,socket 是一种特殊的单位,用于管理进程间通信(IPC)。通过使用 socket,Cockpit 可以在需要时按需启动,而不是始终运行。
# 当有新的请求到达 socket 时,Cockpit 服务将被自动启动,这种方法有助于节省系统资源
sudo systemctl start cockpit cockpit.socket ✅
sudo systemctl enable --now cockpit.socket ✅ # Cockpit在系统启动时自动运行,在需要时按需启动 Cockpit 服务
sudo systemctl disable cockpit.socket # 禁用 Cockpit 的 socket,这样在下次系统启动时,它不会自动启动
sudo systemctl stop cockpit cockpit.socket ✅
sudo journalctl -u cockpit # 如果服务无法启动,可以使用该命令查看与 Cockpit 服务相关的日志会报错:System has not been booted with systemd as init system (PID 1). Can't operate. Failed to connect to bus: Host is down ,因为 WSL2 在截至 2022 年 8 月 31 日时不支持 Systemd
wsl.exe --version 查看 WSL 版本:0.67.6.0以上版本的 WSL2 现已支持 Systemd
WSL2 现已支持 Systemd-2022.9.27
# 设置 systemd 开机自启(在 Linux 内执行以下命令)
sudo vim /etc/wsl.conf
# 设置以下内容
[boot]
systemd=true
# 退出 Linux 子系统,并关闭 WSL
wsl.exe --shutdown
# 重新进入 WSL ,输入⬇️⬇️⬇️,即可检验 systemd 的运行状态
systemctl list-unit-files --type=service解决 WSL2 不支持 Systemd🚫
How to handle the lack of Systemd ,有数种方式可以解决这个问题,以下为我试过的一种
Make your Current WSL2 Distro Run Systemd
# 妈的,翻墙也连不上,直接浏览器打开https://raw.githubusercontent.com...
curl -L -O "https://raw.githubusercontent.com/nullpo-head/wsl-distrod/main/install.sh"
# 我放到了 /home/my-config/install.sh
cd /home/myconfig
# 给予执行权限
chmod +x install.sh
# This script installs distrod, but doesn't enable it yet.
sudo ./install.sh installEnable distrod in your distro
You have two options. If you want to automatically start your distro on Windows startup, enable distrod by the following command
/opt/distrod/bin/distrod enable --start-on-windows-bootOtherwise,
/opt/distrod/bin/distrod enableYou can run
enablewith--start-on-windows-bootagain if you want to enable autostart later.
Disable Systemd Distrod
sudo /opt/distrod/bin/distrod disableUninstall distrod
# 在myconfig目录下卸载,看目录 /opt/distrod/
chmod +x install.sh
sudo ./install.sh uninstallRestart your distro
Close your WSL's terminal. Open a new Command Prompt window, and run the following command.
# 报错:🚫不存在具有所提供名称的分发
wsl --terminate DistrodAfter re-opening a new WSL window, your shell runs in a systemd session.
测试当前 systemctl 是否在 WSL2 下可用,可以在 wsl bash 下pstree或直接systemctl
新开 wsl bash 执行
常用的 Bash 就是 Shell 的一种,也是 Linux 下的默认 Shell 程序, Zsh 一个更强大,更人性化的 Shell
# 执行 /opt/distrod/bin/distrod enable 不加参数 --start-on-windows-boot 时,每次开机需要再次执行
sudo systemctl start cockpit cockpit.socket
sudo systemctl enable --now cockpit.socketlocalhost:9090 账-密(WSL2 的用户账密):root/klaus - root
Login Cockpit web management interface
We can use any user available on your system, however, it must be at least a non-root user with sudo access; so that you can manage various services directly using the Cockpit Interface. Alternatively, you go for the root user as well.
cockpit Extendable
Cockpit also supports a large list of optional and third-party applications.
Podman container support
Enable Podman container support
sudo apt install cockpit-podman -y