Background check

If you are familiar with containers, you must have heard of Docker and maybe Kubernetes (the orchestrator). Here comes Podman which brings innovation to container tools in the spirit of Unix commands which do “one thing” well. If you have used Docker before, Podman offers a similar experience as the Docker CLI.

How Docker CLI Works

The Docker CLI is a client/server operation and the Docker CLI communicates with the Docker engine when it wants to create or manipulate the operations of a container. This client/server architecture can lead into problems in production because one, you have to start the Docker daemon before Docker CLI comes alive. The Docker CLI then sends an API call to the Docker Engine to launch Open Container Initiative (OCI) Container runtime, in most cases runc, to start the container (projectatomic.io). What this means is that the launched containers are child processes of the Docker Engine.

What is Podman?

What then is Podman? Podman is a daemonless container engine for developing, managing, and running OCI Containers on your Linux System.

Docker vs Podman

The major difference between Docker and Podman is that there is no daemon in Podman. It uses container runtimes as well for example runc but the launched containers are direct descendants of the podman process. This kind of architecture has its advantages such as the following:

  • Applied Cgroups or security constraints still control the container: Whatever cgroup constraints you apply on the podman command, the containers launched will receive those same constraints directly.
  • Advanced features of systemd can be utilized using this model: This can be done by placing podman into a systemd unit file and hence achieving more.

What about Libpod?

You must have seen Libpod on the title of this guide. Libpod just provides a library for applications looking to use the Container Pod concept, popularized by Kubernetes. It allows other tools to manage pods/container (projectatomic.io). Podman is the default CLI tool for using this library. There are other two important Libraries that make Podman possible:

  • containers/storage – This library allows one to use copy-on-write (COW) file systems, required to run containers.
  • containers/image – This library that allows one to download and install OCI Based Container Images from containers registries like Docker.io, Quay, and Artifactory, as well as many others (projectatomic.io).

These two libraries were built from the ground up to support multiple independent processes to interact with the libraries at the same time. A good example is that you can be running a full Kubernetes environment with CRI-O, building container images using Buildah and managing your containers and pods with Podman at the same time (projectatomic.io). This brings the spirit of Unix commands which do “one thing” well. Such a combination of tools is not possible with Docker.

Install Podman on CentOS / Fedora / Ubuntu

Let us look at how Podman is installed in CentOS and Fedora

How To Install Podman on CentOS & Fedora

If you are on Ubuntu, please check:

How to install Podman on Ubuntu

For Debian, use:

How To Install Podman on Debian

Pull image using Podman

# podman pull ubuntu
 Trying to pull registry.access.redhat.com/ubuntu:latest…Failed
 Trying to pull docker.io/ubuntu:latest…Getting image source signatures
 Copying blob sha256:6abc03819f3e00a67ed5adc1132cfec041d5f7ec3c29d5416ba0433877547b6f
  27.52 MB / 27.52 MB [=====================================================] 17s
 Copying blob sha256:05731e63f21105725a5c062a725b33a54ad8c697f9c810870c6aa3e3cd9fb6a2
  844 B / 844 B [============================================================] 0s
 Copying blob sha256:0bd67c50d6beeb55108476f72bea3b4b29a9f48832d6e045ec66b7ac4bf712a0
  164 B / 164 B [============================================================] 0s
 Copying config sha256:7698f282e5242af2b9d2291458d4e425c75b25b0008c1e058d66b717b4c06fa9
  3.27 KB / 3.27 KB [========================================================] 0s
 Writing manifest to image destination
 Storing signatures
 7698f282e5242af2b9d2291458d4e425c75b25b0008c1e058d66b717b4c06fa9

Managing images

To list downloaded images, use the command:

$ podman  images
REPOSITORY                 TAG      IMAGE ID       CREATED        SIZE
docker.io/library/ubuntu   latest   3556258649b2   2 weeks ago    66.6 MB
docker.io/library/alpine   latest   b7b28af77ffe   3 weeks ago    5.85 MB
docker.io/library/debian   latest   00bf7fdd8baf   4 weeks ago    119 MB
docker.io/library/centos   latest   9f38484d220f   4 months ago   209 MB

To remove an image, use -rmi option followed by image name/ID:

$ podman rmi 00bf7fdd8baf
00bf7fdd8baf2ba6f0918e1f48415b2a4a1a616806e7cf32527a749dd2ce4b2c

$ podman rmi docker.io/library/ubuntu
3556258649b2ef23a41812be17377d32f568ed9f45150a26466d2ea26d926c32

Tagging images

You can add your custom name to images to make it more intuitive and to remind you what the image does in your set up

# podman tag 7698f282e524 webserver

# podman images                    
 REPOSITORY                 TAG      IMAGE ID       CREATED       SIZE
 docker.io/library/ubuntu   latest   7698f282e524   4 weeks ago   72.3 MB
 localhost/webserver        latest   7698f282e524   4 weeks ago   72.3 MB

Running Containers

To run a simple container using Ubuntu image which prints a message, use:

# podman run --rm ubuntu /bin/echo "Computing for Geeks" 
Computing for Geeks

To run a container in background (detached mode), use -d option.

podman run -dt -p 8080:8080/tcp -e HTTPD_VAR_RUN=/var/run/httpd -e HTTPD_MAIN_CONF_D_PATH=/etc/httpd/conf.d \
                  -e HTTPD_MAIN_CONF_PATH=/etc/httpd/conf \
                  -e HTTPD_CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/httpd/ \
                  registry.fedoraproject.org/f29/httpd /usr/bin/run-httpd

This will return the container ID:

Trying to pull registry.fedoraproject.org/f29/httpd...Getting image source signatures
Copying blob d77ff9f653ce done
Copying blob aaf5ad2e1aa3 done
Copying blob 7692efc5f81c done
Copying config 25c76f9dcd done
Writing manifest to image destination
Storing signatures
d2cdf0efb0ddc6e2ae52a5a0bdadababa6ee6cc2e1e49145c92a0474b089b664

Listing running containers

The Podman ps command is used to list creating and running containers.

$ podman ps
CONTAINER ID  IMAGE                                        COMMAND               CREATED        STATUS            PORTS                   NAMES
d2cdf0efb0dd  registry.fedoraproject.org/f29/httpd:latest  container-entrypo...  4 minutes ago  Up 4 minutes ago  0.0.0.0:8080->8080/tcp  cranky_borg

Searching in Podman

$ sudo podman search httpd

Run a shell in a container

To access a container shell, use the options -it:

# podman run -it ubuntu bash
[email protected]:/#
[email protected]:/# apt update
 Get:1 http://archive.ubuntu.com/ubuntu bionic InRelease [242 kB]
 Get:2 http://security.ubuntu.com/ubuntu bionic-security InRelease [88.7 kB]          
 Get:3 http://security.ubuntu.com/ubuntu bionic-security/universe amd64 Packages [717 kB]
 Get:4 http://archive.ubuntu.com/ubuntu bionic-updates InRelease [88.7 kB]        
 Get:5 http://security.ubuntu.com/ubuntu bionic-security/main amd64 Packages [535 kB]
 Get:6 http://archive.ubuntu.com/ubuntu bionic-backports InRelease [74.6 kB]

# podman ps
CONTAINER ID  IMAGE                            COMMAND  CREATED         STATUS             PORTS  NAMES
 cf4267fb7a2b  docker.io/library/ubuntu:latest  bash     28 seconds ago  Up 27 seconds ago         nostalgic_archimedes

Inspecting Containers

This displays the low-level information on containers and images identified by name or ID.

# podman inspect 024a277cc474
[
    {
        "ID": "024a277cc4748ab48539c9ddea15d98c0e0bccc307506c44fbce12ec6c568dfc",
        "Created": "2019-06-14T10:58:07.764967058-04:00",
        "Path": "/bin/bash",
        "Args": [
            "/bin/bash"

See more on usage:

$ podman inspect --help

Removing containers

$ podman ps -a

CONTAINER ID  IMAGE                            COMMAND               CREATED        STATUS                    PORTS  NAMES
 024a277cc474  docker.io/library/ubuntu:latest  /bin/bash             3 minutes ago  Exited (0) 3 minutes ago         laughing_blackwell
 cf4267fb7a2b  docker.io/library/ubuntu:latest  bash                  4 hours ago    Exited (0) 2 hours ago           nostalgic_archimedes
 b800dd64ba11  docker.io/library/ubuntu:latest  /bin/bash             4 hours ago    Exited (0) 4 hours ago           optimistic_hypatia

# podman rm 024a277cc474
024a277cc4748ab48539c9ddea15d98c0e0bccc307506c44fbce12ec6c568dfc

To remove all containers, both running and stopped use:

podman rm $(podman ps -a -q)

Viewing the container’s logs

You can view the container’s logs with Podman as well:

$ sudo podman logs --latest

You can also specify container ID:

$ podman logs d2cdf0efb0dd

To follow the logs output in real-time, use:

$ podman logs -f  ContainerID
$ podman logs --follow=true --since 10m ContainerID

Show only last 10 lines in logs:

$ podman logs --tail 10 d2cdf0efb0dd

Viewing the container’s pids

Use podman top to view container’s pids.

$ sudo podman top <container_id>

Example:

$  sudo podman top d2cdf0efb0dd
USER      PID   PPID   %CPU    ELAPSED            TTY     TIME   COMMAND
default   1     0      0.000   29m22.496484247s   pts/0   0s     httpd -D FOREGROUND 
default   22    1      0.000   29m21.496767511s   pts/0   0s     /usr/bin/coreutils --coreutils-prog-shebang=cat /usr/bin/cat 
default   23    1      0.000   29m21.496866314s   pts/0   0s     /usr/bin/coreutils --coreutils-prog-shebang=cat /usr/bin/cat 
default   24    1      0.000   29m21.497020539s   pts/0   0s     /usr/bin/coreutils --coreutils-prog-shebang=cat /usr/bin/cat 
default   25    1      0.000   29m21.497127237s   pts/0   0s     /usr/bin/coreutils --coreutils-prog-shebang=cat /usr/bin/cat 
default   26    1      0.000   29m21.49723933s    pts/0   0s     httpd -D FOREGROUND 
default   27    1      0.000   29m21.497361006s   pts/0   0s     httpd -D FOREGROUND 
default   28    1      0.000   29m21.497459891s   pts/0   0s     httpd -D FOREGROUND 
default   29    1      0.000   29m21.497552695s   pts/0   0s     httpd -D FOREGROUND 

Checkpointing the container

Checkpointing a container stops the container while writing the state of all processes in the container to disk. This capability requires CRIU 3.11 or later installed on the system. See CRIU installation.

sudo podman container checkpoint <container_id>

Example:

$ sudo podman container checkpoint d2cdf0efb0dd

A container can later be restored and continue running at exactly the same point in time as the checkpoint.

sudo podman container restore <container_id>

Migrate the container

First checkpoint the container on the source system:

sudo podman container checkpoint <container_id> -e /tmp/checkpoint.tar.gz

Copy it to the destination server:

scp /tmp/checkpoint.tar.gz <destination_system>:/tmp

On the destination system, restore container:

sudo podman container restore -i /tmp/checkpoint.tar.gz

Conclusion

Podman shows a lot of promise in the future of Containerization. In fact, Red Hat did not just remove the Docker container engine from OpenShift. It also removed the Docker container engine, along with the docker command, from Red Hat Enterprise Linux 8 entirely. Thank you for reading through.

Reference :

Also Read:

Managing Docker Containers with Docker Compose

How To Dockerize a Django Application on Linux

How to Install and use Packer on Ubuntu

How to Setup Docker Private Registry on Ubuntu