记录日常工作关于系统运维,虚拟化云计算,数据库,网络安全等各方面问题。

Centos8安装podman,自定义修改镜像,保存本地容器为镜像,上传本地镜像到私有仓库


 podman是一个用于处理容器的开源Linux工具。RHEL8开始,系统中的容器已经更换成podman。

我这里系统是centos8,下载好centos8_boot.iso后,找个国内源的地址,开始通过网络下载基础软件包,来安装centos8.具体就不说了。

然后在系统中安装了podman 容器,想装docker,也找不到软件包。

本次测试,就是将镜像中的tomcat7为基础镜像,修改镜像后,运行镜像后,修改运行的容器,然后修改容器配置,

再将运行中的容器,保存了为本地镜像,最后将本地镜像上传到私有仓库中。

刚开始在网上找了一些文章,毛病多,全是坑。

这里我自己整理下,其它很简单。

podman的命令说明与实例说明,请看这里 https://www.mankier.com/1/podman-push

https://www.mankier.com/package/podman-manpages  非常有用。


[root@k8s ~]#  dnf -y install podman

[root@k8s ~]#  yum module install -y container-tools 

安装podman工具很简单,其它软件包会自动安装。

这里我先搭建个私有仓库,可参考这里 https://www.92cto.com/blog/2148.html

将下面的命令docker 换成podman

[root@k8s ~]# docker pull webhippie/registry
Using default tag: latest
Trying to pull repository docker.io/webhippie/registry ...
latest: Pulling from docker.io/webhippie/registry
b8141ae1f663: Pull complete
13567e09b640: Pull complete
aaeefa8fabe4: Pull complete
b83abbbdca23: Pull complete
2314799e1038: Pull complete
4fc129cc61df: Pull complete
44b981355f00: Pull complete
e04c698eb149: Pull complete
401e5b270728: Pull complete
Digest: sha256:bba865b672c066f0276725f8c617bf824fbade6ec59764143b4e68919e4f3a80
Status: Downloaded newer image for docker.io/webhippie/registry:latest

运行docker私有仓库

[root@k8s ~]# docker run -d -v /registry:/var/lib/registry -p 5000:5000 --privileged=true --name registry webhippie/registry:latest

8e91fd9ab3c7801792c7e3e6388021f93989872d545754faf9b21afea6135d58

docker容器的命令,一些参数,podman并不支持。

如果成功执行,则表示我们的docker私有仓库搭建成功。

下面对这条命令的部分内容做下说明。

/registry表示宿主机目录,该目录如果不存在会自动创建。这里podman 不会创建,需要手工创建一个目录。

docker -v 宿主机目录:容器目录

在网上看到的解释:

把宿主机的目录挂载到容器中或者

把docker 容器中某目录的数据 加载到 宿主机的某个目录

这样做的目的是为了防止docker私有仓库这个容器被删除时,仓库里的镜像也会被删除。


3.在客户端制作镜像

[root@k8s ~]#   podman search tomcat
[root@k8s ~]#   podman pull docker.io/consol/tomcat-7.0

拉取基础镜像包,这里以tomcat7为例。

 [root@k8s ~]#   podman run -d -p 8080:8080 --name tomcat7-8080 docker.io/consol/tomcat-7.0

创建一个容器,外部访问端口8080,tomcat的web登陆账号与密码都是admin,

我这里就将密码修改成92ctocom为例。

 [root@k8s ~]#   podman exec tomcat7-8080 sed -i 's/password="admin"/password="tomcatpwd"/g' /opt/tomcat/conf/tomcat-users.xml

找到运行容器中的配置文件然后再修改,然后就可以将运行中的容器实例名,保存为本地镜像。

[root@k8s ~]# podman ps -a
CONTAINER ID  IMAGE                               COMMAND               CREATED            STATUS                PORTS                   NAMES
42c6d6ff7c0a  docker.io/library/registry:latest   /entrypoint.sh /e...  About an hour ago  Up About an hour ago  0.0.0.0:5000->5000/tcp  registry
384c06d11e1e  docker.io/consol/tomcat-7.0:latest  /bin/sh -c /opt/t...  About an hour ago  Up About an hour ago  0.0.0.0:8080->8080/tcp  tomcat7-8080
dccb2b8b6102  docker.io/consol/tomcat-7.0:latest  /bin/sh -c /opt/t...  2 hours ago        Up 2 hours ago        0.0.0.0:8088->8080/tcp  tomcat7-8088

保存容器为本地镜像。

[root@k8s ~]# podman commit  dccb2b8b6102 tomcat7-admin:v1                          
Getting image source signatures
Skipping blob c5cc83103be7 (already present): 124.93 MiB / 124.93 MiB [=====] 1s
Skipping blob 5f70bf18a086 (already present): 1.00 KiB / 1.00 KiB [=========] 1s
Skipping blob 55aabb022b6a (already present): 43.13 MiB / 43.13 MiB [=======] 1s
Skipping blob 34ab461be6c6 (already present): 120.44 MiB / 120.44 MiB [=====] 1s
Skipping blob c900a3fbdb49 (already present): 801.00 KiB / 801.00 KiB [=====] 1s
Skipping blob 5f70bf18a086 (already present): 1.00 KiB / 1.00 KiB [=========] 1s
Skipping blob 5f70bf18a086 (already present): 1.00 KiB / 1.00 KiB [=========] 1s
Skipping blob 5f70bf18a086 (already present): 1.00 KiB / 1.00 KiB [=========] 1s
Skipping blob 78b32d65e0a5 (already present): 286.33 MiB / 286.33 MiB [=====] 1s
Skipping blob 5f70bf18a086 (already present): 1.00 KiB / 1.00 KiB [=========] 1s
Skipping blob 5f70bf18a086 (already present): 1.00 KiB / 1.00 KiB [=========] 1s
Skipping blob 0bab0fa4ed5a (already present): 3.50 KiB / 3.50 KiB [=========] 1s
Skipping blob 14c44f9f4a1a (already present): 404.50 KiB / 404.50 KiB [=====] 1s
Skipping blob 5f70bf18a086 (already present): 1.00 KiB / 1.00 KiB [=========] 1s
Skipping blob 5f70bf18a086 (already present): 1.00 KiB / 1.00 KiB [=========] 1s
Skipping blob 5f70bf18a086 (already present): 1.00 KiB / 1.00 KiB [=========] 1s
Skipping blob 5f70bf18a086 (already present): 1.00 KiB / 1.00 KiB [=========] 1s
Skipping blob 5f70bf18a086 (already present): 1.00 KiB / 1.00 KiB [=========] 1s
Skipping blob d1a571b7eec9 (already present): 13.46 MiB / 13.46 MiB [=======] 1s
Skipping blob 9e5189be98a8 (already present): 5.00 KiB / 5.00 KiB [=========] 1s
Skipping blob 936f772feac2 (already present): 3.00 KiB / 3.00 KiB [=========] 1s
Skipping blob 89607351ec26 (already present): 3.50 KiB / 3.50 KiB [=========] 1s
Skipping blob ee3d91310d77 (already present): 3.50 KiB / 3.50 KiB [=========] 1s
Skipping blob 5f70bf18a086 (already present): 1.00 KiB / 1.00 KiB [=========] 1s
Skipping blob 5f70bf18a086 (already present): 1.00 KiB / 1.00 KiB [=========] 1s
Skipping blob 5f70bf18a086 (already present): 1.00 KiB / 1.00 KiB [=========] 1s
Skipping blob 5f70bf18a086 (already present): 1.00 KiB / 1.00 KiB [=========] 1s
Copying blob 38cdb17ab8ca: 44.89 MiB / 44.89 MiB [==========================] 1s
Copying config 9dda8f0be965: 7.47 KiB / 7.47 KiB [==========================] 0s
Writing manifest to image destination
Storing signatures
9dda8f0be965ae6459be647bba76999846a67b25a9a133c21a1b72bf57af6360

查看镜像文件可发现已经多了一个本地的。

[root@k8s ~]#  podman images
REPOSITORY                        TAG      IMAGE ID       CREATED             SIZE
localhost/tomcat7-admin           v1       9dda8f0be965   About an hour ago   665 MB
daocloud.io/library/nginx         latest   98ebf73aba75   2 months ago        113 MB
docker.io/library/registry        latest   f32a97de94e1   7 months ago        26.4 MB
docker.io/0809/centos7.6          latest   d9ccaf2d05a5   9 months ago        507 MB
docker.io/4kerccc/centos6.9-ssh   latest   71a9706d72f8   19 months ago       562 MB
docker.io/consol/tomcat-7.0       latest   7c34bafd1150   4 years ago         618 MB


最后可以本地上传到私有仓库。

[root@k8s ~]# docker push tomcat7-admin:v1 docker://127.0.0.1:5000/tomcat7-admin:v1
Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg.
Getting image source signatures
Copying blob c5cc83103be7: 124.93 MiB / 124.93 MiB [=======================] 53s
Copying blob 5f70bf18a086: 1.00 KiB / 1.00 KiB [===========================] 53s
Copying blob 55aabb022b6a: 43.13 MiB / 43.13 MiB [=========================] 53s
Copying blob 34ab461be6c6: 120.44 MiB / 120.44 MiB [=======================] 53s
Copying blob c900a3fbdb49: 801.00 KiB / 801.00 KiB [=======================] 53s
Skipping blob 5f70bf18a086 (already present): 1.00 KiB / 1.00 KiB [========] 53s
Skipping blob 5f70bf18a086 (already present): 1.00 KiB / 1.00 KiB [========] 53s
Skipping blob 5f70bf18a086 (already present): 1.00 KiB / 1.00 KiB [========] 53s
Copying blob 78b32d65e0a5: 286.33 MiB / 286.33 MiB [=======================] 53s
Skipping blob 5f70bf18a086 (already present): 1.00 KiB / 1.00 KiB [========] 53s
Skipping blob 5f70bf18a086 (already present): 1.00 KiB / 1.00 KiB [========] 53s
Copying blob 0bab0fa4ed5a: 3.50 KiB / 3.50 KiB [===========================] 53s
Copying blob 14c44f9f4a1a: 404.50 KiB / 404.50 KiB [=======================] 53s
Skipping blob 5f70bf18a086 (already present): 1.00 KiB / 1.00 KiB [========] 53s
Skipping blob 5f70bf18a086 (already present): 1.00 KiB / 1.00 KiB [========] 53s
Skipping blob 5f70bf18a086 (already present): 1.00 KiB / 1.00 KiB [========] 53s
Skipping blob 5f70bf18a086 (already present): 1.00 KiB / 1.00 KiB [========] 53s
Skipping blob 5f70bf18a086 (already present): 1.00 KiB / 1.00 KiB [========] 53s
Copying blob d1a571b7eec9: 13.46 MiB / 13.46 MiB [=========================] 53s
Copying blob 9e5189be98a8: 5.00 KiB / 5.00 KiB [===========================] 53s
Copying blob 936f772feac2: 3.00 KiB / 3.00 KiB [===========================] 53s
Copying blob 89607351ec26: 3.50 KiB / 3.50 KiB [===========================] 53s
Copying blob ee3d91310d77: 3.50 KiB / 3.50 KiB [===========================] 53s
Skipping blob 5f70bf18a086 (already present): 1.00 KiB / 1.00 KiB [========] 53s
Skipping blob 5f70bf18a086 (already present): 1.00 KiB / 1.00 KiB [========] 53s
Skipping blob 5f70bf18a086 (already present): 1.00 KiB / 1.00 KiB [========] 53s
Skipping blob 5f70bf18a086 (already present): 1.00 KiB / 1.00 KiB [========] 53s
Copying blob 38cdb17ab8ca: 44.89 MiB / 44.89 MiB [=========================] 53s
Copying config 9dda8f0be965: 7.47 KiB / 7.47 KiB [==========================] 0s
Writing manifest to image destination
Storing signatures
 

注意需要修改镜像仓库配置文件, 修改完后,就可以直接运行podman命令,不用重启什么服务或进程 。

podman的镜像在线搜索配置文件在这个目录 里。

[root@k8s ~]# cat /etc/containers/registries.conf

# This is a system-wide configuration file used to
# keep track of registries for various container backends.
# It adheres to TOML format and does not support recursive
# lists of registries.

# The default location for this configuration file is /etc/containers/registries.conf.

# The only valid categories are: 'registries.search', 'registries.insecure',
# and 'registries.block'.

[registries.search]
registries = ['registry.redhat.io', 'quay.io', 'docker.io', 'docker.mirrors.ustc.edu.cn', '127.0.0.1:5000']

# If you need to access insecure registries, add the registry's fully-qualified name.
# An insecure registry is one that does not have a valid SSL certificate or only does HTTP.
[registries.insecure]
registries = ['registry.docker-cn.com', 'hub-mirror.c.163.com', 'docker.mirrors.ustc.edu.cn', '127.0.0.1:5000']


# If you need to block pull access from a registry, uncomment the section below
# and add the registries fully-qualified name.
#
# Docker only
[registries.block]
registries = []


registries.search 为镜像仓库搜索地址,registries.insecure是可以添加仓库信息,只支持http。


测试下,搜索镜像tomcat7-admin,可以发现有本地仓库中的镜像了。
[root@k8s ~]#  podman search tomcat7-admin
INDEX       NAME                                                DESCRIPTION                                       STARS   OFFICIAL   AUTOMATED
quay.io     quay.io/riotkit/uptime-admin-board                                                                    0                  
quay.io     quay.io/radiantsolutions/omar-admin-server                                                            0                  
quay.io     quay.io/apollo-technologies/admin-ui                                                                  0                  
quay.io     quay.io/app-sre/dedicated-admin-operator            main dedicated-admin-operator container           0                  
quay.io     quay.io/basis-company/tarantool-admin               tarantool database web gui    https://github...   0                  
quay.io     quay.io/unixfox/powerdns-admin                      Auto build image from the official [PowerDNS...   0                  
quay.io     quay.io/deisci/store-admin                                                                            0                  
quay.io     quay.io/app-sre/dedicated-admin-operator-registry   dedicated-admin-operator-registry for olm ca...   0                  
quay.io     quay.io/openshift/origin-dedicated-admin-operator                                                     0                  
quay.io     quay.io/blockstack/gaia-admin                                                                         0                  
quay.io     quay.io/ortoo/govhub-admin                                                                            0                  
quay.io     quay.io/pusher/admin-builder                                                                          0                  
quay.io     quay.io/api-platform/admin                                                                            0                  
quay.io     quay.io/areafiftylan/lancie-admin                                                                     0                  
quay.io     quay.io/radanalyticsio/spark-operator               # spark-operator [![Build status](https://tr...   0                  
quay.io     quay.io/opencast/admin                              # [Opencast Docker images](https://quay.io/o...   0                  
quay.io     quay.io/jeroenmanders/infraxys-admin                                                                  0                  
quay.io     quay.io/deis/store-admin                            # Deis Store  A backing store built on [Ceph...   0                  
quay.io     quay.io/redhatdemo/demo4-admin-server                                                                 0                  
quay.io     quay.io/bitnami/redis                               Official build of [Bitnami Redis](https://gi...   0                  
quay.io     quay.io/stefancocora/gitea-admin-dev-ready                                                            0                  
quay.io     quay.io/reduxio/magellan-admin                                                                        0                  
quay.io     quay.io/openshift-sre/dedicated-admin-operator                                                        0                  
quay.io     quay.io/jnix85/pulp-admin-client                                                                      0                  
quay.io     quay.io/orgsync/stoplight-admin                                                                       0                  
docker.io   docker.io/danielroy/tomcat7-admin                   A simple image that deploys tomcat 7 with a ...   0                  [OK]
0.1:5000    127.0.0.1:5000/tomcat7-admin                       afd1150   4 years ago     618 MB


删除本地镜像,再从仓库中拉取。

[root@k8s ~]# podman image rm localhost/tomcat7-admin:v1
9dda8f0be965ae6459be647bba76999846a67b25a9a133c21a1b72bf57af6360
 
[root@k8s ~]# podman images
REPOSITORY                        TAG      IMAGE ID       CREATED         SIZE
daocloud.io/library/nginx         latest   98ebf73aba75   2 months ago    113 MB
docker.io/library/registry        latest   f32a97de94e1   7 months ago    26.4 MB
docker.io/0809/centos7.6          latest   d9ccaf2d05a5   9 months ago    507 MB
docker.io/4kerccc/centos6.9-ssh   latest   71a9706d72f8   19 months ago   562 MB
docker.io/consol/tomcat-7.0       latest   7c34bafd1150   4 years ago     618 MB
 

[root@k8s ~]# podman pull 127.0.0.1:5000/tomcat7-admin:v1
Trying to pull 127.0.0.1:5000/tomcat7-admin:v1...Getting image source signatures
Skipping blob 2b4c6c603e38 (already present): 51.91 MiB / 51.91 MiB [=======] 0s
Skipping blob 1dbcab28ce46 (already present): 48 B / 48 B [=================] 0s
Skipping blob 98ef328273d8 (already present): 19.02 MiB / 19.02 MiB [=======] 0s
Skipping blob 6f7e6e3bae28 (already present): 43.20 MiB / 43.20 MiB [=======] 0s
Skipping blob 22a6f272225c (already present): 313.98 KiB / 313.98 KiB [=====] 0s
Skipping blob 1dbcab28ce46 (already present): 48 B / 48 B [=================] 0s
Skipping blob 1dbcab28ce46 (already present): 48 B / 48 B [=================] 0s
Skipping blob 1dbcab28ce46 (already present): 48 B / 48 B [=================] 0s
Skipping blob 610ce59e53a3 (already present): 139.49 MiB / 139.49 MiB [=====] 0s
Skipping blob 1dbcab28ce46 (already present): 48 B / 48 B [=================] 0s
Skipping blob 1dbcab28ce46 (already present): 48 B / 48 B [=================] 0s
Skipping blob 0ef986dc1b03 (already present): 620 B / 620 B [===============] 0s
Skipping blob f239a7259385 (already present): 372.22 KiB / 372.22 KiB [=====] 0s
Skipping blob 1dbcab28ce46 (already present): 48 B / 48 B [=================] 0s
Skipping blob 1dbcab28ce46 (already present): 48 B / 48 B [=================] 0s
Skipping blob 1dbcab28ce46 (already present): 48 B / 48 B [=================] 0s
Skipping blob 1dbcab28ce46 (already present): 48 B / 48 B [=================] 0s
Skipping blob 1dbcab28ce46 (already present): 48 B / 48 B [=================] 0s
Skipping blob 516180a32e41 (already present): 8.67 MiB / 8.67 MiB [=========] 0s
Skipping blob 72617fc26f47 (already present): 1.00 KiB / 1.00 KiB [=========] 0s
Skipping blob dbab78b616c1 (already present): 227 B / 227 B [===============] 0s
Skipping blob ec3020067a5a (already present): 508 B / 508 B [===============] 0s
Skipping blob a0781f095372 (already present): 235 B / 235 B [===============] 0s
Skipping blob 1dbcab28ce46 (already present): 48 B / 48 B [=================] 0s
Skipping blob 1dbcab28ce46 (already present): 48 B / 48 B [=================] 0s
Skipping blob 1dbcab28ce46 (already present): 48 B / 48 B [=================] 0s
Skipping blob 1dbcab28ce46 (already present): 48 B / 48 B [=================] 0s
Copying blob 50d89525fb69: 37.39 MiB / 37.39 MiB [==========================] 0s
Copying config 9dda8f0be965: 7.47 KiB / 7.47 KiB [==========================] 0s
Writing manifest to image destination
Storing signatures
9dda8f0be965ae6459be647bba76999846a67b25a9a133c21a1b72bf57af6360


再次查看本机镜像信息。

[root@k8s ~]# podman images
REPOSITORY                        TAG      IMAGE ID       CREATED             SIZE
127.0.0.1:5000/tomcat7-admin      v1       9dda8f0be965   About an hour ago   665 MB
daocloud.io/library/nginx         latest   98ebf73aba75   2 months ago        113 MB
docker.io/library/registry        latest   f32a97de94e1   7 months ago        26.4 MB
docker.io/0809/centos7.6          latest   d9ccaf2d05a5   9 months ago        507 MB
docker.io/4kerccc/centos6.9-ssh   latest   71a9706d72f8   19 months ago       562 MB
docker.io/consol/tomcat-7.0       latest   7c34bafd1150   4 years ago         618 MB
[root@k8s ~]#
[root@k8s ~]# podman ps -a
CONTAINER ID  IMAGE                               COMMAND               CREATED      STATUS          PORTS                   NAMES
42c6d6ff7c0a  docker.io/library/registry:latest   /entrypoint.sh /e...  2 hours ago  Up 2 hours ago  0.0.0.0:5000->5000/tcp  registry
384c06d11e1e  docker.io/consol/tomcat-7.0:latest  /bin/sh -c /opt/t...  2 hours ago  Up 2 hours ago  0.0.0.0:8080->8080/tcp  tomcat7-8080
dccb2b8b6102  docker.io/consol/tomcat-7.0:latest  /bin/sh -c /opt/t...  2 hours ago  Up 2 hours ago  0.0.0.0:8088->8080/tcp  tomcat7-8088
[root@k8s ~]#

运行容器,将容器实例的外网端口8099打开,转到容器tomcat内网的8080端口 。

[root@k8s ~]# podman run -d -p 8099:8080 --name tomcat7-8099 127.0.0.1:5000/tomcat7-admin
Trying to pull 127.0.0.1:5000/tomcat7-admin...Failed
unable to pull 127.0.0.1:5000/tomcat7-admin: unable to pull image: Error determining manifest MIME type for docker://127.0.0.1:5000/tomcat7-admin:latest: Error reading manifest latest in 127.0.0.1:5000/tomcat7-admin: manifest unknown: manifest unknown
[root@k8s ~]# podman run -d -p 8099:8080 --name tomcat7-8099 127.0.0.1:5000/tomcat7-admin:v1
3bd3a4901a2d917e373565a30de68f02f1804a2a8e88828036bf6098a4e63c69
[root@k8s ~]#
[root@k8s ~]# podman ps -a
CONTAINER ID  IMAGE                               COMMAND               CREATED         STATUS             PORTS                   NAMES
3bd3a4901a2d  127.0.0.1:5000/tomcat7-admin:v1     /bin/sh -c /opt/t...  12 seconds ago  Up 10 seconds ago  0.0.0.0:8099->8080/tcp  tomcat7-8099
42c6d6ff7c0a  docker.io/library/registry:latest   /entrypoint.sh /e...  2 hours ago     Up 2 hours ago     0.0.0.0:5000->5000/tcp  registry
384c06d11e1e  docker.io/consol/tomcat-7.0:latest  /bin/sh -c /opt/t...  2 hours ago     Up 2 hours ago     0.0.0.0:8080->8080/tcp  tomcat7-8080
dccb2b8b6102  docker.io/consol/tomcat-7.0:latest  /bin/sh -c /opt/t...  2 hours ago     Up 2 hours ago     0.0.0.0:8088->8080/tcp  tomcat7-8088


测试容器实例的外网端口,访问正常。

[root@k8s ~]# curl -I 127.0.0.1:8099
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=ISO-8859-1
Transfer-Encoding: chunked
Date: Sat, 12 Oct 2019 13:57:04 GMT

使用firefox找开地址: http://192.168.137.18:8099/manager/html

输入账号admin 密码为修改过的tomcatpwd,测试登陆正常。

并且tomat中新部署的WAR包实例也在tomcat里面。




转载请标明出处【Centos8安装podman,自定义修改镜像,保存本地容器到私有仓库】。

《www.92cto.com》 虚拟化云计算,系统运维,安全技术服务.

网站已经关闭评论