podman—网络设置、开机自启及加速器配置-锐单电子商城

网络设置

首先定义一个别名，podman等于docker

[root@localhost ~]# alias docker=podman [root@localhost ~]# alias alias cp='cp -i' alias docker='podman' alias egrep='egrep --color=auto' alias fgrep='fgrep --color=auto' alias grep='grep --color=auto' alias l.='ls -d .* --color=auto' alias ll='ls -l --color=auto' alias ls='ls --color=auto' alias mv='mv -i'   操作两个容器 [root@localhost ~]# podman run -it docker.io/library/busybox /bin/sh / # ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00     inet 127.0.0.1/8 scope host lo        valid_lft forever preferred_lft forever     inet6 ::1/128 scope host         valid_lft forever preferred_lft forever 2: eth0@if6: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue      link/ether 26:58:16:91:12:ec brd ff:ff:ff:ff:ff:ff     inet 
       
        10.88
        .0
        .4
        /
        16 brd 
        10.88
        .255
        .255 scope 
        global eth0 valid_lft forever preferred_lft forever inet6 fe80
        :
        :
        2458
        :
        16ff
        :fe91
        :
        12ec
        /
        64 scope link valid_lft forever preferred_lft forever 
        [root@localhost 
        ~
        ]
        # podman run -it docker.io/library/busybox /bin/sh 
        / 
        # ip a 
        1
        : lo
        : 
        <LOOPBACK
        ,UP
        ,LOWER_UP
        > mtu 
        65536 qdisc noqueue qlen 
        1000 link
        /loopback 
        00
        :
        00
        :
        00
        :
        00
        :
        00
        :
        00 brd 
        00
        :
        00
        :
        00
        :
        00
        :
        00
        :
        00 inet 
        127.0
        .0
        .1
        /
        8 scope host lo valid_lft forever preferred_lft forever inet6 
        :
        :
        1
        /
        128 scope host valid_lft forever preferred_lft forever 
        2
        : eth0@if7
        : 
        <BROADCAST
        ,MULTICAST
        ,UP
        ,LOWER_UP
        ,M
        -DOWN
        > mtu 
        1500 qdisc noqueue link
        /ether 
        0e
        :
        7d
        :ed
        :
        07
        :a5
        :f5 brd ff
        :ff
        :ff
        :ff
        :ff
        :ff inet 
        10.88
        .0
        .5
        /
        16 brd 
        10.88
        .255
        .255 scope 
        global eth0 valid_lft forever preferred_lft forever inet6 fe80
        :
        :c7d
        :edff
        :fe07
        :a5f5
        /
        64 scope link valid_lft forever preferred_lft forever ping能ping通 
        / 
        # ping 10.88.0.4 PING 
        10.88
        .0
        .4 
        (
        10.88
        .0
        .4
        )
        : 
        56 data 
        bytes 
        64 
        bytes 
        from 
        10.88
        .0
        .4
        : seq
        =
        0 ttl
        =
        64 time
        =
        0.282 ms 
        64 
        bytes 
        from 
        10.88
        .0
        .4
        : seq
        =
        1 ttl
        =
        64 time
        =
        0.111 ms 
        64 
        bytes 
        from 
        10.88
        .0
        .4
        : seq
        =
        2 ttl
        =
        64 time
        =
        0.292 ms 
        64 
        bytes 
        from 
        10.88
        .0
        .4
        : seq
        =
        3 ttl
        =
        64 time
        =
        0.112 ms cni：Container Network Interface（容器网络接口） 容器启动时会生成网卡，容器退出后网卡也会没有，但cni网卡依然存在 退出一个后查看 
        [root@localhost 
        ~
        ]
        # ip a 
        1
        : lo
        : 
        <LOOPBACK
        ,UP
        ,LOWER_UP
        > mtu 
        65536 qdisc noqueue state UNKNOWN group default qlen 
        1000 link
        /loopback 
        00
        :
        00
        :
        00
        :
        00
        :
        00
        :
        00 brd 
        00
        :
        00
        :
        00
        :
        00
        :
        00
        :
        00 inet 
        127.0
        .0
        .1
        /
        8 scope host lo valid_lft forever preferred_lft forever inet6 
        :
        :
        1
        /
        128 scope host valid_lft forever preferred_lft forever 
        2
        : ens33
        : 
        <BROADCAST
        ,MULTICAST
        ,UP
        ,LOWER_UP
        > mtu 
        1500 qdisc fq_codel state UP group default qlen 
        1000 link
        /ether 
        00
        :
        0c
        :
        29
        :
        19
        :
        97
        :fc brd ff
        :ff
        :ff
        :ff
        :ff
        :ff inet 
        192.168
        .230
        .131
        /
        24 brd 
        192.168
        .230
        .255 scope 
        global dynamic noprefixroute ens33 valid_lft 1392sec preferred_lft 1392sec inet6 fe80
        :
        :
        79e
        :
        97ea
        :
        8434
        :
        8f2d
        /
        64 scope link noprefixroute valid_lft forever preferred_lft forever 
        3
        : cni
        -podman0
        : 
        <BROADCAST
        ,MULTICAST
        ,UP
        ,LOWER_UP
        > mtu 
        1500 qdisc noqueue state UP group default qlen 
        1000 link
        /ether 
        82
        :f8
        :
        1b
        :
        6e
        :
        15
        :
        5e brd ff
        :ff
        :ff
        :ff
        :ff
        :ff inet 
        10.88
        .0
        .1
        /
        16 brd 
        10.88
        .255
        .255 scope 
        global cni
        -podman0 valid_lft forever preferred_lft forever inet6 fe80
        :
        :
        80f8
        :
        1bff
        :fe6e
        :
        155e
        /
        64 scope link valid_lft forever preferred_lft forever 
        5
        : vethb8e774f4@if2
        : 
        <BROADCAST
        ,MULTICAST
        ,UP
        ,LOWER_UP
        > mtu 
        1500 qdisc noqueue master cni
        -podman0 state UP group default link
        /ether 
        1a
        :c3
        :
        3e
        :
        38
        :
        2c
        :fc brd ff
        :ff
        :ff
        :ff
        :ff
        :ff link
        -netns cni
        -
        952943fc
        -dcd0
        -
        8b58
        -
        7455
        -
        923a5632fb71 inet6 fe80
        :
        :
        18c3
        :
        3eff
        :fe38
        :
        2cfc
        /
        64 scope link valid_lft forever preferred_lft forever 
        6
        : vethfe2c3172@if2
        : 
        <BROADCAST
        ,MULTICAST
        ,UP
        ,LOWER_UP
        > mtu 
        1500 qdisc noqueue master cni
        -podman0 state UP group default link
        /ether 
        1a
        :c6
        :db
        :d2
        :
        54
        :cc brd ff
        :ff
        :ff
        :ff
        :ff
        :ff link
        -netns cni
        -
        1eafc5f1
        -
        5fd1
        -
        2c0f
        -
        0f41
        -
        56bce1e42b59 inet6 fe80
        :
        :
        18c6
        :dbff
        :fed2
        :
        54cc
        /
        64 scope link valid_lft forever preferred_lft forever 退出两个容器后查看 
        [root@localhost 
        ~
        ]
        # ip a 
        1
        : lo
        : 
        <LOOPBACK
        ,UP
        ,LOWER_UP
        > mtu 
        65536 qdisc noqueue state UNKNOWN group default qlen 
        1000 link
        /loopback 
        00
        :
        00
        :
        00
        :
        00
        :
        00
        :
        00 brd 
        00
        :
        00
        :
        00
        :
        00
        :
        00
        :
        00 inet 
        127.0
        .0
        .1
        /
        8 scope host lo valid_lft forever preferred_lft forever inet6 
        :
        :
        1
        /
        128 scope host valid_lft forever preferred_lft forever 
        2
        : ens33
        : 
        <BROADCAST
        ,MULTICAST
        ,UP
        ,LOWER_UP
        > mtu 
        1500 qdisc fq_codel state UP group default qlen 
        1000 link
        /ether 
        00
        :
        0c
        :
        29
        :
        19
        :
        97
        :fc brd ff
        :ff
        :ff
        :ff
        :ff
        :ff inet 
        192.168
        .230
        .131
        /
        24 brd 
        192.168
        .230
        .255 scope 
        global dynamic noprefixroute ens33 valid_lft 1364sec preferred_lft 1364sec inet6 fe80
        :
        :
        79e
        :
        97ea
        :
        8434
        :
        8f2d
        /
        64 scope link noprefixroute valid_lft forever preferred_lft forever 
        3
        : cni
        -podman0
        : 
        <BROADCAST
        ,MULTICAST
        ,UP
        ,LOWER_UP
        > mtu 
        1500 qdisc noqueue state UP group default qlen 
        1000 link
        /ether 
        82
        :f8
        :
        1b
        :
        6e
        :
        15
        :
        5e brd ff
        :ff
        :ff
        :ff
        :ff
        :ff inet 
        10.88
        .0
        .1
        /
        16 brd 
        10.88
        .255
        .255 scope 
        global cni
        -podman0 valid_lft forever preferred_lft forever inet6 fe80
        :
        :
        80f8
        :
        1bff
        :fe6e
        :
        155e
        /
        64 scope link valid_lft forever preferred_lft forever 
        5
        : vethb8e774f4@if2
        : 
        <BROADCAST
        ,MULTICAST
        ,UP
        ,LOWER_UP
        > mtu 
        1500 qdisc noqueue master cni
        -podman0 state UP group default link
        /ether 
        1a
        :c3
        :
        3e
        :
        38
        :
        2c
        :fc brd ff
        :ff
        :ff
        :ff
        :ff
        :ff link
        -netns cni
        -
        952943fc
        -dcd0
        -
        8b58
        -
        7455
        -
        923a5632fb71 inet6 fe80
        :
        :
        18c3
        :
        3eff
        :fe38
        :
        2cfc
        /
        64 scope link valid_lft forever preferred_lft forever

podman防火墙规则

查看防火墙规则，现在没有规则

[root@localhost ~]# iptables -t nat -nvL
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts、 bytes target     prot opt in     out     source               destination         

运行一个容器，映射80端口
[root@localhost ~]# podman run -d -p 80:80 --name web docker.io/library/httpd
a025fd306b83c2f9119b1b61be5982cad60840482183f4284168354256cb46aa

查看端口映射
[root@localhost ~]# podman port web
80/tcp -> 0.0.0.0:80

查看防火墙规则
[root@localhost ~]# iptables -t nat -nvL
Chain CNI-807cc9c30b332fae8a5f041a (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            10.88.0.0/16         /* name: "podman" id: "7fa2fc2390f81018f72606bfd586cc776b091aeedf0a40f816e39a88248e81a0" */

查看IP能访问
[root@localhost ~]# podman inspect -l|grep -i address
            "IPAddress": "10.88.0.4",
            "GlobalIPv6Address": "",
            "MacAddress": "76:45:02:92:6b:83",
            "LinkLocalIPv6Address": "",
                    "IPAddress": "10.88.0.4",
                    "GlobalIPv6Address": "",
                    "MacAddress": "76:45:02:92:6b:83",
[root@localhost ~]# curl 10.88.0.4
<html><body><h1>It works!</h1></body></html>

清空防火墙规则
[root@localhost ~]# iptables --flush #刷新
[root@localhost ~]# iptables -t nat -F #指定表清空
[root@localhost ~]# iptables -t nat -nvL #规则已被清空
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)

规则删除后发现访问不了
[root@localhost ~]# curl 10.88.0.4
curl: (7) Failed to connect to 10.88.0.4 port 80: 没有到主机的路由

//使用podman network reload 命令重新加载，规则存在
[root@localhost ~]# podman network reload web
7fa2fc2390f81018f72606bfd586cc776b091aeedf0a40f816e39a88248e81a0
[root@localhost ~]# iptables -t nat -nvL
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 CNI-HOSTPORT-DNAT  all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

配置文件

podman的桥配置文件，容器里面的IP可通过这个控制

[root@localhost ~]# cat /etc/cni/net.d/87-podman.conflist 
{ 
        
  "cniVersion": "0.4.0",
  "name": "podman",
  "plugins": [
    { 
        
      "type": "bridge",   #模式
      "bridge": "cni-podman0",   #桥的名字
      "isGateway": true,   #是不是网关
      "ipMasq": true,
      "hairpinMode": true,
      "ipam": { 
        
        "type": "host-local",
        "routes": [{ 
         "dst": "0.0.0.0/0" }],
        "ranges": [
          [
            { 
        
              "subnet": "10.88.0.0/16",
              "gateway": "10.88.0.1"
            }
          ]
        ]
      }
    },
    { 
        
      "type": "portmap",  #端口映射
      "capabilities": { 
        
        "portMappings": true
      }
    },
    { 
        
      "type": "firewall"
    },
    { 
        
      "type": "tuning"
    }
  ]
}

查看子命令的用法

查看attach这个子命令的用法

[root@localhost ~]# man podman-attach
EXAMPLES
       Attach to a container called "foobar".

              $ podman attach foobar

       Attach to the latest created container.

              $ podman attach --latest

       Attach to a container that start with the ID "1234".

              $ podman attach 1234

       Attach to a container without attaching STDIN.

              $ podman attach --no-stdin foobar

SEE ALSO
       podman(1), podman-exec(1), podman-run(1),
       containers.conf(5)

 
~
~
/EXAMPLE  #可在下面搜索例子

基础命令

指定镜像做的历史
[root@localhost ~]# podman history docker.io/library/busybox
ID            CREATED     CREATED BY                                     SIZE        COMMENT
ffe9d497c324  6 days ago  /bin/sh -c #(nop) CMD ["sh"] 0 B 
<missing>     6 days ago  /bin/sh -c #(nop) ADD file:e2d2d9591696b14... 1.46 MB 

使用iamge管理镜像，使用images看镜像   
[root@localhost ~]# podman image --help
Manage images

Description:
  Manage images

Usage:
  podman image [command]

Available Commands:
  build       Build an image using instructions from Containerfiles
  diff        Inspect changes to the image's file systems
  exists      Check if an image exists in local storage
  history     Show history of a specified image
  import      Import a tarball to create a filesystem image
  inspect     Display the configuration of an image
  list        List images in local storage
  load        Load image(s) from a tar archive
  mount       Mount an image's root filesystem
  prune       Remove unused images
  pull        Pull an image from a registry
  push        Push an image to a specified destination
  rm          Removes one or more images from local storage
  save        Save image(s) to an archive
  scp         securely copy images
  search      Search registry for image
  sign        Sign an image
  tag         Add an additional name to a local image
  tree        Prints layer hierarchy of an image in a tree format
  trust       Manage container image trust policy
  unmount     Unmount an image's root filesystem
  untag       Remove a name from a local image
  
查看镜像有几层
[root@localhost ~]# podman image tree docker.io/1163582076/nginx
Image ID: 499e5864a512
Tags:     [docker.io/library/nginx:latest docker.io/1163582076/nginx:latest]
Size:     565.5MB
Image Layers
├── ID: 74ddd0ec08fa Size: 238.6MB Top Layer of: [docker.io/library/centos:latest]
├── ID: 3b740b0b2497 Size: 6.723MB
└── ID: c774a42000a1 Size: 320.2MB Top Layer of: [docker.io/library/nginx:latest docker.io/1163582076/nginx:latest]


查看详细信息
[root@localhost ~]# podman info
host:
  arch: amd64
  buildahVersion: 1.23.1
  cgroupControllers:
  - cpuset
  - cpu
  - cpuacct
  - blkio
  - memory
  - devices
  - freezer
  - net_cls
  - perf_event
  - net_prio
  - hugetlb
  - pids
  - rdma
  cgroupManager: systemd
  cgroupVersion: v1
  conmon:
    package: conmon-2.0.30-1.module_el8.6.0+944+d413f95e.x86_64
    path: /usr/bin/conmon
    version: 'conmon version 2.0.30, commit: e28f6ed9f4a6f18e27f3efdab92de483806e6b9c'

podman容器的开机自启：

实例：

[root@localhost ~]# podman create --name nginx nginx:latest
84820a649b74774dc429bd80a5d00b196704a632b6bf7aaa961a293b51b62799
[root@localhost ~]# podman ps -a
CONTAINER ID  IMAGE                           COMMAND               CREATED        STATUS      PORTS       NAMES
84820a649b74  docker.io/library/nginx:latest  nginx -g daemon o...  8 seconds ago  Created                 nginx

方法一：

设置了一个开机自启，如果1秒都没起来就超时了（只是生成）
[root@localhost ~]# podman generate systemd --restart-policy=always -t 1 nginx
# container-84820a649b74774dc429bd80a5d00b196704a632b6bf7aaa961a293b51b62799.service
# autogenerated by Podman 3.4.1-dev
# Tue Dec 14 18:43:15 CST 2021

[Unit]
Description=Podman container-84820a649b74774dc429bd80a5d00b196704a632b6bf7aaa961a293b51b62799.service
Documentation=man:podman-generate-systemd(1)
Wants=network-online.target
After=network-online.target
RequiresMountsFor=/run/containers/storage

[Service]
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=always
TimeoutStopSec 
        标签： 115aef继电器进口贸易
 锐单商城拥有海量元器件数据手册、
          IC替代型号，打造
          电子元器件IC百科大全！

 热门文章
          
  RT12864M液晶模块单片机驱动程序
 
                          RT12864M液晶模块单片机驱动程序
                        
一个很好的单片机按键处理子程序
EEPROM 存储电台PLL子程序
51单片机的PT2257调音IC控制程序
51单片机驱动TEA5767调频收音机芯片C程序
学习C#一周，做了小工具一个原理图引脚放置工具
C语言中数据的左移右移应用
单片机产生频率和输出电压可调的矩形波信号发生器
51单片机汇编:多路延时开关
PCB设计逻辑门与运放多余引脚处理问题
PCB设计过程技术总结
 热门型号
          
 ERA-2ARC3162X
RT0805DRE0768K1L
TRR03EZPF37R4
RG1608P-6811-D-T5
ESR10EZPF3571
RT1206FRE07442RL
RNCF0402DTC107R
RC0201FR-0718KL
ERJ-S06F3R83V
ERJ-S06F1332V
 锐单商城 - 一站式电子元器件采购平台

 首页 选型 品牌 购物车 我的
   
   
  
  
 
  搜索
 最近热搜
 
 历史搜索 清除历史记录

podman—网络设置、开机自启及加速器配置

最近热搜

历史搜索 清除历史记录

历史搜索清除历史记录