[Container - Podman] Getting Started with Podman

Posted on Edited on In , , , Views: Word count in article: 5.5k Reading time ≈ 5 mins.

Podman

Podman is a daemonless container engine for developing, managing, and running OCI Containers on your Linux System. Containers can either be run as root or in rootless mode.

Simply put: alias docker=podman.

More details here - https://podman.io/whatis.html.

Installation

macOS

Podman is a tool for running Linux containers. You can do this from a MacOS desktop as long as you have access to a linux box either running inside of a VM on the host, or available via the network. Podman includes a command, podman machine that automatically manages VM’s.

The Mac client is available through Homebrew:

1
$ brew install podman

To start the Podman-managed VM:

1
2
3
$ podman machine init

$ podman machine start

You can then verify the installation information using:

1
$ podman info

CentOS

Podman is available in the default Extras repos for CentOS 7 and in the AppStream repo for CentOS 8 and Stream.

1
$ sudo yum -y install podman

Debian

The podman package is available in the Debian 11 (Bullseye) repositories and later.

1
$ sudo apt-get -y install podman

See Podman Installation - https://podman.io/getting-started/installation to learn more.

Usages

Getting help

To get some help and find out how Podman is working, you can use the help:

1
2
3
$ podman --help

$ podman <subcommand> --help

For more details, you can review the manpages:

1
2
3
$ man podman

$ man podman-<subcommand>

Please also reference the Podman Troubleshooting Guide - https://github.com/containers/podman/blob/main/troubleshooting.md to find known issues and tips on how to solve common configuration mistakes.

Searching, pulling & listing images

Podman can search for images on remote registries with some simple keywords.

1
$ podman search <search_term>

You can also enhance your search with filters:

1
$ podman search httpd --filter=is-official

Downloading (Pulling) an image is easy, too.

1
$ podman pull docker.io/library/httpd

After pulling some images, you can list all images, present on your machine.

1
$ podman images

Note: Podman searches in different registries. Therefore it is recommend to use the full image name (docker.io/library/httpd instead of httpd) to ensure, that you are using the correct image.

Running a container

This sample container will run a very basic httpd server that serves only its index page.

1
$ podman run -dt -p 8080:80/tcp docker.io/library/httpd

Note: Because the container is being run in detached mode, represented by the -d in the podman run command, Podman will print the container ID after it has executed the command. The -t also adds a pseudo-tty to run arbitrary commands in an interactive shell.

Note: We use port forwarding to be able to access the HTTP server. For successful running at least slirp4netns v0.3.0 is needed.

Listing running containers

The podman ps command is used to list created and running containers.

1
$ podman ps

Note: If you add -a to the podman ps command, Podman will show all containers (created, exited, running, etc.).

Testing the httpd container

As you are able to see, the container does not have an IP Address assigned. The container is reachable via it’s published port on your local machine.

1
$ curl http://localhost:8080

From another machine, you need to use the IP Address of the host, running the container.

1
$ curl http://<IP_Address>:8080

Note: Instead of using curl, you can also point a browser to http://localhost:8080.

Inspecting a running container

You can “inspect” a running container for metadata and details about itself. podman inspect will provide lots of useful information like environment variables, network settings or allocated resources.

Since, the container is running in rootless mode, no IP Address is assigned to the container.

1
2
$ podman inspect -l | grep IPAddress
            "IPAddress": "",

Note: The -l is a convenience argument for latest container. You can also use the container’s ID or name instead of -l or the long argument --latest.

Viewing the container’s logs

You can view the container’s logs with Podman as well:

1
2
3
4
5
6
7
8
$ podman logs -l

127.0.0.1 - - [04/May/2020:08:33:48 +0000] "GET / HTTP/1.1" 200 45
127.0.0.1 - - [04/May/2020:08:33:50 +0000] "GET / HTTP/1.1" 200 45
127.0.0.1 - - [04/May/2020:08:33:51 +0000] "GET / HTTP/1.1" 200 45
127.0.0.1 - - [04/May/2020:08:33:51 +0000] "GET / HTTP/1.1" 200 45
127.0.0.1 - - [04/May/2020:08:33:52 +0000] "GET / HTTP/1.1" 200 45
127.0.0.1 - - [04/May/2020:08:33:52 +0000] "GET / HTTP/1.1" 200 45

Viewing the container’s pids

You can observe the httpd pid in the container with podman top.

1
2
3
4
5
6
7
$ podman top -l

USER     PID   PPID   %CPU    ELAPSED            TTY     TIME   COMMAND
root     1     0      0.000   22m13.33281018s    pts/0   0s     httpd -DFOREGROUND
daemon   3     1      0.000   22m13.333132179s   pts/0   0s     httpd -DFOREGROUND
daemon   4     1      0.000   22m13.333276305s   pts/0   0s     httpd -DFOREGROUND
daemon   5     1      0.000   22m13.333818476s   pts/0   0s     httpd -DFOREGROUND

Stopping the container

You may stop the container:

1
$ podman stop -l

You can check the status of one or more containers using the podman ps command. In this case, you should use the -a argument to list all containers.

1
$ podman ps -a

Removing the container

Finally, you can remove the container:

1
$ podman rm -l

You can verify the deletion of the container by running podman ps -a.

FAQs

errors: denied: requested access to the resource is denied unauthorized: authentication required

Remember to podman login or specify auth file according for private image register to the above Podman Login or Auth File.

  • REGISTRY_AUTH_FILE environment variable. You can also override the default path of the authentication file by setting theexport REGISTRY_AUTH_FILE=path

  • ${XDG_RUNTIME_DIR}/containers/auth.json which created it manually.

  • $HOME/.docker/config.json which is set using docker login or created it manually.

  • podman <subcommand> --authfile=<Auth File> which is set by command option authfile.

See podman-login(1) — Podman documentation - https://docs.podman.io/en/latest/markdown/podman-login.1.html#authfile-path to learn more.

References

[1] Getting Started with Podman - https://podman.io/getting-started/

[2] Podman - https://podman.io/

[3] podman-login(1) — Podman documentation - https://docs.podman.io/en/latest/markdown/podman-login.1.html

[4] podman-pull(1) — Podman documentation - https://docs.podman.io/en/latest/markdown/podman-pull.1.html

[5] Empowering App Development for Developers | Docker - https://www.docker.com/