Intro to Podman
With the latest release of Red Hat Enterprise Linux, and one of its continuing features is Podman. Podman offers an experience similar to the Docker command line, allowing users to run standalone (non-orchestrated) containers without requiring a daemon, enabling us to say goodbye to big fat daemons. Podman also complements similar container tools such as Buildah and Skopeo, offering a comprehensive and flexible toolkit for your container needs.
Podman implements nearly all the Docker CLI commands. Additionally, Podman's design, which does not require any background daemons, makes it a suitable choice for integration into system services via systemd
. For container orchestration, you might want to explore Kubernetes and Red Hat OpenShift.
We'll cover some real examples to show how easy transitioning from the Docker CLI to Podman can be. (See also: Transitioning from Docker to Podman)
Podman installation
If you are running Red Hat Enterprise Linux 9.2 or Red Hat Enterprise Linux 8, follow the step below. This command will also work for CentOS, where Podman is available in the default repo for CentOS 7 and 8. If not, you can try our interactive lab on how to deploy a container using Podman.
To install the podman package, simply execute the command:
$ yum install -y podman
This command will install Podman and also its dependencies. Now you can start experimenting with Podman!
Command-line examples
Run a UBI (Universal Base Image) Container
Let's start by running a UBI (Universal Base Image) container. Assuming you are on a RHEL system, execute the below command. After you see the shell prompt, you are inside the running UBI container.
$ podman run -it registry.access.redhat.com/ubi9/ubi sh
Trying to pull registry.access.redhat.com/ubi9/ubi:latest...
Getting image source signatures
Checking if image destination supports signatures
Copying blob 33b9f09cff46 done
Copying config e7236a3e07 done
Writing manifest to image destination
Storing signatures
sh-5.1$
Now you have a RHEL container running. You can use the ls
command to list non-hidden files in the current directory and exit
to leave the container's shell.
sh-5.1$ ls
afs boot etc lib lost+found mnt proc run srv tmp var
bin dev home lib64 media opt root sbin sys usr
sh-5.1$ exit
exit
You can now explore various Podman commands to check the status of your containers and delete containers or images as needed.
To view the status of your containers, execute:
$ podman ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
1d49374d4964 registry.access.redhat.com/ubi9/ubi:latest sh 10 minutes ago Exited (0) 2 minutes ago loving\_mendeleev second ago reverent\_torvalds
To remove a container, use the podman rm
command followed by the container ID:
$ podman rm 1d49374d4964
1d49374d4964
To remove an image, use the podman image rm
command followed by the image name:
$ podman image rm registry.access.redhat.com/ubi9/ubi:latest
Untagged: registry.access.redhat.com/ubi9/ubi:latest
Deleted: e7236a3e070f267713ad79c451b8628166abc0bc9c855f624619e099ec3faa99
As you can see, we used the same syntax as we'd use with docker
.
Run a MariaDB persistent container
Let's move on to a more complicated example: running a MariaDB 10.5 SQL database server container with custom variables and persistent data.
First, download the MariaDB container image and inspect its details:
$ podman pull docker.io/library/mariadb:10.5
Trying to pull docker.io/library/mariadb:10.5...
Getting image source signatures
Copying blob 818ec8e8ed03 done
...
Copying config 9a79847e85 done
Writing manifest to image destination
Storing signatures
9a79847e85fb307d90864c991fc925e2d33b3ca6f9d3908008e456725a8f2cf1
Now, you can use podman images
to view the image we've just downloaded.
$ podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/library/mariadb 10.5 76a5b2d8081a 3 weeks ago 399 MB
This is because container filesystems are ephemeral, meaning once the container is removed, all the data associated with it is lost, we'll create a new volume to hold database data. Then, if we don't already have mysql
to work with the data in MariaDB, we can also install it using yum
.
$ podman volume create mariadb\_data
mariadb\_data
$ yum install -y mysql
Installed:
mariadb-connector-c-config-3.2.6-1.el9\_0.noarch
mysql-8.0.32-1.el9\_2.x86\_64
mysql-common-8.0.32-1.el9\_2.x86\_64
Complete!
And finally, let's run this container, running Podman with the following flags: -d for detached mode (in the background), -e
for setting environment variables, -p
for port assignment, -v
to route the volumes, and use the previously downloaded MariaDB image.
$ podman run --name mariadb -e MYSQL\_ROOT\_PASSWORD=pass -p 3306:3306 -v mariadb\_data:/var/lib/mysql -d docker.io/library/mariadb:10.5
00388490e13e9cb64b4f79ff4a56d250b725b67190e450251adbe3649cc280c2
Now, we can list the current running containers with podman ps
.
$ podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
00388490e13e docker.io/library/mariadb:10.5 mysqld 25 seconds ago Up 26 seconds 0.0.0.0:3306->3306/tcp mariadb
As you can see, the container is up and running, but what is it doing? Let's check using podman logs
, and doing a grep
with head
to see the most recent activity in the logs.
$ podman logs 00388490e13e | head
2023-06-08 18:10:09+00:00 \[Note\] \[Entrypoint\]: Entrypoint script for MariaDver 1:10.11.3+maria~ubu2204 started.B Server 1:10.11.3+maria~ubu2204 started.
2023-06-08 18:10:10+00:00 \[Note\] \[Entrypoint\]: Switching to dedicated user 'mysql'
2023-06-08 18:10:10+00:00 \[Note\] \[Entrypoint\]: Entrypoint script for MariaDB Server 1:10.11.3+maria~ubu2204 started.
2023-06-08 18:10:10+00:00 \[Note\] \[Entrypoint\]: Initializing database files
Ah! It just started and has initialized its database. Now, to get the IP address of the container and connect to it using TCP, we can use a podman inspect
command.
$ podman inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' mariadb
10.88.0.10
Perfect, now we can run the mysql
client using the server address like so, and using the password pass
we set when running this MariaDB container.
$ mysql -h 10.88.0.10 -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \\g.
Your MySQL connection id is 3
Server version: 5.5.5-10.5.20-MariaDB-1:10.5.20+maria~ubu2004 mariadb.org binary distribution
Within the MariaDB container, we can run regular commands that we would on any MySQL server.
mysql> SHOW DATABASES;
+--------------------+
| Database |
+--------------------+
| information\_schema |
| mysql |
| performance\_schema |
+--------------------+
mysql> CREATE DATABASE test;
Query OK, 1 row affected
mysql> SHOW DATABASES;
+--------------------+
| Database |
+--------------------+
| information\_schema |
| mysql |
| performance\_schema |
| test |
+--------------------+
Perfect. With everything looking good, we can exit the MariaDB server.
mysql> exit;
Bye
Once finished with it's usage, we can also kill the container with podman kill, and destroy it as well.
$ podman kill mariadb
mariadb
$ podman rm mariadb
mariadb
Doing a quick podman ps
, we can see there are no running containers, but let's start a new container to check for data persistence:
$ podman run --name mariadb -e MYSQL\_ROOT\_PASSWORD=pass -p 3306:3306 -v mariadb\_data:/var/lib/mysql -d docker.io/library/mariadb:10.5
Now, we can check to see if the container has started again.
$ podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f854d9bdfa38 docker.io/library/mariadb:10.5 mysqld 4 seconds ago Up 4 seconds 0.0.0.0:3306->3306/tcp mariadb
Being a new container, we'll again need to get the IP address of the container and connect to it.
$ podman inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' mariadb
10.88.0.11
Let's go ahead and check the MariaDB server again to ensure our database persisted through the removal of the container earlier, using password pass
.
$ mysql -h 10.88.0.11 -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \\g.
Your MySQL connection id is 3
Server version: 5.5.5-10.5.20-MariaDB-1:10.5.20+maria~ubu2004 mariadb.org binary distribution
Copyright (c) 2000, 2023, Oracle and/or its affiliates.
mysql> SHOW DATABASES;
+--------------------+
| Database |
+--------------------+
| information\_schema |
| mysql |
| performance\_schema |
| test |
+--------------------+
mysql> exit;
Bye
Great! Looks like our data has persisted, and the new database still is showing through the new container provision. Let's now stop and kill the container to tidy up.
$ podman kill f854d9bdfa38
f854d9bdfa38
Manage containers as system services through systemd and Podman
Finally, we'll create a simple systemd
resource for handling the previously created MariaDB container, which will allow your system to manage your Podman container just like any other system service.
First, we need to create a systemd
resource file for handling the brand new container service.
$ vim /etc/systemd/system/mariadb-container.service
Then, we'll paste the following content into the file. This simple service definition will attempt to remove an existing mariadb
container before starting a new one, and is configured to always restart the service if it stops.
[Unit]
Description=MariaDB Podman container
After=network.target
[Service]
Type=simple
TimeoutStartSec=5m
ExecStartPre=-/usr/bin/podman rm "mariadb"
ExecStart=/usr/bin/podman run --name mariadb -e MYSQL\_ROOT\_PASSWORD=pass -p 3306:3306 -v mariadb\_data:/var/lib/mysql -d docker.io/library/mariadb:10.5
ExecStop=/usr/bin/podman stop "mariadb"
Restart=always
RestartSec=30
[Install]
WantedBy=multi-user.target
Save and close the file by selecting esc then :wq
, then we can reload the systemd
catalog and start the service.
$ systemctl daemon-reload
$ systemctl start mariadb-container
Let's view the status of the service as well.
$ systemctl status mariadb-container
● mariadb-container.service - MariaDB Podman container
Loaded: loaded (/etc/systemd/system/mariadb-container.service; dis>
Active: deactivating (stop) since Thu 2023-06-08 19:08:29 UTC; 4s >
Process: 4910 ExecStartPre=/usr/bin/podman rm mariadb (code=exited,>
Process: 4919 ExecStart=/usr/bin/podman run --name mariadb -e MYSQL>
Main PID: 4919 (code=exited, status=0/SUCCESS); Control PID: 5004 (p>
Tasks: 8 (limit: 48881)
Memory: 18.6M
CPU: 373ms
CGroup: /system.slice/mariadb-container.service
├─5000 /usr/bin/conmon --api-version 1 -c 56cef5dded60b040>
└─5004 /usr/bin/podman stop mariadb
Let's go ahead and stop the service for now, we can also use the command systemctl enable mariadb-container
to start it automatically at boot.
$ systemctl stop mariadb-container
Awesome! We just set up a custom system service based on a container managed through Podman.
Conclusion
In summary, Podman is a powerful container management tool that serves as an alternative to the Docker command-line interface. With its daemonless architecture, it offers a lightweight and efficient solution for running standalone containers. Podman's compatibility with Docker CLI commands and its ability to integrate with system services through systemd make it a versatile choice for container orchestration and management. Feel free to follow me on Twitter @cedricclyburn for more cloud-native tutorials!