materials #
rootless shortcomings #
service #
podman service 兼容 docker 服务,同时也包含了 libpod 实现的接口。 可以在调用时候指定 unix socket 或者 tcp socket,否则就 fallback 到默认的连接上。
implementation components #
- OCI runtime-tools to generate
config.json, and run by OCI compatible runtime - containers/image
- containers/storage
- CNI
- Buildah
- Conmon
- Seccomp
podman remote #
connect #
podman -r -c <remote-dev>
Enable podman service on remote host: #
/usr/lib/systemd/user/podman.service
[Unit]
Description=Podman API Service
Requires=podman.socket
After=podman.socket
Documentation=man:podman-system-service(1)
StartLimitIntervalSec=0
[Service]
Delegate=true
Type=exec
KillMode=process
Environment=LOGGING="--log-level=info"
ExecStart=/usr/bin/podman $LOGGING system service
[Install]
WantedBy=default.target
/usr/lib/systemd/user/podman.socket
[Unit]
Description=Podman API Socket
Documentation=man:podman-system-service(1)
[Socket]
ListenStream=%t/podman/podman.sock
SocketMode=0660
[Install]
WantedBy=sockets.target
Enable services on remote host
systemctl --user enable --now podman.socket
# enable lignering if not, ubuntu here for example
sudo loginctl enable-linger ubuntu
Now, add connection locally
podman system connection list
podman system connection add dev ubuntu@<remote-host>
podman auto update & systemd #
podman run 时候添加 io.containers.autoupdate=AUTO_UPDATE_POLICY 的 label
AUTO_UPDATE_POLICY 可以是
resgistrylocal
ref, intro-1 and redhat intro
commands #
Questions #
- Plan to integrate libpod into cri-o (no progress), why?
No daemon Podman does not speak CRI. It does not communicate directely with CRI-O.
- okay to
pullby registries, while failed byrun, issue?