浏览此站
联系我们相册切换到窄版 Language

 找回密码
 注册
易陆发现论坛»论坛 操作系统区 非桌面系统 cenos8 stream版本安装podman配置
返回列表 发新帖
查看: 1627|回复: 2

cenos8 stream版本安装podman配置

[复制链接]
admin

1

主题

0

回帖

12

积分

管理员

积分
12
QQ
发表于 2023-2-11 17:30:01 | 显示全部楼层 |阅读模式
1、安装 Podman 和 Podman-Compose。
5 Q# I. y! E6 t1 o8 U. J% N, I& M6 t( q9 w8 i% o) r/ H
1)安装 Podman:
* o2 D5 h( Z/ k
$ q# g  F6 a5 N# ~2 J4 ~[root@host ~]# dnf install podman podman-plugins cockpit cockpit-podman
% ^" ~3 y4 w" C& b4 v' a6 B, v[root@host ~]# systemctl enable --now podman
6 }/ K$ L. [6 W" M[root@host ~]# systemctl enable --now cockpit.socket' T4 t, ^- S! M
安装cockpit和cockpit-podman后,可以通过【https://ip:9090】来管理容器。5 Y/ `6 R+ y8 U" T  }0 |

, P$ b1 E' o5 X; n1 _4 @9 h2)安装 Podman-Compose:7 w/ _% p' x, p7 V9 B+ F9 R8 K

% a# }0 @2 j1 d9 ^$ G[root@host ~]# dnf install python38 d0 ~2 T  g+ f- A
[root@host ~]# pip3 install podman-compose8 r/ c  d' |4 B4 m& M& m, P
程序安装位置:* y# E4 s8 w/ A! o# X
镜像管理程序:/usr/bin/podman7 R1 ^8 c3 S' E: T, w( g
编译文件执行程序:/usr/local/bin/podman-compose# K5 P* r2 ?) R5 V
配置文件目录:/etc/containers,/usr/share/containers
+ ~* K7 i4 {1 l+ ?. U. V# Q$ ?9 W3 f: l. D% E
更新% O8 e, J- y6 w9 c: @; @
" c  ~! D/ f& i  R
[root@host ~]# dnf upgrade podman+ @. t: G0 e% U$ g/ |- E
[root@host ~]# pip3 install -U podman-compose$ E' F4 g) n! H1 V$ X6 r  M, l# M" K
( A4 C7 U+ C6 n* M& H5 M' [; D/ ?( Y
2、设置国内镜像仓库加速器。# A- v# C( a$ i; v/ o- o- K

" h( [; A. H+ Q1)备份原配置文件:5 z: q7 k* ]% k" V  D
: q+ R+ {9 z$ G! Z& w
[root@host ~]# cp /etc/containers/registries.conf{,.bak}
3 c# X: `' Q, [0 c. J2)使用文本编辑器打开配置文件:! c8 S* W2 o1 w
* u" b* h. D# N, `$ m$ A; `  {) ^
[root@host ~]# vim /etc/containers/registries.conf
* V3 ^8 z+ Y: f3)删除原有内容,重新编写文件内容后保存:7 J3 o9 A+ I. ]9 J

! t" d0 }" ?" W6 M. G7 E: ?; {unqualified-search-registries = ["docker.io"]- H6 T+ R. X( Q
9 Y% i2 `: [8 [, t5 j6 i% h, n
[[registry]]
) B+ Q4 r9 Z0 q( [$ Vprefix = "docker.io"1 @* W! c& e( _9 Z( N0 n$ s2 {5 U2 m
location = "docker.io"
. m  n  V! k9 K8 O
+ C" X/ h3 b: C- R- G[[registry.mirror]]
3 F0 k: s+ Z3 P( ?location = "mirrors.tuna.tsinghua.edu.cn"2 ^: Z* f7 q( B2 E

# e: j. Y  a* @9 r. }( e3 u0 I4 E, |- `
4、设置镜像仓库和运行时目录。( R/ w* l0 ^8 s. f
) t& @; O4 C/ U* O% A
1)创建镜像仓库目录:2 f/ d5 e/ S* @1 j0 L3 s3 B# w$ K# g
) |3 s: f) F: M. R$ g' B3 N
[root@host ~]# mkdir -p /data/containers/{run,graph}7 ]8 q6 q$ T; N' g+ v) W* u
2)备份原配置文件:
% y- `/ R( p) z/ R6 D; B* w1 T6 B
[root@host ~]# cp /etc/containers/storage.conf{,.bak}, O: C$ B% A8 n$ [
3)使用文本编辑器打开配置文件:
9 L& m( a- u2 V/ Y! X6 X! L" O: d; H6 Q* j3 Z9 a; e7 v0 h4 ?
[root@host ~]# vim /etc/containers/storage.conf
5 Q* y( O* ]- L: L5 e% S5 X4)修改文件以下内容后保存:
& J7 b' p& l7 }/ _& b* t5 @! s& k7 W/ O& A9 s* |6 J
# root 用户运行时目录
- T! ]! x4 G, U  G+ i; qrunroot = "/data/containers/run"
+ d2 q! I0 ~% i2 {. O* n1 v  m, |- [" f. Y, r
# root 用户镜像仓库目录, b" N. W' _( B" r  z: h
graphroot = "/data/containers/graph"0 e$ z" j. a+ b* R/ y% v

0 e, L! ^  W( i$ h$ T* g5、修改 SELinux 配置文件,永久关闭 SELinux。
, n: ~! g& a# N; g$ L- N! a# x, r; z. [
使用文本编辑器打开"/etc/selinux/config"文件:7 I3 ~9 B5 ~, V" E; w3 H

5 n( A3 g& y4 q& I. ][root@host ~]# vim /etc/selinux/config
! p! W2 q8 @+ _( ?$ a, f' k. [将 "SELINUX" 参数设置为:"permissive" 或者 "disabled",并保存:
6 G1 K1 r. s' U) I$ d0 U7 I
: H) l- [: ?5 B3 U
( w6 `/ d6 S; V$ F" o$ c) C# Q+ Y#     enforcing - 表示启用 SELinux 安全策略。; S- d0 ~; D2 _
#     permissive - 表示启用 SELinux 安全策略,但不强制验证。如果执行第一步可以正常运行,则建议设置此值。0 I% J& B. |4 f  b% [6 R- p( }
#     disabled - 关闭 SELinux 安全策略,相当于没有安装 SELinux。- }6 \  U" a; r
SELINUX=disabled
2 ^$ D. e! `: }9 g1 t, }5 B4 @  a: R; Q* f& f0 {1 P# O( J
. S, m+ F0 A# u
重启服务器:
8 n" f. c/ ^1 ^* i5 d  F
3 U, F$ [8 @! R  q7 O! L9 z[root@host ~]# shutdown -r now( I6 |. Y- M6 {1 u  h6 R0 D+ \
: v& f& C$ k8 n% q
回复

举报

admin

1

主题

0

回帖

12

积分

管理员

积分
12
QQ
 楼主| 发表于 2023-2-11 17:30:02 | 显示全部楼层
podman的配置文件 /etc/containers/registries.conf
; ~. }- A: c1 t; W9 K全局配置文件: /etc/containers/registries.conf
' z6 ^3 f- N0 K  H" ^用户配置文件: ~/.config/containers/registries.conf
1 ?# s$ W6 H4 T备份原文件
9 Q# A- g* c' n. m4 U3 E: n+ Y. N
sudo cp /etc/containers/registries.conf /etc/containers/registries.conf.bak3 o# G! M- B) P3 X
7 V3 V+ R) z. f& l2 P9 q  L
sudo cp /etc/containers/registries.conf /etc/containers/registries.conf.`date "+%Y-%m-%dT%H:%M:%S"`.bak
4 `. L/ [, f& x  A4 g; q3 ~, U" B; j4 x
sudo cp /etc/containers/registries.conf /etc/containers/registries.conf.`date "+%Y%m%d%H%M%S"`.bak# k1 M9 Q7 z- D7 h, a" N: s  x) D% T

0 a1 _8 V* [: A! I; asudo cp /etc/containers/registries.conf /etc/containers/registries.conf.`date "+%y%m%d%H%M%S"`.bak
" s! T# F1 F- Y: f  k% {$ |% w# _7 Z2 R$ c
[ -e /etc/containers/registries.conf.BackupDir ] || mkdir /etc/containers/registries.conf.BackupDir
4 h% L  F& j2 W7 ?9 t9 jsudo cp /etc/containers/registries.conf /etc/containers/registries.conf.BackupDir/registries.conf.`date "+%Y%m%d%H%M%S"`.bak. C1 v4 d! |9 U7 M+ M# p& {& A
& `4 ^8 o# w) j% |' M
编辑
- I, X" U1 Y0 {( E6 _, q+ B$ S+ @7 Q4 I0 w
sudo vi /etc/containers/registries.conf& }* `/ G. G9 A' t( K# R
' h; d3 ?* i% m- F% W# Q& d1 J5 y
sudo vi ~/.config/containers/registries.conf
8 n& ^2 z; l7 g" f3 V3 z$ d  C! X/ a' u, J
查看& f5 }+ G9 [* h  a
8 i9 b! w. |; E( q9 u. K
sudo cat /etc/containers/registries.conf' `) U/ V# n0 C
1 O4 H  Y. e9 F: Q1 o) ?- A
sudo cat ~/.config/containers/registries.conf
4 a9 s: ~0 G- C: @. u4 r' g
7 p, u6 Y# A- ~0 I& ^# Vsudo more /etc/containers/registries.conf
$ l0 z% z( {4 e4 d+ |0 u
" ?# \$ V$ x; p  g: P5 L/ }sudo less /etc/containers/registries.conf2 C# c+ x( K2 S# q9 ?. J

8 y; L+ b7 C. E, K- r% ]: O其中prefix是pull的时候指定的镜像前缀,location是获取镜像的地址,如果不指定prefix则默认和location一致。insecure=true表示允许通过HTTP协议来获取镜像,对于私有化部署/内网测试环境下无https证书的环境来说很有帮助。
4 x# e' c9 ]( W) {. A4 H5 f: M' W4 P" l: y4 v" f
配置单个镜像源8 h( U8 ?) P, J+ X

: @: q+ V: ]5 H% o" U使用中科大源
- u: q+ h# K9 H7 F  N, G
/ S( p6 L& J0 U# |/ _$ [  z. i6 @###  CentOS9原版 unqualified-search-registries
) h! L1 W) {0 d" b8 x2 I# unqualified-search-registries = ["registry.fedoraproject.org", "registry.access.redhat.com", "registry.centos.org", "quay.io", "docker.io"]1 K  _  [  a: ^. ?
3 c" {9 m) n( C0 R# Z1 ~4 U5 h" h
###  Fedora36原版 unqualified-search-registries
" n5 d: C$ M5 ]& k& `# x& M* ~# unqualified-search-registries = ["registry.fedoraproject.org", "registry.access.redhat.com", "docker.io", "quay.io"]
2 }# Z+ {  {! U4 M/ j" ?7 z9 F
  K4 D% ?8 I, h+ I" E8 k###  Rocky9原版 unqualified-search-registries
: x7 N. u( |4 U6 L# unqualified-search-registries = ["registry.fedoraproject.org", "registry.access.redhat.com", "registry.centos.org", "quay.io", "docker.io"]
' K" G$ m8 R( X" P; Q) H3 ~- ~
###  AlmaLinux9原版 unqualified-search-registries
" g2 ?- o7 d1 F! |# unqualified-search-registries = ["registry.access.redhat.com", "registry.redhat.io", "docker.io"]
9 ~2 b( j' b9 x# C$ \0 K2 J0 V. ^. W' T" P1 a9 o7 i
### 取消从默认地址搜索的仓库域名
% J- J' M4 e' e# Eunqualified-search-registries = ["docker.io"]
. m, W( n: ~% M+ s$ U+ n0 P/ k6 B3 ]  _& z( [( l/ t
### 自定义搜索器
5 F2 U  o' F  T[[registry]]8 G8 I  s! f; k3 u
### 仓库前缀
  q, [1 c" ~1 @4 y9 j' mprefix = "docker.io"; S. ^" u) ^/ |" J, Z
### 加速器地址6 h; }; b% ^" Y4 Q  e& T
location = "docker.mirrors.ustc.edu.cn"
& t# j1 r5 R$ {- x" z5 A. e1 e  Q### 允许通过http协议获取镜像
/ j- r$ t* j6 f+ O/ A3 D! Minsecure = true" {4 O3 R6 [8 t1 R% F
( Z- `% C" ?4 |
3 B* v) T6 [1 N9 L: \+ h: X1 k

  u1 f  r3 ^/ \3 V5 C8 ^/ Z" A5 G* @: w. X! s
使用docker中国区的源
& t( S# s' K. Z: {: E3 a
5 E5 w) T  t5 u. }unqualified-search-registries = ["docker.io"]
( |1 I, j. u) x9 K5 A
4 a5 [0 P( O2 ?8 R[[registry]], f0 }& |6 B% \; P2 I
prefix = "docker.io"
: p& Y7 ?7 O/ z2 v" }; elocation = "registry.docker-cn.com"1 Q7 c* o; E9 Q8 }
insecure = true, L2 A) k, v  e: Z/ n) |

; q) m7 \7 z. I. {) n5 C' s# S& k7 {' R
使用163源
- d) A& v: J: V1 G* a2 O( t+ b: U  K7 M
unqualified-search-registries = ["docker.io"]
; k% Y/ F0 I  b
3 }: \3 p7 v6 G! h& S3 {4 ?[[registry]]0 E; W: m$ q! S+ C: ~+ P
prefix = "docker.io"
% S! N  `& O+ Y  h) I) x9 olocation = "hub-mirror.c.163.com"- `. ~4 d9 R1 o4 L4 T) M
insecure = true
) y) s! w0 s2 l; N8 K7 N% T+ ^& U/ [4 ^* R2 I6 ^* Q! L3 P* Z
0 \, f4 y9 v$ C! M. H4 j8 O
使用阿里源
, r+ `3 `" r0 g& p% m
! j( ]' P2 M# [* g: ~unqualified-search-registries = ["docker.io"]
" m( z. x0 g! K0 k& X$ F5 u3 ^7 u% `, b) @  @) D
[[registry]]& J) F( q+ u. `6 t
prefix = "docker.io"0 @6 w- b. T" T4 A& N! t9 W
location = "xxxxxx.mirror.aliyuncs.com"2 V3 `& S# y1 E& a# t
' T- O5 e' ^  c$ g
+ k5 C! B7 l9 y8 C  E& i
0 `/ s2 h: h/ l+ |' ]3 x5 c6 k
配置多个镜像源! h$ P0 G3 ]) {

4 z; }4 Y" p  L2 j+ I' qunqualified-search-registries = ["docker.io"]
* I2 H& X; D  R3 k$ c
4 g* Q) a5 H! j[[registry]]
+ q$ H' M8 ~1 N: i, Lprefix = "docker.io") |7 B( P; _7 A
location = "hub-mirror.c.163.com"5 A7 v+ N1 D) q+ ?) q. i( x5 {
insecure = true
' u, J6 t. R5 L; _" }# z" @# e( i  f6 V
4 m& K, W& F5 J* k2 s- s- A" k4 K$ L# j[[registry.mirror]]' Z+ T  J& k; E% {' {
location = "docker.mirrors.ustc.edu.cn"  b' B$ q" x* w* D% A/ L
insecure = true+ ?3 `% d5 H8 Z8 ^6 z
[[registry.mirror]]) ^/ v/ r; M; k' `
location = "hub-mirror.c.163.com"7 Z9 Q2 s6 H3 Q8 T& ?
insecure = true
4 M! N9 }2 Q# ^  k, I: |[[registry.mirror]]& ?1 t  ^' E) P7 F8 O/ Y  `) {
location = "registry.docker-cn.com"
, V; }9 T( S% F" J, uinsecure = true
$ B) u  E" J$ s5 T' F
. f3 A, N* m1 @1 Y用脚本配置$ M) c; _6 ^- H1 t* _8 n
  G3 [: P9 x, ~  q% U
#!/bin/bash
! {: \3 N5 X% V0 Y0 |[ -e /etc/containers/registries.conf.BackupDir ] || mkdir /etc/containers/registries.conf.BackupDir( T5 c- `& `' C5 @
sudo cp /etc/containers/registries.conf /etc/containers/registries.conf.BackupDir/registries.conf.`date "+%Y%m%d%H%M%S"`.bak, `2 s8 Z! H0 Y) E
printf ') N" M0 J8 B1 d$ X. I
unqualified-search-registries = ["docker.io"]
3 \* V# s% E; R" m
$ q9 t% m& w2 t[[registry]]
+ i+ J  D6 ]% Q6 U* F) S  c# k. u0 Uprefix = "docker.io"8 R  |: p. Z  r0 c# ?) L/ {0 I
location = "hub-mirror.c.163.com"
* F1 M: L* y1 M+ v2 w2 Hinsecure = true
8 A# v2 V) _, x( \[[registry.mirror]]
" J6 c- c4 j3 Hlocation = "docker.mirrors.ustc.edu.cn"
/ M( h* t1 B. \0 s: Vinsecure = true. N6 c  f. c+ b4 i, _
[[registry.mirror]]0 }5 Z3 J$ }1 y$ W
location = "hub-mirror.c.163.com"( v2 q9 {- n$ G" P: }9 `" y
insecure = true( |, b3 g& j- q( J( ?; Q
[[registry.mirror]]9 r$ t- U% J% N9 C# N
location = "registry.docker-cn.com"$ z7 f) b* M/ }
insecure = true
  a# I$ s& r) I" n* B4 [' j- M1 l' | sudo tee /etc/containers/registries.conf
4 g/ @8 b/ c  f" v8 ]8 f3 h$ `2 O! n2 A7 [1 V

; m, C' ]1 d: `1 m! z. T1 p测试,查看信息
3 V* L. C6 y, s# Q& q
8 Q: n9 N# M) {4 R% p4 Y7 @1 I) Rsudo podman run hello-world
( P- ^9 D, j' \6 M9 J& l2 w2 W9 h$ \. V( k' o1 `6 c
sudo podman info
7 M  d6 D3 R; g3 P% H) E8 O8 E& d, F- p: s; _! y

( m( l( C$ b3 X( ~' O5 ?) e
回复

举报

admin

1

主题

0

回帖

12

积分

管理员

积分
12
QQ
 楼主| 发表于 2023-2-11 21:49:24 | 显示全部楼层
安装podman:
* @$ D/ l0 b3 d+ c( sdnf install -y @container-tools
8 u% e- o/ z1 c* N! p: Z* kdnf install -y podman& I$ x( c6 P5 \" q3 R2 D
安装podman:
) m  E1 K6 F, I: l2 m( G  Z5 Sdnf install -y @container-tools
1 D5 _  \8 M; n6 o# Ddnf install -y podman. B' c) {. a! l# p

- {, A- t$ V% W. P2 N备份文件:
$ X6 K- Z4 l, s8 M- L* ?: M3 i4 b; Tcp /etc/containers/registries.conf{,.bak}
8 s8 D: b( `) z) i. x5 w5 d8 i7 a! n( _: j( c- o  T
修改文件:) A; N3 o" g( P4 R
vim /etc/containers/registries.conf1 e" w4 }, [/ B5 w% L/ y1 [
去掉红帽的哪些配置,只保留下面的配置:
' s! X; {5 t, Q6 J: xunqualified-search-registries = ["docker.io"]
6 O+ ?' G% @# G4 Iunqualified-search-registries = ["docker.io"]
5 b/ a) W# w% O  t4 O1 f; b[[registry]]
& S# P6 r+ [% q' Zprefix = "docker.io"
3 x% q' ?4 ~$ A! q5 zlocation = "docker.io"
+ |- `$ H: S, \- y+ b! b5 n5 o  i$ v4 Z
[[registry.mirror]]
2 [$ |! ?  }7 q0 p9 a5 f) l5 Y4 Hlocation = "mirror.baidubce.com". D* {: P, l& N9 d' @
; _  }1 z: }* `( t0 S$ f
dnf install -y podman
dnf install -y podman podman-plugins cockpit cockpit-podman
systemctl enable --now podman.service
systemctl enable --now cockpit.socket
- I; C7 B0 z- G' S2 N/ L, ~
+ P/ x; G# e' P& G# L
回复

举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 注册

本版积分规则

返回首页|Archiver|手机版|小黑屋|易陆发现技术论坛 ( 蜀ICP备2026014127号-1 )

GMT+8, 2026-6-12 02:06 , Processed in 0.022293 second(s), 22 queries .

Powered by Discuz! X5.0

© 2001-2026 Discuz! Team.

快速回复 返回顶部 返回列表