基础环境
系统:openEuler 22.03 (LTS-SP4) X86
软件:podman-5.1.2、podman-compose-1.2.0
配置 yum 源#
echo '[baseos]
name=CentOS-Stream-9-Base-mirrors.aliyun.com
baseurl=https://mirrors.aliyun.com/centos-stream/9-stream/BaseOS/x86_64/os/
gpgcheck=0
[appstream]
name=CentOS-Stream-9-Appstream-mirrors.aliyun.com
baseurl=https://mirrors.aliyun.com/centos-stream/9-stream/AppStream/x86_64/os/
gpgcheck=0' > /etc/yum.repos.d/CentOS.repo
安装 podman 和 podman-compose#
# 安装podman podman-docker
yum install -y podman podman-docker
# 下载podman-compose
pip install podman-compose
# 创建文件,使用docker命令时不报错
touch /etc/containers/nodocker
安装podman-docker
后可使用 docker 命令
启动并查看版本#
# 启动podman
systemctl start podman
# 设置开机自启
systemctl enable podman
# 查看版本
podman --version
永久启用 cgroups-v2#
📚海拾🐚 cgroups-v2
cgroup v2 for containers 需要内核版本 4.15 或更高,而建议在 5.2 或更高再使用 cgroup v2。WARN[0000] Using cgroups-v1 which is deprecated in favor of cgroups-v2 with Podman v5 and will be removed in a future version. Set environment variable
PODMAN_IGNORE_CGROUPSV1_WARNING
to hide this warning.
(1)确定系统是否支持 cgroups-v2
grep cgroup /proc/filesystems
如果系统支持会显示以下内容:
nodev cgroup
nodev cgroup2
(2)输入ls /sys/fs/cgroup/cgroup.controllers
检查是否已经激活 cgroups-v2,如果显示ls: cannot access '/sys/fs/cgroup/cgroup.controllers': No such file or directory,则表示还未激活。
(3)永久激活 cgroups-v2
打开 GRUB 配置文件/etc/default/grub
,修改内核命令行参数。在GRUB_CMDLINE_LINUX
所在行加入以下参数:
systemd.unified_cgroup_hierarchy=1
GRUB_CMDLINE_LINUX="resume=/dev/mapper/openeuler-swap rd.lvm.lv=openeuler/root rd.lvm.lv=openeuler/swap cgroup_disable=files apparmor=0 crashkernel=512M systemd.unified_cgroup_hierarchy=1"
(4)更新 GRUB 配置,重启系统使更改的参数生效。
# 更新GRUB配置
sudo grub2-mkconfig -o /boot/grub2/grub.cfg
# 重启
reboot
验证 cgroups-v2#
重启系统后,输入命令查看 podman 的 cgroupVersion 的版本,显示版本为 v2,则启用成功。并且在输入 podman 命令时,不会在有提示。
podman info | grep cgroupVersion
cgroupVersion: v2
配置镜像源#
打开配置文件/etc/containers/registries.conf
,配置国内镜像源,加速拉取镜像。
echo 'unqualified-search-registries = ["docker.io"]
[[registry]]
prefix = "docker.io"
location = "dockerhub.icu"
insecure = true
[[registry.mirror]]
location = "ghcr.geekery.cn"
insecure = true
[[registry.mirror]]
location = "hub.rat.dev"
insecure = true
[[registry.mirror]]
location = "docker.wanpeng.top"
insecure = true
[[registry.mirror]]
location = "f1361db2.m.daocloud.io"
insecure = true' >> /etc/containers/registries.conf
拉取镜像测试#
podman run hello-world
成功拉取并运行后会显示以下效果:
Resolved "hello-world" as an alias (/etc/containers/registries.conf.d/000-shortnames.conf)
Trying to pull quay.io/podman/hello...
Getting image source signatures
Copying blob 81df7ff16254 done |
Copying config 5dd467fce5 done |
Writing manifest to image destination
!... Hello Podman World ...!
.--"--.
/ - - \
/ (O) (O) \
.---. /` \ |~~
~/ o o \~~~~.----. ~~
| =(X)= |~ / (O (O) \
~~~~~~~ ~| =(Y_)=- |
~~~~ ~~~| U |~~
Project: https://github.com/containers/podman
Website: https://podman.io
Desktop: https://podman-desktop.io
Documents: https://docs.podman.io
YouTube: https://youtube.com/@Podman
X/Twitter: @Podman_io
Mastodon: @[email protected]