Podman

Manage pods, containers, and container images.

This project is maintained by the containers organization.

Podman logo

Podman Blogs

19 Nov 2018 » Build Podman RPMs with a container image by baude

podman logo

Build Podman RPMs with a container image

By Brent Baude GitHub Twitter

Libpod development is still very much active and on-going. We often have folks who are looking to test out the latest libpod and Podman for either new features or bug fixes. We typically build RPMs for distributions like Fedora on a release cadence, which used to be weekly but now has slowed down as libpod has stabilized. Building libpod from source is not difficult, but sometimes the user’s environment will not allow them to install all the packages needed; or perhaps the user is intimidated by building from source; or perhaps the user would prefer the RPM package because it will make the upgrade process easier down the road.

To solve this problem, I have created a series of container images for CentOS7, Fedora 28, and Fedora 29 that are capable of building a development Podman RPM and associated packages.

A bit about the images themselves

The image that can used to build the RPMs is called quay.io/libpod/build_libpod. You simply alter the tag to build for the various distributions. The latest tag will build CentOS7 RPMs. Two other tags exist: fedora28 and fedora29.

Create the temporary directory

Create a directory for where the RPMs will be volume mounted. It must be /tmp/rpms.

$ mkdir /tmp/rpms

Build the RPMs

Building the RPMs is a simple Podman command that leverages the container runlabel function in Podman. Once the image is pulled by Podman, it will install the required packages for building the RPMs. After the build is complete, the container will also test to make sure the RPMs install correctly.

$ sudo podman container runlabel -p run quay.io/libpod/build_libpod:fedora29
Trying to pull quay.io/libpod/build_libpod:fedora29...Getting image source signatures
Skipping fetch of repeat blob sha256:7692efc5f81cadc73ca1afde08b1a5ea126749fd7520537ceea1a9871329efde
Copying blob sha256:af79f3045c1f7e253b5952752ae4ecabb15f5ee1e2c7e4148132ed37ea7e0091
 24.70 MB / 24.70 MB [======================================================] 2s
Copying blob sha256:ff2caf91b3889620d64f6fa5529531c3fed78222ce33a89ac85318e410d302fb
 206 B / 206 B [============================================================] 0s
Copying blob sha256:dd6fe2d1ef4e4ca5252881a6ab2db0eecc1166486af08384eab121512fd8e1dd
 253 B / 253 B [============================================================] 0s
Copying blob sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
 32 B / 32 B [==============================================================] 0s
Skipping fetch of repeat blob sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Writing manifest to image destination
Storing signatures
Command: /proc/self/exe run -it --rm --net=host -v /tmp/rpms:/root/rpmbuild/RPMS/x86_64/:Z quay.io/libpod/build_libpod:fedora29
Cloning into '/go/src/github.com/containers/libpod'...
warning: redirecting to https://github.com/containers/libpod/
remote: Enumerating objects: 34, done.
remote: Counting objects: 100% (34/34), done.
remote: Compressing objects: 100% (31/31), done.
remote: Total 23112 (delta 12), reused 12 (delta 3), pack-reused 23078
Receiving objects: 100% (23112/23112), 15.96 MiB | 10.16 MiB/s, done.
Resolving deltas: 100% (13753/13753), done.
/go/src/github.com/containers/libpod
++ command -v dnf
+ pkg_manager=/usr/bin/dnf

... ** SHORTENED FOR BREVITY ***

Installed:
  python3-podman-0.11.2-1542207420.git2b911b0c.fc29.noarch            python3-pypodman-0.11.2-1542207420.git2b911b0c.fc29.noarch           
  python3-dateutil-1:2.7.0-3.fc29.noarch                              python3-humanize-0.5.1-14.fc29.noarch                                
  python3-psutil-5.4.3-6.fc29.x86_64                                 

Complete!

The resulting RPMs will end up in your temporary directory of /tmp/rpms.

$ find /tmp/rpms/
/tmp/rpms/
/tmp/rpms/noarch
/tmp/rpms/noarch/python3-pypodman-0.11.2-1542210510.git2b911b0c.fc29.noarch.rpm
/tmp/rpms/noarch/python3-podman-0.11.2-1542210510.git2b911b0c.fc29.noarch.rpm
/tmp/rpms/x86_64
/tmp/rpms/x86_64/podman-debuginfo-0.11.2-1542210510.git2b911b0c.fc29.x86_64.rpm
/tmp/rpms/x86_64/podman-debugsource-0.11.2-1542210510.git2b911b0c.fc29.x86_64.rpm
/tmp/rpms/x86_64/podman-0.11.2-1542210510.git2b911b0c.fc29.x86_64.rpm

Future

If folks like this, I’ll consider adding the ability to pass in a specific git commit to build.

Read More

31 Oct 2018 » Buildah and Podman Relationship by tsweeney

podman logo buildah logo

Buildah and Podman Relationship

By Tom Sweeney GitHub Twitter

Kubernetes installations can be complex with multiple runtime dependencies and runtime engines. CRI-O was created to provide a lightweight runtime for Kubernetes which adds an abstraction layer between the cluster and the runtime that allows for various OCI runtime technologies. However you still have the problem of daemon dependencies in your cluster for builds - I.e. if you are using the cluster for builds you still need a Docker daemon.

Enter Buildah. Buildah allows you to have a Kubernetes cluster without any Docker daemon for both runtime and builds. Excellent. But what if things go wrong? What if you want to do troubleshooting or debugging of containers in your cluster? Buildah isn’t really built for that, what you need is a client tool for working with containers and the one that comes to mind is Docker CLI - but then you’re back to using the daemon.

This is where Podman steps in. Podman allows you to do all of the Docker commands without the daemon dependency. With Podman you can run, build (it calls Buildah under the covers for this), modify and troubleshoot containers in your Kubernetes cluster. With the two projects together, you have a well rounded solution for your OCI container image and container needs.

Buildah and Podman are two complementary Open-source projects that are available on most Linux platforms and both projects reside at GitHub.com with Buildah here and Podman here. Both Buildah and Podman are command line tools that work on OCI images and containers. The two projects are related, but differ in their specialization.

Buildah specializes in building OCI images. Buildah’s commands replicate all of the commands that are found in a Dockerfile. Buildah’s goal is also to provide a lower level coreutils interface to build container images, allowing people to build containers without requiring a Dockerfile. Buildah’s other goal is to allow you to use other scripting languages to build container images without requiring a daemon.

Podman specializes in all of the commands and functions that help you to maintain and modify those OCI container images, such as pulling and tagging. It also allows you to create, run, and maintain those containers. If you can do a command in the Docker CLI, you can do the same command in the Podman CLI. In fact you can just alias ‘podman’ for ‘docker’ on your machine and you can then build, create and maintain container images and containers without a daemon being present, just as you always have.

Although Podman uses Buildah’s build functionality under the covers to create a container image, the two projects have differences. The major difference between Podman and Buildah is their concept of a container. Podman allows users to create traditional containers and the intent of these containers is to be controlled through the entirety of a container life cycle (pause, checkpoint/restore, etc). While Buildah containers are really created just to allow content to be added to the container image. Each project has a separate internal representation of a container that is not shared. Because of this you cannot see Podman containers from within Buildah or vice versa. However the internal representation of a container image is the same between Buildah and Podman. Given this, any container image that has been created, pulled or modified by one can be seen and used by the other.

Some of the commands between the two projects overlap significantly but in some cases have slightly different behaviors. The following table illustrates the commands with some overlap between the projects.

Command Podman Behavior Buildah Behavior
build Calls buildah bud Provides the build-using-dockerfile (bud) command that emulates Docker’s build command.
commit Commits a Podman container into a container image. Does not work on a Buildah container. Once committed the resulting image can be used by either Podman or Buildah. Commits a Buildah container into a container image. Does not work on a Podman container. Once committed, the resulting image can be used by either Buildah or Podman.
mount Mounts a Podman container. Does not work on a Buildah container. Mounts a Buildah container. Does not work on a Podman container.
pull and push Pull or push an image from a container image registry. Functionally the same as Buildah. Pull or push an image from a container image registry. Functionally the same as Podman.
run Run a process in a new container in the same manner as docker run. Runs the container in the same way as the RUN command in a Dockerfile.
rm Removes a Podman container. Does not work on a Buildah container. Removes a Buildah container. Does not work on a Podman container.
rmi, images, tag Equivalent on both projects. Equivalent on both projects.
containers and ps ps is used to list Podman containers. The containers command does not exist. containers is used to list Buildah containers. The ps command does not exist.

A quick and easy way to summarize the difference between the two projects is the buildah run command emulates the RUN command in a Dockerfile while the podman run command emulates the docker run command in functionality.

Buildah is an efficient way to create OCI images while Podman allows you to manage and maintain those images and containers in a production environment using familiar container cli commands. Together they form a strong foundation to support your OCI container image and container needs. Best yet, they are both Open-source projects and you are more than welcome to contribute to either or both projects. Hope to see you there!

Read More

10 Oct 2018 » Adding checkpoint/restore support to Podman by Adrian Reber

podman logo

Adding checkpoint/restore support to Podman

By Adrian Reber

With the help of Checkpoint/Restore In Userspace (CRIU) I was able to add initial checkpoint/restore support to Podman. Using checkpoint/restore it is now possible to resume a container after a reboot at exactly the same point in time it was checkpointed.

Read More

07 Oct 2018 » OpenStack Containerization with Podman – Part 3 (Upgrades) by emacchi

podman logo

Upgrade OpenStack TripleO Undercloud from Docker to Podman containers

By Emilien Macchi GitHub Twitter

I wrote a blog post about how we could upgrade OpenStack TripleO Undercloud from Docker to Podman containers.

Read More

Read More

05 Oct 2018 » OpenStack Containerization with Podman – Part 1 (Undercloud) by emacchi

podman logo

Deploy OpenStack TripleO Undercloud Podman containers

By Emilien Macchi GitHub Twitter

I wrote a blog post about how we deploy OpenStack TripleO Undercloud with Podman containers.

Read More

Read More

05 Oct 2018 » OpenStack Containerization with Podman – Part 2 (SystemD) by emacchi

podman logo

Manage Podman containers with SystemD

By Emilien Macchi GitHub Twitter

I wrote a blog post about how we manage Podman containers with SystemD in OpenStack TripleO.

Read More

Read More

04 Oct 2018 » SELinux blocks Podman container from talking to libvirt by dwalsh

podman logo

SELinux blocks Podman container from talking to libvirt

By Dan Walsh GitHub Twitter

I wrote a SELinux blog on running a container with Podman. The talks explains why SELinux blocks the connection to the libvirt socket. It then goes on to explain how to setup the container to allow the communication.

Read More

Read More

03 Oct 2018 » Why can’t I delete storage files created by non-root podman? by dwalsh

podman logo

Why can’t I delete storage files created by non-root Podman?

By Dan Walsh GitHub Twitter

Cool things you can do with Podman

When running Podman as root, the default location for storage is /var/lib/containers/storage. Of course, users cannot use this directory when running as non root, so Podman creates the storage by default in $HOME/.local/share/containers.

Read More

25 Sep 2018 » Cool thing: Pulling content directly from the Docker Daemon... by dwalsh

podman logo

Pulling content directly from the Docker Daemon…

By Dan Walsh GitHub Twitter

Cool things you can do with Podman.

I recently received a bug report about some huge container images not working correctly in Docker. So I suggested to the reporter that they try them with Podman. He responded that he saw the images with docker images, but did not see them with podman images.

I explained to him that the Docker image and container database are separate from the Podman image and container database. I told him he would have to pull the images into Podman. Then I decided to try a cool feature of Podman, where I could pull images directly out of the Docker daemon.

Read More

13 Sep 2018 » Using Systemd with Podman containers by emacchi

podman logo

Using Systemd with Podman containers

By Emilien Macchi GitHub Twitter

Podman wasn’t designed to manage containers start-up order, dependency checking or failed containers recovery. In fact, this job can be done by external tools and this blog post describes how we can use the systemd initialization service to work with Podman containers.

Read More

15 Aug 2018 » Python3 support for Podman by jwhonce

podman logo

Python3 support for Podman

By Jhon Honce GitHub Twitter

You’ve learned of Podman and all it’s coolness for running OCI-based containers, but you need a solution that is repeatable and scripted. Rather than just executing Podman commands, you want a stable API to call into and not need to screen scrape the output.

We heard you and now provide a Python package, python3-podman. This package allows you to access the facilities of a Podman service with #nobigfatdaemons.

Read More