使用systemd托管Podman容器

发表于 | 更新于: | 阅读次数:
字数统计: 1.2k

说明

  • 一提到容器技术,肯定无法绕开 Docker,Docker 是一个著名的开源容器引擎,在容器技术已经在逐步普及的现在,Docker 几乎也成了容器的代名词。
  • 作为目前主流的容器引擎,Docker 有着丰富的使用场景和解决方案,但也有一些问题。
    • Docker 需要运行一个守护进程,所有容器都是守护进程的子进程
      • 即存在单点风险,Docker进程炸了,容器也炸了
    • Docker 需要 root 身份运行守护进程
  • 按红帽文档里面的说法
    • 生产环境中,并不需要关注在命令行中运行容器,而是通过容器编排平台(Kubernetes/Openshift)来管理容器
    • 作为容器引擎,最终用户不需要直接访问他们
    • Podman相比Docker引擎,只保留核心功能,无需守护进程
  • RHEL/CentOS-8.0不包含docker容器引擎(可以通过安装CentOS7的docker-ce),使用Podman、Buildah、Skopeo三剑客来替代docker容器引擎
  • RHEL/CentOS-7官方源也有Podman三剑客的RPM包

Podman简易教程

安装Podman

  • For RHEL/CentOS-7.x
1
yum install -y podman
  • For RHEL/CentOS-8.x
1
dnf install -y podman

拉取镜像

1
podman pull docker.io/library/nginx:1.18.0-alpine

运行镜像

1
podman run -d --name=nginx -p 80:80 -p 443:443 docker.io/library/nginx:1.18.0-alpine

查看容器

1
podman ps

输出示例

1
2
CONTAINER ID  IMAGE                                  COMMAND               CREATED        STATUS            PORTS               NAMES
06e5f12549fd  docker.io/library/nginx:1.18.0-alpine  nginx -g daemon o...  5 seconds ago  Up 4 seconds ago  0.0.0.0:80->80/tcp  nginx

使用systemd托管Podman容器

这里介绍两种方式

  • 自己写systemd unit文件
  • Podman根据现有容器创建systemd unit文件

手动创建systemd unit文件

  • 创建service文件
    • --conmon-pidfile指向conmon进程的进程ID
    • --cidfile指向容器ID
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
cat > /usr/lib/systemd/system/podman-nginx.service <<EOF
# container-nginx.service
# Mon Aug 24 10:12:00 CST 2020

[Unit]
Description=Podman container-nginx.service

[Service]
Restart=on-failure
ExecStartPre=/usr/bin/rm -f /var/run/podman-nginx.pid /var/run/podman-nginx.cid
ExecStart=/usr/bin/podman run \
          --conmon-pidfile /var/run/podman-nginx.pid \
          --cidfile /var/run/podman-nginx.cid \
          --name nginx \
          --rm \
          -p 80:80 \
          -p 443:443 \
          docker.io/library/nginx:1.18.0-alpine
ExecStop=/usr/bin/podman stop -t 10 nginx
KillMode=none
Type=simple
PIDFile=/var/run/podman-nginx.pid

[Install]
WantedBy=multi-user.target
EOF
  • 配置服务
1
2
systemctl daemon-reload
systemctl start podman-nginx.service
  • 查看服务状态
1
systemctl status podman-nginx.service

输出示例

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
● podman-nginx.service - Podman container-nginx.service
   Loaded: loaded (/usr/lib/systemd/system/podman-nginx.service; disabled; vendor preset: disabled)
   Active: active (running) since Mon 2020-08-24 10:31:13 CST; 5s ago
  Process: 10723 ExecStartPre=/usr/bin/rm -f /var/run/podman-nginx.pid /var/run/podman-nginx.cid (code=exited, status=0/SUCCESS)
 Main PID: 10725 (podman)
    Tasks: 10
   Memory: 28.5M
   CGroup: /system.slice/podman-nginx.service
           └─10725 /usr/bin/podman run --conmon-pidfile /var/run/podman-nginx.pid --cidfile /var/run/podman-nginx.cid --name nginx --rm -p 80:80 -p 443:443 docker.io/library/nginx:1.18.0...

Aug 24 10:31:13 localhost.localhost podman[10725]: 2020-08-24 10:31:13.508439319 +0800 CST m=+0.340313773 container init c4a71a54237bdbf0a051751a0888915f57a0f300cddd2f91444dc46c625c1f5... name=nginx)
Aug 24 10:31:13 localhost.localhost podman[10725]: 2020-08-24 10:31:13.524099452 +0800 CST m=+0.355973960 container start c4a71a54237bdbf0a051751a0888915f57a0f300cddd2f91444dc46c625c1f... name=nginx)
Aug 24 10:31:13 localhost.localhost podman[10725]: /docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
Aug 24 10:31:13 localhost.localhost podman[10725]: /docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
Aug 24 10:31:13 localhost.localhost podman[10725]: /docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
Aug 24 10:31:13 localhost.localhost podman[10725]: 2020-08-24 10:31:13.524229998 +0800 CST m=+0.356104468 container attach c4a71a54237bdbf0a051751a0888915f57a0f300cddd2f91444dc46c625c1... name=nginx)
Aug 24 10:31:13 localhost.localhost podman[10725]: 10-listen-on-ipv6-by-default.sh: Getting the checksum of /etc/nginx/conf.d/default.conf
Aug 24 10:31:13 localhost.localhost podman[10725]: 10-listen-on-ipv6-by-default.sh: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf
Aug 24 10:31:13 localhost.localhost podman[10725]: /docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
Aug 24 10:31:13 localhost.localhost podman[10725]: /docker-entrypoint.sh: Configuration complete; ready for start up

使用Podman生成systemd unit文件

这里用上面运行的Nginx容器作为示例

  • 创建service文件
1
podman generate systemd --name nginx | tee /usr/lib/systemd/system/podman-nginx.service

输出示例

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
# container-nginx.service
# autogenerated by Podman 1.6.4
# Mon Aug 24 10:12:00 CST 2020

[Unit]
Description=Podman container-nginx.service
Documentation=man:podman-generate-systemd(1)

[Service]
Restart=on-failure
ExecStart=/usr/bin/podman start nginx
ExecStop=/usr/bin/podman stop -t 10 nginx
KillMode=none
Type=forking
PIDFile=/var/run/containers/storage/overlay-containers/bffcbc9a7ed4a7d2211a4a96ddeb34ddfda5e1062778679cc612e75fda87f97a/userdata/conmon.pid

[Install]
WantedBy=multi-user.target
  • 配置systemd服务
1
2
systemctl daemon-reload
systemctl enable podman-nginx.service
  • 查看服务状态
1
systemctl status podman-nginx.service

输出示例

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
● podman-nginx.service - Podman container-nginx.service
   Loaded: loaded (/usr/lib/systemd/system/podman-nginx.service; disabled; vendor preset: disabled)
   Active: active (running) since Mon 2020-08-24 10:16:50 CST; 9s ago
     Docs: man:podman-generate-systemd(1)
  Process: 9620 ExecStart=/usr/bin/podman start nginx (code=exited, status=0/SUCCESS)
 Main PID: 9752 (conmon)
    Tasks: 0
   Memory: 340.0K
   CGroup: /system.slice/podman-nginx.service
           ‣ 9752 /usr/bin/conmon --api-version 1 -s -c bffcbc9a7ed4a7d2211a4a96ddeb34ddfda5e1062778679cc612e75fda87f97a -u bffcbc9a7ed4a7d2211a4a96ddeb34ddfda5e1062778679cc612e75fda87f9...

Aug 24 10:16:49 localhost.localhost systemd[1]: Starting Podman container-nginx.service...
Aug 24 10:16:50 localhost.localhost podman[9620]: 2020-08-24 10:16:50.325501293 +0800 CST m=+0.305787189 container init bffcbc9a7ed4a7d2211a4a96ddeb34ddfda5e1062778679cc612e75fda87f97a... name=nginx)
Aug 24 10:16:50 localhost.localhost podman[9620]: nginx
Aug 24 10:16:50 localhost.localhost systemd[1]: Started Podman container-nginx.service.
Hint: Some lines were ellipsized, use -l to show in full.