{"id":4707,"date":"2023-03-26T15:40:33","date_gmt":"2023-03-26T13:40:33","guid":{"rendered":"http:\/\/miro.borodziuk.eu\/?p=4707"},"modified":"2023-05-25T15:49:44","modified_gmt":"2023-05-25T13:49:44","slug":"managing-containers-with-podman","status":"publish","type":"post","link":"http:\/\/miro.borodziuk.eu\/index.php\/2023\/03\/26\/managing-containers-with-podman\/","title":{"rendered":"Managing Containers with Podman"},"content":{"rendered":"<p>Containers, images, and image registries need to be able to interact with each other. For example, you need to be able to build images and put them into image registries. You also need to be able to retrieve an image from the image registry and build a container from that image. Podman is an open source tool for managing containers and container images and interacting with<br \/>\nimage registries.<\/p>\n<p><!--more--><\/p>\n<p>It offers the following key features:<\/p>\n<ul>\n<li>\u00a0It uses image format specified by the Open Container Initiative [https:\/\/<br \/>\nwww.opencontainers.org] (OCI). Those specifications define an standard, community-driven, non-proprietary image format.<\/li>\n<li>Podman stores local images in local file-system. Doing so avoids unnecessary client\/server architecture or having daemons running on local machine.<\/li>\n<li>Podman follows the same command patterns as the Docker CLI, so there is no need to learn a new toolset.<\/li>\n<li>Podman is compatible with Kubernetes. Kubernetes can use Podman to manage its containers.<\/li>\n<\/ul>\n<p>Currently, Podman is only available on Linux systems. To install Podman in Red Hat Enterprise Linux, CentOS, Fedora or similar RPM-based systems:<\/p>\n<pre class=\"lang:default decode:true\"># dnf install podman\r\n<\/pre>\n<p>or<\/p>\n<pre class=\"lang:default decode:true\"># yum install podman<\/pre>\n<p>To get some help and find out how Podman is working, you can use the help:<\/p>\n<pre class=\"lang:default decode:true \">$ sudo podman --help\r\n$ sudo podman &lt;subcommand&gt; --help<\/pre>\n<p>For more details, you can review the manpages:<\/p>\n<pre class=\"lang:default decode:true\">$ man podman\r\n$ man podman-&lt;subcommand&gt;<\/pre>\n<p>&nbsp;<\/p>\n<p>If you have prior experience with docker you won&#8217;t have any problem to work with podman. Podman use the same commands as docker so you can define an alias in your bash shell if you wan&#8217;t:<\/p>\n<pre class=\"lang:default decode:true\">$ alias docker=podman<\/pre>\n<p>&nbsp;<\/p>\n<p><span style=\"color: #3366ff;\">Fetching Container Images with Podman<\/span><br \/>\nApplications can run inside containers as a way to provide them with an isolated and controlled execution environment. Running a containerized application, that is, running an application inside a container, requires a container image, a file system bundle providing all application files, libraries, and dependencies the application needs to run. Container images can be found in image registries: services that allow users to search and retrieve container images. Podman users can use the search subcommand to find available images from remote or local registries:<\/p>\n<pre class=\"lang:default decode:true \">$ sudo podman search centos\r\nINDEX       NAME                                                   DESCRIPTION                                       STARS   OFFICIAL   AUTOMATED\r\ndocker.io   docker.io\/library\/centos                               DEPRECATED; The official build of CentOS.         7538    [OK]\r\ndocker.io   docker.io\/kasmweb\/centos-7-desktop                     CentOS 7 desktop for Kasm Workspaces              34\r\ndocker.io   docker.io\/bitnami\/centos-base-buildpack                Centos base compilation image                     0                  [OK]\r\ndocker.io   docker.io\/bitnami\/centos-extras-base                                                                     0\r\ndocker.io   docker.io\/couchbase\/centos7-systemd                    centos7-systemd images with additional debug...   7                  [OK]\r\ndocker.io   docker.io\/continuumio\/centos5_gcc5_base                                                                  3\r\ndocker.io   docker.io\/datadog\/centos-i386                                                                            0\r\ndocker.io   docker.io\/dokken\/centos-7                              CentOS 7 image for kitchen-dokken                 6\r\ndocker.io   docker.io\/dokken\/centos-8                              CentOS 8 image for kitchen-dokken                 3\r\ndocker.io   docker.io\/dokken\/centos-6                              CentOS 6 image for kitchen-dokken                 0\r\ndocker.io   docker.io\/spack\/centos7                                CentOS 7 with Spack preinstalled                  1\r\ndocker.io   docker.io\/spack\/centos6                                CentOS 6 with Spack preinstalled                  1\r\ndocker.io   docker.io\/ustclug\/centos                               Official CentOS Image with USTC Mirror            0\r\ndocker.io   docker.io\/couchbase\/centos-72-java-sdk                                                                   0\r\ndocker.io   docker.io\/couchbase\/centos-72-jenkins-core                                                               0\r\ndocker.io   docker.io\/dokken\/centos-stream-8                                                                         4\r\ndocker.io   docker.io\/eclipse\/centos_jdk8                          CentOS, JDK8, Maven 3, git, curl, nmap, mc, ...   3                  [OK]\r\ndocker.io   docker.io\/couchbase\/centos-70-sdk-build                                                                  0\r\ndocker.io   docker.io\/couchbase\/centos-69-sdk-build                                                                  0\r\ndocker.io   docker.io\/couchbase\/centos-69-sdk-nodevtoolset-build                                                     0\r\ndocker.io   docker.io\/corpusops\/centos-bare                        https:\/\/github.com\/corpusops\/docker-images\/       0\r\ndocker.io   docker.io\/dokken\/centos-stream-9                                                                         4\r\ndocker.io   docker.io\/corpusops\/centos                             centos corpusops baseimage                        0\r\ndocker.io   docker.io\/srcml\/centos_x86_64_base                     srcML build environment on CentOS                 0                  [OK]\r\ndocker.io   docker.io\/eclipse\/centos_go                            Centos + Go                                       0                  [OK]\r\n<\/pre>\n<p>After you have found an image, you can use Podman to download it. When using the <code>pull<\/code> subcommand, Podman fetches the image and saves it locally for future use:<\/p>\n<pre class=\"lang:default decode:true \">$ sudo podman pull centos\r\nTrying to pull registry.access.redhat.com\/centos...\r\n  name unknown: Repo not found\r\nTrying to pull registry.redhat.io\/centos...\r\n  unable to retrieve auth token: invalid username\/password: unauthorized: Please login to the Red Hat Registry using your Customer Portal credentials. Further instructions can be found here: https:\/\/access.redhat.com\/RegistryAuthentication\r\nTrying to pull docker.io\/library\/centos...\r\nGetting image source signatures\r\nCopying blob a1d0c7532777 done\r\nCopying config 5d0da3dc97 done\r\nWriting manifest to image destination\r\nStoring signatures\r\n<\/pre>\n<p>Container images are named based on the following syntax:<br \/>\n<strong><code>registry_name\/user_name\/image_name:tag<\/code><\/strong><\/p>\n<ul>\n<li><strong><code>registry_name<\/code><\/strong>, the name of the registry storing the image. It is usually the FQDN of the registry.<\/li>\n<li><strong><code>user_name<\/code><\/strong> stands for the user or organization the image belongs to.<\/li>\n<li>The <strong><code>image_name<\/code> <\/strong>should be unique in user namespace.<\/li>\n<li>The <code><strong>tag <\/strong><\/code>identifies the image version. If the image name includes no image tag, latest is assumed.<\/li>\n<\/ul>\n<p>After retrieval, Podman stores images locally and you can list them with the images subcommand:<\/p>\n<pre class=\"lang:default decode:true \">$ sudo podman images\r\nREPOSITORY                 TAG      IMAGE ID       CREATED         SIZE\r\ndocker.io\/library\/centos   latest   5d0da3dc9764   18 months ago   239 MB\r\n<\/pre>\n<p>Let&#8217;s pull the<em> hello-world<\/em> app:<\/p>\n<pre class=\"lang:default decode:true\">$ sudo podman pull hello-world\r\nTrying to pull registry.access.redhat.com\/hello-world...\r\nname unknown: Repo not found\r\nTrying to pull registry.redhat.io\/hello-world...\r\nunable to retrieve auth token: invalid username\/password: unauthorized: Please login to the Red Hat Registry using your Customer Portal credentials. Further instructions can be found here: https:\/\/access.redhat.com\/RegistryAuthentication\r\nTrying to pull docker.io\/library\/hello-world...\r\nGetting image source signatures\r\nCopying blob 2db29710123e done\r\nCopying config feb5d9fea6 done\r\nWriting manifest to image destination\r\nStoring signatures\r\nfeb5d9fea6a5e9606aa995e879d862b825965ba48de054caab5ef356dc6b3412\r\n\r\n$ sudo podman images\r\nREPOSITORY TAG IMAGE ID CREATED SIZE\r\ndocker.io\/library\/hello-world latest feb5d9fea6a5 18 months ago 19.9 kB\r\ndocker.io\/library\/centos latest 5d0da3dc9764 18 months ago 239 MB<\/pre>\n<p>Now we can run our test app:<\/p>\n<pre class=\"lang:default decode:true\">$ sudo podman run hello-world:latest\r\n\r\nHello from Docker!\r\nThis message shows that your installation appears to be working correctly.\r\n\r\nTo generate this message, Docker took the following steps:\r\n1. The Docker client contacted the Docker daemon.\r\n2. The Docker daemon pulled the \"hello-world\" image from the Docker Hub.\r\n(amd64)\r\n3. The Docker daemon created a new container from that image which runs the\r\nexecutable that produces the output you are currently reading.\r\n4. The Docker daemon streamed that output to the Docker client, which sent it\r\nto your terminal.\r\n\r\nTo try something more ambitious, you can run an Ubuntu container with:\r\n$ docker run -it ubuntu bash\r\n\r\nShare images, automate workflows, and more with a free Docker ID:\r\nhttps:\/\/hub.docker.com\/\r\n\r\nFor more examples and ideas, visit:\r\nhttps:\/\/docs.docker.com\/get-started\/<\/pre>\n<p>If the images require interacting with the user with console input, Podman can redirect container input and output streams to the console. The run\u00a0 subcommand requires the -t and -i flags (or, in short, -it flag) to enable interactivity.<\/p>\n<pre class=\"lang:default decode:true\">$ sudo podman run -it centos:latest \/bin\/bash\r\n[root@ff0aa3703f2a \/]# whoami\r\nroot\r\n# cat \/etc\/system-release\r\nCentOS Linux release 8.4.2105<\/pre>\n<p>To start a container image as a background process, pass the <code>-d<\/code> option to the podman run command:<\/p>\n<pre class=\"lang:default decode:true\">$ sudo podman pull httpd\r\nTrying to pull registry.access.redhat.com\/httpd...\r\n  name unknown: Repo not found\r\nTrying to pull registry.redhat.io\/httpd...\r\n  unable to retrieve auth token: invalid username\/password: unauthorized: Please login to the Red Hat Registry using your Customer Portal credentials. Further instructions can be found here: https:\/\/access.redhat.com\/RegistryAuthentication\r\nTrying to pull docker.io\/library\/httpd...\r\nGetting image source signatures\r\nCopying blob ace056404ed3 done\r\nCopying blob 6b400bbb27df done\r\nCopying blob f1f26f570256 done\r\nCopying blob a6b093ae1967 done\r\nCopying blob d9833ead928a done\r\nCopying config 192d415834 done\r\nWriting manifest to image destination\r\nStoring signatures\r\n192d41583429c96af40eb3af02d4baaf6398c178e832c114abe030ff986ee826\r\n\r\n$ sudo podman images\r\nREPOSITORY                      TAG      IMAGE ID       CREATED         SIZE\r\ndocker.io\/library\/httpd         latest   192d41583429   3 days ago      150 MB\r\ndocker.io\/library\/hello-world   latest   feb5d9fea6a5   18 months ago   19.9 kB\r\ndocker.io\/library\/centos        latest   5d0da3dc9764   18 months ago   239 MB\r\n\r\n$ sudo podman run -d httpd\r\n0d267a14f68d0359e3f75d3d0c7eeff486e758dcf4625dcdfbb16c017a6ea771\r\n\r\n<\/pre>\n<p>Many Podman flags also have an alternative long form; some of these are explained below.<br \/>\n\u2022 <code>-t<\/code> is equivalent to <code>--tty<\/code>, meaning a pseudo-tty (pseudo-terminal) is to be<br \/>\nallocated for the container.<br \/>\n\u2022<code> -i<\/code> is the same as <code>--interactive<\/code>. When used, standard input is kept open into the container.<br \/>\n\u2022 <code>-d<\/code>, or its long form <code>--detach<\/code>, means the container runs in the background<br \/>\n(detached). Podman then prints the container id.<\/p>\n<p>Now let&#8217;s map containers port (option <code>-p<\/code>):<\/p>\n<pre class=\"lang:default decode:true\">$ sudo podman stop httpd\r\n\r\n$ $ sudo podman ps\r\nCONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES\r\n\r\n$ sudo podman run -d -p 8080:80 --name http-basic docker.io\/library\/httpd\r\na39fe8bb12cc266b2c5cde246747557e8a13a49dc8a9d19ed0f737f4a4c3f7bc\r\n\r\n$ sudo podman ps\r\nCONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES\r\na39fe8bb12cc docker.io\/library\/httpd:latest httpd-foreground 4 seconds ago Up 4 seconds ago 0.0.0.0:8080-&gt;80\/tcp http-basic\r\n\r\n$ curl http:\/\/localhost:8080\r\n&lt;html&gt;&lt;body&gt;&lt;h1&gt;It works!&lt;\/h1&gt;&lt;\/body&gt;&lt;\/html&gt;\r\n<\/pre>\n<p><code>podman inspect<\/code>: This command lists metadata about a running or stopped container. The command produces JSON output:<\/p>\n<pre class=\"lang:default decode:true \">$ sudo podman inspect http_basic\r\n[\r\n{\r\n\"Id\": \"a4cfeff041f879b510107beac1403e3c2e7a7610fa31f735763418ecffd48384\",\r\n\"Created\": \"2023-05-23T13:31:27.000990922+02:00\",\r\n\"Path\": \"httpd-foreground\",\r\n\"Args\": [\r\n\"httpd-foreground\"\r\n],\r\n\"State\": {\r\n\"OciVersion\": \"1.0.1-dev\",\r\n\"Status\": \"running\",\r\n\"Running\": true,\r\n\"Paused\": false,\r\n\"Restarting\": false,\r\n\"OOMKilled\": false,\r\n\"Dead\": false,\r\n\"Pid\": 30954,\r\n\"ConmonPid\": 30942,\r\n\"ExitCode\": 0,\r\n\"Error\": \"\",\r\n\"StartedAt\": \"2023-05-23T13:31:27.377970946+02:00\",\r\n\"FinishedAt\": \"0001-01-01T00:00:00Z\",\r\n\"Healthcheck\": {\r\n\"Status\": \"\",\r\n\"FailingStreak\": 0,\r\n\"Log\": null\r\n}\r\n},\r\n\"Image\": \"192d41583429c96af40eb3a&lt;br&gt;<\/pre>\n<p>This command allows formatting of the output string using the given Go template with the <code>-f<\/code> option. For example, to retrieve only the IP address, use the following command:<\/p>\n<pre class=\"lang:default decode:true \">$ sudo podman inspect -l -f \"{{.NetworkSettings.IPAddress}}\"\r\n10.88.0.17\r\n\r\n$ curl http:\/\/10.88.0.17:80 \r\n&lt;html&gt;&lt;body&gt;&lt;h1&gt;It works!&lt;\/h1&gt;&lt;\/body&gt;&lt;\/html&gt;<\/pre>\n<p>The previous example ran a containerized Apache HTTP server in the background. Then, the example uses the podman inspect command to retrieve the container&#8217;s internal IP address from container metadata. Finally, it uses the IP address to fetch the root page from Apache HTTP server. This response proves the container is still up and running after the podman run command.<\/p>\n<p>If the image to be executed is not available locally when using the podman run<br \/>\ncommand, Podman automatically uses pull to download the image.<br \/>\nWhen referencing the container, Podman recognizes a container either with the container name or the generated container id. Use the <code>--name<\/code> option to set the container name when running the container with Podman. Container names must be unique. If the podman run command includes no container name, Podman generates a unique random name. If the images require interacting with the user with console input, Podman can redirect container input and output streams to the console. The run subcommand requires the -t and -i flags (or, in short, -it flag) to enable interactivity.<\/p>\n<p>The following figure shows a summary of the most commonly used<br \/>\nsubcommands that change container and image state.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-4727\" src=\"http:\/\/miro.borodziuk.eu\/wp-content\/uploads\/Openshift1.jpg\" alt=\"\" width=\"1223\" height=\"786\" srcset=\"http:\/\/miro.borodziuk.eu\/wp-content\/uploads\/Openshift1.jpg 1223w, http:\/\/miro.borodziuk.eu\/wp-content\/uploads\/Openshift1-300x193.jpg 300w, http:\/\/miro.borodziuk.eu\/wp-content\/uploads\/Openshift1-1024x658.jpg 1024w, http:\/\/miro.borodziuk.eu\/wp-content\/uploads\/Openshift1-768x494.jpg 768w\" sizes=\"(max-width: 767px) 89vw, (max-width: 1000px) 54vw, (max-width: 1071px) 543px, 580px\" \/><\/p>\n<p>Podman also provides a set of useful subcommands to obtain information about running and stopped containers.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-4730 aligncenter\" src=\"http:\/\/miro.borodziuk.eu\/wp-content\/uploads\/Openshift2.jpg\" alt=\"\" width=\"910\" height=\"747\" srcset=\"http:\/\/miro.borodziuk.eu\/wp-content\/uploads\/Openshift2.jpg 910w, http:\/\/miro.borodziuk.eu\/wp-content\/uploads\/Openshift2-300x246.jpg 300w, http:\/\/miro.borodziuk.eu\/wp-content\/uploads\/Openshift2-768x630.jpg 768w\" sizes=\"(max-width: 767px) 89vw, (max-width: 1000px) 54vw, (max-width: 1071px) 543px, 580px\" \/><\/p>\n<p>The podman run command creates a new container from an image and starts a process inside the new container. If the container image is not available locally, this command attempts to download the image using the configured image repository:<\/p>\n<ul>\n<li>\u00a0<code>podman exec<\/code> command starts an additional process inside an already running container:<\/li>\n<\/ul>\n<pre class=\"lang:default decode:true\">$ sudo podman exec http-basic ls\r\nbin\r\nbuild\r\ncgi-bin\r\nconf\r\nerror\r\nhtdocs\r\nicons\r\ninclude\r\nlogs\r\nmodules<\/pre>\n<p>Podman remembers the last container used in any command. Developers can skip writing this container&#8217;s ID or name in later Podman commands by replacing the container id by the <code>-l<\/code> option:<\/p>\n<pre class=\"lang:default decode:true\">$ sudo podman exec -l ls\r\nbin\r\nbuild\r\ncgi-bin\r\nconf\r\nerror\r\nhtdocs\r\nicons\r\ninclude\r\nlogs\r\nmodules<\/pre>\n<p>Let&#8217;s start a <em>Bash<\/em> session inside the container.<\/p>\n<pre class=\"lang:default decode:true\">$ sudo podman exec -it http_basic \/bin\/bash\r\nroot@a4cfeff041f8:\/usr\/local\/apache2# ls\r\nbin build cgi-bin conf error htdocs icons include logs modules\r\n\r\nroot@a4cfeff041f8:\/usr\/local\/apache2# cd htdocs\r\nroot@a4cfeff041f8:\/usr\/local\/apache2\/htdocs# ls\r\nindex.html\r\nroot@a4cfeff041f8:\/usr\/local\/apache2\/htdocs# cat in*\r\n&lt;html&gt;&lt;body&gt;&lt;h1&gt;It works!&lt;\/h1&gt;&lt;\/body&gt;&lt;\/html&gt;<\/pre>\n<p>Change the <code>index.html<\/code> file to contain the text Hello World, replacing all of the<br \/>\nexisting content.<\/p>\n<pre class=\"lang:default decode:true\">root@a4cfeff041f8:\/usr\/local\/apache2\/htdocs# echo \"Hello World\" &gt; index.html\r\nroot@a4cfeff041f8:\/usr\/local\/apache2\/htdocs# exit\r\nexit\r\n\r\n$ curl http:\/\/localhost:8080\r\nHello World<\/pre>\n<p>Podman identifies containers by a unique container ID or container name. The podman <code>ps<\/code> command displays the container ID and names for all actively running containers:<\/p>\n<pre class=\"lang:default decode:true \">$ sudo podman ps\r\nCONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES\r\na4cfeff041f8 docker.io\/library\/httpd:latest httpd-foreground 4 hours ago Up 4 hours ago 0.0.0.0:8080-&gt;80\/tcp http_basic<\/pre>\n<p>The container ID is unique and generated automatically. The container name can be manually specified, otherwise it is generated automatically. This name must be unique or the run command fails.<\/p>\n<p>Podman does not discard stopped containers immediately. Podman preserves their local file systems and other states for facilitating <i>postmortem <\/i>analysis. Option <code>-a<\/code> lists all containers, including stopped ones:<\/p>\n<pre class=\"lang:default decode:true\">$ sudo podman ps -a\r\nCONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES\r\neeece99335c8 docker.io\/library\/httpd:latest httpd-foreground 3 hours ago Exited (0) 40 minutes ago peaceful_thompson\r\n245e1124ec8f docker.io\/library\/mysql:latest mysqld 7 hours ago Exited (2) 7 hours ago mysql-basic\r\na227d24d0e95 docker.io\/library\/mariadb:latest mariadbd 21 hours ago Exited (1) 21 hours ago relaxed_perlman\r\n0dc0804c2fc2 docker.io\/library\/centos:latest printenv GREET NA... 25 hours ago Exited (0) 25 hours ago funny_gould\r\n99456cc51b79 docker.io\/library\/hello-world:latest \/hello 27 hours ago Exited (0) 27 hours ago zealous_roentgen\r\n<\/pre>\n<p>&nbsp;<\/p>\n<ul>\n<li>\u00a0<code>podman stop<\/code>: This command stops a running container gracefully:<\/li>\n<\/ul>\n<pre class=\"lang:default decode:true\">$ sudo podman stop http_basic\r\na4cfeff041f879b510107beac1403e3c2e7a7610fa31f735763418ecffd48384<\/pre>\n<ul>\n<li>\u00a0<code>podman kill<\/code>: This command sends Unix signals to the main process in the container. If no signal is specified, it sends the SIGKILL signal, terminating the main process and the container.<\/li>\n<\/ul>\n<pre class=\"lang:default decode:true\">$ sudo podman kill my-example-container\r\n77d4b7b8ed1fd57449163bcb0b78d205e70d2314273263ab941c0c371ad5 412<\/pre>\n<p>You can specify the signal with the <code>-s<\/code> option:<\/p>\n<pre class=\"lang:default decode:true \">$ sudo podman kill -s SIGKILL my-example-container\r\n77d4b7b8ed1fd57449163bcb0b78d205e70d2314273263ab941c0c371ad56412<\/pre>\n<p>Any Unix signal can be sent to the main process. Podman accepts either the signal name and number. The following table shows several useful signals:<br \/>\n<b><\/b><\/p>\n<p><code><b>Signal Value Default Action Comment<\/b><\/code><br \/>\n<code>SIGHUP 1 Term Hangup detected on controlling terminal or death of controlling process<\/code><br \/>\n<code>SIGINT 2 Term Interrupt from keyboard<\/code><br \/>\n<code>SIGQUIT 3 Core Quit from keyboard<\/code><br \/>\n<code>SIGILL 4 Core Illegal Instruction<\/code><br \/>\n<code>SIGABRT 6 Core Abort signal from abort(3)<\/code><br \/>\n<code>SIGFPE 8 Core Floating point exception<\/code><br \/>\n<code>SIGKILL 9 Term Kill signal<\/code><br \/>\n<code>SIGSEGV 11 Core Invalid memory reference<\/code><br \/>\n<code>SIGPIPE 13 Term Broken pipe: write to pipe with no readers<\/code><br \/>\n<code>SIGALRM 14 Term Timer signal from alarm(2)<\/code><br \/>\n<code>SIGTERM 15 Term Termination signal<\/code><br \/>\n<code>SIGUSR1 30,10,16 Term User-defined signal 1<\/code><br \/>\n<code>SIGUSR2 31,12,17 Term User-defined signal 2<\/code><br \/>\n<code>SIGCHLD 20,17,18 Ign Child stopped or terminated<\/code><br \/>\n<code>SIGCONT 19,18,25 Cont Continue if stopped<\/code><br \/>\n<code>SIGSTOP 17,19,23 Stop Stop process<\/code><br \/>\n<code>SIGTSTP 18,20,24 Stop Stop typed at tty<\/code><br \/>\n<code>SIGTTIN 21,21,26 Stop tty input for background process<\/code><br \/>\n<code>SIGTTOU 22,22,27 Stop tty output for background process<\/code><\/p>\n<p>&nbsp;<\/p>\n<ul>\n<li><code>podman restart<\/code>: This command restarts a stopped container:<\/li>\n<\/ul>\n<pre class=\"lang:default decode:true\">$ sudo podman restart my-httpd-container\r\n77d4b7b8ed1fd57449163bcb0b78d205e70d2314273263ab941c0c371ad56412<\/pre>\n<p>The podman restart command creates a new container with the same container ID, reusing the stopped container state and file system.<\/p>\n<ul>\n<li><code>podman rm<\/code>: This command deletes a container and discards its state and file system:<\/li>\n<\/ul>\n<pre class=\"lang:default decode:true \">$ sudo podman rm my-httpd-container\r\n77d4b7b8ed1fd57449163bcb0b78d205e70d2314273263ab941c0c371ad56412<\/pre>\n<p>The <code>-f<\/code> option of the <code>rm<\/code> subcommand instructs Podman to remove the container even if not stopped. This option terminates the container forcefully and then removes it. Using <code>-f<\/code> option is equivalent to podman kill and podman rm commands together. You can delete all containers at the same time. Many podman subcommands accept the <code>-a<\/code> option. This option indicates using the subcommand on all available containers or images. The following example removes all containers:<\/p>\n<pre class=\"lang:default decode:true \">$ sudo podman rm -a\r\n5fd8e98ec7eab567eabe84943fe82e99fdfc91d12c65d99ec760d5a55b8470d6\r\n716fd687f65b0957edac73b84b3253760e915166d3bc620c4aec8e5f4eadfe8e\r\n86162c906b44f4cb63ba2e3386554030dcb6abedbcee9e9fcad60aa9f8b2d5d4<\/pre>\n<p>Before deleting all containers, all running containers must be in a \u201cstopped\u201d status. You can use the following command to stop all containers:<\/p>\n<pre class=\"lang:default decode:true \">$ sudo podman stop -a\r\n5fd8e98ec7eab567eabe84943fe82e99fdfc91d12c65d99ec760d5a55b8470d6\r\n716fd687f65b0957edac73b84b3253760e915166d3bc620c4aec8e5f4eadfe8e\r\n86162c906b44f4cb63ba2e3386554030dcb6abedbcee9e9fcad60aa9f8b2d5d4<\/pre>\n<p>The <code>inspect<\/code>, <code>stop<\/code>, <code>kill<\/code>, <code>restart<\/code>, and <code>rm<\/code> subcommands can use the container ID instead of the container name.<\/p>\n<p><span style=\"color: #3366ff;\">External parameters<\/span><\/p>\n<p>Some containers need or can use external parameters provided at startup. The most common approach for providing and consuming those parameters is through environment variables. Podman can inject environment variables into containers at startup by adding the -e flag to the run subcommand:<\/p>\n<pre class=\"lang:default decode:true \">$ sudo podman run -e GREET=Hello -e NAME=RedHat centos:latest printenv GREET NAME\r\nHello\r\nRedHat<\/pre>\n<p>&nbsp;<\/p>\n<p><span style=\"color: #3366ff;\"><b>Attaching Persistent Storage to <\/b><b>Containers<\/b><\/span><\/p>\n<p>Create a directory with owner and group root:<\/p>\n<pre class=\"lang:default decode:true\">$ sudo mkdir \/media\/db<\/pre>\n<p>The user running processes in the container must be capable of writing files to the directory. If the host machine does not have exactly the same user defined, the permission should be defined with the numeric user ID (UID) from the container. In the case of the Red Hatprovided MySQL service, the UID is 27:<\/p>\n<pre class=\"lang:default decode:true\">$ sudo chown -Rv 27:27 \/var\/db<\/pre>\n<p>If you use SELinux you should apply the <code>container_file_t<\/code> context to the directory (and all subdirectories) to allow containers access to all of its contents.<\/p>\n<pre class=\"lang:default decode:true\">$ sudo semanage fcontext -a -t container_file_t '\/media\/db(\/.*)?'<\/pre>\n<p>Apply the SELinux container policy that you set up in the first step to the newly created directory:<\/p>\n<pre class=\"lang:default decode:true\">$ sudo restorecon -Rv \/media\/db<\/pre>\n<p>Verify that the SELinux context type for the \/var\/local\/mysql directory is <code>container_file_t<\/code>.<\/p>\n<pre class=\"lang:default decode:true\">$ ls -dZ \/media\/db\r\n drwxr-xr-x. root root unconfined_u:object_r: container_file_t:s0 \/media\/db<\/pre>\n<p>After creating and configuring the host directory, the next step is to mount this directory to a container. To bind mount a host directory to a container, add the <code>-v<\/code> option to the podman run command, specifying the host directory path and the container storage path, separated by a colon <code>(:)<\/code>.<\/p>\n<pre class=\"lang:default decode:true \">sudo podman run --name mariadb0 -e MYSQL_USER=user -e MYSQL_PASSWORD=mypa55 -e \\\r\nMYSQL_DATABASE=items -e MYSQL_ROOT_PASSWORD=r00tpa55 \\\r\n-p 13306:3306 -v \/media\/db:\/var\/lib\/mysql:Z -d docker.io\/linuxserver\/mariadb\r\na67e85bc1e7d123b1315f341d517cdf40510d6ad2ceed9590c80f5e97d0e418c\r\n\r\n$ sudo podman ps\r\nCONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES\r\ndb849809259c docker.io\/linuxserver\/mariadb:latest 7 seconds ago Up 7 seconds ago 0.0.0.0:13306-&gt;3306\/tcp mariadb0<\/pre>\n<p>Let&#8217;s see the logs:<\/p>\n<pre class=\"lang:default decode:true \">$ sudo podman logs mariadb0\r\n[migrations] started\r\n[migrations] no migrations found\r\nusermod: no changes\r\n\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\r\n\r\n\u2588\u2588\u2557 \u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2557\u2588\u2588\u2557 \u2588\u2588\u2588\u2588\u2588\u2588\u2557\r\n\u2588\u2588\u2551 \u2588\u2588\u2554\u2550\u2550\u2550\u2550\u255d\u2588\u2588\u2551\u2588\u2588\u2554\u2550\u2550\u2550\u2588\u2588\u2557\r\n\u2588\u2588\u2551 \u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2557\u2588\u2588\u2551\u2588\u2588\u2551 \u2588\u2588\u2551\r\n\u2588\u2588\u2551 \u255a\u2550\u2550\u2550\u2550\u2588\u2588\u2551\u2588\u2588\u2551\u2588\u2588\u2551 \u2588\u2588\u2551\r\n\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2557\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2551\u2588\u2588\u2551\u255a\u2588\u2588\u2588\u2588\u2588\u2588\u2554\u255d\r\n\u255a\u2550\u2550\u2550\u2550\u2550\u2550\u255d\u255a\u2550\u2550\u2550\u2550\u2550\u2550\u255d\u255a\u2550\u255d \u255a\u2550\u2550\u2550\u2550\u2550\u255d\r\n\r\nBrought to you by linuxserver.io\r\n\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\r\n\r\nTo support LSIO projects visit:\r\nhttps:\/\/www.linuxserver.io\/donate\/\r\n\r\n\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\r\nGID\/UID\r\n\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\r\n\r\nUser UID: 911\r\nUser GID: 911\r\n\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\r\n\r\nSetting Up Initial Databases\r\nchown: cannot access '\/auth_pam_tool_dir\/auth_pam_tool': No such file or directory\r\nCouldn't set an owner to '\/auth_pam_tool_dir\/auth_pam_tool'.\r\nIt must be root, the PAM authentication plugin doesn't work otherwise..\r\n\r\nchown: cannot access '\/auth_pam_tool_dir': No such file or directory\r\nCannot change ownership of the '\/auth_pam_tool_dir' directory\r\nto the 'abc' user. Check that you have the necessary permissions and try again.\r\n\r\nInstalling MariaDB\/MySQL system tables in '\/config\/databases' ...\r\n2023-05-24 11:43:35 1 [Warning] Failed to load slave replication state from table mysql.gtid_slave_pos: 1017: Can't find file: '.\/mysql\/' (errno: 2 \"No such file or directory\")\r\nOK\r\n\r\nTo start mariadbd at boot time you have to copy\r\nsupport-files\/mariadb.service to the right place for your system\r\n\r\n\r\nPLEASE REMEMBER TO SET A PASSWORD FOR THE MariaDB root USER !\r\nTo do so, start the server, then issue the following command:\r\n\r\n'\/usr\/bin\/mariadb-secure-installation'\r\n\r\nwhich will also give you the option of removing the test\r\ndatabases and anonymous user created by default. This is\r\nstrongly recommended for production servers.\r\n\r\nSee the MariaDB Knowledgebase at https:\/\/mariadb.com\/kb\r\n\r\nYou can start the MariaDB daemon with:\r\ncd '\/usr' ; \/usr\/bin\/mariadb-safe --datadir='\/config\/databases'\r\n\r\nYou can test the MariaDB daemon with mysql-test-run.pl\r\ncd '\/usr\/mysql-test' ; perl mariadb-test-run.pl\r\n\r\nPlease report any problems at https:\/\/mariadb.org\/jira\r\n\r\nThe latest information about MariaDB is available at https:\/\/mariadb.org\/.\r\n\r\nConsider joining MariaDB's strong and vibrant community:\r\n<blockquote class=\"wp-embedded-content\" data-secret=\"I8tOaj7Uiw\"><a href=\"https:\/\/mariadb.org\/get-involved\/\">Get Involved<\/a><\/blockquote><iframe class=\"wp-embedded-content\" sandbox=\"allow-scripts\" security=\"restricted\" style=\"position: absolute; clip: rect(1px, 1px, 1px, 1px);\" title=\"&#8220;Get Involved&#8221; &#8212; MariaDB.org\" src=\"https:\/\/mariadb.org\/get-involved\/embed\/#?secret=so9BQZVYMa#?secret=I8tOaj7Uiw\" data-secret=\"I8tOaj7Uiw\" width=\"525\" height=\"296\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\"><\/iframe>\r\n\r\n2023-05-24 11:43:37 0 [Note] Starting MariaDB 10.6.13-MariaDB-log source revision a24f2bb50ba4a0dd4127455f7fcdfed584937f36 as process 182\r\n2023-05-24 11:43:37 0 [Note] Using unique option prefix 'myisam_recover' is error-prone and can break in the future. Please use the full name 'myisam-recover-options' instead.\r\n2023-05-24 11:43:37 0 [Note] InnoDB: Compressed tables use zlib 1.2.13\r\n2023-05-24 11:43:37 0 [Note] InnoDB: Number of pools: 1\r\n2023-05-24 11:43:37 0 [Note] InnoDB: Using SSE4.2 crc32 instructions\r\n2023-05-24 11:43:37 0 [Note] mariadbd: O_TMPFILE is not supported on \/tmp (disabling future attempts)\r\n2023-05-24 11:43:37 0 [Note] InnoDB: Using Linux native AIO\r\n2023-05-24 11:43:37 0 [Note] InnoDB: Initializing buffer pool, total size = 268435456, chunk size = 134217728\r\n2023-05-24 11:43:37 0 [Note] InnoDB: Completed initialization of buffer pool\r\n2023-05-24 11:43:37 0 [Note] InnoDB: 128 rollback segments are active.\r\n2023-05-24 11:43:37 0 [Note] InnoDB: Creating shared tablespace for temporary tables\r\n2023-05-24 11:43:37 0 [Note] InnoDB: Setting file '.\/ibtmp1' size to 12 MB. Physically writing the file full; Please wait ...\r\n2023-05-24 11:43:37 0 [Note] InnoDB: File '.\/ibtmp1' size is now 12 MB.\r\n2023-05-24 11:43:37 0 [Note] InnoDB: 10.6.13 started; log sequence number 42120; transaction id 14\r\n2023-05-24 11:43:37 0 [Note] InnoDB: Loading buffer pool(s) from \/config\/databases\/ib_buffer_pool\r\n2023-05-24 11:43:37 0 [Note] Plugin 'FEEDBACK' is disabled.\r\n2023-05-24 11:43:37 0 [Note] InnoDB: Buffer pool(s) load completed at 230524 11:43:37\r\n2023-05-24 11:43:37 0 [Note] Server socket created on IP: '0.0.0.0'.\r\n2023-05-24 11:43:37 0 [Note] Server socket created on IP: '::'.\r\n2023-05-24 11:43:37 0 [Note] mariadbd: ready for connections.\r\nVersion: '10.6.13-MariaDB-log' socket: '\/var\/run\/mysqld\/mysqld.sock' port: 3306 MariaDB Server\r\n2023-05-24 11:43:39 0 [Note] mariadbd (initiated by: root[root] @ localhost []): Normal shutdown\r\n2023-05-24 11:43:39 0 [Note] InnoDB: FTS optimize thread exiting.\r\n2023-05-24 11:43:39 0 [Note] InnoDB: Starting shutdown...\r\n2023-05-24 11:43:39 0 [Note] InnoDB: Dumping buffer pool(s) to \/config\/databases\/ib_buffer_pool\r\n2023-05-24 11:43:39 0 [Note] InnoDB: Buffer pool(s) dump completed at 230524 11:43:39\r\n2023-05-24 11:43:39 0 [Note] InnoDB: Removed temporary tablespace data file: \".\/ibtmp1\"\r\n2023-05-24 11:43:39 0 [Note] InnoDB: Shutdown completed; log sequence number 42132; transaction id 16\r\n2023-05-24 11:43:39 0 [Note] mariadbd: Shutdown complete\r\n\r\nDatabase Setup Completed\r\n[custom-init] No custom files found, skipping...\r\n230524 11:43:40 mysqld_safe Logging to '\/config\/databases\/db849809259c.err'.\r\n230524 11:43:40 mysqld_safe Starting mariadbd daemon with databases from \/config\/databases\r\n[ls.io-init] done.\r\n<\/pre>\n<p>Connect to the database:<\/p>\n<pre class=\"lang:default decode:true\">$ mysql -u user -h 127.0.0.1 -pmypa55 -P 13306 items\r\nWelcome to the MariaDB monitor. Commands end with ; or \\g.\r\nYour MariaDB connection id is 13\r\nServer version: 10.6.13-MariaDB-log MariaDB Server\r\n\r\nCopyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.\r\n\r\nType 'help;' or '\\h' for help. Type '\\c' to clear the current input statement.\r\n\r\nMariaDB [items]&gt; CREATE TABLE pet (name VARCHAR(20), owner VARCHAR(20), species VARCHAR(20), sex CHAR(1), birth DATE, death DATE);<\/pre>\n<p>Loading the database:<\/p>\n<pre class=\"lang:default decode:true \">$ mysql -u user -h 127.0.0.1 -pmypa55 -P 13306 items &lt; \/path\/to\/db_file<\/pre>\n<p>&nbsp;<\/p>\n<p>Open a Bash shell inside the container.<\/p>\n<pre class=\"lang:default decode:true\">$ sudo podman exec -it mariadb0 \/bin\/bash\r\n<\/pre>\n<p>Verify that the mysql command is installed in the container:<\/p>\n<pre class=\"lang:default decode:true \">root@a67e85bc1e7d:\/# which mysql\r\n\/usr\/bin\/mysql<\/pre>\n<p>Verify that the database contains data:<\/p>\n<pre class=\"lang:default decode:true \">root@a67e85bc1e7d:\/# mysql -u user -pmypa55 items -e \"INSERT INTO pet VALUES ('Puffball','Diane','hamster','f','1999-03-30',NULL);\"\r\nroot@a67e85bc1e7d:\/# mysql -u user -pmypa55 items -e \"SELECT * FROM pet\"\r\n+----------+-------+---------+------+------------+-------+\r\n| name | owner | species | sex | birth | death |\r\n+----------+-------+---------+------+------------+-------+\r\n| Puffball | Diane | hamster | f | 1999-03-30 | NULL |\r\n+----------+-------+---------+------+------------+-------+<\/pre>\n<p>Exit from the Bash shell inside the container:<\/p>\n<pre class=\"lang:default decode:true \">root@a67e85bc1e7d:\/# exit\r\nexit<\/pre>\n<p>Inject the mysql query inside the container.<\/p>\n<pre class=\"lang:default decode:true \">$ sudo podman exec -it mariadb0 \/usr\/bin\/mysql -u user -pmypa55 items -e \"SELECT * FROM pet\"\r\n+----------+-------+---------+------+------------+-------+\r\n| name | owner | species | sex | birth | death |\r\n+----------+-------+---------+------+------------+-------+\r\n| Puffball | Diane | hamster | f | 1999-03-30 | NULL |\r\n+----------+-------+---------+------+------------+-------+<\/pre>\n<p>The mysql command is not in the <code>PATH<\/code> variable and, for this reason, you must use an absolute path.<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Containers, images, and image registries need to be able to interact with each other. For example, you need to be able to build images and put them into image registries. You also need to be able to retrieve an image from the image registry and build a container from that image. Podman is an open &hellip; <\/p>\n<p class=\"link-more\"><a href=\"http:\/\/miro.borodziuk.eu\/index.php\/2023\/03\/26\/managing-containers-with-podman\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Managing Containers with Podman&#8221;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":4712,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[91],"tags":[],"_links":{"self":[{"href":"http:\/\/miro.borodziuk.eu\/index.php\/wp-json\/wp\/v2\/posts\/4707"}],"collection":[{"href":"http:\/\/miro.borodziuk.eu\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/miro.borodziuk.eu\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/miro.borodziuk.eu\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/miro.borodziuk.eu\/index.php\/wp-json\/wp\/v2\/comments?post=4707"}],"version-history":[{"count":34,"href":"http:\/\/miro.borodziuk.eu\/index.php\/wp-json\/wp\/v2\/posts\/4707\/revisions"}],"predecessor-version":[{"id":4752,"href":"http:\/\/miro.borodziuk.eu\/index.php\/wp-json\/wp\/v2\/posts\/4707\/revisions\/4752"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/miro.borodziuk.eu\/index.php\/wp-json\/wp\/v2\/media\/4712"}],"wp:attachment":[{"href":"http:\/\/miro.borodziuk.eu\/index.php\/wp-json\/wp\/v2\/media?parent=4707"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/miro.borodziuk.eu\/index.php\/wp-json\/wp\/v2\/categories?post=4707"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/miro.borodziuk.eu\/index.php\/wp-json\/wp\/v2\/tags?post=4707"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}