Knowledge Base

Podman

3 min read

Podman

Podman is a rootless container engine.

Usage

Podmans command line interface is almost identical to Dockers. For reference see Docker.

podman port

List port mappings for the container or look up the public-facing port that is NAT-ed to the private-port.

# podman port b4d2f054
80/udp -> 0.0.0.0:44327
80/tcp -> 0.0.0.0:44327

podman diff

Inspect changes on a container or image’s filesystem. Usage: podman diff [options] container|image [container|image]

$ podman diff --format json myimage
{
  "changed": [
    "/usr",
    "/usr/local",
    "/usr/local/bin"
  ],
  "added": [
    "/usr/local/bin/docker-entrypoint.sh"
  ]
}
 
$ podman diff container1 image1
A /test

Systemd

Podman supports building and starting containers (and creating volumes) via systemd by using a systemd generator. These files are read during boot (and when systemctl daemon-reload is run) and generate corresponding regular systemd service unit files. Both system and user systemd units are supported.

Quadlet files for the root user can be placed in the following directories ordered in precedence. Meaning duplicate named quadlets found under /run take precedence over ones in /etc, as well as those in /usr:

  • Temporary quadlets, usually used for testing: /run/containers/systemd/
  • System administrator’s defined quadlets: /etc/containers/systemd/
  • Distribution defined quadlets: /usr/share/containers/systemd/

Quadlet files for non-root users can be placed in the following directories:

  • $XDG_RUNTIME_DIR/containers/systemd/
  • $XDG_CONFIG_HOME/containers/systemd/ or ~/.config/containers/systemd/
  • /etc/containers/systemd/users/$(UID)
  • /etc/containers/systemd/users/

The Podman generator reads the search paths above and reads files with the extensions .container, .volume, .network, .build, .pod and .kube, and for each file generates a similarly named .service file. Be aware that existing vendor services (i.e., in /usr/) are replaced if they have the same name. The generated unit files can be started and managed with systemctl like any other systemd service. systemctl {--user} list-unit-files lists existing unit files on the system.

The Podman files use the same format as regular systemd unit files. Each file type has a custom section (for example, [Container]) that is handled by Podman, and all other sections are passed on untouched, allowing the use of any normal systemd configuration options like dependencies or cgroup limits.

Examples

Example test.container:

[Unit]
Description=A minimal container
 
[Container]
# Use the centos image
Image=quay.io/centos/centos:latest
# In the container we just run sleep
Exec=sleep 60
 
[Service]
# Restart service when sleep finishes
Restart=always
# Extend Timeout to allow time to pull the image
TimeoutStartSec=900
# ExecStartPre flag and other systemd commands can go here, see systemd.unit(5) man page.
ExecStartPre=/usr/share/mincontainer/setup.sh
 
[Install]
# Start by default on boot
WantedBy=multi-user.target default.target

Example test.kube:

[Unit]
Description=A kubernetes yaml based service
Before=local-fs.target
 
[Kube]
Yaml=/opt/k8s/deployment.yml
 
[Install]
# Start by default on boot
WantedBy=multi-user.target default.target

Graph View

Backlinks