官方文档:https://podman.io/getting-started/installation
podman 目前只支持linux版本,windows和mac可以用Remote Client连接到远程的Podman上
Centos
sudo yum -y install podman
问题1:
user namespaces are not enabled in /proc/sys/user/max_user_namespaces
解决办法
# centos 7默认关闭了 user namespace,需要手动打开
echo 10000 > /proc/sys/user/max_user_namespaces
grubby --args="user_namespace.enable=1" --update-kernel="$(grubby --default-kernel)"
echo "user.max_user_namespaces=10000" >> /etc/sysctl.conf
问题2:
Error: failed to mount overlay for metacopy check with "nodev,metacopy=on" options: invalid argument
解决办法:
vi /etc/containers/storage.conf
# 旧版kernel配置不支持podman某些特性,需要注释掉mountopt
#mountopt = "nodev,metacopy=on"
问题3:
ERRO[0000] cannot find UID/GID for user xxxx: No subuid ranges found for user "xxx" in /etc/subuid - check rootless mode in man pages.
解决办法:
官方文档说明:
http://docs.podman.io/en/latest/markdown/podman.1.html?highlight=65536#rootless-mode
Podman can also be used as non-root user. When podman runs in rootless mode, a user namespace is automatically created for the user, defined in /etc/subuid and /etc/subgid.
Containers created by a non-root user are not visible to other users and are not seen or managed by Podman running as root.
It is required to have multiple uids/gids set for an user. Be sure the user is present in the files /etc/subuid and /etc/subgid.
If you have a recent version of usermod, you can execute the following commands to add the ranges to the files
$ sudo usermod --add-subuids 10000-75535 USERNAME
$ sudo usermod --add-subgids 10000-75535 USERNAME
Or just add the content manually.
$ echo USERNAME:10000:65536 >> /etc/subuid
$ echo USERNAME:10000:65536 >> /etc/subgid
See the subuid(5) and subgid(5) man pages for more information.
Images are pulled under XDG_DATA_HOME when specified, otherwise in the home directory of the user under .local/share/containers/storage.
Currently the slirp4netns package is required to be installed to create a network device, otherwise rootless containers need to run in the network namespace of the host.
# xxx为当前用户名
echo xxx:10000:65536 >> /etc/subuid
echo xxx:10000:65536 >> /etc/subgid
修改镜像拉取地址顺序
vi /etc/containers/registries.conf
# 把docker.io 放到最前面
unqualified-search-registries = ["docker.io", "registry.fedoraproject.org", "registry.access.redhat.com", "registry.centos.org"]
网友评论