I’m working through poking the RHEL8 beta with a pointy stick. In reading through the release notes, and poking around yum, I found that docker is suspiciously missing. For a company so bent on Open Containers, I thought that was pretty odd. So I started to dig a bit. Turns out, containers aren’t gone, just docker! I was a little put off by this, I’ve devoted quite a bit of time to learning docker. Well, fear not, podman to the rescue.
podman? Isn’t that a bad horror movie
Nope, Podman is a docker-comatible cli to run OCI compliant containers. That means you can run all your familiar Docker containers on podman. The real mind bender here though, is that podman doesn’t have a daemon. The docker daemon did things like, setup your host based firewall for forwarding and NAT, and auto-started your containers for you at boot time. This meant that in-between your OS and your containers was this extra layer. Podman still handles the environment setup like the docker daemon did, but it does not auto-start containers. Instead, podman containers are auto-started via systemd units. I found a nice write-up on that here.
So what’s this podman look like?
Podman’s CLI is meant to mimic docker, where it can. I did some poking about, and here’s what I’ve come up with.
Install podman
[root@rhel8-testmachine ~]# yum search podman
Updating Subscription Management repositories.
Updating Subscription Management repositories.
================================================================ Name Exactly Matched: podman ================================================================
podman.x86_64 : Manage Pods, Containers and Container Images
=============================================================== Summary & Name Matched: podman ===============================================================
python3-pypodman.noarch : Python 3 tool for podman
python3-podman.noarch : Python 3 tool and bindings for podman
podman-docker.noarch : "package to Emulate Docker CLI using podman."
[root@rhel8-testmachine ~]# yum install podman-docker
Updating Subscription Management repositories.
Updating Subscription Management repositories.
Red Hat Enterprise Linux 8 for x86_64 - AppStream Beta (RPMs) 3.3 kB/s | 4.1 kB 00:01
Red Hat Enterprise Linux 8 for x86_64 - BaseOS Beta (RPMs) 3.5 kB/s | 4.1 kB 00:01
Dependencies resolved.
==============================================================================================================================================================
Package Arch Version Repository Size
==============================================================================================================================================================
Installing:
podman-docker noarch 0.10.1.3-5.gitdb08685.el8+2131+7e3e9e07 rhel-8-for-x86_64-appstream-beta-rpms 24 k
Installing dependencies:
runc x86_64 1.0.0-52.rc5.dev.git2abd837.el8+1884+9fee228c rhel-8-for-x86_64-appstream-beta-rpms 2.0 M
containers-common x86_64 1:0.1.31-11.gitb0b750d.el8+1853+ae0bb178 rhel-8-for-x86_64-appstream-beta-rpms 31 k
protobuf-c x86_64 1.3.0-4.el8 rhel-8-for-x86_64-appstream-beta-rpms 37 k
container-selinux noarch 2:2.73-3.el8+1838+91f7e486 rhel-8-for-x86_64-appstream-beta-rpms 42 k
criu x86_64 3.10-4.el8 rhel-8-for-x86_64-appstream-beta-rpms 482 k
podman x86_64 0.10.1.3-5.gitdb08685.el8+2131+7e3e9e07 rhel-8-for-x86_64-appstream-beta-rpms 7.3 M
libnet x86_64 1.1.6-15.el8 rhel-8-for-x86_64-appstream-beta-rpms 67 k
ostree-libs x86_64 2018.8-2.el8 rhel-8-for-x86_64-appstream-beta-rpms 382 k
containernetworking-plugins x86_64 0.7.3-6.git19f2f28.el8+1742+b7ea820a rhel-8-for-x86_64-appstream-beta-rpms 12 M
python3-policycoreutils noarch 2.8-9.el8 rhel-8-for-x86_64-baseos-beta-rpms 2.2 M
fuse3-libs x86_64 3.2.1-11.el8 rhel-8-for-x86_64-baseos-beta-rpms 94 k
python3-setools x86_64 4.1.1-11.el8 rhel-8-for-x86_64-baseos-beta-rpms 446 k
policycoreutils-python-utils noarch 2.8-9.el8 rhel-8-for-x86_64-baseos-beta-rpms 227 k
python3-IPy noarch 0.81-22.el8 rhel-8-for-x86_64-baseos-beta-rpms 43 k
python3-libsemanage x86_64 2.8-3.1.el8 rhel-8-for-x86_64-baseos-beta-rpms 126 k
python3-audit x86_64 3.0-0.5.20180831git0047a6c.el8 rhel-8-for-x86_64-baseos-beta-rpms 85 k
checkpolicy x86_64 2.8-1.el8 rhel-8-for-x86_64-baseos-beta-rpms 337 k
Installing weak dependencies:
slirp4netns x86_64 0.1-1.dev.gitc4e1bc5.el8+1463+3d8a3dce rhel-8-for-x86_64-appstream-beta-rpms 54 k
fuse-overlayfs x86_64 0.1-7.dev.git50c7a50.el8+2117+8020c482 rhel-8-for-x86_64-appstream-beta-rpms 47 k
Enabling module streams:
container-tools 1.0
Transaction Summary
==============================================================================================================================================================
Install 20 Packages
Total download size: 26 M
Installed size: 94 M
Is this ok [y/N]: y
<yum stuff follows>Podman is it’s own package, and there’s a podman-docker package which wraps your commands in a docker-like shell. I do not know if this will change later…
Pull a container image
[root@rhel8-testmachine ~]# podman pull centos
Trying to pull registry.redhat.io/centos:latest...Failed
Trying to pull quay.io/centos:latest...Failed
Trying to pull docker.io/centos:latest...Getting image source signatures
Copying blob sha256:a02a4930cb5d36f3290eb84f4bfa30668ef2e9fe3a1fb73ec015fc58b9958b17
71.68 MB / 71.68 MB [=====================================================] 11s
Copying config sha256:1e1148e4cc2c148c6890a18e3b2d2dde41a6745ceb4e5fe94a923d811bf82ddb
2.13 KB / 2.13 KB [========================================================] 0s
Writing manifest to image destination
Storing signatures
1e1148e4cc2c148c6890a18e3b2d2dde41a6745ceb4e5fe94a923d811bf82ddbRunning a container
I ran a quick centos container, just to see how it worked. the CLI is practically identical. I did run into some issues with the –name flag, mainly I was used to –name=foobar, something docker accepted just fine, and podman is –name foobar. I figured it our pretty quickly and moved on.
[root@rhel8-testmachine ~]# podman run -it centos /bin/bash
[root@75da3203c199 /]# whoami
root
[root@75da3203c199 /]# ls /etc/redhat-release
/etc/redhat-release
[root@75da3203c199 /]# cat /etc/redhat-release
CentOS Linux release 7.6.1810 (Core)
[root@75da3203c199 /]# exitThe centos container was simple, let’s see what happens if we run something a little more complicated like wordpress! I pulled the image with podman pull, and then ran it just like I would in docker!
[root@rhel8-testmachine ~]# podman run -d --name wordpress-test -p 80:80 -p 443:443 wordpress
84703fc104f536ba8abcd72f7197ce099c78db915004bfa710a418455b5a269b
[root@rhel8-testmachine ~]# docker ps
Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg.
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
84703fc104f5 docker.io/library/wordpress:latest docker-entrypoint.s... 6 seconds ago Up 4 seconds ago 0.0.0.0:443->443/tcp, 0.0.0.0:80->80/tcp wordpress-test
Logs works as expected, and we can see that the service is in fact up.
[root@rhel8-testmachine ~]# podman logs wordpress-test
WordPress not found in /var/www/html - copying now...
Complete! WordPress has been successfully copied to /var/www/html
AH00557: apache2: apr_sockaddr_info_get() failed for 84703fc104f5
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message
AH00557: apache2: apr_sockaddr_info_get() failed for 84703fc104f5
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message
[Tue Jan 08 02:57:10.631625 2019] [mpm_prefork:notice] [pid 1] AH00163: Apache/2.4.25 (Debian) PHP/7.2.13 configured -- resuming normal operations
[Tue Jan 08 02:57:10.633010 2019] [core:notice] [pid 1] AH00094: Command line: 'apache2 -D FOREGROUND'
[root@rhel8-testmachine ~]# curl http://127.0.0.1/wp-admin
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://127.0.0.1/wp-admin/">here</a>.</p>
<hr>
<address>Apache/2.4.25 (Debian) Server at 127.0.0.1 Port 80</address>
</body></html>The –restart flag is gone, likely because it can no longer function like we expect it to in docker land. So instead you’ll have to learn to write those systemd units for your containers. It’s about time you learned systemd anyway!
Docker-compose
So the other thing I wanted to test was docker-compose. From what I’m reading, this isnt implemented yet, but will be handled natively with podman as “pods”. Guess we’ll see.
Dockerfile
One last thing, I wanted to just try out a basic dockerfile. So I wrote my own very basic dockerfile, to install apache on centos, and ran it.
[root@rhel8-testmachine test-dockerFile]# cat Dockerfile
FROM centos
RUN yum -y install httpd
EXPOSE 80
CMD ["/usr/sbin/apachectl", "-D", "FOREGROUND"]
[root@rhel8-testmachine test-dockerFile]# podman build -t apache-test .
STEP 1: FROM centos
STEP 2: RUN yum -y install httpd
Loaded plugins: fastestmirror, ovl
Determining fastest mirrors
* base: linux.cc.lehigh.edu
* extras: linux.cc.lehigh.edu
* updates: linux.cc.lehigh.edu
base | 3.6 kB 00:00
extras | 3.4 kB 00:00
updates | 3.4 kB 00:00
(1/4): extras/7/x86_64/primary_db | 156 kB 00:00
(2/4): updates/7/x86_64/primary_db | 1.3 MB 00:00
(3/4): base/7/x86_64/group_gz | 166 kB 00:00
(4/4): base/7/x86_64/primary_db | 6.0 MB 00:04
Resolving Dependencies
--> Running transaction check
---> Package httpd.x86_64 0:2.4.6-88.el7.centos will be installed
--> Processing Dependency: httpd-tools = 2.4.6-88.el7.centos for package: httpd-2.4.6-88.el7.centos.x86_64
--> Processing Dependency: system-logos >= 7.92.1-1 for package: httpd-2.4.6-88.el7.centos.x86_64
--> Processing Dependency: /etc/mime.types for package: httpd-2.4.6-88.el7.centos.x86_64
--> Processing Dependency: libaprutil-1.so.0()(64bit) for package: httpd-2.4.6-88.el7.centos.x86_64
--> Processing Dependency: libapr-1.so.0()(64bit) for package: httpd-2.4.6-88.el7.centos.x86_64
--> Running transaction check
---> Package apr.x86_64 0:1.4.8-3.el7_4.1 will be installed
---> Package apr-util.x86_64 0:1.5.2-6.el7 will be installed
---> Package centos-logos.noarch 0:70.0.6-3.el7.centos will be installed
---> Package httpd-tools.x86_64 0:2.4.6-88.el7.centos will be installed
---> Package mailcap.noarch 0:2.1.41-2.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
httpd x86_64 2.4.6-88.el7.centos base 2.7 M
Installing for dependencies:
apr x86_64 1.4.8-3.el7_4.1 base 103 k
apr-util x86_64 1.5.2-6.el7 base 92 k
centos-logos noarch 70.0.6-3.el7.centos base 21 M
httpd-tools x86_64 2.4.6-88.el7.centos base 90 k
mailcap noarch 2.1.41-2.el7 base 31 k
Transaction Summary
================================================================================
Install 1 Package (+5 Dependent packages)
Total download size: 24 M
Installed size: 31 M
Downloading packages:
warning: /var/cache/yum/x86_64/7/base/packages/apr-1.4.8-3.el7_4.1.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY
Public key for apr-1.4.8-3.el7_4.1.x86_64.rpm is not installed
(1/6): apr-1.4.8-3.el7_4.1.x86_64.rpm | 103 kB 00:00
(2/6): apr-util-1.5.2-6.el7.x86_64.rpm | 92 kB 00:00
...
Installed:
httpd.x86_64 0:2.4.6-88.el7.centos
FROM centos
Dependency Installed:
apr.x86_64 0:1.4.8-3.el7_4.1
apr-util.x86_64 0:1.5.2-6.el7
centos-logos.noarch 0:70.0.6-3.el7.centos
httpd-tools.x86_64 0:2.4.6-88.el7.centos
mailcap.noarch 0:2.1.41-2.el7
Complete!
--> 7763585b1b600683325f82e86e2d734a845dd3924b3a4d8c8183f8946134e944
STEP 3: FROM 7763585b1b600683325f82e86e2d734a845dd3924b3a4d8c8183f8946134e944
STEP 4: EXPOSE 80
--> ca21ea9cd42229458428f887f57a67841aec120d15a12b00232f4c47f0d2ed01
STEP 5: FROM ca21ea9cd42229458428f887f57a67841aec120d15a12b00232f4c47f0d2ed01
STEP 6: CMD ["/usr/sbin/apachectl", "-D", "FOREGROUND"]
--> 85c737e0b32feb4d6bafb47c3ba6c722265339b308f292946cf9967d323bc62e
STEP 7: COMMIT apache-testThen, just to make sure, I ran it, and it worked!
[root@rhel8-testmachine test-dockerFile]# podman run -d -p 80:80 --name httpd-test apache-test
9c8b65c4aa37e4c3d7586cbbe5c5024519851639dd168dd79d31394026dcb666
[root@rhel8-testmachine test-dockerFile]# docker ps
Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg.
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
9c8b65c4aa37 localhost/apache-test:latest /usr/sbin/apachectl... 4 seconds ago Up 3 seconds ago 0.0.0.0:80->80/tcp httpd-test
[root@rhel8-testmachine test-dockerFile]# curl http://127.0.0.1
<!DOCTYPE html PUBLIC "-//W3C//DTD XHT...
The expected "IT WORKED!" page from CentosConclusion
So in all, don’t fear the podman. He works just like your old friend docker, and seems to have some potential for even lighter weight systems in the future.
Stay turned for more on the RHEL8 Beta!
[…] https://www.undrground.org/2019/01/07/rhel-8-beta-the-podman-cometh/ […]