1. Docker

docker


2. Podman

Podman(核心:RUN,PULL,PUSH)、Buildah(OCI镜像Build工具)、Skopeo(OCI镜像管理)

containers

安装Podman

# CentOS 7
sudo curl -L -o /etc/yum.repos.d/devel:kubic:libcontainers:stable.repo https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/CentOS_7/devel:kubic:libcontainers:stable.repo
sudo yum -y install podman

# CentOS 8
sudo dnf -y module disable container-tools
sudo dnf -y install 'dnf-command(copr)'
sudo dnf -y copr enable rhcontainerbot/container-selinux
sudo curl -L -o /etc/yum.repos.d/devel:kubic:libcontainers:stable.repo https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/CentOS_8/devel:kubic:libcontainers:stable.repo
sudo dnf -y install podman
sudo dnf -y update

# CentOS Stream
sudo dnf -y module disable container-tools
sudo dnf -y install 'dnf-command(copr)'
sudo dnf -y copr enable rhcontainerbot/container-selinux
sudo curl -L -o /etc/yum.repos.d/devel:kubic:libcontainers:stable.repo https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/CentOS_8_Stream/devel:kubic:libcontainers:stable.repo
sudo dnf -y install podman
sudo dnf -y update

3. 错误处理

3.1 CentOS7默认关闭了user_namespace,需要手动打开

user namespaces are not enabled in /proc/sys/user/max_user_namespaces

------------------------------------------

# echo 10000 > /proc/sys/user/max_user_namespaces
# grubby --args="user_namespace.enable=1" --update-kernel="$(grubby --default-kernel)"
# echo "user.max_user_namespaces=10000" >> /etc/sysctl.conf

3.2 旧版kernel配置不支持podman某些特性,需要注释掉mountopt

Error: failed to mount overlay for metacopy check with "nodev,metacopy=on" options: invalid argument

------------------------------------------

$ sudo vi /etc/containers/storage.conf
# mountopt = "nodev,metacopy=on"

3.3 Rootless mode

ERRO[0000] cannot find UID/GID for user xxxx: No subuid ranges found for user "xxx" in /etc/subuid - check rootless mode in man pages.

------------------------------------------

$ sudo usermod --add-subuids 10000-75535 USERNAME
$ sudo usermod --add-subgids 10000-75535 USERNAME

Or just add the content manually.

$ echo USERNAME:10000:65536 >> /etc/subuid
$ echo USERNAME:10000:65536 >> /etc/subgid

3.4 解决3.1和3.3后需要重启一下

Error processing tar file(exit status 1): potentially insufficient UIDs or GIDs available in user namespace (requested 0:35 for /usr/libexec/utempter): Check /etc/subuid and /etc/subgid: lchown /usr/libexec/utempter: invalid argument

------------------------------------------

$ sudo reboot