MacOS 下均是使用remote来连接vm来使用podman。我们可以使用vm管理软件来创建vm,这里介绍使用multipass和podman machine。
使用 Podman machine 配置前需要准备一些依赖
安装依赖 fedora qemu 镜像,可提前准备,也可以在安装时让其自动下载
1 2 3 mkdir fedora-coreoscd fedora-coreoscurl -L 'https://builds.coreos.fedoraproject.org/prod/streams/next/builds/36.20220426.1.0/x86_64/fedora-coreos-36.20220426.1.0-qemu.x86_64.qcow2.xz' -o fedora-coreos-36.20220426.1.0-qemu.x86_64.qcow2.xz
获取podman二进制文件
1 2 3 curl -L 'https://github.com/containers/podman/releases/download/v4.0.3/podman-remote-release-darwin_amd64.zip' -o podman-remote-release-darwin_amd64.zip unzip podman-remote-release-darwin_amd64.zip sudo cp podman-4.0.3/usr/bin/podman /usr/local/bin/podman
获取gvproxy二进制文件
1 2 curl -L 'https://github.com/containers/gvisor-tap-vsock/releases/download/v0.3.0/gvproxy-darwin' -o gvproxy sudo cp gvproxy /usr/local/bin/gvproxy
安装qemu
创建machine 使用podman machine init进行初始化,可以使用podman machine init --help查看可用的参数podman machine只能同时运行一个vm
1 2 3 podman machine init --cpus 3 --disk-size 50 --memory 3072 --image-path ~/fedora-coreos/fedora-coreos-36.20220426.1.0-qemu.x86_64.qcow2.xz podman machine start podman machine ls
初始化完成后,可以看看podman的配置是否正常
1 2 podman system connection ls podman version
使用 Multipass
Multipass 是一种在 Linux、macOS 和 Windows 上快速生成云式 Ubuntu VM 的工具。
下载multipass
配置vm 初始化vm
1 multipass launch -n podman -c 3 -m 3G -d 50G 22.04
如果vm不能访问互联网,尝试修改一下DNS,参考using-a-custom-dns troubleshooting-networking-on-macos
1 2 3 4 multipass shell podman vim /etc/netplan/50-cloud-init.yaml sudo netplan try
Ubuntu 22.04需要为sshd添加支持的PubkeyAcceptedKeyTypes的算法
1 2 echo "PubkeyAcceptedKeyTypes=+ssh-rsa" >>/etc/ssh/sshd_configsystemctl restart sshd
配置podman 已经记录podman3、podman4的安装方式,可根据喜好安装配置
podman3 ubuntu 22.04默认支持Podman v3 LTS版本,安装参考以下命令
1 2 3 4 5 6 sudo su sed -i 's?archive.ubuntu.com?mirrors.aliyun.com?g' /etc/apt/sources.list sed -i 's?security.ubuntu.com?mirrors.aliyun.com?g' /etc/apt/sources.list apt-get update apt-get -y upgrade apt-get -y install podman
podman4 ubuntu 22.04 没有podman4的软件包,可以通过debain的Experimental 源 获取
1 2 3 4 5 6 7 sed -i 's?archive.ubuntu.com?mirrors.aliyun.com?g' /etc/apt/sources.list sed -i 's?security.ubuntu.com?mirrors.aliyun.com?g' /etc/apt/sources.list apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 648ACFD622F3D138 0E98404D386FA1D9 echo 'deb http://deb.debian.org/debian experimental main' >> /etc/apt/sources.list.d/debian-experimental.listapt-get update apt-get -y upgrade apt-get -t experimental -y install podman
通过socket连接到podman 给vm添加ssh公钥
1 echo 'macos本地的公钥' >> /root/.ssh/authorized_keys
podman3的API版本较低,客户端版本也需要降低,需要下载podman3的客户端
1 2 3 curl -L https://github.com/containers/podman/releases/download/v3.4.4/podman-remote-release-darwin.zip -o podman-remote-release-darwin.zip unzip podman-remote-release-darwin.zip cp podman-3.4.4/podman /usr/local/bin/podman3
然后添加远端连接以下命令用的IP记得改成你VM实际的IP
1 2 3 podman system connection add podman3 --identity ~/.ssh/id_rsa ssh://root@192.168.64.2/run/podman/podman.sock podman system connection default podman3 podman3 version
podman4
1 2 3 podman system connection add podman4 --identity ~/.ssh/id_rsa ssh://root@192.168.64.4/run/podman/podman.sock podman system connection default podman4 podman version
使用podman 用以上方式安装好podman后,可以进行一些配置,如本地镜像仓库,镜像加速等
信任镜像仓库 本地镜像仓库一般使用自签证书,信任本地仓库配置如下
1 2 3 4 5 6 cat << EOF >> /etc/containers/registries.conf.d/001-192.168.110.35-insecure.conf [[registry]] location="192.168.110.35" prefix="192.168.110.35" insecure=true EOF
镜像加速 国内下载比较慢,我们一般会配置加速,参考如下
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 cat << EOF >> /etc/containers/registries.conf.d/002-mirrors.conf [[registry]] prefix="docker.io" location="docker.m.daocloud.io" [[registry]] prefix="cr.l5d.io" location="l5d.m.daocloud.io" [[registry]] prefix="docker.elastic.co" location="elastic.m.daocloud.io" [[registry]] prefix="gcr.io" location="gcr.m.daocloud.io" [[registry]] prefix="k8s.gcr.io" location="k8s-gcr.m.daocloud.io" [[registry]] prefix="mcr.microsoft.com" location="mcr.m.daocloud.io" [[registry]] prefix="nvcr.io" location="nvcr.m.daocloud.io" [[registry]] prefix="quay.io" location="quay.m.daocloud.io" [[registry]] prefix="registry.jujucharms.com" location="jujucharms.m.daocloud.io" [[registry]] prefix="rocks.canonical.com" location="rocks-canonical.m.daocloud.io" EOF
测试镜像拉取 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 ➜ ~ podman pull 192.168.110.35/library/nginx:1.19.4 Trying to pull 192.168.110.35/library/nginx:1.19.4... Getting image source signatures Copying blob sha256:232bf38931fc8c7f00f73e6d2be46776bd5b0999eb4c190c810a74cf203b1474 Copying blob sha256:c5df295936d31cee0907f9652ff1b0518482ea87102f4cd2a872ed720e72314b Copying blob sha256:a29b129f410924b8ca6289b0e958f3d5ac159e29b54e4d9ab33e51eb87857474 Copying blob sha256:b3ddf1fa5595a82768da495f49d416bae8806d06ffe705935b4573035d8cfbad Copying blob sha256:852e50cd189dfeb54d97680d9fa6bed21a6d7d18cfb56d6abfe2de9d7f173795 Copying config sha256:daee903b4e436178418e41d8dc223b73632144847e5fe81d061296e667f16ef2 Writing manifest to image destination Storing signatures daee903b4e436178418e41d8dc223b73632144847e5fe81d061296e667f16ef2 ➜ ~ podman pull k8s.gcr.io/kube-apiserver:v1.20.1 Trying to pull k8s.gcr.io/kube-apiserver:v1.20.1... Getting image source signatures Copying blob sha256:f398b465657ed53ee83af22197ef61be9daec6af791c559ee5220dee5f3d94fe Copying blob sha256:d7d21f5bdd8303a60bac834f99867a58e6f3e1abcb6d486158a1ccb67dbf85bf Copying blob sha256:cbcdf8ef32b41cd954f25c9d85dee61b05acc3b20ffa8620596ed66ee6f1ae1d Copying blob sha256:f398b465657ed53ee83af22197ef61be9daec6af791c559ee5220dee5f3d94fe Copying blob sha256:cbcdf8ef32b41cd954f25c9d85dee61b05acc3b20ffa8620596ed66ee6f1ae1d Copying blob sha256:d7d21f5bdd8303a60bac834f99867a58e6f3e1abcb6d486158a1ccb67dbf85bf Copying config sha256:e1822562bf942868d700a2f08eb368f2c88987e473aae12997cc07cc83e789d1 Writing manifest to image destination Storing signatures e1822562bf942868d700a2f08eb368f2c88987e473aae12997cc07cc83e789d1
运行容器 1 2 3 4 ➜ ~ podman run -d --name adminer --hostname adminer -p 8080:8080 --network bridge 192.168.110.35/library/adminer:4.8.1-standalone ➜ ~ podman ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 99b21f9f723b 192.168.110.35/library/adminer:4.8.1-standalone php -S [::]:8080 ... 7 seconds ago Up 7 seconds ago 0.0.0.0:8080->8080/tcp adminer
访问容器 用以上方式运行后,已有的podman配置如下所示
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 ➜ ~ podman system connection ls Name URI Identity Default podman ssh://core@localhost:63215/run/user/501/podman/podman.sock /Users/lucas/.ssh/podman true podman-root ssh://root@localhost:63215/run/podman/podman.sock /Users/lucas/.ssh/podman false podman3 ssh://root@192.168.64.2:22/run/podman/podman.sock /Users/lucas/.ssh/id_rsa false podman4 ssh://root@192.168.64.4:22/run/podman/podman.sock /Users/lucas/.ssh/id_rsa false ➜ ~ podman system connection default podman3 ➜ ~ podman3 ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 99b21f9f723b 192.168.110.35/library/adminer:4.8.1-standalone php -S [::]:8080 ... 30 minutes ago Up 30 minutes ago 0.0.0.0:8080->8080/tcp adminer ➜ ~ podman system connection default podman4 ➜ ~ podman ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 72b3ad0ac98d 192.168.110.35/library/adminer:4.8.1-standalone php -S [::]:8080 ... 38 seconds ago Up 38 seconds ago 0.0.0.0:8080->8080/tcp adminer ➜ ~ podman system connection default podman ➜ ~ podman ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES a38dc8af9a8c 192.168.110.35/library/adminer:4.8.1-standalone php -S [::]:8080 ... 3 seconds ago Up 4 seconds ago 0.0.0.0:8080->8080/tcp adminer
对于使用podman machine的可以直接使用127.0.0.1进行访问
也可以与podman-desktop一起使用
对于使用multipass的,可以使用vm ip进行访问
1 2 curl 192.168.64.2:8080 curl 192.168.64.4:8080
podman的命令大部分与docker类似,可以配置一个alias
1 2 3 echo 'alias docker="podman"' >> .zshrcsource .zshrcdocker version
参考链接 [1] multipass using a custom dns multipass troubleshooting networking on macos podman containers registries.conf.d podman mac experimental podman tutorial debian experimental
