podman 在mac 上面,远程链接到linux server上面的podman

podman是一个可以替代docker的容器技术。特色功能之一,就是可以在Mac或者Windows上面,通过ssh协议,远程连接到linux 上面,操作远程的podman。你用起来,就跟本地的podman一样的。比你在mac或者windows下面,跑虚拟机,要好很多。

但是配置起来,需要一点点耐心。

你先要准备好ssh的key,避免不必要的麻烦,我们直接得用 ssh key id_ed25519

首先远程linux服务器,你得先装podman, 我们以opensuse tumbleweed为例,你需要执行这样的命令安装,并配置podman

sudo -i
zypper install podman
systemctl   enable podman.socket
systemctl start podman.socket
loginctl enable-linger  root

sshd也是必须要启用的,不然你无法以sshd协议链接linux 服务器。

systemctl enable sshd

记住,你得生成,或者自己准备ssh的 key, 以id_ed25519格式为佳。

保证可以通过ssh -v [email protected]目标机器ip登录远程服务器

然后接下来你执行命令,在mac或者windows下面,利用podman的远程链接功能,链接到远程podman服务器。

podman --log-level=debug system connection add wsk -d --identity /Users/nomore/.ssh/id_ed25519 ssh://[email protected]

查看连接信息

$ podman system connection ls
Name        URI                                                 Identity                       Default
wsk         ssh://[email protected]:22/run/podman/podman.sock  /Users/nomore/.ssh/id_ed25519  true

然后看下版本信息

$ podman info
host:
  arch: amd64
  buildahVersion: 1.23.1
  cgroupControllers:
  - cpuset
  - cpu
  - io
  - memory
  - hugetlb
  - pids
  - rdma
  - misc
  cgroupManager: systemd
  cgroupVersion: v2
  conmon:
    package: conmon-2.0.30-1.2.x86_64
    path: /usr/bin/conmon
    version: 'conmon version 2.0.30, commit: unknown'
  cpus: 8
  distribution:
    distribution: '"opensuse-tumbleweed"'
    version: "20220126"
  eventLogger: journald
  hostname: localhost.localdomain
  idMappings:
    gidmap: null
    uidmap: null
  kernel: 5.16.2-1-default
  linkmode: dynamic
  logDriver: journald
  memFree: 23369572352
  memTotal: 25125494784
  networkBackend: ""
  ociRuntime:
    name: runc
    package: runc-1.1.0-1.1.x86_64
    path: /usr/bin/runc
    version: |-
      runc version 1.1.0
      commit: v1.1.0-0-g605c1cb1cc0c
      spec: 1.0.2-dev
      go: go1.17.6
      libseccomp: 2.5.3
  os: linux
  remoteSocket:
    exists: true
    path: /run/podman/podman.sock
  security:
    apparmorEnabled: true
    capabilities: CAP_AUDIT_WRITE,CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_MKNOD,CAP_NET_BIND_SERVICE,CAP_NET_RAW,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
    rootless: false
    seccompEnabled: true
    seccompProfilePath: /etc/containers/seccomp.json
    selinuxEnabled: false
  serviceIsRemote: true
  slirp4netns:
    executable: /usr/bin/slirp4netns
    package: slirp4netns-1.1.11-1.3.x86_64
    version: |-
      slirp4netns version 1.1.11
      commit: unknown
      libslirp: 4.6.1
      SLIRP_CONFIG_VERSION_MAX: 3
      libseccomp: 2.5.3
  swapFree: 2147811328
  swapTotal: 2147811328
  uptime: 1h 57m 59.17s (Approximately 0.04 days)
plugins:
  log:
  - k8s-file
  - none
  - journald
  network:
  - bridge
  - macvlan
  volume:
  - local
registries:
  search:
  - registry.opensuse.org
  - docker.io
store:
  configFile: /etc/containers/storage.conf
  containerStore:
    number: 1
    paused: 0
    running: 0
    stopped: 1
  graphDriverName: btrfs
  graphOptions: {}
  graphRoot: /var/lib/containers/storage
  graphStatus:
    Build Version: 'Btrfs v5.16 '
    Library Version: "102"
  imageCopyTmpDir: ""
  imageStore:
    number: 1
  runRoot: /var/run/containers/storage
  volumePath: /var/lib/containers/storage/volumes
version:
  APIVersion: 3.4.4
  Built: 1639008000
  BuiltTime: Thu Dec  9 08:00:00 2021
  GitCommit: ""
  GoVersion: go1.13.15
  OsArch: linux/amd64
  Version: 3.4.4

接下来我们运行一个容器试试

$ podman run hello-world

Hello from Docker!
This message shows that your installation appears to be working correctly.

To generate this message, Docker took the following steps:
 1. The Docker client contacted the Docker daemon.
 2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
    (amd64)
 3. The Docker daemon created a new container from that image which runs the
    executable that produces the output you are currently reading.
 4. The Docker daemon streamed that output to the Docker client, which sent it
    to your terminal.

To try something more ambitious, you can run an Ubuntu container with:
 $ docker run -it ubuntu bash

Share images, automate workflows, and more with a free Docker ID:
 https://hub.docker.com/

For more examples and ideas, visit:
 https://docs.docker.com/get-started/

如果我们在远程linux服务器上执行命令,应该可以看得到刚刚我们运行的容器实例

# podman ps -a
CONTAINER ID  IMAGE                                 COMMAND     CREATED        STATUS                    PORTS       NAMES
b29d32e90a6d  docker.io/library/hello-world:latest  /hello      9 seconds ago  Exited (0) 8 seconds ago              vibrant_kapitsa

 

当你完成这个简单的实例之后,你会发现,你已经初步掌握了podman 如何链接远程linux服务器。

这样你可以在本地开发代码,开发完了,可以利用远程linux,构建容器镜像

 

比如我的电脑是mac,我先clone一个很小的仓库,,尝试构建镜像

$ git clone https://github.com/cnmade/alpine-rsync.git
Cloning into 'alpine-rsync'...
remote: Enumerating objects: 6, done.
remote: Total 6 (delta 0), reused 0 (delta 0), pack-reused 6
Receiving objects: 100% (6/6), done.
 $ cd alpine-rsync
 $ ls -al
total 16
drwxr-xr-x   5 nomore  staff   160 Jan 30 09:49 .
drwxr-xr-x  66 nomore  staff  2112 Jan 30 09:49 ..
drwxr-xr-x  12 nomore  staff   384 Jan 30 09:49 .git
-rw-r--r--   1 nomore  staff    53 Jan 30 09:49 Dockerfile
-rw-r--r--   1 nomore  staff    94 Jan 30 09:49 README.md
 $ cat README.md
# alpine-rsync
Rsync docker image with alpine linux
A very small rsync utils for your system.
 $ podman build -t cnmade/alpine-rsync .
STEP 1/3: FROM alpine
Resolving "alpine" using unqualified-search registries (/etc/containers/registries.conf)
Trying to pull registry.opensuse.org/alpine:latest...
Trying to pull docker.io/library/alpine:latest...
Getting image source signatures
Copying blob sha256:59bf1c3509f33515622619af21ed55bbe26d24913cedbca106468a5fb37a50c3
Copying blob sha256:59bf1c3509f33515622619af21ed55bbe26d24913cedbca106468a5fb37a50c3
Copying config sha256:c059bfaa849c4d8e4aecaeb3a10c2d9b3d85f5165c66ad3a4d937758128c4d18
Writing manifest to image destination
Storing signatures
STEP 2/3: RUN apk update
fetch https://dl-cdn.alpinelinux.org/alpine/v3.15/main/x86_64/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/v3.15/community/x86_64/APKINDEX.tar.gz
v3.15.0-242-gf2c09d7474 [https://dl-cdn.alpinelinux.org/alpine/v3.15/main]
v3.15.0-239-g755d336b9e [https://dl-cdn.alpinelinux.org/alpine/v3.15/community]
OK: 15848 distinct packages available
--> 2d025effc07
STEP 3/3: RUN apk add rsync openssh
(1/15) Installing openssh-keygen (8.8_p1-r1)
(2/15) Installing ncurses-terminfo-base (6.3_p20211120-r0)
(3/15) Installing ncurses-libs (6.3_p20211120-r0)
(4/15) Installing libedit (20210910.3.1-r0)
(5/15) Installing openssh-client-common (8.8_p1-r1)
(6/15) Installing openssh-client-default (8.8_p1-r1)
(7/15) Installing openssh-sftp-server (8.8_p1-r1)
(8/15) Installing openssh-server-common (8.8_p1-r1)
(9/15) Installing openssh-server (8.8_p1-r1)
(10/15) Installing openssh (8.8_p1-r1)
(11/15) Installing libacl (2.2.53-r0)
(12/15) Installing lz4-libs (1.9.3-r1)
(13/15) Installing popt (1.18-r0)
(14/15) Installing zstd-libs (1.5.0-r0)
(15/15) Installing rsync (3.2.3-r5)
Executing busybox-1.34.1-r3.trigger
OK: 13 MiB in 29 packages
COMMIT cnmade/alpine-rsync
--> 68706d6f1bb
Successfully tagged localhost/cnmade/alpine-rsync:latest
68706d6f1bbf71f899038e92ec3edddc4eafbc32a3f15811081a8be435a8e474

我们分别在mac和远程linux看看我们的镜像是否构建成功了

# podman images
REPOSITORY                     TAG         IMAGE ID      CREATED         SIZE
localhost/cnmade/alpine-rsync  latest      68706d6f1bbf  12 seconds ago  16.1 MB

到这里,容器的运行,镜像构建,这些基本操作,你都已经掌握了。

 

分类: 默认 标签: 发布于: 2022-01-30 09:48:49, 更新于: 2022-01-30 09:52:40