Podman (short name for Pod Manager Tool) is a daemonless container engine created to help you develop, manage, and run Open Container Initiative (OCI) containers on most Linux systems. Podman is an ultimate drop-in alternative for Docker. Podman is the default container runtime in openSUSE Kubic and Fedora CoreOS (certified Kubernetes distributions).
You can use Podman to create OCI-compliant container images using a Dockerfile and a range of commands identical to Docker Open Source Engine. An example is podman build command which performs the same task as docker build command. In other words, Podman provides a drop-in replacement for Docker Open Source Engine.
Some of the key advantages of Podman are:
- It run containers in rootless mode – Ability to run rootless containers which are more secure, as they run without any added privileges
- Native systemd integration – With Podman you can create systemd unit files and run containers as system services
- No daemon required – Podman have much lower resource requirements at idle since Podman is daemonless.
Install Podman 4.x on CentOS 7 / RHEL 7
If you perform an installation of Podman on CentOS 7 / RHEL 7 from OS default repositories, an older version of the software is installed. Below is an output from a CentOS 7 Virtual Machine.
$ podman version
Version: 1.6.4
RemoteAPI Version: 1
Go Version: go1.12.12
OS/Arch: linux/amd64
In this article we are covering the installation of Podman 4.x on CentOS 7 / RHEL 7. The route to getting Podman 4.x on CentOS 7 / RHEL 7 system is by building the application from source code.
Before we can proceed, uninstall any older version of Podman in the system.
sudo yum -y remove podmanStep 1 – Install Podman 4.x build tools
Since we’re building the software from source, all the tools required must be installed. Ensure EPEL repository has been installed and is enabled in your system.
sudo yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpmUpdate all packages on the system and perform a reboot.
sudo yum -y update
sudo rebootInstall Development tools on your CentOS 7 / RHEL 7:
sudo yum -y install "@Development Tools"
Install other dependencies by running the commands below:
sudo yum install -y curl \
gcc \
make \
device-mapper-devel \
git \
btrfs-progs-devel \
conmon \
containernetworking-plugins \
containers-common \
git \
glib2-devel \
glibc-devel \
glibc-static \
golang-github-cpuguy83-md2man \
gpgme-devel \
iptables \
libassuan-devel \
libgpg-error-devel \
libseccomp-devel \
libselinux-devel \
pkgconfig \
systemd-devel \
autoconf \
python3 \
python3-devel \
python3-pip \
yajl-devel \
libcap-develWait for the installation of these dependencies to complete then proceed to step 2.
Step 2 – Install Golang on CentOS 7 / RHEL 7
Use the link shared to install Go on CentOS 7 / RHEL 7:
Checking version of Go after a successful installation:
$ go version
go version go1.19 linux/amd64Step 3 – Install runc and conmon
Conmon is used to monitor OCI Runtimes and the package is expected installed on the system. The installation can be done using commands shared below.
cd ~
git clone https://github.com/containers/conmon
cd conmon
export GOCACHE="$(mktemp -d)"
make
sudo make podman
cd ..
Check the version after the installation.
$ conmon --version
conmon version 2.0.8
commit: f85c8b1ce77b73bcd48b2d802396321217008762Perform the same build for runc package.
git clone https://github.com/opencontainers/runc.git $GOPATH/src/github.com/opencontainers/runc
cd $GOPATH/src/github.com/opencontainers/runc
make BUILDTAGS="selinux seccomp"
sudo cp runc /usr/bin/runc
cd ~/Use –version command option to check the version.
$ runc --version
runc version 1.1.0+dev
commit: v1.1.0-276-gbc13e33
spec: 1.0.2-dev
go: go1.19
libseccomp: 2.3.1
Step 4 – Setup CNI networking for Podman
Create /etc/containers directory used to store CNI network configuration files.
sudo mkdir -p /etc/containersDownload configuration samples and place created directory:
sudo curl -L -o /etc/containers/registries.conf https://src.fedoraproject.org/rpms/containers-common/raw/main/f/registries.conf
sudo curl -L -o /etc/containers/policy.json https://src.fedoraproject.org/rpms/containers-common/raw/main/f/default-policy.jsonStep 5 – Install Podman 4.x on CentOS 7 / RHEL 7
Install wget command line utility package.
sudo yum -y install wgetDownload latest release of Podman source code from Github repository.
TAG=4.1.1
rm -rf podman*
wget https://github.com/containers/podman/archive/refs/tags/v${TAG}.tar.gzExtract downloaded file using tar command:
tar xvf v${TAG}.tar.gzNavigate to podman directory and begin the build process.
cd podman*/
make BUILDTAGS="selinux seccomp"
sudo make install PREFIX=/usrIf you encounter an error below during build:
gcc errors for preamble:
In file included from vendor/github.com/proglottis/gpgme/data.go:6:0:
./go_gpgme.h:15:1: error: unknown type name 'gpgme_off_t'
extern gpgme_off_t gogpgme_data_seek(gpgme_data_t dh, gpgme_off_t offset, int whence);
^
./go_gpgme.h:15:55: error: unknown type name 'gpgme_off_t'
extern gpgme_off_t gogpgme_data_seek(gpgme_data_t dh, gpgme_off_t offset, int whence);
^
make: *** [bin/podman] Error 2The issue is captured in Podman 4 bug issues page. Recommended quick fix is to update pgpme package.
sudo yum remove gpgme-devel -y
sudo yum -y install https://cbs.centos.org/kojifiles/packages/gpgme/1.7.1/0.el7.centos.1/x86_64/gpgme-1.7.1-0.el7.centos.1.x86_64.rpm
sudo yum -y install https://cbs.centos.org/kojifiles/packages/gpgme/1.7.1/0.el7.centos.1/x86_64/gpgme-devel-1.7.1-0.el7.centos.1.x86_64.rpmAfter update retry your build.
make BUILDTAGS="selinux seccomp"
sudo make install PREFIX=/usrList of available build tags, feature and dependency:
| Build Tag | Feature | Dependency |
|---|---|---|
| apparmor | apparmor support | libapparmor |
| exclude_graphdriver_btrfs | exclude btrfs | libbtrfs |
| exclude_graphdriver_devicemapper | exclude device-mapper | libdm |
| libdm_no_deferred_remove | exclude deferred removal in libdm | libdm |
| seccomp | syscall filtering | libseccomp |
| selinux | selinux process and mount labeling | |
| systemd | journald logging | libsystemd |
Add comment to override_kernel_checkconfiguration line.
sudo sed -ie 's/override_kernel_check/#override_kernel_check/g' /etc/containers/storage.confYou can check the version of Podman 3 installed on CentOS 7 / RHEL 7 after the build.
$ podman version
Client: Podman Engine
Version: 4.1.1
API Version: 4.1.1
Go Version: go1.19
Built: Mon Jul 11 11:30:09 2022
OS/Arch: linux/amd64Let’s test image download using podman pull command:
$ podman pull docker.io/library/alpine:latest
Trying to pull docker.io/library/alpine:latest...
Getting image source signatures
Copying blob 2408cc74d12b done
Copying config e66264b987 done
Writing manifest to image destination
Storing signatures
e66264b98777e12192600bf9b4d663655c98a090072e1bab49e233d7531d1294You can also run Docker Hello World container to confirm this works:
$ podman run docker.io/library/hello-world
Trying to pull docker.io/library/hello-world:latest...
Getting image source signatures
Copying blob 2db29710123e done
Copying config feb5d9fea6 done
Writing manifest to image destination
Storing signatures
Hello from Docker!
This message shows that your installation appears to be working correctly.
To generate this message, Docker took the following steps:
1. The Docker client contacted the Docker daemon.
2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
(amd64)
3. The Docker daemon created a new container from that image which runs the
executable that produces the output you are currently reading.
4. The Docker daemon streamed that output to the Docker client, which sent it
to your terminal.
To try something more ambitious, you can run an Ubuntu container with:
$ docker run -it ubuntu bash
Share images, automate workflows, and more with a free Docker ID:
https://hub.docker.com/
For more examples and ideas, visit:
https://docs.docker.com/get-started/This is a reference guide on using Podman:
More articles on containerization:
