For close to a decade now, the Linux containers adoption as a key open source application packaging and delivery technology is immense. The container technology combines a lightweight application isolation with the flexibility of image-based deployment methods. Podman was created around the Docker container engine technology. Linux containers are implemented on RHEL based systems using core technologies such as:
- Control groups (cgroups) for resource management
- SELinux for security
- Namespaces for process isolation
- Secure multi-tenancy
The use of these technologies aims at reducing the risks for potential security exploits. Podman is a tool created as a Docker alternative to running Linux containers. The main advantages of Podman are as listed:
- Running containers in rootless mode – You can run rootless containers which are more secure, as they run without any added privileges
- Native systemd integration – With Podman you can create systemd unit files and run containers as system services
- No daemon required – Podman have much lower resource requirements at idle since Podman is daemonless.
Install Podman 3.x on CentOS 7 / RHEL 7
When Podman installation on CentOS/RHEL 7 system is performed from upstream OS repositories, an older version is installed.
$ podman version
Version: 1.6.4
RemoteAPI Version: 1
Go Version: go1.12.12
OS/Arch: linux/amd64In this article we install the latest Podman 3.x on CentOS 7 / RHEL 7. We’re building the application from source code to get the latest release of software.
Uninstall any older version of Podman in the system.
sudo yum -y remove podmanStep 1 – Install dependencies for building Podman
When performing an installation of Podman 3.x on CentOS 7 / RHEL 7, we’ve to build the application from source. Some dependencies are required for this operation.
Enable EPEL repository:
sudo yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpmUpgrade and reboot your system
sudo yum -y update
sudo reboot
Install standard build tools on your CentOS 7 / RHEL 7:
sudo yum -y install "@Development Tools"Install all required deps by running the command below:
sudo yum install -y curl \
gcc \
make \
device-mapper-devel \
git \
btrfs-progs-devel \
conmon \
containernetworking-plugins \
containers-common \
git \
glib2-devel \
glibc-devel \
glibc-static \
golang-github-cpuguy83-md2man \
gpgme-devel \
iptables \
libassuan-devel \
libgpg-error-devel \
libseccomp-devel \
libselinux-devel \
pkgconfig \
systemd-devel \
autoconf \
python3 \
python3-devel \
python3-pip \
yajl-devel \
libcap-devel
Wait for the installation of these dependencies to complete then proceed to step 2.
Step 2 – Install Golang on CentOS 7 / RHEL 7
You can refer to our guide below on the installation of Go on CentOS 7 / RHEL 7:
Checking version of Go after a successful installation:
$ go version
go version go1.18.3 linux/amd64Step 3 – Install conmon and runc
Conmon is used to monitor OCI Runtimes and the package is expected installed on the system. This can be done by executing the following commands in the terminal
cd ~
git clone https://github.com/containers/conmon
cd conmon
export GOCACHE="$(mktemp -d)"
make
sudo make podman
cd ..
If installation was successful the command below should return software version:
$ conmon --version
conmon version 2.0.8
commit: f85c8b1ce77b73bcd48b2d802396321217008762We also need the latest version of runc installed on the system.
git clone https://github.com/opencontainers/runc.git $GOPATH/src/github.com/opencontainers/runc
cd $GOPATH/src/github.com/opencontainers/runc
make BUILDTAGS="selinux seccomp"
sudo cp runc /usr/bin/runc
cd ~/Checking version of runc installed:
$ runc --version
runc version 1.1.0+dev
commit: v1.1.0-233-g2c692a9
spec: 1.0.2-dev
go: go1.18.3
libseccomp: 2.3.1
Step 4 – Setup CNI networking for Podman
A basic setup for CNI networking is required to use Podman. Begin with the creation of required directories:
sudo mkdir -p /etc/containersDownload configuration samples and place in relevant directories.
sudo curl -L -o /etc/containers/registries.conf https://src.fedoraproject.org/rpms/containers-common/raw/main/f/registries.conf
sudo curl -L -o /etc/containers/policy.json https://src.fedoraproject.org/rpms/containers-common/raw/main/f/default-policy.jsonStep 5 – Build Podman 3.x on CentOS 7 / RHEL 7
Update the pgpme package.
sudo yum remove gpgme-devel
sudo yum -y install https://cbs.centos.org/kojifiles/packages/gpgme/1.7.1/0.el7.centos.1/x86_64/gpgme-1.7.1-0.el7.centos.1.x86_64.rpm
sudo yum -y install https://cbs.centos.org/kojifiles/packages/gpgme/1.7.1/0.el7.centos.1/x86_64/gpgme-devel-1.7.1-0.el7.centos.1.x86_64.rpmClone the podman project source code from Github.
TAG="v3.4.7"
rm -rf podman*
sudo yum -y install wget
wget https://github.com/containers/podman/archive/refs/tags/${TAG}.tar.gzExtract downloaded file
tar xvf ${TAG}.tar.gzChange to podman directory and begin the build process.
cd podman*/
make BUILDTAGS="selinux seccomp"
sudo make install PREFIX=/usrList of available build tags, feature and dependency:
| Build Tag | Feature | Dependency |
|---|---|---|
| apparmor | apparmor support | libapparmor |
| exclude_graphdriver_btrfs | exclude btrfs | libbtrfs |
| exclude_graphdriver_devicemapper | exclude device-mapper | libdm |
| libdm_no_deferred_remove | exclude deferred removal in libdm | libdm |
| seccomp | syscall filtering | libseccomp |
| selinux | selinux process and mount labeling | |
| systemd | journald logging | libsystemd |
You can check the version of Podman 3 installed on CentOS 7 / RHEL 7 after the build.
$ podman version
Version: 3.4.4
API Version: 3.4.4
Go Version: go1.17.6
Built: Tue Feb 1 19:26:56 2022
OS/Arch: linux/amd64The next article to read is on the usage of Podman:
More articles on containerization:
