Due to the increasing complexity of applications in infrastructure, many system admins and developers find it hard to manage the environments which may require a lot of resources and hence expensive. One solution to this challenge was the introduction of a virtualization technique known as containerization. This technology has been highly adopted in the past decade with tools such as Kubernetes, Podman, and Docker playing a significant part.
Containerization is the packaging of a portable computing environment that contains everything an application needs to run, from binaries to dependencies. With this technology, virtualization occurs at the host level. This requires no virtual hardware, operating system, or virtual kernel.
Podman is a containerization tool developed by RedHat to act as a drop-in replacement for Docker. This daemon-less container engine can be used to develop, manage and run OCI(Open Container Initiative) containers. It can also be used to pull container images and configure containers to run automatically on boot just like Docker.
Podman is highly preferred due to the following:
- No daemon required: this allows for a faster startup and fewer resource requirements
- Compatibility with Docker, it is possible to pull images from Docker Hub or Quay.io
- Native systemd integration: you can create systemd unit files and run containers as system services
- Run containers in rootless mode: this makes it easy to run containers securely without any additional privileges
Podman closely works with other tools in container management. These tools include:
- Skopeo: for sharing/finding container images on Docker registries, the Atomic registry, private registries, local directories, and local OCI-layout directories.
- Buildah: is used to facilitate the building of OCI images either from scratch or using an image as a starting point.
In this guide, we will install Podman 4 on Debian 11 / Debian 10 and also use it to pull images and run containers.
Step 1. Install the Required Tools
Podman can be installed from the Podman repositories but the available version is Podman 3. To install Podman 4, we need to build it from a source code.
Before we begin, ensure your system and the available packages are updated to the latest versions.
sudo apt update && sudo apt upgrade -y
You also need to install the required tools to build Podman from the source code:
sudo apt install btrfs-progs git iptables libassuan-dev libbtrfs-dev libc6-dev libdevmapper-dev libglib2.0-dev libgpgme-dev libgpg-error-dev libprotobuf-dev libprotobuf-c-dev libseccomp-dev libselinux1-dev libsystemd-dev pkg-config runc uidmap make curl vim gcc -y
Step 2. Install Golang
To build Podman from the source code, you need Golang 1.16 and higher. This version can be installed by downloading the latest binary from the Golang release page. Alternatively, pull the file with the command:
sudo -i
wget https://storage.googleapis.com/golang/getgo/installer_linux
Make the script executabled
chmod +x ./installer_linux
Now run the installer to download the latest release of Golang:
./installer_linux
Persist the new environment variables to your current session:
source ~/.bash_profile
Verify the installation.
# go version
go version go1.19.1 linux/amd64
Step 3. Install runc and Conmon
The Conmon module is used to monitor OCI Runtimes. It can be installed with the commands:
cd ~
git clone https://github.com/containers/conmon
cd conmon
export GOCACHE="$(mktemp -d)"
make
sudo make podman
cd ..
Once installed, proceed and install runc
which is picked as the default runtime by Podman.
git clone https://github.com/opencontainers/runc.git $GOPATH/src/github.com/opencontainers/runc
cd $GOPATH/src/github.com/opencontainers/runc
make BUILDTAGS="selinux seccomp"
cp runc /usr/bin/runc
cd ~/
Verify your installation:
# runc --version
runc version 1.1.0+dev
commit: v1.1.0-272-g4a51b047
spec: 1.0.2-dev
go: go1.19
libseccomp: 2.5.1
Step 4 – Configure CNI networking plugins
Create a directory to store the CNI networking plugins at /etc/containers
sudo mkdir -p /etc/containers
Download the config file into the directory.
sudo curl -L -o /etc/containers/registries.conf https://src.fedoraproject.org/rpms/containers-common/raw/main/f/registries.conf
sudo curl -L -o /etc/containers/policy.json https://src.fedoraproject.org/rpms/containers-common/raw/main/f/default-policy.json
Install additional packages on Debian 11 / Debian 10
sudo apt install -y libapparmor-dev libsystemd-dev
Step 5 – Install Podman 4 on Debian 11 / Debian 10
Once all the above configurations have been made, download the latest Podman source code. This can be accomplished by visiting the GitHub release page
It is also possible to download the file with the commands:
sudo apt install curl wget -y
TAG=$(curl -s https://api.github.com/repos/containers/podman/releases/latest|grep tag_name|cut -d '"' -f 4)
rm -rf podman*
wget https://github.com/containers/podman/archive/refs/tags/${TAG}.tar.gz
Extract the downloaded file:
tar xvf ${TAG}.tar.gz
Now build and install Podman 4 from the source code using the commands:
cd podman*/
make BUILDTAGS="selinux seccomp"
make install PREFIX=/usr
Once complete, verify the installation:
$ podman version
Client: Podman Engine
Version: 4.2.1
API Version: 4.2.1
Go Version: go1.19.1
Built: Fri Sep 23 13:38:07 2022
OS/Arch: linux/amd64
To be able to configure network namespaces, you need to install the slirp4netns
package. Download the latest release file from the GitHub Release.
Alternatively, use cURL as shown
cd ~/
TAG=$( curl -s https://api.github.com/repos/rootless-containers/slirp4netns/releases/latest|grep tag_name|cut -d '"' -f 4)
curl -o slirp4netns --fail -L https://github.com/rootless-containers/slirp4netns/releases/download/$TAG/slirp4netns-$(uname -m)
Make the file executable:
chmod +x slirp4netns
Copy the binary file to your $PATH:
sudo cp slirp4netns /usr/local/bin
Step 6 – Use Podman 4 on Debian 11 / Debian 10
Now you can use Podman to build and pull images, spin containers and manage them easily.
Manage Container Images
To pull an image, use the command with the syntax:
podman pull <registry/image:tag>
For example, to pull an Nginx image from docker hub, the command will be:
$ podman pull docker.io/library/nginx:latest
Trying to pull docker.io/library/nginx:latest...
Getting image source signatures
Copying blob 7247f6e5c182 done
Copying blob 7247f6e5c182 done
Copying blob 7a6db449b51b done
Copying blob ca1981974b58 done
Copying blob d4019c921e20 done
Copying blob 7cb804d746d4 done
Copying blob e7a561826262 done
Copying config 2b7d6430f7 done
Writing manifest to image destination
Storing signatures
2b7d6430f78d432f89109b29d88d4c36c868cdbf15dc31d2132ceaa02b993763
Once pulled, you can view the images with the command:
$ podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/library/nginx latest 2b7d6430f78d 8 days ago 146 MB
docker.io/library/alpine latest 9c6f07244728 3 weeks ago 5.83 MB
docker.io/library/ubuntu latest df5de72bdb3b 4 weeks ago 80.4 MB
You can delete a container image, say ubuntu:latest from docker hub with the command:
$ podman rmi docker.io/library/ubuntu:latest
Untagged: docker.io/library/ubuntu:latest
Deleted: df5de72bdb3b711aba4eca685b1f42c722cc8a1837ed3fbd548a9282af2d836d
Before you delete an image, you need to ensure the container using it is stopped and deleted.
Build Container Images
It is also possible to build your win container images. The images can be used locally or uploaded to a registry.
To create a container image on Podman, you need to create a Dockerfile.
vim Dockerfile
In the file, you need to add the commands to be executed. For example:
FROM ubuntu:20.04
RUN apt-get up date -y
ENV DEBIAN_FRONTEND=noninteractive
RUN apt-get install -y gnupg apt-transport-https apt-utils wget
RUN echo "deb https://notesalexp.org/tesseract-ocr5/focal/ focal main" \
|tee /etc/apt/sources.list.d/notesalexp.list > /dev/null
RUN wget -O - https://notesalexp.org/debian/alexp_key.asc | apt-key add -
RUN apt-get update -y
RUN apt-get install tesseract-ocr -y
RUN apt install imagemagick -y
ENTRYPOINT ["tesseract"]
RUN tesseract -v
Now build a container image with the command:
podman build . -t tesseract:latest
The build image will have the name tesseract and tagged as latest. Once complete, check if the image is available:
$ podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
localhost/tesseract latest a98239ee7925 About a minute ago 313 MB
docker.io/library/nginx latest 2b7d6430f78d 8 days ago 146 MB
docker.io/library/alpine latest 9c6f07244728 3 weeks ago 5.83 MB
docker.io/library/ubuntu 20.04 3bc6e9f30f51 4 weeks ago 75.2 MB
Manage Containers
Containers can be run from existing images or by downloading images from the preferred registry.
For example, to run a container from the created Tesseract images, issue the command:
$ podman run tesseract:latest -v
tesseract 5.2.0
leptonica-1.79.0
libgif 5.1.4 : libjpeg 8d (libjpeg-turbo 2.0.3) : libpng 1.6.37 : libtiff 4.1.0 : zlib 1.2.11 : libwebp 0.6.1 : libopenjp2 2.3.1
Found OpenMP 201511
Found libarchive 3.4.0 zlib/1.2.11 liblzma/5.2.4 bz2lib/1.0.8 liblz4/1.9.2 libzstd/1.4.4
Found libcurl/7.68.0 OpenSSL/1.1.1f zlib/1.2.11 brotli/1.0.7 libidn2/2.2.0 libpsl/0.21.0 (+libidn2/2.2.0) libssh/0.9.3/openssl/zlib nghttp2/1.40.0 librtmp/2.3
You can also run a container using an image available in the registry.
podman run docker.io/library/hello-world
Sample output:
To check if the container is running, use the command:
podman ps
To list all the containers including the ones not running, issue the command:
$ podman ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
bff200dbe9b8 localhost/tesseract:latest -v 5 minutes ago Exited (0) 5 minutes ago gallant_mahavira
34c490d56716 docker.io/library/nginx:latest nginx -g daemon o... 5 minutes ago Created 0.0.0.0:80->80/tcp mynginx1
26f64c70d1df docker.io/library/nginx:latest nginx -g daemon o... 3 minutes ago Exited (0) About a minute ago mynginx
a51d55a7d880 docker.io/library/hello-world:latest /hello 52 seconds ago Exited (0) 52 seconds ago romantic_jang
To stop a container, run the command:
podman stop container_name/container_ID
To remove a container, first, stop it, then execute the command:
podman rm container_name/container_ID
That marks the end of this guide on how to install Podman 4 on Debian 11 / Debian 10. Now you are set to pull images and run containers as desired. There are many other guides on this page to help you.