Podman, developed by Red Hat in 2018, is a free and open-source container platform that simplifies the process of developing, managing, and deploying containers and pods in a Linux environment. Unlike Docker, Podman does not rely on a daemon, which minimizes potential single points of failure and enhances security by eliminating the need for root access.
Built to comply with the Open Container Initiative (OCI) standards, Podman directly interacts with the Linux kernel, containers, and images, offering a seamless and secure experience. This makes it an excellent drop-in replacement for Docker if your tasks align with OCI-compliance requirements.
This article will guide you through installing Podman and using it to create and manage container images efficiently.
Prerequisites
- A server running Rocky Linux.
- A non-sudo user with root privileges.
- Ensure the server is updated by running the command below:
$ sudo dnf update
Install Podman
Podman is part of the container-tools module available in the AppStream repository of Rocky Linux 8. We will install it using the module method.
Use the following dnf module command to install Podman:
$ sudo dnf module install container-tools
Verify the installation by checking the Podman version:
$ podman --version podman version 3.2.3
Search and Download Container Images
To find the Nginx image, execute:
$ podman search nginx
The output will display the registry and description of available images.
To download the image, use these commands:
$ podman pull docker.io/library/nginx OR $ podman pull nginx
List downloaded images with:
$ podman images REPOSITORY TAG IMAGE ID CREATED SIZE docker.io/library/nginx latest f8f4ffc8092c 3 days ago 138 MB
Run Containers
Launch a container using the Nginx image and name it webserver:
$ podman run -d --name webserver nginx
To create another container with the same image but a different name:
$ podman run -d --name webserver2 nginx
You can launch multiple containers using the same image.
List and Stop Containers
To list running containers:
$ podman ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 19b6668bc627 docker.io/library/nginx:latest nginx -g daemon o... 31 seconds ago Up 31 seconds ago webserver 35a286ba5a55 docker.io/library/nginx:latest nginx -g daemon o... 2 seconds ago Up 3 seconds ago webserver2
Stop a running container:
$ podman stop webserver webserver
Verify if it has stopped:
$ podman ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 35a286ba5a55 docker.io/library/nginx:latest nginx -g daemon o... About a minute ago Up About a minute ago webserver2
To list all containers, including stopped ones:
$ podman ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 19b6668bc627 docker.io/library/nginx:latest nginx -g daemon o... 2 minutes ago Exited (0) 35 seconds ago webserver 35a286ba5a55 docker.io/library/nginx:latest nginx -g daemon o... About a minute ago Up About a minute ago webserver2
Start a Stopped Container
Start a stopped container:
$ podman start webserver webserver
Verify it has started:
$ podman ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 19b6668bc627 docker.io/library/nginx:latest nginx -g daemon o... 3 minutes ago Up 16 seconds ago webserver 35a286ba5a55 docker.io/library/nginx:latest nginx -g daemon o... 2 minutes ago Up 2 minutes ago webserver2
Delete Container
First, stop a container:
$ podman stop webserver2
Then delete it:
$ podman rm webserver2
To remove a running container, use the --force flag:
$ podman rm webserver2 --force 35a286ba5a553d5f88e3d9795780f893cfb58bf4a126c4912d1ec56b9d0e5a27
Kill Container
The distinction between stopping and killing a container is important—stopping shuts down gracefully, while killing forcibly ends it, possibly causing data loss.
Use this command to kill a container:
$ podman kill -s 9 webserver2
The above employs SIGNAL 9 (SIGKILL) for termination. To kill all containers, use --all or -a, and for the latest, use --latest or -l.
Delete Image
Delete images with the rmi command:
$ podman rmi registry.redhat.io/rhel8/rsyslog
Remove multiple images by separating them:
$ podman rmi registry.redhat.io/rhel8/rsyslog registry.redhat.io/ubi8/ubi
To delete all images, use the -a flag:
$ podman rmi -a
View Container Logs
To see container logs:
$ podman logs webserver /docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration /docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/ /docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh 10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf 10-listen-on-ipv6-by-default.sh: info: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf /docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh /docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh /docker-entrypoint.sh: Configuration complete; ready for start up ......
Restrict logs to the last 5 lines with --tail option:
$ podman logs --tail=5 webserver 2021/10/05 10:13:52 [notice] 1#1: built by gcc 8.3.0 (Debian 8.3.0-6) 2021/10/05 10:13:52 [notice] 1#1: OS: Linux 4.18.0-305.19.1.el8_4.x86_64 2021/10/05 10:13:52 [notice] 1#1: getrlimit(RLIMIT_NOFILE): 262144:262144 2021/10/05 10:13:52 [notice] 1#1: start worker processes 2021/10/05 10:13:52 [notice] 1#1: start worker process 23
Add timestamps to logs using -t flag:
$ podman logs -t webserver 2021-10-05T09:25:02.026967459Z /docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration 2021-10-05T09:25:02.026967459Z /docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/ 2021-10-05T09:25:02.033956297Z /docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh 2021-10-05T09:25:02.043751152Z 10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf 2021-10-05T09:25:02.064561317Z 10-listen-on-ipv6-by-default.sh: info: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf .....
Inspecting Containers
To print detailed information about a container:
$ podman inspect webserver
[
{
"Id": "19b6668bc6278a66b3ffc98ae1515af25f5bebcd20bf26de803cae41c4485f59",
"Created": "2021-10-05T09:25:01.784949744Z",
"Path": "/docker-entrypoint.sh",
"Args": [
"nginx",
"-g",
"daemon off;"
],
"State": {
"OciVersion": "1.0.2-dev",
"Status": "running",
"Running": true,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 4423,
....
Filter the output using the --format option to get specific information, such as when the container started:
$ podman inspect webserver --format '{{.State.StartedAt}}'
2021-10-05 10:13:52.794806322 +0000 UTC
Accessing Container Shell
To access a container’s shell prompt, use the exec option:
$ podman exec -it webserver2 /bin/bash
Pods
Podman can create pods, a feature absent in Docker, allowing you to manage multiple containers as a single entity.
Create a pod:
$ podman pod create --name mypod
Add containers to the pod:
$ podman run --pod mypod --name myimage1 image:latest $ podman run --pod mypod --name myimage2 diff-image:latest
Manage containers in a pod with these commands:
$ podman kill mypod # Kill all containers $ podman restart mypod # Restart all containers $ podman stop mypod # Stop all containers $ podman pod ps # List all pods $ podman pod top mypod # Display running processes in a pod $ podman pod inspect mypod # Inspect a Pod $ podman pod rm mypod # Remove the pod
Conclusion
This guide has walked you through installing and using Podman for running and managing containers. Although there is more to explore with Podman, this should give you a strong starting point. If you have questions, feel free to leave comments below.
FAQ
- What is the primary benefit of using Podman over Docker?Podman is daemonless, which eliminates a single point of failure and offers improved security as it doesn’t require root access.
- Can Podman fully replace Docker?Yes, Podman can act as a drop-in replacement for Docker, especially if you require OCI-compliant container support.
- Are there any features exclusive to Podman?Podman supports pods, allowing you to handle multiple containers simultaneously, a feature not available in Docker.
- How does Podman enhance security?Since Podman does not require root access and directly interacts with the kernel, it enhances the overall security model compared to daemon-reliant alternatives.