When talking about the Future of Technology, many seasoned techs know that virtualization and containerization are very much that path. They allow for greater application and service security, and they’re easily managed through other services that allow for snapshotting, templates, and greater customization than you get with the one-server-per-application model. However, it’s not always completely clear how you should get started with virtualization and containerization. We’ve covered virtualization on Linux, Windows, and macOS many times before, but containerization tends to be a bit of a different beast. We’re providing you in this article with a beginner’s guide to Podman on Linux, a great tool for containerization.
What Are Containers?
Containers are essentially little virtual machines – but just for applications. They use a lot of the same concepts and carry much of the same security and ease-of-use features, but they’re much smaller and allow for easy imaging and distribution of an application. This is a lot of what Flatpaks and Snaps are based on. You can start to see the parallels: one program, multiple applications that run in isolated environments.
What Is Podman?
Many of us have heard of Docker, the OG of container engines. Podman is a similar container engine that uses very similar structure to Docker with a couple of key differences.
One is that Podman is daemonless, whereas Docker relies on a daemon. This means Podman containers can work without root-level permissions, allowing for more security and flexibility. A container running at a user level means users can only see their containers and nobody else’s. Podman is lighter on system resources due to the simpler architecture, which makes for a more enjoyable experience.
The daemonless architecture leads to something called rootless containers. It’s a concept that builds on the previous difference but focuses on security. If an attacker compromises your container and manages to escape for whatever reason, they only have basic user permissions rather than root permissions. This requires some additional setup to get going, and there are some shortcomings at the moment, but it’s something that’s worth a look.
Installing Podman
For most distros, Podman is in the main repositories, making it a simple installation command:
# Debian/Ubuntu sudo apt install podman # Fedora/CentOS/Redhat sudo dnf install podman # Arch Linux sudo pacman -S podman # OpenSUSE sudo zypper install podman # Gentoo sudo emerge app-emulation/podman
Using Podman
The command syntax to start a Podman container can be a little confusing, but once you start to get the hang of it, you’ll start to recognize the patterns. There’s a sample container from the project that you can run by entering this command into the terminal:
podman run -dt -p 8080:8080/tcp -e HTTPD_VAR_RUN=/run/httpd -e HTTPD_MAIN_CONF_D_PATH=/etc/httpd/conf.d \ -e HTTPD_MAIN_CONF_PATH=/etc/httpd/conf \ -e HTTPD_CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/httpd/ \ registry.fedoraproject.org/f29/httpd /usr/bin/run-httpd
That will pull some images from the registry that’s listed, and once it’s done, you’ll get a long number. You’ll end up seeing that later when you check on running containers.
To check running Podman containers, enter the following command:
podman ps
You’ll see the container that you started earlier. This confirms that it’s running. However, if you want to specifically look at the webpage that Apache is running, you’ll run the following command:
curl http://0.0.0.0:8080
Replacing 0.0.0.0
with whatever IP address is shown when you ran the podman ps
command. You should get a bunch of garbled HTML, but if you look right at the top, you’ll notice the syntax for a title in HTML and will know it’s working.
<title>Test Page for the Apache HTTP Server on Fedora</title>
Podman Images
Something that’s nice about Podman is using images. You can search for other images like the httpd
or other programs that you’re interested in running.
podman search CONTAINERNAME
I searched for vncserver
, and this is what I got. You can see that there are many options, and it’ll just come down to your personal preference.
To grab one of those images, run the podman pull
command.
podman pull CONTAINERNAME
It’s recommended that you pull the full url for the container registry to be completely accurate. As an example, the command I’m running is:
podman pull docker.io/michaelaboeckler/vncserver
rather than just running podman pull vncserver
because there may be images I don’t want that’ll be chosen instead of this one that I do want.
You can also check on your images with this command:
podman images
And stop containers with this command:
podman stop -l
The -l
flag means it’ll stop the latest run container, but you can also use the -a
flag to stop all containers.
You may have noticed that Podman can also look at docker.io for container images. That’s because the Podman commands and the Docker commands are essentially the same – so much so that it’s sometimes recommended to alias the docker
command to podman
like this:
alias docker='podman'
This means any time you enter docker
, your machine will run the podman
command anyway.
Rootless Podman
To set your system up for rootless containers, there’s quite some setup to go through, but there’s great documentation on their Github page.
I hope you enjoyed this primer on Podman, a great little tool that will allow you to run daemonless, rootless containers to keep your system lean, tidy, and secure. If you did, make sure to check out some of our other container content, like our guides on running Ubuntu in a container in ChromeOS, copying Docker containers to another host, and limiting Docker Container resources.
Our latest tutorials delivered straight to your inbox