Running Containers on Podman

How to Run Containers ?

  • Container images are configured with an entry point, which is the default command to be executed
  • If the container starts a service, the entry point is executed and the container will continue to run in the foreground
  • If the entry point is just a command, it is executed, after which the container stops. This causes frequent confusion for people who have started with virtualization. Imagine we got an Ubuntu container. The Ubuntu container is configured with a shell as entry point. When the container starts the shell, then it's done. It stops. And that is in contrast to working with virtual machines.
  • In virtual machines, you start your virtual machine, introduce a shell, and then it waits until we tell it what to do. That is why it is pretty important to make a difference between a system container and an application container.
  • A system container is used as a foundation container, and it starts an entry point, and then it quits. System containers are not a replacement for virtual machines. System containers are just meant to be the foundation for doing whatever else you want to do, like creating your own images
  • An application container starts a service as an entry point, and after that, it just quits, and as the service runs as a Daemon, it will continue running forever.

Running Container with podman

  • Before running a container with podman, it is important to decide whether, we need to run it as a rootless container or with root privileges. Container is just a process on the Linux system. so for better security, it is always recommended to run rootless container.
  • Running non root container comes with its own challenges like, access to privileged ports and files
  • podman search can be used to identify a specific container image
  • podman pull can be used to download the image to the local
  • podman images can be used to list the already available images
  • podman run can be used to run a container
  • Login credentials are used  for accessing container images from some of the available registries


Install container environment

The container environment is created by using the yum module container-tools, and it is not installed by default. This module will install podman, runtime, and other tools like skopeo. Skopeo is a utility used for analyzing images before we pull the image.

yum module install container-tools

aardvark-dns-2:1.1.0-5.module+el8.7.0+17498+a7f63b89.x86_64 crun-1.5-1.module+el8.7.0+17498+a7f63b89.x86_64
netavark-2:1.1.0-7.module+el8.7.0+17498+a7f63b89.x86_64 python3-podman-4.2.1-1.module+el8.7.0+17498+a7f63b89.noarch
python3-pytoml-0.1.14-5.git7dea353.el8.noarch skopeo-2:1.9.3-1.module+el8.7.0+17498+a7f63b89.x86_64
toolbox- udica-0.2.6-4.module+el8.7.0+17498+a7f63b89.noarch


Identify podman image

We will have to identify the image which we need for our container. we can use podman search command for the same

Below code snippet shows the use of podman search command for finding the universal base image (ubi)

 ~]# podman search ubi
NAME DESCRIPTION Platform for building and running Go 1.11.5... rhcc_registry.access.redhat.com_ubi9/go-tool... OpenJDK 1.8 runtime-only image on Red Hat Un... OpenJDK 11 runtime-only image on Red Hat Uni... OpenJDK 17 runtime-only image on Red Hat Uni... The Universal Base Image is designed and eng... Provides the latest release of Red Hat Unive... The Universal Base Image Init is designed to...
<trimmed> rhcc_registry.access.redhat.com_ubi9-micro rhcc_registry.access.redhat.com_jboss-webser... rhcc_registry.access.redhat.com_jboss-webser... The Universal Base Image is designed and eng... Provides the latest release of the Red Hat U... The Universal Base Image is designed and eng... rhcc_registry.access.redhat.com_ubi9/ubi Red Hat Universal Base Image 8 Red Hat Universal Base Image 8 Minimal Red Hat Universal Base Image 8 Init
  • podman search will return a list of images related to the query which we have given. From the available images, we can select the required image
  • For this exercise, i will be choosing ubi8/ubi from redhat registry
  • From the above code snippet, it can be seen that images from docker repo is also listing. This is because the podman search command will search the image in all available repos

Pull the image for container

  • This is an optional step, but for end to end understanding we will do this for the first time
  • we can use podman pull command to download the image from the registry
 ~]# podman pull
Trying to pull
Getting image source signatures
Checking if image destination supports signatures
Copying blob 649e5534d134 done
Copying config 6a2ef33ab9 done
Writing manifest to image destination
Storing signatures
  • It can be seen from the above code snippet that, when we execute pull command, blob is getting copied
  • These blobs are the different layers that the image is composed of.
  • In a container image, there are typically multiple layers and each layers are managed independently
  • podman images command will show the pulled/available images
]# podman images
REPOSITORY                         TAG      IMAGE ID          CREATED             SIZE    latest    6a2ef33ab97f    2 weeks ago     214 MB

Running Containers on Podman

  • podman run command can be used to create a container with the image which we have pulled from the above step
podman run
  • podman ps will list the container which we have created
]# podman ps
  • But the above command is not listing any container. This is because podman ps command will only list the running containers
  • For listing all available containers, we will have to use podman ps -a
[root@localhost ~]# podman ps -a
CONTAINER ID    IMAGE                                           COMMAND   CREATED            STATUS                             PORTS   NAMES
b8e0c1f9c160   /bin/bash       3 minutes ago    Exited (0) 3 minutes ago              gallant_mahavira
  • The above code snippet, we can see the details of the container which we had created. The name gallant_mahavira is a random name which gets assigned by podman. User can customize the container name while executing podman run command

Running a System Containers on Podman

  • We will run a nginx container in detached mode
  • We will skip the image pull step, as it is an optional step
[root@localhost ~]# podman run -d nginx
Resolved "nginx" as an alias (/var/cache/containers/short-name-aliases.conf)
Trying to pull
Getting image source signatures
Copying blob c8b9881f2c6a done
Copying blob d2c0556a17c5 done
Copying blob 8740c948ffd4 done
Copying blob b2fe3577faa4 done
Copying blob 693c3ffa8f43 done
Copying blob 8316c5e80e6d done
Copying config a99a39d070 done
Writing manifest to image destination
Storing signatures
  • In the above code snippet, it can be see that image layer are getting copied, even though we had skipped the image pull
  • Once we list the container using podman ps, it can be seen that nginx image is still running
 ~]# podman ps
CONTAINER ID    IMAGE                                       COMMAND                     CREATED         STATUS                    PORTS  NAMES
6f2f88ec814b         nginx -g daemon o...   4 minutes ago    Up 4 minutes ago              romantic_jang

Running Container in an interactive Terminal

  • Below command can be used to run a container in an interactive terminal
 ~]# podman run -it /bin/bash
[root@f36fbc4c4d1e /]#
  • The above code snippet, we got a root shell in the container f36fbc4c4d1e 

Read More

Podman: Understanding Container Images and Containers Registries

Container Tutorial for Beginners in Lay man's term: Architecture, Advantages

Getting Started with Podman


Search on LinuxDataHub

Leave a Comment