noiruh/hurion.eu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

initial commit

Browse Source
This commit is contained in:
nhurion
2025-02-19 00:16:57 +01:00
parent 1d9cd91fcd
commit d89698593b
1293 changed files with 55933 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

90
content/blog/docker-to-podman.md Normal file
View File

@@ -0,0 +1,90 @@
+++
date = '2025-02-16T12:29:47+01:00'
draft = true
title = 'From Docker to Podman'
+++
[Podman](https://podman.io/) is a tool that can run OCI containers and aims at being a drop replacement for [Docker](https://www.docker.com/) but with some differences
- no daemon
- rootless by default
- only run containers, do not build images
However, there a subtle differences that makes it hard to directly replace docker by podman.
# Usage
The main difference with docker is that podman does not use a daemon. The consequence of that is that the containers are running with the user that started them.
## Use container as a service
There are a couple of things to be able to use podman containers as a service
### linger
As the container is started in the session of the user that started it, by default, when the user closes her session, the containers will be stopped.
To prevent that, you need to enabled linger
`loginctl enable-linger $USER`
[Reference](https://github.com/containers/podman/blob/b03466c/troubleshooting.md#17-rootless-containers-exit-once-the-user-session-exits)
### restart
The user that is running the containers need to have a restart service for podman:
`systemctl --user edit podman-restart.service`
{{< highlight SYSTEMD "linenos=inline">}}
[Service]
ExecStart=
ExecStart=/usr/bin/podman $LOGGING start --all
ExecStop=
ExecStop=/bin/sh -c '/usr/bin/podman $LOGGING stop $(/usr/bin/podman container ls -q)'
{{</ highlight >}}
The service need to be enabled: `systemctl --user enable podman-restart.service`
Once this is setup, all the containers will be stopped at shutdown and started at startup
[Reference](https://nts.strzibny.name/systemd-user-services/)
### port
By default, podman cannot create containers that bind to ports < 1024
There is a few of options to solve that.
The one I recommend is using a tool like [redir](https://github.com/troglobit/redir) that will listen to privileged port and forward to an unprivileged one used by podman.
Install redir:
`sudo apt install redir`
`sudo nvim /etc/systemd/system/redir.service`
{{< highlight SYSTEMD "linenos=inline">}}
[Unit]
Description=Redirect tcp port 443 to 8443 with redir
[Service]
ExecStart=/bin/redir -sn :443 127.0.0.1:8443
[Install]
WantedBy=multi-user.target
{{</ highlight >}}
`sudo systemctl enable --now redir.service`
[Reference](https://linuxconfig.org/how-to-bind-a-rootless-container-to-a-privileged-port-on-linux)
## Compose
`podman compose` is only supported starting version 4.7 of podman
You will need to install `podman-compose` aside podman
To be compatible with both podman and docker
Although the name `docker-compose.yml` is supported, I prefer using `compose.yml`
## Socket
Docker uses a daemon that is accessible from a socket.
This is used by a bunch of tools to automate tasks related to docker, get info on running containers or automatically configure things based on the labels defined in a container.
Podman being daemon-less,