noiruh/hurion.eu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8684eb65e6f6d72d0e184e9f213aeb7d062ab5bf
hurion.eu/content/blog/docker-to-podman.md
nhurion d89698593b initial commit
2025-02-19 00:16:57 +01:00

2.9 KiB
Raw Blame History

+++ date = '2025-02-16T12:29:47+01:00' draft = true title = 'From Docker to Podman' +++

Podman is a tool that can run OCI containers and aims at being a drop replacement for Docker but with some differences

  • no daemon
  • rootless by default
  • only run containers, do not build images

However, there a subtle differences that makes it hard to directly replace docker by podman.

Usage

The main difference with docker is that podman does not use a daemon. The consequence of that is that the containers are running with the user that started them.

Use container as a service

There are a couple of things to be able to use podman containers as a service

linger

As the container is started in the session of the user that started it, by default, when the user closes her session, the containers will be stopped. To prevent that, you need to enabled linger

loginctl enable-linger $USER

Reference

restart

The user that is running the containers need to have a restart service for podman: systemctl --user edit podman-restart.service

{{< highlight SYSTEMD "linenos=inline">}} [Service] ExecStart= ExecStart=/usr/bin/podman $LOGGING start --all ExecStop= ExecStop=/bin/sh -c '/usr/bin/podman $LOGGING stop $(/usr/bin/podman container ls -q)' {{</ highlight >}}

The service need to be enabled: systemctl --user enable podman-restart.service

Once this is setup, all the containers will be stopped at shutdown and started at startup

Reference

port

By default, podman cannot create containers that bind to ports < 1024 There is a few of options to solve that. The one I recommend is using a tool like redir that will listen to privileged port and forward to an unprivileged one used by podman.

Install redir:

sudo apt install redir

sudo nvim /etc/systemd/system/redir.service {{< highlight SYSTEMD "linenos=inline">}} [Unit] Description=Redirect tcp port 443 to 8443 with redir

[Service] ExecStart=/bin/redir -sn :443 127.0.0.1:8443

[Install] WantedBy=multi-user.target {{</ highlight >}}

sudo systemctl enable --now redir.service

Reference

Compose

podman compose is only supported starting version 4.7 of podman You will need to install podman-compose aside podman To be compatible with both podman and docker

Although the name docker-compose.yml is supported, I prefer using compose.yml

Socket

Docker uses a daemon that is accessible from a socket. This is used by a bunch of tools to automate tasks related to docker, get info on running containers or automatically configure things based on the labels defined in a container.

Podman being daemon-less,