Server initialization#
cloud#
- cloud server OS Centos 8x
- update server ssh port
# add a row of custom ports (e.g Port 9576)vi /etc/ssh/sshd_config#Port 25073#ClientAliveInterval 60 # 服务器每 60 秒检测一次客户端#ClientAliveCountMax 3 # 允许 3 次检测无响应sudo service sshd restartsudo systemctl restart sshd
# add a row of custom ListenStream (e.g ListenStream=9576)vi /etc/systemd/system/sockets.target.wants/ssh.socketsudo systemctl daemon-reloadsudo systemctl restart ssh.socket- add user and auth
sudo adduser yourusernamesudo passwd yourusername
#usage Ubuntusudo usermod -aG sudo yourusername
# update auth Debain默认没有,Ubuntu自身应该是已经有安装的apt update && apt install sudo #
visudo# add rowyourusername ALL=(ALL) NOPASSWD: ALL
#successfuly !!!ssh yourusername@xxx.xx.xx.xx -p portinstall app container#
- create podman container workspace data dir
mkdir -p /home/olsond/podman_data && cd /home/olsond/podman_data- podman & podman compose
#CentOSsudo dnf install podman podman-compose#Ubuntu(由于ubuntu系统过于追求更新, 在这个操作系统上 这俩个版本会不一致,需要手动去确认版本)sudo apt-get update && sudo apt-get install podman podman-compose#install socketsystemctl --user enable --now podman.socketsystemctl --user start podman.socketsystemctl --user status podman.socketls -l /run/user/$(id -u)/podman/# config registries#root#sudo vim /etc/containers/registries.conf#rootlessvim ~/.config/containers/registries.confchmod 644 ~/.config/containers/registries.conf # 设置权限#add registriesunqualified-search-registries = ["docker.io"][[registry]]prefix = "docker.io"location = "docker.1ms.run"[[registry]]prefix = "docker.io"location = "docker-0.unsee.tech"
# setting storagemkdir -p ~/.config/containersmkdir -p ~/.local/run/containers/storagevim ~/.config/containers/storage.conf# add storage dir[storage]driver = "overlay"#runroot = "/home/$USER/.local/run/containers/storage"graphroot = "/home/$USER/.local/share/containers/storage"#successcfulpodman info- nginx workspece setting
# dir initializemkdir -p /home/olsond/podman_data/postgresqlmkdir -p /home/olsond/podman_data/nginx && cd /home/olsond/podman_data/nginx# config initialize for demo nginxpodman run --name nginx -p 18080:80 -d nginx:latestpodman cp nginx:/etc/nginx/nginx.conf /home/olsond/podman_data/nginx/podman cp nginx:/etc/nginx/conf.d /home/olsond/podman_data/nginx/conf.dpodman cp nginx:/usr/share/nginx/html /home/olsond/podman_data/nginx/html# remove demo nginxpodman stop nginxpodman rm nginx- portainer workspece setting
mkdir -p ~/podman_data/portainer/data- podman compose command
podman-compose -f xxx.yml up -d#shutdownpodman-compose -f xxx.yml down#conditionpodman-compose -f compose.yml up -d [服务名]podman-compose -f compose.yml down [服务名]
podman container -a
podman image prune -a
podman system prune -a- crate user id script
#!/bin/bashcat << EOF > .env# 自动生成用户权限设置CURRENT_UID=$(id -u)CURRENT_GID=$(id -g)
# 应用特定设置EOF- podman-compose.yml demo
version: 3services: # 数据库服务(PostgreSQL) db: image: postgres:13 container_name: postgresql ports: - "5432:5432" environment: POSTGRES_USER: koalauser POSTGRES_PASSWORD: koalapwd@2025 POSTGRES_DB: koala_words LANG: C.UTF-8 volumes: - ./postgresql/data:/var/lib/postgresql/data healthcheck: test: ["CMD-SHELL", "pg_isready -U myuser -d mydb"] interval: 5s timeout: 5s retries: 5 networks: - network_name # Nginx服务 #nginx: # image: nginx:latest # container_name: nginx # ports: # - "8080:80" # HTTP端口 # - "8443:443" # HTTPS端口 # volumes: # # 挂载自定义配置 # - ./nginx/nginx.conf:/etc/nginx/nginx.conf # - ./nginx/ssl:/etc/nginx/ssl # - ./nginx/conf.d:/etc/nginx/conf.d # - ./nginx/html:/usr/share/nginx/html # - ./nginx/log:/var/log/nginx # restart: always # 自动重启 # networks: # - koala_test portainer_ce: image: portainer/portainer-ce:latest container_name: portainer ports: # 注意官方教程中使用9443端口是用于https的,没有证书的无法启用 - "9001:9000" #http ui port - "8000:8000" volumes: # 挂载自定义配置 - ./podman_data/portainer/data:/data - /run/user/${CURRENT_UID}/podman/podman.sock:/var/run/docker.sock restart: always # 自动重启 privileged: true networks: - koala_testnetworks: koala_test: driver: bridge name: network_nameIssue#
- 运行容器提示 “write /run/user/1000/libpod/tmp/events/events.log: no space left on device”
磁盘日志满载 , 删除该日志文件 使用
df- u或者du -h --max-depth=1查看用户空间
- setting up Pasta: could not find pasta, the network namespace can’t be configured: exec: “pasta”: executable file not found in $PATH
Podman 最新版本的默认无根网络工具 passta, 找不到安装包路径, 则需要安装一下
sudo dnf instlal passt
- poman.socket 套接字文件是目录的问题, 导致容器管理工具连接不上
# 停止所有相关服务systemctl --user stop podman.socket podman.service
# 确认当前用户IDecho "用户ID: $(id -u)"
# 删除异常目录 (替换1000为您的实际用户ID)rm -rf /run/user/$(id -u)/podman/podman.sock
# 启用用户级socket服务systemctl --user enable podman.socket
# 启动服务systemctl --user start podman.socket
# 检查状态systemctl --user status podman.socket
ls -l /run/user/$(id -u)/podman/
# 输出 s开头则是文件srw-rw----. 1 user user 0 Jul 28 10:00 podman.sock
# 可以选择 重新安装portainer进行连接podman run -d \ --name portainer \ -p 9001:9000 \ -p 8000:8000 \ -v /run/user/$(id -u)/podman/podman.sock:/var/run/docker.sock \ -v ./podman_data/portainer/data:/data \ --net network_name \ portainer/portainer-ce:latest