当前位置:   article > 正文

Podman 安装及基本配置_podman安装

podman安装

Podman

Podman是什么?

Podman 是一个无守护、开源的 Linux 本地工具,旨在使用 open Containers Initiative (OCI) 让容器和镜像更加方便地查找、运行、构建、共享和部署应用程序。Podman 提供了一个命令行接口(CLI),任何使用过 Docker 容器引擎的人都能很快上手 podman。大多数用户可以简单地将 Podman 别名为 Docker (alias Docker = Podman),没有任何问题。与其他常见的容器引擎 (Docker、CRI-O、containerd) 类似,Podman 依赖于符合 OCI 的容器运行时(runc、cron、runv等) 来与操作系统交互并创建运行的容器。这使得由 Podman 创建的正在运行的容器与由任何其他通用容器引擎创建的容器几乎没有区别。

podman 和 docker 的区别

在这里插入图片描述

Podman 的使用体验和 Docker 类似,不同的是 Podman 没有 daemon,以前使用 Docker CLI 的时候,Docker CLI 会通过 gRPC API 去跟 Docker Engine 说「我要启动一个容器」,然后 Docker Engine 才会通过 OCI Container runtime(默认是 runc)来启动一个容器。
在这里插入图片描述

这就意味着容器的进程不可能是 Docker CLI 的子进程,而是 Docker Engine 的子进程。
Podman 比较简单粗暴,它不使用 Daemon,而是直接通过 OCI runtime(默认也是 runc)来启动容器,所以容器的进程是 podman 的子进程。这比较像 Linux 的 fork/exec 模型,而 Docker 采用的是 C/S(客户端/服务器)模型。与 C/S 模型相比,fork/exec 模型有很多优势,比如:

  • 系统管理员可以知道某个容器进程到底是谁启动的。
  • 如果利用 cgroup 对 podman 做一些限制,那么所有创建的容器都会被限制。
  • 如果将 podman 命令放入 systemd 单元文件中,容器进程可以通过 podman 返回通知,表明服务已准备好接收任务。
  • 可以将连接的 socket 从 systemd 传递到 podman,并传递到容器进程以便使用它们。

podman的特性

1、podman 无守护进程

docker 服务器

[root@docker ~]# ps -aux | grep docker
root        2449  6.2  4.7 1441992 87632 ?       Ssl  10:16   0:01 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
root        3502  0.0  0.0  12320  1048 pts/0    R+   10:16   0:00 grep --color=auto docker

  • 1
  • 2
  • 3
  • 4

docker 启动了一个名为 dockerd 的守护进程。

podman 服务器

[root@podman ~]# ps -aux | grep podman
root       7279  0.0  0.0 112720   984 pts/0    S+   15:00   0:00 grep --color=auto podman
  • 1
  • 2

可以看到,完全没有podman的进程相关的信息。

2、podman 用户权限和 docker 不一样

创建普通用户

[root@podman ~]# useradd demo
[root@podman ~]# passwd demo
[root@podman ~]# passwd demo
更改用户 demo 的密码 。
新的 密码:
重新输入新的 密码:
passwd:所有的身份验证令牌已经成功更新。

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8

docker 服务器

[root@docker ~]# su - demo
[demo@docker root]$ docker version
Client: Docker Engine - Community
 Version:           20.10.11
 API version:       1.41
 Go version:        go1.16.9
 Git commit:        dea9396
 Built:             Thu Nov 18 00:36:58 2021
 OS/Arch:           linux/amd64
 Context:           default
 Experimental:      true
Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get "http://%2Fvar%2Frun%2Fdocker.sock/v1.24/version": dial unix /var/run/docker.sock: connect: permission denied(连接:权限被拒绝 )

// 需要提前将 demo 用户加入 /etc/sudoers
可以发现如果不加 sudo 是没有权限操作 docker 的。
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15

podman 服务器

# 切换到demo用户
# su - demo  // 需要使用 - ,不然会出现权限问题
# podman version

[root@podman ~]# su - demo
上一次登录:二 12月 14 15:25:04 CST 2021pts/0 上
[demo@podman ~]$ podman version
Version:      3.3.1
API Version:  3.3.1
Go Version:   go1.16.7
Built:        Wed Nov 10 05:23:56 2021
OS/Arch:      linux/amd64

// 不需要加 sudo 都可以对 podman 进行操作。
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14

podman安装

Centos

[root@podman ~]# yum -y install podman
...安装过程略...
[root@podman ~]# rpm -qa | grep podman
podman-catatonit-3.3.1-9.module_el8.5.0+988+b1f0b741.x86_64
podman-3.3.1-9.module_el8.5.0+988+b1f0b741.x86_64

[root@podman ~]# podman version  //查看podman版本
Version:      3.3.1
API Version:  3.3.1
Go Version:   go1.16.7
Built:        Wed Nov 10 05:23:56 2021
OS/Arch:      linux/amd64

[root@podman ~]# podman images   //使用podman命令测试
REPOSITORY  TAG         IMAGE ID    CREATED     SIZE
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15

使用 podman

查看帮助: podman --help

[root@podman ~]# podman --help
Manage pods, containers and images

Usage:
  podman [options] [command]

Available Commands:
  attach      Attach to a running container
  auto-update Auto update containers according to their auto-update policy
  build       Build an image using instructions from Containerfiles
  commit      Create new image based on the changed container
  container   Manage containers
  cp          Copy files/folders between a container and the local filesystem
  create      Create but do not start a container
  diff        Display the changes to the object's file system
  events      Show podman events
  exec        Run a process in a running container
  export      Export container's filesystem contents as a tar archive
  generate    Generate structured data based on containers, pods or volumes.
  healthcheck Manage health checks on containers
  help        Help about any command
  history     Show history of a specified image
  image       Manage images
  images      List images in local storage
  import      Import a tarball to create a filesystem image
  info        Display podman system information
  init        Initialize one or more containers
  inspect     Display the configuration of object denoted by ID
  kill        Kill one or more running containers with a specific signal
  load        Load image(s) from a tar archive
  login       Login to a container registry
  logout      Logout of a container registry
  logs        Fetch the logs of one or more containers
  machine     Manage a virtual machine
  manifest    Manipulate manifest lists and image indexes
  mount       Mount a working container's root filesystem
  network     Manage networks
  pause       Pause all the processes in one or more containers
  play        Play containers, pods or volumes from a structured file.
  pod         Manage pods
  port        List port mappings or a specific mapping for the container
  ps          List containers
  pull        Pull an image from a registry
  push        Push an image to a specified destination
  rename      Rename an existing container
  restart     Restart one or more containers
  rm          Remove one or more containers
  rmi         Removes one or more images from local storage
  run         Run a command in a new container
  save        Save image(s) to an archive
  search      Search registry for image
  secret      Manage secrets
  start       Start one or more containers
  stats       Display a live stream of container resource usage statistics
  stop        Stop one or more containers
  system      Manage podman
  tag         Add an additional name to a local image
  top         Display the running processes of a container
  unmount     Unmounts working container's root filesystem
  unpause     Unpause the processes in one or more containers
  unshare     Run a command in a modified user namespace
  untag       Remove a name from a local image
  version     Display the Podman Version Information
  volume      Manage volumes
  wait        Block on one or more containers

Options:
      --cgroup-manager string      Cgroup manager to use ("cgroupfs"|"systemd") (default "systemd")
      --cni-config-dir string      Path of the configuration directory for CNI networks (default "/usr/libexec/cni")
      --conmon string              Path of the conmon binary
  -c, --connection string          Connection to use for remote Podman service
      --events-backend string      Events backend to use ("file"|"journald"|"none") (default "file")
      --help                       Help for podman
      --hooks-dir strings          Set the OCI hooks directory path (may be set multiple times) (default [/usr/share/containers/oci/hooks.d])
      --identity string            path to SSH identity file, (CONTAINER_SSHKEY)
      --log-level string           Log messages above specified level (trace, debug, info, warn, warning, error, fatal, panic) (default "warn")
      --namespace string           Set the libpod namespace, used to create separate views of the containers and pods on the system
      --network-cmd-path string    Path to the command for configuring the network
  -r, --remote                     Access remote Podman service (default false)
      --root string                Path to the root directory in which data, including images, is stored
      --runroot string             Path to the 'run directory' where all state information is stored
      --runtime string             Path to the OCI-compatible binary used to run containers, default is /usr/bin/runc
      --runtime-flag stringArray   add global flags for the container runtime
      --storage-driver string      Select which storage driver is used to manage storage of images and containers (default is overlay)
      --storage-opt stringArray    Used to pass an option to the storage driver
      --syslog                     Output logging information to syslog as well as the console (default false)
      --tmpdir string              Path to the tmp directory for libpod state content.
                                   
                                   Note: use the environment variable 'TMPDIR' to change the temporary storage location for container images, '/var/tmp'.
                                   
      --url string                 URL to access Podman service (CONTAINER_HOST) (default "unix:/run/podman/podman.sock")
  -v, --version                    version for podman

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93

可以发现,使用方式可以说和 docker 的丝毫不差,不用担心从 docker 切换到 podman 会有不习惯的。如果不习惯使用 podman 命令,可以使用 alias docker=podman 来对docker命令做一个映射。

配置镜像加速

加速链接获取 详细请阅读docker 基本用法

 默认镜像库
        文件 /etc/containers/registries.conf 是设置镜像地址配置文件,默认会搜索 ['registry.access.redhat.com', 'registry.redhat.io', 'docker.io', 'quay.io']等几个镜像库。

        不过,这几个镜像库下载速度非常慢,可以说是基本无法顺利的将镜像拉下来。

        所以,需要修改修改镜像库配置文件,也就是大家说的镜像加速方案。

  镜像加速

        只需2个步骤实现镜像加速:

              1.改名并备份好文件:/etc/containers/registries.conf.bak

              2.再新建一个空的 registries.conf 文件,插入如下内容
                    unqualified-search-registries = ["docker.io"]

                    [[registry]]
                    prefix = "docker.io"
                    location = "******.mirror.aliyuncs.com"

              3.修改 location
                   网易:https://hub-mirror.c.163.com/

                   阿里云:https://<你的ID>.mirror.aliyuncs.com
			  4.保存
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25

详细配置步骤如下:

# 修改podman镜像源(podman默认的镜像拉取镜像地址第一个是红帽的,从红帽去拉去,而且可能要都要涉及到红帽的一个付费用户才行的,最后一个才是正儿八经的docker的镜像仓库的源,所以把他这个顺序调整一下,把docker的镜像仓库的源调整到第一位置上去,如果不调整的话,他装软件他会优先跑到上去,结果红帽的连接不上去,就会导致安装特别慢)
[root@localhost ~]# vim /etc/containers/registries.conf 
registries = ['docker.io','registry.access.redhat.com', 'registry.redhat.io']

# 镜像加速
## 备份文件
[root@localhost ~]# cp /etc/containers/registries.conf /etc/containers/registries.conf.bak

## 编辑配置文件(直接删除或者注释掉之前的,或者以registries.conf命名的新文件,只需要这一段)
[root@localhost ~]# vim /etc/containers/registries.conf
unqualified-search-registries = ["docker.io"]
  
[[registry]]
prefix = "docker.io"
location = "a74l47xi.mirror.aliyuncs.com"

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16

配置完成后,试运行hello-world镜像:podman run hello-world

[root@podman ~]# podman run hello-world
Resolved "hello-world" as an alias (/etc/containers/registries.conf.d/000-shortnames.conf)
Trying to pull docker.io/library/hello-world:latest...
Getting image source signatures
Copying blob 2db29710123e done  
Copying config feb5d9fea6 done  
Writing manifest to image destination
Storing signatures

Hello from Docker!
This message shows that your installation appears to be working correctly.

[root@podman ~]# podman images
REPOSITORY                     TAG         IMAGE ID      CREATED       SIZE
docker.io/library/hello-world  latest      feb5d9fea6a5  2 months ago  19.9 kB

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
定义别名
[root@podman ~]# podman ps -a   //使用原命令查看镜像
CONTAINER ID  IMAGE                                 COMMAND     CREATED        STATUS                    PORTS       NAMES
9b33fef81892  docker.io/library/hello-world:latest  /hello      6 minutes ago  Exited (0) 6 minutes ago              zen_goldberg

[root@podman ~]# alias docker=podman //映射命令

[root@podman ~]# docker ps -a  //使用docker 别名进行控制
CONTAINER ID  IMAGE                                 COMMAND     CREATED        STATUS                    PORTS       NAMES
9b33fef81892  docker.io/library/hello-world:latest  /hello      6 minutes ago  Exited (0) 6 minutes ago              zen_goldberg

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10

普通用户使用的配置

在允许没有root特权的用户运行Podman之前,管理员必须安装或构建Podman并完成以下配置

cgroup V2Linux内核功能允许用户限制普通用户容器可以使用的资源,如果使用cgroup V2启用了运行Podman的Linux发行版,则可能需要更改默认的OCI运行时。某些较旧的版本runc不适用于cgroup V2,必须切换到备用OCI运行时crun。

安装crun

[root@podman ~]# yum -y install crun
  • 1

使用–runtime选项在命令行中打开对cgroup V2的替代OCI运行时支持

podman  --runtime crun
  • 1

也可以修改containers.conf文件runtime = "runc"到runtime = “crun”

[root@podman ~]# vim /usr/share/containers/containers.conf 
......
runtime = "crun"      # 取消注释并将值改为crun
......


[root@podman ~]# podman run -d -p 80 docker.io/library/httpd
736c2146b807988538c700a207a45b1be50f4b3e8466b9cc57a68b4d7b5ea568
[root@podman ~]# podman inspect -l | grep crun
        "OCIRuntime": "crun",
            "crun",

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
安装slirp4netns

slirp4nets包为普通用户提供一种网络模式

[root@podman ~]# yum -y install slirp4netns
  • 1
安装fuse-overlayfs

在普通用户环境中使用Podman时,建议使用fuse-overlayfs而不是VFS文件系统,至少需要版本0.7.6。

[root@podman ~]# yum -y install fuse-overlayfs
  • 1

配置storage.conf文件

[root@podman ~]#  vim /etc/containers/storage.conf
......
mount_program = "/usr/bin/fuse-overlayfs"  #取消注释
......
  • 1
  • 2
  • 3
  • 4
/etc/subuid和/etc/subgid配置

Podman要求运行它的用户在/etc/subuid和/etc/subgid文件中列出一系列UID,shadow-utils或newuid包提供这些文件

[root@podman ~]# cat /etc/subuid
demo:100000:65536
bus:165536:65536

[root@podman ~]# cat /etc/subgid
demo:100000:65536
bus:165536:65536

// 在/etc/subuid和/etc/subgid查看,每个用户的值必须唯一且没有任何重叠。
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9

该文件的格式为USERNAME:UID:RANGE

  • 在/ etc / passwd或getpwent中列出的用户名。
  • 为用户分配的初始uid。
  • 为用户分配的UID范围的大小
用户的配置文件

三个主要的配置文件是container.conf,storage.conf和registries.conf。用户可以根据需要修改这些文件。

container.conf

Podman读取时,按照循序来了,当前面一位找不到时,就去找下一个

1./usr/share/containers/containers.conf
2./etc/containers/containers.conf
3.$HOME/.config/containers/containers.conf
  • 1
  • 2
  • 3
storage.conf

podman保存在本地的容器镜像和其运行容器的文件目录。

1./etc/containers/storage.conf
2.$HOME/.config/containers/storage.conf
  • 1
  • 2

在普通用户中/etc/containers/storage.conf的一些字段将被忽略

graphroot=``""`` ``container storage graph ``dir` `(default: ``"/var/lib/containers/storage"``)`` ``Default directory to store all writable content created by container storage programs.` `runroot=``""`` ``container storage run ``dir` `(default: ``"/run/containers/storage"``)`` ``Default directory to store all temporary writable content created by container storage programs.
  • 1

在普通用户中默认

graphroot=``"$HOME/.local/share/containers/storage"``runroot=``"$XDG_RUNTIME_DIR/contai
  • 1
registries.conf

配置按此顺序读入,这些文件不是默认创建的,可以从/usr/share/containers或复制文件/etc/containers并进行修改

1./etc/containers/registries.conf
2./etc/containers/registries.d/*
3.HOME/.config/containers/registries.conf
  • 1
  • 2
  • 3

podman login 登录,默认授权文件在${XDG_RUNTIME_DIR}/containers/auth.json

[root@podman ~]# cat /run/user/0/containers/auth.json 
{
	"auths": {
		"docker.io": {
			"auth": "********************="
		}
	}
}
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8

podman常用基础命令

// --filter=is-official:指定查找官方版本的httpd
[root@podman ~]# podman search httpd --filter=is-official
INDEX       NAME                     DESCRIPTION                     STARS       OFFICIAL    AUTOMATED
docker.io   docker.io/library/httpd  The Apache HTTP Server Project  3794        [OK]     
  • 1
  • 2
  • 3
  • 4
podman pull:下载(拉取)镜像

注意:Podman在不同的注册管理机构中搜索。因此,建议使用完整的映像名称(docker.io/library/httpd而不是httpd)来确保使用正确的映像

[root@podman ~]# podman pull docker.io/library/httpd
Trying to pull docker.io/library/httpd:latest...
Getting image source signatures
Copying blob aa379c0cedc2 done  
Copying blob d3576f2b6317 done  
Copying blob f1aa5f54b226 done  
Copying blob bc36ee1127ec done  
Copying blob e5ae68f74026 done  
Copying config ea28e1b82f done  
Writing manifest to image destination
Storing signatures
ea28e1b82f314092abd3f90a69e57d6ccf506382821ee0b8d9b48c3e47440c1f


// 当你不知道镜像准确位置,无法确定的时候,直接podman pull + 镜像名,然后上下滑动选择你要指定拉取镜像的位置
[root@podman ~]# podman pull nginx
? Please select an image: 
  ▸ registry.fedoraproject.org/nginx:latest
    registry.access.redhat.com/nginx:latest
    registry.centos.org/nginx:latest
    docker.io/library/nginx:latest
    a74l47xi.mirror.aliyuncs.com/nginx:latest

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
podman images :显示镜像列表
[root@podman ~]# podman images
REPOSITORY                     TAG         IMAGE ID      CREATED       SIZE
docker.io/library/nginx        latest      f652ca386ed1  11 days ago   146 MB
docker.io/library/httpd        latest      ea28e1b82f31  11 days ago   148 MB
docker.io/library/hello-world  latest      feb5d9fea6a5  2 months ago  19.9 kB


  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
podman run:运行容器
[root@podman ~]# podman run -d -p 80:80 docker.io/library/nginx:latest
8bd20084cb280f22a896356a6e20f64d2a912df967b8284011a0cb10c157ddcc

  • 1
  • 2
  • 3

注意:由于容器在分离模式下运行,由命令中的 表示,Podman将在执行命令后打印容器ID。它还添加了一个伪 tty,用于在交互式 shell 中运行任意命令。-d``podman run``-t

注意:我们使用端口转发来访问HTTP服务器。要成功运行,至少需要 slirp4netns v0.3.0。

在浏览器上访问刚刚运行的容器

podman ps:列出正在运行的容器

[root@podman ~]# podman ps -a
CONTAINER ID  IMAGE                                 COMMAND           CREATED         STATUS                     PORTS               NAMES
9b33fef81892  docker.io/library/hello-world:latest  /hello            35 minutes ago  Exited (0) 35 minutes ago                      zen_goldberg
8bd20084cb28  docker.io/library/nginx:latest  nginx -g daemon o...  22 seconds ago  Up 22 seconds ago  0.0.0.0:80->80/tcp     ecstatic_keldysh
  • 1
  • 2
  • 3
  • 4
  • 5

测试nginx容器是否正常

[root@podman ~]# curl 192.168.58.100
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
podman inspect:查看运行中的容器的详细信息

检查"正在运行的容器,以查找有关其自身的元数据和详细信息。 将提供许多有用的信息,如环境变量,网络设置或分配的资源。podman inspect

由于容器在root模式下运行,因此会为容器分配 IP 地址

[root@podman ~]# podman inspect -l |grep -i ipaddress
            "IPAddress": "10.88.0.5",
                    "IPAddress": "10.88.0.5",
  • 1
  • 2
  • 3
podman logs (显示 最近创建容器的日志)
[root@podman ~]# podman logs -l
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf
10-listen-on-ipv6-by-default.sh: info: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf
/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
/docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh
/docker-entrypoint.sh: Configuration complete; ready for start up
2021/12/14 09:16:00 [notice] 1#1: using the "epoll" event method
2021/12/14 09:16:00 [notice] 1#1: nginx/1.21.4
2021/12/14 09:16:00 [notice] 1#1: built by gcc 10.2.1 20210110 (Debian 10.2.1-6) 
2021/12/14 09:16:00 [notice] 1#1: OS: Linux 4.18.0-305.3.1.el8.x86_64
2021/12/14 09:16:00 [notice] 1#1: getrlimit(RLIMIT_NOFILE): 1048576:1048576
2021/12/14 09:16:00 [notice] 1#1: start worker processes
2021/12/14 09:16:00 [notice] 1#1: start worker process 26
192.168.58.100 - - [14/Dec/2021:09:17:08 +0000] "GET / HTTP/1.1" 200 615 "-" "curl/7.61.1" "-"

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
podman status: 查看运行中容器资源使用情况
[root@podman ~]# podman  stats -l
ID            NAME           CPU %       MEM USAGE / LIMIT  MEM %       NET IO          BLOCK IO    PIDS        CPU TIME     AVG CPU %
25792d84fd4d  pensive_lewin  --          12.13MB / 3.89GB   0.31%       978B / 1.604kB  -- / --     2           60.785945ms  5.30%

  • 1
  • 2
  • 3
  • 4
podman top

显示容器正在运行的进程

1.默认情况下,podman-top打印的数据类似ps -ef:
[root@podman ~]# podman top -l
USER        PID         PPID        %CPU        ELAPSED          TTY         TIME        COMMAND
root        1           0           0.000       7m23.493485467s  ?           0s          nginx: master process nginx -g daemon off; 
nginx       26          1           0.000       7m23.507132661s  ?           0s          nginx: worker process 

2.可以通过在容器后面指定格式描述符作为参数来控制输出:
[root@podman ~]# podman top -l pid seccomp args %C
PID         SECCOMP     COMMAND                                      %CPU
1           filter      nginx: master process nginx -g daemon off;   0.000
26          filter      nginx: worker process                        0.000

[root@podman ~]# podman top -l pid seccomp state args %C
PID         SECCOMP     STATE       COMMAND                                      %CPU
1           filter      S           nginx: master process nginx -g daemon off;   0.000
26          filter      S           nginx: worker process                        0.000

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
podman stop:停止容器
[root@podman ~]# podman ps
CONTAINER ID  IMAGE                           COMMAND               CREATED         STATUS             PORTS                  NAMES
8bd20084cb28  docker.io/library/nginx:latest  nginx -g daemon o...  22 seconds ago  Up 22 seconds ago  0.0.0.0:80->80/tcp     ecstatic_keldysh

[root@podman ~]# podman stop -l
8bd20084cb280f22a896356a6e20f64d2a912df967b8284011a0cb10c157ddcc
[root@podman ~]# docker ps -a
CONTAINER ID  IMAGE                                 COMMAND               CREATED        STATUS                     PORTS               NAMES
8bd20084cb28  docker.io/library/nginx:latest        nginx -g daemon o...  9 minutes ago  Exited (0) 18 seconds ago  0.0.0.0:80->80/tcp  ecstatic_keldysh
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
podman rm

删除容器

[root@podman ~]# docker ps -a
CONTAINER ID  IMAGE                                 COMMAND               CREATED        STATUS                     PORTS               NAMES
8bd20084cb28  docker.io/library/nginx:latest        nginx -g daemon o...  9 minutes ago  Exited (0) 18 seconds ago  0.0.0.0:80->80/tcp  ecstatic_keldysh

[root@podman ~]# docker rm -l
8bd20084cb280f22a896356a6e20f64d2a912df967b8284011a0cb10c157ddcc

[root@podman ~]# docker ps -a
CONTAINER ID  IMAGE       COMMAND     CREATED     STATUS      PORTS       NAMES

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
podman tag:重命名(不覆盖源镜像文件)
[root@podman ~]# docker images
REPOSITORY                     TAG         IMAGE ID      CREATED       SIZE
docker.io/library/nginx        latest      f652ca386ed1  11 days ago   146 MB
docker.io/library/httpd        latest      ea28e1b82f31  11 days ago   148 MB
docker.io/library/hello-world  latest      feb5d9fea6a5  2 months ago  19.9 kB

[root@podman ~]#  podman tag docker.io/library/nginx:latest docker.io/test

[root@podman ~]# docker images
REPOSITORY                     TAG         IMAGE ID      CREATED       SIZE
docker.io/library/nginx        latest      f652ca386ed1  11 days ago   146 MB
docker.io/library/test         latest      f652ca386ed1  11 days ago   146 MB
docker.io/library/httpd        latest      ea28e1b82f31  11 days ago   148 MB
docker.io/library/hello-world  latest      feb5d9fea6a5  2 months ago  19.9 kB

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15

podman 网络配置

rootfull和rootless容器网络之间的差异

podman容器联网的指导因素之一将是容器是否由root用户运行。这是因为非特权用户无法在主机上创建网络接口。因此,对于rootfull容器,默认网络模式是使用容器网络接口(CNI)插件,特别是桥接插件。对于rootless,默认的网络模式是slir4netns。由于权限有限,slirnetns缺少CNI组网的一些功能;例如,slirp4netns无法为容器提供可路由的IP地址。cni是容器网络接口。

三部曲

  • podman network create 创建网络
  • 修改 /etc/cni/net.d/mynetwork.conflist 配置文件
  • 修改设置/usr/share/containers/containers.conf 将其为默认网络
创建网络
[root@podman ~]# podman network create new   // 创建
/etc/cni/net.d/new.conflist

[root@podman ~]# podman network ls //查看
NETWORK ID    NAME        VERSION     PLUGINS
2f259bab93aa  podman      0.4.0       bridge,portmap,firewall,tuning
11507a0e2f5e  new         0.4.0       bridge,portmap,firewall,tuning

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8

修改/etc/cni/net.d/mynetwork.conflist 配置文件

{
   "cniVersion": "0.4.0",   //cni 版本
   "name": "new",    //网络名
   "plugins": [
      {
         "type": "bridge",  //类型
         "bridge": "cni-podman1",
         "isGateway": true,
         "ipMasq": true,
         "hairpinMode": true,
         "ipam": {
            "type": "host-local",
            "routes": [
               {
                  "dst": "0.0.0.0/0"
               }
            ],
            "ranges": [
               [
                  {
                     "subnet": "192.168.59.0/24",         //修改网段
                     "gateway": "192.168.59.1"            //修改网关
                  }
               ]
            ]
         }
      },
      {
         "type": "portmap",
         "capabilities": {
            "portMappings": true
         }
      },
      {
         "type": "firewall",
         "backend": ""
      },
      {
         "type": "tuning"
      }
   ]
}

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43

修改/usr/share/containers/containers.conf 将其为默认网络

[root@podman ~]# vim /usr/share/containers/containers.conf 
.......
# The network name of the default CNI network to attach pods to.
#
default_network = "new"      # 添加此行
#default_network = "podman"
.......
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7

创建容器检测

[root@podman ~]# podman run -dit --name new busybox
9b8040d10e1ef193b5944cdf4c028e48324f57d09228c87a2a1bc299becd8c44

[root@podman ~]# podman exec -it new /bin/sh
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0@if6: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue 
    link/ether fe:b1:ec:61:cb:c4 brd ff:ff:ff:ff:ff:ff
    inet 192.168.59.2/24 brd 192.168.59.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::fcb1:ecff:fe61:cbc4/64 scope link 
       valid_lft forever preferred_lft forever
       
/ # ping baidu.com    //测试是否能与外网联通
PING baidu.com (220.181.38.251): 56 data bytes
64 bytes from 220.181.38.251: seq=0 ttl=127 time=59.113 ms
64 bytes from 220.181.38.251: seq=1 ttl=127 time=75.623 ms
64 bytes from 220.181.38.251: seq=2 ttl=127 time=61.185 ms

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24

防火墙

防火墙的作用不会影响网络的设置和配置,但会影响这些网络上的流量。最明显的是容器主机的入站网络流量,这些流量通常通过端口映射传递到容器上。根据防火墙的实现,我们观察到防火墙端口由于运行带有端口映射的容器(例如)而自动打开。如果容器流量似乎无法正常工作,请检查防火墙并允许容器正在使用的端口号上的流量。一个常见的问题是重新加载防火墙会删除cni iptables规则,从而导致rootful容器的网络连接丢失。podman v3提供了podman network reload命令来恢复它而无需重新启动容器。

查看防火墙规则

[root@podman ~]# iptables -t nat -nvL
Chain PREROUTING (policy ACCEPT 182 packets, 15049 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain INPUT (policy ACCEPT 3 packets, 156 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain POSTROUTING (policy ACCEPT 373 packets, 27366 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    3   194 CNI-0e18d45e43c67d5edd08e6eb  all  --  *      *       192.168.59.2         0.0.0.0/0            /* name: "new" id: "9b8040d10e1ef193b5944cdf4c028e48324f57d09228c87a2a1bc299becd8c44" */

Chain OUTPUT (policy ACCEPT 373 packets, 27366 bytes)
 pkts bytes target     prot opt in     out     source               destination         
 
// 目前只能看见刚刚创建的网络网卡映射
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16

运行一个容器,映射80端口

[root@podman ~]# podman run -d -p 80:80 --name nginx nginx  // 此处直接使用nginx,是因为上面配置了docker.io
bb055ae633424d1b2cc0155e1d18f99b6cf06ed91ec50c3244dfc6080e7264d8

[root@podman ~]# podman ps -a
CONTAINER ID  IMAGE                             COMMAND               CREATED        STATUS            PORTS               NAMES
9b8040d10e1e  docker.io/library/busybox:latest  sh                    8 minutes ago  Up 8 minutes ago                      new
bb055ae63342  docker.io/library/nginx:latest    nginx -g daemon o...  9 seconds ago  Up 9 seconds ago  0.0.0.0:80->80/tcp  nginx

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8

此时再查看防火墙规则

[root@podman ~]# iptables -t nat -nvL
Chain PREROUTING (policy ACCEPT 183 packets, 15278 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 CNI-HOSTPORT-DNAT  all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type LOCAL
......
Chain CNI-HOSTPORT-DNAT (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 CNI-DN-2970caf0153c64b6b4070  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            /* dnat name: "new" id: "bb055ae633424d1b2cc0155e1d18f99b6cf06ed91ec50c3244dfc6080e7264d8" */ multiport dports 80

Chain CNI-DN-2970caf0153c64b6b4070 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 CNI-HOSTPORT-SETMARK  tcp  --  *      *       192.168.59.0/24      0.0.0.0/0            tcp dpt:80
    0     0 CNI-HOSTPORT-SETMARK  tcp  --  *      *       127.0.0.1            0.0.0.0/0            tcp dpt:80
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80 to:192.168.59.3:80

//发现80端口
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16

过滤容器ip,验证是否正常服务

[root@podman ~]# podman inspect -l| grep -i address
            "IPAddress": "192.168.59.3",
            "GlobalIPv6Address": "",
            "MacAddress": "06:9c:65:a5:b8:2c",
            "LinkLocalIPv6Address": "",
                    "IPAddress": "192.168.59.3",
                    "GlobalIPv6Address": "",
                    "MacAddress": "06:9c:65:a5:b8:2c",

[root@podman ~]# curl 192.168.59.3
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
......
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
清空防火墙规则

三部曲

  • iptables -t nat -F #指定表清空
  • iptables --flush #刷新
  • iptables -t nat -nvL //查看指定表规则
[root@podman ~]# iptables -t nat -F
[root@podman ~]# iptables --flush
[root@podman ~]# iptables -t nat -nvL
Chain PREROUTING (policy ACCEPT 183 packets, 15278 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain INPUT (policy ACCEPT 3 packets, 156 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain POSTROUTING (policy ACCEPT 384 packets, 28186 bytes)
 pkts bytes target     prot opt in     out     source               destination         

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12

重载规则

[root@podman ~]# podman network reload nginx
bb055ae633424d1b2cc0155e1d18f99b6cf06ed91ec50c3244dfc6080e7264d8
[root@podman ~]# iptables -t nat -nvL
Chain PREROUTING (policy ACCEPT 184 packets, 15507 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 CNI-HOSTPORT-DNAT  all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT 3 packets, 156 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain POSTROUTING (policy ACCEPT 385 packets, 28246 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 CNI-HOSTPORT-MASQ  all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* CNI portfwd requiring masquerade */
    0     0 CNI-2970caf0153c64b6b40709d5  all  --  *      *       192.168.59.3         0.0.0.0/0            /* name: "new" id: 
    ........

Chain CNI-HOSTPORT-DNAT (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 CNI-DN-2970caf0153c64b6b4070  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            /* dnat name: "new" id: "bb055ae633424d1b2cc0155e1d18f99b6cf06ed91ec50c3244dfc6080e7264d8" */ multiport dports 80

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20

podman容器的开机自启

三部曲

  • (提前)创建容器,podman generate systemd --files --name <container-name>(r容器名),生成service文件
  • 将生成的service文件移动至 /usr/lib/systemd/system/目录中
  • systemctl enable --now < Serve>

创建一个httpd容器

[root@podman ~]# podman  run -tid --name httpd httpd
b933913e28d570caa62ed7f0a70189f853fe263f8b3593e177bba13f8cf6661f
[root@podman ~]# podman ps -a
CONTAINER ID  IMAGE                           COMMAND           CREATED        STATUS            PORTS       NAMES
b933913e28d5  docker.io/library/httpd:latest  httpd-foreground  4 seconds ago  Up 4 seconds ago              httpd

[root@podman ~]# podman generate systemd --files --name httpd    //生成service文件
/root/container-httpd.service
[root@podman ~]# ls
anaconda-ks.cfg  container-httpd.service

[root@podman ~]# cat container-httpd.service
# container-httpd.service
# autogenerated by Podman 3.3.1
# Wed Dec 15 18:06:31 CST 2021

[Unit]
Description=Podman container-httpd.service
Documentation=man:podman-generate-systemd(1)
Wants=network-online.target
After=network-online.target
RequiresMountsFor=/run/containers/storage

[Service]
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
ExecStart=/usr/bin/podman start httpd
ExecStop=/usr/bin/podman stop -t 10 httpd
ExecStopPost=/usr/bin/podman stop -t 10 httpd
PIDFile=/run/containers/storage/overlay-containers/b933913e28d570caa62ed7f0a70189f853fe263f8b3593e177bba13f8cf6661f/userdata/conmon.pid

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32

将container-httpd.service 放置/usr/lib/systemd/system/中

[root@podman ~]# mv container-httpd.service /usr/lib/systemd/system/
  • 1

设置服务自启动

[root@podman ~]# systemctl status container-httpd   // 查看服务状态
● container-httpd.service - Podman container-httpd.service
   Loaded: loaded (/usr/lib/systemd/system/container-httpd.service; disabled; vendor preset: disabled)
   Active: inactive (dead)
     Docs: man:podman-generate-systemd(1)
     
[root@podman ~]# systemctl enable --now container-httpd  //设置自启动
Created symlink /etc/systemd/system/multi-user.target.wants/container-httpd.service → /usr/lib/systemd/system/container-httpd.service.
Created symlink /etc/systemd/system/default.target.wants/container-httpd.service → /usr/lib/systemd/system/container-httpd.service.

[root@podman ~]# systemctl status container-httpd
● container-httpd.service - Podman container-httpd.service
   Loaded: loaded (/usr/lib/systemd/system/container-httpd.service; enabled; vendor preset: disabled)
   Active: active (running) since Wed 2021-12-15 18:08:05 CST; 2s ago
     Docs: man:podman-generate-systemd(1)
  Process: 234637 ExecStart=/usr/bin/podman start httpd (code=exited, status=0/SUCCESS)
 Main PID: 230398 (conmon)
    Tasks: 0 (limit: 23493)
   Memory: 8.0K
   CGroup: /system.slice/container-httpd.service
           ‣ 230398 /usr/bin/conmon --api-version 1 -c b933913e28d570caa62ed7f0a70189f853fe263f8b3593e177bba13f8cf6661f -u b933913e28d57


[root@podman ~]# reboot //验证
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24

非根用户容器开机自启

## 使用ssh的方式连接到普通用户

[root@localhost ~]# ssh demo@192.168.58.100


非root用户只能映射1024以上的端口,1024以下的端口只能root用户映射
[demo@podman ~]$ podman run -dit --name nginx nginx  //运行容器
Resolving "nginx" using unqualified-search registries (/etc/containers/registries.conf)
Trying to pull docker.io/library/nginx:latest...
Getting image source signatures
Copying blob 21e0df283cd6 done  
Copying blob 881ff011f1c9 done  
Copying blob 44be98c0fab6 done  
Copying blob ed835de16acd done  
Copying blob 77700c52c969 done  
Copying blob e5ae68f74026 done  
Copying config f652ca386e done  
Writing manifest to image destination
Storing signatures
bd6e94a3bab50cec23293241021ca18ce89ef801d7b9959e8ce1a4d0092b07f7


[demo@podman user]$ podman ps -a
CONTAINER ID  IMAGE                           COMMAND               CREATED        STATUS            PORTS       NAMES
7bb3f496d4ea  docker.io/library/nginx:latest  nginx -g daemon o...  6 minutes ago  Up 6 minutes ago              nginx


[demo@podman ~]$ mkdir -p ~/.config/systemd/user   //创建用户目录
[demo@podman ~]$ podman generate systemd --name nginx --files --new  //生成service文件
/home/demo/container-nginx.service
[demo@podman ~]$ mv container-nginx.service ~/.config/systemd/user //移动至用户目录中

[demo@podman ~]$ podman stop nginx ## 停止容器

// 重新加载服务,设置开机自启,无根用户启动时需要加上--user
[demo@podman ~]$ systemctl --user daemon-reload
[demo@podman ~]$ systemctl --user enable container-nginx.service --now
Created symlink /home/demo/.config/systemd/user/multi-user.target.wants/container-nginx.service → /home/demo/.config/systemd/user/container-nginx.service.
Created symlink /home/demo/.config/systemd/user/default.target.wants/container-nginx.service → /home/demo/.config/systemd/user/container-nginx.service.

[demo@podman ~]$ systemctl --user status container-nginx.service 
● container-nginx.service - Podman container-nginx.service
   Loaded: loaded (/home/demo/.config/systemd/user/container-nginx.service; enabled; vendor preset: enabled)
   Active: active (running) since Wed 2021-12-15 18:43:29 CST; 6s ago
     Docs: man:podman-generate-systemd(1)
  Process: 296286 ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=/run/user/1000/container-nginx.service.ctr-id (code=exited, status=125)
  Process: 296334 ExecStartPre=/bin/rm -f /run/user/1000/container-nginx.service.ctr-id (code=exited, status=0/SUCCESS)
 Main PID: 296415 (conmon)
   CGroup: /user.slice/user-1000.slice/user@1000.service/container-nginx.service
           ├─296409 /usr/bin/fuse-overlayfs -o ,lowerdir=/home/demo/.local/share/containers/storage/overlay/l/ROBNVTFSKM43LHYXD2IFKZ4F2H:/home/demo/.loca>
           ├─296412 /usr/bin/slirp4netns --disable-host-loopback --mtu=65520 --enable-sandbox --enable-seccomp -c -e 3 -r 4 --netns-type=path /run/user/1>
           ├─296415 /usr/bin/conmon --api-version 1 -c 79a48c9eee7854810a5ef096b0289cbe05488085353db3f78b2b916ead9bbaa7 -u 79a48c9eee7854810a5ef096b0289c>
           ├─296418 nginx: master process nginx -g daemon off;
           └─296444 nginx: worker process

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/码创造者/article/detail/904081
推荐阅读
  

闽ICP备14008679号