Images and Containers
Finding Images
Search for images with a keyword:
$ podman search fedora $ podman search homeassistant
The registries which will be searched are configured in the /etc/containers/registry.conf file.
The resulting name will include both the registry location and the name of the image.
-
The registry name may include a port number.
-
The image name consists of USER/REPO. The user can be an individual, team, or company that uploads the images to the registry.
-
The image repository contains tagged images and hidden layers. Most repositories contain an image with the tag of 'latest'.
-
When downloading an image with pull, run, or build commands, you may specify a specific tag image. The default is to pull the image tagged 'latest'.
The skopeo
command is a utility to work with images in many different container environments.
It was created to view information in remote registries and is now a command and library for copying images with different transports.
It is used to manage container images and image storage remotely and locally and all without requiring root.
It can also pass authentication credentials when required by the repository.
View creation dates, architectures, labels, tags, and layer checksums of a remote image repository:
$ skopeo inspect docker://registry.fedoraproject.org/fedora-minimal
Manage Local Images
When you run a container, the image is first downloaded to the local system. It can be helpful to go ahead and download an image as a separate command.
The default is to pull the latest image from the default registry:
$ podman pull fedora
You can also specify the registry, user, tag, or, as in the following example, some combination:
$ podman pull registry.fedoraproject.org/fedora-minimal:rawhide
List the local images:
$ podman images REPOSITORY TAG IMAGE ID CREATED SIZE registry.fedoraproject.org/fedora-minimal rawhide 8ecda3b9bc0d 2 days ago 164MB docker.io/homeassistant/raspberrypi3-homeassistant latest 3c74046ca2a7 3 days ago 1.05GB docker.io/library/fedora latest 8b38e3af7237 4 weeks ago 315MB
The same output is show with podman image ls
.
Note the singular 'image' command before the additional 'ls' command.
If you have a lot of images, you may want to specify filters or sort by a value other than the creation date.
As a user, the local images will be stored under the ~/.local/share/containers/
directory.
Each user has their own namespace so these are separate from containers run as root.
Listing the images available to root displays a different or empty list:
$ sudo podman images
Some actions can not be done with rootless containers. Some devices and volumes will require that you pull and run containers in the root namespace. The current podman v1.0 also requires root for port publishing. The next version will allow rootless port publishing.
Like remote images, local images can also be inspected:
$ podman inspect fedora
To inspect an image with a tag other than 'latest', include the tag:
$ podman inspect fedora-minimal:rawhide
Running Containers
To launch the container use:
$ podman run fedora
With the fedora image, the container will start and then it exits since there is nothing left running. Some images are configured to run an application in the foreground and the container will not terminate until the application terminates.
To list the running containers use:
$ podman container ls
To see all containers, including those that have exited:
$ podman container ls -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES IS INFRA 7835aaadd2d1 docker.io/library/fedora:latest /bin/bash About a minute ago Exited (0) 14 seconds ago hopeful_beaver false
The exited containers are kept so that any data, including logs, can be investigated before they are lost. You can start an exited container but a typical workflow normally deletes used containers, launching new containers when needed.
Options on the run command can change the behavior of launching a container:
$ podman run -it \ (1) > --name demo \ (2) > --rm \ (3) > fedora /bin/bash (4) bash-4.4# (5)
1 | The -it options enable interactive mode and allocates a pseudo-TTY. |
2 | You can name your container. Without this option, a random name will be generated. |
3 | The --rm option causes the container to be deleted when it is terminated. This preserves space and allows a new container to be started with the same name. |
4 | The command to run. The command must be in the image. Not all images include bash. |
5 | The /bin/bash process is running in the foreground. When you exit the shell, the container will terminate. |
Publishing Ports
If your application listens on the network, you will need to map the container port to a local port on your device. In the current version, publishing ports requires root so the image must be available in the root namespace.
Add the -p
option when you launch the container:
$ sudo podman run -p 127.0.0.1:8080:80 --name demo mydemohttp:latest
You can then connect to your application via 127.0.0.1:8080
The format is ip:hostPort:containerPort | ip::containerPort | hostPort:containerPort | containerPort
.
Other options for publishing ports and many other run options are available and well documented in the podman-run man page.
Mapping a local directory
You may want to have your application write logs or collect data to a directory on the host.
Some containers expect that customized configuration files are on the host device.
In both cases, you can create a bind mount with the --volume
option.
Specify the host directory, the mount point inside the container, and any mount options.
For example, Home Assistant expects the configuration files to be on the host device:
$ podman run -d --name="home-assistant" -v /home/pi/homeassistant:/config -v /etc/localtime:/etc/localtime:ro --net=host homeassistant/raspberrypi3-homeassistant
Mapping a local device
The --device
option will add a host device to the container.
Specify the host device name and optionally, the device name on the container and any permissions.
Some devices, like the GPIO device, will require root.
To access the host GPIO device from the container:
$ sudo podman run -it --rm --name demo-gpio --device=/dev/gpiochip0 fedora:latest /bin/bash
Connect to a Running Container
You can also connect to a running container. Specify the container name or ID and the command to execute:
$ podman exec -it demo /bin/bash
You can also view container logs directly with podman:
$ podman logs demo
Both the exec
and logs
commands are also part of the podman container
command.
Removing Containers and Images
List the containers to see the 'Container ID' and 'name' of each container. Remove a container by specifying either the container ID or name:
$ podman container rm demo
Removing a container happens automatically when a container terminates if the container was started with the --rm
option.
Removing a container does not remove the image.
List the local images with podman images
or podman image ls
.
Remove the image using either the 'IMAGE ID' or the repository name and tag:
$ podman rmi registry.fedoraproject.org/fedora-minimal:rawhide
You can also remove an image with the image
command:
$ podman image rm registry.fedoraproject.org/fedora-minimal:rawhide