如何在容器内部从主机上运行 podman 命令

huangapple go评论74阅读模式
英文:

How to run podman commands on host from within container

问题

在使用 Docker 时,可以通过在容器内挂载 docker.sock 文件来实现此目标。

但是由于 Podman 中没有守护进程。那么替代 docker.sock 的方法是什么?

通常,我想要检查主机上存在的 Podman 镜像并启动一个新的容器。

我正在使用 Podman,带有 --privileged=true 和 root 用户权限。

英文:

In case of docker, this can be achieved by mounting docker.sock inside container.

But since there is no daemon in podman. What's the replacement for docker.sock?

I want to typically check the podman images presents on host and start a new container.

I'm using Podman with --privileged=true and root.

答案1

得分: 2

这是一个新的API(状态:实验性)在2020年1月的一篇博客文章中宣布。

[root@fedora31 ~]# podman --version
podman版本1.8.0
[root@fedora31 ~]# podman系统服务--超时500000 unix://root/foobar.sock 
此功能是实验性的。

由于API仍然处于实验阶段,这可能会发生变化,但目前您可以进行如下查询:

[root@fedora31 ~]# curl -s --unix-socket /root/foobar.sock http://d/v1.24/images/json | python3 -m json.tool
[
    {
        "Containers": 0,
        "Created": 1572319417,
        "Id": "f0858ad3febdf45bb2e5501cb459affffacef081f79eaa436085c3b6d9bd46ca",
        "Labels": {
            "maintainer": "Clement Verna <cverna@fedoraproject.org>"
        },
        "ParentId": "",
        "RepoDigests": [
            "sha256:8fa60b88e2a7eac8460b9c0104b877f1aa0cea7fbc03c701b7e545dacccfb433"
        ],
        "RepoTags": [
            "docker.io/library/fedora:latest"
        ],
        "SharedSize": 0,
        "Size": 201095865,
        "VirtualSize": 201095865,
        "CreatedTime": "0001-01-01T00:00:00Z"
    },
    null
]
[root@fedora31 ~]# 

命令python3 -m json.tool用于美化JSON输出。

我认为可以使用绑定挂载技术(在问题中提到)从容器内访问UNIX套接字。

根据手册页面,命令podman system service还接受--varlink标志。

目前,使用Varlink而不是新API可能是一个更好的解决方案,因为它更成熟,但在将来将被弃用。

英文:

There is a new API (status: experimental) that was announced in a blog post in January 2020.

[root@fedora31 ~]# podman --version
podman version 1.8.0
[root@fedora31 ~]# podman system service --timeout 500000 unix://root/foobar.sock 
This function is EXPERIMENTAL.

As the API is still experimental this might change but right now you could make a query like this:

[root@fedora31 ~]# curl -s --unix-socket /root/foobar.sock http://d/v1.24/images/json | python3 -m json.tool
[
    {
        &quot;Containers&quot;: 0,
        &quot;Created&quot;: 1572319417,
        &quot;Id&quot;: &quot;f0858ad3febdf45bb2e5501cb459affffacef081f79eaa436085c3b6d9bd46ca&quot;,
        &quot;Labels&quot;: {
            &quot;maintainer&quot;: &quot;Clement Verna &lt;cverna@fedoraproject.org&gt;&quot;
        },
        &quot;ParentId&quot;: &quot;&quot;,
        &quot;RepoDigests&quot;: [
            &quot;sha256:8fa60b88e2a7eac8460b9c0104b877f1aa0cea7fbc03c701b7e545dacccfb433&quot;
        ],
        &quot;RepoTags&quot;: [
            &quot;docker.io/library/fedora:latest&quot;
        ],
        &quot;SharedSize&quot;: 0,
        &quot;Size&quot;: 201095865,
        &quot;VirtualSize&quot;: 201095865,
        &quot;CreatedTime&quot;: &quot;0001-01-01T00:00:00Z&quot;
    },
    null
]
[root@fedora31 ~]# 

The command python3 -m json.tool was added to pretty-print the JSON output.

I think the UNIX socket can be accessed from inside a container by using the bind-mounting technique (that was mentioned in the question).

According to the man page, the command podman system service also accepts the flag --varlink.

Using Varlink instead of the new API might be a better solution right now as it is more mature but it will be deprecated in the future.

huangapple
  • 本文由 发表于 2020年1月3日 15:46:32
  • 转载请务必保留本文链接:https://go.coder-hub.com/59574914.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定