英文:
How to run podman commands on host from within container
问题
在使用 Docker 时,可以通过在容器内挂载 docker.sock 文件来实现此目标。
但是由于 Podman 中没有守护进程。那么替代 docker.sock 的方法是什么?
通常,我想要检查主机上存在的 Podman 镜像并启动一个新的容器。
我正在使用 Podman,带有 --privileged=true 和 root 用户权限。
英文:
In case of docker, this can be achieved by mounting docker.sock inside container.
But since there is no daemon in podman. What's the replacement for docker.sock?
I want to typically check the podman images presents on host and start a new container.
I'm using Podman with --privileged=true and root.
答案1
得分: 2
这是一个新的API(状态:实验性)在2020年1月的一篇博客文章中宣布。
[root@fedora31 ~]# podman --version
podman版本1.8.0
[root@fedora31 ~]# podman系统服务--超时500000 unix://root/foobar.sock
此功能是实验性的。
由于API仍然处于实验阶段,这可能会发生变化,但目前您可以进行如下查询:
[root@fedora31 ~]# curl -s --unix-socket /root/foobar.sock http://d/v1.24/images/json | python3 -m json.tool
[
{
"Containers": 0,
"Created": 1572319417,
"Id": "f0858ad3febdf45bb2e5501cb459affffacef081f79eaa436085c3b6d9bd46ca",
"Labels": {
"maintainer": "Clement Verna <cverna@fedoraproject.org>"
},
"ParentId": "",
"RepoDigests": [
"sha256:8fa60b88e2a7eac8460b9c0104b877f1aa0cea7fbc03c701b7e545dacccfb433"
],
"RepoTags": [
"docker.io/library/fedora:latest"
],
"SharedSize": 0,
"Size": 201095865,
"VirtualSize": 201095865,
"CreatedTime": "0001-01-01T00:00:00Z"
},
null
]
[root@fedora31 ~]#
命令python3 -m json.tool用于美化JSON输出。
我认为可以使用绑定挂载技术(在问题中提到)从容器内访问UNIX套接字。
根据手册页面,命令podman system service还接受--varlink标志。
目前,使用Varlink而不是新API可能是一个更好的解决方案,因为它更成熟,但在将来将被弃用。
英文:
There is a new API (status: experimental) that was announced in a blog post in January 2020.
[root@fedora31 ~]# podman --version
podman version 1.8.0
[root@fedora31 ~]# podman system service --timeout 500000 unix://root/foobar.sock
This function is EXPERIMENTAL.
As the API is still experimental this might change but right now you could make a query like this:
[root@fedora31 ~]# curl -s --unix-socket /root/foobar.sock http://d/v1.24/images/json | python3 -m json.tool
[
{
"Containers": 0,
"Created": 1572319417,
"Id": "f0858ad3febdf45bb2e5501cb459affffacef081f79eaa436085c3b6d9bd46ca",
"Labels": {
"maintainer": "Clement Verna <cverna@fedoraproject.org>"
},
"ParentId": "",
"RepoDigests": [
"sha256:8fa60b88e2a7eac8460b9c0104b877f1aa0cea7fbc03c701b7e545dacccfb433"
],
"RepoTags": [
"docker.io/library/fedora:latest"
],
"SharedSize": 0,
"Size": 201095865,
"VirtualSize": 201095865,
"CreatedTime": "0001-01-01T00:00:00Z"
},
null
]
[root@fedora31 ~]#
The command python3 -m json.tool was added to pretty-print the JSON output.
I think the UNIX socket can be accessed from inside a container by using the bind-mounting technique (that was mentioned in the question).
According to the man page, the command podman system service also accepts the flag --varlink.
Using Varlink instead of the new API might be a better solution right now as it is more mature but it will be deprecated in the future.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论