diff --git a/404.html b/404.html index 809a91012..2f543ede7 100644 --- a/404.html +++ b/404.html @@ -12,13 +12,13 @@ - +
-
Skip to main content
Not Found

Don't flip, but we can't find that.

We could not find what you were looking for:   isn't a working link.
The content may have moved;  try a search for it

- +
Skip to main content
Not Found

Seal-ly us! We can't find that page.

We could not find what you were looking for:   isn't a working link.
The content may have moved;  try a search for it

+ \ No newline at end of file diff --git a/assets/js/3b8c55ea.098412e1.js b/assets/js/3b8c55ea.9a5de80f.js similarity index 99% rename from assets/js/3b8c55ea.098412e1.js rename to assets/js/3b8c55ea.9a5de80f.js index 83b131ba7..f42eb6852 100644 --- a/assets/js/3b8c55ea.098412e1.js +++ b/assets/js/3b8c55ea.9a5de80f.js @@ -1 +1 @@ -"use strict";(self.webpackChunkpodman=self.webpackChunkpodman||[]).push([[83217],{3905:(e,n,t)=>{t.d(n,{Zo:()=>d,kt:()=>h});var a=t(67294);function o(e,n,t){return n in e?Object.defineProperty(e,n,{value:t,enumerable:!0,configurable:!0,writable:!0}):e[n]=t,e}function r(e,n){var t=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);n&&(a=a.filter((function(n){return Object.getOwnPropertyDescriptor(e,n).enumerable}))),t.push.apply(t,a)}return t}function i(e){for(var n=1;n=0||(o[t]=e[t]);return o}(e,n);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,t)&&(o[t]=e[t])}return o}var s=a.createContext({}),p=function(e){var n=a.useContext(s),t=n;return e&&(t="function"==typeof e?e(n):i(i({},n),e)),t},d=function(e){var n=p(e.components);return a.createElement(s.Provider,{value:n},e.children)},u="mdxType",c={inlineCode:"code",wrapper:function(e){var n=e.children;return a.createElement(a.Fragment,{},n)}},m=a.forwardRef((function(e,n){var t=e.components,o=e.mdxType,r=e.originalType,s=e.parentName,d=l(e,["components","mdxType","originalType","parentName"]),u=p(t),m=o,h=u["".concat(s,".").concat(m)]||u[m]||c[m]||r;return t?a.createElement(h,i(i({ref:n},d),{},{components:t})):a.createElement(h,i({ref:n},d))}));function h(e,n){var t=arguments,o=n&&n.mdxType;if("string"==typeof e||o){var r=t.length,i=new Array(r);i[0]=m;var l={};for(var s in n)hasOwnProperty.call(n,s)&&(l[s]=n[s]);l.originalType=e,l[u]="string"==typeof e?e:o,i[1]=l;for(var p=2;p{t.r(n),t.d(n,{assets:()=>s,contentTitle:()=>i,default:()=>c,frontMatter:()=>r,metadata:()=>l,toc:()=>p});var a=t(87462),o=(t(67294),t(3905));const r={title:"Podman Installation"},i="Podman Installation Instructions",l={unversionedId:"installation",id:"installation",title:"Podman Installation",description:"Looking for a GUI? You can find Podman Desktop here.",source:"@site/docs/installation.md",sourceDirName:".",slug:"/installation",permalink:"/docs/installation",draft:!1,editUrl:"https://github.com/containers/podman.io/tree/main/docs/installation.md",tags:[],version:"current",frontMatter:{title:"Podman Installation"},sidebar:"docsSidebar",previous:{title:"Getting Started with Podman",permalink:"/docs/"},next:{title:"Podman Checkpoint",permalink:"/docs/checkpoint"}},s={},p=[{value:"Installing on Mac & Windows",id:"installing-on-mac--windows",level:2},{value:"macOS",id:"macos",level:3},{value:"Windows",id:"windows",level:3},{value:"Installing on Linux",id:"installing-on-linux",level:2},{value:"Linux Distributions",id:"linux-distributions",level:3},{value:"Arch Linux & Manjaro Linux",id:"arch-linux--manjaro-linux",level:4},{value:"Alpine Linux",id:"alpine-linux",level:4},{value:"CentOS",id:"centos",level:4},{value:"Debian",id:"debian",level:4},{value:"Fedora",id:"fedora",level:4},{value:"Fedora CoreOS, Fedora Silverblue",id:"fedora-coreos-fedora-silverblue",level:4},{value:"Gentoo",id:"gentoo",level:4},{value:"OpenEmbedded",id:"openembedded",level:4},{value:"openSUSE",id:"opensuse",level:4},{value:"openSUSE Kubic",id:"opensuse-kubic",level:4},{value:"Raspberry Pi OS arm64 (beta)",id:"raspberry-pi-os-arm64-beta",level:4},{value:"RHEL7",id:"rhel7",level:4},{value:"RHEL8",id:"rhel8",level:4},{value:"Ubuntu",id:"ubuntu",level:4},{value:"Linux Mint",id:"linux-mint",level:4},{value:"Installing development versions of Podman",id:"installing-development-versions-of-podman",level:3},{value:"Fedora",id:"fedora-1",level:4},{value:"Installing bleeding-edge versions of Podman",id:"installing-bleeding-edge-versions-of-podman",level:3},{value:"Installing on FreeBSD 14.0",id:"installing-on-freebsd-140",level:2},{value:"Initial configuration",id:"initial-configuration",level:4},{value:"Networking",id:"networking",level:5},{value:"Storage",id:"storage",level:5},{value:"Verification",id:"verification",level:5},{value:"Linux Emulation",id:"linux-emulation",level:5},{value:"Building from Source",id:"building-from-source",level:2},{value:"Build and Run Dependencies",id:"build-and-run-dependencies",level:3},{value:"Building missing dependencies",id:"building-missing-dependencies",level:3},{value:"golang",id:"golang",level:4},{value:"conmon",id:"conmon",level:4},{value:"crun / runc",id:"crun--runc",level:4},{value:"CNI plugins",id:"cni-plugins",level:4},{value:"Setup CNI networking",id:"setup-cni-networking",level:4},{value:"Add configuration",id:"add-configuration",level:4},{value:"Optional packages",id:"optional-packages",level:4},{value:"Get Source Code",id:"get-source-code",level:3},{value:"Build Tags",id:"build-tags",level:4},{value:"Vendoring - Dependency Management",id:"vendoring---dependency-management",level:3},{value:"Ansible",id:"ansible",level:4},{value:"Configuration files",id:"configuration-files",level:2},{value:"registries.conf",id:"registriesconf",level:3},{value:"Man Page: registries.conf.5",id:"man-page-registriesconf5",level:4},{value:"Example from the Fedora containers-common package",id:"example-from-the-fedora-containers-common-package",level:4},{value:"mounts.conf",id:"mountsconf",level:3},{value:"Example from the Fedora containers-common package:",id:"example-from-the-fedora-containers-common-package-1",level:4},{value:"seccomp.json",id:"seccompjson",level:3},{value:"policy.json",id:"policyjson",level:3},{value:"Man Page: policy.json.5",id:"man-page-policyjson5",level:4},{value:"Example from the Fedora containers-common package:",id:"example-from-the-fedora-containers-common-package-2",level:4}],d={toc:p},u="wrapper";function c(e){let{components:n,...t}=e;return(0,o.kt)(u,(0,a.Z)({},d,t,{components:n,mdxType:"MDXLayout"}),(0,o.kt)("h1",{id:"podman-installation-instructions"},"Podman Installation Instructions"),(0,o.kt)("p",null,"Looking for a GUI? You can find Podman Desktop ",(0,o.kt)("a",{parentName:"p",href:"https://podman-desktop.io/downloads"},"here"),"."),(0,o.kt)("h2",{id:"installing-on-mac--windows"},"Installing on Mac & Windows"),(0,o.kt)("p",null,'While "containers are Linux," Podman also runs on Mac and Windows, where it\nprovides a native podman CLI and embeds a guest Linux system to launch your\ncontainers. This guest is referred to as a Podman machine and is managed with\nthe ',(0,o.kt)("inlineCode",{parentName:"p"},"podman machine")," command. Podman on Mac and Windows also listens for\nDocker API clients, supporting direct usage of Docker-based tools and\nprogrammatic access from your language of choice."),(0,o.kt)("h3",{id:"macos"},"macOS"),(0,o.kt)("p",null,"On Mac, each Podman machine is backed by a virtual machine.\nOnce installed, the podman command can be run directly from\nthe Unix shell in ",(0,o.kt)("inlineCode",{parentName:"p"},"Terminal"),", where it remotely communicates with the podman\nservice running in the Machine VM."),(0,o.kt)("details",{open:!0},(0,o.kt)("summary",null,"Download Podman Installer (Reccomended)"),(0,o.kt)("p",null,"Podman can be downloaded from the ",(0,o.kt)("a",{parentName:"p",href:"https://podman.io"},"Podman.io")," website."),(0,o.kt)("p",null,"We also upload the installers and other binaries on our ",(0,o.kt)("a",{parentName:"p",href:"https://github.com/containers/podman/releases"},"Github release page"),".")),(0,o.kt)("p",null,"Though not reccomended, Podman can also be obtained through Homebrew,\nthe package manager."),(0,o.kt)("details",null,(0,o.kt)("summary",null,"Install via Brew"),(0,o.kt)("p",null,"Since Brew is a community-maintained package manager, we cannot guarantee stability\nof Brew installs of Podman. Thus, installing via Brew is not reccomended."),(0,o.kt)("p",null,"However, if you do wish to use Brew, you must first install ",(0,o.kt)("a",{parentName:"p",href:"https://brew.sh/"},"Homebrew"),". Once you\nhave set up brew, you can use the ",(0,o.kt)("inlineCode",{parentName:"p"},"brew install")," command to install Podman:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"brew install podman\n"))),(0,o.kt)("p",null,"After installing, you need to create and start your first Podman machine:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"podman machine init\npodman machine start\n")),(0,o.kt)("p",null,"You can then verify the installation information using:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"podman info\n")),(0,o.kt)("p",null,"We also provide binaries and a pkginstaller on our ",(0,o.kt)("a",{parentName:"p",href:"https://github.com/containers/podman/releases"},"Github release page")),(0,o.kt)("h3",{id:"windows"},"Windows"),(0,o.kt)("p",null,"On Windows, each Podman machine is backed by a virtualized Windows System for\nLinux (WSLv2) distribution. Once installed, the podman command can be run\ndirectly from your Windows PowerShell (or CMD) prompt, where it remotely\ncommunicates with the podman service running in the WSL environment.\nAlternatively, you can access Podman directly from the WSL instance if you\nprefer a Linux prompt and Linux tooling."),(0,o.kt)("p",null,"See the ",(0,o.kt)("a",{parentName:"p",href:"https://github.com/containers/podman/blob/main/docs/tutorials/podman-for-windows.md"},"Podman for Windows guide")," for setup and usage instructions."),(0,o.kt)("h2",{id:"installing-on-linux"},"Installing on Linux"),(0,o.kt)("h3",{id:"linux-distributions"},"Linux Distributions"),(0,o.kt)("h4",{id:"arch-linux--manjaro-linux"},(0,o.kt)("a",{parentName:"h4",href:"https://www.archlinux.org"},"Arch Linux")," & ",(0,o.kt)("a",{parentName:"h4",href:"https://manjaro.org"},"Manjaro Linux")),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"sudo pacman -S podman\n")),(0,o.kt)("p",null,"If you have problems when running Podman in ",(0,o.kt)("a",{parentName:"p",href:"https://github.com/containers/podman/blob/main/README.md#rootless"},"rootless")," mode follow the instructions ",(0,o.kt)("a",{parentName:"p",href:"https://wiki.archlinux.org/index.php/Linux_Containers#Enable_support_to_run_unprivileged_containers_(optional)"},"here")),(0,o.kt)("p",null,"For more information on Podman on ArchLinux ",(0,o.kt)("a",{parentName:"p",href:"https://wiki.archlinux.org/title/Podman"},"click here")),(0,o.kt)("h4",{id:"alpine-linux"},(0,o.kt)("a",{parentName:"h4",href:"https://alpinelinux.org"},"Alpine Linux")),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"sudo apk add podman\n")),(0,o.kt)("p",null,"For further details, please refer to the instructions on the ",(0,o.kt)("a",{parentName:"p",href:"https://wiki.alpinelinux.org/wiki/Podman"},"Alpine Linux wiki"),"."),(0,o.kt)("h4",{id:"centos"},(0,o.kt)("a",{parentName:"h4",href:"https://www.centos.org"},"CentOS")),(0,o.kt)("p",null,"Podman is available in the default Extras repos for CentOS 7 and in\nthe AppStream repo for CentOS 8 and Stream."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"sudo yum -y install podman\n")),(0,o.kt)("h4",{id:"debian"},(0,o.kt)("a",{parentName:"h4",href:"https://debian.org"},"Debian")),(0,o.kt)("p",null,"The podman package is available in the Debian 11 (Bullseye) repositories and later."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"sudo apt-get -y install podman\n")),(0,o.kt)("p",null,"If you would prefer newer (though not as well-tested) packages including RC\nversions, the ",(0,o.kt)("a",{parentName:"p",href:"https://build.opensuse.org/package/show/devel:kubic:libcontainers:unstable/podman"},"Kubic project"),"\nprovides packages for Debian Testing and Unstable.\nCheckout the ",(0,o.kt)("a",{parentName:"p",href:"https://build.opensuse.org/package/show/devel:kubic:libcontainers:unstable/podman"},"Kubic project page"),"\nfor a list of supported Debian versions and\narchitecture combinations. ",(0,o.kt)("strong",{parentName:"p"},"NOTE:")," The command ",(0,o.kt)("inlineCode",{parentName:"p"},"sudo apt-get -y upgrade"),"\nmay be required in some cases if Podman cannot be installed without it.\nThe Kubic packages are built using ",(0,o.kt)("a",{parentName:"p",href:"https://src.fedoraproject.org/rpms/podman/blob/rawhide/f/podman.spec"},"Fedora's packaging\nsources"),"."),(0,o.kt)("p",null,"CAUTION: The Kubic repo is NOT recommended for production use. Furthermore, we also highly recommend you use Buildah, Podman, and Skopeo ONLY from EITHER the Kubic repo\nOR the official Debian repos. Mixing and matching may lead to unpredictable situations including installation conflicts."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},'sudo mkdir -p /etc/apt/keyrings\n\n# Debian Testing/Bookworm\ncurl -fsSL https://download.opensuse.org/repositories/devel:kubic:libcontainers:unstable/Debian_Testing/Release.key \\\n | gpg --dearmor \\\n | sudo tee /etc/apt/keyrings/devel_kubic_libcontainers_unstable.gpg > /dev/null\necho \\\n "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/devel_kubic_libcontainers_unstable.gpg]\\\n https://download.opensuse.org/repositories/devel:kubic:libcontainers:unstable/Debian_Testing/ /" \\\n | sudo tee /etc/apt/sources.list.d/devel:kubic:libcontainers:unstable.list > /dev/null\n\n# Debian Unstable/Sid\ncurl -fsSL https://download.opensuse.org/repositories/devel:kubic:libcontainers:unstable/Debian_Unstable/Release.key \\\n | gpg --dearmor \\\n | sudo tee /etc/apt/keyrings/devel_kubic_libcontainers_unstable.gpg > /dev/null\necho \\\n "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/devel_kubic_libcontainers_unstable.gpg]\\\n https://download.opensuse.org/repositories/devel:kubic:libcontainers:unstable/Debian_Unstable/ /" \\\n | sudo tee /etc/apt/sources.list.d/devel:kubic:libcontainers:unstable.list > /dev/null\n\n# Install Podman\nsudo apt-get update\nsudo apt-get -y upgrade\nsudo apt-get -y install podman\n')),(0,o.kt)("h4",{id:"fedora"},(0,o.kt)("a",{parentName:"h4",href:"https://getfedora.org"},"Fedora")),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"sudo dnf -y install podman\n")),(0,o.kt)("h4",{id:"fedora-coreos-fedora-silverblue"},(0,o.kt)("a",{parentName:"h4",href:"https://coreos.fedoraproject.org"},"Fedora CoreOS"),", ",(0,o.kt)("a",{parentName:"h4",href:"https://silverblue.fedoraproject.org"},"Fedora Silverblue")),(0,o.kt)("p",null,"Built-in, no need to install"),(0,o.kt)("h4",{id:"gentoo"},(0,o.kt)("a",{parentName:"h4",href:"https://www.gentoo.org"},"Gentoo")),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"sudo emerge app-containers/podman\n")),(0,o.kt)("h4",{id:"openembedded"},(0,o.kt)("a",{parentName:"h4",href:"https://www.openembedded.org"},"OpenEmbedded")),(0,o.kt)("p",null,"Bitbake recipes for Podman and its dependencies are available in the\n",(0,o.kt)("a",{parentName:"p",href:"https://git.yoctoproject.org/cgit/cgit.cgi/meta-virtualization/"},"meta-virtualization layer"),".\nAdd the layer to your OpenEmbedded build environment and build Podman using:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"bitbake podman\n")),(0,o.kt)("h4",{id:"opensuse"},(0,o.kt)("a",{parentName:"h4",href:"https://www.opensuse.org"},"openSUSE")),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"sudo zypper install podman\n")),(0,o.kt)("h4",{id:"opensuse-kubic"},(0,o.kt)("a",{parentName:"h4",href:"https://kubic.opensuse.org"},"openSUSE Kubic")),(0,o.kt)("p",null,"Built-in, no need to install"),(0,o.kt)("h4",{id:"raspberry-pi-os-arm64-beta"},(0,o.kt)("a",{parentName:"h4",href:"https://downloads.raspberrypi.org/raspios_arm64/images/"},"Raspberry Pi OS arm64 (beta)")),(0,o.kt)("p",null,"Raspberry Pi OS use the standard Debian repositories,\nso it is fully compatible with Debian's arm64 repository.\nYou can simply follow the ",(0,o.kt)("a",{parentName:"p",href:"#debian"},"steps for Debian")," to install Podman."),(0,o.kt)("h4",{id:"rhel7"},(0,o.kt)("a",{parentName:"h4",href:"https://www.redhat.com/en/technologies/linux-platforms/enterprise-linux"},"RHEL7")),(0,o.kt)("p",null,"Subscribe, then enable Extras channel and install Podman."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"sudo subscription-manager repos --enable=rhel-7-server-extras-rpms\nsudo yum -y install podman\n")),(0,o.kt)("h4",{id:"rhel8"},(0,o.kt)("a",{parentName:"h4",href:"https://developers.redhat.com/rhel8"},"RHEL8")),(0,o.kt)("p",null,"Podman is included in the ",(0,o.kt)("inlineCode",{parentName:"p"},"container-tools")," module, along with Buildah and Skopeo."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"sudo yum module enable -y container-tools:rhel8\nsudo yum module install -y container-tools:rhel8\n")),(0,o.kt)("p",null,"The ",(0,o.kt)("inlineCode",{parentName:"p"},"container-tools:rhel8")," is the fast application stream, containing most recent rolling versions of the tools. Use the ",(0,o.kt)("inlineCode",{parentName:"p"},"container-tools:2.0")," stream for stable versions of Podman 1.6. The command ",(0,o.kt)("inlineCode",{parentName:"p"},"yum module list container-tools")," shows the available streams."),(0,o.kt)("h4",{id:"ubuntu"},(0,o.kt)("a",{parentName:"h4",href:"https://www.ubuntu.com"},"Ubuntu")),(0,o.kt)("p",null,"The podman package is available in the official repositories for Ubuntu 20.10\nand newer."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"# Ubuntu 20.10 and newer\nsudo apt-get update\nsudo apt-get -y install podman\n")),(0,o.kt)("p",null,"If you would prefer newer (though not as well-tested) packages including RC\nversions, the ",(0,o.kt)("a",{parentName:"p",href:"https://build.opensuse.org/package/show/devel:kubic:libcontainers:unstable/podman"},"Kubic project"),"\nprovides packages for the latest Ubuntu versions.\nCheckout the ",(0,o.kt)("a",{parentName:"p",href:"https://build.opensuse.org/package/show/devel:kubic:libcontainers:unstable/podman"},"Kubic project page"),"\nfor a list of supported Ubuntu versions and\narchitecture combinations. ",(0,o.kt)("strong",{parentName:"p"},"NOTE:")," The command ",(0,o.kt)("inlineCode",{parentName:"p"},"sudo apt-get -y upgrade"),"\nmaybe required in some cases if Podman cannot be installed without it.\nThe Kubic packages are built using ",(0,o.kt)("a",{parentName:"p",href:"https://src.fedoraproject.org/rpms/podman/blob/rawhide/f/podman.spec"},"Fedora's packaging\nsources"),"."),(0,o.kt)("p",null,"CAUTION: The Kubic repo is NOT recommended for production use. Furthermore, we highly recommend you use Buildah, Podman, and Skopeo ONLY from EITHER the Kubic repo\nOR the official Ubuntu repos. Mixing and matching may lead to unpredictable situations including installation conflicts."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},'sudo mkdir -p /etc/apt/keyrings\ncurl -fsSL "https://download.opensuse.org/repositories/devel:kubic:libcontainers:unstable/xUbuntu_$(lsb_release -rs)/Release.key" \\\n | gpg --dearmor \\\n | sudo tee /etc/apt/keyrings/devel_kubic_libcontainers_unstable.gpg > /dev/null\necho \\\n "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/devel_kubic_libcontainers_unstable.gpg]\\\n https://download.opensuse.org/repositories/devel:kubic:libcontainers:unstable/xUbuntu_$(lsb_release -rs)/ /" \\\n | sudo tee /etc/apt/sources.list.d/devel:kubic:libcontainers:unstable.list > /dev/null\nsudo apt-get update -qq\nsudo apt-get -qq -y install podman\n')),(0,o.kt)("h4",{id:"linux-mint"},(0,o.kt)("a",{parentName:"h4",href:"https://linuxmint.com"},"Linux Mint")),(0,o.kt)("p",null,"Follow the steps for Ubuntu (or Debian if you use LMDE)."),(0,o.kt)("p",null,"Replace ",(0,o.kt)("inlineCode",{parentName:"p"},"$(lsb_release -rs)")," with ",(0,o.kt)("inlineCode",{parentName:"p"},'$(grep DISTRIB_RELEASE= /etc/upstream-release/lsb-release | cut -d "=" -f 2)')," for Ubuntu steps."),(0,o.kt)("h3",{id:"installing-development-versions-of-podman"},"Installing development versions of Podman"),(0,o.kt)("h4",{id:"fedora-1"},(0,o.kt)("a",{parentName:"h4",href:"https://getfedora.org"},"Fedora")),(0,o.kt)("p",null,"You can test the very latest Podman in Fedora's ",(0,o.kt)("inlineCode",{parentName:"p"},"updates-testing"),"\nrepository before it goes out to all Fedora users."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-console"},"sudo dnf update --refresh --enablerepo=updates-testing podman\n")),(0,o.kt)("p",null,"If you use a newer Podman package from Fedora's ",(0,o.kt)("inlineCode",{parentName:"p"},"updates-testing"),", we would\nappreciate your ",(0,o.kt)("inlineCode",{parentName:"p"},"+1")," feedback in ",(0,o.kt)("a",{parentName:"p",href:"https://bodhi.fedoraproject.org/updates/?packages=podman"},"Bodhi, Fedora's update management\nsystem"),"."),(0,o.kt)("h3",{id:"installing-bleeding-edge-versions-of-podman"},"Installing bleeding-edge versions of Podman"),(0,o.kt)("p",null,"If you like danger and are interested in testing the latest\nunreleased bits of Podman on Fedora, CentOS and RHEL, we have a ",(0,o.kt)("a",{parentName:"p",href:"https://copr.fedorainfracloud.org/coprs/rhcontainerbot/podman-next/"},"Copr repository"),"."),(0,o.kt)("p",null,"CAUTION: This repository contains rpm builds generated using the ",(0,o.kt)("inlineCode",{parentName:"p"},"main")," branch\nof upstream container tools repositories, and simply CANNOT be recommended for\nany production use."),(0,o.kt)("p",null,"RHEL8 / CentOS 8 Stream users would first need to disable the container-tools\nmodule. All other users can skip this step."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"sudo dnf module disable container-tools -y\n")),(0,o.kt)("p",null,"Enable the Copr and install podman."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"sudo dnf copr enable rhcontainerbot/podman-next -y\nsudo dnf install podman\n")),(0,o.kt)("h2",{id:"installing-on-freebsd-140"},"Installing on ",(0,o.kt)("a",{parentName:"h2",href:"https://freebsd.org"},"FreeBSD")," 14.0"),(0,o.kt)("blockquote",null,(0,o.kt)("p",{parentName:"blockquote"},"[!WARNING]","\nThe FreeBSD port of the Podman container engine is experimental and should be used for evaluation and testing purposes only.")),(0,o.kt)("p",null,"You can install Podman on FreeBSD using ",(0,o.kt)("inlineCode",{parentName:"p"},"pkg"),":"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"pkg install podman\n")),(0,o.kt)("p",null,"There's also a ",(0,o.kt)("inlineCode",{parentName:"p"},"podman-suite")," meta package that will pull additional packages for you (buildah, skopeo)."),(0,o.kt)("h4",{id:"initial-configuration"},"Initial configuration"),(0,o.kt)("p",null,"To properly support Podman's container restart policy, conmon needs ",(0,o.kt)("inlineCode",{parentName:"p"},"fdescfs(5)")," to be mounted on ",(0,o.kt)("inlineCode",{parentName:"p"},"/dev/fd"),"."),(0,o.kt)("p",null,"If ",(0,o.kt)("inlineCode",{parentName:"p"},"/dev/fd")," is not already mounted:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"mount -t fdescfs fdesc /dev/fd\n")),(0,o.kt)("p",null,"To make it permanent, add the following line to ",(0,o.kt)("inlineCode",{parentName:"p"},"/etc/fstab"),":"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},"fdesc /dev/fd fdescfs rw 0 0\n")),(0,o.kt)("p",null,"To start Podman after reboot:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"service podman enable\n")),(0,o.kt)("h5",{id:"networking"},"Networking"),(0,o.kt)("p",null,"Container networking relies on NAT to allow container network packets out to the host's network. This requires a PF firewall to perform the translation. A simple example is included - to use it:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"cp /usr/local/etc/containers/pf.conf.sample /etc/pf.conf\n")),(0,o.kt)("p",null,"Edit ",(0,o.kt)("inlineCode",{parentName:"p"},"/etc/pf.conf")," and set ",(0,o.kt)("inlineCode",{parentName:"p"},"v4egress_if"),", ",(0,o.kt)("inlineCode",{parentName:"p"},"v6egress_if")," variables to your network interface(s)s"),(0,o.kt)("p",null,"Enable and start ",(0,o.kt)("inlineCode",{parentName:"p"},"pf"),":"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},"service pf enable\nservice pf start\n")),(0,o.kt)("p",null,"The sample PF configuration includes support for port redirections. These are implemented as redirect rules in anchors nested under cni-rdr."),(0,o.kt)("p",null,"Support for redirecting connections from the container host to services running inside a container is included for FreeBSD 13.3 and later. To enable this, first load the pf kernel module and enable PF support for these redirections using sysctl:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"echo 'pf_load=\"YES\"' >> /boot/loader.conf\nkldload pf\nsysctl net.pf.filter_local=1\necho 'net.pf.filter_local=1' >> /etc/sysctl.conf.local\nservice pf restart\n")),(0,o.kt)("p",null,"Redirect rules will work if the destination address is localhost (e.g. 127.0.0.1 or ::1) - to enable this, the following line must be included in your ",(0,o.kt)("inlineCode",{parentName:"p"},"/etc/pf.conf"),":"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},'nat-anchor "cni-rdr/*"\n')),(0,o.kt)("p",null,"if upgrading from an older version, this needs to be added to ",(0,o.kt)("inlineCode",{parentName:"p"},"/etc/pf.conf"),"."),(0,o.kt)("p",null,"For example if host port 1234 is redirected to an http service running in a\ncontainer, you could connect to it using:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"fetch -o- http://$(hostname):1234\n")),(0,o.kt)("p",null,"or"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"fetch -o- http://localhost:1234\n")),(0,o.kt)("h5",{id:"storage"},"Storage"),(0,o.kt)("p",null,"Container images and related state is stored in ",(0,o.kt)("inlineCode",{parentName:"p"},"/var/db/containers"),". It is recommended to use ZFS for this:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"zfs create -o mountpoint=/var/db/containers zroot/containers\n")),(0,o.kt)("p",null,"If your system cannot use ZFS, change ",(0,o.kt)("inlineCode",{parentName:"p"},"storage.conf")," to use the ",(0,o.kt)("inlineCode",{parentName:"p"},"vfs")," storage driver:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},'sed -I .bak -e \'s/driver = "zfs"/driver = "vfs"/\' /usr/local/etc/containers/storage.conf\n')),(0,o.kt)("h5",{id:"verification"},"Verification"),(0,o.kt)("p",null,"After following these steps you should be able to run native images:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"podman run --rm docker.io/dougrabson/hello\n")),(0,o.kt)("h5",{id:"linux-emulation"},"Linux Emulation"),(0,o.kt)("p",null,"It is possible to run many Linux container images using FreeBSD's Linux emulation:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},'sudo sysrc linux_enable=YES\nsudo service linux start\nsudo podman run --rm --os=linux alpine cat /etc/os-release | head -1\nNAME="Alpine Linux"\n')),(0,o.kt)("h2",{id:"building-from-source"},"Building from Source"),(0,o.kt)("h3",{id:"build-and-run-dependencies"},"Build and Run Dependencies"),(0,o.kt)("p",null,(0,o.kt)("strong",{parentName:"p"},"Required")),(0,o.kt)("p",null,"On Fedora:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"# Install build dependencies\nsudo dnf -y builddep rpm/podman.spec\n\n# Install runtime dependencies\nsudo dnf -y install catatonit conmon containers-common-extra\n")),(0,o.kt)("p",null,"On all RHEL and CentOS Stream, first install ",(0,o.kt)("inlineCode",{parentName:"p"},"dnf-builddep"),":"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"sudo dnf -y install 'dnf-command(builddep)'\n")),(0,o.kt)("p",null,"Install build dependencies:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"# CentOS Stream 8\nsudo dnf -y builddep rpm/podman.spec --enablerepo=powertools\n\n# CentOS Stream 9\nsudo dnf -y builddep rpm/podman.spec --enablerepo=crb\n\n# RHEL (8 and newer)\nsudo dnf -y builddep rpm/podman.spec --enablerepo=codeready-builder-for-rhel-$(rpm --eval %{?rhel})-$(uname -m)-rpms\n")),(0,o.kt)("p",null,"Install runtime dependencies:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"sudo dnf -y install \\\n conmon \\\n containers-common \\\n crun \\\n iptables \\\n netavark \\\n nftables \\\n slirp4netns\n")),(0,o.kt)("p",null,"Debian, Ubuntu, and related distributions:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"sudo apt-get install \\\n btrfs-progs \\\n crun \\\n git \\\n golang-go \\\n go-md2man \\\n iptables \\\n libassuan-dev \\\n libbtrfs-dev \\\n libc6-dev \\\n libdevmapper-dev \\\n libglib2.0-dev \\\n libgpgme-dev \\\n libgpg-error-dev \\\n libprotobuf-dev \\\n libprotobuf-c-dev \\\n libseccomp-dev \\\n libselinux1-dev \\\n libsystemd-dev \\\n netavark \\\n pkg-config \\\n uidmap\n")),(0,o.kt)("p",null,"The ",(0,o.kt)("inlineCode",{parentName:"p"},"netavark")," package may not be available on older Debian / Ubuntu\nversions. Install the ",(0,o.kt)("inlineCode",{parentName:"p"},"containernetworking-plugins")," package instead."),(0,o.kt)("p",null,"On openSUSE Leap 15.x and Tumbleweed:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"sudo zypper -n in libseccomp-devel libgpgme-devel\n")),(0,o.kt)("p",null,"On Manjaro (and maybe other Linux distributions):"),(0,o.kt)("p",null,"Make sure that the Linux kernel supports user namespaces:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},"> zgrep CONFIG_USER_NS /proc/config.gz\nCONFIG_USER_NS=y\n\n")),(0,o.kt)("p",null,"If not, please update the kernel.\nFor Manjaro Linux the instructions can be found here:\n",(0,o.kt)("a",{parentName:"p",href:"https://wiki.manjaro.org/index.php/Manjaro_Kernels"},"https://wiki.manjaro.org/index.php/Manjaro_Kernels")),(0,o.kt)("p",null,"After that enable user namespaces:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},"sudo sysctl kernel.unprivileged_userns_clone=1\n")),(0,o.kt)("p",null,"To enable the user namespaces permanently:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},"echo 'kernel.unprivileged_userns_clone=1' > /etc/sysctl.d/userns.conf\n")),(0,o.kt)("h3",{id:"building-missing-dependencies"},"Building missing dependencies"),(0,o.kt)("p",null,"If any dependencies cannot be installed or are not sufficiently current, they have to be built from source.\nThis will mainly affect Debian, Ubuntu, and related distributions, or RHEL where no subscription is active (e.g. Cloud VMs)."),(0,o.kt)("h4",{id:"golang"},"golang"),(0,o.kt)("p",null,"Be careful to double-check that the version of golang is new enough (i.e. ",(0,o.kt)("inlineCode",{parentName:"p"},"go version"),"), as of January 2022 version is 1.16.x or higher is required.\nThe current minimum required version can always be found in the ",(0,o.kt)("a",{parentName:"p",href:"https://github.com/containers/podman/blob/main/go.mod"},"go.mod")," file.\nIf needed, golang kits are available at ",(0,o.kt)("a",{parentName:"p",href:"https://golang.org/dl/"},"https://golang.org/dl/"),". Alternatively, go can be built from source as follows\n(it's helpful to leave the system-go installed, to avoid having to ",(0,o.kt)("a",{parentName:"p",href:"https://golang.org/doc/install/source"},"bootstrap go"),":"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"export GOPATH=~/go\ngit clone https://go.googlesource.com/go $GOPATH\ncd $GOPATH\ncd src\n./all.bash\nexport PATH=$GOPATH/bin:$PATH\n")),(0,o.kt)("h4",{id:"conmon"},"conmon"),(0,o.kt)("p",null,"The latest version of ",(0,o.kt)("inlineCode",{parentName:"p"},"conmon")," is expected to be installed on the system. Conmon is used to monitor OCI Runtimes.\nTo build from source, use the following:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},'git clone https://github.com/containers/conmon\ncd conmon\nexport GOCACHE="$(mktemp -d)"\nmake\nsudo make podman\n')),(0,o.kt)("h4",{id:"crun--runc"},"crun / runc"),(0,o.kt)("p",null,"The latest version of at least one container runtime is expected to be installed on the system. ",(0,o.kt)("inlineCode",{parentName:"p"},"crun")," or ",(0,o.kt)("inlineCode",{parentName:"p"},"runc")," are some of the possibilities, and one is picked up as the default runtime by Podman (crun has priority over runc).\nSupported versions of ",(0,o.kt)("inlineCode",{parentName:"p"},"crun")," or ",(0,o.kt)("inlineCode",{parentName:"p"},"runc")," are available for example on Ubuntu 22.04.\n",(0,o.kt)("inlineCode",{parentName:"p"},"runc")," version 1.0.0-rc4 is the minimal requirement, which is available since Ubuntu 18.04."),(0,o.kt)("p",null,"To double-check, ",(0,o.kt)("inlineCode",{parentName:"p"},"runc --version")," should produce at least ",(0,o.kt)("inlineCode",{parentName:"p"},"spec: 1.0.1"),", otherwise build your own:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},'git clone https://github.com/opencontainers/runc.git $GOPATH/src/github.com/opencontainers/runc\ncd $GOPATH/src/github.com/opencontainers/runc\nmake BUILDTAGS="selinux seccomp"\nsudo cp runc /usr/bin/runc\n')),(0,o.kt)("h4",{id:"cni-plugins"},"CNI plugins"),(0,o.kt)("h4",{id:"setup-cni-networking"},"Setup CNI networking"),(0,o.kt)("p",null,"A proper description of setting up CNI networking is given in the ",(0,o.kt)("a",{parentName:"p",href:"https://github.com/containers/podman/blob/main/cni/README.md"},(0,o.kt)("inlineCode",{parentName:"a"},"cni")," README"),"."),(0,o.kt)("p",null,"A basic setup for CNI networking is done by default during the installation or make processes and\nno further configuration is needed to start using Podman."),(0,o.kt)("h4",{id:"add-configuration"},"Add configuration"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"sudo mkdir -p /etc/containers\nsudo curl -L -o /etc/containers/registries.conf https://src.fedoraproject.org/rpms/containers-common/raw/main/f/registries.conf\nsudo curl -L -o /etc/containers/policy.json https://src.fedoraproject.org/rpms/containers-common/raw/main/f/default-policy.json\n")),(0,o.kt)("h4",{id:"optional-packages"},"Optional packages"),(0,o.kt)("p",null,"Fedora, CentOS, RHEL, and related distributions:"),(0,o.kt)("p",null,"(no optional packages)"),(0,o.kt)("p",null,"Debian, Ubuntu, and related distributions:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"apt-get install -y \\\n libapparmor-dev\n")),(0,o.kt)("h3",{id:"get-source-code"},"Get Source Code"),(0,o.kt)("p",null,"First, ensure that the ",(0,o.kt)("inlineCode",{parentName:"p"},"go version")," that is found first on the $PATH is 1.16.x or higher. Instruction ",(0,o.kt)("a",{parentName:"p",href:"#golang"},"above")," will help you compile newer version of Go if needed. Then we can build Podman:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},'git clone https://github.com/containers/podman/\ncd podman\nmake BUILDTAGS="selinux seccomp" PREFIX=/usr\nsudo make install PREFIX=/usr\n')),(0,o.kt)("h4",{id:"build-tags"},"Build Tags"),(0,o.kt)("p",null,"Otherwise, if you do not want to build Podman with seccomp or selinux support you can add ",(0,o.kt)("inlineCode",{parentName:"p"},'BUILDTAGS=""')," when running make."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},'make BUILDTAGS=""\nsudo make install\n')),(0,o.kt)("p",null,"Podman supports optional build tags for compiling support of various features.\nTo add build tags to the make option the ",(0,o.kt)("inlineCode",{parentName:"p"},"BUILDTAGS")," variable must be set, for example:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"make BUILDTAGS='seccomp apparmor'\n")),(0,o.kt)("table",null,(0,o.kt)("thead",{parentName:"table"},(0,o.kt)("tr",{parentName:"thead"},(0,o.kt)("th",{parentName:"tr",align:null},"Build Tag"),(0,o.kt)("th",{parentName:"tr",align:null},"Feature"),(0,o.kt)("th",{parentName:"tr",align:null},"Dependency"))),(0,o.kt)("tbody",{parentName:"table"},(0,o.kt)("tr",{parentName:"tbody"},(0,o.kt)("td",{parentName:"tr",align:null},"apparmor"),(0,o.kt)("td",{parentName:"tr",align:null},"apparmor support"),(0,o.kt)("td",{parentName:"tr",align:null},"libapparmor")),(0,o.kt)("tr",{parentName:"tbody"},(0,o.kt)("td",{parentName:"tr",align:null},"exclude_graphdriver_btrfs"),(0,o.kt)("td",{parentName:"tr",align:null},"exclude btrfs"),(0,o.kt)("td",{parentName:"tr",align:null},"libbtrfs")),(0,o.kt)("tr",{parentName:"tbody"},(0,o.kt)("td",{parentName:"tr",align:null},"exclude_graphdriver_devicemapper"),(0,o.kt)("td",{parentName:"tr",align:null},"exclude device-mapper"),(0,o.kt)("td",{parentName:"tr",align:null},"libdm")),(0,o.kt)("tr",{parentName:"tbody"},(0,o.kt)("td",{parentName:"tr",align:null},"libdm_no_deferred_remove"),(0,o.kt)("td",{parentName:"tr",align:null},"exclude deferred removal in libdm"),(0,o.kt)("td",{parentName:"tr",align:null},"libdm")),(0,o.kt)("tr",{parentName:"tbody"},(0,o.kt)("td",{parentName:"tr",align:null},"seccomp"),(0,o.kt)("td",{parentName:"tr",align:null},"syscall filtering"),(0,o.kt)("td",{parentName:"tr",align:null},"libseccomp")),(0,o.kt)("tr",{parentName:"tbody"},(0,o.kt)("td",{parentName:"tr",align:null},"selinux"),(0,o.kt)("td",{parentName:"tr",align:null},"selinux process and mount labeling"),(0,o.kt)("td",{parentName:"tr",align:null})),(0,o.kt)("tr",{parentName:"tbody"},(0,o.kt)("td",{parentName:"tr",align:null},"systemd"),(0,o.kt)("td",{parentName:"tr",align:null},"journald logging"),(0,o.kt)("td",{parentName:"tr",align:null},"libsystemd")))),(0,o.kt)("p",null,"Note that Podman does not officially support device-mapper. Thus, the ",(0,o.kt)("inlineCode",{parentName:"p"},"exclude_graphdriver_devicemapper")," tag is mandatory."),(0,o.kt)("h3",{id:"vendoring---dependency-management"},"Vendoring - Dependency Management"),(0,o.kt)("p",null,"This project is using ",(0,o.kt)("a",{parentName:"p",href:"https://github.com/golang/go/wiki/Modules"},"go modules")," for dependency management. If the CI is complaining about a pull request leaving behind an unclean state, it is very likely right about it. After changing dependencies, make sure to run ",(0,o.kt)("inlineCode",{parentName:"p"},"make vendor")," to synchronize the code with the go module and repopulate the ",(0,o.kt)("inlineCode",{parentName:"p"},"./vendor")," directory."),(0,o.kt)("h4",{id:"ansible"},"Ansible"),(0,o.kt)("p",null,"An ",(0,o.kt)("a",{parentName:"p",href:"https://github.com/alvistack/ansible-role-podman"},"Ansible Role")," is\nalso available to automate the installation of the above statically\nlinked binary on its supported OS:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"sudo su -\nmkdir -p ~/.ansible/roles\ncd ~/.ansible/roles\ngit clone https://github.com/alvistack/ansible-role-podman.git podman\ncd ~/.ansible/roles/podman\npip3 install --upgrade --ignore-installed --requirement requirements.txt\nmolecule converge\nmolecule verify\n")),(0,o.kt)("h2",{id:"configuration-files"},"Configuration files"),(0,o.kt)("h3",{id:"registriesconf"},(0,o.kt)("a",{parentName:"h3",href:"https://src.fedoraproject.org/rpms/containers-common/blob/main/f/registries.conf"},"registries.conf")),(0,o.kt)("h4",{id:"man-page-registriesconf5"},"Man Page: ",(0,o.kt)("a",{parentName:"h4",href:"https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md"},"registries.conf.5")),(0,o.kt)("p",null,(0,o.kt)("inlineCode",{parentName:"p"},"/etc/containers/registries.conf")),(0,o.kt)("p",null,"registries.conf is the configuration file which specifies which container registries should be consulted when completing image names which do not include a registry or domain portion."),(0,o.kt)("h4",{id:"example-from-the-fedora-containers-common-package"},"Example from the Fedora ",(0,o.kt)("inlineCode",{parentName:"h4"},"containers-common")," package"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},'$ cat /etc/containers/registries.conf\n# For more information on this configuration file, see containers-registries.conf(5).\n#\n# NOTE: RISK OF USING UNQUALIFIED IMAGE NAMES\n# We recommend always using fully qualified image names including the registry\n# server (full dns name), namespace, image name, and tag\n# (e.g., registry.redhat.io/ubi8/ubi:latest). Pulling by digest (i.e.,\n# quay.io/repository/name@digest) further eliminates the ambiguity of tags.\n# When using short names, there is always an inherent risk that the image being\n# pulled could be spoofed. For example, a user wants to pull an image named\n# `foobar` from a registry and expects it to come from myregistry.com. If\n# myregistry.com is not first in the search list, an attacker could place a\n# different `foobar` image at a registry earlier in the search list. The user\n# would accidentally pull and run the attacker\'s image and code rather than the\n# intended content. We recommend only adding registries which are completely\n# trusted (i.e., registries which don\'t allow unknown or anonymous users to\n# create accounts with arbitrary names). This will prevent an image from being\n# spoofed, squatted or otherwise made insecure. If it is necessary to use one\n# of these registries, it should be added at the end of the list.\n#\n# # An array of host[:port] registries to try when pulling an unqualified image, in order.\nunqualified-search-registries = ["registry.fedoraproject.org", "registry.access.redhat.com", "docker.io"]\n#\n# [[registry]]\n# # The "prefix" field is used to choose the relevant [[registry]] TOML table;\n# # (only) the TOML table with the longest match for the input image name\n# # (taking into account namespace/repo/tag/digest separators) is used.\n# #\n# # If the prefix field is missing, it defaults to be the same as the "location" field.\n# prefix = "example.com/foo"\n#\n# # If true, unencrypted HTTP as well as TLS connections with untrusted\n# # certificates are allowed.\n# insecure = false\n#\n# # If true, pulling images with matching names is forbidden.\n# blocked = false\n#\n# # The physical location of the "prefix"-rooted namespace.\n# #\n# # By default, this equal to "prefix" (in which case "prefix" can be omitted\n# # and the [[registry]] TOML table can only specify "location").\n# #\n# # Example: Given\n# # prefix = "example.com/foo"\n# # location = "internal-registry-for-example.net/bar"\n# # requests for the image example.com/foo/myimage:latest will actually work with the\n# # internal-registry-for-example.net/bar/myimage:latest image.\n# location = "internal-registry-for-example.com/bar"\n#\n# # (Possibly-partial) mirrors for the "prefix"-rooted namespace.\n# #\n# # The mirrors are attempted in the specified order; the first one that can be\n# # contacted and contains the image will be used (and if none of the mirrors contains the image,\n# # the primary location specified by the "registry.location" field, or using the unmodified\n# # user-specified reference, is tried last).\n# #\n# # Each TOML table in the "mirror" array can contain the following fields, with the same semantics\n# # as if specified in the [[registry]] TOML table directly:\n# # - location\n# # - insecure\n# [[registry.mirror]]\n# location = "example-mirror-0.local/mirror-for-foo"\n# [[registry.mirror]]\n# location = "example-mirror-1.local/mirrors/foo"\n# insecure = true\n# # Given the above, a pull of example.com/foo/image:latest will try:\n# # 1. example-mirror-0.local/mirror-for-foo/image:latest\n# # 2. example-mirror-1.local/mirrors/foo/image:latest\n# # 3. internal-registry-for-example.net/bar/image:latest\n# # in order, and use the first one that exists.\n#\n# short-name-mode="enforcing"\n\n[[registry]]\nlocation="localhost:5000"\ninsecure=true\n')),(0,o.kt)("h3",{id:"mountsconf"},(0,o.kt)("a",{parentName:"h3",href:"https://src.fedoraproject.org/rpms/containers-common/blob/main/f/mounts.conf"},"mounts.conf")),(0,o.kt)("p",null,(0,o.kt)("inlineCode",{parentName:"p"},"/usr/share/containers/mounts.conf")," and optionally ",(0,o.kt)("inlineCode",{parentName:"p"},"/etc/containers/mounts.conf")),(0,o.kt)("p",null,"The mounts.conf files specify volume mount directories that are automatically mounted inside containers when executing the ",(0,o.kt)("inlineCode",{parentName:"p"},"podman run")," or ",(0,o.kt)("inlineCode",{parentName:"p"},"podman build")," commands. Container process can then use this content. The volume mount content does not get committed to the final image."),(0,o.kt)("p",null,"Usually these directories are used for passing secrets or credentials required by the package software to access remote package repositories."),(0,o.kt)("p",null,'For example, a mounts.conf with the line "',(0,o.kt)("inlineCode",{parentName:"p"},"/usr/share/rhel/secrets:/run/secrets"),'", the content of ',(0,o.kt)("inlineCode",{parentName:"p"},"/usr/share/rhel/secrets")," directory is mounted on ",(0,o.kt)("inlineCode",{parentName:"p"},"/run/secrets")," inside the container. This mountpoint allows Red Hat Enterprise Linux subscriptions from the host to be used within the container."),(0,o.kt)("p",null,"Note this is not a volume mount. The content of the volumes is copied into container storage, not bind mounted directly from the host."),(0,o.kt)("h4",{id:"example-from-the-fedora-containers-common-package-1"},"Example from the Fedora ",(0,o.kt)("inlineCode",{parentName:"h4"},"containers-common")," package:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},"cat /usr/share/containers/mounts.conf\n/usr/share/rhel/secrets:/run/secrets\n")),(0,o.kt)("h3",{id:"seccompjson"},(0,o.kt)("a",{parentName:"h3",href:"https://src.fedoraproject.org/rpms/containers-common/blob/main/f/seccomp.json"},"seccomp.json")),(0,o.kt)("p",null,(0,o.kt)("inlineCode",{parentName:"p"},"/usr/share/containers/seccomp.json")),(0,o.kt)("p",null,"seccomp.json contains the whitelist of seccomp rules to be allowed inside of\ncontainers. This file is usually provided by the containers-common package."),(0,o.kt)("p",null,"The link above takes you to the seccomp.json"),(0,o.kt)("h3",{id:"policyjson"},(0,o.kt)("a",{parentName:"h3",href:"https://src.fedoraproject.org/rpms/containers-common/blob/main/f/default-policy.json"},"policy.json")),(0,o.kt)("p",null,(0,o.kt)("inlineCode",{parentName:"p"},"/etc/containers/policy.json")),(0,o.kt)("h4",{id:"man-page-policyjson5"},"Man Page: ",(0,o.kt)("a",{parentName:"h4",href:"https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md"},"policy.json.5")),(0,o.kt)("h4",{id:"example-from-the-fedora-containers-common-package-2"},"Example from the Fedora ",(0,o.kt)("inlineCode",{parentName:"h4"},"containers-common")," package:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},'cat /etc/containers/policy.json\n{\n "default": [\n {\n "type": "insecureAcceptAnything"\n }\n ],\n "transports":\n {\n "docker-daemon":\n {\n "": [{"type":"insecureAcceptAnything"}]\n }\n }\n}\n')))}c.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkpodman=self.webpackChunkpodman||[]).push([[83217],{3905:(e,n,t)=>{t.d(n,{Zo:()=>d,kt:()=>h});var a=t(67294);function o(e,n,t){return n in e?Object.defineProperty(e,n,{value:t,enumerable:!0,configurable:!0,writable:!0}):e[n]=t,e}function r(e,n){var t=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);n&&(a=a.filter((function(n){return Object.getOwnPropertyDescriptor(e,n).enumerable}))),t.push.apply(t,a)}return t}function i(e){for(var n=1;n=0||(o[t]=e[t]);return o}(e,n);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,t)&&(o[t]=e[t])}return o}var s=a.createContext({}),p=function(e){var n=a.useContext(s),t=n;return e&&(t="function"==typeof e?e(n):i(i({},n),e)),t},d=function(e){var n=p(e.components);return a.createElement(s.Provider,{value:n},e.children)},u="mdxType",c={inlineCode:"code",wrapper:function(e){var n=e.children;return a.createElement(a.Fragment,{},n)}},m=a.forwardRef((function(e,n){var t=e.components,o=e.mdxType,r=e.originalType,s=e.parentName,d=l(e,["components","mdxType","originalType","parentName"]),u=p(t),m=o,h=u["".concat(s,".").concat(m)]||u[m]||c[m]||r;return t?a.createElement(h,i(i({ref:n},d),{},{components:t})):a.createElement(h,i({ref:n},d))}));function h(e,n){var t=arguments,o=n&&n.mdxType;if("string"==typeof e||o){var r=t.length,i=new Array(r);i[0]=m;var l={};for(var s in n)hasOwnProperty.call(n,s)&&(l[s]=n[s]);l.originalType=e,l[u]="string"==typeof e?e:o,i[1]=l;for(var p=2;p{t.r(n),t.d(n,{assets:()=>s,contentTitle:()=>i,default:()=>c,frontMatter:()=>r,metadata:()=>l,toc:()=>p});var a=t(87462),o=(t(67294),t(3905));const r={title:"Podman Installation"},i="Podman Installation Instructions",l={unversionedId:"installation",id:"installation",title:"Podman Installation",description:"Looking for a GUI? You can find Podman Desktop here.",source:"@site/docs/installation.md",sourceDirName:".",slug:"/installation",permalink:"/docs/installation",draft:!1,editUrl:"https://github.com/containers/podman.io/tree/main/docs/installation.md",tags:[],version:"current",frontMatter:{title:"Podman Installation"},sidebar:"docsSidebar",previous:{title:"Getting Started with Podman",permalink:"/docs/"},next:{title:"Podman Checkpoint",permalink:"/docs/checkpoint"}},s={},p=[{value:"Installing on Mac & Windows",id:"installing-on-mac--windows",level:2},{value:"macOS",id:"macos",level:3},{value:"Windows",id:"windows",level:3},{value:"Installing on Linux",id:"installing-on-linux",level:2},{value:"Linux Distributions",id:"linux-distributions",level:3},{value:"Arch Linux & Manjaro Linux",id:"arch-linux--manjaro-linux",level:4},{value:"Alpine Linux",id:"alpine-linux",level:4},{value:"CentOS",id:"centos",level:4},{value:"Debian",id:"debian",level:4},{value:"Fedora",id:"fedora",level:4},{value:"Fedora CoreOS, Fedora Silverblue",id:"fedora-coreos-fedora-silverblue",level:4},{value:"Gentoo",id:"gentoo",level:4},{value:"OpenEmbedded",id:"openembedded",level:4},{value:"openSUSE",id:"opensuse",level:4},{value:"openSUSE Kubic",id:"opensuse-kubic",level:4},{value:"Raspberry Pi OS arm64 (beta)",id:"raspberry-pi-os-arm64-beta",level:4},{value:"RHEL7",id:"rhel7",level:4},{value:"RHEL8",id:"rhel8",level:4},{value:"Ubuntu",id:"ubuntu",level:4},{value:"Linux Mint",id:"linux-mint",level:4},{value:"Installing development versions of Podman",id:"installing-development-versions-of-podman",level:3},{value:"Fedora",id:"fedora-1",level:4},{value:"Installing bleeding-edge versions of Podman",id:"installing-bleeding-edge-versions-of-podman",level:3},{value:"Installing on FreeBSD 14.0",id:"installing-on-freebsd-140",level:2},{value:"Initial configuration",id:"initial-configuration",level:4},{value:"Networking",id:"networking",level:5},{value:"Storage",id:"storage",level:5},{value:"Verification",id:"verification",level:5},{value:"Linux Emulation",id:"linux-emulation",level:5},{value:"Building from Source",id:"building-from-source",level:2},{value:"Build and Run Dependencies",id:"build-and-run-dependencies",level:3},{value:"Building missing dependencies",id:"building-missing-dependencies",level:3},{value:"golang",id:"golang",level:4},{value:"conmon",id:"conmon",level:4},{value:"crun / runc",id:"crun--runc",level:4},{value:"CNI plugins",id:"cni-plugins",level:4},{value:"Setup CNI networking",id:"setup-cni-networking",level:4},{value:"Add configuration",id:"add-configuration",level:4},{value:"Optional packages",id:"optional-packages",level:4},{value:"Get Source Code",id:"get-source-code",level:3},{value:"Build Tags",id:"build-tags",level:4},{value:"Vendoring - Dependency Management",id:"vendoring---dependency-management",level:3},{value:"Ansible",id:"ansible",level:4},{value:"Configuration files",id:"configuration-files",level:2},{value:"registries.conf",id:"registriesconf",level:3},{value:"Man Page: registries.conf.5",id:"man-page-registriesconf5",level:4},{value:"Example from the Fedora containers-common package",id:"example-from-the-fedora-containers-common-package",level:4},{value:"mounts.conf",id:"mountsconf",level:3},{value:"Example from the Fedora containers-common package:",id:"example-from-the-fedora-containers-common-package-1",level:4},{value:"seccomp.json",id:"seccompjson",level:3},{value:"policy.json",id:"policyjson",level:3},{value:"Man Page: policy.json.5",id:"man-page-policyjson5",level:4},{value:"Example from the Fedora containers-common package:",id:"example-from-the-fedora-containers-common-package-2",level:4}],d={toc:p},u="wrapper";function c(e){let{components:n,...t}=e;return(0,o.kt)(u,(0,a.Z)({},d,t,{components:n,mdxType:"MDXLayout"}),(0,o.kt)("h1",{id:"podman-installation-instructions"},"Podman Installation Instructions"),(0,o.kt)("p",null,"Looking for a GUI? You can find Podman Desktop ",(0,o.kt)("a",{parentName:"p",href:"https://podman-desktop.io/downloads"},"here"),"."),(0,o.kt)("h2",{id:"installing-on-mac--windows"},"Installing on Mac & Windows"),(0,o.kt)("p",null,'While "containers are Linux," Podman also runs on Mac and Windows, where it\nprovides a native podman CLI and embeds a guest Linux system to launch your\ncontainers. This guest is referred to as a Podman machine and is managed with\nthe ',(0,o.kt)("inlineCode",{parentName:"p"},"podman machine")," command. Podman on Mac and Windows also listens for\nDocker API clients, supporting direct usage of Docker-based tools and\nprogrammatic access from your language of choice."),(0,o.kt)("h3",{id:"macos"},"macOS"),(0,o.kt)("p",null,"On Mac, each Podman machine is backed by a virtual machine.\nOnce installed, the podman command can be run directly from\nthe Unix shell in ",(0,o.kt)("inlineCode",{parentName:"p"},"Terminal"),", where it remotely communicates with the podman\nservice running in the Machine VM."),(0,o.kt)("details",{open:!0},(0,o.kt)("summary",null,"Download Podman Installer (Recommended)"),(0,o.kt)("p",null,"Podman can be downloaded from the ",(0,o.kt)("a",{parentName:"p",href:"https://podman.io"},"Podman.io")," website."),(0,o.kt)("p",null,"We also upload the installers and other binaries on our ",(0,o.kt)("a",{parentName:"p",href:"https://github.com/containers/podman/releases"},"Github release page"),".")),(0,o.kt)("p",null,"Though not recommended, Podman can also be obtained through Homebrew,\nthe package manager."),(0,o.kt)("details",null,(0,o.kt)("summary",null,"Install via Brew"),(0,o.kt)("p",null,"Since Brew is a community-maintained package manager, we cannot guarantee stability\nof Brew installs of Podman. Thus, installing via Brew is not recommended."),(0,o.kt)("p",null,"However, if you do wish to use Brew, you must first install ",(0,o.kt)("a",{parentName:"p",href:"https://brew.sh/"},"Homebrew"),". Once you\nhave set up brew, you can use the ",(0,o.kt)("inlineCode",{parentName:"p"},"brew install")," command to install Podman:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"brew install podman\n"))),(0,o.kt)("p",null,"After installing, you need to create and start your first Podman machine:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"podman machine init\npodman machine start\n")),(0,o.kt)("p",null,"You can then verify the installation information using:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"podman info\n")),(0,o.kt)("p",null,"We also provide binaries and a pkginstaller on our ",(0,o.kt)("a",{parentName:"p",href:"https://github.com/containers/podman/releases"},"Github release page")),(0,o.kt)("h3",{id:"windows"},"Windows"),(0,o.kt)("p",null,"On Windows, each Podman machine is backed by a virtualized Windows System for\nLinux (WSLv2) distribution. Once installed, the podman command can be run\ndirectly from your Windows PowerShell (or CMD) prompt, where it remotely\ncommunicates with the podman service running in the WSL environment.\nAlternatively, you can access Podman directly from the WSL instance if you\nprefer a Linux prompt and Linux tooling."),(0,o.kt)("p",null,"See the ",(0,o.kt)("a",{parentName:"p",href:"https://github.com/containers/podman/blob/main/docs/tutorials/podman-for-windows.md"},"Podman for Windows guide")," for setup and usage instructions."),(0,o.kt)("h2",{id:"installing-on-linux"},"Installing on Linux"),(0,o.kt)("h3",{id:"linux-distributions"},"Linux Distributions"),(0,o.kt)("h4",{id:"arch-linux--manjaro-linux"},(0,o.kt)("a",{parentName:"h4",href:"https://www.archlinux.org"},"Arch Linux")," & ",(0,o.kt)("a",{parentName:"h4",href:"https://manjaro.org"},"Manjaro Linux")),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"sudo pacman -S podman\n")),(0,o.kt)("p",null,"If you have problems when running Podman in ",(0,o.kt)("a",{parentName:"p",href:"https://github.com/containers/podman/blob/main/README.md#rootless"},"rootless")," mode follow the instructions ",(0,o.kt)("a",{parentName:"p",href:"https://wiki.archlinux.org/index.php/Linux_Containers#Enable_support_to_run_unprivileged_containers_(optional)"},"here")),(0,o.kt)("p",null,"For more information on Podman on ArchLinux ",(0,o.kt)("a",{parentName:"p",href:"https://wiki.archlinux.org/title/Podman"},"click here")),(0,o.kt)("h4",{id:"alpine-linux"},(0,o.kt)("a",{parentName:"h4",href:"https://alpinelinux.org"},"Alpine Linux")),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"sudo apk add podman\n")),(0,o.kt)("p",null,"For further details, please refer to the instructions on the ",(0,o.kt)("a",{parentName:"p",href:"https://wiki.alpinelinux.org/wiki/Podman"},"Alpine Linux wiki"),"."),(0,o.kt)("h4",{id:"centos"},(0,o.kt)("a",{parentName:"h4",href:"https://www.centos.org"},"CentOS")),(0,o.kt)("p",null,"Podman is available in the default Extras repos for CentOS 7 and in\nthe AppStream repo for CentOS 8 and Stream."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"sudo yum -y install podman\n")),(0,o.kt)("h4",{id:"debian"},(0,o.kt)("a",{parentName:"h4",href:"https://debian.org"},"Debian")),(0,o.kt)("p",null,"The podman package is available in the Debian 11 (Bullseye) repositories and later."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"sudo apt-get -y install podman\n")),(0,o.kt)("p",null,"If you would prefer newer (though not as well-tested) packages including RC\nversions, the ",(0,o.kt)("a",{parentName:"p",href:"https://build.opensuse.org/package/show/devel:kubic:libcontainers:unstable/podman"},"Kubic project"),"\nprovides packages for Debian Testing and Unstable.\nCheckout the ",(0,o.kt)("a",{parentName:"p",href:"https://build.opensuse.org/package/show/devel:kubic:libcontainers:unstable/podman"},"Kubic project page"),"\nfor a list of supported Debian versions and\narchitecture combinations. ",(0,o.kt)("strong",{parentName:"p"},"NOTE:")," The command ",(0,o.kt)("inlineCode",{parentName:"p"},"sudo apt-get -y upgrade"),"\nmay be required in some cases if Podman cannot be installed without it.\nThe Kubic packages are built using ",(0,o.kt)("a",{parentName:"p",href:"https://src.fedoraproject.org/rpms/podman/blob/rawhide/f/podman.spec"},"Fedora's packaging\nsources"),"."),(0,o.kt)("p",null,"CAUTION: The Kubic repo is NOT recommended for production use. Furthermore, we also highly recommend you use Buildah, Podman, and Skopeo ONLY from EITHER the Kubic repo\nOR the official Debian repos. Mixing and matching may lead to unpredictable situations including installation conflicts."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},'sudo mkdir -p /etc/apt/keyrings\n\n# Debian Testing/Bookworm\ncurl -fsSL https://download.opensuse.org/repositories/devel:kubic:libcontainers:unstable/Debian_Testing/Release.key \\\n | gpg --dearmor \\\n | sudo tee /etc/apt/keyrings/devel_kubic_libcontainers_unstable.gpg > /dev/null\necho \\\n "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/devel_kubic_libcontainers_unstable.gpg]\\\n https://download.opensuse.org/repositories/devel:kubic:libcontainers:unstable/Debian_Testing/ /" \\\n | sudo tee /etc/apt/sources.list.d/devel:kubic:libcontainers:unstable.list > /dev/null\n\n# Debian Unstable/Sid\ncurl -fsSL https://download.opensuse.org/repositories/devel:kubic:libcontainers:unstable/Debian_Unstable/Release.key \\\n | gpg --dearmor \\\n | sudo tee /etc/apt/keyrings/devel_kubic_libcontainers_unstable.gpg > /dev/null\necho \\\n "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/devel_kubic_libcontainers_unstable.gpg]\\\n https://download.opensuse.org/repositories/devel:kubic:libcontainers:unstable/Debian_Unstable/ /" \\\n | sudo tee /etc/apt/sources.list.d/devel:kubic:libcontainers:unstable.list > /dev/null\n\n# Install Podman\nsudo apt-get update\nsudo apt-get -y upgrade\nsudo apt-get -y install podman\n')),(0,o.kt)("h4",{id:"fedora"},(0,o.kt)("a",{parentName:"h4",href:"https://getfedora.org"},"Fedora")),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"sudo dnf -y install podman\n")),(0,o.kt)("h4",{id:"fedora-coreos-fedora-silverblue"},(0,o.kt)("a",{parentName:"h4",href:"https://coreos.fedoraproject.org"},"Fedora CoreOS"),", ",(0,o.kt)("a",{parentName:"h4",href:"https://silverblue.fedoraproject.org"},"Fedora Silverblue")),(0,o.kt)("p",null,"Built-in, no need to install"),(0,o.kt)("h4",{id:"gentoo"},(0,o.kt)("a",{parentName:"h4",href:"https://www.gentoo.org"},"Gentoo")),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"sudo emerge app-containers/podman\n")),(0,o.kt)("h4",{id:"openembedded"},(0,o.kt)("a",{parentName:"h4",href:"https://www.openembedded.org"},"OpenEmbedded")),(0,o.kt)("p",null,"Bitbake recipes for Podman and its dependencies are available in the\n",(0,o.kt)("a",{parentName:"p",href:"https://git.yoctoproject.org/cgit/cgit.cgi/meta-virtualization/"},"meta-virtualization layer"),".\nAdd the layer to your OpenEmbedded build environment and build Podman using:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"bitbake podman\n")),(0,o.kt)("h4",{id:"opensuse"},(0,o.kt)("a",{parentName:"h4",href:"https://www.opensuse.org"},"openSUSE")),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"sudo zypper install podman\n")),(0,o.kt)("h4",{id:"opensuse-kubic"},(0,o.kt)("a",{parentName:"h4",href:"https://kubic.opensuse.org"},"openSUSE Kubic")),(0,o.kt)("p",null,"Built-in, no need to install"),(0,o.kt)("h4",{id:"raspberry-pi-os-arm64-beta"},(0,o.kt)("a",{parentName:"h4",href:"https://downloads.raspberrypi.org/raspios_arm64/images/"},"Raspberry Pi OS arm64 (beta)")),(0,o.kt)("p",null,"Raspberry Pi OS use the standard Debian repositories,\nso it is fully compatible with Debian's arm64 repository.\nYou can simply follow the ",(0,o.kt)("a",{parentName:"p",href:"#debian"},"steps for Debian")," to install Podman."),(0,o.kt)("h4",{id:"rhel7"},(0,o.kt)("a",{parentName:"h4",href:"https://www.redhat.com/en/technologies/linux-platforms/enterprise-linux"},"RHEL7")),(0,o.kt)("p",null,"Subscribe, then enable Extras channel and install Podman."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"sudo subscription-manager repos --enable=rhel-7-server-extras-rpms\nsudo yum -y install podman\n")),(0,o.kt)("h4",{id:"rhel8"},(0,o.kt)("a",{parentName:"h4",href:"https://developers.redhat.com/rhel8"},"RHEL8")),(0,o.kt)("p",null,"Podman is included in the ",(0,o.kt)("inlineCode",{parentName:"p"},"container-tools")," module, along with Buildah and Skopeo."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"sudo yum module enable -y container-tools:rhel8\nsudo yum module install -y container-tools:rhel8\n")),(0,o.kt)("p",null,"The ",(0,o.kt)("inlineCode",{parentName:"p"},"container-tools:rhel8")," is the fast application stream, containing most recent rolling versions of the tools. Use the ",(0,o.kt)("inlineCode",{parentName:"p"},"container-tools:2.0")," stream for stable versions of Podman 1.6. The command ",(0,o.kt)("inlineCode",{parentName:"p"},"yum module list container-tools")," shows the available streams."),(0,o.kt)("h4",{id:"ubuntu"},(0,o.kt)("a",{parentName:"h4",href:"https://www.ubuntu.com"},"Ubuntu")),(0,o.kt)("p",null,"The podman package is available in the official repositories for Ubuntu 20.10\nand newer."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"# Ubuntu 20.10 and newer\nsudo apt-get update\nsudo apt-get -y install podman\n")),(0,o.kt)("p",null,"If you would prefer newer (though not as well-tested) packages including RC\nversions, the ",(0,o.kt)("a",{parentName:"p",href:"https://build.opensuse.org/package/show/devel:kubic:libcontainers:unstable/podman"},"Kubic project"),"\nprovides packages for the latest Ubuntu versions.\nCheckout the ",(0,o.kt)("a",{parentName:"p",href:"https://build.opensuse.org/package/show/devel:kubic:libcontainers:unstable/podman"},"Kubic project page"),"\nfor a list of supported Ubuntu versions and\narchitecture combinations. ",(0,o.kt)("strong",{parentName:"p"},"NOTE:")," The command ",(0,o.kt)("inlineCode",{parentName:"p"},"sudo apt-get -y upgrade"),"\nmaybe required in some cases if Podman cannot be installed without it.\nThe Kubic packages are built using ",(0,o.kt)("a",{parentName:"p",href:"https://src.fedoraproject.org/rpms/podman/blob/rawhide/f/podman.spec"},"Fedora's packaging\nsources"),"."),(0,o.kt)("p",null,"CAUTION: The Kubic repo is NOT recommended for production use. Furthermore, we highly recommend you use Buildah, Podman, and Skopeo ONLY from EITHER the Kubic repo\nOR the official Ubuntu repos. Mixing and matching may lead to unpredictable situations including installation conflicts."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},'sudo mkdir -p /etc/apt/keyrings\ncurl -fsSL "https://download.opensuse.org/repositories/devel:kubic:libcontainers:unstable/xUbuntu_$(lsb_release -rs)/Release.key" \\\n | gpg --dearmor \\\n | sudo tee /etc/apt/keyrings/devel_kubic_libcontainers_unstable.gpg > /dev/null\necho \\\n "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/devel_kubic_libcontainers_unstable.gpg]\\\n https://download.opensuse.org/repositories/devel:kubic:libcontainers:unstable/xUbuntu_$(lsb_release -rs)/ /" \\\n | sudo tee /etc/apt/sources.list.d/devel:kubic:libcontainers:unstable.list > /dev/null\nsudo apt-get update -qq\nsudo apt-get -qq -y install podman\n')),(0,o.kt)("h4",{id:"linux-mint"},(0,o.kt)("a",{parentName:"h4",href:"https://linuxmint.com"},"Linux Mint")),(0,o.kt)("p",null,"Follow the steps for Ubuntu (or Debian if you use LMDE)."),(0,o.kt)("p",null,"Replace ",(0,o.kt)("inlineCode",{parentName:"p"},"$(lsb_release -rs)")," with ",(0,o.kt)("inlineCode",{parentName:"p"},'$(grep DISTRIB_RELEASE= /etc/upstream-release/lsb-release | cut -d "=" -f 2)')," for Ubuntu steps."),(0,o.kt)("h3",{id:"installing-development-versions-of-podman"},"Installing development versions of Podman"),(0,o.kt)("h4",{id:"fedora-1"},(0,o.kt)("a",{parentName:"h4",href:"https://getfedora.org"},"Fedora")),(0,o.kt)("p",null,"You can test the very latest Podman in Fedora's ",(0,o.kt)("inlineCode",{parentName:"p"},"updates-testing"),"\nrepository before it goes out to all Fedora users."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-console"},"sudo dnf update --refresh --enablerepo=updates-testing podman\n")),(0,o.kt)("p",null,"If you use a newer Podman package from Fedora's ",(0,o.kt)("inlineCode",{parentName:"p"},"updates-testing"),", we would\nappreciate your ",(0,o.kt)("inlineCode",{parentName:"p"},"+1")," feedback in ",(0,o.kt)("a",{parentName:"p",href:"https://bodhi.fedoraproject.org/updates/?packages=podman"},"Bodhi, Fedora's update management\nsystem"),"."),(0,o.kt)("h3",{id:"installing-bleeding-edge-versions-of-podman"},"Installing bleeding-edge versions of Podman"),(0,o.kt)("p",null,"If you like danger and are interested in testing the latest\nunreleased bits of Podman on Fedora, CentOS and RHEL, we have a ",(0,o.kt)("a",{parentName:"p",href:"https://copr.fedorainfracloud.org/coprs/rhcontainerbot/podman-next/"},"Copr repository"),"."),(0,o.kt)("p",null,"CAUTION: This repository contains rpm builds generated using the ",(0,o.kt)("inlineCode",{parentName:"p"},"main")," branch\nof upstream container tools repositories, and simply CANNOT be recommended for\nany production use."),(0,o.kt)("p",null,"RHEL8 / CentOS 8 Stream users would first need to disable the container-tools\nmodule. All other users can skip this step."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"sudo dnf module disable container-tools -y\n")),(0,o.kt)("p",null,"Enable the Copr and install podman."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"sudo dnf copr enable rhcontainerbot/podman-next -y\nsudo dnf install podman\n")),(0,o.kt)("h2",{id:"installing-on-freebsd-140"},"Installing on ",(0,o.kt)("a",{parentName:"h2",href:"https://freebsd.org"},"FreeBSD")," 14.0"),(0,o.kt)("blockquote",null,(0,o.kt)("p",{parentName:"blockquote"},"[!WARNING]","\nThe FreeBSD port of the Podman container engine is experimental and should be used for evaluation and testing purposes only.")),(0,o.kt)("p",null,"You can install Podman on FreeBSD using ",(0,o.kt)("inlineCode",{parentName:"p"},"pkg"),":"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"pkg install podman\n")),(0,o.kt)("p",null,"There's also a ",(0,o.kt)("inlineCode",{parentName:"p"},"podman-suite")," meta package that will pull additional packages for you (buildah, skopeo)."),(0,o.kt)("h4",{id:"initial-configuration"},"Initial configuration"),(0,o.kt)("p",null,"To properly support Podman's container restart policy, conmon needs ",(0,o.kt)("inlineCode",{parentName:"p"},"fdescfs(5)")," to be mounted on ",(0,o.kt)("inlineCode",{parentName:"p"},"/dev/fd"),"."),(0,o.kt)("p",null,"If ",(0,o.kt)("inlineCode",{parentName:"p"},"/dev/fd")," is not already mounted:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"mount -t fdescfs fdesc /dev/fd\n")),(0,o.kt)("p",null,"To make it permanent, add the following line to ",(0,o.kt)("inlineCode",{parentName:"p"},"/etc/fstab"),":"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},"fdesc /dev/fd fdescfs rw 0 0\n")),(0,o.kt)("p",null,"To start Podman after reboot:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"service podman enable\n")),(0,o.kt)("h5",{id:"networking"},"Networking"),(0,o.kt)("p",null,"Container networking relies on NAT to allow container network packets out to the host's network. This requires a PF firewall to perform the translation. A simple example is included - to use it:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"cp /usr/local/etc/containers/pf.conf.sample /etc/pf.conf\n")),(0,o.kt)("p",null,"Edit ",(0,o.kt)("inlineCode",{parentName:"p"},"/etc/pf.conf")," and set ",(0,o.kt)("inlineCode",{parentName:"p"},"v4egress_if"),", ",(0,o.kt)("inlineCode",{parentName:"p"},"v6egress_if")," variables to your network interface(s)s"),(0,o.kt)("p",null,"Enable and start ",(0,o.kt)("inlineCode",{parentName:"p"},"pf"),":"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},"service pf enable\nservice pf start\n")),(0,o.kt)("p",null,"The sample PF configuration includes support for port redirections. These are implemented as redirect rules in anchors nested under cni-rdr."),(0,o.kt)("p",null,"Support for redirecting connections from the container host to services running inside a container is included for FreeBSD 13.3 and later. To enable this, first load the pf kernel module and enable PF support for these redirections using sysctl:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"echo 'pf_load=\"YES\"' >> /boot/loader.conf\nkldload pf\nsysctl net.pf.filter_local=1\necho 'net.pf.filter_local=1' >> /etc/sysctl.conf.local\nservice pf restart\n")),(0,o.kt)("p",null,"Redirect rules will work if the destination address is localhost (e.g. 127.0.0.1 or ::1) - to enable this, the following line must be included in your ",(0,o.kt)("inlineCode",{parentName:"p"},"/etc/pf.conf"),":"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},'nat-anchor "cni-rdr/*"\n')),(0,o.kt)("p",null,"if upgrading from an older version, this needs to be added to ",(0,o.kt)("inlineCode",{parentName:"p"},"/etc/pf.conf"),"."),(0,o.kt)("p",null,"For example if host port 1234 is redirected to an http service running in a\ncontainer, you could connect to it using:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"fetch -o- http://$(hostname):1234\n")),(0,o.kt)("p",null,"or"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"fetch -o- http://localhost:1234\n")),(0,o.kt)("h5",{id:"storage"},"Storage"),(0,o.kt)("p",null,"Container images and related state is stored in ",(0,o.kt)("inlineCode",{parentName:"p"},"/var/db/containers"),". It is recommended to use ZFS for this:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"zfs create -o mountpoint=/var/db/containers zroot/containers\n")),(0,o.kt)("p",null,"If your system cannot use ZFS, change ",(0,o.kt)("inlineCode",{parentName:"p"},"storage.conf")," to use the ",(0,o.kt)("inlineCode",{parentName:"p"},"vfs")," storage driver:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},'sed -I .bak -e \'s/driver = "zfs"/driver = "vfs"/\' /usr/local/etc/containers/storage.conf\n')),(0,o.kt)("h5",{id:"verification"},"Verification"),(0,o.kt)("p",null,"After following these steps you should be able to run native images:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"podman run --rm docker.io/dougrabson/hello\n")),(0,o.kt)("h5",{id:"linux-emulation"},"Linux Emulation"),(0,o.kt)("p",null,"It is possible to run many Linux container images using FreeBSD's Linux emulation:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},'sudo sysrc linux_enable=YES\nsudo service linux start\nsudo podman run --rm --os=linux alpine cat /etc/os-release | head -1\nNAME="Alpine Linux"\n')),(0,o.kt)("h2",{id:"building-from-source"},"Building from Source"),(0,o.kt)("h3",{id:"build-and-run-dependencies"},"Build and Run Dependencies"),(0,o.kt)("p",null,(0,o.kt)("strong",{parentName:"p"},"Required")),(0,o.kt)("p",null,"On Fedora:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"# Install build dependencies\nsudo dnf -y builddep rpm/podman.spec\n\n# Install runtime dependencies\nsudo dnf -y install catatonit conmon containers-common-extra\n")),(0,o.kt)("p",null,"On all RHEL and CentOS Stream, first install ",(0,o.kt)("inlineCode",{parentName:"p"},"dnf-builddep"),":"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"sudo dnf -y install 'dnf-command(builddep)'\n")),(0,o.kt)("p",null,"Install build dependencies:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"# CentOS Stream 8\nsudo dnf -y builddep rpm/podman.spec --enablerepo=powertools\n\n# CentOS Stream 9\nsudo dnf -y builddep rpm/podman.spec --enablerepo=crb\n\n# RHEL (8 and newer)\nsudo dnf -y builddep rpm/podman.spec --enablerepo=codeready-builder-for-rhel-$(rpm --eval %{?rhel})-$(uname -m)-rpms\n")),(0,o.kt)("p",null,"Install runtime dependencies:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"sudo dnf -y install \\\n conmon \\\n containers-common \\\n crun \\\n iptables \\\n netavark \\\n nftables \\\n slirp4netns\n")),(0,o.kt)("p",null,"Debian, Ubuntu, and related distributions:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"sudo apt-get install \\\n btrfs-progs \\\n crun \\\n git \\\n golang-go \\\n go-md2man \\\n iptables \\\n libassuan-dev \\\n libbtrfs-dev \\\n libc6-dev \\\n libdevmapper-dev \\\n libglib2.0-dev \\\n libgpgme-dev \\\n libgpg-error-dev \\\n libprotobuf-dev \\\n libprotobuf-c-dev \\\n libseccomp-dev \\\n libselinux1-dev \\\n libsystemd-dev \\\n netavark \\\n pkg-config \\\n uidmap\n")),(0,o.kt)("p",null,"The ",(0,o.kt)("inlineCode",{parentName:"p"},"netavark")," package may not be available on older Debian / Ubuntu\nversions. Install the ",(0,o.kt)("inlineCode",{parentName:"p"},"containernetworking-plugins")," package instead."),(0,o.kt)("p",null,"On openSUSE Leap 15.x and Tumbleweed:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"sudo zypper -n in libseccomp-devel libgpgme-devel\n")),(0,o.kt)("p",null,"On Manjaro (and maybe other Linux distributions):"),(0,o.kt)("p",null,"Make sure that the Linux kernel supports user namespaces:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},"> zgrep CONFIG_USER_NS /proc/config.gz\nCONFIG_USER_NS=y\n\n")),(0,o.kt)("p",null,"If not, please update the kernel.\nFor Manjaro Linux the instructions can be found here:\n",(0,o.kt)("a",{parentName:"p",href:"https://wiki.manjaro.org/index.php/Manjaro_Kernels"},"https://wiki.manjaro.org/index.php/Manjaro_Kernels")),(0,o.kt)("p",null,"After that enable user namespaces:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},"sudo sysctl kernel.unprivileged_userns_clone=1\n")),(0,o.kt)("p",null,"To enable the user namespaces permanently:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},"echo 'kernel.unprivileged_userns_clone=1' > /etc/sysctl.d/userns.conf\n")),(0,o.kt)("h3",{id:"building-missing-dependencies"},"Building missing dependencies"),(0,o.kt)("p",null,"If any dependencies cannot be installed or are not sufficiently current, they have to be built from source.\nThis will mainly affect Debian, Ubuntu, and related distributions, or RHEL where no subscription is active (e.g. Cloud VMs)."),(0,o.kt)("h4",{id:"golang"},"golang"),(0,o.kt)("p",null,"Be careful to double-check that the version of golang is new enough (i.e. ",(0,o.kt)("inlineCode",{parentName:"p"},"go version"),"), as of January 2022 version is 1.16.x or higher is required.\nThe current minimum required version can always be found in the ",(0,o.kt)("a",{parentName:"p",href:"https://github.com/containers/podman/blob/main/go.mod"},"go.mod")," file.\nIf needed, golang kits are available at ",(0,o.kt)("a",{parentName:"p",href:"https://golang.org/dl/"},"https://golang.org/dl/"),". Alternatively, go can be built from source as follows\n(it's helpful to leave the system-go installed, to avoid having to ",(0,o.kt)("a",{parentName:"p",href:"https://golang.org/doc/install/source"},"bootstrap go"),":"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"export GOPATH=~/go\ngit clone https://go.googlesource.com/go $GOPATH\ncd $GOPATH\ncd src\n./all.bash\nexport PATH=$GOPATH/bin:$PATH\n")),(0,o.kt)("h4",{id:"conmon"},"conmon"),(0,o.kt)("p",null,"The latest version of ",(0,o.kt)("inlineCode",{parentName:"p"},"conmon")," is expected to be installed on the system. Conmon is used to monitor OCI Runtimes.\nTo build from source, use the following:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},'git clone https://github.com/containers/conmon\ncd conmon\nexport GOCACHE="$(mktemp -d)"\nmake\nsudo make podman\n')),(0,o.kt)("h4",{id:"crun--runc"},"crun / runc"),(0,o.kt)("p",null,"The latest version of at least one container runtime is expected to be installed on the system. ",(0,o.kt)("inlineCode",{parentName:"p"},"crun")," or ",(0,o.kt)("inlineCode",{parentName:"p"},"runc")," are some of the possibilities, and one is picked up as the default runtime by Podman (crun has priority over runc).\nSupported versions of ",(0,o.kt)("inlineCode",{parentName:"p"},"crun")," or ",(0,o.kt)("inlineCode",{parentName:"p"},"runc")," are available for example on Ubuntu 22.04.\n",(0,o.kt)("inlineCode",{parentName:"p"},"runc")," version 1.0.0-rc4 is the minimal requirement, which is available since Ubuntu 18.04."),(0,o.kt)("p",null,"To double-check, ",(0,o.kt)("inlineCode",{parentName:"p"},"runc --version")," should produce at least ",(0,o.kt)("inlineCode",{parentName:"p"},"spec: 1.0.1"),", otherwise build your own:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},'git clone https://github.com/opencontainers/runc.git $GOPATH/src/github.com/opencontainers/runc\ncd $GOPATH/src/github.com/opencontainers/runc\nmake BUILDTAGS="selinux seccomp"\nsudo cp runc /usr/bin/runc\n')),(0,o.kt)("h4",{id:"cni-plugins"},"CNI plugins"),(0,o.kt)("h4",{id:"setup-cni-networking"},"Setup CNI networking"),(0,o.kt)("p",null,"A proper description of setting up CNI networking is given in the ",(0,o.kt)("a",{parentName:"p",href:"https://github.com/containers/podman/blob/main/cni/README.md"},(0,o.kt)("inlineCode",{parentName:"a"},"cni")," README"),"."),(0,o.kt)("p",null,"A basic setup for CNI networking is done by default during the installation or make processes and\nno further configuration is needed to start using Podman."),(0,o.kt)("h4",{id:"add-configuration"},"Add configuration"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"sudo mkdir -p /etc/containers\nsudo curl -L -o /etc/containers/registries.conf https://src.fedoraproject.org/rpms/containers-common/raw/main/f/registries.conf\nsudo curl -L -o /etc/containers/policy.json https://src.fedoraproject.org/rpms/containers-common/raw/main/f/default-policy.json\n")),(0,o.kt)("h4",{id:"optional-packages"},"Optional packages"),(0,o.kt)("p",null,"Fedora, CentOS, RHEL, and related distributions:"),(0,o.kt)("p",null,"(no optional packages)"),(0,o.kt)("p",null,"Debian, Ubuntu, and related distributions:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"apt-get install -y \\\n libapparmor-dev\n")),(0,o.kt)("h3",{id:"get-source-code"},"Get Source Code"),(0,o.kt)("p",null,"First, ensure that the ",(0,o.kt)("inlineCode",{parentName:"p"},"go version")," that is found first on the $PATH is 1.16.x or higher. Instruction ",(0,o.kt)("a",{parentName:"p",href:"#golang"},"above")," will help you compile newer version of Go if needed. Then we can build Podman:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},'git clone https://github.com/containers/podman/\ncd podman\nmake BUILDTAGS="selinux seccomp" PREFIX=/usr\nsudo make install PREFIX=/usr\n')),(0,o.kt)("h4",{id:"build-tags"},"Build Tags"),(0,o.kt)("p",null,"Otherwise, if you do not want to build Podman with seccomp or selinux support you can add ",(0,o.kt)("inlineCode",{parentName:"p"},'BUILDTAGS=""')," when running make."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},'make BUILDTAGS=""\nsudo make install\n')),(0,o.kt)("p",null,"Podman supports optional build tags for compiling support of various features.\nTo add build tags to the make option the ",(0,o.kt)("inlineCode",{parentName:"p"},"BUILDTAGS")," variable must be set, for example:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"make BUILDTAGS='seccomp apparmor'\n")),(0,o.kt)("table",null,(0,o.kt)("thead",{parentName:"table"},(0,o.kt)("tr",{parentName:"thead"},(0,o.kt)("th",{parentName:"tr",align:null},"Build Tag"),(0,o.kt)("th",{parentName:"tr",align:null},"Feature"),(0,o.kt)("th",{parentName:"tr",align:null},"Dependency"))),(0,o.kt)("tbody",{parentName:"table"},(0,o.kt)("tr",{parentName:"tbody"},(0,o.kt)("td",{parentName:"tr",align:null},"apparmor"),(0,o.kt)("td",{parentName:"tr",align:null},"apparmor support"),(0,o.kt)("td",{parentName:"tr",align:null},"libapparmor")),(0,o.kt)("tr",{parentName:"tbody"},(0,o.kt)("td",{parentName:"tr",align:null},"exclude_graphdriver_btrfs"),(0,o.kt)("td",{parentName:"tr",align:null},"exclude btrfs"),(0,o.kt)("td",{parentName:"tr",align:null},"libbtrfs")),(0,o.kt)("tr",{parentName:"tbody"},(0,o.kt)("td",{parentName:"tr",align:null},"exclude_graphdriver_devicemapper"),(0,o.kt)("td",{parentName:"tr",align:null},"exclude device-mapper"),(0,o.kt)("td",{parentName:"tr",align:null},"libdm")),(0,o.kt)("tr",{parentName:"tbody"},(0,o.kt)("td",{parentName:"tr",align:null},"libdm_no_deferred_remove"),(0,o.kt)("td",{parentName:"tr",align:null},"exclude deferred removal in libdm"),(0,o.kt)("td",{parentName:"tr",align:null},"libdm")),(0,o.kt)("tr",{parentName:"tbody"},(0,o.kt)("td",{parentName:"tr",align:null},"seccomp"),(0,o.kt)("td",{parentName:"tr",align:null},"syscall filtering"),(0,o.kt)("td",{parentName:"tr",align:null},"libseccomp")),(0,o.kt)("tr",{parentName:"tbody"},(0,o.kt)("td",{parentName:"tr",align:null},"selinux"),(0,o.kt)("td",{parentName:"tr",align:null},"selinux process and mount labeling"),(0,o.kt)("td",{parentName:"tr",align:null})),(0,o.kt)("tr",{parentName:"tbody"},(0,o.kt)("td",{parentName:"tr",align:null},"systemd"),(0,o.kt)("td",{parentName:"tr",align:null},"journald logging"),(0,o.kt)("td",{parentName:"tr",align:null},"libsystemd")))),(0,o.kt)("p",null,"Note that Podman does not officially support device-mapper. Thus, the ",(0,o.kt)("inlineCode",{parentName:"p"},"exclude_graphdriver_devicemapper")," tag is mandatory."),(0,o.kt)("h3",{id:"vendoring---dependency-management"},"Vendoring - Dependency Management"),(0,o.kt)("p",null,"This project is using ",(0,o.kt)("a",{parentName:"p",href:"https://github.com/golang/go/wiki/Modules"},"go modules")," for dependency management. If the CI is complaining about a pull request leaving behind an unclean state, it is very likely right about it. After changing dependencies, make sure to run ",(0,o.kt)("inlineCode",{parentName:"p"},"make vendor")," to synchronize the code with the go module and repopulate the ",(0,o.kt)("inlineCode",{parentName:"p"},"./vendor")," directory."),(0,o.kt)("h4",{id:"ansible"},"Ansible"),(0,o.kt)("p",null,"An ",(0,o.kt)("a",{parentName:"p",href:"https://github.com/alvistack/ansible-role-podman"},"Ansible Role")," is\nalso available to automate the installation of the above statically\nlinked binary on its supported OS:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"sudo su -\nmkdir -p ~/.ansible/roles\ncd ~/.ansible/roles\ngit clone https://github.com/alvistack/ansible-role-podman.git podman\ncd ~/.ansible/roles/podman\npip3 install --upgrade --ignore-installed --requirement requirements.txt\nmolecule converge\nmolecule verify\n")),(0,o.kt)("h2",{id:"configuration-files"},"Configuration files"),(0,o.kt)("h3",{id:"registriesconf"},(0,o.kt)("a",{parentName:"h3",href:"https://src.fedoraproject.org/rpms/containers-common/blob/main/f/registries.conf"},"registries.conf")),(0,o.kt)("h4",{id:"man-page-registriesconf5"},"Man Page: ",(0,o.kt)("a",{parentName:"h4",href:"https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md"},"registries.conf.5")),(0,o.kt)("p",null,(0,o.kt)("inlineCode",{parentName:"p"},"/etc/containers/registries.conf")),(0,o.kt)("p",null,"registries.conf is the configuration file which specifies which container registries should be consulted when completing image names which do not include a registry or domain portion."),(0,o.kt)("h4",{id:"example-from-the-fedora-containers-common-package"},"Example from the Fedora ",(0,o.kt)("inlineCode",{parentName:"h4"},"containers-common")," package"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},'$ cat /etc/containers/registries.conf\n# For more information on this configuration file, see containers-registries.conf(5).\n#\n# NOTE: RISK OF USING UNQUALIFIED IMAGE NAMES\n# We recommend always using fully qualified image names including the registry\n# server (full dns name), namespace, image name, and tag\n# (e.g., registry.redhat.io/ubi8/ubi:latest). Pulling by digest (i.e.,\n# quay.io/repository/name@digest) further eliminates the ambiguity of tags.\n# When using short names, there is always an inherent risk that the image being\n# pulled could be spoofed. For example, a user wants to pull an image named\n# `foobar` from a registry and expects it to come from myregistry.com. If\n# myregistry.com is not first in the search list, an attacker could place a\n# different `foobar` image at a registry earlier in the search list. The user\n# would accidentally pull and run the attacker\'s image and code rather than the\n# intended content. We recommend only adding registries which are completely\n# trusted (i.e., registries which don\'t allow unknown or anonymous users to\n# create accounts with arbitrary names). This will prevent an image from being\n# spoofed, squatted or otherwise made insecure. If it is necessary to use one\n# of these registries, it should be added at the end of the list.\n#\n# # An array of host[:port] registries to try when pulling an unqualified image, in order.\nunqualified-search-registries = ["registry.fedoraproject.org", "registry.access.redhat.com", "docker.io"]\n#\n# [[registry]]\n# # The "prefix" field is used to choose the relevant [[registry]] TOML table;\n# # (only) the TOML table with the longest match for the input image name\n# # (taking into account namespace/repo/tag/digest separators) is used.\n# #\n# # If the prefix field is missing, it defaults to be the same as the "location" field.\n# prefix = "example.com/foo"\n#\n# # If true, unencrypted HTTP as well as TLS connections with untrusted\n# # certificates are allowed.\n# insecure = false\n#\n# # If true, pulling images with matching names is forbidden.\n# blocked = false\n#\n# # The physical location of the "prefix"-rooted namespace.\n# #\n# # By default, this equal to "prefix" (in which case "prefix" can be omitted\n# # and the [[registry]] TOML table can only specify "location").\n# #\n# # Example: Given\n# # prefix = "example.com/foo"\n# # location = "internal-registry-for-example.net/bar"\n# # requests for the image example.com/foo/myimage:latest will actually work with the\n# # internal-registry-for-example.net/bar/myimage:latest image.\n# location = "internal-registry-for-example.com/bar"\n#\n# # (Possibly-partial) mirrors for the "prefix"-rooted namespace.\n# #\n# # The mirrors are attempted in the specified order; the first one that can be\n# # contacted and contains the image will be used (and if none of the mirrors contains the image,\n# # the primary location specified by the "registry.location" field, or using the unmodified\n# # user-specified reference, is tried last).\n# #\n# # Each TOML table in the "mirror" array can contain the following fields, with the same semantics\n# # as if specified in the [[registry]] TOML table directly:\n# # - location\n# # - insecure\n# [[registry.mirror]]\n# location = "example-mirror-0.local/mirror-for-foo"\n# [[registry.mirror]]\n# location = "example-mirror-1.local/mirrors/foo"\n# insecure = true\n# # Given the above, a pull of example.com/foo/image:latest will try:\n# # 1. example-mirror-0.local/mirror-for-foo/image:latest\n# # 2. example-mirror-1.local/mirrors/foo/image:latest\n# # 3. internal-registry-for-example.net/bar/image:latest\n# # in order, and use the first one that exists.\n#\n# short-name-mode="enforcing"\n\n[[registry]]\nlocation="localhost:5000"\ninsecure=true\n')),(0,o.kt)("h3",{id:"mountsconf"},(0,o.kt)("a",{parentName:"h3",href:"https://src.fedoraproject.org/rpms/containers-common/blob/main/f/mounts.conf"},"mounts.conf")),(0,o.kt)("p",null,(0,o.kt)("inlineCode",{parentName:"p"},"/usr/share/containers/mounts.conf")," and optionally ",(0,o.kt)("inlineCode",{parentName:"p"},"/etc/containers/mounts.conf")),(0,o.kt)("p",null,"The mounts.conf files specify volume mount directories that are automatically mounted inside containers when executing the ",(0,o.kt)("inlineCode",{parentName:"p"},"podman run")," or ",(0,o.kt)("inlineCode",{parentName:"p"},"podman build")," commands. Container process can then use this content. The volume mount content does not get committed to the final image."),(0,o.kt)("p",null,"Usually these directories are used for passing secrets or credentials required by the package software to access remote package repositories."),(0,o.kt)("p",null,'For example, a mounts.conf with the line "',(0,o.kt)("inlineCode",{parentName:"p"},"/usr/share/rhel/secrets:/run/secrets"),'", the content of ',(0,o.kt)("inlineCode",{parentName:"p"},"/usr/share/rhel/secrets")," directory is mounted on ",(0,o.kt)("inlineCode",{parentName:"p"},"/run/secrets")," inside the container. This mountpoint allows Red Hat Enterprise Linux subscriptions from the host to be used within the container."),(0,o.kt)("p",null,"Note this is not a volume mount. The content of the volumes is copied into container storage, not bind mounted directly from the host."),(0,o.kt)("h4",{id:"example-from-the-fedora-containers-common-package-1"},"Example from the Fedora ",(0,o.kt)("inlineCode",{parentName:"h4"},"containers-common")," package:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},"cat /usr/share/containers/mounts.conf\n/usr/share/rhel/secrets:/run/secrets\n")),(0,o.kt)("h3",{id:"seccompjson"},(0,o.kt)("a",{parentName:"h3",href:"https://src.fedoraproject.org/rpms/containers-common/blob/main/f/seccomp.json"},"seccomp.json")),(0,o.kt)("p",null,(0,o.kt)("inlineCode",{parentName:"p"},"/usr/share/containers/seccomp.json")),(0,o.kt)("p",null,"seccomp.json contains the whitelist of seccomp rules to be allowed inside of\ncontainers. This file is usually provided by the containers-common package."),(0,o.kt)("p",null,"The link above takes you to the seccomp.json"),(0,o.kt)("h3",{id:"policyjson"},(0,o.kt)("a",{parentName:"h3",href:"https://src.fedoraproject.org/rpms/containers-common/blob/main/f/default-policy.json"},"policy.json")),(0,o.kt)("p",null,(0,o.kt)("inlineCode",{parentName:"p"},"/etc/containers/policy.json")),(0,o.kt)("h4",{id:"man-page-policyjson5"},"Man Page: ",(0,o.kt)("a",{parentName:"h4",href:"https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md"},"policy.json.5")),(0,o.kt)("h4",{id:"example-from-the-fedora-containers-common-package-2"},"Example from the Fedora ",(0,o.kt)("inlineCode",{parentName:"h4"},"containers-common")," package:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},'cat /etc/containers/policy.json\n{\n "default": [\n {\n "type": "insecureAcceptAnything"\n }\n ],\n "transports":\n {\n "docker-daemon":\n {\n "": [{"type":"insecureAcceptAnything"}]\n }\n }\n}\n')))}c.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/runtime~main.d7d53211.js b/assets/js/runtime~main.f7ed24e5.js similarity index 99% rename from assets/js/runtime~main.d7d53211.js rename to assets/js/runtime~main.f7ed24e5.js index 0467f730f..9de9b824c 100644 --- a/assets/js/runtime~main.d7d53211.js +++ b/assets/js/runtime~main.f7ed24e5.js @@ -1 +1 @@ -(()=>{"use strict";var e,d,c,a,b,f={},t={};function r(e){var d=t[e];if(void 0!==d)return d.exports;var c=t[e]={id:e,loaded:!1,exports:{}};return f[e].call(c.exports,c,c.exports,r),c.loaded=!0,c.exports}r.m=f,r.c=t,e=[],r.O=(d,c,a,b)=>{if(!c){var f=1/0;for(i=0;i=b)&&Object.keys(r.O).every((e=>r.O[e](c[o])))?c.splice(o--,1):(t=!1,b0&&e[i-1][2]>b;i--)e[i]=e[i-1];e[i]=[c,a,b]},r.n=e=>{var d=e&&e.__esModule?()=>e.default:()=>e;return r.d(d,{a:d}),d},c=Object.getPrototypeOf?e=>Object.getPrototypeOf(e):e=>e.__proto__,r.t=function(e,a){if(1&a&&(e=this(e)),8&a)return e;if("object"==typeof e&&e){if(4&a&&e.__esModule)return e;if(16&a&&"function"==typeof e.then)return e}var b=Object.create(null);r.r(b);var f={};d=d||[null,c({}),c([]),c(c)];for(var t=2&a&&e;"object"==typeof t&&!~d.indexOf(t);t=c(t))Object.getOwnPropertyNames(t).forEach((d=>f[d]=()=>e[d]));return f.default=()=>e,r.d(b,f),b},r.d=(e,d)=>{for(var c in d)r.o(d,c)&&!r.o(e,c)&&Object.defineProperty(e,c,{enumerable:!0,get:d[c]})},r.f={},r.e=e=>Promise.all(Object.keys(r.f).reduce(((d,c)=>(r.f[c](e,d),d)),[])),r.u=e=>"assets/js/"+({21:"300f4cd6",109:"795f3bdb",312:"15d0580c",747:"260a4a36",815:"c7567e98",925:"36e2d848",940:"18f6552f",983:"d3ca5c2e",1087:"94dc7cfd",1238:"b5cde707",1310:"fc1fe8cd",1358:"5a7d75ff",1416:"6cda4436",1438:"b28576cd",1488:"78e22a47",1514:"6e48d5f2",1741:"5a638c7a",1953:"3e8d5da4",2077:"1e439a5b",2232:"6f8faf89",2271:"9cc26b9a",2322:"dcd93014",2466:"a500dec7",2467:"6d895060",2572:"1f1afc48",2879:"41bc5d3f",3007:"e7e456ae",3419:"b420e108",3465:"1431f569",3694:"88dfd727",3729:"2e0a315c",4247:"1b19517e",4250:"16b64f07",4336:"70365baa",4358:"0b13c270",4714:"08650cf2",4847:"e257e53c",4998:"e8f48e86",5166:"7bbfc3b6",5215:"3b4c1a08",5291:"00feb899",5422:"30983fb2",5426:"f41d5350",5481:"77a3d39e",5488:"b1a5927e",5510:"bf00a8d0",5569:"dfbccedb",5774:"9ec8eba6",6182:"dfcf29be",6213:"55e4d810",6380:"1ac601ec",6455:"2b956348",6740:"9f833be8",6795:"e30f1b57",7069:"98fbcf17",7087:"3da98dca",7096:"173771a7",7319:"2f0cfb14",7328:"b0998319",7383:"ad8204b4",7392:"a6195e9a",7402:"fbb59325",7457:"ed94db85",7659:"ccd53d21",7695:"993aa953",7703:"9482ce64",7741:"a4d3bfdf",7786:"8917ad4d",7789:"c41a9bbf",7800:"5757960c",7811:"d0a74388",7865:"2c65c31e",7899:"d45a981c",8007:"63c93610",8214:"6598a7ba",8243:"bcfd1a7d",8298:"687e20bc",8338:"ad85b1ef",8523:"8a33da19",8654:"03cfa6f7",8914:"f7385094",8934:"8dcf93dc",9093:"ad9bab9a",9104:"bd403acb",9140:"3706fe77",9546:"655adf18",9621:"8dd461fc",9769:"7e337a56",9784:"84261676",9887:"0619e1d5",10149:"370de2d9",10330:"12a06ad6",10409:"d19115d7",10507:"3e12f454",10554:"a4c05209",10582:"e6dd6da5",10601:"a3470c53",10623:"62314bb1",10648:"b6d3d2df",10654:"8d265025",10704:"23352ec4",10962:"e2da1f85",11177:"f6a9426b",11180:"7aa5df64",11274:"4f3516e2",11310:"1b267c09",11426:"9790f6d3",11618:"a6016a7e",11697:"5b09d46c",11930:"4f5d49a9",11938:"a1963bff",12021:"33212b4b",12026:"f031a327",12066:"a0e6b5c2",12105:"1d52074d",12205:"ce50ea2a",12368:"3f6be463",12585:"edbec64d",12602:"5457b00e",12603:"d5af26f4",12658:"3a435e54",12681:"c81b193a",12865:"7371e1a3",12882:"1c0e9aa0",13056:"f8b3aa78",13072:"a94ee45d",13123:"bc4d58a4",13245:"36d71838",13261:"3e264488",13344:"cb7043f0",13460:"7bde4295",13575:"edea3d23",13581:"00d5b134",13634:"90925eb7",13825:"c945ac6e",14007:"861f751b",14050:"71f012fd",14085:"c103f181",14640:"30269bac",14873:"fc06a125",14986:"080a77b8",15062:"879b8a59",15185:"f4774aa2",15316:"826eb956",15350:"ecc58e23",15574:"90e47a5b",15651:"915a4fec",15709:"995dbe35",15729:"a4cf8478",15736:"dd6e498d",15771:"dde9c6cc",15921:"90609308",15979:"e1bea0d2",16186:"23b969f8",16380:"126508e2",16684:"d8256cbb",16992:"8a8987ef",17104:"6ed3fb3b",17541:"1076f64b",17634:"672b3b49",17994:"ed200b07",18083:"64b2938c",18091:"e699d4d1",18233:"dc366153",18348:"af61538a",18503:"ab131112",18543:"84e59631",18654:"d20320e1",18676:"26684b7d",18746:"92b86d63",18952:"40f1cf9e",18975:"457b963a",19096:"7720bb24",19186:"40907c41",19336:"f56cf62c",19478:"6728c7a9",19480:"c4428c45",19509:"8e9960dc",19599:"e10d246f",19612:"37963c82",19720:"dfb5f0c7",19840:"d67039b7",20111:"fdfb486c",20119:"e2bf4803",20686:"868b8e17",20739:"6eed3feb",20769:"1cc400ce",20898:"acc03d12",21020:"34156d76",21022:"949f9e5c",21054:"8a5c65cb",21131:"c64c8a00",21290:"ecf397c5",21307:"7863a04f",21411:"a9af3507",21499:"6b670249",21511:"92e7b68f",21574:"2fd2ba7e",21594:"dec2802b",21715:"fec5c7d4",21926:"c6ca8e82",21994:"2ae252f9",22035:"bdf7d44f",22036:"07b2872f",22092:"50610133",22094:"f167b037",22159:"f42d2ef1",22348:"dcb471a6",22394:"58f46323",22498:"9a3d5681",22502:"a4f23293",22570:"1222082a",22609:"5e15c15b",22681:"3c116a82",22697:"42895aa9",22713:"eb29bc22",22965:"09772b34",22970:"15f6fe0f",23169:"146d05d7",23199:"b4ed5649",23475:"c283ece6",23486:"c9448d9e",23521:"f0de574e",23676:"eb3dc601",23719:"bff9d2be",23910:"175c78b3",23915:"3fa39283",24004:"d0fc3039",24174:"2132f2c8",24180:"0702198c",24212:"b6120ea9",24269:"833dfbe2",24276:"365269c3",24340:"cbf62e80",24349:"9cdc8175",24354:"20d73eb2",24464:"b02de59a",24720:"f98e13e4",24920:"7040ea16",24930:"77ff8c5f",25088:"27b2bedd",25297:"59476d7b",25480:"2ffafe2d",25561:"b00a96e0",25618:"fbf5a5bc",25915:"d33dc195",25929:"1b28acf9",26123:"2865d6a1",26283:"636ce216",26389:"526841b1",26546:"05d073aa",26571:"18ba6a46",26583:"22f788e4",26599:"d7924564",26780:"fe92c3c8",26824:"4ea5776c",27071:"9b14b78f",27103:"e43c6f85",27166:"c50c64c1",27278:"e93086c6",27339:"fa5a4d6d",27495:"8a77ded3",27510:"7ac58bfb",27785:"c709e528",27918:"17896441",28006:"2a769183",28027:"cbee0725",28045:"e5c15292",28065:"51a6b448",28109:"b8763a3d",28250:"3fdf6886",28294:"a73e6386",28424:"0a3ca7a0",28427:"41e2cb2a",28528:"fbc46c8d",28600:"3962ec11",28614:"a972ad3e",28621:"282850f5",28706:"bd9ea72b",28755:"b77b8c66",29106:"7a52780b",29245:"1c258b38",29307:"8bddd949",29514:"1be78505",29597:"6591a8d4",29753:"91d2db81",29946:"216a98d5",29969:"628c5638",29996:"07a41131",30144:"f2b72252",30433:"3151d179",30763:"56554851",30836:"0fc51021",30853:"dfea22ae",30868:"8c335d31",31289:"b52fa139",31301:"fb52e9b8",31386:"e6dd87aa",31422:"97f5f3c2",31472:"35eb483f",31617:"59c3a605",31626:"35265ade",31671:"cbd72529",31803:"1517121d",31809:"bc8b2a0c",31921:"08efe41f",31967:"03d0b641",32077:"7a4d057f",32263:"92103f47",32440:"5bc595e9",32535:"da36def6",32663:"69fd7c0e",32699:"8fd272bb",32764:"bd4362ca",32809:"759f5d40",32810:"4741f96c",32942:"70de5b5f",33019:"a4e49971",33040:"ce6ee837",33150:"e8d4cdb9",33191:"f6784245",33313:"93996e09",33514:"99dc4662",33698:"341b1c91",34049:"1e415b6f",34085:"cc549ae9",34093:"836ce71c",34176:"ce59b13f",34203:"3ad596a9",34224:"c4ffb2d2",34316:"f8990407",34377:"e3c905de",34682:"6d0e887d",34740:"078ca05e",34771:"9d708593",34967:"e9b5709f",34970:"913247ec",34998:"7c404f02",35119:"714a0345",35174:"7ac0181b",35206:"161a8a09",35223:"b3cc103d",35406:"d602a484",35542:"43947e47",35638:"f42f3bd8",35674:"3f324a56",35821:"284a080c",35839:"cfc90e78",35913:"e00fa61b",35995:"b49d70f9",36358:"0b3545e4",36516:"83ce496e",36549:"1d5b23e2",36555:"80a8b741",36668:"c968257b",36694:"4a506fa9",36714:"16b4412b",36777:"aa9d4f22",36868:"cca70ef7",36883:"077ee5ba",37300:"1f1b61b4",37503:"8887a228",37590:"c94d8736",37704:"5f6ea5d7",37739:"70ea087d",37861:"9bc8facc",37998:"4e5322cc",38002:"640423d2",38098:"99b17796",38130:"cd61fe91",38153:"9919686c",38279:"29a08e9a",38342:"1fd61002",38382:"e02565da",38429:"fb6c00a7",38515:"265621d8",38590:"29b0c18d",38773:"217d978d",38774:"d2eed707",39063:"f083362e",39184:"cefce2a2",39609:"c1660528",39652:"b0851ee2",39781:"7379db51",39840:"5447c5cf",39880:"1677abc3",39945:"91524627",39977:"30ad8f72",40104:"465a7087",40300:"1dcbf034",40363:"d3b3891b",40408:"d24baff8",40412:"2bd82a96",40421:"53d6371d",40578:"234e638a",40613:"59f2fdda",40791:"7259f1b1",41021:"90e6bfa4",41026:"4c5e3d0c",41048:"0a00aed9",41119:"1738210e",41232:"ea710672",41298:"969fec62",41337:"19e0fcb3",41490:"d449dcf1",41550:"fb6543cb",41600:"cb9e7599",41606:"5f3ec91d",41713:"6f23519e",41748:"b2974c0c",41797:"e9e146f9",41808:"f918b75b",41843:"d3ee8f76",41862:"7d20fe42",41863:"7820f9d0",41910:"cb0f9cfc",42060:"4c8bab11",42184:"e57902fd",42213:"42d74bd0",42293:"352fe4c2",42384:"f2b29f39",42408:"369767ab",42774:"56af85b5",42798:"4fbbeb6d",42807:"56e0102d",42815:"04c84ab7",42900:"461bbd2f",42908:"952453f2",42936:"8616380d",42957:"9ab9d50f",42977:"6b5f3f1c",43075:"cee81a32",43240:"6f717a16",43386:"619f4ce6",43527:"d9ff0d7c",43567:"7c224e35",43570:"f9f60325",43662:"e0085fac",43690:"f5855e91",43855:"0565c07f",43991:"c7c76429",44164:"76752974",44351:"4b04188a",44437:"03174832",44442:"ec8dee43",44689:"93f2b152",44913:"00f8cb14",45007:"649093c4",45182:"0befdadd",45403:"4fd18230",45570:"5f002f12",45585:"659951bd",45621:"456cfd32",45971:"5dbe590f",46003:"ca13f458",46021:"cf1ecaf1",46103:"ccc49370",46150:"d409a93e",46203:"8f876d16",46225:"bf3f6241",46265:"05e002f0",46348:"8e3c5f08",46406:"a70d2e82",46436:"32b646fc",46442:"88746a45",46596:"20979765",46651:"8ec6e829",46705:"f3740653",46734:"4a76d056",46762:"ac1eaa32",46779:"708daa68",46878:"7430a490",46947:"feb1236d",46971:"c377a04b",47057:"140f3dee",47362:"c617b3ad",47484:"244e56d5",47497:"51b3f280",47532:"52763308",47611:"9c8e56d0",47618:"7d2009bc",47647:"ab97ccc9",48085:"5bdb327e",48100:"9983579e",48111:"008e479d",48440:"0f92a9a8",48441:"2ea98982",48472:"005af5ea",48527:"bebebfab",48610:"6875c492",48772:"72cc6d1e",48797:"bfb74d34",49201:"2dd6b9ac",49277:"8a72ccb4",49492:"1c21ba58",50030:"29e3a43b",50065:"d3bd14d4",50154:"93ecf9d2",50155:"cf2b80f9",50295:"692db14d",50475:"199adf45",50536:"3ecf99f6",50566:"36fd6b31",50598:"5b418dd2",50682:"7455c1f8",50734:"a4ae065a",50786:"3b3d7813",51157:"b2fe1a56",51232:"92054cc8",51426:"cb97ded3",51519:"e957a797",51596:"3b10f148",51661:"5b1d965c",51701:"23091f88",51770:"f45be535",51893:"bf65740b",52131:"6dd1a436",52182:"ff85a2bf",52277:"46b1bedd",52303:"1398643a",52535:"814f3328",52607:"5cf52972",52642:"7a3cbbc1",52656:"d09cacbb",52685:"7fdede95",52908:"e830f50c",52916:"5183b70e",52961:"991a0614",53015:"0902dbf0",53121:"001e1716",53237:"1df93b7f",53303:"6e286be6",53608:"9e4087bc",53711:"1a5edc34",53834:"f24dcdab",53978:"cd4bceb7",54142:"c177c35c",54197:"6767fc64",54257:"f656ff8f",54369:"bc7ebba5",54400:"fae58180",54468:"4fe46fb7",54495:"52caa0fa",54549:"ae5766d7",54763:"f8085e57",54768:"04de07fa",54779:"79f1cb63",54797:"51e252e1",54868:"c0fac2c5",54915:"0602922c",54993:"0614adf5",55183:"52d10dde",55374:"91958274",55395:"e6bd1150",55444:"7f5a4972",55458:"e05e4f28",55713:"aeaca7a3",55764:"a55c14b2",55791:"e333f46c",55817:"63814cb7",56104:"f30c03b2",56294:"d7fd4a45",56345:"d7be0b9b",56427:"7313540a",56454:"747c87af",56461:"66766c59",56630:"deb891b7",56779:"1aba2a20",56805:"2c647459",56942:"c0a645c7",56948:"4a70cc0d",57205:"c4fd52e5",57256:"c9fea71a",57365:"ca20a8fe",57456:"7792adb1",57523:"770d309f",57574:"1cc46930",57740:"b0c2e5ed",57793:"59f6952c",57842:"4fdcd587",57891:"42428214",58139:"cfa87347",58231:"b6130486",58253:"b8678d1a",58255:"161712d6",58273:"bb28fa20",58349:"6f94884f",58494:"92228e60",58581:"a5b4528c",58695:"89f437f7",58805:"6ff39321",58821:"46886cb0",58886:"a3ee450e",58967:"bbf3cda5",59134:"dac8816f",59300:"453c4055",59337:"2a592757",59353:"18f289aa",59425:"316e84de",59525:"ea5ecbc5",59559:"f5d6dd48",59682:"f67e3aa3",59694:"fb22e237",59706:"2cd08dad",59726:"b878c13e",59814:"01d5614e",59825:"8a703bd1",59827:"047e6a26",60266:"4bf67133",60380:"eb9d40ec",60467:"03118738",60608:"a9e69a82",60780:"d5bfda9e",60821:"daab0409",60930:"3b1282ea",60996:"4bdadcb4",61157:"dff31f53",61213:"190acd9c",61265:"053d7e42",61337:"db189e95",61554:"f4d442d5",61581:"53470b9e",61708:"08d52cd0",61763:"076802e0",61766:"16029c63",61846:"1170c774",61890:"481cb13b",61931:"4e8ec2d5",61981:"24e002ac",62024:"5f058c77",62109:"3488fd6c",62275:"5837c87c",62324:"06d6451e",62543:"9c92bc77",62693:"9d79cf0f",62811:"b4cdaeff",62974:"fafc9877",63022:"4db9da1d",63048:"49fd035e",63147:"b90f1cd1",63299:"f70b5741",63376:"8765036c",63410:"70c58991",63434:"f83dc955",63684:"bf342a85",63693:"ce7dab8e",63797:"65769068",63905:"6acab07e",63998:"fc3f47a8",64013:"01a85c17",64070:"3cc8df7b",64247:"752e02a7",64322:"22d1e350",64325:"0da6392e",64395:"65a1b790",64411:"74b3ebbb",64600:"9f2791cf",64658:"bf7df328",64748:"95446c39",64822:"ac3a39d8",64838:"ad8e7dcc",64854:"72457b75",64964:"bc300906",64967:"4ab0658f",64978:"08d58ed6",65051:"c10b9920",65161:"5a44e4dd",65193:"eb5c7b0a",65301:"8731dd32",65362:"bb0c4597",65480:"eb5263e4",65533:"4e6ed8f3",65540:"783edba4",65548:"d6487ff7",65637:"79c12c19",65731:"cfbe9d8e",65754:"47bafca7",65839:"75fb7ff2",65870:"02ec521e",65878:"ef25bb1f",66095:"d7245e62",66232:"9a544e45",66291:"18c538ec",66342:"a59e0362",66377:"a530b0d2",66513:"00b87587",66662:"b5430557",66789:"b46e9e7c",67036:"1055a711",67060:"3ed7e301",67232:"019131da",67301:"20a75fd7",67356:"1ddde341",67371:"3d57ba44",67431:"a90d1c60",67570:"d9f8802d",67579:"b3089a88",67581:"84090fe9",67624:"4b415865",67764:"4a41c9ed",67826:"adcbe9eb",67873:"df12da97",68418:"7d1e7a7c",68493:"fce9c71b",68540:"d553c684",68925:"d9a4e4a9",68959:"9abfca86",69040:"2c2bdd6a",69047:"78aa31c9",69078:"2b1e53d2",69164:"4d635c76",69228:"f14b45bb",69300:"2628b79f",69319:"170c3def",69320:"0965286a",69538:"36b5d89b",69593:"e527a4fd",69678:"e8df2429",69796:"65d527ac",69853:"d9dc158b",70163:"f17a645b",70198:"8d2190cc",70527:"8ccefe70",70545:"276a35f2",70714:"1dc9c973",70772:"b8ce7dc9",70879:"eb51026c",71473:"c93a2b7b",71518:"e4d0a9b4",71693:"a2baab9e",71848:"d58b9252",71877:"1a52eae7",71878:"3ad228ae",71916:"fda8821a",71964:"b58e0449",72113:"d719ccc2",72147:"c0ed6d96",72184:"4ef7ce65",72447:"05c17326",72612:"eca036a7",72629:"0d8d3350",72685:"4c601101",72828:"c3ab2f20",72829:"66bc78fc",72868:"a3937ff1",72938:"d705183c",72985:"fb6d9ef4",72992:"d9ebdac2",73167:"1b42d056",73407:"fc05bc09",73457:"cc63c88a",73746:"8ee976c2",73805:"cf896737",73838:"3b42de7a",73860:"78e0e367",74009:"18714417",74076:"cab9a096",74107:"830fd0bf",74296:"ab9a051c",74423:"cffa70f7",74517:"48f8f874",74556:"78dce1fd",74570:"625eab23",74595:"38dfefea",74703:"e0a79853",74708:"0bb7bcfa",74713:"330ac9fe",74891:"522cb5d3",74926:"1d40ab52",75092:"40c869fc",75143:"b17755e4",75191:"192ae610",75223:"c9f8f6c0",75257:"c50a9231",75360:"ed642a45",75601:"4e291c72",75612:"f49d7908",75623:"5d01a869",75884:"3e3d3813",75950:"32828b2c",76066:"38dc8bc1",76194:"342f8f1b",76311:"fc150fa2",76313:"b505846c",76420:"d8f8ea8f",76496:"fd333703",76638:"103f9e04",77078:"8cd80816",77184:"27772462",77248:"226b0cb1",77333:"0142e598",77340:"890438e0",77445:"f2a4f782",77467:"1608ab0c",77492:"bd753016",77503:"7566cda2",77552:"91d6c0c4",77667:"c087d33b",77752:"371c68ed",77763:"c20a5dd8",77802:"73c0098d",77814:"8f0d52a3",77885:"efe6b3fa",78010:"08cd2194",78202:"474899f0",78325:"d924c453",78361:"6a78568e",78442:"550fad1a",78606:"a1fbca1b",78658:"1855c9f4",78673:"c6aea3f1",78740:"ec887574",78861:"53094378",78923:"d1f0e4b8",79110:"56d060ef",79178:"5d8dde6e",79346:"5fd3099d",79355:"16304c1d",79526:"3da507b6",79679:"63831db4",79694:"fc1959c7",79777:"7f1215b4",79842:"5e2a7dec",79917:"f92f7190",79971:"ea2a8a2b",79978:"cde6b8a6",80009:"5f2498b2",80053:"935f2afb",80145:"14706c8b",80316:"42705cec",80357:"05827d53",80451:"14fe5d11",80484:"e2c6734d",80517:"8855d2b7",80881:"ca5cb613",80912:"e656dc47",80948:"6525da2f",81084:"aab4c406",81100:"0899fb24",81182:"6baa2cef",81229:"40616ef9",81357:"173f7963",81560:"5eb6fbed",81636:"558e1c6c",81643:"bab8d2c4",81758:"3a836242",81771:"20643d6a",81804:"bf0e441c",81821:"fd8b739b",81940:"d96ceb02",81960:"74376b51",82120:"3923cff6",82168:"0904ab64",82329:"9107ea31",82344:"3e21b64c",82347:"56d960a3",82478:"7c5fdb97",82651:"853e4057",82654:"2456a5e0",82683:"ec9ce0b9",82763:"6cc9d60c",82935:"ce73e545",82968:"cc020efe",82977:"b768cbd4",83037:"1aa3183d",83050:"236783c9",83060:"8a3cf0bc",83066:"57333199",83153:"915b42ac",83184:"912ede02",83217:"3b8c55ea",83276:"c8a30dcb",83323:"e7e3539d",83532:"a05ad5a3",83555:"b4edc141",83590:"610c6209",83669:"0ca5e369",83827:"a6b4f274",83856:"9ec43235",84143:"0984e7b7",84288:"89779929",84331:"b8ae24ba",84394:"d4054b0c",84541:"2d11d1c7",84606:"381d9cc2",84615:"511f43e7",84723:"efc92035",84841:"bb002237",85064:"eba3cb06",85330:"4121ff2e",85350:"346c6f31",85511:"096b53d1",85765:"d3ac05e9",85785:"d39f4c6a",85872:"a32b9391",85957:"3d23d174",85989:"8a69729c",86007:"61ac022e",86019:"5665fc6b",86341:"e4627f95",86392:"95b4e82b",86478:"9e8974f2",86621:"2f9a61f7",86754:"4ed45869",86847:"defea45c",86849:"57b59cd4",86892:"e5249a91",86905:"e59cf075",86925:"0c4492b5",86983:"843d5c9d",86997:"813b8b2b",87089:"532cc112",87097:"535a9867",87199:"e08ad4e2",87413:"826a4450",87659:"003bd65f",87908:"673cfd93",88462:"5c098672",88746:"6bfb1f3b",88799:"119399a8",89110:"3ab60fbf",89120:"a89101e8",89213:"5b1b9265",89243:"9ceb8545",89535:"8a2021db",89635:"306e9acb",90069:"b809a965",90342:"67a3f72d",90414:"fa02121a",90434:"611ed0af",90451:"251e224c",90647:"9a147845",90673:"a618be25",90744:"1095b338",90874:"d01ce3bc",91024:"bf01e4e0",91043:"5eb60198",91075:"7f7d57e5",91550:"4b535752",91577:"aab66baf",91617:"08b38161",91698:"d41cac77",91709:"7675a0fe",91835:"baf595e3",91993:"3c5e5778",92130:"88d474ce",92180:"9f5a94da",92341:"5c2c8950",92511:"15706790",92711:"e19ba590",92901:"462cb3ee",93009:"ec0bc416",93089:"a6aa9e1f",93116:"77d972d9",93117:"5f593e60",93185:"799df3c7",93323:"0756af21",93432:"23d9fe45",93502:"62c56f8b",93549:"bb1699c9",93614:"ea480a96",93656:"22bf71e8",93716:"3fa77eb9",93851:"4aebba5d",93891:"6a545a3d",94012:"15960ad5",94013:"38d8ce0a",94156:"36a4e4f0",94176:"a793e2e1",94235:"8d66cedd",94243:"f3d6bf7d",94325:"259d4bd8",94579:"c07ebe24",94881:"f24deb99",94899:"222f68c8",94977:"98a7b080",95018:"45ca2515",95051:"1c05226e",95142:"07fcb413",95510:"266461e3",95647:"9b6133b9",95654:"dc648997",95683:"32f482e1",95719:"93946e0a",96030:"00f5d06d",96075:"83e792f1",96298:"1c3c8be8",96688:"a22ed5e4",96813:"7c409bae",96902:"1608665e",96979:"737abd23",97006:"7fb7e253",97120:"0752e30e",97140:"0462cff2",97213:"d8ef6140",97267:"4b385260",97357:"28d6087e",97562:"afacbea5",97602:"c6bc47df",97635:"cd0c0b67",97722:"7350c59a",97912:"7f9606e9",97964:"7ab81c4a",98087:"3d4ef3a7",98258:"d7e0d0e7",98437:"60e1e52f",98498:"32e847b8",98659:"97bdec26",98752:"af1a53b7",98807:"9b9ccd3e",98991:"4593cc08",99135:"b5c078ab",99397:"659dff9c",99554:"2b4e7f11",99734:"7bff08c9",99812:"285fd50d",99903:"a4707478"}[e]||e)+"."+{21:"e8db92b2",109:"7d540acc",312:"c9e5ab73",747:"e6a4227a",815:"1d64a8bf",925:"c966c0f9",940:"1126dea7",983:"85515927",1087:"e4c3b1d7",1238:"d4fdedab",1310:"42bea346",1358:"da7161b2",1416:"eec2f609",1438:"cec5b12b",1488:"b1a242a0",1514:"d2744380",1741:"1b31805d",1953:"26d8e736",1954:"0b34bc9c",2077:"f1161b84",2232:"18dabc55",2271:"b742dea0",2322:"c3c72cf3",2466:"db5c00e1",2467:"41f0f036",2572:"7c24eea8",2879:"84a24a15",3007:"f0d108e2",3419:"866f6080",3465:"24e6f06f",3694:"688dccba",3729:"0a234850",4247:"6644139e",4250:"f91c37da",4336:"248742d4",4358:"826cd50e",4714:"2334fecc",4847:"d5f1ecb1",4998:"3c20db2d",5166:"dd8f8287",5215:"e86418c9",5291:"c14ec276",5422:"35167db4",5426:"acfb36c0",5481:"1ea3b510",5488:"8050e32b",5510:"2fe53128",5569:"325ee7c2",5774:"a556ff23",6182:"eff8db40",6213:"ba4d8dc2",6380:"d594447f",6455:"ffe866bf",6740:"5a649f9b",6795:"a0fcbbe9",7069:"121d08b0",7087:"92985a33",7096:"4f237850",7319:"b5d24f3a",7328:"b4761775",7383:"e0e08f28",7392:"148dea26",7402:"0146f1da",7457:"dba73d1c",7659:"73808397",7695:"80864974",7703:"a4eaee91",7741:"994cc253",7786:"6aa29002",7789:"b67a8647",7800:"8f3731c3",7811:"d702064e",7865:"0848bc01",7899:"d3837eae",8007:"3f2fd7d3",8214:"9103b553",8243:"ed357ccd",8298:"99fd79dd",8338:"8495a819",8523:"1697801f",8654:"bad19c1e",8914:"5fd26b0d",8934:"1425bd71",9093:"cba4f98f",9104:"c7a92398",9140:"0da3acf5",9546:"cdf4a43c",9621:"bb7992e7",9769:"57fc81c4",9784:"3d6d8437",9887:"70eedba3",10149:"8b4e7ea5",10330:"efe61bad",10409:"b8318f58",10507:"cb36671b",10554:"567430f4",10582:"fa2c1846",10601:"ed0c9424",10623:"d0d1a670",10648:"f6ad12d0",10654:"72eafb3e",10704:"b6a62e2a",10962:"3fd9932c",11177:"fa569261",11180:"644a771f",11274:"866c10a6",11310:"3b929021",11426:"d02db023",11618:"05cb970e",11697:"09dcdde4",11930:"2157445e",11938:"7507327f",12021:"121733da",12026:"93a65c78",12066:"6303023c",12105:"9906145f",12205:"6f5304d4",12368:"5f063a00",12585:"c85b77d1",12602:"c549397c",12603:"cff39de2",12658:"c63e77a3",12681:"e5e6032c",12865:"1da13d88",12882:"ab2c2dcd",13056:"7be5a84a",13072:"a0b75323",13123:"bd9ec282",13245:"c34ebabf",13261:"431d44cd",13344:"5dc10998",13460:"08306def",13575:"19f6722c",13581:"a7b4bda8",13634:"3c63008a",13825:"86122428",14007:"67f7f532",14050:"1a1f86f2",14085:"bf568252",14640:"a8849ea5",14873:"61a550fe",14986:"a2386c12",15062:"e0762999",15185:"0941179a",15316:"e76bf261",15350:"24caf80b",15574:"1d99f440",15651:"7b608f22",15709:"bc21c8f0",15729:"829a1e71",15736:"6dcbdc4a",15771:"9b3b57b5",15921:"42e255b1",15979:"7fd3fde0",16186:"67643b30",16380:"44b90bdc",16684:"d14b62a1",16992:"8f734c6b",17104:"f14eaf01",17541:"5e439495",17634:"9b341a41",17994:"82e68fbc",18083:"933aa6ac",18091:"c54c83a6",18233:"6dfd0167",18348:"39363612",18503:"b00e694b",18543:"d8b0b0dd",18654:"6b1e8606",18676:"abbb25d1",18746:"d2e309fb",18952:"3913f82b",18975:"bd590918",19096:"c95a097f",19186:"1af94c71",19336:"5eef1e32",19478:"c8408cbc",19480:"11d699d7",19509:"01099fba",19599:"7b871313",19612:"25aab38a",19720:"142c4c67",19840:"2411fdd1",20111:"1f1e2d37",20119:"072a58fe",20486:"bea2439e",20686:"e22801f7",20739:"fe7dec50",20769:"bbba1ca9",20898:"23dc5185",21020:"147a23f1",21022:"77f45368",21054:"0eef08f8",21131:"93dad10f",21290:"d10a819f",21307:"e41a7b2f",21411:"ed16a47f",21499:"f0f075ef",21511:"2636c847",21574:"7d2a11a1",21594:"872306e9",21715:"e7e98879",21926:"5b96440d",21994:"4a0c3620",22035:"1a8dad82",22036:"b3bc1f9e",22092:"a85181a6",22094:"ce2e081c",22159:"5afdde65",22348:"37b20d70",22394:"0b0538e3",22498:"df18af70",22502:"a6ec6349",22570:"61817c64",22609:"85752a17",22681:"7b50c7b2",22697:"0ed50301",22713:"185f59e2",22965:"d99ab323",22970:"356ed2c6",23169:"3f173035",23199:"8c313f3d",23475:"defd9cec",23486:"3a91383b",23521:"ca055cc0",23676:"4011641e",23719:"27319b53",23910:"ca0cbb79",23915:"f4618526",24004:"6204bf4f",24174:"499345b3",24180:"f30977ed",24212:"18ab5286",24269:"fdde4f4f",24276:"dd67cfc3",24340:"fb06e7aa",24349:"8f7aaa90",24354:"166190e8",24464:"458cd2da",24720:"fd73174a",24920:"bfe05e45",24930:"f3c747d9",25088:"50ea1b98",25297:"9cbf9d15",25480:"842afd03",25561:"fc1414fe",25618:"4a5a91ee",25915:"9b94861c",25929:"072ecff1",26123:"b63d11ed",26283:"dfcb0074",26389:"7a68fa9e",26546:"0e67243e",26571:"fafbf339",26583:"c5a17b17",26599:"c53c88e8",26780:"b845a821",26824:"bbd490c9",27071:"a8d53910",27103:"755b804b",27166:"ea3377ac",27278:"c8d57b6c",27339:"cbdd9481",27495:"9361cff8",27510:"8086e898",27785:"b9612608",27918:"126ce769",28006:"7cce8369",28027:"73e674cb",28045:"d7e38384",28065:"fbcd992a",28109:"40941685",28250:"600feaf9",28294:"dfdedc68",28424:"cc520127",28427:"045f5eea",28490:"40bd1e8f",28528:"2b83f438",28600:"d2495a4b",28614:"5649a6b1",28621:"cbe04304",28706:"b6d61405",28755:"5eeeecbb",29106:"6d17385a",29245:"c3542688",29307:"9bbf021e",29514:"61328999",29597:"3359f8ad",29753:"5c4d5106",29946:"13f23b59",29969:"b52b0db4",29996:"903e5627",30144:"55c492f9",30433:"d4f93af2",30763:"44937f11",30836:"ff7ff475",30853:"6a5ce8d9",30868:"8ae0030a",31289:"a6ebc928",31301:"a1110d9b",31386:"23f8714b",31422:"12fe9d7e",31472:"2f2ac03c",31617:"a4a0c98f",31626:"99bf3948",31671:"ef900a18",31803:"0a436099",31809:"34d4d988",31921:"a805c1a5",31967:"0d7e1870",32077:"91bba93b",32263:"35bbb30b",32440:"f33ba6bb",32535:"0ddc097a",32663:"897a4c55",32699:"09b33ce7",32764:"c4b29104",32809:"f3504241",32810:"69f5ce2c",32942:"40ea2d58",33019:"9c911be2",33040:"1e51b3e0",33150:"b112fd70",33191:"159b5961",33313:"d7e7fa10",33514:"9d96b724",33698:"1fd502e7",34049:"8344e060",34085:"708be506",34093:"a9d58a94",34176:"a75ee44f",34203:"ba77eb0d",34224:"41713a46",34316:"c69f6f4f",34377:"6400037b",34682:"88f6fb04",34740:"e852bb24",34771:"092e30a9",34967:"c3d30397",34970:"440cf678",34998:"b9a93791",35119:"e77af8d1",35174:"c07ad2a5",35206:"0be3b13c",35223:"d6f49da7",35406:"d4c67d9a",35542:"1e6a47f5",35638:"3be62e68",35674:"79ba46b0",35821:"028ebcaf",35839:"a8385908",35913:"bfc208da",35995:"94a897ee",36358:"3f6ac45d",36516:"1a7d1437",36549:"8c494ee7",36555:"9c2835dc",36668:"70204305",36694:"86ba26ad",36714:"3161abae",36777:"ee5aa43f",36868:"655166d8",36883:"17a72363",37300:"a8bdf45c",37503:"4ab0398e",37590:"82e14522",37704:"931bc5df",37739:"4606673d",37861:"aa9de769",37998:"02432bc2",38002:"dbe922e2",38098:"7c8e3a84",38130:"8e1c3820",38153:"ee23a8fa",38279:"36d618e1",38342:"bd2d47c3",38382:"e0bd7007",38429:"a0e472fa",38515:"5ff3a268",38590:"291ed7e2",38773:"8308f2a8",38774:"0ab7fd59",39063:"96adf0c9",39184:"ee90b394",39609:"d6af7eac",39652:"f41c482a",39781:"07872635",39840:"03cb115f",39880:"050ba86a",39945:"4912895e",39977:"ed45c656",40104:"ce9b4e6c",40300:"d17c7218",40363:"3a20fc02",40408:"b4330ade",40412:"a0001f40",40421:"9ce0d52c",40578:"ef843736",40613:"87c21496",40791:"924036e2",41021:"dcd3aece",41026:"919bbca3",41048:"4caaeed1",41119:"1e79e836",41232:"b8a1d405",41298:"7a48772b",41337:"cef85f93",41490:"dce01ba6",41550:"24822864",41600:"ec1b29e7",41606:"1b64a0d8",41713:"4465f3f4",41748:"ee132496",41797:"d50c8b36",41808:"6e2339a3",41843:"f6cd0622",41862:"e5410b04",41863:"ff544712",41910:"a95c314c",42060:"6fdad5b1",42184:"3f99d349",42213:"9fc77d0b",42293:"2ee93475",42384:"22182b2e",42408:"d3191987",42774:"507b20e6",42798:"00330344",42807:"e0fda9ba",42815:"ec4d7925",42900:"ac0a8f97",42908:"9840aed2",42936:"61fd2d56",42957:"de6418fa",42977:"a244750a",43075:"0637ca51",43240:"8d8cca45",43386:"066bffc2",43527:"b562101b",43567:"df931557",43570:"e00db7d4",43662:"62e53f6d",43690:"3eae6bae",43855:"f537f6fe",43991:"961c8d6a",44164:"1891be0c",44351:"1a21c04f",44437:"e41c7ef0",44442:"c5e9897d",44689:"a1d2ad0c",44913:"7a558425",45007:"54cbb85a",45182:"aa913a60",45403:"c9ec5194",45570:"6562b9b2",45585:"2db4181d",45621:"245cfdf9",45971:"3d125251",46003:"91db0141",46021:"a4f91589",46048:"8f4458a6",46103:"69de5a44",46150:"1c076a88",46203:"12697d9b",46225:"0706d01e",46265:"9d48ae86",46348:"443c1885",46406:"92679fdd",46436:"06382694",46442:"88b6e892",46596:"1d611864",46651:"1128c181",46705:"bef2ea33",46734:"c3c3a0a4",46762:"d0619d3b",46779:"c3ecb161",46878:"6fb931e5",46947:"9b9265af",46971:"29fdb728",47057:"847ada5e",47362:"0d108878",47484:"7d3493ff",47497:"68d7fd23",47532:"0173afed",47611:"90bca5f6",47618:"701a0551",47647:"a4b59634",48085:"92faac02",48100:"a088e7ff",48111:"c2ca6030",48440:"985dad1b",48441:"69fbf22c",48472:"6708c2e5",48527:"eb02368f",48610:"feeb8dc7",48772:"a88f32f2",48797:"1268b6c4",49201:"a7594aca",49277:"05e11747",49492:"b61e30f4",50030:"d5ed870b",50065:"7b658417",50154:"e52e1348",50155:"844afe79",50295:"898f5e3c",50475:"69ec2ad7",50536:"26ac8144",50566:"c3e125bf",50598:"1a33af0c",50682:"fc2bbbc5",50734:"f5372aa8",50786:"94dd79ba",50840:"934bb5d2",51157:"3582b996",51195:"5722c257",51232:"cf85cfae",51426:"b414372a",51519:"2ddaedff",51596:"297c26d8",51661:"ab5db16c",51701:"60d421cd",51770:"e07f727f",51893:"167165d1",52131:"c96ee793",52182:"dcfc77cf",52277:"238a1278",52303:"8b4e815d",52535:"2b82a630",52607:"3838edfb",52642:"62b14f08",52656:"8d0066cd",52685:"e8e8c17e",52908:"f264133e",52916:"d54528ef",52961:"75d1b4df",53015:"15e0d65d",53121:"bd2dfb2a",53237:"8a314d7f",53303:"fa36655f",53608:"b8afcdda",53711:"7045f7d7",53834:"274f492d",53978:"c3209811",54142:"0f358e7a",54197:"ad1cf17c",54257:"4e99c2b6",54369:"0d6ff9ca",54400:"89afc29d",54468:"f501395a",54495:"2329659d",54549:"90cd6d0a",54763:"d6d149cb",54768:"adfdb9ee",54779:"fe12d053",54797:"5c71db40",54868:"43c54987",54915:"263b5383",54993:"91510f5f",55183:"4afb8487",55374:"6f87a2a9",55395:"e39cceeb",55444:"e6a808e8",55458:"8f4e1fd4",55713:"dadb66df",55764:"e7d31d42",55791:"71e04fef",55817:"f698fdd9",56104:"f224e78e",56294:"643fb6cb",56345:"a8cb5489",56427:"88a471df",56454:"e0ef7626",56461:"6ffcd5f1",56630:"aad6846f",56779:"313d3b3e",56805:"011f9a61",56942:"15b4c01e",56948:"eb13f101",57205:"453d3b8d",57256:"2c302fe3",57365:"cd77fd7f",57456:"ce8e5c73",57523:"7986f0ac",57574:"30c94bb8",57740:"d571f1cb",57793:"13cd8f4f",57842:"436e8901",57891:"2aea4f0e",58139:"fe5f7c83",58231:"f7061b32",58253:"e10d281c",58255:"f456123e",58273:"6246135e",58349:"383e7dba",58494:"a3c91f55",58581:"cb59114b",58695:"36847346",58805:"5f4863f0",58821:"690f0dde",58886:"d03a700d",58967:"e3bfff41",59134:"39b6ac65",59300:"a53b83fd",59337:"c77ee5a0",59353:"6d8af524",59425:"ae539608",59525:"34c330df",59559:"4371aa71",59682:"b0479a1c",59694:"5959c540",59706:"eb7ac842",59726:"c290ca42",59814:"77686cb4",59825:"272ecf6c",59827:"2de6d0d0",60266:"49a9bd5a",60380:"6ac57077",60467:"1f0b9e09",60608:"01c2ce46",60780:"9495c495",60821:"64d2eae3",60930:"e23e8ea8",60996:"f04f5618",61157:"fd3de3a0",61213:"f1350e77",61265:"8e7c25cf",61337:"df600d5d",61554:"89ea185c",61581:"53e61a76",61708:"52875fd3",61763:"b534b2ee",61766:"0d6ec0f7",61846:"0d13a4cc",61890:"df2dcfa9",61931:"7d68e82e",61981:"a89cf658",62024:"b7ec0bb3",62109:"bf1989ca",62275:"174bdae9",62324:"4b534ee2",62543:"4a1b15c5",62693:"3e929917",62811:"a887c608",62974:"b9a543b3",63022:"6867ceb0",63048:"1cf9703b",63147:"cad0bd08",63299:"4b7f01aa",63376:"2e96170c",63410:"f503b52c",63434:"9018e3f6",63684:"2b83b0f7",63693:"cce4278f",63797:"075f705b",63905:"f6c4fbb2",63998:"faf088c7",64013:"47408ea8",64070:"8b7c91df",64247:"a8e023f5",64322:"1e8780e5",64325:"57859a67",64395:"8fa92a84",64411:"01e53c38",64600:"36221f82",64658:"a56cb96d",64748:"69f28e7f",64822:"1d25b787",64838:"4734156a",64854:"8264ccc2",64964:"d0414439",64967:"75921c03",64978:"383d3118",65051:"a595ef45",65161:"10bc7db1",65193:"f4875fa3",65301:"7553b6f3",65362:"3c470e71",65480:"7674fc21",65533:"8206358e",65540:"847de929",65548:"a559c231",65637:"66664bdc",65731:"2fc8a251",65754:"40996275",65839:"ea26ad80",65870:"9cb5da05",65878:"425a052c",66095:"53f0d6a9",66232:"4c02220a",66291:"4659c015",66342:"85255697",66377:"c06cc2b5",66513:"644c3372",66662:"6d07a943",66789:"1b9327d9",67036:"d83a6876",67060:"0b2f9400",67232:"fe4630cf",67301:"eacef02f",67356:"e7411f4c",67371:"54d17ba2",67431:"2d9c8a57",67570:"a912d835",67579:"daa8afe0",67581:"638f9bbf",67624:"2dd693f3",67764:"6705fdf9",67826:"f852d88c",67873:"dc960011",68418:"27a16d44",68493:"0c40016b",68540:"f332477c",68584:"ef0cac6b",68925:"c97c9855",68959:"94092423",69040:"cccba49c",69047:"8f87de4b",69078:"3e46606f",69164:"41fa3c89",69228:"fa2e6a84",69300:"7e705c90",69319:"dda81018",69320:"eeb5834b",69538:"05971b00",69593:"895b8a38",69678:"ae4afaf2",69796:"1b466ab9",69853:"bb0e8997",70163:"c9e4c4e2",70198:"46116597",70527:"20ad887d",70545:"e8051c9c",70714:"f03b155b",70772:"1239902f",70879:"5f73f442",71473:"68cc4272",71518:"48a998b7",71693:"ff1332e9",71848:"cb0d1f9d",71877:"fed30307",71878:"e37bdf0f",71916:"768a731d",71964:"54af46a7",72113:"d59b28b3",72147:"633d1373",72184:"15fb41dc",72447:"01b80165",72612:"a87ceb95",72629:"eadd44b9",72685:"5105ff07",72828:"aa1f07da",72829:"26a76f49",72868:"13f6e676",72938:"40d590c1",72985:"95fcf945",72992:"771fe17c",73167:"61796922",73407:"64f33247",73457:"33140d4c",73746:"0b9e2383",73805:"9cbb80df",73838:"61e6ec64",73860:"fd9df75f",74009:"1c9d42c4",74076:"718ac0fd",74107:"9f615b04",74296:"bf644a62",74423:"201cc6d6",74517:"3cea8a30",74556:"d1490399",74570:"0166a245",74595:"721f71e3",74703:"ee145dc3",74708:"6ad9f335",74713:"3ccf94fa",74891:"9596fdb6",74926:"e770c6c2",75092:"2aa2090a",75143:"05036a0e",75191:"98f22159",75223:"ff45c0cc",75257:"1d833078",75360:"a4adee3d",75601:"f115a355",75612:"e7a49797",75623:"52bef0f9",75884:"c5698ce9",75950:"53532520",76066:"a1dd8328",76194:"f6db6508",76311:"326ffe1a",76313:"6198d5c0",76420:"f556a572",76496:"264bce35",76638:"60bf0e5c",77078:"b2cf6936",77184:"9dcd8703",77248:"a18dbc2f",77333:"c92eb6a9",77340:"01a8d81e",77445:"f7d76f75",77467:"eb56212f",77492:"71bc818a",77503:"73f98799",77552:"e36b4b41",77667:"e5edad73",77752:"17e2ac1c",77763:"a01da5fe",77802:"cc00c9d3",77814:"cb9a6fca",77885:"00b46333",78010:"df577e49",78202:"871432e6",78325:"7e618213",78361:"00c04ba0",78442:"f1abe9df",78606:"040ca666",78658:"0b60f228",78673:"04b9d185",78740:"3b78e779",78861:"dcc00330",78923:"fc3660cc",79110:"87be014f",79178:"1dc96990",79346:"96ad859b",79355:"a1a459dc",79526:"ed45097e",79679:"9a75464e",79694:"7f503b64",79777:"2bfb73a9",79842:"f70e1c2b",79917:"255ee5de",79971:"1e550fba",79978:"51490c6f",80009:"348aab8f",80053:"210d0509",80145:"a334c14c",80316:"82ece6ba",80357:"e70b4219",80451:"33a05c65",80484:"a20124ce",80517:"062c5b4f",80881:"a8a9dda3",80912:"74508a41",80948:"c59e0944",81084:"da2db2e5",81100:"ceb6e5d1",81182:"f80d523a",81229:"bbaeb6ed",81357:"54a015ae",81560:"9da6af9b",81636:"b6d05944",81643:"23a6d571",81758:"ce84902f",81771:"1a87d58f",81804:"9119071a",81821:"2e47881e",81940:"b4eecf5c",81960:"fa113e2d",82120:"6ecca09e",82168:"3670f9b6",82329:"e40ca1cb",82344:"3ec8ed78",82347:"828a3a81",82478:"b08b65bf",82651:"6b8d3907",82654:"7e0e6ff8",82683:"abffd430",82763:"e92cb585",82935:"93f31ffb",82968:"1501c975",82977:"aed4cacd",83037:"4aa09de9",83050:"1b5bf1eb",83060:"e5047aa2",83066:"4dec174b",83153:"9e50b95f",83184:"9a863f7b",83217:"098412e1",83276:"3ac466b0",83323:"27a5f228",83532:"bdc47a20",83555:"f1c0c913",83590:"8e23d175",83669:"7bf91233",83827:"613cf5b5",83856:"dfd9052e",84143:"09d7f959",84288:"1d1680e4",84331:"71f78c10",84394:"c71cce47",84541:"b132fd3e",84606:"e6003652",84615:"563807c2",84723:"e9916021",84841:"5ff33789",85064:"9f31e02f",85330:"34264fb1",85350:"fe0f3b36",85511:"3bbf9d84",85765:"496d3230",85785:"88bd8437",85872:"d2a55b71",85957:"49a91d2e",85989:"33e0dd36",86007:"012d4f9f",86019:"e3ace10a",86341:"4e2b3c9d",86392:"6a1765dd",86478:"f0f57a20",86621:"5a12df2e",86754:"8a694d15",86847:"25f285bd",86849:"d5640354",86892:"e7cacf53",86905:"ecf2aa71",86925:"6f0cc4ca",86983:"0753903d",86997:"6d1edacb",87089:"8666f6f8",87097:"5be719eb",87199:"bc7247d1",87413:"4131835d",87659:"82b4e10b",87908:"f4dcf58d",88462:"a2d32b15",88746:"17b3e11f",88799:"d34bc748",89110:"6b6cf3e7",89120:"185c69c4",89213:"11922ac2",89243:"45098b59",89535:"f75b7800",89635:"5dc48be1",90069:"5f0f9e2c",90342:"8b87339f",90414:"56a13b94",90434:"49871b0d",90451:"79460c6f",90647:"e0257ef3",90673:"cf3d9b9d",90744:"685204a2",90874:"ce5f99f4",91024:"12f5809c",91043:"5d1e6230",91075:"2299303e",91550:"fe4db9f8",91577:"9dcc181b",91617:"24b5e497",91698:"67a26da1",91709:"856a3485",91835:"9d0603fe",91993:"c333fef1",92130:"0c4fd33e",92180:"25aea8ca",92341:"3313736f",92511:"967974ae",92711:"d536cac1",92901:"1925c49b",93009:"c236e494",93089:"0ffc3ed6",93116:"542a5298",93117:"1d7f73ee",93185:"75da6f90",93323:"2459ecf3",93432:"d2bd78e6",93502:"642ed554",93549:"7a469e11",93614:"1ce1cfe1",93656:"34db1d79",93716:"07c6cd5c",93851:"9db598cc",93891:"f7799cf6",94012:"13d96263",94013:"66f0ab8d",94156:"e124ffd7",94176:"7f2c3bad",94235:"34d14fed",94243:"ca3b1310",94325:"bbba5a4d",94579:"13807da9",94881:"929ccd1d",94899:"77e51b95",94977:"74b8b4d6",95018:"5508fe6c",95051:"9f6e54d8",95142:"4ede1de5",95510:"9c14357e",95647:"531bfe2d",95654:"d3d9992f",95683:"0b571df1",95719:"43361bdf",96030:"1340c103",96075:"34cb5df7",96298:"b120f89e",96688:"145b6e12",96813:"34c4513d",96902:"7373dfa7",96979:"9a2f37a8",97006:"be953606",97120:"9a356a8b",97140:"f4681f86",97213:"51255189",97267:"397d1b9e",97357:"1c6cf103",97562:"ff1ab01d",97602:"8a16a535",97635:"07db27f7",97722:"1f13712f",97912:"2a26ddd0",97964:"f380e84b",98087:"269796d7",98258:"76b7f383",98437:"f9b6f3a9",98498:"29e3cb4e",98659:"fb4b7a92",98752:"a877c9dd",98807:"e755289d",98991:"ebaf99c8",99135:"da3a8f4d",99397:"6ed347a2",99554:"0bd32e57",99734:"544ccc39",99812:"3d6c8f72",99903:"f72c6883"}[e]+".js",r.miniCssF=e=>{},r.g=function(){if("object"==typeof globalThis)return globalThis;try{return this||new Function("return this")()}catch(e){if("object"==typeof window)return window}}(),r.o=(e,d)=>Object.prototype.hasOwnProperty.call(e,d),a={},b="podman:",r.l=(e,d,c,f)=>{if(a[e])a[e].push(d);else{var t,o;if(void 0!==c)for(var n=document.getElementsByTagName("script"),i=0;i{t.onerror=t.onload=null,clearTimeout(s);var b=a[e];if(delete a[e],t.parentNode&&t.parentNode.removeChild(t),b&&b.forEach((e=>e(c))),d)return d(c)},s=setTimeout(l.bind(null,void 0,{type:"timeout",target:t}),12e4);t.onerror=l.bind(null,t.onerror),t.onload=l.bind(null,t.onload),o&&document.head.appendChild(t)}},r.r=e=>{"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},r.p="/",r.gca=function(e){return e={15706790:"92511",17896441:"27918",18714417:"74009",20979765:"46596",27772462:"77184",42428214:"57891",50610133:"22092",52763308:"47532",53094378:"78861",56554851:"30763",57333199:"83066",65769068:"63797",76752974:"44164",84261676:"9784",89779929:"84288",90609308:"15921",91524627:"39945",91958274:"55374","300f4cd6":"21","795f3bdb":"109","15d0580c":"312","260a4a36":"747",c7567e98:"815","36e2d848":"925","18f6552f":"940",d3ca5c2e:"983","94dc7cfd":"1087",b5cde707:"1238",fc1fe8cd:"1310","5a7d75ff":"1358","6cda4436":"1416",b28576cd:"1438","78e22a47":"1488","6e48d5f2":"1514","5a638c7a":"1741","3e8d5da4":"1953","1e439a5b":"2077","6f8faf89":"2232","9cc26b9a":"2271",dcd93014:"2322",a500dec7:"2466","6d895060":"2467","1f1afc48":"2572","41bc5d3f":"2879",e7e456ae:"3007",b420e108:"3419","1431f569":"3465","88dfd727":"3694","2e0a315c":"3729","1b19517e":"4247","16b64f07":"4250","70365baa":"4336","0b13c270":"4358","08650cf2":"4714",e257e53c:"4847",e8f48e86:"4998","7bbfc3b6":"5166","3b4c1a08":"5215","00feb899":"5291","30983fb2":"5422",f41d5350:"5426","77a3d39e":"5481",b1a5927e:"5488",bf00a8d0:"5510",dfbccedb:"5569","9ec8eba6":"5774",dfcf29be:"6182","55e4d810":"6213","1ac601ec":"6380","2b956348":"6455","9f833be8":"6740",e30f1b57:"6795","98fbcf17":"7069","3da98dca":"7087","173771a7":"7096","2f0cfb14":"7319",b0998319:"7328",ad8204b4:"7383",a6195e9a:"7392",fbb59325:"7402",ed94db85:"7457",ccd53d21:"7659","993aa953":"7695","9482ce64":"7703",a4d3bfdf:"7741","8917ad4d":"7786",c41a9bbf:"7789","5757960c":"7800",d0a74388:"7811","2c65c31e":"7865",d45a981c:"7899","63c93610":"8007","6598a7ba":"8214",bcfd1a7d:"8243","687e20bc":"8298",ad85b1ef:"8338","8a33da19":"8523","03cfa6f7":"8654",f7385094:"8914","8dcf93dc":"8934",ad9bab9a:"9093",bd403acb:"9104","3706fe77":"9140","655adf18":"9546","8dd461fc":"9621","7e337a56":"9769","0619e1d5":"9887","370de2d9":"10149","12a06ad6":"10330",d19115d7:"10409","3e12f454":"10507",a4c05209:"10554",e6dd6da5:"10582",a3470c53:"10601","62314bb1":"10623",b6d3d2df:"10648","8d265025":"10654","23352ec4":"10704",e2da1f85:"10962",f6a9426b:"11177","7aa5df64":"11180","4f3516e2":"11274","1b267c09":"11310","9790f6d3":"11426",a6016a7e:"11618","5b09d46c":"11697","4f5d49a9":"11930",a1963bff:"11938","33212b4b":"12021",f031a327:"12026",a0e6b5c2:"12066","1d52074d":"12105",ce50ea2a:"12205","3f6be463":"12368",edbec64d:"12585","5457b00e":"12602",d5af26f4:"12603","3a435e54":"12658",c81b193a:"12681","7371e1a3":"12865","1c0e9aa0":"12882",f8b3aa78:"13056",a94ee45d:"13072",bc4d58a4:"13123","36d71838":"13245","3e264488":"13261",cb7043f0:"13344","7bde4295":"13460",edea3d23:"13575","00d5b134":"13581","90925eb7":"13634",c945ac6e:"13825","861f751b":"14007","71f012fd":"14050",c103f181:"14085","30269bac":"14640",fc06a125:"14873","080a77b8":"14986","879b8a59":"15062",f4774aa2:"15185","826eb956":"15316",ecc58e23:"15350","90e47a5b":"15574","915a4fec":"15651","995dbe35":"15709",a4cf8478:"15729",dd6e498d:"15736",dde9c6cc:"15771",e1bea0d2:"15979","23b969f8":"16186","126508e2":"16380",d8256cbb:"16684","8a8987ef":"16992","6ed3fb3b":"17104","1076f64b":"17541","672b3b49":"17634",ed200b07:"17994","64b2938c":"18083",e699d4d1:"18091",dc366153:"18233",af61538a:"18348",ab131112:"18503","84e59631":"18543",d20320e1:"18654","26684b7d":"18676","92b86d63":"18746","40f1cf9e":"18952","457b963a":"18975","7720bb24":"19096","40907c41":"19186",f56cf62c:"19336","6728c7a9":"19478",c4428c45:"19480","8e9960dc":"19509",e10d246f:"19599","37963c82":"19612",dfb5f0c7:"19720",d67039b7:"19840",fdfb486c:"20111",e2bf4803:"20119","868b8e17":"20686","6eed3feb":"20739","1cc400ce":"20769",acc03d12:"20898","34156d76":"21020","949f9e5c":"21022","8a5c65cb":"21054",c64c8a00:"21131",ecf397c5:"21290","7863a04f":"21307",a9af3507:"21411","6b670249":"21499","92e7b68f":"21511","2fd2ba7e":"21574",dec2802b:"21594",fec5c7d4:"21715",c6ca8e82:"21926","2ae252f9":"21994",bdf7d44f:"22035","07b2872f":"22036",f167b037:"22094",f42d2ef1:"22159",dcb471a6:"22348","58f46323":"22394","9a3d5681":"22498",a4f23293:"22502","1222082a":"22570","5e15c15b":"22609","3c116a82":"22681","42895aa9":"22697",eb29bc22:"22713","09772b34":"22965","15f6fe0f":"22970","146d05d7":"23169",b4ed5649:"23199",c283ece6:"23475",c9448d9e:"23486",f0de574e:"23521",eb3dc601:"23676",bff9d2be:"23719","175c78b3":"23910","3fa39283":"23915",d0fc3039:"24004","2132f2c8":"24174","0702198c":"24180",b6120ea9:"24212","833dfbe2":"24269","365269c3":"24276",cbf62e80:"24340","9cdc8175":"24349","20d73eb2":"24354",b02de59a:"24464",f98e13e4:"24720","7040ea16":"24920","77ff8c5f":"24930","27b2bedd":"25088","59476d7b":"25297","2ffafe2d":"25480",b00a96e0:"25561",fbf5a5bc:"25618",d33dc195:"25915","1b28acf9":"25929","2865d6a1":"26123","636ce216":"26283","526841b1":"26389","05d073aa":"26546","18ba6a46":"26571","22f788e4":"26583",d7924564:"26599",fe92c3c8:"26780","4ea5776c":"26824","9b14b78f":"27071",e43c6f85:"27103",c50c64c1:"27166",e93086c6:"27278",fa5a4d6d:"27339","8a77ded3":"27495","7ac58bfb":"27510",c709e528:"27785","2a769183":"28006",cbee0725:"28027",e5c15292:"28045","51a6b448":"28065",b8763a3d:"28109","3fdf6886":"28250",a73e6386:"28294","0a3ca7a0":"28424","41e2cb2a":"28427",fbc46c8d:"28528","3962ec11":"28600",a972ad3e:"28614","282850f5":"28621",bd9ea72b:"28706",b77b8c66:"28755","7a52780b":"29106","1c258b38":"29245","8bddd949":"29307","1be78505":"29514","6591a8d4":"29597","91d2db81":"29753","216a98d5":"29946","628c5638":"29969","07a41131":"29996",f2b72252:"30144","3151d179":"30433","0fc51021":"30836",dfea22ae:"30853","8c335d31":"30868",b52fa139:"31289",fb52e9b8:"31301",e6dd87aa:"31386","97f5f3c2":"31422","35eb483f":"31472","59c3a605":"31617","35265ade":"31626",cbd72529:"31671","1517121d":"31803",bc8b2a0c:"31809","08efe41f":"31921","03d0b641":"31967","7a4d057f":"32077","92103f47":"32263","5bc595e9":"32440",da36def6:"32535","69fd7c0e":"32663","8fd272bb":"32699",bd4362ca:"32764","759f5d40":"32809","4741f96c":"32810","70de5b5f":"32942",a4e49971:"33019",ce6ee837:"33040",e8d4cdb9:"33150",f6784245:"33191","93996e09":"33313","99dc4662":"33514","341b1c91":"33698","1e415b6f":"34049",cc549ae9:"34085","836ce71c":"34093",ce59b13f:"34176","3ad596a9":"34203",c4ffb2d2:"34224",f8990407:"34316",e3c905de:"34377","6d0e887d":"34682","078ca05e":"34740","9d708593":"34771",e9b5709f:"34967","913247ec":"34970","7c404f02":"34998","714a0345":"35119","7ac0181b":"35174","161a8a09":"35206",b3cc103d:"35223",d602a484:"35406","43947e47":"35542",f42f3bd8:"35638","3f324a56":"35674","284a080c":"35821",cfc90e78:"35839",e00fa61b:"35913",b49d70f9:"35995","0b3545e4":"36358","83ce496e":"36516","1d5b23e2":"36549","80a8b741":"36555",c968257b:"36668","4a506fa9":"36694","16b4412b":"36714",aa9d4f22:"36777",cca70ef7:"36868","077ee5ba":"36883","1f1b61b4":"37300","8887a228":"37503",c94d8736:"37590","5f6ea5d7":"37704","70ea087d":"37739","9bc8facc":"37861","4e5322cc":"37998","640423d2":"38002","99b17796":"38098",cd61fe91:"38130","9919686c":"38153","29a08e9a":"38279","1fd61002":"38342",e02565da:"38382",fb6c00a7:"38429","265621d8":"38515","29b0c18d":"38590","217d978d":"38773",d2eed707:"38774",f083362e:"39063",cefce2a2:"39184",c1660528:"39609",b0851ee2:"39652","7379db51":"39781","5447c5cf":"39840","1677abc3":"39880","30ad8f72":"39977","465a7087":"40104","1dcbf034":"40300",d3b3891b:"40363",d24baff8:"40408","2bd82a96":"40412","53d6371d":"40421","234e638a":"40578","59f2fdda":"40613","7259f1b1":"40791","90e6bfa4":"41021","4c5e3d0c":"41026","0a00aed9":"41048","1738210e":"41119",ea710672:"41232","969fec62":"41298","19e0fcb3":"41337",d449dcf1:"41490",fb6543cb:"41550",cb9e7599:"41600","5f3ec91d":"41606","6f23519e":"41713",b2974c0c:"41748",e9e146f9:"41797",f918b75b:"41808",d3ee8f76:"41843","7d20fe42":"41862","7820f9d0":"41863",cb0f9cfc:"41910","4c8bab11":"42060",e57902fd:"42184","42d74bd0":"42213","352fe4c2":"42293",f2b29f39:"42384","369767ab":"42408","56af85b5":"42774","4fbbeb6d":"42798","56e0102d":"42807","04c84ab7":"42815","461bbd2f":"42900","952453f2":"42908","8616380d":"42936","9ab9d50f":"42957","6b5f3f1c":"42977",cee81a32:"43075","6f717a16":"43240","619f4ce6":"43386",d9ff0d7c:"43527","7c224e35":"43567",f9f60325:"43570",e0085fac:"43662",f5855e91:"43690","0565c07f":"43855",c7c76429:"43991","4b04188a":"44351","03174832":"44437",ec8dee43:"44442","93f2b152":"44689","00f8cb14":"44913","649093c4":"45007","0befdadd":"45182","4fd18230":"45403","5f002f12":"45570","659951bd":"45585","456cfd32":"45621","5dbe590f":"45971",ca13f458:"46003",cf1ecaf1:"46021",ccc49370:"46103",d409a93e:"46150","8f876d16":"46203",bf3f6241:"46225","05e002f0":"46265","8e3c5f08":"46348",a70d2e82:"46406","32b646fc":"46436","88746a45":"46442","8ec6e829":"46651",f3740653:"46705","4a76d056":"46734",ac1eaa32:"46762","708daa68":"46779","7430a490":"46878",feb1236d:"46947",c377a04b:"46971","140f3dee":"47057",c617b3ad:"47362","244e56d5":"47484","51b3f280":"47497","9c8e56d0":"47611","7d2009bc":"47618",ab97ccc9:"47647","5bdb327e":"48085","9983579e":"48100","008e479d":"48111","0f92a9a8":"48440","2ea98982":"48441","005af5ea":"48472",bebebfab:"48527","6875c492":"48610","72cc6d1e":"48772",bfb74d34:"48797","2dd6b9ac":"49201","8a72ccb4":"49277","1c21ba58":"49492","29e3a43b":"50030",d3bd14d4:"50065","93ecf9d2":"50154",cf2b80f9:"50155","692db14d":"50295","199adf45":"50475","3ecf99f6":"50536","36fd6b31":"50566","5b418dd2":"50598","7455c1f8":"50682",a4ae065a:"50734","3b3d7813":"50786",b2fe1a56:"51157","92054cc8":"51232",cb97ded3:"51426",e957a797:"51519","3b10f148":"51596","5b1d965c":"51661","23091f88":"51701",f45be535:"51770",bf65740b:"51893","6dd1a436":"52131",ff85a2bf:"52182","46b1bedd":"52277","1398643a":"52303","814f3328":"52535","5cf52972":"52607","7a3cbbc1":"52642",d09cacbb:"52656","7fdede95":"52685",e830f50c:"52908","5183b70e":"52916","991a0614":"52961","0902dbf0":"53015","001e1716":"53121","1df93b7f":"53237","6e286be6":"53303","9e4087bc":"53608","1a5edc34":"53711",f24dcdab:"53834",cd4bceb7:"53978",c177c35c:"54142","6767fc64":"54197",f656ff8f:"54257",bc7ebba5:"54369",fae58180:"54400","4fe46fb7":"54468","52caa0fa":"54495",ae5766d7:"54549",f8085e57:"54763","04de07fa":"54768","79f1cb63":"54779","51e252e1":"54797",c0fac2c5:"54868","0602922c":"54915","0614adf5":"54993","52d10dde":"55183",e6bd1150:"55395","7f5a4972":"55444",e05e4f28:"55458",aeaca7a3:"55713",a55c14b2:"55764",e333f46c:"55791","63814cb7":"55817",f30c03b2:"56104",d7fd4a45:"56294",d7be0b9b:"56345","7313540a":"56427","747c87af":"56454","66766c59":"56461",deb891b7:"56630","1aba2a20":"56779","2c647459":"56805",c0a645c7:"56942","4a70cc0d":"56948",c4fd52e5:"57205",c9fea71a:"57256",ca20a8fe:"57365","7792adb1":"57456","770d309f":"57523","1cc46930":"57574",b0c2e5ed:"57740","59f6952c":"57793","4fdcd587":"57842",cfa87347:"58139",b6130486:"58231",b8678d1a:"58253","161712d6":"58255",bb28fa20:"58273","6f94884f":"58349","92228e60":"58494",a5b4528c:"58581","89f437f7":"58695","6ff39321":"58805","46886cb0":"58821",a3ee450e:"58886",bbf3cda5:"58967",dac8816f:"59134","453c4055":"59300","2a592757":"59337","18f289aa":"59353","316e84de":"59425",ea5ecbc5:"59525",f5d6dd48:"59559",f67e3aa3:"59682",fb22e237:"59694","2cd08dad":"59706",b878c13e:"59726","01d5614e":"59814","8a703bd1":"59825","047e6a26":"59827","4bf67133":"60266",eb9d40ec:"60380","03118738":"60467",a9e69a82:"60608",d5bfda9e:"60780",daab0409:"60821","3b1282ea":"60930","4bdadcb4":"60996",dff31f53:"61157","190acd9c":"61213","053d7e42":"61265",db189e95:"61337",f4d442d5:"61554","53470b9e":"61581","08d52cd0":"61708","076802e0":"61763","16029c63":"61766","1170c774":"61846","481cb13b":"61890","4e8ec2d5":"61931","24e002ac":"61981","5f058c77":"62024","3488fd6c":"62109","5837c87c":"62275","06d6451e":"62324","9c92bc77":"62543","9d79cf0f":"62693",b4cdaeff:"62811",fafc9877:"62974","4db9da1d":"63022","49fd035e":"63048",b90f1cd1:"63147",f70b5741:"63299","8765036c":"63376","70c58991":"63410",f83dc955:"63434",bf342a85:"63684",ce7dab8e:"63693","6acab07e":"63905",fc3f47a8:"63998","01a85c17":"64013","3cc8df7b":"64070","752e02a7":"64247","22d1e350":"64322","0da6392e":"64325","65a1b790":"64395","74b3ebbb":"64411","9f2791cf":"64600",bf7df328:"64658","95446c39":"64748",ac3a39d8:"64822",ad8e7dcc:"64838","72457b75":"64854",bc300906:"64964","4ab0658f":"64967","08d58ed6":"64978",c10b9920:"65051","5a44e4dd":"65161",eb5c7b0a:"65193","8731dd32":"65301",bb0c4597:"65362",eb5263e4:"65480","4e6ed8f3":"65533","783edba4":"65540",d6487ff7:"65548","79c12c19":"65637",cfbe9d8e:"65731","47bafca7":"65754","75fb7ff2":"65839","02ec521e":"65870",ef25bb1f:"65878",d7245e62:"66095","9a544e45":"66232","18c538ec":"66291",a59e0362:"66342",a530b0d2:"66377","00b87587":"66513",b5430557:"66662",b46e9e7c:"66789","1055a711":"67036","3ed7e301":"67060","019131da":"67232","20a75fd7":"67301","1ddde341":"67356","3d57ba44":"67371",a90d1c60:"67431",d9f8802d:"67570",b3089a88:"67579","84090fe9":"67581","4b415865":"67624","4a41c9ed":"67764",adcbe9eb:"67826",df12da97:"67873","7d1e7a7c":"68418",fce9c71b:"68493",d553c684:"68540",d9a4e4a9:"68925","9abfca86":"68959","2c2bdd6a":"69040","78aa31c9":"69047","2b1e53d2":"69078","4d635c76":"69164",f14b45bb:"69228","2628b79f":"69300","170c3def":"69319","0965286a":"69320","36b5d89b":"69538",e527a4fd:"69593",e8df2429:"69678","65d527ac":"69796",d9dc158b:"69853",f17a645b:"70163","8d2190cc":"70198","8ccefe70":"70527","276a35f2":"70545","1dc9c973":"70714",b8ce7dc9:"70772",eb51026c:"70879",c93a2b7b:"71473",e4d0a9b4:"71518",a2baab9e:"71693",d58b9252:"71848","1a52eae7":"71877","3ad228ae":"71878",fda8821a:"71916",b58e0449:"71964",d719ccc2:"72113",c0ed6d96:"72147","4ef7ce65":"72184","05c17326":"72447",eca036a7:"72612","0d8d3350":"72629","4c601101":"72685",c3ab2f20:"72828","66bc78fc":"72829",a3937ff1:"72868",d705183c:"72938",fb6d9ef4:"72985",d9ebdac2:"72992","1b42d056":"73167",fc05bc09:"73407",cc63c88a:"73457","8ee976c2":"73746",cf896737:"73805","3b42de7a":"73838","78e0e367":"73860",cab9a096:"74076","830fd0bf":"74107",ab9a051c:"74296",cffa70f7:"74423","48f8f874":"74517","78dce1fd":"74556","625eab23":"74570","38dfefea":"74595",e0a79853:"74703","0bb7bcfa":"74708","330ac9fe":"74713","522cb5d3":"74891","1d40ab52":"74926","40c869fc":"75092",b17755e4:"75143","192ae610":"75191",c9f8f6c0:"75223",c50a9231:"75257",ed642a45:"75360","4e291c72":"75601",f49d7908:"75612","5d01a869":"75623","3e3d3813":"75884","32828b2c":"75950","38dc8bc1":"76066","342f8f1b":"76194",fc150fa2:"76311",b505846c:"76313",d8f8ea8f:"76420",fd333703:"76496","103f9e04":"76638","8cd80816":"77078","226b0cb1":"77248","0142e598":"77333","890438e0":"77340",f2a4f782:"77445","1608ab0c":"77467",bd753016:"77492","7566cda2":"77503","91d6c0c4":"77552",c087d33b:"77667","371c68ed":"77752",c20a5dd8:"77763","73c0098d":"77802","8f0d52a3":"77814",efe6b3fa:"77885","08cd2194":"78010","474899f0":"78202",d924c453:"78325","6a78568e":"78361","550fad1a":"78442",a1fbca1b:"78606","1855c9f4":"78658",c6aea3f1:"78673",ec887574:"78740",d1f0e4b8:"78923","56d060ef":"79110","5d8dde6e":"79178","5fd3099d":"79346","16304c1d":"79355","3da507b6":"79526","63831db4":"79679",fc1959c7:"79694","7f1215b4":"79777","5e2a7dec":"79842",f92f7190:"79917",ea2a8a2b:"79971",cde6b8a6:"79978","5f2498b2":"80009","935f2afb":"80053","14706c8b":"80145","42705cec":"80316","05827d53":"80357","14fe5d11":"80451",e2c6734d:"80484","8855d2b7":"80517",ca5cb613:"80881",e656dc47:"80912","6525da2f":"80948",aab4c406:"81084","0899fb24":"81100","6baa2cef":"81182","40616ef9":"81229","173f7963":"81357","5eb6fbed":"81560","558e1c6c":"81636",bab8d2c4:"81643","3a836242":"81758","20643d6a":"81771",bf0e441c:"81804",fd8b739b:"81821",d96ceb02:"81940","74376b51":"81960","3923cff6":"82120","0904ab64":"82168","9107ea31":"82329","3e21b64c":"82344","56d960a3":"82347","7c5fdb97":"82478","853e4057":"82651","2456a5e0":"82654",ec9ce0b9:"82683","6cc9d60c":"82763",ce73e545:"82935",cc020efe:"82968",b768cbd4:"82977","1aa3183d":"83037","236783c9":"83050","8a3cf0bc":"83060","915b42ac":"83153","912ede02":"83184","3b8c55ea":"83217",c8a30dcb:"83276",e7e3539d:"83323",a05ad5a3:"83532",b4edc141:"83555","610c6209":"83590","0ca5e369":"83669",a6b4f274:"83827","9ec43235":"83856","0984e7b7":"84143",b8ae24ba:"84331",d4054b0c:"84394","2d11d1c7":"84541","381d9cc2":"84606","511f43e7":"84615",efc92035:"84723",bb002237:"84841",eba3cb06:"85064","4121ff2e":"85330","346c6f31":"85350","096b53d1":"85511",d3ac05e9:"85765",d39f4c6a:"85785",a32b9391:"85872","3d23d174":"85957","8a69729c":"85989","61ac022e":"86007","5665fc6b":"86019",e4627f95:"86341","95b4e82b":"86392","9e8974f2":"86478","2f9a61f7":"86621","4ed45869":"86754",defea45c:"86847","57b59cd4":"86849",e5249a91:"86892",e59cf075:"86905","0c4492b5":"86925","843d5c9d":"86983","813b8b2b":"86997","532cc112":"87089","535a9867":"87097",e08ad4e2:"87199","826a4450":"87413","003bd65f":"87659","673cfd93":"87908","5c098672":"88462","6bfb1f3b":"88746","119399a8":"88799","3ab60fbf":"89110",a89101e8:"89120","5b1b9265":"89213","9ceb8545":"89243","8a2021db":"89535","306e9acb":"89635",b809a965:"90069","67a3f72d":"90342",fa02121a:"90414","611ed0af":"90434","251e224c":"90451","9a147845":"90647",a618be25:"90673","1095b338":"90744",d01ce3bc:"90874",bf01e4e0:"91024","5eb60198":"91043","7f7d57e5":"91075","4b535752":"91550",aab66baf:"91577","08b38161":"91617",d41cac77:"91698","7675a0fe":"91709",baf595e3:"91835","3c5e5778":"91993","88d474ce":"92130","9f5a94da":"92180","5c2c8950":"92341",e19ba590:"92711","462cb3ee":"92901",ec0bc416:"93009",a6aa9e1f:"93089","77d972d9":"93116","5f593e60":"93117","799df3c7":"93185","0756af21":"93323","23d9fe45":"93432","62c56f8b":"93502",bb1699c9:"93549",ea480a96:"93614","22bf71e8":"93656","3fa77eb9":"93716","4aebba5d":"93851","6a545a3d":"93891","15960ad5":"94012","38d8ce0a":"94013","36a4e4f0":"94156",a793e2e1:"94176","8d66cedd":"94235",f3d6bf7d:"94243","259d4bd8":"94325",c07ebe24:"94579",f24deb99:"94881","222f68c8":"94899","98a7b080":"94977","45ca2515":"95018","1c05226e":"95051","07fcb413":"95142","266461e3":"95510","9b6133b9":"95647",dc648997:"95654","32f482e1":"95683","93946e0a":"95719","00f5d06d":"96030","83e792f1":"96075","1c3c8be8":"96298",a22ed5e4:"96688","7c409bae":"96813","1608665e":"96902","737abd23":"96979","7fb7e253":"97006","0752e30e":"97120","0462cff2":"97140",d8ef6140:"97213","4b385260":"97267","28d6087e":"97357",afacbea5:"97562",c6bc47df:"97602",cd0c0b67:"97635","7350c59a":"97722","7f9606e9":"97912","7ab81c4a":"97964","3d4ef3a7":"98087",d7e0d0e7:"98258","60e1e52f":"98437","32e847b8":"98498","97bdec26":"98659",af1a53b7:"98752","9b9ccd3e":"98807","4593cc08":"98991",b5c078ab:"99135","659dff9c":"99397","2b4e7f11":"99554","7bff08c9":"99734","285fd50d":"99812",a4707478:"99903"}[e]||e,r.p+r.u(e)},(()=>{var e={51303:0,40532:0};r.f.j=(d,c)=>{var a=r.o(e,d)?e[d]:void 0;if(0!==a)if(a)c.push(a[2]);else if(/^(40532|51303)$/.test(d))e[d]=0;else{var b=new Promise(((c,b)=>a=e[d]=[c,b]));c.push(a[2]=b);var f=r.p+r.u(d),t=new Error;r.l(f,(c=>{if(r.o(e,d)&&(0!==(a=e[d])&&(e[d]=void 0),a)){var b=c&&("load"===c.type?"missing":c.type),f=c&&c.target&&c.target.src;t.message="Loading chunk "+d+" failed.\n("+b+": "+f+")",t.name="ChunkLoadError",t.type=b,t.request=f,a[1](t)}}),"chunk-"+d,d)}},r.O.j=d=>0===e[d];var d=(d,c)=>{var a,b,f=c[0],t=c[1],o=c[2],n=0;if(f.some((d=>0!==e[d]))){for(a in t)r.o(t,a)&&(r.m[a]=t[a]);if(o)var i=o(r)}for(d&&d(c);n{"use strict";var e,d,c,a,b,f={},t={};function r(e){var d=t[e];if(void 0!==d)return d.exports;var c=t[e]={id:e,loaded:!1,exports:{}};return f[e].call(c.exports,c,c.exports,r),c.loaded=!0,c.exports}r.m=f,r.c=t,e=[],r.O=(d,c,a,b)=>{if(!c){var f=1/0;for(i=0;i=b)&&Object.keys(r.O).every((e=>r.O[e](c[o])))?c.splice(o--,1):(t=!1,b0&&e[i-1][2]>b;i--)e[i]=e[i-1];e[i]=[c,a,b]},r.n=e=>{var d=e&&e.__esModule?()=>e.default:()=>e;return r.d(d,{a:d}),d},c=Object.getPrototypeOf?e=>Object.getPrototypeOf(e):e=>e.__proto__,r.t=function(e,a){if(1&a&&(e=this(e)),8&a)return e;if("object"==typeof e&&e){if(4&a&&e.__esModule)return e;if(16&a&&"function"==typeof e.then)return e}var b=Object.create(null);r.r(b);var f={};d=d||[null,c({}),c([]),c(c)];for(var t=2&a&&e;"object"==typeof t&&!~d.indexOf(t);t=c(t))Object.getOwnPropertyNames(t).forEach((d=>f[d]=()=>e[d]));return f.default=()=>e,r.d(b,f),b},r.d=(e,d)=>{for(var c in d)r.o(d,c)&&!r.o(e,c)&&Object.defineProperty(e,c,{enumerable:!0,get:d[c]})},r.f={},r.e=e=>Promise.all(Object.keys(r.f).reduce(((d,c)=>(r.f[c](e,d),d)),[])),r.u=e=>"assets/js/"+({21:"300f4cd6",109:"795f3bdb",312:"15d0580c",747:"260a4a36",815:"c7567e98",925:"36e2d848",940:"18f6552f",983:"d3ca5c2e",1087:"94dc7cfd",1238:"b5cde707",1310:"fc1fe8cd",1358:"5a7d75ff",1416:"6cda4436",1438:"b28576cd",1488:"78e22a47",1514:"6e48d5f2",1741:"5a638c7a",1953:"3e8d5da4",2077:"1e439a5b",2232:"6f8faf89",2271:"9cc26b9a",2322:"dcd93014",2466:"a500dec7",2467:"6d895060",2572:"1f1afc48",2879:"41bc5d3f",3007:"e7e456ae",3419:"b420e108",3465:"1431f569",3694:"88dfd727",3729:"2e0a315c",4247:"1b19517e",4250:"16b64f07",4336:"70365baa",4358:"0b13c270",4714:"08650cf2",4847:"e257e53c",4998:"e8f48e86",5166:"7bbfc3b6",5215:"3b4c1a08",5291:"00feb899",5422:"30983fb2",5426:"f41d5350",5481:"77a3d39e",5488:"b1a5927e",5510:"bf00a8d0",5569:"dfbccedb",5774:"9ec8eba6",6182:"dfcf29be",6213:"55e4d810",6380:"1ac601ec",6455:"2b956348",6740:"9f833be8",6795:"e30f1b57",7069:"98fbcf17",7087:"3da98dca",7096:"173771a7",7319:"2f0cfb14",7328:"b0998319",7383:"ad8204b4",7392:"a6195e9a",7402:"fbb59325",7457:"ed94db85",7659:"ccd53d21",7695:"993aa953",7703:"9482ce64",7741:"a4d3bfdf",7786:"8917ad4d",7789:"c41a9bbf",7800:"5757960c",7811:"d0a74388",7865:"2c65c31e",7899:"d45a981c",8007:"63c93610",8214:"6598a7ba",8243:"bcfd1a7d",8298:"687e20bc",8338:"ad85b1ef",8523:"8a33da19",8654:"03cfa6f7",8914:"f7385094",8934:"8dcf93dc",9093:"ad9bab9a",9104:"bd403acb",9140:"3706fe77",9546:"655adf18",9621:"8dd461fc",9769:"7e337a56",9784:"84261676",9887:"0619e1d5",10149:"370de2d9",10330:"12a06ad6",10409:"d19115d7",10507:"3e12f454",10554:"a4c05209",10582:"e6dd6da5",10601:"a3470c53",10623:"62314bb1",10648:"b6d3d2df",10654:"8d265025",10704:"23352ec4",10962:"e2da1f85",11177:"f6a9426b",11180:"7aa5df64",11274:"4f3516e2",11310:"1b267c09",11426:"9790f6d3",11618:"a6016a7e",11697:"5b09d46c",11930:"4f5d49a9",11938:"a1963bff",12021:"33212b4b",12026:"f031a327",12066:"a0e6b5c2",12105:"1d52074d",12205:"ce50ea2a",12368:"3f6be463",12585:"edbec64d",12602:"5457b00e",12603:"d5af26f4",12658:"3a435e54",12681:"c81b193a",12865:"7371e1a3",12882:"1c0e9aa0",13056:"f8b3aa78",13072:"a94ee45d",13123:"bc4d58a4",13245:"36d71838",13261:"3e264488",13344:"cb7043f0",13460:"7bde4295",13575:"edea3d23",13581:"00d5b134",13634:"90925eb7",13825:"c945ac6e",14007:"861f751b",14050:"71f012fd",14085:"c103f181",14640:"30269bac",14873:"fc06a125",14986:"080a77b8",15062:"879b8a59",15185:"f4774aa2",15316:"826eb956",15350:"ecc58e23",15574:"90e47a5b",15651:"915a4fec",15709:"995dbe35",15729:"a4cf8478",15736:"dd6e498d",15771:"dde9c6cc",15921:"90609308",15979:"e1bea0d2",16186:"23b969f8",16380:"126508e2",16684:"d8256cbb",16992:"8a8987ef",17104:"6ed3fb3b",17541:"1076f64b",17634:"672b3b49",17994:"ed200b07",18083:"64b2938c",18091:"e699d4d1",18233:"dc366153",18348:"af61538a",18503:"ab131112",18543:"84e59631",18654:"d20320e1",18676:"26684b7d",18746:"92b86d63",18952:"40f1cf9e",18975:"457b963a",19096:"7720bb24",19186:"40907c41",19336:"f56cf62c",19478:"6728c7a9",19480:"c4428c45",19509:"8e9960dc",19599:"e10d246f",19612:"37963c82",19720:"dfb5f0c7",19840:"d67039b7",20111:"fdfb486c",20119:"e2bf4803",20686:"868b8e17",20739:"6eed3feb",20769:"1cc400ce",20898:"acc03d12",21020:"34156d76",21022:"949f9e5c",21054:"8a5c65cb",21131:"c64c8a00",21290:"ecf397c5",21307:"7863a04f",21411:"a9af3507",21499:"6b670249",21511:"92e7b68f",21574:"2fd2ba7e",21594:"dec2802b",21715:"fec5c7d4",21926:"c6ca8e82",21994:"2ae252f9",22035:"bdf7d44f",22036:"07b2872f",22092:"50610133",22094:"f167b037",22159:"f42d2ef1",22348:"dcb471a6",22394:"58f46323",22498:"9a3d5681",22502:"a4f23293",22570:"1222082a",22609:"5e15c15b",22681:"3c116a82",22697:"42895aa9",22713:"eb29bc22",22965:"09772b34",22970:"15f6fe0f",23169:"146d05d7",23199:"b4ed5649",23475:"c283ece6",23486:"c9448d9e",23521:"f0de574e",23676:"eb3dc601",23719:"bff9d2be",23910:"175c78b3",23915:"3fa39283",24004:"d0fc3039",24174:"2132f2c8",24180:"0702198c",24212:"b6120ea9",24269:"833dfbe2",24276:"365269c3",24340:"cbf62e80",24349:"9cdc8175",24354:"20d73eb2",24464:"b02de59a",24720:"f98e13e4",24920:"7040ea16",24930:"77ff8c5f",25088:"27b2bedd",25297:"59476d7b",25480:"2ffafe2d",25561:"b00a96e0",25618:"fbf5a5bc",25915:"d33dc195",25929:"1b28acf9",26123:"2865d6a1",26283:"636ce216",26389:"526841b1",26546:"05d073aa",26571:"18ba6a46",26583:"22f788e4",26599:"d7924564",26780:"fe92c3c8",26824:"4ea5776c",27071:"9b14b78f",27103:"e43c6f85",27166:"c50c64c1",27278:"e93086c6",27339:"fa5a4d6d",27495:"8a77ded3",27510:"7ac58bfb",27785:"c709e528",27918:"17896441",28006:"2a769183",28027:"cbee0725",28045:"e5c15292",28065:"51a6b448",28109:"b8763a3d",28250:"3fdf6886",28294:"a73e6386",28424:"0a3ca7a0",28427:"41e2cb2a",28528:"fbc46c8d",28600:"3962ec11",28614:"a972ad3e",28621:"282850f5",28706:"bd9ea72b",28755:"b77b8c66",29106:"7a52780b",29245:"1c258b38",29307:"8bddd949",29514:"1be78505",29597:"6591a8d4",29753:"91d2db81",29946:"216a98d5",29969:"628c5638",29996:"07a41131",30144:"f2b72252",30433:"3151d179",30763:"56554851",30836:"0fc51021",30853:"dfea22ae",30868:"8c335d31",31289:"b52fa139",31301:"fb52e9b8",31386:"e6dd87aa",31422:"97f5f3c2",31472:"35eb483f",31617:"59c3a605",31626:"35265ade",31671:"cbd72529",31803:"1517121d",31809:"bc8b2a0c",31921:"08efe41f",31967:"03d0b641",32077:"7a4d057f",32263:"92103f47",32440:"5bc595e9",32535:"da36def6",32663:"69fd7c0e",32699:"8fd272bb",32764:"bd4362ca",32809:"759f5d40",32810:"4741f96c",32942:"70de5b5f",33019:"a4e49971",33040:"ce6ee837",33150:"e8d4cdb9",33191:"f6784245",33313:"93996e09",33514:"99dc4662",33698:"341b1c91",34049:"1e415b6f",34085:"cc549ae9",34093:"836ce71c",34176:"ce59b13f",34203:"3ad596a9",34224:"c4ffb2d2",34316:"f8990407",34377:"e3c905de",34682:"6d0e887d",34740:"078ca05e",34771:"9d708593",34967:"e9b5709f",34970:"913247ec",34998:"7c404f02",35119:"714a0345",35174:"7ac0181b",35206:"161a8a09",35223:"b3cc103d",35406:"d602a484",35542:"43947e47",35638:"f42f3bd8",35674:"3f324a56",35821:"284a080c",35839:"cfc90e78",35913:"e00fa61b",35995:"b49d70f9",36358:"0b3545e4",36516:"83ce496e",36549:"1d5b23e2",36555:"80a8b741",36668:"c968257b",36694:"4a506fa9",36714:"16b4412b",36777:"aa9d4f22",36868:"cca70ef7",36883:"077ee5ba",37300:"1f1b61b4",37503:"8887a228",37590:"c94d8736",37704:"5f6ea5d7",37739:"70ea087d",37861:"9bc8facc",37998:"4e5322cc",38002:"640423d2",38098:"99b17796",38130:"cd61fe91",38153:"9919686c",38279:"29a08e9a",38342:"1fd61002",38382:"e02565da",38429:"fb6c00a7",38515:"265621d8",38590:"29b0c18d",38773:"217d978d",38774:"d2eed707",39063:"f083362e",39184:"cefce2a2",39609:"c1660528",39652:"b0851ee2",39781:"7379db51",39840:"5447c5cf",39880:"1677abc3",39945:"91524627",39977:"30ad8f72",40104:"465a7087",40300:"1dcbf034",40363:"d3b3891b",40408:"d24baff8",40412:"2bd82a96",40421:"53d6371d",40578:"234e638a",40613:"59f2fdda",40791:"7259f1b1",41021:"90e6bfa4",41026:"4c5e3d0c",41048:"0a00aed9",41119:"1738210e",41232:"ea710672",41298:"969fec62",41337:"19e0fcb3",41490:"d449dcf1",41550:"fb6543cb",41600:"cb9e7599",41606:"5f3ec91d",41713:"6f23519e",41748:"b2974c0c",41797:"e9e146f9",41808:"f918b75b",41843:"d3ee8f76",41862:"7d20fe42",41863:"7820f9d0",41910:"cb0f9cfc",42060:"4c8bab11",42184:"e57902fd",42213:"42d74bd0",42293:"352fe4c2",42384:"f2b29f39",42408:"369767ab",42774:"56af85b5",42798:"4fbbeb6d",42807:"56e0102d",42815:"04c84ab7",42900:"461bbd2f",42908:"952453f2",42936:"8616380d",42957:"9ab9d50f",42977:"6b5f3f1c",43075:"cee81a32",43240:"6f717a16",43386:"619f4ce6",43527:"d9ff0d7c",43567:"7c224e35",43570:"f9f60325",43662:"e0085fac",43690:"f5855e91",43855:"0565c07f",43991:"c7c76429",44164:"76752974",44351:"4b04188a",44437:"03174832",44442:"ec8dee43",44689:"93f2b152",44913:"00f8cb14",45007:"649093c4",45182:"0befdadd",45403:"4fd18230",45570:"5f002f12",45585:"659951bd",45621:"456cfd32",45971:"5dbe590f",46003:"ca13f458",46021:"cf1ecaf1",46103:"ccc49370",46150:"d409a93e",46203:"8f876d16",46225:"bf3f6241",46265:"05e002f0",46348:"8e3c5f08",46406:"a70d2e82",46436:"32b646fc",46442:"88746a45",46596:"20979765",46651:"8ec6e829",46705:"f3740653",46734:"4a76d056",46762:"ac1eaa32",46779:"708daa68",46878:"7430a490",46947:"feb1236d",46971:"c377a04b",47057:"140f3dee",47362:"c617b3ad",47484:"244e56d5",47497:"51b3f280",47532:"52763308",47611:"9c8e56d0",47618:"7d2009bc",47647:"ab97ccc9",48085:"5bdb327e",48100:"9983579e",48111:"008e479d",48440:"0f92a9a8",48441:"2ea98982",48472:"005af5ea",48527:"bebebfab",48610:"6875c492",48772:"72cc6d1e",48797:"bfb74d34",49201:"2dd6b9ac",49277:"8a72ccb4",49492:"1c21ba58",50030:"29e3a43b",50065:"d3bd14d4",50154:"93ecf9d2",50155:"cf2b80f9",50295:"692db14d",50475:"199adf45",50536:"3ecf99f6",50566:"36fd6b31",50598:"5b418dd2",50682:"7455c1f8",50734:"a4ae065a",50786:"3b3d7813",51157:"b2fe1a56",51232:"92054cc8",51426:"cb97ded3",51519:"e957a797",51596:"3b10f148",51661:"5b1d965c",51701:"23091f88",51770:"f45be535",51893:"bf65740b",52131:"6dd1a436",52182:"ff85a2bf",52277:"46b1bedd",52303:"1398643a",52535:"814f3328",52607:"5cf52972",52642:"7a3cbbc1",52656:"d09cacbb",52685:"7fdede95",52908:"e830f50c",52916:"5183b70e",52961:"991a0614",53015:"0902dbf0",53121:"001e1716",53237:"1df93b7f",53303:"6e286be6",53608:"9e4087bc",53711:"1a5edc34",53834:"f24dcdab",53978:"cd4bceb7",54142:"c177c35c",54197:"6767fc64",54257:"f656ff8f",54369:"bc7ebba5",54400:"fae58180",54468:"4fe46fb7",54495:"52caa0fa",54549:"ae5766d7",54763:"f8085e57",54768:"04de07fa",54779:"79f1cb63",54797:"51e252e1",54868:"c0fac2c5",54915:"0602922c",54993:"0614adf5",55183:"52d10dde",55374:"91958274",55395:"e6bd1150",55444:"7f5a4972",55458:"e05e4f28",55713:"aeaca7a3",55764:"a55c14b2",55791:"e333f46c",55817:"63814cb7",56104:"f30c03b2",56294:"d7fd4a45",56345:"d7be0b9b",56427:"7313540a",56454:"747c87af",56461:"66766c59",56630:"deb891b7",56779:"1aba2a20",56805:"2c647459",56942:"c0a645c7",56948:"4a70cc0d",57205:"c4fd52e5",57256:"c9fea71a",57365:"ca20a8fe",57456:"7792adb1",57523:"770d309f",57574:"1cc46930",57740:"b0c2e5ed",57793:"59f6952c",57842:"4fdcd587",57891:"42428214",58139:"cfa87347",58231:"b6130486",58253:"b8678d1a",58255:"161712d6",58273:"bb28fa20",58349:"6f94884f",58494:"92228e60",58581:"a5b4528c",58695:"89f437f7",58805:"6ff39321",58821:"46886cb0",58886:"a3ee450e",58967:"bbf3cda5",59134:"dac8816f",59300:"453c4055",59337:"2a592757",59353:"18f289aa",59425:"316e84de",59525:"ea5ecbc5",59559:"f5d6dd48",59682:"f67e3aa3",59694:"fb22e237",59706:"2cd08dad",59726:"b878c13e",59814:"01d5614e",59825:"8a703bd1",59827:"047e6a26",60266:"4bf67133",60380:"eb9d40ec",60467:"03118738",60608:"a9e69a82",60780:"d5bfda9e",60821:"daab0409",60930:"3b1282ea",60996:"4bdadcb4",61157:"dff31f53",61213:"190acd9c",61265:"053d7e42",61337:"db189e95",61554:"f4d442d5",61581:"53470b9e",61708:"08d52cd0",61763:"076802e0",61766:"16029c63",61846:"1170c774",61890:"481cb13b",61931:"4e8ec2d5",61981:"24e002ac",62024:"5f058c77",62109:"3488fd6c",62275:"5837c87c",62324:"06d6451e",62543:"9c92bc77",62693:"9d79cf0f",62811:"b4cdaeff",62974:"fafc9877",63022:"4db9da1d",63048:"49fd035e",63147:"b90f1cd1",63299:"f70b5741",63376:"8765036c",63410:"70c58991",63434:"f83dc955",63684:"bf342a85",63693:"ce7dab8e",63797:"65769068",63905:"6acab07e",63998:"fc3f47a8",64013:"01a85c17",64070:"3cc8df7b",64247:"752e02a7",64322:"22d1e350",64325:"0da6392e",64395:"65a1b790",64411:"74b3ebbb",64600:"9f2791cf",64658:"bf7df328",64748:"95446c39",64822:"ac3a39d8",64838:"ad8e7dcc",64854:"72457b75",64964:"bc300906",64967:"4ab0658f",64978:"08d58ed6",65051:"c10b9920",65161:"5a44e4dd",65193:"eb5c7b0a",65301:"8731dd32",65362:"bb0c4597",65480:"eb5263e4",65533:"4e6ed8f3",65540:"783edba4",65548:"d6487ff7",65637:"79c12c19",65731:"cfbe9d8e",65754:"47bafca7",65839:"75fb7ff2",65870:"02ec521e",65878:"ef25bb1f",66095:"d7245e62",66232:"9a544e45",66291:"18c538ec",66342:"a59e0362",66377:"a530b0d2",66513:"00b87587",66662:"b5430557",66789:"b46e9e7c",67036:"1055a711",67060:"3ed7e301",67232:"019131da",67301:"20a75fd7",67356:"1ddde341",67371:"3d57ba44",67431:"a90d1c60",67570:"d9f8802d",67579:"b3089a88",67581:"84090fe9",67624:"4b415865",67764:"4a41c9ed",67826:"adcbe9eb",67873:"df12da97",68418:"7d1e7a7c",68493:"fce9c71b",68540:"d553c684",68925:"d9a4e4a9",68959:"9abfca86",69040:"2c2bdd6a",69047:"78aa31c9",69078:"2b1e53d2",69164:"4d635c76",69228:"f14b45bb",69300:"2628b79f",69319:"170c3def",69320:"0965286a",69538:"36b5d89b",69593:"e527a4fd",69678:"e8df2429",69796:"65d527ac",69853:"d9dc158b",70163:"f17a645b",70198:"8d2190cc",70527:"8ccefe70",70545:"276a35f2",70714:"1dc9c973",70772:"b8ce7dc9",70879:"eb51026c",71473:"c93a2b7b",71518:"e4d0a9b4",71693:"a2baab9e",71848:"d58b9252",71877:"1a52eae7",71878:"3ad228ae",71916:"fda8821a",71964:"b58e0449",72113:"d719ccc2",72147:"c0ed6d96",72184:"4ef7ce65",72447:"05c17326",72612:"eca036a7",72629:"0d8d3350",72685:"4c601101",72828:"c3ab2f20",72829:"66bc78fc",72868:"a3937ff1",72938:"d705183c",72985:"fb6d9ef4",72992:"d9ebdac2",73167:"1b42d056",73407:"fc05bc09",73457:"cc63c88a",73746:"8ee976c2",73805:"cf896737",73838:"3b42de7a",73860:"78e0e367",74009:"18714417",74076:"cab9a096",74107:"830fd0bf",74296:"ab9a051c",74423:"cffa70f7",74517:"48f8f874",74556:"78dce1fd",74570:"625eab23",74595:"38dfefea",74703:"e0a79853",74708:"0bb7bcfa",74713:"330ac9fe",74891:"522cb5d3",74926:"1d40ab52",75092:"40c869fc",75143:"b17755e4",75191:"192ae610",75223:"c9f8f6c0",75257:"c50a9231",75360:"ed642a45",75601:"4e291c72",75612:"f49d7908",75623:"5d01a869",75884:"3e3d3813",75950:"32828b2c",76066:"38dc8bc1",76194:"342f8f1b",76311:"fc150fa2",76313:"b505846c",76420:"d8f8ea8f",76496:"fd333703",76638:"103f9e04",77078:"8cd80816",77184:"27772462",77248:"226b0cb1",77333:"0142e598",77340:"890438e0",77445:"f2a4f782",77467:"1608ab0c",77492:"bd753016",77503:"7566cda2",77552:"91d6c0c4",77667:"c087d33b",77752:"371c68ed",77763:"c20a5dd8",77802:"73c0098d",77814:"8f0d52a3",77885:"efe6b3fa",78010:"08cd2194",78202:"474899f0",78325:"d924c453",78361:"6a78568e",78442:"550fad1a",78606:"a1fbca1b",78658:"1855c9f4",78673:"c6aea3f1",78740:"ec887574",78861:"53094378",78923:"d1f0e4b8",79110:"56d060ef",79178:"5d8dde6e",79346:"5fd3099d",79355:"16304c1d",79526:"3da507b6",79679:"63831db4",79694:"fc1959c7",79777:"7f1215b4",79842:"5e2a7dec",79917:"f92f7190",79971:"ea2a8a2b",79978:"cde6b8a6",80009:"5f2498b2",80053:"935f2afb",80145:"14706c8b",80316:"42705cec",80357:"05827d53",80451:"14fe5d11",80484:"e2c6734d",80517:"8855d2b7",80881:"ca5cb613",80912:"e656dc47",80948:"6525da2f",81084:"aab4c406",81100:"0899fb24",81182:"6baa2cef",81229:"40616ef9",81357:"173f7963",81560:"5eb6fbed",81636:"558e1c6c",81643:"bab8d2c4",81758:"3a836242",81771:"20643d6a",81804:"bf0e441c",81821:"fd8b739b",81940:"d96ceb02",81960:"74376b51",82120:"3923cff6",82168:"0904ab64",82329:"9107ea31",82344:"3e21b64c",82347:"56d960a3",82478:"7c5fdb97",82651:"853e4057",82654:"2456a5e0",82683:"ec9ce0b9",82763:"6cc9d60c",82935:"ce73e545",82968:"cc020efe",82977:"b768cbd4",83037:"1aa3183d",83050:"236783c9",83060:"8a3cf0bc",83066:"57333199",83153:"915b42ac",83184:"912ede02",83217:"3b8c55ea",83276:"c8a30dcb",83323:"e7e3539d",83532:"a05ad5a3",83555:"b4edc141",83590:"610c6209",83669:"0ca5e369",83827:"a6b4f274",83856:"9ec43235",84143:"0984e7b7",84288:"89779929",84331:"b8ae24ba",84394:"d4054b0c",84541:"2d11d1c7",84606:"381d9cc2",84615:"511f43e7",84723:"efc92035",84841:"bb002237",85064:"eba3cb06",85330:"4121ff2e",85350:"346c6f31",85511:"096b53d1",85765:"d3ac05e9",85785:"d39f4c6a",85872:"a32b9391",85957:"3d23d174",85989:"8a69729c",86007:"61ac022e",86019:"5665fc6b",86341:"e4627f95",86392:"95b4e82b",86478:"9e8974f2",86621:"2f9a61f7",86754:"4ed45869",86847:"defea45c",86849:"57b59cd4",86892:"e5249a91",86905:"e59cf075",86925:"0c4492b5",86983:"843d5c9d",86997:"813b8b2b",87089:"532cc112",87097:"535a9867",87199:"e08ad4e2",87413:"826a4450",87659:"003bd65f",87908:"673cfd93",88462:"5c098672",88746:"6bfb1f3b",88799:"119399a8",89110:"3ab60fbf",89120:"a89101e8",89213:"5b1b9265",89243:"9ceb8545",89535:"8a2021db",89635:"306e9acb",90069:"b809a965",90342:"67a3f72d",90414:"fa02121a",90434:"611ed0af",90451:"251e224c",90647:"9a147845",90673:"a618be25",90744:"1095b338",90874:"d01ce3bc",91024:"bf01e4e0",91043:"5eb60198",91075:"7f7d57e5",91550:"4b535752",91577:"aab66baf",91617:"08b38161",91698:"d41cac77",91709:"7675a0fe",91835:"baf595e3",91993:"3c5e5778",92130:"88d474ce",92180:"9f5a94da",92341:"5c2c8950",92511:"15706790",92711:"e19ba590",92901:"462cb3ee",93009:"ec0bc416",93089:"a6aa9e1f",93116:"77d972d9",93117:"5f593e60",93185:"799df3c7",93323:"0756af21",93432:"23d9fe45",93502:"62c56f8b",93549:"bb1699c9",93614:"ea480a96",93656:"22bf71e8",93716:"3fa77eb9",93851:"4aebba5d",93891:"6a545a3d",94012:"15960ad5",94013:"38d8ce0a",94156:"36a4e4f0",94176:"a793e2e1",94235:"8d66cedd",94243:"f3d6bf7d",94325:"259d4bd8",94579:"c07ebe24",94881:"f24deb99",94899:"222f68c8",94977:"98a7b080",95018:"45ca2515",95051:"1c05226e",95142:"07fcb413",95510:"266461e3",95647:"9b6133b9",95654:"dc648997",95683:"32f482e1",95719:"93946e0a",96030:"00f5d06d",96075:"83e792f1",96298:"1c3c8be8",96688:"a22ed5e4",96813:"7c409bae",96902:"1608665e",96979:"737abd23",97006:"7fb7e253",97120:"0752e30e",97140:"0462cff2",97213:"d8ef6140",97267:"4b385260",97357:"28d6087e",97562:"afacbea5",97602:"c6bc47df",97635:"cd0c0b67",97722:"7350c59a",97912:"7f9606e9",97964:"7ab81c4a",98087:"3d4ef3a7",98258:"d7e0d0e7",98437:"60e1e52f",98498:"32e847b8",98659:"97bdec26",98752:"af1a53b7",98807:"9b9ccd3e",98991:"4593cc08",99135:"b5c078ab",99397:"659dff9c",99554:"2b4e7f11",99734:"7bff08c9",99812:"285fd50d",99903:"a4707478"}[e]||e)+"."+{21:"e8db92b2",109:"7d540acc",312:"c9e5ab73",747:"e6a4227a",815:"1d64a8bf",925:"c966c0f9",940:"1126dea7",983:"85515927",1087:"e4c3b1d7",1238:"d4fdedab",1310:"42bea346",1358:"da7161b2",1416:"eec2f609",1438:"cec5b12b",1488:"b1a242a0",1514:"d2744380",1741:"1b31805d",1953:"26d8e736",1954:"0b34bc9c",2077:"f1161b84",2232:"18dabc55",2271:"b742dea0",2322:"c3c72cf3",2466:"db5c00e1",2467:"41f0f036",2572:"7c24eea8",2879:"84a24a15",3007:"f0d108e2",3419:"866f6080",3465:"24e6f06f",3694:"688dccba",3729:"0a234850",4247:"6644139e",4250:"f91c37da",4336:"248742d4",4358:"826cd50e",4714:"2334fecc",4847:"d5f1ecb1",4998:"3c20db2d",5166:"dd8f8287",5215:"e86418c9",5291:"c14ec276",5422:"35167db4",5426:"acfb36c0",5481:"1ea3b510",5488:"8050e32b",5510:"2fe53128",5569:"325ee7c2",5774:"a556ff23",6182:"eff8db40",6213:"ba4d8dc2",6380:"d594447f",6455:"ffe866bf",6740:"5a649f9b",6795:"a0fcbbe9",7069:"121d08b0",7087:"92985a33",7096:"4f237850",7319:"b5d24f3a",7328:"b4761775",7383:"e0e08f28",7392:"148dea26",7402:"0146f1da",7457:"dba73d1c",7659:"73808397",7695:"80864974",7703:"a4eaee91",7741:"994cc253",7786:"6aa29002",7789:"b67a8647",7800:"8f3731c3",7811:"d702064e",7865:"0848bc01",7899:"d3837eae",8007:"3f2fd7d3",8214:"9103b553",8243:"ed357ccd",8298:"99fd79dd",8338:"8495a819",8523:"1697801f",8654:"bad19c1e",8914:"5fd26b0d",8934:"1425bd71",9093:"cba4f98f",9104:"c7a92398",9140:"0da3acf5",9546:"cdf4a43c",9621:"bb7992e7",9769:"57fc81c4",9784:"3d6d8437",9887:"70eedba3",10149:"8b4e7ea5",10330:"efe61bad",10409:"b8318f58",10507:"cb36671b",10554:"567430f4",10582:"fa2c1846",10601:"ed0c9424",10623:"d0d1a670",10648:"f6ad12d0",10654:"72eafb3e",10704:"b6a62e2a",10962:"3fd9932c",11177:"fa569261",11180:"644a771f",11274:"866c10a6",11310:"3b929021",11426:"d02db023",11618:"05cb970e",11697:"09dcdde4",11930:"2157445e",11938:"7507327f",12021:"121733da",12026:"93a65c78",12066:"6303023c",12105:"9906145f",12205:"6f5304d4",12368:"5f063a00",12585:"c85b77d1",12602:"c549397c",12603:"cff39de2",12658:"c63e77a3",12681:"e5e6032c",12865:"1da13d88",12882:"ab2c2dcd",13056:"7be5a84a",13072:"a0b75323",13123:"bd9ec282",13245:"c34ebabf",13261:"431d44cd",13344:"5dc10998",13460:"08306def",13575:"19f6722c",13581:"a7b4bda8",13634:"3c63008a",13825:"86122428",14007:"67f7f532",14050:"1a1f86f2",14085:"bf568252",14640:"a8849ea5",14873:"61a550fe",14986:"a2386c12",15062:"e0762999",15185:"0941179a",15316:"e76bf261",15350:"24caf80b",15574:"1d99f440",15651:"7b608f22",15709:"bc21c8f0",15729:"829a1e71",15736:"6dcbdc4a",15771:"9b3b57b5",15921:"42e255b1",15979:"7fd3fde0",16186:"67643b30",16380:"44b90bdc",16684:"d14b62a1",16992:"8f734c6b",17104:"f14eaf01",17541:"5e439495",17634:"9b341a41",17994:"82e68fbc",18083:"933aa6ac",18091:"c54c83a6",18233:"6dfd0167",18348:"39363612",18503:"b00e694b",18543:"d8b0b0dd",18654:"6b1e8606",18676:"abbb25d1",18746:"d2e309fb",18952:"3913f82b",18975:"bd590918",19096:"c95a097f",19186:"1af94c71",19336:"5eef1e32",19478:"c8408cbc",19480:"11d699d7",19509:"01099fba",19599:"7b871313",19612:"25aab38a",19720:"142c4c67",19840:"2411fdd1",20111:"1f1e2d37",20119:"072a58fe",20486:"bea2439e",20686:"e22801f7",20739:"fe7dec50",20769:"bbba1ca9",20898:"23dc5185",21020:"147a23f1",21022:"77f45368",21054:"0eef08f8",21131:"93dad10f",21290:"d10a819f",21307:"e41a7b2f",21411:"ed16a47f",21499:"f0f075ef",21511:"2636c847",21574:"7d2a11a1",21594:"872306e9",21715:"e7e98879",21926:"5b96440d",21994:"4a0c3620",22035:"1a8dad82",22036:"b3bc1f9e",22092:"a85181a6",22094:"ce2e081c",22159:"5afdde65",22348:"37b20d70",22394:"0b0538e3",22498:"df18af70",22502:"a6ec6349",22570:"61817c64",22609:"85752a17",22681:"7b50c7b2",22697:"0ed50301",22713:"185f59e2",22965:"d99ab323",22970:"356ed2c6",23169:"3f173035",23199:"8c313f3d",23475:"defd9cec",23486:"3a91383b",23521:"ca055cc0",23676:"4011641e",23719:"27319b53",23910:"ca0cbb79",23915:"f4618526",24004:"6204bf4f",24174:"499345b3",24180:"f30977ed",24212:"18ab5286",24269:"fdde4f4f",24276:"dd67cfc3",24340:"fb06e7aa",24349:"8f7aaa90",24354:"166190e8",24464:"458cd2da",24720:"fd73174a",24920:"bfe05e45",24930:"f3c747d9",25088:"50ea1b98",25297:"9cbf9d15",25480:"842afd03",25561:"fc1414fe",25618:"4a5a91ee",25915:"9b94861c",25929:"072ecff1",26123:"b63d11ed",26283:"dfcb0074",26389:"7a68fa9e",26546:"0e67243e",26571:"fafbf339",26583:"c5a17b17",26599:"c53c88e8",26780:"b845a821",26824:"bbd490c9",27071:"a8d53910",27103:"755b804b",27166:"ea3377ac",27278:"c8d57b6c",27339:"cbdd9481",27495:"9361cff8",27510:"8086e898",27785:"b9612608",27918:"126ce769",28006:"7cce8369",28027:"73e674cb",28045:"d7e38384",28065:"fbcd992a",28109:"40941685",28250:"600feaf9",28294:"dfdedc68",28424:"cc520127",28427:"045f5eea",28490:"40bd1e8f",28528:"2b83f438",28600:"d2495a4b",28614:"5649a6b1",28621:"cbe04304",28706:"b6d61405",28755:"5eeeecbb",29106:"6d17385a",29245:"c3542688",29307:"9bbf021e",29514:"61328999",29597:"3359f8ad",29753:"5c4d5106",29946:"13f23b59",29969:"b52b0db4",29996:"903e5627",30144:"55c492f9",30433:"d4f93af2",30763:"44937f11",30836:"ff7ff475",30853:"6a5ce8d9",30868:"8ae0030a",31289:"a6ebc928",31301:"a1110d9b",31386:"23f8714b",31422:"12fe9d7e",31472:"2f2ac03c",31617:"a4a0c98f",31626:"99bf3948",31671:"ef900a18",31803:"0a436099",31809:"34d4d988",31921:"a805c1a5",31967:"0d7e1870",32077:"91bba93b",32263:"35bbb30b",32440:"f33ba6bb",32535:"0ddc097a",32663:"897a4c55",32699:"09b33ce7",32764:"c4b29104",32809:"f3504241",32810:"69f5ce2c",32942:"40ea2d58",33019:"9c911be2",33040:"1e51b3e0",33150:"b112fd70",33191:"159b5961",33313:"d7e7fa10",33514:"9d96b724",33698:"1fd502e7",34049:"8344e060",34085:"708be506",34093:"a9d58a94",34176:"a75ee44f",34203:"ba77eb0d",34224:"41713a46",34316:"c69f6f4f",34377:"6400037b",34682:"88f6fb04",34740:"e852bb24",34771:"092e30a9",34967:"c3d30397",34970:"440cf678",34998:"b9a93791",35119:"e77af8d1",35174:"c07ad2a5",35206:"0be3b13c",35223:"d6f49da7",35406:"d4c67d9a",35542:"1e6a47f5",35638:"3be62e68",35674:"79ba46b0",35821:"028ebcaf",35839:"a8385908",35913:"bfc208da",35995:"94a897ee",36358:"3f6ac45d",36516:"1a7d1437",36549:"8c494ee7",36555:"9c2835dc",36668:"70204305",36694:"86ba26ad",36714:"3161abae",36777:"ee5aa43f",36868:"655166d8",36883:"17a72363",37300:"a8bdf45c",37503:"4ab0398e",37590:"82e14522",37704:"931bc5df",37739:"4606673d",37861:"aa9de769",37998:"02432bc2",38002:"dbe922e2",38098:"7c8e3a84",38130:"8e1c3820",38153:"ee23a8fa",38279:"36d618e1",38342:"bd2d47c3",38382:"e0bd7007",38429:"a0e472fa",38515:"5ff3a268",38590:"291ed7e2",38773:"8308f2a8",38774:"0ab7fd59",39063:"96adf0c9",39184:"ee90b394",39609:"d6af7eac",39652:"f41c482a",39781:"07872635",39840:"03cb115f",39880:"050ba86a",39945:"4912895e",39977:"ed45c656",40104:"ce9b4e6c",40300:"d17c7218",40363:"3a20fc02",40408:"b4330ade",40412:"a0001f40",40421:"9ce0d52c",40578:"ef843736",40613:"87c21496",40791:"924036e2",41021:"dcd3aece",41026:"919bbca3",41048:"4caaeed1",41119:"1e79e836",41232:"b8a1d405",41298:"7a48772b",41337:"cef85f93",41490:"dce01ba6",41550:"24822864",41600:"ec1b29e7",41606:"1b64a0d8",41713:"4465f3f4",41748:"ee132496",41797:"d50c8b36",41808:"6e2339a3",41843:"f6cd0622",41862:"e5410b04",41863:"ff544712",41910:"a95c314c",42060:"6fdad5b1",42184:"3f99d349",42213:"9fc77d0b",42293:"2ee93475",42384:"22182b2e",42408:"d3191987",42774:"507b20e6",42798:"00330344",42807:"e0fda9ba",42815:"ec4d7925",42900:"ac0a8f97",42908:"9840aed2",42936:"61fd2d56",42957:"de6418fa",42977:"a244750a",43075:"0637ca51",43240:"8d8cca45",43386:"066bffc2",43527:"b562101b",43567:"df931557",43570:"e00db7d4",43662:"62e53f6d",43690:"3eae6bae",43855:"f537f6fe",43991:"961c8d6a",44164:"1891be0c",44351:"1a21c04f",44437:"e41c7ef0",44442:"c5e9897d",44689:"a1d2ad0c",44913:"7a558425",45007:"54cbb85a",45182:"aa913a60",45403:"c9ec5194",45570:"6562b9b2",45585:"2db4181d",45621:"245cfdf9",45971:"3d125251",46003:"91db0141",46021:"a4f91589",46048:"8f4458a6",46103:"69de5a44",46150:"1c076a88",46203:"12697d9b",46225:"0706d01e",46265:"9d48ae86",46348:"443c1885",46406:"92679fdd",46436:"06382694",46442:"88b6e892",46596:"1d611864",46651:"1128c181",46705:"bef2ea33",46734:"c3c3a0a4",46762:"d0619d3b",46779:"c3ecb161",46878:"6fb931e5",46947:"9b9265af",46971:"29fdb728",47057:"847ada5e",47362:"0d108878",47484:"7d3493ff",47497:"68d7fd23",47532:"0173afed",47611:"90bca5f6",47618:"701a0551",47647:"a4b59634",48085:"92faac02",48100:"a088e7ff",48111:"c2ca6030",48440:"985dad1b",48441:"69fbf22c",48472:"6708c2e5",48527:"eb02368f",48610:"feeb8dc7",48772:"a88f32f2",48797:"1268b6c4",49201:"a7594aca",49277:"05e11747",49492:"b61e30f4",50030:"d5ed870b",50065:"7b658417",50154:"e52e1348",50155:"844afe79",50295:"898f5e3c",50475:"69ec2ad7",50536:"26ac8144",50566:"c3e125bf",50598:"1a33af0c",50682:"fc2bbbc5",50734:"f5372aa8",50786:"94dd79ba",50840:"934bb5d2",51157:"3582b996",51195:"5722c257",51232:"cf85cfae",51426:"b414372a",51519:"2ddaedff",51596:"297c26d8",51661:"ab5db16c",51701:"60d421cd",51770:"e07f727f",51893:"167165d1",52131:"c96ee793",52182:"dcfc77cf",52277:"238a1278",52303:"8b4e815d",52535:"2b82a630",52607:"3838edfb",52642:"62b14f08",52656:"8d0066cd",52685:"e8e8c17e",52908:"f264133e",52916:"d54528ef",52961:"75d1b4df",53015:"15e0d65d",53121:"bd2dfb2a",53237:"8a314d7f",53303:"fa36655f",53608:"b8afcdda",53711:"7045f7d7",53834:"274f492d",53978:"c3209811",54142:"0f358e7a",54197:"ad1cf17c",54257:"4e99c2b6",54369:"0d6ff9ca",54400:"89afc29d",54468:"f501395a",54495:"2329659d",54549:"90cd6d0a",54763:"d6d149cb",54768:"adfdb9ee",54779:"fe12d053",54797:"5c71db40",54868:"43c54987",54915:"263b5383",54993:"91510f5f",55183:"4afb8487",55374:"6f87a2a9",55395:"e39cceeb",55444:"e6a808e8",55458:"8f4e1fd4",55713:"dadb66df",55764:"e7d31d42",55791:"71e04fef",55817:"f698fdd9",56104:"f224e78e",56294:"643fb6cb",56345:"a8cb5489",56427:"88a471df",56454:"e0ef7626",56461:"6ffcd5f1",56630:"aad6846f",56779:"313d3b3e",56805:"011f9a61",56942:"15b4c01e",56948:"eb13f101",57205:"453d3b8d",57256:"2c302fe3",57365:"cd77fd7f",57456:"ce8e5c73",57523:"7986f0ac",57574:"30c94bb8",57740:"d571f1cb",57793:"13cd8f4f",57842:"436e8901",57891:"2aea4f0e",58139:"fe5f7c83",58231:"f7061b32",58253:"e10d281c",58255:"f456123e",58273:"6246135e",58349:"383e7dba",58494:"a3c91f55",58581:"cb59114b",58695:"36847346",58805:"5f4863f0",58821:"690f0dde",58886:"d03a700d",58967:"e3bfff41",59134:"39b6ac65",59300:"a53b83fd",59337:"c77ee5a0",59353:"6d8af524",59425:"ae539608",59525:"34c330df",59559:"4371aa71",59682:"b0479a1c",59694:"5959c540",59706:"eb7ac842",59726:"c290ca42",59814:"77686cb4",59825:"272ecf6c",59827:"2de6d0d0",60266:"49a9bd5a",60380:"6ac57077",60467:"1f0b9e09",60608:"01c2ce46",60780:"9495c495",60821:"64d2eae3",60930:"e23e8ea8",60996:"f04f5618",61157:"fd3de3a0",61213:"f1350e77",61265:"8e7c25cf",61337:"df600d5d",61554:"89ea185c",61581:"53e61a76",61708:"52875fd3",61763:"b534b2ee",61766:"0d6ec0f7",61846:"0d13a4cc",61890:"df2dcfa9",61931:"7d68e82e",61981:"a89cf658",62024:"b7ec0bb3",62109:"bf1989ca",62275:"174bdae9",62324:"4b534ee2",62543:"4a1b15c5",62693:"3e929917",62811:"a887c608",62974:"b9a543b3",63022:"6867ceb0",63048:"1cf9703b",63147:"cad0bd08",63299:"4b7f01aa",63376:"2e96170c",63410:"f503b52c",63434:"9018e3f6",63684:"2b83b0f7",63693:"cce4278f",63797:"075f705b",63905:"f6c4fbb2",63998:"faf088c7",64013:"47408ea8",64070:"8b7c91df",64247:"a8e023f5",64322:"1e8780e5",64325:"57859a67",64395:"8fa92a84",64411:"01e53c38",64600:"36221f82",64658:"a56cb96d",64748:"69f28e7f",64822:"1d25b787",64838:"4734156a",64854:"8264ccc2",64964:"d0414439",64967:"75921c03",64978:"383d3118",65051:"a595ef45",65161:"10bc7db1",65193:"f4875fa3",65301:"7553b6f3",65362:"3c470e71",65480:"7674fc21",65533:"8206358e",65540:"847de929",65548:"a559c231",65637:"66664bdc",65731:"2fc8a251",65754:"40996275",65839:"ea26ad80",65870:"9cb5da05",65878:"425a052c",66095:"53f0d6a9",66232:"4c02220a",66291:"4659c015",66342:"85255697",66377:"c06cc2b5",66513:"644c3372",66662:"6d07a943",66789:"1b9327d9",67036:"d83a6876",67060:"0b2f9400",67232:"fe4630cf",67301:"eacef02f",67356:"e7411f4c",67371:"54d17ba2",67431:"2d9c8a57",67570:"a912d835",67579:"daa8afe0",67581:"638f9bbf",67624:"2dd693f3",67764:"6705fdf9",67826:"f852d88c",67873:"dc960011",68418:"27a16d44",68493:"0c40016b",68540:"f332477c",68584:"ef0cac6b",68925:"c97c9855",68959:"94092423",69040:"cccba49c",69047:"8f87de4b",69078:"3e46606f",69164:"41fa3c89",69228:"fa2e6a84",69300:"7e705c90",69319:"dda81018",69320:"eeb5834b",69538:"05971b00",69593:"895b8a38",69678:"ae4afaf2",69796:"1b466ab9",69853:"bb0e8997",70163:"c9e4c4e2",70198:"46116597",70527:"20ad887d",70545:"e8051c9c",70714:"f03b155b",70772:"1239902f",70879:"5f73f442",71473:"68cc4272",71518:"48a998b7",71693:"ff1332e9",71848:"cb0d1f9d",71877:"fed30307",71878:"e37bdf0f",71916:"768a731d",71964:"54af46a7",72113:"d59b28b3",72147:"633d1373",72184:"15fb41dc",72447:"01b80165",72612:"a87ceb95",72629:"eadd44b9",72685:"5105ff07",72828:"aa1f07da",72829:"26a76f49",72868:"13f6e676",72938:"40d590c1",72985:"95fcf945",72992:"771fe17c",73167:"61796922",73407:"64f33247",73457:"33140d4c",73746:"0b9e2383",73805:"9cbb80df",73838:"61e6ec64",73860:"fd9df75f",74009:"1c9d42c4",74076:"718ac0fd",74107:"9f615b04",74296:"bf644a62",74423:"201cc6d6",74517:"3cea8a30",74556:"d1490399",74570:"0166a245",74595:"721f71e3",74703:"ee145dc3",74708:"6ad9f335",74713:"3ccf94fa",74891:"9596fdb6",74926:"e770c6c2",75092:"2aa2090a",75143:"05036a0e",75191:"98f22159",75223:"ff45c0cc",75257:"1d833078",75360:"a4adee3d",75601:"f115a355",75612:"e7a49797",75623:"52bef0f9",75884:"c5698ce9",75950:"53532520",76066:"a1dd8328",76194:"f6db6508",76311:"326ffe1a",76313:"6198d5c0",76420:"f556a572",76496:"264bce35",76638:"60bf0e5c",77078:"b2cf6936",77184:"9dcd8703",77248:"a18dbc2f",77333:"c92eb6a9",77340:"01a8d81e",77445:"f7d76f75",77467:"eb56212f",77492:"71bc818a",77503:"73f98799",77552:"e36b4b41",77667:"e5edad73",77752:"17e2ac1c",77763:"a01da5fe",77802:"cc00c9d3",77814:"cb9a6fca",77885:"00b46333",78010:"df577e49",78202:"871432e6",78325:"7e618213",78361:"00c04ba0",78442:"f1abe9df",78606:"040ca666",78658:"0b60f228",78673:"04b9d185",78740:"3b78e779",78861:"dcc00330",78923:"fc3660cc",79110:"87be014f",79178:"1dc96990",79346:"96ad859b",79355:"a1a459dc",79526:"ed45097e",79679:"9a75464e",79694:"7f503b64",79777:"2bfb73a9",79842:"f70e1c2b",79917:"255ee5de",79971:"1e550fba",79978:"51490c6f",80009:"348aab8f",80053:"210d0509",80145:"a334c14c",80316:"82ece6ba",80357:"e70b4219",80451:"33a05c65",80484:"a20124ce",80517:"062c5b4f",80881:"a8a9dda3",80912:"74508a41",80948:"c59e0944",81084:"da2db2e5",81100:"ceb6e5d1",81182:"f80d523a",81229:"bbaeb6ed",81357:"54a015ae",81560:"9da6af9b",81636:"b6d05944",81643:"23a6d571",81758:"ce84902f",81771:"1a87d58f",81804:"9119071a",81821:"2e47881e",81940:"b4eecf5c",81960:"fa113e2d",82120:"6ecca09e",82168:"3670f9b6",82329:"e40ca1cb",82344:"3ec8ed78",82347:"828a3a81",82478:"b08b65bf",82651:"6b8d3907",82654:"7e0e6ff8",82683:"abffd430",82763:"e92cb585",82935:"93f31ffb",82968:"1501c975",82977:"aed4cacd",83037:"4aa09de9",83050:"1b5bf1eb",83060:"e5047aa2",83066:"4dec174b",83153:"9e50b95f",83184:"9a863f7b",83217:"9a5de80f",83276:"3ac466b0",83323:"27a5f228",83532:"bdc47a20",83555:"f1c0c913",83590:"8e23d175",83669:"7bf91233",83827:"613cf5b5",83856:"dfd9052e",84143:"09d7f959",84288:"1d1680e4",84331:"71f78c10",84394:"c71cce47",84541:"b132fd3e",84606:"e6003652",84615:"563807c2",84723:"e9916021",84841:"5ff33789",85064:"9f31e02f",85330:"34264fb1",85350:"fe0f3b36",85511:"3bbf9d84",85765:"496d3230",85785:"88bd8437",85872:"d2a55b71",85957:"49a91d2e",85989:"33e0dd36",86007:"012d4f9f",86019:"e3ace10a",86341:"4e2b3c9d",86392:"6a1765dd",86478:"f0f57a20",86621:"5a12df2e",86754:"8a694d15",86847:"25f285bd",86849:"d5640354",86892:"e7cacf53",86905:"ecf2aa71",86925:"6f0cc4ca",86983:"0753903d",86997:"6d1edacb",87089:"8666f6f8",87097:"5be719eb",87199:"bc7247d1",87413:"4131835d",87659:"82b4e10b",87908:"f4dcf58d",88462:"a2d32b15",88746:"17b3e11f",88799:"d34bc748",89110:"6b6cf3e7",89120:"185c69c4",89213:"11922ac2",89243:"45098b59",89535:"f75b7800",89635:"5dc48be1",90069:"5f0f9e2c",90342:"8b87339f",90414:"56a13b94",90434:"49871b0d",90451:"79460c6f",90647:"e0257ef3",90673:"cf3d9b9d",90744:"685204a2",90874:"ce5f99f4",91024:"12f5809c",91043:"5d1e6230",91075:"2299303e",91550:"fe4db9f8",91577:"9dcc181b",91617:"24b5e497",91698:"67a26da1",91709:"856a3485",91835:"9d0603fe",91993:"c333fef1",92130:"0c4fd33e",92180:"25aea8ca",92341:"3313736f",92511:"967974ae",92711:"d536cac1",92901:"1925c49b",93009:"c236e494",93089:"0ffc3ed6",93116:"542a5298",93117:"1d7f73ee",93185:"75da6f90",93323:"2459ecf3",93432:"d2bd78e6",93502:"642ed554",93549:"7a469e11",93614:"1ce1cfe1",93656:"34db1d79",93716:"07c6cd5c",93851:"9db598cc",93891:"f7799cf6",94012:"13d96263",94013:"66f0ab8d",94156:"e124ffd7",94176:"7f2c3bad",94235:"34d14fed",94243:"ca3b1310",94325:"bbba5a4d",94579:"13807da9",94881:"929ccd1d",94899:"77e51b95",94977:"74b8b4d6",95018:"5508fe6c",95051:"9f6e54d8",95142:"4ede1de5",95510:"9c14357e",95647:"531bfe2d",95654:"d3d9992f",95683:"0b571df1",95719:"43361bdf",96030:"1340c103",96075:"34cb5df7",96298:"b120f89e",96688:"145b6e12",96813:"34c4513d",96902:"7373dfa7",96979:"9a2f37a8",97006:"be953606",97120:"9a356a8b",97140:"f4681f86",97213:"51255189",97267:"397d1b9e",97357:"1c6cf103",97562:"ff1ab01d",97602:"8a16a535",97635:"07db27f7",97722:"1f13712f",97912:"2a26ddd0",97964:"f380e84b",98087:"269796d7",98258:"76b7f383",98437:"f9b6f3a9",98498:"29e3cb4e",98659:"fb4b7a92",98752:"a877c9dd",98807:"e755289d",98991:"ebaf99c8",99135:"da3a8f4d",99397:"6ed347a2",99554:"0bd32e57",99734:"544ccc39",99812:"3d6c8f72",99903:"f72c6883"}[e]+".js",r.miniCssF=e=>{},r.g=function(){if("object"==typeof globalThis)return globalThis;try{return this||new Function("return this")()}catch(e){if("object"==typeof window)return window}}(),r.o=(e,d)=>Object.prototype.hasOwnProperty.call(e,d),a={},b="podman:",r.l=(e,d,c,f)=>{if(a[e])a[e].push(d);else{var t,o;if(void 0!==c)for(var n=document.getElementsByTagName("script"),i=0;i{t.onerror=t.onload=null,clearTimeout(s);var b=a[e];if(delete a[e],t.parentNode&&t.parentNode.removeChild(t),b&&b.forEach((e=>e(c))),d)return d(c)},s=setTimeout(l.bind(null,void 0,{type:"timeout",target:t}),12e4);t.onerror=l.bind(null,t.onerror),t.onload=l.bind(null,t.onload),o&&document.head.appendChild(t)}},r.r=e=>{"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},r.p="/",r.gca=function(e){return e={15706790:"92511",17896441:"27918",18714417:"74009",20979765:"46596",27772462:"77184",42428214:"57891",50610133:"22092",52763308:"47532",53094378:"78861",56554851:"30763",57333199:"83066",65769068:"63797",76752974:"44164",84261676:"9784",89779929:"84288",90609308:"15921",91524627:"39945",91958274:"55374","300f4cd6":"21","795f3bdb":"109","15d0580c":"312","260a4a36":"747",c7567e98:"815","36e2d848":"925","18f6552f":"940",d3ca5c2e:"983","94dc7cfd":"1087",b5cde707:"1238",fc1fe8cd:"1310","5a7d75ff":"1358","6cda4436":"1416",b28576cd:"1438","78e22a47":"1488","6e48d5f2":"1514","5a638c7a":"1741","3e8d5da4":"1953","1e439a5b":"2077","6f8faf89":"2232","9cc26b9a":"2271",dcd93014:"2322",a500dec7:"2466","6d895060":"2467","1f1afc48":"2572","41bc5d3f":"2879",e7e456ae:"3007",b420e108:"3419","1431f569":"3465","88dfd727":"3694","2e0a315c":"3729","1b19517e":"4247","16b64f07":"4250","70365baa":"4336","0b13c270":"4358","08650cf2":"4714",e257e53c:"4847",e8f48e86:"4998","7bbfc3b6":"5166","3b4c1a08":"5215","00feb899":"5291","30983fb2":"5422",f41d5350:"5426","77a3d39e":"5481",b1a5927e:"5488",bf00a8d0:"5510",dfbccedb:"5569","9ec8eba6":"5774",dfcf29be:"6182","55e4d810":"6213","1ac601ec":"6380","2b956348":"6455","9f833be8":"6740",e30f1b57:"6795","98fbcf17":"7069","3da98dca":"7087","173771a7":"7096","2f0cfb14":"7319",b0998319:"7328",ad8204b4:"7383",a6195e9a:"7392",fbb59325:"7402",ed94db85:"7457",ccd53d21:"7659","993aa953":"7695","9482ce64":"7703",a4d3bfdf:"7741","8917ad4d":"7786",c41a9bbf:"7789","5757960c":"7800",d0a74388:"7811","2c65c31e":"7865",d45a981c:"7899","63c93610":"8007","6598a7ba":"8214",bcfd1a7d:"8243","687e20bc":"8298",ad85b1ef:"8338","8a33da19":"8523","03cfa6f7":"8654",f7385094:"8914","8dcf93dc":"8934",ad9bab9a:"9093",bd403acb:"9104","3706fe77":"9140","655adf18":"9546","8dd461fc":"9621","7e337a56":"9769","0619e1d5":"9887","370de2d9":"10149","12a06ad6":"10330",d19115d7:"10409","3e12f454":"10507",a4c05209:"10554",e6dd6da5:"10582",a3470c53:"10601","62314bb1":"10623",b6d3d2df:"10648","8d265025":"10654","23352ec4":"10704",e2da1f85:"10962",f6a9426b:"11177","7aa5df64":"11180","4f3516e2":"11274","1b267c09":"11310","9790f6d3":"11426",a6016a7e:"11618","5b09d46c":"11697","4f5d49a9":"11930",a1963bff:"11938","33212b4b":"12021",f031a327:"12026",a0e6b5c2:"12066","1d52074d":"12105",ce50ea2a:"12205","3f6be463":"12368",edbec64d:"12585","5457b00e":"12602",d5af26f4:"12603","3a435e54":"12658",c81b193a:"12681","7371e1a3":"12865","1c0e9aa0":"12882",f8b3aa78:"13056",a94ee45d:"13072",bc4d58a4:"13123","36d71838":"13245","3e264488":"13261",cb7043f0:"13344","7bde4295":"13460",edea3d23:"13575","00d5b134":"13581","90925eb7":"13634",c945ac6e:"13825","861f751b":"14007","71f012fd":"14050",c103f181:"14085","30269bac":"14640",fc06a125:"14873","080a77b8":"14986","879b8a59":"15062",f4774aa2:"15185","826eb956":"15316",ecc58e23:"15350","90e47a5b":"15574","915a4fec":"15651","995dbe35":"15709",a4cf8478:"15729",dd6e498d:"15736",dde9c6cc:"15771",e1bea0d2:"15979","23b969f8":"16186","126508e2":"16380",d8256cbb:"16684","8a8987ef":"16992","6ed3fb3b":"17104","1076f64b":"17541","672b3b49":"17634",ed200b07:"17994","64b2938c":"18083",e699d4d1:"18091",dc366153:"18233",af61538a:"18348",ab131112:"18503","84e59631":"18543",d20320e1:"18654","26684b7d":"18676","92b86d63":"18746","40f1cf9e":"18952","457b963a":"18975","7720bb24":"19096","40907c41":"19186",f56cf62c:"19336","6728c7a9":"19478",c4428c45:"19480","8e9960dc":"19509",e10d246f:"19599","37963c82":"19612",dfb5f0c7:"19720",d67039b7:"19840",fdfb486c:"20111",e2bf4803:"20119","868b8e17":"20686","6eed3feb":"20739","1cc400ce":"20769",acc03d12:"20898","34156d76":"21020","949f9e5c":"21022","8a5c65cb":"21054",c64c8a00:"21131",ecf397c5:"21290","7863a04f":"21307",a9af3507:"21411","6b670249":"21499","92e7b68f":"21511","2fd2ba7e":"21574",dec2802b:"21594",fec5c7d4:"21715",c6ca8e82:"21926","2ae252f9":"21994",bdf7d44f:"22035","07b2872f":"22036",f167b037:"22094",f42d2ef1:"22159",dcb471a6:"22348","58f46323":"22394","9a3d5681":"22498",a4f23293:"22502","1222082a":"22570","5e15c15b":"22609","3c116a82":"22681","42895aa9":"22697",eb29bc22:"22713","09772b34":"22965","15f6fe0f":"22970","146d05d7":"23169",b4ed5649:"23199",c283ece6:"23475",c9448d9e:"23486",f0de574e:"23521",eb3dc601:"23676",bff9d2be:"23719","175c78b3":"23910","3fa39283":"23915",d0fc3039:"24004","2132f2c8":"24174","0702198c":"24180",b6120ea9:"24212","833dfbe2":"24269","365269c3":"24276",cbf62e80:"24340","9cdc8175":"24349","20d73eb2":"24354",b02de59a:"24464",f98e13e4:"24720","7040ea16":"24920","77ff8c5f":"24930","27b2bedd":"25088","59476d7b":"25297","2ffafe2d":"25480",b00a96e0:"25561",fbf5a5bc:"25618",d33dc195:"25915","1b28acf9":"25929","2865d6a1":"26123","636ce216":"26283","526841b1":"26389","05d073aa":"26546","18ba6a46":"26571","22f788e4":"26583",d7924564:"26599",fe92c3c8:"26780","4ea5776c":"26824","9b14b78f":"27071",e43c6f85:"27103",c50c64c1:"27166",e93086c6:"27278",fa5a4d6d:"27339","8a77ded3":"27495","7ac58bfb":"27510",c709e528:"27785","2a769183":"28006",cbee0725:"28027",e5c15292:"28045","51a6b448":"28065",b8763a3d:"28109","3fdf6886":"28250",a73e6386:"28294","0a3ca7a0":"28424","41e2cb2a":"28427",fbc46c8d:"28528","3962ec11":"28600",a972ad3e:"28614","282850f5":"28621",bd9ea72b:"28706",b77b8c66:"28755","7a52780b":"29106","1c258b38":"29245","8bddd949":"29307","1be78505":"29514","6591a8d4":"29597","91d2db81":"29753","216a98d5":"29946","628c5638":"29969","07a41131":"29996",f2b72252:"30144","3151d179":"30433","0fc51021":"30836",dfea22ae:"30853","8c335d31":"30868",b52fa139:"31289",fb52e9b8:"31301",e6dd87aa:"31386","97f5f3c2":"31422","35eb483f":"31472","59c3a605":"31617","35265ade":"31626",cbd72529:"31671","1517121d":"31803",bc8b2a0c:"31809","08efe41f":"31921","03d0b641":"31967","7a4d057f":"32077","92103f47":"32263","5bc595e9":"32440",da36def6:"32535","69fd7c0e":"32663","8fd272bb":"32699",bd4362ca:"32764","759f5d40":"32809","4741f96c":"32810","70de5b5f":"32942",a4e49971:"33019",ce6ee837:"33040",e8d4cdb9:"33150",f6784245:"33191","93996e09":"33313","99dc4662":"33514","341b1c91":"33698","1e415b6f":"34049",cc549ae9:"34085","836ce71c":"34093",ce59b13f:"34176","3ad596a9":"34203",c4ffb2d2:"34224",f8990407:"34316",e3c905de:"34377","6d0e887d":"34682","078ca05e":"34740","9d708593":"34771",e9b5709f:"34967","913247ec":"34970","7c404f02":"34998","714a0345":"35119","7ac0181b":"35174","161a8a09":"35206",b3cc103d:"35223",d602a484:"35406","43947e47":"35542",f42f3bd8:"35638","3f324a56":"35674","284a080c":"35821",cfc90e78:"35839",e00fa61b:"35913",b49d70f9:"35995","0b3545e4":"36358","83ce496e":"36516","1d5b23e2":"36549","80a8b741":"36555",c968257b:"36668","4a506fa9":"36694","16b4412b":"36714",aa9d4f22:"36777",cca70ef7:"36868","077ee5ba":"36883","1f1b61b4":"37300","8887a228":"37503",c94d8736:"37590","5f6ea5d7":"37704","70ea087d":"37739","9bc8facc":"37861","4e5322cc":"37998","640423d2":"38002","99b17796":"38098",cd61fe91:"38130","9919686c":"38153","29a08e9a":"38279","1fd61002":"38342",e02565da:"38382",fb6c00a7:"38429","265621d8":"38515","29b0c18d":"38590","217d978d":"38773",d2eed707:"38774",f083362e:"39063",cefce2a2:"39184",c1660528:"39609",b0851ee2:"39652","7379db51":"39781","5447c5cf":"39840","1677abc3":"39880","30ad8f72":"39977","465a7087":"40104","1dcbf034":"40300",d3b3891b:"40363",d24baff8:"40408","2bd82a96":"40412","53d6371d":"40421","234e638a":"40578","59f2fdda":"40613","7259f1b1":"40791","90e6bfa4":"41021","4c5e3d0c":"41026","0a00aed9":"41048","1738210e":"41119",ea710672:"41232","969fec62":"41298","19e0fcb3":"41337",d449dcf1:"41490",fb6543cb:"41550",cb9e7599:"41600","5f3ec91d":"41606","6f23519e":"41713",b2974c0c:"41748",e9e146f9:"41797",f918b75b:"41808",d3ee8f76:"41843","7d20fe42":"41862","7820f9d0":"41863",cb0f9cfc:"41910","4c8bab11":"42060",e57902fd:"42184","42d74bd0":"42213","352fe4c2":"42293",f2b29f39:"42384","369767ab":"42408","56af85b5":"42774","4fbbeb6d":"42798","56e0102d":"42807","04c84ab7":"42815","461bbd2f":"42900","952453f2":"42908","8616380d":"42936","9ab9d50f":"42957","6b5f3f1c":"42977",cee81a32:"43075","6f717a16":"43240","619f4ce6":"43386",d9ff0d7c:"43527","7c224e35":"43567",f9f60325:"43570",e0085fac:"43662",f5855e91:"43690","0565c07f":"43855",c7c76429:"43991","4b04188a":"44351","03174832":"44437",ec8dee43:"44442","93f2b152":"44689","00f8cb14":"44913","649093c4":"45007","0befdadd":"45182","4fd18230":"45403","5f002f12":"45570","659951bd":"45585","456cfd32":"45621","5dbe590f":"45971",ca13f458:"46003",cf1ecaf1:"46021",ccc49370:"46103",d409a93e:"46150","8f876d16":"46203",bf3f6241:"46225","05e002f0":"46265","8e3c5f08":"46348",a70d2e82:"46406","32b646fc":"46436","88746a45":"46442","8ec6e829":"46651",f3740653:"46705","4a76d056":"46734",ac1eaa32:"46762","708daa68":"46779","7430a490":"46878",feb1236d:"46947",c377a04b:"46971","140f3dee":"47057",c617b3ad:"47362","244e56d5":"47484","51b3f280":"47497","9c8e56d0":"47611","7d2009bc":"47618",ab97ccc9:"47647","5bdb327e":"48085","9983579e":"48100","008e479d":"48111","0f92a9a8":"48440","2ea98982":"48441","005af5ea":"48472",bebebfab:"48527","6875c492":"48610","72cc6d1e":"48772",bfb74d34:"48797","2dd6b9ac":"49201","8a72ccb4":"49277","1c21ba58":"49492","29e3a43b":"50030",d3bd14d4:"50065","93ecf9d2":"50154",cf2b80f9:"50155","692db14d":"50295","199adf45":"50475","3ecf99f6":"50536","36fd6b31":"50566","5b418dd2":"50598","7455c1f8":"50682",a4ae065a:"50734","3b3d7813":"50786",b2fe1a56:"51157","92054cc8":"51232",cb97ded3:"51426",e957a797:"51519","3b10f148":"51596","5b1d965c":"51661","23091f88":"51701",f45be535:"51770",bf65740b:"51893","6dd1a436":"52131",ff85a2bf:"52182","46b1bedd":"52277","1398643a":"52303","814f3328":"52535","5cf52972":"52607","7a3cbbc1":"52642",d09cacbb:"52656","7fdede95":"52685",e830f50c:"52908","5183b70e":"52916","991a0614":"52961","0902dbf0":"53015","001e1716":"53121","1df93b7f":"53237","6e286be6":"53303","9e4087bc":"53608","1a5edc34":"53711",f24dcdab:"53834",cd4bceb7:"53978",c177c35c:"54142","6767fc64":"54197",f656ff8f:"54257",bc7ebba5:"54369",fae58180:"54400","4fe46fb7":"54468","52caa0fa":"54495",ae5766d7:"54549",f8085e57:"54763","04de07fa":"54768","79f1cb63":"54779","51e252e1":"54797",c0fac2c5:"54868","0602922c":"54915","0614adf5":"54993","52d10dde":"55183",e6bd1150:"55395","7f5a4972":"55444",e05e4f28:"55458",aeaca7a3:"55713",a55c14b2:"55764",e333f46c:"55791","63814cb7":"55817",f30c03b2:"56104",d7fd4a45:"56294",d7be0b9b:"56345","7313540a":"56427","747c87af":"56454","66766c59":"56461",deb891b7:"56630","1aba2a20":"56779","2c647459":"56805",c0a645c7:"56942","4a70cc0d":"56948",c4fd52e5:"57205",c9fea71a:"57256",ca20a8fe:"57365","7792adb1":"57456","770d309f":"57523","1cc46930":"57574",b0c2e5ed:"57740","59f6952c":"57793","4fdcd587":"57842",cfa87347:"58139",b6130486:"58231",b8678d1a:"58253","161712d6":"58255",bb28fa20:"58273","6f94884f":"58349","92228e60":"58494",a5b4528c:"58581","89f437f7":"58695","6ff39321":"58805","46886cb0":"58821",a3ee450e:"58886",bbf3cda5:"58967",dac8816f:"59134","453c4055":"59300","2a592757":"59337","18f289aa":"59353","316e84de":"59425",ea5ecbc5:"59525",f5d6dd48:"59559",f67e3aa3:"59682",fb22e237:"59694","2cd08dad":"59706",b878c13e:"59726","01d5614e":"59814","8a703bd1":"59825","047e6a26":"59827","4bf67133":"60266",eb9d40ec:"60380","03118738":"60467",a9e69a82:"60608",d5bfda9e:"60780",daab0409:"60821","3b1282ea":"60930","4bdadcb4":"60996",dff31f53:"61157","190acd9c":"61213","053d7e42":"61265",db189e95:"61337",f4d442d5:"61554","53470b9e":"61581","08d52cd0":"61708","076802e0":"61763","16029c63":"61766","1170c774":"61846","481cb13b":"61890","4e8ec2d5":"61931","24e002ac":"61981","5f058c77":"62024","3488fd6c":"62109","5837c87c":"62275","06d6451e":"62324","9c92bc77":"62543","9d79cf0f":"62693",b4cdaeff:"62811",fafc9877:"62974","4db9da1d":"63022","49fd035e":"63048",b90f1cd1:"63147",f70b5741:"63299","8765036c":"63376","70c58991":"63410",f83dc955:"63434",bf342a85:"63684",ce7dab8e:"63693","6acab07e":"63905",fc3f47a8:"63998","01a85c17":"64013","3cc8df7b":"64070","752e02a7":"64247","22d1e350":"64322","0da6392e":"64325","65a1b790":"64395","74b3ebbb":"64411","9f2791cf":"64600",bf7df328:"64658","95446c39":"64748",ac3a39d8:"64822",ad8e7dcc:"64838","72457b75":"64854",bc300906:"64964","4ab0658f":"64967","08d58ed6":"64978",c10b9920:"65051","5a44e4dd":"65161",eb5c7b0a:"65193","8731dd32":"65301",bb0c4597:"65362",eb5263e4:"65480","4e6ed8f3":"65533","783edba4":"65540",d6487ff7:"65548","79c12c19":"65637",cfbe9d8e:"65731","47bafca7":"65754","75fb7ff2":"65839","02ec521e":"65870",ef25bb1f:"65878",d7245e62:"66095","9a544e45":"66232","18c538ec":"66291",a59e0362:"66342",a530b0d2:"66377","00b87587":"66513",b5430557:"66662",b46e9e7c:"66789","1055a711":"67036","3ed7e301":"67060","019131da":"67232","20a75fd7":"67301","1ddde341":"67356","3d57ba44":"67371",a90d1c60:"67431",d9f8802d:"67570",b3089a88:"67579","84090fe9":"67581","4b415865":"67624","4a41c9ed":"67764",adcbe9eb:"67826",df12da97:"67873","7d1e7a7c":"68418",fce9c71b:"68493",d553c684:"68540",d9a4e4a9:"68925","9abfca86":"68959","2c2bdd6a":"69040","78aa31c9":"69047","2b1e53d2":"69078","4d635c76":"69164",f14b45bb:"69228","2628b79f":"69300","170c3def":"69319","0965286a":"69320","36b5d89b":"69538",e527a4fd:"69593",e8df2429:"69678","65d527ac":"69796",d9dc158b:"69853",f17a645b:"70163","8d2190cc":"70198","8ccefe70":"70527","276a35f2":"70545","1dc9c973":"70714",b8ce7dc9:"70772",eb51026c:"70879",c93a2b7b:"71473",e4d0a9b4:"71518",a2baab9e:"71693",d58b9252:"71848","1a52eae7":"71877","3ad228ae":"71878",fda8821a:"71916",b58e0449:"71964",d719ccc2:"72113",c0ed6d96:"72147","4ef7ce65":"72184","05c17326":"72447",eca036a7:"72612","0d8d3350":"72629","4c601101":"72685",c3ab2f20:"72828","66bc78fc":"72829",a3937ff1:"72868",d705183c:"72938",fb6d9ef4:"72985",d9ebdac2:"72992","1b42d056":"73167",fc05bc09:"73407",cc63c88a:"73457","8ee976c2":"73746",cf896737:"73805","3b42de7a":"73838","78e0e367":"73860",cab9a096:"74076","830fd0bf":"74107",ab9a051c:"74296",cffa70f7:"74423","48f8f874":"74517","78dce1fd":"74556","625eab23":"74570","38dfefea":"74595",e0a79853:"74703","0bb7bcfa":"74708","330ac9fe":"74713","522cb5d3":"74891","1d40ab52":"74926","40c869fc":"75092",b17755e4:"75143","192ae610":"75191",c9f8f6c0:"75223",c50a9231:"75257",ed642a45:"75360","4e291c72":"75601",f49d7908:"75612","5d01a869":"75623","3e3d3813":"75884","32828b2c":"75950","38dc8bc1":"76066","342f8f1b":"76194",fc150fa2:"76311",b505846c:"76313",d8f8ea8f:"76420",fd333703:"76496","103f9e04":"76638","8cd80816":"77078","226b0cb1":"77248","0142e598":"77333","890438e0":"77340",f2a4f782:"77445","1608ab0c":"77467",bd753016:"77492","7566cda2":"77503","91d6c0c4":"77552",c087d33b:"77667","371c68ed":"77752",c20a5dd8:"77763","73c0098d":"77802","8f0d52a3":"77814",efe6b3fa:"77885","08cd2194":"78010","474899f0":"78202",d924c453:"78325","6a78568e":"78361","550fad1a":"78442",a1fbca1b:"78606","1855c9f4":"78658",c6aea3f1:"78673",ec887574:"78740",d1f0e4b8:"78923","56d060ef":"79110","5d8dde6e":"79178","5fd3099d":"79346","16304c1d":"79355","3da507b6":"79526","63831db4":"79679",fc1959c7:"79694","7f1215b4":"79777","5e2a7dec":"79842",f92f7190:"79917",ea2a8a2b:"79971",cde6b8a6:"79978","5f2498b2":"80009","935f2afb":"80053","14706c8b":"80145","42705cec":"80316","05827d53":"80357","14fe5d11":"80451",e2c6734d:"80484","8855d2b7":"80517",ca5cb613:"80881",e656dc47:"80912","6525da2f":"80948",aab4c406:"81084","0899fb24":"81100","6baa2cef":"81182","40616ef9":"81229","173f7963":"81357","5eb6fbed":"81560","558e1c6c":"81636",bab8d2c4:"81643","3a836242":"81758","20643d6a":"81771",bf0e441c:"81804",fd8b739b:"81821",d96ceb02:"81940","74376b51":"81960","3923cff6":"82120","0904ab64":"82168","9107ea31":"82329","3e21b64c":"82344","56d960a3":"82347","7c5fdb97":"82478","853e4057":"82651","2456a5e0":"82654",ec9ce0b9:"82683","6cc9d60c":"82763",ce73e545:"82935",cc020efe:"82968",b768cbd4:"82977","1aa3183d":"83037","236783c9":"83050","8a3cf0bc":"83060","915b42ac":"83153","912ede02":"83184","3b8c55ea":"83217",c8a30dcb:"83276",e7e3539d:"83323",a05ad5a3:"83532",b4edc141:"83555","610c6209":"83590","0ca5e369":"83669",a6b4f274:"83827","9ec43235":"83856","0984e7b7":"84143",b8ae24ba:"84331",d4054b0c:"84394","2d11d1c7":"84541","381d9cc2":"84606","511f43e7":"84615",efc92035:"84723",bb002237:"84841",eba3cb06:"85064","4121ff2e":"85330","346c6f31":"85350","096b53d1":"85511",d3ac05e9:"85765",d39f4c6a:"85785",a32b9391:"85872","3d23d174":"85957","8a69729c":"85989","61ac022e":"86007","5665fc6b":"86019",e4627f95:"86341","95b4e82b":"86392","9e8974f2":"86478","2f9a61f7":"86621","4ed45869":"86754",defea45c:"86847","57b59cd4":"86849",e5249a91:"86892",e59cf075:"86905","0c4492b5":"86925","843d5c9d":"86983","813b8b2b":"86997","532cc112":"87089","535a9867":"87097",e08ad4e2:"87199","826a4450":"87413","003bd65f":"87659","673cfd93":"87908","5c098672":"88462","6bfb1f3b":"88746","119399a8":"88799","3ab60fbf":"89110",a89101e8:"89120","5b1b9265":"89213","9ceb8545":"89243","8a2021db":"89535","306e9acb":"89635",b809a965:"90069","67a3f72d":"90342",fa02121a:"90414","611ed0af":"90434","251e224c":"90451","9a147845":"90647",a618be25:"90673","1095b338":"90744",d01ce3bc:"90874",bf01e4e0:"91024","5eb60198":"91043","7f7d57e5":"91075","4b535752":"91550",aab66baf:"91577","08b38161":"91617",d41cac77:"91698","7675a0fe":"91709",baf595e3:"91835","3c5e5778":"91993","88d474ce":"92130","9f5a94da":"92180","5c2c8950":"92341",e19ba590:"92711","462cb3ee":"92901",ec0bc416:"93009",a6aa9e1f:"93089","77d972d9":"93116","5f593e60":"93117","799df3c7":"93185","0756af21":"93323","23d9fe45":"93432","62c56f8b":"93502",bb1699c9:"93549",ea480a96:"93614","22bf71e8":"93656","3fa77eb9":"93716","4aebba5d":"93851","6a545a3d":"93891","15960ad5":"94012","38d8ce0a":"94013","36a4e4f0":"94156",a793e2e1:"94176","8d66cedd":"94235",f3d6bf7d:"94243","259d4bd8":"94325",c07ebe24:"94579",f24deb99:"94881","222f68c8":"94899","98a7b080":"94977","45ca2515":"95018","1c05226e":"95051","07fcb413":"95142","266461e3":"95510","9b6133b9":"95647",dc648997:"95654","32f482e1":"95683","93946e0a":"95719","00f5d06d":"96030","83e792f1":"96075","1c3c8be8":"96298",a22ed5e4:"96688","7c409bae":"96813","1608665e":"96902","737abd23":"96979","7fb7e253":"97006","0752e30e":"97120","0462cff2":"97140",d8ef6140:"97213","4b385260":"97267","28d6087e":"97357",afacbea5:"97562",c6bc47df:"97602",cd0c0b67:"97635","7350c59a":"97722","7f9606e9":"97912","7ab81c4a":"97964","3d4ef3a7":"98087",d7e0d0e7:"98258","60e1e52f":"98437","32e847b8":"98498","97bdec26":"98659",af1a53b7:"98752","9b9ccd3e":"98807","4593cc08":"98991",b5c078ab:"99135","659dff9c":"99397","2b4e7f11":"99554","7bff08c9":"99734","285fd50d":"99812",a4707478:"99903"}[e]||e,r.p+r.u(e)},(()=>{var e={51303:0,40532:0};r.f.j=(d,c)=>{var a=r.o(e,d)?e[d]:void 0;if(0!==a)if(a)c.push(a[2]);else if(/^(40532|51303)$/.test(d))e[d]=0;else{var b=new Promise(((c,b)=>a=e[d]=[c,b]));c.push(a[2]=b);var f=r.p+r.u(d),t=new Error;r.l(f,(c=>{if(r.o(e,d)&&(0!==(a=e[d])&&(e[d]=void 0),a)){var b=c&&("load"===c.type?"missing":c.type),f=c&&c.target&&c.target.src;t.message="Loading chunk "+d+" failed.\n("+b+": "+f+")",t.name="ChunkLoadError",t.type=b,t.request=f,a[1](t)}}),"chunk-"+d,d)}},r.O.j=d=>0===e[d];var d=(d,c)=>{var a,b,f=c[0],t=c[1],o=c[2],n=0;if(f.some((d=>0!==e[d]))){for(a in t)r.o(t,a)&&(r.m[a]=t[a]);if(o)var i=o(r)}for(d&&d(c);n - + @@ -30,7 +30,7 @@ you can then run Podman from your favorite Windows terminal without first having to get into a Virtual Machine. As a bonus, there's a link to a walk through video tutorial included in the post.

- + \ No newline at end of file diff --git a/blogs/2018/08/15/python-support-for-podman.html b/blogs/2018/08/15/python-support-for-podman.html index 9052aec8c..aa6615b19 100644 --- a/blogs/2018/08/15/python-support-for-podman.html +++ b/blogs/2018/08/15/python-support-for-podman.html @@ -12,14 +12,14 @@ - +

Python3 support for Podman

· 6 min read

podman logo

Python3 support for Podman

By Jhon Honce GitHub

You’ve learned of Podman and all it’s coolness for running OCI-based containers, but you need a solution that is repeatable and scripted. Rather than just executing Podman commands, you want a stable API to call into and not need to screen scrape the output.

We heard you and now provide a Python package, python3-podman. This package allows you to access the facilities of a Podman service with #nobigfatdaemons.

The python3-podman package containers a module that allows you to connect to a Podman socket activated systemd service on the same host or a remote host using a ssh tunnel. Using the python interface means you can run these commands from a MAC or Windows Box, as long as you have a Linux box with podman installed. We connect using varlink for the messaging protocol between client and service.

For the environment, you will need:

* Linux host
* podman package
* enable the io.podman.socket systemd unit file by executing

systemctl enable --now io.podman.socket

* Python3
* The python3-podman rpm, or podman package from PyPi.

Note: Currently, there is a matching rpm for each version of podman. In time, after the API stabilizes that may no longer be true.

Now lets start coding:

Using your favorite code editor you can copy and paste the following Python program into a file named latest_containers.py. Don’t forget Python uses whitespace to signify end-of-line and code blocks when you paste. The below python code will show all of the containers created since midnight UTC when it is run. The code comments provide a running commentary on how the module works in context.

#!/usr/bin/env python3

# Python standard date/time support
from datetime import datetime, time, timezone

# the module with all the goodness
import podman

midnight = datetime.combine(datetime.today(), time.min, tzinfo=timezone.utc)

# Our client is a context manager to make resource clean up easy. No arguments implies
# connect to a local Podman service using the default interfaces.
with podman.Client() as client:

# Retrieve all containers in containers storage. Each container is presented
# as a Namespace and dict. You determine which is easiest for you to use
# for your solution.
for c in client.containers.list():

# A bit of sugar, convert any podman-formatted timestamp to
# a python datetime
created_at = podman.datetime_parse(c.createdat)

if created_at > midnight:

# Now the results. We provide datetime_format() for consistent
# iso format in results if you wish to use it.
print('ID: {}\n image: {}\n createdAt: {}'.format(
c.id[:12], c.image[:33], podman.datetime_format(created_at)))

Once you have this code copied into the file:

* chmod 755 latest_containers.py
* podman run fedora sleep 300 &
* ./latest_containers.py
ID: d7337530c6d1
image: registry.fedoraproject.org/fedora
createdAt: 2018–08–10T09:18:09.728858–07:00

You can watch the whole process here.

The container object above supports the Namespace and dict protocols. This is our most used data structure providing you the ability to use the returned object in your code as you wish.

Connecting to a remote host, requires only changing how you create the Client() in any script:

With podman.Client(uri='unix:/run/user/17945/podman/io.podman',
remote_uri='ssh://ruser@podman.example.com:22/run/podman/io.podman') as client:
* uri provides the local side of the ssh tunnel
* user is your username
* remote_uri provides the details needed to connect to the remote host, plus the socket file for podman. A complete ssh uri is supported to allow configuration of ports etc.
* ruser is the remote host username to be used for authentication
* podman.example.com is the FQDN of the host you are running the podman service on
* The port number of 22 is given above for completeness, that is the default and may be omitted.
* An identity file may be provided via identity_file, otherwise the podman library will defer to ssh for authenticating.

All other function and method calls are the same whether they are remote or local. Note: all filesystem paths are resolved on the host running the podman service not the podman client.

But wait there is more!

To iterate over all the images stored on the system, you only need to change containers to images like:

for i in client.images.list():

To find podman system information, you need to use: client.system.info(). Or, client.system.versions() if you need to know the release of the podman service components.

To determine if the podman service is available and working, client.system.ping() will return True if everything is working correctly.

One of the most complex operations is creating a new container from an image, the workflow:

* Pull image from registry
* Instantiate image object
* Set container options
* Create OCI container and object
with podman.Client() as client:
ident = client.images.pull(name)
img = client.images.get(ident)
opts = {
'memory': '1G',
'memory-reservation': '750M',
'Memory-swap': '1.5G',
}
ctnr = img.container(**opts)

Our calling pattern is “client.<model>.<method>(<options>)”, where the current models are:

* Images
* Containers
* System

The Podman man pages provide details on the methods and options to be used for each.

What’s been shown in this blog is how easy it is to use the Python module to do Podman commands from your Linux host. These bindings can be used on the same host that Podman is running on, or they could be used on a remote host. Although there is not a complete one to one correspondence between the Podman commands and the ones available via the Python bindings — yet, the end goal for this project is to get to that point. For instance the commands for interacting with pods are currently under development and when available, the Python module will be updated to allow access. In addition to that, there’s work underway to make this Python module available on MacOS and Windows via PyPi. When these ports go live, you will be able to interact with Podman service from any Linux, MacOS or Windows host.

I hope you have found the information in this blog to be useful and gives you further insight into Podman and this Python module. If you have any questions a great place to ask them is the IRC channel #podman on FREENODE.

Better yet if you’d like to help contribute to Podman or this Python module, please feel free to join us on GitHub!

https://github.com/containers/podman https://github.com/containers/podman/tree/main/contrib/python

- + \ No newline at end of file diff --git a/blogs/2018/09/10/welcome.html b/blogs/2018/09/10/welcome.html index 5da043fed..94ceacf6b 100644 --- a/blogs/2018/09/10/welcome.html +++ b/blogs/2018/09/10/welcome.html @@ -12,13 +12,13 @@ - +

What's NEW!

· One min read

If you've missed the news so far, CoreOS was acquired by Red Hat at the beginning of 2018. This also means some changes for Buildah and Podman.

Buildah and Podman were previously projects within Project Atomic which is going to be sunset in favor of an immutable host combination of Container Linux and Fedora Atomic Host: this combination is called Fedora CoreOS. We therefore welcome you to the new websites, buildah.io and podman.io where you will find news, announcements, and more around the respective projects.

To start it up, check out the new Blogs and Releases sections on the site.

- + \ No newline at end of file diff --git a/blogs/2018/09/13/systemd.html b/blogs/2018/09/13/systemd.html index fb1995793..98397929c 100644 --- a/blogs/2018/09/13/systemd.html +++ b/blogs/2018/09/13/systemd.html @@ -12,7 +12,7 @@ - + @@ -30,7 +30,7 @@ The proper way to stop the container is to run sudo service redis stop.

An alternative to systemd for controlling containers lifecycle is to use CRI-O but this would be for another blog post :-).

- + \ No newline at end of file diff --git a/blogs/2018/09/25/pulling-images-from-docker.html b/blogs/2018/09/25/pulling-images-from-docker.html index f43af0424..0258bee11 100644 --- a/blogs/2018/09/25/pulling-images-from-docker.html +++ b/blogs/2018/09/25/pulling-images-from-docker.html @@ -12,14 +12,14 @@ - +

Cool thing&#58; Pulling content directly from the Docker Daemon...

· 2 min read

podman logo

Pulling content directly from the Docker Daemon...

By Dan Walsh GitHub

Cool things you can do with Podman.

I recently received a bug report about some huge container images not working correctly in Docker. So I suggested to the reporter that they try them with Podman. He responded that he saw the images with docker images, but did not see them with podman images.

I explained to him that the Docker image and container database are separate from the Podman image and container database. I told him he would have to pull the images into Podman. Then I decided to try a cool feature of Podman, where I could pull images directly out of the Docker daemon.

First I look for the Centos Image inside of Docker.

# docker images | grep centos
docker.io/centos 7 49f7960eb7e4 2 months ago 200 MB

Podman has the ability through its use of containers/image to pull images using many different transports other than just pulling from Container Registries. It supports pulling directly from the Docker daemon, using the docker-daemon transport.

# podman pull docker-daemon:docker.io/centos:7
Getting image source signatures
Copying blob sha256:bcc97fbfc9e1a709f0eb78c1da59caeb65f43dc32cd5deeb12b8c1784e5b8237
198.59 MB / 198.59 MB [====================================================] 1s
Copying config sha256:49f7960eb7e4cb46f1a02c1f8174c6fac07ebf1eb6d8deffbcb5c695f1c9edd5
2.15 KB / 2.15 KB [========================================================] 0s
Writing manifest to image destination
Storing signatures
49f7960eb7e4cb46f1a02c1f8174c6fac07ebf1eb6d8deffbcb5c695f1c9edd5

Now you have the Centos 7 image in Podman containers/storage datastore.

#podman images | grep centos
docker.io/library/centos 7 49f7960eb7e4 2 months ago .com208MB

Now you can start using the image with Podman, Buildah and CRI-O. You can even create new images and push them back into the Docker daemon.

Try it out…

- + \ No newline at end of file diff --git a/blogs/2018/10/01/talk-replace-docker-with-podman.html b/blogs/2018/10/01/talk-replace-docker-with-podman.html index 2fad990d1..a6d8d300d 100644 --- a/blogs/2018/10/01/talk-replace-docker-with-podman.html +++ b/blogs/2018/10/01/talk-replace-docker-with-podman.html @@ -12,13 +12,13 @@ - +

Replacing Docker with Podman

· One min read

podman logo

Replacing Docker with Podman

By Dan Walsh GitHub

At the "All Systems Go!" conference on September 28-30, 2018 in Berlin Germany, Dan Walsh gave a talk on how you can replace docker with podman and not skip a beat. The talk was taped and can be viewed here.

The slides in PDF format are here.

- + \ No newline at end of file diff --git a/blogs/2018/10/03/podman-remove-content-homedir.html b/blogs/2018/10/03/podman-remove-content-homedir.html index 4a5e7dafb..f3f336386 100644 --- a/blogs/2018/10/03/podman-remove-content-homedir.html +++ b/blogs/2018/10/03/podman-remove-content-homedir.html @@ -12,13 +12,13 @@ - +

Why can’t I delete storage files created by non-root podman?

· 5 min read

podman logo

Why can’t I delete storage files created by non-root Podman?

By Dan Walsh GitHub

Cool things you can do with Podman

When running Podman as root, the default location for storage is /var/lib/containers/storage. Of course, users cannot use this directory when running as non root, so Podman creates the storage by default in $HOME/.local/share/containers.

When Podman creates this storage it is running inside of a user namespace and is allowed to create UIDs and GIDs based off the UID ranges stored in /etc/subuid and the GIDs listed in /etc/subgid.

For example my account has UID and GID ranges 100000 through 165535 reserved for it, as well as my UID and primary GID, 3267.

#grep dwalsh /etc/subuid
dwalsh:100000:65536
$ grep dwalsh /etc/subgid
dwalsh:100000:65536

When Podman starts a container as non root, by default, it maps my UID, 3267, to UID 0 inside of the container, then it maps 100,000->1, 100,001->2, 100,002->3 … 165,535->65536.

You can see this mapping inside of the container

$ podman run -ti fedora cat  /proc/self/uid_map
0 3267 1
1 100000 65536
$ podman run -ti fedora cat /proc/self/gid_map
0 3267 1
1 100000 65536

Since I’m root in the container, I can create and set ownership of files inside of the container for using any UIDs and GIDs that are mapped into the container.

To see what happens, I will create a file and directory owned by a non root user inside of a container.

podman run -ti --name testfile fedora bash -c "mkdir /testdir; touch /testdir/testfile; chown -R 1:1 /testdir"

Since that was successful, let’s mount the container and see what it looks like from outside of the user namespace that’s used for running the container.

$ mnt=$(podman mount testfile)
$ echo $mnt
/home/dwalsh/.local/share/containers/storage/vfs/dir/691e874b6e1ba6807ecbe73910396b10f118617233aacc3df3297ffc4e1332f9
$ ls -l $mnt
total 4
lrwxrwxrwx. 1 dwalsh dwalsh 7 Feb 7 2018 bin -> usr/bin
dr-xr-xr-x. 2 dwalsh dwalsh 6 Feb 7 2018 boot
drwxr-xr-x. 2 dwalsh dwalsh 6 Apr 26 09:03 dev
drwxr-xr-x. 44 dwalsh dwalsh 4096 Apr 26 09:03 etc
drwxr-xr-x. 2 dwalsh dwalsh 6 Feb 7 2018 home
lrwxrwxrwx. 1 dwalsh dwalsh 7 Feb 7 2018 lib -> usr/lib
lrwxrwxrwx. 1 dwalsh dwalsh 9 Feb 7 2018 lib64 -> usr/lib64
drwx------. 2 dwalsh dwalsh 6 Apr 26 09:03 lost+found
drwxr-xr-x. 2 dwalsh dwalsh 6 Feb 7 2018 media
drwxr-xr-x. 2 dwalsh dwalsh 6 Feb 7 2018 mnt
drwxr-xr-x. 2 dwalsh dwalsh 6 Feb 7 2018 opt
drwxr-xr-x. 2 dwalsh dwalsh 6 Apr 26 09:03 proc
dr-xr-x---. 2 dwalsh dwalsh 162 Apr 26 09:03 root
drwxr-xr-x. 11 dwalsh dwalsh 169 Sep 25 09:11 run
lrwxrwxrwx. 1 dwalsh dwalsh 8 Feb 7 2018 sbin -> usr/sbin
drwxr-xr-x. 2 dwalsh dwalsh 6 Feb 7 2018 srv
drwxr-xr-x. 2 dwalsh dwalsh 6 Apr 26 09:03 sys
drwxr-xr-x. 2 100000 100000 22 Sep 25 13:38 testdir
drwxrwxrwt. 2 dwalsh dwalsh 32 Apr 26 09:03 tmp
drwxr-xr-x. 12 dwalsh dwalsh 144 Apr 26 09:03 usr
drwxr-xr-x. 19 dwalsh dwalsh 249 Apr 26 09:03 var

Notice the ownership of testdir and testfile. The namespace that was used for running the container mapped UID 100000 from outside of the namespace to UID 1 inside of the namespace, and did the same for GID 100000, mapping it to GID 1 inside of the namespace. When I set the ownership to UID and GID 1 from inside of the namespace, the corresponding values from outside of the namespace were what were recorded to disk.

$ ls -la $mnt/testdir
total 0
drwxr-xr-x. 2 100000 100000 22 Sep 25 13:38 .
drwxr-xr-x. 19 dwalsh dwalsh 257 Sep 25 13:38 ..
-rw-r--r--. 1 100000 100000 0 Sep 25 13:38 testfile

If i just try to clean up my directory I will get lots of errors.

rm -rf .local/share/containers/ 2>&1 | head -2
rm: cannot remove '.local/share/containers/storage/vfs/dir/891e1e4ef82ad02a4ea1f030831f942d722c7694c4db64ca3239c8163b811c58/bin': Permission denied
rm: cannot remove '.local/share/containers/storage/vfs/dir/891e1e4ef82ad02a4ea1f030831f942d722c7694c4db64ca3239c8163b811c58/boot': Permission denied

This is because this content was created from inside of a user namespace where I was UID 0, and because I was UID 0 in that namespace, I could set and change ownership of anything owned by any ID that was mapped into the namespace. In this case, I assigned it an owner that wasn’t mapped to my own user. Once I left the namespace, and I was back in the host namespace where I was just myself again, the contents belonged to the UID that I had mapped to 1 for the user namespace, which wasn’t my own UID.

Because of this, if I wanted to clean it all up, I could become root to remove the directory. But if I don’t have root on the machine, what could I do?

Buildah unshare or rootlesskit bash

Well currently Buildah or rootlesskit can put you into the user namespace without launching a container and then you can remove the images.

$ buildah unshare
[root@localhost ~]# id
uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

I am now root inside of a namespace with the same mappings I’d use for a container, but everything else is the same. In particular, I’m not using the container’s root filesystem.

[root@localhost ~]# pwd
/home/dwalsh
[root@localhost ~]# rm -rf .local/share/containers/
[root@localhost ~]#

I am able to delete all the files in my homedir.

- + \ No newline at end of file diff --git a/blogs/2018/10/04/selinux-libvirt.html b/blogs/2018/10/04/selinux-libvirt.html index ce6197ba7..20cc1b008 100644 --- a/blogs/2018/10/04/selinux-libvirt.html +++ b/blogs/2018/10/04/selinux-libvirt.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

SELinux blocks Podman container from talking to libvirt

· One min read

podman logo

SELinux blocks Podman container from talking to libvirt

By Dan Walsh GitHub

I wrote a SELinux blog on running a container with Podman. The talks explains why SELinux blocks the connection to the libvirt socket. It then goes on to explain how to setup the container to allow the communication.

Read More

- + \ No newline at end of file diff --git a/blogs/2018/10/05/tripleo-systemd.html b/blogs/2018/10/05/tripleo-systemd.html index 9a54b07a4..4c5477a5a 100644 --- a/blogs/2018/10/05/tripleo-systemd.html +++ b/blogs/2018/10/05/tripleo-systemd.html @@ -12,14 +12,14 @@ - + - + \ No newline at end of file diff --git a/blogs/2018/10/05/tripleo-undercloud.html b/blogs/2018/10/05/tripleo-undercloud.html index 3acce61a2..fffdcf8b3 100644 --- a/blogs/2018/10/05/tripleo-undercloud.html +++ b/blogs/2018/10/05/tripleo-undercloud.html @@ -12,14 +12,14 @@ - + - + \ No newline at end of file diff --git a/blogs/2018/10/07/tripleo-upgrade.html b/blogs/2018/10/07/tripleo-upgrade.html index cbe817263..272e5e859 100644 --- a/blogs/2018/10/07/tripleo-upgrade.html +++ b/blogs/2018/10/07/tripleo-upgrade.html @@ -12,14 +12,14 @@ - +

OpenStack Containerization with Podman – Part 3 (Upgrades)

· One min read

podman logo

Upgrade OpenStack TripleO Undercloud from Docker to Podman containers

By Emilien Macchi GitHub

I wrote a blog post about how we could upgrade OpenStack TripleO Undercloud from Docker to Podman containers.

Read More

- + \ No newline at end of file diff --git a/blogs/2018/10/10/checkpoint-restore.html b/blogs/2018/10/10/checkpoint-restore.html index 1ba54c5ac..a9f646cad 100644 --- a/blogs/2018/10/10/checkpoint-restore.html +++ b/blogs/2018/10/10/checkpoint-restore.html @@ -12,7 +12,7 @@ - + @@ -70,7 +70,7 @@ the possibility to easily export the checkpoint and appropriate container state from one Podman instance to another Podman instance to be able to restore the checkpointed container.

- + \ No newline at end of file diff --git a/blogs/2018/10/31/podman-buildah-relationship.html b/blogs/2018/10/31/podman-buildah-relationship.html index 114c3ecd2..d2935f01e 100644 --- a/blogs/2018/10/31/podman-buildah-relationship.html +++ b/blogs/2018/10/31/podman-buildah-relationship.html @@ -12,7 +12,7 @@ - + @@ -22,7 +22,7 @@ most Linux platforms and both projects reside at GitHub.com with Buildah here and Podman here. Both Buildah and Podman are command line tools that work on OCI images and containers. The two projects are related, but differ in their specialization.

Buildah specializes in building OCI images. Buildah's commands replicate all of the commands that are found in a Dockerfile. Buildah’s goal is also to provide a lower level coreutils interface to build container images, allowing people to build containers without requiring a Dockerfile. Buildah’s other goal is to allow you to use other scripting languages to build container images without requiring a daemon.

Podman specializes in all of the commands and functions that help you to maintain and modify those OCI container images, such as pulling and tagging. It also allows you to create, run, and maintain those containers. If you can do a command in the Docker CLI, you can do the same command in the Podman CLI. In fact you can just alias ‘podman’ for ‘docker’ on your machine and you can then build, create and maintain container images and containers without a daemon being present, just as you always have.

Although Podman uses Buildah’s build functionality under the covers to create a container image, the two projects have differences. The major difference between Podman and Buildah is their concept of a container. Podman allows users to create traditional containers and the intent of these containers is to be controlled through the entirety of a container life cycle (pause, checkpoint/restore, etc). While Buildah containers are really created just to allow content to be added to the container image. Each project has a separate internal representation of a container that is not shared. Because of this you cannot see Podman containers from within Buildah or vice versa. However the internal representation of a container image is the same between Buildah and Podman. Given this, any container image that has been created, pulled or modified by one can be seen and used by the other.

Some of the commands between the two projects overlap significantly but in some cases have slightly different behaviors. The following table illustrates the commands with some overlap between the projects.

CommandPodman BehaviorBuildah Behavior
buildCalls buildah budProvides the build-using-dockerfile (bud) command that emulates Docker’s build command.
commitCommits a Podman container into a container image. Does not work on a Buildah container. Once committed the resulting image can be used by either Podman or Buildah.Commits a Buildah container into a container image. Does not work on a Podman container. Once committed, the resulting image can be used by either Buildah or Podman.
mountMounts a Podman container. Does not work on a Buildah container.Mounts a Buildah container. Does not work on a Podman container.
pull and pushPull or push an image from a container image registry. Functionally the same as Buildah.Pull or push an image from a container image registry. Functionally the same as Podman.
runRun a process in a new container in the same manner as docker run.Runs the container in the same way as the RUN command in a Dockerfile.
rmRemoves a Podman container. Does not work on a Buildah container.Removes a Buildah container. Does not work on a Podman container.
rmi, images, tagEquivalent on both projects.Equivalent on both projects.
containers and psps is used to list Podman containers. The containers command does not exist.containers is used to list Buildah containers. The ps command does not exist.

A quick and easy way to summarize the difference between the two projects is the buildah run command emulates the RUN command in a Dockerfile while the podman run command emulates the docker run command in functionality.

Buildah is an efficient way to create OCI images while Podman allows you to manage and maintain those images and containers in a production environment using familiar container cli commands. Together they form a strong foundation to support your OCI container image and container needs. Best yet, they are both Open-source projects and you are more than welcome to contribute to either or both projects. Hope to see you there!

- + \ No newline at end of file diff --git a/blogs/2018/11/01/talk-state_of_container_technologies.html b/blogs/2018/11/01/talk-state_of_container_technologies.html index 03baff194..b00c4f8e4 100644 --- a/blogs/2018/11/01/talk-state_of_container_technologies.html +++ b/blogs/2018/11/01/talk-state_of_container_technologies.html @@ -12,13 +12,13 @@ - +

The State of Container Technologies in the Operating System

· One min read

podman logo

The State of Container Technologies in the Operating System Talk

By Dan Walsh GitHub

At the "LISA18" conference on October 29-31, 2018 in Nashville, TN, USA, Dan Walsh gave a talk on the State of Container Technologies in the Operating System.

The slides in PDF format are here.

- + \ No newline at end of file diff --git a/blogs/2018/11/19/build_libpod-container-images.html b/blogs/2018/11/19/build_libpod-container-images.html index 933fb9987..40bf28c01 100644 --- a/blogs/2018/11/19/build_libpod-container-images.html +++ b/blogs/2018/11/19/build_libpod-container-images.html @@ -12,7 +12,7 @@ - + @@ -26,7 +26,7 @@ the RPM package because it will make the upgrade process easier down the road.

To solve this problem, I have created a series of container images for CentOS7, Fedora 28, and Fedora 29 that are capable of building a development Podman RPM and associated packages.

A bit about the images themselves

The image that can used to build the RPMs is called quay.io/libpod/build_libpod. You simply alter the tag to build for the various distributions. The latest tag will build CentOS7 RPMs. Two other tags exist: fedora28 and fedora29.

Create the temporary directory

Create a directory for where the RPMs will be volume mounted. It must be /tmp/rpms.

$ mkdir /tmp/rpms

Build the RPMs

Building the RPMs is a simple Podman command that leverages the container runlabel function in Podman. Once the image is pulled by Podman, it will install the required packages for building the RPMs. After the build is complete, the container will also test to make sure the RPMs install correctly.

$ sudo podman container runlabel -p run quay.io/libpod/build_libpod:fedora29
Trying to pull quay.io/libpod/build_libpod:fedora29...Getting image source signatures
Skipping fetch of repeat blob sha256:7692efc5f81cadc73ca1afde08b1a5ea126749fd7520537ceea1a9871329efde
Copying blob sha256:af79f3045c1f7e253b5952752ae4ecabb15f5ee1e2c7e4148132ed37ea7e0091
24.70 MB / 24.70 MB [======================================================] 2s
Copying blob sha256:ff2caf91b3889620d64f6fa5529531c3fed78222ce33a89ac85318e410d302fb
206 B / 206 B [============================================================] 0s
Copying blob sha256:dd6fe2d1ef4e4ca5252881a6ab2db0eecc1166486af08384eab121512fd8e1dd
253 B / 253 B [============================================================] 0s
Copying blob sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
32 B / 32 B [==============================================================] 0s
Skipping fetch of repeat blob sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Writing manifest to image destination
Storing signatures
Command: /proc/self/exe run -it --rm --net=host -v /tmp/rpms:/root/rpmbuild/RPMS/x86_64/:Z quay.io/libpod/build_libpod:fedora29
Cloning into '/go/src/github.com/containers/libpod'...
warning: redirecting to https://github.com/containers/podman/
remote: Enumerating objects: 34, done.
remote: Counting objects: 100% (34/34), done.
remote: Compressing objects: 100% (31/31), done.
remote: Total 23112 (delta 12), reused 12 (delta 3), pack-reused 23078
Receiving objects: 100% (23112/23112), 15.96 MiB | 10.16 MiB/s, done.
Resolving deltas: 100% (13753/13753), done.
/go/src/github.com/containers/libpod
++ command -v dnf
+ pkg_manager=/usr/bin/dnf

... ** SHORTENED FOR BREVITY ***

Installed:
python3-podman-0.11.2-1542207420.git2b911b0c.fc29.noarch python3-pypodman-0.11.2-1542207420.git2b911b0c.fc29.noarch
python3-dateutil-1:2.7.0-3.fc29.noarch python3-humanize-0.5.1-14.fc29.noarch
python3-psutil-5.4.3-6.fc29.x86_64

Complete!

The resulting RPMs will end up in your temporary directory of /tmp/rpms.

$ find /tmp/rpms/
/tmp/rpms/
/tmp/rpms/noarch
/tmp/rpms/noarch/python3-pypodman-0.11.2-1542210510.git2b911b0c.fc29.noarch.rpm
/tmp/rpms/noarch/python3-podman-0.11.2-1542210510.git2b911b0c.fc29.noarch.rpm
/tmp/rpms/x86_64
/tmp/rpms/x86_64/podman-debuginfo-0.11.2-1542210510.git2b911b0c.fc29.x86_64.rpm
/tmp/rpms/x86_64/podman-debugsource-0.11.2-1542210510.git2b911b0c.fc29.x86_64.rpm
/tmp/rpms/x86_64/podman-0.11.2-1542210510.git2b911b0c.fc29.x86_64.rpm

Future

If folks like this, I'll consider adding the ability to pass in a specific git commit to build.

- + \ No newline at end of file diff --git a/blogs/2018/11/27/podman-exists.html b/blogs/2018/11/27/podman-exists.html index f3b0b37c9..9e77ed371 100644 --- a/blogs/2018/11/27/podman-exists.html +++ b/blogs/2018/11/27/podman-exists.html @@ -12,13 +12,13 @@ - +

Podman container|image exists

· 3 min read

podman logo

Podman container|image exists

By Brent Baude GitHub

We are seeing a proliferation of Podman usage in users' daily workflows. As such, these workflows are often scripted -- in something like bash -- and clear exit codes from the applications being run are paramount. One of the tasks we often see is a user wanting to verify if an image or a container exists in local storage. We saw several different approaches approaches to solving this including running podman ps or podman images with filters or complex uses of grep.

Solution

After a bit of discussion with our users, recorded in [issue #1845] (https://github.com/containers/podman/issues/1845), a plan was hatched to have a specific command that satisfies this use case. It was implemented for both containers and images; and I suppose if users wish, we could implement it for pods as well. If the image or container exists, Podman will return an exit code of 0. If it does not exist, Podman will return an exit code of 1. Any other exit code can be attributed to non-verification failures like permissions or failure in reading local storage.

Check on an images

To verify the existence of an image in your local storage, you can use the command podman image exists <IMAGE_NAME>. Let's clarify through the use of an example.

The images we have in our local storage are as follows:

$ sudo podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/library/alpine latest 196d12cf6ab1 2 months ago 4.67 MB

If we wanted to verify the existence of the image docker.io/library/alpine:latest, we would:

$ sudo podman image exists docker.io/library/alpine:latest
$ echo $?
0

You can also verify by short-name if preferable:

$ sudo podman image exists alpine
$ echo $?
0

You can also verify an image by an image's full or shortened ID.

$ sudo podman image exists 196d12cf6ab1
$ echo $?
0

And finally, a failure to verify example would look like:

$ sudo podman image exists busybox
$ echo $?
1

Check on a container

We can verify the existence of a container in much the same way as an image. The grammar differs slightly.

My system has the following container:

$ sudo podman ps --format {% raw %}"{{.ID}} {{.Names}}"{% endraw %}
472fde2f48c7 foobar

And I can verify the existence of the container with podman container exists <CONTAINER_NAME>.

$ sudo podman container exists foobar
$ echo $?
0

Like images, you can also verify a container using its full or partial container ID.

- + \ No newline at end of file diff --git a/blogs/2018/12/03/podman-runlabel.html b/blogs/2018/12/03/podman-runlabel.html index 5a011790e..2bd16b0dd 100644 --- a/blogs/2018/12/03/podman-runlabel.html +++ b/blogs/2018/12/03/podman-runlabel.html @@ -12,14 +12,14 @@ - +

Simplifying Podman commands with labels

· 3 min read

podman logo

Simplifying Podman commands with labels

By Brent Baude GitHub

Commands used by container runtimes to create containers have become complex. It is on purpose of course. When creating containers, we want the ability to specify various security or network attributes. But if you are in the unenviable position to have to keystroke in some of these lengthy commands, it can grow tiresome. Defining labels on the container image is a great way to define how the container should be run; however, now with Podman we can read and execute that label saving you potential command line bloat.

Container image Labels

Container images have had the concept of a label for quite some time. They are often used as identifiers for the image; i.e. version, release, author, etc. But you can create a container label for just about anything. With the Atomic CLI project, we used to leverage labels such as RUN, INSTALL, and UNINSTALL. These labels we defined for the purpose of their verbiage.

Podman container runlabel

To mimic the Atomic CLI project, we added a sub-command called podman container runlabel. This command will execute the contents of a given label as defined by the container image.

Lets consider an example. I have a simple container image based on mariab that I use for my Podman development. The image is made like so:

FROM docker.io/library/mariadb:latest
LABEL RUN="podman run --name some-mariadb -P -e MYSQL_ROOT_PASSWORD=x -dt IMAGE"
RUN echo "bind-address = 0.0.0.0" >> /etc/mysql/my.cnf

Note the definition of the RUN label in the image. It contains the complete command line description of how to run it. The use of IMAGE here is a placeholder is automatically substituted by Podman to the real image name. On my system, this image exists as quay.io/baude/demodb:latest.

We can get a preview of what Podman would run using the --display switch. In the case of my mariab image, a dry-run would show something like this:

$ sudo podman container runlabel --display run quay.io/baude/demodb:latest
Command: /proc/self/exe run --name some-mariadb -P -e MYSQL_ROOT_PASSWORD=x -dt quay.io/baude/demodb:latest

Note how the IMAGE was translated into the image name. If we rerun the previous command and subtract the --display option, podman will create the container exactly as described by the run label.

So, next time you create your own image, do yourself a favor and construct labels that Podman can read and simplify your life.

- + \ No newline at end of file diff --git a/blogs/2018/12/14/openstack-podman-healthchecks.html b/blogs/2018/12/14/openstack-podman-healthchecks.html index 0ea09033c..78125707b 100644 --- a/blogs/2018/12/14/openstack-podman-healthchecks.html +++ b/blogs/2018/12/14/openstack-podman-healthchecks.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2019/01/07/software-factory-podman.html b/blogs/2019/01/07/software-factory-podman.html index a67b80e51..5e3c97249 100644 --- a/blogs/2019/01/07/software-factory-podman.html +++ b/blogs/2019/01/07/software-factory-podman.html @@ -12,14 +12,14 @@ - + - + \ No newline at end of file diff --git a/blogs/2019/01/08/rhel-8-and-podman.html b/blogs/2019/01/08/rhel-8-and-podman.html index a4599b111..4cbbeb393 100644 --- a/blogs/2019/01/08/rhel-8-and-podman.html +++ b/blogs/2019/01/08/rhel-8-and-podman.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2019/01/14/podman-machine-and-boot2podman.html b/blogs/2019/01/14/podman-machine-and-boot2podman.html index 253bfa11c..e2cc5a695 100644 --- a/blogs/2019/01/14/podman-machine-and-boot2podman.html +++ b/blogs/2019/01/14/podman-machine-and-boot2podman.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

Podman Machine and Boot2podman

· 3 min read

boot2podman logo

Podman Machine and Boot2podman

By Anders F Björklund GitHub

Update: September 9, 2021 - Tom Sweeney

This post initially discussed the boot2podman/machine project, which Anders has since deprecated. Starting with Podman v3.3, the podman machine command now does that same function and is part of the Podman project. Please see Brent Baude's update or the podman machine man page on docs.podman.io for more information on how to run Podman machine. The podman-machine command has been deprecated.

In addition, the Podman team is investigating the possibility of creating Podman Desktop. Please see the issue on GitHub, and please add your comments or thoughts to that issue.

More updates are coming, and please keep your eye on the Podman Mailing List and podman.io for further information and developments.

Finally, a very big thank you to Anders for his many contributions to Podman, particularly for his work in getting Podman to work smoothly on macOS.

Original Post

By using podman-machine and indirectly boot2podman, it is easy to get started with podman even if your local host does not support it...

It will start a virtual machine, with everything to run containers. This includes podman and buildah, and remote access over varlink.

The command-line tool podman-machine is a simple way to create virtual machines running boot2podman.iso. It will create a "machine" with Linux prepared for running Linux containers, with Podman and Buildah (and their dependencies) pre-installed.

This way any client will be able to run containers, even though not possible on their operating system. Whether their Linux distribution is too old or too unprivileged, or if they are running Windows or OS X operating systems without native Linux support.

Podman Machine

Machine lets you create servers with Podman, then configures the Podman clients.

$ podman-machine create box
$ podman-machine ssh box

tc@box:~$ sudo podman

Will automatically download the latest version of the ISO, if not available in the cache.

See: https://github.com/boot2podman/machine

Boot2Podman ISO

Boot2podman is a lightweight Linux distribution made specifically to run Linux containers.

  • Tiny Core Linux 9.x (x86_64)
  • Buildah / Varlink / Podman

The distribution runs entirely from RAM, while persisting the containers and ssh keys.

See: https://github.com/boot2podman/boot2podman

Remote Access

It is possible to use the pypodman command-line tool, to control podman remotely:

$ eval $(podman-machine env box)
$ pypodman version

https://github.com/containers/python-podman

Or alternatively to use the varlink-go command-line tool, to access the podman API:

$ eval $(podman-machine env box --varlink)
$ varlink-go call io.podman.GetVersion

https://github.com/boot2podman/varlink-go

Both methods use SSH, in order to access the podman varlink socket of the VM.

The SSH keys and other configuration is automatically created with the machine.

Tiny Core

The regular boot2podman.iso is based on Tiny Core Linux:

https://github.com/boot2podman/boot2podman/releases

This is a minimal system, that runs entirely from RAM and uses init(1).

The package manager uses TCZ packages, handled by the tce-load program.

See: https://en.wikipedia.org/wiki/Tiny_Core_Linux

Fedora

There is also an alternative version, based on Fedora Linux:

https://github.com/boot2podman/boot2podman-fedora-iso/releases

This is a full system, that boots a regular image and uses systemd(1).

The package manager uses RPM packages, handled by the dnf program.

See: https://en.wikipedia.org/wiki/Fedora_(operating_system)

Both versions will do the same thing, in that they will both offer the Podman varlink socket.

The Podman Machine can set up virtual machines for either, by using the "url" parameters.


For more posts about boot2podman, see: https://boot2podman.github.io/

- + \ No newline at end of file diff --git a/blogs/2019/01/15/podman-pods.html b/blogs/2019/01/15/podman-pods.html index 64f367f5d..a0405a0c2 100644 --- a/blogs/2019/01/15/podman-pods.html +++ b/blogs/2019/01/15/podman-pods.html @@ -12,14 +12,14 @@ - + - + \ No newline at end of file diff --git a/blogs/2019/01/16/podman-varlink.html b/blogs/2019/01/16/podman-varlink.html index 552de2301..0434db11f 100644 --- a/blogs/2019/01/16/podman-varlink.html +++ b/blogs/2019/01/16/podman-varlink.html @@ -12,7 +12,7 @@ - + @@ -27,7 +27,7 @@ in one of your path directories

For Linux systems:

You can also use varlink util from libvarlink or install libvarlink-util on Fedora/RHEL machines.

The varlink CLI command in ~/.cargo/bin should output:

$ varlink --bridge "ssh <podman-machine>" info
Vendor: Atomic
Product: podman
Version: 0.10.1
URL: https://github.com/containers/podman
Interfaces:
org.varlink.service
io.podman
$ varlink --bridge "ssh <podman-machine>" call io.podman.Ping
{
"ping": {
"message": "OK"
}
}

$ varlink --bridge "ssh <podman-machine>" call io.podman.MountContainer "{\"name\": \"container-id\"}"
Error: Call failed with error: io.podman.ErrorOccurred
{
"reason": "no container with name or ID container-id found: no such container"
}

To find out more about the Podman varlink interface read the io.podman.varlink file or the rendered API.md.

Or you can inspect, what methods your Podman version on <podman-machine> provides:

$ varlink --bridge "ssh <podman-machine>" help io.podman

Rust Client Example

Either clone this repository or:

$ cargo new --bin podmanrs
$ cd podmanrs

Download the varlink interface from the running Podman varlink service:

$ varlink --bridge "ssh <podman-machine>" help io.podman > src/io.podman.varlink

create build.rs:

extern crate varlink_generator;

fn main() {
varlink_generator::cargo_build_tosource("src/io.podman.varlink", true);
}

create Cargo.toml:

[package]
name = "podmanrs"
version = "0.1.0"
authors = ["Harald Hoyer <harald@redhat.com>"]
build = "build.rs"
edition = "2018"

[dependencies]
varlink = "7"
serde = "1"
serde_derive = "1"
serde_json = "1"
chainerror = "0.4"
[build-dependencies]
varlink_generator = "7"

create src/main.rs:

mod io_podman;

use crate::io_podman::*;
use varlink::Connection;
use std::result::Result;
use std::error::Error;

fn main() -> Result<(), Box<Error>> {
let connection = Connection::with_bridge(
"ssh <podman-machine>",
)?;
let mut podman = VarlinkClient::new(connection.clone());
let reply = podman.ping().call()?;
println!("Ping() replied with '{}'", reply.ping.message);
let reply = podman.get_info().call()?;
println!("Hostname: {}", reply.info.host.hostname);
println!("Info: {:#?}", reply.info);
Ok(())
}

Now run it:

$ cargo run
- + \ No newline at end of file diff --git a/blogs/2019/02/07/hack-and-tools.html b/blogs/2019/02/07/hack-and-tools.html index f76b137cf..7c0bff636 100644 --- a/blogs/2019/02/07/hack-and-tools.html +++ b/blogs/2019/02/07/hack-and-tools.html @@ -12,13 +12,13 @@ - +

Container Tools on RHEL 8 & How to Hack Podman

· One min read

podman logo

Scott McCarty wrote "Red Hat Enterprise Linux 8 Beta: A new set of container tools". In the blog Scott introduces the new container tools in RHEL 8 Beta. Spoiler Alert! No Big Fat Daemons were harmed in the examples Scott provides!

Hervé Beraud wrote "How to Hack on Podman, which walks you through contributing to the Podman project.

Both are great reads to help build your container tools knowledge.

- + \ No newline at end of file diff --git a/blogs/2019/02/21/pandb-4-users.html b/blogs/2019/02/21/pandb-4-users.html index 8af5f4a15..b94026f6b 100644 --- a/blogs/2019/02/21/pandb-4-users.html +++ b/blogs/2019/02/21/pandb-4-users.html @@ -12,13 +12,13 @@ - +

Podman and Buildah for Docker Users!

· One min read

podman logo

Podman and Buildah for Docker Users

By Tom Sweeney GitHub

A new article about how Docker users can use Podman and Buildah on the Red Hat Developer Site. William Henry (@ipbabble) introduces the two tools to Docker users and explains how they can be used to replace Docker and how the two tools are related.

- + \ No newline at end of file diff --git a/blogs/2019/03/16/podman-install.html b/blogs/2019/03/16/podman-install.html index 14129b38f..420946087 100644 --- a/blogs/2019/03/16/podman-install.html +++ b/blogs/2019/03/16/podman-install.html @@ -12,7 +12,7 @@ - + @@ -23,7 +23,7 @@ author: tsweeney categories: [blogs] tags: [containers, images, docker, buildah, podman, oci]


podman logo

Installation of Podman to Run Docker Container - Part 1

By Tom Sweeney GitHub

A new article about how Opvizor installed Podman to run Docker containers. This blog entry at Opvizor looks into their installation process and their early takeaways on Podman.

- + \ No newline at end of file diff --git a/blogs/2019/03/18/CI3.html b/blogs/2019/03/18/CI3.html index ed30e0f8f..e1d0db7d0 100644 --- a/blogs/2019/03/18/CI3.html +++ b/blogs/2019/03/18/CI3.html @@ -12,7 +12,7 @@ - + @@ -104,7 +104,7 @@ or snide remarks there, please feel free to find me in #podman on Freenode (IRC). Unless the question is too-smart, I might even be able to answer it. Until then, may your pretty code keep its bugs well hidden and out of sight.

- + \ No newline at end of file diff --git a/blogs/2019/03/22/podman-made-easy.html b/blogs/2019/03/22/podman-made-easy.html index f1e13b124..db0d6cba5 100644 --- a/blogs/2019/03/22/podman-made-easy.html +++ b/blogs/2019/03/22/podman-made-easy.html @@ -12,13 +12,13 @@ - +
- + \ No newline at end of file diff --git a/blogs/2019/04/01/podman-crosswords.html b/blogs/2019/04/01/podman-crosswords.html index 995c8c6b3..54ec444ac 100644 --- a/blogs/2019/04/01/podman-crosswords.html +++ b/blogs/2019/04/01/podman-crosswords.html @@ -12,14 +12,14 @@ - +

Podman Saves My Crossword Habit

· One min read

podman logo

Podman Saves My Crossword Habit

By Tom Sweeney GitHub

Ed Santiago (@edsantiago) needed help with his New York Times crossword puzzle. So naturally he turned to Podman to save the day. Read about it in his blog post: Podman Saves My Crossword Habit. Many thanks to Ed for sharing this innovative use of Podman.

- + \ No newline at end of file diff --git a/blogs/2019/04/16/cinc.html b/blogs/2019/04/16/cinc.html index cf07eb450..acc63b36e 100644 --- a/blogs/2019/04/16/cinc.html +++ b/blogs/2019/04/16/cinc.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2019/04/22/health.html b/blogs/2019/04/22/health.html index a3586c74d..2b7393899 100644 --- a/blogs/2019/04/22/health.html +++ b/blogs/2019/04/22/health.html @@ -12,13 +12,13 @@ - +

Monitoring container vitality and availability with Podman

· One min read

podman logo

Monitoring container vitality and availability with Podman

By Brent Baude GitHub

Who doesn't want a healthy container in their environment? Now with Podman you can setup healthchecks so you can check if your container and it's application is up and running as you'd expect. Brent Baude introduces the new functionality in this article on the Red Hat Developer Blog: Monitoring container vitality and availability with Podman.

- + \ No newline at end of file diff --git a/blogs/2019/05/18/micro-dnf.html b/blogs/2019/05/18/micro-dnf.html index 6e27a83db..06ba82541 100644 --- a/blogs/2019/05/18/micro-dnf.html +++ b/blogs/2019/05/18/micro-dnf.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2019/05/24/podman-made-easy2.html b/blogs/2019/05/24/podman-made-easy2.html index 8d1c71825..955b0d3ba 100644 --- a/blogs/2019/05/24/podman-made-easy2.html +++ b/blogs/2019/05/24/podman-made-easy2.html @@ -12,13 +12,13 @@ - +
- + \ No newline at end of file diff --git a/blogs/2019/06/13/new.html b/blogs/2019/06/13/new.html index 4844d24ef..32a629a9c 100644 --- a/blogs/2019/06/13/new.html +++ b/blogs/2019/06/13/new.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2019/06/13/podman-cheatsheet.html b/blogs/2019/06/13/podman-cheatsheet.html index 8560344ed..dc5b2e842 100644 --- a/blogs/2019/06/13/podman-cheatsheet.html +++ b/blogs/2019/06/13/podman-cheatsheet.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2019/06/17/mailinglist.html b/blogs/2019/06/17/mailinglist.html index 7554bb70f..2dee2fb29 100644 --- a/blogs/2019/06/17/mailinglist.html +++ b/blogs/2019/06/17/mailinglist.html @@ -12,13 +12,13 @@ - +

Podman Mailing list

· 2 min read

podman logo

Podman Mailing List

By Tom Sweeney GitHub

We've received a number of requests for a mailing list for Podman and we're happy to announce that one has just been created! We've built a friendly community on IRC and GitHub and plan to continue that growth in this new mailing list. The maintainers of the project are all members of the list and we're happy to take any and all questions there about Podman. You can also just use the list as a way to track what's going on with Podman as release announcements and other important news will be posted there.

To sign up for the mailing list use email or the web interface:

Regardless of which method you use, a confirmation email will be sent to you. After you reply back to that confirmation email, you'll then be able to send mail directly to podman@lists.podman.io. You can then also go to the list's web page at lists.podman.io, click on the Podman link and from there you can see all of the past conversations on the list or manage your subscription.

Please note, if you have a bug that you'd like to report, it's best to report them here by creating a "New issue" rather than sending an email to the list.

We hope over time this mailing list will be a friendly and useful tool for the entire Podman community.

- + \ No newline at end of file diff --git a/blogs/2019/06/17/new.html b/blogs/2019/06/17/new.html index 9e88b49c8..696b8a3d4 100644 --- a/blogs/2019/06/17/new.html +++ b/blogs/2019/06/17/new.html @@ -12,13 +12,13 @@ - +

Announcing the Podman Mailing List!

· One min read

We've received a number of requests for a mailing list for Podman and we're happy to announce that one has just been created! We've built a friendly community on IRC and GitHub and plan to continue that growth in this new mailing list. The maintainers of the project are all members of the list and we're happy to take any and all questions there about Podman. You can also just use the list as a way to track what's going on with Podman as release announcements and other important news will be posted there.

Get all the details on this blog post!

- + \ No newline at end of file diff --git a/blogs/2019/06/19/new.html b/blogs/2019/06/19/new.html index f695e6939..386be1ab8 100644 --- a/blogs/2019/06/19/new.html +++ b/blogs/2019/06/19/new.html @@ -12,13 +12,13 @@ - +

OnDemand Course&#58; Container pipelines for sys admins—and anyone, really—with Buildah and Podman

· One min read

Red Hat has recently posted an OnDemand course: Container pipelines for sys admins—and anyone, really—with Buildah and Podman. The session teaches you how to integrate both Podman and Buildah into your continuous delivery (CI/CD) solutions and also serves as a good introduction to both tools. The cost can't be beat (free!), so if you're looking for a quick introduction into the tools, this is a good way to go.

- + \ No newline at end of file diff --git a/blogs/2019/06/19/ondemand-course.html b/blogs/2019/06/19/ondemand-course.html index 9252ea87c..0643f9cc2 100644 --- a/blogs/2019/06/19/ondemand-course.html +++ b/blogs/2019/06/19/ondemand-course.html @@ -12,13 +12,13 @@ - +

OnDemand Course&#58; Container pipelines for sys admins—and anyone, really—with Buildah and Podman

· One min read

podman logo

OnDemand Course: Container pipelines for sys admins—and anyone, really—with Buildah and Podman

By Tom Sweeney GitHub

Red Hat has recently posted an OnDemand course: Container pipelines for sys admins—and anyone, really—with Buildah and Podman. The session teaches you how to integrate both Podman and Buildah into your continuous delivery (CI/CD) solutions and also serves as a good introduction to both tools. The cost can't be beat (free!), so if you're looking for a quick introduction into the tools, this is a good way to go.

- + \ No newline at end of file diff --git a/blogs/2019/06/26/new.html b/blogs/2019/06/26/new.html index cb66b02eb..b69200398 100644 --- a/blogs/2019/06/26/new.html +++ b/blogs/2019/06/26/new.html @@ -12,13 +12,13 @@ - +

Replacing Docker with Podman

· One min read

Ganesh Mani recently wrote the blog Replacing Docker with Podman — Power of Podman — Cloudnweb. The article gives a nice overview of Docker, Podman, their differences, and how you can use Podman to replace Docker. A nice read and really, who doesn't love a blog that wraps up with a meme featuring The Rock?

- + \ No newline at end of file diff --git a/blogs/2019/06/26/replace-docker-with-podman.html b/blogs/2019/06/26/replace-docker-with-podman.html index a40b72fff..b4414d14b 100644 --- a/blogs/2019/06/26/replace-docker-with-podman.html +++ b/blogs/2019/06/26/replace-docker-with-podman.html @@ -12,14 +12,14 @@ - + - + \ No newline at end of file diff --git a/blogs/2019/07/06/new.html b/blogs/2019/07/06/new.html index 35b483f59..9bbe1a00c 100644 --- a/blogs/2019/07/06/new.html +++ b/blogs/2019/07/06/new.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@
- + \ No newline at end of file diff --git a/blogs/2019/07/06/ruby.html b/blogs/2019/07/06/ruby.html index 46b4ae7bc..b7e25c62c 100644 --- a/blogs/2019/07/06/ruby.html +++ b/blogs/2019/07/06/ruby.html @@ -12,7 +12,7 @@ - + @@ -21,7 +21,7 @@ of developer's productivity? Read about how one company did it for Ruby on Rails application in new article on mkdev.me blog: Dockerless, part 3: Moving development environment to containers with Podman.

- + \ No newline at end of file diff --git a/blogs/2019/07/29/new.html b/blogs/2019/07/29/new.html index 422876ab9..1088cd873 100644 --- a/blogs/2019/07/29/new.html +++ b/blogs/2019/07/29/new.html @@ -12,13 +12,13 @@ - +

Podman&#58; Linux containers made easy, part 3

· One min read

It's in German again, but a worthy read Podman: Linux containers made easy, part 3. Valentin Rothberg (@vrothberg) introduces Podman to the reader and talks about how it fits in the container eco-system. If your German is a little rusty, you may need to lean on Google Translate.

- + \ No newline at end of file diff --git a/blogs/2019/07/29/podman-made-easy3.html b/blogs/2019/07/29/podman-made-easy3.html index f2697f082..d899f7486 100644 --- a/blogs/2019/07/29/podman-made-easy3.html +++ b/blogs/2019/07/29/podman-made-easy3.html @@ -12,13 +12,13 @@ - +
- + \ No newline at end of file diff --git a/blogs/2019/08/08/new.html b/blogs/2019/08/08/new.html index ec4821d59..cf8b2af16 100644 --- a/blogs/2019/08/08/new.html +++ b/blogs/2019/08/08/new.html @@ -12,13 +12,13 @@ - +

Command Highlight&#58; podman images

· One min read

A quick asciinema demo highlighting what the podman images command can do. A great way to get quickly immersed with this command in just a few minutes time. Checkout the demo here and if you want to run the script yourself, it can be found here.

- + \ No newline at end of file diff --git a/blogs/2019/08/08/podman-images.html b/blogs/2019/08/08/podman-images.html index 00c12e09a..c1ce0a6a0 100644 --- a/blogs/2019/08/08/podman-images.html +++ b/blogs/2019/08/08/podman-images.html @@ -12,13 +12,13 @@ - +

Command Highlight&#58; podman images

· One min read

podman logo

Command Highlight: podman images

By Tom Sweeney GitHub

A quick asciinema demo highlighting what the podman images command can do. A great way to get quickly immersed with this command in just a few minutes time. Checkout the demo here and if you want to run the script yourself, it can be found here.

- + \ No newline at end of file diff --git a/blogs/2019/08/10/new.html b/blogs/2019/08/10/new.html index fcd1e694e..21e029261 100644 --- a/blogs/2019/08/10/new.html +++ b/blogs/2019/08/10/new.html @@ -12,13 +12,13 @@ - +

How templating works with Podman, Kubernetes, and Red Hat OpenShift

· One min read

Olaph Wagner has put together a nice introduction on How templating works with Podman, Kubernetes, and Red Hat OpenShift on the IBM Developer blog site. If you want to find out how to use Podman to create images that helps Red Hat OpenShift to make templates on the IBM Cloud(TM), then this is the article for you!

- + \ No newline at end of file diff --git a/blogs/2019/08/10/podman-ibm-developer.html b/blogs/2019/08/10/podman-ibm-developer.html index 90dd500fc..53a2a4637 100644 --- a/blogs/2019/08/10/podman-ibm-developer.html +++ b/blogs/2019/08/10/podman-ibm-developer.html @@ -12,14 +12,14 @@ - +

How templating works with Podman, Kubernetes, and Red Hat OpenShift

· One min read

podman logo

How templating works with Podman, Kubernetes, and Red Hat OpenShift

By Tom Sweeney GitHub

Olaph Wagner has put together a nice introduction on How templating works with Podman, Kubernetes, and Red Hat OpenShift on the IBM Developer blog site. If you want to find out how to use Podman to create images that helps Red Hat OpenShift to make templates on the IBM Cloud(TM), then this is the article for you!

- + \ No newline at end of file diff --git a/blogs/2019/08/14/new.html b/blogs/2019/08/14/new.html index 2c8c132ec..b39eb7d5b 100644 --- a/blogs/2019/08/14/new.html +++ b/blogs/2019/08/14/new.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2019/08/22/new.html b/blogs/2019/08/22/new.html index 9959fa6a9..b4460ed97 100644 --- a/blogs/2019/08/22/new.html +++ b/blogs/2019/08/22/new.html @@ -12,13 +12,13 @@ - +

Using the rootless containers Tech Preview in RHEL 8.0

· One min read

Scott McCarty has a blog post on the Red Hat Blog about Using the rootless containers Tech Preview in RHEL 8.0. Podman rootless containers has hit Tech Preview for RHEL 8.0 and Scott walks you through the setup necessary for rootless containers. Small hint, it's a short post because it's just that easy.

- + \ No newline at end of file diff --git a/blogs/2019/08/22/podman-tech-preview.html b/blogs/2019/08/22/podman-tech-preview.html index 6f337e7f8..a6f862237 100644 --- a/blogs/2019/08/22/podman-tech-preview.html +++ b/blogs/2019/08/22/podman-tech-preview.html @@ -12,13 +12,13 @@ - +

Using the rootless containers Tech Preview in RHEL 8.0

· One min read

podman logo

Using the rootless containers Tech Preview in RHEL 8.0

By Tom Sweeney GitHub

Scott McCarty has a blog post on the Red Hat Blog about Using the rootless containers Tech Preview in RHEL 8.0. Podman rootless containers has hit Tech Preview for RHEL 8.0 and Scott walks you through the setup necessary for rootless containers. Small hint, it's a short post because it's just that easy.

- + \ No newline at end of file diff --git a/blogs/2019/08/23/new.html b/blogs/2019/08/23/new.html index 28e309410..49c84a85a 100644 --- a/blogs/2019/08/23/new.html +++ b/blogs/2019/08/23/new.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2019/08/23/podman-en-espanol.html b/blogs/2019/08/23/podman-en-espanol.html index 18cee7cb2..5ea974afd 100644 --- a/blogs/2019/08/23/podman-en-espanol.html +++ b/blogs/2019/08/23/podman-en-espanol.html @@ -12,13 +12,13 @@ - +

Podman, contenedores sin Docker

· One min read

podman logo

Podman, contendores sin Docker

By Tom Sweeney GitHub

How's your espanol? If it's good or you want to work on it, checkout this video blog on YouTube from Iñigo Serrano Podman, contenedores sin Docker. In it Iñigo Serrano shows how to run Wildfly in a Podman container without Docker.

- + \ No newline at end of file diff --git a/blogs/2019/08/28/buildah-in-containers.html b/blogs/2019/08/28/buildah-in-containers.html index bda4d209a..2478091ad 100644 --- a/blogs/2019/08/28/buildah-in-containers.html +++ b/blogs/2019/08/28/buildah-in-containers.html @@ -12,13 +12,13 @@ - +

Best practices for running Buildah in a container

· One min read

podman logo

Best practices for running Buildah in a container

By Dan Walsh GitHub

Dan Walsh has recently posted a blog on the Red Hat Developer Blog, Best practices for running Buildah in a container. The post walks you through the balancing act of running a container securely using while keeping an eye on performance. A big boost to the performance side of things is the concept of "Additional Stores". Dan walks you through the use of those in this blog and then wraps it all up with an on-line video at the end.

- + \ No newline at end of file diff --git a/blogs/2019/08/28/new.html b/blogs/2019/08/28/new.html index 36ad6d05d..e62a0ced7 100644 --- a/blogs/2019/08/28/new.html +++ b/blogs/2019/08/28/new.html @@ -12,13 +12,13 @@ - +

Best practices for running Buildah in a container

· One min read

Dan Walsh has recently posted a blog on the Red Hat Developer Blog, Best practices for running Buildah in a container. The post walks you through the balancing act of running a container securely using Podman while keeping an eye on performance. A big boost to the performance side of things is the concept of "Additional Stores". Dan walks you through the use of those in this blog and then wraps it all up with an on-line video at the end.

- + \ No newline at end of file diff --git a/blogs/2019/09/11/new.html b/blogs/2019/09/11/new.html index e8023f884..d97f70631 100644 --- a/blogs/2019/09/11/new.html +++ b/blogs/2019/09/11/new.html @@ -12,13 +12,13 @@ - +

Why can’t rootless Podman pull my image?

· One min read

Matt Heon has a blog post on the Red Hat Enable Sysadmin site about Why can’t rootless Podman pull my image?. In the blog Matt discusses why restrictions on rootless containers can be inconvenient, but why they're necessary. In the blog Matt covers the use of user namespace and the allocations of uid and gid's that are required to make rootless containers work securely in your environment.

- + \ No newline at end of file diff --git a/blogs/2019/09/11/rootless-pulling.html b/blogs/2019/09/11/rootless-pulling.html index e2e71fa43..e5cf8d0b1 100644 --- a/blogs/2019/09/11/rootless-pulling.html +++ b/blogs/2019/09/11/rootless-pulling.html @@ -12,13 +12,13 @@ - +

Why can’t rootless Podman pull my image?

· One min read

podman logo

Why can’t rootless Podman pull my image?

By Matthew Heon GitHub

Matthew Heon has a blog post on the Red Hat Enable Sysadmin site about Why can’t rootless Podman pull my image?. In the blog Matt discusses why restrictions on rootless containers can be inconvenient, but why they're necessary. In the blog Matt covers the use of user namespace and the allocations of uid and gid's that are required to make rootless containers work securely in your environment.

- + \ No newline at end of file diff --git a/blogs/2019/09/25/new.html b/blogs/2019/09/25/new.html index 0680c2ad2..332c19e04 100644 --- a/blogs/2019/09/25/new.html +++ b/blogs/2019/09/25/new.html @@ -12,13 +12,13 @@ - +

Podman in HPC environments

· One min read

Adrian Reber talks all about the Message Passing Interface (MPI) in a High-Performance Computing (HPC) environment with the help of Podman here. Adrian provides a nice walk through of how he accomplished this and then explains each of his steps in great detail.

- + \ No newline at end of file diff --git a/blogs/2019/09/26/podman-in-hpc.html b/blogs/2019/09/26/podman-in-hpc.html index 5f156691e..7f572579e 100644 --- a/blogs/2019/09/26/podman-in-hpc.html +++ b/blogs/2019/09/26/podman-in-hpc.html @@ -12,7 +12,7 @@ - + @@ -54,7 +54,7 @@ this container image, Podman will do it before launching this container.

  • /home/ring

    The MPI program in the container which should be started.

  • Thanks to Podman's fork-exec model it is really simple to use it in combination with Open MPI as Open MPI will start Podman just as it would start the actual MPI application.

    - + \ No newline at end of file diff --git a/blogs/2019/10/02/container-networking.html b/blogs/2019/10/02/container-networking.html index 745f57144..106f42a4c 100644 --- a/blogs/2019/10/02/container-networking.html +++ b/blogs/2019/10/02/container-networking.html @@ -12,13 +12,13 @@ - +
    - + \ No newline at end of file diff --git a/blogs/2019/10/02/new.html b/blogs/2019/10/02/new.html index 38032a670..eb8450a0e 100644 --- a/blogs/2019/10/02/new.html +++ b/blogs/2019/10/02/new.html @@ -12,13 +12,13 @@ - +

    Configuring container networking with Podman

    · One min read

    Brent Baude has a blog post on the Red Hat Enable Sysadmin site about Configuring container networking with Podman. In the post Brent goes over how you can communicate between a container and the host, between containers in and out of a pod, while running as a root and as a non-root user.

    - + \ No newline at end of file diff --git a/blogs/2019/10/14/1-new.html b/blogs/2019/10/14/1-new.html index b8af683df..70426fe8e 100644 --- a/blogs/2019/10/14/1-new.html +++ b/blogs/2019/10/14/1-new.html @@ -12,13 +12,13 @@ - +

    Say “Hello” to Buildah, Podman, and Skopeo

    · One min read

    Saharsh Singh talks about how he's moved on from his Docker daemon and moved on to Podman, Buildah and Skopeo here on the Red Hat Service Blog site. Saharsh walks you through a history of container tools and then talks about Podman, Buildah and Skopeo with a lot of great examples.

    - + \ No newline at end of file diff --git a/blogs/2019/10/14/2-new.html b/blogs/2019/10/14/2-new.html index d4d252270..d4a2bde40 100644 --- a/blogs/2019/10/14/2-new.html +++ b/blogs/2019/10/14/2-new.html @@ -12,13 +12,13 @@ - +

    Here’s why podman is more secured than Docker – DevSecOps

    · One min read

    Ganesh Mani discusses why Podman is more secure than Docker here on the CLOUDNWEB site. Ganesh talks about why Podman's fork and execute model is more secure than Docker's client server model.

    - + \ No newline at end of file diff --git a/blogs/2019/10/14/SayHello.html b/blogs/2019/10/14/SayHello.html index 6b456e406..2e6ee57a6 100644 --- a/blogs/2019/10/14/SayHello.html +++ b/blogs/2019/10/14/SayHello.html @@ -12,13 +12,13 @@ - +

    Say “Hello” to Buildah, Podman, and Skopeo

    · One min read

    podman logo

    Say “Hello” to Buildah, Podman, and Skopeo

    By Tom Sweeney GitHub

    Saharsh Singh talks about how he's moved on from his Docker daemon and moved on to Podman, Buildah and Skopeo here on the Red Hat Service Blog site. Saharsh walks you through a history of container tools and then talks about Podman, Buildah and Skopeo with a lot of great examples.

    - + \ No newline at end of file diff --git a/blogs/2019/10/14/docker-vs-podman-security.html b/blogs/2019/10/14/docker-vs-podman-security.html index 1fd13973d..714a0ae9b 100644 --- a/blogs/2019/10/14/docker-vs-podman-security.html +++ b/blogs/2019/10/14/docker-vs-podman-security.html @@ -12,13 +12,13 @@ - +

    Here’s why podman is more secured than Docker – DevSecOps

    · One min read

    podman logo

    Here’s why podman is more secured than Docker – DevSecOps

    By Tom Sweeney GitHub

    Ganesh Mani discusses why Podman is more secure than Docker here on the CLOUDNWEB site. Ganesh talks about why Podman's fork and execute model is more secure than Docker's client server model.

    - + \ No newline at end of file diff --git a/blogs/2019/10/15/generate-seccomp-profiles.html b/blogs/2019/10/15/generate-seccomp-profiles.html index fc4a4e2ee..88a15981a 100644 --- a/blogs/2019/10/15/generate-seccomp-profiles.html +++ b/blogs/2019/10/15/generate-seccomp-profiles.html @@ -12,13 +12,13 @@ - +

    Generate SECCOMP Profiles for Containers Using Podman and eBPF

    · 11 min read

    podman logo

    Generate SECCOMP Profiles for Containers Using Podman and eBPF

    By Valentin Rothberg GitHub

    Containers run everywhere. They run in the cloud, they run on IoT devices, they run in small and in big companies and wherever they run, we want them to run as securely as possible. In this article, I describe the Google Summer of Code project that Divyansh Kamboj, Dan Walsh and I have been working on and how we improved the state of the art in securing containers, and how you can try it out.

    Background

    At DevConf.cz in early 2019, Dan Walsh and I were talking about container security and how we could improve the status quo in a user-friendly fashion. Among other things, we talked about seccomp, a widely used security feature of Linux. At its very core, seccomp allows for filtering the syscalls invoked by a process and can thereby be used to restrict which syscalls a given process is allowed to execute. Many software projects such as Android, Flatpak, Chrome and Firefox use seccomp to further tighten the security. One threat model seccomp protects against is the damage a malicious process can do. The fewer syscalls are available, the smaller is the attack surface. Hence, an attacker might gain control over some process of a web browser but seccomp will restrict the set of available syscalls to only those it needs. For instance, the syscalls needed for a rendering a website. The reduced attack surface can prevent the attacker from gaining control over the system. This makes seccomp a powerful security tool but while talking about it Dan and I quickly realized there is room for improvement.

    The tricky part of security is making it user friendly. A security mechanism should not turn into an annoyance or an obstacle. Otherwise some users will turn it off. Most container tools use a default seccomp filter which was initially written by Jesse Frazelle for Docker. This default filter found a balance between tightening the security while remaining portable to allow most workloads to run without receiving permission errors. The fact that this default filter is used by Docker, Podman, CRI-O, containerd and other tools on millions of deployments around the globe, shows its importance and impact. However, the default filter is pretty loose and it still allows more than 300 of the 435 syscalls on Linux 5.3 x86_64. The high number of available syscalls is essential to support as many containers as possible but according to Aqua Sec, most containers require only 40 to 70 syscalls. This means that the syscall attack surface of an average container could further be reduced by around 80 percent. But if we want to restrict more syscalls than the default filter, we face the problem of finding out which syscalls a container actually needs. That’s the problem we decided to work on and to ultimately come up with an open-source solution that users can easily use and integrate into their workflows.

    Dan and I started to philosophize about how we wanted to tackle the problem of finding out which syscalls a given container needs. Statically analyzing the code is theoretically optimal as we can determine the exact set of syscalls the program needs. But we quickly run into practical issues where corner cases cannot be covered and where users need a deep understanding of the code and certainly of the limitations of the individual analyzers. Such approaches are also programming-language specific and hence not generally applicable. All in all, static analysis does not provide the level of user friendliness and automation we wanted. Hence, we decided upon runtime analysis and proposed a project for Google Summer of Code under the umbrella of the Fedora project. The project proposal was to trace the processes running inside a container and to create a seccomp filter based on the set of recorded syscalls. The proposal was eventually accepted and we are thrilled how far we came thanks to Divyansh Kamboj who worked with us during this summer and who has turned into an active contributor to our github.com/containers projects.

    Tracing the syscalls of a container

    After some initial experiments with ptrace, we were looking for an alternative tracing mechanism. Ptrace has some considerable performance impacts that we were not willing to take, so Divyansh explored the idea of using audit logging of seccomp actions. Since Linux v4.14, the actions of seccomp filters can be recorded in the audit log. Using seccomp to create a new seccomp filter was tempting and the initial experiments have shown promising results until we started to run multiple containers in parallel. We could see and track which syscalls have been used but we could not figure out which process and hence which syscall belongs to which container. The Linux kernel community is currently debating to add an audit container ID which identifies a container in the logs but there is no consensus yet and we do not expect a solution in the near future. We had to find another solution.

    Eventually, we decided to use the extended Berkeley Packet Filter (eBPF) for tracing. eBPF allows for writing custom programs that can hook into various code paths in the kernel. These programs can be injected from user space into the kernel who interprets them in a special virtual machine. BPF was originally written to inspect networking packets directly in the kernel to achieve the lowest possible latency and best performance. Nowadays, with eBPF we can inspect many more aspects of the kernel. For our purpose, we hook into the sysenter tracepoint when entering the kernel from user space. This allows us to quickly inspect which syscalls are called by a given process. Although eBPF is fast, we still faced the aforementioned absence of a container concept in the kernel, so we had to find a way to know if a given process is part of the container we want to trace or not. We decided to identify a container by its PID namespace. If the PID namespace of the process we hit in our eBPF program corresponds to the container we are currently tracing, then we record the syscall. Ultimately, if a container creates a new PID namespace, we will not trace processes inside the new namespace and generate an inaccurate filter. But that is pretty much the only limitation.

    The OCI seccomp bpf hook

    We implemented the syscall tracer as an Open Container Initiative (OCI) runtime hook. OCI runtime hooks are called at different stages of the lifecycle of a container and are executed by OCI-compliant container runtimes, such as runc. Runc is used to spawn and run containers, and is the default runtime of Podman, containerd, Docker and many other tools. Our syscall-tracing hook runs at the prestart stage, where the init process of the container is created but not yet started. At this point, we can extract the PID namespace of the container, compile the eBPF program and start it. All this happens before the container is started, so we do not run into a race condition and avoid losing any early syscalls of the container. Once the eBPF program is running, we detach it from the hook and the container runtime can start the container. All source code is open source and can be downloaded from github.com/containers/oci-seccomp-bpf-hook. We are currently creating packages for Fedora and CentOS and hope to provide packages for more distributions in the near future. In the following, we go through a step-by-step example how the hook can be used in practice.

    Let’s first install Podman. Podman is a daemonless container engine for running containers and Pods and supports running rootless containers.

    $ sudo dnf install -y podman

    Next, we clone the git repository of the OCI seccomp bpf hook to compile and install it. Note that we need to install a few more packages in order to compile the hook.

    $ sudo dnf install -y bcc-devel bcc-tools git golang libseccomp-devel golang-github-cpuguy83-md2man make
    $ git clone https://github.com/containers/oci-seccomp-bpf-hook.git
    $ cd oci-seccomp-bpf-hook
    $ make binary
    $ PREFIX=/usr sudo make install

    Now, with the hook being installed we can use Podman to run a container and use the hook for tracing syscalls. eBPF requires root privileges so we cannot make use of Podman’s rootless support while tracing. However, we can use the generated seccomp profiles for running the workloads in a rootless container.

    $ sudo podman run --annotation io.containers.trace-syscall=of:/tmp/ls.json fedora:30 ls / > /dev/null

    In the upper example, we are running ls in a fedora:30 container. The annotation io.containers.trace-syscall is used to start our hook while its value expects a mandatory output file (short “of:”) that points to a path where we want the new seccomp filter to be written. In fact, the output file is a json file which is often referred to as a seccomp profile that container engines such as Podman and Docker will eventually parse and compile into a seccomp filter for the kernel. When inspecting the generated profile we will notice that there are more syscalls than ls executes. Those syscalls are the ones that runc invokes after having applied the seccomp profile and before starting the container, so they are essential to prevent us from getting permission errors when reusing the profile. However, we do not need to worry about that as the hook is clever enough to add these syscalls. Let’s run a few containers using the generated profile.

    $ sudo podman run --security-opt seccomp=/tmp/ls.json fedora:30 ls / > /dev/null
    $ sudo podman run --security-opt seccomp=/tmp/ls.json fedora:30 ls -l / > /dev/null
    ls: cannot access '/': Operation not permitted

    Maybe you are as surprised as we were when first running this very example. It seems that ls uses additional syscalls with the -l flag which instructs ls to use a more verbose listing format. This example shows a limitation of our approach since the quality and completeness of the generated seccomp profile depends on the exhaustiveness when tracing, and that’s clearly something to keep in mind when using the hook. To avoid rerunning everything from scratch, the hook allows for the specification of an additional input file. This input file serves as a baseline to which all traced syscalls are added. This way, we do not need to redundantly run all, potentially time-costly, previous workloads but can add new data on top. Let’s try this out and rerun ls -l.

    $ sudo podman run --annotation io.containers.trace-syscall=”if:/tmp/ls.json;of:/tmp/lsl.json” fedora:30 ls -l / > /dev/null

    As mentioned above, we need root privileges for running the eBPF hook. But now, as we have generated the new seccomp profile, we can use it for running the same workload in a rootless container.

    $ id -u
    1000
    $ podman run --security-opt seccomp=/tmp/lsl.json fedora:30 ls -l / > /dev/null

    When can I lock down my container?

    One of the issues with attempting to generate seccomp profiles this way is that we cannot always be sure of having crossed all code paths that the container can potentially run. But if we have fairly extensive tests we should be able to gather a substantial amount of the syscalls for running the container within our CI/CD system. Now when we put our container into production, we can continue tracing the syscalls in the new environment. For example, if you use Kubernetes you could send the annotation down to CRI-O and it would run the hook. Now, we can periodically check if the generated profile has changed over time. If we do not see new syscalls added for a given amount of time, we can feel confident to start using the profile. If a container using the profile gets blocked from using a syscall, the kernel will continue to report these in the audit.log which allows us to manually look for missing syscalls.

    Try it out!

    It was essential for us to base our work on open standards, which is why we decided to use the hooks specified in the OCI runtime specification. This way, our approach works with OCI compliant container runtimes such as runc or crun. Furthermore, we did not want to tie the tracing feature to a specific container engine. We wanted different tools such as Podman, Docker, CRI-O or containerd to be able to use the hook to encourage collaboration across different communities. Hence, we chose to use an OCI runtime annotation (i.e., io.containers.trace-syscall) to trigger the hook which is a generally supported feature.

    As a next step, feel free to generate your own seccomp profiles with the oci-seccomp-bpf-hook. We would love to have feedback and always welcome contributions.

    - + \ No newline at end of file diff --git a/blogs/2019/10/15/new.html b/blogs/2019/10/15/new.html index d024fe8fc..42695eaf1 100644 --- a/blogs/2019/10/15/new.html +++ b/blogs/2019/10/15/new.html @@ -12,13 +12,13 @@ - +

    Generate SECCOMP Profiles for Containers Using Podman and eBPF

    · One min read

    Valentin Rothberg checks in with the "Generate SECCOMP Profiles for Containers Using Podman and eBPF" blog here. In the article Valentin introduces the OCI seccomp hook which allows you to trace the syscalls of a container and then runs through a working example.

    - + \ No newline at end of file diff --git a/blogs/2019/10/23/Perona-PMM.html b/blogs/2019/10/23/Perona-PMM.html index 95f0e29d1..35128bcb3 100644 --- a/blogs/2019/10/23/Perona-PMM.html +++ b/blogs/2019/10/23/Perona-PMM.html @@ -12,13 +12,13 @@ - +

    PMM Server + podman&#58; Running a Container Without root Privileges

    · One min read

    podman logo

    PMM Server + podman: Running a Container Without root Privileges

    By Tom Sweeney GitHub

    Ceri Williams talks about how the Percona Monitoring and Management (PMM) can be run in a container using Podman without root privileges here. In the post Ceri talks about how Percona was able to replace Docker with Podman and Buildah and are able to run containers more securely by doing so.

    - + \ No newline at end of file diff --git a/blogs/2019/10/23/new.html b/blogs/2019/10/23/new.html index fc1f200a3..0a2bc990e 100644 --- a/blogs/2019/10/23/new.html +++ b/blogs/2019/10/23/new.html @@ -12,13 +12,13 @@ - +

    PMM Server + podman&#58; Running a Container Without root Privileges

    · One min read

    Ceri Williams talks about how the Percona Monitoring and Management (PMM) can be run in a container using Podman without root privileges here. In the post Ceri talks about how Percona was able to replace Docker with Podman and Buildah and are able to run containers more securely by doing so.

    - + \ No newline at end of file diff --git a/blogs/2019/10/28/new.html b/blogs/2019/10/28/new.html index 3834e97be..98979e23d 100644 --- a/blogs/2019/10/28/new.html +++ b/blogs/2019/10/28/new.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2019/10/28/podman-with-nfs.html b/blogs/2019/10/28/podman-with-nfs.html index 6e93e2e9e..2c9a7e19d 100644 --- a/blogs/2019/10/28/podman-with-nfs.html +++ b/blogs/2019/10/28/podman-with-nfs.html @@ -12,7 +12,7 @@ - + @@ -43,7 +43,7 @@ each host involved in the MPI job the specified container to /tmp/centos/containers.

    This enables me to use Podman in a even more HPC like environment where shared home directories are very common to share input and output data.

    - + \ No newline at end of file diff --git a/blogs/2019/10/29/new.html b/blogs/2019/10/29/new.html index 146073401..c4efff195 100644 --- a/blogs/2019/10/29/new.html +++ b/blogs/2019/10/29/new.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2019/10/29/podman-crun-f31.html b/blogs/2019/10/29/podman-crun-f31.html index cb69b4e90..cf5eb9a48 100644 --- a/blogs/2019/10/29/podman-crun-f31.html +++ b/blogs/2019/10/29/podman-crun-f31.html @@ -12,13 +12,13 @@ - +

    First Look&#58; Rootless Containers and cgroup v2 on Fedora 31

    · 8 min read

    podman logo

    First Look: Rootless Containers and cgroup v2 on Fedora 31

    By Tom Sweeney GitHub

    I often times stay up too late at night watching late night television and run into these crazy commercials that tell you how easy their product is to use. If you’ve stayed up too, you know them as well. Just put your chicken and veggies in our oven, press 3 buttons and 45 minutes later a perfectly cooked meal! Easy! Got a leak? Slap on this tape and no more leak! Easy! Got a messy floor, just use this sweeper and you’ve the cleanest floor in the neighborhood! Easy!

    Podman runs secure rootless containers and it really is easy! Trust me, I’m not like those other folks! As we’ve had a number of people asking us about what’s needed to set Podman rootless containers up, I decided to run through the process myself and to blog about the steps I took.

    The first bit of the work has to be done as either the root user or someone with root privileges. For this walkthrough I used the root user on the console and the first thing I did was to upgrade my Fedora 30 Virtual Machine (VM) to Fedora 31. If you want to install Fedora 31 directly, the beta version just became available at the time of this writing, you could do that instead. The steps to do the upgrade are:

    # dnf -y upgrade --refresh
    # dnf -y install dnf-plugin-system-upgrade
    # dnf -y system-upgrade download --releasever=31
    # dnf system-upgrade reboot

    After the machine finished rebooting, my VM was running Fedora 31 so now I needed to install Podman with dnf -y install podman. After that completes, verify that you have Podman Version 1.6.2 or higher.

    # podman version
    Version: 1.6.2
    RemoteAPI Version: 1
    Go Version: go1.13.1
    OS/Arch: linux/amd64

    Now I’m going to follow the steps in the Basic Setup and Use of Podman in a Rootless environments tutorial to do the configuration necessary to run rootless containers.

    Podman running rootless containers does have a few software dependencies. Most if not all of these should be installed for you on Fedora 31 by default, but just to verify I did:

    # dnf -y install slirp4netns fuse-overlayfs
    Last metadata expiration check: 0:02:26 ago on Sat 14 Sep 2019 07:56:03 PM EDT.
    Package slirp4netns-0.4.0-20.1.dev.gitbbd6f25.fc31.x86_64 is already installed.
    Package fuse-overlayfs-0.6.2-2.git67a4afe.fc31.x86_64 is already installed.
    Dependencies resolved.
    Nothing to do.
    Complete!

    Now the user namespaces need to be setup. Rootless Podman requires the user running it to have a range of UIDs and GIDs listed in the /etc/subuid and /etc/subgid files. These files control which UIDs and GIDs the user is allocated to use on the system. Depending upon how your user was first created, these files may already have entries in them for your user. If so, you don’t need to do anything else. If not, then you can edit either file directly, or you can use useradd to create the user and allocate entries in both files, or you can use the usermod command to allocate them for a preexisting user. In this example usermod has allocated the values from 10000 to 55537 for the local “tom” account to use in our system.

    # usermod -v 10000-65536 -w 10000-65536 tom

    # cat /etc/subuid
    tom:10000:55537

    # cat /etc/subgid
    tom:10000:55537

    If you have multiple users, you’ll need to be sure that the ranges that are assigned to them in either /etc/subuid or /etc/subgid don’t overlap or they could gain control of the other persons containers in that overlap.

    Now we’re done running with a privileged account. From here on out we can run as a non-privileged user, so I next opened up a new terminal and ssh’d into the host using the non-privileged ‘tom’ account:

    $ ssh tom@192.168.122.228
    tom@192.168.122.228's password:

    The first thing to do is to check for the crun command.

    # whereis crun
    crun: /usr/bin/crun /usr/share/man/man1/crun.1.gz

    The crun command is the runtime the allows for cgroup V2 support and is supplied starting with Fedora 31. Other container systems use the runc runtime. However, runc only supports cgroup V1. The cgroup kernel feature allows you to allocate resources such as CPU time, network bandwidth and system memory to a container. Version 1 of cgroup only supports containers that are run by root, while version 2 supports containers that are run by root or a non-privileged user.

    A few tweaks to the ‘tom’ account config files may be needed, in most cases these files will not need tweaking, but let’s verify them. The first up is libpod.conf and to get a default variant of that file, just run podman info first.

    $ podman info
    $ vi .config/containers/libpod.conf

    And if it’s not already set, set the runtime option in libpod.conf to “crun”.

    runtime = "crun"

    Then in .config/containers/storage.conf make sure the mount_program = “/usr/bin/fuse-overlayfs” line is uncommented.

    Just that easy, you’re ready to run Rootless Podman. See I told you I’m not like those other guys! Let’s try setting up a rootless container running httpd. Let’s create this Dockerfile in the local directory:

    $ cat Dockerfile
    FROM registry.access.redhat.com/ubi8/ubi:8.0

    MAINTAINER Podman Mailing List <podman@lists.podman.io>
    ENV DOCROOT=/var/www/html

    RUN yum --disableplugin=subscription-manager --nodocs -y install httpd \
    && yum --disableplugin=subscription-manager clean all \
    && echo "Hello from the httpd-parent container!" > ${DOCROOT}/index.html

    EXPOSE 80

    CMD httpd -D FOREGROUND

    And now build using it:

    $  podman build -t myhttp .
    STEP 1: FROM registry.access.redhat.com/ubi8/ubi:8.0
    Getting image source signatures
    Copying blob 641d7cc5cbc4 done
    Copying blob c65691897a4d done
    Copying config 11f9dba4d1 done
    Writing manifest to image destination
    Storing signatures
    STEP 2: MAINTAINER Podman Mailing List <podman@lists.podman.io>
    bed974e664909b511f14e2cc21a59642c81fd1d958db12d7ef8fdc1e74f3d364
    STEP 3: ENV DOCROOT=/var/www/html
    5eee83e1e640a4aa2c5f39caa11c3a24ec22e37f99633c2ee9912e8f65a5ff81
    STEP 4: RUN yum --disableplugin=subscription-manager --nodocs -y install httpd && yum --disableplugin=subscription-manager clean all && echo "Hello from the httpd-parent container!" > ${DOCROOT}/index.html
    Red Hat Universal Base Image 8 (RPMs) - AppStre 1.0 MB/s | 2.3 MB 00:02
    Red Hat Universal Base Image 8 (RPMs) - BaseOS 769 kB/s | 754 kB 00:00
    Dependencies resolved.
    {A number of normal yum output lines removed for brevity}
    Installed:
    httpd-2.4.37-12.module+el8.0.0+4096+eb40e6da.x86_64
    apr-util-openssl-1.6.1-6.el8.x86_64
    apr-util-bdb-1.6.1-6.el8.x86_64
    apr-1.6.3-9.el8.x86_64
    apr-util-1.6.1-6.el8.x86_64
    httpd-tools-2.4.37-12.module+el8.0.0+4096+eb40e6da.x86_64
    mod_http2-1.11.3-3.module+el8.0.0+4096+eb40e6da.x86_64
    httpd-filesystem-2.4.37-12.module+el8.0.0+4096+eb40e6da.noarch
    mailcap-2.1.48-3.el8.noarch
    redhat-logos-httpd-80.7-1.el8.noarch

    Complete!
    16 files removed
    45fcaaf719615e97190bf38aa9d8d06e5437f0e10741343fd318777647584d6f
    STEP 5: EXPOSE 80
    865abb5a809cb0ffbc63fef2def892595fe54cfeffc67013a0096a5f0fff4b27
    STEP 6: CMD httpd -D FOREGROUND
    STEP 7: COMMIT myhttp
    f8d0bf10faa0460a111283a51d95e94421d1a46a21bca7f6f43a762469504593

    Now to verify the myhttp image has been created:

    $ podman images
    REPOSITORY TAG IMAGE ID CREATED SIZE
    localhost/myhttp latest a76baf5989a3 2 minutes ago 236 MB
    registry.access.redhat.com/ubi8/ubi 8.0 11f9dba4d1bc 5 weeks ago 216 MB

    Let’s now run our container and check that the http server is responding:

    $ podman run --detach --name myhttp_ctr localhost/myhttp 30d8b54f63c5d2a8ecbe30b56546082e32e701a87c98df81ee0d2565ed33db72
    $ curl localhost
    curl: (7) Failed to connect to localhost port 80: Connection refused

    But wait! Why did the curl command fail rather than return our index.html output from our webserver? That’s because we’re running a rootless container and the user running this container doesn’t have the privilege to connect to the container host’s port 80 for the webserver. So how can we be certain that the webserver is up and running? First let’s see if the container is up:

    $ podman ps
    CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
    30d8b54f63c5 localhost/myhttp:latest /bin/sh -c httpd ... 3 minutes ago Up 3 minutes ago myhttp_ctr

    The container appears to be up and running. Let’s exec into it and see if we can resolve the web server from inside of the container:

    $ podman exec -it myhttp_ctr /bin/bash
    bash-4.4# curl localhost
    Hello from the httpd-parent container!

    We’ve made contact with our web server from within the container. Granted this is not the most useful example from a real world side of things. However, it does show how a rootless container is able to run while the administrator of the host can build a good secure separation from the rootless container. Rootless containers keep unprivileged users from running or controlling things they should not on the host.

    Setting up a host to run rootless containers using Podman is a relatively painless process. Out of the box the only thing that may need to be done is to add entries in the /etc/subuid and /etc/subgid files for users that will be running containers. That’s it! We did a little more checking on the files above, but that wasn’t required. Once the user has those entries created for them, they can run containers in their own space without controlling things on the host that they should not. It really is just that easy, and best yet, you didn’t even have to stay up late at night so you could call now “For just $19.99 we’ll give you rootless containers and if you sign up now, you can run them safely too!”. Instead, rootless containers are there and ready for your use starting in Podman v1.6.2 right now.

    - + \ No newline at end of file diff --git a/blogs/2019/10/31/cgroupv2.html b/blogs/2019/10/31/cgroupv2.html index e7004a653..aa03de0e2 100644 --- a/blogs/2019/10/31/cgroupv2.html +++ b/blogs/2019/10/31/cgroupv2.html @@ -12,13 +12,13 @@ - +

    The current adoption status of cgroup v2 in containers

    · One min read

    podman logo

    The current adoption status of cgroup v2 in containers

    By Tom Sweeney GitHub

    In case you missed Akihiro Suda's post on Medium.com, The current adoption status of cgroup v2 in containers, here's a quick link to it. In the article Akihiro talks all things cgroup v2 and what changes it promises to bring to the world of containers, and Podman is at the forefront of that change.

    - + \ No newline at end of file diff --git a/blogs/2019/10/31/new.html b/blogs/2019/10/31/new.html index ce6069ebc..774509c7b 100644 --- a/blogs/2019/10/31/new.html +++ b/blogs/2019/10/31/new.html @@ -12,13 +12,13 @@ - +

    The current adoption status of cgroup v2 in containers

    · One min read

    In case you missed Akihiro Suda's post on Medium.com, The current adoption status of cgroup v2 in containers, here's a quick link to it. In the article Akihiro talks all things cgroup v2 and what changes it promises to bring to the world of containers, and Podman is at the forefront of that change.

    - + \ No newline at end of file diff --git a/blogs/2019/11/05/docker2podman.html b/blogs/2019/11/05/docker2podman.html index 3874032b8..a30ffc3bf 100644 --- a/blogs/2019/11/05/docker2podman.html +++ b/blogs/2019/11/05/docker2podman.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2019/11/05/new.html b/blogs/2019/11/05/new.html index 344a21f42..0cbd94f55 100644 --- a/blogs/2019/11/05/new.html +++ b/blogs/2019/11/05/new.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2019/11/07/basic-security-principles.html b/blogs/2019/11/07/basic-security-principles.html index a1b49d6f7..28a32210c 100644 --- a/blogs/2019/11/07/basic-security-principles.html +++ b/blogs/2019/11/07/basic-security-principles.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2019/11/07/new.html b/blogs/2019/11/07/new.html index 62a7b9d67..3e67a2ffa 100644 --- a/blogs/2019/11/07/new.html +++ b/blogs/2019/11/07/new.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2019/11/08/build-ctrs-with-open-tools.html b/blogs/2019/11/08/build-ctrs-with-open-tools.html index 0d2db5507..b4228cde3 100644 --- a/blogs/2019/11/08/build-ctrs-with-open-tools.html +++ b/blogs/2019/11/08/build-ctrs-with-open-tools.html @@ -12,13 +12,13 @@ - +

    Building freely distributed containers with open tools

    · One min read

    podman logo

    Building freely distributed containers with open tools

    By Tom Sweeney GitHub

    Scott McCarty (@fatherlinux) has an amazing video on YouTube about Building freely distributed containers with open tools. As only Scott could say "Although explaining how to ride a Tron-style light cycle is beyond the scope of this tutorial, we will discuss something almost as exhilarating—building containers with #Podman and #RedHat Universal Base Image (UBI). We will cover how to build and run #containers based on #UBI using just your regular user account—no daemon, no root (rootless), no fuss. Finally, we will order the deresolution of all of our containers with a really cool command. You probably won’t be promoted to CEO of ENCOM after this talk, but you will have new tools in your toolbelt for how to find, run, build, and share container images."

    - + \ No newline at end of file diff --git a/blogs/2019/11/08/new.html b/blogs/2019/11/08/new.html index 890395819..a36a4f1bb 100644 --- a/blogs/2019/11/08/new.html +++ b/blogs/2019/11/08/new.html @@ -12,13 +12,13 @@ - +

    Building freely distributed containers with open tools

    · One min read

    Scott McCarty (@fatherlinux) has an amazing video on YouTube about Building freely distributed containers with open tools. As only Scott could say "Although explaining how to ride a Tron-style light cycle is beyond the scope of this tutorial, we will discuss something almost as exhilarating—building containers with #Podman and #RedHat Universal Base Image (UBI). We will cover how to build and run #containers based on #UBI using just your regular user account—no daemon, no root (rootless), no fuss. Finally, we will order the deresolution of all of our containers with a really cool command. You probably won’t be promoted to CEO of ENCOM after this talk, but you will have new tools in your toolbelt for how to find, run, build, and share container images."

    - + \ No newline at end of file diff --git a/blogs/2019/11/12/F31-Control-Group-v2.html b/blogs/2019/11/12/F31-Control-Group-v2.html index 339394a2e..8a4630a29 100644 --- a/blogs/2019/11/12/F31-Control-Group-v2.html +++ b/blogs/2019/11/12/F31-Control-Group-v2.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2019/11/12/new.html b/blogs/2019/11/12/new.html index b0f3319de..ef82fbb76 100644 --- a/blogs/2019/11/12/new.html +++ b/blogs/2019/11/12/new.html @@ -12,13 +12,13 @@ - +

    Fedora 31 and Control Group v2

    · One min read

    Dan Walsh has another blog post on the Red Hat Enable Sysadmin site this time about Fedora 31 and Control Group v2. In the post Dan talks about the new version of control groups that is part of the Fedora 31 release and how it makes containers even more secure.

    - + \ No newline at end of file diff --git a/blogs/2019/11/13/lease-routable-ip-addrs.html b/blogs/2019/11/13/lease-routable-ip-addrs.html index 7df9084e0..4d07aa6ca 100644 --- a/blogs/2019/11/13/lease-routable-ip-addrs.html +++ b/blogs/2019/11/13/lease-routable-ip-addrs.html @@ -12,13 +12,13 @@ - +

    Leasing routable IP addresses with Podman containers

    · One min read

    podman logo

    Leasing routable IP addresses with Podman containers

    By Brent Baude GitHub

    Brent Baude has another blog post on the Red Hat Enable Sysadmin site this time about Leasing routable IP addresses with Podman containers. In the post Brent talks about using the macvlan and the dhcp plugins that ship with the container-networking project in order to lease ip addresses for your containers.

    - + \ No newline at end of file diff --git a/blogs/2019/11/13/new.html b/blogs/2019/11/13/new.html index 10bb71e3e..c9598ca58 100644 --- a/blogs/2019/11/13/new.html +++ b/blogs/2019/11/13/new.html @@ -12,13 +12,13 @@ - +

    Leasing routable IP addresses with Podman containers

    · One min read

    Brent Baude has another blog post on the Red Hat Enable Sysadmin site this time about Leasing routable IP addresses with Podman containers. In the post Brent talks about using the macvlan and the dhcp plugins that ship with the container-networking project in order to lease ip addresses for your containers.

    - + \ No newline at end of file diff --git a/blogs/2019/11/20/new.html b/blogs/2019/11/20/new.html index 7f6c1b05e..cf8ad660a 100644 --- a/blogs/2019/11/20/new.html +++ b/blogs/2019/11/20/new.html @@ -12,13 +12,13 @@ - +

    How To Install Podman on Debian

    · One min read

    Josphat Mutai posted a blog post on the Computing for Geeks site talking about How To Install Podman on Debian. In the post Josphat walks through all the steps necessary from 'A' to 'Z' to get Podman up and running on Debian and how to do some initial Podman commands.

    - + \ No newline at end of file diff --git a/blogs/2019/11/20/run-podman-on-debian.html b/blogs/2019/11/20/run-podman-on-debian.html index 44746e381..985c1463a 100644 --- a/blogs/2019/11/20/run-podman-on-debian.html +++ b/blogs/2019/11/20/run-podman-on-debian.html @@ -12,13 +12,13 @@ - +
    - + \ No newline at end of file diff --git a/blogs/2019/11/26/new.html b/blogs/2019/11/26/new.html index a5408bbf0..773262fe9 100644 --- a/blogs/2019/11/26/new.html +++ b/blogs/2019/11/26/new.html @@ -12,13 +12,13 @@ - +

    Rootless Podman and NFS

    · One min read

    Dan Walsh has another blog post on the Red Hat Enable Sysadmin site this time about Rootless Podman and NFS. In the post Dan talks about how you can make some minor configuration changes to allow Podman to use a user's home directory on an NFS share. Give it a read!

    - + \ No newline at end of file diff --git a/blogs/2019/11/26/rootless-podman-and-nfs.html b/blogs/2019/11/26/rootless-podman-and-nfs.html index 5ecf9b4e2..cb7f0bd78 100644 --- a/blogs/2019/11/26/rootless-podman-and-nfs.html +++ b/blogs/2019/11/26/rootless-podman-and-nfs.html @@ -12,13 +12,13 @@ - +
    - + \ No newline at end of file diff --git a/blogs/2019/12/11/new.html b/blogs/2019/12/11/new.html index 2b796f4bf..0731d4f9e 100644 --- a/blogs/2019/12/11/new.html +++ b/blogs/2019/12/11/new.html @@ -12,13 +12,13 @@ - +

    Understanding root inside and outside a container

    · One min read

    Do you run containers as root, or as a regular user? Scott McCarty has a blog post on the Red Hat Blog about this very subject, Understanding root inside and outside a container. In the post Scott walks you through what a rootless container does and how it can be a safer alternative to a container run by root.

    - + \ No newline at end of file diff --git a/blogs/2019/12/11/understanding-root.html b/blogs/2019/12/11/understanding-root.html index 0e02c92ff..7c6d09a02 100644 --- a/blogs/2019/12/11/understanding-root.html +++ b/blogs/2019/12/11/understanding-root.html @@ -12,13 +12,13 @@ - +

    Understanding root inside and outside a container

    · One min read

    podman logo

    Understanding root inside and outside a container

    By Tom Sweeney GitHub

    Do you run containers as root, or as a regular user? Scott McCarty has a blog post on the Red Hat Blog about this very subject, Understanding root inside and outside a container. In the post Scott walks you through what a rootless container does and how it can be a safer alternative to a container run by root.

    - + \ No newline at end of file diff --git a/blogs/2019/12/14/new.html b/blogs/2019/12/14/new.html index 3dad87247..18a4e4651 100644 --- a/blogs/2019/12/14/new.html +++ b/blogs/2019/12/14/new.html @@ -12,13 +12,13 @@ - +

    Working with Linux containers on RHEL 8 with Podman, image builder and web console

    · One min read

    Do you want to know how to setup RHEL 8 to run containers using Podman? Xuegang Jin has a blog post on the Red Hat Blog about this very subject, Working with Linux containers on RHEL 8 with Podman, image builder and web console. In the post Xuegang shows you how you can use Image Builder to create an OS image, how to run containers with Podman, and how to check the host and containers performance using Web Console.

    - + \ No newline at end of file diff --git a/blogs/2019/12/14/rhel8-podman.html b/blogs/2019/12/14/rhel8-podman.html index eab6263e6..9a6ef3029 100644 --- a/blogs/2019/12/14/rhel8-podman.html +++ b/blogs/2019/12/14/rhel8-podman.html @@ -12,13 +12,13 @@ - +

    Working with Linux containers on RHEL 8 with Podman, image builder and web console

    · One min read

    podman logo

    Working with Linux containers on RHEL 8 with Podman, image builder and web console

    By Tom Sweeney GitHub

    Do you want to know how to setup RHEL 8 to run containers using Podman? Xuegang Jin has a blog post on the Red Hat Blog about this very subject, Working with Linux containers on RHEL 8 with Podman, image builder and web console. In the post Xuegang explains how you can use Image Builder to create an OS image, how to run containers with Podman, and how to check the host and containers performance using Web Console.

    - + \ No newline at end of file diff --git a/blogs/2019/12/17/new.html b/blogs/2019/12/17/new.html index 8fb97a281..709671cf1 100644 --- a/blogs/2019/12/17/new.html +++ b/blogs/2019/12/17/new.html @@ -12,13 +12,13 @@ - +

    Running containers with Podman and shareable systemd services

    · One min read

    Podman version 1.7 is coming out soon and will include new features that will make management of containers with systemd services even easier. Valentin Rothberg has a blog post on the Red Hat Enable Sysadmin site that previews the features: Running containers with Podman and shareable systemd services. In the post Valentin goes over the highlights and then gives a great working example.

    - + \ No newline at end of file diff --git a/blogs/2019/12/17/podman-systemd-1-7.html b/blogs/2019/12/17/podman-systemd-1-7.html index 87d163440..fee53ed28 100644 --- a/blogs/2019/12/17/podman-systemd-1-7.html +++ b/blogs/2019/12/17/podman-systemd-1-7.html @@ -12,13 +12,13 @@ - +

    Running containers with Podman and shareable systemd services

    · One min read

    podman logo

    Running containers with Podman and shareable systemd services

    By Bryan Hepworth GitHub

    Podman version 1.7 is coming out soon and will include new features that will make management of containers with systemd services even easier. Valentin Rothberg has a blog post on the Red Hat Enable Sysadmin site that previews the features: Running containers with Podman and shareable systemd services. In the post Valentin goes over the highlights and then gives a great working example.

    - + \ No newline at end of file diff --git a/blogs/2020/01/15/bioinformatics-with-rootless-podman.html b/blogs/2020/01/15/bioinformatics-with-rootless-podman.html index eeb001bfe..c9c170beb 100644 --- a/blogs/2020/01/15/bioinformatics-with-rootless-podman.html +++ b/blogs/2020/01/15/bioinformatics-with-rootless-podman.html @@ -12,7 +12,7 @@ - + @@ -23,7 +23,7 @@ I found that Podman is very easy to interact with and created a Dockerfile. This is a list of commands in a text file that controls what gets installed. Create a new directory - in this case whatshap, to put the Dockerfile in:

    [nbh23@colombo whatshap]$ cat Dockerfile
    FROM registry.access.redhat.com/ubi8/ubi
    RUN yum -y update \
    && yum -y install python3 \
    && yum -y install make \
    && yum -y install gcc \
    && yum -y install redhat-rpm-config \
    && yum -y install zlib-devel \
    && yum -y install bzip2-devel \
    && yum -y install xz-devel \
    && yum -y install python3-devel \
    && yum clean all
    RUN pip3 install pysam && pip3 install whatshap

    Then we build the container image - from within the whatshap directory run:

    podman build -t whatshap .

    Notice the '.' at the end, that's important!

    You'll see the container image start to build, with notifications of where it's at. If all goes to plan you will then finally see notification that it's completed:

    STEP 4: COMMIT whatshap
    d523727fc6c297086e84e7ec99f62e8f5e6d093d9decb1b58ee8a4205d46b3dd

    We can then check it works:

    [nbh23@colombo whatshap]$ podman run -it whatshap
    [root@ac05564bd51b /]# whatshap -h
    usage: whatshap [-h] [--version] [--debug]
    {phase,stats,compare,hapcut2vcf,unphase,haplotag,genotype} ...

    positional arguments:
    {phase,stats,compare,hapcut2vcf,unphase,haplotag,genotype}
    phase Phase variants in a VCF with the WhatsHap algorithm
    stats Print phasing statistics of a single VCF file
    compare Compare two or more phasings
    hapcut2vcf Convert hapCUT output format to VCF
    unphase Remove phasing information from a VCF file
    haplotag Tag reads by haplotype
    genotype Genotype variants

    optional arguments:
    -h, --help show this help message and exit
    --version show program's version number and exit
    --debug Print debug messages
    [root@ac05564bd51b /]#

    Which all looks good - we now have our container image and can re-run that to do our whatshap analysis.

    All well and good, but what happens about storage of that analysis?

    We can add that to our Podman command, if we have a directory called data in /home we can map that as follows:

    podman run -v /home/nbh23/data:/home/nbh23:z -it whatshap

    The nice thing is that the UID and GID for files created this way all match up. The trailing :z makes selinux happy :-)

    [nbh23@colombo whatshap]$ podman run -v /home/nbh23/data:/home/nbh23:z -it whatshap
    [root@fef561d523b8 /]# ls
    bin boot dev etc home lib lib64 lost+found media mnt opt proc root run sbin srv sys tmp usr var
    [root@fef561d523b8 /]# cd /home
    [root@fef561d523b8 home]# ls
    nbh23
    [root@fef561d523b8 home]# cd nbh23
    [root@fef561d523b8 nbh23]# touch testfile
    [root@fef561d523b8 nbh23]# ls -la
    total 0
    drwxrwxr-x. 2 root root 22 Jan 21 09:09 .
    drwxr-xr-x. 3 root root 19 Jan 21 09:09 ..
    -rw-r--r--. 1 root root 0 Jan 21 09:09 testfile
    [root@fef561d523b8 nbh23]# exit
    [nbh23@colombo ~]$ ls
    Containers data Desktop Documents Downloads Music Pictures Public Templates Videos
    [nbh23@colombo ~]$ cd data
    [nbh23@colombo data]$ ls -la
    total 4
    drwxrwxr-x. 2 nbh23 nbh23 22 Jan 21 09:09 .
    drwx------. 17 nbh23 nbh23 4096 Jan 21 09:07 ..
    -rw-r--r--. 1 nbh23 nbh23 0 Jan 21 09:09 testfile
    [nbh23@colombo data]$

    One of the things I discovered whilst creating a more complex container image was that you can start the existing image into a bash session, doing the manipulation that you require, and then use the Podman commit command to write those changes. For example using our whatshap container image we can run it as follows:

    [nbh23@colombo data]$ podman run -it whatshap bash
    [root@73c4742e4724 /]#

    We can then make our alterations, and from another session commit those changes:

    [nbh23@colombo ~]$ podman commit 73c4742e4724 whatshap-altered
    Getting image source signatures
    Copying blob c630f5c3e169 skipped: already exists
    Copying blob 4bd7408cc1c8 skipped: already exists
    Copying blob 1383f0e3c813 skipped: already exists
    Copying blob a2ff5e229058 skipped: already exists
    Copying blob b75bf3e68dab done
    Copying config 931b7f5302 done
    Writing manifest to image destination
    Storing signatures
    931b7f5302af9965bff14e460c19ff9e756d74095940c6d85e63f929006c35f0
    [nbh23@colombo ~]$

    Then do podman image list to see what we have:

    [nbh23@colombo ~]$ podman image list
    REPOSITORY TAG IMAGE ID CREATED SIZE
    localhost/whatshap-altered latest 931b7f5302af About a minute ago 545 MB
    localhost/whatshap latest d523727fc6c2 3 days ago 545 MB
    registry.access.redhat.com/ubi8/ubi latest 096cae65a207 5 weeks ago 239
    [nbh23@colombo ~]$

    You can make multiple changes to your original container image until you are satisfied that it's working as you'd like.

    This has covered command line container image creation and usage, I'll be creating another blog post detailing graphical interactive containers as i'm aware that there are various interactive visual programs to cover too.

    Feel free to contact me with any ideas or suggestions / questions.

    - + \ No newline at end of file diff --git a/blogs/2020/01/15/new.html b/blogs/2020/01/15/new.html index 7a74fc595..cfa512199 100644 --- a/blogs/2020/01/15/new.html +++ b/blogs/2020/01/15/new.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2020/01/17/new.html b/blogs/2020/01/17/new.html index b37009514..91359c862 100644 --- a/blogs/2020/01/17/new.html +++ b/blogs/2020/01/17/new.html @@ -12,13 +12,13 @@ - +

    New API coming for Podman

    · One min read

    The new API for Podman, referred to as apiv2, has been merged into the libpod repository. It's a simpler REST API that's more compatible with Docker implementations than the varlink protocol that's currently in use. For more details, see this release announcement by Brent Baude.

    - + \ No newline at end of file diff --git a/blogs/2020/01/17/podman-new-api.html b/blogs/2020/01/17/podman-new-api.html index 526ece923..b99497a47 100644 --- a/blogs/2020/01/17/podman-new-api.html +++ b/blogs/2020/01/17/podman-new-api.html @@ -12,13 +12,13 @@ - +

    New API coming for Podman

    · 3 min read

    podman logo

    By Brent Baude GitHub

    If you follow the traffic on IRC (#podman on libera.chat) or GitHub from the developers of libpod, you might have seen us referencing a new API. We often referred to it as apiv2 and for about a month, there has been an 'apiv2' branch for libpod on GitHub. This week, we have begun to merge that branch but have yet to “wire it up.”

    First and foremost, the Golang libpod API remains largely unchanged. What is changing is the API we expose for automation and remote usage. Our previous API was based on the varlink protocol. But we heard from users that varlink was a hurdle for libpod adoption especially for those who were using the Docker API and its bindings. They simply could not or did not want to rewrite their custom applications for libpod’s new, varlink-based API.

    The new API is a simpler implementation based on HTTP/REST. We provide two basic groups of endpoints. The first one is for libpod; the second is for Docker compatibility, to ease adoption. The two endpoints are namespaced to keep them separate. Our goal with implementing a portion of the Docker API, is to be as compatible as possible; while similar calls in the libpod API might bring back additional libpod specific information.

    While these two endpoints work similarly, there are important and somewhat nuanced differences. The Docker API endpoint is useful for existing automation tied to that API and potentially tools like docker-compose.

    Example

    If you wanted a list of images with the libpod endpoint, you would use the following endpoint:

    <endpoint_base_url>/libpod/images/json

    And if you wanted a list of images but in docker-compatibility, you would use:

    <endpoint_base_url>/images/json

    In our proof of concepts, we have tested our endpoint with the docker-py project. There are of course subtle differences which we are still working on. And there are compatibility endpoints that we can not support like swarm which Podman does not support.

    We are working on a set of Golang bindings for the libpod endpoints. Eventually these bindings will be used to rewire our remote client. The rewire begins after all the libpod endpoints are working and have tests. We plan on working with the upstream community on podman-python support for the new libpod API, enabling python developers fully support for using podman containers.

    As for the existing varlink code, it has been in maintenance mode already. We will continue to address bugs but no new functionality will be developed. Once the new API is fully implemented, we plan to make a deprecation announcement.

    We are hopeful these changes help our users and larger community. We hope that the new API helps encourage contributors to help us complete the API as well as write bindings. Look for more information in the near future including status updates as well as how-tos.

    - + \ No newline at end of file diff --git a/blogs/2020/01/22/blog-posts.html b/blogs/2020/01/22/blog-posts.html index 929b14c2c..7831d37b0 100644 --- a/blogs/2020/01/22/blog-posts.html +++ b/blogs/2020/01/22/blog-posts.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2020/01/22/new.html b/blogs/2020/01/22/new.html index fecf52878..89c3dc70b 100644 --- a/blogs/2020/01/22/new.html +++ b/blogs/2020/01/22/new.html @@ -12,13 +12,13 @@ - +

    Blog posts from the Web

    · One min read

    A number of blog posts were posted over the past month and given the holiday crunch, we didn't get them listed on the site. So as a catch up, checkout the Blog posts on the Web blog which has a number of links on it to those great articles and videos.

    - + \ No newline at end of file diff --git a/blogs/2020/01/30/new.html b/blogs/2020/01/30/new.html index a9d28aed2..87b020326 100644 --- a/blogs/2020/01/30/new.html +++ b/blogs/2020/01/30/new.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2020/01/30/podman-wsl.html b/blogs/2020/01/30/podman-wsl.html index 74009b8e2..0774ed868 100644 --- a/blogs/2020/01/30/podman-wsl.html +++ b/blogs/2020/01/30/podman-wsl.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2020/02/06/deploy-pod-on-centos.html b/blogs/2020/02/06/deploy-pod-on-centos.html index 52f221498..5a99f12b3 100644 --- a/blogs/2020/02/06/deploy-pod-on-centos.html +++ b/blogs/2020/02/06/deploy-pod-on-centos.html @@ -12,13 +12,13 @@ - +
    - + \ No newline at end of file diff --git a/blogs/2020/02/06/new.html b/blogs/2020/02/06/new.html index 70dd2fd08..2b375b8ea 100644 --- a/blogs/2020/02/06/new.html +++ b/blogs/2020/02/06/new.html @@ -12,13 +12,13 @@ - +

    Deploy a Pod on CentOS with Podman

    · One min read

    Jack Wallen has a blog post on the THENEWSTACK site with a great introduction on how to Deploy a Pod on CentOS with Podman. In the post, Jack talks about how Podman fits in the Red Hat ecosystem and then walks you through the fundamentals of creating and running a pod using Podman.

    - + \ No newline at end of file diff --git a/blogs/2020/02/07/new.html b/blogs/2020/02/07/new.html index 9a2f733d6..08b214aae 100644 --- a/blogs/2020/02/07/new.html +++ b/blogs/2020/02/07/new.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2020/02/07/secure-containers.html b/blogs/2020/02/07/secure-containers.html index 1dafda364..50e7cda15 100644 --- a/blogs/2020/02/07/secure-containers.html +++ b/blogs/2020/02/07/secure-containers.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2020/03/02/building-with-podman-and-buildah.html b/blogs/2020/03/02/building-with-podman-and-buildah.html index a413fb613..7aed2668b 100644 --- a/blogs/2020/03/02/building-with-podman-and-buildah.html +++ b/blogs/2020/03/02/building-with-podman-and-buildah.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2020/03/02/new.html b/blogs/2020/03/02/new.html index e42baa00c..b05134391 100644 --- a/blogs/2020/03/02/new.html +++ b/blogs/2020/03/02/new.html @@ -12,13 +12,13 @@ - +

    Building Container Images with Podman and Buildah

    · One min read

    We were just pointed to this post Building Container Images with Podman and Buildah by Puja Abbassi on the Giant Swarm site. In the article Puja goes over how Podman and Buildah handle daemonless and rootless building processes. A tardy link on this site, but worth a read!

    - + \ No newline at end of file diff --git a/blogs/2020/03/03/behind-the-covers.html b/blogs/2020/03/03/behind-the-covers.html index a6cb5f255..b2f34ed23 100644 --- a/blogs/2020/03/03/behind-the-covers.html +++ b/blogs/2020/03/03/behind-the-covers.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2020/03/03/new.html b/blogs/2020/03/03/new.html index cb5ac2074..3443477fb 100644 --- a/blogs/2020/03/03/new.html +++ b/blogs/2020/03/03/new.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2020/03/13/image-signing.html b/blogs/2020/03/13/image-signing.html index fcca4732d..23fde05f8 100644 --- a/blogs/2020/03/13/image-signing.html +++ b/blogs/2020/03/13/image-signing.html @@ -12,7 +12,7 @@ - + @@ -22,7 +22,7 @@ Signing container images is nothing magical and can drastically enhance security to mitigate man-in-the-middle (MITM) attacks. Read all about it here.

    - + \ No newline at end of file diff --git a/blogs/2020/03/31/build-pull-options.html b/blogs/2020/03/31/build-pull-options.html index 3a68ce827..c14e9d03a 100644 --- a/blogs/2020/03/31/build-pull-options.html +++ b/blogs/2020/03/31/build-pull-options.html @@ -12,13 +12,13 @@ - +

    Pulling podman images from a container repository

    · One min read

    podman logo

    Pulling podman images from a container repository

    By Tom Sweeney GitHub

    Tom Sweeney has another blog post on the Red Hat Enable Sysadmin site this time he's writing about Pulling podman images from a container repository. Learn the different varieties of pull that the podman build command can use to speed up or further secure your environment in this post.

    - + \ No newline at end of file diff --git a/blogs/2020/03/31/new.html b/blogs/2020/03/31/new.html index ddbb6b27f..bbf1062dd 100644 --- a/blogs/2020/03/31/new.html +++ b/blogs/2020/03/31/new.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2020/04/04/convert-docker-compose-to-pods.html b/blogs/2020/04/04/convert-docker-compose-to-pods.html index c4a1d40c2..faaf13f32 100644 --- a/blogs/2020/04/04/convert-docker-compose-to-pods.html +++ b/blogs/2020/04/04/convert-docker-compose-to-pods.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2020/04/04/new.html b/blogs/2020/04/04/new.html index 1d1a42004..0117cc058 100644 --- a/blogs/2020/04/04/new.html +++ b/blogs/2020/04/04/new.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2020/04/05/managing-podman-pods-with-pods-compose.html b/blogs/2020/04/05/managing-podman-pods-with-pods-compose.html index bff08e812..dedff4f22 100644 --- a/blogs/2020/04/05/managing-podman-pods-with-pods-compose.html +++ b/blogs/2020/04/05/managing-podman-pods-with-pods-compose.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2020/04/05/new.html b/blogs/2020/04/05/new.html index bed77a5b4..93a6c675b 100644 --- a/blogs/2020/04/05/new.html +++ b/blogs/2020/04/05/new.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2020/04/14/new.html b/blogs/2020/04/14/new.html index 83d0a46c0..38f265768 100644 --- a/blogs/2020/04/14/new.html +++ b/blogs/2020/04/14/new.html @@ -12,13 +12,13 @@ - +

    Dockerless&#58; Build and Run Containers with Podman and systemd

    · One min read

    In this video, Kirill Shirinkin will show how to use Podman to build container images and run Java applications in containers with systemd. We are going to learn why we should at least try alternatives to Docker, how container runtime landscape changed and how Podman is different and in certain ways better than Docker. Watch now.

    - + \ No newline at end of file diff --git a/blogs/2020/04/14/podman-systemd.html b/blogs/2020/04/14/podman-systemd.html index 8c12e3f89..5bfd2e082 100644 --- a/blogs/2020/04/14/podman-systemd.html +++ b/blogs/2020/04/14/podman-systemd.html @@ -12,13 +12,13 @@ - +

    Dockerless&#58; Build and Run Containers with Podman and systemd

    · One min read

    podman logo

    Dockerless: Build and Run Containers with Podman and systemd

    By Kirill Shirinkin GitHub

    In this video, Kirill Shirinkin will show how to use Podman to build container images and run Java applications in containers with systemd.

    We are going to learn why we should at least try alternatives to Docker, how container runtime landscape changed and how Podman is different and in certain ways better than Docker.

    Watch now.

    - + \ No newline at end of file diff --git a/blogs/2020/04/16/new.html b/blogs/2020/04/16/new.html index b1a9b2ea8..ca5867ea4 100644 --- a/blogs/2020/04/16/new.html +++ b/blogs/2020/04/16/new.html @@ -12,7 +12,7 @@ - + @@ -21,7 +21,7 @@ the upstream commands may become unstable for a period of time until the final release is completed. More details in the announcement post.

    - + \ No newline at end of file diff --git a/blogs/2020/04/16/podman-v2-announce.html b/blogs/2020/04/16/podman-v2-announce.html index 1825b9e65..99c1e4305 100644 --- a/blogs/2020/04/16/podman-v2-announce.html +++ b/blogs/2020/04/16/podman-v2-announce.html @@ -12,7 +12,7 @@ - + @@ -39,7 +39,7 @@ advancements that Podman v2.x will give our users. Subsequent blog posts will be written on those advancements and why they matter to our users.

    - + \ No newline at end of file diff --git a/blogs/2020/04/17/new.html b/blogs/2020/04/17/new.html index 6bacf6a2f..e33b3d103 100644 --- a/blogs/2020/04/17/new.html +++ b/blogs/2020/04/17/new.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2020/05/06/new.html b/blogs/2020/05/06/new.html index 7aacc9892..279d513e4 100644 --- a/blogs/2020/05/06/new.html +++ b/blogs/2020/05/06/new.html @@ -12,13 +12,13 @@ - +

    Podman installation documentation in French

    · One min read

    Est-ce que tu parles français? Le mien est horrible. But if your abilities to read and speak French is better than mine, check out this website that I was just pointed to. Installation podman sur CentOS 8 by Bilal Kalem shows you how to install Podman on Centos 8. If nothing else, check out the graphic at the top of the page!

    - + \ No newline at end of file diff --git a/blogs/2020/05/06/podman-in-french.html b/blogs/2020/05/06/podman-in-french.html index c0eeee0bc..5658de2a1 100644 --- a/blogs/2020/05/06/podman-in-french.html +++ b/blogs/2020/05/06/podman-in-french.html @@ -12,13 +12,13 @@ - +

    Podman installation documentation in French

    · One min read

    podman logo

    Podman installation documentation in French

    Est-ce que tu parles français? Le mien est horrible. But if your abilities to read and speak French is better than mine, check out this website that I was just pointed to. Installation podman sur CentOS 8 by Bilal Kalem shows you how to install Podman on Centos 8. If nothing else, check out the graphic at the top of the page!

    - + \ No newline at end of file diff --git a/blogs/2020/05/13/new.html b/blogs/2020/05/13/new.html index 093dbc5b6..4da2411d1 100644 --- a/blogs/2020/05/13/new.html +++ b/blogs/2020/05/13/new.html @@ -12,13 +12,13 @@ - +

    Update on Podman v2

    · One min read

    The local Podman v2 client is complete. It is passing all of its rootful and rootless system and integration tests.

    The CI/CID tests have been re-enabled upstream and are run with each pull request submission. We are now hard at work finishing up some of the core podman-remote functions. Once those functions are complete, we can then begin to run our podman-remote system and integration tests to catch any regressions.

    More details in the announcement post.

    - + \ No newline at end of file diff --git a/blogs/2020/05/13/podman-v2-update.html b/blogs/2020/05/13/podman-v2-update.html index 520cdb764..27deedf28 100644 --- a/blogs/2020/05/13/podman-v2-update.html +++ b/blogs/2020/05/13/podman-v2-update.html @@ -12,13 +12,13 @@ - +

    Update on Podman v2

    · 2 min read

    podman logo

    Update on Podman v2

    By Brent Baude GitHub

    A few weeks ago, we made an announcement about the development of Podman V2. In the announcement, we mentioned that the state of upstream code would be jumbled for a while and that we would be temporarily disabling many of our CI/CD tests. The upstream development team has been hard at work, and we are starting to see that work pay off.

    Today, we are very excited to announce:

    The local Podman v2 client is complete. It is passing all of its rootful and rootless system and integration tests.

    The CI/CID tests have been re-enabled upstream and are run with each pull request submission. We are now hard at work finishing up some of the core podman-remote functions. Once those functions are complete, we can then begin to run our podman-remote system and integration tests to catch any regressions.

    We have re-enabled the autobuilds for Podman v2 in Fedora rawhide. As mentioned earlier, the Podman remote client is not complete, so that binary is temporarily being removed from the RPM. It will be re-added when the remote client is complete. As a corollary, the Windows and OS/X clients are also not being compiled or tested. This will occur once the remote client for Linux is complete.

    We encourage you to pull the latest upstream Podman code and exercise it with your use cases to help us protect against regressions from Podman v1. We hope to make a full Podman v2.0 release in several weeks, once we are confident it is stable. We look forward to hearing what you think, and please do not hesitate to raise issues and comments on this in our GitHub repository, our Freenode IRC channel #podman, or to the Podman mailing list.

    We’re very excited to bring Podman v2.0 to you as it offers a lot more flexibility through it’s new REST API interface and adds several enhancements to the existing commands. If your project builds on top of Podman, we would especially love to have you test this new version out so we can ensure complete compatibility with Podman v1.0 and address any issues found ASAP.

    Note: This announcement was first released to the Podman mailing list. If you are not yet a member of that community, please join us by sending an email to podman-join@lists.podman.io with the word “subscribe” as the title.

    - + \ No newline at end of file diff --git a/blogs/2020/06/29/new.html b/blogs/2020/06/29/new.html index 92cdb0f69..aa4a40b7d 100644 --- a/blogs/2020/06/29/new.html +++ b/blogs/2020/06/29/new.html @@ -12,14 +12,14 @@ - +

    Announcing Podman v2.0

    · One min read

    Announcing Podman v2.0!

    Podman v2.0 is here! Brent Baude talks about the major highlights of the new release, including the new RESTful API, remote client improvements, Auto-update functionality and systemd integration improvements. More details in the announcement post.

    - + \ No newline at end of file diff --git a/blogs/2020/06/29/podman-v2-announce.html b/blogs/2020/06/29/podman-v2-announce.html index c9476bb04..993fc6cab 100644 --- a/blogs/2020/06/29/podman-v2-announce.html +++ b/blogs/2020/06/29/podman-v2-announce.html @@ -12,13 +12,13 @@ - +

    Announcing Podman v2.0

    · 4 min read

    podman logo

    Announcing Podman v2

    By Brent Baude GitHub

    If you have been following the upstream development of Podman, you have undoubtedly seen us refer to “2.0” or “Podman 2”. Today, we have made the first release of Podman 2 upstream. The release notes highlight many of the newest features but we wanted to call out some specific things in this blog and expand on them.

    “Pay no attention to the man behind the curtain”

    Most of the changes to the new Podman should be transparent to end users. We did a significant amount of replumbing in our internals to allow for future enhancements and more closely align many of the code paths. There are some subtle changes to the outputs of some commands and fields within JSON formatted responses. They were largely done to create more consistency amongst our commands as well as driven by user feedback.

    RESTful API

    The biggest change in Podman 2 is our introduction of a RESTful API to interact with our libraries. In actuality, the RESTful service was present in earlier versions but was tagged experimental. We have also deprecated the previous API implementation based on varlink. We will publish more specific blogs and tutorials on how to use the API but consider this a little introduction.

    The API was designed to have two layers: libpod and compatibility. The libpod layer allows you to interact directly with the libpod libraries. The compatibility layer is designed to emulate the Docker RESTful API to assist in migration of tools, applications, and services long-term to libpod. This can be made clearer with an example. Consider inspecting a container called ‘foobar’ with each layer. The endpoint paths would differ depending on the layers.

    /v1.24/containers/foobar   ← compatibility call
    /v1.0/libpod/containers/foobar ← libpod call

    Furthermore, the results of each call will differ. The compatibility result will closely emulate the response from Docker.

    Our preference is that people writing new code to interact with Podman should use the libpod layer only. This is a more sound long term strategy. But for people that need to migrate to Podman, the compatibility layer allows for a quick on-boarding. There are of course Docker endpoints we cannot or choose not to emulate due to incompatibities between Docker and Podman. Nevertheless, we have already seen some field success in migration of applications.

    In keeping with Podman’s history the restful API will work in both rootless and rootful mode. If you run in rootful mode, the podman service will listen on /run/podman/podman.sock and rootless is $XDG_RUNTIME_DIR/podman/podman.sock (for example: /run/user/1000/podman/podman.sock). If you install the podman-docker package, the package will set up a link between run/docker/docker.sock and /run/podman/podman.sock.

    Remote clients

    One of the consequences of our re-plumbing work is that our remote clients for Windows, Mac, and Linux are significantly smaller in size. The interface for the remote client connection has also changed to more of a URI format. As a matter of process, we attach a binary version of the remote clients to each release.

    It is also worth noting that a ‘--remote’ flag has been added to the Podman binary to allow it to act as a remote client.

    Auto-update

    The podman auto-update command allows for updating systemd-managed running containers when their images have been updated on the container registry. While it is still a tech preview in Podman v2.0, we added a number of improvements to better support authentication and to select the correct images on ARM. If you’re interested in auto updates, please check them out and let us know what you think.

    systemd Integration Improvements

    A major improvement for Podman’s systemd support is that podman generate systemd now supports using the --new flag on pods. This allows for creating shareable systemd units not only for containers but also for pods. Additionally, we added a number of changes to make the systemd units more robust and reliable, such as cleanly starting after a system crash and clean shutdowns even when conmon has been killed. The names of generated files can further be altered with the new --container-prefix and --pod-prefix flags.

    Conclusion

    This is a major new version of Podman with the goal to support all of your local container engine needs. We sincerely hope that the new features meet your needs. We continue to develop new content based on the API including new bits to the API itself. Before making too many more changes, we will let Podman “bake” for a while before the next radical functions are added.

    We would love to hear your feedback and look forward to working with the community on giving Podman users and developers the best container experience. Remember upstream Podman development usually hangs out on #podman on Freenode and on the Podman mailing list.

    - + \ No newline at end of file diff --git a/blogs/2020/07/01/new.html b/blogs/2020/07/01/new.html index 3cb7951bc..59ff26eae 100644 --- a/blogs/2020/07/01/new.html +++ b/blogs/2020/07/01/new.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2020/07/01/rest-versioning.html b/blogs/2020/07/01/rest-versioning.html index 4852997f3..2e7e0a9ce 100644 --- a/blogs/2020/07/01/rest-versioning.html +++ b/blogs/2020/07/01/rest-versioning.html @@ -12,13 +12,13 @@ - +

    Podman REST API and Docker compatibility

    · 2 min read

    podman logo

    Podman REST API and Docker compatibility

    By Matthew Heon GitHub

    Versioning the REST API

    Podman v2.0.0 launched recently, and with it the REST API. We’ve seen a great deal of excitement with this new API because of what it will enable - enabling applications and automation to use Podman when the could previously only use Docker. As you may know, Podman’s REST API is split into two halves: one providing a Docker-compatible API, and a Libpod API providing support for Podman’s unique features such as pods. We would love for all projects to eventually grow to support for our native Libpod API, but this will take time (and may be impossible for older, no longer maintained projects). As such, we need to talk about the Compatibility API and how it can be used.

    When we developed the compatibility API layer, we targeted the latest released version of the Docker API, v1.40. Within this version, we aimed to implement all endpoints, with the exception of those used for Swarm(1). Podman is not a tool for managing clusters, and does not intend to become one. We recognize that many existing tools do not target this specific Docker API version, and these are occasionally breaking changes in the Docker API that may make using the newest API impossible. The core Podman team cannot commit to being bug-for-bug compatible with every version of the Docker API. The Podman team commits to fixing bugs related to the latest version of Docker API. We may fix bugs with older versions that affect many users. As a community project, we gladly accept help here - if you find bugs that prevent Podman from working with a specific API version you use and are willing to fix them, we’re always happy to accept patches!

    We’re very excited by the possibilities the new Podman API offers, and encourage everyone to try it out. Question and bug reports are always welcome at our Github page or our email list.


    1. The Podman team believes the best tool for container orchestration is Kubernetes. The podman generate kube and podman play kube ease developer transitioning from single node containers/pods to full Kubernetes workloads.
    - + \ No newline at end of file diff --git a/blogs/2020/07/07/new.html b/blogs/2020/07/07/new.html index 11f2aeeb2..5194059ce 100644 --- a/blogs/2020/07/07/new.html +++ b/blogs/2020/07/07/new.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2020/07/07/repo-rename.html b/blogs/2020/07/07/repo-rename.html index c599ab332..49da21bde 100644 --- a/blogs/2020/07/07/repo-rename.html +++ b/blogs/2020/07/07/repo-rename.html @@ -12,13 +12,13 @@ - +

    The Podman repository has been renamed

    · 2 min read

    podman logo

    The Podman repository has been renamed

    By Matthew Heon GitHub

    The Podman repository on Github is moving from github.com/containers/libpod to github.com/containers/podman! Read on to find out why, and how it will affect you.

    Three years ago, we created a new Git repository to hold our new container-management tool and the library it was based on. At the time, Podman was not named Podman, but kpod - a name no one on the team liked, and one we’d hoped to replace quickly. Given this, we decided to name the repository after the library we’d written to manage containers - libpod. Four months after that, we made the first public release of the tool, and with it came a new name - Podman (POD MANager). The rest is, as they say, history. The Podman team is incredibly grateful for the success we’ve seen since then, and the way that the community has grown.

    With the release of Podman 2.0, we decided it was a good time to for the rename our repository to better match how it’s used today. We’ve decided to rename our Github repository from containers/libpod to containers/podman. The libpod name made sense when we first made the repository, but it hasn’t been the focus of development for some time. We’ve actually been considering moving the libpod library into a separate repository, to make it easier to include in our other tools (and it would be very confusing for containers/libpod to not include libpod!). Given this, and the fact that there are far more users of Podman the tool than libpod the library, renaming the repository makes a great deal of sense.

    Finally, this rename helps make the repository more discoverable - it’s hard for a new Podman user to know that issues should be filed against containers/libpod since they probably don’t know what libpod is.

    We don’t expect this move will break anyone’s workflow. Github will ensure that the old URLs redirect to the new location, so access to the repo itself, as well as our issues and pull requests, should be unaffected.

    - + \ No newline at end of file diff --git a/blogs/2020/07/16/new.html b/blogs/2020/07/16/new.html index 2bf57a6cb..3ade88f13 100644 --- a/blogs/2020/07/16/new.html +++ b/blogs/2020/07/16/new.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2020/07/16/podman-and-cron.html b/blogs/2020/07/16/podman-and-cron.html index 81d767903..fff151606 100644 --- a/blogs/2020/07/16/podman-and-cron.html +++ b/blogs/2020/07/16/podman-and-cron.html @@ -12,13 +12,13 @@ - +
    - + \ No newline at end of file diff --git a/blogs/2020/07/17/additional-image-stores.html b/blogs/2020/07/17/additional-image-stores.html index 5aa738759..7ac2213f9 100644 --- a/blogs/2020/07/17/additional-image-stores.html +++ b/blogs/2020/07/17/additional-image-stores.html @@ -12,13 +12,13 @@ - +
    - + \ No newline at end of file diff --git a/blogs/2020/07/17/new.html b/blogs/2020/07/17/new.html index aca262658..03298d0dd 100644 --- a/blogs/2020/07/17/new.html +++ b/blogs/2020/07/17/new.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2020/07/18/new.html b/blogs/2020/07/18/new.html index 21dadc3b3..6290ea28e 100644 --- a/blogs/2020/07/18/new.html +++ b/blogs/2020/07/18/new.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2020/07/18/speed-up-build-with-overlayfs.html b/blogs/2020/07/18/speed-up-build-with-overlayfs.html index 86799bc82..37d70c5a7 100644 --- a/blogs/2020/07/18/speed-up-build-with-overlayfs.html +++ b/blogs/2020/07/18/speed-up-build-with-overlayfs.html @@ -12,13 +12,13 @@ - +
    - + \ No newline at end of file diff --git a/blogs/2020/08/01/deprecate-and-remove-varlink-notice.html b/blogs/2020/08/01/deprecate-and-remove-varlink-notice.html index ea19da633..ee1fe7efa 100644 --- a/blogs/2020/08/01/deprecate-and-remove-varlink-notice.html +++ b/blogs/2020/08/01/deprecate-and-remove-varlink-notice.html @@ -12,13 +12,13 @@ - +

    Podman API v1.0 Deprecation and Removal Notice

    · 3 min read

    podman logo

    Podman API v1.0 Deprecation and Removal Notice

    By Tom Sweeney GitHub

    The Podman API v1.0 relied on the varlink library to handle the underlying client/server calls from the Podman client to the host where the Podman service was running. About one year ago, the Podman team was notified that the focus on the varlink library was being greatly reduced and there would be no further development and little support for it from the varlink library team. This led the Podman team to investigate the use of other client/server technologies and it was decided to develop a RESTful API for Podman using the native Go libraries.

    This new Podman v2.0 RESTful API was released along with Podman v2.0 in June of 2020 and replaces the Podman API v1.0. As of that time the Podman API v1.0 for Podman is considered to be deprecated. If there are issues with the Podman API v1.0 in versions of Podman prior to v2.0 and those versions are still under support on Red Hat Enterprise Linux (RHEL), the Podman team will make a best effort to address those issues. However, no new feature requests for the API v1.0 will be considered and any problems found with the API v1.0 in Podman v2.0 will not be addressed.

    The new Podman v2.0 RESTful API is split into two halves: one providing a Docker-compatible API, and a Libpod API providing support for Podman’s unique features such as pods. The new API works in both a rootful and a rootless environment. It is a much more flexible solution and Podman will not have a dependency on another project in order to supply an API. For more information on the Podman v2.0 RESTful API please see articles on the podman.io site and also the documentation for the Podman v2.0 RESTful API here.

    Distributions have to support services for the length of their support agreements. The Podman development team wants to be free to update the version of Podman during this support cycle. Therefore, we are planning to drop support for Podman API v1.0 from distributions Red Hat is the packagers for. The version of Podman, 2.*, which is contained in Fedora 33, scheduled to be released around Oct 31, 2020, will ship with no varlink support. We also plan to drop support from the RHEL8.4 release, spring 2021. Other distributions like OpenSUSE have already disabled varlink support and we have heard that other distributions will follow suit.

    This also serves as a notification that the Podman v1.0 (varlink) API will be removed from the main GitHub branch of Podman in the near future. With the release of Podman v2.0 the Podman developers deprecated the Podman API v1.0 in favor of the new Podman v2.0 RESTful API. The plan is to remove varlink completely from the Podman v3.0 development branch which will be created some time after September 2020. A 30 day notification of the final removal date will be posted on the podman.io site and also on the Podman mailing list, along with social media once it is definitively determined.

    If you have any questions or concerns about this notification, please send a note to the Podman mailing list or create an issue on Podman’s GitHub repository.

    - + \ No newline at end of file diff --git a/blogs/2020/08/01/new.html b/blogs/2020/08/01/new.html index 25e219ac7..399d0ffe2 100644 --- a/blogs/2020/08/01/new.html +++ b/blogs/2020/08/01/new.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2020/08/02/new.html b/blogs/2020/08/02/new.html index c194116c2..69fde388b 100644 --- a/blogs/2020/08/02/new.html +++ b/blogs/2020/08/02/new.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2020/08/02/systemd-integration-v2.html b/blogs/2020/08/02/systemd-integration-v2.html index 95a26672d..b47635842 100644 --- a/blogs/2020/08/02/systemd-integration-v2.html +++ b/blogs/2020/08/02/systemd-integration-v2.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2020/08/10/new.html b/blogs/2020/08/10/new.html index 14324d148..f76a5afad 100644 --- a/blogs/2020/08/10/new.html +++ b/blogs/2020/08/10/new.html @@ -12,7 +12,7 @@ - + @@ -23,7 +23,7 @@ direct route to a production ready application. More details from Lokesh Mandvekar and Parker Van Roy in this post.

    - + \ No newline at end of file diff --git a/blogs/2020/08/10/podman-go-bindings.html b/blogs/2020/08/10/podman-go-bindings.html index 52cbd0e01..8e50858f1 100644 --- a/blogs/2020/08/10/podman-go-bindings.html +++ b/blogs/2020/08/10/podman-go-bindings.html @@ -12,7 +12,7 @@ - + @@ -71,7 +71,7 @@ It also includes a section on the RESTful API.

    Contribute

    Acknowledgments

    • This blog post was co-authored by Parker Van Roy, currently interning at Red Hat for summer 2020.

    • Thanks to Brent Baude for the initial blog post suggestion and reviews.

    • Thanks to Tom Sweeney, Valentin Rothberg, Dan Walsh and the entire Podman team for their reviews and insightful comments.

    - + \ No newline at end of file diff --git a/blogs/2020/08/11/migrate-from-docker-compose.html b/blogs/2020/08/11/migrate-from-docker-compose.html index 606bb047e..6cc589a0c 100644 --- a/blogs/2020/08/11/migrate-from-docker-compose.html +++ b/blogs/2020/08/11/migrate-from-docker-compose.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2020/08/11/new.html b/blogs/2020/08/11/new.html index a5e85aa1b..44c4e361c 100644 --- a/blogs/2020/08/11/new.html +++ b/blogs/2020/08/11/new.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2020/08/13/new.html b/blogs/2020/08/13/new.html index f1e75454e..1eca4a3b9 100644 --- a/blogs/2020/08/13/new.html +++ b/blogs/2020/08/13/new.html @@ -12,13 +12,13 @@ - +
    - + \ No newline at end of file diff --git a/blogs/2020/08/13/walk-through.html b/blogs/2020/08/13/walk-through.html index 57db686d1..4640b53a5 100644 --- a/blogs/2020/08/13/walk-through.html +++ b/blogs/2020/08/13/walk-through.html @@ -12,13 +12,13 @@ - +

    Learning Red Hat's Podman (docker), Buildah, Skopeo and Quay.io

    · One min read

    podman logo

    Learning Red Hat's Podman (docker), Buildah, Skopeo and Quay.io

    By Tom Sweeney GitHub

    Four engineers at IBM and Red Hat, JJ Asghar, Brian Tannous, Jason Dobies and Cedric Clyburn spent some time in a stream learning about Podman, Buildah, Skopeo from the ground up in this video blog post. Check out the video to get a great introduction to the tools.

    - + \ No newline at end of file diff --git a/blogs/2020/08/17/work-the-problems.html b/blogs/2020/08/17/work-the-problems.html index 704e3aa94..e3698e690 100644 --- a/blogs/2020/08/17/work-the-problems.html +++ b/blogs/2020/08/17/work-the-problems.html @@ -12,13 +12,13 @@ - +

    Podman Troubleshooting Guide

    · 3 min read

    podman logo

    Podman Troubleshooting Guide

    By Tom Sweeney GitHub

    As a kid, I was fascinated by space flight. If I couldn't be a fireman like my father, I wanted to be an astronaut. Of course I had to have a Major Matt Mason figure so I could fly him around the house and then land him softly in a jury-rigged parachute in my wading pool. Then of course the whole Apollo 13 drama had me riveted, and when the movie came out years later, I fell in love with this line in the movie, "Let's work the problem people. Let's not make things worse by guessing." by Ed Harris who played Gene Kranz the "vested" flight director.

    That's been a helpful creed for me and it's also helpful for the Podman world too. Many times the community spends a fair amount of effort answering issues and questions either in GitHub's issues or in the Podman Mailing List. That's really great, but sometimes the discussion finds that the problem is concerning an issue that is on the Podman Troubleshooting Guide. This page might be one of the least visited pages on the site, yet the most helpful, especially for people who are new to the Podman project.

    The page contains a number of common issues and solutions for Podman. It can help people who are running into issues find out if the issue has been encountered before. Some of the more common ones are issues with mounts and selinux, rootless containers not being able to ping the host, rootless containers exiting with the user, and more. A lot of the items of the page are not really issues with the Podman software, but rather that required configuration steps for use cases were not completed. Along with the problem and typical error responses on this page, each one has a solution section that will walk you through the steps needed to correct the problem. As common problems are encountered along the way, the community is encouraged to add them to the troubleshooting page, keeping it a fresh source of information.

    Hopefully this post will help users of Podman find and discover solutions to their problems more easily in the Podman Troubleshooting Guide. Just as importantly, it will act as a reminder for those in the community who are familiar with the page to consider adding problems and solutions that they may encounter. As we move forward, effective use of this page will help us prove Gene Kranz right in the Podman universe, "Failure is not an option".

    - + \ No newline at end of file diff --git a/blogs/2020/08/21/new.html b/blogs/2020/08/21/new.html index 3ef5de81b..64ded88a4 100644 --- a/blogs/2020/08/21/new.html +++ b/blogs/2020/08/21/new.html @@ -12,13 +12,13 @@ - +

    Container video series&#58; Rootless containers, process separation, and OpenSCAP

    · One min read

    Do you want to know more about Rootless containers, process separation, and OpenSCAP? If you're like many, a video is a better learning device than a blog post. Well you're in luck, Brian Smith just landed a blog post on the Red Hat Enable Sysadmin site Container video series: Rootless containers, process separation, and OpenSCAP with a number of blog posts on the subject, many featuring Podman.

    - + \ No newline at end of file diff --git a/blogs/2020/08/21/rootless-separation-openscap.html b/blogs/2020/08/21/rootless-separation-openscap.html index 593924e4f..b1527da74 100644 --- a/blogs/2020/08/21/rootless-separation-openscap.html +++ b/blogs/2020/08/21/rootless-separation-openscap.html @@ -12,13 +12,13 @@ - +

    Container video series&#58; Rootless containers, process separation, and OpenSCAP

    · One min read

    podman logo

    Container video series: Rootless containers, process separation, and OpenSCAP

    By Tom Sweeney GitHub

    Do you want to know more about Rootless containers, process separation, and OpenSCAP? If you're like many, a video is a better learning device than a blog post. Well you're in luck, Brian Smith just landed a blog post on the Red Hat Enable Sysadmin site Container video series: Rootless containers, process separation, and OpenSCAP with a number of blog posts on the subject, many featuring Podman.

    - + \ No newline at end of file diff --git a/blogs/2020/08/24/container-time.html b/blogs/2020/08/24/container-time.html index e41b30edc..e8322a3b9 100644 --- a/blogs/2020/08/24/container-time.html +++ b/blogs/2020/08/24/container-time.html @@ -12,13 +12,13 @@ - +

    Tick-tock. Does your container know what time it is?

    · One min read

    podman logo

    Tick-tock. Does your container know what time it is?

    By Tom Sweeney GitHub

    Ashley Cui recently joined our team at Red Hat and just wrote her first ever blog post that is now on the Red Hat Enable Sysadmin site Tick-tock. Does your container know what time it is?. In this timely post, Ashley walks you through setting the timezone within a container using the --tz option. Just prior to this posting, I had answered a very similar question for someone. This is a really good and quick blog, and I'm sure the first of many for Ashley.

    - + \ No newline at end of file diff --git a/blogs/2020/08/24/new.html b/blogs/2020/08/24/new.html index b1b97674f..e3eeb56c7 100644 --- a/blogs/2020/08/24/new.html +++ b/blogs/2020/08/24/new.html @@ -12,13 +12,13 @@ - +

    Tick-tock. Does your container know what time it is?

    · One min read

    Ashley Cui recently joined our team at Red Hat and just wrote her first ever blog post that is now on the Red Hat Enable Sysadmin site Tick-tock. Does your container know what time it is?. In this timely post, Ashley walks you through setting the timezone within a container using the --tz option. Just prior to this posting, I had answered a very similar question for someone. This is a really good and quick blog, and I'm sure the first of many for Ashley.

    - + \ No newline at end of file diff --git a/blogs/2020/08/31/new.html b/blogs/2020/08/31/new.html index ffc1adc15..4466dace7 100644 --- a/blogs/2020/08/31/new.html +++ b/blogs/2020/08/31/new.html @@ -12,13 +12,13 @@ - +

    The podman play kube command now supports deployments

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, The podman play kube command now supports deployments, you can now learn all about the recent features added to Podman to interact with Kubernetes objects. The podman generate kube command allows you to export your existing containers into Kubernetes Pod YAML. This YAML can then be imported into OpenShift or a Kubernetes cluster. The podman play kube does the opposite, it allows you to take a Kubernetes YAML and run it in Podman. Learn all of the details and more in the blog post!

    - + \ No newline at end of file diff --git a/blogs/2020/08/31/podman-and-kubernetes.html b/blogs/2020/08/31/podman-and-kubernetes.html index ea413799f..22dffde8f 100644 --- a/blogs/2020/08/31/podman-and-kubernetes.html +++ b/blogs/2020/08/31/podman-and-kubernetes.html @@ -12,13 +12,13 @@ - +

    The podman play kube command now supports deployments

    · One min read

    podman logo

    The podman play kube command now supports deployments

    By Matthew Heon GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, The podman play kube command now supports deployments, you can now learn all about the recent features added to Podman to interact with Kubernetes objects. The podman generate kube command allows you to export your existing containers into Kubernetes Pod YAML. This YAML can then be imported into OpenShift or a Kubernetes cluster. The podman play kube does the opposite, it allows you to take a Kubernetes YAML and run it in Podman. Learn all of the details and more in the blog post!

    - + \ No newline at end of file diff --git a/blogs/2020/09/02/new.html b/blogs/2020/09/02/new.html index 6162d8f81..fb73e68f4 100644 --- a/blogs/2020/09/02/new.html +++ b/blogs/2020/09/02/new.html @@ -12,13 +12,13 @@ - +

    Podman remote clients for macOS and Windows

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, Podman remote clients for macOS and Windows, Brent Baude and Ashley Cui walk you through setting up a remote client on either Windows or macOS to let you manage your containers and images on your Linux backend. The post covers installation, ssh setup, creating the initial connection and finally how to use the client. Give it a quick look!

    - + \ No newline at end of file diff --git a/blogs/2020/09/02/running_windows_or_mac.html b/blogs/2020/09/02/running_windows_or_mac.html index 7261ec75b..1a66e2b29 100644 --- a/blogs/2020/09/02/running_windows_or_mac.html +++ b/blogs/2020/09/02/running_windows_or_mac.html @@ -12,13 +12,13 @@ - +

    Podman remote clients for macOS and Windows

    · One min read

    podman logo

    Podman remote clients for macOS and Windows

    By Brent Baude GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, Podman remote clients for macOS and Windows, Brent Baude and Ashley Cui walk you through setting up a remote client on either Windows or macOS to let you manage your containers and images on your Linux backend. The post covers installation, ssh setup, creating the initial connection and finally how to use the client. Give it a quick look!

    - + \ No newline at end of file diff --git a/blogs/2020/09/18/multi-blog-posts.html b/blogs/2020/09/18/multi-blog-posts.html index 75eb9dad5..ab567779b 100644 --- a/blogs/2020/09/18/multi-blog-posts.html +++ b/blogs/2020/09/18/multi-blog-posts.html @@ -12,13 +12,13 @@ - +

    Podman Posts of Interest

    · One min read

    podman logo

    Podman Posts of Interest

    By Brent Baude GitHub

    - + \ No newline at end of file diff --git a/blogs/2020/09/18/new.html b/blogs/2020/09/18/new.html index ecf9a91d9..4db3fdeeb 100644 --- a/blogs/2020/09/18/new.html +++ b/blogs/2020/09/18/new.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    Podman Posts of Interest

    · One min read

    I've run across a number of posts over the past few weeks concerning Podman and have been busy getting other work done. So now I have a few moments and thought I'd add some links to the posts. Enjoy!

    - + \ No newline at end of file diff --git a/blogs/2020/09/22/security.html b/blogs/2020/09/22/security.html index d8df4d581..148abd564 100644 --- a/blogs/2020/09/22/security.html +++ b/blogs/2020/09/22/security.html @@ -12,13 +12,13 @@ - +

    Podman Security Announcement

    · One min read

    podman logo

    Podman Security Issue

    Today, we're releasing updates to fix CVE-2020-14370, a security issue in Podman. This is a medium-severity information disclosure vulnerability that affects containers created using Podman’s Varlink API or the Docker-compatible version of its REST API. If two or more containers are created using these APIs, and the first container had environment variables added to it when it was created, all subsequent containers created using the Varlink or Docker-compatible REST APIs will also have these environment variables added. This effect does not persist after restarting the Podman API service.

    Podman v2.0.5 and higher contain a fix for the CVE. If you use either of these APIs, please update to Podman v2.0.5 or later. We will also be patching the long-term support v1.6.4 release used in RHEL and CentOS.

    - + \ No newline at end of file diff --git a/blogs/2020/09/28/devconf-ctr-tech.html b/blogs/2020/09/28/devconf-ctr-tech.html index 5fbc4a0d3..58d621f87 100644 --- a/blogs/2020/09/28/devconf-ctr-tech.html +++ b/blogs/2020/09/28/devconf-ctr-tech.html @@ -12,13 +12,13 @@ - +

    DevConf US 2020 Containers Technologies Talk

    · One min read

    podman logo

    DevConf US 2020 Containers Technologies Talk

    By Tom Sweeney GitHub

    In case you missed Kedar Kulkarni's excellent talk at DevConf.US 2020, "Docker, Podman, Buildah, Skopeo, and what else?", check out the video on YouTube. There were also a number of other interesting talks at DevConf.US 2020 that you might be interested in, you'll be able to find links to the talks at the DevConf.US site above.

    - + \ No newline at end of file diff --git a/blogs/2020/09/28/new.html b/blogs/2020/09/28/new.html index 58dfa0cd7..c69e1b475 100644 --- a/blogs/2020/09/28/new.html +++ b/blogs/2020/09/28/new.html @@ -12,13 +12,13 @@ - +

    DevConf US 2020 Containers Technologies Talk

    · One min read

    By Tom Sweeney GitHub

    In case you missed Kedar Kulkarni's excellent talk at DevConf.US 2020, "Docker, Podman, Buildah, Skopeo, and what else?", check out the video on YouTube. There were also a number of other interesting talks at DevConf.US 2020 that you might be interested in, you'll be able to find links to the talks at the DevConf.US site above.

    - + \ No newline at end of file diff --git a/blogs/2020/09/30/Oct-6-Agenda.html b/blogs/2020/09/30/Oct-6-Agenda.html index 80951a4a4..0435a8805 100644 --- a/blogs/2020/09/30/Oct-6-Agenda.html +++ b/blogs/2020/09/30/Oct-6-Agenda.html @@ -12,7 +12,7 @@ - + @@ -26,7 +26,7 @@ 11:00 a.m. to 12:p.m. Eastern (UTC−04:00) Bluejeans: https://bluejeans.com/796412039 (If you have trouble connecting, please reach out in IRC libera.chat #podman)

    Agenda:
    11:00 to 11:05Welcoming Remarks
    11:10 to 11:20Introductions - All Attendees
    11:20 to 11:30Upcoming Podman Release Features and Schedule - Matt Heon
    11:30 to 11:40Podman 3.0 Planning - Dan Walsh
    11:40 to 12:00Open Forum/Questions and Answers Session

    Next Meeting: Tuesday November 3, 2020 11:00 a.m. Eastern (UTC-04:00)

    - + \ No newline at end of file diff --git a/blogs/2020/09/30/new.html b/blogs/2020/09/30/new.html index 4bc3fc015..17d9e09ec 100644 --- a/blogs/2020/09/30/new.html +++ b/blogs/2020/09/30/new.html @@ -12,7 +12,7 @@ - + @@ -21,7 +21,7 @@ October 6 at 11:00 a.m. Eastern. It will be a video conference using BlueJeans and all of the details are on this post.

    - + \ No newline at end of file diff --git a/blogs/2020/10/05/new.html b/blogs/2020/10/05/new.html index 192426353..0a83e1cc6 100644 --- a/blogs/2020/10/05/new.html +++ b/blogs/2020/10/05/new.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2020/10/17/expoloring-restful-api.html b/blogs/2020/10/17/expoloring-restful-api.html index 89afad407..52a45ee40 100644 --- a/blogs/2020/10/17/expoloring-restful-api.html +++ b/blogs/2020/10/17/expoloring-restful-api.html @@ -12,13 +12,13 @@ - +

    Exploring Podman RESTful API using Python and Bash

    · One min read

    podman logo

    Exploring Podman RESTful API using Python and Bash

    By Jhon Honce GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, Exploring Podman RESTful API using Python and Bash, Jhon Honce nicely demonstrates the new Podman REST API using code examples in Python and shell commands. Additional notes are included in the code comments. The provided code was written to be clear vs. production quality.

    - + \ No newline at end of file diff --git a/blogs/2020/10/17/new.html b/blogs/2020/10/17/new.html index fb8c1d6cf..394cbcac7 100644 --- a/blogs/2020/10/17/new.html +++ b/blogs/2020/10/17/new.html @@ -12,13 +12,13 @@ - +
    - + \ No newline at end of file diff --git a/blogs/2020/11/13/gitlab-runner-and-podman.html b/blogs/2020/11/13/gitlab-runner-and-podman.html index e2d56f78d..f3fb1c970 100644 --- a/blogs/2020/11/13/gitlab-runner-and-podman.html +++ b/blogs/2020/11/13/gitlab-runner-and-podman.html @@ -12,13 +12,13 @@ - +

    The history of an API&#58; GitLab Runner and Podman

    · One min read

    podman logo

    The history of an API: GitLab Runner and Podman

    By Tom Sweeney GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, The history of an API: GitLab Runner and Podman, Pablo Greco from the CentOS QA team in Buenos Aires, Argentia documented his journey through a Podman and GitLab Runner integration. When Podman v2.2 arrives, GitLab Runner will be able to run with Podman right out of the box. Give the article a read to see how he got there.

    - + \ No newline at end of file diff --git a/blogs/2020/11/13/new.html b/blogs/2020/11/13/new.html index f436942c5..8bef86aa3 100644 --- a/blogs/2020/11/13/new.html +++ b/blogs/2020/11/13/new.html @@ -12,13 +12,13 @@ - +

    The history of an API&#58; GitLab Runner and Podman

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, The history of an API: GitLab Runner and Podman, Pablo Greco from the CentOS QA team in Buenos Aires, Argentia documented his journey through a Podman and GitLab Runner integration. When Podman v2.2 arrives, GitLab Runner will be able to run with Podman right out of the box. Give the article a read to see how he got there.

    - + \ No newline at end of file diff --git a/blogs/2020/12/01/new.html b/blogs/2020/12/01/new.html index c74f40a80..628217414 100644 --- a/blogs/2020/12/01/new.html +++ b/blogs/2020/12/01/new.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2020/12/01/short-container-names.html b/blogs/2020/12/01/short-container-names.html index 8ad3e7527..a6b295874 100644 --- a/blogs/2020/12/01/short-container-names.html +++ b/blogs/2020/12/01/short-container-names.html @@ -12,13 +12,13 @@ - +

    Container image short names in Podman

    · One min read

    podman logo

    Container image short names in Podman

    By Tom Sweeney GitHub

    Do you like you container names to be short, sweet and yet secure? Valentin Rothberg shows you how in a recent blog post on the Red Hat Enable Sysadmin site, Container image short names in Podman. This functionality is now available in the upstream version of Podman and is targeted for Podman v3.0.

    - + \ No newline at end of file diff --git a/blogs/2020/12/07/new.html b/blogs/2020/12/07/new.html index 1d4c6e3d2..1b49c28f3 100644 --- a/blogs/2020/12/07/new.html +++ b/blogs/2020/12/07/new.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@
    - + \ No newline at end of file diff --git a/blogs/2020/12/07/podman-posts-of-interests.html b/blogs/2020/12/07/podman-posts-of-interests.html index 8b4da6920..d46bb141e 100644 --- a/blogs/2020/12/07/podman-posts-of-interests.html +++ b/blogs/2020/12/07/podman-posts-of-interests.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    Podman Posts of Interest

    · 2 min read

    podman logo

    Podman Posts of Interest

    By Tom Sweeney GitHub

    A number of blog posts have flung by and I have not had a chance to get individual link posts to them, so thought I would add a few here that have popped up recently, links after the break!.

    - + \ No newline at end of file diff --git a/blogs/2020/12/09/new.html b/blogs/2020/12/09/new.html index 252215069..012ad1055 100644 --- a/blogs/2020/12/09/new.html +++ b/blogs/2020/12/09/new.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    Using Podman and systemd to manage container lifecycle

    · One min read

    Ed Haynes has put together a demo of using Podman and systemd to manage a container lifecycle that's available on GitHub. He's written up a post that does a nice job of walking through setting up the demo and running it.

    - + \ No newline at end of file diff --git a/blogs/2020/12/09/podman-systemd-demo.html b/blogs/2020/12/09/podman-systemd-demo.html index bdd81c0a6..5438a9eb5 100644 --- a/blogs/2020/12/09/podman-systemd-demo.html +++ b/blogs/2020/12/09/podman-systemd-demo.html @@ -12,13 +12,13 @@ - +

    Using Podman and systemd to manage container lifecycle

    · 3 min read

    podman logo

    Using Podman and systemd to manage container lifecycle

    By Ed Haynes GitHub

    My background is in industrial automation, and in most cases, the edge devices in the factory are too underpowered to run Kubernetes as a method to manage the lifecycle of containers. The workloads have a very long lifecycle, and generally are "tied" to the edge device. There is a lot of value in containerizing applications on these edge devices, however, as it decouples the application dependencies from the OS and provides a level of isolation between applications. This demo will show how using Podman in conjunction with systemd provides an elegant solution for this sort of use case. In addition, this will be done as a "rootless" user - a key benefit of Podman that helps keep the device secure.

    For my demo, I used a minimal Fedora33 install with Podman installed. To simplify my lifecycle (which in industrial can be 10+ years) I want to keep the base OS as minimal and clean as possible and keep all application dependencies in the containers. I will be creating a redis in-memory keystore database as my containerized application and use the "podman generate systemd" utility to generate the systemd unit file. This file lets systemd know what your policies are for your application - whether it should start at boot or restart when it fails. In my case I want my application available at boot and also want it to restart in case of failure. I enable and start the systemd service with the --user flag, again I don't want root access for security reasons on this device.

    I provide a test script to test the redis container API. While I could have installed the redis-cli on my base Fedora33 OS to do this testing this would violate my desire to keep the base OS as minimal as possible. I pass values to the redis container's port via "nc" to set a key index of "frog" to 56. I then show via getting that index that the value is properly set. Now for the interesting part. I use pkill to kill the redis database and then show how systemd restarts the failed container. You can also reboot the OS and find your application running at startup.

    To tidy things up I provide a cleanup script which stops the service and cleans up the container so you can start the demo from the top if you like.

    To run this demo yourself (I've tested on Fedora33, Red Hat 8.3, and Ubuntu 20.10) ensure Podman and git are installed on your OS

    Also remember this is all done as a standard user - no root!

    git clone https://github.com/edhaynes/podman_systemd_usermode_demo.git

    cd podman_systemd_usermode_demo

    ./launch_redis_container.sh

    "launch_redis_container.sh" launches redis container, adds usermode systemd entry, enables and starts it. You will need to hit "q" to get out of the shown status.

    You should see something like:

    redis_server.service - Podman container-redis_ Loaded: loaded

    Active: active (running) since Wed 2020-12-09 09:22:40 EST; 1h 58min ago

    Now that redis is running you can run the test script that sets a key value, retrieves it, and then kills the redis container. systemd will then restart the container and you can see all is working again. Do this with:

    ./test_redis_container.sh

    Once you are done experimenting with it you can run the cleanup script to stop the systemd service, remove it and stop / remove the container.

    ./cleanup.sh

    Hope you enjoyed this demo and any comments or suggestions please make them in the GitHub repository.

    - + \ No newline at end of file diff --git a/blogs/2020/12/11/new.html b/blogs/2020/12/11/new.html index 0fef1643f..ffae3822a 100644 --- a/blogs/2020/12/11/new.html +++ b/blogs/2020/12/11/new.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2020/12/11/remove-varlink-libpod-conf-notice.html b/blogs/2020/12/11/remove-varlink-libpod-conf-notice.html index db822df78..074f2d338 100644 --- a/blogs/2020/12/11/remove-varlink-libpod-conf-notice.html +++ b/blogs/2020/12/11/remove-varlink-libpod-conf-notice.html @@ -12,13 +12,13 @@ - +

    Podman API v1.0 Deprecation and Removal Notice

    · 2 min read

    podman logo

    Podman API v1.0 and libpod.conf Removal Notice

    By Tom Sweeney GitHub

    On August 1, 2020, the Podman team posted a Podman API v1.0 Deprecation and Removal notice. As noted in that document, the Podman API v1.0 relied on the varlink library to handle the underlying client/server calls from the Podman client to the host where the Podman service was running. The support for the varlink library was greatly reduced in the spring of 2020. This led the Podman team to investigate the use of other client/server technologies and it was decided to develop a RESTful API for Podman using the native Go libraries.

    This new Podman v2.0 RESTful API was released along with Podman v2.0 in June of 2020 and replaces the Podman API v1.0. As of that time the Podman API v1.0 for Podman was considered to be deprecated. The Podman team noted that the Podman v1.0 (varlink) API would be removed from the Podman project in a future release and that a one month notice would be sent to the community before the version of Podman without the v1.0 API was released. This note represents that notice.

    The Podman API v1.0 was just recently removed from the upstream repository on GitHub as work has started on the next release of Podman, v3.0. Podman v3.0 is expected to be released on Fedora 33 in late January 2021 and then later next year in RHEL 8.4 and other distributions.

    At the same time as the removal of the Podman v1.0 API, the libpod.conf file has also been removed and it too will no longer be included with Podman starting in Podman v3.0. The functionality of this file has been replaced by containers.conf. If there have been modifications made to the libpod.conf file in your environment, you should be able to make the same changes in containers.conf and they will be honored.

    If you have any questions or concerns about this notification, please send a note to the Podman mailing list or create an issue on Podman’s GitHub repository.

    - + \ No newline at end of file diff --git a/blogs/2020/12/14/new.html b/blogs/2020/12/14/new.html index 4ecac2b64..8fa1998b1 100644 --- a/blogs/2020/12/14/new.html +++ b/blogs/2020/12/14/new.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2020/12/22/behind-container-images.html b/blogs/2020/12/22/behind-container-images.html index 4e9405ef4..bcd565615 100644 --- a/blogs/2020/12/22/behind-container-images.html +++ b/blogs/2020/12/22/behind-container-images.html @@ -12,7 +12,7 @@ - + @@ -22,7 +22,7 @@ opensourcers.org which talks about the basics of containers, how digests and manifests come into play, working with and creating multi-architecture images and more! It is a really nice discussion of all the pieces and parts of a container image for someone new to the technology right through people who are a lot more experienced, but might not know every nook and cranny.

    - + \ No newline at end of file diff --git a/blogs/2020/12/22/new.html b/blogs/2020/12/22/new.html index 03cbcf476..71acd8615 100644 --- a/blogs/2020/12/22/new.html +++ b/blogs/2020/12/22/new.html @@ -12,7 +12,7 @@ - + @@ -21,7 +21,7 @@ opensourcers.org which talks about the basics of containers, how digests and manifests come into play, working with and creating multi-architecture images and more! It is a really nice discussion of all the pieces and parts of a container image for someone new to the technology right through people who are a lot more experienced, but might not know every nook and cranny.

    - + \ No newline at end of file diff --git a/blogs/2020/12/23/containers-com-podman.html b/blogs/2020/12/23/containers-com-podman.html index 7dbbfa458..614b701eb 100644 --- a/blogs/2020/12/23/containers-com-podman.html +++ b/blogs/2020/12/23/containers-com-podman.html @@ -12,7 +12,7 @@ - + @@ -21,7 +21,7 @@ Como está o seu português? Well if it's better than mine, check out Daniel Lara's video on YouTube. He walks through running Containers using Podman, creating pods, generating YAML for Kubernetes and more! Daniel uses a number of great examples, so it is pretty easy to follow along even if your Portugese is like mine. Apreciar!

    - + \ No newline at end of file diff --git a/blogs/2020/12/23/new.html b/blogs/2020/12/23/new.html index 91b8c9b58..1a1e01c7d 100644 --- a/blogs/2020/12/23/new.html +++ b/blogs/2020/12/23/new.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    Containers com Podman

    · One min read

    Como está o seu português? Well if it's better than mine, check out Daniel Lara's video on YouTube. He walks through running Containers using Podman, creating pods, generating YAML for Kubernetes and more! Daniel uses a number of great examples, so it is pretty easy to follow along even if your Portugese is like mine. Apreciar!

    - + \ No newline at end of file diff --git a/blogs/2021/01/11/new.html b/blogs/2021/01/11/new.html index 9f908c1aa..fa8f53eae 100644 --- a/blogs/2021/01/11/new.html +++ b/blogs/2021/01/11/new.html @@ -12,13 +12,13 @@ - +

    Using Podman and Docker Compose

    · One min read

    One of the questions that the Podman development team has been hearing a lot over the past year or so is "Does Podman support Docker Compose? Up until recently, the answer was "not yet". With the soon to be released Podman v3.0, that answer changes to "NOW!" Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Using Podman and Docker Compose. This functionality is now available in the upstream version of Podman if you want to take a real sneak peak.

    - + \ No newline at end of file diff --git a/blogs/2021/01/11/podman-compose.html b/blogs/2021/01/11/podman-compose.html index e4969cfba..c1a2e3f78 100644 --- a/blogs/2021/01/11/podman-compose.html +++ b/blogs/2021/01/11/podman-compose.html @@ -12,13 +12,13 @@ - +

    Using Podman and Docker Compose

    · One min read

    podman logo

    Using Podman and Docker Compose

    By Brent Baude GitHub

    One of the questions that the Podman development team has been hearing a lot over the past year or so is "Does Podman support Docker Compose? Up until recently, the answer was "not yet". With the soon to be released Podman v3.0, that answer changes to "NOW!" Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Using Podman and Docker Compose. This functionality is now available in the upstream version of Podman if you want to take a real sneak peak.

    - + \ No newline at end of file diff --git a/blogs/2021/01/15/managing-pods.html b/blogs/2021/01/15/managing-pods.html index c97f49eb4..ebdab581d 100644 --- a/blogs/2021/01/15/managing-pods.html +++ b/blogs/2021/01/15/managing-pods.html @@ -12,13 +12,13 @@ - +

    Podman&#58; Managing pods and containers in a local container runtime

    · One min read

    podman logo

    Podman: Managing pods and containers in a local container runtime

    By Brent Baude GitHub

    Podman has the ability to handle pod deployment which is a differentiator from other container runtimes. Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Podman: Managing pods and containers in a local container runtime. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    - + \ No newline at end of file diff --git a/blogs/2021/01/15/new.html b/blogs/2021/01/15/new.html index 4a830828a..823cf0870 100644 --- a/blogs/2021/01/15/new.html +++ b/blogs/2021/01/15/new.html @@ -12,13 +12,13 @@ - +

    Podman&#58; Managing pods and containers in a local container runtime

    · One min read

    Podman has the ability to handle pod deployment which is a differentiator from other container runtimes. Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Podman: Managing pods and containers in a local container runtime. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    - + \ No newline at end of file diff --git a/blogs/2021/01/23/new.html b/blogs/2021/01/23/new.html index 3bd109c50..c4bef9239 100644 --- a/blogs/2021/01/23/new.html +++ b/blogs/2021/01/23/new.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@
    - + \ No newline at end of file diff --git a/blogs/2021/01/23/podman-posts-of-interests.html b/blogs/2021/01/23/podman-posts-of-interests.html index d53cfd980..e0ae36ab6 100644 --- a/blogs/2021/01/23/podman-posts-of-interests.html +++ b/blogs/2021/01/23/podman-posts-of-interests.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    Podman Posts of Interest

    · One min read

    podman logo

    Podman Posts of Interest

    By Tom Sweeney GitHub

    A number of blog posts have flung by and I have not had a chance to get individual link posts to them, so thought I would add a few here that have popped up recently, links after the break!.

    - + \ No newline at end of file diff --git a/blogs/2021/01/26/docker-compose-to-podman.html b/blogs/2021/01/26/docker-compose-to-podman.html index f4aed425b..de4648ed8 100644 --- a/blogs/2021/01/26/docker-compose-to-podman.html +++ b/blogs/2021/01/26/docker-compose-to-podman.html @@ -12,13 +12,13 @@ - +

    From Docker Compose to Kubernetes with Podman

    · One min read

    podman logo

    From Docker Compose to Kubernetes with Podman

    By Brent Baude GitHub

    If you want to know how to use Podman v3.0 to convert Docker Compose YAML to a format that Podman recognizes, Brent Baude explains the "how to" in a recent blog post on the Red Hat Enable Sysadmin site, From Docker Compose to Kubernetes with Podman. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    - + \ No newline at end of file diff --git a/blogs/2021/01/26/new.html b/blogs/2021/01/26/new.html index 80631c83c..a4372b439 100644 --- a/blogs/2021/01/26/new.html +++ b/blogs/2021/01/26/new.html @@ -12,13 +12,13 @@ - +

    From Docker Compose to Kubernetes with Podman

    · One min read

    If you want to know how to use Podman v3.0 to convert Docker Compose YAML to a format that Podman recognizes, Brent Baude explains the "how to" in a recent blog post on the Red Hat Enable Sysadmin site, From Docker Compose to Kubernetes with Podman. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    - + \ No newline at end of file diff --git a/blogs/2021/02/08/easy-development-dependency-management-with-podman-and-tent.html b/blogs/2021/02/08/easy-development-dependency-management-with-podman-and-tent.html index b5ae1023e..152c83e74 100644 --- a/blogs/2021/02/08/easy-development-dependency-management-with-podman-and-tent.html +++ b/blogs/2021/02/08/easy-development-dependency-management-with-podman-and-tent.html @@ -12,13 +12,13 @@ - +

    Easy Development Dependency Management With Podman and Tent

    · 5 min read

    podman logo

    Easy Development Dependency Management With Podman and Tent

    By Farhan Hasin Chowdhury GitHub

    Installing and managing development dependencies for various project is a chore and one thing that can improve your everyday workflow is the usage of containers.

    Tent is a CLI tool for running development dependencies such as MySQL, Mongo, ElasticSearch etc inside pre-configured containers using simple one-liners.

    Running containers can be accessed via their exposed ports and can be paired with any other application on your system.

    Starting a service such as mysql is as simple as executing tent start mysql and you'll never have to look back at it.

    But mysql is not the only available service. A list of all the available services can be found on: services.go

    Tent is heavily inspired from tighten/takeout and is an experimental project. Hence, care should be taken if you're using it in a critical environment.

    Dependencies

    • Linux
    • Podman Installed
    • Podman System Service Running

    If you have Podman installed, you can start the system service as follows:

    ## starts the podman system service
    systemctl --user start podman.socket

    ## enables the podman system service, so it doesn't close on every reboot
    systemctl --user enable podman.socket

    ## stops the podman system service
    systemctl --user stop podman.socket

    ## disables the podman system service, so it doesn't start on every reboot
    systemctl --user disable podman.socket

    Tent assumes that you're running the service in non-root mode, hence the --user argument is necessary in the above commands.

    Installation

    Visit the tent release page and download the tent binary to your computer. Open up your terminal where you've donwloaded the file and execute following commands:

    chmod +x ./tent

    sudo mv ./tent /usr/local/bin

    Now the tent command should be available everywhere in your system.

    Build From Source

    If you're on a Fedora system, the following command should install the necessary development dependencies.

    sudo dnf groupinstall "Development Tools" -y && sudo dnf install golang btrfs-progs-devel gpgme-devel device-mapper-devel -y

    And on a Ubuntu system, the following command should install the necessary development dependencies.

    sudo apt install build-essential golang-go libbtrfs-dev libgpgme-dev libdevmapper-dev -y

    If you're on a different system you, may look for equivalent package on the respective package repositories.

    Now build and install the application as follows:

    git clone https://github.com/fhsinchy/tent.git ~/tent

    cd ~/tent

    make install

    Usage

    The tent binary has following commands:

    • tent start <service name> - starts a container for the given service
    • tent stop <service name> - stops and removes a container for the given service
    • tent list - lists all running containers

    Most of the services in tent utilizes volumes for persisting data, so even if you stop a service, it's data will be persisted in a volume for later usage. These volumes can listed by executing podman volume ls and can be managed like any other podman volume.

    Start a Service

    The generic syntax for the start command is as follows:

    tent start <service name>

    ## starts mysql and prompts you where necessary
    tent start mysql

    ## starts redis and mongo and prompts you where necessary
    tent start redis mongo

    Start Service with Default Configuration

    The --default flag for the start command can be used to skip all the prompts and start a service with default configuration

    tent start <service name> --default

    ## starts mysql with the default configuration
    tent start mysql --default

    ## starts redis and mongo with default configuration
    tent start redis mongo --default

    Stop a Service

    The generic syntax for the stop command is as follows:

    tent stop <service name>

    ## stops mysql and removes the container
    ## prompts you if multiple containers are found
    tent stop mysql

    ## stops all mysql containers and removes them
    tent stop mysql --all

    ## stops redis and mongo then removes the containers.
    ## prompts you if multiple containers are found for any of the given services.
    tent stop redis mongo

    ## stops all redis and mongo conainers and then removes them
    tent stop redis mongo --all

    Stop all Services

    The --all flag for the stop command can be used to stop and remove all running tent containers at once

    tent stop --all

    Running Multiple Versions

    Given all the services are running inside containers, you can spin up multiple versions of the same service as long as you're keeping the port different.

    Run tent start mysql twice; the first time, use the --default flag, and the second time, put 5.7 as tag and 3307 as host port.

    Now, if you run tent list, you'll see both services running at the same time.

    +--------------+----------------+---------------+---------------+
    | CONTAINER | Image | PORTS |
    +--------------+----------------+---------------+---------------+
    | tent-mysql-5.7-3307 | docker.io/mysql:5.7 | 3307->3306/tcp |
    | tent-mysql-latest-3306 | docker.io/mysql:5.7 | 3306->3306/tcp |
    +--------------+----------------+---------------+---------------+

    Container Management

    Containers started by tent are regular containers with some pre-set configurations. So you can use regular podman commands such as ls, inspect, logs etc on them. Although tent comes with a list command, using the podman commands will result in more informative results. The target of tent is to provide plug and play containers, not to become a full-fledged podman cli.

    Contribution

    Tent is an open-source project and contributions are more than welcomed. If you're a Go programmer do take some time to go through the source-code, see if you can improve any part of the program, the maintainer will be more than happy to co-operate. And if you like the project, don't forget to leave a star and share with other fellow developers to show your appreciation.

    - + \ No newline at end of file diff --git a/blogs/2021/02/08/new.html b/blogs/2021/02/08/new.html index 03b9a2680..98fbfdb2b 100644 --- a/blogs/2021/02/08/new.html +++ b/blogs/2021/02/08/new.html @@ -12,13 +12,13 @@ - +

    Easy Development Dependency Management With Podman and Tent

    · One min read

    Tent is an open-source CLI tool for running development dependencies such as MySQL, Mongo, ElasticSearch etc inside pre-configured containers using simple one-liners. Developed using Go and the official golang bindings, tent is fast, reliable and secure. Checkout Easy Development Dependency Management With Podman and Tent to learn about the project.

    - + \ No newline at end of file diff --git a/blogs/2021/03/02/podman-support-for-older-distros.html b/blogs/2021/03/02/podman-support-for-older-distros.html index 0c5ca976a..754967eb2 100644 --- a/blogs/2021/03/02/podman-support-for-older-distros.html +++ b/blogs/2021/03/02/podman-support-for-older-distros.html @@ -12,7 +12,7 @@ - + @@ -34,7 +34,7 @@ systems, where the kernel and certain core libraries may be too old.

    Podman 3.0 will be the last major build on CentOS 7, Debian 10 and Ubuntu 18.04. After this release, we recommend users who need the latest versions of Podman to move to newer versions of their Linux distribution.

    - + \ No newline at end of file diff --git a/blogs/2021/03/27/new.html b/blogs/2021/03/27/new.html index 7965db324..8dbdbabb7 100644 --- a/blogs/2021/03/27/new.html +++ b/blogs/2021/03/27/new.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@
    - + \ No newline at end of file diff --git a/blogs/2021/03/27/podman-posts-of-interests.html b/blogs/2021/03/27/podman-posts-of-interests.html index a9062cb1e..1f75d4f86 100644 --- a/blogs/2021/03/27/podman-posts-of-interests.html +++ b/blogs/2021/03/27/podman-posts-of-interests.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    Podman Posts of Interest

    · One min read

    podman logo

    Podman Posts of Interest

    By Tom Sweeney GitHub

    A number of blog posts have flung by and I have not had a chance to get individual link posts to them, so thought I would add a few here that have popped up recently, links after the break!.

    - + \ No newline at end of file diff --git a/blogs/2021/04/02/new.html b/blogs/2021/04/02/new.html index 9222b160d..98c5628d8 100644 --- a/blogs/2021/04/02/new.html +++ b/blogs/2021/04/02/new.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2021/05/04/new.html b/blogs/2021/05/04/new.html index fe6dcd5f8..3e9629c5a 100644 --- a/blogs/2021/05/04/new.html +++ b/blogs/2021/05/04/new.html @@ -12,7 +12,7 @@ - + @@ -21,7 +21,7 @@ May the Fourth be with you via Podman post, I delve into running an Ascii movie featureing the first Star Wars Movie inside of a container run by Podman.

    Enjoy and May the Fourth be with you!

    - + \ No newline at end of file diff --git a/blogs/2021/05/04/star-wars-in-podman.html b/blogs/2021/05/04/star-wars-in-podman.html index 132e9b0b0..f3a9f6aec 100644 --- a/blogs/2021/05/04/star-wars-in-podman.html +++ b/blogs/2021/05/04/star-wars-in-podman.html @@ -12,7 +12,7 @@ - + @@ -21,7 +21,7 @@ May the Fourth be with you via Podman post, I delve into running an Ascii movie featureing the first Star Wars Movie inside of a container run by Podman.

    Enjoy and May the Fourth be with you!

    - + \ No newline at end of file diff --git a/blogs/2021/05/26/new.html b/blogs/2021/05/26/new.html index 33d9e3a7d..3e252600e 100644 --- a/blogs/2021/05/26/new.html +++ b/blogs/2021/05/26/new.html @@ -12,13 +12,13 @@ - +

    Podman 3 and Docker Compose - How Does the Dockerless Compose Work?

    · One min read

    One of the main Podman 3 features is the support of Docker Compose. You can take any of your existing docker-compose.yml and just use it with Podman.

    In this video, Kirill Shirinkin shows how he moved from Docker to Podman in a real docker-composed application.

    Watch now.

    - + \ No newline at end of file diff --git a/blogs/2021/05/26/podman-3-compose.html b/blogs/2021/05/26/podman-3-compose.html index 423e59c92..b479204f4 100644 --- a/blogs/2021/05/26/podman-3-compose.html +++ b/blogs/2021/05/26/podman-3-compose.html @@ -12,13 +12,13 @@ - +

    Podman 3 and Docker Compose - How Does the Dockerless Compose Work?

    · One min read

    podman logo

    Podman 3 and Docker Compose - How Does the Dockerless Compose Work?

    By Kirill Shirinkin GitHub

    One of the main Podman 3 features is the support of Docker Compose. You can take any of your existing docker-compose.yml and just use it with Podman.

    In this video, Kirill Shirinkin shows how he moved from Docker to Podman in a real docker-composed application.

    Watch now.

    - + \ No newline at end of file diff --git a/blogs/2021/06/13/new.html b/blogs/2021/06/13/new.html index 953891a1f..cd25725ca 100644 --- a/blogs/2021/06/13/new.html +++ b/blogs/2021/06/13/new.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@
    - + \ No newline at end of file diff --git a/blogs/2021/06/13/podman-posts-of-interests.html b/blogs/2021/06/13/podman-posts-of-interests.html index 4cdd3d371..3d51c8486 100644 --- a/blogs/2021/06/13/podman-posts-of-interests.html +++ b/blogs/2021/06/13/podman-posts-of-interests.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    Podman Posts of Interest

    · 2 min read

    podman logo

    Podman Posts of Interest

    By Tom Sweeney GitHub

    A number of blog posts have flung by and I have not had a chance to get individual link posts to them, so thought I would add a few here that have popped up recently, links after the break!.

    - + \ No newline at end of file diff --git a/blogs/2021/06/16/install-podman-on-ubuntu.html b/blogs/2021/06/16/install-podman-on-ubuntu.html index f247d2cc0..cefd32ba0 100644 --- a/blogs/2021/06/16/install-podman-on-ubuntu.html +++ b/blogs/2021/06/16/install-podman-on-ubuntu.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2021/06/16/new.html b/blogs/2021/06/16/new.html index f52915485..b6dd30641 100644 --- a/blogs/2021/06/16/new.html +++ b/blogs/2021/06/16/new.html @@ -12,13 +12,13 @@ - +

    How to Install and Use Podman on Ubuntu 20.04

    · One min read

    Hitesh Jethva posted a blog post on the Atlantic.Net site talking about How to Install and Use Podman on Ubuntu 20.04. In the post Hitesh walks through all the steps necessary from 'A' to 'Z' to get Podman up and running on Ubuntu 20.04 and how to do some initial Podman commands.

    - + \ No newline at end of file diff --git a/blogs/2021/07/01/new.html b/blogs/2021/07/01/new.html index e3af4e679..eaa793561 100644 --- a/blogs/2021/07/01/new.html +++ b/blogs/2021/07/01/new.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2021/07/01/podman-inside-kubernets.html b/blogs/2021/07/01/podman-inside-kubernets.html index 1b420942d..36f1bccb7 100644 --- a/blogs/2021/07/01/podman-inside-kubernets.html +++ b/blogs/2021/07/01/podman-inside-kubernets.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2021/07/02/new.html b/blogs/2021/07/02/new.html index 08ac8d12d..26ecae244 100644 --- a/blogs/2021/07/02/new.html +++ b/blogs/2021/07/02/new.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2021/07/02/podman-inside-container.html b/blogs/2021/07/02/podman-inside-container.html index 44f819f8a..b0069d552 100644 --- a/blogs/2021/07/02/podman-inside-container.html +++ b/blogs/2021/07/02/podman-inside-container.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2021/09/03/new.html b/blogs/2021/09/03/new.html index 8a7b26d66..daf717e40 100644 --- a/blogs/2021/09/03/new.html +++ b/blogs/2021/09/03/new.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@
    - + \ No newline at end of file diff --git a/blogs/2021/09/03/podman-posts-of-interests.html b/blogs/2021/09/03/podman-posts-of-interests.html index e1b312455..e30d9d0ee 100644 --- a/blogs/2021/09/03/podman-posts-of-interests.html +++ b/blogs/2021/09/03/podman-posts-of-interests.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    Podman Posts of Interest

    · One min read

    podman logo

    Podman Posts of Interest

    By Tom Sweeney GitHub

    A number of blog posts have flung by and I have not had a chance to get individual link posts to them, so thought I would add a few here that have popped up recently, links after the break!.

    - + \ No newline at end of file diff --git a/blogs/2021/09/06/new.html b/blogs/2021/09/06/new.html index a7f071be5..81e16a148 100644 --- a/blogs/2021/09/06/new.html +++ b/blogs/2021/09/06/new.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2021/09/06/podman-on-macs.html b/blogs/2021/09/06/podman-on-macs.html index 535d28255..77ced5021 100644 --- a/blogs/2021/09/06/podman-on-macs.html +++ b/blogs/2021/09/06/podman-on-macs.html @@ -12,13 +12,13 @@ - +

    Podman remote clients for macOS and Windows

    · 3 min read

    podman logo

    Podman on Macs Update

    By Brent Baude GitHub

    The Podman team values the local development experience, and we think containers are a crucial part of that. We’ve been brainstorming, discussing, and testing solutions to bring a great Podman experience to Mac and Windows. We are constantly looking for ways to improve it. In particular, the latest release of Podman has support for Intel(as of Podman v3.4) Macs. We have been hearing good feedback for a few weeks now, but up until this point, we haven’t published a lot of documentation.

    Recently, we have been getting an influx of questions about Podman and Podman desktop, specifically around Macs. Coincidentally, we have a really elegant solution which we’d like to introduce. In the recently released Podman-3.3.1, we now have support for Intel-based Macs. It is command-line driven and can be installed through brew (aka Homebrew).

    User Experience on macOS

    The user-experience is quite simple:

    1. Install brew (as it is described on their homepage)
    2. Install podman from brew: brew install podman
    3. Initialize a podman machine: podman machine init
    4. Start the machine: podman machine start
    5. Use podman as you normally would.

    It is worth running podman machine --help to familiarize yourself with the other commands used to manage machines.

    Please note that Podman machine is still under development. While we support port forwarding on Macs and Linux, we have not implemented a solution for file sharing and bind mounts. We are currently researching the various technologies to do so as we want to choose a performant approach.

    Podman machine is currently only supported on Linux and Intel Macs. As for the new Macs that are based on Apple Silicon, we are now waiting for two things. First, we need some patches from upstream qemu to get merged and released. While we wait for the upstream patches, we are working on a possible work-around for qemu. If that is successful, we will re-enable the M1 support in Podman and get brew updated. The second is we need Fedora CoreOS aarch64 images to be indexed, which should be occurring very shortly. Podman 3.4, Oct-10-2021

    User Experience on Windows

    We currently support the Windows platform with a remote client that can be downloaded from our GitHub releases page. That remote client requires a Linux server with Podman and its service running. We also have user reports that running Podman in WSL is quite tenable. Consider the WSL option if you do not have available Linux servers with Podman installed.

    We intend to develop a desktop for the Mac and Windows experience for Podman. Early design work is under consideration. No timeline has been identified yet.

    Questions?

    Remember, our development team can be found in our Matrix room which has been bridged to the #podman channel on libera IRC as well as our Discord server. You can also get in touch with us via our project page by opening issues, PR’s and discussions. We love to hear from people!

    Podman is an open-source project. We are always looking for contributors to help us accelerate features into the Podman and container world.

    - + \ No newline at end of file diff --git a/blogs/2021/10/04/m1macs.html b/blogs/2021/10/04/m1macs.html index 1e18b0f09..d53289efc 100644 --- a/blogs/2021/10/04/m1macs.html +++ b/blogs/2021/10/04/m1macs.html @@ -12,7 +12,7 @@ - + @@ -23,7 +23,7 @@ things are fixed, we support Apple silicon hardware with Podman 3.4.

    In the last two weeks, we were able to clear the final hurdles to support Podman machine on Apple Silicon. Many thanks to the QEMU maintainers and the maintainers of brew. And last but not least, the Fedora FCOS team which officially supports the aarch64 architecture now.

    - + \ No newline at end of file diff --git a/blogs/2021/10/04/new.html b/blogs/2021/10/04/new.html index a50021c12..d4b69da0b 100644 --- a/blogs/2021/10/04/new.html +++ b/blogs/2021/10/04/new.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2021/10/11/multiarch.html b/blogs/2021/10/11/multiarch.html index 0a88b1ff5..36856c0c0 100644 --- a/blogs/2021/10/11/multiarch.html +++ b/blogs/2021/10/11/multiarch.html @@ -12,7 +12,7 @@ - + @@ -106,7 +106,7 @@ bugs and deficiencies are present in earlier editions. On that same note, if you do encounter any strange or unexpected behavior, please reach out to the upstream community for assistance.

    - + \ No newline at end of file diff --git a/blogs/2021/10/11/new.html b/blogs/2021/10/11/new.html index 213aebff5..54d5e9363 100644 --- a/blogs/2021/10/11/new.html +++ b/blogs/2021/10/11/new.html @@ -12,7 +12,7 @@ - + @@ -25,7 +25,7 @@ to produce an image that supports multiple architectures under a single "name". Working with container image manifest lists post!

    - + \ No newline at end of file diff --git a/blogs/2021/10/16/new.html b/blogs/2021/10/16/new.html index 8fcfbda6d..483aa7de6 100644 --- a/blogs/2021/10/16/new.html +++ b/blogs/2021/10/16/new.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2021/10/16/sudo-with-rootless-podman.html b/blogs/2021/10/16/sudo-with-rootless-podman.html index 8d9da3c61..3666a9b7c 100644 --- a/blogs/2021/10/16/sudo-with-rootless-podman.html +++ b/blogs/2021/10/16/sudo-with-rootless-podman.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2021/10/27/how-podman-runs-on-macs.html b/blogs/2021/10/27/how-podman-runs-on-macs.html index f042f2f34..6428ad5f0 100644 --- a/blogs/2021/10/27/how-podman-runs-on-macs.html +++ b/blogs/2021/10/27/how-podman-runs-on-macs.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2021/10/27/new.html b/blogs/2021/10/27/new.html index 472e12066..7ccf2e2b0 100644 --- a/blogs/2021/10/27/new.html +++ b/blogs/2021/10/27/new.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2021/10/28/build-kubernetes-pods-with-podman-play-kube.html b/blogs/2021/10/28/build-kubernetes-pods-with-podman-play-kube.html index 8c2045ec1..043c0bc30 100644 --- a/blogs/2021/10/28/build-kubernetes-pods-with-podman-play-kube.html +++ b/blogs/2021/10/28/build-kubernetes-pods-with-podman-play-kube.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2021/10/28/new.html b/blogs/2021/10/28/new.html index b903ad5df..721129a7c 100644 --- a/blogs/2021/10/28/new.html +++ b/blogs/2021/10/28/new.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2022/02/04/network-usage.html b/blogs/2022/02/04/network-usage.html index ee3dbfd3f..b045484f6 100644 --- a/blogs/2022/02/04/network-usage.html +++ b/blogs/2022/02/04/network-usage.html @@ -12,13 +12,13 @@ - +

    Testing Podman 4 with the new network stack

    · 2 min read

    podman logo

    Testing Podman 4 with the new network stack

    By Brent Baude GitHub

    Podman 4.0 will implement a new network stack instead of CNI plugins. There are two components to the new stack:

    • Netavark performs interface setup, IP address/etc assignment, NAT, and port mapping.
    • Aardvark-dns that replaces the previous DNS name custom plugin. Aardvark-dns is a DNS server that provides name resolution and forwarding for container networks.

    Warning: Before testing Podman 4 and the new network stack, you will have to destroy all your current containers, images, and network. Consider exporting/saving any import containers or images.

    If you have run Podman 3.x before upgrading to Podman 4, Podman will continue to use CNI plugins as it had before. There is a marker in Podman's local storage that indicates this. In order to begin using Podman 4, you need to destroy that marker with podman system reset. This will destroy the marker, all of the images, all of the networks, and all of the containers.

    Setting up Podman 4 with netavark and aardvark-dns on Fedora

    If this is an upgrade to a current Podman install, destroy all current images, containers, and defined networks.

    $ podman system reset --force

    Ensure you have the DNF copr extension.

    $ sudo dnf install 'dnf-command(copr)'

    Add the podman4 test COPR to your system

    $ sudo dnf copr enable rhcontainerbot/podman4

    If you have never installed Podman, replace upgrade with install in the following command.

    $ sudo dnf upgrade podman

    If Podman was upgraded, you may have to install netavark explicitly. Otherwise, the Podman package will continue to use CNI.

    $ sudo dnf install netavark aardvark-dns

    If you find bugs, please report them to our github issues page.

    - + \ No newline at end of file diff --git a/blogs/2022/02/04/new.html b/blogs/2022/02/04/new.html index 835e26d55..6edc9b370 100644 --- a/blogs/2022/02/04/new.html +++ b/blogs/2022/02/04/new.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2022/02/22/new.html b/blogs/2022/02/22/new.html index f345d16b1..119e18e0f 100644 --- a/blogs/2022/02/22/new.html +++ b/blogs/2022/02/22/new.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2022/03/06/new.html b/blogs/2022/03/06/new.html index 568ac3b45..a9961aefe 100644 --- a/blogs/2022/03/06/new.html +++ b/blogs/2022/03/06/new.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2022/03/06/why_no_podman4_f35.html b/blogs/2022/03/06/why_no_podman4_f35.html index 7f975c7e6..c68104b7d 100644 --- a/blogs/2022/03/06/why_no_podman4_f35.html +++ b/blogs/2022/03/06/why_no_podman4_f35.html @@ -12,7 +12,7 @@ - + @@ -27,7 +27,7 @@ a quick start, it is simply:

        $ sudo dnf copr enable rhcontainerbot/podman4

    Once that command completes, you can install Podman.

        $ sudo dnf install podman

    Note: If you are upgrading an existing Podman 3 install and wish to run Podman 4's new network stack, be certain you that the aardvark and netavark packages are also installed (they are part of the same COPR). You will also need to then run podman system reset --force before running any new containers.

    - + \ No newline at end of file diff --git a/blogs/2022/03/15/new.html b/blogs/2022/03/15/new.html index 090184c1f..03a0c11f3 100644 --- a/blogs/2022/03/15/new.html +++ b/blogs/2022/03/15/new.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2022/03/15/podman4.0.2brew.html b/blogs/2022/03/15/podman4.0.2brew.html index a11f78131..0d8f13b4b 100644 --- a/blogs/2022/03/15/podman4.0.2brew.html +++ b/blogs/2022/03/15/podman4.0.2brew.html @@ -12,7 +12,7 @@ - + @@ -22,7 +22,7 @@ deliver is the ability to mount volumes from MacOS into the virtual machine. We decided to backport some code to make it available to users more quickly. As such, it is possible if not likely that there will be more changes around volume mounts in subsequent Podman releases (i.e. default mounts, technology used to make the mount).

    - + \ No newline at end of file diff --git a/blogs/2022/03/23/nvav1.0.2.html b/blogs/2022/03/23/nvav1.0.2.html index f90c52825..1cd980b1e 100644 --- a/blogs/2022/03/23/nvav1.0.2.html +++ b/blogs/2022/03/23/nvav1.0.2.html @@ -12,7 +12,7 @@ - + @@ -24,7 +24,7 @@ macvlan without a gateway address. New packages for Fedora 36 and the Podman4 COPR are being built and should be available shortly.

    - + \ No newline at end of file diff --git a/blogs/2022/04/05/new.html b/blogs/2022/04/05/new.html index 1958ab5ac..fdf3aed04 100644 --- a/blogs/2022/04/05/new.html +++ b/blogs/2022/04/05/new.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2022/04/05/ubuntu-2204-lts-kubic.html b/blogs/2022/04/05/ubuntu-2204-lts-kubic.html index 07d64d024..408436831 100644 --- a/blogs/2022/04/05/ubuntu-2204-lts-kubic.html +++ b/blogs/2022/04/05/ubuntu-2204-lts-kubic.html @@ -12,7 +12,7 @@ - + @@ -23,7 +23,7 @@ the default repos, thanks to the amazing work of Reinhard Tartler and team.

    The package versions available currently are: Podman 3.4, Buildah 1.23 and Skopeo 1.4.

    There won't be any further updates to the Kubic repos as far as Podman, Buildah and Skopeo are concerned, so users are recommended to use the default repos on 22.04 LTS.

    If you're currently using packages from the Kubic repos, it’s highly recommended to uninstall the Kubic packages prior to upgrading to 22.04 LTS.

    - + \ No newline at end of file diff --git a/blogs/2022/05/08/new.html b/blogs/2022/05/08/new.html index a65b5d6ce..4ae9bca0f 100644 --- a/blogs/2022/05/08/new.html +++ b/blogs/2022/05/08/new.html @@ -12,14 +12,14 @@ - + - + \ No newline at end of file diff --git a/blogs/2022/05/08/podman-posts-of-interests.html b/blogs/2022/05/08/podman-posts-of-interests.html index a7dee44d7..43edcb258 100644 --- a/blogs/2022/05/08/podman-posts-of-interests.html +++ b/blogs/2022/05/08/podman-posts-of-interests.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    Podman Posts of Interest

    · 2 min read

    podman logo

    Podman Posts of Interest

    By Tom Sweeney GitHub

    A number of blog posts have flung by and I have not had a chance to get individual link posts to them, so thought I would add a few here that have popped up recently, links after the break!.

    - + \ No newline at end of file diff --git a/blogs/2022/05/09/new.html b/blogs/2022/05/09/new.html index 4f28bff0d..df11429c8 100644 --- a/blogs/2022/05/09/new.html +++ b/blogs/2022/05/09/new.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2022/06/08/new.html b/blogs/2022/06/08/new.html index bff000120..7cdce10b9 100644 --- a/blogs/2022/06/08/new.html +++ b/blogs/2022/06/08/new.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2022/06/08/podman-on-windows.html b/blogs/2022/06/08/podman-on-windows.html index 6b415c942..33fb699de 100644 --- a/blogs/2022/06/08/podman-on-windows.html +++ b/blogs/2022/06/08/podman-on-windows.html @@ -12,7 +12,7 @@ - + @@ -24,7 +24,7 @@ you can then run Podman from your favorite Windows terminal without first having to get into a Virtual Machine. As a bonus, there's a link to a walk through video tutorial included in the post.

    - + \ No newline at end of file diff --git a/blogs/2022/08/17/new.html b/blogs/2022/08/17/new.html index 572328772..2982b1d9e 100644 --- a/blogs/2022/08/17/new.html +++ b/blogs/2022/08/17/new.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2022/10/03/debbuild.html b/blogs/2022/10/03/debbuild.html index b7bf8c6fd..16aabf2c2 100644 --- a/blogs/2022/10/03/debbuild.html +++ b/blogs/2022/10/03/debbuild.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2022/10/03/new.html b/blogs/2022/10/03/new.html index 37a6465c1..19ec543d5 100644 --- a/blogs/2022/10/03/new.html +++ b/blogs/2022/10/03/new.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2022/10/12/new.html b/blogs/2022/10/12/new.html index 40c877d5a..f5c168dd9 100644 --- a/blogs/2022/10/12/new.html +++ b/blogs/2022/10/12/new.html @@ -12,14 +12,14 @@ - + - + \ No newline at end of file diff --git a/blogs/2022/10/12/podman-posts-of-interests.html b/blogs/2022/10/12/podman-posts-of-interests.html index ba5e9638f..8168659db 100644 --- a/blogs/2022/10/12/podman-posts-of-interests.html +++ b/blogs/2022/10/12/podman-posts-of-interests.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    Podman Posts of Interest

    · 3 min read

    podman logo

    Podman Posts of Interest

    By Tom Sweeney GitHub

    A number of blog posts have flung by and I have not had a chance to get individual link posts to them, so thought I would add a few here that have popped up recently, links after the break!.

    - + \ No newline at end of file diff --git a/blogs/2022/10/22/new.html b/blogs/2022/10/22/new.html index 58ed721f2..ab06ebb76 100644 --- a/blogs/2022/10/22/new.html +++ b/blogs/2022/10/22/new.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2022/11/11/nvav1.3.html b/blogs/2022/11/11/nvav1.3.html index 6436e0548..7cc41c419 100644 --- a/blogs/2022/11/11/nvav1.3.html +++ b/blogs/2022/11/11/nvav1.3.html @@ -12,7 +12,7 @@ - + @@ -21,7 +21,7 @@ and aardvark-dns. Both netavark and aardvark-dns versions 1.3.0 were released. As the process works, the upstream releases will slowly work their way into Linux distributions.

    A basic summary of changes for both are as follows:

    v1.3.0 Netavark

    • Housekeeping and code cleanup
    • macvlan: remove tmp interface when name already used in netns
    • Add support for route metrics
    • netlink: return better error if ipv6 is disabled
    • macvlan: fix name collision on hostns
    • Ignore dns-enabled for macvlan (BZ2137320)
    • better errors on teardown
    • allow customer dns servers for containers
    • do not set route for internal-only networks
    • do not use ipv6 autoconf

    v1.3.0 Aardvark-dns

    • allow one or more dns servers in the aardvark config
    - + \ No newline at end of file diff --git a/blogs/2022/12/07/new.html b/blogs/2022/12/07/new.html index 0aa482e3c..5ffdd3ba6 100644 --- a/blogs/2022/12/07/new.html +++ b/blogs/2022/12/07/new.html @@ -12,13 +12,13 @@ - +

    Website Updates

    · One min read

    Several updates have been planned for this site for quite a while, and work has been ongoing. The first significant change that is happening is with our blog posts. A new WordPress-based site has been created for our posts at blog.podman.io. The new site has a fresh look and feel and shows the direction we’re hoping to take this entire site eventually. You'll probably notice the similarities if you have tried Podman Desktop.

    We are contemplating moving the blog posts from this site to the new one. At least for the moment, the blog posts created before today (December 7, 2022) can now be found under the “Archived Blogs” link on the left side menu. The “Blogs” link in that same menu will take you to the new site.

    We hope you enjoy the new blog site and would love to hear from you about what you think about it. As on this site, blog posts from the community will always be gratefully accepted!

    - + \ No newline at end of file diff --git a/blogs/archive.html b/blogs/archive.html index 672752b3f..fd72afa50 100644 --- a/blogs/archive.html +++ b/blogs/archive.html @@ -12,13 +12,13 @@ - +

    Archive

    Archive

    2019

    2020

    2021

    - + \ No newline at end of file diff --git a/blogs/page/10.html b/blogs/page/10.html index fd5316e41..406586232 100644 --- a/blogs/page/10.html +++ b/blogs/page/10.html @@ -12,13 +12,13 @@ - +

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, The podman play kube command now supports deployments, you can now learn all about the recent features added to Podman to interact with Kubernetes objects. The podman generate kube command allows you to export your existing containers into Kubernetes Pod YAML. This YAML can then be imported into OpenShift or a Kubernetes cluster. The podman play kube does the opposite, it allows you to take a Kubernetes YAML and run it in Podman. Learn all of the details and more in the blog post!

    · One min read

    podman logo

    The podman play kube command now supports deployments

    By Matthew Heon GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, The podman play kube command now supports deployments, you can now learn all about the recent features added to Podman to interact with Kubernetes objects. The podman generate kube command allows you to export your existing containers into Kubernetes Pod YAML. This YAML can then be imported into OpenShift or a Kubernetes cluster. The podman play kube does the opposite, it allows you to take a Kubernetes YAML and run it in Podman. Learn all of the details and more in the blog post!

    · One min read

    podman logo

    Tick-tock. Does your container know what time it is?

    By Tom Sweeney GitHub

    Ashley Cui recently joined our team at Red Hat and just wrote her first ever blog post that is now on the Red Hat Enable Sysadmin site Tick-tock. Does your container know what time it is?. In this timely post, Ashley walks you through setting the timezone within a container using the --tz option. Just prior to this posting, I had answered a very similar question for someone. This is a really good and quick blog, and I'm sure the first of many for Ashley.

    · One min read

    Ashley Cui recently joined our team at Red Hat and just wrote her first ever blog post that is now on the Red Hat Enable Sysadmin site Tick-tock. Does your container know what time it is?. In this timely post, Ashley walks you through setting the timezone within a container using the --tz option. Just prior to this posting, I had answered a very similar question for someone. This is a really good and quick blog, and I'm sure the first of many for Ashley.

    · One min read

    Do you want to know more about Rootless containers, process separation, and OpenSCAP? If you're like many, a video is a better learning device than a blog post. Well you're in luck, Brian Smith just landed a blog post on the Red Hat Enable Sysadmin site Container video series: Rootless containers, process separation, and OpenSCAP with a number of blog posts on the subject, many featuring Podman.

    · One min read

    podman logo

    Container video series: Rootless containers, process separation, and OpenSCAP

    By Tom Sweeney GitHub

    Do you want to know more about Rootless containers, process separation, and OpenSCAP? If you're like many, a video is a better learning device than a blog post. Well you're in luck, Brian Smith just landed a blog post on the Red Hat Enable Sysadmin site Container video series: Rootless containers, process separation, and OpenSCAP with a number of blog posts on the subject, many featuring Podman.

    · 3 min read

    podman logo

    Podman Troubleshooting Guide

    By Tom Sweeney GitHub

    As a kid, I was fascinated by space flight. If I couldn't be a fireman like my father, I wanted to be an astronaut. Of course I had to have a Major Matt Mason figure so I could fly him around the house and then land him softly in a jury-rigged parachute in my wading pool. Then of course the whole Apollo 13 drama had me riveted, and when the movie came out years later, I fell in love with this line in the movie, "Let's work the problem people. Let's not make things worse by guessing." by Ed Harris who played Gene Kranz the "vested" flight director.

    - + \ No newline at end of file diff --git a/blogs/page/11.html b/blogs/page/11.html index 9039b9b75..3f6992f62 100644 --- a/blogs/page/11.html +++ b/blogs/page/11.html @@ -12,7 +12,7 @@ - + @@ -28,7 +28,7 @@ using a set of Go based bindings is probably a more direct route to a production ready application. Let’s take a look at how easily that can be accomplished.

    · 3 min read

    podman logo

    Podman API v1.0 Deprecation and Removal Notice

    By Tom Sweeney GitHub

    The Podman API v1.0 relied on the varlink library to handle the underlying client/server calls from the Podman client to the host where the Podman service was running. About one year ago, the Podman team was notified that the focus on the varlink library was being greatly reduced and there would be no further development and little support for it from the varlink library team. This led the Podman team to investigate the use of other client/server technologies and it was decided to develop a RESTful API for Podman using the native Go libraries.

    - + \ No newline at end of file diff --git a/blogs/page/12.html b/blogs/page/12.html index d84bf7c65..fb77b7d7f 100644 --- a/blogs/page/12.html +++ b/blogs/page/12.html @@ -12,14 +12,14 @@ - +

    · 2 min read

    podman logo

    Podman REST API and Docker compatibility

    By Matthew Heon GitHub

    Versioning the REST API

    Podman v2.0.0 launched recently, and with it the REST API. We’ve seen a great deal of excitement with this new API because of what it will enable - enabling applications and automation to use Podman when the could previously only use Docker. As you may know, Podman’s REST API is split into two halves: one providing a Docker-compatible API, and a Libpod API providing support for Podman’s unique features such as pods. We would love for all projects to eventually grow to support for our native Libpod API, but this will take time (and may be impossible for older, no longer maintained projects). As such, we need to talk about the Compatibility API and how it can be used.

    · One min read

    The local Podman v2 client is complete. It is passing all of its rootful and rootless system and integration tests.

    The CI/CID tests have been re-enabled upstream and are run with each pull request submission. We are now hard at work finishing up some of the core podman-remote functions. Once those functions are complete, we can then begin to run our podman-remote system and integration tests to catch any regressions.

    More details in the announcement post.

    - + \ No newline at end of file diff --git a/blogs/page/13.html b/blogs/page/13.html index 80d970f9b..c1676a572 100644 --- a/blogs/page/13.html +++ b/blogs/page/13.html @@ -12,7 +12,7 @@ - + @@ -42,7 +42,7 @@ advancements that Podman v2.x will give our users. Subsequent blog posts will be written on those advancements and why they matter to our users.

    · One min read

    podman logo

    Dockerless: Build and Run Containers with Podman and systemd

    By Kirill Shirinkin GitHub

    In this video, Kirill Shirinkin will show how to use Podman to build container images and run Java applications in containers with systemd.

    We are going to learn why we should at least try alternatives to Docker, how container runtime landscape changed and how Podman is different and in certain ways better than Docker.

    Watch now.

    - + \ No newline at end of file diff --git a/blogs/page/14.html b/blogs/page/14.html index 04a21970d..1f812c8b9 100644 --- a/blogs/page/14.html +++ b/blogs/page/14.html @@ -12,7 +12,7 @@ - + @@ -22,7 +22,7 @@ Signing container images is nothing magical and can drastically enhance security to mitigate man-in-the-middle (MITM) attacks. Read all about it here.

    · One min read

    podman logo

    What happens behind the scenes of a rootless Podman container?

    By Dan Walsh GitHub

    Dan Walsh along with Matt Heon have a blog post on the Red Hat Enable Sysadmin site, What happens behind the scenes of a rootless Podman container?. If you ever wanted to know what happens under the covers of a rootless container, this is the article for you!

    - + \ No newline at end of file diff --git a/blogs/page/15.html b/blogs/page/15.html index 1d40ce47f..435518e92 100644 --- a/blogs/page/15.html +++ b/blogs/page/15.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    · One min read

    · One min read

    A number of blog posts were posted over the past month and given the holiday crunch, we didn't get them listed on the site. So as a catch up, checkout the Blog posts on the Web blog which has a number of links on it to those great articles and videos.

    · One min read

    The new API for Podman, referred to as apiv2, has been merged into the libpod repository. It's a simpler REST API that's more compatible with Docker implementations than the varlink protocol that's currently in use. For more details, see this release announcement by Brent Baude.

    · 3 min read

    podman logo

    By Brent Baude GitHub

    If you follow the traffic on IRC (#podman on libera.chat) or GitHub from the developers of libpod, you might have seen us referencing a new API. We often referred to it as apiv2 and for about a month, there has been an 'apiv2' branch for libpod on GitHub. This week, we have begun to merge that branch but have yet to “wire it up.”

    First and foremost, the Golang libpod API remains largely unchanged. What is changing is the API we expose for automation and remote usage. Our previous API was based on the varlink protocol. But we heard from users that varlink was a hurdle for libpod adoption especially for those who were using the Docker API and its bindings. They simply could not or did not want to rewrite their custom applications for libpod’s new, varlink-based API.

    · 10 min read

    podman logo

    Bioinformatics with rootless podman

    By Valentin Rothberg GitHub

    Over the last 10 years I've seen machines and workflows evolve where I work. From the initial dedicated server, to hpc environments and now the latest instance, containers.

    From an admin point of view this is great - The initial servers had to be carefully built and maintained so that everything would work nicely together. Incompatible programs at that time were run through a VM until such time as they could be folded in to the mix.

    The HPC's had versioned software and environment modules and were built to load the relevant dependencies at run time.

    Now we are into a new era, containers - and not just any old containers, but containers that end users can build and run up fairly quickly to perform what-if's, and move on quickly through iterations until they perform the required functions.

    Podman has developed very rapidly and is incredibly easy to use. You can use it in conjunction with quay.io or run it on a local machine.

    I should add that Adrian Reber gave a talk and has also created a Podman article using openhpc; well worth a watch and a read.

    If you don't have a RedHat Developer Subscription now is an ideal time to get one:

    https://developers.redhat.com/articles/getting-red-hat-developer-subscription-what-rhel-users-need-know/

    ..and download RedHat Enterprise 8.1

    - + \ No newline at end of file diff --git a/blogs/page/16.html b/blogs/page/16.html index ca7abc6ab..3dce56276 100644 --- a/blogs/page/16.html +++ b/blogs/page/16.html @@ -12,13 +12,13 @@ - +

    · One min read

    podman logo

    Running containers with Podman and shareable systemd services

    By Bryan Hepworth GitHub

    Podman version 1.7 is coming out soon and will include new features that will make management of containers with systemd services even easier. Valentin Rothberg has a blog post on the Red Hat Enable Sysadmin site that previews the features: Running containers with Podman and shareable systemd services. In the post Valentin goes over the highlights and then gives a great working example.

    · One min read

    Do you want to know how to setup RHEL 8 to run containers using Podman? Xuegang Jin has a blog post on the Red Hat Blog about this very subject, Working with Linux containers on RHEL 8 with Podman, image builder and web console. In the post Xuegang shows you how you can use Image Builder to create an OS image, how to run containers with Podman, and how to check the host and containers performance using Web Console.

    · One min read

    podman logo

    Working with Linux containers on RHEL 8 with Podman, image builder and web console

    By Tom Sweeney GitHub

    Do you want to know how to setup RHEL 8 to run containers using Podman? Xuegang Jin has a blog post on the Red Hat Blog about this very subject, Working with Linux containers on RHEL 8 with Podman, image builder and web console. In the post Xuegang explains how you can use Image Builder to create an OS image, how to run containers with Podman, and how to check the host and containers performance using Web Console.

    · One min read

    podman logo

    Understanding root inside and outside a container

    By Tom Sweeney GitHub

    Do you run containers as root, or as a regular user? Scott McCarty has a blog post on the Red Hat Blog about this very subject, Understanding root inside and outside a container. In the post Scott walks you through what a rootless container does and how it can be a safer alternative to a container run by root.

    - + \ No newline at end of file diff --git a/blogs/page/17.html b/blogs/page/17.html index 4434aeaad..1a0b03dce 100644 --- a/blogs/page/17.html +++ b/blogs/page/17.html @@ -12,13 +12,13 @@ - +

    · One min read

    podman logo

    Leasing routable IP addresses with Podman containers

    By Brent Baude GitHub

    Brent Baude has another blog post on the Red Hat Enable Sysadmin site this time about Leasing routable IP addresses with Podman containers. In the post Brent talks about using the macvlan and the dhcp plugins that ship with the container-networking project in order to lease ip addresses for your containers.

    · One min read

    podman logo

    Building freely distributed containers with open tools

    By Tom Sweeney GitHub

    Scott McCarty (@fatherlinux) has an amazing video on YouTube about Building freely distributed containers with open tools. As only Scott could say "Although explaining how to ride a Tron-style light cycle is beyond the scope of this tutorial, we will discuss something almost as exhilarating—building containers with #Podman and #RedHat Universal Base Image (UBI). We will cover how to build and run #containers based on #UBI using just your regular user account—no daemon, no root (rootless), no fuss. Finally, we will order the deresolution of all of our containers with a really cool command. You probably won’t be promoted to CEO of ENCOM after this talk, but you will have new tools in your toolbelt for how to find, run, build, and share container images."

    · One min read

    Scott McCarty (@fatherlinux) has an amazing video on YouTube about Building freely distributed containers with open tools. As only Scott could say "Although explaining how to ride a Tron-style light cycle is beyond the scope of this tutorial, we will discuss something almost as exhilarating—building containers with #Podman and #RedHat Universal Base Image (UBI). We will cover how to build and run #containers based on #UBI using just your regular user account—no daemon, no root (rootless), no fuss. Finally, we will order the deresolution of all of our containers with a really cool command. You probably won’t be promoted to CEO of ENCOM after this talk, but you will have new tools in your toolbelt for how to find, run, build, and share container images."

    · One min read

    podman logo

    Basic security principles for containers and container runtimes

    By Brent Baude GitHub

    Brent Baude has another blog post on the Red Hat Enable Sysadmin site this time about Basic security principles for containers and container runtimes. In the post Brent talks about the three core security themes concerning containers and why user privileges matter in the space.

    - + \ No newline at end of file diff --git a/blogs/page/18.html b/blogs/page/18.html index a7953663d..c0fcfa8d2 100644 --- a/blogs/page/18.html +++ b/blogs/page/18.html @@ -12,7 +12,7 @@ - + @@ -22,7 +22,7 @@ introduced how Podman can be used to run containers under the control of Open MPI. In this article I want to extend my HPC environment to use a shared NFS home directory.

    · One min read

    podman logo

    PMM Server + podman: Running a Container Without root Privileges

    By Tom Sweeney GitHub

    Ceri Williams talks about how the Percona Monitoring and Management (PMM) can be run in a container using Podman without root privileges here. In the post Ceri talks about how Percona was able to replace Docker with Podman and Buildah and are able to run containers more securely by doing so.

    · One min read

    Ceri Williams talks about how the Percona Monitoring and Management (PMM) can be run in a container using Podman without root privileges here. In the post Ceri talks about how Percona was able to replace Docker with Podman and Buildah and are able to run containers more securely by doing so.

    · 11 min read

    podman logo

    Generate SECCOMP Profiles for Containers Using Podman and eBPF

    By Valentin Rothberg GitHub

    Containers run everywhere. They run in the cloud, they run on IoT devices, they run in small and in big companies and wherever they run, we want them to run as securely as possible. In this article, I describe the Google Summer of Code project that Divyansh Kamboj, Dan Walsh and I have been working on and how we improved the state of the art in securing containers, and how you can try it out.

    - + \ No newline at end of file diff --git a/blogs/page/19.html b/blogs/page/19.html index 1ec654a1d..69554f14f 100644 --- a/blogs/page/19.html +++ b/blogs/page/19.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    · One min read

    Valentin Rothberg checks in with the "Generate SECCOMP Profiles for Containers Using Podman and eBPF" blog here. In the article Valentin introduces the OCI seccomp hook which allows you to trace the syscalls of a container and then runs through a working example.

    · One min read

    Saharsh Singh talks about how he's moved on from his Docker daemon and moved on to Podman, Buildah and Skopeo here on the Red Hat Service Blog site. Saharsh walks you through a history of container tools and then talks about Podman, Buildah and Skopeo with a lot of great examples.

    · 5 min read

    podman logo

    Podman in HPC environments

    By Adrian Reber GitHub

    A High-Performance Computing (HPC) environment can mean a lot of things, but in this article I want to focus on running Message Passing Interface (MPI) parallelized programs with the help of Podman.

    · One min read

    Adrian Reber talks all about the Message Passing Interface (MPI) in a High-Performance Computing (HPC) environment with the help of Podman here. Adrian provides a nice walk through of how he accomplished this and then explains each of his steps in great detail.

    - + \ No newline at end of file diff --git a/blogs/page/2.html b/blogs/page/2.html index 4a8a25e85..39e9565e9 100644 --- a/blogs/page/2.html +++ b/blogs/page/2.html @@ -12,7 +12,7 @@ - + @@ -38,7 +38,7 @@ changes around volume mounts in subsequent Podman releases (i.e. default mounts, technology used to make the mount).

    · 2 min read

    podman logo

    Podman 4 is not in Fedora 35

    Podman 4 will not officially ship in Fedora 35 because it has breaking changes from Podman 3. Fedora has well-founded policies that forbid updating a package in a Fedora release, like 35, that has breaking changes. This is true for most Linux distributions that are dependent on release versions.

    - + \ No newline at end of file diff --git a/blogs/page/20.html b/blogs/page/20.html index 4da8f8eef..dafecd292 100644 --- a/blogs/page/20.html +++ b/blogs/page/20.html @@ -12,14 +12,14 @@ - +

    · One min read

    podman logo

    Why can’t rootless Podman pull my image?

    By Matthew Heon GitHub

    Matthew Heon has a blog post on the Red Hat Enable Sysadmin site about Why can’t rootless Podman pull my image?. In the blog Matt discusses why restrictions on rootless containers can be inconvenient, but why they're necessary. In the blog Matt covers the use of user namespace and the allocations of uid and gid's that are required to make rootless containers work securely in your environment.

    · One min read

    podman logo

    Best practices for running Buildah in a container

    By Dan Walsh GitHub

    Dan Walsh has recently posted a blog on the Red Hat Developer Blog, Best practices for running Buildah in a container. The post walks you through the balancing act of running a container securely using while keeping an eye on performance. A big boost to the performance side of things is the concept of "Additional Stores". Dan walks you through the use of those in this blog and then wraps it all up with an on-line video at the end.

    · One min read

    Dan Walsh has recently posted a blog on the Red Hat Developer Blog, Best practices for running Buildah in a container. The post walks you through the balancing act of running a container securely using Podman while keeping an eye on performance. A big boost to the performance side of things is the concept of "Additional Stores". Dan walks you through the use of those in this blog and then wraps it all up with an on-line video at the end.

    · One min read

    podman logo

    Using the rootless containers Tech Preview in RHEL 8.0

    By Tom Sweeney GitHub

    Scott McCarty has a blog post on the Red Hat Blog about Using the rootless containers Tech Preview in RHEL 8.0. Podman rootless containers has hit Tech Preview for RHEL 8.0 and Scott walks you through the setup necessary for rootless containers. Small hint, it's a short post because it's just that easy.

    · One min read

    podman logo

    How templating works with Podman, Kubernetes, and Red Hat OpenShift

    By Tom Sweeney GitHub

    Olaph Wagner has put together a nice introduction on How templating works with Podman, Kubernetes, and Red Hat OpenShift on the IBM Developer blog site. If you want to find out how to use Podman to create images that helps Red Hat OpenShift to make templates on the IBM Cloud(TM), then this is the article for you!

    - + \ No newline at end of file diff --git a/blogs/page/21.html b/blogs/page/21.html index 9efd6b729..b1b18ce2f 100644 --- a/blogs/page/21.html +++ b/blogs/page/21.html @@ -12,7 +12,7 @@ - + @@ -24,7 +24,7 @@ Ruby on Rails application in new article on mkdev.me blog: Dockerless, part 3: Moving development environment to containers with Podman.

    · One min read

    Red Hat has recently posted an OnDemand course: Container pipelines for sys admins—and anyone, really—with Buildah and Podman. The session teaches you how to integrate both Podman and Buildah into your continuous delivery (CI/CD) solutions and also serves as a good introduction to both tools. The cost can't be beat (free!), so if you're looking for a quick introduction into the tools, this is a good way to go.

    · One min read

    podman logo

    OnDemand Course: Container pipelines for sys admins—and anyone, really—with Buildah and Podman

    By Tom Sweeney GitHub

    Red Hat has recently posted an OnDemand course: Container pipelines for sys admins—and anyone, really—with Buildah and Podman. The session teaches you how to integrate both Podman and Buildah into your continuous delivery (CI/CD) solutions and also serves as a good introduction to both tools. The cost can't be beat (free!), so if you're looking for a quick introduction into the tools, this is a good way to go.

    - + \ No newline at end of file diff --git a/blogs/page/22.html b/blogs/page/22.html index 356a166af..b057f446e 100644 --- a/blogs/page/22.html +++ b/blogs/page/22.html @@ -12,14 +12,14 @@ - +

    · 2 min read

    podman logo

    Podman Mailing List

    By Tom Sweeney GitHub

    We've received a number of requests for a mailing list for Podman and we're happy to announce that one has just been created! We've built a friendly community on IRC and GitHub and plan to continue that growth in this new mailing list. The maintainers of the project are all members of the list and we're happy to take any and all questions there about Podman. You can also just use the list as a way to track what's going on with Podman as release announcements and other important news will be posted there.

    · One min read

    We've received a number of requests for a mailing list for Podman and we're happy to announce that one has just been created! We've built a friendly community on IRC and GitHub and plan to continue that growth in this new mailing list. The maintainers of the project are all members of the list and we're happy to take any and all questions there about Podman. You can also just use the list as a way to track what's going on with Podman as release announcements and other important news will be posted there.

    Get all the details on this blog post!

    · One min read

    Red Hat Developer recently posted a new Podman Cheat Sheet on their blog. It's a handy guide that cover the commands that focus on images, containers and container resources. Check it out!

    · One min read

    podman logo

    Monitoring container vitality and availability with Podman

    By Brent Baude GitHub

    Who doesn't want a healthy container in their environment? Now with Podman you can setup healthchecks so you can check if your container and it's application is up and running as you'd expect. Brent Baude introduces the new functionality in this article on the Red Hat Developer Blog: Monitoring container vitality and availability with Podman.

    - + \ No newline at end of file diff --git a/blogs/page/23.html b/blogs/page/23.html index 6ceb1d139..b9a9f3264 100644 --- a/blogs/page/23.html +++ b/blogs/page/23.html @@ -12,7 +12,7 @@ - + @@ -32,7 +32,7 @@ Podman machine

    · 3 min read

    boot2podman logo

    Podman Machine and Boot2podman

    By Anders F Björklund GitHub

    Update: September 9, 2021 - Tom Sweeney

    This post initially discussed the boot2podman/machine project, which Anders has since deprecated. Starting with Podman v3.3, the podman machine command now does that same function and is part of the Podman project. Please see Brent Baude's update or the podman machine man page on docs.podman.io for more information on how to run Podman machine. The podman-machine command has been deprecated.

    In addition, the Podman team is investigating the possibility of creating Podman Desktop. Please see the issue on GitHub, and please add your comments or thoughts to that issue.

    More updates are coming, and please keep your eye on the Podman Mailing List and podman.io for further information and developments.

    Finally, a very big thank you to Anders for his many contributions to Podman, particularly for his work in getting Podman to work smoothly on macOS.

    Original Post

    By using podman-machine and indirectly boot2podman, it is easy to get started with podman even if your local host does not support it...

    It will start a virtual machine, with everything to run containers. This includes podman and buildah, and remote access over varlink.

    - + \ No newline at end of file diff --git a/blogs/page/24.html b/blogs/page/24.html index 4c0aa91ce..8c0dd6ef5 100644 --- a/blogs/page/24.html +++ b/blogs/page/24.html @@ -12,7 +12,7 @@ - + @@ -34,7 +34,7 @@ Podman containers.

    Read More

    - + \ No newline at end of file diff --git a/blogs/page/25.html b/blogs/page/25.html index 18e1668db..7812e84d2 100644 --- a/blogs/page/25.html +++ b/blogs/page/25.html @@ -12,7 +12,7 @@ - + @@ -22,7 +22,7 @@ In fact, this job can be done by external tools and this blog post describes how we can use the systemd initialization service to work with Podman containers.

    · One min read

    If you've missed the news so far, CoreOS was acquired by Red Hat at the beginning of 2018. This also means some changes for Buildah and Podman.

    Buildah and Podman were previously projects within Project Atomic which is going to be sunset in favor of an immutable host combination of Container Linux and Fedora Atomic Host: this combination is called Fedora CoreOS. We therefore welcome you to the new websites, buildah.io and podman.io where you will find news, announcements, and more around the respective projects.

    To start it up, check out the new Blogs and Releases sections on the site.

    · 6 min read

    podman logo

    Python3 support for Podman

    By Jhon Honce GitHub

    You’ve learned of Podman and all it’s coolness for running OCI-based containers, but you need a solution that is repeatable and scripted. Rather than just executing Podman commands, you want a stable API to call into and not need to screen scrape the output.

    We heard you and now provide a Python package, python3-podman. This package allows you to access the facilities of a Podman service with #nobigfatdaemons.

    - + \ No newline at end of file diff --git a/blogs/page/3.html b/blogs/page/3.html index 49f844809..f9e504943 100644 --- a/blogs/page/3.html +++ b/blogs/page/3.html @@ -12,7 +12,7 @@ - + @@ -24,7 +24,7 @@ Skopeo container tools to produce an image that supports multiple architectures under a single "name".

    - + \ No newline at end of file diff --git a/blogs/page/4.html b/blogs/page/4.html index 9b4ef370d..7a201abad 100644 --- a/blogs/page/4.html +++ b/blogs/page/4.html @@ -12,7 +12,7 @@ - + @@ -30,7 +30,7 @@ Checkout the Podman Posts of Interest for the links!

    - + \ No newline at end of file diff --git a/blogs/page/5.html b/blogs/page/5.html index 683a7d763..5b2a66328 100644 --- a/blogs/page/5.html +++ b/blogs/page/5.html @@ -12,7 +12,7 @@ - + @@ -28,7 +28,7 @@ May the Fourth be with you via Podman post, I delve into running an Ascii movie featureing the first Star Wars Movie inside of a container run by Podman.

    Enjoy and May the Fourth be with you!

    - + \ No newline at end of file diff --git a/blogs/page/6.html b/blogs/page/6.html index 574cfe8ce..448433c1e 100644 --- a/blogs/page/6.html +++ b/blogs/page/6.html @@ -12,7 +12,7 @@ - + @@ -32,7 +32,7 @@ to the posts. Checkout the Podman Posts of Interest for the links!

    · One min read

    podman logo

    Podman: Managing pods and containers in a local container runtime

    By Brent Baude GitHub

    Podman has the ability to handle pod deployment which is a differentiator from other container runtimes. Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Podman: Managing pods and containers in a local container runtime. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    - + \ No newline at end of file diff --git a/blogs/page/7.html b/blogs/page/7.html index 358d405c2..7862648fe 100644 --- a/blogs/page/7.html +++ b/blogs/page/7.html @@ -12,7 +12,7 @@ - + @@ -30,7 +30,7 @@ opensourcers.org which talks about the basics of containers, how digests and manifests come into play, working with and creating multi-architecture images and more! It is a really nice discussion of all the pieces and parts of a container image for someone new to the technology right through people who are a lot more experienced, but might not know every nook and cranny.

    · 2 min read

    podman logo

    Podman API v1.0 and libpod.conf Removal Notice

    By Tom Sweeney GitHub

    On August 1, 2020, the Podman team posted a Podman API v1.0 Deprecation and Removal notice. As noted in that document, the Podman API v1.0 relied on the varlink library to handle the underlying client/server calls from the Podman client to the host where the Podman service was running. The support for the varlink library was greatly reduced in the spring of 2020. This led the Podman team to investigate the use of other client/server technologies and it was decided to develop a RESTful API for Podman using the native Go libraries.

    - + \ No newline at end of file diff --git a/blogs/page/8.html b/blogs/page/8.html index 5785c2a66..1fe15e326 100644 --- a/blogs/page/8.html +++ b/blogs/page/8.html @@ -12,7 +12,7 @@ - + @@ -24,7 +24,7 @@ to the posts. Checkout the Podman Posts of Interest for the links!

    · One min read

    podman logo

    Container image short names in Podman

    By Tom Sweeney GitHub

    Do you like you container names to be short, sweet and yet secure? Valentin Rothberg shows you how in a recent blog post on the Red Hat Enable Sysadmin site, Container image short names in Podman. This functionality is now available in the upstream version of Podman and is targeted for Podman v3.0.

    · One min read

    podman logo

    The history of an API: GitLab Runner and Podman

    By Tom Sweeney GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, The history of an API: GitLab Runner and Podman, Pablo Greco from the CentOS QA team in Buenos Aires, Argentia documented his journey through a Podman and GitLab Runner integration. When Podman v2.2 arrives, GitLab Runner will be able to run with Podman right out of the box. Give the article a read to see how he got there.

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, The history of an API: GitLab Runner and Podman, Pablo Greco from the CentOS QA team in Buenos Aires, Argentia documented his journey through a Podman and GitLab Runner integration. When Podman v2.2 arrives, GitLab Runner will be able to run with Podman right out of the box. Give the article a read to see how he got there.

    · One min read

    podman logo

    Exploring Podman RESTful API using Python and Bash

    By Jhon Honce GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, Exploring Podman RESTful API using Python and Bash, Jhon Honce nicely demonstrates the new Podman REST API using code examples in Python and shell commands. Additional notes are included in the code comments. The provided code was written to be clear vs. production quality.

    - + \ No newline at end of file diff --git a/blogs/page/9.html b/blogs/page/9.html index dda05a438..747420063 100644 --- a/blogs/page/9.html +++ b/blogs/page/9.html @@ -12,7 +12,7 @@ - + @@ -27,7 +27,7 @@ post.

    · One min read

    podman logo

    DevConf US 2020 Containers Technologies Talk

    By Tom Sweeney GitHub

    In case you missed Kedar Kulkarni's excellent talk at DevConf.US 2020, "Docker, Podman, Buildah, Skopeo, and what else?", check out the video on YouTube. There were also a number of other interesting talks at DevConf.US 2020 that you might be interested in, you'll be able to find links to the talks at the DevConf.US site above.

    · One min read

    By Tom Sweeney GitHub

    In case you missed Kedar Kulkarni's excellent talk at DevConf.US 2020, "Docker, Podman, Buildah, Skopeo, and what else?", check out the video on YouTube. There were also a number of other interesting talks at DevConf.US 2020 that you might be interested in, you'll be able to find links to the talks at the DevConf.US site above.

    · One min read

    podman logo

    Podman Security Issue

    Today, we're releasing updates to fix CVE-2020-14370, a security issue in Podman. This is a medium-severity information disclosure vulnerability that affects containers created using Podman’s Varlink API or the Docker-compatible version of its REST API. If two or more containers are created using these APIs, and the first container had environment variables added to it when it was created, all subsequent containers created using the Varlink or Docker-compatible REST APIs will also have these environment variables added. This effect does not persist after restarting the Podman API service.

    Podman v2.0.5 and higher contain a fix for the CVE. If you use either of these APIs, please update to Podman v2.0.5 or later. We will also be patching the long-term support v1.6.4 release used in RHEL and CentOS.

    · One min read

    podman logo

    Podman Posts of Interest

    By Brent Baude GitHub

    · One min read

    I've run across a number of posts over the past few weeks concerning Podman and have been busy getting other work done. So now I have a few moments and thought I'd add some links to the posts. Enjoy!

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, Podman remote clients for macOS and Windows, Brent Baude and Ashley Cui walk you through setting up a remote client on either Windows or macOS to let you manage your containers and images on your Linux backend. The post covers installation, ssh setup, creating the initial connection and finally how to use the client. Give it a quick look!

    · One min read

    podman logo

    Podman remote clients for macOS and Windows

    By Brent Baude GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, Podman remote clients for macOS and Windows, Brent Baude and Ashley Cui walk you through setting up a remote client on either Windows or macOS to let you manage your containers and images on your Linux backend. The post covers installation, ssh setup, creating the initial connection and finally how to use the client. Give it a quick look!

    - + \ No newline at end of file diff --git a/blogs/tags.html b/blogs/tags.html index 3add7cc42..8f3dc3e8a 100644 --- a/blogs/tags.html +++ b/blogs/tags.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/tags/aardvark-dns.html b/blogs/tags/aardvark-dns.html index 24ec4b2aa..ce5cf5d3e 100644 --- a/blogs/tags/aardvark-dns.html +++ b/blogs/tags/aardvark-dns.html @@ -12,13 +12,13 @@ - +

    2 posts tagged with "aardvark-dns"

    View All Tags
    - + \ No newline at end of file diff --git a/blogs/tags/aardvark.html b/blogs/tags/aardvark.html index da8f87831..a5b06f166 100644 --- a/blogs/tags/aardvark.html +++ b/blogs/tags/aardvark.html @@ -12,13 +12,13 @@ - +

    2 posts tagged with "aardvark"

    View All Tags
    - + \ No newline at end of file diff --git a/blogs/tags/api.html b/blogs/tags/api.html index 17167bf58..74bcfcfd2 100644 --- a/blogs/tags/api.html +++ b/blogs/tags/api.html @@ -12,7 +12,7 @@ - + @@ -30,7 +30,7 @@ Checkout the Podman Posts of Interest for the links!

    - + \ No newline at end of file diff --git a/blogs/tags/api/page/2.html b/blogs/tags/api/page/2.html index 1f24ca171..b1264a7b2 100644 --- a/blogs/tags/api/page/2.html +++ b/blogs/tags/api/page/2.html @@ -12,7 +12,7 @@ - + @@ -21,7 +21,7 @@ on Apple silicon hardware like the M1s.

    · 3 min read

    podman logo

    Podman on Macs Update

    By Brent Baude GitHub

    The Podman team values the local development experience, and we think containers are a crucial part of that. We’ve been brainstorming, discussing, and testing solutions to bring a great Podman experience to Mac and Windows. We are constantly looking for ways to improve it. In particular, the latest release of Podman has support for Intel(as of Podman v3.4) Macs. We have been hearing good feedback for a few weeks now, but up until this point, we haven’t published a lot of documentation.

    - + \ No newline at end of file diff --git a/blogs/tags/api/page/3.html b/blogs/tags/api/page/3.html index 65aa666f1..9c8eaa1df 100644 --- a/blogs/tags/api/page/3.html +++ b/blogs/tags/api/page/3.html @@ -12,7 +12,7 @@ - + @@ -30,7 +30,7 @@ May the Fourth be with you via Podman post, I delve into running an Ascii movie featureing the first Star Wars Movie inside of a container run by Podman.

    Enjoy and May the Fourth be with you!

    - + \ No newline at end of file diff --git a/blogs/tags/api/page/4.html b/blogs/tags/api/page/4.html index 2c4c6333c..7160636f9 100644 --- a/blogs/tags/api/page/4.html +++ b/blogs/tags/api/page/4.html @@ -12,7 +12,7 @@ - + @@ -26,7 +26,7 @@ to the posts. Checkout the Podman Posts of Interest for the links!

    · One min read

    podman logo

    Podman: Managing pods and containers in a local container runtime

    By Brent Baude GitHub

    Podman has the ability to handle pod deployment which is a differentiator from other container runtimes. Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Podman: Managing pods and containers in a local container runtime. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    · One min read

    Podman has the ability to handle pod deployment which is a differentiator from other container runtimes. Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Podman: Managing pods and containers in a local container runtime. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    · One min read

    One of the questions that the Podman development team has been hearing a lot over the past year or so is "Does Podman support Docker Compose? Up until recently, the answer was "not yet". With the soon to be released Podman v3.0, that answer changes to "NOW!" Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Using Podman and Docker Compose. This functionality is now available in the upstream version of Podman if you want to take a real sneak peak.

    · One min read

    podman logo

    Using Podman and Docker Compose

    By Brent Baude GitHub

    One of the questions that the Podman development team has been hearing a lot over the past year or so is "Does Podman support Docker Compose? Up until recently, the answer was "not yet". With the soon to be released Podman v3.0, that answer changes to "NOW!" Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Using Podman and Docker Compose. This functionality is now available in the upstream version of Podman if you want to take a real sneak peak.

    - + \ No newline at end of file diff --git a/blogs/tags/api/page/5.html b/blogs/tags/api/page/5.html index d641017aa..679e31e9e 100644 --- a/blogs/tags/api/page/5.html +++ b/blogs/tags/api/page/5.html @@ -12,7 +12,7 @@ - + @@ -36,7 +36,7 @@ to the posts. Checkout the Podman Posts of Interest for the links!

    - + \ No newline at end of file diff --git a/blogs/tags/api/page/6.html b/blogs/tags/api/page/6.html index ec9515b1d..4e0af9664 100644 --- a/blogs/tags/api/page/6.html +++ b/blogs/tags/api/page/6.html @@ -12,7 +12,7 @@ - + @@ -23,7 +23,7 @@ post.

    · One min read

    podman logo

    DevConf US 2020 Containers Technologies Talk

    By Tom Sweeney GitHub

    In case you missed Kedar Kulkarni's excellent talk at DevConf.US 2020, "Docker, Podman, Buildah, Skopeo, and what else?", check out the video on YouTube. There were also a number of other interesting talks at DevConf.US 2020 that you might be interested in, you'll be able to find links to the talks at the DevConf.US site above.

    · One min read

    By Tom Sweeney GitHub

    In case you missed Kedar Kulkarni's excellent talk at DevConf.US 2020, "Docker, Podman, Buildah, Skopeo, and what else?", check out the video on YouTube. There were also a number of other interesting talks at DevConf.US 2020 that you might be interested in, you'll be able to find links to the talks at the DevConf.US site above.

    · One min read

    podman logo

    Podman Posts of Interest

    By Brent Baude GitHub

    · One min read

    I've run across a number of posts over the past few weeks concerning Podman and have been busy getting other work done. So now I have a few moments and thought I'd add some links to the posts. Enjoy!

    - + \ No newline at end of file diff --git a/blogs/tags/api/page/7.html b/blogs/tags/api/page/7.html index 3cf53831c..ed1e1a7e3 100644 --- a/blogs/tags/api/page/7.html +++ b/blogs/tags/api/page/7.html @@ -12,7 +12,7 @@ - + @@ -23,7 +23,7 @@ direct route to a production ready application. More details from Lokesh Mandvekar and Parker Van Roy in this post.

    - + \ No newline at end of file diff --git a/blogs/tags/api/page/8.html b/blogs/tags/api/page/8.html index ad9570a44..f60a401c6 100644 --- a/blogs/tags/api/page/8.html +++ b/blogs/tags/api/page/8.html @@ -12,14 +12,14 @@ - +

    83 posts tagged with "api"

    View All Tags

    · 2 min read

    podman logo

    Podman REST API and Docker compatibility

    By Matthew Heon GitHub

    Versioning the REST API

    Podman v2.0.0 launched recently, and with it the REST API. We’ve seen a great deal of excitement with this new API because of what it will enable - enabling applications and automation to use Podman when the could previously only use Docker. As you may know, Podman’s REST API is split into two halves: one providing a Docker-compatible API, and a Libpod API providing support for Podman’s unique features such as pods. We would love for all projects to eventually grow to support for our native Libpod API, but this will take time (and may be impossible for older, no longer maintained projects). As such, we need to talk about the Compatibility API and how it can be used.

    · One min read

    The local Podman v2 client is complete. It is passing all of its rootful and rootless system and integration tests.

    The CI/CID tests have been re-enabled upstream and are run with each pull request submission. We are now hard at work finishing up some of the core podman-remote functions. Once those functions are complete, we can then begin to run our podman-remote system and integration tests to catch any regressions.

    More details in the announcement post.

    · 2 min read

    podman logo

    Update on Podman v2

    By Brent Baude GitHub

    A few weeks ago, we made an announcement about the development of Podman V2. In the announcement, we mentioned that the state of upstream code would be jumbled for a while and that we would be temporarily disabling many of our CI/CD tests. The upstream development team has been hard at work, and we are starting to see that work pay off.

    Today, we are very excited to announce:

    The local Podman v2 client is complete. It is passing all of its rootful and rootless system and integration tests.

    The CI/CID tests have been re-enabled upstream and are run with each pull request submission. We are now hard at work finishing up some of the core podman-remote functions. Once those functions are complete, we can then begin to run our podman-remote system and integration tests to catch any regressions.

    We have re-enabled the autobuilds for Podman v2 in Fedora rawhide. As mentioned earlier, the Podman remote client is not complete, so that binary is temporarily being removed from the RPM. It will be re-added when the remote client is complete. As a corollary, the Windows and OS/X clients are also not being compiled or tested. This will occur once the remote client for Linux is complete.

    We encourage you to pull the latest upstream Podman code and exercise it with your use cases to help us protect against regressions from Podman v1. We hope to make a full Podman v2.0 release in several weeks, once we are confident it is stable. We look forward to hearing what you think, and please do not hesitate to raise issues and comments on this in our GitHub repository, our Freenode IRC channel #podman, or to the Podman mailing list.

    We’re very excited to bring Podman v2.0 to you as it offers a lot more flexibility through it’s new REST API interface and adds several enhancements to the existing commands. If your project builds on top of Podman, we would especially love to have you test this new version out so we can ensure complete compatibility with Podman v1.0 and address any issues found ASAP.

    Note: This announcement was first released to the Podman mailing list. If you are not yet a member of that community, please join us by sending an email to podman-join@lists.podman.io with the word “subscribe” as the title.

    - + \ No newline at end of file diff --git a/blogs/tags/api/page/9.html b/blogs/tags/api/page/9.html index ab3efafd5..f2396e7a6 100644 --- a/blogs/tags/api/page/9.html +++ b/blogs/tags/api/page/9.html @@ -12,7 +12,7 @@ - + @@ -42,7 +42,7 @@ advancements that Podman v2.x will give our users. Subsequent blog posts will be written on those advancements and why they matter to our users.

    · 3 min read

    podman logo

    By Brent Baude GitHub

    If you follow the traffic on IRC (#podman on libera.chat) or GitHub from the developers of libpod, you might have seen us referencing a new API. We often referred to it as apiv2 and for about a month, there has been an 'apiv2' branch for libpod on GitHub. This week, we have begun to merge that branch but have yet to “wire it up.”

    First and foremost, the Golang libpod API remains largely unchanged. What is changing is the API we expose for automation and remote usage. Our previous API was based on the varlink protocol. But we heard from users that varlink was a hurdle for libpod adoption especially for those who were using the Docker API and its bindings. They simply could not or did not want to rewrite their custom applications for libpod’s new, varlink-based API.

    - + \ No newline at end of file diff --git a/blogs/tags/automation.html b/blogs/tags/automation.html index c146599d7..148a3701f 100644 --- a/blogs/tags/automation.html +++ b/blogs/tags/automation.html @@ -12,7 +12,7 @@ - + @@ -23,7 +23,7 @@ is so big, most readers would end up on the floor, sound asleep, in a puddle of their own drool.  Instead, I will keep your fidget-spinner twirling, by jumping around several topics.

    - + \ No newline at end of file diff --git a/blogs/tags/bindings.html b/blogs/tags/bindings.html index 643f5c6f3..fa5ea647b 100644 --- a/blogs/tags/bindings.html +++ b/blogs/tags/bindings.html @@ -12,7 +12,7 @@ - + @@ -27,7 +27,7 @@ using a set of Go based bindings is probably a more direct route to a production ready application. Let’s take a look at how easily that can be accomplished.

    - + \ No newline at end of file diff --git a/blogs/tags/bioinformatics.html b/blogs/tags/bioinformatics.html index c6f39c4f4..d1bf86071 100644 --- a/blogs/tags/bioinformatics.html +++ b/blogs/tags/bioinformatics.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    One post tagged with "bioinformatics"

    View All Tags

    · 10 min read

    podman logo

    Bioinformatics with rootless podman

    By Valentin Rothberg GitHub

    Over the last 10 years I've seen machines and workflows evolve where I work. From the initial dedicated server, to hpc environments and now the latest instance, containers.

    From an admin point of view this is great - The initial servers had to be carefully built and maintained so that everything would work nicely together. Incompatible programs at that time were run through a VM until such time as they could be folded in to the mix.

    The HPC's had versioned software and environment modules and were built to load the relevant dependencies at run time.

    Now we are into a new era, containers - and not just any old containers, but containers that end users can build and run up fairly quickly to perform what-if's, and move on quickly through iterations until they perform the required functions.

    Podman has developed very rapidly and is incredibly easy to use. You can use it in conjunction with quay.io or run it on a local machine.

    I should add that Adrian Reber gave a talk and has also created a Podman article using openhpc; well worth a watch and a read.

    If you don't have a RedHat Developer Subscription now is an ideal time to get one:

    https://developers.redhat.com/articles/getting-red-hat-developer-subscription-what-rhel-users-need-know/

    ..and download RedHat Enterprise 8.1

    - + \ No newline at end of file diff --git a/blogs/tags/boot-2-podman.html b/blogs/tags/boot-2-podman.html index 5789882bd..d836d6afa 100644 --- a/blogs/tags/boot-2-podman.html +++ b/blogs/tags/boot-2-podman.html @@ -12,13 +12,13 @@ - +

    One post tagged with "boot2podman"

    View All Tags

    · 3 min read

    boot2podman logo

    Podman Machine and Boot2podman

    By Anders F Björklund GitHub

    Update: September 9, 2021 - Tom Sweeney

    This post initially discussed the boot2podman/machine project, which Anders has since deprecated. Starting with Podman v3.3, the podman machine command now does that same function and is part of the Podman project. Please see Brent Baude's update or the podman machine man page on docs.podman.io for more information on how to run Podman machine. The podman-machine command has been deprecated.

    In addition, the Podman team is investigating the possibility of creating Podman Desktop. Please see the issue on GitHub, and please add your comments or thoughts to that issue.

    More updates are coming, and please keep your eye on the Podman Mailing List and podman.io for further information and developments.

    Finally, a very big thank you to Anders for his many contributions to Podman, particularly for his work in getting Podman to work smoothly on macOS.

    Original Post

    By using podman-machine and indirectly boot2podman, it is easy to get started with podman even if your local host does not support it...

    It will start a virtual machine, with everything to run containers. This includes podman and buildah, and remote access over varlink.

    - + \ No newline at end of file diff --git a/blogs/tags/bpf.html b/blogs/tags/bpf.html index 6af996226..95e28cc0e 100644 --- a/blogs/tags/bpf.html +++ b/blogs/tags/bpf.html @@ -12,13 +12,13 @@ - +

    One post tagged with "bpf"

    View All Tags

    · 11 min read

    podman logo

    Generate SECCOMP Profiles for Containers Using Podman and eBPF

    By Valentin Rothberg GitHub

    Containers run everywhere. They run in the cloud, they run on IoT devices, they run in small and in big companies and wherever they run, we want them to run as securely as possible. In this article, I describe the Google Summer of Code project that Divyansh Kamboj, Dan Walsh and I have been working on and how we improved the state of the art in securing containers, and how you can try it out.

    - + \ No newline at end of file diff --git a/blogs/tags/buildah.html b/blogs/tags/buildah.html index 392cfe978..66f6e6d17 100644 --- a/blogs/tags/buildah.html +++ b/blogs/tags/buildah.html @@ -12,7 +12,7 @@ - + @@ -36,7 +36,7 @@ to produce an image that supports multiple architectures under a single "name". Working with container image manifest lists post!

    · One min read

    podman logo

    Pulling podman images from a container repository

    By Tom Sweeney GitHub

    Tom Sweeney has another blog post on the Red Hat Enable Sysadmin site this time he's writing about Pulling podman images from a container repository. Learn the different varieties of pull that the podman build command can use to speed up or further secure your environment in this post.

    · One min read

    podman logo

    What happens behind the scenes of a rootless Podman container?

    By Dan Walsh GitHub

    Dan Walsh along with Matt Heon have a blog post on the Red Hat Enable Sysadmin site, What happens behind the scenes of a rootless Podman container?. If you ever wanted to know what happens under the covers of a rootless container, this is the article for you!

    - + \ No newline at end of file diff --git a/blogs/tags/buildah/page/2.html b/blogs/tags/buildah/page/2.html index e4eee425f..6829ed1cf 100644 --- a/blogs/tags/buildah/page/2.html +++ b/blogs/tags/buildah/page/2.html @@ -12,13 +12,13 @@ - +

    47 posts tagged with "buildah"

    View All Tags

    · One min read

    · One min read

    podman logo

    Running containers with Podman and shareable systemd services

    By Bryan Hepworth GitHub

    Podman version 1.7 is coming out soon and will include new features that will make management of containers with systemd services even easier. Valentin Rothberg has a blog post on the Red Hat Enable Sysadmin site that previews the features: Running containers with Podman and shareable systemd services. In the post Valentin goes over the highlights and then gives a great working example.

    · One min read

    podman logo

    Working with Linux containers on RHEL 8 with Podman, image builder and web console

    By Tom Sweeney GitHub

    Do you want to know how to setup RHEL 8 to run containers using Podman? Xuegang Jin has a blog post on the Red Hat Blog about this very subject, Working with Linux containers on RHEL 8 with Podman, image builder and web console. In the post Xuegang explains how you can use Image Builder to create an OS image, how to run containers with Podman, and how to check the host and containers performance using Web Console.

    · One min read

    podman logo

    Understanding root inside and outside a container

    By Tom Sweeney GitHub

    Do you run containers as root, or as a regular user? Scott McCarty has a blog post on the Red Hat Blog about this very subject, Understanding root inside and outside a container. In the post Scott walks you through what a rootless container does and how it can be a safer alternative to a container run by root.

    · One min read

    podman logo

    Leasing routable IP addresses with Podman containers

    By Brent Baude GitHub

    Brent Baude has another blog post on the Red Hat Enable Sysadmin site this time about Leasing routable IP addresses with Podman containers. In the post Brent talks about using the macvlan and the dhcp plugins that ship with the container-networking project in order to lease ip addresses for your containers.

    · One min read

    podman logo

    Building freely distributed containers with open tools

    By Tom Sweeney GitHub

    Scott McCarty (@fatherlinux) has an amazing video on YouTube about Building freely distributed containers with open tools. As only Scott could say "Although explaining how to ride a Tron-style light cycle is beyond the scope of this tutorial, we will discuss something almost as exhilarating—building containers with #Podman and #RedHat Universal Base Image (UBI). We will cover how to build and run #containers based on #UBI using just your regular user account—no daemon, no root (rootless), no fuss. Finally, we will order the deresolution of all of our containers with a really cool command. You probably won’t be promoted to CEO of ENCOM after this talk, but you will have new tools in your toolbelt for how to find, run, build, and share container images."

    - + \ No newline at end of file diff --git a/blogs/tags/buildah/page/3.html b/blogs/tags/buildah/page/3.html index 921bf5d39..2c5e5124d 100644 --- a/blogs/tags/buildah/page/3.html +++ b/blogs/tags/buildah/page/3.html @@ -12,13 +12,13 @@ - +

    47 posts tagged with "buildah"

    View All Tags

    · One min read

    podman logo

    Basic security principles for containers and container runtimes

    By Brent Baude GitHub

    Brent Baude has another blog post on the Red Hat Enable Sysadmin site this time about Basic security principles for containers and container runtimes. In the post Brent talks about the three core security themes concerning containers and why user privileges matter in the space.

    · One min read

    podman logo

    The current adoption status of cgroup v2 in containers

    By Tom Sweeney GitHub

    In case you missed Akihiro Suda's post on Medium.com, The current adoption status of cgroup v2 in containers, here's a quick link to it. In the article Akihiro talks all things cgroup v2 and what changes it promises to bring to the world of containers, and Podman is at the forefront of that change.

    · One min read

    podman logo

    PMM Server + podman: Running a Container Without root Privileges

    By Tom Sweeney GitHub

    Ceri Williams talks about how the Percona Monitoring and Management (PMM) can be run in a container using Podman without root privileges here. In the post Ceri talks about how Percona was able to replace Docker with Podman and Buildah and are able to run containers more securely by doing so.

    · One min read

    podman logo

    Why can’t rootless Podman pull my image?

    By Matthew Heon GitHub

    Matthew Heon has a blog post on the Red Hat Enable Sysadmin site about Why can’t rootless Podman pull my image?. In the blog Matt discusses why restrictions on rootless containers can be inconvenient, but why they're necessary. In the blog Matt covers the use of user namespace and the allocations of uid and gid's that are required to make rootless containers work securely in your environment.

    · One min read

    podman logo

    Best practices for running Buildah in a container

    By Dan Walsh GitHub

    Dan Walsh has recently posted a blog on the Red Hat Developer Blog, Best practices for running Buildah in a container. The post walks you through the balancing act of running a container securely using while keeping an eye on performance. A big boost to the performance side of things is the concept of "Additional Stores". Dan walks you through the use of those in this blog and then wraps it all up with an on-line video at the end.

    - + \ No newline at end of file diff --git a/blogs/tags/buildah/page/4.html b/blogs/tags/buildah/page/4.html index 7a034a027..ba07c4f20 100644 --- a/blogs/tags/buildah/page/4.html +++ b/blogs/tags/buildah/page/4.html @@ -12,7 +12,7 @@ - + @@ -23,7 +23,7 @@ Ruby on Rails application in new article on mkdev.me blog: Dockerless, part 3: Moving development environment to containers with Podman.

    · One min read

    podman logo

    OnDemand Course: Container pipelines for sys admins—and anyone, really—with Buildah and Podman

    By Tom Sweeney GitHub

    Red Hat has recently posted an OnDemand course: Container pipelines for sys admins—and anyone, really—with Buildah and Podman. The session teaches you how to integrate both Podman and Buildah into your continuous delivery (CI/CD) solutions and also serves as a good introduction to both tools. The cost can't be beat (free!), so if you're looking for a quick introduction into the tools, this is a good way to go.

    · 2 min read

    podman logo

    Podman Mailing List

    By Tom Sweeney GitHub

    We've received a number of requests for a mailing list for Podman and we're happy to announce that one has just been created! We've built a friendly community on IRC and GitHub and plan to continue that growth in this new mailing list. The maintainers of the project are all members of the list and we're happy to take any and all questions there about Podman. You can also just use the list as a way to track what's going on with Podman as release announcements and other important news will be posted there.

    - + \ No newline at end of file diff --git a/blogs/tags/buildah/page/5.html b/blogs/tags/buildah/page/5.html index 4603389b5..e031aab27 100644 --- a/blogs/tags/buildah/page/5.html +++ b/blogs/tags/buildah/page/5.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    47 posts tagged with "buildah"

    View All Tags

    · One min read

    podman logo

    Monitoring container vitality and availability with Podman

    By Brent Baude GitHub

    Who doesn't want a healthy container in their environment? Now with Podman you can setup healthchecks so you can check if your container and it's application is up and running as you'd expect. Brent Baude introduces the new functionality in this article on the Red Hat Developer Blog: Monitoring container vitality and availability with Podman.

    · 5 min read

    podman logo buildah logo

    Buildah and Podman Relationship

    By Tom Sweeney GitHub

    Kubernetes installations can be complex with multiple runtime dependencies and runtime engines. CRI-O was created to provide a lightweight runtime for Kubernetes which adds an abstraction layer between the cluster and the runtime that allows for various OCI runtime technologies. However you still have the problem of daemon dependencies in your cluster for builds - I.e. if you are using the cluster for builds you still need a Docker daemon.

    Enter Buildah. Buildah allows you to have a Kubernetes cluster without any Docker daemon for both runtime and builds. Excellent. But what if things go wrong? What if you want to do troubleshooting or debugging of containers in your cluster? Buildah isn’t really built for that, what you need is a client tool for working with containers and the one that comes to mind is Docker CLI - but then you’re back to using the daemon.

    This is where Podman steps in. Podman allows you to do all of the Docker commands without the daemon dependency. With Podman you can run, build (it calls Buildah under the covers for this), modify and troubleshoot containers in your Kubernetes cluster. With the two projects together, you have a well rounded solution for your OCI container image and container needs.

    - + \ No newline at end of file diff --git a/blogs/tags/centos.html b/blogs/tags/centos.html index 3d7987fa2..a53daf49a 100644 --- a/blogs/tags/centos.html +++ b/blogs/tags/centos.html @@ -12,7 +12,7 @@ - + @@ -24,7 +24,7 @@ have made it easier for new users to test the latest-greatest versions of Podman and allow for using it on distributions that do not yet provide it in their main repositories.

    - + \ No newline at end of file diff --git a/blogs/tags/ci.html b/blogs/tags/ci.html index 3992e8aed..8e127b9e8 100644 --- a/blogs/tags/ci.html +++ b/blogs/tags/ci.html @@ -12,7 +12,7 @@ - + @@ -23,7 +23,7 @@ is so big, most readers would end up on the floor, sound asleep, in a puddle of their own drool.  Instead, I will keep your fidget-spinner twirling, by jumping around several topics.

    - + \ No newline at end of file diff --git a/blogs/tags/cloud.html b/blogs/tags/cloud.html index c51574280..e669ce3e3 100644 --- a/blogs/tags/cloud.html +++ b/blogs/tags/cloud.html @@ -12,7 +12,7 @@ - + @@ -23,7 +23,7 @@ is so big, most readers would end up on the floor, sound asleep, in a puddle of their own drool.  Instead, I will keep your fidget-spinner twirling, by jumping around several topics.

    - + \ No newline at end of file diff --git a/blogs/tags/community.html b/blogs/tags/community.html index 67aba50d0..6de986ce2 100644 --- a/blogs/tags/community.html +++ b/blogs/tags/community.html @@ -12,13 +12,13 @@ - +

    One post tagged with "community"

    View All Tags

    · 3 min read

    podman logo

    By Brent Baude GitHub

    If you follow the traffic on IRC (#podman on libera.chat) or GitHub from the developers of libpod, you might have seen us referencing a new API. We often referred to it as apiv2 and for about a month, there has been an 'apiv2' branch for libpod on GitHub. This week, we have begun to merge that branch but have yet to “wire it up.”

    First and foremost, the Golang libpod API remains largely unchanged. What is changing is the API we expose for automation and remote usage. Our previous API was based on the varlink protocol. But we heard from users that varlink was a hurdle for libpod adoption especially for those who were using the Docker API and its bindings. They simply could not or did not want to rewrite their custom applications for libpod’s new, varlink-based API.

    - + \ No newline at end of file diff --git a/blogs/tags/compose.html b/blogs/tags/compose.html index e31930da2..afc3b38f6 100644 --- a/blogs/tags/compose.html +++ b/blogs/tags/compose.html @@ -12,13 +12,13 @@ - +

    6 posts tagged with "compose"

    View All Tags

    · One min read

    podman logo

    From Docker Compose to Kubernetes with Podman

    By Brent Baude GitHub

    If you want to know how to use Podman v3.0 to convert Docker Compose YAML to a format that Podman recognizes, Brent Baude explains the "how to" in a recent blog post on the Red Hat Enable Sysadmin site, From Docker Compose to Kubernetes with Podman. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    · One min read

    If you want to know how to use Podman v3.0 to convert Docker Compose YAML to a format that Podman recognizes, Brent Baude explains the "how to" in a recent blog post on the Red Hat Enable Sysadmin site, From Docker Compose to Kubernetes with Podman. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    · One min read

    podman logo

    Podman: Managing pods and containers in a local container runtime

    By Brent Baude GitHub

    Podman has the ability to handle pod deployment which is a differentiator from other container runtimes. Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Podman: Managing pods and containers in a local container runtime. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    · One min read

    Podman has the ability to handle pod deployment which is a differentiator from other container runtimes. Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Podman: Managing pods and containers in a local container runtime. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    · One min read

    One of the questions that the Podman development team has been hearing a lot over the past year or so is "Does Podman support Docker Compose? Up until recently, the answer was "not yet". With the soon to be released Podman v3.0, that answer changes to "NOW!" Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Using Podman and Docker Compose. This functionality is now available in the upstream version of Podman if you want to take a real sneak peak.

    · One min read

    podman logo

    Using Podman and Docker Compose

    By Brent Baude GitHub

    One of the questions that the Podman development team has been hearing a lot over the past year or so is "Does Podman support Docker Compose? Up until recently, the answer was "not yet". With the soon to be released Podman v3.0, that answer changes to "NOW!" Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Using Podman and Docker Compose. This functionality is now available in the upstream version of Podman if you want to take a real sneak peak.

    - + \ No newline at end of file diff --git a/blogs/tags/containers.html b/blogs/tags/containers.html index 1b21a0414..732811420 100644 --- a/blogs/tags/containers.html +++ b/blogs/tags/containers.html @@ -12,7 +12,7 @@ - + @@ -44,7 +44,7 @@ macvlan without a gateway address. New packages for Fedora 36 and the Podman4 COPR are being built and should be available shortly.

    - + \ No newline at end of file diff --git a/blogs/tags/containers/page/10.html b/blogs/tags/containers/page/10.html index a7a0085b0..1194574ae 100644 --- a/blogs/tags/containers/page/10.html +++ b/blogs/tags/containers/page/10.html @@ -12,13 +12,13 @@ - +

    178 posts tagged with "containers"

    View All Tags

    · 3 min read

    podman logo

    Podman API v1.0 Deprecation and Removal Notice

    By Tom Sweeney GitHub

    The Podman API v1.0 relied on the varlink library to handle the underlying client/server calls from the Podman client to the host where the Podman service was running. About one year ago, the Podman team was notified that the focus on the varlink library was being greatly reduced and there would be no further development and little support for it from the varlink library team. This led the Podman team to investigate the use of other client/server technologies and it was decided to develop a RESTful API for Podman using the native Go libraries.

    - + \ No newline at end of file diff --git a/blogs/tags/containers/page/11.html b/blogs/tags/containers/page/11.html index 8079af73a..90730ce51 100644 --- a/blogs/tags/containers/page/11.html +++ b/blogs/tags/containers/page/11.html @@ -12,7 +12,7 @@ - + @@ -22,7 +22,7 @@ the upstream commands may become unstable for a period of time until the final release is completed. More details in the announcement post.

    - + \ No newline at end of file diff --git a/blogs/tags/containers/page/12.html b/blogs/tags/containers/page/12.html index 9170d3663..51db5c1ef 100644 --- a/blogs/tags/containers/page/12.html +++ b/blogs/tags/containers/page/12.html @@ -12,7 +12,7 @@ - + @@ -43,7 +43,7 @@ Signing container images is nothing magical and can drastically enhance security to mitigate man-in-the-middle (MITM) attacks. Read all about it here.

    · One min read

    podman logo

    What happens behind the scenes of a rootless Podman container?

    By Dan Walsh GitHub

    Dan Walsh along with Matt Heon have a blog post on the Red Hat Enable Sysadmin site, What happens behind the scenes of a rootless Podman container?. If you ever wanted to know what happens under the covers of a rootless container, this is the article for you!

    - + \ No newline at end of file diff --git a/blogs/tags/containers/page/13.html b/blogs/tags/containers/page/13.html index be761c32a..67bcc5ecf 100644 --- a/blogs/tags/containers/page/13.html +++ b/blogs/tags/containers/page/13.html @@ -12,13 +12,13 @@ - +

    178 posts tagged with "containers"

    View All Tags

    · One min read

    · One min read

    podman logo

    Running containers with Podman and shareable systemd services

    By Bryan Hepworth GitHub

    Podman version 1.7 is coming out soon and will include new features that will make management of containers with systemd services even easier. Valentin Rothberg has a blog post on the Red Hat Enable Sysadmin site that previews the features: Running containers with Podman and shareable systemd services. In the post Valentin goes over the highlights and then gives a great working example.

    · One min read

    podman logo

    Working with Linux containers on RHEL 8 with Podman, image builder and web console

    By Tom Sweeney GitHub

    Do you want to know how to setup RHEL 8 to run containers using Podman? Xuegang Jin has a blog post on the Red Hat Blog about this very subject, Working with Linux containers on RHEL 8 with Podman, image builder and web console. In the post Xuegang explains how you can use Image Builder to create an OS image, how to run containers with Podman, and how to check the host and containers performance using Web Console.

    · One min read

    podman logo

    Understanding root inside and outside a container

    By Tom Sweeney GitHub

    Do you run containers as root, or as a regular user? Scott McCarty has a blog post on the Red Hat Blog about this very subject, Understanding root inside and outside a container. In the post Scott walks you through what a rootless container does and how it can be a safer alternative to a container run by root.

    - + \ No newline at end of file diff --git a/blogs/tags/containers/page/14.html b/blogs/tags/containers/page/14.html index bc5e1abc9..85ae1767a 100644 --- a/blogs/tags/containers/page/14.html +++ b/blogs/tags/containers/page/14.html @@ -12,7 +12,7 @@ - + @@ -22,7 +22,7 @@ introduced how Podman can be used to run containers under the control of Open MPI. In this article I want to extend my HPC environment to use a shared NFS home directory.

    · One min read

    podman logo

    PMM Server + podman: Running a Container Without root Privileges

    By Tom Sweeney GitHub

    Ceri Williams talks about how the Percona Monitoring and Management (PMM) can be run in a container using Podman without root privileges here. In the post Ceri talks about how Percona was able to replace Docker with Podman and Buildah and are able to run containers more securely by doing so.

    · 11 min read

    podman logo

    Generate SECCOMP Profiles for Containers Using Podman and eBPF

    By Valentin Rothberg GitHub

    Containers run everywhere. They run in the cloud, they run on IoT devices, they run in small and in big companies and wherever they run, we want them to run as securely as possible. In this article, I describe the Google Summer of Code project that Divyansh Kamboj, Dan Walsh and I have been working on and how we improved the state of the art in securing containers, and how you can try it out.

    - + \ No newline at end of file diff --git a/blogs/tags/containers/page/15.html b/blogs/tags/containers/page/15.html index 21215b32d..49656c362 100644 --- a/blogs/tags/containers/page/15.html +++ b/blogs/tags/containers/page/15.html @@ -12,7 +12,7 @@ - + @@ -21,7 +21,7 @@ but in this article I want to focus on running Message Passing Interface (MPI) parallelized programs with the help of Podman.

    · One min read

    podman logo

    Why can’t rootless Podman pull my image?

    By Matthew Heon GitHub

    Matthew Heon has a blog post on the Red Hat Enable Sysadmin site about Why can’t rootless Podman pull my image?. In the blog Matt discusses why restrictions on rootless containers can be inconvenient, but why they're necessary. In the blog Matt covers the use of user namespace and the allocations of uid and gid's that are required to make rootless containers work securely in your environment.

    · One min read

    podman logo

    Best practices for running Buildah in a container

    By Dan Walsh GitHub

    Dan Walsh has recently posted a blog on the Red Hat Developer Blog, Best practices for running Buildah in a container. The post walks you through the balancing act of running a container securely using while keeping an eye on performance. A big boost to the performance side of things is the concept of "Additional Stores". Dan walks you through the use of those in this blog and then wraps it all up with an on-line video at the end.

    · One min read

    podman logo

    Using the rootless containers Tech Preview in RHEL 8.0

    By Tom Sweeney GitHub

    Scott McCarty has a blog post on the Red Hat Blog about Using the rootless containers Tech Preview in RHEL 8.0. Podman rootless containers has hit Tech Preview for RHEL 8.0 and Scott walks you through the setup necessary for rootless containers. Small hint, it's a short post because it's just that easy.

    · One min read

    podman logo

    How templating works with Podman, Kubernetes, and Red Hat OpenShift

    By Tom Sweeney GitHub

    Olaph Wagner has put together a nice introduction on How templating works with Podman, Kubernetes, and Red Hat OpenShift on the IBM Developer blog site. If you want to find out how to use Podman to create images that helps Red Hat OpenShift to make templates on the IBM Cloud(TM), then this is the article for you!

    - + \ No newline at end of file diff --git a/blogs/tags/containers/page/16.html b/blogs/tags/containers/page/16.html index e88dc1a17..1a766a4e8 100644 --- a/blogs/tags/containers/page/16.html +++ b/blogs/tags/containers/page/16.html @@ -12,7 +12,7 @@ - + @@ -22,7 +22,7 @@ Ruby on Rails application in new article on mkdev.me blog: Dockerless, part 3: Moving development environment to containers with Podman.

    · One min read

    podman logo

    OnDemand Course: Container pipelines for sys admins—and anyone, really—with Buildah and Podman

    By Tom Sweeney GitHub

    Red Hat has recently posted an OnDemand course: Container pipelines for sys admins—and anyone, really—with Buildah and Podman. The session teaches you how to integrate both Podman and Buildah into your continuous delivery (CI/CD) solutions and also serves as a good introduction to both tools. The cost can't be beat (free!), so if you're looking for a quick introduction into the tools, this is a good way to go.

    · 2 min read

    podman logo

    Podman Mailing List

    By Tom Sweeney GitHub

    We've received a number of requests for a mailing list for Podman and we're happy to announce that one has just been created! We've built a friendly community on IRC and GitHub and plan to continue that growth in this new mailing list. The maintainers of the project are all members of the list and we're happy to take any and all questions there about Podman. You can also just use the list as a way to track what's going on with Podman as release announcements and other important news will be posted there.

    · One min read

    podman logo

    Monitoring container vitality and availability with Podman

    By Brent Baude GitHub

    Who doesn't want a healthy container in their environment? Now with Podman you can setup healthchecks so you can check if your container and it's application is up and running as you'd expect. Brent Baude introduces the new functionality in this article on the Red Hat Developer Blog: Monitoring container vitality and availability with Podman.

    - + \ No newline at end of file diff --git a/blogs/tags/containers/page/17.html b/blogs/tags/containers/page/17.html index 6c2bf4950..29d73c862 100644 --- a/blogs/tags/containers/page/17.html +++ b/blogs/tags/containers/page/17.html @@ -12,7 +12,7 @@ - + @@ -31,7 +31,7 @@ checkpoint/restore it is now possible to resume a container after a reboot at exactly the same point in time it was checkpointed.

    - + \ No newline at end of file diff --git a/blogs/tags/containers/page/18.html b/blogs/tags/containers/page/18.html index 6d53c789c..a7950b7e5 100644 --- a/blogs/tags/containers/page/18.html +++ b/blogs/tags/containers/page/18.html @@ -12,7 +12,7 @@ - + @@ -26,7 +26,7 @@ In fact, this job can be done by external tools and this blog post describes how we can use the systemd initialization service to work with Podman containers.

    · 6 min read

    podman logo

    Python3 support for Podman

    By Jhon Honce GitHub

    You’ve learned of Podman and all it’s coolness for running OCI-based containers, but you need a solution that is repeatable and scripted. Rather than just executing Podman commands, you want a stable API to call into and not need to screen scrape the output.

    We heard you and now provide a Python package, python3-podman. This package allows you to access the facilities of a Podman service with #nobigfatdaemons.

    - + \ No newline at end of file diff --git a/blogs/tags/containers/page/2.html b/blogs/tags/containers/page/2.html index 7d2d3afbf..16cb30a7e 100644 --- a/blogs/tags/containers/page/2.html +++ b/blogs/tags/containers/page/2.html @@ -12,7 +12,7 @@ - + @@ -24,7 +24,7 @@ changes around volume mounts in subsequent Podman releases (i.e. default mounts, technology used to make the mount).

    · 2 min read

    podman logo

    Podman 4 is not in Fedora 35

    Podman 4 will not officially ship in Fedora 35 because it has breaking changes from Podman 3. Fedora has well-founded policies that forbid updating a package in a Fedora release, like 35, that has breaking changes. This is true for most Linux distributions that are dependent on release versions.

    - + \ No newline at end of file diff --git a/blogs/tags/containers/page/3.html b/blogs/tags/containers/page/3.html index f2071580b..05d13c8d9 100644 --- a/blogs/tags/containers/page/3.html +++ b/blogs/tags/containers/page/3.html @@ -12,7 +12,7 @@ - + @@ -36,7 +36,7 @@ Checkout the Podman Posts of Interest for the links!

    - + \ No newline at end of file diff --git a/blogs/tags/containers/page/4.html b/blogs/tags/containers/page/4.html index b8bbc19da..e52140427 100644 --- a/blogs/tags/containers/page/4.html +++ b/blogs/tags/containers/page/4.html @@ -12,7 +12,7 @@ - + @@ -32,7 +32,7 @@ Checkout the Podman Posts of Interest for the links!

    - + \ No newline at end of file diff --git a/blogs/tags/containers/page/5.html b/blogs/tags/containers/page/5.html index d1ea9ee00..adae7387f 100644 --- a/blogs/tags/containers/page/5.html +++ b/blogs/tags/containers/page/5.html @@ -12,7 +12,7 @@ - + @@ -28,7 +28,7 @@ to the posts. Checkout the Podman Posts of Interest for the links!

    · One min read

    podman logo

    Podman: Managing pods and containers in a local container runtime

    By Brent Baude GitHub

    Podman has the ability to handle pod deployment which is a differentiator from other container runtimes. Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Podman: Managing pods and containers in a local container runtime. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    · One min read

    Podman has the ability to handle pod deployment which is a differentiator from other container runtimes. Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Podman: Managing pods and containers in a local container runtime. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    · One min read

    One of the questions that the Podman development team has been hearing a lot over the past year or so is "Does Podman support Docker Compose? Up until recently, the answer was "not yet". With the soon to be released Podman v3.0, that answer changes to "NOW!" Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Using Podman and Docker Compose. This functionality is now available in the upstream version of Podman if you want to take a real sneak peak.

    - + \ No newline at end of file diff --git a/blogs/tags/containers/page/6.html b/blogs/tags/containers/page/6.html index bd23b16a4..3c78a5685 100644 --- a/blogs/tags/containers/page/6.html +++ b/blogs/tags/containers/page/6.html @@ -12,7 +12,7 @@ - + @@ -34,7 +34,7 @@ job of walking through setting up the demo and running it.

    · 3 min read

    podman logo

    Using Podman and systemd to manage container lifecycle

    By Ed Haynes GitHub

    My background is in industrial automation, and in most cases, the edge devices in the factory are too underpowered to run Kubernetes as a method to manage the lifecycle of containers. The workloads have a very long lifecycle, and generally are "tied" to the edge device. There is a lot of value in containerizing applications on these edge devices, however, as it decouples the application dependencies from the OS and provides a level of isolation between applications. This demo will show how using Podman in conjunction with systemd provides an elegant solution for this sort of use case. In addition, this will be done as a "rootless" user - a key benefit of Podman that helps keep the device secure.

    - + \ No newline at end of file diff --git a/blogs/tags/containers/page/7.html b/blogs/tags/containers/page/7.html index 822f1b4c6..2d2552fff 100644 --- a/blogs/tags/containers/page/7.html +++ b/blogs/tags/containers/page/7.html @@ -12,7 +12,7 @@ - + @@ -27,7 +27,7 @@ October 6 at 11:00 a.m. Eastern. It will be a video conference using BlueJeans and all of the details are on this post.

    · One min read

    podman logo

    DevConf US 2020 Containers Technologies Talk

    By Tom Sweeney GitHub

    In case you missed Kedar Kulkarni's excellent talk at DevConf.US 2020, "Docker, Podman, Buildah, Skopeo, and what else?", check out the video on YouTube. There were also a number of other interesting talks at DevConf.US 2020 that you might be interested in, you'll be able to find links to the talks at the DevConf.US site above.

    - + \ No newline at end of file diff --git a/blogs/tags/containers/page/8.html b/blogs/tags/containers/page/8.html index e259c3f65..4fb8cf5ae 100644 --- a/blogs/tags/containers/page/8.html +++ b/blogs/tags/containers/page/8.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    178 posts tagged with "containers"

    View All Tags

    · One min read

    By Tom Sweeney GitHub

    In case you missed Kedar Kulkarni's excellent talk at DevConf.US 2020, "Docker, Podman, Buildah, Skopeo, and what else?", check out the video on YouTube. There were also a number of other interesting talks at DevConf.US 2020 that you might be interested in, you'll be able to find links to the talks at the DevConf.US site above.

    · One min read

    podman logo

    Podman Security Issue

    Today, we're releasing updates to fix CVE-2020-14370, a security issue in Podman. This is a medium-severity information disclosure vulnerability that affects containers created using Podman’s Varlink API or the Docker-compatible version of its REST API. If two or more containers are created using these APIs, and the first container had environment variables added to it when it was created, all subsequent containers created using the Varlink or Docker-compatible REST APIs will also have these environment variables added. This effect does not persist after restarting the Podman API service.

    Podman v2.0.5 and higher contain a fix for the CVE. If you use either of these APIs, please update to Podman v2.0.5 or later. We will also be patching the long-term support v1.6.4 release used in RHEL and CentOS.

    · One min read

    podman logo

    Podman Posts of Interest

    By Brent Baude GitHub

    · One min read

    I've run across a number of posts over the past few weeks concerning Podman and have been busy getting other work done. So now I have a few moments and thought I'd add some links to the posts. Enjoy!

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, Podman remote clients for macOS and Windows, Brent Baude and Ashley Cui walk you through setting up a remote client on either Windows or macOS to let you manage your containers and images on your Linux backend. The post covers installation, ssh setup, creating the initial connection and finally how to use the client. Give it a quick look!

    · One min read

    podman logo

    Podman remote clients for macOS and Windows

    By Brent Baude GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, Podman remote clients for macOS and Windows, Brent Baude and Ashley Cui walk you through setting up a remote client on either Windows or macOS to let you manage your containers and images on your Linux backend. The post covers installation, ssh setup, creating the initial connection and finally how to use the client. Give it a quick look!

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, The podman play kube command now supports deployments, you can now learn all about the recent features added to Podman to interact with Kubernetes objects. The podman generate kube command allows you to export your existing containers into Kubernetes Pod YAML. This YAML can then be imported into OpenShift or a Kubernetes cluster. The podman play kube does the opposite, it allows you to take a Kubernetes YAML and run it in Podman. Learn all of the details and more in the blog post!

    · One min read

    podman logo

    The podman play kube command now supports deployments

    By Matthew Heon GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, The podman play kube command now supports deployments, you can now learn all about the recent features added to Podman to interact with Kubernetes objects. The podman generate kube command allows you to export your existing containers into Kubernetes Pod YAML. This YAML can then be imported into OpenShift or a Kubernetes cluster. The podman play kube does the opposite, it allows you to take a Kubernetes YAML and run it in Podman. Learn all of the details and more in the blog post!

    · One min read

    podman logo

    Tick-tock. Does your container know what time it is?

    By Tom Sweeney GitHub

    Ashley Cui recently joined our team at Red Hat and just wrote her first ever blog post that is now on the Red Hat Enable Sysadmin site Tick-tock. Does your container know what time it is?. In this timely post, Ashley walks you through setting the timezone within a container using the --tz option. Just prior to this posting, I had answered a very similar question for someone. This is a really good and quick blog, and I'm sure the first of many for Ashley.

    · One min read

    Ashley Cui recently joined our team at Red Hat and just wrote her first ever blog post that is now on the Red Hat Enable Sysadmin site Tick-tock. Does your container know what time it is?. In this timely post, Ashley walks you through setting the timezone within a container using the --tz option. Just prior to this posting, I had answered a very similar question for someone. This is a really good and quick blog, and I'm sure the first of many for Ashley.

    - + \ No newline at end of file diff --git a/blogs/tags/containers/page/9.html b/blogs/tags/containers/page/9.html index f63232c6e..618626f3e 100644 --- a/blogs/tags/containers/page/9.html +++ b/blogs/tags/containers/page/9.html @@ -12,7 +12,7 @@ - + @@ -28,7 +28,7 @@ using a set of Go based bindings is probably a more direct route to a production ready application. Let’s take a look at how easily that can be accomplished.

    - + \ No newline at end of file diff --git a/blogs/tags/cri-o.html b/blogs/tags/cri-o.html index e9c3b49e9..76fd27aad 100644 --- a/blogs/tags/cri-o.html +++ b/blogs/tags/cri-o.html @@ -12,7 +12,7 @@ - + @@ -22,7 +22,7 @@ Signing container images is nothing magical and can drastically enhance security to mitigate man-in-the-middle (MITM) attacks. Read all about it here.

    - + \ No newline at end of file diff --git a/blogs/tags/crun.html b/blogs/tags/crun.html index c3580ca78..7e852af67 100644 --- a/blogs/tags/crun.html +++ b/blogs/tags/crun.html @@ -12,13 +12,13 @@ - +

    One post tagged with "crun"

    View All Tags

    · 8 min read

    podman logo

    First Look: Rootless Containers and cgroup v2 on Fedora 31

    By Tom Sweeney GitHub

    I often times stay up too late at night watching late night television and run into these crazy commercials that tell you how easy their product is to use. If you’ve stayed up too, you know them as well. Just put your chicken and veggies in our oven, press 3 buttons and 45 minutes later a perfectly cooked meal! Easy! Got a leak? Slap on this tape and no more leak! Easy! Got a messy floor, just use this sweeper and you’ve the cleanest floor in the neighborhood! Easy!

    Podman runs secure rootless containers and it really is easy! Trust me, I’m not like those other folks! As we’ve had a number of people asking us about what’s needed to set Podman rootless containers up, I decided to run through the process myself and to blog about the steps I took.

    - + \ No newline at end of file diff --git a/blogs/tags/debian.html b/blogs/tags/debian.html index ab5631316..64f78ac47 100644 --- a/blogs/tags/debian.html +++ b/blogs/tags/debian.html @@ -12,7 +12,7 @@ - + @@ -24,7 +24,7 @@ have made it easier for new users to test the latest-greatest versions of Podman and allow for using it on distributions that do not yet provide it in their main repositories.

    - + \ No newline at end of file diff --git a/blogs/tags/dependency-management.html b/blogs/tags/dependency-management.html index 8ac0d80c0..ee32c3cd9 100644 --- a/blogs/tags/dependency-management.html +++ b/blogs/tags/dependency-management.html @@ -12,13 +12,13 @@ - +

    2 posts tagged with "dependency-management"

    View All Tags

    · 5 min read

    podman logo

    Easy Development Dependency Management With Podman and Tent

    By Farhan Hasin Chowdhury GitHub

    Installing and managing development dependencies for various project is a chore and one thing that can improve your everyday workflow is the usage of containers.

    Tent is a CLI tool for running development dependencies such as MySQL, Mongo, ElasticSearch etc inside pre-configured containers using simple one-liners.

    · One min read

    Tent is an open-source CLI tool for running development dependencies such as MySQL, Mongo, ElasticSearch etc inside pre-configured containers using simple one-liners. Developed using Go and the official golang bindings, tent is fast, reliable and secure. Checkout Easy Development Dependency Management With Podman and Tent to learn about the project.

    - + \ No newline at end of file diff --git a/blogs/tags/distro.html b/blogs/tags/distro.html index 6f89348b4..cb029683e 100644 --- a/blogs/tags/distro.html +++ b/blogs/tags/distro.html @@ -12,7 +12,7 @@ - + @@ -24,7 +24,7 @@ have made it easier for new users to test the latest-greatest versions of Podman and allow for using it on distributions that do not yet provide it in their main repositories.

    - + \ No newline at end of file diff --git a/blogs/tags/docker-compose.html b/blogs/tags/docker-compose.html index 2b390c2b0..fcabd4d96 100644 --- a/blogs/tags/docker-compose.html +++ b/blogs/tags/docker-compose.html @@ -12,14 +12,14 @@ - +

    16 posts tagged with "docker compose"

    View All Tags

    · One min read

    podman logo

    From Docker Compose to Kubernetes with Podman

    By Brent Baude GitHub

    If you want to know how to use Podman v3.0 to convert Docker Compose YAML to a format that Podman recognizes, Brent Baude explains the "how to" in a recent blog post on the Red Hat Enable Sysadmin site, From Docker Compose to Kubernetes with Podman. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    · One min read

    If you want to know how to use Podman v3.0 to convert Docker Compose YAML to a format that Podman recognizes, Brent Baude explains the "how to" in a recent blog post on the Red Hat Enable Sysadmin site, From Docker Compose to Kubernetes with Podman. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    · One min read

    podman logo

    Podman: Managing pods and containers in a local container runtime

    By Brent Baude GitHub

    Podman has the ability to handle pod deployment which is a differentiator from other container runtimes. Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Podman: Managing pods and containers in a local container runtime. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    · One min read

    Podman has the ability to handle pod deployment which is a differentiator from other container runtimes. Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Podman: Managing pods and containers in a local container runtime. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    · One min read

    One of the questions that the Podman development team has been hearing a lot over the past year or so is "Does Podman support Docker Compose? Up until recently, the answer was "not yet". With the soon to be released Podman v3.0, that answer changes to "NOW!" Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Using Podman and Docker Compose. This functionality is now available in the upstream version of Podman if you want to take a real sneak peak.

    · One min read

    podman logo

    Using Podman and Docker Compose

    By Brent Baude GitHub

    One of the questions that the Podman development team has been hearing a lot over the past year or so is "Does Podman support Docker Compose? Up until recently, the answer was "not yet". With the soon to be released Podman v3.0, that answer changes to "NOW!" Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Using Podman and Docker Compose. This functionality is now available in the upstream version of Podman if you want to take a real sneak peak.

    · One min read

    The local Podman v2 client is complete. It is passing all of its rootful and rootless system and integration tests.

    The CI/CID tests have been re-enabled upstream and are run with each pull request submission. We are now hard at work finishing up some of the core podman-remote functions. Once those functions are complete, we can then begin to run our podman-remote system and integration tests to catch any regressions.

    More details in the announcement post.

    · 2 min read

    podman logo

    Update on Podman v2

    By Brent Baude GitHub

    A few weeks ago, we made an announcement about the development of Podman V2. In the announcement, we mentioned that the state of upstream code would be jumbled for a while and that we would be temporarily disabling many of our CI/CD tests. The upstream development team has been hard at work, and we are starting to see that work pay off.

    Today, we are very excited to announce:

    The local Podman v2 client is complete. It is passing all of its rootful and rootless system and integration tests.

    The CI/CID tests have been re-enabled upstream and are run with each pull request submission. We are now hard at work finishing up some of the core podman-remote functions. Once those functions are complete, we can then begin to run our podman-remote system and integration tests to catch any regressions.

    We have re-enabled the autobuilds for Podman v2 in Fedora rawhide. As mentioned earlier, the Podman remote client is not complete, so that binary is temporarily being removed from the RPM. It will be re-added when the remote client is complete. As a corollary, the Windows and OS/X clients are also not being compiled or tested. This will occur once the remote client for Linux is complete.

    We encourage you to pull the latest upstream Podman code and exercise it with your use cases to help us protect against regressions from Podman v1. We hope to make a full Podman v2.0 release in several weeks, once we are confident it is stable. We look forward to hearing what you think, and please do not hesitate to raise issues and comments on this in our GitHub repository, our Freenode IRC channel #podman, or to the Podman mailing list.

    We’re very excited to bring Podman v2.0 to you as it offers a lot more flexibility through it’s new REST API interface and adds several enhancements to the existing commands. If your project builds on top of Podman, we would especially love to have you test this new version out so we can ensure complete compatibility with Podman v1.0 and address any issues found ASAP.

    Note: This announcement was first released to the Podman mailing list. If you are not yet a member of that community, please join us by sending an email to podman-join@lists.podman.io with the word “subscribe” as the title.

    - + \ No newline at end of file diff --git a/blogs/tags/docker-compose/page/2.html b/blogs/tags/docker-compose/page/2.html index 3f1635211..7d9b97965 100644 --- a/blogs/tags/docker-compose/page/2.html +++ b/blogs/tags/docker-compose/page/2.html @@ -12,7 +12,7 @@ - + @@ -42,7 +42,7 @@ advancements that Podman v2.x will give our users. Subsequent blog posts will be written on those advancements and why they matter to our users.

    - + \ No newline at end of file diff --git a/blogs/tags/docker.html b/blogs/tags/docker.html index fc8c97c8c..6ec296319 100644 --- a/blogs/tags/docker.html +++ b/blogs/tags/docker.html @@ -12,13 +12,13 @@ - +

    47 posts tagged with "docker"

    View All Tags

    · One min read

    podman logo

    Podman 3 and Docker Compose - How Does the Dockerless Compose Work?

    By Kirill Shirinkin GitHub

    One of the main Podman 3 features is the support of Docker Compose. You can take any of your existing docker-compose.yml and just use it with Podman.

    In this video, Kirill Shirinkin shows how he moved from Docker to Podman in a real docker-composed application.

    Watch now.

    · One min read

    podman logo

    Dockerless: Build and Run Containers with Podman and systemd

    By Kirill Shirinkin GitHub

    In this video, Kirill Shirinkin will show how to use Podman to build container images and run Java applications in containers with systemd.

    We are going to learn why we should at least try alternatives to Docker, how container runtime landscape changed and how Podman is different and in certain ways better than Docker.

    Watch now.

    · One min read

    podman logo

    Pulling podman images from a container repository

    By Tom Sweeney GitHub

    Tom Sweeney has another blog post on the Red Hat Enable Sysadmin site this time he's writing about Pulling podman images from a container repository. Learn the different varieties of pull that the podman build command can use to speed up or further secure your environment in this post.

    · One min read

    podman logo

    What happens behind the scenes of a rootless Podman container?

    By Dan Walsh GitHub

    Dan Walsh along with Matt Heon have a blog post on the Red Hat Enable Sysadmin site, What happens behind the scenes of a rootless Podman container?. If you ever wanted to know what happens under the covers of a rootless container, this is the article for you!

    - + \ No newline at end of file diff --git a/blogs/tags/docker/page/2.html b/blogs/tags/docker/page/2.html index ed6d44651..58131c6b1 100644 --- a/blogs/tags/docker/page/2.html +++ b/blogs/tags/docker/page/2.html @@ -12,13 +12,13 @@ - +

    47 posts tagged with "docker"

    View All Tags

    · One min read

    · One min read

    podman logo

    Running containers with Podman and shareable systemd services

    By Bryan Hepworth GitHub

    Podman version 1.7 is coming out soon and will include new features that will make management of containers with systemd services even easier. Valentin Rothberg has a blog post on the Red Hat Enable Sysadmin site that previews the features: Running containers with Podman and shareable systemd services. In the post Valentin goes over the highlights and then gives a great working example.

    · One min read

    podman logo

    Working with Linux containers on RHEL 8 with Podman, image builder and web console

    By Tom Sweeney GitHub

    Do you want to know how to setup RHEL 8 to run containers using Podman? Xuegang Jin has a blog post on the Red Hat Blog about this very subject, Working with Linux containers on RHEL 8 with Podman, image builder and web console. In the post Xuegang explains how you can use Image Builder to create an OS image, how to run containers with Podman, and how to check the host and containers performance using Web Console.

    · One min read

    podman logo

    Understanding root inside and outside a container

    By Tom Sweeney GitHub

    Do you run containers as root, or as a regular user? Scott McCarty has a blog post on the Red Hat Blog about this very subject, Understanding root inside and outside a container. In the post Scott walks you through what a rootless container does and how it can be a safer alternative to a container run by root.

    · One min read

    podman logo

    Leasing routable IP addresses with Podman containers

    By Brent Baude GitHub

    Brent Baude has another blog post on the Red Hat Enable Sysadmin site this time about Leasing routable IP addresses with Podman containers. In the post Brent talks about using the macvlan and the dhcp plugins that ship with the container-networking project in order to lease ip addresses for your containers.

    · One min read

    podman logo

    Building freely distributed containers with open tools

    By Tom Sweeney GitHub

    Scott McCarty (@fatherlinux) has an amazing video on YouTube about Building freely distributed containers with open tools. As only Scott could say "Although explaining how to ride a Tron-style light cycle is beyond the scope of this tutorial, we will discuss something almost as exhilarating—building containers with #Podman and #RedHat Universal Base Image (UBI). We will cover how to build and run #containers based on #UBI using just your regular user account—no daemon, no root (rootless), no fuss. Finally, we will order the deresolution of all of our containers with a really cool command. You probably won’t be promoted to CEO of ENCOM after this talk, but you will have new tools in your toolbelt for how to find, run, build, and share container images."

    - + \ No newline at end of file diff --git a/blogs/tags/docker/page/3.html b/blogs/tags/docker/page/3.html index 4308c5b92..1403402b9 100644 --- a/blogs/tags/docker/page/3.html +++ b/blogs/tags/docker/page/3.html @@ -12,13 +12,13 @@ - +

    47 posts tagged with "docker"

    View All Tags

    · One min read

    podman logo

    Basic security principles for containers and container runtimes

    By Brent Baude GitHub

    Brent Baude has another blog post on the Red Hat Enable Sysadmin site this time about Basic security principles for containers and container runtimes. In the post Brent talks about the three core security themes concerning containers and why user privileges matter in the space.

    · One min read

    podman logo

    The current adoption status of cgroup v2 in containers

    By Tom Sweeney GitHub

    In case you missed Akihiro Suda's post on Medium.com, The current adoption status of cgroup v2 in containers, here's a quick link to it. In the article Akihiro talks all things cgroup v2 and what changes it promises to bring to the world of containers, and Podman is at the forefront of that change.

    · One min read

    podman logo

    PMM Server + podman: Running a Container Without root Privileges

    By Tom Sweeney GitHub

    Ceri Williams talks about how the Percona Monitoring and Management (PMM) can be run in a container using Podman without root privileges here. In the post Ceri talks about how Percona was able to replace Docker with Podman and Buildah and are able to run containers more securely by doing so.

    · One min read

    podman logo

    Why can’t rootless Podman pull my image?

    By Matthew Heon GitHub

    Matthew Heon has a blog post on the Red Hat Enable Sysadmin site about Why can’t rootless Podman pull my image?. In the blog Matt discusses why restrictions on rootless containers can be inconvenient, but why they're necessary. In the blog Matt covers the use of user namespace and the allocations of uid and gid's that are required to make rootless containers work securely in your environment.

    · One min read

    podman logo

    Best practices for running Buildah in a container

    By Dan Walsh GitHub

    Dan Walsh has recently posted a blog on the Red Hat Developer Blog, Best practices for running Buildah in a container. The post walks you through the balancing act of running a container securely using while keeping an eye on performance. A big boost to the performance side of things is the concept of "Additional Stores". Dan walks you through the use of those in this blog and then wraps it all up with an on-line video at the end.

    - + \ No newline at end of file diff --git a/blogs/tags/docker/page/4.html b/blogs/tags/docker/page/4.html index 86bb0999a..bf680f6fc 100644 --- a/blogs/tags/docker/page/4.html +++ b/blogs/tags/docker/page/4.html @@ -12,7 +12,7 @@ - + @@ -23,7 +23,7 @@ Ruby on Rails application in new article on mkdev.me blog: Dockerless, part 3: Moving development environment to containers with Podman.

    · One min read

    podman logo

    OnDemand Course: Container pipelines for sys admins—and anyone, really—with Buildah and Podman

    By Tom Sweeney GitHub

    Red Hat has recently posted an OnDemand course: Container pipelines for sys admins—and anyone, really—with Buildah and Podman. The session teaches you how to integrate both Podman and Buildah into your continuous delivery (CI/CD) solutions and also serves as a good introduction to both tools. The cost can't be beat (free!), so if you're looking for a quick introduction into the tools, this is a good way to go.

    · 2 min read

    podman logo

    Podman Mailing List

    By Tom Sweeney GitHub

    We've received a number of requests for a mailing list for Podman and we're happy to announce that one has just been created! We've built a friendly community on IRC and GitHub and plan to continue that growth in this new mailing list. The maintainers of the project are all members of the list and we're happy to take any and all questions there about Podman. You can also just use the list as a way to track what's going on with Podman as release announcements and other important news will be posted there.

    - + \ No newline at end of file diff --git a/blogs/tags/docker/page/5.html b/blogs/tags/docker/page/5.html index 9da6deca5..061b46609 100644 --- a/blogs/tags/docker/page/5.html +++ b/blogs/tags/docker/page/5.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    47 posts tagged with "docker"

    View All Tags

    · One min read

    podman logo

    Monitoring container vitality and availability with Podman

    By Brent Baude GitHub

    Who doesn't want a healthy container in their environment? Now with Podman you can setup healthchecks so you can check if your container and it's application is up and running as you'd expect. Brent Baude introduces the new functionality in this article on the Red Hat Developer Blog: Monitoring container vitality and availability with Podman.

    · 5 min read

    podman logo buildah logo

    Buildah and Podman Relationship

    By Tom Sweeney GitHub

    Kubernetes installations can be complex with multiple runtime dependencies and runtime engines. CRI-O was created to provide a lightweight runtime for Kubernetes which adds an abstraction layer between the cluster and the runtime that allows for various OCI runtime technologies. However you still have the problem of daemon dependencies in your cluster for builds - I.e. if you are using the cluster for builds you still need a Docker daemon.

    Enter Buildah. Buildah allows you to have a Kubernetes cluster without any Docker daemon for both runtime and builds. Excellent. But what if things go wrong? What if you want to do troubleshooting or debugging of containers in your cluster? Buildah isn’t really built for that, what you need is a client tool for working with containers and the one that comes to mind is Docker CLI - but then you’re back to using the daemon.

    This is where Podman steps in. Podman allows you to do all of the Docker commands without the daemon dependency. With Podman you can run, build (it calls Buildah under the covers for this), modify and troubleshoot containers in your Kubernetes cluster. With the two projects together, you have a well rounded solution for your OCI container image and container needs.

    - + \ No newline at end of file diff --git a/blogs/tags/ebpf.html b/blogs/tags/ebpf.html index 85bcbc747..797a46650 100644 --- a/blogs/tags/ebpf.html +++ b/blogs/tags/ebpf.html @@ -12,13 +12,13 @@ - +

    One post tagged with "ebpf"

    View All Tags

    · 11 min read

    podman logo

    Generate SECCOMP Profiles for Containers Using Podman and eBPF

    By Valentin Rothberg GitHub

    Containers run everywhere. They run in the cloud, they run on IoT devices, they run in small and in big companies and wherever they run, we want them to run as securely as possible. In this article, I describe the Google Summer of Code project that Divyansh Kamboj, Dan Walsh and I have been working on and how we improved the state of the art in securing containers, and how you can try it out.

    - + \ No newline at end of file diff --git a/blogs/tags/git-lab.html b/blogs/tags/git-lab.html index 31a6458bb..1b7879748 100644 --- a/blogs/tags/git-lab.html +++ b/blogs/tags/git-lab.html @@ -12,13 +12,13 @@ - +

    2 posts tagged with "GitLab"

    View All Tags

    · One min read

    podman logo

    The history of an API: GitLab Runner and Podman

    By Tom Sweeney GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, The history of an API: GitLab Runner and Podman, Pablo Greco from the CentOS QA team in Buenos Aires, Argentia documented his journey through a Podman and GitLab Runner integration. When Podman v2.2 arrives, GitLab Runner will be able to run with Podman right out of the box. Give the article a read to see how he got there.

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, The history of an API: GitLab Runner and Podman, Pablo Greco from the CentOS QA team in Buenos Aires, Argentia documented his journey through a Podman and GitLab Runner integration. When Podman v2.2 arrives, GitLab Runner will be able to run with Podman right out of the box. Give the article a read to see how he got there.

    - + \ No newline at end of file diff --git a/blogs/tags/github.html b/blogs/tags/github.html index a192d4109..2823c01ed 100644 --- a/blogs/tags/github.html +++ b/blogs/tags/github.html @@ -12,13 +12,13 @@ - +

    13 posts tagged with "github"

    View All Tags

    · 2 min read

    podman logo

    Podman API v1.0 and libpod.conf Removal Notice

    By Tom Sweeney GitHub

    On August 1, 2020, the Podman team posted a Podman API v1.0 Deprecation and Removal notice. As noted in that document, the Podman API v1.0 relied on the varlink library to handle the underlying client/server calls from the Podman client to the host where the Podman service was running. The support for the varlink library was greatly reduced in the spring of 2020. This led the Podman team to investigate the use of other client/server technologies and it was decided to develop a RESTful API for Podman using the native Go libraries.

    · One min read

    podman logo

    The podman play kube command now supports deployments

    By Matthew Heon GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, The podman play kube command now supports deployments, you can now learn all about the recent features added to Podman to interact with Kubernetes objects. The podman generate kube command allows you to export your existing containers into Kubernetes Pod YAML. This YAML can then be imported into OpenShift or a Kubernetes cluster. The podman play kube does the opposite, it allows you to take a Kubernetes YAML and run it in Podman. Learn all of the details and more in the blog post!

    · One min read

    podman logo

    Tick-tock. Does your container know what time it is?

    By Tom Sweeney GitHub

    Ashley Cui recently joined our team at Red Hat and just wrote her first ever blog post that is now on the Red Hat Enable Sysadmin site Tick-tock. Does your container know what time it is?. In this timely post, Ashley walks you through setting the timezone within a container using the --tz option. Just prior to this posting, I had answered a very similar question for someone. This is a really good and quick blog, and I'm sure the first of many for Ashley.

    · One min read

    podman logo

    Container video series: Rootless containers, process separation, and OpenSCAP

    By Tom Sweeney GitHub

    Do you want to know more about Rootless containers, process separation, and OpenSCAP? If you're like many, a video is a better learning device than a blog post. Well you're in luck, Brian Smith just landed a blog post on the Red Hat Enable Sysadmin site Container video series: Rootless containers, process separation, and OpenSCAP with a number of blog posts on the subject, many featuring Podman.

    · 3 min read

    podman logo

    Podman Troubleshooting Guide

    By Tom Sweeney GitHub

    As a kid, I was fascinated by space flight. If I couldn't be a fireman like my father, I wanted to be an astronaut. Of course I had to have a Major Matt Mason figure so I could fly him around the house and then land him softly in a jury-rigged parachute in my wading pool. Then of course the whole Apollo 13 drama had me riveted, and when the movie came out years later, I fell in love with this line in the movie, "Let's work the problem people. Let's not make things worse by guessing." by Ed Harris who played Gene Kranz the "vested" flight director.

    · 3 min read

    podman logo

    Podman API v1.0 Deprecation and Removal Notice

    By Tom Sweeney GitHub

    The Podman API v1.0 relied on the varlink library to handle the underlying client/server calls from the Podman client to the host where the Podman service was running. About one year ago, the Podman team was notified that the focus on the varlink library was being greatly reduced and there would be no further development and little support for it from the varlink library team. This led the Podman team to investigate the use of other client/server technologies and it was decided to develop a RESTful API for Podman using the native Go libraries.

    - + \ No newline at end of file diff --git a/blogs/tags/github/page/2.html b/blogs/tags/github/page/2.html index 141427911..a5ab6bbf4 100644 --- a/blogs/tags/github/page/2.html +++ b/blogs/tags/github/page/2.html @@ -12,13 +12,13 @@ - +

    13 posts tagged with "github"

    View All Tags
    - + \ No newline at end of file diff --git a/blogs/tags/go.html b/blogs/tags/go.html index 48848201c..004f9dada 100644 --- a/blogs/tags/go.html +++ b/blogs/tags/go.html @@ -12,7 +12,7 @@ - + @@ -37,7 +37,7 @@ at how easily that can be accomplished.

    · 8 min read

    podman logo

    Programmatic remote access to Podman via the varlink protocol

    By Harald Hoyer GitHub

    This guide shows how to access Podman remotely via the varlink interface with CLI tools and programmatically with python, go and rust.

    This should work on Linux, MacOS and Windows 10.

    The compatibility matrix shows which feature is supported on which OS in which language.

    Note: replace <podman-machine> in this guide with the IP or hostname of your Podman machine

    - + \ No newline at end of file diff --git a/blogs/tags/golang.html b/blogs/tags/golang.html index 6e6963f5e..d31968aff 100644 --- a/blogs/tags/golang.html +++ b/blogs/tags/golang.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    One post tagged with "golang"

    View All Tags

    · 8 min read

    podman logo

    Programmatic remote access to Podman via the varlink protocol

    By Harald Hoyer GitHub

    This guide shows how to access Podman remotely via the varlink interface with CLI tools and programmatically with python, go and rust.

    This should work on Linux, MacOS and Windows 10.

    The compatibility matrix shows which feature is supported on which OS in which language.

    Note: replace <podman-machine> in this guide with the IP or hostname of your Podman machine

    - + \ No newline at end of file diff --git a/blogs/tags/gpg.html b/blogs/tags/gpg.html index ee05f689d..3b2559de0 100644 --- a/blogs/tags/gpg.html +++ b/blogs/tags/gpg.html @@ -12,7 +12,7 @@ - + @@ -22,7 +22,7 @@ Signing container images is nothing magical and can drastically enhance security to mitigate man-in-the-middle (MITM) attacks. Read all about it here.

    - + \ No newline at end of file diff --git a/blogs/tags/hpc.html b/blogs/tags/hpc.html index b45ae9296..3dc4755dd 100644 --- a/blogs/tags/hpc.html +++ b/blogs/tags/hpc.html @@ -12,7 +12,7 @@ - + @@ -30,7 +30,7 @@ Checkout the Podman Posts of Interest for the links!

    - + \ No newline at end of file diff --git a/blogs/tags/hpc/page/10.html b/blogs/tags/hpc/page/10.html index 3bb9e032d..8c2fbe5f9 100644 --- a/blogs/tags/hpc/page/10.html +++ b/blogs/tags/hpc/page/10.html @@ -12,7 +12,7 @@ - + @@ -24,7 +24,7 @@ home directory.

    · 5 min read

    podman logo

    Podman in HPC environments

    By Adrian Reber GitHub

    A High-Performance Computing (HPC) environment can mean a lot of things, but in this article I want to focus on running Message Passing Interface (MPI) parallelized programs with the help of Podman.

    - + \ No newline at end of file diff --git a/blogs/tags/hpc/page/2.html b/blogs/tags/hpc/page/2.html index b10123f0e..38585163e 100644 --- a/blogs/tags/hpc/page/2.html +++ b/blogs/tags/hpc/page/2.html @@ -12,7 +12,7 @@ - + @@ -21,7 +21,7 @@ on Apple silicon hardware like the M1s.

    · 3 min read

    podman logo

    Podman on Macs Update

    By Brent Baude GitHub

    The Podman team values the local development experience, and we think containers are a crucial part of that. We’ve been brainstorming, discussing, and testing solutions to bring a great Podman experience to Mac and Windows. We are constantly looking for ways to improve it. In particular, the latest release of Podman has support for Intel(as of Podman v3.4) Macs. We have been hearing good feedback for a few weeks now, but up until this point, we haven’t published a lot of documentation.

    - + \ No newline at end of file diff --git a/blogs/tags/hpc/page/3.html b/blogs/tags/hpc/page/3.html index 9c6b75c2f..e03e66286 100644 --- a/blogs/tags/hpc/page/3.html +++ b/blogs/tags/hpc/page/3.html @@ -12,7 +12,7 @@ - + @@ -30,7 +30,7 @@ May the Fourth be with you via Podman post, I delve into running an Ascii movie featureing the first Star Wars Movie inside of a container run by Podman.

    Enjoy and May the Fourth be with you!

    - + \ No newline at end of file diff --git a/blogs/tags/hpc/page/4.html b/blogs/tags/hpc/page/4.html index 2c3643576..a0cfd5211 100644 --- a/blogs/tags/hpc/page/4.html +++ b/blogs/tags/hpc/page/4.html @@ -12,7 +12,7 @@ - + @@ -26,7 +26,7 @@ to the posts. Checkout the Podman Posts of Interest for the links!

    · One min read

    podman logo

    Podman: Managing pods and containers in a local container runtime

    By Brent Baude GitHub

    Podman has the ability to handle pod deployment which is a differentiator from other container runtimes. Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Podman: Managing pods and containers in a local container runtime. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    · One min read

    Podman has the ability to handle pod deployment which is a differentiator from other container runtimes. Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Podman: Managing pods and containers in a local container runtime. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    - + \ No newline at end of file diff --git a/blogs/tags/hpc/page/5.html b/blogs/tags/hpc/page/5.html index 05eaa4d0d..6d7cebefc 100644 --- a/blogs/tags/hpc/page/5.html +++ b/blogs/tags/hpc/page/5.html @@ -12,7 +12,7 @@ - + @@ -36,7 +36,7 @@ to the posts. Checkout the Podman Posts of Interest for the links!

    - + \ No newline at end of file diff --git a/blogs/tags/hpc/page/6.html b/blogs/tags/hpc/page/6.html index 7521b84ce..f13391dc0 100644 --- a/blogs/tags/hpc/page/6.html +++ b/blogs/tags/hpc/page/6.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    93 posts tagged with "hpc"

    View All Tags

    · One min read

    podman logo

    Container image short names in Podman

    By Tom Sweeney GitHub

    Do you like you container names to be short, sweet and yet secure? Valentin Rothberg shows you how in a recent blog post on the Red Hat Enable Sysadmin site, Container image short names in Podman. This functionality is now available in the upstream version of Podman and is targeted for Podman v3.0.

    · One min read

    podman logo

    The history of an API: GitLab Runner and Podman

    By Tom Sweeney GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, The history of an API: GitLab Runner and Podman, Pablo Greco from the CentOS QA team in Buenos Aires, Argentia documented his journey through a Podman and GitLab Runner integration. When Podman v2.2 arrives, GitLab Runner will be able to run with Podman right out of the box. Give the article a read to see how he got there.

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, The history of an API: GitLab Runner and Podman, Pablo Greco from the CentOS QA team in Buenos Aires, Argentia documented his journey through a Podman and GitLab Runner integration. When Podman v2.2 arrives, GitLab Runner will be able to run with Podman right out of the box. Give the article a read to see how he got there.

    · One min read

    podman logo

    Exploring Podman RESTful API using Python and Bash

    By Jhon Honce GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, Exploring Podman RESTful API using Python and Bash, Jhon Honce nicely demonstrates the new Podman REST API using code examples in Python and shell commands. Additional notes are included in the code comments. The provided code was written to be clear vs. production quality.

    · One min read

    podman logo

    DevConf US 2020 Containers Technologies Talk

    By Tom Sweeney GitHub

    In case you missed Kedar Kulkarni's excellent talk at DevConf.US 2020, "Docker, Podman, Buildah, Skopeo, and what else?", check out the video on YouTube. There were also a number of other interesting talks at DevConf.US 2020 that you might be interested in, you'll be able to find links to the talks at the DevConf.US site above.

    · One min read

    By Tom Sweeney GitHub

    In case you missed Kedar Kulkarni's excellent talk at DevConf.US 2020, "Docker, Podman, Buildah, Skopeo, and what else?", check out the video on YouTube. There were also a number of other interesting talks at DevConf.US 2020 that you might be interested in, you'll be able to find links to the talks at the DevConf.US site above.

    · One min read

    podman logo

    Podman Posts of Interest

    By Brent Baude GitHub

    · One min read

    I've run across a number of posts over the past few weeks concerning Podman and have been busy getting other work done. So now I have a few moments and thought I'd add some links to the posts. Enjoy!

    - + \ No newline at end of file diff --git a/blogs/tags/hpc/page/7.html b/blogs/tags/hpc/page/7.html index b2f0d5d76..8fe132815 100644 --- a/blogs/tags/hpc/page/7.html +++ b/blogs/tags/hpc/page/7.html @@ -12,13 +12,13 @@ - +

    93 posts tagged with "hpc"

    View All Tags

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, Podman remote clients for macOS and Windows, Brent Baude and Ashley Cui walk you through setting up a remote client on either Windows or macOS to let you manage your containers and images on your Linux backend. The post covers installation, ssh setup, creating the initial connection and finally how to use the client. Give it a quick look!

    · One min read

    podman logo

    Podman remote clients for macOS and Windows

    By Brent Baude GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, Podman remote clients for macOS and Windows, Brent Baude and Ashley Cui walk you through setting up a remote client on either Windows or macOS to let you manage your containers and images on your Linux backend. The post covers installation, ssh setup, creating the initial connection and finally how to use the client. Give it a quick look!

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, The podman play kube command now supports deployments, you can now learn all about the recent features added to Podman to interact with Kubernetes objects. The podman generate kube command allows you to export your existing containers into Kubernetes Pod YAML. This YAML can then be imported into OpenShift or a Kubernetes cluster. The podman play kube does the opposite, it allows you to take a Kubernetes YAML and run it in Podman. Learn all of the details and more in the blog post!

    · One min read

    Ashley Cui recently joined our team at Red Hat and just wrote her first ever blog post that is now on the Red Hat Enable Sysadmin site Tick-tock. Does your container know what time it is?. In this timely post, Ashley walks you through setting the timezone within a container using the --tz option. Just prior to this posting, I had answered a very similar question for someone. This is a really good and quick blog, and I'm sure the first of many for Ashley.

    · One min read

    Do you want to know more about Rootless containers, process separation, and OpenSCAP? If you're like many, a video is a better learning device than a blog post. Well you're in luck, Brian Smith just landed a blog post on the Red Hat Enable Sysadmin site Container video series: Rootless containers, process separation, and OpenSCAP with a number of blog posts on the subject, many featuring Podman.

    - + \ No newline at end of file diff --git a/blogs/tags/hpc/page/8.html b/blogs/tags/hpc/page/8.html index ecad96a5e..f042e302f 100644 --- a/blogs/tags/hpc/page/8.html +++ b/blogs/tags/hpc/page/8.html @@ -12,13 +12,13 @@ - +

    93 posts tagged with "hpc"

    View All Tags

    · 2 min read

    podman logo

    Podman REST API and Docker compatibility

    By Matthew Heon GitHub

    Versioning the REST API

    Podman v2.0.0 launched recently, and with it the REST API. We’ve seen a great deal of excitement with this new API because of what it will enable - enabling applications and automation to use Podman when the could previously only use Docker. As you may know, Podman’s REST API is split into two halves: one providing a Docker-compatible API, and a Libpod API providing support for Podman’s unique features such as pods. We would love for all projects to eventually grow to support for our native Libpod API, but this will take time (and may be impossible for older, no longer maintained projects). As such, we need to talk about the Compatibility API and how it can be used.

    · One min read

    podman logo

    Pulling podman images from a container repository

    By Tom Sweeney GitHub

    Tom Sweeney has another blog post on the Red Hat Enable Sysadmin site this time he's writing about Pulling podman images from a container repository. Learn the different varieties of pull that the podman build command can use to speed up or further secure your environment in this post.

    · One min read

    podman logo

    What happens behind the scenes of a rootless Podman container?

    By Dan Walsh GitHub

    Dan Walsh along with Matt Heon have a blog post on the Red Hat Enable Sysadmin site, What happens behind the scenes of a rootless Podman container?. If you ever wanted to know what happens under the covers of a rootless container, this is the article for you!

    - + \ No newline at end of file diff --git a/blogs/tags/hpc/page/9.html b/blogs/tags/hpc/page/9.html index a3094c433..f6a3f7d59 100644 --- a/blogs/tags/hpc/page/9.html +++ b/blogs/tags/hpc/page/9.html @@ -12,13 +12,13 @@ - +

    93 posts tagged with "hpc"

    View All Tags

    · 3 min read

    podman logo

    By Brent Baude GitHub

    If you follow the traffic on IRC (#podman on libera.chat) or GitHub from the developers of libpod, you might have seen us referencing a new API. We often referred to it as apiv2 and for about a month, there has been an 'apiv2' branch for libpod on GitHub. This week, we have begun to merge that branch but have yet to “wire it up.”

    First and foremost, the Golang libpod API remains largely unchanged. What is changing is the API we expose for automation and remote usage. Our previous API was based on the varlink protocol. But we heard from users that varlink was a hurdle for libpod adoption especially for those who were using the Docker API and its bindings. They simply could not or did not want to rewrite their custom applications for libpod’s new, varlink-based API.

    · One min read

    podman logo

    Running containers with Podman and shareable systemd services

    By Bryan Hepworth GitHub

    Podman version 1.7 is coming out soon and will include new features that will make management of containers with systemd services even easier. Valentin Rothberg has a blog post on the Red Hat Enable Sysadmin site that previews the features: Running containers with Podman and shareable systemd services. In the post Valentin goes over the highlights and then gives a great working example.

    · One min read

    podman logo

    Leasing routable IP addresses with Podman containers

    By Brent Baude GitHub

    Brent Baude has another blog post on the Red Hat Enable Sysadmin site this time about Leasing routable IP addresses with Podman containers. In the post Brent talks about using the macvlan and the dhcp plugins that ship with the container-networking project in order to lease ip addresses for your containers.

    · One min read

    podman logo

    Building freely distributed containers with open tools

    By Tom Sweeney GitHub

    Scott McCarty (@fatherlinux) has an amazing video on YouTube about Building freely distributed containers with open tools. As only Scott could say "Although explaining how to ride a Tron-style light cycle is beyond the scope of this tutorial, we will discuss something almost as exhilarating—building containers with #Podman and #RedHat Universal Base Image (UBI). We will cover how to build and run #containers based on #UBI using just your regular user account—no daemon, no root (rootless), no fuss. Finally, we will order the deresolution of all of our containers with a really cool command. You probably won’t be promoted to CEO of ENCOM after this talk, but you will have new tools in your toolbelt for how to find, run, build, and share container images."

    · One min read

    podman logo

    Basic security principles for containers and container runtimes

    By Brent Baude GitHub

    Brent Baude has another blog post on the Red Hat Enable Sysadmin site this time about Basic security principles for containers and container runtimes. In the post Brent talks about the three core security themes concerning containers and why user privileges matter in the space.

    - + \ No newline at end of file diff --git a/blogs/tags/images.html b/blogs/tags/images.html index a227359fe..f204a2988 100644 --- a/blogs/tags/images.html +++ b/blogs/tags/images.html @@ -12,7 +12,7 @@ - + @@ -43,7 +43,7 @@ Signing container images is nothing magical and can drastically enhance security to mitigate man-in-the-middle (MITM) attacks. Read all about it here.

    · One min read

    podman logo

    What happens behind the scenes of a rootless Podman container?

    By Dan Walsh GitHub

    Dan Walsh along with Matt Heon have a blog post on the Red Hat Enable Sysadmin site, What happens behind the scenes of a rootless Podman container?. If you ever wanted to know what happens under the covers of a rootless container, this is the article for you!

    - + \ No newline at end of file diff --git a/blogs/tags/images/page/2.html b/blogs/tags/images/page/2.html index 28aaa6367..d2f518d29 100644 --- a/blogs/tags/images/page/2.html +++ b/blogs/tags/images/page/2.html @@ -12,13 +12,13 @@ - +

    47 posts tagged with "images"

    View All Tags

    · One min read

    · One min read

    podman logo

    Running containers with Podman and shareable systemd services

    By Bryan Hepworth GitHub

    Podman version 1.7 is coming out soon and will include new features that will make management of containers with systemd services even easier. Valentin Rothberg has a blog post on the Red Hat Enable Sysadmin site that previews the features: Running containers with Podman and shareable systemd services. In the post Valentin goes over the highlights and then gives a great working example.

    · One min read

    podman logo

    Working with Linux containers on RHEL 8 with Podman, image builder and web console

    By Tom Sweeney GitHub

    Do you want to know how to setup RHEL 8 to run containers using Podman? Xuegang Jin has a blog post on the Red Hat Blog about this very subject, Working with Linux containers on RHEL 8 with Podman, image builder and web console. In the post Xuegang explains how you can use Image Builder to create an OS image, how to run containers with Podman, and how to check the host and containers performance using Web Console.

    · One min read

    podman logo

    Understanding root inside and outside a container

    By Tom Sweeney GitHub

    Do you run containers as root, or as a regular user? Scott McCarty has a blog post on the Red Hat Blog about this very subject, Understanding root inside and outside a container. In the post Scott walks you through what a rootless container does and how it can be a safer alternative to a container run by root.

    · One min read

    podman logo

    Leasing routable IP addresses with Podman containers

    By Brent Baude GitHub

    Brent Baude has another blog post on the Red Hat Enable Sysadmin site this time about Leasing routable IP addresses with Podman containers. In the post Brent talks about using the macvlan and the dhcp plugins that ship with the container-networking project in order to lease ip addresses for your containers.

    · One min read

    podman logo

    Building freely distributed containers with open tools

    By Tom Sweeney GitHub

    Scott McCarty (@fatherlinux) has an amazing video on YouTube about Building freely distributed containers with open tools. As only Scott could say "Although explaining how to ride a Tron-style light cycle is beyond the scope of this tutorial, we will discuss something almost as exhilarating—building containers with #Podman and #RedHat Universal Base Image (UBI). We will cover how to build and run #containers based on #UBI using just your regular user account—no daemon, no root (rootless), no fuss. Finally, we will order the deresolution of all of our containers with a really cool command. You probably won’t be promoted to CEO of ENCOM after this talk, but you will have new tools in your toolbelt for how to find, run, build, and share container images."

    - + \ No newline at end of file diff --git a/blogs/tags/images/page/3.html b/blogs/tags/images/page/3.html index 63bd137aa..792498b0c 100644 --- a/blogs/tags/images/page/3.html +++ b/blogs/tags/images/page/3.html @@ -12,13 +12,13 @@ - +

    47 posts tagged with "images"

    View All Tags

    · One min read

    podman logo

    Basic security principles for containers and container runtimes

    By Brent Baude GitHub

    Brent Baude has another blog post on the Red Hat Enable Sysadmin site this time about Basic security principles for containers and container runtimes. In the post Brent talks about the three core security themes concerning containers and why user privileges matter in the space.

    · One min read

    podman logo

    The current adoption status of cgroup v2 in containers

    By Tom Sweeney GitHub

    In case you missed Akihiro Suda's post on Medium.com, The current adoption status of cgroup v2 in containers, here's a quick link to it. In the article Akihiro talks all things cgroup v2 and what changes it promises to bring to the world of containers, and Podman is at the forefront of that change.

    · One min read

    podman logo

    PMM Server + podman: Running a Container Without root Privileges

    By Tom Sweeney GitHub

    Ceri Williams talks about how the Percona Monitoring and Management (PMM) can be run in a container using Podman without root privileges here. In the post Ceri talks about how Percona was able to replace Docker with Podman and Buildah and are able to run containers more securely by doing so.

    · One min read

    podman logo

    Why can’t rootless Podman pull my image?

    By Matthew Heon GitHub

    Matthew Heon has a blog post on the Red Hat Enable Sysadmin site about Why can’t rootless Podman pull my image?. In the blog Matt discusses why restrictions on rootless containers can be inconvenient, but why they're necessary. In the blog Matt covers the use of user namespace and the allocations of uid and gid's that are required to make rootless containers work securely in your environment.

    · One min read

    podman logo

    Best practices for running Buildah in a container

    By Dan Walsh GitHub

    Dan Walsh has recently posted a blog on the Red Hat Developer Blog, Best practices for running Buildah in a container. The post walks you through the balancing act of running a container securely using while keeping an eye on performance. A big boost to the performance side of things is the concept of "Additional Stores". Dan walks you through the use of those in this blog and then wraps it all up with an on-line video at the end.

    - + \ No newline at end of file diff --git a/blogs/tags/images/page/4.html b/blogs/tags/images/page/4.html index 631ee810b..94193b024 100644 --- a/blogs/tags/images/page/4.html +++ b/blogs/tags/images/page/4.html @@ -12,7 +12,7 @@ - + @@ -23,7 +23,7 @@ Ruby on Rails application in new article on mkdev.me blog: Dockerless, part 3: Moving development environment to containers with Podman.

    · One min read

    podman logo

    OnDemand Course: Container pipelines for sys admins—and anyone, really—with Buildah and Podman

    By Tom Sweeney GitHub

    Red Hat has recently posted an OnDemand course: Container pipelines for sys admins—and anyone, really—with Buildah and Podman. The session teaches you how to integrate both Podman and Buildah into your continuous delivery (CI/CD) solutions and also serves as a good introduction to both tools. The cost can't be beat (free!), so if you're looking for a quick introduction into the tools, this is a good way to go.

    · 2 min read

    podman logo

    Podman Mailing List

    By Tom Sweeney GitHub

    We've received a number of requests for a mailing list for Podman and we're happy to announce that one has just been created! We've built a friendly community on IRC and GitHub and plan to continue that growth in this new mailing list. The maintainers of the project are all members of the list and we're happy to take any and all questions there about Podman. You can also just use the list as a way to track what's going on with Podman as release announcements and other important news will be posted there.

    - + \ No newline at end of file diff --git a/blogs/tags/images/page/5.html b/blogs/tags/images/page/5.html index 598da56a3..ff73f9ebd 100644 --- a/blogs/tags/images/page/5.html +++ b/blogs/tags/images/page/5.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    47 posts tagged with "images"

    View All Tags

    · One min read

    podman logo

    Monitoring container vitality and availability with Podman

    By Brent Baude GitHub

    Who doesn't want a healthy container in their environment? Now with Podman you can setup healthchecks so you can check if your container and it's application is up and running as you'd expect. Brent Baude introduces the new functionality in this article on the Red Hat Developer Blog: Monitoring container vitality and availability with Podman.

    · 5 min read

    podman logo buildah logo

    Buildah and Podman Relationship

    By Tom Sweeney GitHub

    Kubernetes installations can be complex with multiple runtime dependencies and runtime engines. CRI-O was created to provide a lightweight runtime for Kubernetes which adds an abstraction layer between the cluster and the runtime that allows for various OCI runtime technologies. However you still have the problem of daemon dependencies in your cluster for builds - I.e. if you are using the cluster for builds you still need a Docker daemon.

    Enter Buildah. Buildah allows you to have a Kubernetes cluster without any Docker daemon for both runtime and builds. Excellent. But what if things go wrong? What if you want to do troubleshooting or debugging of containers in your cluster? Buildah isn’t really built for that, what you need is a client tool for working with containers and the one that comes to mind is Docker CLI - but then you’re back to using the daemon.

    This is where Podman steps in. Podman allows you to do all of the Docker commands without the daemon dependency. With Podman you can run, build (it calls Buildah under the covers for this), modify and troubleshoot containers in your Kubernetes cluster. With the two projects together, you have a well rounded solution for your OCI container image and container needs.

    - + \ No newline at end of file diff --git a/blogs/tags/kube.html b/blogs/tags/kube.html index 5be2b2924..192f61964 100644 --- a/blogs/tags/kube.html +++ b/blogs/tags/kube.html @@ -12,7 +12,7 @@ - + @@ -30,7 +30,7 @@ Checkout the Podman Posts of Interest for the links!

    - + \ No newline at end of file diff --git a/blogs/tags/kube/page/2.html b/blogs/tags/kube/page/2.html index 238a45183..89f934fc9 100644 --- a/blogs/tags/kube/page/2.html +++ b/blogs/tags/kube/page/2.html @@ -12,7 +12,7 @@ - + @@ -21,7 +21,7 @@ on Apple silicon hardware like the M1s.

    · 3 min read

    podman logo

    Podman on Macs Update

    By Brent Baude GitHub

    The Podman team values the local development experience, and we think containers are a crucial part of that. We’ve been brainstorming, discussing, and testing solutions to bring a great Podman experience to Mac and Windows. We are constantly looking for ways to improve it. In particular, the latest release of Podman has support for Intel(as of Podman v3.4) Macs. We have been hearing good feedback for a few weeks now, but up until this point, we haven’t published a lot of documentation.

    - + \ No newline at end of file diff --git a/blogs/tags/kube/page/3.html b/blogs/tags/kube/page/3.html index edd5b8cb8..bad719f5a 100644 --- a/blogs/tags/kube/page/3.html +++ b/blogs/tags/kube/page/3.html @@ -12,7 +12,7 @@ - + @@ -30,7 +30,7 @@ May the Fourth be with you via Podman post, I delve into running an Ascii movie featureing the first Star Wars Movie inside of a container run by Podman.

    Enjoy and May the Fourth be with you!

    - + \ No newline at end of file diff --git a/blogs/tags/kube/page/4.html b/blogs/tags/kube/page/4.html index 0ce570117..23317768f 100644 --- a/blogs/tags/kube/page/4.html +++ b/blogs/tags/kube/page/4.html @@ -12,7 +12,7 @@ - + @@ -26,7 +26,7 @@ to the posts. Checkout the Podman Posts of Interest for the links!

    · One min read

    podman logo

    Podman: Managing pods and containers in a local container runtime

    By Brent Baude GitHub

    Podman has the ability to handle pod deployment which is a differentiator from other container runtimes. Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Podman: Managing pods and containers in a local container runtime. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    · One min read

    Podman has the ability to handle pod deployment which is a differentiator from other container runtimes. Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Podman: Managing pods and containers in a local container runtime. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    · One min read

    One of the questions that the Podman development team has been hearing a lot over the past year or so is "Does Podman support Docker Compose? Up until recently, the answer was "not yet". With the soon to be released Podman v3.0, that answer changes to "NOW!" Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Using Podman and Docker Compose. This functionality is now available in the upstream version of Podman if you want to take a real sneak peak.

    · One min read

    podman logo

    Using Podman and Docker Compose

    By Brent Baude GitHub

    One of the questions that the Podman development team has been hearing a lot over the past year or so is "Does Podman support Docker Compose? Up until recently, the answer was "not yet". With the soon to be released Podman v3.0, that answer changes to "NOW!" Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Using Podman and Docker Compose. This functionality is now available in the upstream version of Podman if you want to take a real sneak peak.

    - + \ No newline at end of file diff --git a/blogs/tags/kube/page/5.html b/blogs/tags/kube/page/5.html index cdea4b968..5c2b64d5c 100644 --- a/blogs/tags/kube/page/5.html +++ b/blogs/tags/kube/page/5.html @@ -12,7 +12,7 @@ - + @@ -36,7 +36,7 @@ to the posts. Checkout the Podman Posts of Interest for the links!

    · One min read

    podman logo

    Container image short names in Podman

    By Tom Sweeney GitHub

    Do you like you container names to be short, sweet and yet secure? Valentin Rothberg shows you how in a recent blog post on the Red Hat Enable Sysadmin site, Container image short names in Podman. This functionality is now available in the upstream version of Podman and is targeted for Podman v3.0.

    · One min read

    podman logo

    The history of an API: GitLab Runner and Podman

    By Tom Sweeney GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, The history of an API: GitLab Runner and Podman, Pablo Greco from the CentOS QA team in Buenos Aires, Argentia documented his journey through a Podman and GitLab Runner integration. When Podman v2.2 arrives, GitLab Runner will be able to run with Podman right out of the box. Give the article a read to see how he got there.

    - + \ No newline at end of file diff --git a/blogs/tags/kube/page/6.html b/blogs/tags/kube/page/6.html index b216f135b..21d065870 100644 --- a/blogs/tags/kube/page/6.html +++ b/blogs/tags/kube/page/6.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    61 posts tagged with "kube"

    View All Tags

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, The history of an API: GitLab Runner and Podman, Pablo Greco from the CentOS QA team in Buenos Aires, Argentia documented his journey through a Podman and GitLab Runner integration. When Podman v2.2 arrives, GitLab Runner will be able to run with Podman right out of the box. Give the article a read to see how he got there.

    · One min read

    podman logo

    Exploring Podman RESTful API using Python and Bash

    By Jhon Honce GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, Exploring Podman RESTful API using Python and Bash, Jhon Honce nicely demonstrates the new Podman REST API using code examples in Python and shell commands. Additional notes are included in the code comments. The provided code was written to be clear vs. production quality.

    · One min read

    podman logo

    DevConf US 2020 Containers Technologies Talk

    By Tom Sweeney GitHub

    In case you missed Kedar Kulkarni's excellent talk at DevConf.US 2020, "Docker, Podman, Buildah, Skopeo, and what else?", check out the video on YouTube. There were also a number of other interesting talks at DevConf.US 2020 that you might be interested in, you'll be able to find links to the talks at the DevConf.US site above.

    · One min read

    By Tom Sweeney GitHub

    In case you missed Kedar Kulkarni's excellent talk at DevConf.US 2020, "Docker, Podman, Buildah, Skopeo, and what else?", check out the video on YouTube. There were also a number of other interesting talks at DevConf.US 2020 that you might be interested in, you'll be able to find links to the talks at the DevConf.US site above.

    · One min read

    podman logo

    Podman Posts of Interest

    By Brent Baude GitHub

    · One min read

    I've run across a number of posts over the past few weeks concerning Podman and have been busy getting other work done. So now I have a few moments and thought I'd add some links to the posts. Enjoy!

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, Podman remote clients for macOS and Windows, Brent Baude and Ashley Cui walk you through setting up a remote client on either Windows or macOS to let you manage your containers and images on your Linux backend. The post covers installation, ssh setup, creating the initial connection and finally how to use the client. Give it a quick look!

    · One min read

    podman logo

    Podman remote clients for macOS and Windows

    By Brent Baude GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, Podman remote clients for macOS and Windows, Brent Baude and Ashley Cui walk you through setting up a remote client on either Windows or macOS to let you manage your containers and images on your Linux backend. The post covers installation, ssh setup, creating the initial connection and finally how to use the client. Give it a quick look!

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, The podman play kube command now supports deployments, you can now learn all about the recent features added to Podman to interact with Kubernetes objects. The podman generate kube command allows you to export your existing containers into Kubernetes Pod YAML. This YAML can then be imported into OpenShift or a Kubernetes cluster. The podman play kube does the opposite, it allows you to take a Kubernetes YAML and run it in Podman. Learn all of the details and more in the blog post!

    - + \ No newline at end of file diff --git a/blogs/tags/kube/page/7.html b/blogs/tags/kube/page/7.html index b086a6e6d..77d61a8fe 100644 --- a/blogs/tags/kube/page/7.html +++ b/blogs/tags/kube/page/7.html @@ -12,13 +12,13 @@ - +

    61 posts tagged with "kube"

    View All Tags

    · One min read

    podman logo

    The podman play kube command now supports deployments

    By Matthew Heon GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, The podman play kube command now supports deployments, you can now learn all about the recent features added to Podman to interact with Kubernetes objects. The podman generate kube command allows you to export your existing containers into Kubernetes Pod YAML. This YAML can then be imported into OpenShift or a Kubernetes cluster. The podman play kube does the opposite, it allows you to take a Kubernetes YAML and run it in Podman. Learn all of the details and more in the blog post!

    - + \ No newline at end of file diff --git a/blogs/tags/kubernetes.html b/blogs/tags/kubernetes.html index 488c4ed77..584932268 100644 --- a/blogs/tags/kubernetes.html +++ b/blogs/tags/kubernetes.html @@ -12,7 +12,7 @@ - + @@ -30,7 +30,7 @@ Checkout the Podman Posts of Interest for the links!

    - + \ No newline at end of file diff --git a/blogs/tags/kubernetes/page/2.html b/blogs/tags/kubernetes/page/2.html index 09ed7cf24..ccbdc62e1 100644 --- a/blogs/tags/kubernetes/page/2.html +++ b/blogs/tags/kubernetes/page/2.html @@ -12,7 +12,7 @@ - + @@ -21,7 +21,7 @@ on Apple silicon hardware like the M1s.

    · 3 min read

    podman logo

    Podman on Macs Update

    By Brent Baude GitHub

    The Podman team values the local development experience, and we think containers are a crucial part of that. We’ve been brainstorming, discussing, and testing solutions to bring a great Podman experience to Mac and Windows. We are constantly looking for ways to improve it. In particular, the latest release of Podman has support for Intel(as of Podman v3.4) Macs. We have been hearing good feedback for a few weeks now, but up until this point, we haven’t published a lot of documentation.

    - + \ No newline at end of file diff --git a/blogs/tags/kubernetes/page/3.html b/blogs/tags/kubernetes/page/3.html index c6b481f52..94df560b4 100644 --- a/blogs/tags/kubernetes/page/3.html +++ b/blogs/tags/kubernetes/page/3.html @@ -12,7 +12,7 @@ - + @@ -30,7 +30,7 @@ May the Fourth be with you via Podman post, I delve into running an Ascii movie featureing the first Star Wars Movie inside of a container run by Podman.

    Enjoy and May the Fourth be with you!

    - + \ No newline at end of file diff --git a/blogs/tags/kubernetes/page/4.html b/blogs/tags/kubernetes/page/4.html index 8608abcdd..f289ea18f 100644 --- a/blogs/tags/kubernetes/page/4.html +++ b/blogs/tags/kubernetes/page/4.html @@ -12,7 +12,7 @@ - + @@ -26,7 +26,7 @@ to the posts. Checkout the Podman Posts of Interest for the links!

    · One min read

    podman logo

    Podman: Managing pods and containers in a local container runtime

    By Brent Baude GitHub

    Podman has the ability to handle pod deployment which is a differentiator from other container runtimes. Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Podman: Managing pods and containers in a local container runtime. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    · One min read

    Podman has the ability to handle pod deployment which is a differentiator from other container runtimes. Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Podman: Managing pods and containers in a local container runtime. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    · One min read

    One of the questions that the Podman development team has been hearing a lot over the past year or so is "Does Podman support Docker Compose? Up until recently, the answer was "not yet". With the soon to be released Podman v3.0, that answer changes to "NOW!" Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Using Podman and Docker Compose. This functionality is now available in the upstream version of Podman if you want to take a real sneak peak.

    · One min read

    podman logo

    Using Podman and Docker Compose

    By Brent Baude GitHub

    One of the questions that the Podman development team has been hearing a lot over the past year or so is "Does Podman support Docker Compose? Up until recently, the answer was "not yet". With the soon to be released Podman v3.0, that answer changes to "NOW!" Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Using Podman and Docker Compose. This functionality is now available in the upstream version of Podman if you want to take a real sneak peak.

    - + \ No newline at end of file diff --git a/blogs/tags/kubernetes/page/5.html b/blogs/tags/kubernetes/page/5.html index d36e6c3c0..331ee6d6e 100644 --- a/blogs/tags/kubernetes/page/5.html +++ b/blogs/tags/kubernetes/page/5.html @@ -12,7 +12,7 @@ - + @@ -36,7 +36,7 @@ to the posts. Checkout the Podman Posts of Interest for the links!

    · One min read

    podman logo

    Container image short names in Podman

    By Tom Sweeney GitHub

    Do you like you container names to be short, sweet and yet secure? Valentin Rothberg shows you how in a recent blog post on the Red Hat Enable Sysadmin site, Container image short names in Podman. This functionality is now available in the upstream version of Podman and is targeted for Podman v3.0.

    - + \ No newline at end of file diff --git a/blogs/tags/kubernetes/page/6.html b/blogs/tags/kubernetes/page/6.html index 29c0a872c..cddf5d0cf 100644 --- a/blogs/tags/kubernetes/page/6.html +++ b/blogs/tags/kubernetes/page/6.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    62 posts tagged with "kubernetes"

    View All Tags

    · One min read

    podman logo

    The history of an API: GitLab Runner and Podman

    By Tom Sweeney GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, The history of an API: GitLab Runner and Podman, Pablo Greco from the CentOS QA team in Buenos Aires, Argentia documented his journey through a Podman and GitLab Runner integration. When Podman v2.2 arrives, GitLab Runner will be able to run with Podman right out of the box. Give the article a read to see how he got there.

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, The history of an API: GitLab Runner and Podman, Pablo Greco from the CentOS QA team in Buenos Aires, Argentia documented his journey through a Podman and GitLab Runner integration. When Podman v2.2 arrives, GitLab Runner will be able to run with Podman right out of the box. Give the article a read to see how he got there.

    · One min read

    podman logo

    Exploring Podman RESTful API using Python and Bash

    By Jhon Honce GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, Exploring Podman RESTful API using Python and Bash, Jhon Honce nicely demonstrates the new Podman REST API using code examples in Python and shell commands. Additional notes are included in the code comments. The provided code was written to be clear vs. production quality.

    · One min read

    podman logo

    DevConf US 2020 Containers Technologies Talk

    By Tom Sweeney GitHub

    In case you missed Kedar Kulkarni's excellent talk at DevConf.US 2020, "Docker, Podman, Buildah, Skopeo, and what else?", check out the video on YouTube. There were also a number of other interesting talks at DevConf.US 2020 that you might be interested in, you'll be able to find links to the talks at the DevConf.US site above.

    · One min read

    By Tom Sweeney GitHub

    In case you missed Kedar Kulkarni's excellent talk at DevConf.US 2020, "Docker, Podman, Buildah, Skopeo, and what else?", check out the video on YouTube. There were also a number of other interesting talks at DevConf.US 2020 that you might be interested in, you'll be able to find links to the talks at the DevConf.US site above.

    · One min read

    podman logo

    Podman Posts of Interest

    By Brent Baude GitHub

    · One min read

    I've run across a number of posts over the past few weeks concerning Podman and have been busy getting other work done. So now I have a few moments and thought I'd add some links to the posts. Enjoy!

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, Podman remote clients for macOS and Windows, Brent Baude and Ashley Cui walk you through setting up a remote client on either Windows or macOS to let you manage your containers and images on your Linux backend. The post covers installation, ssh setup, creating the initial connection and finally how to use the client. Give it a quick look!

    · One min read

    podman logo

    Podman remote clients for macOS and Windows

    By Brent Baude GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, Podman remote clients for macOS and Windows, Brent Baude and Ashley Cui walk you through setting up a remote client on either Windows or macOS to let you manage your containers and images on your Linux backend. The post covers installation, ssh setup, creating the initial connection and finally how to use the client. Give it a quick look!

    - + \ No newline at end of file diff --git a/blogs/tags/kubernetes/page/7.html b/blogs/tags/kubernetes/page/7.html index 20cf80cdc..5d8bdf837 100644 --- a/blogs/tags/kubernetes/page/7.html +++ b/blogs/tags/kubernetes/page/7.html @@ -12,13 +12,13 @@ - +

    62 posts tagged with "kubernetes"

    View All Tags

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, The podman play kube command now supports deployments, you can now learn all about the recent features added to Podman to interact with Kubernetes objects. The podman generate kube command allows you to export your existing containers into Kubernetes Pod YAML. This YAML can then be imported into OpenShift or a Kubernetes cluster. The podman play kube does the opposite, it allows you to take a Kubernetes YAML and run it in Podman. Learn all of the details and more in the blog post!

    · One min read

    podman logo

    The podman play kube command now supports deployments

    By Matthew Heon GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, The podman play kube command now supports deployments, you can now learn all about the recent features added to Podman to interact with Kubernetes objects. The podman generate kube command allows you to export your existing containers into Kubernetes Pod YAML. This YAML can then be imported into OpenShift or a Kubernetes cluster. The podman play kube does the opposite, it allows you to take a Kubernetes YAML and run it in Podman. Learn all of the details and more in the blog post!

    - + \ No newline at end of file diff --git a/blogs/tags/kubic.html b/blogs/tags/kubic.html index fe15b3d89..db3d6c4f2 100644 --- a/blogs/tags/kubic.html +++ b/blogs/tags/kubic.html @@ -12,7 +12,7 @@ - + @@ -23,7 +23,7 @@ the default repos, thanks to the amazing work of Reinhard Tartler and team.

    The package versions available currently are: Podman 3.4, Buildah 1.23 and Skopeo 1.4.

    There won't be any further updates to the Kubic repos as far as Podman, Buildah and Skopeo are concerned, so users are recommended to use the default repos on 22.04 LTS.

    If you're currently using packages from the Kubic repos, it’s highly recommended to uninstall the Kubic packages prior to upgrading to 22.04 LTS.

    - + \ No newline at end of file diff --git a/blogs/tags/linux.html b/blogs/tags/linux.html index 9dd1579a4..63b6f0c6b 100644 --- a/blogs/tags/linux.html +++ b/blogs/tags/linux.html @@ -12,7 +12,7 @@ - + @@ -24,7 +24,7 @@ have made it easier for new users to test the latest-greatest versions of Podman and allow for using it on distributions that do not yet provide it in their main repositories.

    · 5 min read

    podman logo

    Easy Development Dependency Management With Podman and Tent

    By Farhan Hasin Chowdhury GitHub

    Installing and managing development dependencies for various project is a chore and one thing that can improve your everyday workflow is the usage of containers.

    Tent is a CLI tool for running development dependencies such as MySQL, Mongo, ElasticSearch etc inside pre-configured containers using simple one-liners.

    · One min read

    Tent is an open-source CLI tool for running development dependencies such as MySQL, Mongo, ElasticSearch etc inside pre-configured containers using simple one-liners. Developed using Go and the official golang bindings, tent is fast, reliable and secure. Checkout Easy Development Dependency Management With Podman and Tent to learn about the project.

    · 3 min read

    podman logo

    Using Podman and systemd to manage container lifecycle

    By Ed Haynes GitHub

    My background is in industrial automation, and in most cases, the edge devices in the factory are too underpowered to run Kubernetes as a method to manage the lifecycle of containers. The workloads have a very long lifecycle, and generally are "tied" to the edge device. There is a lot of value in containerizing applications on these edge devices, however, as it decouples the application dependencies from the OS and provides a level of isolation between applications. This demo will show how using Podman in conjunction with systemd provides an elegant solution for this sort of use case. In addition, this will be done as a "rootless" user - a key benefit of Podman that helps keep the device secure.

    - + \ No newline at end of file diff --git a/blogs/tags/mac-os.html b/blogs/tags/mac-os.html index cf83b6273..d3faebe13 100644 --- a/blogs/tags/mac-os.html +++ b/blogs/tags/mac-os.html @@ -12,7 +12,7 @@ - + @@ -22,7 +22,7 @@ deliver is the ability to mount volumes from MacOS into the virtual machine. We decided to backport some code to make it available to users more quickly. As such, it is possible if not likely that there will be more changes around volume mounts in subsequent Podman releases (i.e. default mounts, technology used to make the mount).

    - + \ No newline at end of file diff --git a/blogs/tags/mac.html b/blogs/tags/mac.html index 4e26ddedd..e7c188d7a 100644 --- a/blogs/tags/mac.html +++ b/blogs/tags/mac.html @@ -12,7 +12,7 @@ - + @@ -30,7 +30,7 @@ Checkout the Podman Posts of Interest for the links!

    - + \ No newline at end of file diff --git a/blogs/tags/mac/page/2.html b/blogs/tags/mac/page/2.html index 422ef9633..d69e8f38a 100644 --- a/blogs/tags/mac/page/2.html +++ b/blogs/tags/mac/page/2.html @@ -12,7 +12,7 @@ - + @@ -23,7 +23,7 @@ Checkout the Podman Posts of Interest for the links!

    - + \ No newline at end of file diff --git a/blogs/tags/mac/page/3.html b/blogs/tags/mac/page/3.html index bee9bcc50..50f3e754c 100644 --- a/blogs/tags/mac/page/3.html +++ b/blogs/tags/mac/page/3.html @@ -12,7 +12,7 @@ - + @@ -32,7 +32,7 @@ Checkout the Podman Posts of Interest for the links!

    · One min read

    podman logo

    From Docker Compose to Kubernetes with Podman

    By Brent Baude GitHub

    If you want to know how to use Podman v3.0 to convert Docker Compose YAML to a format that Podman recognizes, Brent Baude explains the "how to" in a recent blog post on the Red Hat Enable Sysadmin site, From Docker Compose to Kubernetes with Podman. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    - + \ No newline at end of file diff --git a/blogs/tags/mac/page/4.html b/blogs/tags/mac/page/4.html index 949876373..081b90f4b 100644 --- a/blogs/tags/mac/page/4.html +++ b/blogs/tags/mac/page/4.html @@ -12,7 +12,7 @@ - + @@ -31,7 +31,7 @@ opensourcers.org which talks about the basics of containers, how digests and manifests come into play, working with and creating multi-architecture images and more! It is a really nice discussion of all the pieces and parts of a container image for someone new to the technology right through people who are a lot more experienced, but might not know every nook and cranny.

    - + \ No newline at end of file diff --git a/blogs/tags/mac/page/5.html b/blogs/tags/mac/page/5.html index e0796abb2..ffd8eb4e0 100644 --- a/blogs/tags/mac/page/5.html +++ b/blogs/tags/mac/page/5.html @@ -12,7 +12,7 @@ - + @@ -27,7 +27,7 @@ to the posts. Checkout the Podman Posts of Interest for the links!

    · One min read

    podman logo

    Container image short names in Podman

    By Tom Sweeney GitHub

    Do you like you container names to be short, sweet and yet secure? Valentin Rothberg shows you how in a recent blog post on the Red Hat Enable Sysadmin site, Container image short names in Podman. This functionality is now available in the upstream version of Podman and is targeted for Podman v3.0.

    · One min read

    podman logo

    The history of an API: GitLab Runner and Podman

    By Tom Sweeney GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, The history of an API: GitLab Runner and Podman, Pablo Greco from the CentOS QA team in Buenos Aires, Argentia documented his journey through a Podman and GitLab Runner integration. When Podman v2.2 arrives, GitLab Runner will be able to run with Podman right out of the box. Give the article a read to see how he got there.

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, The history of an API: GitLab Runner and Podman, Pablo Greco from the CentOS QA team in Buenos Aires, Argentia documented his journey through a Podman and GitLab Runner integration. When Podman v2.2 arrives, GitLab Runner will be able to run with Podman right out of the box. Give the article a read to see how he got there.

    · One min read

    podman logo

    Exploring Podman RESTful API using Python and Bash

    By Jhon Honce GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, Exploring Podman RESTful API using Python and Bash, Jhon Honce nicely demonstrates the new Podman REST API using code examples in Python and shell commands. Additional notes are included in the code comments. The provided code was written to be clear vs. production quality.

    - + \ No newline at end of file diff --git a/blogs/tags/mac/page/6.html b/blogs/tags/mac/page/6.html index 568d3e67b..feb26368d 100644 --- a/blogs/tags/mac/page/6.html +++ b/blogs/tags/mac/page/6.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    56 posts tagged with "mac"

    View All Tags

    · One min read

    podman logo

    DevConf US 2020 Containers Technologies Talk

    By Tom Sweeney GitHub

    In case you missed Kedar Kulkarni's excellent talk at DevConf.US 2020, "Docker, Podman, Buildah, Skopeo, and what else?", check out the video on YouTube. There were also a number of other interesting talks at DevConf.US 2020 that you might be interested in, you'll be able to find links to the talks at the DevConf.US site above.

    · One min read

    By Tom Sweeney GitHub

    In case you missed Kedar Kulkarni's excellent talk at DevConf.US 2020, "Docker, Podman, Buildah, Skopeo, and what else?", check out the video on YouTube. There were also a number of other interesting talks at DevConf.US 2020 that you might be interested in, you'll be able to find links to the talks at the DevConf.US site above.

    · One min read

    podman logo

    Podman Posts of Interest

    By Brent Baude GitHub

    · One min read

    I've run across a number of posts over the past few weeks concerning Podman and have been busy getting other work done. So now I have a few moments and thought I'd add some links to the posts. Enjoy!

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, Podman remote clients for macOS and Windows, Brent Baude and Ashley Cui walk you through setting up a remote client on either Windows or macOS to let you manage your containers and images on your Linux backend. The post covers installation, ssh setup, creating the initial connection and finally how to use the client. Give it a quick look!

    · One min read

    podman logo

    Podman remote clients for macOS and Windows

    By Brent Baude GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, Podman remote clients for macOS and Windows, Brent Baude and Ashley Cui walk you through setting up a remote client on either Windows or macOS to let you manage your containers and images on your Linux backend. The post covers installation, ssh setup, creating the initial connection and finally how to use the client. Give it a quick look!

    - + \ No newline at end of file diff --git a/blogs/tags/microsoft.html b/blogs/tags/microsoft.html index 10916de93..c07bebad6 100644 --- a/blogs/tags/microsoft.html +++ b/blogs/tags/microsoft.html @@ -12,13 +12,13 @@ - +

    6 posts tagged with "microsoft"

    View All Tags

    · One min read

    podman logo

    Pulling podman images from a container repository

    By Tom Sweeney GitHub

    Tom Sweeney has another blog post on the Red Hat Enable Sysadmin site this time he's writing about Pulling podman images from a container repository. Learn the different varieties of pull that the podman build command can use to speed up or further secure your environment in this post.

    · One min read

    podman logo

    What happens behind the scenes of a rootless Podman container?

    By Dan Walsh GitHub

    Dan Walsh along with Matt Heon have a blog post on the Red Hat Enable Sysadmin site, What happens behind the scenes of a rootless Podman container?. If you ever wanted to know what happens under the covers of a rootless container, this is the article for you!

    - + \ No newline at end of file diff --git a/blogs/tags/multiarch.html b/blogs/tags/multiarch.html index b7515dec7..c31f4a692 100644 --- a/blogs/tags/multiarch.html +++ b/blogs/tags/multiarch.html @@ -12,7 +12,7 @@ - + @@ -31,7 +31,7 @@ to produce an image that supports multiple architectures under a single "name". Working with container image manifest lists post!

    - + \ No newline at end of file diff --git a/blogs/tags/netavark.html b/blogs/tags/netavark.html index d7b089cd8..045d7fc6d 100644 --- a/blogs/tags/netavark.html +++ b/blogs/tags/netavark.html @@ -12,13 +12,13 @@ - +

    2 posts tagged with "netavark"

    View All Tags
    - + \ No newline at end of file diff --git a/blogs/tags/network.html b/blogs/tags/network.html index f8f169d7d..1062a1258 100644 --- a/blogs/tags/network.html +++ b/blogs/tags/network.html @@ -12,13 +12,13 @@ - +

    3 posts tagged with "network"

    View All Tags
    - + \ No newline at end of file diff --git a/blogs/tags/networking.html b/blogs/tags/networking.html index cacb0fd74..6ee014e31 100644 --- a/blogs/tags/networking.html +++ b/blogs/tags/networking.html @@ -12,7 +12,7 @@ - + @@ -30,7 +30,7 @@ Checkout the Podman Posts of Interest for the links!

    - + \ No newline at end of file diff --git a/blogs/tags/networking/page/10.html b/blogs/tags/networking/page/10.html index e2f94027f..427af32fe 100644 --- a/blogs/tags/networking/page/10.html +++ b/blogs/tags/networking/page/10.html @@ -12,13 +12,13 @@ - +

    92 posts tagged with "networking"

    View All Tags

    · One min read

    podman logo

    Leasing routable IP addresses with Podman containers

    By Brent Baude GitHub

    Brent Baude has another blog post on the Red Hat Enable Sysadmin site this time about Leasing routable IP addresses with Podman containers. In the post Brent talks about using the macvlan and the dhcp plugins that ship with the container-networking project in order to lease ip addresses for your containers.

    - + \ No newline at end of file diff --git a/blogs/tags/networking/page/2.html b/blogs/tags/networking/page/2.html index 44da4beff..151277c7a 100644 --- a/blogs/tags/networking/page/2.html +++ b/blogs/tags/networking/page/2.html @@ -12,7 +12,7 @@ - + @@ -21,7 +21,7 @@ on Apple silicon hardware like the M1s.

    · 3 min read

    podman logo

    Podman on Macs Update

    By Brent Baude GitHub

    The Podman team values the local development experience, and we think containers are a crucial part of that. We’ve been brainstorming, discussing, and testing solutions to bring a great Podman experience to Mac and Windows. We are constantly looking for ways to improve it. In particular, the latest release of Podman has support for Intel(as of Podman v3.4) Macs. We have been hearing good feedback for a few weeks now, but up until this point, we haven’t published a lot of documentation.

    - + \ No newline at end of file diff --git a/blogs/tags/networking/page/3.html b/blogs/tags/networking/page/3.html index eaa351604..153ec2494 100644 --- a/blogs/tags/networking/page/3.html +++ b/blogs/tags/networking/page/3.html @@ -12,7 +12,7 @@ - + @@ -30,7 +30,7 @@ May the Fourth be with you via Podman post, I delve into running an Ascii movie featureing the first Star Wars Movie inside of a container run by Podman.

    Enjoy and May the Fourth be with you!

    - + \ No newline at end of file diff --git a/blogs/tags/networking/page/4.html b/blogs/tags/networking/page/4.html index be682a86b..433d1a0c7 100644 --- a/blogs/tags/networking/page/4.html +++ b/blogs/tags/networking/page/4.html @@ -12,7 +12,7 @@ - + @@ -26,7 +26,7 @@ to the posts. Checkout the Podman Posts of Interest for the links!

    · One min read

    podman logo

    Podman: Managing pods and containers in a local container runtime

    By Brent Baude GitHub

    Podman has the ability to handle pod deployment which is a differentiator from other container runtimes. Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Podman: Managing pods and containers in a local container runtime. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    · One min read

    Podman has the ability to handle pod deployment which is a differentiator from other container runtimes. Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Podman: Managing pods and containers in a local container runtime. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    · One min read

    One of the questions that the Podman development team has been hearing a lot over the past year or so is "Does Podman support Docker Compose? Up until recently, the answer was "not yet". With the soon to be released Podman v3.0, that answer changes to "NOW!" Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Using Podman and Docker Compose. This functionality is now available in the upstream version of Podman if you want to take a real sneak peak.

    · One min read

    podman logo

    Using Podman and Docker Compose

    By Brent Baude GitHub

    One of the questions that the Podman development team has been hearing a lot over the past year or so is "Does Podman support Docker Compose? Up until recently, the answer was "not yet". With the soon to be released Podman v3.0, that answer changes to "NOW!" Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Using Podman and Docker Compose. This functionality is now available in the upstream version of Podman if you want to take a real sneak peak.

    - + \ No newline at end of file diff --git a/blogs/tags/networking/page/5.html b/blogs/tags/networking/page/5.html index 5a46faa6e..bfc8e611c 100644 --- a/blogs/tags/networking/page/5.html +++ b/blogs/tags/networking/page/5.html @@ -12,7 +12,7 @@ - + @@ -36,7 +36,7 @@ to the posts. Checkout the Podman Posts of Interest for the links!

    · One min read

    podman logo

    Container image short names in Podman

    By Tom Sweeney GitHub

    Do you like you container names to be short, sweet and yet secure? Valentin Rothberg shows you how in a recent blog post on the Red Hat Enable Sysadmin site, Container image short names in Podman. This functionality is now available in the upstream version of Podman and is targeted for Podman v3.0.

    - + \ No newline at end of file diff --git a/blogs/tags/networking/page/6.html b/blogs/tags/networking/page/6.html index cb88886d8..c18279309 100644 --- a/blogs/tags/networking/page/6.html +++ b/blogs/tags/networking/page/6.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    92 posts tagged with "networking"

    View All Tags

    · One min read

    podman logo

    The history of an API: GitLab Runner and Podman

    By Tom Sweeney GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, The history of an API: GitLab Runner and Podman, Pablo Greco from the CentOS QA team in Buenos Aires, Argentia documented his journey through a Podman and GitLab Runner integration. When Podman v2.2 arrives, GitLab Runner will be able to run with Podman right out of the box. Give the article a read to see how he got there.

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, The history of an API: GitLab Runner and Podman, Pablo Greco from the CentOS QA team in Buenos Aires, Argentia documented his journey through a Podman and GitLab Runner integration. When Podman v2.2 arrives, GitLab Runner will be able to run with Podman right out of the box. Give the article a read to see how he got there.

    · One min read

    podman logo

    Exploring Podman RESTful API using Python and Bash

    By Jhon Honce GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, Exploring Podman RESTful API using Python and Bash, Jhon Honce nicely demonstrates the new Podman REST API using code examples in Python and shell commands. Additional notes are included in the code comments. The provided code was written to be clear vs. production quality.

    · One min read

    podman logo

    DevConf US 2020 Containers Technologies Talk

    By Tom Sweeney GitHub

    In case you missed Kedar Kulkarni's excellent talk at DevConf.US 2020, "Docker, Podman, Buildah, Skopeo, and what else?", check out the video on YouTube. There were also a number of other interesting talks at DevConf.US 2020 that you might be interested in, you'll be able to find links to the talks at the DevConf.US site above.

    · One min read

    By Tom Sweeney GitHub

    In case you missed Kedar Kulkarni's excellent talk at DevConf.US 2020, "Docker, Podman, Buildah, Skopeo, and what else?", check out the video on YouTube. There were also a number of other interesting talks at DevConf.US 2020 that you might be interested in, you'll be able to find links to the talks at the DevConf.US site above.

    · One min read

    podman logo

    Podman Posts of Interest

    By Brent Baude GitHub

    · One min read

    I've run across a number of posts over the past few weeks concerning Podman and have been busy getting other work done. So now I have a few moments and thought I'd add some links to the posts. Enjoy!

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, Podman remote clients for macOS and Windows, Brent Baude and Ashley Cui walk you through setting up a remote client on either Windows or macOS to let you manage your containers and images on your Linux backend. The post covers installation, ssh setup, creating the initial connection and finally how to use the client. Give it a quick look!

    · One min read

    podman logo

    Podman remote clients for macOS and Windows

    By Brent Baude GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, Podman remote clients for macOS and Windows, Brent Baude and Ashley Cui walk you through setting up a remote client on either Windows or macOS to let you manage your containers and images on your Linux backend. The post covers installation, ssh setup, creating the initial connection and finally how to use the client. Give it a quick look!

    - + \ No newline at end of file diff --git a/blogs/tags/networking/page/7.html b/blogs/tags/networking/page/7.html index ade3f52dd..77205c31d 100644 --- a/blogs/tags/networking/page/7.html +++ b/blogs/tags/networking/page/7.html @@ -12,13 +12,13 @@ - +

    92 posts tagged with "networking"

    View All Tags

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, The podman play kube command now supports deployments, you can now learn all about the recent features added to Podman to interact with Kubernetes objects. The podman generate kube command allows you to export your existing containers into Kubernetes Pod YAML. This YAML can then be imported into OpenShift or a Kubernetes cluster. The podman play kube does the opposite, it allows you to take a Kubernetes YAML and run it in Podman. Learn all of the details and more in the blog post!

    · One min read

    Ashley Cui recently joined our team at Red Hat and just wrote her first ever blog post that is now on the Red Hat Enable Sysadmin site Tick-tock. Does your container know what time it is?. In this timely post, Ashley walks you through setting the timezone within a container using the --tz option. Just prior to this posting, I had answered a very similar question for someone. This is a really good and quick blog, and I'm sure the first of many for Ashley.

    · One min read

    Do you want to know more about Rootless containers, process separation, and OpenSCAP? If you're like many, a video is a better learning device than a blog post. Well you're in luck, Brian Smith just landed a blog post on the Red Hat Enable Sysadmin site Container video series: Rootless containers, process separation, and OpenSCAP with a number of blog posts on the subject, many featuring Podman.

    - + \ No newline at end of file diff --git a/blogs/tags/networking/page/8.html b/blogs/tags/networking/page/8.html index 8812b5643..cc31a58d6 100644 --- a/blogs/tags/networking/page/8.html +++ b/blogs/tags/networking/page/8.html @@ -12,7 +12,7 @@ - + @@ -43,7 +43,7 @@ advancements that Podman v2.x will give our users. Subsequent blog posts will be written on those advancements and why they matter to our users.

    - + \ No newline at end of file diff --git a/blogs/tags/networking/page/9.html b/blogs/tags/networking/page/9.html index 9f7883d78..17d984812 100644 --- a/blogs/tags/networking/page/9.html +++ b/blogs/tags/networking/page/9.html @@ -12,13 +12,13 @@ - +

    92 posts tagged with "networking"

    View All Tags

    · One min read

    podman logo

    Pulling podman images from a container repository

    By Tom Sweeney GitHub

    Tom Sweeney has another blog post on the Red Hat Enable Sysadmin site this time he's writing about Pulling podman images from a container repository. Learn the different varieties of pull that the podman build command can use to speed up or further secure your environment in this post.

    · One min read

    podman logo

    What happens behind the scenes of a rootless Podman container?

    By Dan Walsh GitHub

    Dan Walsh along with Matt Heon have a blog post on the Red Hat Enable Sysadmin site, What happens behind the scenes of a rootless Podman container?. If you ever wanted to know what happens under the covers of a rootless container, this is the article for you!

    · One min read

    podman logo

    Running containers with Podman and shareable systemd services

    By Bryan Hepworth GitHub

    Podman version 1.7 is coming out soon and will include new features that will make management of containers with systemd services even easier. Valentin Rothberg has a blog post on the Red Hat Enable Sysadmin site that previews the features: Running containers with Podman and shareable systemd services. In the post Valentin goes over the highlights and then gives a great working example.

    - + \ No newline at end of file diff --git a/blogs/tags/nfs.html b/blogs/tags/nfs.html index 2ad0e274e..247c40359 100644 --- a/blogs/tags/nfs.html +++ b/blogs/tags/nfs.html @@ -12,7 +12,7 @@ - + @@ -22,7 +22,7 @@ introduced how Podman can be used to run containers under the control of Open MPI. In this article I want to extend my HPC environment to use a shared NFS home directory.

    - + \ No newline at end of file diff --git a/blogs/tags/oci.html b/blogs/tags/oci.html index 89baeb391..78c8bb8bb 100644 --- a/blogs/tags/oci.html +++ b/blogs/tags/oci.html @@ -12,7 +12,7 @@ - + @@ -22,7 +22,7 @@ Signing container images is nothing magical and can drastically enhance security to mitigate man-in-the-middle (MITM) attacks. Read all about it here.

    · One min read

    podman logo

    What happens behind the scenes of a rootless Podman container?

    By Dan Walsh GitHub

    Dan Walsh along with Matt Heon have a blog post on the Red Hat Enable Sysadmin site, What happens behind the scenes of a rootless Podman container?. If you ever wanted to know what happens under the covers of a rootless container, this is the article for you!

    - + \ No newline at end of file diff --git a/blogs/tags/oci/page/2.html b/blogs/tags/oci/page/2.html index 187dd115b..d73208a6c 100644 --- a/blogs/tags/oci/page/2.html +++ b/blogs/tags/oci/page/2.html @@ -12,13 +12,13 @@ - +

    49 posts tagged with "oci"

    View All Tags

    · One min read

    · One min read

    podman logo

    Running containers with Podman and shareable systemd services

    By Bryan Hepworth GitHub

    Podman version 1.7 is coming out soon and will include new features that will make management of containers with systemd services even easier. Valentin Rothberg has a blog post on the Red Hat Enable Sysadmin site that previews the features: Running containers with Podman and shareable systemd services. In the post Valentin goes over the highlights and then gives a great working example.

    · One min read

    podman logo

    Working with Linux containers on RHEL 8 with Podman, image builder and web console

    By Tom Sweeney GitHub

    Do you want to know how to setup RHEL 8 to run containers using Podman? Xuegang Jin has a blog post on the Red Hat Blog about this very subject, Working with Linux containers on RHEL 8 with Podman, image builder and web console. In the post Xuegang explains how you can use Image Builder to create an OS image, how to run containers with Podman, and how to check the host and containers performance using Web Console.

    · One min read

    podman logo

    Understanding root inside and outside a container

    By Tom Sweeney GitHub

    Do you run containers as root, or as a regular user? Scott McCarty has a blog post on the Red Hat Blog about this very subject, Understanding root inside and outside a container. In the post Scott walks you through what a rootless container does and how it can be a safer alternative to a container run by root.

    · One min read

    podman logo

    Leasing routable IP addresses with Podman containers

    By Brent Baude GitHub

    Brent Baude has another blog post on the Red Hat Enable Sysadmin site this time about Leasing routable IP addresses with Podman containers. In the post Brent talks about using the macvlan and the dhcp plugins that ship with the container-networking project in order to lease ip addresses for your containers.

    - + \ No newline at end of file diff --git a/blogs/tags/oci/page/3.html b/blogs/tags/oci/page/3.html index dbffa5378..5b30a0a18 100644 --- a/blogs/tags/oci/page/3.html +++ b/blogs/tags/oci/page/3.html @@ -12,13 +12,13 @@ - +

    49 posts tagged with "oci"

    View All Tags

    · One min read

    podman logo

    Building freely distributed containers with open tools

    By Tom Sweeney GitHub

    Scott McCarty (@fatherlinux) has an amazing video on YouTube about Building freely distributed containers with open tools. As only Scott could say "Although explaining how to ride a Tron-style light cycle is beyond the scope of this tutorial, we will discuss something almost as exhilarating—building containers with #Podman and #RedHat Universal Base Image (UBI). We will cover how to build and run #containers based on #UBI using just your regular user account—no daemon, no root (rootless), no fuss. Finally, we will order the deresolution of all of our containers with a really cool command. You probably won’t be promoted to CEO of ENCOM after this talk, but you will have new tools in your toolbelt for how to find, run, build, and share container images."

    · One min read

    podman logo

    Basic security principles for containers and container runtimes

    By Brent Baude GitHub

    Brent Baude has another blog post on the Red Hat Enable Sysadmin site this time about Basic security principles for containers and container runtimes. In the post Brent talks about the three core security themes concerning containers and why user privileges matter in the space.

    · One min read

    podman logo

    The current adoption status of cgroup v2 in containers

    By Tom Sweeney GitHub

    In case you missed Akihiro Suda's post on Medium.com, The current adoption status of cgroup v2 in containers, here's a quick link to it. In the article Akihiro talks all things cgroup v2 and what changes it promises to bring to the world of containers, and Podman is at the forefront of that change.

    · One min read

    podman logo

    PMM Server + podman: Running a Container Without root Privileges

    By Tom Sweeney GitHub

    Ceri Williams talks about how the Percona Monitoring and Management (PMM) can be run in a container using Podman without root privileges here. In the post Ceri talks about how Percona was able to replace Docker with Podman and Buildah and are able to run containers more securely by doing so.

    · 11 min read

    podman logo

    Generate SECCOMP Profiles for Containers Using Podman and eBPF

    By Valentin Rothberg GitHub

    Containers run everywhere. They run in the cloud, they run on IoT devices, they run in small and in big companies and wherever they run, we want them to run as securely as possible. In this article, I describe the Google Summer of Code project that Divyansh Kamboj, Dan Walsh and I have been working on and how we improved the state of the art in securing containers, and how you can try it out.

    - + \ No newline at end of file diff --git a/blogs/tags/oci/page/4.html b/blogs/tags/oci/page/4.html index 1e3c94361..bde127e5b 100644 --- a/blogs/tags/oci/page/4.html +++ b/blogs/tags/oci/page/4.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    49 posts tagged with "oci"

    View All Tags

    · One min read

    podman logo

    Why can’t rootless Podman pull my image?

    By Matthew Heon GitHub

    Matthew Heon has a blog post on the Red Hat Enable Sysadmin site about Why can’t rootless Podman pull my image?. In the blog Matt discusses why restrictions on rootless containers can be inconvenient, but why they're necessary. In the blog Matt covers the use of user namespace and the allocations of uid and gid's that are required to make rootless containers work securely in your environment.

    · One min read

    podman logo

    Best practices for running Buildah in a container

    By Dan Walsh GitHub

    Dan Walsh has recently posted a blog on the Red Hat Developer Blog, Best practices for running Buildah in a container. The post walks you through the balancing act of running a container securely using while keeping an eye on performance. A big boost to the performance side of things is the concept of "Additional Stores". Dan walks you through the use of those in this blog and then wraps it all up with an on-line video at the end.

    · One min read

    podman logo

    Using the rootless containers Tech Preview in RHEL 8.0

    By Tom Sweeney GitHub

    Scott McCarty has a blog post on the Red Hat Blog about Using the rootless containers Tech Preview in RHEL 8.0. Podman rootless containers has hit Tech Preview for RHEL 8.0 and Scott walks you through the setup necessary for rootless containers. Small hint, it's a short post because it's just that easy.

    · One min read

    podman logo

    How templating works with Podman, Kubernetes, and Red Hat OpenShift

    By Tom Sweeney GitHub

    Olaph Wagner has put together a nice introduction on How templating works with Podman, Kubernetes, and Red Hat OpenShift on the IBM Developer blog site. If you want to find out how to use Podman to create images that helps Red Hat OpenShift to make templates on the IBM Cloud(TM), then this is the article for you!

    · One min read

    podman logo

    OnDemand Course: Container pipelines for sys admins—and anyone, really—with Buildah and Podman

    By Tom Sweeney GitHub

    Red Hat has recently posted an OnDemand course: Container pipelines for sys admins—and anyone, really—with Buildah and Podman. The session teaches you how to integrate both Podman and Buildah into your continuous delivery (CI/CD) solutions and also serves as a good introduction to both tools. The cost can't be beat (free!), so if you're looking for a quick introduction into the tools, this is a good way to go.

    · 2 min read

    podman logo

    Podman Mailing List

    By Tom Sweeney GitHub

    We've received a number of requests for a mailing list for Podman and we're happy to announce that one has just been created! We've built a friendly community on IRC and GitHub and plan to continue that growth in this new mailing list. The maintainers of the project are all members of the list and we're happy to take any and all questions there about Podman. You can also just use the list as a way to track what's going on with Podman as release announcements and other important news will be posted there.

    - + \ No newline at end of file diff --git a/blogs/tags/oci/page/5.html b/blogs/tags/oci/page/5.html index ca3fd181f..d5e55a73e 100644 --- a/blogs/tags/oci/page/5.html +++ b/blogs/tags/oci/page/5.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    49 posts tagged with "oci"

    View All Tags

    · One min read

    podman logo

    Monitoring container vitality and availability with Podman

    By Brent Baude GitHub

    Who doesn't want a healthy container in their environment? Now with Podman you can setup healthchecks so you can check if your container and it's application is up and running as you'd expect. Brent Baude introduces the new functionality in this article on the Red Hat Developer Blog: Monitoring container vitality and availability with Podman.

    · 5 min read

    podman logo buildah logo

    Buildah and Podman Relationship

    By Tom Sweeney GitHub

    Kubernetes installations can be complex with multiple runtime dependencies and runtime engines. CRI-O was created to provide a lightweight runtime for Kubernetes which adds an abstraction layer between the cluster and the runtime that allows for various OCI runtime technologies. However you still have the problem of daemon dependencies in your cluster for builds - I.e. if you are using the cluster for builds you still need a Docker daemon.

    Enter Buildah. Buildah allows you to have a Kubernetes cluster without any Docker daemon for both runtime and builds. Excellent. But what if things go wrong? What if you want to do troubleshooting or debugging of containers in your cluster? Buildah isn’t really built for that, what you need is a client tool for working with containers and the one that comes to mind is Docker CLI - but then you’re back to using the daemon.

    This is where Podman steps in. Podman allows you to do all of the Docker commands without the daemon dependency. With Podman you can run, build (it calls Buildah under the covers for this), modify and troubleshoot containers in your Kubernetes cluster. With the two projects together, you have a well rounded solution for your OCI container image and container needs.

    - + \ No newline at end of file diff --git a/blogs/tags/open-source.html b/blogs/tags/open-source.html index bead11483..fa1729d8d 100644 --- a/blogs/tags/open-source.html +++ b/blogs/tags/open-source.html @@ -12,13 +12,13 @@ - +

    One post tagged with "open source"

    View All Tags

    · 3 min read

    podman logo

    By Brent Baude GitHub

    If you follow the traffic on IRC (#podman on libera.chat) or GitHub from the developers of libpod, you might have seen us referencing a new API. We often referred to it as apiv2 and for about a month, there has been an 'apiv2' branch for libpod on GitHub. This week, we have begun to merge that branch but have yet to “wire it up.”

    First and foremost, the Golang libpod API remains largely unchanged. What is changing is the API we expose for automation and remote usage. Our previous API was based on the varlink protocol. But we heard from users that varlink was a hurdle for libpod adoption especially for those who were using the Docker API and its bindings. They simply could not or did not want to rewrite their custom applications for libpod’s new, varlink-based API.

    - + \ No newline at end of file diff --git a/blogs/tags/openstack.html b/blogs/tags/openstack.html index 0566c2064..1b2d2625b 100644 --- a/blogs/tags/openstack.html +++ b/blogs/tags/openstack.html @@ -12,7 +12,7 @@ - + @@ -21,7 +21,7 @@ from Docker to Podman containers.

    Read More

    - + \ No newline at end of file diff --git a/blogs/tags/pod.html b/blogs/tags/pod.html index 1c5c00779..346ee446f 100644 --- a/blogs/tags/pod.html +++ b/blogs/tags/pod.html @@ -12,7 +12,7 @@ - + @@ -30,7 +30,7 @@ Checkout the Podman Posts of Interest for the links!

    - + \ No newline at end of file diff --git a/blogs/tags/pod/page/2.html b/blogs/tags/pod/page/2.html index a9965cc97..27e641073 100644 --- a/blogs/tags/pod/page/2.html +++ b/blogs/tags/pod/page/2.html @@ -12,7 +12,7 @@ - + @@ -21,7 +21,7 @@ on Apple silicon hardware like the M1s.

    · 3 min read

    podman logo

    Podman on Macs Update

    By Brent Baude GitHub

    The Podman team values the local development experience, and we think containers are a crucial part of that. We’ve been brainstorming, discussing, and testing solutions to bring a great Podman experience to Mac and Windows. We are constantly looking for ways to improve it. In particular, the latest release of Podman has support for Intel(as of Podman v3.4) Macs. We have been hearing good feedback for a few weeks now, but up until this point, we haven’t published a lot of documentation.

    - + \ No newline at end of file diff --git a/blogs/tags/pod/page/3.html b/blogs/tags/pod/page/3.html index 3014832a3..f0ef06fca 100644 --- a/blogs/tags/pod/page/3.html +++ b/blogs/tags/pod/page/3.html @@ -12,7 +12,7 @@ - + @@ -30,7 +30,7 @@ May the Fourth be with you via Podman post, I delve into running an Ascii movie featureing the first Star Wars Movie inside of a container run by Podman.

    Enjoy and May the Fourth be with you!

    - + \ No newline at end of file diff --git a/blogs/tags/pod/page/4.html b/blogs/tags/pod/page/4.html index efcec1b05..43ea48e7b 100644 --- a/blogs/tags/pod/page/4.html +++ b/blogs/tags/pod/page/4.html @@ -12,7 +12,7 @@ - + @@ -26,7 +26,7 @@ to the posts. Checkout the Podman Posts of Interest for the links!

    · One min read

    podman logo

    Podman: Managing pods and containers in a local container runtime

    By Brent Baude GitHub

    Podman has the ability to handle pod deployment which is a differentiator from other container runtimes. Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Podman: Managing pods and containers in a local container runtime. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    · One min read

    Podman has the ability to handle pod deployment which is a differentiator from other container runtimes. Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Podman: Managing pods and containers in a local container runtime. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    · One min read

    One of the questions that the Podman development team has been hearing a lot over the past year or so is "Does Podman support Docker Compose? Up until recently, the answer was "not yet". With the soon to be released Podman v3.0, that answer changes to "NOW!" Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Using Podman and Docker Compose. This functionality is now available in the upstream version of Podman if you want to take a real sneak peak.

    · One min read

    podman logo

    Using Podman and Docker Compose

    By Brent Baude GitHub

    One of the questions that the Podman development team has been hearing a lot over the past year or so is "Does Podman support Docker Compose? Up until recently, the answer was "not yet". With the soon to be released Podman v3.0, that answer changes to "NOW!" Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Using Podman and Docker Compose. This functionality is now available in the upstream version of Podman if you want to take a real sneak peak.

    - + \ No newline at end of file diff --git a/blogs/tags/pod/page/5.html b/blogs/tags/pod/page/5.html index 4eb6f2009..c0939ff77 100644 --- a/blogs/tags/pod/page/5.html +++ b/blogs/tags/pod/page/5.html @@ -12,7 +12,7 @@ - + @@ -36,7 +36,7 @@ to the posts. Checkout the Podman Posts of Interest for the links!

    · One min read

    podman logo

    Container image short names in Podman

    By Tom Sweeney GitHub

    Do you like you container names to be short, sweet and yet secure? Valentin Rothberg shows you how in a recent blog post on the Red Hat Enable Sysadmin site, Container image short names in Podman. This functionality is now available in the upstream version of Podman and is targeted for Podman v3.0.

    - + \ No newline at end of file diff --git a/blogs/tags/pod/page/6.html b/blogs/tags/pod/page/6.html index 3259fd124..faf0a76fa 100644 --- a/blogs/tags/pod/page/6.html +++ b/blogs/tags/pod/page/6.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    82 posts tagged with "pod"

    View All Tags

    · One min read

    podman logo

    The history of an API: GitLab Runner and Podman

    By Tom Sweeney GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, The history of an API: GitLab Runner and Podman, Pablo Greco from the CentOS QA team in Buenos Aires, Argentia documented his journey through a Podman and GitLab Runner integration. When Podman v2.2 arrives, GitLab Runner will be able to run with Podman right out of the box. Give the article a read to see how he got there.

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, The history of an API: GitLab Runner and Podman, Pablo Greco from the CentOS QA team in Buenos Aires, Argentia documented his journey through a Podman and GitLab Runner integration. When Podman v2.2 arrives, GitLab Runner will be able to run with Podman right out of the box. Give the article a read to see how he got there.

    · One min read

    podman logo

    Exploring Podman RESTful API using Python and Bash

    By Jhon Honce GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, Exploring Podman RESTful API using Python and Bash, Jhon Honce nicely demonstrates the new Podman REST API using code examples in Python and shell commands. Additional notes are included in the code comments. The provided code was written to be clear vs. production quality.

    · One min read

    podman logo

    DevConf US 2020 Containers Technologies Talk

    By Tom Sweeney GitHub

    In case you missed Kedar Kulkarni's excellent talk at DevConf.US 2020, "Docker, Podman, Buildah, Skopeo, and what else?", check out the video on YouTube. There were also a number of other interesting talks at DevConf.US 2020 that you might be interested in, you'll be able to find links to the talks at the DevConf.US site above.

    · One min read

    By Tom Sweeney GitHub

    In case you missed Kedar Kulkarni's excellent talk at DevConf.US 2020, "Docker, Podman, Buildah, Skopeo, and what else?", check out the video on YouTube. There were also a number of other interesting talks at DevConf.US 2020 that you might be interested in, you'll be able to find links to the talks at the DevConf.US site above.

    · One min read

    podman logo

    Podman Posts of Interest

    By Brent Baude GitHub

    · One min read

    I've run across a number of posts over the past few weeks concerning Podman and have been busy getting other work done. So now I have a few moments and thought I'd add some links to the posts. Enjoy!

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, Podman remote clients for macOS and Windows, Brent Baude and Ashley Cui walk you through setting up a remote client on either Windows or macOS to let you manage your containers and images on your Linux backend. The post covers installation, ssh setup, creating the initial connection and finally how to use the client. Give it a quick look!

    · One min read

    podman logo

    Podman remote clients for macOS and Windows

    By Brent Baude GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, Podman remote clients for macOS and Windows, Brent Baude and Ashley Cui walk you through setting up a remote client on either Windows or macOS to let you manage your containers and images on your Linux backend. The post covers installation, ssh setup, creating the initial connection and finally how to use the client. Give it a quick look!

    - + \ No newline at end of file diff --git a/blogs/tags/pod/page/7.html b/blogs/tags/pod/page/7.html index afed7c19e..b1b83b0ac 100644 --- a/blogs/tags/pod/page/7.html +++ b/blogs/tags/pod/page/7.html @@ -12,13 +12,13 @@ - +

    82 posts tagged with "pod"

    View All Tags

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, The podman play kube command now supports deployments, you can now learn all about the recent features added to Podman to interact with Kubernetes objects. The podman generate kube command allows you to export your existing containers into Kubernetes Pod YAML. This YAML can then be imported into OpenShift or a Kubernetes cluster. The podman play kube does the opposite, it allows you to take a Kubernetes YAML and run it in Podman. Learn all of the details and more in the blog post!

    · One min read

    Ashley Cui recently joined our team at Red Hat and just wrote her first ever blog post that is now on the Red Hat Enable Sysadmin site Tick-tock. Does your container know what time it is?. In this timely post, Ashley walks you through setting the timezone within a container using the --tz option. Just prior to this posting, I had answered a very similar question for someone. This is a really good and quick blog, and I'm sure the first of many for Ashley.

    · One min read

    Do you want to know more about Rootless containers, process separation, and OpenSCAP? If you're like many, a video is a better learning device than a blog post. Well you're in luck, Brian Smith just landed a blog post on the Red Hat Enable Sysadmin site Container video series: Rootless containers, process separation, and OpenSCAP with a number of blog posts on the subject, many featuring Podman.

    - + \ No newline at end of file diff --git a/blogs/tags/pod/page/8.html b/blogs/tags/pod/page/8.html index 1e58cee96..7b412c37b 100644 --- a/blogs/tags/pod/page/8.html +++ b/blogs/tags/pod/page/8.html @@ -12,7 +12,7 @@ - + @@ -43,7 +43,7 @@ advancements that Podman v2.x will give our users. Subsequent blog posts will be written on those advancements and why they matter to our users.

    - + \ No newline at end of file diff --git a/blogs/tags/pod/page/9.html b/blogs/tags/pod/page/9.html index 20cf0ad42..ab5fe8230 100644 --- a/blogs/tags/pod/page/9.html +++ b/blogs/tags/pod/page/9.html @@ -12,13 +12,13 @@ - +

    82 posts tagged with "pod"

    View All Tags
    - + \ No newline at end of file diff --git a/blogs/tags/podman-machine.html b/blogs/tags/podman-machine.html index ea07415f4..6b33cc8d2 100644 --- a/blogs/tags/podman-machine.html +++ b/blogs/tags/podman-machine.html @@ -12,13 +12,13 @@ - +

    One post tagged with "podman+machine"

    View All Tags

    · 3 min read

    boot2podman logo

    Podman Machine and Boot2podman

    By Anders F Björklund GitHub

    Update: September 9, 2021 - Tom Sweeney

    This post initially discussed the boot2podman/machine project, which Anders has since deprecated. Starting with Podman v3.3, the podman machine command now does that same function and is part of the Podman project. Please see Brent Baude's update or the podman machine man page on docs.podman.io for more information on how to run Podman machine. The podman-machine command has been deprecated.

    In addition, the Podman team is investigating the possibility of creating Podman Desktop. Please see the issue on GitHub, and please add your comments or thoughts to that issue.

    More updates are coming, and please keep your eye on the Podman Mailing List and podman.io for further information and developments.

    Finally, a very big thank you to Anders for his many contributions to Podman, particularly for his work in getting Podman to work smoothly on macOS.

    Original Post

    By using podman-machine and indirectly boot2podman, it is easy to get started with podman even if your local host does not support it...

    It will start a virtual machine, with everything to run containers. This includes podman and buildah, and remote access over varlink.

    - + \ No newline at end of file diff --git a/blogs/tags/podman.html b/blogs/tags/podman.html index 4ce1774ff..06ca4da6d 100644 --- a/blogs/tags/podman.html +++ b/blogs/tags/podman.html @@ -12,7 +12,7 @@ - + @@ -44,7 +44,7 @@ macvlan without a gateway address. New packages for Fedora 36 and the Podman4 COPR are being built and should be available shortly.

    - + \ No newline at end of file diff --git a/blogs/tags/podman/page/10.html b/blogs/tags/podman/page/10.html index 1e2b19d98..5b164dc20 100644 --- a/blogs/tags/podman/page/10.html +++ b/blogs/tags/podman/page/10.html @@ -12,13 +12,13 @@ - +

    181 posts tagged with "podman"

    View All Tags

    · 3 min read

    podman logo

    Podman API v1.0 Deprecation and Removal Notice

    By Tom Sweeney GitHub

    The Podman API v1.0 relied on the varlink library to handle the underlying client/server calls from the Podman client to the host where the Podman service was running. About one year ago, the Podman team was notified that the focus on the varlink library was being greatly reduced and there would be no further development and little support for it from the varlink library team. This led the Podman team to investigate the use of other client/server technologies and it was decided to develop a RESTful API for Podman using the native Go libraries.

    - + \ No newline at end of file diff --git a/blogs/tags/podman/page/11.html b/blogs/tags/podman/page/11.html index 26aca03f9..8aa39a4bd 100644 --- a/blogs/tags/podman/page/11.html +++ b/blogs/tags/podman/page/11.html @@ -12,7 +12,7 @@ - + @@ -22,7 +22,7 @@ the upstream commands may become unstable for a period of time until the final release is completed. More details in the announcement post.

    - + \ No newline at end of file diff --git a/blogs/tags/podman/page/12.html b/blogs/tags/podman/page/12.html index 62d5c8412..8d537fc5c 100644 --- a/blogs/tags/podman/page/12.html +++ b/blogs/tags/podman/page/12.html @@ -12,7 +12,7 @@ - + @@ -43,7 +43,7 @@ Signing container images is nothing magical and can drastically enhance security to mitigate man-in-the-middle (MITM) attacks. Read all about it here.

    · One min read

    podman logo

    What happens behind the scenes of a rootless Podman container?

    By Dan Walsh GitHub

    Dan Walsh along with Matt Heon have a blog post on the Red Hat Enable Sysadmin site, What happens behind the scenes of a rootless Podman container?. If you ever wanted to know what happens under the covers of a rootless container, this is the article for you!

    - + \ No newline at end of file diff --git a/blogs/tags/podman/page/13.html b/blogs/tags/podman/page/13.html index 917f92e84..d9bf8cdad 100644 --- a/blogs/tags/podman/page/13.html +++ b/blogs/tags/podman/page/13.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    181 posts tagged with "podman"

    View All Tags

    · One min read

    · 3 min read

    podman logo

    By Brent Baude GitHub

    If you follow the traffic on IRC (#podman on libera.chat) or GitHub from the developers of libpod, you might have seen us referencing a new API. We often referred to it as apiv2 and for about a month, there has been an 'apiv2' branch for libpod on GitHub. This week, we have begun to merge that branch but have yet to “wire it up.”

    First and foremost, the Golang libpod API remains largely unchanged. What is changing is the API we expose for automation and remote usage. Our previous API was based on the varlink protocol. But we heard from users that varlink was a hurdle for libpod adoption especially for those who were using the Docker API and its bindings. They simply could not or did not want to rewrite their custom applications for libpod’s new, varlink-based API.

    · 10 min read

    podman logo

    Bioinformatics with rootless podman

    By Valentin Rothberg GitHub

    Over the last 10 years I've seen machines and workflows evolve where I work. From the initial dedicated server, to hpc environments and now the latest instance, containers.

    From an admin point of view this is great - The initial servers had to be carefully built and maintained so that everything would work nicely together. Incompatible programs at that time were run through a VM until such time as they could be folded in to the mix.

    The HPC's had versioned software and environment modules and were built to load the relevant dependencies at run time.

    Now we are into a new era, containers - and not just any old containers, but containers that end users can build and run up fairly quickly to perform what-if's, and move on quickly through iterations until they perform the required functions.

    Podman has developed very rapidly and is incredibly easy to use. You can use it in conjunction with quay.io or run it on a local machine.

    I should add that Adrian Reber gave a talk and has also created a Podman article using openhpc; well worth a watch and a read.

    If you don't have a RedHat Developer Subscription now is an ideal time to get one:

    https://developers.redhat.com/articles/getting-red-hat-developer-subscription-what-rhel-users-need-know/

    ..and download RedHat Enterprise 8.1

    · One min read

    podman logo

    Running containers with Podman and shareable systemd services

    By Bryan Hepworth GitHub

    Podman version 1.7 is coming out soon and will include new features that will make management of containers with systemd services even easier. Valentin Rothberg has a blog post on the Red Hat Enable Sysadmin site that previews the features: Running containers with Podman and shareable systemd services. In the post Valentin goes over the highlights and then gives a great working example.

    · One min read

    podman logo

    Working with Linux containers on RHEL 8 with Podman, image builder and web console

    By Tom Sweeney GitHub

    Do you want to know how to setup RHEL 8 to run containers using Podman? Xuegang Jin has a blog post on the Red Hat Blog about this very subject, Working with Linux containers on RHEL 8 with Podman, image builder and web console. In the post Xuegang explains how you can use Image Builder to create an OS image, how to run containers with Podman, and how to check the host and containers performance using Web Console.

    · One min read

    podman logo

    Understanding root inside and outside a container

    By Tom Sweeney GitHub

    Do you run containers as root, or as a regular user? Scott McCarty has a blog post on the Red Hat Blog about this very subject, Understanding root inside and outside a container. In the post Scott walks you through what a rootless container does and how it can be a safer alternative to a container run by root.

    - + \ No newline at end of file diff --git a/blogs/tags/podman/page/14.html b/blogs/tags/podman/page/14.html index c0cafec28..d8bb985ec 100644 --- a/blogs/tags/podman/page/14.html +++ b/blogs/tags/podman/page/14.html @@ -12,7 +12,7 @@ - + @@ -22,7 +22,7 @@ introduced how Podman can be used to run containers under the control of Open MPI. In this article I want to extend my HPC environment to use a shared NFS home directory.

    - + \ No newline at end of file diff --git a/blogs/tags/podman/page/15.html b/blogs/tags/podman/page/15.html index 7dee82fc9..20aea1bd6 100644 --- a/blogs/tags/podman/page/15.html +++ b/blogs/tags/podman/page/15.html @@ -12,7 +12,7 @@ - + @@ -21,7 +21,7 @@ but in this article I want to focus on running Message Passing Interface (MPI) parallelized programs with the help of Podman.

    · One min read

    podman logo

    Why can’t rootless Podman pull my image?

    By Matthew Heon GitHub

    Matthew Heon has a blog post on the Red Hat Enable Sysadmin site about Why can’t rootless Podman pull my image?. In the blog Matt discusses why restrictions on rootless containers can be inconvenient, but why they're necessary. In the blog Matt covers the use of user namespace and the allocations of uid and gid's that are required to make rootless containers work securely in your environment.

    · One min read

    podman logo

    Best practices for running Buildah in a container

    By Dan Walsh GitHub

    Dan Walsh has recently posted a blog on the Red Hat Developer Blog, Best practices for running Buildah in a container. The post walks you through the balancing act of running a container securely using while keeping an eye on performance. A big boost to the performance side of things is the concept of "Additional Stores". Dan walks you through the use of those in this blog and then wraps it all up with an on-line video at the end.

    · One min read

    podman logo

    Using the rootless containers Tech Preview in RHEL 8.0

    By Tom Sweeney GitHub

    Scott McCarty has a blog post on the Red Hat Blog about Using the rootless containers Tech Preview in RHEL 8.0. Podman rootless containers has hit Tech Preview for RHEL 8.0 and Scott walks you through the setup necessary for rootless containers. Small hint, it's a short post because it's just that easy.

    · One min read

    podman logo

    How templating works with Podman, Kubernetes, and Red Hat OpenShift

    By Tom Sweeney GitHub

    Olaph Wagner has put together a nice introduction on How templating works with Podman, Kubernetes, and Red Hat OpenShift on the IBM Developer blog site. If you want to find out how to use Podman to create images that helps Red Hat OpenShift to make templates on the IBM Cloud(TM), then this is the article for you!

    - + \ No newline at end of file diff --git a/blogs/tags/podman/page/16.html b/blogs/tags/podman/page/16.html index bf9833e44..60d5138ca 100644 --- a/blogs/tags/podman/page/16.html +++ b/blogs/tags/podman/page/16.html @@ -12,7 +12,7 @@ - + @@ -22,7 +22,7 @@ Ruby on Rails application in new article on mkdev.me blog: Dockerless, part 3: Moving development environment to containers with Podman.

    · One min read

    podman logo

    OnDemand Course: Container pipelines for sys admins—and anyone, really—with Buildah and Podman

    By Tom Sweeney GitHub

    Red Hat has recently posted an OnDemand course: Container pipelines for sys admins—and anyone, really—with Buildah and Podman. The session teaches you how to integrate both Podman and Buildah into your continuous delivery (CI/CD) solutions and also serves as a good introduction to both tools. The cost can't be beat (free!), so if you're looking for a quick introduction into the tools, this is a good way to go.

    · 2 min read

    podman logo

    Podman Mailing List

    By Tom Sweeney GitHub

    We've received a number of requests for a mailing list for Podman and we're happy to announce that one has just been created! We've built a friendly community on IRC and GitHub and plan to continue that growth in this new mailing list. The maintainers of the project are all members of the list and we're happy to take any and all questions there about Podman. You can also just use the list as a way to track what's going on with Podman as release announcements and other important news will be posted there.

    · One min read

    podman logo

    Monitoring container vitality and availability with Podman

    By Brent Baude GitHub

    Who doesn't want a healthy container in their environment? Now with Podman you can setup healthchecks so you can check if your container and it's application is up and running as you'd expect. Brent Baude introduces the new functionality in this article on the Red Hat Developer Blog: Monitoring container vitality and availability with Podman.

    - + \ No newline at end of file diff --git a/blogs/tags/podman/page/17.html b/blogs/tags/podman/page/17.html index 302006f38..e811f671f 100644 --- a/blogs/tags/podman/page/17.html +++ b/blogs/tags/podman/page/17.html @@ -12,7 +12,7 @@ - + @@ -33,7 +33,7 @@ sometimes the user's environment will not allow them to install all the packages needed; or perhaps the user is intimidated by building from source; or perhaps the user would prefer the RPM package because it will make the upgrade process easier down the road.

    To solve this problem, I have created a series of container images for CentOS7, Fedora 28, and Fedora 29 that are capable of building a development Podman RPM and associated packages.

    - + \ No newline at end of file diff --git a/blogs/tags/podman/page/18.html b/blogs/tags/podman/page/18.html index e9c3eb4ab..0ec9144ad 100644 --- a/blogs/tags/podman/page/18.html +++ b/blogs/tags/podman/page/18.html @@ -12,7 +12,7 @@ - + @@ -31,7 +31,7 @@ In fact, this job can be done by external tools and this blog post describes how we can use the systemd initialization service to work with Podman containers.

    - + \ No newline at end of file diff --git a/blogs/tags/podman/page/19.html b/blogs/tags/podman/page/19.html index 586d6dada..aba219b36 100644 --- a/blogs/tags/podman/page/19.html +++ b/blogs/tags/podman/page/19.html @@ -12,13 +12,13 @@ - +

    181 posts tagged with "podman"

    View All Tags

    · 6 min read

    podman logo

    Python3 support for Podman

    By Jhon Honce GitHub

    You’ve learned of Podman and all it’s coolness for running OCI-based containers, but you need a solution that is repeatable and scripted. Rather than just executing Podman commands, you want a stable API to call into and not need to screen scrape the output.

    We heard you and now provide a Python package, python3-podman. This package allows you to access the facilities of a Podman service with #nobigfatdaemons.

    - + \ No newline at end of file diff --git a/blogs/tags/podman/page/2.html b/blogs/tags/podman/page/2.html index 215ed0335..7c9f9d262 100644 --- a/blogs/tags/podman/page/2.html +++ b/blogs/tags/podman/page/2.html @@ -12,7 +12,7 @@ - + @@ -24,7 +24,7 @@ changes around volume mounts in subsequent Podman releases (i.e. default mounts, technology used to make the mount).

    · 2 min read

    podman logo

    Podman 4 is not in Fedora 35

    Podman 4 will not officially ship in Fedora 35 because it has breaking changes from Podman 3. Fedora has well-founded policies that forbid updating a package in a Fedora release, like 35, that has breaking changes. This is true for most Linux distributions that are dependent on release versions.

    - + \ No newline at end of file diff --git a/blogs/tags/podman/page/3.html b/blogs/tags/podman/page/3.html index 281f183be..7227a507f 100644 --- a/blogs/tags/podman/page/3.html +++ b/blogs/tags/podman/page/3.html @@ -12,7 +12,7 @@ - + @@ -36,7 +36,7 @@ Checkout the Podman Posts of Interest for the links!

    - + \ No newline at end of file diff --git a/blogs/tags/podman/page/4.html b/blogs/tags/podman/page/4.html index d2855a524..5a104ff6e 100644 --- a/blogs/tags/podman/page/4.html +++ b/blogs/tags/podman/page/4.html @@ -12,7 +12,7 @@ - + @@ -32,7 +32,7 @@ Checkout the Podman Posts of Interest for the links!

    - + \ No newline at end of file diff --git a/blogs/tags/podman/page/5.html b/blogs/tags/podman/page/5.html index c7bca17f0..c1070f44f 100644 --- a/blogs/tags/podman/page/5.html +++ b/blogs/tags/podman/page/5.html @@ -12,7 +12,7 @@ - + @@ -28,7 +28,7 @@ to the posts. Checkout the Podman Posts of Interest for the links!

    · One min read

    podman logo

    Podman: Managing pods and containers in a local container runtime

    By Brent Baude GitHub

    Podman has the ability to handle pod deployment which is a differentiator from other container runtimes. Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Podman: Managing pods and containers in a local container runtime. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    · One min read

    Podman has the ability to handle pod deployment which is a differentiator from other container runtimes. Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Podman: Managing pods and containers in a local container runtime. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    · One min read

    One of the questions that the Podman development team has been hearing a lot over the past year or so is "Does Podman support Docker Compose? Up until recently, the answer was "not yet". With the soon to be released Podman v3.0, that answer changes to "NOW!" Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Using Podman and Docker Compose. This functionality is now available in the upstream version of Podman if you want to take a real sneak peak.

    - + \ No newline at end of file diff --git a/blogs/tags/podman/page/6.html b/blogs/tags/podman/page/6.html index 089d862b6..e3a7a49b5 100644 --- a/blogs/tags/podman/page/6.html +++ b/blogs/tags/podman/page/6.html @@ -12,7 +12,7 @@ - + @@ -34,7 +34,7 @@ job of walking through setting up the demo and running it.

    · 3 min read

    podman logo

    Using Podman and systemd to manage container lifecycle

    By Ed Haynes GitHub

    My background is in industrial automation, and in most cases, the edge devices in the factory are too underpowered to run Kubernetes as a method to manage the lifecycle of containers. The workloads have a very long lifecycle, and generally are "tied" to the edge device. There is a lot of value in containerizing applications on these edge devices, however, as it decouples the application dependencies from the OS and provides a level of isolation between applications. This demo will show how using Podman in conjunction with systemd provides an elegant solution for this sort of use case. In addition, this will be done as a "rootless" user - a key benefit of Podman that helps keep the device secure.

    - + \ No newline at end of file diff --git a/blogs/tags/podman/page/7.html b/blogs/tags/podman/page/7.html index c1f3a1ab6..da1bb27b6 100644 --- a/blogs/tags/podman/page/7.html +++ b/blogs/tags/podman/page/7.html @@ -12,7 +12,7 @@ - + @@ -27,7 +27,7 @@ October 6 at 11:00 a.m. Eastern. It will be a video conference using BlueJeans and all of the details are on this post.

    · One min read

    podman logo

    DevConf US 2020 Containers Technologies Talk

    By Tom Sweeney GitHub

    In case you missed Kedar Kulkarni's excellent talk at DevConf.US 2020, "Docker, Podman, Buildah, Skopeo, and what else?", check out the video on YouTube. There were also a number of other interesting talks at DevConf.US 2020 that you might be interested in, you'll be able to find links to the talks at the DevConf.US site above.

    - + \ No newline at end of file diff --git a/blogs/tags/podman/page/8.html b/blogs/tags/podman/page/8.html index 58fb808ce..abe66559a 100644 --- a/blogs/tags/podman/page/8.html +++ b/blogs/tags/podman/page/8.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    181 posts tagged with "podman"

    View All Tags

    · One min read

    By Tom Sweeney GitHub

    In case you missed Kedar Kulkarni's excellent talk at DevConf.US 2020, "Docker, Podman, Buildah, Skopeo, and what else?", check out the video on YouTube. There were also a number of other interesting talks at DevConf.US 2020 that you might be interested in, you'll be able to find links to the talks at the DevConf.US site above.

    · One min read

    podman logo

    Podman Security Issue

    Today, we're releasing updates to fix CVE-2020-14370, a security issue in Podman. This is a medium-severity information disclosure vulnerability that affects containers created using Podman’s Varlink API or the Docker-compatible version of its REST API. If two or more containers are created using these APIs, and the first container had environment variables added to it when it was created, all subsequent containers created using the Varlink or Docker-compatible REST APIs will also have these environment variables added. This effect does not persist after restarting the Podman API service.

    Podman v2.0.5 and higher contain a fix for the CVE. If you use either of these APIs, please update to Podman v2.0.5 or later. We will also be patching the long-term support v1.6.4 release used in RHEL and CentOS.

    · One min read

    podman logo

    Podman Posts of Interest

    By Brent Baude GitHub

    · One min read

    I've run across a number of posts over the past few weeks concerning Podman and have been busy getting other work done. So now I have a few moments and thought I'd add some links to the posts. Enjoy!

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, Podman remote clients for macOS and Windows, Brent Baude and Ashley Cui walk you through setting up a remote client on either Windows or macOS to let you manage your containers and images on your Linux backend. The post covers installation, ssh setup, creating the initial connection and finally how to use the client. Give it a quick look!

    · One min read

    podman logo

    Podman remote clients for macOS and Windows

    By Brent Baude GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, Podman remote clients for macOS and Windows, Brent Baude and Ashley Cui walk you through setting up a remote client on either Windows or macOS to let you manage your containers and images on your Linux backend. The post covers installation, ssh setup, creating the initial connection and finally how to use the client. Give it a quick look!

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, The podman play kube command now supports deployments, you can now learn all about the recent features added to Podman to interact with Kubernetes objects. The podman generate kube command allows you to export your existing containers into Kubernetes Pod YAML. This YAML can then be imported into OpenShift or a Kubernetes cluster. The podman play kube does the opposite, it allows you to take a Kubernetes YAML and run it in Podman. Learn all of the details and more in the blog post!

    · One min read

    podman logo

    The podman play kube command now supports deployments

    By Matthew Heon GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, The podman play kube command now supports deployments, you can now learn all about the recent features added to Podman to interact with Kubernetes objects. The podman generate kube command allows you to export your existing containers into Kubernetes Pod YAML. This YAML can then be imported into OpenShift or a Kubernetes cluster. The podman play kube does the opposite, it allows you to take a Kubernetes YAML and run it in Podman. Learn all of the details and more in the blog post!

    · One min read

    podman logo

    Tick-tock. Does your container know what time it is?

    By Tom Sweeney GitHub

    Ashley Cui recently joined our team at Red Hat and just wrote her first ever blog post that is now on the Red Hat Enable Sysadmin site Tick-tock. Does your container know what time it is?. In this timely post, Ashley walks you through setting the timezone within a container using the --tz option. Just prior to this posting, I had answered a very similar question for someone. This is a really good and quick blog, and I'm sure the first of many for Ashley.

    · One min read

    Ashley Cui recently joined our team at Red Hat and just wrote her first ever blog post that is now on the Red Hat Enable Sysadmin site Tick-tock. Does your container know what time it is?. In this timely post, Ashley walks you through setting the timezone within a container using the --tz option. Just prior to this posting, I had answered a very similar question for someone. This is a really good and quick blog, and I'm sure the first of many for Ashley.

    - + \ No newline at end of file diff --git a/blogs/tags/podman/page/9.html b/blogs/tags/podman/page/9.html index 706a0e0b7..6b511ea91 100644 --- a/blogs/tags/podman/page/9.html +++ b/blogs/tags/podman/page/9.html @@ -12,7 +12,7 @@ - + @@ -28,7 +28,7 @@ using a set of Go based bindings is probably a more direct route to a production ready application. Let’s take a look at how easily that can be accomplished.

    - + \ No newline at end of file diff --git a/blogs/tags/python.html b/blogs/tags/python.html index ae2942e8b..e754e2847 100644 --- a/blogs/tags/python.html +++ b/blogs/tags/python.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    One post tagged with "python"

    View All Tags

    · 8 min read

    podman logo

    Programmatic remote access to Podman via the varlink protocol

    By Harald Hoyer GitHub

    This guide shows how to access Podman remotely via the varlink interface with CLI tools and programmatically with python, go and rust.

    This should work on Linux, MacOS and Windows 10.

    The compatibility matrix shows which feature is supported on which OS in which language.

    Note: replace <podman-machine> in this guide with the IP or hostname of your Podman machine

    - + \ No newline at end of file diff --git a/blogs/tags/rails.html b/blogs/tags/rails.html index 9ec56f79c..4eb413a9a 100644 --- a/blogs/tags/rails.html +++ b/blogs/tags/rails.html @@ -12,7 +12,7 @@ - + @@ -21,7 +21,7 @@ of developer's productivity? Read about how one company did it for Ruby on Rails application in new article on mkdev.me blog: Dockerless, part 3: Moving development environment to containers with Podman.

    - + \ No newline at end of file diff --git a/blogs/tags/rename.html b/blogs/tags/rename.html index 5409d3e91..ac47de996 100644 --- a/blogs/tags/rename.html +++ b/blogs/tags/rename.html @@ -12,13 +12,13 @@ - +

    9 posts tagged with "rename"

    View All Tags

    · One min read

    podman logo

    Tick-tock. Does your container know what time it is?

    By Tom Sweeney GitHub

    Ashley Cui recently joined our team at Red Hat and just wrote her first ever blog post that is now on the Red Hat Enable Sysadmin site Tick-tock. Does your container know what time it is?. In this timely post, Ashley walks you through setting the timezone within a container using the --tz option. Just prior to this posting, I had answered a very similar question for someone. This is a really good and quick blog, and I'm sure the first of many for Ashley.

    · One min read

    podman logo

    Container video series: Rootless containers, process separation, and OpenSCAP

    By Tom Sweeney GitHub

    Do you want to know more about Rootless containers, process separation, and OpenSCAP? If you're like many, a video is a better learning device than a blog post. Well you're in luck, Brian Smith just landed a blog post on the Red Hat Enable Sysadmin site Container video series: Rootless containers, process separation, and OpenSCAP with a number of blog posts on the subject, many featuring Podman.

    - + \ No newline at end of file diff --git a/blogs/tags/rest-api.html b/blogs/tags/rest-api.html index d8d1f4fb8..c1e4d4d97 100644 --- a/blogs/tags/rest-api.html +++ b/blogs/tags/rest-api.html @@ -12,13 +12,13 @@ - +

    22 posts tagged with "rest-api"

    View All Tags

    · 2 min read

    podman logo

    Podman API v1.0 and libpod.conf Removal Notice

    By Tom Sweeney GitHub

    On August 1, 2020, the Podman team posted a Podman API v1.0 Deprecation and Removal notice. As noted in that document, the Podman API v1.0 relied on the varlink library to handle the underlying client/server calls from the Podman client to the host where the Podman service was running. The support for the varlink library was greatly reduced in the spring of 2020. This led the Podman team to investigate the use of other client/server technologies and it was decided to develop a RESTful API for Podman using the native Go libraries.

    · One min read

    Ashley Cui recently joined our team at Red Hat and just wrote her first ever blog post that is now on the Red Hat Enable Sysadmin site Tick-tock. Does your container know what time it is?. In this timely post, Ashley walks you through setting the timezone within a container using the --tz option. Just prior to this posting, I had answered a very similar question for someone. This is a really good and quick blog, and I'm sure the first of many for Ashley.

    · One min read

    Do you want to know more about Rootless containers, process separation, and OpenSCAP? If you're like many, a video is a better learning device than a blog post. Well you're in luck, Brian Smith just landed a blog post on the Red Hat Enable Sysadmin site Container video series: Rootless containers, process separation, and OpenSCAP with a number of blog posts on the subject, many featuring Podman.

    · 3 min read

    podman logo

    Podman Troubleshooting Guide

    By Tom Sweeney GitHub

    As a kid, I was fascinated by space flight. If I couldn't be a fireman like my father, I wanted to be an astronaut. Of course I had to have a Major Matt Mason figure so I could fly him around the house and then land him softly in a jury-rigged parachute in my wading pool. Then of course the whole Apollo 13 drama had me riveted, and when the movie came out years later, I fell in love with this line in the movie, "Let's work the problem people. Let's not make things worse by guessing." by Ed Harris who played Gene Kranz the "vested" flight director.

    · 3 min read

    podman logo

    Podman API v1.0 Deprecation and Removal Notice

    By Tom Sweeney GitHub

    The Podman API v1.0 relied on the varlink library to handle the underlying client/server calls from the Podman client to the host where the Podman service was running. About one year ago, the Podman team was notified that the focus on the varlink library was being greatly reduced and there would be no further development and little support for it from the varlink library team. This led the Podman team to investigate the use of other client/server technologies and it was decided to develop a RESTful API for Podman using the native Go libraries.

    - + \ No newline at end of file diff --git a/blogs/tags/rest-api/page/2.html b/blogs/tags/rest-api/page/2.html index c9e11e625..28b6cdeb1 100644 --- a/blogs/tags/rest-api/page/2.html +++ b/blogs/tags/rest-api/page/2.html @@ -12,14 +12,14 @@ - +

    22 posts tagged with "rest-api"

    View All Tags

    · 2 min read

    podman logo

    Podman REST API and Docker compatibility

    By Matthew Heon GitHub

    Versioning the REST API

    Podman v2.0.0 launched recently, and with it the REST API. We’ve seen a great deal of excitement with this new API because of what it will enable - enabling applications and automation to use Podman when the could previously only use Docker. As you may know, Podman’s REST API is split into two halves: one providing a Docker-compatible API, and a Libpod API providing support for Podman’s unique features such as pods. We would love for all projects to eventually grow to support for our native Libpod API, but this will take time (and may be impossible for older, no longer maintained projects). As such, we need to talk about the Compatibility API and how it can be used.

    · One min read

    The local Podman v2 client is complete. It is passing all of its rootful and rootless system and integration tests.

    The CI/CID tests have been re-enabled upstream and are run with each pull request submission. We are now hard at work finishing up some of the core podman-remote functions. Once those functions are complete, we can then begin to run our podman-remote system and integration tests to catch any regressions.

    More details in the announcement post.

    · 2 min read

    podman logo

    Update on Podman v2

    By Brent Baude GitHub

    A few weeks ago, we made an announcement about the development of Podman V2. In the announcement, we mentioned that the state of upstream code would be jumbled for a while and that we would be temporarily disabling many of our CI/CD tests. The upstream development team has been hard at work, and we are starting to see that work pay off.

    Today, we are very excited to announce:

    The local Podman v2 client is complete. It is passing all of its rootful and rootless system and integration tests.

    The CI/CID tests have been re-enabled upstream and are run with each pull request submission. We are now hard at work finishing up some of the core podman-remote functions. Once those functions are complete, we can then begin to run our podman-remote system and integration tests to catch any regressions.

    We have re-enabled the autobuilds for Podman v2 in Fedora rawhide. As mentioned earlier, the Podman remote client is not complete, so that binary is temporarily being removed from the RPM. It will be re-added when the remote client is complete. As a corollary, the Windows and OS/X clients are also not being compiled or tested. This will occur once the remote client for Linux is complete.

    We encourage you to pull the latest upstream Podman code and exercise it with your use cases to help us protect against regressions from Podman v1. We hope to make a full Podman v2.0 release in several weeks, once we are confident it is stable. We look forward to hearing what you think, and please do not hesitate to raise issues and comments on this in our GitHub repository, our Freenode IRC channel #podman, or to the Podman mailing list.

    We’re very excited to bring Podman v2.0 to you as it offers a lot more flexibility through it’s new REST API interface and adds several enhancements to the existing commands. If your project builds on top of Podman, we would especially love to have you test this new version out so we can ensure complete compatibility with Podman v1.0 and address any issues found ASAP.

    Note: This announcement was first released to the Podman mailing list. If you are not yet a member of that community, please join us by sending an email to podman-join@lists.podman.io with the word “subscribe” as the title.

    - + \ No newline at end of file diff --git a/blogs/tags/rest-api/page/3.html b/blogs/tags/rest-api/page/3.html index 1f3204d64..ab3976423 100644 --- a/blogs/tags/rest-api/page/3.html +++ b/blogs/tags/rest-api/page/3.html @@ -12,7 +12,7 @@ - + @@ -42,7 +42,7 @@ advancements that Podman v2.x will give our users. Subsequent blog posts will be written on those advancements and why they matter to our users.

    - + \ No newline at end of file diff --git a/blogs/tags/rest.html b/blogs/tags/rest.html index 6ffbcdb11..49b2652a6 100644 --- a/blogs/tags/rest.html +++ b/blogs/tags/rest.html @@ -12,13 +12,13 @@ - +

    22 posts tagged with "rest"

    View All Tags

    · One min read

    podman logo

    Exploring Podman RESTful API using Python and Bash

    By Jhon Honce GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, Exploring Podman RESTful API using Python and Bash, Jhon Honce nicely demonstrates the new Podman REST API using code examples in Python and shell commands. Additional notes are included in the code comments. The provided code was written to be clear vs. production quality.

    · One min read

    Ashley Cui recently joined our team at Red Hat and just wrote her first ever blog post that is now on the Red Hat Enable Sysadmin site Tick-tock. Does your container know what time it is?. In this timely post, Ashley walks you through setting the timezone within a container using the --tz option. Just prior to this posting, I had answered a very similar question for someone. This is a really good and quick blog, and I'm sure the first of many for Ashley.

    · One min read

    Do you want to know more about Rootless containers, process separation, and OpenSCAP? If you're like many, a video is a better learning device than a blog post. Well you're in luck, Brian Smith just landed a blog post on the Red Hat Enable Sysadmin site Container video series: Rootless containers, process separation, and OpenSCAP with a number of blog posts on the subject, many featuring Podman.

    - + \ No newline at end of file diff --git a/blogs/tags/rest/page/2.html b/blogs/tags/rest/page/2.html index 3b0318180..e71331fdf 100644 --- a/blogs/tags/rest/page/2.html +++ b/blogs/tags/rest/page/2.html @@ -12,7 +12,7 @@ - + @@ -22,7 +22,7 @@ the upstream commands may become unstable for a period of time until the final release is completed. More details in the announcement post.

    - + \ No newline at end of file diff --git a/blogs/tags/rest/page/3.html b/blogs/tags/rest/page/3.html index 18e6c0799..ed1256f49 100644 --- a/blogs/tags/rest/page/3.html +++ b/blogs/tags/rest/page/3.html @@ -12,7 +12,7 @@ - + @@ -39,7 +39,7 @@ advancements that Podman v2.x will give our users. Subsequent blog posts will be written on those advancements and why they matter to our users.

    · 3 min read

    podman logo

    By Brent Baude GitHub

    If you follow the traffic on IRC (#podman on libera.chat) or GitHub from the developers of libpod, you might have seen us referencing a new API. We often referred to it as apiv2 and for about a month, there has been an 'apiv2' branch for libpod on GitHub. This week, we have begun to merge that branch but have yet to “wire it up.”

    First and foremost, the Golang libpod API remains largely unchanged. What is changing is the API we expose for automation and remote usage. Our previous API was based on the varlink protocol. But we heard from users that varlink was a hurdle for libpod adoption especially for those who were using the Docker API and its bindings. They simply could not or did not want to rewrite their custom applications for libpod’s new, varlink-based API.

    - + \ No newline at end of file diff --git a/blogs/tags/restful.html b/blogs/tags/restful.html index 6efbf84a9..b11b4723e 100644 --- a/blogs/tags/restful.html +++ b/blogs/tags/restful.html @@ -12,13 +12,13 @@ - +

    2 posts tagged with "restful"

    View All Tags

    · One min read

    podman logo

    Exploring Podman RESTful API using Python and Bash

    By Jhon Honce GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, Exploring Podman RESTful API using Python and Bash, Jhon Honce nicely demonstrates the new Podman REST API using code examples in Python and shell commands. Additional notes are included in the code comments. The provided code was written to be clear vs. production quality.

    - + \ No newline at end of file diff --git a/blogs/tags/rootless.html b/blogs/tags/rootless.html index dbafec52a..564e8325e 100644 --- a/blogs/tags/rootless.html +++ b/blogs/tags/rootless.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    10 posts tagged with "rootless"

    View All Tags

    · 10 min read

    podman logo

    Bioinformatics with rootless podman

    By Valentin Rothberg GitHub

    Over the last 10 years I've seen machines and workflows evolve where I work. From the initial dedicated server, to hpc environments and now the latest instance, containers.

    From an admin point of view this is great - The initial servers had to be carefully built and maintained so that everything would work nicely together. Incompatible programs at that time were run through a VM until such time as they could be folded in to the mix.

    The HPC's had versioned software and environment modules and were built to load the relevant dependencies at run time.

    Now we are into a new era, containers - and not just any old containers, but containers that end users can build and run up fairly quickly to perform what-if's, and move on quickly through iterations until they perform the required functions.

    Podman has developed very rapidly and is incredibly easy to use. You can use it in conjunction with quay.io or run it on a local machine.

    I should add that Adrian Reber gave a talk and has also created a Podman article using openhpc; well worth a watch and a read.

    If you don't have a RedHat Developer Subscription now is an ideal time to get one:

    https://developers.redhat.com/articles/getting-red-hat-developer-subscription-what-rhel-users-need-know/

    ..and download RedHat Enterprise 8.1

    · 8 min read

    podman logo

    First Look: Rootless Containers and cgroup v2 on Fedora 31

    By Tom Sweeney GitHub

    I often times stay up too late at night watching late night television and run into these crazy commercials that tell you how easy their product is to use. If you’ve stayed up too, you know them as well. Just put your chicken and veggies in our oven, press 3 buttons and 45 minutes later a perfectly cooked meal! Easy! Got a leak? Slap on this tape and no more leak! Easy! Got a messy floor, just use this sweeper and you’ve the cleanest floor in the neighborhood! Easy!

    Podman runs secure rootless containers and it really is easy! Trust me, I’m not like those other folks! As we’ve had a number of people asking us about what’s needed to set Podman rootless containers up, I decided to run through the process myself and to blog about the steps I took.

    - + \ No newline at end of file diff --git a/blogs/tags/ruby.html b/blogs/tags/ruby.html index 8dceb3bf6..f3134e9c9 100644 --- a/blogs/tags/ruby.html +++ b/blogs/tags/ruby.html @@ -12,7 +12,7 @@ - + @@ -21,7 +21,7 @@ of developer's productivity? Read about how one company did it for Ruby on Rails application in new article on mkdev.me blog: Dockerless, part 3: Moving development environment to containers with Podman.

    - + \ No newline at end of file diff --git a/blogs/tags/runner.html b/blogs/tags/runner.html index e1071892c..dfc175b05 100644 --- a/blogs/tags/runner.html +++ b/blogs/tags/runner.html @@ -12,13 +12,13 @@ - +

    2 posts tagged with "Runner"

    View All Tags

    · One min read

    podman logo

    The history of an API: GitLab Runner and Podman

    By Tom Sweeney GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, The history of an API: GitLab Runner and Podman, Pablo Greco from the CentOS QA team in Buenos Aires, Argentia documented his journey through a Podman and GitLab Runner integration. When Podman v2.2 arrives, GitLab Runner will be able to run with Podman right out of the box. Give the article a read to see how he got there.

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, The history of an API: GitLab Runner and Podman, Pablo Greco from the CentOS QA team in Buenos Aires, Argentia documented his journey through a Podman and GitLab Runner integration. When Podman v2.2 arrives, GitLab Runner will be able to run with Podman right out of the box. Give the article a read to see how he got there.

    - + \ No newline at end of file diff --git a/blogs/tags/runtime.html b/blogs/tags/runtime.html index 028073244..1449c67b6 100644 --- a/blogs/tags/runtime.html +++ b/blogs/tags/runtime.html @@ -12,13 +12,13 @@ - +

    13 posts tagged with "runtime"

    View All Tags

    · One min read

    podman logo

    Pulling podman images from a container repository

    By Tom Sweeney GitHub

    Tom Sweeney has another blog post on the Red Hat Enable Sysadmin site this time he's writing about Pulling podman images from a container repository. Learn the different varieties of pull that the podman build command can use to speed up or further secure your environment in this post.

    · One min read

    podman logo

    What happens behind the scenes of a rootless Podman container?

    By Dan Walsh GitHub

    Dan Walsh along with Matt Heon have a blog post on the Red Hat Enable Sysadmin site, What happens behind the scenes of a rootless Podman container?. If you ever wanted to know what happens under the covers of a rootless container, this is the article for you!

    · One min read

    podman logo

    Running containers with Podman and shareable systemd services

    By Bryan Hepworth GitHub

    Podman version 1.7 is coming out soon and will include new features that will make management of containers with systemd services even easier. Valentin Rothberg has a blog post on the Red Hat Enable Sysadmin site that previews the features: Running containers with Podman and shareable systemd services. In the post Valentin goes over the highlights and then gives a great working example.

    · One min read

    podman logo

    Leasing routable IP addresses with Podman containers

    By Brent Baude GitHub

    Brent Baude has another blog post on the Red Hat Enable Sysadmin site this time about Leasing routable IP addresses with Podman containers. In the post Brent talks about using the macvlan and the dhcp plugins that ship with the container-networking project in order to lease ip addresses for your containers.

    - + \ No newline at end of file diff --git a/blogs/tags/runtime/page/2.html b/blogs/tags/runtime/page/2.html index f7b3b835e..e25d4975a 100644 --- a/blogs/tags/runtime/page/2.html +++ b/blogs/tags/runtime/page/2.html @@ -12,13 +12,13 @@ - +

    13 posts tagged with "runtime"

    View All Tags

    · One min read

    podman logo

    Building freely distributed containers with open tools

    By Tom Sweeney GitHub

    Scott McCarty (@fatherlinux) has an amazing video on YouTube about Building freely distributed containers with open tools. As only Scott could say "Although explaining how to ride a Tron-style light cycle is beyond the scope of this tutorial, we will discuss something almost as exhilarating—building containers with #Podman and #RedHat Universal Base Image (UBI). We will cover how to build and run #containers based on #UBI using just your regular user account—no daemon, no root (rootless), no fuss. Finally, we will order the deresolution of all of our containers with a really cool command. You probably won’t be promoted to CEO of ENCOM after this talk, but you will have new tools in your toolbelt for how to find, run, build, and share container images."

    · One min read

    podman logo

    Basic security principles for containers and container runtimes

    By Brent Baude GitHub

    Brent Baude has another blog post on the Red Hat Enable Sysadmin site this time about Basic security principles for containers and container runtimes. In the post Brent talks about the three core security themes concerning containers and why user privileges matter in the space.

    - + \ No newline at end of file diff --git a/blogs/tags/rust.html b/blogs/tags/rust.html index e3bbe54a8..19ff90b1b 100644 --- a/blogs/tags/rust.html +++ b/blogs/tags/rust.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    One post tagged with "rust"

    View All Tags

    · 8 min read

    podman logo

    Programmatic remote access to Podman via the varlink protocol

    By Harald Hoyer GitHub

    This guide shows how to access Podman remotely via the varlink interface with CLI tools and programmatically with python, go and rust.

    This should work on Linux, MacOS and Windows 10.

    The compatibility matrix shows which feature is supported on which OS in which language.

    Note: replace <podman-machine> in this guide with the IP or hostname of your Podman machine

    - + \ No newline at end of file diff --git a/blogs/tags/seccomp.html b/blogs/tags/seccomp.html index a78d2c910..cc7d1fba1 100644 --- a/blogs/tags/seccomp.html +++ b/blogs/tags/seccomp.html @@ -12,13 +12,13 @@ - +

    One post tagged with "seccomp"

    View All Tags

    · 11 min read

    podman logo

    Generate SECCOMP Profiles for Containers Using Podman and eBPF

    By Valentin Rothberg GitHub

    Containers run everywhere. They run in the cloud, they run on IoT devices, they run in small and in big companies and wherever they run, we want them to run as securely as possible. In this article, I describe the Google Summer of Code project that Divyansh Kamboj, Dan Walsh and I have been working on and how we improved the state of the art in securing containers, and how you can try it out.

    - + \ No newline at end of file diff --git a/blogs/tags/security.html b/blogs/tags/security.html index d94a07f64..8ccdecfe9 100644 --- a/blogs/tags/security.html +++ b/blogs/tags/security.html @@ -12,13 +12,13 @@ - +

    5 posts tagged with "security"

    View All Tags

    · One min read

    podman logo

    Podman Security Issue

    Today, we're releasing updates to fix CVE-2020-14370, a security issue in Podman. This is a medium-severity information disclosure vulnerability that affects containers created using Podman’s Varlink API or the Docker-compatible version of its REST API. If two or more containers are created using these APIs, and the first container had environment variables added to it when it was created, all subsequent containers created using the Varlink or Docker-compatible REST APIs will also have these environment variables added. This effect does not persist after restarting the Podman API service.

    Podman v2.0.5 and higher contain a fix for the CVE. If you use either of these APIs, please update to Podman v2.0.5 or later. We will also be patching the long-term support v1.6.4 release used in RHEL and CentOS.

    · One min read

    podman logo

    Building freely distributed containers with open tools

    By Tom Sweeney GitHub

    Scott McCarty (@fatherlinux) has an amazing video on YouTube about Building freely distributed containers with open tools. As only Scott could say "Although explaining how to ride a Tron-style light cycle is beyond the scope of this tutorial, we will discuss something almost as exhilarating—building containers with #Podman and #RedHat Universal Base Image (UBI). We will cover how to build and run #containers based on #UBI using just your regular user account—no daemon, no root (rootless), no fuss. Finally, we will order the deresolution of all of our containers with a really cool command. You probably won’t be promoted to CEO of ENCOM after this talk, but you will have new tools in your toolbelt for how to find, run, build, and share container images."

    · One min read

    podman logo

    Basic security principles for containers and container runtimes

    By Brent Baude GitHub

    Brent Baude has another blog post on the Red Hat Enable Sysadmin site this time about Basic security principles for containers and container runtimes. In the post Brent talks about the three core security themes concerning containers and why user privileges matter in the space.

    · 11 min read

    podman logo

    Generate SECCOMP Profiles for Containers Using Podman and eBPF

    By Valentin Rothberg GitHub

    Containers run everywhere. They run in the cloud, they run on IoT devices, they run in small and in big companies and wherever they run, we want them to run as securely as possible. In this article, I describe the Google Summer of Code project that Divyansh Kamboj, Dan Walsh and I have been working on and how we improved the state of the art in securing containers, and how you can try it out.

    - + \ No newline at end of file diff --git a/blogs/tags/signing.html b/blogs/tags/signing.html index 325833e10..b84eb20f7 100644 --- a/blogs/tags/signing.html +++ b/blogs/tags/signing.html @@ -12,7 +12,7 @@ - + @@ -22,7 +22,7 @@ Signing container images is nothing magical and can drastically enhance security to mitigate man-in-the-middle (MITM) attacks. Read all about it here.

    - + \ No newline at end of file diff --git a/blogs/tags/skopeo.html b/blogs/tags/skopeo.html index 6d5a2b2e6..88646e166 100644 --- a/blogs/tags/skopeo.html +++ b/blogs/tags/skopeo.html @@ -12,7 +12,7 @@ - + @@ -36,7 +36,7 @@ to produce an image that supports multiple architectures under a single "name". Working with container image manifest lists post!

    - + \ No newline at end of file diff --git a/blogs/tags/sudo.html b/blogs/tags/sudo.html index 13e761402..bef7f3aa9 100644 --- a/blogs/tags/sudo.html +++ b/blogs/tags/sudo.html @@ -12,13 +12,13 @@ - +

    8 posts tagged with "sudo"

    View All Tags
    - + \ No newline at end of file diff --git a/blogs/tags/syscall.html b/blogs/tags/syscall.html index 7629d360d..7992f1f15 100644 --- a/blogs/tags/syscall.html +++ b/blogs/tags/syscall.html @@ -12,13 +12,13 @@ - +

    One post tagged with "syscall"

    View All Tags

    · 11 min read

    podman logo

    Generate SECCOMP Profiles for Containers Using Podman and eBPF

    By Valentin Rothberg GitHub

    Containers run everywhere. They run in the cloud, they run on IoT devices, they run in small and in big companies and wherever they run, we want them to run as securely as possible. In this article, I describe the Google Summer of Code project that Divyansh Kamboj, Dan Walsh and I have been working on and how we improved the state of the art in securing containers, and how you can try it out.

    - + \ No newline at end of file diff --git a/blogs/tags/systemd.html b/blogs/tags/systemd.html index a737d9a14..cab1b0f61 100644 --- a/blogs/tags/systemd.html +++ b/blogs/tags/systemd.html @@ -12,7 +12,7 @@ - + @@ -22,7 +22,7 @@ In fact, this job can be done by external tools and this blog post describes how we can use the systemd initialization service to work with Podman containers.

    - + \ No newline at end of file diff --git a/blogs/tags/tent.html b/blogs/tags/tent.html index 75ccd3106..40d81b2bd 100644 --- a/blogs/tags/tent.html +++ b/blogs/tags/tent.html @@ -12,13 +12,13 @@ - +

    2 posts tagged with "tent"

    View All Tags

    · 5 min read

    podman logo

    Easy Development Dependency Management With Podman and Tent

    By Farhan Hasin Chowdhury GitHub

    Installing and managing development dependencies for various project is a chore and one thing that can improve your everyday workflow is the usage of containers.

    Tent is a CLI tool for running development dependencies such as MySQL, Mongo, ElasticSearch etc inside pre-configured containers using simple one-liners.

    · One min read

    Tent is an open-source CLI tool for running development dependencies such as MySQL, Mongo, ElasticSearch etc inside pre-configured containers using simple one-liners. Developed using Go and the official golang bindings, tent is fast, reliable and secure. Checkout Easy Development Dependency Management With Podman and Tent to learn about the project.

    - + \ No newline at end of file diff --git a/blogs/tags/test.html b/blogs/tags/test.html index 6b1ad04dc..fcfb494be 100644 --- a/blogs/tags/test.html +++ b/blogs/tags/test.html @@ -12,7 +12,7 @@ - + @@ -23,7 +23,7 @@ is so big, most readers would end up on the floor, sound asleep, in a puddle of their own drool.  Instead, I will keep your fidget-spinner twirling, by jumping around several topics.

    - + \ No newline at end of file diff --git a/blogs/tags/tracing.html b/blogs/tags/tracing.html index c26007210..d012b2cf5 100644 --- a/blogs/tags/tracing.html +++ b/blogs/tags/tracing.html @@ -12,13 +12,13 @@ - +

    One post tagged with "tracing"

    View All Tags

    · 11 min read

    podman logo

    Generate SECCOMP Profiles for Containers Using Podman and eBPF

    By Valentin Rothberg GitHub

    Containers run everywhere. They run in the cloud, they run on IoT devices, they run in small and in big companies and wherever they run, we want them to run as securely as possible. In this article, I describe the Google Summer of Code project that Divyansh Kamboj, Dan Walsh and I have been working on and how we improved the state of the art in securing containers, and how you can try it out.

    - + \ No newline at end of file diff --git a/blogs/tags/ubuntu.html b/blogs/tags/ubuntu.html index bd5d8a594..4d9c3d7c4 100644 --- a/blogs/tags/ubuntu.html +++ b/blogs/tags/ubuntu.html @@ -12,7 +12,7 @@ - + @@ -29,7 +29,7 @@ have made it easier for new users to test the latest-greatest versions of Podman and allow for using it on distributions that do not yet provide it in their main repositories.

    - + \ No newline at end of file diff --git a/blogs/tags/v-2.html b/blogs/tags/v-2.html index e601c0d7d..6d08b445d 100644 --- a/blogs/tags/v-2.html +++ b/blogs/tags/v-2.html @@ -12,7 +12,7 @@ - + @@ -30,7 +30,7 @@ Checkout the Podman Posts of Interest for the links!

    - + \ No newline at end of file diff --git a/blogs/tags/v-2/page/10.html b/blogs/tags/v-2/page/10.html index 0ed8a750b..fd0d36bc4 100644 --- a/blogs/tags/v-2/page/10.html +++ b/blogs/tags/v-2/page/10.html @@ -12,7 +12,7 @@ - + @@ -43,7 +43,7 @@ advancements that Podman v2.x will give our users. Subsequent blog posts will be written on those advancements and why they matter to our users.

    - + \ No newline at end of file diff --git a/blogs/tags/v-2/page/2.html b/blogs/tags/v-2/page/2.html index e03c454f3..3354bf641 100644 --- a/blogs/tags/v-2/page/2.html +++ b/blogs/tags/v-2/page/2.html @@ -12,7 +12,7 @@ - + @@ -21,7 +21,7 @@ on Apple silicon hardware like the M1s.

    · 3 min read

    podman logo

    Podman on Macs Update

    By Brent Baude GitHub

    The Podman team values the local development experience, and we think containers are a crucial part of that. We’ve been brainstorming, discussing, and testing solutions to bring a great Podman experience to Mac and Windows. We are constantly looking for ways to improve it. In particular, the latest release of Podman has support for Intel(as of Podman v3.4) Macs. We have been hearing good feedback for a few weeks now, but up until this point, we haven’t published a lot of documentation.

    - + \ No newline at end of file diff --git a/blogs/tags/v-2/page/3.html b/blogs/tags/v-2/page/3.html index c3b96e4ff..dc01fa18c 100644 --- a/blogs/tags/v-2/page/3.html +++ b/blogs/tags/v-2/page/3.html @@ -12,7 +12,7 @@ - + @@ -30,7 +30,7 @@ May the Fourth be with you via Podman post, I delve into running an Ascii movie featureing the first Star Wars Movie inside of a container run by Podman.

    Enjoy and May the Fourth be with you!

    - + \ No newline at end of file diff --git a/blogs/tags/v-2/page/4.html b/blogs/tags/v-2/page/4.html index 05918e1c0..4c942982f 100644 --- a/blogs/tags/v-2/page/4.html +++ b/blogs/tags/v-2/page/4.html @@ -12,7 +12,7 @@ - + @@ -26,7 +26,7 @@ to the posts. Checkout the Podman Posts of Interest for the links!

    · One min read

    podman logo

    Podman: Managing pods and containers in a local container runtime

    By Brent Baude GitHub

    Podman has the ability to handle pod deployment which is a differentiator from other container runtimes. Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Podman: Managing pods and containers in a local container runtime. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    · One min read

    Podman has the ability to handle pod deployment which is a differentiator from other container runtimes. Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Podman: Managing pods and containers in a local container runtime. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    · One min read

    One of the questions that the Podman development team has been hearing a lot over the past year or so is "Does Podman support Docker Compose? Up until recently, the answer was "not yet". With the soon to be released Podman v3.0, that answer changes to "NOW!" Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Using Podman and Docker Compose. This functionality is now available in the upstream version of Podman if you want to take a real sneak peak.

    · One min read

    podman logo

    Using Podman and Docker Compose

    By Brent Baude GitHub

    One of the questions that the Podman development team has been hearing a lot over the past year or so is "Does Podman support Docker Compose? Up until recently, the answer was "not yet". With the soon to be released Podman v3.0, that answer changes to "NOW!" Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Using Podman and Docker Compose. This functionality is now available in the upstream version of Podman if you want to take a real sneak peak.

    - + \ No newline at end of file diff --git a/blogs/tags/v-2/page/5.html b/blogs/tags/v-2/page/5.html index b10119604..91a2b896f 100644 --- a/blogs/tags/v-2/page/5.html +++ b/blogs/tags/v-2/page/5.html @@ -12,7 +12,7 @@ - + @@ -36,7 +36,7 @@ to the posts. Checkout the Podman Posts of Interest for the links!

    - + \ No newline at end of file diff --git a/blogs/tags/v-2/page/6.html b/blogs/tags/v-2/page/6.html index ca4555a97..e514d563c 100644 --- a/blogs/tags/v-2/page/6.html +++ b/blogs/tags/v-2/page/6.html @@ -12,7 +12,7 @@ - + @@ -25,7 +25,7 @@ October 6 at 11:00 a.m. Eastern. It will be a video conference using BlueJeans and all of the details are on this post.

    · One min read

    podman logo

    DevConf US 2020 Containers Technologies Talk

    By Tom Sweeney GitHub

    In case you missed Kedar Kulkarni's excellent talk at DevConf.US 2020, "Docker, Podman, Buildah, Skopeo, and what else?", check out the video on YouTube. There were also a number of other interesting talks at DevConf.US 2020 that you might be interested in, you'll be able to find links to the talks at the DevConf.US site above.

    · One min read

    By Tom Sweeney GitHub

    In case you missed Kedar Kulkarni's excellent talk at DevConf.US 2020, "Docker, Podman, Buildah, Skopeo, and what else?", check out the video on YouTube. There were also a number of other interesting talks at DevConf.US 2020 that you might be interested in, you'll be able to find links to the talks at the DevConf.US site above.

    · One min read

    podman logo

    Podman Posts of Interest

    By Brent Baude GitHub

    - + \ No newline at end of file diff --git a/blogs/tags/v-2/page/7.html b/blogs/tags/v-2/page/7.html index 448028a9d..2b6e6f141 100644 --- a/blogs/tags/v-2/page/7.html +++ b/blogs/tags/v-2/page/7.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    96 posts tagged with "v2"

    View All Tags

    · One min read

    I've run across a number of posts over the past few weeks concerning Podman and have been busy getting other work done. So now I have a few moments and thought I'd add some links to the posts. Enjoy!

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, Podman remote clients for macOS and Windows, Brent Baude and Ashley Cui walk you through setting up a remote client on either Windows or macOS to let you manage your containers and images on your Linux backend. The post covers installation, ssh setup, creating the initial connection and finally how to use the client. Give it a quick look!

    · One min read

    podman logo

    Podman remote clients for macOS and Windows

    By Brent Baude GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, Podman remote clients for macOS and Windows, Brent Baude and Ashley Cui walk you through setting up a remote client on either Windows or macOS to let you manage your containers and images on your Linux backend. The post covers installation, ssh setup, creating the initial connection and finally how to use the client. Give it a quick look!

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, The podman play kube command now supports deployments, you can now learn all about the recent features added to Podman to interact with Kubernetes objects. The podman generate kube command allows you to export your existing containers into Kubernetes Pod YAML. This YAML can then be imported into OpenShift or a Kubernetes cluster. The podman play kube does the opposite, it allows you to take a Kubernetes YAML and run it in Podman. Learn all of the details and more in the blog post!

    · One min read

    podman logo

    The podman play kube command now supports deployments

    By Matthew Heon GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, The podman play kube command now supports deployments, you can now learn all about the recent features added to Podman to interact with Kubernetes objects. The podman generate kube command allows you to export your existing containers into Kubernetes Pod YAML. This YAML can then be imported into OpenShift or a Kubernetes cluster. The podman play kube does the opposite, it allows you to take a Kubernetes YAML and run it in Podman. Learn all of the details and more in the blog post!

    · One min read

    podman logo

    Tick-tock. Does your container know what time it is?

    By Tom Sweeney GitHub

    Ashley Cui recently joined our team at Red Hat and just wrote her first ever blog post that is now on the Red Hat Enable Sysadmin site Tick-tock. Does your container know what time it is?. In this timely post, Ashley walks you through setting the timezone within a container using the --tz option. Just prior to this posting, I had answered a very similar question for someone. This is a really good and quick blog, and I'm sure the first of many for Ashley.

    · One min read

    Ashley Cui recently joined our team at Red Hat and just wrote her first ever blog post that is now on the Red Hat Enable Sysadmin site Tick-tock. Does your container know what time it is?. In this timely post, Ashley walks you through setting the timezone within a container using the --tz option. Just prior to this posting, I had answered a very similar question for someone. This is a really good and quick blog, and I'm sure the first of many for Ashley.

    · One min read

    Do you want to know more about Rootless containers, process separation, and OpenSCAP? If you're like many, a video is a better learning device than a blog post. Well you're in luck, Brian Smith just landed a blog post on the Red Hat Enable Sysadmin site Container video series: Rootless containers, process separation, and OpenSCAP with a number of blog posts on the subject, many featuring Podman.

    · One min read

    podman logo

    Container video series: Rootless containers, process separation, and OpenSCAP

    By Tom Sweeney GitHub

    Do you want to know more about Rootless containers, process separation, and OpenSCAP? If you're like many, a video is a better learning device than a blog post. Well you're in luck, Brian Smith just landed a blog post on the Red Hat Enable Sysadmin site Container video series: Rootless containers, process separation, and OpenSCAP with a number of blog posts on the subject, many featuring Podman.

    · 3 min read

    podman logo

    Podman Troubleshooting Guide

    By Tom Sweeney GitHub

    As a kid, I was fascinated by space flight. If I couldn't be a fireman like my father, I wanted to be an astronaut. Of course I had to have a Major Matt Mason figure so I could fly him around the house and then land him softly in a jury-rigged parachute in my wading pool. Then of course the whole Apollo 13 drama had me riveted, and when the movie came out years later, I fell in love with this line in the movie, "Let's work the problem people. Let's not make things worse by guessing." by Ed Harris who played Gene Kranz the "vested" flight director.

    - + \ No newline at end of file diff --git a/blogs/tags/v-2/page/8.html b/blogs/tags/v-2/page/8.html index 9398fc8c8..5563dbb9c 100644 --- a/blogs/tags/v-2/page/8.html +++ b/blogs/tags/v-2/page/8.html @@ -12,7 +12,7 @@ - + @@ -28,7 +28,7 @@ using a set of Go based bindings is probably a more direct route to a production ready application. Let’s take a look at how easily that can be accomplished.

    · 3 min read

    podman logo

    Podman API v1.0 Deprecation and Removal Notice

    By Tom Sweeney GitHub

    The Podman API v1.0 relied on the varlink library to handle the underlying client/server calls from the Podman client to the host where the Podman service was running. About one year ago, the Podman team was notified that the focus on the varlink library was being greatly reduced and there would be no further development and little support for it from the varlink library team. This led the Podman team to investigate the use of other client/server technologies and it was decided to develop a RESTful API for Podman using the native Go libraries.

    - + \ No newline at end of file diff --git a/blogs/tags/v-2/page/9.html b/blogs/tags/v-2/page/9.html index 8fc193574..0ce1c4e16 100644 --- a/blogs/tags/v-2/page/9.html +++ b/blogs/tags/v-2/page/9.html @@ -12,13 +12,13 @@ - +

    96 posts tagged with "v2"

    View All Tags

    · 2 min read

    podman logo

    Podman REST API and Docker compatibility

    By Matthew Heon GitHub

    Versioning the REST API

    Podman v2.0.0 launched recently, and with it the REST API. We’ve seen a great deal of excitement with this new API because of what it will enable - enabling applications and automation to use Podman when the could previously only use Docker. As you may know, Podman’s REST API is split into two halves: one providing a Docker-compatible API, and a Libpod API providing support for Podman’s unique features such as pods. We would love for all projects to eventually grow to support for our native Libpod API, but this will take time (and may be impossible for older, no longer maintained projects). As such, we need to talk about the Compatibility API and how it can be used.

    - + \ No newline at end of file diff --git a/blogs/tags/varlink.html b/blogs/tags/varlink.html index 65c6702dd..72bee24a5 100644 --- a/blogs/tags/varlink.html +++ b/blogs/tags/varlink.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    6 posts tagged with "varlink"

    View All Tags

    · 2 min read

    podman logo

    Podman API v1.0 and libpod.conf Removal Notice

    By Tom Sweeney GitHub

    On August 1, 2020, the Podman team posted a Podman API v1.0 Deprecation and Removal notice. As noted in that document, the Podman API v1.0 relied on the varlink library to handle the underlying client/server calls from the Podman client to the host where the Podman service was running. The support for the varlink library was greatly reduced in the spring of 2020. This led the Podman team to investigate the use of other client/server technologies and it was decided to develop a RESTful API for Podman using the native Go libraries.

    · 3 min read

    podman logo

    Podman Troubleshooting Guide

    By Tom Sweeney GitHub

    As a kid, I was fascinated by space flight. If I couldn't be a fireman like my father, I wanted to be an astronaut. Of course I had to have a Major Matt Mason figure so I could fly him around the house and then land him softly in a jury-rigged parachute in my wading pool. Then of course the whole Apollo 13 drama had me riveted, and when the movie came out years later, I fell in love with this line in the movie, "Let's work the problem people. Let's not make things worse by guessing." by Ed Harris who played Gene Kranz the "vested" flight director.

    · 3 min read

    podman logo

    Podman API v1.0 Deprecation and Removal Notice

    By Tom Sweeney GitHub

    The Podman API v1.0 relied on the varlink library to handle the underlying client/server calls from the Podman client to the host where the Podman service was running. About one year ago, the Podman team was notified that the focus on the varlink library was being greatly reduced and there would be no further development and little support for it from the varlink library team. This led the Podman team to investigate the use of other client/server technologies and it was decided to develop a RESTful API for Podman using the native Go libraries.

    · 8 min read

    podman logo

    Programmatic remote access to Podman via the varlink protocol

    By Harald Hoyer GitHub

    This guide shows how to access Podman remotely via the varlink interface with CLI tools and programmatically with python, go and rust.

    This should work on Linux, MacOS and Windows 10.

    The compatibility matrix shows which feature is supported on which OS in which language.

    Note: replace <podman-machine> in this guide with the IP or hostname of your Podman machine

    - + \ No newline at end of file diff --git a/blogs/tags/video.html b/blogs/tags/video.html index bc102a42d..7422de40d 100644 --- a/blogs/tags/video.html +++ b/blogs/tags/video.html @@ -12,13 +12,13 @@ - +

    5 posts tagged with "video"

    View All Tags

    · One min read

    podman logo

    Podman 3 and Docker Compose - How Does the Dockerless Compose Work?

    By Kirill Shirinkin GitHub

    One of the main Podman 3 features is the support of Docker Compose. You can take any of your existing docker-compose.yml and just use it with Podman.

    In this video, Kirill Shirinkin shows how he moved from Docker to Podman in a real docker-composed application.

    Watch now.

    · One min read

    podman logo

    Dockerless: Build and Run Containers with Podman and systemd

    By Kirill Shirinkin GitHub

    In this video, Kirill Shirinkin will show how to use Podman to build container images and run Java applications in containers with systemd.

    We are going to learn why we should at least try alternatives to Docker, how container runtime landscape changed and how Podman is different and in certain ways better than Docker.

    Watch now.

    - + \ No newline at end of file diff --git a/blogs/tags/windows.html b/blogs/tags/windows.html index 0d4dc91f2..5b93dcdae 100644 --- a/blogs/tags/windows.html +++ b/blogs/tags/windows.html @@ -12,7 +12,7 @@ - + @@ -30,7 +30,7 @@ Checkout the Podman Posts of Interest for the links!

    - + \ No newline at end of file diff --git a/blogs/tags/windows/page/2.html b/blogs/tags/windows/page/2.html index abab0fca3..89c91cd0d 100644 --- a/blogs/tags/windows/page/2.html +++ b/blogs/tags/windows/page/2.html @@ -12,7 +12,7 @@ - + @@ -21,7 +21,7 @@ on Apple silicon hardware like the M1s.

    · 3 min read

    podman logo

    Podman on Macs Update

    By Brent Baude GitHub

    The Podman team values the local development experience, and we think containers are a crucial part of that. We’ve been brainstorming, discussing, and testing solutions to bring a great Podman experience to Mac and Windows. We are constantly looking for ways to improve it. In particular, the latest release of Podman has support for Intel(as of Podman v3.4) Macs. We have been hearing good feedback for a few weeks now, but up until this point, we haven’t published a lot of documentation.

    - + \ No newline at end of file diff --git a/blogs/tags/windows/page/3.html b/blogs/tags/windows/page/3.html index c50aee945..3b020315c 100644 --- a/blogs/tags/windows/page/3.html +++ b/blogs/tags/windows/page/3.html @@ -12,7 +12,7 @@ - + @@ -30,7 +30,7 @@ May the Fourth be with you via Podman post, I delve into running an Ascii movie featureing the first Star Wars Movie inside of a container run by Podman.

    Enjoy and May the Fourth be with you!

    - + \ No newline at end of file diff --git a/blogs/tags/windows/page/4.html b/blogs/tags/windows/page/4.html index da350c78c..19fb656c6 100644 --- a/blogs/tags/windows/page/4.html +++ b/blogs/tags/windows/page/4.html @@ -12,7 +12,7 @@ - + @@ -26,7 +26,7 @@ to the posts. Checkout the Podman Posts of Interest for the links!

    · One min read

    podman logo

    Podman: Managing pods and containers in a local container runtime

    By Brent Baude GitHub

    Podman has the ability to handle pod deployment which is a differentiator from other container runtimes. Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Podman: Managing pods and containers in a local container runtime. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    · One min read

    Podman has the ability to handle pod deployment which is a differentiator from other container runtimes. Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Podman: Managing pods and containers in a local container runtime. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    · One min read

    One of the questions that the Podman development team has been hearing a lot over the past year or so is "Does Podman support Docker Compose? Up until recently, the answer was "not yet". With the soon to be released Podman v3.0, that answer changes to "NOW!" Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Using Podman and Docker Compose. This functionality is now available in the upstream version of Podman if you want to take a real sneak peak.

    · One min read

    podman logo

    Using Podman and Docker Compose

    By Brent Baude GitHub

    One of the questions that the Podman development team has been hearing a lot over the past year or so is "Does Podman support Docker Compose? Up until recently, the answer was "not yet". With the soon to be released Podman v3.0, that answer changes to "NOW!" Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Using Podman and Docker Compose. This functionality is now available in the upstream version of Podman if you want to take a real sneak peak.

    - + \ No newline at end of file diff --git a/blogs/tags/windows/page/5.html b/blogs/tags/windows/page/5.html index b0b5467ad..aebb82f40 100644 --- a/blogs/tags/windows/page/5.html +++ b/blogs/tags/windows/page/5.html @@ -12,7 +12,7 @@ - + @@ -36,7 +36,7 @@ to the posts. Checkout the Podman Posts of Interest for the links!

    · One min read

    podman logo

    Container image short names in Podman

    By Tom Sweeney GitHub

    Do you like you container names to be short, sweet and yet secure? Valentin Rothberg shows you how in a recent blog post on the Red Hat Enable Sysadmin site, Container image short names in Podman. This functionality is now available in the upstream version of Podman and is targeted for Podman v3.0.

    · One min read

    podman logo

    The history of an API: GitLab Runner and Podman

    By Tom Sweeney GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, The history of an API: GitLab Runner and Podman, Pablo Greco from the CentOS QA team in Buenos Aires, Argentia documented his journey through a Podman and GitLab Runner integration. When Podman v2.2 arrives, GitLab Runner will be able to run with Podman right out of the box. Give the article a read to see how he got there.

    - + \ No newline at end of file diff --git a/blogs/tags/windows/page/6.html b/blogs/tags/windows/page/6.html index e8444d7c1..e551dd6d2 100644 --- a/blogs/tags/windows/page/6.html +++ b/blogs/tags/windows/page/6.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    65 posts tagged with "windows"

    View All Tags

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, The history of an API: GitLab Runner and Podman, Pablo Greco from the CentOS QA team in Buenos Aires, Argentia documented his journey through a Podman and GitLab Runner integration. When Podman v2.2 arrives, GitLab Runner will be able to run with Podman right out of the box. Give the article a read to see how he got there.

    · One min read

    podman logo

    Exploring Podman RESTful API using Python and Bash

    By Jhon Honce GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, Exploring Podman RESTful API using Python and Bash, Jhon Honce nicely demonstrates the new Podman REST API using code examples in Python and shell commands. Additional notes are included in the code comments. The provided code was written to be clear vs. production quality.

    · One min read

    podman logo

    DevConf US 2020 Containers Technologies Talk

    By Tom Sweeney GitHub

    In case you missed Kedar Kulkarni's excellent talk at DevConf.US 2020, "Docker, Podman, Buildah, Skopeo, and what else?", check out the video on YouTube. There were also a number of other interesting talks at DevConf.US 2020 that you might be interested in, you'll be able to find links to the talks at the DevConf.US site above.

    · One min read

    By Tom Sweeney GitHub

    In case you missed Kedar Kulkarni's excellent talk at DevConf.US 2020, "Docker, Podman, Buildah, Skopeo, and what else?", check out the video on YouTube. There were also a number of other interesting talks at DevConf.US 2020 that you might be interested in, you'll be able to find links to the talks at the DevConf.US site above.

    · One min read

    podman logo

    Podman Posts of Interest

    By Brent Baude GitHub

    · One min read

    I've run across a number of posts over the past few weeks concerning Podman and have been busy getting other work done. So now I have a few moments and thought I'd add some links to the posts. Enjoy!

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, Podman remote clients for macOS and Windows, Brent Baude and Ashley Cui walk you through setting up a remote client on either Windows or macOS to let you manage your containers and images on your Linux backend. The post covers installation, ssh setup, creating the initial connection and finally how to use the client. Give it a quick look!

    · One min read

    podman logo

    Podman remote clients for macOS and Windows

    By Brent Baude GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, Podman remote clients for macOS and Windows, Brent Baude and Ashley Cui walk you through setting up a remote client on either Windows or macOS to let you manage your containers and images on your Linux backend. The post covers installation, ssh setup, creating the initial connection and finally how to use the client. Give it a quick look!

    · One min read

    podman logo

    Pulling podman images from a container repository

    By Tom Sweeney GitHub

    Tom Sweeney has another blog post on the Red Hat Enable Sysadmin site this time he's writing about Pulling podman images from a container repository. Learn the different varieties of pull that the podman build command can use to speed up or further secure your environment in this post.

    - + \ No newline at end of file diff --git a/blogs/tags/windows/page/7.html b/blogs/tags/windows/page/7.html index 04239a544..8f436215d 100644 --- a/blogs/tags/windows/page/7.html +++ b/blogs/tags/windows/page/7.html @@ -12,13 +12,13 @@ - +

    65 posts tagged with "windows"

    View All Tags

    · One min read

    podman logo

    What happens behind the scenes of a rootless Podman container?

    By Dan Walsh GitHub

    Dan Walsh along with Matt Heon have a blog post on the Red Hat Enable Sysadmin site, What happens behind the scenes of a rootless Podman container?. If you ever wanted to know what happens under the covers of a rootless container, this is the article for you!

    - + \ No newline at end of file diff --git a/community.html b/community.html index 4838d1832..95b1e3a62 100644 --- a/community.html +++ b/community.html @@ -12,13 +12,13 @@ - +
    -

    Community

    Podman Logo

    Chat with the Podman community

    The Podman developers are generally around during CEST and Eastern Time business hours, so please be patient if you’re in another time zone!

    Current Time

    20:29

    Central European Standard Time

    14:29

    Eastern Standard Time

    Podman Community Meetings

    An image of podman team members in a virtual meeting

    Older meeting details

    Older meeting details

    Mailing List

    Browse the mailing list

    Simply visit [the Podman mailing list website](https://lists.podman.io/) to browse or search previous postings to the Podman mailing list.

    Subscribe or post to the mailing list

    A screenshot of the Podman mailing list home screen.

    Submitting Issues & Pull Requests

    Submitting Issues

    Don't include private / sensitive info in issues!

    • Feel free to add your scenario, or additional information, to the discussion.
    • Subscribe to the issue to be notified when it is updated.
    • Include as much detail as possible
    • Try to remove any extra stuff that doesn't really relate to the issue itself

    Submitting Pull Requets

    While bug fixes can first be identified via an "issue", that is not required. It's ok to just open up a PR with the fix, but make sure you include the same information you would have included in an issue - like how to reproduce it.

    PRs for new features should include some background on what use cases the new code is trying to address. When possible and when it makes sense, try to break-up larger PRs into smaller ones - it's easier to review smaller code changes. But only if those smaller ones make sense as stand-alone PRs. Regardless of the type of PR, all PRs should include:

    • Well-documented code changes.
    • Additional testcases. Ideally m they should fail w/o your code change applied.
    • Documentation changes.
    More PR Submission Details

    Special thanks to our contributors

    The Podman community has contributors from many different organizations, including:

    Red Hat LogoAmadeus LogoSuse LogoMotorola Solutions LogoNTT LogoIBM LogoDebian Logo
    - +

    Community

    Podman Logo

    Chat with the Podman community

    The Podman developers are generally around during CEST and Eastern Time business hours, so please be patient if you’re in another time zone!

    Current Time

    16:34

    Central European Standard Time

    10:34

    Eastern Standard Time

    Podman Community Meetings

    An image of podman team members in a virtual meeting

    Older meeting details

    Older meeting details

    Mailing List

    Browse the mailing list

    Simply visit [the Podman mailing list website](https://lists.podman.io/) to browse or search previous postings to the Podman mailing list.

    Subscribe or post to the mailing list

    A screenshot of the Podman mailing list home screen.

    Submitting Issues & Pull Requests

    Submitting Issues

    Don't include private / sensitive info in issues!

    • Feel free to add your scenario, or additional information, to the discussion.
    • Subscribe to the issue to be notified when it is updated.
    • Include as much detail as possible
    • Try to remove any extra stuff that doesn't really relate to the issue itself

    Submitting Pull Requets

    While bug fixes can first be identified via an "issue", that is not required. It's ok to just open up a PR with the fix, but make sure you include the same information you would have included in an issue - like how to reproduce it.

    PRs for new features should include some background on what use cases the new code is trying to address. When possible and when it makes sense, try to break-up larger PRs into smaller ones - it's easier to review smaller code changes. But only if those smaller ones make sense as stand-alone PRs. Regardless of the type of PR, all PRs should include:

    • Well-documented code changes.
    • Additional testcases. Ideally m they should fail w/o your code change applied.
    • Documentation changes.
    More PR Submission Details

    Special thanks to our contributors

    The Podman community has contributors from many different organizations, including:

    Red Hat LogoAmadeus LogoSuse LogoMotorola Solutions LogoNTT LogoIBM LogoDebian Logo
    + \ No newline at end of file diff --git a/docs.html b/docs.html index e0cba3c45..41e3357fa 100644 --- a/docs.html +++ b/docs.html @@ -12,7 +12,7 @@ - + @@ -52,7 +52,7 @@ here.

    More information

    For more information on Podman and its subcommands, checkout the asciiart demos on the README.md page.

    - + \ No newline at end of file diff --git a/docs/checkpoint.html b/docs/checkpoint.html index 6b6f69662..b7dc1a9af 100644 --- a/docs/checkpoint.html +++ b/docs/checkpoint.html @@ -12,7 +12,7 @@ - + @@ -32,7 +32,7 @@ transferring the checkpoint, it is possible to specify an output-file.

    On the source system:

    $ sudo podman container checkpoint <container_id> -e /tmp/checkpoint.tar.gz
    $ scp /tmp/checkpoint.tar.gz <destination_system>:/tmp

    On the destination system:

    $ sudo podman container restore -i /tmp/checkpoint.tar.gz

    After being restored, the container will answer requests again as it did before checkpointing. This time the container will continue to run on the destination system.

    $ curl http://<IP_address>:8080
    - + \ No newline at end of file diff --git a/docs/documentation.html b/docs/documentation.html index cf465a960..47205753d 100644 --- a/docs/documentation.html +++ b/docs/documentation.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/docs/installation.html b/docs/installation.html index 7a2695f14..8a84477ca 100644 --- a/docs/installation.html +++ b/docs/installation.html @@ -12,7 +12,7 @@ - + @@ -25,9 +25,9 @@ programmatic access from your language of choice.

    macOS

    On Mac, each Podman machine is backed by a virtual machine. Once installed, the podman command can be run directly from the Unix shell in Terminal, where it remotely communicates with the podman -service running in the Machine VM.

    Download Podman Installer (Reccomended)

    Podman can be downloaded from the Podman.io website.

    We also upload the installers and other binaries on our Github release page.

    Though not reccomended, Podman can also be obtained through Homebrew, +service running in the Machine VM.

    Download Podman Installer (Recommended)

    Podman can be downloaded from the Podman.io website.

    We also upload the installers and other binaries on our Github release page.

    Though not recommended, Podman can also be obtained through Homebrew, the package manager.

    Install via Brew

    Since Brew is a community-maintained package manager, we cannot guarantee stability -of Brew installs of Podman. Thus, installing via Brew is not reccomended.

    However, if you do wish to use Brew, you must first install Homebrew. Once you +of Brew installs of Podman. Thus, installing via Brew is not recommended.

    However, if you do wish to use Brew, you must first install Homebrew. Once you have set up brew, you can use the brew install command to install Podman:

    brew install podman

    After installing, you need to create and start your first Podman machine:

    podman machine init
    podman machine start

    You can then verify the installation information using:

    podman info

    We also provide binaries and a pkginstaller on our Github release page

    Windows

    On Windows, each Podman machine is backed by a virtualized Windows System for Linux (WSLv2) distribution. Once installed, the podman command can be run directly from your Windows PowerShell (or CMD) prompt, where it remotely @@ -82,7 +82,7 @@ also available to automate the installation of the above statically linked binary on its supported OS:

    sudo su -
    mkdir -p ~/.ansible/roles
    cd ~/.ansible/roles
    git clone https://github.com/alvistack/ansible-role-podman.git podman
    cd ~/.ansible/roles/podman
    pip3 install --upgrade --ignore-installed --requirement requirements.txt
    molecule converge
    molecule verify

    Configuration files

    registries.conf

    Man Page: registries.conf.5

    /etc/containers/registries.conf

    registries.conf is the configuration file which specifies which container registries should be consulted when completing image names which do not include a registry or domain portion.

    Example from the Fedora containers-common package

    $ cat /etc/containers/registries.conf
    # For more information on this configuration file, see containers-registries.conf(5).
    #
    # NOTE: RISK OF USING UNQUALIFIED IMAGE NAMES
    # We recommend always using fully qualified image names including the registry
    # server (full dns name), namespace, image name, and tag
    # (e.g., registry.redhat.io/ubi8/ubi:latest). Pulling by digest (i.e.,
    # quay.io/repository/name@digest) further eliminates the ambiguity of tags.
    # When using short names, there is always an inherent risk that the image being
    # pulled could be spoofed. For example, a user wants to pull an image named
    # `foobar` from a registry and expects it to come from myregistry.com. If
    # myregistry.com is not first in the search list, an attacker could place a
    # different `foobar` image at a registry earlier in the search list. The user
    # would accidentally pull and run the attacker's image and code rather than the
    # intended content. We recommend only adding registries which are completely
    # trusted (i.e., registries which don't allow unknown or anonymous users to
    # create accounts with arbitrary names). This will prevent an image from being
    # spoofed, squatted or otherwise made insecure. If it is necessary to use one
    # of these registries, it should be added at the end of the list.
    #
    # # An array of host[:port] registries to try when pulling an unqualified image, in order.
    unqualified-search-registries = ["registry.fedoraproject.org", "registry.access.redhat.com", "docker.io"]
    #
    # [[registry]]
    # # The "prefix" field is used to choose the relevant [[registry]] TOML table;
    # # (only) the TOML table with the longest match for the input image name
    # # (taking into account namespace/repo/tag/digest separators) is used.
    # #
    # # If the prefix field is missing, it defaults to be the same as the "location" field.
    # prefix = "example.com/foo"
    #
    # # If true, unencrypted HTTP as well as TLS connections with untrusted
    # # certificates are allowed.
    # insecure = false
    #
    # # If true, pulling images with matching names is forbidden.
    # blocked = false
    #
    # # The physical location of the "prefix"-rooted namespace.
    # #
    # # By default, this equal to "prefix" (in which case "prefix" can be omitted
    # # and the [[registry]] TOML table can only specify "location").
    # #
    # # Example: Given
    # # prefix = "example.com/foo"
    # # location = "internal-registry-for-example.net/bar"
    # # requests for the image example.com/foo/myimage:latest will actually work with the
    # # internal-registry-for-example.net/bar/myimage:latest image.
    # location = "internal-registry-for-example.com/bar"
    #
    # # (Possibly-partial) mirrors for the "prefix"-rooted namespace.
    # #
    # # The mirrors are attempted in the specified order; the first one that can be
    # # contacted and contains the image will be used (and if none of the mirrors contains the image,
    # # the primary location specified by the "registry.location" field, or using the unmodified
    # # user-specified reference, is tried last).
    # #
    # # Each TOML table in the "mirror" array can contain the following fields, with the same semantics
    # # as if specified in the [[registry]] TOML table directly:
    # # - location
    # # - insecure
    # [[registry.mirror]]
    # location = "example-mirror-0.local/mirror-for-foo"
    # [[registry.mirror]]
    # location = "example-mirror-1.local/mirrors/foo"
    # insecure = true
    # # Given the above, a pull of example.com/foo/image:latest will try:
    # # 1. example-mirror-0.local/mirror-for-foo/image:latest
    # # 2. example-mirror-1.local/mirrors/foo/image:latest
    # # 3. internal-registry-for-example.net/bar/image:latest
    # # in order, and use the first one that exists.
    #
    # short-name-mode="enforcing"

    [[registry]]
    location="localhost:5000"
    insecure=true

    mounts.conf

    /usr/share/containers/mounts.conf and optionally /etc/containers/mounts.conf

    The mounts.conf files specify volume mount directories that are automatically mounted inside containers when executing the podman run or podman build commands. Container process can then use this content. The volume mount content does not get committed to the final image.

    Usually these directories are used for passing secrets or credentials required by the package software to access remote package repositories.

    For example, a mounts.conf with the line "/usr/share/rhel/secrets:/run/secrets", the content of /usr/share/rhel/secrets directory is mounted on /run/secrets inside the container. This mountpoint allows Red Hat Enterprise Linux subscriptions from the host to be used within the container.

    Note this is not a volume mount. The content of the volumes is copied into container storage, not bind mounted directly from the host.

    Example from the Fedora containers-common package:

    cat /usr/share/containers/mounts.conf
    /usr/share/rhel/secrets:/run/secrets

    seccomp.json

    /usr/share/containers/seccomp.json

    seccomp.json contains the whitelist of seccomp rules to be allowed inside of containers. This file is usually provided by the containers-common package.

    The link above takes you to the seccomp.json

    policy.json

    /etc/containers/policy.json

    Man Page: policy.json.5

    Example from the Fedora containers-common package:

    cat /etc/containers/policy.json
    {
    "default": [
    {
    "type": "insecureAcceptAnything"
    }
    ],
    "transports":
    {
    "docker-daemon":
    {
    "": [{"type":"insecureAcceptAnything"}]
    }
    }
    }
    - + \ No newline at end of file diff --git a/features.html b/features.html index 6f5f0f214..1895898d8 100644 --- a/features.html +++ b/features.html @@ -12,13 +12,13 @@ - +

    Podman Features

    Podman Logo

    Getting to know Podman

    Quick dive into Podman

    A seal diving into the water

    Join Podman's Community

    A group of seals swimming.

    Need some help?

    A confused seal.

    Podman Desktop is Podman's graphical application that makes it easy to install and work with Podman (and other container engines) on Windows, MacOS, and Linux.

    Manage containers (not just Podman.)

    Podman Desktop allows you to list, view, and manage containers from multiple supported container engines* in a single unified view.

    Gain easy access to a shell inside the container, logs, and basic controls.

    * Supported engines and orchestrators include Podman, Docker, Lima, kind, Red Hat OpenShift, Red Hat OpenShift Developer Sandbox.

    Build, pull, and push images.

    Build containers from a Dockerfile / Containerfile, or pull images from remote repositories to run.

    Manage accounts for and push your images to multiple container registries.

    Podify containers into pods.

    Create pods by selecting containers to run together. View unified logs for your pods and inspect the containers inside each.

    Play Kubernetes YAML locally, without Kubernetes, and generate Kubernetes YAML from Pods.

    Deploy to Kubernetes.

    Deploy pods from Podman Desktop to local or remote Kubernetes contexts using automatically-generated YAML config.

    Podman Command-Line

    Podman's command-line interface allows you to find, run, build, and share containers.

    Find and pull down containers no matter where they are.

    • podman search
    • podman pull

    Find and pull down containers whether they are on dockerhub.io or quay.io, an internal registry server, or direct from a vendor.

    example of podman commands

    Want to learn more?

    Recent Podman Blog Posts

    Check out more posts about Podman on our Blog!

    Have fun coloring and learn about Podman!

    A decentralized team of open source container tool superheroes comes to the rescue when an asteroid storm threatens the planet. Learn about each tool—Podman, CRI-O, Buildah, Skopeo, and OpenShift—as they redesign the planet's protective shields' container deployment to protect Earth.

    Download
    A collection of pages from the Podman coloring book.
    - + \ No newline at end of file diff --git a/get-started.html b/get-started.html index 67f18dd23..ceabfeaed 100644 --- a/get-started.html +++ b/get-started.html @@ -12,13 +12,13 @@ - +

    Get Started with Podman

    First Things First: Installing Podman

    For installing or building Podman, please see the installation instructions:

    Getting Help

    Help & manpages

    For more details, you can review the manpages:

    $ man podman 
    $ man podman subcommand

    To get some help and find out how Podman is working, you can use the help.

    $ podman --help # get a list of all commands 
    $ podman subcommand --help # get info on a command

    Please also reference the Podman Troubleshooting Guide to find known issues and tips on how to solve common configuration mistakes.

    Searching, pulling, and listing images

    $ podman search httpd 
    INDEX NAME DESCRIPTION STARS OFFICIAL AUTOMATED
    docker.io docker.io/library/httpd The Apache HTTP Server Project 3762 [OK]
    docker.io docker.io/centos/httpd-24-centos7 Platform for running Apache h... 40
    quay.io quay.io/centos7/httpd-24-centos-7 Platform for running Apache h... 0 [OK]
    docker.io docker.io/centos/httpd 34 [OK]
    redhat.com registry.access.redhat.com/ubi8/httpd 0
    quay.io quay.io/redhattraining/httpd-parent 0 [OK]



    $ podman search httpd --filter=is-official
    INDEX NAME DESCRIPTION STARS OFFICIAL AUTOMATED
    docker.io docker.io/library/httpd The Apache HTTP Server Project 3762 [OK]
    $ podman pull docker.io/library/httpd
    Trying to pull docker.io/library/httpd:latest...
    Getting image source signatures
    Copying blob ab86dc02235d done
    Copying blob ba1caf8ba86c done
    Copying blob eff15d958d66 done
    Copying blob 635a49ba2501 done
    Copying blob 600feb748d3c done
    Copying config d294bb32c2 done
    Writing manifest to image destination
    Storing signatures
    d294bb32c2073ecb5fb27e7802a1e5bec334af69cac361c27e6cb8546fdd14e7



    $ podman images
    REPOSITORY TAG IMAGE ID CREATED SIZE
    docker.io/library/httpd latest d294bb32c207 12 hours ago 148 MB

    Running a container & listing running containers

    This sample container will run a very basic httpd server that serves only its index page.

    Running a container

    $ podman run -dt -p 8080:80/tcp docker.io/library/httpd 
    Note:

    Because the container is being run in detached mode, represented by the -d in the podman run command, Podman will run the container in the background and print the container ID after it has executed the command. The -t also adds a pseudo-tty to run arbitrary commands in an interactive shell.

    Also, we use port forwarding to be able to access the HTTP server. For successful running at least slirp4netns v0.3.0 is needed.

    Listing running containers

    The podman ps command is used to list created and running containers.

    $ podman ps
    CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
    01c44968199f docker.io/library/httpd:latest httpd-foreground 1 minute ago Up 1 minute 0.0.0.0:8080->80/tcp laughing_bob
    Note:

    If you add -a to the podman ps command, Podman will show all containers (created, exited, running, etc.).

    Testing the httpd container

    As you are able to see, the container does not have an IP Address assigned. The container is reachable via its published port on your local machine.

    $ curl http://localhost:8080

    From another machine, you need to use the IP Address of the host, running the container.

    $ curl http://<IP_Address>:8080
    Note:

    Instead of using curl, you can also point a browser to http://localhost:8080.

    - + \ No newline at end of file diff --git a/getting-started/installation.html b/getting-started/installation.html index aa65d4f45..a98f63551 100644 --- a/getting-started/installation.html +++ b/getting-started/installation.html @@ -12,13 +12,13 @@ - +
    - + \ No newline at end of file diff --git a/index.html b/index.html index 9b789e9e2..9436d6d1d 100644 --- a/index.html +++ b/index.html @@ -12,13 +12,13 @@ - +

    The best free & open source container tools

    Manage containers, pods, and images with Podman. Seamlessly work with containers and Kubernetes from your local environment.

    Latest stable Podman 4.8.3-Latest stable Podman Desktop 1.6.3-Apache License 2.0

    Supported Platforms

    • Fast and light.

    • Secure.

    • Open.

    • Compatible.

    Kubernetes Logo

    Kubernetes Ready

    A growing set of compatible tools

    Visual Studio code includes Podman support

    VS Code Logo

    Cirrus CLI allows you to reproducibly run containerized tasks with Podman

    Cirrus Logo

    GitHub Actions include support for Podman, as well as friends buildah and skopeo

    Github Logo

    Kind's ability to run local Kubernetes clusters via container nodes includes support for Podman

    Kind Logo

    What people are saying about Podman

    Ananth Iyer

    @mrananthiyer
    user avatar

    I am using @Podman_io for Magento 2 and it is super fast than other container tools. You must try it. #Podman #Magento #magento2

    Latest Podman News

    Have fun coloring and learn about Podman!

    A decentralized team of open source container tool superheroes comes to the rescue when an asteroid storm threatens the planet. Learn about each tool—Podman, CRI-O, Buildah, Skopeo, and OpenShift—as they redesign the planet's protective shields' container deployment to protect Earth.

    Download
    A collection of pages from the Podman coloring book.
    - + \ No newline at end of file diff --git a/release.html b/release.html index d3ac876ff..92eee6f29 100644 --- a/release.html +++ b/release.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    · 3 min read

    podman logo

    Podman 4.3.0 is now available! There’s a lot to be excited about, including numerous new features, over 30 bug fixes, and many other improvements. A major focus of 4.3 has been on improving Docker compatibility, including the addition of many missing options and aliases to Podman’s command line to further our efforts to make transitioning to Podman a seamless change. Podman’s integration with Kubernetes has also seen many improvements, including improved integration with systemd and support for automatic updates. Read on for more details and these changes and more!

    The Podman team made improved compatibility with Docker a priority for Podman 4.3. We audited Podman’s commands against the Docker command line tool to identify missing and unsupported options and then set to work adding and fixing differences. As part of these, we added a dozen new options to various Podman commands, with many of these being missing aliases for existing options. A new set of commands, podman context, have been added for compatibility with docker context. These are also aliases (for podman system connection commands), and will usually be hidden as they are only required for scripts originally written to use Docker. We have also removed a known incompatibility with Docker in Podman’s volume handling. Docker compatibility remains a focus for Podman, and we will continue our efforts to make migrating to Podman effortless.

    Podman’s Kubernetes integration also saw numerous changes, the biggest of which is the creation of the podman kube command. Previously, Kubernetes YAML was generated with podman generate kube and ran with podman play kube, but users found this confusing - it wasn’t immediately obvious from podman help that the commands existed. By moving the commands to podman kube generate and podman kube play and introducing a new command to tear down pods (podman kube down), we consolidated all Kubernetes commands in one easy-to-find place. The podman generate kube, and podman play kube commands will continue to work, but the new podman kube commands will be preferred.

    Of course, we didn’t stop at just renaming commands. We’ve made a number of further additions to podman kube play, most notably improved systemd integration. In Podman 4.2, we added podman-kube@.service to allow pods created with podman kube play to be managed with systemd. With Podman 4.3, we’ve improved this in two significant ways. First, pods using podman-kube@.service can now use sdnotify to verify to systemd that they have started. This laid the groundwork for the following major change: Pods from podman-kube@.service now support Podman’s auto-updated mechanism, enabled using an annotation (io.containers.auto-update). Furthermore, we made several improvements to podman kube play, including support for emptyDir volumes, support for user namespaces via HostUsers, and support for binary data in ConfigMaps.

    These are just a few of the over 30 features and bug fixes included in Podman 4.3.0. Be sure to check out the release notes for more details!

    · 3 min read

    podman logo

    Podman v4.2.0 has been released!

    Podman 4.2.0, our latest release, is now available. Featuring dozens of new features, including support for the GitLab Runner, significant improvements to podman play kube, and pods in general. We’ve also been working on running Podman on Mac and Windows, with a number of major bug fixes and several new features for podman machine landing. We are also happy to announce an early release of Podman Desktop, a GUI tool for Podman. Read on for more details!

    Our new release now supports being used with the GitLab Runner as part of GitLab CI platforms, using the Docker executor. This has been the culmination of months of effort, and required squashing a number of bugs in our REST API. GitLab Runner has been a much-requested feature, and we’re eager to see what users do with it!

    As part of the 4.2.0 release, we have made many changes to both Podman pods and the podman play kube command. Pods now have early support for resource limits, allowing CPU and memory use for a pod to be limited. All containers in the pod will share this limit but can still set their own limits. Pods can also be cloned now via the new podman pod clone command. Support for YAML in play kube has also been improved, with additional support for security context settings and the ability to use BlockDevice and CharDevice volumes.

    systemd integration with podman play kube has been introduced. Pods launched by podman play kube can be managed by systemd, using the new podman-kube@.service service - e.g. systemctl --user start podman-play-kube@$(systemd-escape my.yaml).service will run the my.yaml file managed by systemd.

    Several other features and changes also landed in Podman v4.2.0. Early support for Sigstore signatures is now available in podman push and podman manifest push - expect more in this area in the future as we further integrate Sigstore and Podman. Podman networks can now be isolated (preventing traffic from being sent to other Podman-managed networks) with the --opt isolate= option to podman network create.

    These are just a few of the 40 new features and 50 bug fixes included in Podman 4.2.0. Be sure to check out the release notes for more details!

    Along with the release of Podman 4.2.0, a new version of Podman Desktop is available. If you are not yet aware of Podman Desktop, it’s a new project under the container organization to help developers work with containers in their local environment with a desktop UI. Podman Desktop is still in its early days. Still, it already provides capabilities to list your images, interact with containers (access logs, get a terminal), connect to registries (pull private images, push your images) and configure podman settings (proxies). An early adopter program has also been set up. Feel free to sign up if you are interested in testing Podman Desktop, providing feedback, and speaking about your ideas, experiences, and pain points! If you are interested in contributing to the tool, your help would also be appreciated. Feel free to investigate the project’s Github.

    · 3 min read

    podman logo

    Podman v4.1 has been released!

    The new Podman v4.1.0 release is now available. This release is all about new features, with some of the most exciting being improved support for running on Mac and Windows, and adding support for Docker Compose v2.0. These are just the beginning, though, as this release also includes the ability to clone containers, significant improvements to checkpointing, and over 25 bug fixes. Read on for more details!

    Podman’s support for running on Mac and Windows via podman machine has seen a number of major improvements, chief among them support for mounting the host machine’s home directory into the podman machine VMs by default. Also, on Windows, you can now refer to arbitrary Windows drive paths in your volume mount expressions. This allows containers run by Podman to use mounts from the host, an often-requested feature. Additionally, we’ve added a podman machine inspect command to inspect existing VMs, and support for modifying the CPU, memory, and disk limits of existing VMs using the podman machine set command. Support for non-Linux operating systems continues to be one of our main focuses, and we’re committed to improving our user experience here - stay tuned for more details!

    Podman v4.1 is also our first release to support Docker Compose v2.2.0 and up. Since our v3.0 release over a year ago, Podman has supported Compose v1, but the rewritten Compose v2 required further work in Podman to support. Please note that it may be necessary to disable the use of the BuildKit API by setting the environment variable DOCKER_BUILDKIT=0; we’re looking into improving our Buildkit support in the future, so this is not necessary.

    There are numerous other changes and improvements to all parts of Podman packed into this release. We’ve added several new commands, including podman volume mount and podman volume unmount (to allow easy copying of files to and from volumes without using them in a container) and podman container clone (creates a copy of an existing container, with the ability to change many settings while doing so). Checkpoint and restore have seen a major improvement with the ability to store checkpoints as OCI images, allowing them to be distributed via container registries. Finally, Podman has gone on a diet - we set out to reduce or eliminate many of our dependencies and managed to reduce our binary size by 8MB shaving off 15% of the original binary size. There are many more changes - too many to list all of them here - so be sure to check out the release notes!

    · 2 min read

    podman logo

    Podman v4.0 has been released!

    Podman v4.0.0, a brand-new major release, is now available. Podman 4.0 is one of our most significant releases ever, featuring over 60 new features. Headlining this release is a complete rewrite of the network stack for improved functionality and performance, but there are numerous other changes, including improvements to Podman’s Mac and Windows support, improvements to pods, over 50 bug fixes, and much, much more!

    Podman now features support for a new network stack based on Netavark and Aardvark, in addition to the existing CNI stack. The new stack features improved support for containers in multiple networks, improved IPv6 support, and improved performance. To ensure that we don’t break existing users, the old CNI stack will remain the default on existing installations, while new installs will use Netavark. We’re planning an in-depth dive into the networking changes in a future blog, so look forward to more details there!

    Support for Podman on Windows and OS X has also been a top priority, and we have made several major improvements for Podman 4.0. Chief among them is support for mounting the Podman API socket on the host system, allowing tools like Docker Compose to be used on the host system instead of inside the podman machine VM. Also, podman machine can now use WSL2 as a backend on Windows, greatly improving Podman’s support for Windows. More features, including support for volume mounts from the host, are planned for Podman v4.1, so stay tuned for more updates.

    Podman Pods have seen numerous new features added to allow sharing resources between containers in the pod. The --volume and --device options to the podman pod create command allows volumes and devices to be mounted to every container in the pod, and the --security-opt and --sysctl options allow these configurations to be set for every container in the pod. Again, these changes are just the beginning of what we have planned - eventually, we aim to have almost every option from podman run available to pods to allow easy sharing of configuration options among containers within them.

    These changes are just the tip of the iceberg - there’s far more packed into this release, including major updates to checkpoint and restore, improvements to podman generate systemd and podman play kube, and so much more. Find out more in the release notes.

    · 2 min read

    podman logo

    Podman 3.3 has been released!

    A new Podman release is available, featuring a number of exciting new features, including improved support for running Podman on OS X, support for restarting containers after a system restart, improved support for checkpointing and restoring containers, and 60 bug fixes and stability improvements. Read on for more details!

    Podman’s support for running on non-Linux operating systems via the podman machine command continues to improve in v3.3.0. When containers are run inside a virtual machine created by podman machine, port forwarding from the host to the container is now supported - that is, a container that forwards port 8080 on the host to port 80 in the container will now be accessible not just from port 8080 in the Podman-managed virtual machine, but also from port 8080 on the host system. Stability also continues to improve, with many fixes being made to both podman machine itself and the remote Podman client.

    Podman now supports restarting containers created with the --restart option after the system is rebooted. Containers created with --restart=always can be automatically started when the system boots if the podman-restart.service systemd unit is enabled. Our main focus continues to be on managing containers directly with systemd via podman generate systemd, which has always allowed containers to be automatically started after boot and provides greater flexibility than the --restart option, but the addition of podman-restart.service will be useful for those seeking improved compatibility with Docker. The podman generate systemd command also saw several improvements, and will not default to using SDNotify instead of PID files, producing smaller and easier-to-understand unit files.

    Support for checkpoint and restoring containers has seen several new additions, most notably the ability to checkpoint and restore containers that are part of pods. Additionally, when restoring containers, you can now alter what ports the container publishes via the --publish option. Together, these greatly increase the flexibility of checkpoint and restore.

    This release also includes numerous other changes, features, and fixes. Find out more in the release notes.

    · 2 min read

    podman logo

    Podman 3.1 has been released!

    The new Podman release includes a number of exciting new features, including the podman secret command for managing secrets, support for a volume chown option to fix permissions automatically, improved support for volumes in podman generate kube, and over 60 bug fixes, many to the HTTP API. Read on for more details!

    Secrets support has been a frequent request for Podman, and 3.1.0 features the first step toward fulfilling it. Secrets add a way to easily add confidential data into containers, by having Podman-managed secret files, which can easily be added to containers. We have added a suite of new commands - podman secret create, podman secret ls, podman secret inspect, and podman secret rm - to manage these secrets, and a --secret flag to podman create and podman run to mount secrets into containers. Please note that the initial implementation of secrets does not encrypt secrets at rest - look for this in an upcoming release.

    Podman can now automatically change volume ownership to match the user a container is running as. The new :U mount option for volumes made with the -v flag to podman create and podman run will chown paths mounted into containers to ensure that the user in the container can access the volume. This is very useful with rootless containers, where the rootless user namespace can make it difficult to tell what user on the container will access a directory.

    The podman generate kube command can now generate PersistentVolumeClaim volumes for Podman named volumes attached to containers. These have been supported in podman play kube since v2.2.0, but until now, Podman has not been able to create YAML with these volumes. This important addition restores symmetry between generate kube and play kube.

    This release also includes numerous other changes, features, and fixes. Find out more in the release notes.

    · 3 min read

    podman logo

    Podman 3.0 has been released!

    This new major release features several exciting new features, including support for Docker Compose, improved security around image pulls by short name, improved networking support, and over 100 bug fixes. Podman v3.0 also features numerous improvements to our REST API and the Podman remote client.

    The headlining feature of Podman 3.0 is the addition of support for Docker Compose which can now run against the Podman REST API. There are no changes needed as Compose won’t even realize it’s using Podman. Compose is only supported when running Podman as root; we aim to support it with rootless Podman in a future release.

    Podman 3.0 also enables secure short name aliasing by default, a feature that debuted in experimental form in Podman 2.2. With short name aliasing enabled, every time a user-facing Podman process pulls an image by a short name for the first time (e.g. podman pull fedora), it will prompt to ask the user where they want to pull from. This removes several potential ways an attacker could manipulate where an image was pulled from to cause Podman to pull a malicious image.

    Podman networking has seen numerous fixes as part of Podman 3.0. We have added a new command, podman network reload, which recreates firewall rules for Podman containers. Previously, reloading the system firewall would render all containers running as root unusable until they were restarted; podman network reload fixes this. Networks created by podman network create also now support labels, and the podman network ls command can filter using these labels.

    Podman v3.0 includes the latest version of Buildah along with updates to our other container libraries. Buildah 1.19.2 includes many new features and fixes, including improved support for building multi-platform container images.

    Podman v3.0 also includes a fix for CVE-2021-20199. This is a security issue where rootless Podman would rewrite the source address on traffic from published ports to 127.0.0.1, which could cause an authentication bypass on certain images. We strongly suggest upgrading if you use rootless Podman.

    As part of 3.0, Podman has dropped support for the legacy Varlink API, which we deprecated in Podman 2.0. We recommend all users of the Varlink API upgrade to the new REST API.

    Dozens of other features, changes, and bug fixes are all included to improve stability, performance, and compatibility. These include numerous additional commands and options as well as API changes and fixes. You can read more here.

    · 2 min read

    podman logo

    Podman 2.2 has been released!

    Podman v2.2.0 has been released! Featuring numerous new features and over 80 bugfixes, the new Podman offers a number of often-requested features and improved stability. Read on for more details!

    Some of our most exciting new features include support for network aliases and the network connect and network disconnect commands. Network aliases are additional names that containers can be accessed through when using DNS. The network connect and network disconnect commands allow running containers to be added to and removed from networks. These have been frequent requests from users, and significantly improve our compatibility with Docker in networking.

    Podman 2.2 also comes with initial support for short name aliasing. This feature, explained more fully here, enhances the security of short names in the podman pull and podman run commands (e.g. podman pull ubi8) by ensuring that that the image we pull is actually the image the user wanted. This feature is purely opt-in for now but will be enabled by default in Podman 3.0.

    The podman generate kube and podman play kube commands also saw numerous improvements, most of which were provided by the community. Both generate kube and play kube now support resource limits for containers. We’ve also gained support for Kubernetes’ persistent volume claims and configmaps in podman play kube. We now offer increased control over the containers created by play kube as well, with a --start option (defaulting to true) controlling whether they are started immediately after being created, and the ability to set what log driver they use to improve the ability of podman play kube to integrate with systemd unit files.

    We’ve also added several other improvements. The --mount option to podman create and podman run can now mount a container image into a container using the type=image argument. Additionally, the podman inspect command now works with more objects (networks, pods, and volumes) instead of just containers and images. Finally, more Podman commands (podman mount, podman diff, podman container exists) can now work with Buildah and CRI-O containers, in addition to Podman containers.

    Numerous bug fixes to APIV2 to better support docker-compose and docker-py.

    · 2 min read

    podman logo

    Podman 2.1 has been released!

    Podman v2.1.0 has just been released! This is one of our largest releases ever, and features numerous new features, over 50 bugs fixed, and extensive work on the REST API. Read on for more details!

    Our biggest announcement is that rootless Podman now supports inter-container networking. Previously, it was impossible for rootless Podman containers to communicate directly with each other without using pods. Now, by joining rootless containers to a network, they can communicate with other containers in the same network in the same manner as containers running with full root privileges. This is a major improvement to rootless networking, and addresses one of the largest gaps between running Podman with and without root.

    We’ve also enabled a number of new features for images. Podman can now mount images (read-only) so their contents can be viewed without creating a container based on the image, using the podman image mount command. Additionally, podman save and podman load can now work with archives containing multiple images, instead of only one at a time. Finally, Podman’s pull logic has been reworked to retry pulling images when a pull fails due to network issues.

    The podman play kube command has also been a focus of attention. It now handles many additional options from Kubernetes YAML. These include support for new volume types (mounting sockets into your pods and setting volumes as read-only), setting restart policy for pods, adding entries to /etc/hosts, and many more. These features are available to anyone using podman generate kube as well.

    In addition, there are numerous small improvements. Volume mounts can now use the :O option to be created as overlay mounts - mounts where changes made by the container will not be propagated back to the host. Podman now supports setting the timezone of containers (using the --tz flag). The podman ps command now supports a --storage option which will display all containers on the system, even those not managed by Podman (e.g. Buildah and CRI-O containers).

    - + \ No newline at end of file diff --git a/release/2018/06/04/podman-alpha-v0.6.1.html b/release/2018/06/04/podman-alpha-v0.6.1.html index 7a2a15689..a582940a7 100644 --- a/release/2018/06/04/podman-alpha-v0.6.1.html +++ b/release/2018/06/04/podman-alpha-v0.6.1.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    Podman Alpha version 0.6.1 Release Announcement

    · 2 min read

    podman logo

    Podman release 0.6.1

    It seems that when we have a short work week here in the US, we have rather large releases. To me, that flies in the face of logic. Speaking of which, one particular milestone was reached this week … We had our 1000th commit in Podman!

    That is particularly special, because prior to this repository, all libpod work was being done within the CRI-O repository. So the 1000 commits is in actuality since we broke apart from CRI-O. I want to recognize all the contributors who have been helping us along way. Great job! ##Other notable items in the release:

    Improvements to podman Remote API

    * Example usage for the Podman python API
    * Correct issue with varlink container inspect where not all information was being parsed
    * varlink build added to the varlink API
    * Python API now can attach to a container

    Improvements to podman build

    * OnBuild support for podman build

    General Improvements

    * Correctly drop security capabilities when running containers with — user
    * Fix edge case of pulling images with shortnames and no registries defined
    * Lots of changes with the hooks command
    * Make some run options exclusive when using an existing container network namespace
    * Podman ps and images now sorts containers and images by their created time.
    - + \ No newline at end of file diff --git a/release/2018/07/02/podman-alpha-v0.6.4.html b/release/2018/07/02/podman-alpha-v0.6.4.html index a1746f58b..05aa4afe4 100644 --- a/release/2018/07/02/podman-alpha-v0.6.4.html +++ b/release/2018/07/02/podman-alpha-v0.6.4.html @@ -12,13 +12,13 @@ - +

    Podman Alpha version 0.6.4 Release Announcement

    · 3 min read

    podman logo

    Podman release 0.6.4

    This afternoon we were able to overcome some last minute bugs and release a new Podman. The packages are building in Fedora and will work their way through Fedora’s bodhi system. For giggles, I looked at the number of individual contributors this week and was glad to see the number at 10.

    Mainly bugfixes this week, one big one was that we do a better job cleaning up containers that run in the back ground.

    podman container cleanup was added to cleanup mountpoint, cgroups and network configuration when containers exit. When a container is run in background mode (-d), the podman command exits, but conmon continues to run and monitor the container, when the container exits, conmon executes podman container cleanup to cleanup the container.

    There were a number of bug fixes and a lot of vendoring new code — Golang speak for updating the code we depend on from other projects. Interesting things are in store for podman in the upcoming weeks. Stay tuned!

    I missed writing this blog the last couple of weeks, and wanted to point out a huge new feature from the buildah project. podman build now supports layering. As you may know podman build by default only adds one layer when processing a Dockerfile. This is different the docker build. Docker defaults to layering each line in the Dockerfile, which makes the creation of an application easier, since docker build jumps to the first line changed in the Dockerfile since the previous build. Podman build on the other hand starts at the beginning, which works better in using a Dockerfile in a build system. With the introducion of the — layers flag, you can now get the same behaviour in podman build that you have in docker build, incremental changes to the Dockerfile will start the build at the change point rather then in the beginning. There is even a environment variable BUILDAH_LAYERS which can be set to default to the layers method.

    Notable features include:

    * Continued work on podman remote client. A mock up of a podman remote client went into the contrib/ section of our repository. This is not ready for anyone but Jhon Honce as the primary contributor to the python library code.
    * Continued work on running podman without requiring you to be root. Giuseppe Scrivano made a bunch of commits related to rootless containers.
    * added podman-image and podman-container man page links
    * fixed a fatal error where when a container disappeared during podman ps.
    * added an authfile option to podman search to deal with private registries.
    * fixed a bug related to container startup and attached mode.
    * building podman with varlink support is now optionional.
    - + \ No newline at end of file diff --git a/release/2018/07/09/podman-alpha-v0.7.1.html b/release/2018/07/09/podman-alpha-v0.7.1.html index de966c354..657788dc0 100644 --- a/release/2018/07/09/podman-alpha-v0.7.1.html +++ b/release/2018/07/09/podman-alpha-v0.7.1.html @@ -12,13 +12,13 @@ - +

    Podman Alpha version 0.7.1 Release Announcement

    · 2 min read

    podman logo

    Podman release 0.7.1

    Last week was a busy holiday week here in the United States, but we still managed a nice release full of interesting merges.

    Many of the significant merges are going to be less than noticeable to users. A lot of updated vendor code was added as well as the removal of unused functions due to cgroups and platform changes.

    Speaking of platform changes, one thing I have been working on the last few weeks is to cross-compile for Darwin from Linux. This was really our first need to deal with other platforms and was rather invasive at times. It took several merges over the last few weeks to complete but we have are able to build a Darwin binary. I must emphasize build because the binary is known to not run — as there is a lengthy list of things that would need to be fixed or implemented first. Nevertheless, my goal here was to implement a CI test that would always perform the build so we can protect against subsequent regressions for Darwin should someone decide to work on that platform.

    Other significant changes include:

    * several changes to the makefile to make it more efficient
    * fix parsing of short options by vendoring in a new urfave/cli
    * tutorial fixes
    * revert back to a shared cgroup for conmon processes
    * remove buildah requirement for the libpod image library
    * block use of /proc/acpi from inside containers
    * factor pkg/ctime into a separate package
    - + \ No newline at end of file diff --git a/release/2018/07/16/podman-alpha-v0.7.2.html b/release/2018/07/16/podman-alpha-v0.7.2.html index 6366c0e9a..810c47bb8 100644 --- a/release/2018/07/16/podman-alpha-v0.7.2.html +++ b/release/2018/07/16/podman-alpha-v0.7.2.html @@ -12,13 +12,13 @@ - +

    Podman Alpha version 0.7.2 Release Announcement

    · 2 min read

    podman logo

    Podman release 0.7.2

    As most weeks are, this was fast and furious. You will see hand fulls of significant features below that have been added to podman this week. All of it is awesome work from the core team and its contributors. There were also two interesting features that users will be interested in: the ability to create a container with multiple networks and the podman remote client.

    We have heard from users that they wish to be able to create containers with multiple networks. This can now be done with a combination of CNI configurations and podman. The easiest approach is to take the default podman configuration file /etc/cni/net.d/87-podman-bridge.conflist and duplicate it. Within the file, change the:

    * network name
    * bridge device (cni0 -> cni1)
    * subnet

    Then run podman like:

    $ podman run -it --network=podman,podman2 fedora:28 /bin/bash

    Jhon Honce and I have also been working on a remote client for podman, called pypodman. It is written in Python and allows users to have a podman-like front-end that accesses an actual podman backend on another node. It relies heavily on ssh and we recommend the use of ssh keys to simplify things.

    Our vision is this could eventually become useful for those using Macs or Windows as a development environment. Look for more official blogs and write-ups specifically on this.

    This is also the release where we start introducing pod concepts. We now have minimal support for pods. Try podman pod — help for further information.

    Other significant features include but are not limited to:

    * More unit tests for the varlink python client
    * Correction behavior for podman stats
    * Add — volumes-from to podman run and create
    * Fix a small regression in our opt handling
    * Add a default AppArmor profile
    * Fix path for rootless containers
    * Varlink API fixes in how we start start and attach to containers
    * Podman ps now reports containers as ‘dead’ instead of ‘unknown’
    * Correct behavior in podman rmi on how to handle parent image deletions
    * Logged output now goes to syslog as well as STDERR
    * When pulling an image by SHA1, we now set the name and tag correctly.
    * Better recording of exit codes for container exits
    - + \ No newline at end of file diff --git a/release/2018/08/08/podman-alpha-v0.8.1.html b/release/2018/08/08/podman-alpha-v0.8.1.html index 98c524f31..4a82dbd78 100644 --- a/release/2018/08/08/podman-alpha-v0.8.1.html +++ b/release/2018/08/08/podman-alpha-v0.8.1.html @@ -12,13 +12,13 @@ - +

    Podman Alpha version 0.8.1 Release Announcement

    · One min read

    podman logo

    Podman release 0.8.1

    Our latest podman release turned out to be a lot of internal plumbing. We had more than 50 commits but most were tweaks that most users would not notice. So I don’t have a singular, hot feature to point you at.

    That said, if you haven’t tried the python client to for podman, I recommend you do. It allows you to interact with a remote podman instance via SSH.

    Other notable benefits of this release are:

    * Fixes to rootless containers including network support using slirp4netns written by Akihiro Suda
    * Adjustments to how images are pulled and their metadata
    * podman build now supports different isolation mechanims, to better run within a confined container.
    * Changes to our integration tests to speed them up
    * podman load now supports xz compression
    * Tidy up man pages
    - + \ No newline at end of file diff --git a/release/2018/08/20/podman-alpha-v0.8.3.html b/release/2018/08/20/podman-alpha-v0.8.3.html index 216003c01..c0d55c7d1 100644 --- a/release/2018/08/20/podman-alpha-v0.8.3.html +++ b/release/2018/08/20/podman-alpha-v0.8.3.html @@ -12,13 +12,13 @@ - +

    Podman Alpha version 0.8.3 Release Announcement

    · 2 min read

    podman logo

    Podman release 0.8.3

    Our release this week was very smooth. It seems like between CI infrastructure stability, last minute pull requests, and sometimes just plain bad luck, something always gives us trouble on Friday’s. The Fedora packages are created and I see that they are getting their karma and working through the process already.

    By the way, we moved! Our new upstream location is https://github.com/containers/podman. It seems to be a more natural fit for our project and more closely associates us with some of our sister projects.

    Some of the more obvious changes in this release are:

    * Updated documentation to mention that systemd is now the default cgroup manager.
    * The create|run switch of — uts-host now works correctly.
    * Add pod stats as a sub-command. Similar to podman stats, it allows you to see statistics about running pods and their containers.
    * Varlink API endpoints for many of the pod subcommands were added.
    * Support format for the varlink API endpoint Commit (OCI or docker)
    * Fix handling of the container’s hostname when using — host=net
    * When searching multiple registries, do not make an error from one registry be fatal.
    * Create and Pull commands were added to the python client.

    Our IRC channel has not moved. Much of the development team can be found on Freenode in #podman. Come by and introduce yourself!

    - + \ No newline at end of file diff --git a/release/2018/12/12/podman-alpha-v0.12.1.1.html b/release/2018/12/12/podman-alpha-v0.12.1.1.html index 8e301dd69..e4eadf48c 100644 --- a/release/2018/12/12/podman-alpha-v0.12.1.1.html +++ b/release/2018/12/12/podman-alpha-v0.12.1.1.html @@ -12,13 +12,13 @@ - +

    Podman v0.12.1.1 Released

    · 2 min read

    podman logo

    Podman Release 0.12.1.1

    We're happy to announce the availability of Podman 0.12.1.1, our latest version. We've been very busy over the last month, and it shows! We've merged over 150 new commits since our 0.11 releases, including major new functionality and several critical bugfixes. Pods, Kubernetes compatibility, and container volumes all saw major improvements.

    We hope everyone enjoys the release, and stays with us in the future as Podman gets closer to 1.0. As always, many thanks to everyone who contributed to this release!

    Changes

    This release comes with many exciting new features. To highlight a few of our biggest changes:

    • The podman generate kube command was added by Brent Baude, which generates Kubernetes pod and service YAML from Podman containers and pods.
    • Initial support for named volumes using the podman volume set of commands was landed by Urvashi Mohnani
    • The podman rm and podman rmi commands can now prune unused containers and images with the --prune flag
    • Ports can now be published to the host from pods

    Numerous bugs were fixed as well, including a breaking change in rootless Podman found in 0.11.x releases.

    To see the full changelog, please visit our release notes on GitHub

    Some of this work, like the podman volume command, is still very early. We'd greatly appreciate feedback! If you have an enhancement request or a bug report, please file them on our issue page.

    - + \ No newline at end of file diff --git a/release/2019/01/16/podman-release-v1.0.0.html b/release/2019/01/16/podman-release-v1.0.0.html index 69fe47e58..c52fd57da 100644 --- a/release/2019/01/16/podman-release-v1.0.0.html +++ b/release/2019/01/16/podman-release-v1.0.0.html @@ -12,13 +12,13 @@ - +

    Podman v1.0.0 Released

    · 3 min read

    podman logo

    Podman has gone 1.0!

    Our original goal with Podman was to provide a fully-featured debugging experience for CRI-O, but it has become so much more. Podman 1.0.0 is a fully-featured container engine. It provides a Docker-compatible command line to ease the transition from other container engines. Most Podman commands can be run as a regular user, without requiring additional privileges. Furthermore, all of this is accomplished without a daemon!

    Podman made its first public release, v0.2, a little less than a year ago. We've come a long way since then, adding new features like:

    • Rootless containers
    • Support for pods
    • Interacting with Kubernetes pod YAML
    • A Varlink API for interacting with Podman on remote machines

    We've kept our eyes firmly on stability, fixing over 150 bugs. We’ve also worked on performance, making sure all common operations are optimized. While it is an iterative process, we are pleased with where we stand today. With that, we're excited to announce that Podman is ready for prime time, and it is ready for you.

    A key focus of Podman is around security. In addition to support for rootless containers, we’ve added many other security features. Great support for User Namespaces has resulted in better container separation. The podman top command will tell you what security features are enabled for processes within containers. Podman’s daemonless fork/exec model preserves audit information on containers.

    This is just the beginning, and we have plans for much more. For example, numerous improvements are planned for rootless Podman, pod support, the Varlink API, and automatic user namespace separation. If you find a feature missing from Podman, feel free to open an enhancement request on our Github. We love your feedback, and many of our best ideas come from users and contributors.

    Finally, the Podman team would like to thank all our contributors. Everyone who submitted code, improved documentation, or reported bugs has been a great help.

    Changes

    A few of the biggest changes from Podman 1.0.0 include:

    • Added the podman play kube command, which creates Podman pods based on Kubernetes pod YAML.
    • The podman run and podman create commands now support the --init flag, to run a minimal init process in the container.
    • Added the podman image sign command to sign container images.
    • Image pulls are now parallelized for increased speed

    As always, please visit our release notes on GitHub to see the full changelog.

    You can find instructions for installing Podman here

    - + \ No newline at end of file diff --git a/release/2019/02/26/podman-release-v1.1.0.html b/release/2019/02/26/podman-release-v1.1.0.html index ba873a7bb..da4e4566d 100644 --- a/release/2019/02/26/podman-release-v1.1.0.html +++ b/release/2019/02/26/podman-release-v1.1.0.html @@ -12,7 +12,7 @@ - + @@ -22,7 +22,7 @@ rootless Podman, adding short options to some of the existing command options, added --all-tags to the the pull command, further changes for rootless containers and more. All the details follow!

    Changes

    Features

    • Added --latest and --all flags to podman mount and podman umount
    • Rootless Podman can now forward ports into containers (using the same -p and -P flags as root Podman)
    • Rootless Podman will now pull some configuration options (for example, OCI runtime path) from the default root libpod.conf if they are not explicitly set in the user's own libpod.conf #2174
    • Added an alias -f for the --format flag of the podman info and podman version commands
    • Added an alias -s for the --size flag of the podman inspect command
    • Added the podman system info and podman system prune commands
    • Added the podman cp command to copy files between containers and the host #613
    • Added the --password-stdin flag to podman login
    • Added the --all-tags flag to podman pull
    • The --rm and --detach flags can now be used together with podman run
    • The podman start and podman run commands for containers in pods will now start dependency containers if they are stopped
    • Added the podman system renumber command to handle lock changes
    • The --net=host and --dns flags for podman run and podman create no longer conflict
    • Podman now handles mounting the shared /etc/resolv.conf from network namespaces created by ip netns add when they are passed in via podman run --net=ns:

    Bugfixes

    • Fixed a bug with podman inspect where different information would be returned when the container was running versus when it was stopped
    • Fixed a bug where errors in Go templates passed to podman inspect were silently ignored instead of reported to the user #2159
    • Fixed a bug where rootless Podman with --pid=host containers was incorrectly masking paths in /proc
    • Fixed a bug where full errors starting rootless Podman were not reported when a refresh was requested
    • Fixed a bug where Podman would override the config file-specified storage driver with the driver the backing database was created with without warning users
    • Fixed a bug where podman prune would prune all images not in use by a container, as opposed to only untagged images, by default #2192
    • Fixed a bug where podman create --quiet and podman run --quiet were not properly suppressing output
    • Fixed a bug where the table keyword in Go template output of podman ps was not working #2221
    • Fixed a bug where podman inspect on images pulled by digest would double-print @sha256 in output when printing digests #2086
    • Fixed a bug where podman container runlabel will return a non-0 exit code if the label does not exist
    • Fixed a bug where container state was always reset to Created after a reboot #1703
    • Fixed a bug where /dev/pts was unconditionally overridden in rootless Podman, which was unnecessary except in very specific cases
    • Fixed a bug where Podman run as root was ignoring some options in /etc/containers/storage.conf #2217
    • Fixed a bug where Podman cleanup processes were not being given the proper OCI runtime path if a custom one was specified
    • Fixed a bug where podman images --filter dangling=true would crash if no dangling images were present #2246
    • Fixed a bug where podman ps --format {% raw %}"{{.Mounts}}"{% endraw %} would not display a container's mounts #2238
    • Fixed a bug where podman pod stats was ignoring Go templates specified by --format #2258
    • Fixed a bug where podman generate kube would fail on containers with --user specified #2304
    • Fixed a bug where podman images displayed incorrect output for images pulled by digest #2175
    • Fixed a bug where podman port and podman ps did not properly display ports if the container joined a network namespace from a pod or another container #846
    • Fixed a bug where detaching from a container using the detach keys would cause Podman to hang until the container exited
    • Fixed a bug where podman create --rm did not work with podman start --attach
    • Fixed a bug where invalid named volumes specified in podman create and podman run could cause segfaults #2301
    • Fixed a bug where the runtime field in libpod.conf was being ignored. runtime is legacy and deprecated, but will continue to be respected for the foreseeable future
    • Fixed a bug where podman login would sometimes report it logged in successfully when it did not
    • Fixed a bug where podman pod create would not error on receiving unused CLI argument
    • Fixed a bug where rootless podman run with the --pod argument would fail if the pod was stopped
    • Fixed a bug where podman images did not print a trailing newline when not invoked on a TTY #2388
    • Fixed a bug where the --runtime option was sometimes not overriding libpod.conf
    • Fixed a bug where podman pull and podman runlabel would sometimes exit with 0 when they should have exited with an error #2405
    • Fixed a bug where rootless podman export -o would fail #2381
    • Fixed a bug where read-only volumes would fail in rootless Podman when the volume originated on a filesystem mounted nosuid, nodev, or noexec #2312
    • Fixed a bug where some files used by checkpoint and restore received improper SELinux labels #2334
    • Fixed a bug where Podman's volume path was not properly changed when containers/storage changed location #2395

    Misc

    • Podman migrated to a new, shared memory locking model in this release. As part of this, if you are running Podman with pods or dependency containers (e.g. --net=container:), you should run the podman system renumber command to migrate your containers to the new model - please reference the podman-system-renumber(1) man page for further details
    • Podman migrated to a new command-line parsing library, and the output format of help and usage text has somewhat changed as a result
    • Updated Buildah to v1.7, picking up a number of bugfixes
    • Updated containers/image library to v1.5, picking up a number of bugfixes and performance improvements to pushing images
    • Updated containers/storage library to v1.10, picking up a number of bugfixes
    • Work on the remote Podman client for interacting with Podman remotely over Varlink is progressing steadily, and many image and pod commands are supported
    • Added path masking to mounts with the :z and :Z options, preventing users from accidentally performing an SELinux relabel of their entire home directory
    • The podman container runlabel command will not pull an image if it does not contain the requested label
    • Many commands' usage information now includes examples
    • podman rm can now delete containers in containers/storage, which can be used to resolve some situations where Podman fails to remove a container
    • The podman search command now searches multiple registries in parallel for improved performance
    • The podman build command now defaults --pull-always to true
    • Containers which share a network namespace (for example, when in a pod) will now share /etc/hosts and /etc/resolv.conf between all containers in the pod, causing changes in one container to propagate to all containers sharing their networks
    • The podman rm and podman rmi commands now return 1 (instead of 127) when all specified container or images are missing

    As always, please visit our release notes on GitHub to see the full changelog.

    You can find instructions for installing Podman here

    - + \ No newline at end of file diff --git a/release/2019/03/01/podman-release-v1.1.1.html b/release/2019/03/01/podman-release-v1.1.1.html index 090027361..07486f6de 100644 --- a/release/2019/03/01/podman-release-v1.1.1.html +++ b/release/2019/03/01/podman-release-v1.1.1.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    Podman v1.1.1 Released

    · 3 min read

    podman logo

    Podman has gone 1.1.1!

    After releasing Podman v1.1.0 a number of miscellaneous changes and several bug fixes focusing on command line options and parsing were added.
    All the details follow!

    Changes

    Bugfixes

    • Fixed a bug where podman container restore was erroneously available as podman restore #2191
    • Fixed a bug where the volume_path option in libpod.conf was not being respected
    • Fixed a bug where Podman failed to build when the varlink tag was not present #2459
    • Fixed a bug where the podman image load command was listed twice in help text
    • Fixed a bug where the podman image sign command was also listed as podman sign
    • Fixed a bug where the podman image list command incorrectly had an image alias
    • Fixed a bug where the podman images command incorrectly had ls and list aliases
    • Fixed a bug where the podman image rm command was being displayed as podman image rmi
    • Fixed a bug where the podman create command would attempt to parse arguments meant for the container
    • Fixed a bug where the combination of FIPS mode and user namespaces resulted in permissions errors
    • Fixed a bug where the --time alias for --timeout for the podman restart and podman stop commands did not function
    • Fixed a bug where the default stop timeout for newly-created containers was being set to 0 seconds (resulting in an immediate SIGKILL on running podman stop)
    • Fixed a bug where the output format of podman port was incorrect, printing full container ID instead of truncated ID
    • Fixed a bug where the podman container list command did not exist
    • Fixed a bug where podman build could not build a container from images tagged locally that did not exist in a registry #2469
    • Fixed a bug where some Podman commands that accept no arguments would not error when provided arguments
    • Fixed a bug where podman play kube could not handle cases where a pod and a container shared a name

    Misc

    • Usage text for many commands was greatly improved
    • Major cleanups were made to Podman manpages, ensuring that command lists are accurate
    • Greatly improved debugging output when the newuidmap and newgidmap binaries fail when using rootless Podman
    • The -s alias for the global --storage-driver option has been removed
    • The podman container refresh command has been deprecated, as its intended use case is no longer relevant. The command has been hidden and manpages deleted. It will be removed in a future release
    • The podman container runlabel command will now pull images not available locally even without the --pull option. The --pull option has been deprecated
    • The podman container checkpoint and podman container restore commands are now only available on OCI runtimes where they are supported (e.g. runc)

    As always, please visit our release notes on GitHub to see the full changelog.

    You can find instructions for installing Podman here

    - + \ No newline at end of file diff --git a/release/2019/03/05/podman-release-v1.1.2.html b/release/2019/03/05/podman-release-v1.1.2.html index 7f8cb8b91..22204efa9 100644 --- a/release/2019/03/05/podman-release-v1.1.2.html +++ b/release/2019/03/05/podman-release-v1.1.2.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    Podman v1.1.2 Released

    · One min read

    podman logo

    Podman has gone 1.1.2!

    After releasing Podman v1.1.1 a number of bug fixes focusing on command line options and parsing were added. All the details follow!

    Changes

    Bugfixes

    • Fixed a bug where the podman image list, podman image rm, and podman container list had broken global storage options
    • Fixed a bug where the --label option to podman create and podman run was missing the -l alias
    • Fixed a bug where running Podman with the --config flag would not set an appropriate default value for tmp_dir #2408
    • Fixed a bug where the podman logs command with the --timestamps flag produced unreadable output #2500
    • Fixed a bug where the podman cp command would automatically extract .tar files copied into the container #2509

    Misc

    • The podman container stop command is now usable with the Podman remote client

    As always, please visit our release notes on GitHub to see the full changelog.

    You can find instructions for installing Podman here

    - + \ No newline at end of file diff --git a/release/2019/04/10/podman-release-v1.2.0.html b/release/2019/04/10/podman-release-v1.2.0.html index 29158d48b..a07ffe16d 100644 --- a/release/2019/04/10/podman-release-v1.2.0.html +++ b/release/2019/04/10/podman-release-v1.2.0.html @@ -12,13 +12,13 @@ - +

    Podman v1.2.0 Released

    · 2 min read

    podman logo

    Welcome to Podman 1.2.0!

    Podman 1.2.0 has been released, featuring many exciting new features and fixes for numerous bugs. With 1.2.0, Podman added support for container healthchecks, an events system, and a way to view image layers as a tree. Over 30 bugs were fixed in this new release, including numerous issues with rootless Podman. We also upgraded the version of Buildah driving podman build from v1.7 to v1.7.2, picking up numerous fixes.

    Our new Podman release includes support for container healthchecks. Healthchecks provide additional information on container status, running checks defined by the image or user to verify that the application in a container is working properly. Any containers with healthchecks defined will run them automatically, and their status can be checked with podman inspect. The podman healthcheck run command can also be used to manually trigger a healthcheck.

    Podman also added a new command, podman events, that can be used to view major lifecycle events for containers, pods, and images as they occur. This command and its corresponding Varlink API can be used by tools which wish to check the overall status of the system, or check when a specific container starts or exits. A few example events are shown below:

    2019-04-11 15:49:45.490227772 -0400 EDT container attach 0765d56e25939f66aed5817dd10c5cbc69f177b2b4ef94ec302b8b67475e0a1a (image=quay.io/crio/alpine:latest, name=optimistic_franklin)
    2019-04-11 15:49:45.58978211 -0400 EDT container start 0765d56e25939f66aed5817dd10c5cbc69f177b2b4ef94ec302b8b67475e0a1a (image=quay.io/crio/alpine:latest, name=optimistic_franklin)
    2019-04-11 15:49:45.590526456 -0400 EDT container died 0765d56e25939f66aed5817dd10c5cbc69f177b2b4ef94ec302b8b67475e0a1a (image=quay.io/crio/alpine:latest, name=optimistic_franklin)
    2019-04-11 15:49:46.363842802 -0400 EDT container remove 0765d56e25939f66aed5817dd10c5cbc69f177b2b4ef94ec302b8b67475e0a1a (image=quay.io/crio/alpine:latest, name=optimistic_franklin)

    The podman image tree command was also added. This command will print a tree representation of an image's layers. This can be used to easily identify an image's dependencies. An example with a simple multilayer image is shown below:

    Image ID: 4a3e4f2db0ac
    Tags: [localhost/buildah-ctr:latest localhost/myimage:latest]
    Size: 598.1MB
    Image Layers
    ├── ID: a13f3c019d29 Size: 274.9MB
    ├── ID: 6ae7c90cc44a Size: 323.2MB
    └── ID: 610298fe2990 Size: 1.024kB Top Layer of: [localhost/buildah-ctr:latest localhost/myimage:latest]

    As always, please visit our release notes on GitHub to see the full changelog.

    You can find instructions for installing Podman here

    - + \ No newline at end of file diff --git a/release/2019/05/10/podman-release-v1.3.0.html b/release/2019/05/10/podman-release-v1.3.0.html index 81f40597f..f77a09335 100644 --- a/release/2019/05/10/podman-release-v1.3.0.html +++ b/release/2019/05/10/podman-release-v1.3.0.html @@ -12,13 +12,13 @@ - +

    Podman v1.3.0 Released

    · 2 min read

    podman logo

    Welcome to Podman 1.3.0!

    Podman 1.3.0 has been released! We've focused firmly on stability with 1.3.0, fixing over 25 bugs and making major changes to improve the stability of rootless Podman and Podman volumes. This release also includes a number of new features, including the podman generate systemd command to generate unit files to manage Podman containers, and the --restart flag for podman run and podman create to restart containers on error. We also picked up a fresh version of Buildah, 1.8.2, including numerous fixes and improvements for podman build.

    The biggest new features in Podman 1.3.0 are for managing container restart. The --restart flag allows Podman to restart containers when they exit, and the podman generate systemd command makes unit files so you can leverage systemd to manage container lifecycle. These commands seem very similar, but are very different in practice. The --restart flag is much simpler, but more limited - it restarts containers when they exit, but cannot deal with a system restart or dependencies between containers. If you need access to these more advanced features, podman generate systemd will allow you to manage your containers via systemd, leveraging all of its service management capabilities.

    As always, please visit our release notes on GitHub to see the full changelog.

    You can find instructions for installing Podman here

    - + \ No newline at end of file diff --git a/release/2019/08/14/podman-release-v1.5.0.html b/release/2019/08/14/podman-release-v1.5.0.html index f027ac058..3b7495e01 100644 --- a/release/2019/08/14/podman-release-v1.5.0.html +++ b/release/2019/08/14/podman-release-v1.5.0.html @@ -12,13 +12,13 @@ - +

    Podman v1.5.0 Released

    · 2 min read

    podman logo

    Podman has gone 1.5!

    Podman 1.5.0 has been released! We’ve made major improvements to podman exec, podman generate kube, and rootless containers in this release. Stability has also been a focus, and we’ve fixed over 30 bugs and several performance issues. The new 1.5.0 release is available for Fedora and Ubuntu right now!

    With this new release, Podman has picked up a number of improvements to core container functionality. The podman exec command has been completely reworked, including improved handling for attaching to containers. Expect to see more work on exec in future releases. CGroups have also seen major work, with support for CGroup namespaces via the --cgroupns flag to podman create and podman run, and support for CGroups v2 when using the crun OCI runtime - more details here. The podman generate kube command has also been improved and now includes volumes mounted into containers. Finally, we’ve addressed several memory leaks and other performance issues, and Podman should be much more responsive on systems under high load.

    Rootless containers have also been improved, featuring improved handling for privileged containers and the ability to use container health checks. Podman now has experimental support for running rootless containers with a single UID and GID using the new ignore_chown_errors storage option. This allows Podman to be run without the newuidmap and newgidmap binaries, and removes the need for any elevated privileges to start rootless containers. This approach is more limited (but more secure) than normal rootless containers.

    As always, please visit our release notes on GitHub to see the full changelog.

    You can find instructions for installing Podman here.

    - + \ No newline at end of file diff --git a/release/2020/01/08/podman-release-v1.7.0.html b/release/2020/01/08/podman-release-v1.7.0.html index bed0ce4fc..5c1fe63a3 100644 --- a/release/2020/01/08/podman-release-v1.7.0.html +++ b/release/2020/01/08/podman-release-v1.7.0.html @@ -12,13 +12,13 @@ - +

    Podman v1.7.0 Released

    · 2 min read

    podman logo

    Podman 1.7 has been released!

    Podman v1.7.0 has been released, including many new features and numerous bugfixes. It features improvements to networking, podman play kube, and systemd unit file integration. We’ve also added the podman system reset command, to remove all existing containers, pods, images, and volumes and reset the system to its initial state. Stability has not been neglected, and this release features almost 60 bugfixes, including major fixes for podman rm, podman exec, and volumes.

    This new release features improved support for host networking via the CNI macvlan plugin which allows containers to connect directly to networks the host is connected to. The podman network create command can now create macvlan configs via the --macvlan flag. Containers can also set static MAC addresses. The podman play kube command has also been updated to respect security settings, including user/group, SELinux configuration, and Seccomp profiles. Podman now creates a cgroup namespace by default on systems using cgroups v2, improving container isolation. We’ve made major improvements for running Podman in a systemd service. These changes (and how to use them) are detailed elsewhere in a blog.

    As always, please visit our page on GitHub to see the full changelog.

    You can find instructions for installing Podman here.

    - + \ No newline at end of file diff --git a/release/2020/04/17/podman-release-v1.9.0.html b/release/2020/04/17/podman-release-v1.9.0.html index 4681a916a..5488f9a87 100644 --- a/release/2020/04/17/podman-release-v1.9.0.html +++ b/release/2020/04/17/podman-release-v1.9.0.html @@ -12,13 +12,13 @@ - +

    Podman v1.9.0 Released

    · 2 min read

    podman logo

    Podman 1.9 has been released!

    Podman 1.9.0 has been released, featuring initial support for the new containers.conf configuration file, the ability to dynamically allocate user namespaces, and many improvements to the HTTP API.

    The containers.conf configuration file (documentation here) is the eventual replacement for our old configuration file, libpod.conf. It contains everything that file had, but also a large number of container-specific configuration settings, including the ability to add volume mounts, environment variables, DNS servers, and much more by default in new containers. As support is still in the early stages, we do not presently provide a default containers.conf, but expect to find one in future releases! The containers.conf file is also shared between Podman and Buildah, and sets defaults for both.

    Podman continues to push the boundaries of containers and security. Podman has a new experimental feature to dynamically allocate user namespaces for containers run as root with the --userns=auto flag. This option causes Podman to allocate unique user namespaces for each container it creates, dynamically sized based on the number of UIDs in the image. With this option, it is trivial to run containers in separate user namespaces, greatly improving isolation.

    We expect that Podman 1.9.0 will be the last minor release before Podman 2.0. Podman 2.0 will feature a number of major architectural changes to better support the new HTTP API, and will allow Podman to be used locally, as it is today, or remotely, against a Podman HTTP service, with the same executable. More details here.

    - + \ No newline at end of file diff --git a/release/2020/10/05/podman-release-v2.1.0.html b/release/2020/10/05/podman-release-v2.1.0.html index 688beaa44..bba9dedd2 100644 --- a/release/2020/10/05/podman-release-v2.1.0.html +++ b/release/2020/10/05/podman-release-v2.1.0.html @@ -12,13 +12,13 @@ - +

    Podman v2.1.0 Released

    · 2 min read

    podman logo

    Podman 2.1 has been released!

    Podman v2.1.0 has just been released! This is one of our largest releases ever, and features numerous new features, over 50 bugs fixed, and extensive work on the REST API. Read on for more details!

    Our biggest announcement is that rootless Podman now supports inter-container networking. Previously, it was impossible for rootless Podman containers to communicate directly with each other without using pods. Now, by joining rootless containers to a network, they can communicate with other containers in the same network in the same manner as containers running with full root privileges. This is a major improvement to rootless networking, and addresses one of the largest gaps between running Podman with and without root.

    We’ve also enabled a number of new features for images. Podman can now mount images (read-only) so their contents can be viewed without creating a container based on the image, using the podman image mount command. Additionally, podman save and podman load can now work with archives containing multiple images, instead of only one at a time. Finally, Podman’s pull logic has been reworked to retry pulling images when a pull fails due to network issues.

    The podman play kube command has also been a focus of attention. It now handles many additional options from Kubernetes YAML. These include support for new volume types (mounting sockets into your pods and setting volumes as read-only), setting restart policy for pods, adding entries to /etc/hosts, and many more. These features are available to anyone using podman generate kube as well.

    In addition, there are numerous small improvements. Volume mounts can now use the :O option to be created as overlay mounts - mounts where changes made by the container will not be propagated back to the host. Podman now supports setting the timezone of containers (using the --tz flag). The podman ps command now supports a --storage option which will display all containers on the system, even those not managed by Podman (e.g. Buildah and CRI-O containers).

    - + \ No newline at end of file diff --git a/release/2020/12/14/podman-release-v2.2.0.html b/release/2020/12/14/podman-release-v2.2.0.html index 17c3ace32..42ae04b96 100644 --- a/release/2020/12/14/podman-release-v2.2.0.html +++ b/release/2020/12/14/podman-release-v2.2.0.html @@ -12,13 +12,13 @@ - +

    Podman v2.2.0 Released

    · 2 min read

    podman logo

    Podman 2.2 has been released!

    Podman v2.2.0 has been released! Featuring numerous new features and over 80 bugfixes, the new Podman offers a number of often-requested features and improved stability. Read on for more details!

    Some of our most exciting new features include support for network aliases and the network connect and network disconnect commands. Network aliases are additional names that containers can be accessed through when using DNS. The network connect and network disconnect commands allow running containers to be added to and removed from networks. These have been frequent requests from users, and significantly improve our compatibility with Docker in networking.

    Podman 2.2 also comes with initial support for short name aliasing. This feature, explained more fully here, enhances the security of short names in the podman pull and podman run commands (e.g. podman pull ubi8) by ensuring that that the image we pull is actually the image the user wanted. This feature is purely opt-in for now but will be enabled by default in Podman 3.0.

    The podman generate kube and podman play kube commands also saw numerous improvements, most of which were provided by the community. Both generate kube and play kube now support resource limits for containers. We’ve also gained support for Kubernetes’ persistent volume claims and configmaps in podman play kube. We now offer increased control over the containers created by play kube as well, with a --start option (defaulting to true) controlling whether they are started immediately after being created, and the ability to set what log driver they use to improve the ability of podman play kube to integrate with systemd unit files.

    We’ve also added several other improvements. The --mount option to podman create and podman run can now mount a container image into a container using the type=image argument. Additionally, the podman inspect command now works with more objects (networks, pods, and volumes) instead of just containers and images. Finally, more Podman commands (podman mount, podman diff, podman container exists) can now work with Buildah and CRI-O containers, in addition to Podman containers.

    Numerous bug fixes to APIV2 to better support docker-compose and docker-py.

    - + \ No newline at end of file diff --git a/release/2021/02/11/podman-release-v3.0.0.html b/release/2021/02/11/podman-release-v3.0.0.html index 76ce2ddf9..d507b2ed5 100644 --- a/release/2021/02/11/podman-release-v3.0.0.html +++ b/release/2021/02/11/podman-release-v3.0.0.html @@ -12,13 +12,13 @@ - +

    Podman v3.0.0 Released

    · 3 min read

    podman logo

    Podman 3.0 has been released!

    This new major release features several exciting new features, including support for Docker Compose, improved security around image pulls by short name, improved networking support, and over 100 bug fixes. Podman v3.0 also features numerous improvements to our REST API and the Podman remote client.

    The headlining feature of Podman 3.0 is the addition of support for Docker Compose which can now run against the Podman REST API. There are no changes needed as Compose won’t even realize it’s using Podman. Compose is only supported when running Podman as root; we aim to support it with rootless Podman in a future release.

    Podman 3.0 also enables secure short name aliasing by default, a feature that debuted in experimental form in Podman 2.2. With short name aliasing enabled, every time a user-facing Podman process pulls an image by a short name for the first time (e.g. podman pull fedora), it will prompt to ask the user where they want to pull from. This removes several potential ways an attacker could manipulate where an image was pulled from to cause Podman to pull a malicious image.

    Podman networking has seen numerous fixes as part of Podman 3.0. We have added a new command, podman network reload, which recreates firewall rules for Podman containers. Previously, reloading the system firewall would render all containers running as root unusable until they were restarted; podman network reload fixes this. Networks created by podman network create also now support labels, and the podman network ls command can filter using these labels.

    Podman v3.0 includes the latest version of Buildah along with updates to our other container libraries. Buildah 1.19.2 includes many new features and fixes, including improved support for building multi-platform container images.

    Podman v3.0 also includes a fix for CVE-2021-20199. This is a security issue where rootless Podman would rewrite the source address on traffic from published ports to 127.0.0.1, which could cause an authentication bypass on certain images. We strongly suggest upgrading if you use rootless Podman.

    As part of 3.0, Podman has dropped support for the legacy Varlink API, which we deprecated in Podman 2.0. We recommend all users of the Varlink API upgrade to the new REST API.

    Dozens of other features, changes, and bug fixes are all included to improve stability, performance, and compatibility. These include numerous additional commands and options as well as API changes and fixes. You can read more here.

    - + \ No newline at end of file diff --git a/release/2021/04/02/podman-release-v3.1.0.html b/release/2021/04/02/podman-release-v3.1.0.html index 884a75819..be861c021 100644 --- a/release/2021/04/02/podman-release-v3.1.0.html +++ b/release/2021/04/02/podman-release-v3.1.0.html @@ -12,13 +12,13 @@ - +

    Podman v3.1.0 Released

    · 2 min read

    podman logo

    Podman 3.1 has been released!

    The new Podman release includes a number of exciting new features, including the podman secret command for managing secrets, support for a volume chown option to fix permissions automatically, improved support for volumes in podman generate kube, and over 60 bug fixes, many to the HTTP API. Read on for more details!

    Secrets support has been a frequent request for Podman, and 3.1.0 features the first step toward fulfilling it. Secrets add a way to easily add confidential data into containers, by having Podman-managed secret files, which can easily be added to containers. We have added a suite of new commands - podman secret create, podman secret ls, podman secret inspect, and podman secret rm - to manage these secrets, and a --secret flag to podman create and podman run to mount secrets into containers. Please note that the initial implementation of secrets does not encrypt secrets at rest - look for this in an upcoming release.

    Podman can now automatically change volume ownership to match the user a container is running as. The new :U mount option for volumes made with the -v flag to podman create and podman run will chown paths mounted into containers to ensure that the user in the container can access the volume. This is very useful with rootless containers, where the rootless user namespace can make it difficult to tell what user on the container will access a directory.

    The podman generate kube command can now generate PersistentVolumeClaim volumes for Podman named volumes attached to containers. These have been supported in podman play kube since v2.2.0, but until now, Podman has not been able to create YAML with these volumes. This important addition restores symmetry between generate kube and play kube.

    This release also includes numerous other changes, features, and fixes. Find out more in the release notes.

    - + \ No newline at end of file diff --git a/release/2021/08/31/podman-release-v3.3.0.html b/release/2021/08/31/podman-release-v3.3.0.html index c6a546c3f..9852cf018 100644 --- a/release/2021/08/31/podman-release-v3.3.0.html +++ b/release/2021/08/31/podman-release-v3.3.0.html @@ -12,13 +12,13 @@ - +

    Podman v3.3.0 Released

    · 2 min read

    podman logo

    Podman 3.3 has been released!

    A new Podman release is available, featuring a number of exciting new features, including improved support for running Podman on OS X, support for restarting containers after a system restart, improved support for checkpointing and restoring containers, and 60 bug fixes and stability improvements. Read on for more details!

    Podman’s support for running on non-Linux operating systems via the podman machine command continues to improve in v3.3.0. When containers are run inside a virtual machine created by podman machine, port forwarding from the host to the container is now supported - that is, a container that forwards port 8080 on the host to port 80 in the container will now be accessible not just from port 8080 in the Podman-managed virtual machine, but also from port 8080 on the host system. Stability also continues to improve, with many fixes being made to both podman machine itself and the remote Podman client.

    Podman now supports restarting containers created with the --restart option after the system is rebooted. Containers created with --restart=always can be automatically started when the system boots if the podman-restart.service systemd unit is enabled. Our main focus continues to be on managing containers directly with systemd via podman generate systemd, which has always allowed containers to be automatically started after boot and provides greater flexibility than the --restart option, but the addition of podman-restart.service will be useful for those seeking improved compatibility with Docker. The podman generate systemd command also saw several improvements, and will not default to using SDNotify instead of PID files, producing smaller and easier-to-understand unit files.

    Support for checkpoint and restoring containers has seen several new additions, most notably the ability to checkpoint and restore containers that are part of pods. Additionally, when restoring containers, you can now alter what ports the container publishes via the --publish option. Together, these greatly increase the flexibility of checkpoint and restore.

    This release also includes numerous other changes, features, and fixes. Find out more in the release notes.

    - + \ No newline at end of file diff --git a/release/2022/02/22/podman-release-v4.0.0.html b/release/2022/02/22/podman-release-v4.0.0.html index 89a95ded8..310d607d4 100644 --- a/release/2022/02/22/podman-release-v4.0.0.html +++ b/release/2022/02/22/podman-release-v4.0.0.html @@ -12,13 +12,13 @@ - +

    Podman v4.0.0 Released

    · 2 min read

    podman logo

    Podman v4.0 has been released!

    Podman v4.0.0, a brand-new major release, is now available. Podman 4.0 is one of our most significant releases ever, featuring over 60 new features. Headlining this release is a complete rewrite of the network stack for improved functionality and performance, but there are numerous other changes, including improvements to Podman’s Mac and Windows support, improvements to pods, over 50 bug fixes, and much, much more!

    Podman now features support for a new network stack based on Netavark and Aardvark, in addition to the existing CNI stack. The new stack features improved support for containers in multiple networks, improved IPv6 support, and improved performance. To ensure that we don’t break existing users, the old CNI stack will remain the default on existing installations, while new installs will use Netavark. We’re planning an in-depth dive into the networking changes in a future blog, so look forward to more details there!

    Support for Podman on Windows and OS X has also been a top priority, and we have made several major improvements for Podman 4.0. Chief among them is support for mounting the Podman API socket on the host system, allowing tools like Docker Compose to be used on the host system instead of inside the podman machine VM. Also, podman machine can now use WSL2 as a backend on Windows, greatly improving Podman’s support for Windows. More features, including support for volume mounts from the host, are planned for Podman v4.1, so stay tuned for more updates.

    Podman Pods have seen numerous new features added to allow sharing resources between containers in the pod. The --volume and --device options to the podman pod create command allows volumes and devices to be mounted to every container in the pod, and the --security-opt and --sysctl options allow these configurations to be set for every container in the pod. Again, these changes are just the beginning of what we have planned - eventually, we aim to have almost every option from podman run available to pods to allow easy sharing of configuration options among containers within them.

    These changes are just the tip of the iceberg - there’s far more packed into this release, including major updates to checkpoint and restore, improvements to podman generate systemd and podman play kube, and so much more. Find out more in the release notes.

    - + \ No newline at end of file diff --git a/release/2022/05/09/podman-release-v4.1.0.html b/release/2022/05/09/podman-release-v4.1.0.html index e895284fd..d342516d6 100644 --- a/release/2022/05/09/podman-release-v4.1.0.html +++ b/release/2022/05/09/podman-release-v4.1.0.html @@ -12,13 +12,13 @@ - +

    Podman v4.1.0 Released

    · 3 min read

    podman logo

    Podman v4.1 has been released!

    The new Podman v4.1.0 release is now available. This release is all about new features, with some of the most exciting being improved support for running on Mac and Windows, and adding support for Docker Compose v2.0. These are just the beginning, though, as this release also includes the ability to clone containers, significant improvements to checkpointing, and over 25 bug fixes. Read on for more details!

    Podman’s support for running on Mac and Windows via podman machine has seen a number of major improvements, chief among them support for mounting the host machine’s home directory into the podman machine VMs by default. Also, on Windows, you can now refer to arbitrary Windows drive paths in your volume mount expressions. This allows containers run by Podman to use mounts from the host, an often-requested feature. Additionally, we’ve added a podman machine inspect command to inspect existing VMs, and support for modifying the CPU, memory, and disk limits of existing VMs using the podman machine set command. Support for non-Linux operating systems continues to be one of our main focuses, and we’re committed to improving our user experience here - stay tuned for more details!

    Podman v4.1 is also our first release to support Docker Compose v2.2.0 and up. Since our v3.0 release over a year ago, Podman has supported Compose v1, but the rewritten Compose v2 required further work in Podman to support. Please note that it may be necessary to disable the use of the BuildKit API by setting the environment variable DOCKER_BUILDKIT=0; we’re looking into improving our Buildkit support in the future, so this is not necessary.

    There are numerous other changes and improvements to all parts of Podman packed into this release. We’ve added several new commands, including podman volume mount and podman volume unmount (to allow easy copying of files to and from volumes without using them in a container) and podman container clone (creates a copy of an existing container, with the ability to change many settings while doing so). Checkpoint and restore have seen a major improvement with the ability to store checkpoints as OCI images, allowing them to be distributed via container registries. Finally, Podman has gone on a diet - we set out to reduce or eliminate many of our dependencies and managed to reduce our binary size by 8MB shaving off 15% of the original binary size. There are many more changes - too many to list all of them here - so be sure to check out the release notes!

    - + \ No newline at end of file diff --git a/release/2022/08/17/podman-release-v4.2.0.html b/release/2022/08/17/podman-release-v4.2.0.html index 0a6314da3..4041721a2 100644 --- a/release/2022/08/17/podman-release-v4.2.0.html +++ b/release/2022/08/17/podman-release-v4.2.0.html @@ -12,14 +12,14 @@ - +

    Podman v4.2.0 Released

    · 3 min read

    podman logo

    Podman v4.2.0 has been released!

    Podman 4.2.0, our latest release, is now available. Featuring dozens of new features, including support for the GitLab Runner, significant improvements to podman play kube, and pods in general. We’ve also been working on running Podman on Mac and Windows, with a number of major bug fixes and several new features for podman machine landing. We are also happy to announce an early release of Podman Desktop, a GUI tool for Podman. Read on for more details!

    Our new release now supports being used with the GitLab Runner as part of GitLab CI platforms, using the Docker executor. This has been the culmination of months of effort, and required squashing a number of bugs in our REST API. GitLab Runner has been a much-requested feature, and we’re eager to see what users do with it!

    As part of the 4.2.0 release, we have made many changes to both Podman pods and the podman play kube command. Pods now have early support for resource limits, allowing CPU and memory use for a pod to be limited. All containers in the pod will share this limit but can still set their own limits. Pods can also be cloned now via the new podman pod clone command. Support for YAML in play kube has also been improved, with additional support for security context settings and the ability to use BlockDevice and CharDevice volumes.

    systemd integration with podman play kube has been introduced. Pods launched by podman play kube can be managed by systemd, using the new podman-kube@.service service - e.g. systemctl --user start podman-play-kube@$(systemd-escape my.yaml).service will run the my.yaml file managed by systemd.

    Several other features and changes also landed in Podman v4.2.0. Early support for Sigstore signatures is now available in podman push and podman manifest push - expect more in this area in the future as we further integrate Sigstore and Podman. Podman networks can now be isolated (preventing traffic from being sent to other Podman-managed networks) with the --opt isolate= option to podman network create.

    These are just a few of the 40 new features and 50 bug fixes included in Podman 4.2.0. Be sure to check out the release notes for more details!

    Along with the release of Podman 4.2.0, a new version of Podman Desktop is available. If you are not yet aware of Podman Desktop, it’s a new project under the container organization to help developers work with containers in their local environment with a desktop UI. Podman Desktop is still in its early days. Still, it already provides capabilities to list your images, interact with containers (access logs, get a terminal), connect to registries (pull private images, push your images) and configure podman settings (proxies). An early adopter program has also been set up. Feel free to sign up if you are interested in testing Podman Desktop, providing feedback, and speaking about your ideas, experiences, and pain points! If you are interested in contributing to the tool, your help would also be appreciated. Feel free to investigate the project’s Github.

    - + \ No newline at end of file diff --git a/release/2022/09/28/updated-1.2.0.html b/release/2022/09/28/updated-1.2.0.html index 008241fad..c63b3b607 100644 --- a/release/2022/09/28/updated-1.2.0.html +++ b/release/2022/09/28/updated-1.2.0.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    Netavark and Aardvark-dns 1.2.0 released

    · One min read

    Netavark and Aardvark-dns v1.2.0 has been released!

    The underlying network components for Podman have been updated. This consists of two projects:

    • Netavark - network configuration tool for Podman
    • Aardvark-dns - container domain name resolution server for Podman containers

    Release v1.2.0 resolves a handful of edge case bugs that were found and reported. In addition, many of the libraries used by the projects were updated.

    - + \ No newline at end of file diff --git a/release/2022/10/22/podman-release-v4.3.0.html b/release/2022/10/22/podman-release-v4.3.0.html index 6ec4ee9db..01c57894f 100644 --- a/release/2022/10/22/podman-release-v4.3.0.html +++ b/release/2022/10/22/podman-release-v4.3.0.html @@ -12,13 +12,13 @@ - +

    Podman v4.3.0 Released

    · 3 min read

    podman logo

    Podman 4.3.0 is now available! There’s a lot to be excited about, including numerous new features, over 30 bug fixes, and many other improvements. A major focus of 4.3 has been on improving Docker compatibility, including the addition of many missing options and aliases to Podman’s command line to further our efforts to make transitioning to Podman a seamless change. Podman’s integration with Kubernetes has also seen many improvements, including improved integration with systemd and support for automatic updates. Read on for more details and these changes and more!

    The Podman team made improved compatibility with Docker a priority for Podman 4.3. We audited Podman’s commands against the Docker command line tool to identify missing and unsupported options and then set to work adding and fixing differences. As part of these, we added a dozen new options to various Podman commands, with many of these being missing aliases for existing options. A new set of commands, podman context, have been added for compatibility with docker context. These are also aliases (for podman system connection commands), and will usually be hidden as they are only required for scripts originally written to use Docker. We have also removed a known incompatibility with Docker in Podman’s volume handling. Docker compatibility remains a focus for Podman, and we will continue our efforts to make migrating to Podman effortless.

    Podman’s Kubernetes integration also saw numerous changes, the biggest of which is the creation of the podman kube command. Previously, Kubernetes YAML was generated with podman generate kube and ran with podman play kube, but users found this confusing - it wasn’t immediately obvious from podman help that the commands existed. By moving the commands to podman kube generate and podman kube play and introducing a new command to tear down pods (podman kube down), we consolidated all Kubernetes commands in one easy-to-find place. The podman generate kube, and podman play kube commands will continue to work, but the new podman kube commands will be preferred.

    Of course, we didn’t stop at just renaming commands. We’ve made a number of further additions to podman kube play, most notably improved systemd integration. In Podman 4.2, we added podman-kube@.service to allow pods created with podman kube play to be managed with systemd. With Podman 4.3, we’ve improved this in two significant ways. First, pods using podman-kube@.service can now use sdnotify to verify to systemd that they have started. This laid the groundwork for the following major change: Pods from podman-kube@.service now support Podman’s auto-updated mechanism, enabled using an annotation (io.containers.auto-update). Furthermore, we made several improvements to podman kube play, including support for emptyDir volumes, support for user namespaces via HostUsers, and support for binary data in ConfigMaps.

    These are just a few of the over 30 features and bug fixes included in Podman 4.3.0. Be sure to check out the release notes for more details!

    - + \ No newline at end of file diff --git a/release/archive.html b/release/archive.html index cd1622bb9..2352c5406 100644 --- a/release/archive.html +++ b/release/archive.html @@ -12,13 +12,13 @@ - +
    - + \ No newline at end of file diff --git a/release/page/2.html b/release/page/2.html index 591385aec..3b9c09efe 100644 --- a/release/page/2.html +++ b/release/page/2.html @@ -12,7 +12,7 @@ - + @@ -26,7 +26,7 @@ rootless Podman, adding short options to some of the existing command options, added --all-tags to the the pull command, further changes for rootless containers and more. All the details follow!

    Changes

    Features

    • Added --latest and --all flags to podman mount and podman umount
    • Rootless Podman can now forward ports into containers (using the same -p and -P flags as root Podman)
    • Rootless Podman will now pull some configuration options (for example, OCI runtime path) from the default root libpod.conf if they are not explicitly set in the user's own libpod.conf #2174
    • Added an alias -f for the --format flag of the podman info and podman version commands
    • Added an alias -s for the --size flag of the podman inspect command
    • Added the podman system info and podman system prune commands
    • Added the podman cp command to copy files between containers and the host #613
    • Added the --password-stdin flag to podman login
    • Added the --all-tags flag to podman pull
    • The --rm and --detach flags can now be used together with podman run
    • The podman start and podman run commands for containers in pods will now start dependency containers if they are stopped
    • Added the podman system renumber command to handle lock changes
    • The --net=host and --dns flags for podman run and podman create no longer conflict
    • Podman now handles mounting the shared /etc/resolv.conf from network namespaces created by ip netns add when they are passed in via podman run --net=ns:

    Bugfixes

    • Fixed a bug with podman inspect where different information would be returned when the container was running versus when it was stopped
    • Fixed a bug where errors in Go templates passed to podman inspect were silently ignored instead of reported to the user #2159
    • Fixed a bug where rootless Podman with --pid=host containers was incorrectly masking paths in /proc
    • Fixed a bug where full errors starting rootless Podman were not reported when a refresh was requested
    • Fixed a bug where Podman would override the config file-specified storage driver with the driver the backing database was created with without warning users
    • Fixed a bug where podman prune would prune all images not in use by a container, as opposed to only untagged images, by default #2192
    • Fixed a bug where podman create --quiet and podman run --quiet were not properly suppressing output
    • Fixed a bug where the table keyword in Go template output of podman ps was not working #2221
    • Fixed a bug where podman inspect on images pulled by digest would double-print @sha256 in output when printing digests #2086
    • Fixed a bug where podman container runlabel will return a non-0 exit code if the label does not exist
    • Fixed a bug where container state was always reset to Created after a reboot #1703
    • Fixed a bug where /dev/pts was unconditionally overridden in rootless Podman, which was unnecessary except in very specific cases
    • Fixed a bug where Podman run as root was ignoring some options in /etc/containers/storage.conf #2217
    • Fixed a bug where Podman cleanup processes were not being given the proper OCI runtime path if a custom one was specified
    • Fixed a bug where podman images --filter dangling=true would crash if no dangling images were present #2246
    • Fixed a bug where podman ps --format {% raw %}"{{.Mounts}}"{% endraw %} would not display a container's mounts #2238
    • Fixed a bug where podman pod stats was ignoring Go templates specified by --format #2258
    • Fixed a bug where podman generate kube would fail on containers with --user specified #2304
    • Fixed a bug where podman images displayed incorrect output for images pulled by digest #2175
    • Fixed a bug where podman port and podman ps did not properly display ports if the container joined a network namespace from a pod or another container #846
    • Fixed a bug where detaching from a container using the detach keys would cause Podman to hang until the container exited
    • Fixed a bug where podman create --rm did not work with podman start --attach
    • Fixed a bug where invalid named volumes specified in podman create and podman run could cause segfaults #2301
    • Fixed a bug where the runtime field in libpod.conf was being ignored. runtime is legacy and deprecated, but will continue to be respected for the foreseeable future
    • Fixed a bug where podman login would sometimes report it logged in successfully when it did not
    • Fixed a bug where podman pod create would not error on receiving unused CLI argument
    • Fixed a bug where rootless podman run with the --pod argument would fail if the pod was stopped
    • Fixed a bug where podman images did not print a trailing newline when not invoked on a TTY #2388
    • Fixed a bug where the --runtime option was sometimes not overriding libpod.conf
    • Fixed a bug where podman pull and podman runlabel would sometimes exit with 0 when they should have exited with an error #2405
    • Fixed a bug where rootless podman export -o would fail #2381
    • Fixed a bug where read-only volumes would fail in rootless Podman when the volume originated on a filesystem mounted nosuid, nodev, or noexec #2312
    • Fixed a bug where some files used by checkpoint and restore received improper SELinux labels #2334
    • Fixed a bug where Podman's volume path was not properly changed when containers/storage changed location #2395

    Misc

    • Podman migrated to a new, shared memory locking model in this release. As part of this, if you are running Podman with pods or dependency containers (e.g. --net=container:), you should run the podman system renumber command to migrate your containers to the new model - please reference the podman-system-renumber(1) man page for further details
    • Podman migrated to a new command-line parsing library, and the output format of help and usage text has somewhat changed as a result
    • Updated Buildah to v1.7, picking up a number of bugfixes
    • Updated containers/image library to v1.5, picking up a number of bugfixes and performance improvements to pushing images
    • Updated containers/storage library to v1.10, picking up a number of bugfixes
    • Work on the remote Podman client for interacting with Podman remotely over Varlink is progressing steadily, and many image and pod commands are supported
    • Added path masking to mounts with the :z and :Z options, preventing users from accidentally performing an SELinux relabel of their entire home directory
    • The podman container runlabel command will not pull an image if it does not contain the requested label
    • Many commands' usage information now includes examples
    • podman rm can now delete containers in containers/storage, which can be used to resolve some situations where Podman fails to remove a container
    • The podman search command now searches multiple registries in parallel for improved performance
    • The podman build command now defaults --pull-always to true
    • Containers which share a network namespace (for example, when in a pod) will now share /etc/hosts and /etc/resolv.conf between all containers in the pod, causing changes in one container to propagate to all containers sharing their networks
    • The podman rm and podman rmi commands now return 1 (instead of 127) when all specified container or images are missing

    As always, please visit our release notes on GitHub to see the full changelog.

    You can find instructions for installing Podman here

    · 3 min read

    podman logo

    Podman has gone 1.0!

    Our original goal with Podman was to provide a fully-featured debugging experience for CRI-O, but it has become so much more. Podman 1.0.0 is a fully-featured container engine. It provides a Docker-compatible command line to ease the transition from other container engines. Most Podman commands can be run as a regular user, without requiring additional privileges. Furthermore, all of this is accomplished without a daemon!

    · 2 min read

    podman logo

    Podman Release 0.12.1.1

    We're happy to announce the availability of Podman 0.12.1.1, our latest version. We've been very busy over the last month, and it shows! We've merged over 150 new commits since our 0.11 releases, including major new functionality and several critical bugfixes. Pods, Kubernetes compatibility, and container volumes all saw major improvements.

    We hope everyone enjoys the release, and stays with us in the future as Podman gets closer to 1.0. As always, many thanks to everyone who contributed to this release!

    - + \ No newline at end of file diff --git a/release/page/3.html b/release/page/3.html index 5bd7dcb66..2b075ed71 100644 --- a/release/page/3.html +++ b/release/page/3.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    · 2 min read

    podman logo

    Podman release 0.8.3

    Our release this week was very smooth. It seems like between CI infrastructure stability, last minute pull requests, and sometimes just plain bad luck, something always gives us trouble on Friday’s. The Fedora packages are created and I see that they are getting their karma and working through the process already.

    By the way, we moved! Our new upstream location is https://github.com/containers/podman. It seems to be a more natural fit for our project and more closely associates us with some of our sister projects.

    · 2 min read

    podman logo

    Podman release 0.7.2

    As most weeks are, this was fast and furious. You will see hand fulls of significant features below that have been added to podman this week. All of it is awesome work from the core team and its contributors. There were also two interesting features that users will be interested in: the ability to create a container with multiple networks and the podman remote client.

    · 2 min read

    podman logo

    Podman release 0.7.1

    Last week was a busy holiday week here in the United States, but we still managed a nice release full of interesting merges.

    Many of the significant merges are going to be less than noticeable to users. A lot of updated vendor code was added as well as the removal of unused functions due to cgroups and platform changes.

    · 3 min read

    podman logo

    Podman release 0.6.4

    This afternoon we were able to overcome some last minute bugs and release a new Podman. The packages are building in Fedora and will work their way through Fedora’s bodhi system. For giggles, I looked at the number of individual contributors this week and was glad to see the number at 10.

    Mainly bugfixes this week, one big one was that we do a better job cleaning up containers that run in the back ground.

    · 2 min read

    podman logo

    Podman release 0.6.1

    It seems that when we have a short work week here in the US, we have rather large releases. To me, that flies in the face of logic. Speaking of which, one particular milestone was reached this week … We had our 1000th commit in Podman!

    That is particularly special, because prior to this repository, all libpod work was being done within the CRI-O repository. So the 1000 commits is in actuality since we broke apart from CRI-O. I want to recognize all the contributors who have been helping us along way. Great job! ##Other notable items in the release:

    - + \ No newline at end of file diff --git a/release/tags.html b/release/tags.html index a62a25136..a25b4bd73 100644 --- a/release/tags.html +++ b/release/tags.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/release/tags/community.html b/release/tags/community.html index 6480e15e8..d597df0c5 100644 --- a/release/tags/community.html +++ b/release/tags/community.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    26 posts tagged with "community"

    View All Tags

    · 3 min read

    podman logo

    Podman 4.3.0 is now available! There’s a lot to be excited about, including numerous new features, over 30 bug fixes, and many other improvements. A major focus of 4.3 has been on improving Docker compatibility, including the addition of many missing options and aliases to Podman’s command line to further our efforts to make transitioning to Podman a seamless change. Podman’s integration with Kubernetes has also seen many improvements, including improved integration with systemd and support for automatic updates. Read on for more details and these changes and more!

    The Podman team made improved compatibility with Docker a priority for Podman 4.3. We audited Podman’s commands against the Docker command line tool to identify missing and unsupported options and then set to work adding and fixing differences. As part of these, we added a dozen new options to various Podman commands, with many of these being missing aliases for existing options. A new set of commands, podman context, have been added for compatibility with docker context. These are also aliases (for podman system connection commands), and will usually be hidden as they are only required for scripts originally written to use Docker. We have also removed a known incompatibility with Docker in Podman’s volume handling. Docker compatibility remains a focus for Podman, and we will continue our efforts to make migrating to Podman effortless.

    Podman’s Kubernetes integration also saw numerous changes, the biggest of which is the creation of the podman kube command. Previously, Kubernetes YAML was generated with podman generate kube and ran with podman play kube, but users found this confusing - it wasn’t immediately obvious from podman help that the commands existed. By moving the commands to podman kube generate and podman kube play and introducing a new command to tear down pods (podman kube down), we consolidated all Kubernetes commands in one easy-to-find place. The podman generate kube, and podman play kube commands will continue to work, but the new podman kube commands will be preferred.

    Of course, we didn’t stop at just renaming commands. We’ve made a number of further additions to podman kube play, most notably improved systemd integration. In Podman 4.2, we added podman-kube@.service to allow pods created with podman kube play to be managed with systemd. With Podman 4.3, we’ve improved this in two significant ways. First, pods using podman-kube@.service can now use sdnotify to verify to systemd that they have started. This laid the groundwork for the following major change: Pods from podman-kube@.service now support Podman’s auto-updated mechanism, enabled using an annotation (io.containers.auto-update). Furthermore, we made several improvements to podman kube play, including support for emptyDir volumes, support for user namespaces via HostUsers, and support for binary data in ConfigMaps.

    These are just a few of the over 30 features and bug fixes included in Podman 4.3.0. Be sure to check out the release notes for more details!

    · 3 min read

    podman logo

    Podman v4.2.0 has been released!

    Podman 4.2.0, our latest release, is now available. Featuring dozens of new features, including support for the GitLab Runner, significant improvements to podman play kube, and pods in general. We’ve also been working on running Podman on Mac and Windows, with a number of major bug fixes and several new features for podman machine landing. We are also happy to announce an early release of Podman Desktop, a GUI tool for Podman. Read on for more details!

    Our new release now supports being used with the GitLab Runner as part of GitLab CI platforms, using the Docker executor. This has been the culmination of months of effort, and required squashing a number of bugs in our REST API. GitLab Runner has been a much-requested feature, and we’re eager to see what users do with it!

    As part of the 4.2.0 release, we have made many changes to both Podman pods and the podman play kube command. Pods now have early support for resource limits, allowing CPU and memory use for a pod to be limited. All containers in the pod will share this limit but can still set their own limits. Pods can also be cloned now via the new podman pod clone command. Support for YAML in play kube has also been improved, with additional support for security context settings and the ability to use BlockDevice and CharDevice volumes.

    systemd integration with podman play kube has been introduced. Pods launched by podman play kube can be managed by systemd, using the new podman-kube@.service service - e.g. systemctl --user start podman-play-kube@$(systemd-escape my.yaml).service will run the my.yaml file managed by systemd.

    Several other features and changes also landed in Podman v4.2.0. Early support for Sigstore signatures is now available in podman push and podman manifest push - expect more in this area in the future as we further integrate Sigstore and Podman. Podman networks can now be isolated (preventing traffic from being sent to other Podman-managed networks) with the --opt isolate= option to podman network create.

    These are just a few of the 40 new features and 50 bug fixes included in Podman 4.2.0. Be sure to check out the release notes for more details!

    Along with the release of Podman 4.2.0, a new version of Podman Desktop is available. If you are not yet aware of Podman Desktop, it’s a new project under the container organization to help developers work with containers in their local environment with a desktop UI. Podman Desktop is still in its early days. Still, it already provides capabilities to list your images, interact with containers (access logs, get a terminal), connect to registries (pull private images, push your images) and configure podman settings (proxies). An early adopter program has also been set up. Feel free to sign up if you are interested in testing Podman Desktop, providing feedback, and speaking about your ideas, experiences, and pain points! If you are interested in contributing to the tool, your help would also be appreciated. Feel free to investigate the project’s Github.

    · 3 min read

    podman logo

    Podman v4.1 has been released!

    The new Podman v4.1.0 release is now available. This release is all about new features, with some of the most exciting being improved support for running on Mac and Windows, and adding support for Docker Compose v2.0. These are just the beginning, though, as this release also includes the ability to clone containers, significant improvements to checkpointing, and over 25 bug fixes. Read on for more details!

    Podman’s support for running on Mac and Windows via podman machine has seen a number of major improvements, chief among them support for mounting the host machine’s home directory into the podman machine VMs by default. Also, on Windows, you can now refer to arbitrary Windows drive paths in your volume mount expressions. This allows containers run by Podman to use mounts from the host, an often-requested feature. Additionally, we’ve added a podman machine inspect command to inspect existing VMs, and support for modifying the CPU, memory, and disk limits of existing VMs using the podman machine set command. Support for non-Linux operating systems continues to be one of our main focuses, and we’re committed to improving our user experience here - stay tuned for more details!

    Podman v4.1 is also our first release to support Docker Compose v2.2.0 and up. Since our v3.0 release over a year ago, Podman has supported Compose v1, but the rewritten Compose v2 required further work in Podman to support. Please note that it may be necessary to disable the use of the BuildKit API by setting the environment variable DOCKER_BUILDKIT=0; we’re looking into improving our Buildkit support in the future, so this is not necessary.

    There are numerous other changes and improvements to all parts of Podman packed into this release. We’ve added several new commands, including podman volume mount and podman volume unmount (to allow easy copying of files to and from volumes without using them in a container) and podman container clone (creates a copy of an existing container, with the ability to change many settings while doing so). Checkpoint and restore have seen a major improvement with the ability to store checkpoints as OCI images, allowing them to be distributed via container registries. Finally, Podman has gone on a diet - we set out to reduce or eliminate many of our dependencies and managed to reduce our binary size by 8MB shaving off 15% of the original binary size. There are many more changes - too many to list all of them here - so be sure to check out the release notes!

    · 2 min read

    podman logo

    Podman v4.0 has been released!

    Podman v4.0.0, a brand-new major release, is now available. Podman 4.0 is one of our most significant releases ever, featuring over 60 new features. Headlining this release is a complete rewrite of the network stack for improved functionality and performance, but there are numerous other changes, including improvements to Podman’s Mac and Windows support, improvements to pods, over 50 bug fixes, and much, much more!

    Podman now features support for a new network stack based on Netavark and Aardvark, in addition to the existing CNI stack. The new stack features improved support for containers in multiple networks, improved IPv6 support, and improved performance. To ensure that we don’t break existing users, the old CNI stack will remain the default on existing installations, while new installs will use Netavark. We’re planning an in-depth dive into the networking changes in a future blog, so look forward to more details there!

    Support for Podman on Windows and OS X has also been a top priority, and we have made several major improvements for Podman 4.0. Chief among them is support for mounting the Podman API socket on the host system, allowing tools like Docker Compose to be used on the host system instead of inside the podman machine VM. Also, podman machine can now use WSL2 as a backend on Windows, greatly improving Podman’s support for Windows. More features, including support for volume mounts from the host, are planned for Podman v4.1, so stay tuned for more updates.

    Podman Pods have seen numerous new features added to allow sharing resources between containers in the pod. The --volume and --device options to the podman pod create command allows volumes and devices to be mounted to every container in the pod, and the --security-opt and --sysctl options allow these configurations to be set for every container in the pod. Again, these changes are just the beginning of what we have planned - eventually, we aim to have almost every option from podman run available to pods to allow easy sharing of configuration options among containers within them.

    These changes are just the tip of the iceberg - there’s far more packed into this release, including major updates to checkpoint and restore, improvements to podman generate systemd and podman play kube, and so much more. Find out more in the release notes.

    · 2 min read

    podman logo

    Podman 3.3 has been released!

    A new Podman release is available, featuring a number of exciting new features, including improved support for running Podman on OS X, support for restarting containers after a system restart, improved support for checkpointing and restoring containers, and 60 bug fixes and stability improvements. Read on for more details!

    Podman’s support for running on non-Linux operating systems via the podman machine command continues to improve in v3.3.0. When containers are run inside a virtual machine created by podman machine, port forwarding from the host to the container is now supported - that is, a container that forwards port 8080 on the host to port 80 in the container will now be accessible not just from port 8080 in the Podman-managed virtual machine, but also from port 8080 on the host system. Stability also continues to improve, with many fixes being made to both podman machine itself and the remote Podman client.

    Podman now supports restarting containers created with the --restart option after the system is rebooted. Containers created with --restart=always can be automatically started when the system boots if the podman-restart.service systemd unit is enabled. Our main focus continues to be on managing containers directly with systemd via podman generate systemd, which has always allowed containers to be automatically started after boot and provides greater flexibility than the --restart option, but the addition of podman-restart.service will be useful for those seeking improved compatibility with Docker. The podman generate systemd command also saw several improvements, and will not default to using SDNotify instead of PID files, producing smaller and easier-to-understand unit files.

    Support for checkpoint and restoring containers has seen several new additions, most notably the ability to checkpoint and restore containers that are part of pods. Additionally, when restoring containers, you can now alter what ports the container publishes via the --publish option. Together, these greatly increase the flexibility of checkpoint and restore.

    This release also includes numerous other changes, features, and fixes. Find out more in the release notes.

    · 2 min read

    podman logo

    Podman 3.1 has been released!

    The new Podman release includes a number of exciting new features, including the podman secret command for managing secrets, support for a volume chown option to fix permissions automatically, improved support for volumes in podman generate kube, and over 60 bug fixes, many to the HTTP API. Read on for more details!

    Secrets support has been a frequent request for Podman, and 3.1.0 features the first step toward fulfilling it. Secrets add a way to easily add confidential data into containers, by having Podman-managed secret files, which can easily be added to containers. We have added a suite of new commands - podman secret create, podman secret ls, podman secret inspect, and podman secret rm - to manage these secrets, and a --secret flag to podman create and podman run to mount secrets into containers. Please note that the initial implementation of secrets does not encrypt secrets at rest - look for this in an upcoming release.

    Podman can now automatically change volume ownership to match the user a container is running as. The new :U mount option for volumes made with the -v flag to podman create and podman run will chown paths mounted into containers to ensure that the user in the container can access the volume. This is very useful with rootless containers, where the rootless user namespace can make it difficult to tell what user on the container will access a directory.

    The podman generate kube command can now generate PersistentVolumeClaim volumes for Podman named volumes attached to containers. These have been supported in podman play kube since v2.2.0, but until now, Podman has not been able to create YAML with these volumes. This important addition restores symmetry between generate kube and play kube.

    This release also includes numerous other changes, features, and fixes. Find out more in the release notes.

    · 3 min read

    podman logo

    Podman 3.0 has been released!

    This new major release features several exciting new features, including support for Docker Compose, improved security around image pulls by short name, improved networking support, and over 100 bug fixes. Podman v3.0 also features numerous improvements to our REST API and the Podman remote client.

    The headlining feature of Podman 3.0 is the addition of support for Docker Compose which can now run against the Podman REST API. There are no changes needed as Compose won’t even realize it’s using Podman. Compose is only supported when running Podman as root; we aim to support it with rootless Podman in a future release.

    Podman 3.0 also enables secure short name aliasing by default, a feature that debuted in experimental form in Podman 2.2. With short name aliasing enabled, every time a user-facing Podman process pulls an image by a short name for the first time (e.g. podman pull fedora), it will prompt to ask the user where they want to pull from. This removes several potential ways an attacker could manipulate where an image was pulled from to cause Podman to pull a malicious image.

    Podman networking has seen numerous fixes as part of Podman 3.0. We have added a new command, podman network reload, which recreates firewall rules for Podman containers. Previously, reloading the system firewall would render all containers running as root unusable until they were restarted; podman network reload fixes this. Networks created by podman network create also now support labels, and the podman network ls command can filter using these labels.

    Podman v3.0 includes the latest version of Buildah along with updates to our other container libraries. Buildah 1.19.2 includes many new features and fixes, including improved support for building multi-platform container images.

    Podman v3.0 also includes a fix for CVE-2021-20199. This is a security issue where rootless Podman would rewrite the source address on traffic from published ports to 127.0.0.1, which could cause an authentication bypass on certain images. We strongly suggest upgrading if you use rootless Podman.

    As part of 3.0, Podman has dropped support for the legacy Varlink API, which we deprecated in Podman 2.0. We recommend all users of the Varlink API upgrade to the new REST API.

    Dozens of other features, changes, and bug fixes are all included to improve stability, performance, and compatibility. These include numerous additional commands and options as well as API changes and fixes. You can read more here.

    · 2 min read

    podman logo

    Podman 2.2 has been released!

    Podman v2.2.0 has been released! Featuring numerous new features and over 80 bugfixes, the new Podman offers a number of often-requested features and improved stability. Read on for more details!

    Some of our most exciting new features include support for network aliases and the network connect and network disconnect commands. Network aliases are additional names that containers can be accessed through when using DNS. The network connect and network disconnect commands allow running containers to be added to and removed from networks. These have been frequent requests from users, and significantly improve our compatibility with Docker in networking.

    Podman 2.2 also comes with initial support for short name aliasing. This feature, explained more fully here, enhances the security of short names in the podman pull and podman run commands (e.g. podman pull ubi8) by ensuring that that the image we pull is actually the image the user wanted. This feature is purely opt-in for now but will be enabled by default in Podman 3.0.

    The podman generate kube and podman play kube commands also saw numerous improvements, most of which were provided by the community. Both generate kube and play kube now support resource limits for containers. We’ve also gained support for Kubernetes’ persistent volume claims and configmaps in podman play kube. We now offer increased control over the containers created by play kube as well, with a --start option (defaulting to true) controlling whether they are started immediately after being created, and the ability to set what log driver they use to improve the ability of podman play kube to integrate with systemd unit files.

    We’ve also added several other improvements. The --mount option to podman create and podman run can now mount a container image into a container using the type=image argument. Additionally, the podman inspect command now works with more objects (networks, pods, and volumes) instead of just containers and images. Finally, more Podman commands (podman mount, podman diff, podman container exists) can now work with Buildah and CRI-O containers, in addition to Podman containers.

    Numerous bug fixes to APIV2 to better support docker-compose and docker-py.

    · 2 min read

    podman logo

    Podman 2.1 has been released!

    Podman v2.1.0 has just been released! This is one of our largest releases ever, and features numerous new features, over 50 bugs fixed, and extensive work on the REST API. Read on for more details!

    Our biggest announcement is that rootless Podman now supports inter-container networking. Previously, it was impossible for rootless Podman containers to communicate directly with each other without using pods. Now, by joining rootless containers to a network, they can communicate with other containers in the same network in the same manner as containers running with full root privileges. This is a major improvement to rootless networking, and addresses one of the largest gaps between running Podman with and without root.

    We’ve also enabled a number of new features for images. Podman can now mount images (read-only) so their contents can be viewed without creating a container based on the image, using the podman image mount command. Additionally, podman save and podman load can now work with archives containing multiple images, instead of only one at a time. Finally, Podman’s pull logic has been reworked to retry pulling images when a pull fails due to network issues.

    The podman play kube command has also been a focus of attention. It now handles many additional options from Kubernetes YAML. These include support for new volume types (mounting sockets into your pods and setting volumes as read-only), setting restart policy for pods, adding entries to /etc/hosts, and many more. These features are available to anyone using podman generate kube as well.

    In addition, there are numerous small improvements. Volume mounts can now use the :O option to be created as overlay mounts - mounts where changes made by the container will not be propagated back to the host. Podman now supports setting the timezone of containers (using the --tz flag). The podman ps command now supports a --storage option which will display all containers on the system, even those not managed by Podman (e.g. Buildah and CRI-O containers).

    - + \ No newline at end of file diff --git a/release/tags/community/page/2.html b/release/tags/community/page/2.html index 999b35ba6..57886e0dd 100644 --- a/release/tags/community/page/2.html +++ b/release/tags/community/page/2.html @@ -12,7 +12,7 @@ - + @@ -26,7 +26,7 @@ rootless Podman, adding short options to some of the existing command options, added --all-tags to the the pull command, further changes for rootless containers and more. All the details follow!

    Changes

    Features

    • Added --latest and --all flags to podman mount and podman umount
    • Rootless Podman can now forward ports into containers (using the same -p and -P flags as root Podman)
    • Rootless Podman will now pull some configuration options (for example, OCI runtime path) from the default root libpod.conf if they are not explicitly set in the user's own libpod.conf #2174
    • Added an alias -f for the --format flag of the podman info and podman version commands
    • Added an alias -s for the --size flag of the podman inspect command
    • Added the podman system info and podman system prune commands
    • Added the podman cp command to copy files between containers and the host #613
    • Added the --password-stdin flag to podman login
    • Added the --all-tags flag to podman pull
    • The --rm and --detach flags can now be used together with podman run
    • The podman start and podman run commands for containers in pods will now start dependency containers if they are stopped
    • Added the podman system renumber command to handle lock changes
    • The --net=host and --dns flags for podman run and podman create no longer conflict
    • Podman now handles mounting the shared /etc/resolv.conf from network namespaces created by ip netns add when they are passed in via podman run --net=ns:

    Bugfixes

    • Fixed a bug with podman inspect where different information would be returned when the container was running versus when it was stopped
    • Fixed a bug where errors in Go templates passed to podman inspect were silently ignored instead of reported to the user #2159
    • Fixed a bug where rootless Podman with --pid=host containers was incorrectly masking paths in /proc
    • Fixed a bug where full errors starting rootless Podman were not reported when a refresh was requested
    • Fixed a bug where Podman would override the config file-specified storage driver with the driver the backing database was created with without warning users
    • Fixed a bug where podman prune would prune all images not in use by a container, as opposed to only untagged images, by default #2192
    • Fixed a bug where podman create --quiet and podman run --quiet were not properly suppressing output
    • Fixed a bug where the table keyword in Go template output of podman ps was not working #2221
    • Fixed a bug where podman inspect on images pulled by digest would double-print @sha256 in output when printing digests #2086
    • Fixed a bug where podman container runlabel will return a non-0 exit code if the label does not exist
    • Fixed a bug where container state was always reset to Created after a reboot #1703
    • Fixed a bug where /dev/pts was unconditionally overridden in rootless Podman, which was unnecessary except in very specific cases
    • Fixed a bug where Podman run as root was ignoring some options in /etc/containers/storage.conf #2217
    • Fixed a bug where Podman cleanup processes were not being given the proper OCI runtime path if a custom one was specified
    • Fixed a bug where podman images --filter dangling=true would crash if no dangling images were present #2246
    • Fixed a bug where podman ps --format {% raw %}"{{.Mounts}}"{% endraw %} would not display a container's mounts #2238
    • Fixed a bug where podman pod stats was ignoring Go templates specified by --format #2258
    • Fixed a bug where podman generate kube would fail on containers with --user specified #2304
    • Fixed a bug where podman images displayed incorrect output for images pulled by digest #2175
    • Fixed a bug where podman port and podman ps did not properly display ports if the container joined a network namespace from a pod or another container #846
    • Fixed a bug where detaching from a container using the detach keys would cause Podman to hang until the container exited
    • Fixed a bug where podman create --rm did not work with podman start --attach
    • Fixed a bug where invalid named volumes specified in podman create and podman run could cause segfaults #2301
    • Fixed a bug where the runtime field in libpod.conf was being ignored. runtime is legacy and deprecated, but will continue to be respected for the foreseeable future
    • Fixed a bug where podman login would sometimes report it logged in successfully when it did not
    • Fixed a bug where podman pod create would not error on receiving unused CLI argument
    • Fixed a bug where rootless podman run with the --pod argument would fail if the pod was stopped
    • Fixed a bug where podman images did not print a trailing newline when not invoked on a TTY #2388
    • Fixed a bug where the --runtime option was sometimes not overriding libpod.conf
    • Fixed a bug where podman pull and podman runlabel would sometimes exit with 0 when they should have exited with an error #2405
    • Fixed a bug where rootless podman export -o would fail #2381
    • Fixed a bug where read-only volumes would fail in rootless Podman when the volume originated on a filesystem mounted nosuid, nodev, or noexec #2312
    • Fixed a bug where some files used by checkpoint and restore received improper SELinux labels #2334
    • Fixed a bug where Podman's volume path was not properly changed when containers/storage changed location #2395

    Misc

    • Podman migrated to a new, shared memory locking model in this release. As part of this, if you are running Podman with pods or dependency containers (e.g. --net=container:), you should run the podman system renumber command to migrate your containers to the new model - please reference the podman-system-renumber(1) man page for further details
    • Podman migrated to a new command-line parsing library, and the output format of help and usage text has somewhat changed as a result
    • Updated Buildah to v1.7, picking up a number of bugfixes
    • Updated containers/image library to v1.5, picking up a number of bugfixes and performance improvements to pushing images
    • Updated containers/storage library to v1.10, picking up a number of bugfixes
    • Work on the remote Podman client for interacting with Podman remotely over Varlink is progressing steadily, and many image and pod commands are supported
    • Added path masking to mounts with the :z and :Z options, preventing users from accidentally performing an SELinux relabel of their entire home directory
    • The podman container runlabel command will not pull an image if it does not contain the requested label
    • Many commands' usage information now includes examples
    • podman rm can now delete containers in containers/storage, which can be used to resolve some situations where Podman fails to remove a container
    • The podman search command now searches multiple registries in parallel for improved performance
    • The podman build command now defaults --pull-always to true
    • Containers which share a network namespace (for example, when in a pod) will now share /etc/hosts and /etc/resolv.conf between all containers in the pod, causing changes in one container to propagate to all containers sharing their networks
    • The podman rm and podman rmi commands now return 1 (instead of 127) when all specified container or images are missing

    As always, please visit our release notes on GitHub to see the full changelog.

    You can find instructions for installing Podman here

    · 3 min read

    podman logo

    Podman has gone 1.0!

    Our original goal with Podman was to provide a fully-featured debugging experience for CRI-O, but it has become so much more. Podman 1.0.0 is a fully-featured container engine. It provides a Docker-compatible command line to ease the transition from other container engines. Most Podman commands can be run as a regular user, without requiring additional privileges. Furthermore, all of this is accomplished without a daemon!

    · 2 min read

    podman logo

    Podman Release 0.12.1.1

    We're happy to announce the availability of Podman 0.12.1.1, our latest version. We've been very busy over the last month, and it shows! We've merged over 150 new commits since our 0.11 releases, including major new functionality and several critical bugfixes. Pods, Kubernetes compatibility, and container volumes all saw major improvements.

    We hope everyone enjoys the release, and stays with us in the future as Podman gets closer to 1.0. As always, many thanks to everyone who contributed to this release!

    - + \ No newline at end of file diff --git a/release/tags/community/page/3.html b/release/tags/community/page/3.html index 8a9f689d2..20530beeb 100644 --- a/release/tags/community/page/3.html +++ b/release/tags/community/page/3.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    26 posts tagged with "community"

    View All Tags

    · 2 min read

    podman logo

    Podman release 0.8.3

    Our release this week was very smooth. It seems like between CI infrastructure stability, last minute pull requests, and sometimes just plain bad luck, something always gives us trouble on Friday’s. The Fedora packages are created and I see that they are getting their karma and working through the process already.

    By the way, we moved! Our new upstream location is https://github.com/containers/podman. It seems to be a more natural fit for our project and more closely associates us with some of our sister projects.

    · 2 min read

    podman logo

    Podman release 0.7.2

    As most weeks are, this was fast and furious. You will see hand fulls of significant features below that have been added to podman this week. All of it is awesome work from the core team and its contributors. There were also two interesting features that users will be interested in: the ability to create a container with multiple networks and the podman remote client.

    · 2 min read

    podman logo

    Podman release 0.7.1

    Last week was a busy holiday week here in the United States, but we still managed a nice release full of interesting merges.

    Many of the significant merges are going to be less than noticeable to users. A lot of updated vendor code was added as well as the removal of unused functions due to cgroups and platform changes.

    · 3 min read

    podman logo

    Podman release 0.6.4

    This afternoon we were able to overcome some last minute bugs and release a new Podman. The packages are building in Fedora and will work their way through Fedora’s bodhi system. For giggles, I looked at the number of individual contributors this week and was glad to see the number at 10.

    Mainly bugfixes this week, one big one was that we do a better job cleaning up containers that run in the back ground.

    · 2 min read

    podman logo

    Podman release 0.6.1

    It seems that when we have a short work week here in the US, we have rather large releases. To me, that flies in the face of logic. Speaking of which, one particular milestone was reached this week … We had our 1000th commit in Podman!

    That is particularly special, because prior to this repository, all libpod work was being done within the CRI-O repository. So the 1000 commits is in actuality since we broke apart from CRI-O. I want to recognize all the contributors who have been helping us along way. Great job! ##Other notable items in the release:

    - + \ No newline at end of file diff --git a/release/tags/hpc.html b/release/tags/hpc.html index 5fc1aa3f3..9be4fb10a 100644 --- a/release/tags/hpc.html +++ b/release/tags/hpc.html @@ -12,14 +12,14 @@ - +

    8 posts tagged with "hpc"

    View All Tags

    · 3 min read

    podman logo

    Podman 4.3.0 is now available! There’s a lot to be excited about, including numerous new features, over 30 bug fixes, and many other improvements. A major focus of 4.3 has been on improving Docker compatibility, including the addition of many missing options and aliases to Podman’s command line to further our efforts to make transitioning to Podman a seamless change. Podman’s integration with Kubernetes has also seen many improvements, including improved integration with systemd and support for automatic updates. Read on for more details and these changes and more!

    The Podman team made improved compatibility with Docker a priority for Podman 4.3. We audited Podman’s commands against the Docker command line tool to identify missing and unsupported options and then set to work adding and fixing differences. As part of these, we added a dozen new options to various Podman commands, with many of these being missing aliases for existing options. A new set of commands, podman context, have been added for compatibility with docker context. These are also aliases (for podman system connection commands), and will usually be hidden as they are only required for scripts originally written to use Docker. We have also removed a known incompatibility with Docker in Podman’s volume handling. Docker compatibility remains a focus for Podman, and we will continue our efforts to make migrating to Podman effortless.

    Podman’s Kubernetes integration also saw numerous changes, the biggest of which is the creation of the podman kube command. Previously, Kubernetes YAML was generated with podman generate kube and ran with podman play kube, but users found this confusing - it wasn’t immediately obvious from podman help that the commands existed. By moving the commands to podman kube generate and podman kube play and introducing a new command to tear down pods (podman kube down), we consolidated all Kubernetes commands in one easy-to-find place. The podman generate kube, and podman play kube commands will continue to work, but the new podman kube commands will be preferred.

    Of course, we didn’t stop at just renaming commands. We’ve made a number of further additions to podman kube play, most notably improved systemd integration. In Podman 4.2, we added podman-kube@.service to allow pods created with podman kube play to be managed with systemd. With Podman 4.3, we’ve improved this in two significant ways. First, pods using podman-kube@.service can now use sdnotify to verify to systemd that they have started. This laid the groundwork for the following major change: Pods from podman-kube@.service now support Podman’s auto-updated mechanism, enabled using an annotation (io.containers.auto-update). Furthermore, we made several improvements to podman kube play, including support for emptyDir volumes, support for user namespaces via HostUsers, and support for binary data in ConfigMaps.

    These are just a few of the over 30 features and bug fixes included in Podman 4.3.0. Be sure to check out the release notes for more details!

    · 3 min read

    podman logo

    Podman v4.2.0 has been released!

    Podman 4.2.0, our latest release, is now available. Featuring dozens of new features, including support for the GitLab Runner, significant improvements to podman play kube, and pods in general. We’ve also been working on running Podman on Mac and Windows, with a number of major bug fixes and several new features for podman machine landing. We are also happy to announce an early release of Podman Desktop, a GUI tool for Podman. Read on for more details!

    Our new release now supports being used with the GitLab Runner as part of GitLab CI platforms, using the Docker executor. This has been the culmination of months of effort, and required squashing a number of bugs in our REST API. GitLab Runner has been a much-requested feature, and we’re eager to see what users do with it!

    As part of the 4.2.0 release, we have made many changes to both Podman pods and the podman play kube command. Pods now have early support for resource limits, allowing CPU and memory use for a pod to be limited. All containers in the pod will share this limit but can still set their own limits. Pods can also be cloned now via the new podman pod clone command. Support for YAML in play kube has also been improved, with additional support for security context settings and the ability to use BlockDevice and CharDevice volumes.

    systemd integration with podman play kube has been introduced. Pods launched by podman play kube can be managed by systemd, using the new podman-kube@.service service - e.g. systemctl --user start podman-play-kube@$(systemd-escape my.yaml).service will run the my.yaml file managed by systemd.

    Several other features and changes also landed in Podman v4.2.0. Early support for Sigstore signatures is now available in podman push and podman manifest push - expect more in this area in the future as we further integrate Sigstore and Podman. Podman networks can now be isolated (preventing traffic from being sent to other Podman-managed networks) with the --opt isolate= option to podman network create.

    These are just a few of the 40 new features and 50 bug fixes included in Podman 4.2.0. Be sure to check out the release notes for more details!

    Along with the release of Podman 4.2.0, a new version of Podman Desktop is available. If you are not yet aware of Podman Desktop, it’s a new project under the container organization to help developers work with containers in their local environment with a desktop UI. Podman Desktop is still in its early days. Still, it already provides capabilities to list your images, interact with containers (access logs, get a terminal), connect to registries (pull private images, push your images) and configure podman settings (proxies). An early adopter program has also been set up. Feel free to sign up if you are interested in testing Podman Desktop, providing feedback, and speaking about your ideas, experiences, and pain points! If you are interested in contributing to the tool, your help would also be appreciated. Feel free to investigate the project’s Github.

    · 3 min read

    podman logo

    Podman v4.1 has been released!

    The new Podman v4.1.0 release is now available. This release is all about new features, with some of the most exciting being improved support for running on Mac and Windows, and adding support for Docker Compose v2.0. These are just the beginning, though, as this release also includes the ability to clone containers, significant improvements to checkpointing, and over 25 bug fixes. Read on for more details!

    Podman’s support for running on Mac and Windows via podman machine has seen a number of major improvements, chief among them support for mounting the host machine’s home directory into the podman machine VMs by default. Also, on Windows, you can now refer to arbitrary Windows drive paths in your volume mount expressions. This allows containers run by Podman to use mounts from the host, an often-requested feature. Additionally, we’ve added a podman machine inspect command to inspect existing VMs, and support for modifying the CPU, memory, and disk limits of existing VMs using the podman machine set command. Support for non-Linux operating systems continues to be one of our main focuses, and we’re committed to improving our user experience here - stay tuned for more details!

    Podman v4.1 is also our first release to support Docker Compose v2.2.0 and up. Since our v3.0 release over a year ago, Podman has supported Compose v1, but the rewritten Compose v2 required further work in Podman to support. Please note that it may be necessary to disable the use of the BuildKit API by setting the environment variable DOCKER_BUILDKIT=0; we’re looking into improving our Buildkit support in the future, so this is not necessary.

    There are numerous other changes and improvements to all parts of Podman packed into this release. We’ve added several new commands, including podman volume mount and podman volume unmount (to allow easy copying of files to and from volumes without using them in a container) and podman container clone (creates a copy of an existing container, with the ability to change many settings while doing so). Checkpoint and restore have seen a major improvement with the ability to store checkpoints as OCI images, allowing them to be distributed via container registries. Finally, Podman has gone on a diet - we set out to reduce or eliminate many of our dependencies and managed to reduce our binary size by 8MB shaving off 15% of the original binary size. There are many more changes - too many to list all of them here - so be sure to check out the release notes!

    · 2 min read

    podman logo

    Podman v4.0 has been released!

    Podman v4.0.0, a brand-new major release, is now available. Podman 4.0 is one of our most significant releases ever, featuring over 60 new features. Headlining this release is a complete rewrite of the network stack for improved functionality and performance, but there are numerous other changes, including improvements to Podman’s Mac and Windows support, improvements to pods, over 50 bug fixes, and much, much more!

    Podman now features support for a new network stack based on Netavark and Aardvark, in addition to the existing CNI stack. The new stack features improved support for containers in multiple networks, improved IPv6 support, and improved performance. To ensure that we don’t break existing users, the old CNI stack will remain the default on existing installations, while new installs will use Netavark. We’re planning an in-depth dive into the networking changes in a future blog, so look forward to more details there!

    Support for Podman on Windows and OS X has also been a top priority, and we have made several major improvements for Podman 4.0. Chief among them is support for mounting the Podman API socket on the host system, allowing tools like Docker Compose to be used on the host system instead of inside the podman machine VM. Also, podman machine can now use WSL2 as a backend on Windows, greatly improving Podman’s support for Windows. More features, including support for volume mounts from the host, are planned for Podman v4.1, so stay tuned for more updates.

    Podman Pods have seen numerous new features added to allow sharing resources between containers in the pod. The --volume and --device options to the podman pod create command allows volumes and devices to be mounted to every container in the pod, and the --security-opt and --sysctl options allow these configurations to be set for every container in the pod. Again, these changes are just the beginning of what we have planned - eventually, we aim to have almost every option from podman run available to pods to allow easy sharing of configuration options among containers within them.

    These changes are just the tip of the iceberg - there’s far more packed into this release, including major updates to checkpoint and restore, improvements to podman generate systemd and podman play kube, and so much more. Find out more in the release notes.

    · 2 min read

    podman logo

    Podman 3.3 has been released!

    A new Podman release is available, featuring a number of exciting new features, including improved support for running Podman on OS X, support for restarting containers after a system restart, improved support for checkpointing and restoring containers, and 60 bug fixes and stability improvements. Read on for more details!

    Podman’s support for running on non-Linux operating systems via the podman machine command continues to improve in v3.3.0. When containers are run inside a virtual machine created by podman machine, port forwarding from the host to the container is now supported - that is, a container that forwards port 8080 on the host to port 80 in the container will now be accessible not just from port 8080 in the Podman-managed virtual machine, but also from port 8080 on the host system. Stability also continues to improve, with many fixes being made to both podman machine itself and the remote Podman client.

    Podman now supports restarting containers created with the --restart option after the system is rebooted. Containers created with --restart=always can be automatically started when the system boots if the podman-restart.service systemd unit is enabled. Our main focus continues to be on managing containers directly with systemd via podman generate systemd, which has always allowed containers to be automatically started after boot and provides greater flexibility than the --restart option, but the addition of podman-restart.service will be useful for those seeking improved compatibility with Docker. The podman generate systemd command also saw several improvements, and will not default to using SDNotify instead of PID files, producing smaller and easier-to-understand unit files.

    Support for checkpoint and restoring containers has seen several new additions, most notably the ability to checkpoint and restore containers that are part of pods. Additionally, when restoring containers, you can now alter what ports the container publishes via the --publish option. Together, these greatly increase the flexibility of checkpoint and restore.

    This release also includes numerous other changes, features, and fixes. Find out more in the release notes.

    · 2 min read

    podman logo

    Podman 3.1 has been released!

    The new Podman release includes a number of exciting new features, including the podman secret command for managing secrets, support for a volume chown option to fix permissions automatically, improved support for volumes in podman generate kube, and over 60 bug fixes, many to the HTTP API. Read on for more details!

    Secrets support has been a frequent request for Podman, and 3.1.0 features the first step toward fulfilling it. Secrets add a way to easily add confidential data into containers, by having Podman-managed secret files, which can easily be added to containers. We have added a suite of new commands - podman secret create, podman secret ls, podman secret inspect, and podman secret rm - to manage these secrets, and a --secret flag to podman create and podman run to mount secrets into containers. Please note that the initial implementation of secrets does not encrypt secrets at rest - look for this in an upcoming release.

    Podman can now automatically change volume ownership to match the user a container is running as. The new :U mount option for volumes made with the -v flag to podman create and podman run will chown paths mounted into containers to ensure that the user in the container can access the volume. This is very useful with rootless containers, where the rootless user namespace can make it difficult to tell what user on the container will access a directory.

    The podman generate kube command can now generate PersistentVolumeClaim volumes for Podman named volumes attached to containers. These have been supported in podman play kube since v2.2.0, but until now, Podman has not been able to create YAML with these volumes. This important addition restores symmetry between generate kube and play kube.

    This release also includes numerous other changes, features, and fixes. Find out more in the release notes.

    · 3 min read

    podman logo

    Podman 3.0 has been released!

    This new major release features several exciting new features, including support for Docker Compose, improved security around image pulls by short name, improved networking support, and over 100 bug fixes. Podman v3.0 also features numerous improvements to our REST API and the Podman remote client.

    The headlining feature of Podman 3.0 is the addition of support for Docker Compose which can now run against the Podman REST API. There are no changes needed as Compose won’t even realize it’s using Podman. Compose is only supported when running Podman as root; we aim to support it with rootless Podman in a future release.

    Podman 3.0 also enables secure short name aliasing by default, a feature that debuted in experimental form in Podman 2.2. With short name aliasing enabled, every time a user-facing Podman process pulls an image by a short name for the first time (e.g. podman pull fedora), it will prompt to ask the user where they want to pull from. This removes several potential ways an attacker could manipulate where an image was pulled from to cause Podman to pull a malicious image.

    Podman networking has seen numerous fixes as part of Podman 3.0. We have added a new command, podman network reload, which recreates firewall rules for Podman containers. Previously, reloading the system firewall would render all containers running as root unusable until they were restarted; podman network reload fixes this. Networks created by podman network create also now support labels, and the podman network ls command can filter using these labels.

    Podman v3.0 includes the latest version of Buildah along with updates to our other container libraries. Buildah 1.19.2 includes many new features and fixes, including improved support for building multi-platform container images.

    Podman v3.0 also includes a fix for CVE-2021-20199. This is a security issue where rootless Podman would rewrite the source address on traffic from published ports to 127.0.0.1, which could cause an authentication bypass on certain images. We strongly suggest upgrading if you use rootless Podman.

    As part of 3.0, Podman has dropped support for the legacy Varlink API, which we deprecated in Podman 2.0. We recommend all users of the Varlink API upgrade to the new REST API.

    Dozens of other features, changes, and bug fixes are all included to improve stability, performance, and compatibility. These include numerous additional commands and options as well as API changes and fixes. You can read more here.

    · 2 min read

    podman logo

    Podman 2.2 has been released!

    Podman v2.2.0 has been released! Featuring numerous new features and over 80 bugfixes, the new Podman offers a number of often-requested features and improved stability. Read on for more details!

    Some of our most exciting new features include support for network aliases and the network connect and network disconnect commands. Network aliases are additional names that containers can be accessed through when using DNS. The network connect and network disconnect commands allow running containers to be added to and removed from networks. These have been frequent requests from users, and significantly improve our compatibility with Docker in networking.

    Podman 2.2 also comes with initial support for short name aliasing. This feature, explained more fully here, enhances the security of short names in the podman pull and podman run commands (e.g. podman pull ubi8) by ensuring that that the image we pull is actually the image the user wanted. This feature is purely opt-in for now but will be enabled by default in Podman 3.0.

    The podman generate kube and podman play kube commands also saw numerous improvements, most of which were provided by the community. Both generate kube and play kube now support resource limits for containers. We’ve also gained support for Kubernetes’ persistent volume claims and configmaps in podman play kube. We now offer increased control over the containers created by play kube as well, with a --start option (defaulting to true) controlling whether they are started immediately after being created, and the ability to set what log driver they use to improve the ability of podman play kube to integrate with systemd unit files.

    We’ve also added several other improvements. The --mount option to podman create and podman run can now mount a container image into a container using the type=image argument. Additionally, the podman inspect command now works with more objects (networks, pods, and volumes) instead of just containers and images. Finally, more Podman commands (podman mount, podman diff, podman container exists) can now work with Buildah and CRI-O containers, in addition to Podman containers.

    Numerous bug fixes to APIV2 to better support docker-compose and docker-py.

    - + \ No newline at end of file diff --git a/release/tags/kubernetes.html b/release/tags/kubernetes.html index 8eac66199..ee32310f7 100644 --- a/release/tags/kubernetes.html +++ b/release/tags/kubernetes.html @@ -12,14 +12,14 @@ - +

    8 posts tagged with "kubernetes"

    View All Tags

    · 3 min read

    podman logo

    Podman 4.3.0 is now available! There’s a lot to be excited about, including numerous new features, over 30 bug fixes, and many other improvements. A major focus of 4.3 has been on improving Docker compatibility, including the addition of many missing options and aliases to Podman’s command line to further our efforts to make transitioning to Podman a seamless change. Podman’s integration with Kubernetes has also seen many improvements, including improved integration with systemd and support for automatic updates. Read on for more details and these changes and more!

    The Podman team made improved compatibility with Docker a priority for Podman 4.3. We audited Podman’s commands against the Docker command line tool to identify missing and unsupported options and then set to work adding and fixing differences. As part of these, we added a dozen new options to various Podman commands, with many of these being missing aliases for existing options. A new set of commands, podman context, have been added for compatibility with docker context. These are also aliases (for podman system connection commands), and will usually be hidden as they are only required for scripts originally written to use Docker. We have also removed a known incompatibility with Docker in Podman’s volume handling. Docker compatibility remains a focus for Podman, and we will continue our efforts to make migrating to Podman effortless.

    Podman’s Kubernetes integration also saw numerous changes, the biggest of which is the creation of the podman kube command. Previously, Kubernetes YAML was generated with podman generate kube and ran with podman play kube, but users found this confusing - it wasn’t immediately obvious from podman help that the commands existed. By moving the commands to podman kube generate and podman kube play and introducing a new command to tear down pods (podman kube down), we consolidated all Kubernetes commands in one easy-to-find place. The podman generate kube, and podman play kube commands will continue to work, but the new podman kube commands will be preferred.

    Of course, we didn’t stop at just renaming commands. We’ve made a number of further additions to podman kube play, most notably improved systemd integration. In Podman 4.2, we added podman-kube@.service to allow pods created with podman kube play to be managed with systemd. With Podman 4.3, we’ve improved this in two significant ways. First, pods using podman-kube@.service can now use sdnotify to verify to systemd that they have started. This laid the groundwork for the following major change: Pods from podman-kube@.service now support Podman’s auto-updated mechanism, enabled using an annotation (io.containers.auto-update). Furthermore, we made several improvements to podman kube play, including support for emptyDir volumes, support for user namespaces via HostUsers, and support for binary data in ConfigMaps.

    These are just a few of the over 30 features and bug fixes included in Podman 4.3.0. Be sure to check out the release notes for more details!

    · 3 min read

    podman logo

    Podman v4.2.0 has been released!

    Podman 4.2.0, our latest release, is now available. Featuring dozens of new features, including support for the GitLab Runner, significant improvements to podman play kube, and pods in general. We’ve also been working on running Podman on Mac and Windows, with a number of major bug fixes and several new features for podman machine landing. We are also happy to announce an early release of Podman Desktop, a GUI tool for Podman. Read on for more details!

    Our new release now supports being used with the GitLab Runner as part of GitLab CI platforms, using the Docker executor. This has been the culmination of months of effort, and required squashing a number of bugs in our REST API. GitLab Runner has been a much-requested feature, and we’re eager to see what users do with it!

    As part of the 4.2.0 release, we have made many changes to both Podman pods and the podman play kube command. Pods now have early support for resource limits, allowing CPU and memory use for a pod to be limited. All containers in the pod will share this limit but can still set their own limits. Pods can also be cloned now via the new podman pod clone command. Support for YAML in play kube has also been improved, with additional support for security context settings and the ability to use BlockDevice and CharDevice volumes.

    systemd integration with podman play kube has been introduced. Pods launched by podman play kube can be managed by systemd, using the new podman-kube@.service service - e.g. systemctl --user start podman-play-kube@$(systemd-escape my.yaml).service will run the my.yaml file managed by systemd.

    Several other features and changes also landed in Podman v4.2.0. Early support for Sigstore signatures is now available in podman push and podman manifest push - expect more in this area in the future as we further integrate Sigstore and Podman. Podman networks can now be isolated (preventing traffic from being sent to other Podman-managed networks) with the --opt isolate= option to podman network create.

    These are just a few of the 40 new features and 50 bug fixes included in Podman 4.2.0. Be sure to check out the release notes for more details!

    Along with the release of Podman 4.2.0, a new version of Podman Desktop is available. If you are not yet aware of Podman Desktop, it’s a new project under the container organization to help developers work with containers in their local environment with a desktop UI. Podman Desktop is still in its early days. Still, it already provides capabilities to list your images, interact with containers (access logs, get a terminal), connect to registries (pull private images, push your images) and configure podman settings (proxies). An early adopter program has also been set up. Feel free to sign up if you are interested in testing Podman Desktop, providing feedback, and speaking about your ideas, experiences, and pain points! If you are interested in contributing to the tool, your help would also be appreciated. Feel free to investigate the project’s Github.

    · 3 min read

    podman logo

    Podman v4.1 has been released!

    The new Podman v4.1.0 release is now available. This release is all about new features, with some of the most exciting being improved support for running on Mac and Windows, and adding support for Docker Compose v2.0. These are just the beginning, though, as this release also includes the ability to clone containers, significant improvements to checkpointing, and over 25 bug fixes. Read on for more details!

    Podman’s support for running on Mac and Windows via podman machine has seen a number of major improvements, chief among them support for mounting the host machine’s home directory into the podman machine VMs by default. Also, on Windows, you can now refer to arbitrary Windows drive paths in your volume mount expressions. This allows containers run by Podman to use mounts from the host, an often-requested feature. Additionally, we’ve added a podman machine inspect command to inspect existing VMs, and support for modifying the CPU, memory, and disk limits of existing VMs using the podman machine set command. Support for non-Linux operating systems continues to be one of our main focuses, and we’re committed to improving our user experience here - stay tuned for more details!

    Podman v4.1 is also our first release to support Docker Compose v2.2.0 and up. Since our v3.0 release over a year ago, Podman has supported Compose v1, but the rewritten Compose v2 required further work in Podman to support. Please note that it may be necessary to disable the use of the BuildKit API by setting the environment variable DOCKER_BUILDKIT=0; we’re looking into improving our Buildkit support in the future, so this is not necessary.

    There are numerous other changes and improvements to all parts of Podman packed into this release. We’ve added several new commands, including podman volume mount and podman volume unmount (to allow easy copying of files to and from volumes without using them in a container) and podman container clone (creates a copy of an existing container, with the ability to change many settings while doing so). Checkpoint and restore have seen a major improvement with the ability to store checkpoints as OCI images, allowing them to be distributed via container registries. Finally, Podman has gone on a diet - we set out to reduce or eliminate many of our dependencies and managed to reduce our binary size by 8MB shaving off 15% of the original binary size. There are many more changes - too many to list all of them here - so be sure to check out the release notes!

    · 2 min read

    podman logo

    Podman v4.0 has been released!

    Podman v4.0.0, a brand-new major release, is now available. Podman 4.0 is one of our most significant releases ever, featuring over 60 new features. Headlining this release is a complete rewrite of the network stack for improved functionality and performance, but there are numerous other changes, including improvements to Podman’s Mac and Windows support, improvements to pods, over 50 bug fixes, and much, much more!

    Podman now features support for a new network stack based on Netavark and Aardvark, in addition to the existing CNI stack. The new stack features improved support for containers in multiple networks, improved IPv6 support, and improved performance. To ensure that we don’t break existing users, the old CNI stack will remain the default on existing installations, while new installs will use Netavark. We’re planning an in-depth dive into the networking changes in a future blog, so look forward to more details there!

    Support for Podman on Windows and OS X has also been a top priority, and we have made several major improvements for Podman 4.0. Chief among them is support for mounting the Podman API socket on the host system, allowing tools like Docker Compose to be used on the host system instead of inside the podman machine VM. Also, podman machine can now use WSL2 as a backend on Windows, greatly improving Podman’s support for Windows. More features, including support for volume mounts from the host, are planned for Podman v4.1, so stay tuned for more updates.

    Podman Pods have seen numerous new features added to allow sharing resources between containers in the pod. The --volume and --device options to the podman pod create command allows volumes and devices to be mounted to every container in the pod, and the --security-opt and --sysctl options allow these configurations to be set for every container in the pod. Again, these changes are just the beginning of what we have planned - eventually, we aim to have almost every option from podman run available to pods to allow easy sharing of configuration options among containers within them.

    These changes are just the tip of the iceberg - there’s far more packed into this release, including major updates to checkpoint and restore, improvements to podman generate systemd and podman play kube, and so much more. Find out more in the release notes.

    · 2 min read

    podman logo

    Podman 3.3 has been released!

    A new Podman release is available, featuring a number of exciting new features, including improved support for running Podman on OS X, support for restarting containers after a system restart, improved support for checkpointing and restoring containers, and 60 bug fixes and stability improvements. Read on for more details!

    Podman’s support for running on non-Linux operating systems via the podman machine command continues to improve in v3.3.0. When containers are run inside a virtual machine created by podman machine, port forwarding from the host to the container is now supported - that is, a container that forwards port 8080 on the host to port 80 in the container will now be accessible not just from port 8080 in the Podman-managed virtual machine, but also from port 8080 on the host system. Stability also continues to improve, with many fixes being made to both podman machine itself and the remote Podman client.

    Podman now supports restarting containers created with the --restart option after the system is rebooted. Containers created with --restart=always can be automatically started when the system boots if the podman-restart.service systemd unit is enabled. Our main focus continues to be on managing containers directly with systemd via podman generate systemd, which has always allowed containers to be automatically started after boot and provides greater flexibility than the --restart option, but the addition of podman-restart.service will be useful for those seeking improved compatibility with Docker. The podman generate systemd command also saw several improvements, and will not default to using SDNotify instead of PID files, producing smaller and easier-to-understand unit files.

    Support for checkpoint and restoring containers has seen several new additions, most notably the ability to checkpoint and restore containers that are part of pods. Additionally, when restoring containers, you can now alter what ports the container publishes via the --publish option. Together, these greatly increase the flexibility of checkpoint and restore.

    This release also includes numerous other changes, features, and fixes. Find out more in the release notes.

    · 2 min read

    podman logo

    Podman 3.1 has been released!

    The new Podman release includes a number of exciting new features, including the podman secret command for managing secrets, support for a volume chown option to fix permissions automatically, improved support for volumes in podman generate kube, and over 60 bug fixes, many to the HTTP API. Read on for more details!

    Secrets support has been a frequent request for Podman, and 3.1.0 features the first step toward fulfilling it. Secrets add a way to easily add confidential data into containers, by having Podman-managed secret files, which can easily be added to containers. We have added a suite of new commands - podman secret create, podman secret ls, podman secret inspect, and podman secret rm - to manage these secrets, and a --secret flag to podman create and podman run to mount secrets into containers. Please note that the initial implementation of secrets does not encrypt secrets at rest - look for this in an upcoming release.

    Podman can now automatically change volume ownership to match the user a container is running as. The new :U mount option for volumes made with the -v flag to podman create and podman run will chown paths mounted into containers to ensure that the user in the container can access the volume. This is very useful with rootless containers, where the rootless user namespace can make it difficult to tell what user on the container will access a directory.

    The podman generate kube command can now generate PersistentVolumeClaim volumes for Podman named volumes attached to containers. These have been supported in podman play kube since v2.2.0, but until now, Podman has not been able to create YAML with these volumes. This important addition restores symmetry between generate kube and play kube.

    This release also includes numerous other changes, features, and fixes. Find out more in the release notes.

    · 3 min read

    podman logo

    Podman 3.0 has been released!

    This new major release features several exciting new features, including support for Docker Compose, improved security around image pulls by short name, improved networking support, and over 100 bug fixes. Podman v3.0 also features numerous improvements to our REST API and the Podman remote client.

    The headlining feature of Podman 3.0 is the addition of support for Docker Compose which can now run against the Podman REST API. There are no changes needed as Compose won’t even realize it’s using Podman. Compose is only supported when running Podman as root; we aim to support it with rootless Podman in a future release.

    Podman 3.0 also enables secure short name aliasing by default, a feature that debuted in experimental form in Podman 2.2. With short name aliasing enabled, every time a user-facing Podman process pulls an image by a short name for the first time (e.g. podman pull fedora), it will prompt to ask the user where they want to pull from. This removes several potential ways an attacker could manipulate where an image was pulled from to cause Podman to pull a malicious image.

    Podman networking has seen numerous fixes as part of Podman 3.0. We have added a new command, podman network reload, which recreates firewall rules for Podman containers. Previously, reloading the system firewall would render all containers running as root unusable until they were restarted; podman network reload fixes this. Networks created by podman network create also now support labels, and the podman network ls command can filter using these labels.

    Podman v3.0 includes the latest version of Buildah along with updates to our other container libraries. Buildah 1.19.2 includes many new features and fixes, including improved support for building multi-platform container images.

    Podman v3.0 also includes a fix for CVE-2021-20199. This is a security issue where rootless Podman would rewrite the source address on traffic from published ports to 127.0.0.1, which could cause an authentication bypass on certain images. We strongly suggest upgrading if you use rootless Podman.

    As part of 3.0, Podman has dropped support for the legacy Varlink API, which we deprecated in Podman 2.0. We recommend all users of the Varlink API upgrade to the new REST API.

    Dozens of other features, changes, and bug fixes are all included to improve stability, performance, and compatibility. These include numerous additional commands and options as well as API changes and fixes. You can read more here.

    · 2 min read

    podman logo

    Podman 2.2 has been released!

    Podman v2.2.0 has been released! Featuring numerous new features and over 80 bugfixes, the new Podman offers a number of often-requested features and improved stability. Read on for more details!

    Some of our most exciting new features include support for network aliases and the network connect and network disconnect commands. Network aliases are additional names that containers can be accessed through when using DNS. The network connect and network disconnect commands allow running containers to be added to and removed from networks. These have been frequent requests from users, and significantly improve our compatibility with Docker in networking.

    Podman 2.2 also comes with initial support for short name aliasing. This feature, explained more fully here, enhances the security of short names in the podman pull and podman run commands (e.g. podman pull ubi8) by ensuring that that the image we pull is actually the image the user wanted. This feature is purely opt-in for now but will be enabled by default in Podman 3.0.

    The podman generate kube and podman play kube commands also saw numerous improvements, most of which were provided by the community. Both generate kube and play kube now support resource limits for containers. We’ve also gained support for Kubernetes’ persistent volume claims and configmaps in podman play kube. We now offer increased control over the containers created by play kube as well, with a --start option (defaulting to true) controlling whether they are started immediately after being created, and the ability to set what log driver they use to improve the ability of podman play kube to integrate with systemd unit files.

    We’ve also added several other improvements. The --mount option to podman create and podman run can now mount a container image into a container using the type=image argument. Additionally, the podman inspect command now works with more objects (networks, pods, and volumes) instead of just containers and images. Finally, more Podman commands (podman mount, podman diff, podman container exists) can now work with Buildah and CRI-O containers, in addition to Podman containers.

    Numerous bug fixes to APIV2 to better support docker-compose and docker-py.

    - + \ No newline at end of file diff --git a/release/tags/open-source.html b/release/tags/open-source.html index 78ff9fec5..78b2fd497 100644 --- a/release/tags/open-source.html +++ b/release/tags/open-source.html @@ -12,14 +12,14 @@ - +

    25 posts tagged with "open source"

    View All Tags

    · 3 min read

    podman logo

    Podman 4.3.0 is now available! There’s a lot to be excited about, including numerous new features, over 30 bug fixes, and many other improvements. A major focus of 4.3 has been on improving Docker compatibility, including the addition of many missing options and aliases to Podman’s command line to further our efforts to make transitioning to Podman a seamless change. Podman’s integration with Kubernetes has also seen many improvements, including improved integration with systemd and support for automatic updates. Read on for more details and these changes and more!

    The Podman team made improved compatibility with Docker a priority for Podman 4.3. We audited Podman’s commands against the Docker command line tool to identify missing and unsupported options and then set to work adding and fixing differences. As part of these, we added a dozen new options to various Podman commands, with many of these being missing aliases for existing options. A new set of commands, podman context, have been added for compatibility with docker context. These are also aliases (for podman system connection commands), and will usually be hidden as they are only required for scripts originally written to use Docker. We have also removed a known incompatibility with Docker in Podman’s volume handling. Docker compatibility remains a focus for Podman, and we will continue our efforts to make migrating to Podman effortless.

    Podman’s Kubernetes integration also saw numerous changes, the biggest of which is the creation of the podman kube command. Previously, Kubernetes YAML was generated with podman generate kube and ran with podman play kube, but users found this confusing - it wasn’t immediately obvious from podman help that the commands existed. By moving the commands to podman kube generate and podman kube play and introducing a new command to tear down pods (podman kube down), we consolidated all Kubernetes commands in one easy-to-find place. The podman generate kube, and podman play kube commands will continue to work, but the new podman kube commands will be preferred.

    Of course, we didn’t stop at just renaming commands. We’ve made a number of further additions to podman kube play, most notably improved systemd integration. In Podman 4.2, we added podman-kube@.service to allow pods created with podman kube play to be managed with systemd. With Podman 4.3, we’ve improved this in two significant ways. First, pods using podman-kube@.service can now use sdnotify to verify to systemd that they have started. This laid the groundwork for the following major change: Pods from podman-kube@.service now support Podman’s auto-updated mechanism, enabled using an annotation (io.containers.auto-update). Furthermore, we made several improvements to podman kube play, including support for emptyDir volumes, support for user namespaces via HostUsers, and support for binary data in ConfigMaps.

    These are just a few of the over 30 features and bug fixes included in Podman 4.3.0. Be sure to check out the release notes for more details!

    · 3 min read

    podman logo

    Podman v4.2.0 has been released!

    Podman 4.2.0, our latest release, is now available. Featuring dozens of new features, including support for the GitLab Runner, significant improvements to podman play kube, and pods in general. We’ve also been working on running Podman on Mac and Windows, with a number of major bug fixes and several new features for podman machine landing. We are also happy to announce an early release of Podman Desktop, a GUI tool for Podman. Read on for more details!

    Our new release now supports being used with the GitLab Runner as part of GitLab CI platforms, using the Docker executor. This has been the culmination of months of effort, and required squashing a number of bugs in our REST API. GitLab Runner has been a much-requested feature, and we’re eager to see what users do with it!

    As part of the 4.2.0 release, we have made many changes to both Podman pods and the podman play kube command. Pods now have early support for resource limits, allowing CPU and memory use for a pod to be limited. All containers in the pod will share this limit but can still set their own limits. Pods can also be cloned now via the new podman pod clone command. Support for YAML in play kube has also been improved, with additional support for security context settings and the ability to use BlockDevice and CharDevice volumes.

    systemd integration with podman play kube has been introduced. Pods launched by podman play kube can be managed by systemd, using the new podman-kube@.service service - e.g. systemctl --user start podman-play-kube@$(systemd-escape my.yaml).service will run the my.yaml file managed by systemd.

    Several other features and changes also landed in Podman v4.2.0. Early support for Sigstore signatures is now available in podman push and podman manifest push - expect more in this area in the future as we further integrate Sigstore and Podman. Podman networks can now be isolated (preventing traffic from being sent to other Podman-managed networks) with the --opt isolate= option to podman network create.

    These are just a few of the 40 new features and 50 bug fixes included in Podman 4.2.0. Be sure to check out the release notes for more details!

    Along with the release of Podman 4.2.0, a new version of Podman Desktop is available. If you are not yet aware of Podman Desktop, it’s a new project under the container organization to help developers work with containers in their local environment with a desktop UI. Podman Desktop is still in its early days. Still, it already provides capabilities to list your images, interact with containers (access logs, get a terminal), connect to registries (pull private images, push your images) and configure podman settings (proxies). An early adopter program has also been set up. Feel free to sign up if you are interested in testing Podman Desktop, providing feedback, and speaking about your ideas, experiences, and pain points! If you are interested in contributing to the tool, your help would also be appreciated. Feel free to investigate the project’s Github.

    · 3 min read

    podman logo

    Podman v4.1 has been released!

    The new Podman v4.1.0 release is now available. This release is all about new features, with some of the most exciting being improved support for running on Mac and Windows, and adding support for Docker Compose v2.0. These are just the beginning, though, as this release also includes the ability to clone containers, significant improvements to checkpointing, and over 25 bug fixes. Read on for more details!

    Podman’s support for running on Mac and Windows via podman machine has seen a number of major improvements, chief among them support for mounting the host machine’s home directory into the podman machine VMs by default. Also, on Windows, you can now refer to arbitrary Windows drive paths in your volume mount expressions. This allows containers run by Podman to use mounts from the host, an often-requested feature. Additionally, we’ve added a podman machine inspect command to inspect existing VMs, and support for modifying the CPU, memory, and disk limits of existing VMs using the podman machine set command. Support for non-Linux operating systems continues to be one of our main focuses, and we’re committed to improving our user experience here - stay tuned for more details!

    Podman v4.1 is also our first release to support Docker Compose v2.2.0 and up. Since our v3.0 release over a year ago, Podman has supported Compose v1, but the rewritten Compose v2 required further work in Podman to support. Please note that it may be necessary to disable the use of the BuildKit API by setting the environment variable DOCKER_BUILDKIT=0; we’re looking into improving our Buildkit support in the future, so this is not necessary.

    There are numerous other changes and improvements to all parts of Podman packed into this release. We’ve added several new commands, including podman volume mount and podman volume unmount (to allow easy copying of files to and from volumes without using them in a container) and podman container clone (creates a copy of an existing container, with the ability to change many settings while doing so). Checkpoint and restore have seen a major improvement with the ability to store checkpoints as OCI images, allowing them to be distributed via container registries. Finally, Podman has gone on a diet - we set out to reduce or eliminate many of our dependencies and managed to reduce our binary size by 8MB shaving off 15% of the original binary size. There are many more changes - too many to list all of them here - so be sure to check out the release notes!

    · 2 min read

    podman logo

    Podman v4.0 has been released!

    Podman v4.0.0, a brand-new major release, is now available. Podman 4.0 is one of our most significant releases ever, featuring over 60 new features. Headlining this release is a complete rewrite of the network stack for improved functionality and performance, but there are numerous other changes, including improvements to Podman’s Mac and Windows support, improvements to pods, over 50 bug fixes, and much, much more!

    Podman now features support for a new network stack based on Netavark and Aardvark, in addition to the existing CNI stack. The new stack features improved support for containers in multiple networks, improved IPv6 support, and improved performance. To ensure that we don’t break existing users, the old CNI stack will remain the default on existing installations, while new installs will use Netavark. We’re planning an in-depth dive into the networking changes in a future blog, so look forward to more details there!

    Support for Podman on Windows and OS X has also been a top priority, and we have made several major improvements for Podman 4.0. Chief among them is support for mounting the Podman API socket on the host system, allowing tools like Docker Compose to be used on the host system instead of inside the podman machine VM. Also, podman machine can now use WSL2 as a backend on Windows, greatly improving Podman’s support for Windows. More features, including support for volume mounts from the host, are planned for Podman v4.1, so stay tuned for more updates.

    Podman Pods have seen numerous new features added to allow sharing resources between containers in the pod. The --volume and --device options to the podman pod create command allows volumes and devices to be mounted to every container in the pod, and the --security-opt and --sysctl options allow these configurations to be set for every container in the pod. Again, these changes are just the beginning of what we have planned - eventually, we aim to have almost every option from podman run available to pods to allow easy sharing of configuration options among containers within them.

    These changes are just the tip of the iceberg - there’s far more packed into this release, including major updates to checkpoint and restore, improvements to podman generate systemd and podman play kube, and so much more. Find out more in the release notes.

    · 2 min read

    podman logo

    Podman 3.3 has been released!

    A new Podman release is available, featuring a number of exciting new features, including improved support for running Podman on OS X, support for restarting containers after a system restart, improved support for checkpointing and restoring containers, and 60 bug fixes and stability improvements. Read on for more details!

    Podman’s support for running on non-Linux operating systems via the podman machine command continues to improve in v3.3.0. When containers are run inside a virtual machine created by podman machine, port forwarding from the host to the container is now supported - that is, a container that forwards port 8080 on the host to port 80 in the container will now be accessible not just from port 8080 in the Podman-managed virtual machine, but also from port 8080 on the host system. Stability also continues to improve, with many fixes being made to both podman machine itself and the remote Podman client.

    Podman now supports restarting containers created with the --restart option after the system is rebooted. Containers created with --restart=always can be automatically started when the system boots if the podman-restart.service systemd unit is enabled. Our main focus continues to be on managing containers directly with systemd via podman generate systemd, which has always allowed containers to be automatically started after boot and provides greater flexibility than the --restart option, but the addition of podman-restart.service will be useful for those seeking improved compatibility with Docker. The podman generate systemd command also saw several improvements, and will not default to using SDNotify instead of PID files, producing smaller and easier-to-understand unit files.

    Support for checkpoint and restoring containers has seen several new additions, most notably the ability to checkpoint and restore containers that are part of pods. Additionally, when restoring containers, you can now alter what ports the container publishes via the --publish option. Together, these greatly increase the flexibility of checkpoint and restore.

    This release also includes numerous other changes, features, and fixes. Find out more in the release notes.

    · 2 min read

    podman logo

    Podman 3.1 has been released!

    The new Podman release includes a number of exciting new features, including the podman secret command for managing secrets, support for a volume chown option to fix permissions automatically, improved support for volumes in podman generate kube, and over 60 bug fixes, many to the HTTP API. Read on for more details!

    Secrets support has been a frequent request for Podman, and 3.1.0 features the first step toward fulfilling it. Secrets add a way to easily add confidential data into containers, by having Podman-managed secret files, which can easily be added to containers. We have added a suite of new commands - podman secret create, podman secret ls, podman secret inspect, and podman secret rm - to manage these secrets, and a --secret flag to podman create and podman run to mount secrets into containers. Please note that the initial implementation of secrets does not encrypt secrets at rest - look for this in an upcoming release.

    Podman can now automatically change volume ownership to match the user a container is running as. The new :U mount option for volumes made with the -v flag to podman create and podman run will chown paths mounted into containers to ensure that the user in the container can access the volume. This is very useful with rootless containers, where the rootless user namespace can make it difficult to tell what user on the container will access a directory.

    The podman generate kube command can now generate PersistentVolumeClaim volumes for Podman named volumes attached to containers. These have been supported in podman play kube since v2.2.0, but until now, Podman has not been able to create YAML with these volumes. This important addition restores symmetry between generate kube and play kube.

    This release also includes numerous other changes, features, and fixes. Find out more in the release notes.

    · 3 min read

    podman logo

    Podman 3.0 has been released!

    This new major release features several exciting new features, including support for Docker Compose, improved security around image pulls by short name, improved networking support, and over 100 bug fixes. Podman v3.0 also features numerous improvements to our REST API and the Podman remote client.

    The headlining feature of Podman 3.0 is the addition of support for Docker Compose which can now run against the Podman REST API. There are no changes needed as Compose won’t even realize it’s using Podman. Compose is only supported when running Podman as root; we aim to support it with rootless Podman in a future release.

    Podman 3.0 also enables secure short name aliasing by default, a feature that debuted in experimental form in Podman 2.2. With short name aliasing enabled, every time a user-facing Podman process pulls an image by a short name for the first time (e.g. podman pull fedora), it will prompt to ask the user where they want to pull from. This removes several potential ways an attacker could manipulate where an image was pulled from to cause Podman to pull a malicious image.

    Podman networking has seen numerous fixes as part of Podman 3.0. We have added a new command, podman network reload, which recreates firewall rules for Podman containers. Previously, reloading the system firewall would render all containers running as root unusable until they were restarted; podman network reload fixes this. Networks created by podman network create also now support labels, and the podman network ls command can filter using these labels.

    Podman v3.0 includes the latest version of Buildah along with updates to our other container libraries. Buildah 1.19.2 includes many new features and fixes, including improved support for building multi-platform container images.

    Podman v3.0 also includes a fix for CVE-2021-20199. This is a security issue where rootless Podman would rewrite the source address on traffic from published ports to 127.0.0.1, which could cause an authentication bypass on certain images. We strongly suggest upgrading if you use rootless Podman.

    As part of 3.0, Podman has dropped support for the legacy Varlink API, which we deprecated in Podman 2.0. We recommend all users of the Varlink API upgrade to the new REST API.

    Dozens of other features, changes, and bug fixes are all included to improve stability, performance, and compatibility. These include numerous additional commands and options as well as API changes and fixes. You can read more here.

    · 2 min read

    podman logo

    Podman 2.2 has been released!

    Podman v2.2.0 has been released! Featuring numerous new features and over 80 bugfixes, the new Podman offers a number of often-requested features and improved stability. Read on for more details!

    Some of our most exciting new features include support for network aliases and the network connect and network disconnect commands. Network aliases are additional names that containers can be accessed through when using DNS. The network connect and network disconnect commands allow running containers to be added to and removed from networks. These have been frequent requests from users, and significantly improve our compatibility with Docker in networking.

    Podman 2.2 also comes with initial support for short name aliasing. This feature, explained more fully here, enhances the security of short names in the podman pull and podman run commands (e.g. podman pull ubi8) by ensuring that that the image we pull is actually the image the user wanted. This feature is purely opt-in for now but will be enabled by default in Podman 3.0.

    The podman generate kube and podman play kube commands also saw numerous improvements, most of which were provided by the community. Both generate kube and play kube now support resource limits for containers. We’ve also gained support for Kubernetes’ persistent volume claims and configmaps in podman play kube. We now offer increased control over the containers created by play kube as well, with a --start option (defaulting to true) controlling whether they are started immediately after being created, and the ability to set what log driver they use to improve the ability of podman play kube to integrate with systemd unit files.

    We’ve also added several other improvements. The --mount option to podman create and podman run can now mount a container image into a container using the type=image argument. Additionally, the podman inspect command now works with more objects (networks, pods, and volumes) instead of just containers and images. Finally, more Podman commands (podman mount, podman diff, podman container exists) can now work with Buildah and CRI-O containers, in addition to Podman containers.

    Numerous bug fixes to APIV2 to better support docker-compose and docker-py.

    · 2 min read

    podman logo

    Podman 2.1 has been released!

    Podman v2.1.0 has just been released! This is one of our largest releases ever, and features numerous new features, over 50 bugs fixed, and extensive work on the REST API. Read on for more details!

    Our biggest announcement is that rootless Podman now supports inter-container networking. Previously, it was impossible for rootless Podman containers to communicate directly with each other without using pods. Now, by joining rootless containers to a network, they can communicate with other containers in the same network in the same manner as containers running with full root privileges. This is a major improvement to rootless networking, and addresses one of the largest gaps between running Podman with and without root.

    We’ve also enabled a number of new features for images. Podman can now mount images (read-only) so their contents can be viewed without creating a container based on the image, using the podman image mount command. Additionally, podman save and podman load can now work with archives containing multiple images, instead of only one at a time. Finally, Podman’s pull logic has been reworked to retry pulling images when a pull fails due to network issues.

    The podman play kube command has also been a focus of attention. It now handles many additional options from Kubernetes YAML. These include support for new volume types (mounting sockets into your pods and setting volumes as read-only), setting restart policy for pods, adding entries to /etc/hosts, and many more. These features are available to anyone using podman generate kube as well.

    In addition, there are numerous small improvements. Volume mounts can now use the :O option to be created as overlay mounts - mounts where changes made by the container will not be propagated back to the host. Podman now supports setting the timezone of containers (using the --tz flag). The podman ps command now supports a --storage option which will display all containers on the system, even those not managed by Podman (e.g. Buildah and CRI-O containers).

    · 2 min read

    podman logo

    Podman 1.9 has been released!

    Podman 1.9.0 has been released, featuring initial support for the new containers.conf configuration file, the ability to dynamically allocate user namespaces, and many improvements to the HTTP API.

    The containers.conf configuration file (documentation here) is the eventual replacement for our old configuration file, libpod.conf. It contains everything that file had, but also a large number of container-specific configuration settings, including the ability to add volume mounts, environment variables, DNS servers, and much more by default in new containers. As support is still in the early stages, we do not presently provide a default containers.conf, but expect to find one in future releases! The containers.conf file is also shared between Podman and Buildah, and sets defaults for both.

    Podman continues to push the boundaries of containers and security. Podman has a new experimental feature to dynamically allocate user namespaces for containers run as root with the --userns=auto flag. This option causes Podman to allocate unique user namespaces for each container it creates, dynamically sized based on the number of UIDs in the image. With this option, it is trivial to run containers in separate user namespaces, greatly improving isolation.

    We expect that Podman 1.9.0 will be the last minor release before Podman 2.0. Podman 2.0 will feature a number of major architectural changes to better support the new HTTP API, and will allow Podman to be used locally, as it is today, or remotely, against a Podman HTTP service, with the same executable. More details here.

    - + \ No newline at end of file diff --git a/release/tags/open-source/page/2.html b/release/tags/open-source/page/2.html index f128ff993..5675a0511 100644 --- a/release/tags/open-source/page/2.html +++ b/release/tags/open-source/page/2.html @@ -12,7 +12,7 @@ - + @@ -26,7 +26,7 @@ rootless Podman, adding short options to some of the existing command options, added --all-tags to the the pull command, further changes for rootless containers and more. All the details follow!

    Changes

    Features

    • Added --latest and --all flags to podman mount and podman umount
    • Rootless Podman can now forward ports into containers (using the same -p and -P flags as root Podman)
    • Rootless Podman will now pull some configuration options (for example, OCI runtime path) from the default root libpod.conf if they are not explicitly set in the user's own libpod.conf #2174
    • Added an alias -f for the --format flag of the podman info and podman version commands
    • Added an alias -s for the --size flag of the podman inspect command
    • Added the podman system info and podman system prune commands
    • Added the podman cp command to copy files between containers and the host #613
    • Added the --password-stdin flag to podman login
    • Added the --all-tags flag to podman pull
    • The --rm and --detach flags can now be used together with podman run
    • The podman start and podman run commands for containers in pods will now start dependency containers if they are stopped
    • Added the podman system renumber command to handle lock changes
    • The --net=host and --dns flags for podman run and podman create no longer conflict
    • Podman now handles mounting the shared /etc/resolv.conf from network namespaces created by ip netns add when they are passed in via podman run --net=ns:

    Bugfixes

    • Fixed a bug with podman inspect where different information would be returned when the container was running versus when it was stopped
    • Fixed a bug where errors in Go templates passed to podman inspect were silently ignored instead of reported to the user #2159
    • Fixed a bug where rootless Podman with --pid=host containers was incorrectly masking paths in /proc
    • Fixed a bug where full errors starting rootless Podman were not reported when a refresh was requested
    • Fixed a bug where Podman would override the config file-specified storage driver with the driver the backing database was created with without warning users
    • Fixed a bug where podman prune would prune all images not in use by a container, as opposed to only untagged images, by default #2192
    • Fixed a bug where podman create --quiet and podman run --quiet were not properly suppressing output
    • Fixed a bug where the table keyword in Go template output of podman ps was not working #2221
    • Fixed a bug where podman inspect on images pulled by digest would double-print @sha256 in output when printing digests #2086
    • Fixed a bug where podman container runlabel will return a non-0 exit code if the label does not exist
    • Fixed a bug where container state was always reset to Created after a reboot #1703
    • Fixed a bug where /dev/pts was unconditionally overridden in rootless Podman, which was unnecessary except in very specific cases
    • Fixed a bug where Podman run as root was ignoring some options in /etc/containers/storage.conf #2217
    • Fixed a bug where Podman cleanup processes were not being given the proper OCI runtime path if a custom one was specified
    • Fixed a bug where podman images --filter dangling=true would crash if no dangling images were present #2246
    • Fixed a bug where podman ps --format {% raw %}"{{.Mounts}}"{% endraw %} would not display a container's mounts #2238
    • Fixed a bug where podman pod stats was ignoring Go templates specified by --format #2258
    • Fixed a bug where podman generate kube would fail on containers with --user specified #2304
    • Fixed a bug where podman images displayed incorrect output for images pulled by digest #2175
    • Fixed a bug where podman port and podman ps did not properly display ports if the container joined a network namespace from a pod or another container #846
    • Fixed a bug where detaching from a container using the detach keys would cause Podman to hang until the container exited
    • Fixed a bug where podman create --rm did not work with podman start --attach
    • Fixed a bug where invalid named volumes specified in podman create and podman run could cause segfaults #2301
    • Fixed a bug where the runtime field in libpod.conf was being ignored. runtime is legacy and deprecated, but will continue to be respected for the foreseeable future
    • Fixed a bug where podman login would sometimes report it logged in successfully when it did not
    • Fixed a bug where podman pod create would not error on receiving unused CLI argument
    • Fixed a bug where rootless podman run with the --pod argument would fail if the pod was stopped
    • Fixed a bug where podman images did not print a trailing newline when not invoked on a TTY #2388
    • Fixed a bug where the --runtime option was sometimes not overriding libpod.conf
    • Fixed a bug where podman pull and podman runlabel would sometimes exit with 0 when they should have exited with an error #2405
    • Fixed a bug where rootless podman export -o would fail #2381
    • Fixed a bug where read-only volumes would fail in rootless Podman when the volume originated on a filesystem mounted nosuid, nodev, or noexec #2312
    • Fixed a bug where some files used by checkpoint and restore received improper SELinux labels #2334
    • Fixed a bug where Podman's volume path was not properly changed when containers/storage changed location #2395

    Misc

    • Podman migrated to a new, shared memory locking model in this release. As part of this, if you are running Podman with pods or dependency containers (e.g. --net=container:), you should run the podman system renumber command to migrate your containers to the new model - please reference the podman-system-renumber(1) man page for further details
    • Podman migrated to a new command-line parsing library, and the output format of help and usage text has somewhat changed as a result
    • Updated Buildah to v1.7, picking up a number of bugfixes
    • Updated containers/image library to v1.5, picking up a number of bugfixes and performance improvements to pushing images
    • Updated containers/storage library to v1.10, picking up a number of bugfixes
    • Work on the remote Podman client for interacting with Podman remotely over Varlink is progressing steadily, and many image and pod commands are supported
    • Added path masking to mounts with the :z and :Z options, preventing users from accidentally performing an SELinux relabel of their entire home directory
    • The podman container runlabel command will not pull an image if it does not contain the requested label
    • Many commands' usage information now includes examples
    • podman rm can now delete containers in containers/storage, which can be used to resolve some situations where Podman fails to remove a container
    • The podman search command now searches multiple registries in parallel for improved performance
    • The podman build command now defaults --pull-always to true
    • Containers which share a network namespace (for example, when in a pod) will now share /etc/hosts and /etc/resolv.conf between all containers in the pod, causing changes in one container to propagate to all containers sharing their networks
    • The podman rm and podman rmi commands now return 1 (instead of 127) when all specified container or images are missing

    As always, please visit our release notes on GitHub to see the full changelog.

    You can find instructions for installing Podman here

    · 3 min read

    podman logo

    Podman has gone 1.0!

    Our original goal with Podman was to provide a fully-featured debugging experience for CRI-O, but it has become so much more. Podman 1.0.0 is a fully-featured container engine. It provides a Docker-compatible command line to ease the transition from other container engines. Most Podman commands can be run as a regular user, without requiring additional privileges. Furthermore, all of this is accomplished without a daemon!

    · 2 min read

    podman logo

    Podman Release 0.12.1.1

    We're happy to announce the availability of Podman 0.12.1.1, our latest version. We've been very busy over the last month, and it shows! We've merged over 150 new commits since our 0.11 releases, including major new functionality and several critical bugfixes. Pods, Kubernetes compatibility, and container volumes all saw major improvements.

    We hope everyone enjoys the release, and stays with us in the future as Podman gets closer to 1.0. As always, many thanks to everyone who contributed to this release!

    · 2 min read

    podman logo

    Podman release 0.8.3

    Our release this week was very smooth. It seems like between CI infrastructure stability, last minute pull requests, and sometimes just plain bad luck, something always gives us trouble on Friday’s. The Fedora packages are created and I see that they are getting their karma and working through the process already.

    By the way, we moved! Our new upstream location is https://github.com/containers/podman. It seems to be a more natural fit for our project and more closely associates us with some of our sister projects.

    - + \ No newline at end of file diff --git a/release/tags/open-source/page/3.html b/release/tags/open-source/page/3.html index aa3e35ece..598d2781b 100644 --- a/release/tags/open-source/page/3.html +++ b/release/tags/open-source/page/3.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    25 posts tagged with "open source"

    View All Tags

    · 2 min read

    podman logo

    Podman release 0.7.2

    As most weeks are, this was fast and furious. You will see hand fulls of significant features below that have been added to podman this week. All of it is awesome work from the core team and its contributors. There were also two interesting features that users will be interested in: the ability to create a container with multiple networks and the podman remote client.

    · 2 min read

    podman logo

    Podman release 0.7.1

    Last week was a busy holiday week here in the United States, but we still managed a nice release full of interesting merges.

    Many of the significant merges are going to be less than noticeable to users. A lot of updated vendor code was added as well as the removal of unused functions due to cgroups and platform changes.

    · 3 min read

    podman logo

    Podman release 0.6.4

    This afternoon we were able to overcome some last minute bugs and release a new Podman. The packages are building in Fedora and will work their way through Fedora’s bodhi system. For giggles, I looked at the number of individual contributors this week and was glad to see the number at 10.

    Mainly bugfixes this week, one big one was that we do a better job cleaning up containers that run in the back ground.

    · 2 min read

    podman logo

    Podman release 0.6.1

    It seems that when we have a short work week here in the US, we have rather large releases. To me, that flies in the face of logic. Speaking of which, one particular milestone was reached this week … We had our 1000th commit in Podman!

    That is particularly special, because prior to this repository, all libpod work was being done within the CRI-O repository. So the 1000 commits is in actuality since we broke apart from CRI-O. I want to recognize all the contributors who have been helping us along way. Great job! ##Other notable items in the release:

    - + \ No newline at end of file diff --git a/release/tags/podman.html b/release/tags/podman.html index 655dc7ca9..56fedd4c6 100644 --- a/release/tags/podman.html +++ b/release/tags/podman.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    26 posts tagged with "podman"

    View All Tags

    · 3 min read

    podman logo

    Podman 4.3.0 is now available! There’s a lot to be excited about, including numerous new features, over 30 bug fixes, and many other improvements. A major focus of 4.3 has been on improving Docker compatibility, including the addition of many missing options and aliases to Podman’s command line to further our efforts to make transitioning to Podman a seamless change. Podman’s integration with Kubernetes has also seen many improvements, including improved integration with systemd and support for automatic updates. Read on for more details and these changes and more!

    The Podman team made improved compatibility with Docker a priority for Podman 4.3. We audited Podman’s commands against the Docker command line tool to identify missing and unsupported options and then set to work adding and fixing differences. As part of these, we added a dozen new options to various Podman commands, with many of these being missing aliases for existing options. A new set of commands, podman context, have been added for compatibility with docker context. These are also aliases (for podman system connection commands), and will usually be hidden as they are only required for scripts originally written to use Docker. We have also removed a known incompatibility with Docker in Podman’s volume handling. Docker compatibility remains a focus for Podman, and we will continue our efforts to make migrating to Podman effortless.

    Podman’s Kubernetes integration also saw numerous changes, the biggest of which is the creation of the podman kube command. Previously, Kubernetes YAML was generated with podman generate kube and ran with podman play kube, but users found this confusing - it wasn’t immediately obvious from podman help that the commands existed. By moving the commands to podman kube generate and podman kube play and introducing a new command to tear down pods (podman kube down), we consolidated all Kubernetes commands in one easy-to-find place. The podman generate kube, and podman play kube commands will continue to work, but the new podman kube commands will be preferred.

    Of course, we didn’t stop at just renaming commands. We’ve made a number of further additions to podman kube play, most notably improved systemd integration. In Podman 4.2, we added podman-kube@.service to allow pods created with podman kube play to be managed with systemd. With Podman 4.3, we’ve improved this in two significant ways. First, pods using podman-kube@.service can now use sdnotify to verify to systemd that they have started. This laid the groundwork for the following major change: Pods from podman-kube@.service now support Podman’s auto-updated mechanism, enabled using an annotation (io.containers.auto-update). Furthermore, we made several improvements to podman kube play, including support for emptyDir volumes, support for user namespaces via HostUsers, and support for binary data in ConfigMaps.

    These are just a few of the over 30 features and bug fixes included in Podman 4.3.0. Be sure to check out the release notes for more details!

    · 3 min read

    podman logo

    Podman v4.2.0 has been released!

    Podman 4.2.0, our latest release, is now available. Featuring dozens of new features, including support for the GitLab Runner, significant improvements to podman play kube, and pods in general. We’ve also been working on running Podman on Mac and Windows, with a number of major bug fixes and several new features for podman machine landing. We are also happy to announce an early release of Podman Desktop, a GUI tool for Podman. Read on for more details!

    Our new release now supports being used with the GitLab Runner as part of GitLab CI platforms, using the Docker executor. This has been the culmination of months of effort, and required squashing a number of bugs in our REST API. GitLab Runner has been a much-requested feature, and we’re eager to see what users do with it!

    As part of the 4.2.0 release, we have made many changes to both Podman pods and the podman play kube command. Pods now have early support for resource limits, allowing CPU and memory use for a pod to be limited. All containers in the pod will share this limit but can still set their own limits. Pods can also be cloned now via the new podman pod clone command. Support for YAML in play kube has also been improved, with additional support for security context settings and the ability to use BlockDevice and CharDevice volumes.

    systemd integration with podman play kube has been introduced. Pods launched by podman play kube can be managed by systemd, using the new podman-kube@.service service - e.g. systemctl --user start podman-play-kube@$(systemd-escape my.yaml).service will run the my.yaml file managed by systemd.

    Several other features and changes also landed in Podman v4.2.0. Early support for Sigstore signatures is now available in podman push and podman manifest push - expect more in this area in the future as we further integrate Sigstore and Podman. Podman networks can now be isolated (preventing traffic from being sent to other Podman-managed networks) with the --opt isolate= option to podman network create.

    These are just a few of the 40 new features and 50 bug fixes included in Podman 4.2.0. Be sure to check out the release notes for more details!

    Along with the release of Podman 4.2.0, a new version of Podman Desktop is available. If you are not yet aware of Podman Desktop, it’s a new project under the container organization to help developers work with containers in their local environment with a desktop UI. Podman Desktop is still in its early days. Still, it already provides capabilities to list your images, interact with containers (access logs, get a terminal), connect to registries (pull private images, push your images) and configure podman settings (proxies). An early adopter program has also been set up. Feel free to sign up if you are interested in testing Podman Desktop, providing feedback, and speaking about your ideas, experiences, and pain points! If you are interested in contributing to the tool, your help would also be appreciated. Feel free to investigate the project’s Github.

    · 3 min read

    podman logo

    Podman v4.1 has been released!

    The new Podman v4.1.0 release is now available. This release is all about new features, with some of the most exciting being improved support for running on Mac and Windows, and adding support for Docker Compose v2.0. These are just the beginning, though, as this release also includes the ability to clone containers, significant improvements to checkpointing, and over 25 bug fixes. Read on for more details!

    Podman’s support for running on Mac and Windows via podman machine has seen a number of major improvements, chief among them support for mounting the host machine’s home directory into the podman machine VMs by default. Also, on Windows, you can now refer to arbitrary Windows drive paths in your volume mount expressions. This allows containers run by Podman to use mounts from the host, an often-requested feature. Additionally, we’ve added a podman machine inspect command to inspect existing VMs, and support for modifying the CPU, memory, and disk limits of existing VMs using the podman machine set command. Support for non-Linux operating systems continues to be one of our main focuses, and we’re committed to improving our user experience here - stay tuned for more details!

    Podman v4.1 is also our first release to support Docker Compose v2.2.0 and up. Since our v3.0 release over a year ago, Podman has supported Compose v1, but the rewritten Compose v2 required further work in Podman to support. Please note that it may be necessary to disable the use of the BuildKit API by setting the environment variable DOCKER_BUILDKIT=0; we’re looking into improving our Buildkit support in the future, so this is not necessary.

    There are numerous other changes and improvements to all parts of Podman packed into this release. We’ve added several new commands, including podman volume mount and podman volume unmount (to allow easy copying of files to and from volumes without using them in a container) and podman container clone (creates a copy of an existing container, with the ability to change many settings while doing so). Checkpoint and restore have seen a major improvement with the ability to store checkpoints as OCI images, allowing them to be distributed via container registries. Finally, Podman has gone on a diet - we set out to reduce or eliminate many of our dependencies and managed to reduce our binary size by 8MB shaving off 15% of the original binary size. There are many more changes - too many to list all of them here - so be sure to check out the release notes!

    · 2 min read

    podman logo

    Podman v4.0 has been released!

    Podman v4.0.0, a brand-new major release, is now available. Podman 4.0 is one of our most significant releases ever, featuring over 60 new features. Headlining this release is a complete rewrite of the network stack for improved functionality and performance, but there are numerous other changes, including improvements to Podman’s Mac and Windows support, improvements to pods, over 50 bug fixes, and much, much more!

    Podman now features support for a new network stack based on Netavark and Aardvark, in addition to the existing CNI stack. The new stack features improved support for containers in multiple networks, improved IPv6 support, and improved performance. To ensure that we don’t break existing users, the old CNI stack will remain the default on existing installations, while new installs will use Netavark. We’re planning an in-depth dive into the networking changes in a future blog, so look forward to more details there!

    Support for Podman on Windows and OS X has also been a top priority, and we have made several major improvements for Podman 4.0. Chief among them is support for mounting the Podman API socket on the host system, allowing tools like Docker Compose to be used on the host system instead of inside the podman machine VM. Also, podman machine can now use WSL2 as a backend on Windows, greatly improving Podman’s support for Windows. More features, including support for volume mounts from the host, are planned for Podman v4.1, so stay tuned for more updates.

    Podman Pods have seen numerous new features added to allow sharing resources between containers in the pod. The --volume and --device options to the podman pod create command allows volumes and devices to be mounted to every container in the pod, and the --security-opt and --sysctl options allow these configurations to be set for every container in the pod. Again, these changes are just the beginning of what we have planned - eventually, we aim to have almost every option from podman run available to pods to allow easy sharing of configuration options among containers within them.

    These changes are just the tip of the iceberg - there’s far more packed into this release, including major updates to checkpoint and restore, improvements to podman generate systemd and podman play kube, and so much more. Find out more in the release notes.

    · 2 min read

    podman logo

    Podman 3.3 has been released!

    A new Podman release is available, featuring a number of exciting new features, including improved support for running Podman on OS X, support for restarting containers after a system restart, improved support for checkpointing and restoring containers, and 60 bug fixes and stability improvements. Read on for more details!

    Podman’s support for running on non-Linux operating systems via the podman machine command continues to improve in v3.3.0. When containers are run inside a virtual machine created by podman machine, port forwarding from the host to the container is now supported - that is, a container that forwards port 8080 on the host to port 80 in the container will now be accessible not just from port 8080 in the Podman-managed virtual machine, but also from port 8080 on the host system. Stability also continues to improve, with many fixes being made to both podman machine itself and the remote Podman client.

    Podman now supports restarting containers created with the --restart option after the system is rebooted. Containers created with --restart=always can be automatically started when the system boots if the podman-restart.service systemd unit is enabled. Our main focus continues to be on managing containers directly with systemd via podman generate systemd, which has always allowed containers to be automatically started after boot and provides greater flexibility than the --restart option, but the addition of podman-restart.service will be useful for those seeking improved compatibility with Docker. The podman generate systemd command also saw several improvements, and will not default to using SDNotify instead of PID files, producing smaller and easier-to-understand unit files.

    Support for checkpoint and restoring containers has seen several new additions, most notably the ability to checkpoint and restore containers that are part of pods. Additionally, when restoring containers, you can now alter what ports the container publishes via the --publish option. Together, these greatly increase the flexibility of checkpoint and restore.

    This release also includes numerous other changes, features, and fixes. Find out more in the release notes.

    · 2 min read

    podman logo

    Podman 3.1 has been released!

    The new Podman release includes a number of exciting new features, including the podman secret command for managing secrets, support for a volume chown option to fix permissions automatically, improved support for volumes in podman generate kube, and over 60 bug fixes, many to the HTTP API. Read on for more details!

    Secrets support has been a frequent request for Podman, and 3.1.0 features the first step toward fulfilling it. Secrets add a way to easily add confidential data into containers, by having Podman-managed secret files, which can easily be added to containers. We have added a suite of new commands - podman secret create, podman secret ls, podman secret inspect, and podman secret rm - to manage these secrets, and a --secret flag to podman create and podman run to mount secrets into containers. Please note that the initial implementation of secrets does not encrypt secrets at rest - look for this in an upcoming release.

    Podman can now automatically change volume ownership to match the user a container is running as. The new :U mount option for volumes made with the -v flag to podman create and podman run will chown paths mounted into containers to ensure that the user in the container can access the volume. This is very useful with rootless containers, where the rootless user namespace can make it difficult to tell what user on the container will access a directory.

    The podman generate kube command can now generate PersistentVolumeClaim volumes for Podman named volumes attached to containers. These have been supported in podman play kube since v2.2.0, but until now, Podman has not been able to create YAML with these volumes. This important addition restores symmetry between generate kube and play kube.

    This release also includes numerous other changes, features, and fixes. Find out more in the release notes.

    · 3 min read

    podman logo

    Podman 3.0 has been released!

    This new major release features several exciting new features, including support for Docker Compose, improved security around image pulls by short name, improved networking support, and over 100 bug fixes. Podman v3.0 also features numerous improvements to our REST API and the Podman remote client.

    The headlining feature of Podman 3.0 is the addition of support for Docker Compose which can now run against the Podman REST API. There are no changes needed as Compose won’t even realize it’s using Podman. Compose is only supported when running Podman as root; we aim to support it with rootless Podman in a future release.

    Podman 3.0 also enables secure short name aliasing by default, a feature that debuted in experimental form in Podman 2.2. With short name aliasing enabled, every time a user-facing Podman process pulls an image by a short name for the first time (e.g. podman pull fedora), it will prompt to ask the user where they want to pull from. This removes several potential ways an attacker could manipulate where an image was pulled from to cause Podman to pull a malicious image.

    Podman networking has seen numerous fixes as part of Podman 3.0. We have added a new command, podman network reload, which recreates firewall rules for Podman containers. Previously, reloading the system firewall would render all containers running as root unusable until they were restarted; podman network reload fixes this. Networks created by podman network create also now support labels, and the podman network ls command can filter using these labels.

    Podman v3.0 includes the latest version of Buildah along with updates to our other container libraries. Buildah 1.19.2 includes many new features and fixes, including improved support for building multi-platform container images.

    Podman v3.0 also includes a fix for CVE-2021-20199. This is a security issue where rootless Podman would rewrite the source address on traffic from published ports to 127.0.0.1, which could cause an authentication bypass on certain images. We strongly suggest upgrading if you use rootless Podman.

    As part of 3.0, Podman has dropped support for the legacy Varlink API, which we deprecated in Podman 2.0. We recommend all users of the Varlink API upgrade to the new REST API.

    Dozens of other features, changes, and bug fixes are all included to improve stability, performance, and compatibility. These include numerous additional commands and options as well as API changes and fixes. You can read more here.

    · 2 min read

    podman logo

    Podman 2.2 has been released!

    Podman v2.2.0 has been released! Featuring numerous new features and over 80 bugfixes, the new Podman offers a number of often-requested features and improved stability. Read on for more details!

    Some of our most exciting new features include support for network aliases and the network connect and network disconnect commands. Network aliases are additional names that containers can be accessed through when using DNS. The network connect and network disconnect commands allow running containers to be added to and removed from networks. These have been frequent requests from users, and significantly improve our compatibility with Docker in networking.

    Podman 2.2 also comes with initial support for short name aliasing. This feature, explained more fully here, enhances the security of short names in the podman pull and podman run commands (e.g. podman pull ubi8) by ensuring that that the image we pull is actually the image the user wanted. This feature is purely opt-in for now but will be enabled by default in Podman 3.0.

    The podman generate kube and podman play kube commands also saw numerous improvements, most of which were provided by the community. Both generate kube and play kube now support resource limits for containers. We’ve also gained support for Kubernetes’ persistent volume claims and configmaps in podman play kube. We now offer increased control over the containers created by play kube as well, with a --start option (defaulting to true) controlling whether they are started immediately after being created, and the ability to set what log driver they use to improve the ability of podman play kube to integrate with systemd unit files.

    We’ve also added several other improvements. The --mount option to podman create and podman run can now mount a container image into a container using the type=image argument. Additionally, the podman inspect command now works with more objects (networks, pods, and volumes) instead of just containers and images. Finally, more Podman commands (podman mount, podman diff, podman container exists) can now work with Buildah and CRI-O containers, in addition to Podman containers.

    Numerous bug fixes to APIV2 to better support docker-compose and docker-py.

    · 2 min read

    podman logo

    Podman 2.1 has been released!

    Podman v2.1.0 has just been released! This is one of our largest releases ever, and features numerous new features, over 50 bugs fixed, and extensive work on the REST API. Read on for more details!

    Our biggest announcement is that rootless Podman now supports inter-container networking. Previously, it was impossible for rootless Podman containers to communicate directly with each other without using pods. Now, by joining rootless containers to a network, they can communicate with other containers in the same network in the same manner as containers running with full root privileges. This is a major improvement to rootless networking, and addresses one of the largest gaps between running Podman with and without root.

    We’ve also enabled a number of new features for images. Podman can now mount images (read-only) so their contents can be viewed without creating a container based on the image, using the podman image mount command. Additionally, podman save and podman load can now work with archives containing multiple images, instead of only one at a time. Finally, Podman’s pull logic has been reworked to retry pulling images when a pull fails due to network issues.

    The podman play kube command has also been a focus of attention. It now handles many additional options from Kubernetes YAML. These include support for new volume types (mounting sockets into your pods and setting volumes as read-only), setting restart policy for pods, adding entries to /etc/hosts, and many more. These features are available to anyone using podman generate kube as well.

    In addition, there are numerous small improvements. Volume mounts can now use the :O option to be created as overlay mounts - mounts where changes made by the container will not be propagated back to the host. Podman now supports setting the timezone of containers (using the --tz flag). The podman ps command now supports a --storage option which will display all containers on the system, even those not managed by Podman (e.g. Buildah and CRI-O containers).

    - + \ No newline at end of file diff --git a/release/tags/podman/page/2.html b/release/tags/podman/page/2.html index 84b67f6e4..20b9009d1 100644 --- a/release/tags/podman/page/2.html +++ b/release/tags/podman/page/2.html @@ -12,7 +12,7 @@ - + @@ -26,7 +26,7 @@ rootless Podman, adding short options to some of the existing command options, added --all-tags to the the pull command, further changes for rootless containers and more. All the details follow!

    Changes

    Features

    • Added --latest and --all flags to podman mount and podman umount
    • Rootless Podman can now forward ports into containers (using the same -p and -P flags as root Podman)
    • Rootless Podman will now pull some configuration options (for example, OCI runtime path) from the default root libpod.conf if they are not explicitly set in the user's own libpod.conf #2174
    • Added an alias -f for the --format flag of the podman info and podman version commands
    • Added an alias -s for the --size flag of the podman inspect command
    • Added the podman system info and podman system prune commands
    • Added the podman cp command to copy files between containers and the host #613
    • Added the --password-stdin flag to podman login
    • Added the --all-tags flag to podman pull
    • The --rm and --detach flags can now be used together with podman run
    • The podman start and podman run commands for containers in pods will now start dependency containers if they are stopped
    • Added the podman system renumber command to handle lock changes
    • The --net=host and --dns flags for podman run and podman create no longer conflict
    • Podman now handles mounting the shared /etc/resolv.conf from network namespaces created by ip netns add when they are passed in via podman run --net=ns:

    Bugfixes

    • Fixed a bug with podman inspect where different information would be returned when the container was running versus when it was stopped
    • Fixed a bug where errors in Go templates passed to podman inspect were silently ignored instead of reported to the user #2159
    • Fixed a bug where rootless Podman with --pid=host containers was incorrectly masking paths in /proc
    • Fixed a bug where full errors starting rootless Podman were not reported when a refresh was requested
    • Fixed a bug where Podman would override the config file-specified storage driver with the driver the backing database was created with without warning users
    • Fixed a bug where podman prune would prune all images not in use by a container, as opposed to only untagged images, by default #2192
    • Fixed a bug where podman create --quiet and podman run --quiet were not properly suppressing output
    • Fixed a bug where the table keyword in Go template output of podman ps was not working #2221
    • Fixed a bug where podman inspect on images pulled by digest would double-print @sha256 in output when printing digests #2086
    • Fixed a bug where podman container runlabel will return a non-0 exit code if the label does not exist
    • Fixed a bug where container state was always reset to Created after a reboot #1703
    • Fixed a bug where /dev/pts was unconditionally overridden in rootless Podman, which was unnecessary except in very specific cases
    • Fixed a bug where Podman run as root was ignoring some options in /etc/containers/storage.conf #2217
    • Fixed a bug where Podman cleanup processes were not being given the proper OCI runtime path if a custom one was specified
    • Fixed a bug where podman images --filter dangling=true would crash if no dangling images were present #2246
    • Fixed a bug where podman ps --format {% raw %}"{{.Mounts}}"{% endraw %} would not display a container's mounts #2238
    • Fixed a bug where podman pod stats was ignoring Go templates specified by --format #2258
    • Fixed a bug where podman generate kube would fail on containers with --user specified #2304
    • Fixed a bug where podman images displayed incorrect output for images pulled by digest #2175
    • Fixed a bug where podman port and podman ps did not properly display ports if the container joined a network namespace from a pod or another container #846
    • Fixed a bug where detaching from a container using the detach keys would cause Podman to hang until the container exited
    • Fixed a bug where podman create --rm did not work with podman start --attach
    • Fixed a bug where invalid named volumes specified in podman create and podman run could cause segfaults #2301
    • Fixed a bug where the runtime field in libpod.conf was being ignored. runtime is legacy and deprecated, but will continue to be respected for the foreseeable future
    • Fixed a bug where podman login would sometimes report it logged in successfully when it did not
    • Fixed a bug where podman pod create would not error on receiving unused CLI argument
    • Fixed a bug where rootless podman run with the --pod argument would fail if the pod was stopped
    • Fixed a bug where podman images did not print a trailing newline when not invoked on a TTY #2388
    • Fixed a bug where the --runtime option was sometimes not overriding libpod.conf
    • Fixed a bug where podman pull and podman runlabel would sometimes exit with 0 when they should have exited with an error #2405
    • Fixed a bug where rootless podman export -o would fail #2381
    • Fixed a bug where read-only volumes would fail in rootless Podman when the volume originated on a filesystem mounted nosuid, nodev, or noexec #2312
    • Fixed a bug where some files used by checkpoint and restore received improper SELinux labels #2334
    • Fixed a bug where Podman's volume path was not properly changed when containers/storage changed location #2395

    Misc

    • Podman migrated to a new, shared memory locking model in this release. As part of this, if you are running Podman with pods or dependency containers (e.g. --net=container:), you should run the podman system renumber command to migrate your containers to the new model - please reference the podman-system-renumber(1) man page for further details
    • Podman migrated to a new command-line parsing library, and the output format of help and usage text has somewhat changed as a result
    • Updated Buildah to v1.7, picking up a number of bugfixes
    • Updated containers/image library to v1.5, picking up a number of bugfixes and performance improvements to pushing images
    • Updated containers/storage library to v1.10, picking up a number of bugfixes
    • Work on the remote Podman client for interacting with Podman remotely over Varlink is progressing steadily, and many image and pod commands are supported
    • Added path masking to mounts with the :z and :Z options, preventing users from accidentally performing an SELinux relabel of their entire home directory
    • The podman container runlabel command will not pull an image if it does not contain the requested label
    • Many commands' usage information now includes examples
    • podman rm can now delete containers in containers/storage, which can be used to resolve some situations where Podman fails to remove a container
    • The podman search command now searches multiple registries in parallel for improved performance
    • The podman build command now defaults --pull-always to true
    • Containers which share a network namespace (for example, when in a pod) will now share /etc/hosts and /etc/resolv.conf between all containers in the pod, causing changes in one container to propagate to all containers sharing their networks
    • The podman rm and podman rmi commands now return 1 (instead of 127) when all specified container or images are missing

    As always, please visit our release notes on GitHub to see the full changelog.

    You can find instructions for installing Podman here

    · 3 min read

    podman logo

    Podman has gone 1.0!

    Our original goal with Podman was to provide a fully-featured debugging experience for CRI-O, but it has become so much more. Podman 1.0.0 is a fully-featured container engine. It provides a Docker-compatible command line to ease the transition from other container engines. Most Podman commands can be run as a regular user, without requiring additional privileges. Furthermore, all of this is accomplished without a daemon!

    · 2 min read

    podman logo

    Podman Release 0.12.1.1

    We're happy to announce the availability of Podman 0.12.1.1, our latest version. We've been very busy over the last month, and it shows! We've merged over 150 new commits since our 0.11 releases, including major new functionality and several critical bugfixes. Pods, Kubernetes compatibility, and container volumes all saw major improvements.

    We hope everyone enjoys the release, and stays with us in the future as Podman gets closer to 1.0. As always, many thanks to everyone who contributed to this release!

    - + \ No newline at end of file diff --git a/release/tags/podman/page/3.html b/release/tags/podman/page/3.html index 703ffc618..9fd03eb27 100644 --- a/release/tags/podman/page/3.html +++ b/release/tags/podman/page/3.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    26 posts tagged with "podman"

    View All Tags

    · 2 min read

    podman logo

    Podman release 0.8.3

    Our release this week was very smooth. It seems like between CI infrastructure stability, last minute pull requests, and sometimes just plain bad luck, something always gives us trouble on Friday’s. The Fedora packages are created and I see that they are getting their karma and working through the process already.

    By the way, we moved! Our new upstream location is https://github.com/containers/podman. It seems to be a more natural fit for our project and more closely associates us with some of our sister projects.

    · 2 min read

    podman logo

    Podman release 0.7.2

    As most weeks are, this was fast and furious. You will see hand fulls of significant features below that have been added to podman this week. All of it is awesome work from the core team and its contributors. There were also two interesting features that users will be interested in: the ability to create a container with multiple networks and the podman remote client.

    · 2 min read

    podman logo

    Podman release 0.7.1

    Last week was a busy holiday week here in the United States, but we still managed a nice release full of interesting merges.

    Many of the significant merges are going to be less than noticeable to users. A lot of updated vendor code was added as well as the removal of unused functions due to cgroups and platform changes.

    · 3 min read

    podman logo

    Podman release 0.6.4

    This afternoon we were able to overcome some last minute bugs and release a new Podman. The packages are building in Fedora and will work their way through Fedora’s bodhi system. For giggles, I looked at the number of individual contributors this week and was glad to see the number at 10.

    Mainly bugfixes this week, one big one was that we do a better job cleaning up containers that run in the back ground.

    · 2 min read

    podman logo

    Podman release 0.6.1

    It seems that when we have a short work week here in the US, we have rather large releases. To me, that flies in the face of logic. Speaking of which, one particular milestone was reached this week … We had our 1000th commit in Podman!

    That is particularly special, because prior to this repository, all libpod work was being done within the CRI-O repository. So the 1000 commits is in actuality since we broke apart from CRI-O. I want to recognize all the contributors who have been helping us along way. Great job! ##Other notable items in the release:

    - + \ No newline at end of file