diff --git a/404.html b/404.html index e293891ca..3d629dd52 100644 --- a/404.html +++ b/404.html @@ -12,13 +12,13 @@ - +
-
Skip to main content
Not Found

Don't flip, but we can't find that.

We could not find what you were looking for:   isn't a working link.
The content may have moved;  try a search for it

- +
Skip to main content
Not Found

Seal-ly us! We can't find that page.

We could not find what you were looking for:   isn't a working link.
The content may have moved;  try a search for it

+ \ No newline at end of file diff --git a/assets/js/3b8c55ea.4ead0782.js b/assets/js/3b8c55ea.4ead0782.js deleted file mode 100644 index 720476d10..000000000 --- a/assets/js/3b8c55ea.4ead0782.js +++ /dev/null @@ -1 +0,0 @@ -"use strict";(self.webpackChunkpodman=self.webpackChunkpodman||[]).push([[83217],{3905:(e,n,t)=>{t.d(n,{Zo:()=>d,kt:()=>h});var a=t(67294);function o(e,n,t){return n in e?Object.defineProperty(e,n,{value:t,enumerable:!0,configurable:!0,writable:!0}):e[n]=t,e}function r(e,n){var t=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);n&&(a=a.filter((function(n){return Object.getOwnPropertyDescriptor(e,n).enumerable}))),t.push.apply(t,a)}return t}function i(e){for(var n=1;n=0||(o[t]=e[t]);return o}(e,n);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,t)&&(o[t]=e[t])}return o}var s=a.createContext({}),p=function(e){var n=a.useContext(s),t=n;return e&&(t="function"==typeof e?e(n):i(i({},n),e)),t},d=function(e){var n=p(e.components);return a.createElement(s.Provider,{value:n},e.children)},u="mdxType",c={inlineCode:"code",wrapper:function(e){var n=e.children;return a.createElement(a.Fragment,{},n)}},m=a.forwardRef((function(e,n){var t=e.components,o=e.mdxType,r=e.originalType,s=e.parentName,d=l(e,["components","mdxType","originalType","parentName"]),u=p(t),m=o,h=u["".concat(s,".").concat(m)]||u[m]||c[m]||r;return t?a.createElement(h,i(i({ref:n},d),{},{components:t})):a.createElement(h,i({ref:n},d))}));function h(e,n){var t=arguments,o=n&&n.mdxType;if("string"==typeof e||o){var r=t.length,i=new Array(r);i[0]=m;var l={};for(var s in n)hasOwnProperty.call(n,s)&&(l[s]=n[s]);l.originalType=e,l[u]="string"==typeof e?e:o,i[1]=l;for(var p=2;p{t.r(n),t.d(n,{assets:()=>s,contentTitle:()=>i,default:()=>c,frontMatter:()=>r,metadata:()=>l,toc:()=>p});var a=t(87462),o=(t(67294),t(3905));const r={title:"Podman Installation"},i="Podman Installation Instructions",l={unversionedId:"installation",id:"installation",title:"Podman Installation",description:"Looking for a GUI? You can find Podman Desktop here.",source:"@site/docs/installation.md",sourceDirName:".",slug:"/installation",permalink:"/docs/installation",draft:!1,editUrl:"https://github.com/containers/podman.io/tree/main/docs/installation.md",tags:[],version:"current",frontMatter:{title:"Podman Installation"},sidebar:"docsSidebar",previous:{title:"Getting Started with Podman",permalink:"/docs/"},next:{title:"Podman Checkpoint",permalink:"/docs/checkpoint"}},s={},p=[{value:"Installing on Mac & Windows",id:"installing-on-mac--windows",level:2},{value:"macOS",id:"macos",level:3},{value:"Windows",id:"windows",level:3},{value:"Installing on Linux",id:"installing-on-linux",level:2},{value:"Linux Distributions",id:"linux-distributions",level:3},{value:"Arch Linux & Manjaro Linux",id:"arch-linux--manjaro-linux",level:4},{value:"Alpine Linux",id:"alpine-linux",level:4},{value:"CentOS",id:"centos",level:4},{value:"Debian",id:"debian",level:4},{value:"Fedora",id:"fedora",level:4},{value:"Fedora CoreOS, Fedora Silverblue",id:"fedora-coreos-fedora-silverblue",level:4},{value:"Gentoo",id:"gentoo",level:4},{value:"OpenEmbedded",id:"openembedded",level:4},{value:"openSUSE",id:"opensuse",level:4},{value:"openSUSE Kubic",id:"opensuse-kubic",level:4},{value:"Raspberry Pi OS arm64 (beta)",id:"raspberry-pi-os-arm64-beta",level:4},{value:"RHEL",id:"rhel",level:4},{value:"Ubuntu",id:"ubuntu",level:4},{value:"Linux Mint",id:"linux-mint",level:4},{value:"Installing development versions of Podman",id:"installing-development-versions-of-podman",level:3},{value:"Fedora",id:"fedora-1",level:4},{value:"Installing bleeding-edge versions of Podman",id:"installing-bleeding-edge-versions-of-podman",level:3},{value:"Installing on FreeBSD 14.0",id:"installing-on-freebsd-140",level:2},{value:"Initial configuration",id:"initial-configuration",level:4},{value:"Networking",id:"networking",level:5},{value:"Storage",id:"storage",level:5},{value:"Verification",id:"verification",level:5},{value:"Linux Emulation",id:"linux-emulation",level:5},{value:"Building from Source",id:"building-from-source",level:2},{value:"Build and Run Dependencies",id:"build-and-run-dependencies",level:3},{value:"Building missing dependencies",id:"building-missing-dependencies",level:3},{value:"golang",id:"golang",level:4},{value:"conmon",id:"conmon",level:4},{value:"crun / runc",id:"crun--runc",level:4},{value:"Add configuration",id:"add-configuration",level:4},{value:"Optional packages",id:"optional-packages",level:4},{value:"Get Source Code",id:"get-source-code",level:3},{value:"Build Tags",id:"build-tags",level:4},{value:"Vendoring - Dependency Management",id:"vendoring---dependency-management",level:3},{value:"Ansible",id:"ansible",level:4},{value:"Configuration files",id:"configuration-files",level:2},{value:"registries.conf",id:"registriesconf",level:3},{value:"Man Page: registries.conf.5",id:"man-page-registriesconf5",level:4},{value:"Example from the Fedora containers-common package",id:"example-from-the-fedora-containers-common-package",level:4},{value:"mounts.conf",id:"mountsconf",level:3},{value:"Example from the Fedora containers-common package:",id:"example-from-the-fedora-containers-common-package-1",level:4},{value:"seccomp.json",id:"seccompjson",level:3},{value:"policy.json",id:"policyjson",level:3},{value:"Man Page: policy.json.5",id:"man-page-policyjson5",level:4},{value:"Example from the Fedora containers-common package:",id:"example-from-the-fedora-containers-common-package-2",level:4}],d={toc:p},u="wrapper";function c(e){let{components:n,...t}=e;return(0,o.kt)(u,(0,a.Z)({},d,t,{components:n,mdxType:"MDXLayout"}),(0,o.kt)("h1",{id:"podman-installation-instructions"},"Podman Installation Instructions"),(0,o.kt)("p",null,"Looking for a GUI? You can find Podman Desktop ",(0,o.kt)("a",{parentName:"p",href:"https://podman-desktop.io/downloads"},"here"),"."),(0,o.kt)("h2",{id:"installing-on-mac--windows"},"Installing on Mac & Windows"),(0,o.kt)("p",null,'While "containers are Linux," Podman also runs on Mac and Windows, where it\nprovides a native podman CLI and embeds a guest Linux system to launch your\ncontainers. This guest is referred to as a Podman machine and is managed with\nthe ',(0,o.kt)("inlineCode",{parentName:"p"},"podman machine")," command. Podman on Mac and Windows also listens for\nDocker API clients, supporting direct usage of Docker-based tools and\nprogrammatic access from your language of choice."),(0,o.kt)("h3",{id:"macos"},"macOS"),(0,o.kt)("p",null,"On Mac, each Podman machine is backed by a virtual machine.\nOnce installed, the podman command can be run directly from\nthe Unix shell in ",(0,o.kt)("inlineCode",{parentName:"p"},"Terminal"),", where it remotely communicates with the podman\nservice running in the Machine VM."),(0,o.kt)("details",{open:!0},(0,o.kt)("summary",null,"Download Podman Installer (Recommended)"),(0,o.kt)("p",null,"Podman can be downloaded from the ",(0,o.kt)("a",{parentName:"p",href:"https://podman.io"},"Podman.io")," website."),(0,o.kt)("p",null,"We also upload the installers and other binaries on our ",(0,o.kt)("a",{parentName:"p",href:"https://github.com/containers/podman/releases"},"Github release page"),".")),(0,o.kt)("p",null,"Though not recommended, Podman can also be obtained through Homebrew,\nthe package manager."),(0,o.kt)("details",null,(0,o.kt)("summary",null,"Install via Brew"),(0,o.kt)("p",null,"Since Brew is a community-maintained package manager, we cannot guarantee stability\nof Brew installs of Podman. Thus, installing via Brew is not recommended."),(0,o.kt)("p",null,"However, if you do wish to use Brew, you must first install ",(0,o.kt)("a",{parentName:"p",href:"https://brew.sh/"},"Homebrew"),". Once you\nhave set up brew, you can use the ",(0,o.kt)("inlineCode",{parentName:"p"},"brew install")," command to install Podman:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"brew install podman\n"))),(0,o.kt)("p",null,"After installing, you need to create and start your first Podman machine:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"podman machine init\npodman machine start\n")),(0,o.kt)("p",null,"You can then verify the installation information using:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"podman info\n")),(0,o.kt)("p",null,"We also provide binaries and a pkginstaller on our ",(0,o.kt)("a",{parentName:"p",href:"https://github.com/containers/podman/releases"},"Github release page")),(0,o.kt)("h3",{id:"windows"},"Windows"),(0,o.kt)("p",null,"On Windows, each Podman machine is backed by a virtualized Windows Subsystem for\nLinux (WSLv2) distribution. Once installed, the podman command can be run\ndirectly from your Windows PowerShell (or CMD) prompt, where it remotely\ncommunicates with the podman service running in the WSL environment.\nAlternatively, you can access Podman directly from the WSL instance if you\nprefer a Linux prompt and Linux tooling."),(0,o.kt)("p",null,"See the ",(0,o.kt)("a",{parentName:"p",href:"https://github.com/containers/podman/blob/main/docs/tutorials/podman-for-windows.md"},"Podman for Windows guide")," for setup and usage instructions."),(0,o.kt)("h2",{id:"installing-on-linux"},"Installing on Linux"),(0,o.kt)("h3",{id:"linux-distributions"},"Linux Distributions"),(0,o.kt)("h4",{id:"arch-linux--manjaro-linux"},(0,o.kt)("a",{parentName:"h4",href:"https://www.archlinux.org"},"Arch Linux")," & ",(0,o.kt)("a",{parentName:"h4",href:"https://manjaro.org"},"Manjaro Linux")),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"sudo pacman -S podman\n")),(0,o.kt)("p",null,"If you have problems when running Podman in ",(0,o.kt)("a",{parentName:"p",href:"https://github.com/containers/podman/blob/main/README.md#rootless"},"rootless")," mode follow the instructions ",(0,o.kt)("a",{parentName:"p",href:"https://wiki.archlinux.org/index.php/Linux_Containers#Enable_support_to_run_unprivileged_containers_(optional)"},"here")),(0,o.kt)("p",null,"For more information on Podman on ArchLinux ",(0,o.kt)("a",{parentName:"p",href:"https://wiki.archlinux.org/title/Podman"},"click here")),(0,o.kt)("h4",{id:"alpine-linux"},(0,o.kt)("a",{parentName:"h4",href:"https://alpinelinux.org"},"Alpine Linux")),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"sudo apk add podman\n")),(0,o.kt)("p",null,"For further details, please refer to the instructions on the ",(0,o.kt)("a",{parentName:"p",href:"https://wiki.alpinelinux.org/wiki/Podman"},"Alpine Linux wiki"),"."),(0,o.kt)("h4",{id:"centos"},(0,o.kt)("a",{parentName:"h4",href:"https://www.centos.org"},"CentOS")),(0,o.kt)("p",null,"Podman is available in the default in the AppStream repo for CentOS Stream 9+."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"sudo dnf -y install podman\n")),(0,o.kt)("h4",{id:"debian"},(0,o.kt)("a",{parentName:"h4",href:"https://debian.org"},"Debian")),(0,o.kt)("p",null,"The podman package is available in the Debian 11 (Bullseye) repositories and later."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"sudo apt-get -y install podman\n")),(0,o.kt)("h4",{id:"fedora"},(0,o.kt)("a",{parentName:"h4",href:"https://getfedora.org"},"Fedora")),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"sudo dnf -y install podman\n")),(0,o.kt)("h4",{id:"fedora-coreos-fedora-silverblue"},(0,o.kt)("a",{parentName:"h4",href:"https://coreos.fedoraproject.org"},"Fedora CoreOS"),", ",(0,o.kt)("a",{parentName:"h4",href:"https://silverblue.fedoraproject.org"},"Fedora Silverblue")),(0,o.kt)("p",null,"Built-in, no need to install"),(0,o.kt)("h4",{id:"gentoo"},(0,o.kt)("a",{parentName:"h4",href:"https://www.gentoo.org"},"Gentoo")),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"sudo emerge app-containers/podman\n")),(0,o.kt)("h4",{id:"openembedded"},(0,o.kt)("a",{parentName:"h4",href:"https://www.openembedded.org"},"OpenEmbedded")),(0,o.kt)("p",null,"Bitbake recipes for Podman and its dependencies are available in the\n",(0,o.kt)("a",{parentName:"p",href:"https://git.yoctoproject.org/cgit/cgit.cgi/meta-virtualization/"},"meta-virtualization layer"),".\nAdd the layer to your OpenEmbedded build environment and build Podman using:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"bitbake podman\n")),(0,o.kt)("h4",{id:"opensuse"},(0,o.kt)("a",{parentName:"h4",href:"https://www.opensuse.org"},"openSUSE")),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"sudo zypper install podman\n")),(0,o.kt)("h4",{id:"opensuse-kubic"},(0,o.kt)("a",{parentName:"h4",href:"https://kubic.opensuse.org"},"openSUSE Kubic")),(0,o.kt)("p",null,"Built-in, no need to install"),(0,o.kt)("h4",{id:"raspberry-pi-os-arm64-beta"},(0,o.kt)("a",{parentName:"h4",href:"https://downloads.raspberrypi.org/raspios_arm64/images/"},"Raspberry Pi OS arm64 (beta)")),(0,o.kt)("p",null,"Raspberry Pi OS use the standard Debian repositories,\nso it is fully compatible with Debian's arm64 repository.\nYou can simply follow the ",(0,o.kt)("a",{parentName:"p",href:"#debian"},"steps for Debian")," to install Podman."),(0,o.kt)("h4",{id:"rhel"},(0,o.kt)("a",{parentName:"h4",href:"https://www.redhat.com/en/technologies/linux-platforms/enterprise-linux"},"RHEL")),(0,o.kt)("p",null,"Follow the ",(0,o.kt)("a",{parentName:"p",href:"https://access.redhat.com/solutions/3650231"},"official docs"),"."),(0,o.kt)("h4",{id:"ubuntu"},(0,o.kt)("a",{parentName:"h4",href:"https://www.ubuntu.com"},"Ubuntu")),(0,o.kt)("p",null,"The podman package is available in the official repositories for Ubuntu 20.10\nand newer."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"# Ubuntu 20.10 and newer\nsudo apt-get update\nsudo apt-get -y install podman\n")),(0,o.kt)("h4",{id:"linux-mint"},(0,o.kt)("a",{parentName:"h4",href:"https://linuxmint.com"},"Linux Mint")),(0,o.kt)("p",null,"Follow the steps for Ubuntu (or Debian if you use LMDE)."),(0,o.kt)("p",null,"Replace ",(0,o.kt)("inlineCode",{parentName:"p"},"$(lsb_release -rs)")," with ",(0,o.kt)("inlineCode",{parentName:"p"},'$(grep DISTRIB_RELEASE= /etc/upstream-release/lsb-release | cut -d "=" -f 2)')," for Ubuntu steps."),(0,o.kt)("h3",{id:"installing-development-versions-of-podman"},"Installing development versions of Podman"),(0,o.kt)("h4",{id:"fedora-1"},(0,o.kt)("a",{parentName:"h4",href:"https://getfedora.org"},"Fedora")),(0,o.kt)("p",null,"You can test the very latest Podman in Fedora's ",(0,o.kt)("inlineCode",{parentName:"p"},"updates-testing"),"\nrepository before it goes out to all Fedora users."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-console"},"sudo dnf update --refresh --enablerepo=updates-testing podman\n")),(0,o.kt)("p",null,"If you use a newer Podman package from Fedora's ",(0,o.kt)("inlineCode",{parentName:"p"},"updates-testing"),", we would\nappreciate your ",(0,o.kt)("inlineCode",{parentName:"p"},"+1")," feedback in ",(0,o.kt)("a",{parentName:"p",href:"https://bodhi.fedoraproject.org/updates/?packages=podman"},"Bodhi, Fedora's update management\nsystem"),"."),(0,o.kt)("h3",{id:"installing-bleeding-edge-versions-of-podman"},"Installing bleeding-edge versions of Podman"),(0,o.kt)("p",null,"If you like danger and are interested in testing the latest\nunreleased bits of Podman on Fedora, CentOS Stream 9+ and RHEL9+, we have a ",(0,o.kt)("a",{parentName:"p",href:"https://copr.fedorainfracloud.org/coprs/rhcontainerbot/podman-next/"},"Copr repository"),"."),(0,o.kt)("p",null,"CAUTION: This repository contains rpm builds generated using the ",(0,o.kt)("inlineCode",{parentName:"p"},"main")," branch\nof upstream container tools repositories, and simply CANNOT be recommended for\nany production use."),(0,o.kt)("p",null,"Enable the Copr and install podman."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"sudo dnf copr enable rhcontainerbot/podman-next -y\nsudo dnf install podman\n")),(0,o.kt)("h2",{id:"installing-on-freebsd-140"},"Installing on ",(0,o.kt)("a",{parentName:"h2",href:"https://freebsd.org"},"FreeBSD")," 14.0"),(0,o.kt)("blockquote",null,(0,o.kt)("p",{parentName:"blockquote"},"[!WARNING]","\nThe FreeBSD port of the Podman container engine is experimental and should be used for evaluation and testing purposes only.")),(0,o.kt)("p",null,"You can install Podman on FreeBSD using ",(0,o.kt)("inlineCode",{parentName:"p"},"pkg"),":"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"pkg install podman\n")),(0,o.kt)("p",null,"There's also a ",(0,o.kt)("inlineCode",{parentName:"p"},"podman-suite")," meta package that will pull additional packages for you (buildah, skopeo)."),(0,o.kt)("h4",{id:"initial-configuration"},"Initial configuration"),(0,o.kt)("p",null,"To properly support Podman's container restart policy, conmon needs ",(0,o.kt)("inlineCode",{parentName:"p"},"fdescfs(5)")," to be mounted on ",(0,o.kt)("inlineCode",{parentName:"p"},"/dev/fd"),"."),(0,o.kt)("p",null,"If ",(0,o.kt)("inlineCode",{parentName:"p"},"/dev/fd")," is not already mounted:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"mount -t fdescfs fdesc /dev/fd\n")),(0,o.kt)("p",null,"To make it permanent, add the following line to ",(0,o.kt)("inlineCode",{parentName:"p"},"/etc/fstab"),":"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},"fdesc /dev/fd fdescfs rw 0 0\n")),(0,o.kt)("p",null,"To start Podman after reboot:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"service podman enable\n")),(0,o.kt)("h5",{id:"networking"},"Networking"),(0,o.kt)("p",null,"Container networking relies on NAT to allow container network packets out to the host's network. This requires a PF firewall to perform the translation. A simple example is included - to use it:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"cp /usr/local/etc/containers/pf.conf.sample /etc/pf.conf\n")),(0,o.kt)("p",null,"Edit ",(0,o.kt)("inlineCode",{parentName:"p"},"/etc/pf.conf")," and set ",(0,o.kt)("inlineCode",{parentName:"p"},"v4egress_if"),", ",(0,o.kt)("inlineCode",{parentName:"p"},"v6egress_if")," variables to your network interface(s)s"),(0,o.kt)("p",null,"Enable and start ",(0,o.kt)("inlineCode",{parentName:"p"},"pf"),":"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},"service pf enable\nservice pf start\n")),(0,o.kt)("p",null,"The sample PF configuration includes support for port redirections. These are implemented as redirect rules in anchors nested under cni-rdr."),(0,o.kt)("p",null,"Support for redirecting connections from the container host to services running inside a container is included for FreeBSD 13.3 and later. To enable this, first load the pf kernel module and enable PF support for these redirections using sysctl:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"echo 'pf_load=\"YES\"' >> /boot/loader.conf\nkldload pf\nsysctl net.pf.filter_local=1\necho 'net.pf.filter_local=1' >> /etc/sysctl.conf.local\nservice pf restart\n")),(0,o.kt)("p",null,"Redirect rules will work if the destination address is localhost (e.g. 127.0.0.1 or ::1) - to enable this, the following line must be included in your ",(0,o.kt)("inlineCode",{parentName:"p"},"/etc/pf.conf"),":"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},'nat-anchor "cni-rdr/*"\n')),(0,o.kt)("p",null,"if upgrading from an older version, this needs to be added to ",(0,o.kt)("inlineCode",{parentName:"p"},"/etc/pf.conf"),"."),(0,o.kt)("p",null,"For example if host port 1234 is redirected to an http service running in a\ncontainer, you could connect to it using:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"fetch -o- http://$(hostname):1234\n")),(0,o.kt)("p",null,"or"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"fetch -o- http://localhost:1234\n")),(0,o.kt)("h5",{id:"storage"},"Storage"),(0,o.kt)("p",null,"Container images and related state is stored in ",(0,o.kt)("inlineCode",{parentName:"p"},"/var/db/containers"),". It is recommended to use ZFS for this:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"zfs create -o mountpoint=/var/db/containers zroot/containers\n")),(0,o.kt)("p",null,"If your system cannot use ZFS, change ",(0,o.kt)("inlineCode",{parentName:"p"},"storage.conf")," to use the ",(0,o.kt)("inlineCode",{parentName:"p"},"vfs")," storage driver:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},'sed -I .bak -e \'s/driver = "zfs"/driver = "vfs"/\' /usr/local/etc/containers/storage.conf\n')),(0,o.kt)("h5",{id:"verification"},"Verification"),(0,o.kt)("p",null,"After following these steps you should be able to run native images:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"podman run --rm docker.io/dougrabson/hello\n")),(0,o.kt)("h5",{id:"linux-emulation"},"Linux Emulation"),(0,o.kt)("p",null,"It is possible to run many Linux container images using FreeBSD's Linux emulation:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},'sudo sysrc linux_enable=YES\nsudo service linux start\nsudo podman run --rm --os=linux alpine cat /etc/os-release | head -1\nNAME="Alpine Linux"\n')),(0,o.kt)("h2",{id:"building-from-source"},"Building from Source"),(0,o.kt)("h3",{id:"build-and-run-dependencies"},"Build and Run Dependencies"),(0,o.kt)("p",null,(0,o.kt)("strong",{parentName:"p"},"Required")),(0,o.kt)("p",null,"On Fedora:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"# Install build dependencies\nsudo dnf -y builddep rpm/podman.spec\n\n# Install runtime dependencies\nsudo dnf -y install catatonit conmon containers-common-extra\n")),(0,o.kt)("p",null,"On all RHEL and CentOS Stream, first install ",(0,o.kt)("inlineCode",{parentName:"p"},"dnf-builddep"),":"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"sudo dnf -y install 'dnf-command(builddep)'\n")),(0,o.kt)("p",null,"Install build dependencies:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"# CentOS Stream 9+\nsudo dnf -y builddep rpm/podman.spec --enablerepo=crb\n\n# RHEL 9+\nsudo dnf -y builddep rpm/podman.spec --enablerepo=codeready-builder-for-rhel-$(rpm --eval %{?rhel})-$(uname -m)-rpms\n")),(0,o.kt)("p",null,"Install runtime dependencies:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"sudo dnf -y install \\\n conmon \\\n containers-common \\\n crun \\\n iptables \\\n netavark \\\n nftables \\\n slirp4netns\n")),(0,o.kt)("p",null,"Debian, Ubuntu, and related distributions:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"sudo apt-get install \\\n btrfs-progs \\\n crun \\\n git \\\n golang-go \\\n go-md2man \\\n iptables \\\n libassuan-dev \\\n libbtrfs-dev \\\n libc6-dev \\\n libdevmapper-dev \\\n libglib2.0-dev \\\n libgpgme-dev \\\n libgpg-error-dev \\\n libprotobuf-dev \\\n libprotobuf-c-dev \\\n libseccomp-dev \\\n libselinux1-dev \\\n libsystemd-dev \\\n make \\\n netavark \\\n pkg-config \\\n uidmap\n")),(0,o.kt)("p",null,"The ",(0,o.kt)("inlineCode",{parentName:"p"},"netavark")," package may not be available on older Debian / Ubuntu\nversions. Install the ",(0,o.kt)("inlineCode",{parentName:"p"},"containernetworking-plugins")," package instead."),(0,o.kt)("p",null,"On openSUSE Leap 15.x and Tumbleweed:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"sudo zypper -n in libseccomp-devel libgpgme-devel\n")),(0,o.kt)("p",null,"On Manjaro (and maybe other Linux distributions):"),(0,o.kt)("p",null,"Make sure that the Linux kernel supports user namespaces:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},"> zgrep CONFIG_USER_NS /proc/config.gz\nCONFIG_USER_NS=y\n\n")),(0,o.kt)("p",null,"If not, please update the kernel.\nFor Manjaro Linux the instructions can be found here:\n",(0,o.kt)("a",{parentName:"p",href:"https://wiki.manjaro.org/index.php/Manjaro_Kernels"},"https://wiki.manjaro.org/index.php/Manjaro_Kernels")),(0,o.kt)("p",null,"After that enable user namespaces:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},"sudo sysctl kernel.unprivileged_userns_clone=1\n")),(0,o.kt)("p",null,"To enable the user namespaces permanently:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},"echo 'kernel.unprivileged_userns_clone=1' > /etc/sysctl.d/userns.conf\n")),(0,o.kt)("h3",{id:"building-missing-dependencies"},"Building missing dependencies"),(0,o.kt)("p",null,"If any dependencies cannot be installed or are not sufficiently current, they have to be built from source.\nThis will mainly affect Debian, Ubuntu, and related distributions, or RHEL where no subscription is active (e.g. Cloud VMs)."),(0,o.kt)("h4",{id:"golang"},"golang"),(0,o.kt)("p",null,"Be careful to double-check that the version of golang is new enough (i.e. ",(0,o.kt)("inlineCode",{parentName:"p"},"go version"),"), as of January 2022 version is 1.16.x or higher is required.\nThe current minimum required version can always be found in the ",(0,o.kt)("a",{parentName:"p",href:"https://github.com/containers/podman/blob/main/go.mod"},"go.mod")," file.\nIf needed, golang kits are available at ",(0,o.kt)("a",{parentName:"p",href:"https://golang.org/dl/"},"https://golang.org/dl/"),". Alternatively, go can be built from source as follows\n(it's helpful to leave the system-go installed, to avoid having to ",(0,o.kt)("a",{parentName:"p",href:"https://golang.org/doc/install/source"},"bootstrap go"),":"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"export GOPATH=~/go\ngit clone https://go.googlesource.com/go $GOPATH\ncd $GOPATH\ncd src\n./all.bash\nexport PATH=$GOPATH/bin:$PATH\n")),(0,o.kt)("h4",{id:"conmon"},"conmon"),(0,o.kt)("p",null,"The latest version of ",(0,o.kt)("inlineCode",{parentName:"p"},"conmon")," is expected to be installed on the system. Conmon is used to monitor OCI Runtimes.\nTo build from source, use the following:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},'git clone https://github.com/containers/conmon\ncd conmon\nexport GOCACHE="$(mktemp -d)"\nmake\nsudo make podman\n')),(0,o.kt)("h4",{id:"crun--runc"},"crun / runc"),(0,o.kt)("p",null,"The latest version of at least one container runtime is expected to be installed on the system. ",(0,o.kt)("inlineCode",{parentName:"p"},"crun")," or ",(0,o.kt)("inlineCode",{parentName:"p"},"runc")," are some of the possibilities, and one is picked up as the default runtime by Podman (crun has priority over runc).\nSupported versions of ",(0,o.kt)("inlineCode",{parentName:"p"},"crun")," or ",(0,o.kt)("inlineCode",{parentName:"p"},"runc")," are available for example on Ubuntu 22.04.\n",(0,o.kt)("inlineCode",{parentName:"p"},"runc")," version 1.0.0-rc4 is the minimal requirement, which is available since Ubuntu 18.04."),(0,o.kt)("p",null,"To double-check, ",(0,o.kt)("inlineCode",{parentName:"p"},"runc --version")," should produce at least ",(0,o.kt)("inlineCode",{parentName:"p"},"spec: 1.0.1"),", otherwise build your own:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},'git clone https://github.com/opencontainers/runc.git $GOPATH/src/github.com/opencontainers/runc\ncd $GOPATH/src/github.com/opencontainers/runc\nmake BUILDTAGS="selinux seccomp"\nsudo cp runc /usr/bin/runc\n')),(0,o.kt)("h4",{id:"add-configuration"},"Add configuration"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"sudo mkdir -p /etc/containers\nsudo curl -L -o /etc/containers/registries.conf https://raw.githubusercontent.com/containers/image/main/registries.conf\nsudo curl -L -o /etc/containers/policy.json https://raw.githubusercontent.com/containers/image/main/default-policy.json\n")),(0,o.kt)("h4",{id:"optional-packages"},"Optional packages"),(0,o.kt)("p",null,"Fedora, CentOS, RHEL, and related distributions:"),(0,o.kt)("p",null,"(no optional packages)"),(0,o.kt)("p",null,"Debian, Ubuntu, and related distributions:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"apt-get install -y \\\n libapparmor-dev\n")),(0,o.kt)("h3",{id:"get-source-code"},"Get Source Code"),(0,o.kt)("p",null,"First, ensure that the ",(0,o.kt)("inlineCode",{parentName:"p"},"go version")," that is found first on the $PATH is 1.16.x or higher. Instruction ",(0,o.kt)("a",{parentName:"p",href:"#golang"},"above")," will help you compile newer version of Go if needed. Then we can build Podman:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},'git clone https://github.com/containers/podman/\ncd podman\nmake BUILDTAGS="selinux seccomp" PREFIX=/usr\nsudo make install PREFIX=/usr\n')),(0,o.kt)("h4",{id:"build-tags"},"Build Tags"),(0,o.kt)("p",null,"Otherwise, if you do not want to build Podman with seccomp or selinux support you can add ",(0,o.kt)("inlineCode",{parentName:"p"},'BUILDTAGS=""')," when running make."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},'make BUILDTAGS=""\nsudo make install\n')),(0,o.kt)("p",null,"Podman supports optional build tags for compiling support of various features.\nTo add build tags to the make option the ",(0,o.kt)("inlineCode",{parentName:"p"},"BUILDTAGS")," variable must be set, for example:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"make BUILDTAGS='seccomp apparmor'\n")),(0,o.kt)("p",null,"If you are building on RHEL8 you'll need to build without btrfs support due to ",(0,o.kt)("a",{parentName:"p",href:"https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/8/html/considerations_in_adopting_rhel_8/file-systems-and-storage_considerations-in-adopting-rhel-8#btrfs-has-been-removed_file-systems-and-storage"},"it being removed"),":"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},'make BUILDTAGS="btrfs_noversion exclude_graphdriver_btrfs"\n')),(0,o.kt)("table",null,(0,o.kt)("thead",{parentName:"table"},(0,o.kt)("tr",{parentName:"thead"},(0,o.kt)("th",{parentName:"tr",align:null},"Build Tag"),(0,o.kt)("th",{parentName:"tr",align:null},"Feature"),(0,o.kt)("th",{parentName:"tr",align:null},"Dependency"))),(0,o.kt)("tbody",{parentName:"table"},(0,o.kt)("tr",{parentName:"tbody"},(0,o.kt)("td",{parentName:"tr",align:null},"apparmor"),(0,o.kt)("td",{parentName:"tr",align:null},"apparmor support"),(0,o.kt)("td",{parentName:"tr",align:null},"libapparmor")),(0,o.kt)("tr",{parentName:"tbody"},(0,o.kt)("td",{parentName:"tr",align:null},"cni"),(0,o.kt)("td",{parentName:"tr",align:null},"CNI networking"),(0,o.kt)("td",{parentName:"tr",align:null})),(0,o.kt)("tr",{parentName:"tbody"},(0,o.kt)("td",{parentName:"tr",align:null},"exclude_graphdriver_btrfs"),(0,o.kt)("td",{parentName:"tr",align:null},"exclude btrfs"),(0,o.kt)("td",{parentName:"tr",align:null},"libbtrfs")),(0,o.kt)("tr",{parentName:"tbody"},(0,o.kt)("td",{parentName:"tr",align:null},"exclude_graphdriver_devicemapper"),(0,o.kt)("td",{parentName:"tr",align:null},"exclude device-mapper"),(0,o.kt)("td",{parentName:"tr",align:null},"libdm")),(0,o.kt)("tr",{parentName:"tbody"},(0,o.kt)("td",{parentName:"tr",align:null},"libdm_no_deferred_remove"),(0,o.kt)("td",{parentName:"tr",align:null},"exclude deferred removal in libdm"),(0,o.kt)("td",{parentName:"tr",align:null},"libdm")),(0,o.kt)("tr",{parentName:"tbody"},(0,o.kt)("td",{parentName:"tr",align:null},"seccomp"),(0,o.kt)("td",{parentName:"tr",align:null},"syscall filtering"),(0,o.kt)("td",{parentName:"tr",align:null},"libseccomp")),(0,o.kt)("tr",{parentName:"tbody"},(0,o.kt)("td",{parentName:"tr",align:null},"selinux"),(0,o.kt)("td",{parentName:"tr",align:null},"selinux process and mount labeling"),(0,o.kt)("td",{parentName:"tr",align:null})),(0,o.kt)("tr",{parentName:"tbody"},(0,o.kt)("td",{parentName:"tr",align:null},"systemd"),(0,o.kt)("td",{parentName:"tr",align:null},"journald logging"),(0,o.kt)("td",{parentName:"tr",align:null},"libsystemd")))),(0,o.kt)("p",null,"Note that Podman does not officially support device-mapper. Thus, the ",(0,o.kt)("inlineCode",{parentName:"p"},"exclude_graphdriver_devicemapper")," tag is mandatory."),(0,o.kt)("h3",{id:"vendoring---dependency-management"},"Vendoring - Dependency Management"),(0,o.kt)("p",null,"This project is using ",(0,o.kt)("a",{parentName:"p",href:"https://github.com/golang/go/wiki/Modules"},"go modules")," for dependency management. If the CI is complaining about a pull request leaving behind an unclean state, it is very likely right about it. After changing dependencies, make sure to run ",(0,o.kt)("inlineCode",{parentName:"p"},"make vendor")," to synchronize the code with the go module and repopulate the ",(0,o.kt)("inlineCode",{parentName:"p"},"./vendor")," directory."),(0,o.kt)("h4",{id:"ansible"},"Ansible"),(0,o.kt)("p",null,"An ",(0,o.kt)("a",{parentName:"p",href:"https://github.com/alvistack/ansible-role-podman"},"Ansible Role")," is\nalso available to automate the installation of the above statically\nlinked binary on its supported OS:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"sudo su -\nmkdir -p ~/.ansible/roles\ncd ~/.ansible/roles\ngit clone https://github.com/alvistack/ansible-role-podman.git podman\ncd ~/.ansible/roles/podman\npip3 install --upgrade --ignore-installed --requirement requirements.txt\nmolecule converge\nmolecule verify\n")),(0,o.kt)("h2",{id:"configuration-files"},"Configuration files"),(0,o.kt)("h3",{id:"registriesconf"},(0,o.kt)("a",{parentName:"h3",href:"https://raw.githubusercontent.com/containers/image/main/registries.conf"},"registries.conf")),(0,o.kt)("h4",{id:"man-page-registriesconf5"},"Man Page: ",(0,o.kt)("a",{parentName:"h4",href:"https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md"},"registries.conf.5")),(0,o.kt)("p",null,(0,o.kt)("inlineCode",{parentName:"p"},"/etc/containers/registries.conf")),(0,o.kt)("p",null,"registries.conf is the configuration file which specifies which container registries should be consulted when completing image names which do not include a registry or domain portion."),(0,o.kt)("h4",{id:"example-from-the-fedora-containers-common-package"},"Example from the Fedora ",(0,o.kt)("inlineCode",{parentName:"h4"},"containers-common")," package"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},'$ cat /etc/containers/registries.conf\n# For more information on this configuration file, see containers-registries.conf(5).\n#\n# NOTE: RISK OF USING UNQUALIFIED IMAGE NAMES\n# We recommend always using fully qualified image names including the registry\n# server (full dns name), namespace, image name, and tag\n# (e.g., registry.redhat.io/ubi8/ubi:latest). Pulling by digest (i.e.,\n# quay.io/repository/name@digest) further eliminates the ambiguity of tags.\n# When using short names, there is always an inherent risk that the image being\n# pulled could be spoofed. For example, a user wants to pull an image named\n# `foobar` from a registry and expects it to come from myregistry.com. If\n# myregistry.com is not first in the search list, an attacker could place a\n# different `foobar` image at a registry earlier in the search list. The user\n# would accidentally pull and run the attacker\'s image and code rather than the\n# intended content. We recommend only adding registries which are completely\n# trusted (i.e., registries which don\'t allow unknown or anonymous users to\n# create accounts with arbitrary names). This will prevent an image from being\n# spoofed, squatted or otherwise made insecure. If it is necessary to use one\n# of these registries, it should be added at the end of the list.\n#\n# # An array of host[:port] registries to try when pulling an unqualified image, in order.\nunqualified-search-registries = ["registry.fedoraproject.org", "registry.access.redhat.com", "docker.io"]\n#\n# [[registry]]\n# # The "prefix" field is used to choose the relevant [[registry]] TOML table;\n# # (only) the TOML table with the longest match for the input image name\n# # (taking into account namespace/repo/tag/digest separators) is used.\n# #\n# # If the prefix field is missing, it defaults to be the same as the "location" field.\n# prefix = "example.com/foo"\n#\n# # If true, unencrypted HTTP as well as TLS connections with untrusted\n# # certificates are allowed.\n# insecure = false\n#\n# # If true, pulling images with matching names is forbidden.\n# blocked = false\n#\n# # The physical location of the "prefix"-rooted namespace.\n# #\n# # By default, this equal to "prefix" (in which case "prefix" can be omitted\n# # and the [[registry]] TOML table can only specify "location").\n# #\n# # Example: Given\n# # prefix = "example.com/foo"\n# # location = "internal-registry-for-example.net/bar"\n# # requests for the image example.com/foo/myimage:latest will actually work with the\n# # internal-registry-for-example.net/bar/myimage:latest image.\n# location = "internal-registry-for-example.com/bar"\n#\n# # (Possibly-partial) mirrors for the "prefix"-rooted namespace.\n# #\n# # The mirrors are attempted in the specified order; the first one that can be\n# # contacted and contains the image will be used (and if none of the mirrors contains the image,\n# # the primary location specified by the "registry.location" field, or using the unmodified\n# # user-specified reference, is tried last).\n# #\n# # Each TOML table in the "mirror" array can contain the following fields, with the same semantics\n# # as if specified in the [[registry]] TOML table directly:\n# # - location\n# # - insecure\n# [[registry.mirror]]\n# location = "example-mirror-0.local/mirror-for-foo"\n# [[registry.mirror]]\n# location = "example-mirror-1.local/mirrors/foo"\n# insecure = true\n# # Given the above, a pull of example.com/foo/image:latest will try:\n# # 1. example-mirror-0.local/mirror-for-foo/image:latest\n# # 2. example-mirror-1.local/mirrors/foo/image:latest\n# # 3. internal-registry-for-example.net/bar/image:latest\n# # in order, and use the first one that exists.\n#\n# short-name-mode="enforcing"\n\n[[registry]]\nlocation="localhost:5000"\ninsecure=true\n')),(0,o.kt)("h3",{id:"mountsconf"},(0,o.kt)("a",{parentName:"h3",href:"https://raw.githubusercontent.com/containers/common/main/pkg/subscriptions/mounts.conf"},"mounts.conf")),(0,o.kt)("p",null,(0,o.kt)("inlineCode",{parentName:"p"},"/usr/share/containers/mounts.conf")," and optionally ",(0,o.kt)("inlineCode",{parentName:"p"},"/etc/containers/mounts.conf")),(0,o.kt)("p",null,"The mounts.conf files specify volume mount directories that are automatically mounted inside containers when executing the ",(0,o.kt)("inlineCode",{parentName:"p"},"podman run")," or ",(0,o.kt)("inlineCode",{parentName:"p"},"podman build")," commands. Container process can then use this content. The volume mount content does not get committed to the final image."),(0,o.kt)("p",null,"Usually these directories are used for passing secrets or credentials required by the package software to access remote package repositories."),(0,o.kt)("p",null,'For example, a mounts.conf with the line "',(0,o.kt)("inlineCode",{parentName:"p"},"/usr/share/rhel/secrets:/run/secrets"),'", the content of ',(0,o.kt)("inlineCode",{parentName:"p"},"/usr/share/rhel/secrets")," directory is mounted on ",(0,o.kt)("inlineCode",{parentName:"p"},"/run/secrets")," inside the container. This mountpoint allows Red Hat Enterprise Linux subscriptions from the host to be used within the container."),(0,o.kt)("p",null,"Note this is not a volume mount. The content of the volumes is copied into container storage, not bind mounted directly from the host."),(0,o.kt)("h4",{id:"example-from-the-fedora-containers-common-package-1"},"Example from the Fedora ",(0,o.kt)("inlineCode",{parentName:"h4"},"containers-common")," package:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},"cat /usr/share/containers/mounts.conf\n/usr/share/rhel/secrets:/run/secrets\n")),(0,o.kt)("h3",{id:"seccompjson"},(0,o.kt)("a",{parentName:"h3",href:"https://raw.githubusercontent.com/containers/common/main/pkg/seccomp/seccomp.json"},"seccomp.json")),(0,o.kt)("p",null,(0,o.kt)("inlineCode",{parentName:"p"},"/usr/share/containers/seccomp.json")),(0,o.kt)("p",null,"seccomp.json contains the whitelist of seccomp rules to be allowed inside of\ncontainers. This file is usually provided by the containers-common package."),(0,o.kt)("p",null,"The link above takes you to the seccomp.json"),(0,o.kt)("h3",{id:"policyjson"},(0,o.kt)("a",{parentName:"h3",href:"https://raw.githubusercontent.com/containers/image/main/default-policy.json"},"policy.json")),(0,o.kt)("p",null,(0,o.kt)("inlineCode",{parentName:"p"},"/etc/containers/policy.json")),(0,o.kt)("h4",{id:"man-page-policyjson5"},"Man Page: ",(0,o.kt)("a",{parentName:"h4",href:"https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md"},"policy.json.5")),(0,o.kt)("h4",{id:"example-from-the-fedora-containers-common-package-2"},"Example from the Fedora ",(0,o.kt)("inlineCode",{parentName:"h4"},"containers-common")," package:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},'cat /etc/containers/policy.json\n{\n "default": [\n {\n "type": "insecureAcceptAnything"\n }\n ],\n "transports":\n {\n "docker-daemon":\n {\n "": [{"type":"insecureAcceptAnything"}]\n }\n }\n}\n')))}c.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/3b8c55ea.5f3be374.js b/assets/js/3b8c55ea.5f3be374.js new file mode 100644 index 000000000..a0f58471c --- /dev/null +++ b/assets/js/3b8c55ea.5f3be374.js @@ -0,0 +1 @@ +"use strict";(self.webpackChunkpodman=self.webpackChunkpodman||[]).push([[83217],{3905:(e,n,t)=>{t.d(n,{Zo:()=>d,kt:()=>h});var a=t(67294);function o(e,n,t){return n in e?Object.defineProperty(e,n,{value:t,enumerable:!0,configurable:!0,writable:!0}):e[n]=t,e}function r(e,n){var t=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);n&&(a=a.filter((function(n){return Object.getOwnPropertyDescriptor(e,n).enumerable}))),t.push.apply(t,a)}return t}function i(e){for(var n=1;n=0||(o[t]=e[t]);return o}(e,n);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,t)&&(o[t]=e[t])}return o}var s=a.createContext({}),p=function(e){var n=a.useContext(s),t=n;return e&&(t="function"==typeof e?e(n):i(i({},n),e)),t},d=function(e){var n=p(e.components);return a.createElement(s.Provider,{value:n},e.children)},u="mdxType",c={inlineCode:"code",wrapper:function(e){var n=e.children;return a.createElement(a.Fragment,{},n)}},m=a.forwardRef((function(e,n){var t=e.components,o=e.mdxType,r=e.originalType,s=e.parentName,d=l(e,["components","mdxType","originalType","parentName"]),u=p(t),m=o,h=u["".concat(s,".").concat(m)]||u[m]||c[m]||r;return t?a.createElement(h,i(i({ref:n},d),{},{components:t})):a.createElement(h,i({ref:n},d))}));function h(e,n){var t=arguments,o=n&&n.mdxType;if("string"==typeof e||o){var r=t.length,i=new Array(r);i[0]=m;var l={};for(var s in n)hasOwnProperty.call(n,s)&&(l[s]=n[s]);l.originalType=e,l[u]="string"==typeof e?e:o,i[1]=l;for(var p=2;p{t.r(n),t.d(n,{assets:()=>s,contentTitle:()=>i,default:()=>c,frontMatter:()=>r,metadata:()=>l,toc:()=>p});var a=t(87462),o=(t(67294),t(3905));const r={title:"Podman Installation"},i="Podman Installation Instructions",l={unversionedId:"installation",id:"installation",title:"Podman Installation",description:"Looking for a GUI? You can find Podman Desktop here.",source:"@site/docs/installation.md",sourceDirName:".",slug:"/installation",permalink:"/docs/installation",draft:!1,editUrl:"https://github.com/containers/podman.io/tree/main/docs/installation.md",tags:[],version:"current",frontMatter:{title:"Podman Installation"},sidebar:"docsSidebar",previous:{title:"Getting Started with Podman",permalink:"/docs/"},next:{title:"Podman Checkpoint",permalink:"/docs/checkpoint"}},s={},p=[{value:"Installing on Mac & Windows",id:"installing-on-mac--windows",level:2},{value:"macOS",id:"macos",level:3},{value:"Windows",id:"windows",level:3},{value:"Installing on Linux",id:"installing-on-linux",level:2},{value:"Linux Distributions",id:"linux-distributions",level:3},{value:"Arch Linux & Manjaro Linux",id:"arch-linux--manjaro-linux",level:4},{value:"Alpine Linux",id:"alpine-linux",level:4},{value:"CentOS Stream",id:"centos-stream",level:4},{value:"Debian",id:"debian",level:4},{value:"Fedora",id:"fedora",level:4},{value:"Fedora CoreOS, Fedora Silverblue",id:"fedora-coreos-fedora-silverblue",level:4},{value:"Gentoo",id:"gentoo",level:4},{value:"OpenEmbedded",id:"openembedded",level:4},{value:"openSUSE",id:"opensuse",level:4},{value:"openSUSE Kubic",id:"opensuse-kubic",level:4},{value:"Raspberry Pi OS arm64 (beta)",id:"raspberry-pi-os-arm64-beta",level:4},{value:"RHEL",id:"rhel",level:4},{value:"Ubuntu",id:"ubuntu",level:4},{value:"Linux Mint",id:"linux-mint",level:4},{value:"Installing development versions of Podman",id:"installing-development-versions-of-podman",level:3},{value:"Fedora",id:"fedora-1",level:4},{value:"Installing bleeding-edge versions of Podman",id:"installing-bleeding-edge-versions-of-podman",level:3},{value:"Installing on FreeBSD 14.0",id:"installing-on-freebsd-140",level:2},{value:"Initial configuration",id:"initial-configuration",level:4},{value:"Networking",id:"networking",level:5},{value:"Storage",id:"storage",level:5},{value:"Verification",id:"verification",level:5},{value:"Linux Emulation",id:"linux-emulation",level:5},{value:"Building from Source",id:"building-from-source",level:2},{value:"Build and Run Dependencies",id:"build-and-run-dependencies",level:3},{value:"Building missing dependencies",id:"building-missing-dependencies",level:3},{value:"golang",id:"golang",level:4},{value:"conmon",id:"conmon",level:4},{value:"crun / runc",id:"crun--runc",level:4},{value:"Add configuration",id:"add-configuration",level:4},{value:"Optional packages",id:"optional-packages",level:4},{value:"Get Source Code",id:"get-source-code",level:3},{value:"Build Tags",id:"build-tags",level:4},{value:"Vendoring - Dependency Management",id:"vendoring---dependency-management",level:3},{value:"Ansible",id:"ansible",level:4},{value:"Configuration files",id:"configuration-files",level:2},{value:"registries.conf",id:"registriesconf",level:3},{value:"Man Page: registries.conf.5",id:"man-page-registriesconf5",level:4},{value:"Example from the Fedora containers-common package",id:"example-from-the-fedora-containers-common-package",level:4},{value:"mounts.conf",id:"mountsconf",level:3},{value:"Example from the Fedora containers-common package:",id:"example-from-the-fedora-containers-common-package-1",level:4},{value:"seccomp.json",id:"seccompjson",level:3},{value:"policy.json",id:"policyjson",level:3},{value:"Man Page: policy.json.5",id:"man-page-policyjson5",level:4},{value:"Example from the Fedora containers-common package:",id:"example-from-the-fedora-containers-common-package-2",level:4}],d={toc:p},u="wrapper";function c(e){let{components:n,...t}=e;return(0,o.kt)(u,(0,a.Z)({},d,t,{components:n,mdxType:"MDXLayout"}),(0,o.kt)("h1",{id:"podman-installation-instructions"},"Podman Installation Instructions"),(0,o.kt)("p",null,"Looking for a GUI? You can find Podman Desktop ",(0,o.kt)("a",{parentName:"p",href:"https://podman-desktop.io/downloads"},"here"),"."),(0,o.kt)("h2",{id:"installing-on-mac--windows"},"Installing on Mac & Windows"),(0,o.kt)("p",null,'While "containers are Linux," Podman also runs on Mac and Windows, where it\nprovides a native podman CLI and embeds a guest Linux system to launch your\ncontainers. This guest is referred to as a Podman machine and is managed with\nthe ',(0,o.kt)("inlineCode",{parentName:"p"},"podman machine")," command. Podman on Mac and Windows also listens for\nDocker API clients, supporting direct usage of Docker-based tools and\nprogrammatic access from your language of choice."),(0,o.kt)("h3",{id:"macos"},"macOS"),(0,o.kt)("p",null,"On Mac, each Podman machine is backed by a virtual machine.\nOnce installed, the podman command can be run directly from\nthe Unix shell in ",(0,o.kt)("inlineCode",{parentName:"p"},"Terminal"),", where it remotely communicates with the podman\nservice running in the Machine VM."),(0,o.kt)("details",{open:!0},(0,o.kt)("summary",null,"Download Podman Installer (Recommended)"),(0,o.kt)("p",null,"Podman can be downloaded from the ",(0,o.kt)("a",{parentName:"p",href:"https://podman.io"},"Podman.io")," website."),(0,o.kt)("p",null,"We also upload the installers and other binaries on our ",(0,o.kt)("a",{parentName:"p",href:"https://github.com/containers/podman/releases"},"Github release page"),".")),(0,o.kt)("p",null,"Though not recommended, Podman can also be obtained through Homebrew,\nthe package manager."),(0,o.kt)("details",null,(0,o.kt)("summary",null,"Install via Brew"),(0,o.kt)("p",null,"Since Brew is a community-maintained package manager, we cannot guarantee stability\nof Brew installs of Podman. Thus, installing via Brew is not recommended."),(0,o.kt)("p",null,"However, if you do wish to use Brew, you must first install ",(0,o.kt)("a",{parentName:"p",href:"https://brew.sh/"},"Homebrew"),". Once you\nhave set up brew, you can use the ",(0,o.kt)("inlineCode",{parentName:"p"},"brew install")," command to install Podman:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"brew install podman\n"))),(0,o.kt)("p",null,"After installing, you need to create and start your first Podman machine:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"podman machine init\npodman machine start\n")),(0,o.kt)("p",null,"You can then verify the installation information using:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"podman info\n")),(0,o.kt)("p",null,"We also provide binaries and a pkginstaller on our ",(0,o.kt)("a",{parentName:"p",href:"https://github.com/containers/podman/releases"},"Github release page")),(0,o.kt)("h3",{id:"windows"},"Windows"),(0,o.kt)("p",null,"On Windows, each Podman machine is backed by a virtualized Windows Subsystem for\nLinux (WSLv2) distribution. Once installed, the podman command can be run\ndirectly from your Windows PowerShell (or CMD) prompt, where it remotely\ncommunicates with the podman service running in the WSL environment.\nAlternatively, you can access Podman directly from the WSL instance if you\nprefer a Linux prompt and Linux tooling."),(0,o.kt)("p",null,"See the ",(0,o.kt)("a",{parentName:"p",href:"https://github.com/containers/podman/blob/main/docs/tutorials/podman-for-windows.md"},"Podman for Windows guide")," for setup and usage instructions."),(0,o.kt)("h2",{id:"installing-on-linux"},"Installing on Linux"),(0,o.kt)("h3",{id:"linux-distributions"},"Linux Distributions"),(0,o.kt)("h4",{id:"arch-linux--manjaro-linux"},(0,o.kt)("a",{parentName:"h4",href:"https://www.archlinux.org"},"Arch Linux")," & ",(0,o.kt)("a",{parentName:"h4",href:"https://manjaro.org"},"Manjaro Linux")),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"sudo pacman -S podman\n")),(0,o.kt)("p",null,"If you have problems when running Podman in ",(0,o.kt)("a",{parentName:"p",href:"https://github.com/containers/podman/blob/main/README.md#rootless"},"rootless")," mode follow the instructions ",(0,o.kt)("a",{parentName:"p",href:"https://wiki.archlinux.org/index.php/Linux_Containers#Enable_support_to_run_unprivileged_containers_(optional)"},"here")),(0,o.kt)("p",null,"For more information on Podman on ArchLinux ",(0,o.kt)("a",{parentName:"p",href:"https://wiki.archlinux.org/title/Podman"},"click here")),(0,o.kt)("h4",{id:"alpine-linux"},(0,o.kt)("a",{parentName:"h4",href:"https://alpinelinux.org"},"Alpine Linux")),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"sudo apk add podman\n")),(0,o.kt)("p",null,"For further details, please refer to the instructions on the ",(0,o.kt)("a",{parentName:"p",href:"https://wiki.alpinelinux.org/wiki/Podman"},"Alpine Linux wiki"),"."),(0,o.kt)("h4",{id:"centos-stream"},(0,o.kt)("a",{parentName:"h4",href:"https://www.centos.org"},"CentOS Stream")),(0,o.kt)("p",null,"Podman is available in the default in the AppStream repo for CentOS Stream 9+."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"sudo dnf -y install podman\n")),(0,o.kt)("h4",{id:"debian"},(0,o.kt)("a",{parentName:"h4",href:"https://debian.org"},"Debian")),(0,o.kt)("p",null,"The podman package is available in the Debian 11 (Bullseye) repositories and later."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"sudo apt-get -y install podman\n")),(0,o.kt)("h4",{id:"fedora"},(0,o.kt)("a",{parentName:"h4",href:"https://getfedora.org"},"Fedora")),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"sudo dnf -y install podman\n")),(0,o.kt)("h4",{id:"fedora-coreos-fedora-silverblue"},(0,o.kt)("a",{parentName:"h4",href:"https://coreos.fedoraproject.org"},"Fedora CoreOS"),", ",(0,o.kt)("a",{parentName:"h4",href:"https://silverblue.fedoraproject.org"},"Fedora Silverblue")),(0,o.kt)("p",null,"Built-in, no need to install"),(0,o.kt)("h4",{id:"gentoo"},(0,o.kt)("a",{parentName:"h4",href:"https://www.gentoo.org"},"Gentoo")),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"sudo emerge app-containers/podman\n")),(0,o.kt)("h4",{id:"openembedded"},(0,o.kt)("a",{parentName:"h4",href:"https://www.openembedded.org"},"OpenEmbedded")),(0,o.kt)("p",null,"Bitbake recipes for Podman and its dependencies are available in the\n",(0,o.kt)("a",{parentName:"p",href:"https://git.yoctoproject.org/cgit/cgit.cgi/meta-virtualization/"},"meta-virtualization layer"),".\nAdd the layer to your OpenEmbedded build environment and build Podman using:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"bitbake podman\n")),(0,o.kt)("h4",{id:"opensuse"},(0,o.kt)("a",{parentName:"h4",href:"https://www.opensuse.org"},"openSUSE")),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"sudo zypper install podman\n")),(0,o.kt)("h4",{id:"opensuse-kubic"},(0,o.kt)("a",{parentName:"h4",href:"https://kubic.opensuse.org"},"openSUSE Kubic")),(0,o.kt)("p",null,"Built-in, no need to install"),(0,o.kt)("h4",{id:"raspberry-pi-os-arm64-beta"},(0,o.kt)("a",{parentName:"h4",href:"https://downloads.raspberrypi.org/raspios_arm64/images/"},"Raspberry Pi OS arm64 (beta)")),(0,o.kt)("p",null,"Raspberry Pi OS use the standard Debian repositories,\nso it is fully compatible with Debian's arm64 repository.\nYou can simply follow the ",(0,o.kt)("a",{parentName:"p",href:"#debian"},"steps for Debian")," to install Podman."),(0,o.kt)("h4",{id:"rhel"},(0,o.kt)("a",{parentName:"h4",href:"https://www.redhat.com/en/technologies/linux-platforms/enterprise-linux"},"RHEL")),(0,o.kt)("p",null,"Follow the ",(0,o.kt)("a",{parentName:"p",href:"https://access.redhat.com/solutions/3650231"},"official docs"),"."),(0,o.kt)("h4",{id:"ubuntu"},(0,o.kt)("a",{parentName:"h4",href:"https://www.ubuntu.com"},"Ubuntu")),(0,o.kt)("p",null,"The podman package is available in the official repositories for Ubuntu 20.10\nand newer."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"# Ubuntu 20.10 and newer\nsudo apt-get update\nsudo apt-get -y install podman\n")),(0,o.kt)("h4",{id:"linux-mint"},(0,o.kt)("a",{parentName:"h4",href:"https://linuxmint.com"},"Linux Mint")),(0,o.kt)("p",null,"Follow the steps for Ubuntu (or Debian if you use LMDE)."),(0,o.kt)("p",null,"Replace ",(0,o.kt)("inlineCode",{parentName:"p"},"$(lsb_release -rs)")," with ",(0,o.kt)("inlineCode",{parentName:"p"},'$(grep DISTRIB_RELEASE= /etc/upstream-release/lsb-release | cut -d "=" -f 2)')," for Ubuntu steps."),(0,o.kt)("h3",{id:"installing-development-versions-of-podman"},"Installing development versions of Podman"),(0,o.kt)("h4",{id:"fedora-1"},(0,o.kt)("a",{parentName:"h4",href:"https://getfedora.org"},"Fedora")),(0,o.kt)("p",null,"You can test the very latest Podman in Fedora's ",(0,o.kt)("inlineCode",{parentName:"p"},"updates-testing"),"\nrepository before it goes out to all Fedora users."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-console"},"sudo dnf update --refresh --enablerepo=updates-testing podman\n")),(0,o.kt)("p",null,"If you use a newer Podman package from Fedora's ",(0,o.kt)("inlineCode",{parentName:"p"},"updates-testing"),", we would\nappreciate your ",(0,o.kt)("inlineCode",{parentName:"p"},"+1")," feedback in ",(0,o.kt)("a",{parentName:"p",href:"https://bodhi.fedoraproject.org/updates/?packages=podman"},"Bodhi, Fedora's update management\nsystem"),"."),(0,o.kt)("h3",{id:"installing-bleeding-edge-versions-of-podman"},"Installing bleeding-edge versions of Podman"),(0,o.kt)("p",null,"If you like danger and are interested in testing the latest\nunreleased bits of Podman on Fedora, CentOS Stream 9+ and RHEL9+, we have a ",(0,o.kt)("a",{parentName:"p",href:"https://copr.fedorainfracloud.org/coprs/rhcontainerbot/podman-next/"},"Copr repository"),"."),(0,o.kt)("p",null,"CAUTION: This repository contains rpm builds generated using the ",(0,o.kt)("inlineCode",{parentName:"p"},"main")," branch\nof upstream container tools repositories, and simply CANNOT be recommended for\nany production use."),(0,o.kt)("p",null,"Enable the Copr and install podman."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"sudo dnf copr enable rhcontainerbot/podman-next -y\nsudo dnf install podman\n")),(0,o.kt)("h2",{id:"installing-on-freebsd-140"},"Installing on ",(0,o.kt)("a",{parentName:"h2",href:"https://freebsd.org"},"FreeBSD")," 14.0"),(0,o.kt)("blockquote",null,(0,o.kt)("p",{parentName:"blockquote"},"[!WARNING]","\nThe FreeBSD port of the Podman container engine is experimental and should be used for evaluation and testing purposes only.")),(0,o.kt)("p",null,"You can install Podman on FreeBSD using ",(0,o.kt)("inlineCode",{parentName:"p"},"pkg"),":"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"pkg install podman\n")),(0,o.kt)("p",null,"There's also a ",(0,o.kt)("inlineCode",{parentName:"p"},"podman-suite")," meta package that will pull additional packages for you (buildah, skopeo)."),(0,o.kt)("h4",{id:"initial-configuration"},"Initial configuration"),(0,o.kt)("p",null,"To properly support Podman's container restart policy, conmon needs ",(0,o.kt)("inlineCode",{parentName:"p"},"fdescfs(5)")," to be mounted on ",(0,o.kt)("inlineCode",{parentName:"p"},"/dev/fd"),"."),(0,o.kt)("p",null,"If ",(0,o.kt)("inlineCode",{parentName:"p"},"/dev/fd")," is not already mounted:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"mount -t fdescfs fdesc /dev/fd\n")),(0,o.kt)("p",null,"To make it permanent, add the following line to ",(0,o.kt)("inlineCode",{parentName:"p"},"/etc/fstab"),":"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},"fdesc /dev/fd fdescfs rw 0 0\n")),(0,o.kt)("p",null,"To start Podman after reboot:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"service podman enable\n")),(0,o.kt)("h5",{id:"networking"},"Networking"),(0,o.kt)("p",null,"Container networking relies on NAT to allow container network packets out to the host's network. This requires a PF firewall to perform the translation. A simple example is included - to use it:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"cp /usr/local/etc/containers/pf.conf.sample /etc/pf.conf\n")),(0,o.kt)("p",null,"Edit ",(0,o.kt)("inlineCode",{parentName:"p"},"/etc/pf.conf")," and set ",(0,o.kt)("inlineCode",{parentName:"p"},"v4egress_if"),", ",(0,o.kt)("inlineCode",{parentName:"p"},"v6egress_if")," variables to your network interface(s)s"),(0,o.kt)("p",null,"Enable and start ",(0,o.kt)("inlineCode",{parentName:"p"},"pf"),":"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},"service pf enable\nservice pf start\n")),(0,o.kt)("p",null,"The sample PF configuration includes support for port redirections. These are implemented as redirect rules in anchors nested under cni-rdr."),(0,o.kt)("p",null,"Support for redirecting connections from the container host to services running inside a container is included for FreeBSD 13.3 and later. To enable this, first load the pf kernel module and enable PF support for these redirections using sysctl:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"echo 'pf_load=\"YES\"' >> /boot/loader.conf\nkldload pf\nsysctl net.pf.filter_local=1\necho 'net.pf.filter_local=1' >> /etc/sysctl.conf.local\nservice pf restart\n")),(0,o.kt)("p",null,"Redirect rules will work if the destination address is localhost (e.g. 127.0.0.1 or ::1) - to enable this, the following line must be included in your ",(0,o.kt)("inlineCode",{parentName:"p"},"/etc/pf.conf"),":"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},'nat-anchor "cni-rdr/*"\n')),(0,o.kt)("p",null,"if upgrading from an older version, this needs to be added to ",(0,o.kt)("inlineCode",{parentName:"p"},"/etc/pf.conf"),"."),(0,o.kt)("p",null,"For example if host port 1234 is redirected to an http service running in a\ncontainer, you could connect to it using:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"fetch -o- http://$(hostname):1234\n")),(0,o.kt)("p",null,"or"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"fetch -o- http://localhost:1234\n")),(0,o.kt)("h5",{id:"storage"},"Storage"),(0,o.kt)("p",null,"Container images and related state is stored in ",(0,o.kt)("inlineCode",{parentName:"p"},"/var/db/containers"),". It is recommended to use ZFS for this:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"zfs create -o mountpoint=/var/db/containers zroot/containers\n")),(0,o.kt)("p",null,"If your system cannot use ZFS, change ",(0,o.kt)("inlineCode",{parentName:"p"},"storage.conf")," to use the ",(0,o.kt)("inlineCode",{parentName:"p"},"vfs")," storage driver:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},'sed -I .bak -e \'s/driver = "zfs"/driver = "vfs"/\' /usr/local/etc/containers/storage.conf\n')),(0,o.kt)("h5",{id:"verification"},"Verification"),(0,o.kt)("p",null,"After following these steps you should be able to run native images:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"podman run --rm docker.io/dougrabson/hello\n")),(0,o.kt)("h5",{id:"linux-emulation"},"Linux Emulation"),(0,o.kt)("p",null,"It is possible to run many Linux container images using FreeBSD's Linux emulation:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},'sudo sysrc linux_enable=YES\nsudo service linux start\nsudo podman run --rm --os=linux alpine cat /etc/os-release | head -1\nNAME="Alpine Linux"\n')),(0,o.kt)("h2",{id:"building-from-source"},"Building from Source"),(0,o.kt)("h3",{id:"build-and-run-dependencies"},"Build and Run Dependencies"),(0,o.kt)("p",null,(0,o.kt)("strong",{parentName:"p"},"Required")),(0,o.kt)("p",null,"On Fedora:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"# Install build dependencies\nsudo dnf -y builddep rpm/podman.spec\n\n# Install runtime dependencies\nsudo dnf -y install catatonit conmon containers-common-extra\n")),(0,o.kt)("p",null,"On all RHEL and CentOS Stream, first install ",(0,o.kt)("inlineCode",{parentName:"p"},"dnf-builddep"),":"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"sudo dnf -y install 'dnf-command(builddep)'\n")),(0,o.kt)("p",null,"Install build dependencies:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"# CentOS Stream 9+\nsudo dnf -y builddep rpm/podman.spec --enablerepo=crb\n\n# RHEL 9+\nsudo dnf -y builddep rpm/podman.spec --enablerepo=codeready-builder-for-rhel-$(rpm --eval %{?rhel})-$(uname -m)-rpms\n")),(0,o.kt)("p",null,"Install runtime dependencies:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"sudo dnf -y install \\\n conmon \\\n containers-common \\\n crun \\\n iptables \\\n netavark \\\n nftables \\\n slirp4netns\n")),(0,o.kt)("p",null,"Debian, Ubuntu, and related distributions:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"sudo apt-get install \\\n btrfs-progs \\\n crun \\\n git \\\n golang-go \\\n go-md2man \\\n iptables \\\n libassuan-dev \\\n libbtrfs-dev \\\n libc6-dev \\\n libdevmapper-dev \\\n libglib2.0-dev \\\n libgpgme-dev \\\n libgpg-error-dev \\\n libprotobuf-dev \\\n libprotobuf-c-dev \\\n libseccomp-dev \\\n libselinux1-dev \\\n libsystemd-dev \\\n make \\\n netavark \\\n pkg-config \\\n uidmap\n")),(0,o.kt)("p",null,"The ",(0,o.kt)("inlineCode",{parentName:"p"},"netavark")," package may not be available on older Debian / Ubuntu\nversions. Install the ",(0,o.kt)("inlineCode",{parentName:"p"},"containernetworking-plugins")," package instead."),(0,o.kt)("p",null,"On openSUSE Leap 15.x and Tumbleweed:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"sudo zypper -n in libseccomp-devel libgpgme-devel\n")),(0,o.kt)("p",null,"On Manjaro (and maybe other Linux distributions):"),(0,o.kt)("p",null,"Make sure that the Linux kernel supports user namespaces:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},"> zgrep CONFIG_USER_NS /proc/config.gz\nCONFIG_USER_NS=y\n\n")),(0,o.kt)("p",null,"If not, please update the kernel.\nFor Manjaro Linux the instructions can be found here:\n",(0,o.kt)("a",{parentName:"p",href:"https://wiki.manjaro.org/index.php/Manjaro_Kernels"},"https://wiki.manjaro.org/index.php/Manjaro_Kernels")),(0,o.kt)("p",null,"After that enable user namespaces:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},"sudo sysctl kernel.unprivileged_userns_clone=1\n")),(0,o.kt)("p",null,"To enable the user namespaces permanently:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},"echo 'kernel.unprivileged_userns_clone=1' > /etc/sysctl.d/userns.conf\n")),(0,o.kt)("h3",{id:"building-missing-dependencies"},"Building missing dependencies"),(0,o.kt)("p",null,"If any dependencies cannot be installed or are not sufficiently current, they have to be built from source.\nThis will mainly affect Debian, Ubuntu, and related distributions, or RHEL where no subscription is active (e.g. Cloud VMs)."),(0,o.kt)("h4",{id:"golang"},"golang"),(0,o.kt)("p",null,"Be careful to double-check that the version of golang is new enough (i.e. ",(0,o.kt)("inlineCode",{parentName:"p"},"go version"),"), as of January 2022 version is 1.16.x or higher is required.\nThe current minimum required version can always be found in the ",(0,o.kt)("a",{parentName:"p",href:"https://github.com/containers/podman/blob/main/go.mod"},"go.mod")," file.\nIf needed, golang kits are available at ",(0,o.kt)("a",{parentName:"p",href:"https://golang.org/dl/"},"https://golang.org/dl/"),". Alternatively, go can be built from source as follows\n(it's helpful to leave the system-go installed, to avoid having to ",(0,o.kt)("a",{parentName:"p",href:"https://golang.org/doc/install/source"},"bootstrap go"),":"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"export GOPATH=~/go\ngit clone https://go.googlesource.com/go $GOPATH\ncd $GOPATH\ncd src\n./all.bash\nexport PATH=$GOPATH/bin:$PATH\n")),(0,o.kt)("h4",{id:"conmon"},"conmon"),(0,o.kt)("p",null,"The latest version of ",(0,o.kt)("inlineCode",{parentName:"p"},"conmon")," is expected to be installed on the system. Conmon is used to monitor OCI Runtimes.\nTo build from source, use the following:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},'git clone https://github.com/containers/conmon\ncd conmon\nexport GOCACHE="$(mktemp -d)"\nmake\nsudo make podman\n')),(0,o.kt)("h4",{id:"crun--runc"},"crun / runc"),(0,o.kt)("p",null,"The latest version of at least one container runtime is expected to be installed on the system. ",(0,o.kt)("inlineCode",{parentName:"p"},"crun")," or ",(0,o.kt)("inlineCode",{parentName:"p"},"runc")," are some of the possibilities, and one is picked up as the default runtime by Podman (crun has priority over runc).\nSupported versions of ",(0,o.kt)("inlineCode",{parentName:"p"},"crun")," or ",(0,o.kt)("inlineCode",{parentName:"p"},"runc")," are available for example on Ubuntu 22.04.\n",(0,o.kt)("inlineCode",{parentName:"p"},"runc")," version 1.0.0-rc4 is the minimal requirement, which is available since Ubuntu 18.04."),(0,o.kt)("p",null,"To double-check, ",(0,o.kt)("inlineCode",{parentName:"p"},"runc --version")," should produce at least ",(0,o.kt)("inlineCode",{parentName:"p"},"spec: 1.0.1"),", otherwise build your own:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},'git clone https://github.com/opencontainers/runc.git $GOPATH/src/github.com/opencontainers/runc\ncd $GOPATH/src/github.com/opencontainers/runc\nmake BUILDTAGS="selinux seccomp"\nsudo cp runc /usr/bin/runc\n')),(0,o.kt)("h4",{id:"add-configuration"},"Add configuration"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"sudo mkdir -p /etc/containers\nsudo curl -L -o /etc/containers/registries.conf https://raw.githubusercontent.com/containers/image/main/registries.conf\nsudo curl -L -o /etc/containers/policy.json https://raw.githubusercontent.com/containers/image/main/default-policy.json\n")),(0,o.kt)("h4",{id:"optional-packages"},"Optional packages"),(0,o.kt)("p",null,"Fedora, CentOS, RHEL, and related distributions:"),(0,o.kt)("p",null,"(no optional packages)"),(0,o.kt)("p",null,"Debian, Ubuntu, and related distributions:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"apt-get install -y \\\n libapparmor-dev\n")),(0,o.kt)("h3",{id:"get-source-code"},"Get Source Code"),(0,o.kt)("p",null,"First, ensure that the ",(0,o.kt)("inlineCode",{parentName:"p"},"go version")," that is found first on the $PATH is 1.16.x or higher. Instruction ",(0,o.kt)("a",{parentName:"p",href:"#golang"},"above")," will help you compile newer version of Go if needed. Then we can build Podman:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},'git clone https://github.com/containers/podman/\ncd podman\nmake BUILDTAGS="selinux seccomp" PREFIX=/usr\nsudo make install PREFIX=/usr\n')),(0,o.kt)("h4",{id:"build-tags"},"Build Tags"),(0,o.kt)("p",null,"Otherwise, if you do not want to build Podman with seccomp or selinux support you can add ",(0,o.kt)("inlineCode",{parentName:"p"},'BUILDTAGS=""')," when running make."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},'make BUILDTAGS=""\nsudo make install\n')),(0,o.kt)("p",null,"Podman supports optional build tags for compiling support of various features.\nTo add build tags to the make option the ",(0,o.kt)("inlineCode",{parentName:"p"},"BUILDTAGS")," variable must be set, for example:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"make BUILDTAGS='seccomp apparmor'\n")),(0,o.kt)("p",null,"If you are building on RHEL8 you'll need to build without btrfs support due to ",(0,o.kt)("a",{parentName:"p",href:"https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/8/html/considerations_in_adopting_rhel_8/file-systems-and-storage_considerations-in-adopting-rhel-8#btrfs-has-been-removed_file-systems-and-storage"},"it being removed"),":"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},'make BUILDTAGS="btrfs_noversion exclude_graphdriver_btrfs"\n')),(0,o.kt)("table",null,(0,o.kt)("thead",{parentName:"table"},(0,o.kt)("tr",{parentName:"thead"},(0,o.kt)("th",{parentName:"tr",align:null},"Build Tag"),(0,o.kt)("th",{parentName:"tr",align:null},"Feature"),(0,o.kt)("th",{parentName:"tr",align:null},"Dependency"))),(0,o.kt)("tbody",{parentName:"table"},(0,o.kt)("tr",{parentName:"tbody"},(0,o.kt)("td",{parentName:"tr",align:null},"apparmor"),(0,o.kt)("td",{parentName:"tr",align:null},"apparmor support"),(0,o.kt)("td",{parentName:"tr",align:null},"libapparmor")),(0,o.kt)("tr",{parentName:"tbody"},(0,o.kt)("td",{parentName:"tr",align:null},"cni"),(0,o.kt)("td",{parentName:"tr",align:null},"CNI networking"),(0,o.kt)("td",{parentName:"tr",align:null})),(0,o.kt)("tr",{parentName:"tbody"},(0,o.kt)("td",{parentName:"tr",align:null},"exclude_graphdriver_btrfs"),(0,o.kt)("td",{parentName:"tr",align:null},"exclude btrfs"),(0,o.kt)("td",{parentName:"tr",align:null},"libbtrfs")),(0,o.kt)("tr",{parentName:"tbody"},(0,o.kt)("td",{parentName:"tr",align:null},"exclude_graphdriver_devicemapper"),(0,o.kt)("td",{parentName:"tr",align:null},"exclude device-mapper"),(0,o.kt)("td",{parentName:"tr",align:null},"libdm")),(0,o.kt)("tr",{parentName:"tbody"},(0,o.kt)("td",{parentName:"tr",align:null},"libdm_no_deferred_remove"),(0,o.kt)("td",{parentName:"tr",align:null},"exclude deferred removal in libdm"),(0,o.kt)("td",{parentName:"tr",align:null},"libdm")),(0,o.kt)("tr",{parentName:"tbody"},(0,o.kt)("td",{parentName:"tr",align:null},"seccomp"),(0,o.kt)("td",{parentName:"tr",align:null},"syscall filtering"),(0,o.kt)("td",{parentName:"tr",align:null},"libseccomp")),(0,o.kt)("tr",{parentName:"tbody"},(0,o.kt)("td",{parentName:"tr",align:null},"selinux"),(0,o.kt)("td",{parentName:"tr",align:null},"selinux process and mount labeling"),(0,o.kt)("td",{parentName:"tr",align:null})),(0,o.kt)("tr",{parentName:"tbody"},(0,o.kt)("td",{parentName:"tr",align:null},"systemd"),(0,o.kt)("td",{parentName:"tr",align:null},"journald logging"),(0,o.kt)("td",{parentName:"tr",align:null},"libsystemd")))),(0,o.kt)("p",null,"Note that Podman does not officially support device-mapper. Thus, the ",(0,o.kt)("inlineCode",{parentName:"p"},"exclude_graphdriver_devicemapper")," tag is mandatory."),(0,o.kt)("h3",{id:"vendoring---dependency-management"},"Vendoring - Dependency Management"),(0,o.kt)("p",null,"This project is using ",(0,o.kt)("a",{parentName:"p",href:"https://github.com/golang/go/wiki/Modules"},"go modules")," for dependency management. If the CI is complaining about a pull request leaving behind an unclean state, it is very likely right about it. After changing dependencies, make sure to run ",(0,o.kt)("inlineCode",{parentName:"p"},"make vendor")," to synchronize the code with the go module and repopulate the ",(0,o.kt)("inlineCode",{parentName:"p"},"./vendor")," directory."),(0,o.kt)("h4",{id:"ansible"},"Ansible"),(0,o.kt)("p",null,"An ",(0,o.kt)("a",{parentName:"p",href:"https://github.com/alvistack/ansible-role-podman"},"Ansible Role")," is\nalso available to automate the installation of the above statically\nlinked binary on its supported OS:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"sudo su -\nmkdir -p ~/.ansible/roles\ncd ~/.ansible/roles\ngit clone https://github.com/alvistack/ansible-role-podman.git podman\ncd ~/.ansible/roles/podman\npip3 install --upgrade --ignore-installed --requirement requirements.txt\nmolecule converge\nmolecule verify\n")),(0,o.kt)("h2",{id:"configuration-files"},"Configuration files"),(0,o.kt)("h3",{id:"registriesconf"},(0,o.kt)("a",{parentName:"h3",href:"https://raw.githubusercontent.com/containers/image/main/registries.conf"},"registries.conf")),(0,o.kt)("h4",{id:"man-page-registriesconf5"},"Man Page: ",(0,o.kt)("a",{parentName:"h4",href:"https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md"},"registries.conf.5")),(0,o.kt)("p",null,(0,o.kt)("inlineCode",{parentName:"p"},"/etc/containers/registries.conf")),(0,o.kt)("p",null,"registries.conf is the configuration file which specifies which container registries should be consulted when completing image names which do not include a registry or domain portion."),(0,o.kt)("h4",{id:"example-from-the-fedora-containers-common-package"},"Example from the Fedora ",(0,o.kt)("inlineCode",{parentName:"h4"},"containers-common")," package"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},'$ cat /etc/containers/registries.conf\n# For more information on this configuration file, see containers-registries.conf(5).\n#\n# NOTE: RISK OF USING UNQUALIFIED IMAGE NAMES\n# We recommend always using fully qualified image names including the registry\n# server (full dns name), namespace, image name, and tag\n# (e.g., registry.redhat.io/ubi8/ubi:latest). Pulling by digest (i.e.,\n# quay.io/repository/name@digest) further eliminates the ambiguity of tags.\n# When using short names, there is always an inherent risk that the image being\n# pulled could be spoofed. For example, a user wants to pull an image named\n# `foobar` from a registry and expects it to come from myregistry.com. If\n# myregistry.com is not first in the search list, an attacker could place a\n# different `foobar` image at a registry earlier in the search list. The user\n# would accidentally pull and run the attacker\'s image and code rather than the\n# intended content. We recommend only adding registries which are completely\n# trusted (i.e., registries which don\'t allow unknown or anonymous users to\n# create accounts with arbitrary names). This will prevent an image from being\n# spoofed, squatted or otherwise made insecure. If it is necessary to use one\n# of these registries, it should be added at the end of the list.\n#\n# # An array of host[:port] registries to try when pulling an unqualified image, in order.\nunqualified-search-registries = ["registry.fedoraproject.org", "registry.access.redhat.com", "docker.io"]\n#\n# [[registry]]\n# # The "prefix" field is used to choose the relevant [[registry]] TOML table;\n# # (only) the TOML table with the longest match for the input image name\n# # (taking into account namespace/repo/tag/digest separators) is used.\n# #\n# # If the prefix field is missing, it defaults to be the same as the "location" field.\n# prefix = "example.com/foo"\n#\n# # If true, unencrypted HTTP as well as TLS connections with untrusted\n# # certificates are allowed.\n# insecure = false\n#\n# # If true, pulling images with matching names is forbidden.\n# blocked = false\n#\n# # The physical location of the "prefix"-rooted namespace.\n# #\n# # By default, this equal to "prefix" (in which case "prefix" can be omitted\n# # and the [[registry]] TOML table can only specify "location").\n# #\n# # Example: Given\n# # prefix = "example.com/foo"\n# # location = "internal-registry-for-example.net/bar"\n# # requests for the image example.com/foo/myimage:latest will actually work with the\n# # internal-registry-for-example.net/bar/myimage:latest image.\n# location = "internal-registry-for-example.com/bar"\n#\n# # (Possibly-partial) mirrors for the "prefix"-rooted namespace.\n# #\n# # The mirrors are attempted in the specified order; the first one that can be\n# # contacted and contains the image will be used (and if none of the mirrors contains the image,\n# # the primary location specified by the "registry.location" field, or using the unmodified\n# # user-specified reference, is tried last).\n# #\n# # Each TOML table in the "mirror" array can contain the following fields, with the same semantics\n# # as if specified in the [[registry]] TOML table directly:\n# # - location\n# # - insecure\n# [[registry.mirror]]\n# location = "example-mirror-0.local/mirror-for-foo"\n# [[registry.mirror]]\n# location = "example-mirror-1.local/mirrors/foo"\n# insecure = true\n# # Given the above, a pull of example.com/foo/image:latest will try:\n# # 1. example-mirror-0.local/mirror-for-foo/image:latest\n# # 2. example-mirror-1.local/mirrors/foo/image:latest\n# # 3. internal-registry-for-example.net/bar/image:latest\n# # in order, and use the first one that exists.\n#\n# short-name-mode="enforcing"\n\n[[registry]]\nlocation="localhost:5000"\ninsecure=true\n')),(0,o.kt)("h3",{id:"mountsconf"},(0,o.kt)("a",{parentName:"h3",href:"https://raw.githubusercontent.com/containers/common/main/pkg/subscriptions/mounts.conf"},"mounts.conf")),(0,o.kt)("p",null,(0,o.kt)("inlineCode",{parentName:"p"},"/usr/share/containers/mounts.conf")," and optionally ",(0,o.kt)("inlineCode",{parentName:"p"},"/etc/containers/mounts.conf")),(0,o.kt)("p",null,"The mounts.conf files specify volume mount directories that are automatically mounted inside containers when executing the ",(0,o.kt)("inlineCode",{parentName:"p"},"podman run")," or ",(0,o.kt)("inlineCode",{parentName:"p"},"podman build")," commands. Container process can then use this content. The volume mount content does not get committed to the final image."),(0,o.kt)("p",null,"Usually these directories are used for passing secrets or credentials required by the package software to access remote package repositories."),(0,o.kt)("p",null,'For example, a mounts.conf with the line "',(0,o.kt)("inlineCode",{parentName:"p"},"/usr/share/rhel/secrets:/run/secrets"),'", the content of ',(0,o.kt)("inlineCode",{parentName:"p"},"/usr/share/rhel/secrets")," directory is mounted on ",(0,o.kt)("inlineCode",{parentName:"p"},"/run/secrets")," inside the container. This mountpoint allows Red Hat Enterprise Linux subscriptions from the host to be used within the container."),(0,o.kt)("p",null,"Note this is not a volume mount. The content of the volumes is copied into container storage, not bind mounted directly from the host."),(0,o.kt)("h4",{id:"example-from-the-fedora-containers-common-package-1"},"Example from the Fedora ",(0,o.kt)("inlineCode",{parentName:"h4"},"containers-common")," package:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},"cat /usr/share/containers/mounts.conf\n/usr/share/rhel/secrets:/run/secrets\n")),(0,o.kt)("h3",{id:"seccompjson"},(0,o.kt)("a",{parentName:"h3",href:"https://raw.githubusercontent.com/containers/common/main/pkg/seccomp/seccomp.json"},"seccomp.json")),(0,o.kt)("p",null,(0,o.kt)("inlineCode",{parentName:"p"},"/usr/share/containers/seccomp.json")),(0,o.kt)("p",null,"seccomp.json contains the whitelist of seccomp rules to be allowed inside of\ncontainers. This file is usually provided by the containers-common package."),(0,o.kt)("p",null,"The link above takes you to the seccomp.json"),(0,o.kt)("h3",{id:"policyjson"},(0,o.kt)("a",{parentName:"h3",href:"https://raw.githubusercontent.com/containers/image/main/default-policy.json"},"policy.json")),(0,o.kt)("p",null,(0,o.kt)("inlineCode",{parentName:"p"},"/etc/containers/policy.json")),(0,o.kt)("h4",{id:"man-page-policyjson5"},"Man Page: ",(0,o.kt)("a",{parentName:"h4",href:"https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md"},"policy.json.5")),(0,o.kt)("h4",{id:"example-from-the-fedora-containers-common-package-2"},"Example from the Fedora ",(0,o.kt)("inlineCode",{parentName:"h4"},"containers-common")," package:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},'cat /etc/containers/policy.json\n{\n "default": [\n {\n "type": "insecureAcceptAnything"\n }\n ],\n "transports":\n {\n "docker-daemon":\n {\n "": [{"type":"insecureAcceptAnything"}]\n }\n }\n}\n')))}c.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/runtime~main.d5133750.js b/assets/js/runtime~main.98085231.js similarity index 99% rename from assets/js/runtime~main.d5133750.js rename to assets/js/runtime~main.98085231.js index 1270e9833..147bf9fb8 100644 --- a/assets/js/runtime~main.d5133750.js +++ b/assets/js/runtime~main.98085231.js @@ -1 +1 @@ -(()=>{"use strict";var e,d,c,a,b,f={},t={};function r(e){var d=t[e];if(void 0!==d)return d.exports;var c=t[e]={id:e,loaded:!1,exports:{}};return f[e].call(c.exports,c,c.exports,r),c.loaded=!0,c.exports}r.m=f,r.c=t,e=[],r.O=(d,c,a,b)=>{if(!c){var f=1/0;for(i=0;i=b)&&Object.keys(r.O).every((e=>r.O[e](c[o])))?c.splice(o--,1):(t=!1,b0&&e[i-1][2]>b;i--)e[i]=e[i-1];e[i]=[c,a,b]},r.n=e=>{var d=e&&e.__esModule?()=>e.default:()=>e;return r.d(d,{a:d}),d},c=Object.getPrototypeOf?e=>Object.getPrototypeOf(e):e=>e.__proto__,r.t=function(e,a){if(1&a&&(e=this(e)),8&a)return e;if("object"==typeof e&&e){if(4&a&&e.__esModule)return e;if(16&a&&"function"==typeof e.then)return e}var b=Object.create(null);r.r(b);var f={};d=d||[null,c({}),c([]),c(c)];for(var t=2&a&&e;"object"==typeof t&&!~d.indexOf(t);t=c(t))Object.getOwnPropertyNames(t).forEach((d=>f[d]=()=>e[d]));return f.default=()=>e,r.d(b,f),b},r.d=(e,d)=>{for(var c in d)r.o(d,c)&&!r.o(e,c)&&Object.defineProperty(e,c,{enumerable:!0,get:d[c]})},r.f={},r.e=e=>Promise.all(Object.keys(r.f).reduce(((d,c)=>(r.f[c](e,d),d)),[])),r.u=e=>"assets/js/"+({21:"300f4cd6",109:"795f3bdb",312:"15d0580c",747:"260a4a36",815:"c7567e98",925:"36e2d848",940:"18f6552f",983:"d3ca5c2e",1087:"94dc7cfd",1238:"b5cde707",1310:"fc1fe8cd",1358:"5a7d75ff",1416:"6cda4436",1438:"b28576cd",1488:"78e22a47",1514:"6e48d5f2",1741:"5a638c7a",1953:"3e8d5da4",2077:"1e439a5b",2232:"6f8faf89",2271:"9cc26b9a",2322:"dcd93014",2466:"a500dec7",2467:"6d895060",2572:"1f1afc48",2879:"41bc5d3f",3007:"e7e456ae",3419:"b420e108",3465:"1431f569",3694:"88dfd727",3729:"2e0a315c",4247:"1b19517e",4250:"16b64f07",4336:"70365baa",4358:"0b13c270",4714:"08650cf2",4847:"e257e53c",4998:"e8f48e86",5166:"7bbfc3b6",5215:"3b4c1a08",5291:"00feb899",5422:"30983fb2",5426:"f41d5350",5481:"77a3d39e",5488:"b1a5927e",5510:"bf00a8d0",5569:"dfbccedb",5774:"9ec8eba6",6182:"dfcf29be",6213:"55e4d810",6380:"1ac601ec",6455:"2b956348",6740:"9f833be8",6795:"e30f1b57",7069:"98fbcf17",7087:"3da98dca",7096:"173771a7",7319:"2f0cfb14",7328:"b0998319",7383:"ad8204b4",7392:"a6195e9a",7402:"fbb59325",7457:"ed94db85",7659:"ccd53d21",7695:"993aa953",7703:"9482ce64",7741:"a4d3bfdf",7786:"8917ad4d",7789:"c41a9bbf",7800:"5757960c",7811:"d0a74388",7865:"2c65c31e",7899:"d45a981c",8007:"63c93610",8214:"6598a7ba",8243:"bcfd1a7d",8298:"687e20bc",8338:"ad85b1ef",8523:"8a33da19",8654:"03cfa6f7",8914:"f7385094",8934:"8dcf93dc",9093:"ad9bab9a",9104:"bd403acb",9140:"3706fe77",9546:"655adf18",9621:"8dd461fc",9769:"7e337a56",9784:"84261676",9887:"0619e1d5",10149:"370de2d9",10330:"12a06ad6",10409:"d19115d7",10507:"3e12f454",10554:"a4c05209",10582:"e6dd6da5",10601:"a3470c53",10623:"62314bb1",10648:"b6d3d2df",10654:"8d265025",10704:"23352ec4",10962:"e2da1f85",11177:"f6a9426b",11180:"7aa5df64",11274:"4f3516e2",11310:"1b267c09",11426:"9790f6d3",11618:"a6016a7e",11697:"5b09d46c",11930:"4f5d49a9",11938:"a1963bff",12021:"33212b4b",12026:"f031a327",12066:"a0e6b5c2",12105:"1d52074d",12205:"ce50ea2a",12368:"3f6be463",12585:"edbec64d",12602:"5457b00e",12603:"d5af26f4",12658:"3a435e54",12681:"c81b193a",12865:"7371e1a3",12882:"1c0e9aa0",13056:"f8b3aa78",13072:"a94ee45d",13123:"bc4d58a4",13245:"36d71838",13261:"3e264488",13344:"cb7043f0",13460:"7bde4295",13575:"edea3d23",13581:"00d5b134",13634:"90925eb7",13825:"c945ac6e",14007:"861f751b",14050:"71f012fd",14085:"c103f181",14640:"30269bac",14873:"fc06a125",14986:"080a77b8",15062:"879b8a59",15185:"f4774aa2",15316:"826eb956",15350:"ecc58e23",15574:"90e47a5b",15651:"915a4fec",15709:"995dbe35",15729:"a4cf8478",15736:"dd6e498d",15771:"dde9c6cc",15921:"90609308",15979:"e1bea0d2",16186:"23b969f8",16380:"126508e2",16684:"d8256cbb",16992:"8a8987ef",17104:"6ed3fb3b",17541:"1076f64b",17634:"672b3b49",17994:"ed200b07",18083:"64b2938c",18091:"e699d4d1",18233:"dc366153",18348:"af61538a",18503:"ab131112",18543:"84e59631",18654:"d20320e1",18676:"26684b7d",18746:"92b86d63",18952:"40f1cf9e",18975:"457b963a",19096:"7720bb24",19186:"40907c41",19336:"f56cf62c",19478:"6728c7a9",19480:"c4428c45",19509:"8e9960dc",19599:"e10d246f",19612:"37963c82",19720:"dfb5f0c7",19840:"d67039b7",20111:"fdfb486c",20119:"e2bf4803",20686:"868b8e17",20739:"6eed3feb",20769:"1cc400ce",20898:"acc03d12",21020:"34156d76",21022:"949f9e5c",21054:"8a5c65cb",21131:"c64c8a00",21290:"ecf397c5",21307:"7863a04f",21411:"a9af3507",21499:"6b670249",21511:"92e7b68f",21574:"2fd2ba7e",21594:"dec2802b",21715:"fec5c7d4",21926:"c6ca8e82",21994:"2ae252f9",22035:"bdf7d44f",22036:"07b2872f",22092:"50610133",22094:"f167b037",22159:"f42d2ef1",22348:"dcb471a6",22394:"58f46323",22498:"9a3d5681",22502:"a4f23293",22570:"1222082a",22609:"5e15c15b",22681:"3c116a82",22697:"42895aa9",22713:"eb29bc22",22965:"09772b34",22970:"15f6fe0f",23169:"146d05d7",23199:"b4ed5649",23475:"c283ece6",23486:"c9448d9e",23521:"f0de574e",23676:"eb3dc601",23719:"bff9d2be",23910:"175c78b3",23915:"3fa39283",24004:"d0fc3039",24174:"2132f2c8",24180:"0702198c",24212:"b6120ea9",24269:"833dfbe2",24276:"365269c3",24340:"cbf62e80",24349:"9cdc8175",24354:"20d73eb2",24464:"b02de59a",24720:"f98e13e4",24920:"7040ea16",24930:"77ff8c5f",25088:"27b2bedd",25297:"59476d7b",25480:"2ffafe2d",25561:"b00a96e0",25618:"fbf5a5bc",25915:"d33dc195",25929:"1b28acf9",26123:"2865d6a1",26283:"636ce216",26389:"526841b1",26546:"05d073aa",26571:"18ba6a46",26583:"22f788e4",26599:"d7924564",26780:"fe92c3c8",26824:"4ea5776c",27071:"9b14b78f",27103:"e43c6f85",27166:"c50c64c1",27278:"e93086c6",27339:"fa5a4d6d",27495:"8a77ded3",27510:"7ac58bfb",27785:"c709e528",27918:"17896441",28006:"2a769183",28027:"cbee0725",28045:"e5c15292",28065:"51a6b448",28109:"b8763a3d",28250:"3fdf6886",28294:"a73e6386",28424:"0a3ca7a0",28427:"41e2cb2a",28528:"fbc46c8d",28600:"3962ec11",28614:"a972ad3e",28621:"282850f5",28706:"bd9ea72b",28755:"b77b8c66",29106:"7a52780b",29245:"1c258b38",29307:"8bddd949",29514:"1be78505",29597:"6591a8d4",29753:"91d2db81",29946:"216a98d5",29969:"628c5638",29996:"07a41131",30144:"f2b72252",30433:"3151d179",30763:"56554851",30836:"0fc51021",30853:"dfea22ae",30868:"8c335d31",31289:"b52fa139",31301:"fb52e9b8",31386:"e6dd87aa",31422:"97f5f3c2",31472:"35eb483f",31617:"59c3a605",31626:"35265ade",31671:"cbd72529",31803:"1517121d",31809:"bc8b2a0c",31921:"08efe41f",31967:"03d0b641",32077:"7a4d057f",32263:"92103f47",32440:"5bc595e9",32535:"da36def6",32663:"69fd7c0e",32699:"8fd272bb",32764:"bd4362ca",32809:"759f5d40",32810:"4741f96c",32942:"70de5b5f",33019:"a4e49971",33040:"ce6ee837",33150:"e8d4cdb9",33191:"f6784245",33313:"93996e09",33514:"99dc4662",33698:"341b1c91",34049:"1e415b6f",34085:"cc549ae9",34093:"836ce71c",34176:"ce59b13f",34203:"3ad596a9",34224:"c4ffb2d2",34316:"f8990407",34377:"e3c905de",34682:"6d0e887d",34740:"078ca05e",34771:"9d708593",34967:"e9b5709f",34970:"913247ec",34998:"7c404f02",35119:"714a0345",35174:"7ac0181b",35206:"161a8a09",35223:"b3cc103d",35406:"d602a484",35542:"43947e47",35638:"f42f3bd8",35674:"3f324a56",35821:"284a080c",35839:"cfc90e78",35913:"e00fa61b",35995:"b49d70f9",36358:"0b3545e4",36516:"83ce496e",36549:"1d5b23e2",36555:"80a8b741",36668:"c968257b",36694:"4a506fa9",36714:"16b4412b",36777:"aa9d4f22",36868:"cca70ef7",36883:"077ee5ba",37300:"1f1b61b4",37503:"8887a228",37590:"c94d8736",37704:"5f6ea5d7",37739:"70ea087d",37861:"9bc8facc",37998:"4e5322cc",38002:"640423d2",38098:"99b17796",38130:"cd61fe91",38153:"9919686c",38279:"29a08e9a",38342:"1fd61002",38382:"e02565da",38429:"fb6c00a7",38515:"265621d8",38590:"29b0c18d",38773:"217d978d",38774:"d2eed707",39063:"f083362e",39184:"cefce2a2",39609:"c1660528",39652:"b0851ee2",39781:"7379db51",39840:"5447c5cf",39880:"1677abc3",39945:"91524627",39977:"30ad8f72",40104:"465a7087",40300:"1dcbf034",40363:"d3b3891b",40408:"d24baff8",40412:"2bd82a96",40421:"53d6371d",40578:"234e638a",40613:"59f2fdda",40791:"7259f1b1",41021:"90e6bfa4",41026:"4c5e3d0c",41048:"0a00aed9",41119:"1738210e",41232:"ea710672",41298:"969fec62",41337:"19e0fcb3",41490:"d449dcf1",41550:"fb6543cb",41600:"cb9e7599",41606:"5f3ec91d",41713:"6f23519e",41748:"b2974c0c",41797:"e9e146f9",41808:"f918b75b",41843:"d3ee8f76",41862:"7d20fe42",41863:"7820f9d0",41910:"cb0f9cfc",42060:"4c8bab11",42184:"e57902fd",42213:"42d74bd0",42293:"352fe4c2",42384:"f2b29f39",42408:"369767ab",42774:"56af85b5",42798:"4fbbeb6d",42807:"56e0102d",42815:"04c84ab7",42900:"461bbd2f",42908:"952453f2",42936:"8616380d",42957:"9ab9d50f",42977:"6b5f3f1c",43075:"cee81a32",43240:"6f717a16",43386:"619f4ce6",43527:"d9ff0d7c",43567:"7c224e35",43570:"f9f60325",43662:"e0085fac",43690:"f5855e91",43855:"0565c07f",43991:"c7c76429",44164:"76752974",44351:"4b04188a",44437:"03174832",44442:"ec8dee43",44689:"93f2b152",44913:"00f8cb14",45007:"649093c4",45182:"0befdadd",45403:"4fd18230",45570:"5f002f12",45585:"659951bd",45621:"456cfd32",45971:"5dbe590f",46003:"ca13f458",46021:"cf1ecaf1",46103:"ccc49370",46150:"d409a93e",46203:"8f876d16",46225:"bf3f6241",46265:"05e002f0",46348:"8e3c5f08",46406:"a70d2e82",46436:"32b646fc",46442:"88746a45",46596:"20979765",46651:"8ec6e829",46705:"f3740653",46734:"4a76d056",46762:"ac1eaa32",46779:"708daa68",46878:"7430a490",46947:"feb1236d",46971:"c377a04b",47057:"140f3dee",47362:"c617b3ad",47484:"244e56d5",47497:"51b3f280",47532:"52763308",47611:"9c8e56d0",47618:"7d2009bc",47647:"ab97ccc9",48085:"5bdb327e",48100:"9983579e",48111:"008e479d",48440:"0f92a9a8",48441:"2ea98982",48472:"005af5ea",48527:"bebebfab",48610:"6875c492",48772:"72cc6d1e",48797:"bfb74d34",49201:"2dd6b9ac",49277:"8a72ccb4",49492:"1c21ba58",50030:"29e3a43b",50065:"d3bd14d4",50154:"93ecf9d2",50155:"cf2b80f9",50295:"692db14d",50475:"199adf45",50536:"3ecf99f6",50566:"36fd6b31",50598:"5b418dd2",50682:"7455c1f8",50734:"a4ae065a",50786:"3b3d7813",51157:"b2fe1a56",51232:"92054cc8",51426:"cb97ded3",51519:"e957a797",51596:"3b10f148",51661:"5b1d965c",51701:"23091f88",51770:"f45be535",51893:"bf65740b",52131:"6dd1a436",52182:"ff85a2bf",52277:"46b1bedd",52303:"1398643a",52535:"814f3328",52607:"5cf52972",52642:"7a3cbbc1",52656:"d09cacbb",52685:"7fdede95",52908:"e830f50c",52916:"5183b70e",52961:"991a0614",53015:"0902dbf0",53121:"001e1716",53237:"1df93b7f",53303:"6e286be6",53608:"9e4087bc",53711:"1a5edc34",53834:"f24dcdab",53978:"cd4bceb7",54142:"c177c35c",54197:"6767fc64",54257:"f656ff8f",54369:"bc7ebba5",54400:"fae58180",54468:"4fe46fb7",54495:"52caa0fa",54549:"ae5766d7",54763:"f8085e57",54768:"04de07fa",54779:"79f1cb63",54797:"51e252e1",54868:"c0fac2c5",54915:"0602922c",54993:"0614adf5",55183:"52d10dde",55374:"91958274",55395:"e6bd1150",55444:"7f5a4972",55458:"e05e4f28",55713:"aeaca7a3",55764:"a55c14b2",55791:"e333f46c",55817:"63814cb7",56104:"f30c03b2",56294:"d7fd4a45",56345:"d7be0b9b",56427:"7313540a",56454:"747c87af",56461:"66766c59",56630:"deb891b7",56779:"1aba2a20",56805:"2c647459",56942:"c0a645c7",56948:"4a70cc0d",57205:"c4fd52e5",57256:"c9fea71a",57365:"ca20a8fe",57456:"7792adb1",57523:"770d309f",57574:"1cc46930",57740:"b0c2e5ed",57793:"59f6952c",57842:"4fdcd587",57891:"42428214",58139:"cfa87347",58231:"b6130486",58253:"b8678d1a",58255:"161712d6",58273:"bb28fa20",58349:"6f94884f",58494:"92228e60",58581:"a5b4528c",58695:"89f437f7",58805:"6ff39321",58821:"46886cb0",58886:"a3ee450e",58967:"bbf3cda5",59134:"dac8816f",59300:"453c4055",59337:"2a592757",59353:"18f289aa",59425:"316e84de",59525:"ea5ecbc5",59559:"f5d6dd48",59682:"f67e3aa3",59694:"fb22e237",59706:"2cd08dad",59726:"b878c13e",59814:"01d5614e",59825:"8a703bd1",59827:"047e6a26",60266:"4bf67133",60380:"eb9d40ec",60467:"03118738",60608:"a9e69a82",60780:"d5bfda9e",60821:"daab0409",60930:"3b1282ea",60996:"4bdadcb4",61157:"dff31f53",61213:"190acd9c",61265:"053d7e42",61337:"db189e95",61554:"f4d442d5",61581:"53470b9e",61708:"08d52cd0",61763:"076802e0",61766:"16029c63",61846:"1170c774",61890:"481cb13b",61931:"4e8ec2d5",61981:"24e002ac",62024:"5f058c77",62109:"3488fd6c",62275:"5837c87c",62324:"06d6451e",62543:"9c92bc77",62693:"9d79cf0f",62811:"b4cdaeff",62974:"fafc9877",63022:"4db9da1d",63048:"49fd035e",63147:"b90f1cd1",63299:"f70b5741",63376:"8765036c",63410:"70c58991",63434:"f83dc955",63684:"bf342a85",63693:"ce7dab8e",63797:"65769068",63905:"6acab07e",63998:"fc3f47a8",64013:"01a85c17",64070:"3cc8df7b",64247:"752e02a7",64322:"22d1e350",64325:"0da6392e",64395:"65a1b790",64411:"74b3ebbb",64600:"9f2791cf",64658:"bf7df328",64748:"95446c39",64822:"ac3a39d8",64838:"ad8e7dcc",64854:"72457b75",64964:"bc300906",64967:"4ab0658f",64978:"08d58ed6",65051:"c10b9920",65161:"5a44e4dd",65193:"eb5c7b0a",65301:"8731dd32",65362:"bb0c4597",65480:"eb5263e4",65533:"4e6ed8f3",65540:"783edba4",65548:"d6487ff7",65637:"79c12c19",65731:"cfbe9d8e",65754:"47bafca7",65839:"75fb7ff2",65870:"02ec521e",65878:"ef25bb1f",66095:"d7245e62",66232:"9a544e45",66291:"18c538ec",66342:"a59e0362",66377:"a530b0d2",66513:"00b87587",66662:"b5430557",66789:"b46e9e7c",67036:"1055a711",67060:"3ed7e301",67232:"019131da",67301:"20a75fd7",67356:"1ddde341",67371:"3d57ba44",67431:"a90d1c60",67570:"d9f8802d",67579:"b3089a88",67581:"84090fe9",67624:"4b415865",67764:"4a41c9ed",67826:"adcbe9eb",67873:"df12da97",68418:"7d1e7a7c",68493:"fce9c71b",68540:"d553c684",68925:"d9a4e4a9",68959:"9abfca86",69040:"2c2bdd6a",69047:"78aa31c9",69078:"2b1e53d2",69164:"4d635c76",69228:"f14b45bb",69300:"2628b79f",69319:"170c3def",69320:"0965286a",69538:"36b5d89b",69593:"e527a4fd",69678:"e8df2429",69796:"65d527ac",69853:"d9dc158b",70163:"f17a645b",70198:"8d2190cc",70527:"8ccefe70",70545:"276a35f2",70714:"1dc9c973",70772:"b8ce7dc9",70879:"eb51026c",71473:"c93a2b7b",71518:"e4d0a9b4",71693:"a2baab9e",71848:"d58b9252",71877:"1a52eae7",71878:"3ad228ae",71916:"fda8821a",71964:"b58e0449",72113:"d719ccc2",72147:"c0ed6d96",72184:"4ef7ce65",72447:"05c17326",72612:"eca036a7",72629:"0d8d3350",72685:"4c601101",72828:"c3ab2f20",72829:"66bc78fc",72868:"a3937ff1",72938:"d705183c",72985:"fb6d9ef4",72992:"d9ebdac2",73167:"1b42d056",73407:"fc05bc09",73457:"cc63c88a",73746:"8ee976c2",73805:"cf896737",73838:"3b42de7a",73860:"78e0e367",74009:"18714417",74076:"cab9a096",74107:"830fd0bf",74296:"ab9a051c",74423:"cffa70f7",74517:"48f8f874",74556:"78dce1fd",74570:"625eab23",74595:"38dfefea",74703:"e0a79853",74708:"0bb7bcfa",74713:"330ac9fe",74891:"522cb5d3",74926:"1d40ab52",75092:"40c869fc",75143:"b17755e4",75191:"192ae610",75223:"c9f8f6c0",75257:"c50a9231",75360:"ed642a45",75601:"4e291c72",75612:"f49d7908",75623:"5d01a869",75884:"3e3d3813",75950:"32828b2c",76066:"38dc8bc1",76194:"342f8f1b",76311:"fc150fa2",76313:"b505846c",76420:"d8f8ea8f",76496:"fd333703",76638:"103f9e04",77078:"8cd80816",77184:"27772462",77248:"226b0cb1",77333:"0142e598",77340:"890438e0",77445:"f2a4f782",77467:"1608ab0c",77492:"bd753016",77503:"7566cda2",77552:"91d6c0c4",77667:"c087d33b",77752:"371c68ed",77763:"c20a5dd8",77802:"73c0098d",77814:"8f0d52a3",77885:"efe6b3fa",78010:"08cd2194",78202:"474899f0",78325:"d924c453",78361:"6a78568e",78442:"550fad1a",78606:"a1fbca1b",78658:"1855c9f4",78673:"c6aea3f1",78740:"ec887574",78861:"53094378",78923:"d1f0e4b8",79110:"56d060ef",79178:"5d8dde6e",79346:"5fd3099d",79355:"16304c1d",79526:"3da507b6",79679:"63831db4",79694:"fc1959c7",79777:"7f1215b4",79842:"5e2a7dec",79917:"f92f7190",79971:"ea2a8a2b",79978:"cde6b8a6",80009:"5f2498b2",80053:"935f2afb",80145:"14706c8b",80316:"42705cec",80357:"05827d53",80451:"14fe5d11",80484:"e2c6734d",80517:"8855d2b7",80881:"ca5cb613",80912:"e656dc47",80948:"6525da2f",81084:"aab4c406",81100:"0899fb24",81182:"6baa2cef",81229:"40616ef9",81357:"173f7963",81560:"5eb6fbed",81636:"558e1c6c",81643:"bab8d2c4",81758:"3a836242",81771:"20643d6a",81804:"bf0e441c",81821:"fd8b739b",81940:"d96ceb02",81960:"74376b51",82120:"3923cff6",82168:"0904ab64",82329:"9107ea31",82344:"3e21b64c",82347:"56d960a3",82478:"7c5fdb97",82651:"853e4057",82654:"2456a5e0",82683:"ec9ce0b9",82763:"6cc9d60c",82935:"ce73e545",82968:"cc020efe",82977:"b768cbd4",83037:"1aa3183d",83050:"236783c9",83060:"8a3cf0bc",83066:"57333199",83153:"915b42ac",83184:"912ede02",83217:"3b8c55ea",83276:"c8a30dcb",83323:"e7e3539d",83532:"a05ad5a3",83555:"b4edc141",83590:"610c6209",83669:"0ca5e369",83827:"a6b4f274",83856:"9ec43235",84143:"0984e7b7",84288:"89779929",84331:"b8ae24ba",84394:"d4054b0c",84541:"2d11d1c7",84606:"381d9cc2",84615:"511f43e7",84723:"efc92035",84841:"bb002237",85064:"eba3cb06",85330:"4121ff2e",85350:"346c6f31",85511:"096b53d1",85765:"d3ac05e9",85785:"d39f4c6a",85872:"a32b9391",85957:"3d23d174",85989:"8a69729c",86007:"61ac022e",86019:"5665fc6b",86341:"e4627f95",86392:"95b4e82b",86478:"9e8974f2",86621:"2f9a61f7",86754:"4ed45869",86847:"defea45c",86849:"57b59cd4",86892:"e5249a91",86905:"e59cf075",86925:"0c4492b5",86983:"843d5c9d",86997:"813b8b2b",87089:"532cc112",87097:"535a9867",87199:"e08ad4e2",87413:"826a4450",87659:"003bd65f",87908:"673cfd93",88462:"5c098672",88746:"6bfb1f3b",88799:"119399a8",89110:"3ab60fbf",89120:"a89101e8",89213:"5b1b9265",89243:"9ceb8545",89535:"8a2021db",89635:"306e9acb",90069:"b809a965",90342:"67a3f72d",90414:"fa02121a",90434:"611ed0af",90451:"251e224c",90647:"9a147845",90673:"a618be25",90744:"1095b338",90874:"d01ce3bc",91024:"bf01e4e0",91043:"5eb60198",91075:"7f7d57e5",91550:"4b535752",91577:"aab66baf",91617:"08b38161",91698:"d41cac77",91709:"7675a0fe",91835:"baf595e3",91993:"3c5e5778",92130:"88d474ce",92180:"9f5a94da",92341:"5c2c8950",92511:"15706790",92711:"e19ba590",92901:"462cb3ee",93009:"ec0bc416",93089:"a6aa9e1f",93116:"77d972d9",93117:"5f593e60",93185:"799df3c7",93323:"0756af21",93432:"23d9fe45",93502:"62c56f8b",93549:"bb1699c9",93614:"ea480a96",93656:"22bf71e8",93716:"3fa77eb9",93851:"4aebba5d",93891:"6a545a3d",94012:"15960ad5",94013:"38d8ce0a",94156:"36a4e4f0",94176:"a793e2e1",94235:"8d66cedd",94243:"f3d6bf7d",94325:"259d4bd8",94579:"c07ebe24",94881:"f24deb99",94899:"222f68c8",94977:"98a7b080",95018:"45ca2515",95051:"1c05226e",95142:"07fcb413",95510:"266461e3",95647:"9b6133b9",95654:"dc648997",95683:"32f482e1",95719:"93946e0a",96030:"00f5d06d",96075:"83e792f1",96298:"1c3c8be8",96688:"a22ed5e4",96813:"7c409bae",96902:"1608665e",96979:"737abd23",97006:"7fb7e253",97120:"0752e30e",97140:"0462cff2",97213:"d8ef6140",97267:"4b385260",97357:"28d6087e",97562:"afacbea5",97602:"c6bc47df",97635:"cd0c0b67",97722:"7350c59a",97912:"7f9606e9",97964:"7ab81c4a",98087:"3d4ef3a7",98258:"d7e0d0e7",98437:"60e1e52f",98498:"32e847b8",98659:"97bdec26",98752:"af1a53b7",98807:"9b9ccd3e",98991:"4593cc08",99135:"b5c078ab",99397:"659dff9c",99554:"2b4e7f11",99734:"7bff08c9",99812:"285fd50d",99903:"a4707478"}[e]||e)+"."+{21:"e8db92b2",109:"7d540acc",312:"c9e5ab73",747:"e6a4227a",815:"1d64a8bf",925:"c966c0f9",940:"1126dea7",983:"85515927",1087:"e4c3b1d7",1238:"d4fdedab",1310:"42bea346",1358:"da7161b2",1416:"eec2f609",1438:"cec5b12b",1488:"b1a242a0",1514:"d2744380",1741:"1b31805d",1953:"26d8e736",1954:"0b34bc9c",2077:"f1161b84",2232:"18dabc55",2271:"b742dea0",2322:"c3c72cf3",2466:"db5c00e1",2467:"41f0f036",2572:"7c24eea8",2879:"84a24a15",3007:"f0d108e2",3419:"866f6080",3465:"24e6f06f",3694:"688dccba",3729:"0a234850",4247:"6644139e",4250:"f91c37da",4336:"248742d4",4358:"826cd50e",4714:"2334fecc",4847:"d5f1ecb1",4998:"3c20db2d",5166:"dd8f8287",5215:"e86418c9",5291:"c14ec276",5422:"35167db4",5426:"acfb36c0",5481:"1ea3b510",5488:"8050e32b",5510:"2fe53128",5569:"325ee7c2",5774:"a556ff23",6182:"eff8db40",6213:"ba4d8dc2",6380:"d594447f",6455:"ffe866bf",6740:"5a649f9b",6795:"a0fcbbe9",7069:"121d08b0",7087:"92985a33",7096:"4f237850",7319:"b5d24f3a",7328:"b4761775",7383:"e0e08f28",7392:"148dea26",7402:"0146f1da",7457:"dba73d1c",7659:"73808397",7695:"80864974",7703:"a4eaee91",7741:"994cc253",7786:"6aa29002",7789:"b67a8647",7800:"8f3731c3",7811:"d702064e",7865:"0848bc01",7899:"d3837eae",8007:"3f2fd7d3",8214:"9103b553",8243:"ed357ccd",8298:"99fd79dd",8338:"8495a819",8523:"1697801f",8654:"bad19c1e",8914:"5fd26b0d",8934:"1425bd71",9093:"cba4f98f",9104:"c7a92398",9140:"0da3acf5",9546:"cdf4a43c",9621:"bb7992e7",9769:"57fc81c4",9784:"3d6d8437",9887:"70eedba3",10149:"8b4e7ea5",10330:"efe61bad",10409:"b8318f58",10507:"cb36671b",10554:"567430f4",10582:"fa2c1846",10601:"ed0c9424",10623:"d0d1a670",10648:"f6ad12d0",10654:"72eafb3e",10704:"b6a62e2a",10962:"3fd9932c",11177:"fa569261",11180:"644a771f",11274:"866c10a6",11310:"3b929021",11426:"d02db023",11618:"05cb970e",11697:"09dcdde4",11930:"2157445e",11938:"7507327f",12021:"121733da",12026:"93a65c78",12066:"6303023c",12105:"9906145f",12205:"6f5304d4",12368:"5f063a00",12585:"c85b77d1",12602:"c549397c",12603:"cff39de2",12658:"c63e77a3",12681:"e5e6032c",12865:"1da13d88",12882:"ab2c2dcd",13056:"7be5a84a",13072:"a0b75323",13123:"bd9ec282",13245:"c34ebabf",13261:"431d44cd",13344:"5dc10998",13460:"08306def",13575:"19f6722c",13581:"a7b4bda8",13634:"3c63008a",13825:"86122428",14007:"67f7f532",14050:"1a1f86f2",14085:"bf568252",14640:"a8849ea5",14873:"61a550fe",14986:"a2386c12",15062:"e0762999",15185:"0941179a",15316:"e76bf261",15350:"24caf80b",15574:"1d99f440",15651:"7b608f22",15709:"bc21c8f0",15729:"829a1e71",15736:"6dcbdc4a",15771:"9b3b57b5",15921:"42e255b1",15979:"7fd3fde0",16186:"67643b30",16380:"44b90bdc",16684:"d14b62a1",16992:"8f734c6b",17104:"f14eaf01",17541:"5e439495",17634:"9b341a41",17994:"82e68fbc",18083:"933aa6ac",18091:"c54c83a6",18233:"6dfd0167",18348:"39363612",18503:"b00e694b",18543:"d8b0b0dd",18654:"6b1e8606",18676:"abbb25d1",18746:"d2e309fb",18952:"3913f82b",18975:"bd590918",19096:"c95a097f",19186:"1af94c71",19336:"5eef1e32",19478:"c8408cbc",19480:"11d699d7",19509:"01099fba",19599:"7b871313",19612:"25aab38a",19720:"142c4c67",19840:"2411fdd1",20111:"1f1e2d37",20119:"072a58fe",20486:"bea2439e",20686:"e22801f7",20739:"fe7dec50",20769:"bbba1ca9",20898:"23dc5185",21020:"147a23f1",21022:"77f45368",21054:"0eef08f8",21131:"93dad10f",21290:"d10a819f",21307:"e41a7b2f",21411:"ed16a47f",21499:"f0f075ef",21511:"2636c847",21574:"7d2a11a1",21594:"872306e9",21715:"e7e98879",21926:"5b96440d",21994:"4a0c3620",22035:"1a8dad82",22036:"b3bc1f9e",22092:"a85181a6",22094:"ce2e081c",22159:"5afdde65",22348:"37b20d70",22394:"0b0538e3",22498:"df18af70",22502:"a6ec6349",22570:"61817c64",22609:"85752a17",22681:"7b50c7b2",22697:"0ed50301",22713:"185f59e2",22965:"d99ab323",22970:"356ed2c6",23169:"3f173035",23199:"8c313f3d",23475:"defd9cec",23486:"3a91383b",23521:"ca055cc0",23676:"4011641e",23719:"27319b53",23910:"ca0cbb79",23915:"f4618526",24004:"6204bf4f",24174:"499345b3",24180:"f30977ed",24212:"18ab5286",24269:"fdde4f4f",24276:"dd67cfc3",24340:"fb06e7aa",24349:"8f7aaa90",24354:"166190e8",24464:"458cd2da",24720:"fd73174a",24920:"bfe05e45",24930:"f3c747d9",25088:"50ea1b98",25297:"9cbf9d15",25480:"842afd03",25561:"fc1414fe",25618:"4a5a91ee",25915:"9b94861c",25929:"072ecff1",26123:"b63d11ed",26283:"dfcb0074",26389:"7a68fa9e",26546:"0e67243e",26571:"fafbf339",26583:"c5a17b17",26599:"c53c88e8",26780:"b845a821",26824:"bbd490c9",27071:"a8d53910",27103:"755b804b",27166:"ea3377ac",27278:"c8d57b6c",27339:"cbdd9481",27495:"9361cff8",27510:"8086e898",27785:"b9612608",27918:"126ce769",28006:"7cce8369",28027:"73e674cb",28045:"d7e38384",28065:"fbcd992a",28109:"40941685",28250:"600feaf9",28294:"dfdedc68",28424:"cc520127",28427:"045f5eea",28490:"40bd1e8f",28528:"2b83f438",28600:"d2495a4b",28614:"5649a6b1",28621:"cbe04304",28706:"b6d61405",28755:"5eeeecbb",29106:"6d17385a",29245:"c3542688",29307:"9bbf021e",29514:"61328999",29597:"3359f8ad",29753:"5c4d5106",29946:"13f23b59",29969:"b52b0db4",29996:"903e5627",30144:"55c492f9",30433:"d4f93af2",30763:"44937f11",30836:"ff7ff475",30853:"6a5ce8d9",30868:"8ae0030a",31289:"a6ebc928",31301:"a1110d9b",31386:"23f8714b",31422:"12fe9d7e",31472:"2f2ac03c",31617:"a4a0c98f",31626:"99bf3948",31671:"ef900a18",31803:"0a436099",31809:"34d4d988",31921:"a805c1a5",31967:"0d7e1870",32077:"91bba93b",32263:"35bbb30b",32440:"f33ba6bb",32535:"0ddc097a",32663:"897a4c55",32699:"09b33ce7",32764:"c4b29104",32809:"f3504241",32810:"69f5ce2c",32942:"40ea2d58",33019:"9c911be2",33040:"1e51b3e0",33150:"b112fd70",33191:"159b5961",33313:"d7e7fa10",33514:"9d96b724",33698:"1fd502e7",34049:"8344e060",34085:"708be506",34093:"a9d58a94",34176:"a75ee44f",34203:"ba77eb0d",34224:"41713a46",34316:"c69f6f4f",34377:"6400037b",34682:"88f6fb04",34740:"e852bb24",34771:"092e30a9",34967:"c3d30397",34970:"440cf678",34998:"b9a93791",35119:"e77af8d1",35174:"c07ad2a5",35206:"0be3b13c",35223:"d6f49da7",35406:"d4c67d9a",35542:"1e6a47f5",35638:"3be62e68",35674:"79ba46b0",35821:"028ebcaf",35839:"a8385908",35913:"bfc208da",35995:"94a897ee",36358:"3f6ac45d",36516:"1a7d1437",36549:"8c494ee7",36555:"9c2835dc",36668:"70204305",36694:"86ba26ad",36714:"3161abae",36777:"ee5aa43f",36868:"655166d8",36883:"17a72363",37300:"a8bdf45c",37503:"4ab0398e",37590:"82e14522",37704:"931bc5df",37739:"4606673d",37861:"aa9de769",37998:"02432bc2",38002:"dbe922e2",38098:"7c8e3a84",38130:"8e1c3820",38153:"ee23a8fa",38279:"36d618e1",38342:"bd2d47c3",38382:"e0bd7007",38429:"a0e472fa",38515:"5ff3a268",38590:"291ed7e2",38773:"8308f2a8",38774:"0ab7fd59",39063:"96adf0c9",39184:"ee90b394",39609:"d6af7eac",39652:"f41c482a",39781:"07872635",39840:"03cb115f",39880:"050ba86a",39945:"4912895e",39977:"ed45c656",40104:"ce9b4e6c",40300:"d17c7218",40363:"3a20fc02",40408:"b4330ade",40412:"a0001f40",40421:"9ce0d52c",40578:"ef843736",40613:"87c21496",40791:"924036e2",41021:"dcd3aece",41026:"919bbca3",41048:"4caaeed1",41119:"1e79e836",41232:"b8a1d405",41298:"7a48772b",41337:"cef85f93",41490:"dce01ba6",41550:"24822864",41600:"ec1b29e7",41606:"1b64a0d8",41713:"4465f3f4",41748:"ee132496",41797:"d50c8b36",41808:"6e2339a3",41843:"f6cd0622",41862:"e5410b04",41863:"ff544712",41910:"a95c314c",42060:"6fdad5b1",42184:"3f99d349",42213:"9fc77d0b",42293:"2ee93475",42384:"22182b2e",42408:"d3191987",42774:"507b20e6",42798:"00330344",42807:"e0fda9ba",42815:"ec4d7925",42900:"ac0a8f97",42908:"9840aed2",42936:"61fd2d56",42957:"de6418fa",42977:"a244750a",43075:"0637ca51",43240:"8d8cca45",43386:"066bffc2",43527:"b562101b",43567:"df931557",43570:"e00db7d4",43662:"62e53f6d",43690:"3eae6bae",43855:"f537f6fe",43991:"961c8d6a",44164:"1891be0c",44351:"1a21c04f",44437:"e41c7ef0",44442:"c5e9897d",44689:"a1d2ad0c",44913:"7a558425",45007:"54cbb85a",45182:"aa913a60",45403:"c9ec5194",45570:"6562b9b2",45585:"2db4181d",45621:"245cfdf9",45971:"3d125251",46003:"91db0141",46021:"a4f91589",46048:"8f4458a6",46103:"69de5a44",46150:"1c076a88",46203:"12697d9b",46225:"0706d01e",46265:"9d48ae86",46348:"443c1885",46406:"92679fdd",46436:"06382694",46442:"88b6e892",46596:"1d611864",46651:"1128c181",46705:"bef2ea33",46734:"c3c3a0a4",46762:"d0619d3b",46779:"c3ecb161",46878:"6fb931e5",46947:"9b9265af",46971:"29fdb728",47057:"847ada5e",47362:"0d108878",47484:"7d3493ff",47497:"68d7fd23",47532:"0173afed",47611:"90bca5f6",47618:"701a0551",47647:"a4b59634",48085:"92faac02",48100:"a088e7ff",48111:"c2ca6030",48440:"985dad1b",48441:"69fbf22c",48472:"6708c2e5",48527:"eb02368f",48610:"feeb8dc7",48772:"a88f32f2",48797:"1268b6c4",49201:"a7594aca",49277:"05e11747",49492:"b61e30f4",50030:"d5ed870b",50065:"7b658417",50154:"e52e1348",50155:"844afe79",50295:"898f5e3c",50475:"69ec2ad7",50536:"26ac8144",50566:"c3e125bf",50598:"1a33af0c",50682:"fc2bbbc5",50734:"f5372aa8",50786:"94dd79ba",50840:"934bb5d2",51157:"3582b996",51195:"5722c257",51232:"cf85cfae",51426:"b414372a",51519:"2ddaedff",51596:"297c26d8",51661:"ab5db16c",51701:"60d421cd",51770:"e07f727f",51893:"167165d1",52131:"c96ee793",52182:"dcfc77cf",52277:"238a1278",52303:"8b4e815d",52535:"2b82a630",52607:"3838edfb",52642:"62b14f08",52656:"8d0066cd",52685:"e8e8c17e",52908:"f264133e",52916:"d54528ef",52961:"75d1b4df",53015:"15e0d65d",53121:"bd2dfb2a",53237:"87e4d42f",53303:"fa36655f",53608:"b8afcdda",53711:"7045f7d7",53834:"274f492d",53978:"c3209811",54142:"0f358e7a",54197:"ad1cf17c",54257:"4e99c2b6",54369:"0d6ff9ca",54400:"89afc29d",54468:"f501395a",54495:"2329659d",54549:"90cd6d0a",54763:"d6d149cb",54768:"adfdb9ee",54779:"fe12d053",54797:"5c71db40",54868:"43c54987",54915:"263b5383",54993:"91510f5f",55183:"4afb8487",55374:"6f87a2a9",55395:"e39cceeb",55444:"e6a808e8",55458:"8f4e1fd4",55713:"dadb66df",55764:"e7d31d42",55791:"71e04fef",55817:"f698fdd9",56104:"f224e78e",56294:"643fb6cb",56345:"a8cb5489",56427:"88a471df",56454:"e0ef7626",56461:"6ffcd5f1",56630:"aad6846f",56779:"313d3b3e",56805:"011f9a61",56942:"15b4c01e",56948:"eb13f101",57205:"453d3b8d",57256:"2c302fe3",57365:"cd77fd7f",57456:"ce8e5c73",57523:"7986f0ac",57574:"30c94bb8",57740:"d571f1cb",57793:"13cd8f4f",57842:"436e8901",57891:"2aea4f0e",58139:"fe5f7c83",58231:"f7061b32",58253:"e10d281c",58255:"f456123e",58273:"6246135e",58349:"383e7dba",58494:"a3c91f55",58581:"cb59114b",58695:"36847346",58805:"5f4863f0",58821:"690f0dde",58886:"d03a700d",58967:"e3bfff41",59134:"39b6ac65",59300:"a53b83fd",59337:"c77ee5a0",59353:"6d8af524",59425:"ae539608",59525:"34c330df",59559:"4371aa71",59682:"b0479a1c",59694:"5959c540",59706:"eb7ac842",59726:"c290ca42",59814:"77686cb4",59825:"272ecf6c",59827:"2de6d0d0",60266:"49a9bd5a",60380:"6ac57077",60467:"1f0b9e09",60608:"01c2ce46",60780:"9495c495",60821:"64d2eae3",60930:"e23e8ea8",60996:"f04f5618",61157:"fd3de3a0",61213:"f1350e77",61265:"8e7c25cf",61337:"df600d5d",61554:"89ea185c",61581:"53e61a76",61708:"52875fd3",61763:"b534b2ee",61766:"0d6ec0f7",61846:"0d13a4cc",61890:"df2dcfa9",61931:"7d68e82e",61981:"a89cf658",62024:"b7ec0bb3",62109:"bf1989ca",62275:"174bdae9",62324:"4b534ee2",62543:"4a1b15c5",62693:"3e929917",62811:"a887c608",62974:"b9a543b3",63022:"6867ceb0",63048:"1cf9703b",63147:"cad0bd08",63299:"4b7f01aa",63376:"2e96170c",63410:"f503b52c",63434:"9018e3f6",63684:"2b83b0f7",63693:"cce4278f",63797:"075f705b",63905:"f6c4fbb2",63998:"faf088c7",64013:"47408ea8",64070:"8b7c91df",64247:"a8e023f5",64322:"1e8780e5",64325:"57859a67",64395:"8fa92a84",64411:"01e53c38",64600:"36221f82",64658:"a56cb96d",64748:"69f28e7f",64822:"1d25b787",64838:"4734156a",64854:"8264ccc2",64964:"d0414439",64967:"75921c03",64978:"383d3118",65051:"a595ef45",65161:"10bc7db1",65193:"f4875fa3",65301:"7553b6f3",65362:"3c470e71",65480:"7674fc21",65533:"8206358e",65540:"847de929",65548:"a559c231",65637:"66664bdc",65731:"2fc8a251",65754:"40996275",65839:"ea26ad80",65870:"9cb5da05",65878:"425a052c",66095:"53f0d6a9",66232:"4c02220a",66291:"4659c015",66342:"85255697",66377:"c06cc2b5",66513:"644c3372",66662:"6d07a943",66789:"1b9327d9",67036:"d83a6876",67060:"0b2f9400",67232:"fe4630cf",67301:"eacef02f",67356:"e7411f4c",67371:"54d17ba2",67431:"2d9c8a57",67570:"a912d835",67579:"daa8afe0",67581:"638f9bbf",67624:"2dd693f3",67764:"6705fdf9",67826:"f852d88c",67873:"dc960011",68418:"27a16d44",68493:"0c40016b",68540:"f332477c",68584:"ef0cac6b",68925:"c97c9855",68959:"94092423",69040:"cccba49c",69047:"8f87de4b",69078:"3e46606f",69164:"41fa3c89",69228:"fa2e6a84",69300:"7e705c90",69319:"dda81018",69320:"eeb5834b",69538:"05971b00",69593:"895b8a38",69678:"ae4afaf2",69796:"1b466ab9",69853:"bb0e8997",70163:"c9e4c4e2",70198:"46116597",70527:"20ad887d",70545:"e8051c9c",70714:"f03b155b",70772:"1239902f",70879:"5f73f442",71473:"68cc4272",71518:"48a998b7",71693:"ff1332e9",71848:"cb0d1f9d",71877:"fed30307",71878:"e37bdf0f",71916:"768a731d",71964:"54af46a7",72113:"d59b28b3",72147:"633d1373",72184:"15fb41dc",72447:"01b80165",72612:"a87ceb95",72629:"eadd44b9",72685:"5105ff07",72828:"aa1f07da",72829:"26a76f49",72868:"13f6e676",72938:"40d590c1",72985:"95fcf945",72992:"771fe17c",73167:"61796922",73407:"64f33247",73457:"33140d4c",73746:"0b9e2383",73805:"9cbb80df",73838:"61e6ec64",73860:"fd9df75f",74009:"1c9d42c4",74076:"718ac0fd",74107:"9f615b04",74296:"bf644a62",74423:"201cc6d6",74517:"3cea8a30",74556:"d1490399",74570:"0166a245",74595:"721f71e3",74703:"ee145dc3",74708:"6ad9f335",74713:"3ccf94fa",74891:"9596fdb6",74926:"e770c6c2",75092:"2aa2090a",75143:"05036a0e",75191:"98f22159",75223:"ff45c0cc",75257:"1d833078",75360:"a4adee3d",75601:"f115a355",75612:"e7a49797",75623:"52bef0f9",75884:"c5698ce9",75950:"53532520",76066:"a1dd8328",76194:"f6db6508",76311:"326ffe1a",76313:"6198d5c0",76420:"f556a572",76496:"264bce35",76638:"60bf0e5c",77078:"b2cf6936",77184:"9dcd8703",77248:"a18dbc2f",77333:"c92eb6a9",77340:"01a8d81e",77445:"f7d76f75",77467:"eb56212f",77492:"71bc818a",77503:"73f98799",77552:"e36b4b41",77667:"e5edad73",77752:"17e2ac1c",77763:"a01da5fe",77802:"cc00c9d3",77814:"cb9a6fca",77885:"00b46333",78010:"df577e49",78202:"871432e6",78325:"7e618213",78361:"00c04ba0",78442:"f1abe9df",78606:"040ca666",78658:"0b60f228",78673:"04b9d185",78740:"3b78e779",78861:"dcc00330",78923:"fc3660cc",79110:"87be014f",79178:"1dc96990",79346:"96ad859b",79355:"a1a459dc",79526:"ed45097e",79679:"9a75464e",79694:"7f503b64",79777:"2bfb73a9",79842:"f70e1c2b",79917:"255ee5de",79971:"1e550fba",79978:"51490c6f",80009:"348aab8f",80053:"210d0509",80145:"a334c14c",80316:"82ece6ba",80357:"e70b4219",80451:"33a05c65",80484:"a20124ce",80517:"062c5b4f",80881:"a8a9dda3",80912:"74508a41",80948:"c59e0944",81084:"da2db2e5",81100:"ceb6e5d1",81182:"f80d523a",81229:"bbaeb6ed",81357:"54a015ae",81560:"9da6af9b",81636:"b6d05944",81643:"23a6d571",81758:"ce84902f",81771:"1a87d58f",81804:"9119071a",81821:"2e47881e",81940:"b4eecf5c",81960:"fa113e2d",82120:"6ecca09e",82168:"3670f9b6",82329:"e40ca1cb",82344:"3ec8ed78",82347:"828a3a81",82478:"b08b65bf",82651:"6b8d3907",82654:"7e0e6ff8",82683:"abffd430",82763:"e92cb585",82935:"93f31ffb",82968:"1501c975",82977:"aed4cacd",83037:"4aa09de9",83050:"1b5bf1eb",83060:"e5047aa2",83066:"4dec174b",83153:"9e50b95f",83184:"9a863f7b",83217:"4ead0782",83276:"3ac466b0",83323:"27a5f228",83532:"bdc47a20",83555:"f1c0c913",83590:"8e23d175",83669:"7bf91233",83827:"613cf5b5",83856:"dfd9052e",84143:"09d7f959",84288:"1d1680e4",84331:"71f78c10",84394:"c71cce47",84541:"b132fd3e",84606:"e6003652",84615:"563807c2",84723:"e9916021",84841:"5ff33789",85064:"9f31e02f",85330:"34264fb1",85350:"fe0f3b36",85511:"3bbf9d84",85765:"496d3230",85785:"88bd8437",85872:"d2a55b71",85957:"49a91d2e",85989:"33e0dd36",86007:"012d4f9f",86019:"e3ace10a",86341:"4e2b3c9d",86392:"6a1765dd",86478:"f0f57a20",86621:"5a12df2e",86754:"8a694d15",86847:"25f285bd",86849:"a90d8d03",86892:"e7cacf53",86905:"ecf2aa71",86925:"6f0cc4ca",86983:"0753903d",86997:"6d1edacb",87089:"8666f6f8",87097:"5be719eb",87199:"bc7247d1",87413:"4131835d",87659:"82b4e10b",87908:"f4dcf58d",88462:"a2d32b15",88746:"17b3e11f",88799:"d34bc748",89110:"6b6cf3e7",89120:"185c69c4",89213:"11922ac2",89243:"45098b59",89535:"f75b7800",89635:"5dc48be1",90069:"5f0f9e2c",90342:"8b87339f",90414:"56a13b94",90434:"49871b0d",90451:"79460c6f",90647:"e0257ef3",90673:"cf3d9b9d",90744:"685204a2",90874:"ce5f99f4",91024:"12f5809c",91043:"5d1e6230",91075:"2299303e",91550:"fe4db9f8",91577:"9dcc181b",91617:"24b5e497",91698:"67a26da1",91709:"856a3485",91835:"9d0603fe",91993:"c333fef1",92130:"0c4fd33e",92180:"25aea8ca",92341:"3313736f",92511:"967974ae",92711:"d536cac1",92901:"1925c49b",93009:"c236e494",93089:"0ffc3ed6",93116:"542a5298",93117:"1d7f73ee",93185:"396fd9e0",93323:"2459ecf3",93432:"d2bd78e6",93502:"642ed554",93549:"7a469e11",93614:"1ce1cfe1",93656:"34db1d79",93716:"07c6cd5c",93851:"9db598cc",93891:"f7799cf6",94012:"13d96263",94013:"66f0ab8d",94156:"e124ffd7",94176:"7f2c3bad",94235:"34d14fed",94243:"ca3b1310",94325:"bbba5a4d",94579:"13807da9",94881:"929ccd1d",94899:"77e51b95",94977:"74b8b4d6",95018:"5508fe6c",95051:"9f6e54d8",95142:"4ede1de5",95510:"9c14357e",95647:"531bfe2d",95654:"d3d9992f",95683:"0b571df1",95719:"43361bdf",96030:"1340c103",96075:"34cb5df7",96298:"b120f89e",96688:"145b6e12",96813:"34c4513d",96902:"7373dfa7",96979:"9a2f37a8",97006:"be953606",97120:"9a356a8b",97140:"f4681f86",97213:"51255189",97267:"397d1b9e",97357:"1c6cf103",97562:"ff1ab01d",97602:"8a16a535",97635:"07db27f7",97722:"1f13712f",97912:"2a26ddd0",97964:"f380e84b",98087:"269796d7",98258:"76b7f383",98437:"f9b6f3a9",98498:"29e3cb4e",98659:"fb4b7a92",98752:"a877c9dd",98807:"e755289d",98991:"ebaf99c8",99135:"da3a8f4d",99397:"6ed347a2",99554:"0bd32e57",99734:"544ccc39",99812:"3d6c8f72",99903:"f72c6883"}[e]+".js",r.miniCssF=e=>{},r.g=function(){if("object"==typeof globalThis)return globalThis;try{return this||new Function("return this")()}catch(e){if("object"==typeof window)return window}}(),r.o=(e,d)=>Object.prototype.hasOwnProperty.call(e,d),a={},b="podman:",r.l=(e,d,c,f)=>{if(a[e])a[e].push(d);else{var t,o;if(void 0!==c)for(var n=document.getElementsByTagName("script"),i=0;i{t.onerror=t.onload=null,clearTimeout(s);var b=a[e];if(delete a[e],t.parentNode&&t.parentNode.removeChild(t),b&&b.forEach((e=>e(c))),d)return d(c)},s=setTimeout(l.bind(null,void 0,{type:"timeout",target:t}),12e4);t.onerror=l.bind(null,t.onerror),t.onload=l.bind(null,t.onload),o&&document.head.appendChild(t)}},r.r=e=>{"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},r.p="/",r.gca=function(e){return e={15706790:"92511",17896441:"27918",18714417:"74009",20979765:"46596",27772462:"77184",42428214:"57891",50610133:"22092",52763308:"47532",53094378:"78861",56554851:"30763",57333199:"83066",65769068:"63797",76752974:"44164",84261676:"9784",89779929:"84288",90609308:"15921",91524627:"39945",91958274:"55374","300f4cd6":"21","795f3bdb":"109","15d0580c":"312","260a4a36":"747",c7567e98:"815","36e2d848":"925","18f6552f":"940",d3ca5c2e:"983","94dc7cfd":"1087",b5cde707:"1238",fc1fe8cd:"1310","5a7d75ff":"1358","6cda4436":"1416",b28576cd:"1438","78e22a47":"1488","6e48d5f2":"1514","5a638c7a":"1741","3e8d5da4":"1953","1e439a5b":"2077","6f8faf89":"2232","9cc26b9a":"2271",dcd93014:"2322",a500dec7:"2466","6d895060":"2467","1f1afc48":"2572","41bc5d3f":"2879",e7e456ae:"3007",b420e108:"3419","1431f569":"3465","88dfd727":"3694","2e0a315c":"3729","1b19517e":"4247","16b64f07":"4250","70365baa":"4336","0b13c270":"4358","08650cf2":"4714",e257e53c:"4847",e8f48e86:"4998","7bbfc3b6":"5166","3b4c1a08":"5215","00feb899":"5291","30983fb2":"5422",f41d5350:"5426","77a3d39e":"5481",b1a5927e:"5488",bf00a8d0:"5510",dfbccedb:"5569","9ec8eba6":"5774",dfcf29be:"6182","55e4d810":"6213","1ac601ec":"6380","2b956348":"6455","9f833be8":"6740",e30f1b57:"6795","98fbcf17":"7069","3da98dca":"7087","173771a7":"7096","2f0cfb14":"7319",b0998319:"7328",ad8204b4:"7383",a6195e9a:"7392",fbb59325:"7402",ed94db85:"7457",ccd53d21:"7659","993aa953":"7695","9482ce64":"7703",a4d3bfdf:"7741","8917ad4d":"7786",c41a9bbf:"7789","5757960c":"7800",d0a74388:"7811","2c65c31e":"7865",d45a981c:"7899","63c93610":"8007","6598a7ba":"8214",bcfd1a7d:"8243","687e20bc":"8298",ad85b1ef:"8338","8a33da19":"8523","03cfa6f7":"8654",f7385094:"8914","8dcf93dc":"8934",ad9bab9a:"9093",bd403acb:"9104","3706fe77":"9140","655adf18":"9546","8dd461fc":"9621","7e337a56":"9769","0619e1d5":"9887","370de2d9":"10149","12a06ad6":"10330",d19115d7:"10409","3e12f454":"10507",a4c05209:"10554",e6dd6da5:"10582",a3470c53:"10601","62314bb1":"10623",b6d3d2df:"10648","8d265025":"10654","23352ec4":"10704",e2da1f85:"10962",f6a9426b:"11177","7aa5df64":"11180","4f3516e2":"11274","1b267c09":"11310","9790f6d3":"11426",a6016a7e:"11618","5b09d46c":"11697","4f5d49a9":"11930",a1963bff:"11938","33212b4b":"12021",f031a327:"12026",a0e6b5c2:"12066","1d52074d":"12105",ce50ea2a:"12205","3f6be463":"12368",edbec64d:"12585","5457b00e":"12602",d5af26f4:"12603","3a435e54":"12658",c81b193a:"12681","7371e1a3":"12865","1c0e9aa0":"12882",f8b3aa78:"13056",a94ee45d:"13072",bc4d58a4:"13123","36d71838":"13245","3e264488":"13261",cb7043f0:"13344","7bde4295":"13460",edea3d23:"13575","00d5b134":"13581","90925eb7":"13634",c945ac6e:"13825","861f751b":"14007","71f012fd":"14050",c103f181:"14085","30269bac":"14640",fc06a125:"14873","080a77b8":"14986","879b8a59":"15062",f4774aa2:"15185","826eb956":"15316",ecc58e23:"15350","90e47a5b":"15574","915a4fec":"15651","995dbe35":"15709",a4cf8478:"15729",dd6e498d:"15736",dde9c6cc:"15771",e1bea0d2:"15979","23b969f8":"16186","126508e2":"16380",d8256cbb:"16684","8a8987ef":"16992","6ed3fb3b":"17104","1076f64b":"17541","672b3b49":"17634",ed200b07:"17994","64b2938c":"18083",e699d4d1:"18091",dc366153:"18233",af61538a:"18348",ab131112:"18503","84e59631":"18543",d20320e1:"18654","26684b7d":"18676","92b86d63":"18746","40f1cf9e":"18952","457b963a":"18975","7720bb24":"19096","40907c41":"19186",f56cf62c:"19336","6728c7a9":"19478",c4428c45:"19480","8e9960dc":"19509",e10d246f:"19599","37963c82":"19612",dfb5f0c7:"19720",d67039b7:"19840",fdfb486c:"20111",e2bf4803:"20119","868b8e17":"20686","6eed3feb":"20739","1cc400ce":"20769",acc03d12:"20898","34156d76":"21020","949f9e5c":"21022","8a5c65cb":"21054",c64c8a00:"21131",ecf397c5:"21290","7863a04f":"21307",a9af3507:"21411","6b670249":"21499","92e7b68f":"21511","2fd2ba7e":"21574",dec2802b:"21594",fec5c7d4:"21715",c6ca8e82:"21926","2ae252f9":"21994",bdf7d44f:"22035","07b2872f":"22036",f167b037:"22094",f42d2ef1:"22159",dcb471a6:"22348","58f46323":"22394","9a3d5681":"22498",a4f23293:"22502","1222082a":"22570","5e15c15b":"22609","3c116a82":"22681","42895aa9":"22697",eb29bc22:"22713","09772b34":"22965","15f6fe0f":"22970","146d05d7":"23169",b4ed5649:"23199",c283ece6:"23475",c9448d9e:"23486",f0de574e:"23521",eb3dc601:"23676",bff9d2be:"23719","175c78b3":"23910","3fa39283":"23915",d0fc3039:"24004","2132f2c8":"24174","0702198c":"24180",b6120ea9:"24212","833dfbe2":"24269","365269c3":"24276",cbf62e80:"24340","9cdc8175":"24349","20d73eb2":"24354",b02de59a:"24464",f98e13e4:"24720","7040ea16":"24920","77ff8c5f":"24930","27b2bedd":"25088","59476d7b":"25297","2ffafe2d":"25480",b00a96e0:"25561",fbf5a5bc:"25618",d33dc195:"25915","1b28acf9":"25929","2865d6a1":"26123","636ce216":"26283","526841b1":"26389","05d073aa":"26546","18ba6a46":"26571","22f788e4":"26583",d7924564:"26599",fe92c3c8:"26780","4ea5776c":"26824","9b14b78f":"27071",e43c6f85:"27103",c50c64c1:"27166",e93086c6:"27278",fa5a4d6d:"27339","8a77ded3":"27495","7ac58bfb":"27510",c709e528:"27785","2a769183":"28006",cbee0725:"28027",e5c15292:"28045","51a6b448":"28065",b8763a3d:"28109","3fdf6886":"28250",a73e6386:"28294","0a3ca7a0":"28424","41e2cb2a":"28427",fbc46c8d:"28528","3962ec11":"28600",a972ad3e:"28614","282850f5":"28621",bd9ea72b:"28706",b77b8c66:"28755","7a52780b":"29106","1c258b38":"29245","8bddd949":"29307","1be78505":"29514","6591a8d4":"29597","91d2db81":"29753","216a98d5":"29946","628c5638":"29969","07a41131":"29996",f2b72252:"30144","3151d179":"30433","0fc51021":"30836",dfea22ae:"30853","8c335d31":"30868",b52fa139:"31289",fb52e9b8:"31301",e6dd87aa:"31386","97f5f3c2":"31422","35eb483f":"31472","59c3a605":"31617","35265ade":"31626",cbd72529:"31671","1517121d":"31803",bc8b2a0c:"31809","08efe41f":"31921","03d0b641":"31967","7a4d057f":"32077","92103f47":"32263","5bc595e9":"32440",da36def6:"32535","69fd7c0e":"32663","8fd272bb":"32699",bd4362ca:"32764","759f5d40":"32809","4741f96c":"32810","70de5b5f":"32942",a4e49971:"33019",ce6ee837:"33040",e8d4cdb9:"33150",f6784245:"33191","93996e09":"33313","99dc4662":"33514","341b1c91":"33698","1e415b6f":"34049",cc549ae9:"34085","836ce71c":"34093",ce59b13f:"34176","3ad596a9":"34203",c4ffb2d2:"34224",f8990407:"34316",e3c905de:"34377","6d0e887d":"34682","078ca05e":"34740","9d708593":"34771",e9b5709f:"34967","913247ec":"34970","7c404f02":"34998","714a0345":"35119","7ac0181b":"35174","161a8a09":"35206",b3cc103d:"35223",d602a484:"35406","43947e47":"35542",f42f3bd8:"35638","3f324a56":"35674","284a080c":"35821",cfc90e78:"35839",e00fa61b:"35913",b49d70f9:"35995","0b3545e4":"36358","83ce496e":"36516","1d5b23e2":"36549","80a8b741":"36555",c968257b:"36668","4a506fa9":"36694","16b4412b":"36714",aa9d4f22:"36777",cca70ef7:"36868","077ee5ba":"36883","1f1b61b4":"37300","8887a228":"37503",c94d8736:"37590","5f6ea5d7":"37704","70ea087d":"37739","9bc8facc":"37861","4e5322cc":"37998","640423d2":"38002","99b17796":"38098",cd61fe91:"38130","9919686c":"38153","29a08e9a":"38279","1fd61002":"38342",e02565da:"38382",fb6c00a7:"38429","265621d8":"38515","29b0c18d":"38590","217d978d":"38773",d2eed707:"38774",f083362e:"39063",cefce2a2:"39184",c1660528:"39609",b0851ee2:"39652","7379db51":"39781","5447c5cf":"39840","1677abc3":"39880","30ad8f72":"39977","465a7087":"40104","1dcbf034":"40300",d3b3891b:"40363",d24baff8:"40408","2bd82a96":"40412","53d6371d":"40421","234e638a":"40578","59f2fdda":"40613","7259f1b1":"40791","90e6bfa4":"41021","4c5e3d0c":"41026","0a00aed9":"41048","1738210e":"41119",ea710672:"41232","969fec62":"41298","19e0fcb3":"41337",d449dcf1:"41490",fb6543cb:"41550",cb9e7599:"41600","5f3ec91d":"41606","6f23519e":"41713",b2974c0c:"41748",e9e146f9:"41797",f918b75b:"41808",d3ee8f76:"41843","7d20fe42":"41862","7820f9d0":"41863",cb0f9cfc:"41910","4c8bab11":"42060",e57902fd:"42184","42d74bd0":"42213","352fe4c2":"42293",f2b29f39:"42384","369767ab":"42408","56af85b5":"42774","4fbbeb6d":"42798","56e0102d":"42807","04c84ab7":"42815","461bbd2f":"42900","952453f2":"42908","8616380d":"42936","9ab9d50f":"42957","6b5f3f1c":"42977",cee81a32:"43075","6f717a16":"43240","619f4ce6":"43386",d9ff0d7c:"43527","7c224e35":"43567",f9f60325:"43570",e0085fac:"43662",f5855e91:"43690","0565c07f":"43855",c7c76429:"43991","4b04188a":"44351","03174832":"44437",ec8dee43:"44442","93f2b152":"44689","00f8cb14":"44913","649093c4":"45007","0befdadd":"45182","4fd18230":"45403","5f002f12":"45570","659951bd":"45585","456cfd32":"45621","5dbe590f":"45971",ca13f458:"46003",cf1ecaf1:"46021",ccc49370:"46103",d409a93e:"46150","8f876d16":"46203",bf3f6241:"46225","05e002f0":"46265","8e3c5f08":"46348",a70d2e82:"46406","32b646fc":"46436","88746a45":"46442","8ec6e829":"46651",f3740653:"46705","4a76d056":"46734",ac1eaa32:"46762","708daa68":"46779","7430a490":"46878",feb1236d:"46947",c377a04b:"46971","140f3dee":"47057",c617b3ad:"47362","244e56d5":"47484","51b3f280":"47497","9c8e56d0":"47611","7d2009bc":"47618",ab97ccc9:"47647","5bdb327e":"48085","9983579e":"48100","008e479d":"48111","0f92a9a8":"48440","2ea98982":"48441","005af5ea":"48472",bebebfab:"48527","6875c492":"48610","72cc6d1e":"48772",bfb74d34:"48797","2dd6b9ac":"49201","8a72ccb4":"49277","1c21ba58":"49492","29e3a43b":"50030",d3bd14d4:"50065","93ecf9d2":"50154",cf2b80f9:"50155","692db14d":"50295","199adf45":"50475","3ecf99f6":"50536","36fd6b31":"50566","5b418dd2":"50598","7455c1f8":"50682",a4ae065a:"50734","3b3d7813":"50786",b2fe1a56:"51157","92054cc8":"51232",cb97ded3:"51426",e957a797:"51519","3b10f148":"51596","5b1d965c":"51661","23091f88":"51701",f45be535:"51770",bf65740b:"51893","6dd1a436":"52131",ff85a2bf:"52182","46b1bedd":"52277","1398643a":"52303","814f3328":"52535","5cf52972":"52607","7a3cbbc1":"52642",d09cacbb:"52656","7fdede95":"52685",e830f50c:"52908","5183b70e":"52916","991a0614":"52961","0902dbf0":"53015","001e1716":"53121","1df93b7f":"53237","6e286be6":"53303","9e4087bc":"53608","1a5edc34":"53711",f24dcdab:"53834",cd4bceb7:"53978",c177c35c:"54142","6767fc64":"54197",f656ff8f:"54257",bc7ebba5:"54369",fae58180:"54400","4fe46fb7":"54468","52caa0fa":"54495",ae5766d7:"54549",f8085e57:"54763","04de07fa":"54768","79f1cb63":"54779","51e252e1":"54797",c0fac2c5:"54868","0602922c":"54915","0614adf5":"54993","52d10dde":"55183",e6bd1150:"55395","7f5a4972":"55444",e05e4f28:"55458",aeaca7a3:"55713",a55c14b2:"55764",e333f46c:"55791","63814cb7":"55817",f30c03b2:"56104",d7fd4a45:"56294",d7be0b9b:"56345","7313540a":"56427","747c87af":"56454","66766c59":"56461",deb891b7:"56630","1aba2a20":"56779","2c647459":"56805",c0a645c7:"56942","4a70cc0d":"56948",c4fd52e5:"57205",c9fea71a:"57256",ca20a8fe:"57365","7792adb1":"57456","770d309f":"57523","1cc46930":"57574",b0c2e5ed:"57740","59f6952c":"57793","4fdcd587":"57842",cfa87347:"58139",b6130486:"58231",b8678d1a:"58253","161712d6":"58255",bb28fa20:"58273","6f94884f":"58349","92228e60":"58494",a5b4528c:"58581","89f437f7":"58695","6ff39321":"58805","46886cb0":"58821",a3ee450e:"58886",bbf3cda5:"58967",dac8816f:"59134","453c4055":"59300","2a592757":"59337","18f289aa":"59353","316e84de":"59425",ea5ecbc5:"59525",f5d6dd48:"59559",f67e3aa3:"59682",fb22e237:"59694","2cd08dad":"59706",b878c13e:"59726","01d5614e":"59814","8a703bd1":"59825","047e6a26":"59827","4bf67133":"60266",eb9d40ec:"60380","03118738":"60467",a9e69a82:"60608",d5bfda9e:"60780",daab0409:"60821","3b1282ea":"60930","4bdadcb4":"60996",dff31f53:"61157","190acd9c":"61213","053d7e42":"61265",db189e95:"61337",f4d442d5:"61554","53470b9e":"61581","08d52cd0":"61708","076802e0":"61763","16029c63":"61766","1170c774":"61846","481cb13b":"61890","4e8ec2d5":"61931","24e002ac":"61981","5f058c77":"62024","3488fd6c":"62109","5837c87c":"62275","06d6451e":"62324","9c92bc77":"62543","9d79cf0f":"62693",b4cdaeff:"62811",fafc9877:"62974","4db9da1d":"63022","49fd035e":"63048",b90f1cd1:"63147",f70b5741:"63299","8765036c":"63376","70c58991":"63410",f83dc955:"63434",bf342a85:"63684",ce7dab8e:"63693","6acab07e":"63905",fc3f47a8:"63998","01a85c17":"64013","3cc8df7b":"64070","752e02a7":"64247","22d1e350":"64322","0da6392e":"64325","65a1b790":"64395","74b3ebbb":"64411","9f2791cf":"64600",bf7df328:"64658","95446c39":"64748",ac3a39d8:"64822",ad8e7dcc:"64838","72457b75":"64854",bc300906:"64964","4ab0658f":"64967","08d58ed6":"64978",c10b9920:"65051","5a44e4dd":"65161",eb5c7b0a:"65193","8731dd32":"65301",bb0c4597:"65362",eb5263e4:"65480","4e6ed8f3":"65533","783edba4":"65540",d6487ff7:"65548","79c12c19":"65637",cfbe9d8e:"65731","47bafca7":"65754","75fb7ff2":"65839","02ec521e":"65870",ef25bb1f:"65878",d7245e62:"66095","9a544e45":"66232","18c538ec":"66291",a59e0362:"66342",a530b0d2:"66377","00b87587":"66513",b5430557:"66662",b46e9e7c:"66789","1055a711":"67036","3ed7e301":"67060","019131da":"67232","20a75fd7":"67301","1ddde341":"67356","3d57ba44":"67371",a90d1c60:"67431",d9f8802d:"67570",b3089a88:"67579","84090fe9":"67581","4b415865":"67624","4a41c9ed":"67764",adcbe9eb:"67826",df12da97:"67873","7d1e7a7c":"68418",fce9c71b:"68493",d553c684:"68540",d9a4e4a9:"68925","9abfca86":"68959","2c2bdd6a":"69040","78aa31c9":"69047","2b1e53d2":"69078","4d635c76":"69164",f14b45bb:"69228","2628b79f":"69300","170c3def":"69319","0965286a":"69320","36b5d89b":"69538",e527a4fd:"69593",e8df2429:"69678","65d527ac":"69796",d9dc158b:"69853",f17a645b:"70163","8d2190cc":"70198","8ccefe70":"70527","276a35f2":"70545","1dc9c973":"70714",b8ce7dc9:"70772",eb51026c:"70879",c93a2b7b:"71473",e4d0a9b4:"71518",a2baab9e:"71693",d58b9252:"71848","1a52eae7":"71877","3ad228ae":"71878",fda8821a:"71916",b58e0449:"71964",d719ccc2:"72113",c0ed6d96:"72147","4ef7ce65":"72184","05c17326":"72447",eca036a7:"72612","0d8d3350":"72629","4c601101":"72685",c3ab2f20:"72828","66bc78fc":"72829",a3937ff1:"72868",d705183c:"72938",fb6d9ef4:"72985",d9ebdac2:"72992","1b42d056":"73167",fc05bc09:"73407",cc63c88a:"73457","8ee976c2":"73746",cf896737:"73805","3b42de7a":"73838","78e0e367":"73860",cab9a096:"74076","830fd0bf":"74107",ab9a051c:"74296",cffa70f7:"74423","48f8f874":"74517","78dce1fd":"74556","625eab23":"74570","38dfefea":"74595",e0a79853:"74703","0bb7bcfa":"74708","330ac9fe":"74713","522cb5d3":"74891","1d40ab52":"74926","40c869fc":"75092",b17755e4:"75143","192ae610":"75191",c9f8f6c0:"75223",c50a9231:"75257",ed642a45:"75360","4e291c72":"75601",f49d7908:"75612","5d01a869":"75623","3e3d3813":"75884","32828b2c":"75950","38dc8bc1":"76066","342f8f1b":"76194",fc150fa2:"76311",b505846c:"76313",d8f8ea8f:"76420",fd333703:"76496","103f9e04":"76638","8cd80816":"77078","226b0cb1":"77248","0142e598":"77333","890438e0":"77340",f2a4f782:"77445","1608ab0c":"77467",bd753016:"77492","7566cda2":"77503","91d6c0c4":"77552",c087d33b:"77667","371c68ed":"77752",c20a5dd8:"77763","73c0098d":"77802","8f0d52a3":"77814",efe6b3fa:"77885","08cd2194":"78010","474899f0":"78202",d924c453:"78325","6a78568e":"78361","550fad1a":"78442",a1fbca1b:"78606","1855c9f4":"78658",c6aea3f1:"78673",ec887574:"78740",d1f0e4b8:"78923","56d060ef":"79110","5d8dde6e":"79178","5fd3099d":"79346","16304c1d":"79355","3da507b6":"79526","63831db4":"79679",fc1959c7:"79694","7f1215b4":"79777","5e2a7dec":"79842",f92f7190:"79917",ea2a8a2b:"79971",cde6b8a6:"79978","5f2498b2":"80009","935f2afb":"80053","14706c8b":"80145","42705cec":"80316","05827d53":"80357","14fe5d11":"80451",e2c6734d:"80484","8855d2b7":"80517",ca5cb613:"80881",e656dc47:"80912","6525da2f":"80948",aab4c406:"81084","0899fb24":"81100","6baa2cef":"81182","40616ef9":"81229","173f7963":"81357","5eb6fbed":"81560","558e1c6c":"81636",bab8d2c4:"81643","3a836242":"81758","20643d6a":"81771",bf0e441c:"81804",fd8b739b:"81821",d96ceb02:"81940","74376b51":"81960","3923cff6":"82120","0904ab64":"82168","9107ea31":"82329","3e21b64c":"82344","56d960a3":"82347","7c5fdb97":"82478","853e4057":"82651","2456a5e0":"82654",ec9ce0b9:"82683","6cc9d60c":"82763",ce73e545:"82935",cc020efe:"82968",b768cbd4:"82977","1aa3183d":"83037","236783c9":"83050","8a3cf0bc":"83060","915b42ac":"83153","912ede02":"83184","3b8c55ea":"83217",c8a30dcb:"83276",e7e3539d:"83323",a05ad5a3:"83532",b4edc141:"83555","610c6209":"83590","0ca5e369":"83669",a6b4f274:"83827","9ec43235":"83856","0984e7b7":"84143",b8ae24ba:"84331",d4054b0c:"84394","2d11d1c7":"84541","381d9cc2":"84606","511f43e7":"84615",efc92035:"84723",bb002237:"84841",eba3cb06:"85064","4121ff2e":"85330","346c6f31":"85350","096b53d1":"85511",d3ac05e9:"85765",d39f4c6a:"85785",a32b9391:"85872","3d23d174":"85957","8a69729c":"85989","61ac022e":"86007","5665fc6b":"86019",e4627f95:"86341","95b4e82b":"86392","9e8974f2":"86478","2f9a61f7":"86621","4ed45869":"86754",defea45c:"86847","57b59cd4":"86849",e5249a91:"86892",e59cf075:"86905","0c4492b5":"86925","843d5c9d":"86983","813b8b2b":"86997","532cc112":"87089","535a9867":"87097",e08ad4e2:"87199","826a4450":"87413","003bd65f":"87659","673cfd93":"87908","5c098672":"88462","6bfb1f3b":"88746","119399a8":"88799","3ab60fbf":"89110",a89101e8:"89120","5b1b9265":"89213","9ceb8545":"89243","8a2021db":"89535","306e9acb":"89635",b809a965:"90069","67a3f72d":"90342",fa02121a:"90414","611ed0af":"90434","251e224c":"90451","9a147845":"90647",a618be25:"90673","1095b338":"90744",d01ce3bc:"90874",bf01e4e0:"91024","5eb60198":"91043","7f7d57e5":"91075","4b535752":"91550",aab66baf:"91577","08b38161":"91617",d41cac77:"91698","7675a0fe":"91709",baf595e3:"91835","3c5e5778":"91993","88d474ce":"92130","9f5a94da":"92180","5c2c8950":"92341",e19ba590:"92711","462cb3ee":"92901",ec0bc416:"93009",a6aa9e1f:"93089","77d972d9":"93116","5f593e60":"93117","799df3c7":"93185","0756af21":"93323","23d9fe45":"93432","62c56f8b":"93502",bb1699c9:"93549",ea480a96:"93614","22bf71e8":"93656","3fa77eb9":"93716","4aebba5d":"93851","6a545a3d":"93891","15960ad5":"94012","38d8ce0a":"94013","36a4e4f0":"94156",a793e2e1:"94176","8d66cedd":"94235",f3d6bf7d:"94243","259d4bd8":"94325",c07ebe24:"94579",f24deb99:"94881","222f68c8":"94899","98a7b080":"94977","45ca2515":"95018","1c05226e":"95051","07fcb413":"95142","266461e3":"95510","9b6133b9":"95647",dc648997:"95654","32f482e1":"95683","93946e0a":"95719","00f5d06d":"96030","83e792f1":"96075","1c3c8be8":"96298",a22ed5e4:"96688","7c409bae":"96813","1608665e":"96902","737abd23":"96979","7fb7e253":"97006","0752e30e":"97120","0462cff2":"97140",d8ef6140:"97213","4b385260":"97267","28d6087e":"97357",afacbea5:"97562",c6bc47df:"97602",cd0c0b67:"97635","7350c59a":"97722","7f9606e9":"97912","7ab81c4a":"97964","3d4ef3a7":"98087",d7e0d0e7:"98258","60e1e52f":"98437","32e847b8":"98498","97bdec26":"98659",af1a53b7:"98752","9b9ccd3e":"98807","4593cc08":"98991",b5c078ab:"99135","659dff9c":"99397","2b4e7f11":"99554","7bff08c9":"99734","285fd50d":"99812",a4707478:"99903"}[e]||e,r.p+r.u(e)},(()=>{var e={51303:0,40532:0};r.f.j=(d,c)=>{var a=r.o(e,d)?e[d]:void 0;if(0!==a)if(a)c.push(a[2]);else if(/^(40532|51303)$/.test(d))e[d]=0;else{var b=new Promise(((c,b)=>a=e[d]=[c,b]));c.push(a[2]=b);var f=r.p+r.u(d),t=new Error;r.l(f,(c=>{if(r.o(e,d)&&(0!==(a=e[d])&&(e[d]=void 0),a)){var b=c&&("load"===c.type?"missing":c.type),f=c&&c.target&&c.target.src;t.message="Loading chunk "+d+" failed.\n("+b+": "+f+")",t.name="ChunkLoadError",t.type=b,t.request=f,a[1](t)}}),"chunk-"+d,d)}},r.O.j=d=>0===e[d];var d=(d,c)=>{var a,b,f=c[0],t=c[1],o=c[2],n=0;if(f.some((d=>0!==e[d]))){for(a in t)r.o(t,a)&&(r.m[a]=t[a]);if(o)var i=o(r)}for(d&&d(c);n{"use strict";var e,d,c,a,b,f={},t={};function r(e){var d=t[e];if(void 0!==d)return d.exports;var c=t[e]={id:e,loaded:!1,exports:{}};return f[e].call(c.exports,c,c.exports,r),c.loaded=!0,c.exports}r.m=f,r.c=t,e=[],r.O=(d,c,a,b)=>{if(!c){var f=1/0;for(i=0;i=b)&&Object.keys(r.O).every((e=>r.O[e](c[o])))?c.splice(o--,1):(t=!1,b0&&e[i-1][2]>b;i--)e[i]=e[i-1];e[i]=[c,a,b]},r.n=e=>{var d=e&&e.__esModule?()=>e.default:()=>e;return r.d(d,{a:d}),d},c=Object.getPrototypeOf?e=>Object.getPrototypeOf(e):e=>e.__proto__,r.t=function(e,a){if(1&a&&(e=this(e)),8&a)return e;if("object"==typeof e&&e){if(4&a&&e.__esModule)return e;if(16&a&&"function"==typeof e.then)return e}var b=Object.create(null);r.r(b);var f={};d=d||[null,c({}),c([]),c(c)];for(var t=2&a&&e;"object"==typeof t&&!~d.indexOf(t);t=c(t))Object.getOwnPropertyNames(t).forEach((d=>f[d]=()=>e[d]));return f.default=()=>e,r.d(b,f),b},r.d=(e,d)=>{for(var c in d)r.o(d,c)&&!r.o(e,c)&&Object.defineProperty(e,c,{enumerable:!0,get:d[c]})},r.f={},r.e=e=>Promise.all(Object.keys(r.f).reduce(((d,c)=>(r.f[c](e,d),d)),[])),r.u=e=>"assets/js/"+({21:"300f4cd6",109:"795f3bdb",312:"15d0580c",747:"260a4a36",815:"c7567e98",925:"36e2d848",940:"18f6552f",983:"d3ca5c2e",1087:"94dc7cfd",1238:"b5cde707",1310:"fc1fe8cd",1358:"5a7d75ff",1416:"6cda4436",1438:"b28576cd",1488:"78e22a47",1514:"6e48d5f2",1741:"5a638c7a",1953:"3e8d5da4",2077:"1e439a5b",2232:"6f8faf89",2271:"9cc26b9a",2322:"dcd93014",2466:"a500dec7",2467:"6d895060",2572:"1f1afc48",2879:"41bc5d3f",3007:"e7e456ae",3419:"b420e108",3465:"1431f569",3694:"88dfd727",3729:"2e0a315c",4247:"1b19517e",4250:"16b64f07",4336:"70365baa",4358:"0b13c270",4714:"08650cf2",4847:"e257e53c",4998:"e8f48e86",5166:"7bbfc3b6",5215:"3b4c1a08",5291:"00feb899",5422:"30983fb2",5426:"f41d5350",5481:"77a3d39e",5488:"b1a5927e",5510:"bf00a8d0",5569:"dfbccedb",5774:"9ec8eba6",6182:"dfcf29be",6213:"55e4d810",6380:"1ac601ec",6455:"2b956348",6740:"9f833be8",6795:"e30f1b57",7069:"98fbcf17",7087:"3da98dca",7096:"173771a7",7319:"2f0cfb14",7328:"b0998319",7383:"ad8204b4",7392:"a6195e9a",7402:"fbb59325",7457:"ed94db85",7659:"ccd53d21",7695:"993aa953",7703:"9482ce64",7741:"a4d3bfdf",7786:"8917ad4d",7789:"c41a9bbf",7800:"5757960c",7811:"d0a74388",7865:"2c65c31e",7899:"d45a981c",8007:"63c93610",8214:"6598a7ba",8243:"bcfd1a7d",8298:"687e20bc",8338:"ad85b1ef",8523:"8a33da19",8654:"03cfa6f7",8914:"f7385094",8934:"8dcf93dc",9093:"ad9bab9a",9104:"bd403acb",9140:"3706fe77",9546:"655adf18",9621:"8dd461fc",9769:"7e337a56",9784:"84261676",9887:"0619e1d5",10149:"370de2d9",10330:"12a06ad6",10409:"d19115d7",10507:"3e12f454",10554:"a4c05209",10582:"e6dd6da5",10601:"a3470c53",10623:"62314bb1",10648:"b6d3d2df",10654:"8d265025",10704:"23352ec4",10962:"e2da1f85",11177:"f6a9426b",11180:"7aa5df64",11274:"4f3516e2",11310:"1b267c09",11426:"9790f6d3",11618:"a6016a7e",11697:"5b09d46c",11930:"4f5d49a9",11938:"a1963bff",12021:"33212b4b",12026:"f031a327",12066:"a0e6b5c2",12105:"1d52074d",12205:"ce50ea2a",12368:"3f6be463",12585:"edbec64d",12602:"5457b00e",12603:"d5af26f4",12658:"3a435e54",12681:"c81b193a",12865:"7371e1a3",12882:"1c0e9aa0",13056:"f8b3aa78",13072:"a94ee45d",13123:"bc4d58a4",13245:"36d71838",13261:"3e264488",13344:"cb7043f0",13460:"7bde4295",13575:"edea3d23",13581:"00d5b134",13634:"90925eb7",13825:"c945ac6e",14007:"861f751b",14050:"71f012fd",14085:"c103f181",14640:"30269bac",14873:"fc06a125",14986:"080a77b8",15062:"879b8a59",15185:"f4774aa2",15316:"826eb956",15350:"ecc58e23",15574:"90e47a5b",15651:"915a4fec",15709:"995dbe35",15729:"a4cf8478",15736:"dd6e498d",15771:"dde9c6cc",15921:"90609308",15979:"e1bea0d2",16186:"23b969f8",16380:"126508e2",16684:"d8256cbb",16992:"8a8987ef",17104:"6ed3fb3b",17541:"1076f64b",17634:"672b3b49",17994:"ed200b07",18083:"64b2938c",18091:"e699d4d1",18233:"dc366153",18348:"af61538a",18503:"ab131112",18543:"84e59631",18654:"d20320e1",18676:"26684b7d",18746:"92b86d63",18952:"40f1cf9e",18975:"457b963a",19096:"7720bb24",19186:"40907c41",19336:"f56cf62c",19478:"6728c7a9",19480:"c4428c45",19509:"8e9960dc",19599:"e10d246f",19612:"37963c82",19720:"dfb5f0c7",19840:"d67039b7",20111:"fdfb486c",20119:"e2bf4803",20686:"868b8e17",20739:"6eed3feb",20769:"1cc400ce",20898:"acc03d12",21020:"34156d76",21022:"949f9e5c",21054:"8a5c65cb",21131:"c64c8a00",21290:"ecf397c5",21307:"7863a04f",21411:"a9af3507",21499:"6b670249",21511:"92e7b68f",21574:"2fd2ba7e",21594:"dec2802b",21715:"fec5c7d4",21926:"c6ca8e82",21994:"2ae252f9",22035:"bdf7d44f",22036:"07b2872f",22092:"50610133",22094:"f167b037",22159:"f42d2ef1",22348:"dcb471a6",22394:"58f46323",22498:"9a3d5681",22502:"a4f23293",22570:"1222082a",22609:"5e15c15b",22681:"3c116a82",22697:"42895aa9",22713:"eb29bc22",22965:"09772b34",22970:"15f6fe0f",23169:"146d05d7",23199:"b4ed5649",23475:"c283ece6",23486:"c9448d9e",23521:"f0de574e",23676:"eb3dc601",23719:"bff9d2be",23910:"175c78b3",23915:"3fa39283",24004:"d0fc3039",24174:"2132f2c8",24180:"0702198c",24212:"b6120ea9",24269:"833dfbe2",24276:"365269c3",24340:"cbf62e80",24349:"9cdc8175",24354:"20d73eb2",24464:"b02de59a",24720:"f98e13e4",24920:"7040ea16",24930:"77ff8c5f",25088:"27b2bedd",25297:"59476d7b",25480:"2ffafe2d",25561:"b00a96e0",25618:"fbf5a5bc",25915:"d33dc195",25929:"1b28acf9",26123:"2865d6a1",26283:"636ce216",26389:"526841b1",26546:"05d073aa",26571:"18ba6a46",26583:"22f788e4",26599:"d7924564",26780:"fe92c3c8",26824:"4ea5776c",27071:"9b14b78f",27103:"e43c6f85",27166:"c50c64c1",27278:"e93086c6",27339:"fa5a4d6d",27495:"8a77ded3",27510:"7ac58bfb",27785:"c709e528",27918:"17896441",28006:"2a769183",28027:"cbee0725",28045:"e5c15292",28065:"51a6b448",28109:"b8763a3d",28250:"3fdf6886",28294:"a73e6386",28424:"0a3ca7a0",28427:"41e2cb2a",28528:"fbc46c8d",28600:"3962ec11",28614:"a972ad3e",28621:"282850f5",28706:"bd9ea72b",28755:"b77b8c66",29106:"7a52780b",29245:"1c258b38",29307:"8bddd949",29514:"1be78505",29597:"6591a8d4",29753:"91d2db81",29946:"216a98d5",29969:"628c5638",29996:"07a41131",30144:"f2b72252",30433:"3151d179",30763:"56554851",30836:"0fc51021",30853:"dfea22ae",30868:"8c335d31",31289:"b52fa139",31301:"fb52e9b8",31386:"e6dd87aa",31422:"97f5f3c2",31472:"35eb483f",31617:"59c3a605",31626:"35265ade",31671:"cbd72529",31803:"1517121d",31809:"bc8b2a0c",31921:"08efe41f",31967:"03d0b641",32077:"7a4d057f",32263:"92103f47",32440:"5bc595e9",32535:"da36def6",32663:"69fd7c0e",32699:"8fd272bb",32764:"bd4362ca",32809:"759f5d40",32810:"4741f96c",32942:"70de5b5f",33019:"a4e49971",33040:"ce6ee837",33150:"e8d4cdb9",33191:"f6784245",33313:"93996e09",33514:"99dc4662",33698:"341b1c91",34049:"1e415b6f",34085:"cc549ae9",34093:"836ce71c",34176:"ce59b13f",34203:"3ad596a9",34224:"c4ffb2d2",34316:"f8990407",34377:"e3c905de",34682:"6d0e887d",34740:"078ca05e",34771:"9d708593",34967:"e9b5709f",34970:"913247ec",34998:"7c404f02",35119:"714a0345",35174:"7ac0181b",35206:"161a8a09",35223:"b3cc103d",35406:"d602a484",35542:"43947e47",35638:"f42f3bd8",35674:"3f324a56",35821:"284a080c",35839:"cfc90e78",35913:"e00fa61b",35995:"b49d70f9",36358:"0b3545e4",36516:"83ce496e",36549:"1d5b23e2",36555:"80a8b741",36668:"c968257b",36694:"4a506fa9",36714:"16b4412b",36777:"aa9d4f22",36868:"cca70ef7",36883:"077ee5ba",37300:"1f1b61b4",37503:"8887a228",37590:"c94d8736",37704:"5f6ea5d7",37739:"70ea087d",37861:"9bc8facc",37998:"4e5322cc",38002:"640423d2",38098:"99b17796",38130:"cd61fe91",38153:"9919686c",38279:"29a08e9a",38342:"1fd61002",38382:"e02565da",38429:"fb6c00a7",38515:"265621d8",38590:"29b0c18d",38773:"217d978d",38774:"d2eed707",39063:"f083362e",39184:"cefce2a2",39609:"c1660528",39652:"b0851ee2",39781:"7379db51",39840:"5447c5cf",39880:"1677abc3",39945:"91524627",39977:"30ad8f72",40104:"465a7087",40300:"1dcbf034",40363:"d3b3891b",40408:"d24baff8",40412:"2bd82a96",40421:"53d6371d",40578:"234e638a",40613:"59f2fdda",40791:"7259f1b1",41021:"90e6bfa4",41026:"4c5e3d0c",41048:"0a00aed9",41119:"1738210e",41232:"ea710672",41298:"969fec62",41337:"19e0fcb3",41490:"d449dcf1",41550:"fb6543cb",41600:"cb9e7599",41606:"5f3ec91d",41713:"6f23519e",41748:"b2974c0c",41797:"e9e146f9",41808:"f918b75b",41843:"d3ee8f76",41862:"7d20fe42",41863:"7820f9d0",41910:"cb0f9cfc",42060:"4c8bab11",42184:"e57902fd",42213:"42d74bd0",42293:"352fe4c2",42384:"f2b29f39",42408:"369767ab",42774:"56af85b5",42798:"4fbbeb6d",42807:"56e0102d",42815:"04c84ab7",42900:"461bbd2f",42908:"952453f2",42936:"8616380d",42957:"9ab9d50f",42977:"6b5f3f1c",43075:"cee81a32",43240:"6f717a16",43386:"619f4ce6",43527:"d9ff0d7c",43567:"7c224e35",43570:"f9f60325",43662:"e0085fac",43690:"f5855e91",43855:"0565c07f",43991:"c7c76429",44164:"76752974",44351:"4b04188a",44437:"03174832",44442:"ec8dee43",44689:"93f2b152",44913:"00f8cb14",45007:"649093c4",45182:"0befdadd",45403:"4fd18230",45570:"5f002f12",45585:"659951bd",45621:"456cfd32",45971:"5dbe590f",46003:"ca13f458",46021:"cf1ecaf1",46103:"ccc49370",46150:"d409a93e",46203:"8f876d16",46225:"bf3f6241",46265:"05e002f0",46348:"8e3c5f08",46406:"a70d2e82",46436:"32b646fc",46442:"88746a45",46596:"20979765",46651:"8ec6e829",46705:"f3740653",46734:"4a76d056",46762:"ac1eaa32",46779:"708daa68",46878:"7430a490",46947:"feb1236d",46971:"c377a04b",47057:"140f3dee",47362:"c617b3ad",47484:"244e56d5",47497:"51b3f280",47532:"52763308",47611:"9c8e56d0",47618:"7d2009bc",47647:"ab97ccc9",48085:"5bdb327e",48100:"9983579e",48111:"008e479d",48440:"0f92a9a8",48441:"2ea98982",48472:"005af5ea",48527:"bebebfab",48610:"6875c492",48772:"72cc6d1e",48797:"bfb74d34",49201:"2dd6b9ac",49277:"8a72ccb4",49492:"1c21ba58",50030:"29e3a43b",50065:"d3bd14d4",50154:"93ecf9d2",50155:"cf2b80f9",50295:"692db14d",50475:"199adf45",50536:"3ecf99f6",50566:"36fd6b31",50598:"5b418dd2",50682:"7455c1f8",50734:"a4ae065a",50786:"3b3d7813",51157:"b2fe1a56",51232:"92054cc8",51426:"cb97ded3",51519:"e957a797",51596:"3b10f148",51661:"5b1d965c",51701:"23091f88",51770:"f45be535",51893:"bf65740b",52131:"6dd1a436",52182:"ff85a2bf",52277:"46b1bedd",52303:"1398643a",52535:"814f3328",52607:"5cf52972",52642:"7a3cbbc1",52656:"d09cacbb",52685:"7fdede95",52908:"e830f50c",52916:"5183b70e",52961:"991a0614",53015:"0902dbf0",53121:"001e1716",53237:"1df93b7f",53303:"6e286be6",53608:"9e4087bc",53711:"1a5edc34",53834:"f24dcdab",53978:"cd4bceb7",54142:"c177c35c",54197:"6767fc64",54257:"f656ff8f",54369:"bc7ebba5",54400:"fae58180",54468:"4fe46fb7",54495:"52caa0fa",54549:"ae5766d7",54763:"f8085e57",54768:"04de07fa",54779:"79f1cb63",54797:"51e252e1",54868:"c0fac2c5",54915:"0602922c",54993:"0614adf5",55183:"52d10dde",55374:"91958274",55395:"e6bd1150",55444:"7f5a4972",55458:"e05e4f28",55713:"aeaca7a3",55764:"a55c14b2",55791:"e333f46c",55817:"63814cb7",56104:"f30c03b2",56294:"d7fd4a45",56345:"d7be0b9b",56427:"7313540a",56454:"747c87af",56461:"66766c59",56630:"deb891b7",56779:"1aba2a20",56805:"2c647459",56942:"c0a645c7",56948:"4a70cc0d",57205:"c4fd52e5",57256:"c9fea71a",57365:"ca20a8fe",57456:"7792adb1",57523:"770d309f",57574:"1cc46930",57740:"b0c2e5ed",57793:"59f6952c",57842:"4fdcd587",57891:"42428214",58139:"cfa87347",58231:"b6130486",58253:"b8678d1a",58255:"161712d6",58273:"bb28fa20",58349:"6f94884f",58494:"92228e60",58581:"a5b4528c",58695:"89f437f7",58805:"6ff39321",58821:"46886cb0",58886:"a3ee450e",58967:"bbf3cda5",59134:"dac8816f",59300:"453c4055",59337:"2a592757",59353:"18f289aa",59425:"316e84de",59525:"ea5ecbc5",59559:"f5d6dd48",59682:"f67e3aa3",59694:"fb22e237",59706:"2cd08dad",59726:"b878c13e",59814:"01d5614e",59825:"8a703bd1",59827:"047e6a26",60266:"4bf67133",60380:"eb9d40ec",60467:"03118738",60608:"a9e69a82",60780:"d5bfda9e",60821:"daab0409",60930:"3b1282ea",60996:"4bdadcb4",61157:"dff31f53",61213:"190acd9c",61265:"053d7e42",61337:"db189e95",61554:"f4d442d5",61581:"53470b9e",61708:"08d52cd0",61763:"076802e0",61766:"16029c63",61846:"1170c774",61890:"481cb13b",61931:"4e8ec2d5",61981:"24e002ac",62024:"5f058c77",62109:"3488fd6c",62275:"5837c87c",62324:"06d6451e",62543:"9c92bc77",62693:"9d79cf0f",62811:"b4cdaeff",62974:"fafc9877",63022:"4db9da1d",63048:"49fd035e",63147:"b90f1cd1",63299:"f70b5741",63376:"8765036c",63410:"70c58991",63434:"f83dc955",63684:"bf342a85",63693:"ce7dab8e",63797:"65769068",63905:"6acab07e",63998:"fc3f47a8",64013:"01a85c17",64070:"3cc8df7b",64247:"752e02a7",64322:"22d1e350",64325:"0da6392e",64395:"65a1b790",64411:"74b3ebbb",64600:"9f2791cf",64658:"bf7df328",64748:"95446c39",64822:"ac3a39d8",64838:"ad8e7dcc",64854:"72457b75",64964:"bc300906",64967:"4ab0658f",64978:"08d58ed6",65051:"c10b9920",65161:"5a44e4dd",65193:"eb5c7b0a",65301:"8731dd32",65362:"bb0c4597",65480:"eb5263e4",65533:"4e6ed8f3",65540:"783edba4",65548:"d6487ff7",65637:"79c12c19",65731:"cfbe9d8e",65754:"47bafca7",65839:"75fb7ff2",65870:"02ec521e",65878:"ef25bb1f",66095:"d7245e62",66232:"9a544e45",66291:"18c538ec",66342:"a59e0362",66377:"a530b0d2",66513:"00b87587",66662:"b5430557",66789:"b46e9e7c",67036:"1055a711",67060:"3ed7e301",67232:"019131da",67301:"20a75fd7",67356:"1ddde341",67371:"3d57ba44",67431:"a90d1c60",67570:"d9f8802d",67579:"b3089a88",67581:"84090fe9",67624:"4b415865",67764:"4a41c9ed",67826:"adcbe9eb",67873:"df12da97",68418:"7d1e7a7c",68493:"fce9c71b",68540:"d553c684",68925:"d9a4e4a9",68959:"9abfca86",69040:"2c2bdd6a",69047:"78aa31c9",69078:"2b1e53d2",69164:"4d635c76",69228:"f14b45bb",69300:"2628b79f",69319:"170c3def",69320:"0965286a",69538:"36b5d89b",69593:"e527a4fd",69678:"e8df2429",69796:"65d527ac",69853:"d9dc158b",70163:"f17a645b",70198:"8d2190cc",70527:"8ccefe70",70545:"276a35f2",70714:"1dc9c973",70772:"b8ce7dc9",70879:"eb51026c",71473:"c93a2b7b",71518:"e4d0a9b4",71693:"a2baab9e",71848:"d58b9252",71877:"1a52eae7",71878:"3ad228ae",71916:"fda8821a",71964:"b58e0449",72113:"d719ccc2",72147:"c0ed6d96",72184:"4ef7ce65",72447:"05c17326",72612:"eca036a7",72629:"0d8d3350",72685:"4c601101",72828:"c3ab2f20",72829:"66bc78fc",72868:"a3937ff1",72938:"d705183c",72985:"fb6d9ef4",72992:"d9ebdac2",73167:"1b42d056",73407:"fc05bc09",73457:"cc63c88a",73746:"8ee976c2",73805:"cf896737",73838:"3b42de7a",73860:"78e0e367",74009:"18714417",74076:"cab9a096",74107:"830fd0bf",74296:"ab9a051c",74423:"cffa70f7",74517:"48f8f874",74556:"78dce1fd",74570:"625eab23",74595:"38dfefea",74703:"e0a79853",74708:"0bb7bcfa",74713:"330ac9fe",74891:"522cb5d3",74926:"1d40ab52",75092:"40c869fc",75143:"b17755e4",75191:"192ae610",75223:"c9f8f6c0",75257:"c50a9231",75360:"ed642a45",75601:"4e291c72",75612:"f49d7908",75623:"5d01a869",75884:"3e3d3813",75950:"32828b2c",76066:"38dc8bc1",76194:"342f8f1b",76311:"fc150fa2",76313:"b505846c",76420:"d8f8ea8f",76496:"fd333703",76638:"103f9e04",77078:"8cd80816",77184:"27772462",77248:"226b0cb1",77333:"0142e598",77340:"890438e0",77445:"f2a4f782",77467:"1608ab0c",77492:"bd753016",77503:"7566cda2",77552:"91d6c0c4",77667:"c087d33b",77752:"371c68ed",77763:"c20a5dd8",77802:"73c0098d",77814:"8f0d52a3",77885:"efe6b3fa",78010:"08cd2194",78202:"474899f0",78325:"d924c453",78361:"6a78568e",78442:"550fad1a",78606:"a1fbca1b",78658:"1855c9f4",78673:"c6aea3f1",78740:"ec887574",78861:"53094378",78923:"d1f0e4b8",79110:"56d060ef",79178:"5d8dde6e",79346:"5fd3099d",79355:"16304c1d",79526:"3da507b6",79679:"63831db4",79694:"fc1959c7",79777:"7f1215b4",79842:"5e2a7dec",79917:"f92f7190",79971:"ea2a8a2b",79978:"cde6b8a6",80009:"5f2498b2",80053:"935f2afb",80145:"14706c8b",80316:"42705cec",80357:"05827d53",80451:"14fe5d11",80484:"e2c6734d",80517:"8855d2b7",80881:"ca5cb613",80912:"e656dc47",80948:"6525da2f",81084:"aab4c406",81100:"0899fb24",81182:"6baa2cef",81229:"40616ef9",81357:"173f7963",81560:"5eb6fbed",81636:"558e1c6c",81643:"bab8d2c4",81758:"3a836242",81771:"20643d6a",81804:"bf0e441c",81821:"fd8b739b",81940:"d96ceb02",81960:"74376b51",82120:"3923cff6",82168:"0904ab64",82329:"9107ea31",82344:"3e21b64c",82347:"56d960a3",82478:"7c5fdb97",82651:"853e4057",82654:"2456a5e0",82683:"ec9ce0b9",82763:"6cc9d60c",82935:"ce73e545",82968:"cc020efe",82977:"b768cbd4",83037:"1aa3183d",83050:"236783c9",83060:"8a3cf0bc",83066:"57333199",83153:"915b42ac",83184:"912ede02",83217:"3b8c55ea",83276:"c8a30dcb",83323:"e7e3539d",83532:"a05ad5a3",83555:"b4edc141",83590:"610c6209",83669:"0ca5e369",83827:"a6b4f274",83856:"9ec43235",84143:"0984e7b7",84288:"89779929",84331:"b8ae24ba",84394:"d4054b0c",84541:"2d11d1c7",84606:"381d9cc2",84615:"511f43e7",84723:"efc92035",84841:"bb002237",85064:"eba3cb06",85330:"4121ff2e",85350:"346c6f31",85511:"096b53d1",85765:"d3ac05e9",85785:"d39f4c6a",85872:"a32b9391",85957:"3d23d174",85989:"8a69729c",86007:"61ac022e",86019:"5665fc6b",86341:"e4627f95",86392:"95b4e82b",86478:"9e8974f2",86621:"2f9a61f7",86754:"4ed45869",86847:"defea45c",86849:"57b59cd4",86892:"e5249a91",86905:"e59cf075",86925:"0c4492b5",86983:"843d5c9d",86997:"813b8b2b",87089:"532cc112",87097:"535a9867",87199:"e08ad4e2",87413:"826a4450",87659:"003bd65f",87908:"673cfd93",88462:"5c098672",88746:"6bfb1f3b",88799:"119399a8",89110:"3ab60fbf",89120:"a89101e8",89213:"5b1b9265",89243:"9ceb8545",89535:"8a2021db",89635:"306e9acb",90069:"b809a965",90342:"67a3f72d",90414:"fa02121a",90434:"611ed0af",90451:"251e224c",90647:"9a147845",90673:"a618be25",90744:"1095b338",90874:"d01ce3bc",91024:"bf01e4e0",91043:"5eb60198",91075:"7f7d57e5",91550:"4b535752",91577:"aab66baf",91617:"08b38161",91698:"d41cac77",91709:"7675a0fe",91835:"baf595e3",91993:"3c5e5778",92130:"88d474ce",92180:"9f5a94da",92341:"5c2c8950",92511:"15706790",92711:"e19ba590",92901:"462cb3ee",93009:"ec0bc416",93089:"a6aa9e1f",93116:"77d972d9",93117:"5f593e60",93185:"799df3c7",93323:"0756af21",93432:"23d9fe45",93502:"62c56f8b",93549:"bb1699c9",93614:"ea480a96",93656:"22bf71e8",93716:"3fa77eb9",93851:"4aebba5d",93891:"6a545a3d",94012:"15960ad5",94013:"38d8ce0a",94156:"36a4e4f0",94176:"a793e2e1",94235:"8d66cedd",94243:"f3d6bf7d",94325:"259d4bd8",94579:"c07ebe24",94881:"f24deb99",94899:"222f68c8",94977:"98a7b080",95018:"45ca2515",95051:"1c05226e",95142:"07fcb413",95510:"266461e3",95647:"9b6133b9",95654:"dc648997",95683:"32f482e1",95719:"93946e0a",96030:"00f5d06d",96075:"83e792f1",96298:"1c3c8be8",96688:"a22ed5e4",96813:"7c409bae",96902:"1608665e",96979:"737abd23",97006:"7fb7e253",97120:"0752e30e",97140:"0462cff2",97213:"d8ef6140",97267:"4b385260",97357:"28d6087e",97562:"afacbea5",97602:"c6bc47df",97635:"cd0c0b67",97722:"7350c59a",97912:"7f9606e9",97964:"7ab81c4a",98087:"3d4ef3a7",98258:"d7e0d0e7",98437:"60e1e52f",98498:"32e847b8",98659:"97bdec26",98752:"af1a53b7",98807:"9b9ccd3e",98991:"4593cc08",99135:"b5c078ab",99397:"659dff9c",99554:"2b4e7f11",99734:"7bff08c9",99812:"285fd50d",99903:"a4707478"}[e]||e)+"."+{21:"e8db92b2",109:"7d540acc",312:"c9e5ab73",747:"e6a4227a",815:"1d64a8bf",925:"c966c0f9",940:"1126dea7",983:"85515927",1087:"e4c3b1d7",1238:"d4fdedab",1310:"42bea346",1358:"da7161b2",1416:"eec2f609",1438:"cec5b12b",1488:"b1a242a0",1514:"d2744380",1741:"1b31805d",1953:"26d8e736",1954:"0b34bc9c",2077:"f1161b84",2232:"18dabc55",2271:"b742dea0",2322:"c3c72cf3",2466:"db5c00e1",2467:"41f0f036",2572:"7c24eea8",2879:"84a24a15",3007:"f0d108e2",3419:"866f6080",3465:"24e6f06f",3694:"688dccba",3729:"0a234850",4247:"6644139e",4250:"f91c37da",4336:"248742d4",4358:"826cd50e",4714:"2334fecc",4847:"d5f1ecb1",4998:"3c20db2d",5166:"dd8f8287",5215:"e86418c9",5291:"c14ec276",5422:"35167db4",5426:"acfb36c0",5481:"1ea3b510",5488:"8050e32b",5510:"2fe53128",5569:"325ee7c2",5774:"a556ff23",6182:"eff8db40",6213:"ba4d8dc2",6380:"d594447f",6455:"ffe866bf",6740:"5a649f9b",6795:"a0fcbbe9",7069:"121d08b0",7087:"92985a33",7096:"4f237850",7319:"b5d24f3a",7328:"b4761775",7383:"e0e08f28",7392:"148dea26",7402:"0146f1da",7457:"dba73d1c",7659:"73808397",7695:"80864974",7703:"a4eaee91",7741:"994cc253",7786:"6aa29002",7789:"b67a8647",7800:"8f3731c3",7811:"d702064e",7865:"0848bc01",7899:"d3837eae",8007:"3f2fd7d3",8214:"9103b553",8243:"ed357ccd",8298:"99fd79dd",8338:"8495a819",8523:"1697801f",8654:"bad19c1e",8914:"5fd26b0d",8934:"1425bd71",9093:"cba4f98f",9104:"c7a92398",9140:"0da3acf5",9546:"cdf4a43c",9621:"bb7992e7",9769:"57fc81c4",9784:"3d6d8437",9887:"70eedba3",10149:"8b4e7ea5",10330:"efe61bad",10409:"b8318f58",10507:"cb36671b",10554:"567430f4",10582:"fa2c1846",10601:"ed0c9424",10623:"d0d1a670",10648:"f6ad12d0",10654:"72eafb3e",10704:"b6a62e2a",10962:"3fd9932c",11177:"fa569261",11180:"644a771f",11274:"866c10a6",11310:"3b929021",11426:"d02db023",11618:"05cb970e",11697:"09dcdde4",11930:"2157445e",11938:"7507327f",12021:"121733da",12026:"93a65c78",12066:"6303023c",12105:"9906145f",12205:"6f5304d4",12368:"5f063a00",12585:"c85b77d1",12602:"c549397c",12603:"cff39de2",12658:"c63e77a3",12681:"e5e6032c",12865:"1da13d88",12882:"ab2c2dcd",13056:"7be5a84a",13072:"a0b75323",13123:"bd9ec282",13245:"c34ebabf",13261:"431d44cd",13344:"5dc10998",13460:"08306def",13575:"19f6722c",13581:"a7b4bda8",13634:"3c63008a",13825:"86122428",14007:"67f7f532",14050:"1a1f86f2",14085:"bf568252",14640:"a8849ea5",14873:"61a550fe",14986:"a2386c12",15062:"e0762999",15185:"0941179a",15316:"e76bf261",15350:"24caf80b",15574:"1d99f440",15651:"7b608f22",15709:"bc21c8f0",15729:"829a1e71",15736:"6dcbdc4a",15771:"9b3b57b5",15921:"42e255b1",15979:"7fd3fde0",16186:"67643b30",16380:"44b90bdc",16684:"d14b62a1",16992:"8f734c6b",17104:"f14eaf01",17541:"5e439495",17634:"9b341a41",17994:"82e68fbc",18083:"933aa6ac",18091:"c54c83a6",18233:"6dfd0167",18348:"39363612",18503:"b00e694b",18543:"d8b0b0dd",18654:"6b1e8606",18676:"abbb25d1",18746:"d2e309fb",18952:"3913f82b",18975:"bd590918",19096:"c95a097f",19186:"1af94c71",19336:"5eef1e32",19478:"c8408cbc",19480:"11d699d7",19509:"01099fba",19599:"7b871313",19612:"25aab38a",19720:"142c4c67",19840:"2411fdd1",20111:"1f1e2d37",20119:"072a58fe",20486:"bea2439e",20686:"e22801f7",20739:"fe7dec50",20769:"bbba1ca9",20898:"23dc5185",21020:"147a23f1",21022:"77f45368",21054:"0eef08f8",21131:"93dad10f",21290:"d10a819f",21307:"e41a7b2f",21411:"ed16a47f",21499:"f0f075ef",21511:"2636c847",21574:"7d2a11a1",21594:"872306e9",21715:"e7e98879",21926:"5b96440d",21994:"4a0c3620",22035:"1a8dad82",22036:"b3bc1f9e",22092:"a85181a6",22094:"ce2e081c",22159:"5afdde65",22348:"37b20d70",22394:"0b0538e3",22498:"df18af70",22502:"a6ec6349",22570:"61817c64",22609:"85752a17",22681:"7b50c7b2",22697:"0ed50301",22713:"185f59e2",22965:"d99ab323",22970:"356ed2c6",23169:"3f173035",23199:"8c313f3d",23475:"defd9cec",23486:"3a91383b",23521:"ca055cc0",23676:"4011641e",23719:"27319b53",23910:"ca0cbb79",23915:"f4618526",24004:"6204bf4f",24174:"499345b3",24180:"f30977ed",24212:"18ab5286",24269:"fdde4f4f",24276:"dd67cfc3",24340:"fb06e7aa",24349:"8f7aaa90",24354:"166190e8",24464:"458cd2da",24720:"fd73174a",24920:"bfe05e45",24930:"f3c747d9",25088:"50ea1b98",25297:"9cbf9d15",25480:"842afd03",25561:"fc1414fe",25618:"4a5a91ee",25915:"9b94861c",25929:"072ecff1",26123:"b63d11ed",26283:"dfcb0074",26389:"7a68fa9e",26546:"0e67243e",26571:"fafbf339",26583:"c5a17b17",26599:"c53c88e8",26780:"b845a821",26824:"bbd490c9",27071:"a8d53910",27103:"755b804b",27166:"ea3377ac",27278:"c8d57b6c",27339:"cbdd9481",27495:"9361cff8",27510:"8086e898",27785:"b9612608",27918:"126ce769",28006:"7cce8369",28027:"73e674cb",28045:"d7e38384",28065:"fbcd992a",28109:"40941685",28250:"600feaf9",28294:"dfdedc68",28424:"cc520127",28427:"045f5eea",28490:"40bd1e8f",28528:"2b83f438",28600:"d2495a4b",28614:"5649a6b1",28621:"cbe04304",28706:"b6d61405",28755:"5eeeecbb",29106:"6d17385a",29245:"c3542688",29307:"9bbf021e",29514:"61328999",29597:"3359f8ad",29753:"5c4d5106",29946:"13f23b59",29969:"b52b0db4",29996:"903e5627",30144:"55c492f9",30433:"d4f93af2",30763:"44937f11",30836:"ff7ff475",30853:"6a5ce8d9",30868:"8ae0030a",31289:"a6ebc928",31301:"a1110d9b",31386:"23f8714b",31422:"12fe9d7e",31472:"2f2ac03c",31617:"a4a0c98f",31626:"99bf3948",31671:"ef900a18",31803:"0a436099",31809:"34d4d988",31921:"a805c1a5",31967:"0d7e1870",32077:"91bba93b",32263:"35bbb30b",32440:"f33ba6bb",32535:"0ddc097a",32663:"897a4c55",32699:"09b33ce7",32764:"c4b29104",32809:"f3504241",32810:"69f5ce2c",32942:"40ea2d58",33019:"9c911be2",33040:"1e51b3e0",33150:"b112fd70",33191:"159b5961",33313:"d7e7fa10",33514:"9d96b724",33698:"1fd502e7",34049:"8344e060",34085:"708be506",34093:"a9d58a94",34176:"a75ee44f",34203:"ba77eb0d",34224:"41713a46",34316:"c69f6f4f",34377:"6400037b",34682:"88f6fb04",34740:"e852bb24",34771:"092e30a9",34967:"c3d30397",34970:"440cf678",34998:"b9a93791",35119:"e77af8d1",35174:"c07ad2a5",35206:"0be3b13c",35223:"d6f49da7",35406:"d4c67d9a",35542:"1e6a47f5",35638:"3be62e68",35674:"79ba46b0",35821:"028ebcaf",35839:"a8385908",35913:"bfc208da",35995:"94a897ee",36358:"3f6ac45d",36516:"1a7d1437",36549:"8c494ee7",36555:"9c2835dc",36668:"70204305",36694:"86ba26ad",36714:"3161abae",36777:"ee5aa43f",36868:"655166d8",36883:"17a72363",37300:"a8bdf45c",37503:"4ab0398e",37590:"82e14522",37704:"931bc5df",37739:"4606673d",37861:"aa9de769",37998:"02432bc2",38002:"dbe922e2",38098:"7c8e3a84",38130:"8e1c3820",38153:"ee23a8fa",38279:"36d618e1",38342:"bd2d47c3",38382:"e0bd7007",38429:"a0e472fa",38515:"5ff3a268",38590:"291ed7e2",38773:"8308f2a8",38774:"0ab7fd59",39063:"96adf0c9",39184:"ee90b394",39609:"d6af7eac",39652:"f41c482a",39781:"07872635",39840:"03cb115f",39880:"050ba86a",39945:"4912895e",39977:"ed45c656",40104:"ce9b4e6c",40300:"d17c7218",40363:"3a20fc02",40408:"b4330ade",40412:"a0001f40",40421:"9ce0d52c",40578:"ef843736",40613:"87c21496",40791:"924036e2",41021:"dcd3aece",41026:"919bbca3",41048:"4caaeed1",41119:"1e79e836",41232:"b8a1d405",41298:"7a48772b",41337:"cef85f93",41490:"dce01ba6",41550:"24822864",41600:"ec1b29e7",41606:"1b64a0d8",41713:"4465f3f4",41748:"ee132496",41797:"d50c8b36",41808:"6e2339a3",41843:"f6cd0622",41862:"e5410b04",41863:"ff544712",41910:"a95c314c",42060:"6fdad5b1",42184:"3f99d349",42213:"9fc77d0b",42293:"2ee93475",42384:"22182b2e",42408:"d3191987",42774:"507b20e6",42798:"00330344",42807:"e0fda9ba",42815:"ec4d7925",42900:"ac0a8f97",42908:"9840aed2",42936:"61fd2d56",42957:"de6418fa",42977:"a244750a",43075:"0637ca51",43240:"8d8cca45",43386:"066bffc2",43527:"b562101b",43567:"df931557",43570:"e00db7d4",43662:"62e53f6d",43690:"3eae6bae",43855:"f537f6fe",43991:"961c8d6a",44164:"1891be0c",44351:"1a21c04f",44437:"e41c7ef0",44442:"c5e9897d",44689:"a1d2ad0c",44913:"7a558425",45007:"54cbb85a",45182:"aa913a60",45403:"c9ec5194",45570:"6562b9b2",45585:"2db4181d",45621:"245cfdf9",45971:"3d125251",46003:"91db0141",46021:"a4f91589",46048:"8f4458a6",46103:"69de5a44",46150:"1c076a88",46203:"12697d9b",46225:"0706d01e",46265:"9d48ae86",46348:"443c1885",46406:"92679fdd",46436:"06382694",46442:"88b6e892",46596:"1d611864",46651:"1128c181",46705:"bef2ea33",46734:"c3c3a0a4",46762:"d0619d3b",46779:"c3ecb161",46878:"6fb931e5",46947:"9b9265af",46971:"29fdb728",47057:"847ada5e",47362:"0d108878",47484:"7d3493ff",47497:"68d7fd23",47532:"0173afed",47611:"90bca5f6",47618:"701a0551",47647:"a4b59634",48085:"92faac02",48100:"a088e7ff",48111:"c2ca6030",48440:"985dad1b",48441:"69fbf22c",48472:"6708c2e5",48527:"eb02368f",48610:"feeb8dc7",48772:"a88f32f2",48797:"1268b6c4",49201:"a7594aca",49277:"05e11747",49492:"b61e30f4",50030:"d5ed870b",50065:"7b658417",50154:"e52e1348",50155:"844afe79",50295:"898f5e3c",50475:"69ec2ad7",50536:"26ac8144",50566:"c3e125bf",50598:"1a33af0c",50682:"fc2bbbc5",50734:"f5372aa8",50786:"94dd79ba",50840:"934bb5d2",51157:"3582b996",51195:"5722c257",51232:"cf85cfae",51426:"b414372a",51519:"2ddaedff",51596:"297c26d8",51661:"ab5db16c",51701:"60d421cd",51770:"e07f727f",51893:"167165d1",52131:"c96ee793",52182:"dcfc77cf",52277:"238a1278",52303:"8b4e815d",52535:"2b82a630",52607:"3838edfb",52642:"62b14f08",52656:"8d0066cd",52685:"e8e8c17e",52908:"f264133e",52916:"d54528ef",52961:"75d1b4df",53015:"15e0d65d",53121:"bd2dfb2a",53237:"87e4d42f",53303:"fa36655f",53608:"b8afcdda",53711:"7045f7d7",53834:"274f492d",53978:"c3209811",54142:"0f358e7a",54197:"ad1cf17c",54257:"4e99c2b6",54369:"0d6ff9ca",54400:"89afc29d",54468:"f501395a",54495:"2329659d",54549:"90cd6d0a",54763:"d6d149cb",54768:"adfdb9ee",54779:"fe12d053",54797:"5c71db40",54868:"43c54987",54915:"263b5383",54993:"91510f5f",55183:"4afb8487",55374:"6f87a2a9",55395:"e39cceeb",55444:"e6a808e8",55458:"8f4e1fd4",55713:"dadb66df",55764:"e7d31d42",55791:"71e04fef",55817:"f698fdd9",56104:"f224e78e",56294:"643fb6cb",56345:"a8cb5489",56427:"88a471df",56454:"e0ef7626",56461:"6ffcd5f1",56630:"aad6846f",56779:"313d3b3e",56805:"011f9a61",56942:"15b4c01e",56948:"eb13f101",57205:"453d3b8d",57256:"2c302fe3",57365:"cd77fd7f",57456:"ce8e5c73",57523:"7986f0ac",57574:"30c94bb8",57740:"d571f1cb",57793:"13cd8f4f",57842:"436e8901",57891:"2aea4f0e",58139:"fe5f7c83",58231:"f7061b32",58253:"e10d281c",58255:"f456123e",58273:"6246135e",58349:"383e7dba",58494:"a3c91f55",58581:"cb59114b",58695:"36847346",58805:"5f4863f0",58821:"690f0dde",58886:"d03a700d",58967:"e3bfff41",59134:"39b6ac65",59300:"a53b83fd",59337:"c77ee5a0",59353:"6d8af524",59425:"ae539608",59525:"34c330df",59559:"4371aa71",59682:"b0479a1c",59694:"5959c540",59706:"eb7ac842",59726:"c290ca42",59814:"77686cb4",59825:"272ecf6c",59827:"2de6d0d0",60266:"49a9bd5a",60380:"6ac57077",60467:"1f0b9e09",60608:"01c2ce46",60780:"9495c495",60821:"64d2eae3",60930:"e23e8ea8",60996:"f04f5618",61157:"fd3de3a0",61213:"f1350e77",61265:"8e7c25cf",61337:"df600d5d",61554:"89ea185c",61581:"53e61a76",61708:"52875fd3",61763:"b534b2ee",61766:"0d6ec0f7",61846:"0d13a4cc",61890:"df2dcfa9",61931:"7d68e82e",61981:"a89cf658",62024:"b7ec0bb3",62109:"bf1989ca",62275:"174bdae9",62324:"4b534ee2",62543:"4a1b15c5",62693:"3e929917",62811:"a887c608",62974:"b9a543b3",63022:"6867ceb0",63048:"1cf9703b",63147:"cad0bd08",63299:"4b7f01aa",63376:"2e96170c",63410:"f503b52c",63434:"9018e3f6",63684:"2b83b0f7",63693:"cce4278f",63797:"075f705b",63905:"f6c4fbb2",63998:"faf088c7",64013:"47408ea8",64070:"8b7c91df",64247:"a8e023f5",64322:"1e8780e5",64325:"57859a67",64395:"8fa92a84",64411:"01e53c38",64600:"36221f82",64658:"a56cb96d",64748:"69f28e7f",64822:"1d25b787",64838:"4734156a",64854:"8264ccc2",64964:"d0414439",64967:"75921c03",64978:"383d3118",65051:"a595ef45",65161:"10bc7db1",65193:"f4875fa3",65301:"7553b6f3",65362:"3c470e71",65480:"7674fc21",65533:"8206358e",65540:"847de929",65548:"a559c231",65637:"66664bdc",65731:"2fc8a251",65754:"40996275",65839:"ea26ad80",65870:"9cb5da05",65878:"425a052c",66095:"53f0d6a9",66232:"4c02220a",66291:"4659c015",66342:"85255697",66377:"c06cc2b5",66513:"644c3372",66662:"6d07a943",66789:"1b9327d9",67036:"d83a6876",67060:"0b2f9400",67232:"fe4630cf",67301:"eacef02f",67356:"e7411f4c",67371:"54d17ba2",67431:"2d9c8a57",67570:"a912d835",67579:"daa8afe0",67581:"638f9bbf",67624:"2dd693f3",67764:"6705fdf9",67826:"f852d88c",67873:"dc960011",68418:"27a16d44",68493:"0c40016b",68540:"f332477c",68584:"ef0cac6b",68925:"c97c9855",68959:"94092423",69040:"cccba49c",69047:"8f87de4b",69078:"3e46606f",69164:"41fa3c89",69228:"fa2e6a84",69300:"7e705c90",69319:"dda81018",69320:"eeb5834b",69538:"05971b00",69593:"895b8a38",69678:"ae4afaf2",69796:"1b466ab9",69853:"bb0e8997",70163:"c9e4c4e2",70198:"46116597",70527:"20ad887d",70545:"e8051c9c",70714:"f03b155b",70772:"1239902f",70879:"5f73f442",71473:"68cc4272",71518:"48a998b7",71693:"ff1332e9",71848:"cb0d1f9d",71877:"fed30307",71878:"e37bdf0f",71916:"768a731d",71964:"54af46a7",72113:"d59b28b3",72147:"633d1373",72184:"15fb41dc",72447:"01b80165",72612:"a87ceb95",72629:"eadd44b9",72685:"5105ff07",72828:"aa1f07da",72829:"26a76f49",72868:"13f6e676",72938:"40d590c1",72985:"95fcf945",72992:"771fe17c",73167:"61796922",73407:"64f33247",73457:"33140d4c",73746:"0b9e2383",73805:"9cbb80df",73838:"61e6ec64",73860:"fd9df75f",74009:"1c9d42c4",74076:"718ac0fd",74107:"9f615b04",74296:"bf644a62",74423:"201cc6d6",74517:"3cea8a30",74556:"d1490399",74570:"0166a245",74595:"721f71e3",74703:"ee145dc3",74708:"6ad9f335",74713:"3ccf94fa",74891:"9596fdb6",74926:"e770c6c2",75092:"2aa2090a",75143:"05036a0e",75191:"98f22159",75223:"ff45c0cc",75257:"1d833078",75360:"a4adee3d",75601:"f115a355",75612:"e7a49797",75623:"52bef0f9",75884:"c5698ce9",75950:"53532520",76066:"a1dd8328",76194:"f6db6508",76311:"326ffe1a",76313:"6198d5c0",76420:"f556a572",76496:"264bce35",76638:"60bf0e5c",77078:"b2cf6936",77184:"9dcd8703",77248:"a18dbc2f",77333:"c92eb6a9",77340:"01a8d81e",77445:"f7d76f75",77467:"eb56212f",77492:"71bc818a",77503:"73f98799",77552:"e36b4b41",77667:"e5edad73",77752:"17e2ac1c",77763:"a01da5fe",77802:"cc00c9d3",77814:"cb9a6fca",77885:"00b46333",78010:"df577e49",78202:"871432e6",78325:"7e618213",78361:"00c04ba0",78442:"f1abe9df",78606:"040ca666",78658:"0b60f228",78673:"04b9d185",78740:"3b78e779",78861:"dcc00330",78923:"fc3660cc",79110:"87be014f",79178:"1dc96990",79346:"96ad859b",79355:"a1a459dc",79526:"ed45097e",79679:"9a75464e",79694:"7f503b64",79777:"2bfb73a9",79842:"f70e1c2b",79917:"255ee5de",79971:"1e550fba",79978:"51490c6f",80009:"348aab8f",80053:"210d0509",80145:"a334c14c",80316:"82ece6ba",80357:"e70b4219",80451:"33a05c65",80484:"a20124ce",80517:"062c5b4f",80881:"a8a9dda3",80912:"74508a41",80948:"c59e0944",81084:"da2db2e5",81100:"ceb6e5d1",81182:"f80d523a",81229:"bbaeb6ed",81357:"54a015ae",81560:"9da6af9b",81636:"b6d05944",81643:"23a6d571",81758:"ce84902f",81771:"1a87d58f",81804:"9119071a",81821:"2e47881e",81940:"b4eecf5c",81960:"fa113e2d",82120:"6ecca09e",82168:"3670f9b6",82329:"e40ca1cb",82344:"3ec8ed78",82347:"828a3a81",82478:"b08b65bf",82651:"6b8d3907",82654:"7e0e6ff8",82683:"abffd430",82763:"e92cb585",82935:"93f31ffb",82968:"1501c975",82977:"aed4cacd",83037:"4aa09de9",83050:"1b5bf1eb",83060:"e5047aa2",83066:"4dec174b",83153:"9e50b95f",83184:"9a863f7b",83217:"5f3be374",83276:"3ac466b0",83323:"27a5f228",83532:"bdc47a20",83555:"f1c0c913",83590:"8e23d175",83669:"7bf91233",83827:"613cf5b5",83856:"dfd9052e",84143:"09d7f959",84288:"1d1680e4",84331:"71f78c10",84394:"c71cce47",84541:"b132fd3e",84606:"e6003652",84615:"563807c2",84723:"e9916021",84841:"5ff33789",85064:"9f31e02f",85330:"34264fb1",85350:"fe0f3b36",85511:"3bbf9d84",85765:"496d3230",85785:"88bd8437",85872:"d2a55b71",85957:"49a91d2e",85989:"33e0dd36",86007:"012d4f9f",86019:"e3ace10a",86341:"4e2b3c9d",86392:"6a1765dd",86478:"f0f57a20",86621:"5a12df2e",86754:"8a694d15",86847:"25f285bd",86849:"a90d8d03",86892:"e7cacf53",86905:"ecf2aa71",86925:"6f0cc4ca",86983:"0753903d",86997:"6d1edacb",87089:"8666f6f8",87097:"5be719eb",87199:"bc7247d1",87413:"4131835d",87659:"82b4e10b",87908:"f4dcf58d",88462:"a2d32b15",88746:"17b3e11f",88799:"d34bc748",89110:"6b6cf3e7",89120:"185c69c4",89213:"11922ac2",89243:"45098b59",89535:"f75b7800",89635:"5dc48be1",90069:"5f0f9e2c",90342:"8b87339f",90414:"56a13b94",90434:"49871b0d",90451:"79460c6f",90647:"e0257ef3",90673:"cf3d9b9d",90744:"685204a2",90874:"ce5f99f4",91024:"12f5809c",91043:"5d1e6230",91075:"2299303e",91550:"fe4db9f8",91577:"9dcc181b",91617:"24b5e497",91698:"67a26da1",91709:"856a3485",91835:"9d0603fe",91993:"c333fef1",92130:"0c4fd33e",92180:"25aea8ca",92341:"3313736f",92511:"967974ae",92711:"d536cac1",92901:"1925c49b",93009:"c236e494",93089:"0ffc3ed6",93116:"542a5298",93117:"1d7f73ee",93185:"396fd9e0",93323:"2459ecf3",93432:"d2bd78e6",93502:"642ed554",93549:"7a469e11",93614:"1ce1cfe1",93656:"34db1d79",93716:"07c6cd5c",93851:"9db598cc",93891:"f7799cf6",94012:"13d96263",94013:"66f0ab8d",94156:"e124ffd7",94176:"7f2c3bad",94235:"34d14fed",94243:"ca3b1310",94325:"bbba5a4d",94579:"13807da9",94881:"929ccd1d",94899:"77e51b95",94977:"74b8b4d6",95018:"5508fe6c",95051:"9f6e54d8",95142:"4ede1de5",95510:"9c14357e",95647:"531bfe2d",95654:"d3d9992f",95683:"0b571df1",95719:"43361bdf",96030:"1340c103",96075:"34cb5df7",96298:"b120f89e",96688:"145b6e12",96813:"34c4513d",96902:"7373dfa7",96979:"9a2f37a8",97006:"be953606",97120:"9a356a8b",97140:"f4681f86",97213:"51255189",97267:"397d1b9e",97357:"1c6cf103",97562:"ff1ab01d",97602:"8a16a535",97635:"07db27f7",97722:"1f13712f",97912:"2a26ddd0",97964:"f380e84b",98087:"269796d7",98258:"76b7f383",98437:"f9b6f3a9",98498:"29e3cb4e",98659:"fb4b7a92",98752:"a877c9dd",98807:"e755289d",98991:"ebaf99c8",99135:"da3a8f4d",99397:"6ed347a2",99554:"0bd32e57",99734:"544ccc39",99812:"3d6c8f72",99903:"f72c6883"}[e]+".js",r.miniCssF=e=>{},r.g=function(){if("object"==typeof globalThis)return globalThis;try{return this||new Function("return this")()}catch(e){if("object"==typeof window)return window}}(),r.o=(e,d)=>Object.prototype.hasOwnProperty.call(e,d),a={},b="podman:",r.l=(e,d,c,f)=>{if(a[e])a[e].push(d);else{var t,o;if(void 0!==c)for(var n=document.getElementsByTagName("script"),i=0;i{t.onerror=t.onload=null,clearTimeout(s);var b=a[e];if(delete a[e],t.parentNode&&t.parentNode.removeChild(t),b&&b.forEach((e=>e(c))),d)return d(c)},s=setTimeout(l.bind(null,void 0,{type:"timeout",target:t}),12e4);t.onerror=l.bind(null,t.onerror),t.onload=l.bind(null,t.onload),o&&document.head.appendChild(t)}},r.r=e=>{"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},r.p="/",r.gca=function(e){return e={15706790:"92511",17896441:"27918",18714417:"74009",20979765:"46596",27772462:"77184",42428214:"57891",50610133:"22092",52763308:"47532",53094378:"78861",56554851:"30763",57333199:"83066",65769068:"63797",76752974:"44164",84261676:"9784",89779929:"84288",90609308:"15921",91524627:"39945",91958274:"55374","300f4cd6":"21","795f3bdb":"109","15d0580c":"312","260a4a36":"747",c7567e98:"815","36e2d848":"925","18f6552f":"940",d3ca5c2e:"983","94dc7cfd":"1087",b5cde707:"1238",fc1fe8cd:"1310","5a7d75ff":"1358","6cda4436":"1416",b28576cd:"1438","78e22a47":"1488","6e48d5f2":"1514","5a638c7a":"1741","3e8d5da4":"1953","1e439a5b":"2077","6f8faf89":"2232","9cc26b9a":"2271",dcd93014:"2322",a500dec7:"2466","6d895060":"2467","1f1afc48":"2572","41bc5d3f":"2879",e7e456ae:"3007",b420e108:"3419","1431f569":"3465","88dfd727":"3694","2e0a315c":"3729","1b19517e":"4247","16b64f07":"4250","70365baa":"4336","0b13c270":"4358","08650cf2":"4714",e257e53c:"4847",e8f48e86:"4998","7bbfc3b6":"5166","3b4c1a08":"5215","00feb899":"5291","30983fb2":"5422",f41d5350:"5426","77a3d39e":"5481",b1a5927e:"5488",bf00a8d0:"5510",dfbccedb:"5569","9ec8eba6":"5774",dfcf29be:"6182","55e4d810":"6213","1ac601ec":"6380","2b956348":"6455","9f833be8":"6740",e30f1b57:"6795","98fbcf17":"7069","3da98dca":"7087","173771a7":"7096","2f0cfb14":"7319",b0998319:"7328",ad8204b4:"7383",a6195e9a:"7392",fbb59325:"7402",ed94db85:"7457",ccd53d21:"7659","993aa953":"7695","9482ce64":"7703",a4d3bfdf:"7741","8917ad4d":"7786",c41a9bbf:"7789","5757960c":"7800",d0a74388:"7811","2c65c31e":"7865",d45a981c:"7899","63c93610":"8007","6598a7ba":"8214",bcfd1a7d:"8243","687e20bc":"8298",ad85b1ef:"8338","8a33da19":"8523","03cfa6f7":"8654",f7385094:"8914","8dcf93dc":"8934",ad9bab9a:"9093",bd403acb:"9104","3706fe77":"9140","655adf18":"9546","8dd461fc":"9621","7e337a56":"9769","0619e1d5":"9887","370de2d9":"10149","12a06ad6":"10330",d19115d7:"10409","3e12f454":"10507",a4c05209:"10554",e6dd6da5:"10582",a3470c53:"10601","62314bb1":"10623",b6d3d2df:"10648","8d265025":"10654","23352ec4":"10704",e2da1f85:"10962",f6a9426b:"11177","7aa5df64":"11180","4f3516e2":"11274","1b267c09":"11310","9790f6d3":"11426",a6016a7e:"11618","5b09d46c":"11697","4f5d49a9":"11930",a1963bff:"11938","33212b4b":"12021",f031a327:"12026",a0e6b5c2:"12066","1d52074d":"12105",ce50ea2a:"12205","3f6be463":"12368",edbec64d:"12585","5457b00e":"12602",d5af26f4:"12603","3a435e54":"12658",c81b193a:"12681","7371e1a3":"12865","1c0e9aa0":"12882",f8b3aa78:"13056",a94ee45d:"13072",bc4d58a4:"13123","36d71838":"13245","3e264488":"13261",cb7043f0:"13344","7bde4295":"13460",edea3d23:"13575","00d5b134":"13581","90925eb7":"13634",c945ac6e:"13825","861f751b":"14007","71f012fd":"14050",c103f181:"14085","30269bac":"14640",fc06a125:"14873","080a77b8":"14986","879b8a59":"15062",f4774aa2:"15185","826eb956":"15316",ecc58e23:"15350","90e47a5b":"15574","915a4fec":"15651","995dbe35":"15709",a4cf8478:"15729",dd6e498d:"15736",dde9c6cc:"15771",e1bea0d2:"15979","23b969f8":"16186","126508e2":"16380",d8256cbb:"16684","8a8987ef":"16992","6ed3fb3b":"17104","1076f64b":"17541","672b3b49":"17634",ed200b07:"17994","64b2938c":"18083",e699d4d1:"18091",dc366153:"18233",af61538a:"18348",ab131112:"18503","84e59631":"18543",d20320e1:"18654","26684b7d":"18676","92b86d63":"18746","40f1cf9e":"18952","457b963a":"18975","7720bb24":"19096","40907c41":"19186",f56cf62c:"19336","6728c7a9":"19478",c4428c45:"19480","8e9960dc":"19509",e10d246f:"19599","37963c82":"19612",dfb5f0c7:"19720",d67039b7:"19840",fdfb486c:"20111",e2bf4803:"20119","868b8e17":"20686","6eed3feb":"20739","1cc400ce":"20769",acc03d12:"20898","34156d76":"21020","949f9e5c":"21022","8a5c65cb":"21054",c64c8a00:"21131",ecf397c5:"21290","7863a04f":"21307",a9af3507:"21411","6b670249":"21499","92e7b68f":"21511","2fd2ba7e":"21574",dec2802b:"21594",fec5c7d4:"21715",c6ca8e82:"21926","2ae252f9":"21994",bdf7d44f:"22035","07b2872f":"22036",f167b037:"22094",f42d2ef1:"22159",dcb471a6:"22348","58f46323":"22394","9a3d5681":"22498",a4f23293:"22502","1222082a":"22570","5e15c15b":"22609","3c116a82":"22681","42895aa9":"22697",eb29bc22:"22713","09772b34":"22965","15f6fe0f":"22970","146d05d7":"23169",b4ed5649:"23199",c283ece6:"23475",c9448d9e:"23486",f0de574e:"23521",eb3dc601:"23676",bff9d2be:"23719","175c78b3":"23910","3fa39283":"23915",d0fc3039:"24004","2132f2c8":"24174","0702198c":"24180",b6120ea9:"24212","833dfbe2":"24269","365269c3":"24276",cbf62e80:"24340","9cdc8175":"24349","20d73eb2":"24354",b02de59a:"24464",f98e13e4:"24720","7040ea16":"24920","77ff8c5f":"24930","27b2bedd":"25088","59476d7b":"25297","2ffafe2d":"25480",b00a96e0:"25561",fbf5a5bc:"25618",d33dc195:"25915","1b28acf9":"25929","2865d6a1":"26123","636ce216":"26283","526841b1":"26389","05d073aa":"26546","18ba6a46":"26571","22f788e4":"26583",d7924564:"26599",fe92c3c8:"26780","4ea5776c":"26824","9b14b78f":"27071",e43c6f85:"27103",c50c64c1:"27166",e93086c6:"27278",fa5a4d6d:"27339","8a77ded3":"27495","7ac58bfb":"27510",c709e528:"27785","2a769183":"28006",cbee0725:"28027",e5c15292:"28045","51a6b448":"28065",b8763a3d:"28109","3fdf6886":"28250",a73e6386:"28294","0a3ca7a0":"28424","41e2cb2a":"28427",fbc46c8d:"28528","3962ec11":"28600",a972ad3e:"28614","282850f5":"28621",bd9ea72b:"28706",b77b8c66:"28755","7a52780b":"29106","1c258b38":"29245","8bddd949":"29307","1be78505":"29514","6591a8d4":"29597","91d2db81":"29753","216a98d5":"29946","628c5638":"29969","07a41131":"29996",f2b72252:"30144","3151d179":"30433","0fc51021":"30836",dfea22ae:"30853","8c335d31":"30868",b52fa139:"31289",fb52e9b8:"31301",e6dd87aa:"31386","97f5f3c2":"31422","35eb483f":"31472","59c3a605":"31617","35265ade":"31626",cbd72529:"31671","1517121d":"31803",bc8b2a0c:"31809","08efe41f":"31921","03d0b641":"31967","7a4d057f":"32077","92103f47":"32263","5bc595e9":"32440",da36def6:"32535","69fd7c0e":"32663","8fd272bb":"32699",bd4362ca:"32764","759f5d40":"32809","4741f96c":"32810","70de5b5f":"32942",a4e49971:"33019",ce6ee837:"33040",e8d4cdb9:"33150",f6784245:"33191","93996e09":"33313","99dc4662":"33514","341b1c91":"33698","1e415b6f":"34049",cc549ae9:"34085","836ce71c":"34093",ce59b13f:"34176","3ad596a9":"34203",c4ffb2d2:"34224",f8990407:"34316",e3c905de:"34377","6d0e887d":"34682","078ca05e":"34740","9d708593":"34771",e9b5709f:"34967","913247ec":"34970","7c404f02":"34998","714a0345":"35119","7ac0181b":"35174","161a8a09":"35206",b3cc103d:"35223",d602a484:"35406","43947e47":"35542",f42f3bd8:"35638","3f324a56":"35674","284a080c":"35821",cfc90e78:"35839",e00fa61b:"35913",b49d70f9:"35995","0b3545e4":"36358","83ce496e":"36516","1d5b23e2":"36549","80a8b741":"36555",c968257b:"36668","4a506fa9":"36694","16b4412b":"36714",aa9d4f22:"36777",cca70ef7:"36868","077ee5ba":"36883","1f1b61b4":"37300","8887a228":"37503",c94d8736:"37590","5f6ea5d7":"37704","70ea087d":"37739","9bc8facc":"37861","4e5322cc":"37998","640423d2":"38002","99b17796":"38098",cd61fe91:"38130","9919686c":"38153","29a08e9a":"38279","1fd61002":"38342",e02565da:"38382",fb6c00a7:"38429","265621d8":"38515","29b0c18d":"38590","217d978d":"38773",d2eed707:"38774",f083362e:"39063",cefce2a2:"39184",c1660528:"39609",b0851ee2:"39652","7379db51":"39781","5447c5cf":"39840","1677abc3":"39880","30ad8f72":"39977","465a7087":"40104","1dcbf034":"40300",d3b3891b:"40363",d24baff8:"40408","2bd82a96":"40412","53d6371d":"40421","234e638a":"40578","59f2fdda":"40613","7259f1b1":"40791","90e6bfa4":"41021","4c5e3d0c":"41026","0a00aed9":"41048","1738210e":"41119",ea710672:"41232","969fec62":"41298","19e0fcb3":"41337",d449dcf1:"41490",fb6543cb:"41550",cb9e7599:"41600","5f3ec91d":"41606","6f23519e":"41713",b2974c0c:"41748",e9e146f9:"41797",f918b75b:"41808",d3ee8f76:"41843","7d20fe42":"41862","7820f9d0":"41863",cb0f9cfc:"41910","4c8bab11":"42060",e57902fd:"42184","42d74bd0":"42213","352fe4c2":"42293",f2b29f39:"42384","369767ab":"42408","56af85b5":"42774","4fbbeb6d":"42798","56e0102d":"42807","04c84ab7":"42815","461bbd2f":"42900","952453f2":"42908","8616380d":"42936","9ab9d50f":"42957","6b5f3f1c":"42977",cee81a32:"43075","6f717a16":"43240","619f4ce6":"43386",d9ff0d7c:"43527","7c224e35":"43567",f9f60325:"43570",e0085fac:"43662",f5855e91:"43690","0565c07f":"43855",c7c76429:"43991","4b04188a":"44351","03174832":"44437",ec8dee43:"44442","93f2b152":"44689","00f8cb14":"44913","649093c4":"45007","0befdadd":"45182","4fd18230":"45403","5f002f12":"45570","659951bd":"45585","456cfd32":"45621","5dbe590f":"45971",ca13f458:"46003",cf1ecaf1:"46021",ccc49370:"46103",d409a93e:"46150","8f876d16":"46203",bf3f6241:"46225","05e002f0":"46265","8e3c5f08":"46348",a70d2e82:"46406","32b646fc":"46436","88746a45":"46442","8ec6e829":"46651",f3740653:"46705","4a76d056":"46734",ac1eaa32:"46762","708daa68":"46779","7430a490":"46878",feb1236d:"46947",c377a04b:"46971","140f3dee":"47057",c617b3ad:"47362","244e56d5":"47484","51b3f280":"47497","9c8e56d0":"47611","7d2009bc":"47618",ab97ccc9:"47647","5bdb327e":"48085","9983579e":"48100","008e479d":"48111","0f92a9a8":"48440","2ea98982":"48441","005af5ea":"48472",bebebfab:"48527","6875c492":"48610","72cc6d1e":"48772",bfb74d34:"48797","2dd6b9ac":"49201","8a72ccb4":"49277","1c21ba58":"49492","29e3a43b":"50030",d3bd14d4:"50065","93ecf9d2":"50154",cf2b80f9:"50155","692db14d":"50295","199adf45":"50475","3ecf99f6":"50536","36fd6b31":"50566","5b418dd2":"50598","7455c1f8":"50682",a4ae065a:"50734","3b3d7813":"50786",b2fe1a56:"51157","92054cc8":"51232",cb97ded3:"51426",e957a797:"51519","3b10f148":"51596","5b1d965c":"51661","23091f88":"51701",f45be535:"51770",bf65740b:"51893","6dd1a436":"52131",ff85a2bf:"52182","46b1bedd":"52277","1398643a":"52303","814f3328":"52535","5cf52972":"52607","7a3cbbc1":"52642",d09cacbb:"52656","7fdede95":"52685",e830f50c:"52908","5183b70e":"52916","991a0614":"52961","0902dbf0":"53015","001e1716":"53121","1df93b7f":"53237","6e286be6":"53303","9e4087bc":"53608","1a5edc34":"53711",f24dcdab:"53834",cd4bceb7:"53978",c177c35c:"54142","6767fc64":"54197",f656ff8f:"54257",bc7ebba5:"54369",fae58180:"54400","4fe46fb7":"54468","52caa0fa":"54495",ae5766d7:"54549",f8085e57:"54763","04de07fa":"54768","79f1cb63":"54779","51e252e1":"54797",c0fac2c5:"54868","0602922c":"54915","0614adf5":"54993","52d10dde":"55183",e6bd1150:"55395","7f5a4972":"55444",e05e4f28:"55458",aeaca7a3:"55713",a55c14b2:"55764",e333f46c:"55791","63814cb7":"55817",f30c03b2:"56104",d7fd4a45:"56294",d7be0b9b:"56345","7313540a":"56427","747c87af":"56454","66766c59":"56461",deb891b7:"56630","1aba2a20":"56779","2c647459":"56805",c0a645c7:"56942","4a70cc0d":"56948",c4fd52e5:"57205",c9fea71a:"57256",ca20a8fe:"57365","7792adb1":"57456","770d309f":"57523","1cc46930":"57574",b0c2e5ed:"57740","59f6952c":"57793","4fdcd587":"57842",cfa87347:"58139",b6130486:"58231",b8678d1a:"58253","161712d6":"58255",bb28fa20:"58273","6f94884f":"58349","92228e60":"58494",a5b4528c:"58581","89f437f7":"58695","6ff39321":"58805","46886cb0":"58821",a3ee450e:"58886",bbf3cda5:"58967",dac8816f:"59134","453c4055":"59300","2a592757":"59337","18f289aa":"59353","316e84de":"59425",ea5ecbc5:"59525",f5d6dd48:"59559",f67e3aa3:"59682",fb22e237:"59694","2cd08dad":"59706",b878c13e:"59726","01d5614e":"59814","8a703bd1":"59825","047e6a26":"59827","4bf67133":"60266",eb9d40ec:"60380","03118738":"60467",a9e69a82:"60608",d5bfda9e:"60780",daab0409:"60821","3b1282ea":"60930","4bdadcb4":"60996",dff31f53:"61157","190acd9c":"61213","053d7e42":"61265",db189e95:"61337",f4d442d5:"61554","53470b9e":"61581","08d52cd0":"61708","076802e0":"61763","16029c63":"61766","1170c774":"61846","481cb13b":"61890","4e8ec2d5":"61931","24e002ac":"61981","5f058c77":"62024","3488fd6c":"62109","5837c87c":"62275","06d6451e":"62324","9c92bc77":"62543","9d79cf0f":"62693",b4cdaeff:"62811",fafc9877:"62974","4db9da1d":"63022","49fd035e":"63048",b90f1cd1:"63147",f70b5741:"63299","8765036c":"63376","70c58991":"63410",f83dc955:"63434",bf342a85:"63684",ce7dab8e:"63693","6acab07e":"63905",fc3f47a8:"63998","01a85c17":"64013","3cc8df7b":"64070","752e02a7":"64247","22d1e350":"64322","0da6392e":"64325","65a1b790":"64395","74b3ebbb":"64411","9f2791cf":"64600",bf7df328:"64658","95446c39":"64748",ac3a39d8:"64822",ad8e7dcc:"64838","72457b75":"64854",bc300906:"64964","4ab0658f":"64967","08d58ed6":"64978",c10b9920:"65051","5a44e4dd":"65161",eb5c7b0a:"65193","8731dd32":"65301",bb0c4597:"65362",eb5263e4:"65480","4e6ed8f3":"65533","783edba4":"65540",d6487ff7:"65548","79c12c19":"65637",cfbe9d8e:"65731","47bafca7":"65754","75fb7ff2":"65839","02ec521e":"65870",ef25bb1f:"65878",d7245e62:"66095","9a544e45":"66232","18c538ec":"66291",a59e0362:"66342",a530b0d2:"66377","00b87587":"66513",b5430557:"66662",b46e9e7c:"66789","1055a711":"67036","3ed7e301":"67060","019131da":"67232","20a75fd7":"67301","1ddde341":"67356","3d57ba44":"67371",a90d1c60:"67431",d9f8802d:"67570",b3089a88:"67579","84090fe9":"67581","4b415865":"67624","4a41c9ed":"67764",adcbe9eb:"67826",df12da97:"67873","7d1e7a7c":"68418",fce9c71b:"68493",d553c684:"68540",d9a4e4a9:"68925","9abfca86":"68959","2c2bdd6a":"69040","78aa31c9":"69047","2b1e53d2":"69078","4d635c76":"69164",f14b45bb:"69228","2628b79f":"69300","170c3def":"69319","0965286a":"69320","36b5d89b":"69538",e527a4fd:"69593",e8df2429:"69678","65d527ac":"69796",d9dc158b:"69853",f17a645b:"70163","8d2190cc":"70198","8ccefe70":"70527","276a35f2":"70545","1dc9c973":"70714",b8ce7dc9:"70772",eb51026c:"70879",c93a2b7b:"71473",e4d0a9b4:"71518",a2baab9e:"71693",d58b9252:"71848","1a52eae7":"71877","3ad228ae":"71878",fda8821a:"71916",b58e0449:"71964",d719ccc2:"72113",c0ed6d96:"72147","4ef7ce65":"72184","05c17326":"72447",eca036a7:"72612","0d8d3350":"72629","4c601101":"72685",c3ab2f20:"72828","66bc78fc":"72829",a3937ff1:"72868",d705183c:"72938",fb6d9ef4:"72985",d9ebdac2:"72992","1b42d056":"73167",fc05bc09:"73407",cc63c88a:"73457","8ee976c2":"73746",cf896737:"73805","3b42de7a":"73838","78e0e367":"73860",cab9a096:"74076","830fd0bf":"74107",ab9a051c:"74296",cffa70f7:"74423","48f8f874":"74517","78dce1fd":"74556","625eab23":"74570","38dfefea":"74595",e0a79853:"74703","0bb7bcfa":"74708","330ac9fe":"74713","522cb5d3":"74891","1d40ab52":"74926","40c869fc":"75092",b17755e4:"75143","192ae610":"75191",c9f8f6c0:"75223",c50a9231:"75257",ed642a45:"75360","4e291c72":"75601",f49d7908:"75612","5d01a869":"75623","3e3d3813":"75884","32828b2c":"75950","38dc8bc1":"76066","342f8f1b":"76194",fc150fa2:"76311",b505846c:"76313",d8f8ea8f:"76420",fd333703:"76496","103f9e04":"76638","8cd80816":"77078","226b0cb1":"77248","0142e598":"77333","890438e0":"77340",f2a4f782:"77445","1608ab0c":"77467",bd753016:"77492","7566cda2":"77503","91d6c0c4":"77552",c087d33b:"77667","371c68ed":"77752",c20a5dd8:"77763","73c0098d":"77802","8f0d52a3":"77814",efe6b3fa:"77885","08cd2194":"78010","474899f0":"78202",d924c453:"78325","6a78568e":"78361","550fad1a":"78442",a1fbca1b:"78606","1855c9f4":"78658",c6aea3f1:"78673",ec887574:"78740",d1f0e4b8:"78923","56d060ef":"79110","5d8dde6e":"79178","5fd3099d":"79346","16304c1d":"79355","3da507b6":"79526","63831db4":"79679",fc1959c7:"79694","7f1215b4":"79777","5e2a7dec":"79842",f92f7190:"79917",ea2a8a2b:"79971",cde6b8a6:"79978","5f2498b2":"80009","935f2afb":"80053","14706c8b":"80145","42705cec":"80316","05827d53":"80357","14fe5d11":"80451",e2c6734d:"80484","8855d2b7":"80517",ca5cb613:"80881",e656dc47:"80912","6525da2f":"80948",aab4c406:"81084","0899fb24":"81100","6baa2cef":"81182","40616ef9":"81229","173f7963":"81357","5eb6fbed":"81560","558e1c6c":"81636",bab8d2c4:"81643","3a836242":"81758","20643d6a":"81771",bf0e441c:"81804",fd8b739b:"81821",d96ceb02:"81940","74376b51":"81960","3923cff6":"82120","0904ab64":"82168","9107ea31":"82329","3e21b64c":"82344","56d960a3":"82347","7c5fdb97":"82478","853e4057":"82651","2456a5e0":"82654",ec9ce0b9:"82683","6cc9d60c":"82763",ce73e545:"82935",cc020efe:"82968",b768cbd4:"82977","1aa3183d":"83037","236783c9":"83050","8a3cf0bc":"83060","915b42ac":"83153","912ede02":"83184","3b8c55ea":"83217",c8a30dcb:"83276",e7e3539d:"83323",a05ad5a3:"83532",b4edc141:"83555","610c6209":"83590","0ca5e369":"83669",a6b4f274:"83827","9ec43235":"83856","0984e7b7":"84143",b8ae24ba:"84331",d4054b0c:"84394","2d11d1c7":"84541","381d9cc2":"84606","511f43e7":"84615",efc92035:"84723",bb002237:"84841",eba3cb06:"85064","4121ff2e":"85330","346c6f31":"85350","096b53d1":"85511",d3ac05e9:"85765",d39f4c6a:"85785",a32b9391:"85872","3d23d174":"85957","8a69729c":"85989","61ac022e":"86007","5665fc6b":"86019",e4627f95:"86341","95b4e82b":"86392","9e8974f2":"86478","2f9a61f7":"86621","4ed45869":"86754",defea45c:"86847","57b59cd4":"86849",e5249a91:"86892",e59cf075:"86905","0c4492b5":"86925","843d5c9d":"86983","813b8b2b":"86997","532cc112":"87089","535a9867":"87097",e08ad4e2:"87199","826a4450":"87413","003bd65f":"87659","673cfd93":"87908","5c098672":"88462","6bfb1f3b":"88746","119399a8":"88799","3ab60fbf":"89110",a89101e8:"89120","5b1b9265":"89213","9ceb8545":"89243","8a2021db":"89535","306e9acb":"89635",b809a965:"90069","67a3f72d":"90342",fa02121a:"90414","611ed0af":"90434","251e224c":"90451","9a147845":"90647",a618be25:"90673","1095b338":"90744",d01ce3bc:"90874",bf01e4e0:"91024","5eb60198":"91043","7f7d57e5":"91075","4b535752":"91550",aab66baf:"91577","08b38161":"91617",d41cac77:"91698","7675a0fe":"91709",baf595e3:"91835","3c5e5778":"91993","88d474ce":"92130","9f5a94da":"92180","5c2c8950":"92341",e19ba590:"92711","462cb3ee":"92901",ec0bc416:"93009",a6aa9e1f:"93089","77d972d9":"93116","5f593e60":"93117","799df3c7":"93185","0756af21":"93323","23d9fe45":"93432","62c56f8b":"93502",bb1699c9:"93549",ea480a96:"93614","22bf71e8":"93656","3fa77eb9":"93716","4aebba5d":"93851","6a545a3d":"93891","15960ad5":"94012","38d8ce0a":"94013","36a4e4f0":"94156",a793e2e1:"94176","8d66cedd":"94235",f3d6bf7d:"94243","259d4bd8":"94325",c07ebe24:"94579",f24deb99:"94881","222f68c8":"94899","98a7b080":"94977","45ca2515":"95018","1c05226e":"95051","07fcb413":"95142","266461e3":"95510","9b6133b9":"95647",dc648997:"95654","32f482e1":"95683","93946e0a":"95719","00f5d06d":"96030","83e792f1":"96075","1c3c8be8":"96298",a22ed5e4:"96688","7c409bae":"96813","1608665e":"96902","737abd23":"96979","7fb7e253":"97006","0752e30e":"97120","0462cff2":"97140",d8ef6140:"97213","4b385260":"97267","28d6087e":"97357",afacbea5:"97562",c6bc47df:"97602",cd0c0b67:"97635","7350c59a":"97722","7f9606e9":"97912","7ab81c4a":"97964","3d4ef3a7":"98087",d7e0d0e7:"98258","60e1e52f":"98437","32e847b8":"98498","97bdec26":"98659",af1a53b7:"98752","9b9ccd3e":"98807","4593cc08":"98991",b5c078ab:"99135","659dff9c":"99397","2b4e7f11":"99554","7bff08c9":"99734","285fd50d":"99812",a4707478:"99903"}[e]||e,r.p+r.u(e)},(()=>{var e={51303:0,40532:0};r.f.j=(d,c)=>{var a=r.o(e,d)?e[d]:void 0;if(0!==a)if(a)c.push(a[2]);else if(/^(40532|51303)$/.test(d))e[d]=0;else{var b=new Promise(((c,b)=>a=e[d]=[c,b]));c.push(a[2]=b);var f=r.p+r.u(d),t=new Error;r.l(f,(c=>{if(r.o(e,d)&&(0!==(a=e[d])&&(e[d]=void 0),a)){var b=c&&("load"===c.type?"missing":c.type),f=c&&c.target&&c.target.src;t.message="Loading chunk "+d+" failed.\n("+b+": "+f+")",t.name="ChunkLoadError",t.type=b,t.request=f,a[1](t)}}),"chunk-"+d,d)}},r.O.j=d=>0===e[d];var d=(d,c)=>{var a,b,f=c[0],t=c[1],o=c[2],n=0;if(f.some((d=>0!==e[d]))){for(a in t)r.o(t,a)&&(r.m[a]=t[a]);if(o)var i=o(r)}for(d&&d(c);n - + @@ -30,7 +30,7 @@ you can then run Podman from your favorite Windows terminal without first having to get into a Virtual Machine. As a bonus, there's a link to a walk through video tutorial included in the post.

- + \ No newline at end of file diff --git a/blogs/2018/08/15/python-support-for-podman.html b/blogs/2018/08/15/python-support-for-podman.html index 530609c75..18b5a71d4 100644 --- a/blogs/2018/08/15/python-support-for-podman.html +++ b/blogs/2018/08/15/python-support-for-podman.html @@ -12,14 +12,14 @@ - +

Python3 support for Podman

· 6 min read

podman logo

Python3 support for Podman

By Jhon Honce GitHub

You’ve learned of Podman and all it’s coolness for running OCI-based containers, but you need a solution that is repeatable and scripted. Rather than just executing Podman commands, you want a stable API to call into and not need to screen scrape the output.

We heard you and now provide a Python package, python3-podman. This package allows you to access the facilities of a Podman service with #nobigfatdaemons.

The python3-podman package containers a module that allows you to connect to a Podman socket activated systemd service on the same host or a remote host using a ssh tunnel. Using the python interface means you can run these commands from a MAC or Windows Box, as long as you have a Linux box with podman installed. We connect using varlink for the messaging protocol between client and service.

For the environment, you will need:

* Linux host
* podman package
* enable the io.podman.socket systemd unit file by executing

systemctl enable --now io.podman.socket

* Python3
* The python3-podman rpm, or podman package from PyPi.

Note: Currently, there is a matching rpm for each version of podman. In time, after the API stabilizes that may no longer be true.

Now lets start coding:

Using your favorite code editor you can copy and paste the following Python program into a file named latest_containers.py. Don’t forget Python uses whitespace to signify end-of-line and code blocks when you paste. The below python code will show all of the containers created since midnight UTC when it is run. The code comments provide a running commentary on how the module works in context.

#!/usr/bin/env python3

# Python standard date/time support
from datetime import datetime, time, timezone

# the module with all the goodness
import podman

midnight = datetime.combine(datetime.today(), time.min, tzinfo=timezone.utc)

# Our client is a context manager to make resource clean up easy. No arguments implies
# connect to a local Podman service using the default interfaces.
with podman.Client() as client:

# Retrieve all containers in containers storage. Each container is presented
# as a Namespace and dict. You determine which is easiest for you to use
# for your solution.
for c in client.containers.list():

# A bit of sugar, convert any podman-formatted timestamp to
# a python datetime
created_at = podman.datetime_parse(c.createdat)

if created_at > midnight:

# Now the results. We provide datetime_format() for consistent
# iso format in results if you wish to use it.
print('ID: {}\n image: {}\n createdAt: {}'.format(
c.id[:12], c.image[:33], podman.datetime_format(created_at)))

Once you have this code copied into the file:

* chmod 755 latest_containers.py
* podman run fedora sleep 300 &
* ./latest_containers.py
ID: d7337530c6d1
image: registry.fedoraproject.org/fedora
createdAt: 2018–08–10T09:18:09.728858–07:00

You can watch the whole process here.

The container object above supports the Namespace and dict protocols. This is our most used data structure providing you the ability to use the returned object in your code as you wish.

Connecting to a remote host, requires only changing how you create the Client() in any script:

With podman.Client(uri='unix:/run/user/17945/podman/io.podman',
remote_uri='ssh://ruser@podman.example.com:22/run/podman/io.podman') as client:
* uri provides the local side of the ssh tunnel
* user is your username
* remote_uri provides the details needed to connect to the remote host, plus the socket file for podman. A complete ssh uri is supported to allow configuration of ports etc.
* ruser is the remote host username to be used for authentication
* podman.example.com is the FQDN of the host you are running the podman service on
* The port number of 22 is given above for completeness, that is the default and may be omitted.
* An identity file may be provided via identity_file, otherwise the podman library will defer to ssh for authenticating.

All other function and method calls are the same whether they are remote or local. Note: all filesystem paths are resolved on the host running the podman service not the podman client.

But wait there is more!

To iterate over all the images stored on the system, you only need to change containers to images like:

for i in client.images.list():

To find podman system information, you need to use: client.system.info(). Or, client.system.versions() if you need to know the release of the podman service components.

To determine if the podman service is available and working, client.system.ping() will return True if everything is working correctly.

One of the most complex operations is creating a new container from an image, the workflow:

* Pull image from registry
* Instantiate image object
* Set container options
* Create OCI container and object
with podman.Client() as client:
ident = client.images.pull(name)
img = client.images.get(ident)
opts = {
'memory': '1G',
'memory-reservation': '750M',
'Memory-swap': '1.5G',
}
ctnr = img.container(**opts)

Our calling pattern is “client.<model>.<method>(<options>)”, where the current models are:

* Images
* Containers
* System

The Podman man pages provide details on the methods and options to be used for each.

What’s been shown in this blog is how easy it is to use the Python module to do Podman commands from your Linux host. These bindings can be used on the same host that Podman is running on, or they could be used on a remote host. Although there is not a complete one to one correspondence between the Podman commands and the ones available via the Python bindings — yet, the end goal for this project is to get to that point. For instance the commands for interacting with pods are currently under development and when available, the Python module will be updated to allow access. In addition to that, there’s work underway to make this Python module available on MacOS and Windows via PyPi. When these ports go live, you will be able to interact with Podman service from any Linux, MacOS or Windows host.

I hope you have found the information in this blog to be useful and gives you further insight into Podman and this Python module. If you have any questions a great place to ask them is the IRC channel #podman on FREENODE.

Better yet if you’d like to help contribute to Podman or this Python module, please feel free to join us on GitHub!

https://github.com/containers/podman https://github.com/containers/podman/tree/main/contrib/python

- + \ No newline at end of file diff --git a/blogs/2018/09/10/welcome.html b/blogs/2018/09/10/welcome.html index 7758d4ecb..4db79b484 100644 --- a/blogs/2018/09/10/welcome.html +++ b/blogs/2018/09/10/welcome.html @@ -12,13 +12,13 @@ - +

What's NEW!

· One min read

If you've missed the news so far, CoreOS was acquired by Red Hat at the beginning of 2018. This also means some changes for Buildah and Podman.

Buildah and Podman were previously projects within Project Atomic which is going to be sunset in favor of an immutable host combination of Container Linux and Fedora Atomic Host: this combination is called Fedora CoreOS. We therefore welcome you to the new websites, buildah.io and podman.io where you will find news, announcements, and more around the respective projects.

To start it up, check out the new Blogs and Releases sections on the site.

- + \ No newline at end of file diff --git a/blogs/2018/09/13/systemd.html b/blogs/2018/09/13/systemd.html index 39914ccf6..934b37bc5 100644 --- a/blogs/2018/09/13/systemd.html +++ b/blogs/2018/09/13/systemd.html @@ -12,7 +12,7 @@ - + @@ -30,7 +30,7 @@ The proper way to stop the container is to run sudo service redis stop.

An alternative to systemd for controlling containers lifecycle is to use CRI-O but this would be for another blog post :-).

- + \ No newline at end of file diff --git a/blogs/2018/09/25/pulling-images-from-docker.html b/blogs/2018/09/25/pulling-images-from-docker.html index 080956358..50de73317 100644 --- a/blogs/2018/09/25/pulling-images-from-docker.html +++ b/blogs/2018/09/25/pulling-images-from-docker.html @@ -12,14 +12,14 @@ - +

Cool thing&#58; Pulling content directly from the Docker Daemon...

· 2 min read

podman logo

Pulling content directly from the Docker Daemon...

By Dan Walsh GitHub

Cool things you can do with Podman.

I recently received a bug report about some huge container images not working correctly in Docker. So I suggested to the reporter that they try them with Podman. He responded that he saw the images with docker images, but did not see them with podman images.

I explained to him that the Docker image and container database are separate from the Podman image and container database. I told him he would have to pull the images into Podman. Then I decided to try a cool feature of Podman, where I could pull images directly out of the Docker daemon.

First I look for the Centos Image inside of Docker.

# docker images | grep centos
docker.io/centos 7 49f7960eb7e4 2 months ago 200 MB

Podman has the ability through its use of containers/image to pull images using many different transports other than just pulling from Container Registries. It supports pulling directly from the Docker daemon, using the docker-daemon transport.

# podman pull docker-daemon:docker.io/centos:7
Getting image source signatures
Copying blob sha256:bcc97fbfc9e1a709f0eb78c1da59caeb65f43dc32cd5deeb12b8c1784e5b8237
198.59 MB / 198.59 MB [====================================================] 1s
Copying config sha256:49f7960eb7e4cb46f1a02c1f8174c6fac07ebf1eb6d8deffbcb5c695f1c9edd5
2.15 KB / 2.15 KB [========================================================] 0s
Writing manifest to image destination
Storing signatures
49f7960eb7e4cb46f1a02c1f8174c6fac07ebf1eb6d8deffbcb5c695f1c9edd5

Now you have the Centos 7 image in Podman containers/storage datastore.

#podman images | grep centos
docker.io/library/centos 7 49f7960eb7e4 2 months ago .com208MB

Now you can start using the image with Podman, Buildah and CRI-O. You can even create new images and push them back into the Docker daemon.

Try it out…

- + \ No newline at end of file diff --git a/blogs/2018/10/01/talk-replace-docker-with-podman.html b/blogs/2018/10/01/talk-replace-docker-with-podman.html index 9a8135655..40e6b274e 100644 --- a/blogs/2018/10/01/talk-replace-docker-with-podman.html +++ b/blogs/2018/10/01/talk-replace-docker-with-podman.html @@ -12,13 +12,13 @@ - +

Replacing Docker with Podman

· One min read

podman logo

Replacing Docker with Podman

By Dan Walsh GitHub

At the "All Systems Go!" conference on September 28-30, 2018 in Berlin Germany, Dan Walsh gave a talk on how you can replace docker with podman and not skip a beat. The talk was taped and can be viewed here.

The slides in PDF format are here.

- + \ No newline at end of file diff --git a/blogs/2018/10/03/podman-remove-content-homedir.html b/blogs/2018/10/03/podman-remove-content-homedir.html index c01b02242..c3ab46a9b 100644 --- a/blogs/2018/10/03/podman-remove-content-homedir.html +++ b/blogs/2018/10/03/podman-remove-content-homedir.html @@ -12,13 +12,13 @@ - +

Why can’t I delete storage files created by non-root podman?

· 5 min read

podman logo

Why can’t I delete storage files created by non-root Podman?

By Dan Walsh GitHub

Cool things you can do with Podman

When running Podman as root, the default location for storage is /var/lib/containers/storage. Of course, users cannot use this directory when running as non root, so Podman creates the storage by default in $HOME/.local/share/containers.

When Podman creates this storage it is running inside of a user namespace and is allowed to create UIDs and GIDs based off the UID ranges stored in /etc/subuid and the GIDs listed in /etc/subgid.

For example my account has UID and GID ranges 100000 through 165535 reserved for it, as well as my UID and primary GID, 3267.

#grep dwalsh /etc/subuid
dwalsh:100000:65536
$ grep dwalsh /etc/subgid
dwalsh:100000:65536

When Podman starts a container as non root, by default, it maps my UID, 3267, to UID 0 inside of the container, then it maps 100,000->1, 100,001->2, 100,002->3 … 165,535->65536.

You can see this mapping inside of the container

$ podman run -ti fedora cat  /proc/self/uid_map
0 3267 1
1 100000 65536
$ podman run -ti fedora cat /proc/self/gid_map
0 3267 1
1 100000 65536

Since I’m root in the container, I can create and set ownership of files inside of the container for using any UIDs and GIDs that are mapped into the container.

To see what happens, I will create a file and directory owned by a non root user inside of a container.

podman run -ti --name testfile fedora bash -c "mkdir /testdir; touch /testdir/testfile; chown -R 1:1 /testdir"

Since that was successful, let’s mount the container and see what it looks like from outside of the user namespace that’s used for running the container.

$ mnt=$(podman mount testfile)
$ echo $mnt
/home/dwalsh/.local/share/containers/storage/vfs/dir/691e874b6e1ba6807ecbe73910396b10f118617233aacc3df3297ffc4e1332f9
$ ls -l $mnt
total 4
lrwxrwxrwx. 1 dwalsh dwalsh 7 Feb 7 2018 bin -> usr/bin
dr-xr-xr-x. 2 dwalsh dwalsh 6 Feb 7 2018 boot
drwxr-xr-x. 2 dwalsh dwalsh 6 Apr 26 09:03 dev
drwxr-xr-x. 44 dwalsh dwalsh 4096 Apr 26 09:03 etc
drwxr-xr-x. 2 dwalsh dwalsh 6 Feb 7 2018 home
lrwxrwxrwx. 1 dwalsh dwalsh 7 Feb 7 2018 lib -> usr/lib
lrwxrwxrwx. 1 dwalsh dwalsh 9 Feb 7 2018 lib64 -> usr/lib64
drwx------. 2 dwalsh dwalsh 6 Apr 26 09:03 lost+found
drwxr-xr-x. 2 dwalsh dwalsh 6 Feb 7 2018 media
drwxr-xr-x. 2 dwalsh dwalsh 6 Feb 7 2018 mnt
drwxr-xr-x. 2 dwalsh dwalsh 6 Feb 7 2018 opt
drwxr-xr-x. 2 dwalsh dwalsh 6 Apr 26 09:03 proc
dr-xr-x---. 2 dwalsh dwalsh 162 Apr 26 09:03 root
drwxr-xr-x. 11 dwalsh dwalsh 169 Sep 25 09:11 run
lrwxrwxrwx. 1 dwalsh dwalsh 8 Feb 7 2018 sbin -> usr/sbin
drwxr-xr-x. 2 dwalsh dwalsh 6 Feb 7 2018 srv
drwxr-xr-x. 2 dwalsh dwalsh 6 Apr 26 09:03 sys
drwxr-xr-x. 2 100000 100000 22 Sep 25 13:38 testdir
drwxrwxrwt. 2 dwalsh dwalsh 32 Apr 26 09:03 tmp
drwxr-xr-x. 12 dwalsh dwalsh 144 Apr 26 09:03 usr
drwxr-xr-x. 19 dwalsh dwalsh 249 Apr 26 09:03 var

Notice the ownership of testdir and testfile. The namespace that was used for running the container mapped UID 100000 from outside of the namespace to UID 1 inside of the namespace, and did the same for GID 100000, mapping it to GID 1 inside of the namespace. When I set the ownership to UID and GID 1 from inside of the namespace, the corresponding values from outside of the namespace were what were recorded to disk.

$ ls -la $mnt/testdir
total 0
drwxr-xr-x. 2 100000 100000 22 Sep 25 13:38 .
drwxr-xr-x. 19 dwalsh dwalsh 257 Sep 25 13:38 ..
-rw-r--r--. 1 100000 100000 0 Sep 25 13:38 testfile

If i just try to clean up my directory I will get lots of errors.

rm -rf .local/share/containers/ 2>&1 | head -2
rm: cannot remove '.local/share/containers/storage/vfs/dir/891e1e4ef82ad02a4ea1f030831f942d722c7694c4db64ca3239c8163b811c58/bin': Permission denied
rm: cannot remove '.local/share/containers/storage/vfs/dir/891e1e4ef82ad02a4ea1f030831f942d722c7694c4db64ca3239c8163b811c58/boot': Permission denied

This is because this content was created from inside of a user namespace where I was UID 0, and because I was UID 0 in that namespace, I could set and change ownership of anything owned by any ID that was mapped into the namespace. In this case, I assigned it an owner that wasn’t mapped to my own user. Once I left the namespace, and I was back in the host namespace where I was just myself again, the contents belonged to the UID that I had mapped to 1 for the user namespace, which wasn’t my own UID.

Because of this, if I wanted to clean it all up, I could become root to remove the directory. But if I don’t have root on the machine, what could I do?

Buildah unshare or rootlesskit bash

Well currently Buildah or rootlesskit can put you into the user namespace without launching a container and then you can remove the images.

$ buildah unshare
[root@localhost ~]# id
uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

I am now root inside of a namespace with the same mappings I’d use for a container, but everything else is the same. In particular, I’m not using the container’s root filesystem.

[root@localhost ~]# pwd
/home/dwalsh
[root@localhost ~]# rm -rf .local/share/containers/
[root@localhost ~]#

I am able to delete all the files in my homedir.

- + \ No newline at end of file diff --git a/blogs/2018/10/04/selinux-libvirt.html b/blogs/2018/10/04/selinux-libvirt.html index 8cb868834..81066f589 100644 --- a/blogs/2018/10/04/selinux-libvirt.html +++ b/blogs/2018/10/04/selinux-libvirt.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

SELinux blocks Podman container from talking to libvirt

· One min read

podman logo

SELinux blocks Podman container from talking to libvirt

By Dan Walsh GitHub

I wrote a SELinux blog on running a container with Podman. The talks explains why SELinux blocks the connection to the libvirt socket. It then goes on to explain how to setup the container to allow the communication.

Read More

- + \ No newline at end of file diff --git a/blogs/2018/10/05/tripleo-systemd.html b/blogs/2018/10/05/tripleo-systemd.html index 285bf29be..71753a222 100644 --- a/blogs/2018/10/05/tripleo-systemd.html +++ b/blogs/2018/10/05/tripleo-systemd.html @@ -12,14 +12,14 @@ - + - + \ No newline at end of file diff --git a/blogs/2018/10/05/tripleo-undercloud.html b/blogs/2018/10/05/tripleo-undercloud.html index 1334ddb92..c5d8704b2 100644 --- a/blogs/2018/10/05/tripleo-undercloud.html +++ b/blogs/2018/10/05/tripleo-undercloud.html @@ -12,14 +12,14 @@ - + - + \ No newline at end of file diff --git a/blogs/2018/10/07/tripleo-upgrade.html b/blogs/2018/10/07/tripleo-upgrade.html index 19ed1682a..00b83da3c 100644 --- a/blogs/2018/10/07/tripleo-upgrade.html +++ b/blogs/2018/10/07/tripleo-upgrade.html @@ -12,14 +12,14 @@ - +

OpenStack Containerization with Podman – Part 3 (Upgrades)

· One min read

podman logo

Upgrade OpenStack TripleO Undercloud from Docker to Podman containers

By Emilien Macchi GitHub

I wrote a blog post about how we could upgrade OpenStack TripleO Undercloud from Docker to Podman containers.

Read More

- + \ No newline at end of file diff --git a/blogs/2018/10/10/checkpoint-restore.html b/blogs/2018/10/10/checkpoint-restore.html index be0b0ead6..ea5368eb8 100644 --- a/blogs/2018/10/10/checkpoint-restore.html +++ b/blogs/2018/10/10/checkpoint-restore.html @@ -12,7 +12,7 @@ - + @@ -70,7 +70,7 @@ the possibility to easily export the checkpoint and appropriate container state from one Podman instance to another Podman instance to be able to restore the checkpointed container.

- + \ No newline at end of file diff --git a/blogs/2018/10/31/podman-buildah-relationship.html b/blogs/2018/10/31/podman-buildah-relationship.html index 1a8504284..889c23e3a 100644 --- a/blogs/2018/10/31/podman-buildah-relationship.html +++ b/blogs/2018/10/31/podman-buildah-relationship.html @@ -12,7 +12,7 @@ - + @@ -22,7 +22,7 @@ most Linux platforms and both projects reside at GitHub.com with Buildah here and Podman here. Both Buildah and Podman are command line tools that work on OCI images and containers. The two projects are related, but differ in their specialization.

Buildah specializes in building OCI images. Buildah's commands replicate all of the commands that are found in a Dockerfile. Buildah’s goal is also to provide a lower level coreutils interface to build container images, allowing people to build containers without requiring a Dockerfile. Buildah’s other goal is to allow you to use other scripting languages to build container images without requiring a daemon.

Podman specializes in all of the commands and functions that help you to maintain and modify those OCI container images, such as pulling and tagging. It also allows you to create, run, and maintain those containers. If you can do a command in the Docker CLI, you can do the same command in the Podman CLI. In fact you can just alias ‘podman’ for ‘docker’ on your machine and you can then build, create and maintain container images and containers without a daemon being present, just as you always have.

Although Podman uses Buildah’s build functionality under the covers to create a container image, the two projects have differences. The major difference between Podman and Buildah is their concept of a container. Podman allows users to create traditional containers and the intent of these containers is to be controlled through the entirety of a container life cycle (pause, checkpoint/restore, etc). While Buildah containers are really created just to allow content to be added to the container image. Each project has a separate internal representation of a container that is not shared. Because of this you cannot see Podman containers from within Buildah or vice versa. However the internal representation of a container image is the same between Buildah and Podman. Given this, any container image that has been created, pulled or modified by one can be seen and used by the other.

Some of the commands between the two projects overlap significantly but in some cases have slightly different behaviors. The following table illustrates the commands with some overlap between the projects.

CommandPodman BehaviorBuildah Behavior
buildCalls buildah budProvides the build-using-dockerfile (bud) command that emulates Docker’s build command.
commitCommits a Podman container into a container image. Does not work on a Buildah container. Once committed the resulting image can be used by either Podman or Buildah.Commits a Buildah container into a container image. Does not work on a Podman container. Once committed, the resulting image can be used by either Buildah or Podman.
mountMounts a Podman container. Does not work on a Buildah container.Mounts a Buildah container. Does not work on a Podman container.
pull and pushPull or push an image from a container image registry. Functionally the same as Buildah.Pull or push an image from a container image registry. Functionally the same as Podman.
runRun a process in a new container in the same manner as docker run.Runs the container in the same way as the RUN command in a Dockerfile.
rmRemoves a Podman container. Does not work on a Buildah container.Removes a Buildah container. Does not work on a Podman container.
rmi, images, tagEquivalent on both projects.Equivalent on both projects.
containers and psps is used to list Podman containers. The containers command does not exist.containers is used to list Buildah containers. The ps command does not exist.

A quick and easy way to summarize the difference between the two projects is the buildah run command emulates the RUN command in a Dockerfile while the podman run command emulates the docker run command in functionality.

Buildah is an efficient way to create OCI images while Podman allows you to manage and maintain those images and containers in a production environment using familiar container cli commands. Together they form a strong foundation to support your OCI container image and container needs. Best yet, they are both Open-source projects and you are more than welcome to contribute to either or both projects. Hope to see you there!

- + \ No newline at end of file diff --git a/blogs/2018/11/01/talk-state_of_container_technologies.html b/blogs/2018/11/01/talk-state_of_container_technologies.html index 45249c16e..c53a942ff 100644 --- a/blogs/2018/11/01/talk-state_of_container_technologies.html +++ b/blogs/2018/11/01/talk-state_of_container_technologies.html @@ -12,13 +12,13 @@ - +

The State of Container Technologies in the Operating System

· One min read

podman logo

The State of Container Technologies in the Operating System Talk

By Dan Walsh GitHub

At the "LISA18" conference on October 29-31, 2018 in Nashville, TN, USA, Dan Walsh gave a talk on the State of Container Technologies in the Operating System.

The slides in PDF format are here.

- + \ No newline at end of file diff --git a/blogs/2018/11/19/build_libpod-container-images.html b/blogs/2018/11/19/build_libpod-container-images.html index 5526e6a6c..31e00bc08 100644 --- a/blogs/2018/11/19/build_libpod-container-images.html +++ b/blogs/2018/11/19/build_libpod-container-images.html @@ -12,7 +12,7 @@ - + @@ -26,7 +26,7 @@ the RPM package because it will make the upgrade process easier down the road.

To solve this problem, I have created a series of container images for CentOS7, Fedora 28, and Fedora 29 that are capable of building a development Podman RPM and associated packages.

A bit about the images themselves

The image that can used to build the RPMs is called quay.io/libpod/build_libpod. You simply alter the tag to build for the various distributions. The latest tag will build CentOS7 RPMs. Two other tags exist: fedora28 and fedora29.

Create the temporary directory

Create a directory for where the RPMs will be volume mounted. It must be /tmp/rpms.

$ mkdir /tmp/rpms

Build the RPMs

Building the RPMs is a simple Podman command that leverages the container runlabel function in Podman. Once the image is pulled by Podman, it will install the required packages for building the RPMs. After the build is complete, the container will also test to make sure the RPMs install correctly.

$ sudo podman container runlabel -p run quay.io/libpod/build_libpod:fedora29
Trying to pull quay.io/libpod/build_libpod:fedora29...Getting image source signatures
Skipping fetch of repeat blob sha256:7692efc5f81cadc73ca1afde08b1a5ea126749fd7520537ceea1a9871329efde
Copying blob sha256:af79f3045c1f7e253b5952752ae4ecabb15f5ee1e2c7e4148132ed37ea7e0091
24.70 MB / 24.70 MB [======================================================] 2s
Copying blob sha256:ff2caf91b3889620d64f6fa5529531c3fed78222ce33a89ac85318e410d302fb
206 B / 206 B [============================================================] 0s
Copying blob sha256:dd6fe2d1ef4e4ca5252881a6ab2db0eecc1166486af08384eab121512fd8e1dd
253 B / 253 B [============================================================] 0s
Copying blob sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
32 B / 32 B [==============================================================] 0s
Skipping fetch of repeat blob sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Writing manifest to image destination
Storing signatures
Command: /proc/self/exe run -it --rm --net=host -v /tmp/rpms:/root/rpmbuild/RPMS/x86_64/:Z quay.io/libpod/build_libpod:fedora29
Cloning into '/go/src/github.com/containers/libpod'...
warning: redirecting to https://github.com/containers/podman/
remote: Enumerating objects: 34, done.
remote: Counting objects: 100% (34/34), done.
remote: Compressing objects: 100% (31/31), done.
remote: Total 23112 (delta 12), reused 12 (delta 3), pack-reused 23078
Receiving objects: 100% (23112/23112), 15.96 MiB | 10.16 MiB/s, done.
Resolving deltas: 100% (13753/13753), done.
/go/src/github.com/containers/libpod
++ command -v dnf
+ pkg_manager=/usr/bin/dnf

... ** SHORTENED FOR BREVITY ***

Installed:
python3-podman-0.11.2-1542207420.git2b911b0c.fc29.noarch python3-pypodman-0.11.2-1542207420.git2b911b0c.fc29.noarch
python3-dateutil-1:2.7.0-3.fc29.noarch python3-humanize-0.5.1-14.fc29.noarch
python3-psutil-5.4.3-6.fc29.x86_64

Complete!

The resulting RPMs will end up in your temporary directory of /tmp/rpms.

$ find /tmp/rpms/
/tmp/rpms/
/tmp/rpms/noarch
/tmp/rpms/noarch/python3-pypodman-0.11.2-1542210510.git2b911b0c.fc29.noarch.rpm
/tmp/rpms/noarch/python3-podman-0.11.2-1542210510.git2b911b0c.fc29.noarch.rpm
/tmp/rpms/x86_64
/tmp/rpms/x86_64/podman-debuginfo-0.11.2-1542210510.git2b911b0c.fc29.x86_64.rpm
/tmp/rpms/x86_64/podman-debugsource-0.11.2-1542210510.git2b911b0c.fc29.x86_64.rpm
/tmp/rpms/x86_64/podman-0.11.2-1542210510.git2b911b0c.fc29.x86_64.rpm

Future

If folks like this, I'll consider adding the ability to pass in a specific git commit to build.

- + \ No newline at end of file diff --git a/blogs/2018/11/27/podman-exists.html b/blogs/2018/11/27/podman-exists.html index 0200b9169..211461831 100644 --- a/blogs/2018/11/27/podman-exists.html +++ b/blogs/2018/11/27/podman-exists.html @@ -12,13 +12,13 @@ - +

Podman container|image exists

· 3 min read

podman logo

Podman container|image exists

By Brent Baude GitHub

We are seeing a proliferation of Podman usage in users' daily workflows. As such, these workflows are often scripted -- in something like bash -- and clear exit codes from the applications being run are paramount. One of the tasks we often see is a user wanting to verify if an image or a container exists in local storage. We saw several different approaches approaches to solving this including running podman ps or podman images with filters or complex uses of grep.

Solution

After a bit of discussion with our users, recorded in [issue #1845] (https://github.com/containers/podman/issues/1845), a plan was hatched to have a specific command that satisfies this use case. It was implemented for both containers and images; and I suppose if users wish, we could implement it for pods as well. If the image or container exists, Podman will return an exit code of 0. If it does not exist, Podman will return an exit code of 1. Any other exit code can be attributed to non-verification failures like permissions or failure in reading local storage.

Check on an images

To verify the existence of an image in your local storage, you can use the command podman image exists <IMAGE_NAME>. Let's clarify through the use of an example.

The images we have in our local storage are as follows:

$ sudo podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/library/alpine latest 196d12cf6ab1 2 months ago 4.67 MB

If we wanted to verify the existence of the image docker.io/library/alpine:latest, we would:

$ sudo podman image exists docker.io/library/alpine:latest
$ echo $?
0

You can also verify by short-name if preferable:

$ sudo podman image exists alpine
$ echo $?
0

You can also verify an image by an image's full or shortened ID.

$ sudo podman image exists 196d12cf6ab1
$ echo $?
0

And finally, a failure to verify example would look like:

$ sudo podman image exists busybox
$ echo $?
1

Check on a container

We can verify the existence of a container in much the same way as an image. The grammar differs slightly.

My system has the following container:

$ sudo podman ps --format {% raw %}"{{.ID}} {{.Names}}"{% endraw %}
472fde2f48c7 foobar

And I can verify the existence of the container with podman container exists <CONTAINER_NAME>.

$ sudo podman container exists foobar
$ echo $?
0

Like images, you can also verify a container using its full or partial container ID.

- + \ No newline at end of file diff --git a/blogs/2018/12/03/podman-runlabel.html b/blogs/2018/12/03/podman-runlabel.html index 50c62693a..bece4a71b 100644 --- a/blogs/2018/12/03/podman-runlabel.html +++ b/blogs/2018/12/03/podman-runlabel.html @@ -12,14 +12,14 @@ - +

Simplifying Podman commands with labels

· 3 min read

podman logo

Simplifying Podman commands with labels

By Brent Baude GitHub

Commands used by container runtimes to create containers have become complex. It is on purpose of course. When creating containers, we want the ability to specify various security or network attributes. But if you are in the unenviable position to have to keystroke in some of these lengthy commands, it can grow tiresome. Defining labels on the container image is a great way to define how the container should be run; however, now with Podman we can read and execute that label saving you potential command line bloat.

Container image Labels

Container images have had the concept of a label for quite some time. They are often used as identifiers for the image; i.e. version, release, author, etc. But you can create a container label for just about anything. With the Atomic CLI project, we used to leverage labels such as RUN, INSTALL, and UNINSTALL. These labels we defined for the purpose of their verbiage.

Podman container runlabel

To mimic the Atomic CLI project, we added a sub-command called podman container runlabel. This command will execute the contents of a given label as defined by the container image.

Lets consider an example. I have a simple container image based on mariab that I use for my Podman development. The image is made like so:

FROM docker.io/library/mariadb:latest
LABEL RUN="podman run --name some-mariadb -P -e MYSQL_ROOT_PASSWORD=x -dt IMAGE"
RUN echo "bind-address = 0.0.0.0" >> /etc/mysql/my.cnf

Note the definition of the RUN label in the image. It contains the complete command line description of how to run it. The use of IMAGE here is a placeholder is automatically substituted by Podman to the real image name. On my system, this image exists as quay.io/baude/demodb:latest.

We can get a preview of what Podman would run using the --display switch. In the case of my mariab image, a dry-run would show something like this:

$ sudo podman container runlabel --display run quay.io/baude/demodb:latest
Command: /proc/self/exe run --name some-mariadb -P -e MYSQL_ROOT_PASSWORD=x -dt quay.io/baude/demodb:latest

Note how the IMAGE was translated into the image name. If we rerun the previous command and subtract the --display option, podman will create the container exactly as described by the run label.

So, next time you create your own image, do yourself a favor and construct labels that Podman can read and simplify your life.

- + \ No newline at end of file diff --git a/blogs/2018/12/14/openstack-podman-healthchecks.html b/blogs/2018/12/14/openstack-podman-healthchecks.html index fee27e3cd..305c868e2 100644 --- a/blogs/2018/12/14/openstack-podman-healthchecks.html +++ b/blogs/2018/12/14/openstack-podman-healthchecks.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2019/01/07/software-factory-podman.html b/blogs/2019/01/07/software-factory-podman.html index e9234892a..485743aec 100644 --- a/blogs/2019/01/07/software-factory-podman.html +++ b/blogs/2019/01/07/software-factory-podman.html @@ -12,14 +12,14 @@ - + - + \ No newline at end of file diff --git a/blogs/2019/01/08/rhel-8-and-podman.html b/blogs/2019/01/08/rhel-8-and-podman.html index a3c7dbd6d..695e0ff8d 100644 --- a/blogs/2019/01/08/rhel-8-and-podman.html +++ b/blogs/2019/01/08/rhel-8-and-podman.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2019/01/14/podman-machine-and-boot2podman.html b/blogs/2019/01/14/podman-machine-and-boot2podman.html index 7aabd5531..e138ad002 100644 --- a/blogs/2019/01/14/podman-machine-and-boot2podman.html +++ b/blogs/2019/01/14/podman-machine-and-boot2podman.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

Podman Machine and Boot2podman

· 3 min read

boot2podman logo

Podman Machine and Boot2podman

By Anders F Björklund GitHub

Update: September 9, 2021 - Tom Sweeney

This post initially discussed the boot2podman/machine project, which Anders has since deprecated. Starting with Podman v3.3, the podman machine command now does that same function and is part of the Podman project. Please see Brent Baude's update or the podman machine man page on docs.podman.io for more information on how to run Podman machine. The podman-machine command has been deprecated.

In addition, the Podman team is investigating the possibility of creating Podman Desktop. Please see the issue on GitHub, and please add your comments or thoughts to that issue.

More updates are coming, and please keep your eye on the Podman Mailing List and podman.io for further information and developments.

Finally, a very big thank you to Anders for his many contributions to Podman, particularly for his work in getting Podman to work smoothly on macOS.

Original Post

By using podman-machine and indirectly boot2podman, it is easy to get started with podman even if your local host does not support it...

It will start a virtual machine, with everything to run containers. This includes podman and buildah, and remote access over varlink.

The command-line tool podman-machine is a simple way to create virtual machines running boot2podman.iso. It will create a "machine" with Linux prepared for running Linux containers, with Podman and Buildah (and their dependencies) pre-installed.

This way any client will be able to run containers, even though not possible on their operating system. Whether their Linux distribution is too old or too unprivileged, or if they are running Windows or OS X operating systems without native Linux support.

Podman Machine

Machine lets you create servers with Podman, then configures the Podman clients.

$ podman-machine create box
$ podman-machine ssh box

tc@box:~$ sudo podman

Will automatically download the latest version of the ISO, if not available in the cache.

See: https://github.com/boot2podman/machine

Boot2Podman ISO

Boot2podman is a lightweight Linux distribution made specifically to run Linux containers.

  • Tiny Core Linux 9.x (x86_64)
  • Buildah / Varlink / Podman

The distribution runs entirely from RAM, while persisting the containers and ssh keys.

See: https://github.com/boot2podman/boot2podman

Remote Access

It is possible to use the pypodman command-line tool, to control podman remotely:

$ eval $(podman-machine env box)
$ pypodman version

https://github.com/containers/python-podman

Or alternatively to use the varlink-go command-line tool, to access the podman API:

$ eval $(podman-machine env box --varlink)
$ varlink-go call io.podman.GetVersion

https://github.com/boot2podman/varlink-go

Both methods use SSH, in order to access the podman varlink socket of the VM.

The SSH keys and other configuration is automatically created with the machine.

Tiny Core

The regular boot2podman.iso is based on Tiny Core Linux:

https://github.com/boot2podman/boot2podman/releases

This is a minimal system, that runs entirely from RAM and uses init(1).

The package manager uses TCZ packages, handled by the tce-load program.

See: https://en.wikipedia.org/wiki/Tiny_Core_Linux

Fedora

There is also an alternative version, based on Fedora Linux:

https://github.com/boot2podman/boot2podman-fedora-iso/releases

This is a full system, that boots a regular image and uses systemd(1).

The package manager uses RPM packages, handled by the dnf program.

See: https://en.wikipedia.org/wiki/Fedora_(operating_system)

Both versions will do the same thing, in that they will both offer the Podman varlink socket.

The Podman Machine can set up virtual machines for either, by using the "url" parameters.


For more posts about boot2podman, see: https://boot2podman.github.io/

- + \ No newline at end of file diff --git a/blogs/2019/01/15/podman-pods.html b/blogs/2019/01/15/podman-pods.html index c347225dc..a3be3508e 100644 --- a/blogs/2019/01/15/podman-pods.html +++ b/blogs/2019/01/15/podman-pods.html @@ -12,14 +12,14 @@ - + - + \ No newline at end of file diff --git a/blogs/2019/01/16/podman-varlink.html b/blogs/2019/01/16/podman-varlink.html index 1734f66e9..c7d5d3c6e 100644 --- a/blogs/2019/01/16/podman-varlink.html +++ b/blogs/2019/01/16/podman-varlink.html @@ -12,7 +12,7 @@ - + @@ -27,7 +27,7 @@ in one of your path directories

For Linux systems:

You can also use varlink util from libvarlink or install libvarlink-util on Fedora/RHEL machines.

The varlink CLI command in ~/.cargo/bin should output:

$ varlink --bridge "ssh <podman-machine>" info
Vendor: Atomic
Product: podman
Version: 0.10.1
URL: https://github.com/containers/podman
Interfaces:
org.varlink.service
io.podman
$ varlink --bridge "ssh <podman-machine>" call io.podman.Ping
{
"ping": {
"message": "OK"
}
}

$ varlink --bridge "ssh <podman-machine>" call io.podman.MountContainer "{\"name\": \"container-id\"}"
Error: Call failed with error: io.podman.ErrorOccurred
{
"reason": "no container with name or ID container-id found: no such container"
}

To find out more about the Podman varlink interface read the io.podman.varlink file or the rendered API.md.

Or you can inspect, what methods your Podman version on <podman-machine> provides:

$ varlink --bridge "ssh <podman-machine>" help io.podman

Rust Client Example

Either clone this repository or:

$ cargo new --bin podmanrs
$ cd podmanrs

Download the varlink interface from the running Podman varlink service:

$ varlink --bridge "ssh <podman-machine>" help io.podman > src/io.podman.varlink

create build.rs:

extern crate varlink_generator;

fn main() {
varlink_generator::cargo_build_tosource("src/io.podman.varlink", true);
}

create Cargo.toml:

[package]
name = "podmanrs"
version = "0.1.0"
authors = ["Harald Hoyer <harald@redhat.com>"]
build = "build.rs"
edition = "2018"

[dependencies]
varlink = "7"
serde = "1"
serde_derive = "1"
serde_json = "1"
chainerror = "0.4"
[build-dependencies]
varlink_generator = "7"

create src/main.rs:

mod io_podman;

use crate::io_podman::*;
use varlink::Connection;
use std::result::Result;
use std::error::Error;

fn main() -> Result<(), Box<Error>> {
let connection = Connection::with_bridge(
"ssh <podman-machine>",
)?;
let mut podman = VarlinkClient::new(connection.clone());
let reply = podman.ping().call()?;
println!("Ping() replied with '{}'", reply.ping.message);
let reply = podman.get_info().call()?;
println!("Hostname: {}", reply.info.host.hostname);
println!("Info: {:#?}", reply.info);
Ok(())
}

Now run it:

$ cargo run
- + \ No newline at end of file diff --git a/blogs/2019/02/07/hack-and-tools.html b/blogs/2019/02/07/hack-and-tools.html index 1145fa0b3..e94c35bb4 100644 --- a/blogs/2019/02/07/hack-and-tools.html +++ b/blogs/2019/02/07/hack-and-tools.html @@ -12,13 +12,13 @@ - +

Container Tools on RHEL 8 & How to Hack Podman

· One min read

podman logo

Scott McCarty wrote "Red Hat Enterprise Linux 8 Beta: A new set of container tools". In the blog Scott introduces the new container tools in RHEL 8 Beta. Spoiler Alert! No Big Fat Daemons were harmed in the examples Scott provides!

Hervé Beraud wrote "How to Hack on Podman, which walks you through contributing to the Podman project.

Both are great reads to help build your container tools knowledge.

- + \ No newline at end of file diff --git a/blogs/2019/02/21/pandb-4-users.html b/blogs/2019/02/21/pandb-4-users.html index 9e2f0a0a3..63199c586 100644 --- a/blogs/2019/02/21/pandb-4-users.html +++ b/blogs/2019/02/21/pandb-4-users.html @@ -12,13 +12,13 @@ - +

Podman and Buildah for Docker Users!

· One min read

podman logo

Podman and Buildah for Docker Users

By Tom Sweeney GitHub

A new article about how Docker users can use Podman and Buildah on the Red Hat Developer Site. William Henry (@ipbabble) introduces the two tools to Docker users and explains how they can be used to replace Docker and how the two tools are related.

- + \ No newline at end of file diff --git a/blogs/2019/03/16/podman-install.html b/blogs/2019/03/16/podman-install.html index 8412fba74..476c19738 100644 --- a/blogs/2019/03/16/podman-install.html +++ b/blogs/2019/03/16/podman-install.html @@ -12,7 +12,7 @@ - + @@ -23,7 +23,7 @@ author: tsweeney categories: [blogs] tags: [containers, images, docker, buildah, podman, oci]


podman logo

Installation of Podman to Run Docker Container - Part 1

By Tom Sweeney GitHub

A new article about how Opvizor installed Podman to run Docker containers. This blog entry at Opvizor looks into their installation process and their early takeaways on Podman.

- + \ No newline at end of file diff --git a/blogs/2019/03/18/CI3.html b/blogs/2019/03/18/CI3.html index b3c8291b5..193fd1f97 100644 --- a/blogs/2019/03/18/CI3.html +++ b/blogs/2019/03/18/CI3.html @@ -12,7 +12,7 @@ - + @@ -104,7 +104,7 @@ or snide remarks there, please feel free to find me in #podman on Freenode (IRC). Unless the question is too-smart, I might even be able to answer it. Until then, may your pretty code keep its bugs well hidden and out of sight.

- + \ No newline at end of file diff --git a/blogs/2019/03/22/podman-made-easy.html b/blogs/2019/03/22/podman-made-easy.html index c8f210a7d..3c341f01c 100644 --- a/blogs/2019/03/22/podman-made-easy.html +++ b/blogs/2019/03/22/podman-made-easy.html @@ -12,13 +12,13 @@ - +
- + \ No newline at end of file diff --git a/blogs/2019/04/01/podman-crosswords.html b/blogs/2019/04/01/podman-crosswords.html index 2faed9358..149417264 100644 --- a/blogs/2019/04/01/podman-crosswords.html +++ b/blogs/2019/04/01/podman-crosswords.html @@ -12,14 +12,14 @@ - +

Podman Saves My Crossword Habit

· One min read

podman logo

Podman Saves My Crossword Habit

By Tom Sweeney GitHub

Ed Santiago (@edsantiago) needed help with his New York Times crossword puzzle. So naturally he turned to Podman to save the day. Read about it in his blog post: Podman Saves My Crossword Habit. Many thanks to Ed for sharing this innovative use of Podman.

- + \ No newline at end of file diff --git a/blogs/2019/04/16/cinc.html b/blogs/2019/04/16/cinc.html index aceadf307..0d8cf03a7 100644 --- a/blogs/2019/04/16/cinc.html +++ b/blogs/2019/04/16/cinc.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2019/04/22/health.html b/blogs/2019/04/22/health.html index d0254067d..e1ccfa0f5 100644 --- a/blogs/2019/04/22/health.html +++ b/blogs/2019/04/22/health.html @@ -12,13 +12,13 @@ - +

Monitoring container vitality and availability with Podman

· One min read

podman logo

Monitoring container vitality and availability with Podman

By Brent Baude GitHub

Who doesn't want a healthy container in their environment? Now with Podman you can setup healthchecks so you can check if your container and it's application is up and running as you'd expect. Brent Baude introduces the new functionality in this article on the Red Hat Developer Blog: Monitoring container vitality and availability with Podman.

- + \ No newline at end of file diff --git a/blogs/2019/05/18/micro-dnf.html b/blogs/2019/05/18/micro-dnf.html index 7206a2585..4c79cd564 100644 --- a/blogs/2019/05/18/micro-dnf.html +++ b/blogs/2019/05/18/micro-dnf.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2019/05/24/podman-made-easy2.html b/blogs/2019/05/24/podman-made-easy2.html index 7e1251ec1..f4b8e3910 100644 --- a/blogs/2019/05/24/podman-made-easy2.html +++ b/blogs/2019/05/24/podman-made-easy2.html @@ -12,13 +12,13 @@ - +
- + \ No newline at end of file diff --git a/blogs/2019/06/13/new.html b/blogs/2019/06/13/new.html index 3741f3be4..9cfa0aa69 100644 --- a/blogs/2019/06/13/new.html +++ b/blogs/2019/06/13/new.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2019/06/13/podman-cheatsheet.html b/blogs/2019/06/13/podman-cheatsheet.html index 37b355ff9..2ae02d8a3 100644 --- a/blogs/2019/06/13/podman-cheatsheet.html +++ b/blogs/2019/06/13/podman-cheatsheet.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2019/06/17/mailinglist.html b/blogs/2019/06/17/mailinglist.html index f9dda25a1..8f36817e8 100644 --- a/blogs/2019/06/17/mailinglist.html +++ b/blogs/2019/06/17/mailinglist.html @@ -12,13 +12,13 @@ - +

Podman Mailing list

· 2 min read

podman logo

Podman Mailing List

By Tom Sweeney GitHub

We've received a number of requests for a mailing list for Podman and we're happy to announce that one has just been created! We've built a friendly community on IRC and GitHub and plan to continue that growth in this new mailing list. The maintainers of the project are all members of the list and we're happy to take any and all questions there about Podman. You can also just use the list as a way to track what's going on with Podman as release announcements and other important news will be posted there.

To sign up for the mailing list use email or the web interface:

Regardless of which method you use, a confirmation email will be sent to you. After you reply back to that confirmation email, you'll then be able to send mail directly to podman@lists.podman.io. You can then also go to the list's web page at lists.podman.io, click on the Podman link and from there you can see all of the past conversations on the list or manage your subscription.

Please note, if you have a bug that you'd like to report, it's best to report them here by creating a "New issue" rather than sending an email to the list.

We hope over time this mailing list will be a friendly and useful tool for the entire Podman community.

- + \ No newline at end of file diff --git a/blogs/2019/06/17/new.html b/blogs/2019/06/17/new.html index a91bc4299..a1715127d 100644 --- a/blogs/2019/06/17/new.html +++ b/blogs/2019/06/17/new.html @@ -12,13 +12,13 @@ - +

Announcing the Podman Mailing List!

· One min read

We've received a number of requests for a mailing list for Podman and we're happy to announce that one has just been created! We've built a friendly community on IRC and GitHub and plan to continue that growth in this new mailing list. The maintainers of the project are all members of the list and we're happy to take any and all questions there about Podman. You can also just use the list as a way to track what's going on with Podman as release announcements and other important news will be posted there.

Get all the details on this blog post!

- + \ No newline at end of file diff --git a/blogs/2019/06/19/new.html b/blogs/2019/06/19/new.html index c7281f486..a64256663 100644 --- a/blogs/2019/06/19/new.html +++ b/blogs/2019/06/19/new.html @@ -12,13 +12,13 @@ - +

OnDemand Course&#58; Container pipelines for sys admins—and anyone, really—with Buildah and Podman

· One min read

Red Hat has recently posted an OnDemand course: Container pipelines for sys admins—and anyone, really—with Buildah and Podman. The session teaches you how to integrate both Podman and Buildah into your continuous delivery (CI/CD) solutions and also serves as a good introduction to both tools. The cost can't be beat (free!), so if you're looking for a quick introduction into the tools, this is a good way to go.

- + \ No newline at end of file diff --git a/blogs/2019/06/19/ondemand-course.html b/blogs/2019/06/19/ondemand-course.html index d4b38fae4..78d828a0c 100644 --- a/blogs/2019/06/19/ondemand-course.html +++ b/blogs/2019/06/19/ondemand-course.html @@ -12,13 +12,13 @@ - +

OnDemand Course&#58; Container pipelines for sys admins—and anyone, really—with Buildah and Podman

· One min read

podman logo

OnDemand Course: Container pipelines for sys admins—and anyone, really—with Buildah and Podman

By Tom Sweeney GitHub

Red Hat has recently posted an OnDemand course: Container pipelines for sys admins—and anyone, really—with Buildah and Podman. The session teaches you how to integrate both Podman and Buildah into your continuous delivery (CI/CD) solutions and also serves as a good introduction to both tools. The cost can't be beat (free!), so if you're looking for a quick introduction into the tools, this is a good way to go.

- + \ No newline at end of file diff --git a/blogs/2019/06/26/new.html b/blogs/2019/06/26/new.html index 28440427f..dc7857e0b 100644 --- a/blogs/2019/06/26/new.html +++ b/blogs/2019/06/26/new.html @@ -12,13 +12,13 @@ - +

Replacing Docker with Podman

· One min read

Ganesh Mani recently wrote the blog Replacing Docker with Podman — Power of Podman — Cloudnweb. The article gives a nice overview of Docker, Podman, their differences, and how you can use Podman to replace Docker. A nice read and really, who doesn't love a blog that wraps up with a meme featuring The Rock?

- + \ No newline at end of file diff --git a/blogs/2019/06/26/replace-docker-with-podman.html b/blogs/2019/06/26/replace-docker-with-podman.html index 293cc7258..86b30ec19 100644 --- a/blogs/2019/06/26/replace-docker-with-podman.html +++ b/blogs/2019/06/26/replace-docker-with-podman.html @@ -12,14 +12,14 @@ - + - + \ No newline at end of file diff --git a/blogs/2019/07/06/new.html b/blogs/2019/07/06/new.html index c62329699..87273be7d 100644 --- a/blogs/2019/07/06/new.html +++ b/blogs/2019/07/06/new.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@
- + \ No newline at end of file diff --git a/blogs/2019/07/06/ruby.html b/blogs/2019/07/06/ruby.html index d42b74aec..d3f875943 100644 --- a/blogs/2019/07/06/ruby.html +++ b/blogs/2019/07/06/ruby.html @@ -12,7 +12,7 @@ - + @@ -21,7 +21,7 @@ of developer's productivity? Read about how one company did it for Ruby on Rails application in new article on mkdev.me blog: Dockerless, part 3: Moving development environment to containers with Podman.

- + \ No newline at end of file diff --git a/blogs/2019/07/29/new.html b/blogs/2019/07/29/new.html index 5e86b7299..539bdd799 100644 --- a/blogs/2019/07/29/new.html +++ b/blogs/2019/07/29/new.html @@ -12,13 +12,13 @@ - +

Podman&#58; Linux containers made easy, part 3

· One min read

It's in German again, but a worthy read Podman: Linux containers made easy, part 3. Valentin Rothberg (@vrothberg) introduces Podman to the reader and talks about how it fits in the container eco-system. If your German is a little rusty, you may need to lean on Google Translate.

- + \ No newline at end of file diff --git a/blogs/2019/07/29/podman-made-easy3.html b/blogs/2019/07/29/podman-made-easy3.html index 61cf0f9f4..e110f1307 100644 --- a/blogs/2019/07/29/podman-made-easy3.html +++ b/blogs/2019/07/29/podman-made-easy3.html @@ -12,13 +12,13 @@ - +
- + \ No newline at end of file diff --git a/blogs/2019/08/08/new.html b/blogs/2019/08/08/new.html index 01b9ff7c2..78b109ea2 100644 --- a/blogs/2019/08/08/new.html +++ b/blogs/2019/08/08/new.html @@ -12,13 +12,13 @@ - +

Command Highlight&#58; podman images

· One min read

A quick asciinema demo highlighting what the podman images command can do. A great way to get quickly immersed with this command in just a few minutes time. Checkout the demo here and if you want to run the script yourself, it can be found here.

- + \ No newline at end of file diff --git a/blogs/2019/08/08/podman-images.html b/blogs/2019/08/08/podman-images.html index dafbea3ca..473afa21e 100644 --- a/blogs/2019/08/08/podman-images.html +++ b/blogs/2019/08/08/podman-images.html @@ -12,13 +12,13 @@ - +

Command Highlight&#58; podman images

· One min read

podman logo

Command Highlight: podman images

By Tom Sweeney GitHub

A quick asciinema demo highlighting what the podman images command can do. A great way to get quickly immersed with this command in just a few minutes time. Checkout the demo here and if you want to run the script yourself, it can be found here.

- + \ No newline at end of file diff --git a/blogs/2019/08/10/new.html b/blogs/2019/08/10/new.html index 4971f11d0..5e487a74b 100644 --- a/blogs/2019/08/10/new.html +++ b/blogs/2019/08/10/new.html @@ -12,13 +12,13 @@ - +

How templating works with Podman, Kubernetes, and Red Hat OpenShift

· One min read

Olaph Wagner has put together a nice introduction on How templating works with Podman, Kubernetes, and Red Hat OpenShift on the IBM Developer blog site. If you want to find out how to use Podman to create images that helps Red Hat OpenShift to make templates on the IBM Cloud(TM), then this is the article for you!

- + \ No newline at end of file diff --git a/blogs/2019/08/10/podman-ibm-developer.html b/blogs/2019/08/10/podman-ibm-developer.html index 5c63ecdfa..2d1712ed9 100644 --- a/blogs/2019/08/10/podman-ibm-developer.html +++ b/blogs/2019/08/10/podman-ibm-developer.html @@ -12,14 +12,14 @@ - +

How templating works with Podman, Kubernetes, and Red Hat OpenShift

· One min read

podman logo

How templating works with Podman, Kubernetes, and Red Hat OpenShift

By Tom Sweeney GitHub

Olaph Wagner has put together a nice introduction on How templating works with Podman, Kubernetes, and Red Hat OpenShift on the IBM Developer blog site. If you want to find out how to use Podman to create images that helps Red Hat OpenShift to make templates on the IBM Cloud(TM), then this is the article for you!

- + \ No newline at end of file diff --git a/blogs/2019/08/14/new.html b/blogs/2019/08/14/new.html index 16f06b800..bdd1183ff 100644 --- a/blogs/2019/08/14/new.html +++ b/blogs/2019/08/14/new.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2019/08/22/new.html b/blogs/2019/08/22/new.html index 8234f51a7..e8564c989 100644 --- a/blogs/2019/08/22/new.html +++ b/blogs/2019/08/22/new.html @@ -12,13 +12,13 @@ - +

Using the rootless containers Tech Preview in RHEL 8.0

· One min read

Scott McCarty has a blog post on the Red Hat Blog about Using the rootless containers Tech Preview in RHEL 8.0. Podman rootless containers has hit Tech Preview for RHEL 8.0 and Scott walks you through the setup necessary for rootless containers. Small hint, it's a short post because it's just that easy.

- + \ No newline at end of file diff --git a/blogs/2019/08/22/podman-tech-preview.html b/blogs/2019/08/22/podman-tech-preview.html index a0e70442f..d51378794 100644 --- a/blogs/2019/08/22/podman-tech-preview.html +++ b/blogs/2019/08/22/podman-tech-preview.html @@ -12,13 +12,13 @@ - +

Using the rootless containers Tech Preview in RHEL 8.0

· One min read

podman logo

Using the rootless containers Tech Preview in RHEL 8.0

By Tom Sweeney GitHub

Scott McCarty has a blog post on the Red Hat Blog about Using the rootless containers Tech Preview in RHEL 8.0. Podman rootless containers has hit Tech Preview for RHEL 8.0 and Scott walks you through the setup necessary for rootless containers. Small hint, it's a short post because it's just that easy.

- + \ No newline at end of file diff --git a/blogs/2019/08/23/new.html b/blogs/2019/08/23/new.html index 39355fbe7..24223f13e 100644 --- a/blogs/2019/08/23/new.html +++ b/blogs/2019/08/23/new.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2019/08/23/podman-en-espanol.html b/blogs/2019/08/23/podman-en-espanol.html index 1077871d2..ceb6c70cd 100644 --- a/blogs/2019/08/23/podman-en-espanol.html +++ b/blogs/2019/08/23/podman-en-espanol.html @@ -12,13 +12,13 @@ - +

Podman, contenedores sin Docker

· One min read

podman logo

Podman, contendores sin Docker

By Tom Sweeney GitHub

How's your espanol? If it's good or you want to work on it, checkout this video blog on YouTube from Iñigo Serrano Podman, contenedores sin Docker. In it Iñigo Serrano shows how to run Wildfly in a Podman container without Docker.

- + \ No newline at end of file diff --git a/blogs/2019/08/28/buildah-in-containers.html b/blogs/2019/08/28/buildah-in-containers.html index a5c617688..b0f9482d5 100644 --- a/blogs/2019/08/28/buildah-in-containers.html +++ b/blogs/2019/08/28/buildah-in-containers.html @@ -12,13 +12,13 @@ - +

Best practices for running Buildah in a container

· One min read

podman logo

Best practices for running Buildah in a container

By Dan Walsh GitHub

Dan Walsh has recently posted a blog on the Red Hat Developer Blog, Best practices for running Buildah in a container. The post walks you through the balancing act of running a container securely using while keeping an eye on performance. A big boost to the performance side of things is the concept of "Additional Stores". Dan walks you through the use of those in this blog and then wraps it all up with an on-line video at the end.

- + \ No newline at end of file diff --git a/blogs/2019/08/28/new.html b/blogs/2019/08/28/new.html index 5f3c1ce33..c6c5ef3dd 100644 --- a/blogs/2019/08/28/new.html +++ b/blogs/2019/08/28/new.html @@ -12,13 +12,13 @@ - +

Best practices for running Buildah in a container

· One min read

Dan Walsh has recently posted a blog on the Red Hat Developer Blog, Best practices for running Buildah in a container. The post walks you through the balancing act of running a container securely using Podman while keeping an eye on performance. A big boost to the performance side of things is the concept of "Additional Stores". Dan walks you through the use of those in this blog and then wraps it all up with an on-line video at the end.

- + \ No newline at end of file diff --git a/blogs/2019/09/11/new.html b/blogs/2019/09/11/new.html index 58d9825e5..36881e6e4 100644 --- a/blogs/2019/09/11/new.html +++ b/blogs/2019/09/11/new.html @@ -12,13 +12,13 @@ - +

Why can’t rootless Podman pull my image?

· One min read

Matt Heon has a blog post on the Red Hat Enable Sysadmin site about Why can’t rootless Podman pull my image?. In the blog Matt discusses why restrictions on rootless containers can be inconvenient, but why they're necessary. In the blog Matt covers the use of user namespace and the allocations of uid and gid's that are required to make rootless containers work securely in your environment.

- + \ No newline at end of file diff --git a/blogs/2019/09/11/rootless-pulling.html b/blogs/2019/09/11/rootless-pulling.html index 438449fa2..4516516b8 100644 --- a/blogs/2019/09/11/rootless-pulling.html +++ b/blogs/2019/09/11/rootless-pulling.html @@ -12,13 +12,13 @@ - +

Why can’t rootless Podman pull my image?

· One min read

podman logo

Why can’t rootless Podman pull my image?

By Matthew Heon GitHub

Matthew Heon has a blog post on the Red Hat Enable Sysadmin site about Why can’t rootless Podman pull my image?. In the blog Matt discusses why restrictions on rootless containers can be inconvenient, but why they're necessary. In the blog Matt covers the use of user namespace and the allocations of uid and gid's that are required to make rootless containers work securely in your environment.

- + \ No newline at end of file diff --git a/blogs/2019/09/25/new.html b/blogs/2019/09/25/new.html index 979cdb900..c945483a7 100644 --- a/blogs/2019/09/25/new.html +++ b/blogs/2019/09/25/new.html @@ -12,13 +12,13 @@ - +

Podman in HPC environments

· One min read

Adrian Reber talks all about the Message Passing Interface (MPI) in a High-Performance Computing (HPC) environment with the help of Podman here. Adrian provides a nice walk through of how he accomplished this and then explains each of his steps in great detail.

- + \ No newline at end of file diff --git a/blogs/2019/09/26/podman-in-hpc.html b/blogs/2019/09/26/podman-in-hpc.html index 2723b77bd..b601be546 100644 --- a/blogs/2019/09/26/podman-in-hpc.html +++ b/blogs/2019/09/26/podman-in-hpc.html @@ -12,7 +12,7 @@ - + @@ -54,7 +54,7 @@ this container image, Podman will do it before launching this container.

  • /home/ring

    The MPI program in the container which should be started.

  • Thanks to Podman's fork-exec model it is really simple to use it in combination with Open MPI as Open MPI will start Podman just as it would start the actual MPI application.

    - + \ No newline at end of file diff --git a/blogs/2019/10/02/container-networking.html b/blogs/2019/10/02/container-networking.html index bd5428504..5f4409c89 100644 --- a/blogs/2019/10/02/container-networking.html +++ b/blogs/2019/10/02/container-networking.html @@ -12,13 +12,13 @@ - +
    - + \ No newline at end of file diff --git a/blogs/2019/10/02/new.html b/blogs/2019/10/02/new.html index 2538a8e47..0451d6962 100644 --- a/blogs/2019/10/02/new.html +++ b/blogs/2019/10/02/new.html @@ -12,13 +12,13 @@ - +

    Configuring container networking with Podman

    · One min read

    Brent Baude has a blog post on the Red Hat Enable Sysadmin site about Configuring container networking with Podman. In the post Brent goes over how you can communicate between a container and the host, between containers in and out of a pod, while running as a root and as a non-root user.

    - + \ No newline at end of file diff --git a/blogs/2019/10/14/1-new.html b/blogs/2019/10/14/1-new.html index 3b5592eda..439dbc132 100644 --- a/blogs/2019/10/14/1-new.html +++ b/blogs/2019/10/14/1-new.html @@ -12,13 +12,13 @@ - +

    Say “Hello” to Buildah, Podman, and Skopeo

    · One min read

    Saharsh Singh talks about how he's moved on from his Docker daemon and moved on to Podman, Buildah and Skopeo here on the Red Hat Service Blog site. Saharsh walks you through a history of container tools and then talks about Podman, Buildah and Skopeo with a lot of great examples.

    - + \ No newline at end of file diff --git a/blogs/2019/10/14/2-new.html b/blogs/2019/10/14/2-new.html index 584aa294c..437e110a5 100644 --- a/blogs/2019/10/14/2-new.html +++ b/blogs/2019/10/14/2-new.html @@ -12,13 +12,13 @@ - +

    Here’s why podman is more secured than Docker – DevSecOps

    · One min read

    Ganesh Mani discusses why Podman is more secure than Docker here on the CLOUDNWEB site. Ganesh talks about why Podman's fork and execute model is more secure than Docker's client server model.

    - + \ No newline at end of file diff --git a/blogs/2019/10/14/SayHello.html b/blogs/2019/10/14/SayHello.html index 751156f27..06431d31c 100644 --- a/blogs/2019/10/14/SayHello.html +++ b/blogs/2019/10/14/SayHello.html @@ -12,13 +12,13 @@ - +

    Say “Hello” to Buildah, Podman, and Skopeo

    · One min read

    podman logo

    Say “Hello” to Buildah, Podman, and Skopeo

    By Tom Sweeney GitHub

    Saharsh Singh talks about how he's moved on from his Docker daemon and moved on to Podman, Buildah and Skopeo here on the Red Hat Service Blog site. Saharsh walks you through a history of container tools and then talks about Podman, Buildah and Skopeo with a lot of great examples.

    - + \ No newline at end of file diff --git a/blogs/2019/10/14/docker-vs-podman-security.html b/blogs/2019/10/14/docker-vs-podman-security.html index 14d750fae..2323c6b37 100644 --- a/blogs/2019/10/14/docker-vs-podman-security.html +++ b/blogs/2019/10/14/docker-vs-podman-security.html @@ -12,13 +12,13 @@ - +

    Here’s why podman is more secured than Docker – DevSecOps

    · One min read

    podman logo

    Here’s why podman is more secured than Docker – DevSecOps

    By Tom Sweeney GitHub

    Ganesh Mani discusses why Podman is more secure than Docker here on the CLOUDNWEB site. Ganesh talks about why Podman's fork and execute model is more secure than Docker's client server model.

    - + \ No newline at end of file diff --git a/blogs/2019/10/15/generate-seccomp-profiles.html b/blogs/2019/10/15/generate-seccomp-profiles.html index 5d36837a2..c1c61b99d 100644 --- a/blogs/2019/10/15/generate-seccomp-profiles.html +++ b/blogs/2019/10/15/generate-seccomp-profiles.html @@ -12,13 +12,13 @@ - +

    Generate SECCOMP Profiles for Containers Using Podman and eBPF

    · 11 min read

    podman logo

    Generate SECCOMP Profiles for Containers Using Podman and eBPF

    By Valentin Rothberg GitHub

    Containers run everywhere. They run in the cloud, they run on IoT devices, they run in small and in big companies and wherever they run, we want them to run as securely as possible. In this article, I describe the Google Summer of Code project that Divyansh Kamboj, Dan Walsh and I have been working on and how we improved the state of the art in securing containers, and how you can try it out.

    Background

    At DevConf.cz in early 2019, Dan Walsh and I were talking about container security and how we could improve the status quo in a user-friendly fashion. Among other things, we talked about seccomp, a widely used security feature of Linux. At its very core, seccomp allows for filtering the syscalls invoked by a process and can thereby be used to restrict which syscalls a given process is allowed to execute. Many software projects such as Android, Flatpak, Chrome and Firefox use seccomp to further tighten the security. One threat model seccomp protects against is the damage a malicious process can do. The fewer syscalls are available, the smaller is the attack surface. Hence, an attacker might gain control over some process of a web browser but seccomp will restrict the set of available syscalls to only those it needs. For instance, the syscalls needed for a rendering a website. The reduced attack surface can prevent the attacker from gaining control over the system. This makes seccomp a powerful security tool but while talking about it Dan and I quickly realized there is room for improvement.

    The tricky part of security is making it user friendly. A security mechanism should not turn into an annoyance or an obstacle. Otherwise some users will turn it off. Most container tools use a default seccomp filter which was initially written by Jesse Frazelle for Docker. This default filter found a balance between tightening the security while remaining portable to allow most workloads to run without receiving permission errors. The fact that this default filter is used by Docker, Podman, CRI-O, containerd and other tools on millions of deployments around the globe, shows its importance and impact. However, the default filter is pretty loose and it still allows more than 300 of the 435 syscalls on Linux 5.3 x86_64. The high number of available syscalls is essential to support as many containers as possible but according to Aqua Sec, most containers require only 40 to 70 syscalls. This means that the syscall attack surface of an average container could further be reduced by around 80 percent. But if we want to restrict more syscalls than the default filter, we face the problem of finding out which syscalls a container actually needs. That’s the problem we decided to work on and to ultimately come up with an open-source solution that users can easily use and integrate into their workflows.

    Dan and I started to philosophize about how we wanted to tackle the problem of finding out which syscalls a given container needs. Statically analyzing the code is theoretically optimal as we can determine the exact set of syscalls the program needs. But we quickly run into practical issues where corner cases cannot be covered and where users need a deep understanding of the code and certainly of the limitations of the individual analyzers. Such approaches are also programming-language specific and hence not generally applicable. All in all, static analysis does not provide the level of user friendliness and automation we wanted. Hence, we decided upon runtime analysis and proposed a project for Google Summer of Code under the umbrella of the Fedora project. The project proposal was to trace the processes running inside a container and to create a seccomp filter based on the set of recorded syscalls. The proposal was eventually accepted and we are thrilled how far we came thanks to Divyansh Kamboj who worked with us during this summer and who has turned into an active contributor to our github.com/containers projects.

    Tracing the syscalls of a container

    After some initial experiments with ptrace, we were looking for an alternative tracing mechanism. Ptrace has some considerable performance impacts that we were not willing to take, so Divyansh explored the idea of using audit logging of seccomp actions. Since Linux v4.14, the actions of seccomp filters can be recorded in the audit log. Using seccomp to create a new seccomp filter was tempting and the initial experiments have shown promising results until we started to run multiple containers in parallel. We could see and track which syscalls have been used but we could not figure out which process and hence which syscall belongs to which container. The Linux kernel community is currently debating to add an audit container ID which identifies a container in the logs but there is no consensus yet and we do not expect a solution in the near future. We had to find another solution.

    Eventually, we decided to use the extended Berkeley Packet Filter (eBPF) for tracing. eBPF allows for writing custom programs that can hook into various code paths in the kernel. These programs can be injected from user space into the kernel who interprets them in a special virtual machine. BPF was originally written to inspect networking packets directly in the kernel to achieve the lowest possible latency and best performance. Nowadays, with eBPF we can inspect many more aspects of the kernel. For our purpose, we hook into the sysenter tracepoint when entering the kernel from user space. This allows us to quickly inspect which syscalls are called by a given process. Although eBPF is fast, we still faced the aforementioned absence of a container concept in the kernel, so we had to find a way to know if a given process is part of the container we want to trace or not. We decided to identify a container by its PID namespace. If the PID namespace of the process we hit in our eBPF program corresponds to the container we are currently tracing, then we record the syscall. Ultimately, if a container creates a new PID namespace, we will not trace processes inside the new namespace and generate an inaccurate filter. But that is pretty much the only limitation.

    The OCI seccomp bpf hook

    We implemented the syscall tracer as an Open Container Initiative (OCI) runtime hook. OCI runtime hooks are called at different stages of the lifecycle of a container and are executed by OCI-compliant container runtimes, such as runc. Runc is used to spawn and run containers, and is the default runtime of Podman, containerd, Docker and many other tools. Our syscall-tracing hook runs at the prestart stage, where the init process of the container is created but not yet started. At this point, we can extract the PID namespace of the container, compile the eBPF program and start it. All this happens before the container is started, so we do not run into a race condition and avoid losing any early syscalls of the container. Once the eBPF program is running, we detach it from the hook and the container runtime can start the container. All source code is open source and can be downloaded from github.com/containers/oci-seccomp-bpf-hook. We are currently creating packages for Fedora and CentOS and hope to provide packages for more distributions in the near future. In the following, we go through a step-by-step example how the hook can be used in practice.

    Let’s first install Podman. Podman is a daemonless container engine for running containers and Pods and supports running rootless containers.

    $ sudo dnf install -y podman

    Next, we clone the git repository of the OCI seccomp bpf hook to compile and install it. Note that we need to install a few more packages in order to compile the hook.

    $ sudo dnf install -y bcc-devel bcc-tools git golang libseccomp-devel golang-github-cpuguy83-md2man make
    $ git clone https://github.com/containers/oci-seccomp-bpf-hook.git
    $ cd oci-seccomp-bpf-hook
    $ make binary
    $ PREFIX=/usr sudo make install

    Now, with the hook being installed we can use Podman to run a container and use the hook for tracing syscalls. eBPF requires root privileges so we cannot make use of Podman’s rootless support while tracing. However, we can use the generated seccomp profiles for running the workloads in a rootless container.

    $ sudo podman run --annotation io.containers.trace-syscall=of:/tmp/ls.json fedora:30 ls / > /dev/null

    In the upper example, we are running ls in a fedora:30 container. The annotation io.containers.trace-syscall is used to start our hook while its value expects a mandatory output file (short “of:”) that points to a path where we want the new seccomp filter to be written. In fact, the output file is a json file which is often referred to as a seccomp profile that container engines such as Podman and Docker will eventually parse and compile into a seccomp filter for the kernel. When inspecting the generated profile we will notice that there are more syscalls than ls executes. Those syscalls are the ones that runc invokes after having applied the seccomp profile and before starting the container, so they are essential to prevent us from getting permission errors when reusing the profile. However, we do not need to worry about that as the hook is clever enough to add these syscalls. Let’s run a few containers using the generated profile.

    $ sudo podman run --security-opt seccomp=/tmp/ls.json fedora:30 ls / > /dev/null
    $ sudo podman run --security-opt seccomp=/tmp/ls.json fedora:30 ls -l / > /dev/null
    ls: cannot access '/': Operation not permitted

    Maybe you are as surprised as we were when first running this very example. It seems that ls uses additional syscalls with the -l flag which instructs ls to use a more verbose listing format. This example shows a limitation of our approach since the quality and completeness of the generated seccomp profile depends on the exhaustiveness when tracing, and that’s clearly something to keep in mind when using the hook. To avoid rerunning everything from scratch, the hook allows for the specification of an additional input file. This input file serves as a baseline to which all traced syscalls are added. This way, we do not need to redundantly run all, potentially time-costly, previous workloads but can add new data on top. Let’s try this out and rerun ls -l.

    $ sudo podman run --annotation io.containers.trace-syscall=”if:/tmp/ls.json;of:/tmp/lsl.json” fedora:30 ls -l / > /dev/null

    As mentioned above, we need root privileges for running the eBPF hook. But now, as we have generated the new seccomp profile, we can use it for running the same workload in a rootless container.

    $ id -u
    1000
    $ podman run --security-opt seccomp=/tmp/lsl.json fedora:30 ls -l / > /dev/null

    When can I lock down my container?

    One of the issues with attempting to generate seccomp profiles this way is that we cannot always be sure of having crossed all code paths that the container can potentially run. But if we have fairly extensive tests we should be able to gather a substantial amount of the syscalls for running the container within our CI/CD system. Now when we put our container into production, we can continue tracing the syscalls in the new environment. For example, if you use Kubernetes you could send the annotation down to CRI-O and it would run the hook. Now, we can periodically check if the generated profile has changed over time. If we do not see new syscalls added for a given amount of time, we can feel confident to start using the profile. If a container using the profile gets blocked from using a syscall, the kernel will continue to report these in the audit.log which allows us to manually look for missing syscalls.

    Try it out!

    It was essential for us to base our work on open standards, which is why we decided to use the hooks specified in the OCI runtime specification. This way, our approach works with OCI compliant container runtimes such as runc or crun. Furthermore, we did not want to tie the tracing feature to a specific container engine. We wanted different tools such as Podman, Docker, CRI-O or containerd to be able to use the hook to encourage collaboration across different communities. Hence, we chose to use an OCI runtime annotation (i.e., io.containers.trace-syscall) to trigger the hook which is a generally supported feature.

    As a next step, feel free to generate your own seccomp profiles with the oci-seccomp-bpf-hook. We would love to have feedback and always welcome contributions.

    - + \ No newline at end of file diff --git a/blogs/2019/10/15/new.html b/blogs/2019/10/15/new.html index 568d30d57..568acf781 100644 --- a/blogs/2019/10/15/new.html +++ b/blogs/2019/10/15/new.html @@ -12,13 +12,13 @@ - +

    Generate SECCOMP Profiles for Containers Using Podman and eBPF

    · One min read

    Valentin Rothberg checks in with the "Generate SECCOMP Profiles for Containers Using Podman and eBPF" blog here. In the article Valentin introduces the OCI seccomp hook which allows you to trace the syscalls of a container and then runs through a working example.

    - + \ No newline at end of file diff --git a/blogs/2019/10/23/Perona-PMM.html b/blogs/2019/10/23/Perona-PMM.html index 3aa84216e..875d7f3d8 100644 --- a/blogs/2019/10/23/Perona-PMM.html +++ b/blogs/2019/10/23/Perona-PMM.html @@ -12,13 +12,13 @@ - +

    PMM Server + podman&#58; Running a Container Without root Privileges

    · One min read

    podman logo

    PMM Server + podman: Running a Container Without root Privileges

    By Tom Sweeney GitHub

    Ceri Williams talks about how the Percona Monitoring and Management (PMM) can be run in a container using Podman without root privileges here. In the post Ceri talks about how Percona was able to replace Docker with Podman and Buildah and are able to run containers more securely by doing so.

    - + \ No newline at end of file diff --git a/blogs/2019/10/23/new.html b/blogs/2019/10/23/new.html index 01215725d..b35205434 100644 --- a/blogs/2019/10/23/new.html +++ b/blogs/2019/10/23/new.html @@ -12,13 +12,13 @@ - +

    PMM Server + podman&#58; Running a Container Without root Privileges

    · One min read

    Ceri Williams talks about how the Percona Monitoring and Management (PMM) can be run in a container using Podman without root privileges here. In the post Ceri talks about how Percona was able to replace Docker with Podman and Buildah and are able to run containers more securely by doing so.

    - + \ No newline at end of file diff --git a/blogs/2019/10/28/new.html b/blogs/2019/10/28/new.html index e73b929d2..b35ff6526 100644 --- a/blogs/2019/10/28/new.html +++ b/blogs/2019/10/28/new.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2019/10/28/podman-with-nfs.html b/blogs/2019/10/28/podman-with-nfs.html index c13a23d6b..6b55c2fa9 100644 --- a/blogs/2019/10/28/podman-with-nfs.html +++ b/blogs/2019/10/28/podman-with-nfs.html @@ -12,7 +12,7 @@ - + @@ -43,7 +43,7 @@ each host involved in the MPI job the specified container to /tmp/centos/containers.

    This enables me to use Podman in a even more HPC like environment where shared home directories are very common to share input and output data.

    - + \ No newline at end of file diff --git a/blogs/2019/10/29/new.html b/blogs/2019/10/29/new.html index 94b48a9b3..b1da63513 100644 --- a/blogs/2019/10/29/new.html +++ b/blogs/2019/10/29/new.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2019/10/29/podman-crun-f31.html b/blogs/2019/10/29/podman-crun-f31.html index b5cce61e9..4e1a892fb 100644 --- a/blogs/2019/10/29/podman-crun-f31.html +++ b/blogs/2019/10/29/podman-crun-f31.html @@ -12,13 +12,13 @@ - +

    First Look&#58; Rootless Containers and cgroup v2 on Fedora 31

    · 8 min read

    podman logo

    First Look: Rootless Containers and cgroup v2 on Fedora 31

    By Tom Sweeney GitHub

    I often times stay up too late at night watching late night television and run into these crazy commercials that tell you how easy their product is to use. If you’ve stayed up too, you know them as well. Just put your chicken and veggies in our oven, press 3 buttons and 45 minutes later a perfectly cooked meal! Easy! Got a leak? Slap on this tape and no more leak! Easy! Got a messy floor, just use this sweeper and you’ve the cleanest floor in the neighborhood! Easy!

    Podman runs secure rootless containers and it really is easy! Trust me, I’m not like those other folks! As we’ve had a number of people asking us about what’s needed to set Podman rootless containers up, I decided to run through the process myself and to blog about the steps I took.

    The first bit of the work has to be done as either the root user or someone with root privileges. For this walkthrough I used the root user on the console and the first thing I did was to upgrade my Fedora 30 Virtual Machine (VM) to Fedora 31. If you want to install Fedora 31 directly, the beta version just became available at the time of this writing, you could do that instead. The steps to do the upgrade are:

    # dnf -y upgrade --refresh
    # dnf -y install dnf-plugin-system-upgrade
    # dnf -y system-upgrade download --releasever=31
    # dnf system-upgrade reboot

    After the machine finished rebooting, my VM was running Fedora 31 so now I needed to install Podman with dnf -y install podman. After that completes, verify that you have Podman Version 1.6.2 or higher.

    # podman version
    Version: 1.6.2
    RemoteAPI Version: 1
    Go Version: go1.13.1
    OS/Arch: linux/amd64

    Now I’m going to follow the steps in the Basic Setup and Use of Podman in a Rootless environments tutorial to do the configuration necessary to run rootless containers.

    Podman running rootless containers does have a few software dependencies. Most if not all of these should be installed for you on Fedora 31 by default, but just to verify I did:

    # dnf -y install slirp4netns fuse-overlayfs
    Last metadata expiration check: 0:02:26 ago on Sat 14 Sep 2019 07:56:03 PM EDT.
    Package slirp4netns-0.4.0-20.1.dev.gitbbd6f25.fc31.x86_64 is already installed.
    Package fuse-overlayfs-0.6.2-2.git67a4afe.fc31.x86_64 is already installed.
    Dependencies resolved.
    Nothing to do.
    Complete!

    Now the user namespaces need to be setup. Rootless Podman requires the user running it to have a range of UIDs and GIDs listed in the /etc/subuid and /etc/subgid files. These files control which UIDs and GIDs the user is allocated to use on the system. Depending upon how your user was first created, these files may already have entries in them for your user. If so, you don’t need to do anything else. If not, then you can edit either file directly, or you can use useradd to create the user and allocate entries in both files, or you can use the usermod command to allocate them for a preexisting user. In this example usermod has allocated the values from 10000 to 55537 for the local “tom” account to use in our system.

    # usermod -v 10000-65536 -w 10000-65536 tom

    # cat /etc/subuid
    tom:10000:55537

    # cat /etc/subgid
    tom:10000:55537

    If you have multiple users, you’ll need to be sure that the ranges that are assigned to them in either /etc/subuid or /etc/subgid don’t overlap or they could gain control of the other persons containers in that overlap.

    Now we’re done running with a privileged account. From here on out we can run as a non-privileged user, so I next opened up a new terminal and ssh’d into the host using the non-privileged ‘tom’ account:

    $ ssh tom@192.168.122.228
    tom@192.168.122.228's password:

    The first thing to do is to check for the crun command.

    # whereis crun
    crun: /usr/bin/crun /usr/share/man/man1/crun.1.gz

    The crun command is the runtime the allows for cgroup V2 support and is supplied starting with Fedora 31. Other container systems use the runc runtime. However, runc only supports cgroup V1. The cgroup kernel feature allows you to allocate resources such as CPU time, network bandwidth and system memory to a container. Version 1 of cgroup only supports containers that are run by root, while version 2 supports containers that are run by root or a non-privileged user.

    A few tweaks to the ‘tom’ account config files may be needed, in most cases these files will not need tweaking, but let’s verify them. The first up is libpod.conf and to get a default variant of that file, just run podman info first.

    $ podman info
    $ vi .config/containers/libpod.conf

    And if it’s not already set, set the runtime option in libpod.conf to “crun”.

    runtime = "crun"

    Then in .config/containers/storage.conf make sure the mount_program = “/usr/bin/fuse-overlayfs” line is uncommented.

    Just that easy, you’re ready to run Rootless Podman. See I told you I’m not like those other guys! Let’s try setting up a rootless container running httpd. Let’s create this Dockerfile in the local directory:

    $ cat Dockerfile
    FROM registry.access.redhat.com/ubi8/ubi:8.0

    MAINTAINER Podman Mailing List <podman@lists.podman.io>
    ENV DOCROOT=/var/www/html

    RUN yum --disableplugin=subscription-manager --nodocs -y install httpd \
    && yum --disableplugin=subscription-manager clean all \
    && echo "Hello from the httpd-parent container!" > ${DOCROOT}/index.html

    EXPOSE 80

    CMD httpd -D FOREGROUND

    And now build using it:

    $  podman build -t myhttp .
    STEP 1: FROM registry.access.redhat.com/ubi8/ubi:8.0
    Getting image source signatures
    Copying blob 641d7cc5cbc4 done
    Copying blob c65691897a4d done
    Copying config 11f9dba4d1 done
    Writing manifest to image destination
    Storing signatures
    STEP 2: MAINTAINER Podman Mailing List <podman@lists.podman.io>
    bed974e664909b511f14e2cc21a59642c81fd1d958db12d7ef8fdc1e74f3d364
    STEP 3: ENV DOCROOT=/var/www/html
    5eee83e1e640a4aa2c5f39caa11c3a24ec22e37f99633c2ee9912e8f65a5ff81
    STEP 4: RUN yum --disableplugin=subscription-manager --nodocs -y install httpd && yum --disableplugin=subscription-manager clean all && echo "Hello from the httpd-parent container!" > ${DOCROOT}/index.html
    Red Hat Universal Base Image 8 (RPMs) - AppStre 1.0 MB/s | 2.3 MB 00:02
    Red Hat Universal Base Image 8 (RPMs) - BaseOS 769 kB/s | 754 kB 00:00
    Dependencies resolved.
    {A number of normal yum output lines removed for brevity}
    Installed:
    httpd-2.4.37-12.module+el8.0.0+4096+eb40e6da.x86_64
    apr-util-openssl-1.6.1-6.el8.x86_64
    apr-util-bdb-1.6.1-6.el8.x86_64
    apr-1.6.3-9.el8.x86_64
    apr-util-1.6.1-6.el8.x86_64
    httpd-tools-2.4.37-12.module+el8.0.0+4096+eb40e6da.x86_64
    mod_http2-1.11.3-3.module+el8.0.0+4096+eb40e6da.x86_64
    httpd-filesystem-2.4.37-12.module+el8.0.0+4096+eb40e6da.noarch
    mailcap-2.1.48-3.el8.noarch
    redhat-logos-httpd-80.7-1.el8.noarch

    Complete!
    16 files removed
    45fcaaf719615e97190bf38aa9d8d06e5437f0e10741343fd318777647584d6f
    STEP 5: EXPOSE 80
    865abb5a809cb0ffbc63fef2def892595fe54cfeffc67013a0096a5f0fff4b27
    STEP 6: CMD httpd -D FOREGROUND
    STEP 7: COMMIT myhttp
    f8d0bf10faa0460a111283a51d95e94421d1a46a21bca7f6f43a762469504593

    Now to verify the myhttp image has been created:

    $ podman images
    REPOSITORY TAG IMAGE ID CREATED SIZE
    localhost/myhttp latest a76baf5989a3 2 minutes ago 236 MB
    registry.access.redhat.com/ubi8/ubi 8.0 11f9dba4d1bc 5 weeks ago 216 MB

    Let’s now run our container and check that the http server is responding:

    $ podman run --detach --name myhttp_ctr localhost/myhttp 30d8b54f63c5d2a8ecbe30b56546082e32e701a87c98df81ee0d2565ed33db72
    $ curl localhost
    curl: (7) Failed to connect to localhost port 80: Connection refused

    But wait! Why did the curl command fail rather than return our index.html output from our webserver? That’s because we’re running a rootless container and the user running this container doesn’t have the privilege to connect to the container host’s port 80 for the webserver. So how can we be certain that the webserver is up and running? First let’s see if the container is up:

    $ podman ps
    CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
    30d8b54f63c5 localhost/myhttp:latest /bin/sh -c httpd ... 3 minutes ago Up 3 minutes ago myhttp_ctr

    The container appears to be up and running. Let’s exec into it and see if we can resolve the web server from inside of the container:

    $ podman exec -it myhttp_ctr /bin/bash
    bash-4.4# curl localhost
    Hello from the httpd-parent container!

    We’ve made contact with our web server from within the container. Granted this is not the most useful example from a real world side of things. However, it does show how a rootless container is able to run while the administrator of the host can build a good secure separation from the rootless container. Rootless containers keep unprivileged users from running or controlling things they should not on the host.

    Setting up a host to run rootless containers using Podman is a relatively painless process. Out of the box the only thing that may need to be done is to add entries in the /etc/subuid and /etc/subgid files for users that will be running containers. That’s it! We did a little more checking on the files above, but that wasn’t required. Once the user has those entries created for them, they can run containers in their own space without controlling things on the host that they should not. It really is just that easy, and best yet, you didn’t even have to stay up late at night so you could call now “For just $19.99 we’ll give you rootless containers and if you sign up now, you can run them safely too!”. Instead, rootless containers are there and ready for your use starting in Podman v1.6.2 right now.

    - + \ No newline at end of file diff --git a/blogs/2019/10/31/cgroupv2.html b/blogs/2019/10/31/cgroupv2.html index da55a6839..4d9000c68 100644 --- a/blogs/2019/10/31/cgroupv2.html +++ b/blogs/2019/10/31/cgroupv2.html @@ -12,13 +12,13 @@ - +

    The current adoption status of cgroup v2 in containers

    · One min read

    podman logo

    The current adoption status of cgroup v2 in containers

    By Tom Sweeney GitHub

    In case you missed Akihiro Suda's post on Medium.com, The current adoption status of cgroup v2 in containers, here's a quick link to it. In the article Akihiro talks all things cgroup v2 and what changes it promises to bring to the world of containers, and Podman is at the forefront of that change.

    - + \ No newline at end of file diff --git a/blogs/2019/10/31/new.html b/blogs/2019/10/31/new.html index 0a0d012ca..4d66c77cf 100644 --- a/blogs/2019/10/31/new.html +++ b/blogs/2019/10/31/new.html @@ -12,13 +12,13 @@ - +

    The current adoption status of cgroup v2 in containers

    · One min read

    In case you missed Akihiro Suda's post on Medium.com, The current adoption status of cgroup v2 in containers, here's a quick link to it. In the article Akihiro talks all things cgroup v2 and what changes it promises to bring to the world of containers, and Podman is at the forefront of that change.

    - + \ No newline at end of file diff --git a/blogs/2019/11/05/docker2podman.html b/blogs/2019/11/05/docker2podman.html index 8ae565998..cc95b4001 100644 --- a/blogs/2019/11/05/docker2podman.html +++ b/blogs/2019/11/05/docker2podman.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2019/11/05/new.html b/blogs/2019/11/05/new.html index 2fad64e86..dd6a420ed 100644 --- a/blogs/2019/11/05/new.html +++ b/blogs/2019/11/05/new.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2019/11/07/basic-security-principles.html b/blogs/2019/11/07/basic-security-principles.html index c7cc034fa..401ad148e 100644 --- a/blogs/2019/11/07/basic-security-principles.html +++ b/blogs/2019/11/07/basic-security-principles.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2019/11/07/new.html b/blogs/2019/11/07/new.html index 4619f2350..723fdcc42 100644 --- a/blogs/2019/11/07/new.html +++ b/blogs/2019/11/07/new.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2019/11/08/build-ctrs-with-open-tools.html b/blogs/2019/11/08/build-ctrs-with-open-tools.html index 8f16c270f..4dbdbc31a 100644 --- a/blogs/2019/11/08/build-ctrs-with-open-tools.html +++ b/blogs/2019/11/08/build-ctrs-with-open-tools.html @@ -12,13 +12,13 @@ - +

    Building freely distributed containers with open tools

    · One min read

    podman logo

    Building freely distributed containers with open tools

    By Tom Sweeney GitHub

    Scott McCarty (@fatherlinux) has an amazing video on YouTube about Building freely distributed containers with open tools. As only Scott could say "Although explaining how to ride a Tron-style light cycle is beyond the scope of this tutorial, we will discuss something almost as exhilarating—building containers with #Podman and #RedHat Universal Base Image (UBI). We will cover how to build and run #containers based on #UBI using just your regular user account—no daemon, no root (rootless), no fuss. Finally, we will order the deresolution of all of our containers with a really cool command. You probably won’t be promoted to CEO of ENCOM after this talk, but you will have new tools in your toolbelt for how to find, run, build, and share container images."

    - + \ No newline at end of file diff --git a/blogs/2019/11/08/new.html b/blogs/2019/11/08/new.html index 9c56341d6..4de730bfe 100644 --- a/blogs/2019/11/08/new.html +++ b/blogs/2019/11/08/new.html @@ -12,13 +12,13 @@ - +

    Building freely distributed containers with open tools

    · One min read

    Scott McCarty (@fatherlinux) has an amazing video on YouTube about Building freely distributed containers with open tools. As only Scott could say "Although explaining how to ride a Tron-style light cycle is beyond the scope of this tutorial, we will discuss something almost as exhilarating—building containers with #Podman and #RedHat Universal Base Image (UBI). We will cover how to build and run #containers based on #UBI using just your regular user account—no daemon, no root (rootless), no fuss. Finally, we will order the deresolution of all of our containers with a really cool command. You probably won’t be promoted to CEO of ENCOM after this talk, but you will have new tools in your toolbelt for how to find, run, build, and share container images."

    - + \ No newline at end of file diff --git a/blogs/2019/11/12/F31-Control-Group-v2.html b/blogs/2019/11/12/F31-Control-Group-v2.html index 58c33e55f..44d402efa 100644 --- a/blogs/2019/11/12/F31-Control-Group-v2.html +++ b/blogs/2019/11/12/F31-Control-Group-v2.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2019/11/12/new.html b/blogs/2019/11/12/new.html index 1c4a37136..c844a188b 100644 --- a/blogs/2019/11/12/new.html +++ b/blogs/2019/11/12/new.html @@ -12,13 +12,13 @@ - +

    Fedora 31 and Control Group v2

    · One min read

    Dan Walsh has another blog post on the Red Hat Enable Sysadmin site this time about Fedora 31 and Control Group v2. In the post Dan talks about the new version of control groups that is part of the Fedora 31 release and how it makes containers even more secure.

    - + \ No newline at end of file diff --git a/blogs/2019/11/13/lease-routable-ip-addrs.html b/blogs/2019/11/13/lease-routable-ip-addrs.html index d2b1cf5aa..4bad79447 100644 --- a/blogs/2019/11/13/lease-routable-ip-addrs.html +++ b/blogs/2019/11/13/lease-routable-ip-addrs.html @@ -12,13 +12,13 @@ - +

    Leasing routable IP addresses with Podman containers

    · One min read

    podman logo

    Leasing routable IP addresses with Podman containers

    By Brent Baude GitHub

    Brent Baude has another blog post on the Red Hat Enable Sysadmin site this time about Leasing routable IP addresses with Podman containers. In the post Brent talks about using the macvlan and the dhcp plugins that ship with the container-networking project in order to lease ip addresses for your containers.

    - + \ No newline at end of file diff --git a/blogs/2019/11/13/new.html b/blogs/2019/11/13/new.html index 9ca534cf5..6688afbbb 100644 --- a/blogs/2019/11/13/new.html +++ b/blogs/2019/11/13/new.html @@ -12,13 +12,13 @@ - +

    Leasing routable IP addresses with Podman containers

    · One min read

    Brent Baude has another blog post on the Red Hat Enable Sysadmin site this time about Leasing routable IP addresses with Podman containers. In the post Brent talks about using the macvlan and the dhcp plugins that ship with the container-networking project in order to lease ip addresses for your containers.

    - + \ No newline at end of file diff --git a/blogs/2019/11/20/new.html b/blogs/2019/11/20/new.html index 6131c1e5a..443dd411a 100644 --- a/blogs/2019/11/20/new.html +++ b/blogs/2019/11/20/new.html @@ -12,13 +12,13 @@ - +

    How To Install Podman on Debian

    · One min read

    Josphat Mutai posted a blog post on the Computing for Geeks site talking about How To Install Podman on Debian. In the post Josphat walks through all the steps necessary from 'A' to 'Z' to get Podman up and running on Debian and how to do some initial Podman commands.

    - + \ No newline at end of file diff --git a/blogs/2019/11/20/run-podman-on-debian.html b/blogs/2019/11/20/run-podman-on-debian.html index 1cadd1022..b43b03888 100644 --- a/blogs/2019/11/20/run-podman-on-debian.html +++ b/blogs/2019/11/20/run-podman-on-debian.html @@ -12,13 +12,13 @@ - +
    - + \ No newline at end of file diff --git a/blogs/2019/11/26/new.html b/blogs/2019/11/26/new.html index d52e9f1a5..e2523fcb0 100644 --- a/blogs/2019/11/26/new.html +++ b/blogs/2019/11/26/new.html @@ -12,13 +12,13 @@ - +

    Rootless Podman and NFS

    · One min read

    Dan Walsh has another blog post on the Red Hat Enable Sysadmin site this time about Rootless Podman and NFS. In the post Dan talks about how you can make some minor configuration changes to allow Podman to use a user's home directory on an NFS share. Give it a read!

    - + \ No newline at end of file diff --git a/blogs/2019/11/26/rootless-podman-and-nfs.html b/blogs/2019/11/26/rootless-podman-and-nfs.html index 9267e21c1..342684c9c 100644 --- a/blogs/2019/11/26/rootless-podman-and-nfs.html +++ b/blogs/2019/11/26/rootless-podman-and-nfs.html @@ -12,13 +12,13 @@ - +
    - + \ No newline at end of file diff --git a/blogs/2019/12/11/new.html b/blogs/2019/12/11/new.html index d4ce8a0a6..385047793 100644 --- a/blogs/2019/12/11/new.html +++ b/blogs/2019/12/11/new.html @@ -12,13 +12,13 @@ - +

    Understanding root inside and outside a container

    · One min read

    Do you run containers as root, or as a regular user? Scott McCarty has a blog post on the Red Hat Blog about this very subject, Understanding root inside and outside a container. In the post Scott walks you through what a rootless container does and how it can be a safer alternative to a container run by root.

    - + \ No newline at end of file diff --git a/blogs/2019/12/11/understanding-root.html b/blogs/2019/12/11/understanding-root.html index 856eab43a..79f63a9a4 100644 --- a/blogs/2019/12/11/understanding-root.html +++ b/blogs/2019/12/11/understanding-root.html @@ -12,13 +12,13 @@ - +

    Understanding root inside and outside a container

    · One min read

    podman logo

    Understanding root inside and outside a container

    By Tom Sweeney GitHub

    Do you run containers as root, or as a regular user? Scott McCarty has a blog post on the Red Hat Blog about this very subject, Understanding root inside and outside a container. In the post Scott walks you through what a rootless container does and how it can be a safer alternative to a container run by root.

    - + \ No newline at end of file diff --git a/blogs/2019/12/14/new.html b/blogs/2019/12/14/new.html index c5c3ac786..10e473b78 100644 --- a/blogs/2019/12/14/new.html +++ b/blogs/2019/12/14/new.html @@ -12,13 +12,13 @@ - +

    Working with Linux containers on RHEL 8 with Podman, image builder and web console

    · One min read

    Do you want to know how to setup RHEL 8 to run containers using Podman? Xuegang Jin has a blog post on the Red Hat Blog about this very subject, Working with Linux containers on RHEL 8 with Podman, image builder and web console. In the post Xuegang shows you how you can use Image Builder to create an OS image, how to run containers with Podman, and how to check the host and containers performance using Web Console.

    - + \ No newline at end of file diff --git a/blogs/2019/12/14/rhel8-podman.html b/blogs/2019/12/14/rhel8-podman.html index f40201ace..e8ac3bc6f 100644 --- a/blogs/2019/12/14/rhel8-podman.html +++ b/blogs/2019/12/14/rhel8-podman.html @@ -12,13 +12,13 @@ - +

    Working with Linux containers on RHEL 8 with Podman, image builder and web console

    · One min read

    podman logo

    Working with Linux containers on RHEL 8 with Podman, image builder and web console

    By Tom Sweeney GitHub

    Do you want to know how to setup RHEL 8 to run containers using Podman? Xuegang Jin has a blog post on the Red Hat Blog about this very subject, Working with Linux containers on RHEL 8 with Podman, image builder and web console. In the post Xuegang explains how you can use Image Builder to create an OS image, how to run containers with Podman, and how to check the host and containers performance using Web Console.

    - + \ No newline at end of file diff --git a/blogs/2019/12/17/new.html b/blogs/2019/12/17/new.html index 6a39be854..baeb30594 100644 --- a/blogs/2019/12/17/new.html +++ b/blogs/2019/12/17/new.html @@ -12,13 +12,13 @@ - +

    Running containers with Podman and shareable systemd services

    · One min read

    Podman version 1.7 is coming out soon and will include new features that will make management of containers with systemd services even easier. Valentin Rothberg has a blog post on the Red Hat Enable Sysadmin site that previews the features: Running containers with Podman and shareable systemd services. In the post Valentin goes over the highlights and then gives a great working example.

    - + \ No newline at end of file diff --git a/blogs/2019/12/17/podman-systemd-1-7.html b/blogs/2019/12/17/podman-systemd-1-7.html index 950e6d2dc..00d2b124f 100644 --- a/blogs/2019/12/17/podman-systemd-1-7.html +++ b/blogs/2019/12/17/podman-systemd-1-7.html @@ -12,13 +12,13 @@ - +

    Running containers with Podman and shareable systemd services

    · One min read

    podman logo

    Running containers with Podman and shareable systemd services

    By Bryan Hepworth GitHub

    Podman version 1.7 is coming out soon and will include new features that will make management of containers with systemd services even easier. Valentin Rothberg has a blog post on the Red Hat Enable Sysadmin site that previews the features: Running containers with Podman and shareable systemd services. In the post Valentin goes over the highlights and then gives a great working example.

    - + \ No newline at end of file diff --git a/blogs/2020/01/15/bioinformatics-with-rootless-podman.html b/blogs/2020/01/15/bioinformatics-with-rootless-podman.html index 100349841..7a47d882d 100644 --- a/blogs/2020/01/15/bioinformatics-with-rootless-podman.html +++ b/blogs/2020/01/15/bioinformatics-with-rootless-podman.html @@ -12,7 +12,7 @@ - + @@ -23,7 +23,7 @@ I found that Podman is very easy to interact with and created a Dockerfile. This is a list of commands in a text file that controls what gets installed. Create a new directory - in this case whatshap, to put the Dockerfile in:

    [nbh23@colombo whatshap]$ cat Dockerfile
    FROM registry.access.redhat.com/ubi8/ubi
    RUN yum -y update \
    && yum -y install python3 \
    && yum -y install make \
    && yum -y install gcc \
    && yum -y install redhat-rpm-config \
    && yum -y install zlib-devel \
    && yum -y install bzip2-devel \
    && yum -y install xz-devel \
    && yum -y install python3-devel \
    && yum clean all
    RUN pip3 install pysam && pip3 install whatshap

    Then we build the container image - from within the whatshap directory run:

    podman build -t whatshap .

    Notice the '.' at the end, that's important!

    You'll see the container image start to build, with notifications of where it's at. If all goes to plan you will then finally see notification that it's completed:

    STEP 4: COMMIT whatshap
    d523727fc6c297086e84e7ec99f62e8f5e6d093d9decb1b58ee8a4205d46b3dd

    We can then check it works:

    [nbh23@colombo whatshap]$ podman run -it whatshap
    [root@ac05564bd51b /]# whatshap -h
    usage: whatshap [-h] [--version] [--debug]
    {phase,stats,compare,hapcut2vcf,unphase,haplotag,genotype} ...

    positional arguments:
    {phase,stats,compare,hapcut2vcf,unphase,haplotag,genotype}
    phase Phase variants in a VCF with the WhatsHap algorithm
    stats Print phasing statistics of a single VCF file
    compare Compare two or more phasings
    hapcut2vcf Convert hapCUT output format to VCF
    unphase Remove phasing information from a VCF file
    haplotag Tag reads by haplotype
    genotype Genotype variants

    optional arguments:
    -h, --help show this help message and exit
    --version show program's version number and exit
    --debug Print debug messages
    [root@ac05564bd51b /]#

    Which all looks good - we now have our container image and can re-run that to do our whatshap analysis.

    All well and good, but what happens about storage of that analysis?

    We can add that to our Podman command, if we have a directory called data in /home we can map that as follows:

    podman run -v /home/nbh23/data:/home/nbh23:z -it whatshap

    The nice thing is that the UID and GID for files created this way all match up. The trailing :z makes selinux happy :-)

    [nbh23@colombo whatshap]$ podman run -v /home/nbh23/data:/home/nbh23:z -it whatshap
    [root@fef561d523b8 /]# ls
    bin boot dev etc home lib lib64 lost+found media mnt opt proc root run sbin srv sys tmp usr var
    [root@fef561d523b8 /]# cd /home
    [root@fef561d523b8 home]# ls
    nbh23
    [root@fef561d523b8 home]# cd nbh23
    [root@fef561d523b8 nbh23]# touch testfile
    [root@fef561d523b8 nbh23]# ls -la
    total 0
    drwxrwxr-x. 2 root root 22 Jan 21 09:09 .
    drwxr-xr-x. 3 root root 19 Jan 21 09:09 ..
    -rw-r--r--. 1 root root 0 Jan 21 09:09 testfile
    [root@fef561d523b8 nbh23]# exit
    [nbh23@colombo ~]$ ls
    Containers data Desktop Documents Downloads Music Pictures Public Templates Videos
    [nbh23@colombo ~]$ cd data
    [nbh23@colombo data]$ ls -la
    total 4
    drwxrwxr-x. 2 nbh23 nbh23 22 Jan 21 09:09 .
    drwx------. 17 nbh23 nbh23 4096 Jan 21 09:07 ..
    -rw-r--r--. 1 nbh23 nbh23 0 Jan 21 09:09 testfile
    [nbh23@colombo data]$

    One of the things I discovered whilst creating a more complex container image was that you can start the existing image into a bash session, doing the manipulation that you require, and then use the Podman commit command to write those changes. For example using our whatshap container image we can run it as follows:

    [nbh23@colombo data]$ podman run -it whatshap bash
    [root@73c4742e4724 /]#

    We can then make our alterations, and from another session commit those changes:

    [nbh23@colombo ~]$ podman commit 73c4742e4724 whatshap-altered
    Getting image source signatures
    Copying blob c630f5c3e169 skipped: already exists
    Copying blob 4bd7408cc1c8 skipped: already exists
    Copying blob 1383f0e3c813 skipped: already exists
    Copying blob a2ff5e229058 skipped: already exists
    Copying blob b75bf3e68dab done
    Copying config 931b7f5302 done
    Writing manifest to image destination
    Storing signatures
    931b7f5302af9965bff14e460c19ff9e756d74095940c6d85e63f929006c35f0
    [nbh23@colombo ~]$

    Then do podman image list to see what we have:

    [nbh23@colombo ~]$ podman image list
    REPOSITORY TAG IMAGE ID CREATED SIZE
    localhost/whatshap-altered latest 931b7f5302af About a minute ago 545 MB
    localhost/whatshap latest d523727fc6c2 3 days ago 545 MB
    registry.access.redhat.com/ubi8/ubi latest 096cae65a207 5 weeks ago 239
    [nbh23@colombo ~]$

    You can make multiple changes to your original container image until you are satisfied that it's working as you'd like.

    This has covered command line container image creation and usage, I'll be creating another blog post detailing graphical interactive containers as i'm aware that there are various interactive visual programs to cover too.

    Feel free to contact me with any ideas or suggestions / questions.

    - + \ No newline at end of file diff --git a/blogs/2020/01/15/new.html b/blogs/2020/01/15/new.html index aba0b695d..44b3cb073 100644 --- a/blogs/2020/01/15/new.html +++ b/blogs/2020/01/15/new.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2020/01/17/new.html b/blogs/2020/01/17/new.html index 4b37d13a3..0f34087dc 100644 --- a/blogs/2020/01/17/new.html +++ b/blogs/2020/01/17/new.html @@ -12,13 +12,13 @@ - +

    New API coming for Podman

    · One min read

    The new API for Podman, referred to as apiv2, has been merged into the libpod repository. It's a simpler REST API that's more compatible with Docker implementations than the varlink protocol that's currently in use. For more details, see this release announcement by Brent Baude.

    - + \ No newline at end of file diff --git a/blogs/2020/01/17/podman-new-api.html b/blogs/2020/01/17/podman-new-api.html index 4409a900b..da044b427 100644 --- a/blogs/2020/01/17/podman-new-api.html +++ b/blogs/2020/01/17/podman-new-api.html @@ -12,13 +12,13 @@ - +

    New API coming for Podman

    · 3 min read

    podman logo

    By Brent Baude GitHub

    If you follow the traffic on IRC (#podman on libera.chat) or GitHub from the developers of libpod, you might have seen us referencing a new API. We often referred to it as apiv2 and for about a month, there has been an 'apiv2' branch for libpod on GitHub. This week, we have begun to merge that branch but have yet to “wire it up.”

    First and foremost, the Golang libpod API remains largely unchanged. What is changing is the API we expose for automation and remote usage. Our previous API was based on the varlink protocol. But we heard from users that varlink was a hurdle for libpod adoption especially for those who were using the Docker API and its bindings. They simply could not or did not want to rewrite their custom applications for libpod’s new, varlink-based API.

    The new API is a simpler implementation based on HTTP/REST. We provide two basic groups of endpoints. The first one is for libpod; the second is for Docker compatibility, to ease adoption. The two endpoints are namespaced to keep them separate. Our goal with implementing a portion of the Docker API, is to be as compatible as possible; while similar calls in the libpod API might bring back additional libpod specific information.

    While these two endpoints work similarly, there are important and somewhat nuanced differences. The Docker API endpoint is useful for existing automation tied to that API and potentially tools like docker-compose.

    Example

    If you wanted a list of images with the libpod endpoint, you would use the following endpoint:

    <endpoint_base_url>/libpod/images/json

    And if you wanted a list of images but in docker-compatibility, you would use:

    <endpoint_base_url>/images/json

    In our proof of concepts, we have tested our endpoint with the docker-py project. There are of course subtle differences which we are still working on. And there are compatibility endpoints that we can not support like swarm which Podman does not support.

    We are working on a set of Golang bindings for the libpod endpoints. Eventually these bindings will be used to rewire our remote client. The rewire begins after all the libpod endpoints are working and have tests. We plan on working with the upstream community on podman-python support for the new libpod API, enabling python developers fully support for using podman containers.

    As for the existing varlink code, it has been in maintenance mode already. We will continue to address bugs but no new functionality will be developed. Once the new API is fully implemented, we plan to make a deprecation announcement.

    We are hopeful these changes help our users and larger community. We hope that the new API helps encourage contributors to help us complete the API as well as write bindings. Look for more information in the near future including status updates as well as how-tos.

    - + \ No newline at end of file diff --git a/blogs/2020/01/22/blog-posts.html b/blogs/2020/01/22/blog-posts.html index 8cc0bb6b6..f3ac8e08f 100644 --- a/blogs/2020/01/22/blog-posts.html +++ b/blogs/2020/01/22/blog-posts.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2020/01/22/new.html b/blogs/2020/01/22/new.html index aa0362e14..6a241bcbe 100644 --- a/blogs/2020/01/22/new.html +++ b/blogs/2020/01/22/new.html @@ -12,13 +12,13 @@ - +

    Blog posts from the Web

    · One min read

    A number of blog posts were posted over the past month and given the holiday crunch, we didn't get them listed on the site. So as a catch up, checkout the Blog posts on the Web blog which has a number of links on it to those great articles and videos.

    - + \ No newline at end of file diff --git a/blogs/2020/01/30/new.html b/blogs/2020/01/30/new.html index fa9e221a6..d8893595d 100644 --- a/blogs/2020/01/30/new.html +++ b/blogs/2020/01/30/new.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2020/01/30/podman-wsl.html b/blogs/2020/01/30/podman-wsl.html index 2e9389828..a103b6ac0 100644 --- a/blogs/2020/01/30/podman-wsl.html +++ b/blogs/2020/01/30/podman-wsl.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2020/02/06/deploy-pod-on-centos.html b/blogs/2020/02/06/deploy-pod-on-centos.html index 9159878d2..d77c6ddf7 100644 --- a/blogs/2020/02/06/deploy-pod-on-centos.html +++ b/blogs/2020/02/06/deploy-pod-on-centos.html @@ -12,13 +12,13 @@ - +
    - + \ No newline at end of file diff --git a/blogs/2020/02/06/new.html b/blogs/2020/02/06/new.html index 2b36f1004..90245bba8 100644 --- a/blogs/2020/02/06/new.html +++ b/blogs/2020/02/06/new.html @@ -12,13 +12,13 @@ - +

    Deploy a Pod on CentOS with Podman

    · One min read

    Jack Wallen has a blog post on the THENEWSTACK site with a great introduction on how to Deploy a Pod on CentOS with Podman. In the post, Jack talks about how Podman fits in the Red Hat ecosystem and then walks you through the fundamentals of creating and running a pod using Podman.

    - + \ No newline at end of file diff --git a/blogs/2020/02/07/new.html b/blogs/2020/02/07/new.html index c128329ba..6da7e31cb 100644 --- a/blogs/2020/02/07/new.html +++ b/blogs/2020/02/07/new.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2020/02/07/secure-containers.html b/blogs/2020/02/07/secure-containers.html index 51e302fa0..ff03f563d 100644 --- a/blogs/2020/02/07/secure-containers.html +++ b/blogs/2020/02/07/secure-containers.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2020/03/02/building-with-podman-and-buildah.html b/blogs/2020/03/02/building-with-podman-and-buildah.html index da2a9f896..c11da80ac 100644 --- a/blogs/2020/03/02/building-with-podman-and-buildah.html +++ b/blogs/2020/03/02/building-with-podman-and-buildah.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2020/03/02/new.html b/blogs/2020/03/02/new.html index 6540a2736..dad5c22c7 100644 --- a/blogs/2020/03/02/new.html +++ b/blogs/2020/03/02/new.html @@ -12,13 +12,13 @@ - +

    Building Container Images with Podman and Buildah

    · One min read

    We were just pointed to this post Building Container Images with Podman and Buildah by Puja Abbassi on the Giant Swarm site. In the article Puja goes over how Podman and Buildah handle daemonless and rootless building processes. A tardy link on this site, but worth a read!

    - + \ No newline at end of file diff --git a/blogs/2020/03/03/behind-the-covers.html b/blogs/2020/03/03/behind-the-covers.html index e7dd1c20f..c446d9344 100644 --- a/blogs/2020/03/03/behind-the-covers.html +++ b/blogs/2020/03/03/behind-the-covers.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2020/03/03/new.html b/blogs/2020/03/03/new.html index 6dc0833d5..789773b29 100644 --- a/blogs/2020/03/03/new.html +++ b/blogs/2020/03/03/new.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2020/03/13/image-signing.html b/blogs/2020/03/13/image-signing.html index 825b22a7e..08baa1e2d 100644 --- a/blogs/2020/03/13/image-signing.html +++ b/blogs/2020/03/13/image-signing.html @@ -12,7 +12,7 @@ - + @@ -22,7 +22,7 @@ Signing container images is nothing magical and can drastically enhance security to mitigate man-in-the-middle (MITM) attacks. Read all about it here.

    - + \ No newline at end of file diff --git a/blogs/2020/03/31/build-pull-options.html b/blogs/2020/03/31/build-pull-options.html index 2acdc36d4..1715f72a3 100644 --- a/blogs/2020/03/31/build-pull-options.html +++ b/blogs/2020/03/31/build-pull-options.html @@ -12,13 +12,13 @@ - +

    Pulling podman images from a container repository

    · One min read

    podman logo

    Pulling podman images from a container repository

    By Tom Sweeney GitHub

    Tom Sweeney has another blog post on the Red Hat Enable Sysadmin site this time he's writing about Pulling podman images from a container repository. Learn the different varieties of pull that the podman build command can use to speed up or further secure your environment in this post.

    - + \ No newline at end of file diff --git a/blogs/2020/03/31/new.html b/blogs/2020/03/31/new.html index f37e5b494..078672e0a 100644 --- a/blogs/2020/03/31/new.html +++ b/blogs/2020/03/31/new.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2020/04/04/convert-docker-compose-to-pods.html b/blogs/2020/04/04/convert-docker-compose-to-pods.html index 1aeae2d67..39aa2b6e8 100644 --- a/blogs/2020/04/04/convert-docker-compose-to-pods.html +++ b/blogs/2020/04/04/convert-docker-compose-to-pods.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2020/04/04/new.html b/blogs/2020/04/04/new.html index 5883b4225..115a88684 100644 --- a/blogs/2020/04/04/new.html +++ b/blogs/2020/04/04/new.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2020/04/05/managing-podman-pods-with-pods-compose.html b/blogs/2020/04/05/managing-podman-pods-with-pods-compose.html index d49316dad..0a94f54b4 100644 --- a/blogs/2020/04/05/managing-podman-pods-with-pods-compose.html +++ b/blogs/2020/04/05/managing-podman-pods-with-pods-compose.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2020/04/05/new.html b/blogs/2020/04/05/new.html index 44badf424..8b032c2ff 100644 --- a/blogs/2020/04/05/new.html +++ b/blogs/2020/04/05/new.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2020/04/14/new.html b/blogs/2020/04/14/new.html index f17069922..5ba424d69 100644 --- a/blogs/2020/04/14/new.html +++ b/blogs/2020/04/14/new.html @@ -12,13 +12,13 @@ - +

    Dockerless&#58; Build and Run Containers with Podman and systemd

    · One min read

    In this video, Kirill Shirinkin will show how to use Podman to build container images and run Java applications in containers with systemd. We are going to learn why we should at least try alternatives to Docker, how container runtime landscape changed and how Podman is different and in certain ways better than Docker. Watch now.

    - + \ No newline at end of file diff --git a/blogs/2020/04/14/podman-systemd.html b/blogs/2020/04/14/podman-systemd.html index 2c50c3ea4..1701ba636 100644 --- a/blogs/2020/04/14/podman-systemd.html +++ b/blogs/2020/04/14/podman-systemd.html @@ -12,13 +12,13 @@ - +

    Dockerless&#58; Build and Run Containers with Podman and systemd

    · One min read

    podman logo

    Dockerless: Build and Run Containers with Podman and systemd

    By Kirill Shirinkin GitHub

    In this video, Kirill Shirinkin will show how to use Podman to build container images and run Java applications in containers with systemd.

    We are going to learn why we should at least try alternatives to Docker, how container runtime landscape changed and how Podman is different and in certain ways better than Docker.

    Watch now.

    - + \ No newline at end of file diff --git a/blogs/2020/04/16/new.html b/blogs/2020/04/16/new.html index 7ade0fe51..f70db272e 100644 --- a/blogs/2020/04/16/new.html +++ b/blogs/2020/04/16/new.html @@ -12,7 +12,7 @@ - + @@ -21,7 +21,7 @@ the upstream commands may become unstable for a period of time until the final release is completed. More details in the announcement post.

    - + \ No newline at end of file diff --git a/blogs/2020/04/16/podman-v2-announce.html b/blogs/2020/04/16/podman-v2-announce.html index c08092167..943a98486 100644 --- a/blogs/2020/04/16/podman-v2-announce.html +++ b/blogs/2020/04/16/podman-v2-announce.html @@ -12,7 +12,7 @@ - + @@ -39,7 +39,7 @@ advancements that Podman v2.x will give our users. Subsequent blog posts will be written on those advancements and why they matter to our users.

    - + \ No newline at end of file diff --git a/blogs/2020/04/17/new.html b/blogs/2020/04/17/new.html index 59ff689fb..52790b193 100644 --- a/blogs/2020/04/17/new.html +++ b/blogs/2020/04/17/new.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2020/05/06/new.html b/blogs/2020/05/06/new.html index 1e4e19a15..56a6c197c 100644 --- a/blogs/2020/05/06/new.html +++ b/blogs/2020/05/06/new.html @@ -12,13 +12,13 @@ - +

    Podman installation documentation in French

    · One min read

    Est-ce que tu parles français? Le mien est horrible. But if your abilities to read and speak French is better than mine, check out this website that I was just pointed to. Installation podman sur CentOS 8 by Bilal Kalem shows you how to install Podman on Centos 8. If nothing else, check out the graphic at the top of the page!

    - + \ No newline at end of file diff --git a/blogs/2020/05/06/podman-in-french.html b/blogs/2020/05/06/podman-in-french.html index 985980383..31ad3450d 100644 --- a/blogs/2020/05/06/podman-in-french.html +++ b/blogs/2020/05/06/podman-in-french.html @@ -12,13 +12,13 @@ - +

    Podman installation documentation in French

    · One min read

    podman logo

    Podman installation documentation in French

    Est-ce que tu parles français? Le mien est horrible. But if your abilities to read and speak French is better than mine, check out this website that I was just pointed to. Installation podman sur CentOS 8 by Bilal Kalem shows you how to install Podman on Centos 8. If nothing else, check out the graphic at the top of the page!

    - + \ No newline at end of file diff --git a/blogs/2020/05/13/new.html b/blogs/2020/05/13/new.html index bcdd867f6..4c42f4f73 100644 --- a/blogs/2020/05/13/new.html +++ b/blogs/2020/05/13/new.html @@ -12,13 +12,13 @@ - +

    Update on Podman v2

    · One min read

    The local Podman v2 client is complete. It is passing all of its rootful and rootless system and integration tests.

    The CI/CID tests have been re-enabled upstream and are run with each pull request submission. We are now hard at work finishing up some of the core podman-remote functions. Once those functions are complete, we can then begin to run our podman-remote system and integration tests to catch any regressions.

    More details in the announcement post.

    - + \ No newline at end of file diff --git a/blogs/2020/05/13/podman-v2-update.html b/blogs/2020/05/13/podman-v2-update.html index 5b9187c36..9554ff6fe 100644 --- a/blogs/2020/05/13/podman-v2-update.html +++ b/blogs/2020/05/13/podman-v2-update.html @@ -12,13 +12,13 @@ - +

    Update on Podman v2

    · 2 min read

    podman logo

    Update on Podman v2

    By Brent Baude GitHub

    A few weeks ago, we made an announcement about the development of Podman V2. In the announcement, we mentioned that the state of upstream code would be jumbled for a while and that we would be temporarily disabling many of our CI/CD tests. The upstream development team has been hard at work, and we are starting to see that work pay off.

    Today, we are very excited to announce:

    The local Podman v2 client is complete. It is passing all of its rootful and rootless system and integration tests.

    The CI/CID tests have been re-enabled upstream and are run with each pull request submission. We are now hard at work finishing up some of the core podman-remote functions. Once those functions are complete, we can then begin to run our podman-remote system and integration tests to catch any regressions.

    We have re-enabled the autobuilds for Podman v2 in Fedora rawhide. As mentioned earlier, the Podman remote client is not complete, so that binary is temporarily being removed from the RPM. It will be re-added when the remote client is complete. As a corollary, the Windows and OS/X clients are also not being compiled or tested. This will occur once the remote client for Linux is complete.

    We encourage you to pull the latest upstream Podman code and exercise it with your use cases to help us protect against regressions from Podman v1. We hope to make a full Podman v2.0 release in several weeks, once we are confident it is stable. We look forward to hearing what you think, and please do not hesitate to raise issues and comments on this in our GitHub repository, our Freenode IRC channel #podman, or to the Podman mailing list.

    We’re very excited to bring Podman v2.0 to you as it offers a lot more flexibility through it’s new REST API interface and adds several enhancements to the existing commands. If your project builds on top of Podman, we would especially love to have you test this new version out so we can ensure complete compatibility with Podman v1.0 and address any issues found ASAP.

    Note: This announcement was first released to the Podman mailing list. If you are not yet a member of that community, please join us by sending an email to podman-join@lists.podman.io with the word “subscribe” as the title.

    - + \ No newline at end of file diff --git a/blogs/2020/06/29/new.html b/blogs/2020/06/29/new.html index 1c2df41e1..f7ed1160e 100644 --- a/blogs/2020/06/29/new.html +++ b/blogs/2020/06/29/new.html @@ -12,14 +12,14 @@ - +

    Announcing Podman v2.0

    · One min read

    Announcing Podman v2.0!

    Podman v2.0 is here! Brent Baude talks about the major highlights of the new release, including the new RESTful API, remote client improvements, Auto-update functionality and systemd integration improvements. More details in the announcement post.

    - + \ No newline at end of file diff --git a/blogs/2020/06/29/podman-v2-announce.html b/blogs/2020/06/29/podman-v2-announce.html index 095f27fde..5f65442a2 100644 --- a/blogs/2020/06/29/podman-v2-announce.html +++ b/blogs/2020/06/29/podman-v2-announce.html @@ -12,13 +12,13 @@ - +

    Announcing Podman v2.0

    · 4 min read

    podman logo

    Announcing Podman v2

    By Brent Baude GitHub

    If you have been following the upstream development of Podman, you have undoubtedly seen us refer to “2.0” or “Podman 2”. Today, we have made the first release of Podman 2 upstream. The release notes highlight many of the newest features but we wanted to call out some specific things in this blog and expand on them.

    “Pay no attention to the man behind the curtain”

    Most of the changes to the new Podman should be transparent to end users. We did a significant amount of replumbing in our internals to allow for future enhancements and more closely align many of the code paths. There are some subtle changes to the outputs of some commands and fields within JSON formatted responses. They were largely done to create more consistency amongst our commands as well as driven by user feedback.

    RESTful API

    The biggest change in Podman 2 is our introduction of a RESTful API to interact with our libraries. In actuality, the RESTful service was present in earlier versions but was tagged experimental. We have also deprecated the previous API implementation based on varlink. We will publish more specific blogs and tutorials on how to use the API but consider this a little introduction.

    The API was designed to have two layers: libpod and compatibility. The libpod layer allows you to interact directly with the libpod libraries. The compatibility layer is designed to emulate the Docker RESTful API to assist in migration of tools, applications, and services long-term to libpod. This can be made clearer with an example. Consider inspecting a container called ‘foobar’ with each layer. The endpoint paths would differ depending on the layers.

    /v1.24/containers/foobar   ← compatibility call
    /v1.0/libpod/containers/foobar ← libpod call

    Furthermore, the results of each call will differ. The compatibility result will closely emulate the response from Docker.

    Our preference is that people writing new code to interact with Podman should use the libpod layer only. This is a more sound long term strategy. But for people that need to migrate to Podman, the compatibility layer allows for a quick on-boarding. There are of course Docker endpoints we cannot or choose not to emulate due to incompatibities between Docker and Podman. Nevertheless, we have already seen some field success in migration of applications.

    In keeping with Podman’s history the restful API will work in both rootless and rootful mode. If you run in rootful mode, the podman service will listen on /run/podman/podman.sock and rootless is $XDG_RUNTIME_DIR/podman/podman.sock (for example: /run/user/1000/podman/podman.sock). If you install the podman-docker package, the package will set up a link between run/docker/docker.sock and /run/podman/podman.sock.

    Remote clients

    One of the consequences of our re-plumbing work is that our remote clients for Windows, Mac, and Linux are significantly smaller in size. The interface for the remote client connection has also changed to more of a URI format. As a matter of process, we attach a binary version of the remote clients to each release.

    It is also worth noting that a ‘--remote’ flag has been added to the Podman binary to allow it to act as a remote client.

    Auto-update

    The podman auto-update command allows for updating systemd-managed running containers when their images have been updated on the container registry. While it is still a tech preview in Podman v2.0, we added a number of improvements to better support authentication and to select the correct images on ARM. If you’re interested in auto updates, please check them out and let us know what you think.

    systemd Integration Improvements

    A major improvement for Podman’s systemd support is that podman generate systemd now supports using the --new flag on pods. This allows for creating shareable systemd units not only for containers but also for pods. Additionally, we added a number of changes to make the systemd units more robust and reliable, such as cleanly starting after a system crash and clean shutdowns even when conmon has been killed. The names of generated files can further be altered with the new --container-prefix and --pod-prefix flags.

    Conclusion

    This is a major new version of Podman with the goal to support all of your local container engine needs. We sincerely hope that the new features meet your needs. We continue to develop new content based on the API including new bits to the API itself. Before making too many more changes, we will let Podman “bake” for a while before the next radical functions are added.

    We would love to hear your feedback and look forward to working with the community on giving Podman users and developers the best container experience. Remember upstream Podman development usually hangs out on #podman on Freenode and on the Podman mailing list.

    - + \ No newline at end of file diff --git a/blogs/2020/07/01/new.html b/blogs/2020/07/01/new.html index 76021879f..2669effb4 100644 --- a/blogs/2020/07/01/new.html +++ b/blogs/2020/07/01/new.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2020/07/01/rest-versioning.html b/blogs/2020/07/01/rest-versioning.html index 9e62a530d..666f54a07 100644 --- a/blogs/2020/07/01/rest-versioning.html +++ b/blogs/2020/07/01/rest-versioning.html @@ -12,13 +12,13 @@ - +

    Podman REST API and Docker compatibility

    · 2 min read

    podman logo

    Podman REST API and Docker compatibility

    By Matthew Heon GitHub

    Versioning the REST API

    Podman v2.0.0 launched recently, and with it the REST API. We’ve seen a great deal of excitement with this new API because of what it will enable - enabling applications and automation to use Podman when the could previously only use Docker. As you may know, Podman’s REST API is split into two halves: one providing a Docker-compatible API, and a Libpod API providing support for Podman’s unique features such as pods. We would love for all projects to eventually grow to support for our native Libpod API, but this will take time (and may be impossible for older, no longer maintained projects). As such, we need to talk about the Compatibility API and how it can be used.

    When we developed the compatibility API layer, we targeted the latest released version of the Docker API, v1.40. Within this version, we aimed to implement all endpoints, with the exception of those used for Swarm(1). Podman is not a tool for managing clusters, and does not intend to become one. We recognize that many existing tools do not target this specific Docker API version, and these are occasionally breaking changes in the Docker API that may make using the newest API impossible. The core Podman team cannot commit to being bug-for-bug compatible with every version of the Docker API. The Podman team commits to fixing bugs related to the latest version of Docker API. We may fix bugs with older versions that affect many users. As a community project, we gladly accept help here - if you find bugs that prevent Podman from working with a specific API version you use and are willing to fix them, we’re always happy to accept patches!

    We’re very excited by the possibilities the new Podman API offers, and encourage everyone to try it out. Question and bug reports are always welcome at our Github page or our email list.


    1. The Podman team believes the best tool for container orchestration is Kubernetes. The podman generate kube and podman play kube ease developer transitioning from single node containers/pods to full Kubernetes workloads.
    - + \ No newline at end of file diff --git a/blogs/2020/07/07/new.html b/blogs/2020/07/07/new.html index e74f9fa74..3496d73d8 100644 --- a/blogs/2020/07/07/new.html +++ b/blogs/2020/07/07/new.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2020/07/07/repo-rename.html b/blogs/2020/07/07/repo-rename.html index 06cd7c60c..8f18440a9 100644 --- a/blogs/2020/07/07/repo-rename.html +++ b/blogs/2020/07/07/repo-rename.html @@ -12,13 +12,13 @@ - +

    The Podman repository has been renamed

    · 2 min read

    podman logo

    The Podman repository has been renamed

    By Matthew Heon GitHub

    The Podman repository on Github is moving from github.com/containers/libpod to github.com/containers/podman! Read on to find out why, and how it will affect you.

    Three years ago, we created a new Git repository to hold our new container-management tool and the library it was based on. At the time, Podman was not named Podman, but kpod - a name no one on the team liked, and one we’d hoped to replace quickly. Given this, we decided to name the repository after the library we’d written to manage containers - libpod. Four months after that, we made the first public release of the tool, and with it came a new name - Podman (POD MANager). The rest is, as they say, history. The Podman team is incredibly grateful for the success we’ve seen since then, and the way that the community has grown.

    With the release of Podman 2.0, we decided it was a good time to for the rename our repository to better match how it’s used today. We’ve decided to rename our Github repository from containers/libpod to containers/podman. The libpod name made sense when we first made the repository, but it hasn’t been the focus of development for some time. We’ve actually been considering moving the libpod library into a separate repository, to make it easier to include in our other tools (and it would be very confusing for containers/libpod to not include libpod!). Given this, and the fact that there are far more users of Podman the tool than libpod the library, renaming the repository makes a great deal of sense.

    Finally, this rename helps make the repository more discoverable - it’s hard for a new Podman user to know that issues should be filed against containers/libpod since they probably don’t know what libpod is.

    We don’t expect this move will break anyone’s workflow. Github will ensure that the old URLs redirect to the new location, so access to the repo itself, as well as our issues and pull requests, should be unaffected.

    - + \ No newline at end of file diff --git a/blogs/2020/07/16/new.html b/blogs/2020/07/16/new.html index eafcb73bb..118fa163d 100644 --- a/blogs/2020/07/16/new.html +++ b/blogs/2020/07/16/new.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2020/07/16/podman-and-cron.html b/blogs/2020/07/16/podman-and-cron.html index 2abba0040..deae49dc0 100644 --- a/blogs/2020/07/16/podman-and-cron.html +++ b/blogs/2020/07/16/podman-and-cron.html @@ -12,13 +12,13 @@ - +
    - + \ No newline at end of file diff --git a/blogs/2020/07/17/additional-image-stores.html b/blogs/2020/07/17/additional-image-stores.html index dff92a81e..29d6b990c 100644 --- a/blogs/2020/07/17/additional-image-stores.html +++ b/blogs/2020/07/17/additional-image-stores.html @@ -12,13 +12,13 @@ - +
    - + \ No newline at end of file diff --git a/blogs/2020/07/17/new.html b/blogs/2020/07/17/new.html index 3028e9ec4..9f435c176 100644 --- a/blogs/2020/07/17/new.html +++ b/blogs/2020/07/17/new.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2020/07/18/new.html b/blogs/2020/07/18/new.html index 07a8b45be..462359240 100644 --- a/blogs/2020/07/18/new.html +++ b/blogs/2020/07/18/new.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2020/07/18/speed-up-build-with-overlayfs.html b/blogs/2020/07/18/speed-up-build-with-overlayfs.html index f0748b21a..775643da1 100644 --- a/blogs/2020/07/18/speed-up-build-with-overlayfs.html +++ b/blogs/2020/07/18/speed-up-build-with-overlayfs.html @@ -12,13 +12,13 @@ - +
    - + \ No newline at end of file diff --git a/blogs/2020/08/01/deprecate-and-remove-varlink-notice.html b/blogs/2020/08/01/deprecate-and-remove-varlink-notice.html index b7ea0eef2..5b79b2d10 100644 --- a/blogs/2020/08/01/deprecate-and-remove-varlink-notice.html +++ b/blogs/2020/08/01/deprecate-and-remove-varlink-notice.html @@ -12,13 +12,13 @@ - +

    Podman API v1.0 Deprecation and Removal Notice

    · 3 min read

    podman logo

    Podman API v1.0 Deprecation and Removal Notice

    By Tom Sweeney GitHub

    The Podman API v1.0 relied on the varlink library to handle the underlying client/server calls from the Podman client to the host where the Podman service was running. About one year ago, the Podman team was notified that the focus on the varlink library was being greatly reduced and there would be no further development and little support for it from the varlink library team. This led the Podman team to investigate the use of other client/server technologies and it was decided to develop a RESTful API for Podman using the native Go libraries.

    This new Podman v2.0 RESTful API was released along with Podman v2.0 in June of 2020 and replaces the Podman API v1.0. As of that time the Podman API v1.0 for Podman is considered to be deprecated. If there are issues with the Podman API v1.0 in versions of Podman prior to v2.0 and those versions are still under support on Red Hat Enterprise Linux (RHEL), the Podman team will make a best effort to address those issues. However, no new feature requests for the API v1.0 will be considered and any problems found with the API v1.0 in Podman v2.0 will not be addressed.

    The new Podman v2.0 RESTful API is split into two halves: one providing a Docker-compatible API, and a Libpod API providing support for Podman’s unique features such as pods. The new API works in both a rootful and a rootless environment. It is a much more flexible solution and Podman will not have a dependency on another project in order to supply an API. For more information on the Podman v2.0 RESTful API please see articles on the podman.io site and also the documentation for the Podman v2.0 RESTful API here.

    Distributions have to support services for the length of their support agreements. The Podman development team wants to be free to update the version of Podman during this support cycle. Therefore, we are planning to drop support for Podman API v1.0 from distributions Red Hat is the packagers for. The version of Podman, 2.*, which is contained in Fedora 33, scheduled to be released around Oct 31, 2020, will ship with no varlink support. We also plan to drop support from the RHEL8.4 release, spring 2021. Other distributions like OpenSUSE have already disabled varlink support and we have heard that other distributions will follow suit.

    This also serves as a notification that the Podman v1.0 (varlink) API will be removed from the main GitHub branch of Podman in the near future. With the release of Podman v2.0 the Podman developers deprecated the Podman API v1.0 in favor of the new Podman v2.0 RESTful API. The plan is to remove varlink completely from the Podman v3.0 development branch which will be created some time after September 2020. A 30 day notification of the final removal date will be posted on the podman.io site and also on the Podman mailing list, along with social media once it is definitively determined.

    If you have any questions or concerns about this notification, please send a note to the Podman mailing list or create an issue on Podman’s GitHub repository.

    - + \ No newline at end of file diff --git a/blogs/2020/08/01/new.html b/blogs/2020/08/01/new.html index 8358d4b8b..bc82e13cc 100644 --- a/blogs/2020/08/01/new.html +++ b/blogs/2020/08/01/new.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2020/08/02/new.html b/blogs/2020/08/02/new.html index 9d37ab28e..34ee2dc7a 100644 --- a/blogs/2020/08/02/new.html +++ b/blogs/2020/08/02/new.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2020/08/02/systemd-integration-v2.html b/blogs/2020/08/02/systemd-integration-v2.html index 5870a4163..c0602ccc0 100644 --- a/blogs/2020/08/02/systemd-integration-v2.html +++ b/blogs/2020/08/02/systemd-integration-v2.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2020/08/10/new.html b/blogs/2020/08/10/new.html index 222978156..c1b602e22 100644 --- a/blogs/2020/08/10/new.html +++ b/blogs/2020/08/10/new.html @@ -12,7 +12,7 @@ - + @@ -23,7 +23,7 @@ direct route to a production ready application. More details from Lokesh Mandvekar and Parker Van Roy in this post.

    - + \ No newline at end of file diff --git a/blogs/2020/08/10/podman-go-bindings.html b/blogs/2020/08/10/podman-go-bindings.html index 42633a20e..9fba7b194 100644 --- a/blogs/2020/08/10/podman-go-bindings.html +++ b/blogs/2020/08/10/podman-go-bindings.html @@ -12,7 +12,7 @@ - + @@ -71,7 +71,7 @@ It also includes a section on the RESTful API.

    Contribute

    Acknowledgments

    • This blog post was co-authored by Parker Van Roy, currently interning at Red Hat for summer 2020.

    • Thanks to Brent Baude for the initial blog post suggestion and reviews.

    • Thanks to Tom Sweeney, Valentin Rothberg, Dan Walsh and the entire Podman team for their reviews and insightful comments.

    - + \ No newline at end of file diff --git a/blogs/2020/08/11/migrate-from-docker-compose.html b/blogs/2020/08/11/migrate-from-docker-compose.html index 0e366fc33..5a3fb6695 100644 --- a/blogs/2020/08/11/migrate-from-docker-compose.html +++ b/blogs/2020/08/11/migrate-from-docker-compose.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2020/08/11/new.html b/blogs/2020/08/11/new.html index 467ada5f2..78e42f5e7 100644 --- a/blogs/2020/08/11/new.html +++ b/blogs/2020/08/11/new.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2020/08/13/new.html b/blogs/2020/08/13/new.html index fed2d2770..2045b9d29 100644 --- a/blogs/2020/08/13/new.html +++ b/blogs/2020/08/13/new.html @@ -12,13 +12,13 @@ - +
    - + \ No newline at end of file diff --git a/blogs/2020/08/13/walk-through.html b/blogs/2020/08/13/walk-through.html index 7654883f6..97dc48d80 100644 --- a/blogs/2020/08/13/walk-through.html +++ b/blogs/2020/08/13/walk-through.html @@ -12,13 +12,13 @@ - +

    Learning Red Hat's Podman (docker), Buildah, Skopeo and Quay.io

    · One min read

    podman logo

    Learning Red Hat's Podman (docker), Buildah, Skopeo and Quay.io

    By Tom Sweeney GitHub

    Four engineers at IBM and Red Hat, JJ Asghar, Brian Tannous, Jason Dobies and Cedric Clyburn spent some time in a stream learning about Podman, Buildah, Skopeo from the ground up in this video blog post. Check out the video to get a great introduction to the tools.

    - + \ No newline at end of file diff --git a/blogs/2020/08/17/work-the-problems.html b/blogs/2020/08/17/work-the-problems.html index 2372f8ed5..f73cb2e0b 100644 --- a/blogs/2020/08/17/work-the-problems.html +++ b/blogs/2020/08/17/work-the-problems.html @@ -12,13 +12,13 @@ - +

    Podman Troubleshooting Guide

    · 3 min read

    podman logo

    Podman Troubleshooting Guide

    By Tom Sweeney GitHub

    As a kid, I was fascinated by space flight. If I couldn't be a fireman like my father, I wanted to be an astronaut. Of course I had to have a Major Matt Mason figure so I could fly him around the house and then land him softly in a jury-rigged parachute in my wading pool. Then of course the whole Apollo 13 drama had me riveted, and when the movie came out years later, I fell in love with this line in the movie, "Let's work the problem people. Let's not make things worse by guessing." by Ed Harris who played Gene Kranz the "vested" flight director.

    That's been a helpful creed for me and it's also helpful for the Podman world too. Many times the community spends a fair amount of effort answering issues and questions either in GitHub's issues or in the Podman Mailing List. That's really great, but sometimes the discussion finds that the problem is concerning an issue that is on the Podman Troubleshooting Guide. This page might be one of the least visited pages on the site, yet the most helpful, especially for people who are new to the Podman project.

    The page contains a number of common issues and solutions for Podman. It can help people who are running into issues find out if the issue has been encountered before. Some of the more common ones are issues with mounts and selinux, rootless containers not being able to ping the host, rootless containers exiting with the user, and more. A lot of the items of the page are not really issues with the Podman software, but rather that required configuration steps for use cases were not completed. Along with the problem and typical error responses on this page, each one has a solution section that will walk you through the steps needed to correct the problem. As common problems are encountered along the way, the community is encouraged to add them to the troubleshooting page, keeping it a fresh source of information.

    Hopefully this post will help users of Podman find and discover solutions to their problems more easily in the Podman Troubleshooting Guide. Just as importantly, it will act as a reminder for those in the community who are familiar with the page to consider adding problems and solutions that they may encounter. As we move forward, effective use of this page will help us prove Gene Kranz right in the Podman universe, "Failure is not an option".

    - + \ No newline at end of file diff --git a/blogs/2020/08/21/new.html b/blogs/2020/08/21/new.html index 1a6835240..5b5d5fe7d 100644 --- a/blogs/2020/08/21/new.html +++ b/blogs/2020/08/21/new.html @@ -12,13 +12,13 @@ - +

    Container video series&#58; Rootless containers, process separation, and OpenSCAP

    · One min read

    Do you want to know more about Rootless containers, process separation, and OpenSCAP? If you're like many, a video is a better learning device than a blog post. Well you're in luck, Brian Smith just landed a blog post on the Red Hat Enable Sysadmin site Container video series: Rootless containers, process separation, and OpenSCAP with a number of blog posts on the subject, many featuring Podman.

    - + \ No newline at end of file diff --git a/blogs/2020/08/21/rootless-separation-openscap.html b/blogs/2020/08/21/rootless-separation-openscap.html index 808876f15..b40cb7903 100644 --- a/blogs/2020/08/21/rootless-separation-openscap.html +++ b/blogs/2020/08/21/rootless-separation-openscap.html @@ -12,13 +12,13 @@ - +

    Container video series&#58; Rootless containers, process separation, and OpenSCAP

    · One min read

    podman logo

    Container video series: Rootless containers, process separation, and OpenSCAP

    By Tom Sweeney GitHub

    Do you want to know more about Rootless containers, process separation, and OpenSCAP? If you're like many, a video is a better learning device than a blog post. Well you're in luck, Brian Smith just landed a blog post on the Red Hat Enable Sysadmin site Container video series: Rootless containers, process separation, and OpenSCAP with a number of blog posts on the subject, many featuring Podman.

    - + \ No newline at end of file diff --git a/blogs/2020/08/24/container-time.html b/blogs/2020/08/24/container-time.html index 9b763bac2..c6ce95737 100644 --- a/blogs/2020/08/24/container-time.html +++ b/blogs/2020/08/24/container-time.html @@ -12,13 +12,13 @@ - +

    Tick-tock. Does your container know what time it is?

    · One min read

    podman logo

    Tick-tock. Does your container know what time it is?

    By Tom Sweeney GitHub

    Ashley Cui recently joined our team at Red Hat and just wrote her first ever blog post that is now on the Red Hat Enable Sysadmin site Tick-tock. Does your container know what time it is?. In this timely post, Ashley walks you through setting the timezone within a container using the --tz option. Just prior to this posting, I had answered a very similar question for someone. This is a really good and quick blog, and I'm sure the first of many for Ashley.

    - + \ No newline at end of file diff --git a/blogs/2020/08/24/new.html b/blogs/2020/08/24/new.html index c190847a6..42d0b398e 100644 --- a/blogs/2020/08/24/new.html +++ b/blogs/2020/08/24/new.html @@ -12,13 +12,13 @@ - +

    Tick-tock. Does your container know what time it is?

    · One min read

    Ashley Cui recently joined our team at Red Hat and just wrote her first ever blog post that is now on the Red Hat Enable Sysadmin site Tick-tock. Does your container know what time it is?. In this timely post, Ashley walks you through setting the timezone within a container using the --tz option. Just prior to this posting, I had answered a very similar question for someone. This is a really good and quick blog, and I'm sure the first of many for Ashley.

    - + \ No newline at end of file diff --git a/blogs/2020/08/31/new.html b/blogs/2020/08/31/new.html index 61ec42868..60e1edbbd 100644 --- a/blogs/2020/08/31/new.html +++ b/blogs/2020/08/31/new.html @@ -12,13 +12,13 @@ - +

    The podman play kube command now supports deployments

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, The podman play kube command now supports deployments, you can now learn all about the recent features added to Podman to interact with Kubernetes objects. The podman generate kube command allows you to export your existing containers into Kubernetes Pod YAML. This YAML can then be imported into OpenShift or a Kubernetes cluster. The podman play kube does the opposite, it allows you to take a Kubernetes YAML and run it in Podman. Learn all of the details and more in the blog post!

    - + \ No newline at end of file diff --git a/blogs/2020/08/31/podman-and-kubernetes.html b/blogs/2020/08/31/podman-and-kubernetes.html index 4812acdae..a0ded0ca2 100644 --- a/blogs/2020/08/31/podman-and-kubernetes.html +++ b/blogs/2020/08/31/podman-and-kubernetes.html @@ -12,13 +12,13 @@ - +

    The podman play kube command now supports deployments

    · One min read

    podman logo

    The podman play kube command now supports deployments

    By Matthew Heon GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, The podman play kube command now supports deployments, you can now learn all about the recent features added to Podman to interact with Kubernetes objects. The podman generate kube command allows you to export your existing containers into Kubernetes Pod YAML. This YAML can then be imported into OpenShift or a Kubernetes cluster. The podman play kube does the opposite, it allows you to take a Kubernetes YAML and run it in Podman. Learn all of the details and more in the blog post!

    - + \ No newline at end of file diff --git a/blogs/2020/09/02/new.html b/blogs/2020/09/02/new.html index 1894de4eb..52874ab8f 100644 --- a/blogs/2020/09/02/new.html +++ b/blogs/2020/09/02/new.html @@ -12,13 +12,13 @@ - +

    Podman remote clients for macOS and Windows

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, Podman remote clients for macOS and Windows, Brent Baude and Ashley Cui walk you through setting up a remote client on either Windows or macOS to let you manage your containers and images on your Linux backend. The post covers installation, ssh setup, creating the initial connection and finally how to use the client. Give it a quick look!

    - + \ No newline at end of file diff --git a/blogs/2020/09/02/running_windows_or_mac.html b/blogs/2020/09/02/running_windows_or_mac.html index f70966699..3c7b61a24 100644 --- a/blogs/2020/09/02/running_windows_or_mac.html +++ b/blogs/2020/09/02/running_windows_or_mac.html @@ -12,13 +12,13 @@ - +

    Podman remote clients for macOS and Windows

    · One min read

    podman logo

    Podman remote clients for macOS and Windows

    By Brent Baude GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, Podman remote clients for macOS and Windows, Brent Baude and Ashley Cui walk you through setting up a remote client on either Windows or macOS to let you manage your containers and images on your Linux backend. The post covers installation, ssh setup, creating the initial connection and finally how to use the client. Give it a quick look!

    - + \ No newline at end of file diff --git a/blogs/2020/09/18/multi-blog-posts.html b/blogs/2020/09/18/multi-blog-posts.html index 72d605c9d..ce55db3a4 100644 --- a/blogs/2020/09/18/multi-blog-posts.html +++ b/blogs/2020/09/18/multi-blog-posts.html @@ -12,13 +12,13 @@ - +

    Podman Posts of Interest

    · One min read

    podman logo

    Podman Posts of Interest

    By Brent Baude GitHub

    - + \ No newline at end of file diff --git a/blogs/2020/09/18/new.html b/blogs/2020/09/18/new.html index 6c9bd4afd..9723c5a64 100644 --- a/blogs/2020/09/18/new.html +++ b/blogs/2020/09/18/new.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    Podman Posts of Interest

    · One min read

    I've run across a number of posts over the past few weeks concerning Podman and have been busy getting other work done. So now I have a few moments and thought I'd add some links to the posts. Enjoy!

    - + \ No newline at end of file diff --git a/blogs/2020/09/22/security.html b/blogs/2020/09/22/security.html index 5664d9514..5d5a1378d 100644 --- a/blogs/2020/09/22/security.html +++ b/blogs/2020/09/22/security.html @@ -12,13 +12,13 @@ - +

    Podman Security Announcement

    · One min read

    podman logo

    Podman Security Issue

    Today, we're releasing updates to fix CVE-2020-14370, a security issue in Podman. This is a medium-severity information disclosure vulnerability that affects containers created using Podman’s Varlink API or the Docker-compatible version of its REST API. If two or more containers are created using these APIs, and the first container had environment variables added to it when it was created, all subsequent containers created using the Varlink or Docker-compatible REST APIs will also have these environment variables added. This effect does not persist after restarting the Podman API service.

    Podman v2.0.5 and higher contain a fix for the CVE. If you use either of these APIs, please update to Podman v2.0.5 or later. We will also be patching the long-term support v1.6.4 release used in RHEL and CentOS.

    - + \ No newline at end of file diff --git a/blogs/2020/09/28/devconf-ctr-tech.html b/blogs/2020/09/28/devconf-ctr-tech.html index 4f2816ae5..b1c72c15d 100644 --- a/blogs/2020/09/28/devconf-ctr-tech.html +++ b/blogs/2020/09/28/devconf-ctr-tech.html @@ -12,13 +12,13 @@ - +

    DevConf US 2020 Containers Technologies Talk

    · One min read

    podman logo

    DevConf US 2020 Containers Technologies Talk

    By Tom Sweeney GitHub

    In case you missed Kedar Kulkarni's excellent talk at DevConf.US 2020, "Docker, Podman, Buildah, Skopeo, and what else?", check out the video on YouTube. There were also a number of other interesting talks at DevConf.US 2020 that you might be interested in, you'll be able to find links to the talks at the DevConf.US site above.

    - + \ No newline at end of file diff --git a/blogs/2020/09/28/new.html b/blogs/2020/09/28/new.html index 87f3934b8..b9725235c 100644 --- a/blogs/2020/09/28/new.html +++ b/blogs/2020/09/28/new.html @@ -12,13 +12,13 @@ - +

    DevConf US 2020 Containers Technologies Talk

    · One min read

    By Tom Sweeney GitHub

    In case you missed Kedar Kulkarni's excellent talk at DevConf.US 2020, "Docker, Podman, Buildah, Skopeo, and what else?", check out the video on YouTube. There were also a number of other interesting talks at DevConf.US 2020 that you might be interested in, you'll be able to find links to the talks at the DevConf.US site above.

    - + \ No newline at end of file diff --git a/blogs/2020/09/30/Oct-6-Agenda.html b/blogs/2020/09/30/Oct-6-Agenda.html index 56764c9a5..cfe36195f 100644 --- a/blogs/2020/09/30/Oct-6-Agenda.html +++ b/blogs/2020/09/30/Oct-6-Agenda.html @@ -12,7 +12,7 @@ - + @@ -26,7 +26,7 @@ 11:00 a.m. to 12:p.m. Eastern (UTC−04:00) Bluejeans: https://bluejeans.com/796412039 (If you have trouble connecting, please reach out in IRC libera.chat #podman)

    Agenda:
    11:00 to 11:05Welcoming Remarks
    11:10 to 11:20Introductions - All Attendees
    11:20 to 11:30Upcoming Podman Release Features and Schedule - Matt Heon
    11:30 to 11:40Podman 3.0 Planning - Dan Walsh
    11:40 to 12:00Open Forum/Questions and Answers Session

    Next Meeting: Tuesday November 3, 2020 11:00 a.m. Eastern (UTC-04:00)

    - + \ No newline at end of file diff --git a/blogs/2020/09/30/new.html b/blogs/2020/09/30/new.html index 9b54ba2fa..e3d23b9f6 100644 --- a/blogs/2020/09/30/new.html +++ b/blogs/2020/09/30/new.html @@ -12,7 +12,7 @@ - + @@ -21,7 +21,7 @@ October 6 at 11:00 a.m. Eastern. It will be a video conference using BlueJeans and all of the details are on this post.

    - + \ No newline at end of file diff --git a/blogs/2020/10/05/new.html b/blogs/2020/10/05/new.html index 550b8bfe1..8e47549ba 100644 --- a/blogs/2020/10/05/new.html +++ b/blogs/2020/10/05/new.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2020/10/17/expoloring-restful-api.html b/blogs/2020/10/17/expoloring-restful-api.html index 481ae1393..f3d5b722f 100644 --- a/blogs/2020/10/17/expoloring-restful-api.html +++ b/blogs/2020/10/17/expoloring-restful-api.html @@ -12,13 +12,13 @@ - +

    Exploring Podman RESTful API using Python and Bash

    · One min read

    podman logo

    Exploring Podman RESTful API using Python and Bash

    By Jhon Honce GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, Exploring Podman RESTful API using Python and Bash, Jhon Honce nicely demonstrates the new Podman REST API using code examples in Python and shell commands. Additional notes are included in the code comments. The provided code was written to be clear vs. production quality.

    - + \ No newline at end of file diff --git a/blogs/2020/10/17/new.html b/blogs/2020/10/17/new.html index 0dae63a67..001d438b0 100644 --- a/blogs/2020/10/17/new.html +++ b/blogs/2020/10/17/new.html @@ -12,13 +12,13 @@ - +
    - + \ No newline at end of file diff --git a/blogs/2020/11/13/gitlab-runner-and-podman.html b/blogs/2020/11/13/gitlab-runner-and-podman.html index 15f0bf454..1d2c88f4f 100644 --- a/blogs/2020/11/13/gitlab-runner-and-podman.html +++ b/blogs/2020/11/13/gitlab-runner-and-podman.html @@ -12,13 +12,13 @@ - +

    The history of an API&#58; GitLab Runner and Podman

    · One min read

    podman logo

    The history of an API: GitLab Runner and Podman

    By Tom Sweeney GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, The history of an API: GitLab Runner and Podman, Pablo Greco from the CentOS QA team in Buenos Aires, Argentia documented his journey through a Podman and GitLab Runner integration. When Podman v2.2 arrives, GitLab Runner will be able to run with Podman right out of the box. Give the article a read to see how he got there.

    - + \ No newline at end of file diff --git a/blogs/2020/11/13/new.html b/blogs/2020/11/13/new.html index a31d9fefd..f4d100396 100644 --- a/blogs/2020/11/13/new.html +++ b/blogs/2020/11/13/new.html @@ -12,13 +12,13 @@ - +

    The history of an API&#58; GitLab Runner and Podman

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, The history of an API: GitLab Runner and Podman, Pablo Greco from the CentOS QA team in Buenos Aires, Argentia documented his journey through a Podman and GitLab Runner integration. When Podman v2.2 arrives, GitLab Runner will be able to run with Podman right out of the box. Give the article a read to see how he got there.

    - + \ No newline at end of file diff --git a/blogs/2020/12/01/new.html b/blogs/2020/12/01/new.html index 8eefaac3e..c44506a0c 100644 --- a/blogs/2020/12/01/new.html +++ b/blogs/2020/12/01/new.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2020/12/01/short-container-names.html b/blogs/2020/12/01/short-container-names.html index a43a2a8af..6138e91e2 100644 --- a/blogs/2020/12/01/short-container-names.html +++ b/blogs/2020/12/01/short-container-names.html @@ -12,13 +12,13 @@ - +

    Container image short names in Podman

    · One min read

    podman logo

    Container image short names in Podman

    By Tom Sweeney GitHub

    Do you like you container names to be short, sweet and yet secure? Valentin Rothberg shows you how in a recent blog post on the Red Hat Enable Sysadmin site, Container image short names in Podman. This functionality is now available in the upstream version of Podman and is targeted for Podman v3.0.

    - + \ No newline at end of file diff --git a/blogs/2020/12/07/new.html b/blogs/2020/12/07/new.html index ce479b72d..b23e76ac0 100644 --- a/blogs/2020/12/07/new.html +++ b/blogs/2020/12/07/new.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@
    - + \ No newline at end of file diff --git a/blogs/2020/12/07/podman-posts-of-interests.html b/blogs/2020/12/07/podman-posts-of-interests.html index cd234ff65..2b8feeb2f 100644 --- a/blogs/2020/12/07/podman-posts-of-interests.html +++ b/blogs/2020/12/07/podman-posts-of-interests.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    Podman Posts of Interest

    · 2 min read

    podman logo

    Podman Posts of Interest

    By Tom Sweeney GitHub

    A number of blog posts have flung by and I have not had a chance to get individual link posts to them, so thought I would add a few here that have popped up recently, links after the break!.

    - + \ No newline at end of file diff --git a/blogs/2020/12/09/new.html b/blogs/2020/12/09/new.html index 64c815c70..8fc32bf19 100644 --- a/blogs/2020/12/09/new.html +++ b/blogs/2020/12/09/new.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    Using Podman and systemd to manage container lifecycle

    · One min read

    Ed Haynes has put together a demo of using Podman and systemd to manage a container lifecycle that's available on GitHub. He's written up a post that does a nice job of walking through setting up the demo and running it.

    - + \ No newline at end of file diff --git a/blogs/2020/12/09/podman-systemd-demo.html b/blogs/2020/12/09/podman-systemd-demo.html index 3a9cf7adb..2cf7c5d3f 100644 --- a/blogs/2020/12/09/podman-systemd-demo.html +++ b/blogs/2020/12/09/podman-systemd-demo.html @@ -12,13 +12,13 @@ - +

    Using Podman and systemd to manage container lifecycle

    · 3 min read

    podman logo

    Using Podman and systemd to manage container lifecycle

    By Ed Haynes GitHub

    My background is in industrial automation, and in most cases, the edge devices in the factory are too underpowered to run Kubernetes as a method to manage the lifecycle of containers. The workloads have a very long lifecycle, and generally are "tied" to the edge device. There is a lot of value in containerizing applications on these edge devices, however, as it decouples the application dependencies from the OS and provides a level of isolation between applications. This demo will show how using Podman in conjunction with systemd provides an elegant solution for this sort of use case. In addition, this will be done as a "rootless" user - a key benefit of Podman that helps keep the device secure.

    For my demo, I used a minimal Fedora33 install with Podman installed. To simplify my lifecycle (which in industrial can be 10+ years) I want to keep the base OS as minimal and clean as possible and keep all application dependencies in the containers. I will be creating a redis in-memory keystore database as my containerized application and use the "podman generate systemd" utility to generate the systemd unit file. This file lets systemd know what your policies are for your application - whether it should start at boot or restart when it fails. In my case I want my application available at boot and also want it to restart in case of failure. I enable and start the systemd service with the --user flag, again I don't want root access for security reasons on this device.

    I provide a test script to test the redis container API. While I could have installed the redis-cli on my base Fedora33 OS to do this testing this would violate my desire to keep the base OS as minimal as possible. I pass values to the redis container's port via "nc" to set a key index of "frog" to 56. I then show via getting that index that the value is properly set. Now for the interesting part. I use pkill to kill the redis database and then show how systemd restarts the failed container. You can also reboot the OS and find your application running at startup.

    To tidy things up I provide a cleanup script which stops the service and cleans up the container so you can start the demo from the top if you like.

    To run this demo yourself (I've tested on Fedora33, Red Hat 8.3, and Ubuntu 20.10) ensure Podman and git are installed on your OS

    Also remember this is all done as a standard user - no root!

    git clone https://github.com/edhaynes/podman_systemd_usermode_demo.git

    cd podman_systemd_usermode_demo

    ./launch_redis_container.sh

    "launch_redis_container.sh" launches redis container, adds usermode systemd entry, enables and starts it. You will need to hit "q" to get out of the shown status.

    You should see something like:

    redis_server.service - Podman container-redis_ Loaded: loaded

    Active: active (running) since Wed 2020-12-09 09:22:40 EST; 1h 58min ago

    Now that redis is running you can run the test script that sets a key value, retrieves it, and then kills the redis container. systemd will then restart the container and you can see all is working again. Do this with:

    ./test_redis_container.sh

    Once you are done experimenting with it you can run the cleanup script to stop the systemd service, remove it and stop / remove the container.

    ./cleanup.sh

    Hope you enjoyed this demo and any comments or suggestions please make them in the GitHub repository.

    - + \ No newline at end of file diff --git a/blogs/2020/12/11/new.html b/blogs/2020/12/11/new.html index 64fdf883e..dd367c42e 100644 --- a/blogs/2020/12/11/new.html +++ b/blogs/2020/12/11/new.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2020/12/11/remove-varlink-libpod-conf-notice.html b/blogs/2020/12/11/remove-varlink-libpod-conf-notice.html index 34ad28690..8f8a5c485 100644 --- a/blogs/2020/12/11/remove-varlink-libpod-conf-notice.html +++ b/blogs/2020/12/11/remove-varlink-libpod-conf-notice.html @@ -12,13 +12,13 @@ - +

    Podman API v1.0 Deprecation and Removal Notice

    · 2 min read

    podman logo

    Podman API v1.0 and libpod.conf Removal Notice

    By Tom Sweeney GitHub

    On August 1, 2020, the Podman team posted a Podman API v1.0 Deprecation and Removal notice. As noted in that document, the Podman API v1.0 relied on the varlink library to handle the underlying client/server calls from the Podman client to the host where the Podman service was running. The support for the varlink library was greatly reduced in the spring of 2020. This led the Podman team to investigate the use of other client/server technologies and it was decided to develop a RESTful API for Podman using the native Go libraries.

    This new Podman v2.0 RESTful API was released along with Podman v2.0 in June of 2020 and replaces the Podman API v1.0. As of that time the Podman API v1.0 for Podman was considered to be deprecated. The Podman team noted that the Podman v1.0 (varlink) API would be removed from the Podman project in a future release and that a one month notice would be sent to the community before the version of Podman without the v1.0 API was released. This note represents that notice.

    The Podman API v1.0 was just recently removed from the upstream repository on GitHub as work has started on the next release of Podman, v3.0. Podman v3.0 is expected to be released on Fedora 33 in late January 2021 and then later next year in RHEL 8.4 and other distributions.

    At the same time as the removal of the Podman v1.0 API, the libpod.conf file has also been removed and it too will no longer be included with Podman starting in Podman v3.0. The functionality of this file has been replaced by containers.conf. If there have been modifications made to the libpod.conf file in your environment, you should be able to make the same changes in containers.conf and they will be honored.

    If you have any questions or concerns about this notification, please send a note to the Podman mailing list or create an issue on Podman’s GitHub repository.

    - + \ No newline at end of file diff --git a/blogs/2020/12/14/new.html b/blogs/2020/12/14/new.html index a2750f47d..b963a5fc2 100644 --- a/blogs/2020/12/14/new.html +++ b/blogs/2020/12/14/new.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2020/12/22/behind-container-images.html b/blogs/2020/12/22/behind-container-images.html index 42e942d32..43057b22a 100644 --- a/blogs/2020/12/22/behind-container-images.html +++ b/blogs/2020/12/22/behind-container-images.html @@ -12,7 +12,7 @@ - + @@ -22,7 +22,7 @@ opensourcers.org which talks about the basics of containers, how digests and manifests come into play, working with and creating multi-architecture images and more! It is a really nice discussion of all the pieces and parts of a container image for someone new to the technology right through people who are a lot more experienced, but might not know every nook and cranny.

    - + \ No newline at end of file diff --git a/blogs/2020/12/22/new.html b/blogs/2020/12/22/new.html index badcecff7..ce316bda8 100644 --- a/blogs/2020/12/22/new.html +++ b/blogs/2020/12/22/new.html @@ -12,7 +12,7 @@ - + @@ -21,7 +21,7 @@ opensourcers.org which talks about the basics of containers, how digests and manifests come into play, working with and creating multi-architecture images and more! It is a really nice discussion of all the pieces and parts of a container image for someone new to the technology right through people who are a lot more experienced, but might not know every nook and cranny.

    - + \ No newline at end of file diff --git a/blogs/2020/12/23/containers-com-podman.html b/blogs/2020/12/23/containers-com-podman.html index 6b0199437..008b776c4 100644 --- a/blogs/2020/12/23/containers-com-podman.html +++ b/blogs/2020/12/23/containers-com-podman.html @@ -12,7 +12,7 @@ - + @@ -21,7 +21,7 @@ Como está o seu português? Well if it's better than mine, check out Daniel Lara's video on YouTube. He walks through running Containers using Podman, creating pods, generating YAML for Kubernetes and more! Daniel uses a number of great examples, so it is pretty easy to follow along even if your Portugese is like mine. Apreciar!

    - + \ No newline at end of file diff --git a/blogs/2020/12/23/new.html b/blogs/2020/12/23/new.html index d922d3998..fa98cd47f 100644 --- a/blogs/2020/12/23/new.html +++ b/blogs/2020/12/23/new.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    Containers com Podman

    · One min read

    Como está o seu português? Well if it's better than mine, check out Daniel Lara's video on YouTube. He walks through running Containers using Podman, creating pods, generating YAML for Kubernetes and more! Daniel uses a number of great examples, so it is pretty easy to follow along even if your Portugese is like mine. Apreciar!

    - + \ No newline at end of file diff --git a/blogs/2021/01/11/new.html b/blogs/2021/01/11/new.html index fb7ef19f8..554699e39 100644 --- a/blogs/2021/01/11/new.html +++ b/blogs/2021/01/11/new.html @@ -12,13 +12,13 @@ - +

    Using Podman and Docker Compose

    · One min read

    One of the questions that the Podman development team has been hearing a lot over the past year or so is "Does Podman support Docker Compose? Up until recently, the answer was "not yet". With the soon to be released Podman v3.0, that answer changes to "NOW!" Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Using Podman and Docker Compose. This functionality is now available in the upstream version of Podman if you want to take a real sneak peak.

    - + \ No newline at end of file diff --git a/blogs/2021/01/11/podman-compose.html b/blogs/2021/01/11/podman-compose.html index b19845159..c727336bd 100644 --- a/blogs/2021/01/11/podman-compose.html +++ b/blogs/2021/01/11/podman-compose.html @@ -12,13 +12,13 @@ - +

    Using Podman and Docker Compose

    · One min read

    podman logo

    Using Podman and Docker Compose

    By Brent Baude GitHub

    One of the questions that the Podman development team has been hearing a lot over the past year or so is "Does Podman support Docker Compose? Up until recently, the answer was "not yet". With the soon to be released Podman v3.0, that answer changes to "NOW!" Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Using Podman and Docker Compose. This functionality is now available in the upstream version of Podman if you want to take a real sneak peak.

    - + \ No newline at end of file diff --git a/blogs/2021/01/15/managing-pods.html b/blogs/2021/01/15/managing-pods.html index 31c5d1818..4d71b952a 100644 --- a/blogs/2021/01/15/managing-pods.html +++ b/blogs/2021/01/15/managing-pods.html @@ -12,13 +12,13 @@ - +

    Podman&#58; Managing pods and containers in a local container runtime

    · One min read

    podman logo

    Podman: Managing pods and containers in a local container runtime

    By Brent Baude GitHub

    Podman has the ability to handle pod deployment which is a differentiator from other container runtimes. Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Podman: Managing pods and containers in a local container runtime. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    - + \ No newline at end of file diff --git a/blogs/2021/01/15/new.html b/blogs/2021/01/15/new.html index 22ee8f853..34bd61ab3 100644 --- a/blogs/2021/01/15/new.html +++ b/blogs/2021/01/15/new.html @@ -12,13 +12,13 @@ - +

    Podman&#58; Managing pods and containers in a local container runtime

    · One min read

    Podman has the ability to handle pod deployment which is a differentiator from other container runtimes. Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Podman: Managing pods and containers in a local container runtime. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    - + \ No newline at end of file diff --git a/blogs/2021/01/23/new.html b/blogs/2021/01/23/new.html index 15eba7308..0f95223af 100644 --- a/blogs/2021/01/23/new.html +++ b/blogs/2021/01/23/new.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@
    - + \ No newline at end of file diff --git a/blogs/2021/01/23/podman-posts-of-interests.html b/blogs/2021/01/23/podman-posts-of-interests.html index 027d21be8..845d94466 100644 --- a/blogs/2021/01/23/podman-posts-of-interests.html +++ b/blogs/2021/01/23/podman-posts-of-interests.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    Podman Posts of Interest

    · One min read

    podman logo

    Podman Posts of Interest

    By Tom Sweeney GitHub

    A number of blog posts have flung by and I have not had a chance to get individual link posts to them, so thought I would add a few here that have popped up recently, links after the break!.

    - + \ No newline at end of file diff --git a/blogs/2021/01/26/docker-compose-to-podman.html b/blogs/2021/01/26/docker-compose-to-podman.html index 061577142..dc4740941 100644 --- a/blogs/2021/01/26/docker-compose-to-podman.html +++ b/blogs/2021/01/26/docker-compose-to-podman.html @@ -12,13 +12,13 @@ - +

    From Docker Compose to Kubernetes with Podman

    · One min read

    podman logo

    From Docker Compose to Kubernetes with Podman

    By Brent Baude GitHub

    If you want to know how to use Podman v3.0 to convert Docker Compose YAML to a format that Podman recognizes, Brent Baude explains the "how to" in a recent blog post on the Red Hat Enable Sysadmin site, From Docker Compose to Kubernetes with Podman. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    - + \ No newline at end of file diff --git a/blogs/2021/01/26/new.html b/blogs/2021/01/26/new.html index 7140370c4..6d36233a7 100644 --- a/blogs/2021/01/26/new.html +++ b/blogs/2021/01/26/new.html @@ -12,13 +12,13 @@ - +

    From Docker Compose to Kubernetes with Podman

    · One min read

    If you want to know how to use Podman v3.0 to convert Docker Compose YAML to a format that Podman recognizes, Brent Baude explains the "how to" in a recent blog post on the Red Hat Enable Sysadmin site, From Docker Compose to Kubernetes with Podman. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    - + \ No newline at end of file diff --git a/blogs/2021/02/08/easy-development-dependency-management-with-podman-and-tent.html b/blogs/2021/02/08/easy-development-dependency-management-with-podman-and-tent.html index 39d7c9775..bff996f31 100644 --- a/blogs/2021/02/08/easy-development-dependency-management-with-podman-and-tent.html +++ b/blogs/2021/02/08/easy-development-dependency-management-with-podman-and-tent.html @@ -12,13 +12,13 @@ - +

    Easy Development Dependency Management With Podman and Tent

    · 5 min read

    podman logo

    Easy Development Dependency Management With Podman and Tent

    By Farhan Hasin Chowdhury GitHub

    Installing and managing development dependencies for various project is a chore and one thing that can improve your everyday workflow is the usage of containers.

    Tent is a CLI tool for running development dependencies such as MySQL, Mongo, ElasticSearch etc inside pre-configured containers using simple one-liners.

    Running containers can be accessed via their exposed ports and can be paired with any other application on your system.

    Starting a service such as mysql is as simple as executing tent start mysql and you'll never have to look back at it.

    But mysql is not the only available service. A list of all the available services can be found on: services.go

    Tent is heavily inspired from tighten/takeout and is an experimental project. Hence, care should be taken if you're using it in a critical environment.

    Dependencies

    • Linux
    • Podman Installed
    • Podman System Service Running

    If you have Podman installed, you can start the system service as follows:

    ## starts the podman system service
    systemctl --user start podman.socket

    ## enables the podman system service, so it doesn't close on every reboot
    systemctl --user enable podman.socket

    ## stops the podman system service
    systemctl --user stop podman.socket

    ## disables the podman system service, so it doesn't start on every reboot
    systemctl --user disable podman.socket

    Tent assumes that you're running the service in non-root mode, hence the --user argument is necessary in the above commands.

    Installation

    Visit the tent release page and download the tent binary to your computer. Open up your terminal where you've donwloaded the file and execute following commands:

    chmod +x ./tent

    sudo mv ./tent /usr/local/bin

    Now the tent command should be available everywhere in your system.

    Build From Source

    If you're on a Fedora system, the following command should install the necessary development dependencies.

    sudo dnf groupinstall "Development Tools" -y && sudo dnf install golang btrfs-progs-devel gpgme-devel device-mapper-devel -y

    And on a Ubuntu system, the following command should install the necessary development dependencies.

    sudo apt install build-essential golang-go libbtrfs-dev libgpgme-dev libdevmapper-dev -y

    If you're on a different system you, may look for equivalent package on the respective package repositories.

    Now build and install the application as follows:

    git clone https://github.com/fhsinchy/tent.git ~/tent

    cd ~/tent

    make install

    Usage

    The tent binary has following commands:

    • tent start <service name> - starts a container for the given service
    • tent stop <service name> - stops and removes a container for the given service
    • tent list - lists all running containers

    Most of the services in tent utilizes volumes for persisting data, so even if you stop a service, it's data will be persisted in a volume for later usage. These volumes can listed by executing podman volume ls and can be managed like any other podman volume.

    Start a Service

    The generic syntax for the start command is as follows:

    tent start <service name>

    ## starts mysql and prompts you where necessary
    tent start mysql

    ## starts redis and mongo and prompts you where necessary
    tent start redis mongo

    Start Service with Default Configuration

    The --default flag for the start command can be used to skip all the prompts and start a service with default configuration

    tent start <service name> --default

    ## starts mysql with the default configuration
    tent start mysql --default

    ## starts redis and mongo with default configuration
    tent start redis mongo --default

    Stop a Service

    The generic syntax for the stop command is as follows:

    tent stop <service name>

    ## stops mysql and removes the container
    ## prompts you if multiple containers are found
    tent stop mysql

    ## stops all mysql containers and removes them
    tent stop mysql --all

    ## stops redis and mongo then removes the containers.
    ## prompts you if multiple containers are found for any of the given services.
    tent stop redis mongo

    ## stops all redis and mongo conainers and then removes them
    tent stop redis mongo --all

    Stop all Services

    The --all flag for the stop command can be used to stop and remove all running tent containers at once

    tent stop --all

    Running Multiple Versions

    Given all the services are running inside containers, you can spin up multiple versions of the same service as long as you're keeping the port different.

    Run tent start mysql twice; the first time, use the --default flag, and the second time, put 5.7 as tag and 3307 as host port.

    Now, if you run tent list, you'll see both services running at the same time.

    +--------------+----------------+---------------+---------------+
    | CONTAINER | Image | PORTS |
    +--------------+----------------+---------------+---------------+
    | tent-mysql-5.7-3307 | docker.io/mysql:5.7 | 3307->3306/tcp |
    | tent-mysql-latest-3306 | docker.io/mysql:5.7 | 3306->3306/tcp |
    +--------------+----------------+---------------+---------------+

    Container Management

    Containers started by tent are regular containers with some pre-set configurations. So you can use regular podman commands such as ls, inspect, logs etc on them. Although tent comes with a list command, using the podman commands will result in more informative results. The target of tent is to provide plug and play containers, not to become a full-fledged podman cli.

    Contribution

    Tent is an open-source project and contributions are more than welcomed. If you're a Go programmer do take some time to go through the source-code, see if you can improve any part of the program, the maintainer will be more than happy to co-operate. And if you like the project, don't forget to leave a star and share with other fellow developers to show your appreciation.

    - + \ No newline at end of file diff --git a/blogs/2021/02/08/new.html b/blogs/2021/02/08/new.html index e15d8343f..c86040267 100644 --- a/blogs/2021/02/08/new.html +++ b/blogs/2021/02/08/new.html @@ -12,13 +12,13 @@ - +

    Easy Development Dependency Management With Podman and Tent

    · One min read

    Tent is an open-source CLI tool for running development dependencies such as MySQL, Mongo, ElasticSearch etc inside pre-configured containers using simple one-liners. Developed using Go and the official golang bindings, tent is fast, reliable and secure. Checkout Easy Development Dependency Management With Podman and Tent to learn about the project.

    - + \ No newline at end of file diff --git a/blogs/2021/03/02/podman-support-for-older-distros.html b/blogs/2021/03/02/podman-support-for-older-distros.html index 64dce6383..80b1b770b 100644 --- a/blogs/2021/03/02/podman-support-for-older-distros.html +++ b/blogs/2021/03/02/podman-support-for-older-distros.html @@ -12,7 +12,7 @@ - + @@ -34,7 +34,7 @@ systems, where the kernel and certain core libraries may be too old.

    Podman 3.0 will be the last major build on CentOS 7, Debian 10 and Ubuntu 18.04. After this release, we recommend users who need the latest versions of Podman to move to newer versions of their Linux distribution.

    - + \ No newline at end of file diff --git a/blogs/2021/03/27/new.html b/blogs/2021/03/27/new.html index d1bc0e59c..6f93ef2bb 100644 --- a/blogs/2021/03/27/new.html +++ b/blogs/2021/03/27/new.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@
    - + \ No newline at end of file diff --git a/blogs/2021/03/27/podman-posts-of-interests.html b/blogs/2021/03/27/podman-posts-of-interests.html index 75e9b2f34..7eb021cd6 100644 --- a/blogs/2021/03/27/podman-posts-of-interests.html +++ b/blogs/2021/03/27/podman-posts-of-interests.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    Podman Posts of Interest

    · One min read

    podman logo

    Podman Posts of Interest

    By Tom Sweeney GitHub

    A number of blog posts have flung by and I have not had a chance to get individual link posts to them, so thought I would add a few here that have popped up recently, links after the break!.

    - + \ No newline at end of file diff --git a/blogs/2021/04/02/new.html b/blogs/2021/04/02/new.html index 345c31745..9e42b89c4 100644 --- a/blogs/2021/04/02/new.html +++ b/blogs/2021/04/02/new.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2021/05/04/new.html b/blogs/2021/05/04/new.html index 6f2285534..284706844 100644 --- a/blogs/2021/05/04/new.html +++ b/blogs/2021/05/04/new.html @@ -12,7 +12,7 @@ - + @@ -21,7 +21,7 @@ May the Fourth be with you via Podman post, I delve into running an Ascii movie featureing the first Star Wars Movie inside of a container run by Podman.

    Enjoy and May the Fourth be with you!

    - + \ No newline at end of file diff --git a/blogs/2021/05/04/star-wars-in-podman.html b/blogs/2021/05/04/star-wars-in-podman.html index a48fc3afe..887b33f8d 100644 --- a/blogs/2021/05/04/star-wars-in-podman.html +++ b/blogs/2021/05/04/star-wars-in-podman.html @@ -12,7 +12,7 @@ - + @@ -21,7 +21,7 @@ May the Fourth be with you via Podman post, I delve into running an Ascii movie featureing the first Star Wars Movie inside of a container run by Podman.

    Enjoy and May the Fourth be with you!

    - + \ No newline at end of file diff --git a/blogs/2021/05/26/new.html b/blogs/2021/05/26/new.html index c46a15f2a..e0158eca7 100644 --- a/blogs/2021/05/26/new.html +++ b/blogs/2021/05/26/new.html @@ -12,13 +12,13 @@ - +

    Podman 3 and Docker Compose - How Does the Dockerless Compose Work?

    · One min read

    One of the main Podman 3 features is the support of Docker Compose. You can take any of your existing docker-compose.yml and just use it with Podman.

    In this video, Kirill Shirinkin shows how he moved from Docker to Podman in a real docker-composed application.

    Watch now.

    - + \ No newline at end of file diff --git a/blogs/2021/05/26/podman-3-compose.html b/blogs/2021/05/26/podman-3-compose.html index 0ce66b9c8..86f9f1324 100644 --- a/blogs/2021/05/26/podman-3-compose.html +++ b/blogs/2021/05/26/podman-3-compose.html @@ -12,13 +12,13 @@ - +

    Podman 3 and Docker Compose - How Does the Dockerless Compose Work?

    · One min read

    podman logo

    Podman 3 and Docker Compose - How Does the Dockerless Compose Work?

    By Kirill Shirinkin GitHub

    One of the main Podman 3 features is the support of Docker Compose. You can take any of your existing docker-compose.yml and just use it with Podman.

    In this video, Kirill Shirinkin shows how he moved from Docker to Podman in a real docker-composed application.

    Watch now.

    - + \ No newline at end of file diff --git a/blogs/2021/06/13/new.html b/blogs/2021/06/13/new.html index 9cb0a56ba..19f711c89 100644 --- a/blogs/2021/06/13/new.html +++ b/blogs/2021/06/13/new.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@
    - + \ No newline at end of file diff --git a/blogs/2021/06/13/podman-posts-of-interests.html b/blogs/2021/06/13/podman-posts-of-interests.html index 457ca0171..034443a73 100644 --- a/blogs/2021/06/13/podman-posts-of-interests.html +++ b/blogs/2021/06/13/podman-posts-of-interests.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    Podman Posts of Interest

    · 2 min read

    podman logo

    Podman Posts of Interest

    By Tom Sweeney GitHub

    A number of blog posts have flung by and I have not had a chance to get individual link posts to them, so thought I would add a few here that have popped up recently, links after the break!.

    - + \ No newline at end of file diff --git a/blogs/2021/06/16/install-podman-on-ubuntu.html b/blogs/2021/06/16/install-podman-on-ubuntu.html index 9a50f0605..e0b475562 100644 --- a/blogs/2021/06/16/install-podman-on-ubuntu.html +++ b/blogs/2021/06/16/install-podman-on-ubuntu.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2021/06/16/new.html b/blogs/2021/06/16/new.html index efcf56ace..42a36d535 100644 --- a/blogs/2021/06/16/new.html +++ b/blogs/2021/06/16/new.html @@ -12,13 +12,13 @@ - +

    How to Install and Use Podman on Ubuntu 20.04

    · One min read

    Hitesh Jethva posted a blog post on the Atlantic.Net site talking about How to Install and Use Podman on Ubuntu 20.04. In the post Hitesh walks through all the steps necessary from 'A' to 'Z' to get Podman up and running on Ubuntu 20.04 and how to do some initial Podman commands.

    - + \ No newline at end of file diff --git a/blogs/2021/07/01/new.html b/blogs/2021/07/01/new.html index 51ed839ed..0dff08f24 100644 --- a/blogs/2021/07/01/new.html +++ b/blogs/2021/07/01/new.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2021/07/01/podman-inside-kubernets.html b/blogs/2021/07/01/podman-inside-kubernets.html index 1241effea..3c0beb004 100644 --- a/blogs/2021/07/01/podman-inside-kubernets.html +++ b/blogs/2021/07/01/podman-inside-kubernets.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2021/07/02/new.html b/blogs/2021/07/02/new.html index 3f7463eae..7959c5064 100644 --- a/blogs/2021/07/02/new.html +++ b/blogs/2021/07/02/new.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2021/07/02/podman-inside-container.html b/blogs/2021/07/02/podman-inside-container.html index def416153..a5302eec1 100644 --- a/blogs/2021/07/02/podman-inside-container.html +++ b/blogs/2021/07/02/podman-inside-container.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2021/09/03/new.html b/blogs/2021/09/03/new.html index 1898441b8..d49cd0ec7 100644 --- a/blogs/2021/09/03/new.html +++ b/blogs/2021/09/03/new.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@
    - + \ No newline at end of file diff --git a/blogs/2021/09/03/podman-posts-of-interests.html b/blogs/2021/09/03/podman-posts-of-interests.html index 4b974f37b..099d4d109 100644 --- a/blogs/2021/09/03/podman-posts-of-interests.html +++ b/blogs/2021/09/03/podman-posts-of-interests.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    Podman Posts of Interest

    · One min read

    podman logo

    Podman Posts of Interest

    By Tom Sweeney GitHub

    A number of blog posts have flung by and I have not had a chance to get individual link posts to them, so thought I would add a few here that have popped up recently, links after the break!.

    - + \ No newline at end of file diff --git a/blogs/2021/09/06/new.html b/blogs/2021/09/06/new.html index cf6f1722b..f758cc71b 100644 --- a/blogs/2021/09/06/new.html +++ b/blogs/2021/09/06/new.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2021/09/06/podman-on-macs.html b/blogs/2021/09/06/podman-on-macs.html index 37beef464..77cf28184 100644 --- a/blogs/2021/09/06/podman-on-macs.html +++ b/blogs/2021/09/06/podman-on-macs.html @@ -12,13 +12,13 @@ - +

    Podman remote clients for macOS and Windows

    · 3 min read

    podman logo

    Podman on Macs Update

    By Brent Baude GitHub

    The Podman team values the local development experience, and we think containers are a crucial part of that. We’ve been brainstorming, discussing, and testing solutions to bring a great Podman experience to Mac and Windows. We are constantly looking for ways to improve it. In particular, the latest release of Podman has support for Intel(as of Podman v3.4) Macs. We have been hearing good feedback for a few weeks now, but up until this point, we haven’t published a lot of documentation.

    Recently, we have been getting an influx of questions about Podman and Podman desktop, specifically around Macs. Coincidentally, we have a really elegant solution which we’d like to introduce. In the recently released Podman-3.3.1, we now have support for Intel-based Macs. It is command-line driven and can be installed through brew (aka Homebrew).

    User Experience on macOS

    The user-experience is quite simple:

    1. Install brew (as it is described on their homepage)
    2. Install podman from brew: brew install podman
    3. Initialize a podman machine: podman machine init
    4. Start the machine: podman machine start
    5. Use podman as you normally would.

    It is worth running podman machine --help to familiarize yourself with the other commands used to manage machines.

    Please note that Podman machine is still under development. While we support port forwarding on Macs and Linux, we have not implemented a solution for file sharing and bind mounts. We are currently researching the various technologies to do so as we want to choose a performant approach.

    Podman machine is currently only supported on Linux and Intel Macs. As for the new Macs that are based on Apple Silicon, we are now waiting for two things. First, we need some patches from upstream qemu to get merged and released. While we wait for the upstream patches, we are working on a possible work-around for qemu. If that is successful, we will re-enable the M1 support in Podman and get brew updated. The second is we need Fedora CoreOS aarch64 images to be indexed, which should be occurring very shortly. Podman 3.4, Oct-10-2021

    User Experience on Windows

    We currently support the Windows platform with a remote client that can be downloaded from our GitHub releases page. That remote client requires a Linux server with Podman and its service running. We also have user reports that running Podman in WSL is quite tenable. Consider the WSL option if you do not have available Linux servers with Podman installed.

    We intend to develop a desktop for the Mac and Windows experience for Podman. Early design work is under consideration. No timeline has been identified yet.

    Questions?

    Remember, our development team can be found in our Matrix room which has been bridged to the #podman channel on libera IRC as well as our Discord server. You can also get in touch with us via our project page by opening issues, PR’s and discussions. We love to hear from people!

    Podman is an open-source project. We are always looking for contributors to help us accelerate features into the Podman and container world.

    - + \ No newline at end of file diff --git a/blogs/2021/10/04/m1macs.html b/blogs/2021/10/04/m1macs.html index 67ebf68bc..a27b69e56 100644 --- a/blogs/2021/10/04/m1macs.html +++ b/blogs/2021/10/04/m1macs.html @@ -12,7 +12,7 @@ - + @@ -23,7 +23,7 @@ things are fixed, we support Apple silicon hardware with Podman 3.4.

    In the last two weeks, we were able to clear the final hurdles to support Podman machine on Apple Silicon. Many thanks to the QEMU maintainers and the maintainers of brew. And last but not least, the Fedora FCOS team which officially supports the aarch64 architecture now.

    - + \ No newline at end of file diff --git a/blogs/2021/10/04/new.html b/blogs/2021/10/04/new.html index 97231ece9..085070bfd 100644 --- a/blogs/2021/10/04/new.html +++ b/blogs/2021/10/04/new.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2021/10/11/multiarch.html b/blogs/2021/10/11/multiarch.html index 5a1dc7045..80d1620f8 100644 --- a/blogs/2021/10/11/multiarch.html +++ b/blogs/2021/10/11/multiarch.html @@ -12,7 +12,7 @@ - + @@ -106,7 +106,7 @@ bugs and deficiencies are present in earlier editions. On that same note, if you do encounter any strange or unexpected behavior, please reach out to the upstream community for assistance.

    - + \ No newline at end of file diff --git a/blogs/2021/10/11/new.html b/blogs/2021/10/11/new.html index e7d2af06f..31bd384d1 100644 --- a/blogs/2021/10/11/new.html +++ b/blogs/2021/10/11/new.html @@ -12,7 +12,7 @@ - + @@ -25,7 +25,7 @@ to produce an image that supports multiple architectures under a single "name". Working with container image manifest lists post!

    - + \ No newline at end of file diff --git a/blogs/2021/10/16/new.html b/blogs/2021/10/16/new.html index 304813164..4eccba5f6 100644 --- a/blogs/2021/10/16/new.html +++ b/blogs/2021/10/16/new.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2021/10/16/sudo-with-rootless-podman.html b/blogs/2021/10/16/sudo-with-rootless-podman.html index 566210891..de521ea97 100644 --- a/blogs/2021/10/16/sudo-with-rootless-podman.html +++ b/blogs/2021/10/16/sudo-with-rootless-podman.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2021/10/27/how-podman-runs-on-macs.html b/blogs/2021/10/27/how-podman-runs-on-macs.html index 30cba7129..81c6a847a 100644 --- a/blogs/2021/10/27/how-podman-runs-on-macs.html +++ b/blogs/2021/10/27/how-podman-runs-on-macs.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2021/10/27/new.html b/blogs/2021/10/27/new.html index d820f26f0..efdd44bb6 100644 --- a/blogs/2021/10/27/new.html +++ b/blogs/2021/10/27/new.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2021/10/28/build-kubernetes-pods-with-podman-play-kube.html b/blogs/2021/10/28/build-kubernetes-pods-with-podman-play-kube.html index 688e09837..5471f0759 100644 --- a/blogs/2021/10/28/build-kubernetes-pods-with-podman-play-kube.html +++ b/blogs/2021/10/28/build-kubernetes-pods-with-podman-play-kube.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2021/10/28/new.html b/blogs/2021/10/28/new.html index 3b689c461..397f69e93 100644 --- a/blogs/2021/10/28/new.html +++ b/blogs/2021/10/28/new.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2022/02/04/network-usage.html b/blogs/2022/02/04/network-usage.html index 7d34b0e84..498de7cc0 100644 --- a/blogs/2022/02/04/network-usage.html +++ b/blogs/2022/02/04/network-usage.html @@ -12,13 +12,13 @@ - +

    Testing Podman 4 with the new network stack

    · 2 min read

    podman logo

    Testing Podman 4 with the new network stack

    By Brent Baude GitHub

    Podman 4.0 will implement a new network stack instead of CNI plugins. There are two components to the new stack:

    • Netavark performs interface setup, IP address/etc assignment, NAT, and port mapping.
    • Aardvark-dns that replaces the previous DNS name custom plugin. Aardvark-dns is a DNS server that provides name resolution and forwarding for container networks.

    Warning: Before testing Podman 4 and the new network stack, you will have to destroy all your current containers, images, and network. Consider exporting/saving any import containers or images.

    If you have run Podman 3.x before upgrading to Podman 4, Podman will continue to use CNI plugins as it had before. There is a marker in Podman's local storage that indicates this. In order to begin using Podman 4, you need to destroy that marker with podman system reset. This will destroy the marker, all of the images, all of the networks, and all of the containers.

    Setting up Podman 4 with netavark and aardvark-dns on Fedora

    If this is an upgrade to a current Podman install, destroy all current images, containers, and defined networks.

    $ podman system reset --force

    Ensure you have the DNF copr extension.

    $ sudo dnf install 'dnf-command(copr)'

    Add the podman4 test COPR to your system

    $ sudo dnf copr enable rhcontainerbot/podman4

    If you have never installed Podman, replace upgrade with install in the following command.

    $ sudo dnf upgrade podman

    If Podman was upgraded, you may have to install netavark explicitly. Otherwise, the Podman package will continue to use CNI.

    $ sudo dnf install netavark aardvark-dns

    If you find bugs, please report them to our github issues page.

    - + \ No newline at end of file diff --git a/blogs/2022/02/04/new.html b/blogs/2022/02/04/new.html index 3c59fffb2..ab20fab12 100644 --- a/blogs/2022/02/04/new.html +++ b/blogs/2022/02/04/new.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2022/02/22/new.html b/blogs/2022/02/22/new.html index 15d8758ea..2ea66d8d3 100644 --- a/blogs/2022/02/22/new.html +++ b/blogs/2022/02/22/new.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2022/03/06/new.html b/blogs/2022/03/06/new.html index a96a9ae31..986a522b2 100644 --- a/blogs/2022/03/06/new.html +++ b/blogs/2022/03/06/new.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2022/03/06/why_no_podman4_f35.html b/blogs/2022/03/06/why_no_podman4_f35.html index b97130ae3..87bc89651 100644 --- a/blogs/2022/03/06/why_no_podman4_f35.html +++ b/blogs/2022/03/06/why_no_podman4_f35.html @@ -12,7 +12,7 @@ - + @@ -27,7 +27,7 @@ a quick start, it is simply:

        $ sudo dnf copr enable rhcontainerbot/podman4

    Once that command completes, you can install Podman.

        $ sudo dnf install podman

    Note: If you are upgrading an existing Podman 3 install and wish to run Podman 4's new network stack, be certain you that the aardvark and netavark packages are also installed (they are part of the same COPR). You will also need to then run podman system reset --force before running any new containers.

    - + \ No newline at end of file diff --git a/blogs/2022/03/15/new.html b/blogs/2022/03/15/new.html index bbe6adc3e..5ffd66c3e 100644 --- a/blogs/2022/03/15/new.html +++ b/blogs/2022/03/15/new.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2022/03/15/podman4.0.2brew.html b/blogs/2022/03/15/podman4.0.2brew.html index b10cf0282..b79cef4fc 100644 --- a/blogs/2022/03/15/podman4.0.2brew.html +++ b/blogs/2022/03/15/podman4.0.2brew.html @@ -12,7 +12,7 @@ - + @@ -22,7 +22,7 @@ deliver is the ability to mount volumes from MacOS into the virtual machine. We decided to backport some code to make it available to users more quickly. As such, it is possible if not likely that there will be more changes around volume mounts in subsequent Podman releases (i.e. default mounts, technology used to make the mount).

    - + \ No newline at end of file diff --git a/blogs/2022/03/23/nvav1.0.2.html b/blogs/2022/03/23/nvav1.0.2.html index ccdf171f8..e934b71b5 100644 --- a/blogs/2022/03/23/nvav1.0.2.html +++ b/blogs/2022/03/23/nvav1.0.2.html @@ -12,7 +12,7 @@ - + @@ -24,7 +24,7 @@ macvlan without a gateway address. New packages for Fedora 36 and the Podman4 COPR are being built and should be available shortly.

    - + \ No newline at end of file diff --git a/blogs/2022/04/05/new.html b/blogs/2022/04/05/new.html index a09072ab2..9ff1646bf 100644 --- a/blogs/2022/04/05/new.html +++ b/blogs/2022/04/05/new.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2022/04/05/ubuntu-2204-lts-kubic.html b/blogs/2022/04/05/ubuntu-2204-lts-kubic.html index 6f8892cf3..5254dea9b 100644 --- a/blogs/2022/04/05/ubuntu-2204-lts-kubic.html +++ b/blogs/2022/04/05/ubuntu-2204-lts-kubic.html @@ -12,7 +12,7 @@ - + @@ -23,7 +23,7 @@ the default repos, thanks to the amazing work of Reinhard Tartler and team.

    The package versions available currently are: Podman 3.4, Buildah 1.23 and Skopeo 1.4.

    There won't be any further updates to the Kubic repos as far as Podman, Buildah and Skopeo are concerned, so users are recommended to use the default repos on 22.04 LTS.

    If you're currently using packages from the Kubic repos, it’s highly recommended to uninstall the Kubic packages prior to upgrading to 22.04 LTS.

    - + \ No newline at end of file diff --git a/blogs/2022/05/08/new.html b/blogs/2022/05/08/new.html index d6d0b4c0c..903d4b39d 100644 --- a/blogs/2022/05/08/new.html +++ b/blogs/2022/05/08/new.html @@ -12,14 +12,14 @@ - + - + \ No newline at end of file diff --git a/blogs/2022/05/08/podman-posts-of-interests.html b/blogs/2022/05/08/podman-posts-of-interests.html index a27b59ec8..112d06395 100644 --- a/blogs/2022/05/08/podman-posts-of-interests.html +++ b/blogs/2022/05/08/podman-posts-of-interests.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    Podman Posts of Interest

    · 2 min read

    podman logo

    Podman Posts of Interest

    By Tom Sweeney GitHub

    A number of blog posts have flung by and I have not had a chance to get individual link posts to them, so thought I would add a few here that have popped up recently, links after the break!.

    - + \ No newline at end of file diff --git a/blogs/2022/05/09/new.html b/blogs/2022/05/09/new.html index c247fe562..319d3a524 100644 --- a/blogs/2022/05/09/new.html +++ b/blogs/2022/05/09/new.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2022/06/08/new.html b/blogs/2022/06/08/new.html index a47e6e720..c4734f90a 100644 --- a/blogs/2022/06/08/new.html +++ b/blogs/2022/06/08/new.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2022/06/08/podman-on-windows.html b/blogs/2022/06/08/podman-on-windows.html index ffb5c92df..59e2d3132 100644 --- a/blogs/2022/06/08/podman-on-windows.html +++ b/blogs/2022/06/08/podman-on-windows.html @@ -12,7 +12,7 @@ - + @@ -24,7 +24,7 @@ you can then run Podman from your favorite Windows terminal without first having to get into a Virtual Machine. As a bonus, there's a link to a walk through video tutorial included in the post.

    - + \ No newline at end of file diff --git a/blogs/2022/08/17/new.html b/blogs/2022/08/17/new.html index 927600f35..f3b440c45 100644 --- a/blogs/2022/08/17/new.html +++ b/blogs/2022/08/17/new.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2022/10/03/debbuild.html b/blogs/2022/10/03/debbuild.html index 4170751ff..2c70916fb 100644 --- a/blogs/2022/10/03/debbuild.html +++ b/blogs/2022/10/03/debbuild.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2022/10/03/new.html b/blogs/2022/10/03/new.html index aecacd3b4..b81d808f8 100644 --- a/blogs/2022/10/03/new.html +++ b/blogs/2022/10/03/new.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2022/10/12/new.html b/blogs/2022/10/12/new.html index a3df2af4e..befce0f26 100644 --- a/blogs/2022/10/12/new.html +++ b/blogs/2022/10/12/new.html @@ -12,14 +12,14 @@ - + - + \ No newline at end of file diff --git a/blogs/2022/10/12/podman-posts-of-interests.html b/blogs/2022/10/12/podman-posts-of-interests.html index dc3916969..ab98655a7 100644 --- a/blogs/2022/10/12/podman-posts-of-interests.html +++ b/blogs/2022/10/12/podman-posts-of-interests.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    Podman Posts of Interest

    · 3 min read

    podman logo

    Podman Posts of Interest

    By Tom Sweeney GitHub

    A number of blog posts have flung by and I have not had a chance to get individual link posts to them, so thought I would add a few here that have popped up recently, links after the break!.

    - + \ No newline at end of file diff --git a/blogs/2022/10/22/new.html b/blogs/2022/10/22/new.html index 818e284c9..53f468463 100644 --- a/blogs/2022/10/22/new.html +++ b/blogs/2022/10/22/new.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/2022/11/11/nvav1.3.html b/blogs/2022/11/11/nvav1.3.html index 07e490a66..c612c7022 100644 --- a/blogs/2022/11/11/nvav1.3.html +++ b/blogs/2022/11/11/nvav1.3.html @@ -12,7 +12,7 @@ - + @@ -21,7 +21,7 @@ and aardvark-dns. Both netavark and aardvark-dns versions 1.3.0 were released. As the process works, the upstream releases will slowly work their way into Linux distributions.

    A basic summary of changes for both are as follows:

    v1.3.0 Netavark

    • Housekeeping and code cleanup
    • macvlan: remove tmp interface when name already used in netns
    • Add support for route metrics
    • netlink: return better error if ipv6 is disabled
    • macvlan: fix name collision on hostns
    • Ignore dns-enabled for macvlan (BZ2137320)
    • better errors on teardown
    • allow customer dns servers for containers
    • do not set route for internal-only networks
    • do not use ipv6 autoconf

    v1.3.0 Aardvark-dns

    • allow one or more dns servers in the aardvark config
    - + \ No newline at end of file diff --git a/blogs/2022/12/07/new.html b/blogs/2022/12/07/new.html index a490b73c6..e8f3566ce 100644 --- a/blogs/2022/12/07/new.html +++ b/blogs/2022/12/07/new.html @@ -12,13 +12,13 @@ - +

    Website Updates

    · One min read

    Several updates have been planned for this site for quite a while, and work has been ongoing. The first significant change that is happening is with our blog posts. A new WordPress-based site has been created for our posts at blog.podman.io. The new site has a fresh look and feel and shows the direction we’re hoping to take this entire site eventually. You'll probably notice the similarities if you have tried Podman Desktop.

    We are contemplating moving the blog posts from this site to the new one. At least for the moment, the blog posts created before today (December 7, 2022) can now be found under the “Archived Blogs” link on the left side menu. The “Blogs” link in that same menu will take you to the new site.

    We hope you enjoy the new blog site and would love to hear from you about what you think about it. As on this site, blog posts from the community will always be gratefully accepted!

    - + \ No newline at end of file diff --git a/blogs/archive.html b/blogs/archive.html index 1434598d4..f002314f1 100644 --- a/blogs/archive.html +++ b/blogs/archive.html @@ -12,13 +12,13 @@ - +

    Archive

    Archive

    2019

    2020

    2021

    - + \ No newline at end of file diff --git a/blogs/page/10.html b/blogs/page/10.html index a61716a14..67576080b 100644 --- a/blogs/page/10.html +++ b/blogs/page/10.html @@ -12,13 +12,13 @@ - +

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, The podman play kube command now supports deployments, you can now learn all about the recent features added to Podman to interact with Kubernetes objects. The podman generate kube command allows you to export your existing containers into Kubernetes Pod YAML. This YAML can then be imported into OpenShift or a Kubernetes cluster. The podman play kube does the opposite, it allows you to take a Kubernetes YAML and run it in Podman. Learn all of the details and more in the blog post!

    · One min read

    podman logo

    The podman play kube command now supports deployments

    By Matthew Heon GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, The podman play kube command now supports deployments, you can now learn all about the recent features added to Podman to interact with Kubernetes objects. The podman generate kube command allows you to export your existing containers into Kubernetes Pod YAML. This YAML can then be imported into OpenShift or a Kubernetes cluster. The podman play kube does the opposite, it allows you to take a Kubernetes YAML and run it in Podman. Learn all of the details and more in the blog post!

    · One min read

    podman logo

    Tick-tock. Does your container know what time it is?

    By Tom Sweeney GitHub

    Ashley Cui recently joined our team at Red Hat and just wrote her first ever blog post that is now on the Red Hat Enable Sysadmin site Tick-tock. Does your container know what time it is?. In this timely post, Ashley walks you through setting the timezone within a container using the --tz option. Just prior to this posting, I had answered a very similar question for someone. This is a really good and quick blog, and I'm sure the first of many for Ashley.

    · One min read

    Ashley Cui recently joined our team at Red Hat and just wrote her first ever blog post that is now on the Red Hat Enable Sysadmin site Tick-tock. Does your container know what time it is?. In this timely post, Ashley walks you through setting the timezone within a container using the --tz option. Just prior to this posting, I had answered a very similar question for someone. This is a really good and quick blog, and I'm sure the first of many for Ashley.

    · One min read

    Do you want to know more about Rootless containers, process separation, and OpenSCAP? If you're like many, a video is a better learning device than a blog post. Well you're in luck, Brian Smith just landed a blog post on the Red Hat Enable Sysadmin site Container video series: Rootless containers, process separation, and OpenSCAP with a number of blog posts on the subject, many featuring Podman.

    · One min read

    podman logo

    Container video series: Rootless containers, process separation, and OpenSCAP

    By Tom Sweeney GitHub

    Do you want to know more about Rootless containers, process separation, and OpenSCAP? If you're like many, a video is a better learning device than a blog post. Well you're in luck, Brian Smith just landed a blog post on the Red Hat Enable Sysadmin site Container video series: Rootless containers, process separation, and OpenSCAP with a number of blog posts on the subject, many featuring Podman.

    · 3 min read

    podman logo

    Podman Troubleshooting Guide

    By Tom Sweeney GitHub

    As a kid, I was fascinated by space flight. If I couldn't be a fireman like my father, I wanted to be an astronaut. Of course I had to have a Major Matt Mason figure so I could fly him around the house and then land him softly in a jury-rigged parachute in my wading pool. Then of course the whole Apollo 13 drama had me riveted, and when the movie came out years later, I fell in love with this line in the movie, "Let's work the problem people. Let's not make things worse by guessing." by Ed Harris who played Gene Kranz the "vested" flight director.

    - + \ No newline at end of file diff --git a/blogs/page/11.html b/blogs/page/11.html index 8b4a8dcd6..1f73d9a41 100644 --- a/blogs/page/11.html +++ b/blogs/page/11.html @@ -12,7 +12,7 @@ - + @@ -28,7 +28,7 @@ using a set of Go based bindings is probably a more direct route to a production ready application. Let’s take a look at how easily that can be accomplished.

    · 3 min read

    podman logo

    Podman API v1.0 Deprecation and Removal Notice

    By Tom Sweeney GitHub

    The Podman API v1.0 relied on the varlink library to handle the underlying client/server calls from the Podman client to the host where the Podman service was running. About one year ago, the Podman team was notified that the focus on the varlink library was being greatly reduced and there would be no further development and little support for it from the varlink library team. This led the Podman team to investigate the use of other client/server technologies and it was decided to develop a RESTful API for Podman using the native Go libraries.

    - + \ No newline at end of file diff --git a/blogs/page/12.html b/blogs/page/12.html index 020ac039c..79b4320b1 100644 --- a/blogs/page/12.html +++ b/blogs/page/12.html @@ -12,14 +12,14 @@ - +

    · 2 min read

    podman logo

    Podman REST API and Docker compatibility

    By Matthew Heon GitHub

    Versioning the REST API

    Podman v2.0.0 launched recently, and with it the REST API. We’ve seen a great deal of excitement with this new API because of what it will enable - enabling applications and automation to use Podman when the could previously only use Docker. As you may know, Podman’s REST API is split into two halves: one providing a Docker-compatible API, and a Libpod API providing support for Podman’s unique features such as pods. We would love for all projects to eventually grow to support for our native Libpod API, but this will take time (and may be impossible for older, no longer maintained projects). As such, we need to talk about the Compatibility API and how it can be used.

    · One min read

    The local Podman v2 client is complete. It is passing all of its rootful and rootless system and integration tests.

    The CI/CID tests have been re-enabled upstream and are run with each pull request submission. We are now hard at work finishing up some of the core podman-remote functions. Once those functions are complete, we can then begin to run our podman-remote system and integration tests to catch any regressions.

    More details in the announcement post.

    - + \ No newline at end of file diff --git a/blogs/page/13.html b/blogs/page/13.html index 6f2fc14cb..ccb92f132 100644 --- a/blogs/page/13.html +++ b/blogs/page/13.html @@ -12,7 +12,7 @@ - + @@ -42,7 +42,7 @@ advancements that Podman v2.x will give our users. Subsequent blog posts will be written on those advancements and why they matter to our users.

    · One min read

    podman logo

    Dockerless: Build and Run Containers with Podman and systemd

    By Kirill Shirinkin GitHub

    In this video, Kirill Shirinkin will show how to use Podman to build container images and run Java applications in containers with systemd.

    We are going to learn why we should at least try alternatives to Docker, how container runtime landscape changed and how Podman is different and in certain ways better than Docker.

    Watch now.

    - + \ No newline at end of file diff --git a/blogs/page/14.html b/blogs/page/14.html index de7e9d328..128a633d9 100644 --- a/blogs/page/14.html +++ b/blogs/page/14.html @@ -12,7 +12,7 @@ - + @@ -22,7 +22,7 @@ Signing container images is nothing magical and can drastically enhance security to mitigate man-in-the-middle (MITM) attacks. Read all about it here.

    · One min read

    podman logo

    What happens behind the scenes of a rootless Podman container?

    By Dan Walsh GitHub

    Dan Walsh along with Matt Heon have a blog post on the Red Hat Enable Sysadmin site, What happens behind the scenes of a rootless Podman container?. If you ever wanted to know what happens under the covers of a rootless container, this is the article for you!

    - + \ No newline at end of file diff --git a/blogs/page/15.html b/blogs/page/15.html index 88a93ac1d..43552c810 100644 --- a/blogs/page/15.html +++ b/blogs/page/15.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    · One min read

    · One min read

    A number of blog posts were posted over the past month and given the holiday crunch, we didn't get them listed on the site. So as a catch up, checkout the Blog posts on the Web blog which has a number of links on it to those great articles and videos.

    · One min read

    The new API for Podman, referred to as apiv2, has been merged into the libpod repository. It's a simpler REST API that's more compatible with Docker implementations than the varlink protocol that's currently in use. For more details, see this release announcement by Brent Baude.

    · 3 min read

    podman logo

    By Brent Baude GitHub

    If you follow the traffic on IRC (#podman on libera.chat) or GitHub from the developers of libpod, you might have seen us referencing a new API. We often referred to it as apiv2 and for about a month, there has been an 'apiv2' branch for libpod on GitHub. This week, we have begun to merge that branch but have yet to “wire it up.”

    First and foremost, the Golang libpod API remains largely unchanged. What is changing is the API we expose for automation and remote usage. Our previous API was based on the varlink protocol. But we heard from users that varlink was a hurdle for libpod adoption especially for those who were using the Docker API and its bindings. They simply could not or did not want to rewrite their custom applications for libpod’s new, varlink-based API.

    · 10 min read

    podman logo

    Bioinformatics with rootless podman

    By Valentin Rothberg GitHub

    Over the last 10 years I've seen machines and workflows evolve where I work. From the initial dedicated server, to hpc environments and now the latest instance, containers.

    From an admin point of view this is great - The initial servers had to be carefully built and maintained so that everything would work nicely together. Incompatible programs at that time were run through a VM until such time as they could be folded in to the mix.

    The HPC's had versioned software and environment modules and were built to load the relevant dependencies at run time.

    Now we are into a new era, containers - and not just any old containers, but containers that end users can build and run up fairly quickly to perform what-if's, and move on quickly through iterations until they perform the required functions.

    Podman has developed very rapidly and is incredibly easy to use. You can use it in conjunction with quay.io or run it on a local machine.

    I should add that Adrian Reber gave a talk and has also created a Podman article using openhpc; well worth a watch and a read.

    If you don't have a RedHat Developer Subscription now is an ideal time to get one:

    https://developers.redhat.com/articles/getting-red-hat-developer-subscription-what-rhel-users-need-know/

    ..and download RedHat Enterprise 8.1

    - + \ No newline at end of file diff --git a/blogs/page/16.html b/blogs/page/16.html index e7e662a99..6ec658560 100644 --- a/blogs/page/16.html +++ b/blogs/page/16.html @@ -12,13 +12,13 @@ - +

    · One min read

    podman logo

    Running containers with Podman and shareable systemd services

    By Bryan Hepworth GitHub

    Podman version 1.7 is coming out soon and will include new features that will make management of containers with systemd services even easier. Valentin Rothberg has a blog post on the Red Hat Enable Sysadmin site that previews the features: Running containers with Podman and shareable systemd services. In the post Valentin goes over the highlights and then gives a great working example.

    · One min read

    Do you want to know how to setup RHEL 8 to run containers using Podman? Xuegang Jin has a blog post on the Red Hat Blog about this very subject, Working with Linux containers on RHEL 8 with Podman, image builder and web console. In the post Xuegang shows you how you can use Image Builder to create an OS image, how to run containers with Podman, and how to check the host and containers performance using Web Console.

    · One min read

    podman logo

    Working with Linux containers on RHEL 8 with Podman, image builder and web console

    By Tom Sweeney GitHub

    Do you want to know how to setup RHEL 8 to run containers using Podman? Xuegang Jin has a blog post on the Red Hat Blog about this very subject, Working with Linux containers on RHEL 8 with Podman, image builder and web console. In the post Xuegang explains how you can use Image Builder to create an OS image, how to run containers with Podman, and how to check the host and containers performance using Web Console.

    · One min read

    podman logo

    Understanding root inside and outside a container

    By Tom Sweeney GitHub

    Do you run containers as root, or as a regular user? Scott McCarty has a blog post on the Red Hat Blog about this very subject, Understanding root inside and outside a container. In the post Scott walks you through what a rootless container does and how it can be a safer alternative to a container run by root.

    - + \ No newline at end of file diff --git a/blogs/page/17.html b/blogs/page/17.html index e48fc391e..a4dbd6390 100644 --- a/blogs/page/17.html +++ b/blogs/page/17.html @@ -12,13 +12,13 @@ - +

    · One min read

    podman logo

    Leasing routable IP addresses with Podman containers

    By Brent Baude GitHub

    Brent Baude has another blog post on the Red Hat Enable Sysadmin site this time about Leasing routable IP addresses with Podman containers. In the post Brent talks about using the macvlan and the dhcp plugins that ship with the container-networking project in order to lease ip addresses for your containers.

    · One min read

    podman logo

    Building freely distributed containers with open tools

    By Tom Sweeney GitHub

    Scott McCarty (@fatherlinux) has an amazing video on YouTube about Building freely distributed containers with open tools. As only Scott could say "Although explaining how to ride a Tron-style light cycle is beyond the scope of this tutorial, we will discuss something almost as exhilarating—building containers with #Podman and #RedHat Universal Base Image (UBI). We will cover how to build and run #containers based on #UBI using just your regular user account—no daemon, no root (rootless), no fuss. Finally, we will order the deresolution of all of our containers with a really cool command. You probably won’t be promoted to CEO of ENCOM after this talk, but you will have new tools in your toolbelt for how to find, run, build, and share container images."

    · One min read

    Scott McCarty (@fatherlinux) has an amazing video on YouTube about Building freely distributed containers with open tools. As only Scott could say "Although explaining how to ride a Tron-style light cycle is beyond the scope of this tutorial, we will discuss something almost as exhilarating—building containers with #Podman and #RedHat Universal Base Image (UBI). We will cover how to build and run #containers based on #UBI using just your regular user account—no daemon, no root (rootless), no fuss. Finally, we will order the deresolution of all of our containers with a really cool command. You probably won’t be promoted to CEO of ENCOM after this talk, but you will have new tools in your toolbelt for how to find, run, build, and share container images."

    · One min read

    podman logo

    Basic security principles for containers and container runtimes

    By Brent Baude GitHub

    Brent Baude has another blog post on the Red Hat Enable Sysadmin site this time about Basic security principles for containers and container runtimes. In the post Brent talks about the three core security themes concerning containers and why user privileges matter in the space.

    - + \ No newline at end of file diff --git a/blogs/page/18.html b/blogs/page/18.html index 85cc453e3..e07331c4b 100644 --- a/blogs/page/18.html +++ b/blogs/page/18.html @@ -12,7 +12,7 @@ - + @@ -22,7 +22,7 @@ introduced how Podman can be used to run containers under the control of Open MPI. In this article I want to extend my HPC environment to use a shared NFS home directory.

    · One min read

    podman logo

    PMM Server + podman: Running a Container Without root Privileges

    By Tom Sweeney GitHub

    Ceri Williams talks about how the Percona Monitoring and Management (PMM) can be run in a container using Podman without root privileges here. In the post Ceri talks about how Percona was able to replace Docker with Podman and Buildah and are able to run containers more securely by doing so.

    · One min read

    Ceri Williams talks about how the Percona Monitoring and Management (PMM) can be run in a container using Podman without root privileges here. In the post Ceri talks about how Percona was able to replace Docker with Podman and Buildah and are able to run containers more securely by doing so.

    · 11 min read

    podman logo

    Generate SECCOMP Profiles for Containers Using Podman and eBPF

    By Valentin Rothberg GitHub

    Containers run everywhere. They run in the cloud, they run on IoT devices, they run in small and in big companies and wherever they run, we want them to run as securely as possible. In this article, I describe the Google Summer of Code project that Divyansh Kamboj, Dan Walsh and I have been working on and how we improved the state of the art in securing containers, and how you can try it out.

    - + \ No newline at end of file diff --git a/blogs/page/19.html b/blogs/page/19.html index 3ef62fa65..ee3bf2bc0 100644 --- a/blogs/page/19.html +++ b/blogs/page/19.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    · One min read

    Valentin Rothberg checks in with the "Generate SECCOMP Profiles for Containers Using Podman and eBPF" blog here. In the article Valentin introduces the OCI seccomp hook which allows you to trace the syscalls of a container and then runs through a working example.

    · One min read

    Saharsh Singh talks about how he's moved on from his Docker daemon and moved on to Podman, Buildah and Skopeo here on the Red Hat Service Blog site. Saharsh walks you through a history of container tools and then talks about Podman, Buildah and Skopeo with a lot of great examples.

    · 5 min read

    podman logo

    Podman in HPC environments

    By Adrian Reber GitHub

    A High-Performance Computing (HPC) environment can mean a lot of things, but in this article I want to focus on running Message Passing Interface (MPI) parallelized programs with the help of Podman.

    · One min read

    Adrian Reber talks all about the Message Passing Interface (MPI) in a High-Performance Computing (HPC) environment with the help of Podman here. Adrian provides a nice walk through of how he accomplished this and then explains each of his steps in great detail.

    - + \ No newline at end of file diff --git a/blogs/page/2.html b/blogs/page/2.html index 4ddbd1749..f73d9fcd5 100644 --- a/blogs/page/2.html +++ b/blogs/page/2.html @@ -12,7 +12,7 @@ - + @@ -38,7 +38,7 @@ changes around volume mounts in subsequent Podman releases (i.e. default mounts, technology used to make the mount).

    · 2 min read

    podman logo

    Podman 4 is not in Fedora 35

    Podman 4 will not officially ship in Fedora 35 because it has breaking changes from Podman 3. Fedora has well-founded policies that forbid updating a package in a Fedora release, like 35, that has breaking changes. This is true for most Linux distributions that are dependent on release versions.

    - + \ No newline at end of file diff --git a/blogs/page/20.html b/blogs/page/20.html index bb7654c80..dc4dd643c 100644 --- a/blogs/page/20.html +++ b/blogs/page/20.html @@ -12,14 +12,14 @@ - +

    · One min read

    podman logo

    Why can’t rootless Podman pull my image?

    By Matthew Heon GitHub

    Matthew Heon has a blog post on the Red Hat Enable Sysadmin site about Why can’t rootless Podman pull my image?. In the blog Matt discusses why restrictions on rootless containers can be inconvenient, but why they're necessary. In the blog Matt covers the use of user namespace and the allocations of uid and gid's that are required to make rootless containers work securely in your environment.

    · One min read

    podman logo

    Best practices for running Buildah in a container

    By Dan Walsh GitHub

    Dan Walsh has recently posted a blog on the Red Hat Developer Blog, Best practices for running Buildah in a container. The post walks you through the balancing act of running a container securely using while keeping an eye on performance. A big boost to the performance side of things is the concept of "Additional Stores". Dan walks you through the use of those in this blog and then wraps it all up with an on-line video at the end.

    · One min read

    Dan Walsh has recently posted a blog on the Red Hat Developer Blog, Best practices for running Buildah in a container. The post walks you through the balancing act of running a container securely using Podman while keeping an eye on performance. A big boost to the performance side of things is the concept of "Additional Stores". Dan walks you through the use of those in this blog and then wraps it all up with an on-line video at the end.

    · One min read

    podman logo

    Using the rootless containers Tech Preview in RHEL 8.0

    By Tom Sweeney GitHub

    Scott McCarty has a blog post on the Red Hat Blog about Using the rootless containers Tech Preview in RHEL 8.0. Podman rootless containers has hit Tech Preview for RHEL 8.0 and Scott walks you through the setup necessary for rootless containers. Small hint, it's a short post because it's just that easy.

    · One min read

    podman logo

    How templating works with Podman, Kubernetes, and Red Hat OpenShift

    By Tom Sweeney GitHub

    Olaph Wagner has put together a nice introduction on How templating works with Podman, Kubernetes, and Red Hat OpenShift on the IBM Developer blog site. If you want to find out how to use Podman to create images that helps Red Hat OpenShift to make templates on the IBM Cloud(TM), then this is the article for you!

    - + \ No newline at end of file diff --git a/blogs/page/21.html b/blogs/page/21.html index bbf9403e0..e6c8397a1 100644 --- a/blogs/page/21.html +++ b/blogs/page/21.html @@ -12,7 +12,7 @@ - + @@ -24,7 +24,7 @@ Ruby on Rails application in new article on mkdev.me blog: Dockerless, part 3: Moving development environment to containers with Podman.

    · One min read

    Red Hat has recently posted an OnDemand course: Container pipelines for sys admins—and anyone, really—with Buildah and Podman. The session teaches you how to integrate both Podman and Buildah into your continuous delivery (CI/CD) solutions and also serves as a good introduction to both tools. The cost can't be beat (free!), so if you're looking for a quick introduction into the tools, this is a good way to go.

    · One min read

    podman logo

    OnDemand Course: Container pipelines for sys admins—and anyone, really—with Buildah and Podman

    By Tom Sweeney GitHub

    Red Hat has recently posted an OnDemand course: Container pipelines for sys admins—and anyone, really—with Buildah and Podman. The session teaches you how to integrate both Podman and Buildah into your continuous delivery (CI/CD) solutions and also serves as a good introduction to both tools. The cost can't be beat (free!), so if you're looking for a quick introduction into the tools, this is a good way to go.

    - + \ No newline at end of file diff --git a/blogs/page/22.html b/blogs/page/22.html index 57f921ac2..44a7ca591 100644 --- a/blogs/page/22.html +++ b/blogs/page/22.html @@ -12,14 +12,14 @@ - +

    · 2 min read

    podman logo

    Podman Mailing List

    By Tom Sweeney GitHub

    We've received a number of requests for a mailing list for Podman and we're happy to announce that one has just been created! We've built a friendly community on IRC and GitHub and plan to continue that growth in this new mailing list. The maintainers of the project are all members of the list and we're happy to take any and all questions there about Podman. You can also just use the list as a way to track what's going on with Podman as release announcements and other important news will be posted there.

    · One min read

    We've received a number of requests for a mailing list for Podman and we're happy to announce that one has just been created! We've built a friendly community on IRC and GitHub and plan to continue that growth in this new mailing list. The maintainers of the project are all members of the list and we're happy to take any and all questions there about Podman. You can also just use the list as a way to track what's going on with Podman as release announcements and other important news will be posted there.

    Get all the details on this blog post!

    · One min read

    Red Hat Developer recently posted a new Podman Cheat Sheet on their blog. It's a handy guide that cover the commands that focus on images, containers and container resources. Check it out!

    · One min read

    podman logo

    Monitoring container vitality and availability with Podman

    By Brent Baude GitHub

    Who doesn't want a healthy container in their environment? Now with Podman you can setup healthchecks so you can check if your container and it's application is up and running as you'd expect. Brent Baude introduces the new functionality in this article on the Red Hat Developer Blog: Monitoring container vitality and availability with Podman.

    - + \ No newline at end of file diff --git a/blogs/page/23.html b/blogs/page/23.html index c24b27980..7fd0b9196 100644 --- a/blogs/page/23.html +++ b/blogs/page/23.html @@ -12,7 +12,7 @@ - + @@ -32,7 +32,7 @@ Podman machine

    · 3 min read

    boot2podman logo

    Podman Machine and Boot2podman

    By Anders F Björklund GitHub

    Update: September 9, 2021 - Tom Sweeney

    This post initially discussed the boot2podman/machine project, which Anders has since deprecated. Starting with Podman v3.3, the podman machine command now does that same function and is part of the Podman project. Please see Brent Baude's update or the podman machine man page on docs.podman.io for more information on how to run Podman machine. The podman-machine command has been deprecated.

    In addition, the Podman team is investigating the possibility of creating Podman Desktop. Please see the issue on GitHub, and please add your comments or thoughts to that issue.

    More updates are coming, and please keep your eye on the Podman Mailing List and podman.io for further information and developments.

    Finally, a very big thank you to Anders for his many contributions to Podman, particularly for his work in getting Podman to work smoothly on macOS.

    Original Post

    By using podman-machine and indirectly boot2podman, it is easy to get started with podman even if your local host does not support it...

    It will start a virtual machine, with everything to run containers. This includes podman and buildah, and remote access over varlink.

    - + \ No newline at end of file diff --git a/blogs/page/24.html b/blogs/page/24.html index 99062fe54..b33b01772 100644 --- a/blogs/page/24.html +++ b/blogs/page/24.html @@ -12,7 +12,7 @@ - + @@ -34,7 +34,7 @@ Podman containers.

    Read More

    - + \ No newline at end of file diff --git a/blogs/page/25.html b/blogs/page/25.html index 8a94acc1f..970f5783e 100644 --- a/blogs/page/25.html +++ b/blogs/page/25.html @@ -12,7 +12,7 @@ - + @@ -22,7 +22,7 @@ In fact, this job can be done by external tools and this blog post describes how we can use the systemd initialization service to work with Podman containers.

    · One min read

    If you've missed the news so far, CoreOS was acquired by Red Hat at the beginning of 2018. This also means some changes for Buildah and Podman.

    Buildah and Podman were previously projects within Project Atomic which is going to be sunset in favor of an immutable host combination of Container Linux and Fedora Atomic Host: this combination is called Fedora CoreOS. We therefore welcome you to the new websites, buildah.io and podman.io where you will find news, announcements, and more around the respective projects.

    To start it up, check out the new Blogs and Releases sections on the site.

    · 6 min read

    podman logo

    Python3 support for Podman

    By Jhon Honce GitHub

    You’ve learned of Podman and all it’s coolness for running OCI-based containers, but you need a solution that is repeatable and scripted. Rather than just executing Podman commands, you want a stable API to call into and not need to screen scrape the output.

    We heard you and now provide a Python package, python3-podman. This package allows you to access the facilities of a Podman service with #nobigfatdaemons.

    - + \ No newline at end of file diff --git a/blogs/page/3.html b/blogs/page/3.html index d2a4edefd..fd66bb2fa 100644 --- a/blogs/page/3.html +++ b/blogs/page/3.html @@ -12,7 +12,7 @@ - + @@ -24,7 +24,7 @@ Skopeo container tools to produce an image that supports multiple architectures under a single "name".

    - + \ No newline at end of file diff --git a/blogs/page/4.html b/blogs/page/4.html index 3f6bf8d0b..eb6232903 100644 --- a/blogs/page/4.html +++ b/blogs/page/4.html @@ -12,7 +12,7 @@ - + @@ -30,7 +30,7 @@ Checkout the Podman Posts of Interest for the links!

    - + \ No newline at end of file diff --git a/blogs/page/5.html b/blogs/page/5.html index 3fd7b13df..94564b44a 100644 --- a/blogs/page/5.html +++ b/blogs/page/5.html @@ -12,7 +12,7 @@ - + @@ -28,7 +28,7 @@ May the Fourth be with you via Podman post, I delve into running an Ascii movie featureing the first Star Wars Movie inside of a container run by Podman.

    Enjoy and May the Fourth be with you!

    - + \ No newline at end of file diff --git a/blogs/page/6.html b/blogs/page/6.html index 888126f2b..d173da9f2 100644 --- a/blogs/page/6.html +++ b/blogs/page/6.html @@ -12,7 +12,7 @@ - + @@ -32,7 +32,7 @@ to the posts. Checkout the Podman Posts of Interest for the links!

    · One min read

    podman logo

    Podman: Managing pods and containers in a local container runtime

    By Brent Baude GitHub

    Podman has the ability to handle pod deployment which is a differentiator from other container runtimes. Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Podman: Managing pods and containers in a local container runtime. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    - + \ No newline at end of file diff --git a/blogs/page/7.html b/blogs/page/7.html index e15bea57a..6c9713aba 100644 --- a/blogs/page/7.html +++ b/blogs/page/7.html @@ -12,7 +12,7 @@ - + @@ -30,7 +30,7 @@ opensourcers.org which talks about the basics of containers, how digests and manifests come into play, working with and creating multi-architecture images and more! It is a really nice discussion of all the pieces and parts of a container image for someone new to the technology right through people who are a lot more experienced, but might not know every nook and cranny.

    · 2 min read

    podman logo

    Podman API v1.0 and libpod.conf Removal Notice

    By Tom Sweeney GitHub

    On August 1, 2020, the Podman team posted a Podman API v1.0 Deprecation and Removal notice. As noted in that document, the Podman API v1.0 relied on the varlink library to handle the underlying client/server calls from the Podman client to the host where the Podman service was running. The support for the varlink library was greatly reduced in the spring of 2020. This led the Podman team to investigate the use of other client/server technologies and it was decided to develop a RESTful API for Podman using the native Go libraries.

    - + \ No newline at end of file diff --git a/blogs/page/8.html b/blogs/page/8.html index 7966f1204..252d170c3 100644 --- a/blogs/page/8.html +++ b/blogs/page/8.html @@ -12,7 +12,7 @@ - + @@ -24,7 +24,7 @@ to the posts. Checkout the Podman Posts of Interest for the links!

    · One min read

    podman logo

    Container image short names in Podman

    By Tom Sweeney GitHub

    Do you like you container names to be short, sweet and yet secure? Valentin Rothberg shows you how in a recent blog post on the Red Hat Enable Sysadmin site, Container image short names in Podman. This functionality is now available in the upstream version of Podman and is targeted for Podman v3.0.

    · One min read

    podman logo

    The history of an API: GitLab Runner and Podman

    By Tom Sweeney GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, The history of an API: GitLab Runner and Podman, Pablo Greco from the CentOS QA team in Buenos Aires, Argentia documented his journey through a Podman and GitLab Runner integration. When Podman v2.2 arrives, GitLab Runner will be able to run with Podman right out of the box. Give the article a read to see how he got there.

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, The history of an API: GitLab Runner and Podman, Pablo Greco from the CentOS QA team in Buenos Aires, Argentia documented his journey through a Podman and GitLab Runner integration. When Podman v2.2 arrives, GitLab Runner will be able to run with Podman right out of the box. Give the article a read to see how he got there.

    · One min read

    podman logo

    Exploring Podman RESTful API using Python and Bash

    By Jhon Honce GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, Exploring Podman RESTful API using Python and Bash, Jhon Honce nicely demonstrates the new Podman REST API using code examples in Python and shell commands. Additional notes are included in the code comments. The provided code was written to be clear vs. production quality.

    - + \ No newline at end of file diff --git a/blogs/page/9.html b/blogs/page/9.html index 30caa9eb6..7de771c84 100644 --- a/blogs/page/9.html +++ b/blogs/page/9.html @@ -12,7 +12,7 @@ - + @@ -27,7 +27,7 @@ post.

    · One min read

    podman logo

    DevConf US 2020 Containers Technologies Talk

    By Tom Sweeney GitHub

    In case you missed Kedar Kulkarni's excellent talk at DevConf.US 2020, "Docker, Podman, Buildah, Skopeo, and what else?", check out the video on YouTube. There were also a number of other interesting talks at DevConf.US 2020 that you might be interested in, you'll be able to find links to the talks at the DevConf.US site above.

    · One min read

    By Tom Sweeney GitHub

    In case you missed Kedar Kulkarni's excellent talk at DevConf.US 2020, "Docker, Podman, Buildah, Skopeo, and what else?", check out the video on YouTube. There were also a number of other interesting talks at DevConf.US 2020 that you might be interested in, you'll be able to find links to the talks at the DevConf.US site above.

    · One min read

    podman logo

    Podman Security Issue

    Today, we're releasing updates to fix CVE-2020-14370, a security issue in Podman. This is a medium-severity information disclosure vulnerability that affects containers created using Podman’s Varlink API or the Docker-compatible version of its REST API. If two or more containers are created using these APIs, and the first container had environment variables added to it when it was created, all subsequent containers created using the Varlink or Docker-compatible REST APIs will also have these environment variables added. This effect does not persist after restarting the Podman API service.

    Podman v2.0.5 and higher contain a fix for the CVE. If you use either of these APIs, please update to Podman v2.0.5 or later. We will also be patching the long-term support v1.6.4 release used in RHEL and CentOS.

    · One min read

    podman logo

    Podman Posts of Interest

    By Brent Baude GitHub

    · One min read

    I've run across a number of posts over the past few weeks concerning Podman and have been busy getting other work done. So now I have a few moments and thought I'd add some links to the posts. Enjoy!

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, Podman remote clients for macOS and Windows, Brent Baude and Ashley Cui walk you through setting up a remote client on either Windows or macOS to let you manage your containers and images on your Linux backend. The post covers installation, ssh setup, creating the initial connection and finally how to use the client. Give it a quick look!

    · One min read

    podman logo

    Podman remote clients for macOS and Windows

    By Brent Baude GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, Podman remote clients for macOS and Windows, Brent Baude and Ashley Cui walk you through setting up a remote client on either Windows or macOS to let you manage your containers and images on your Linux backend. The post covers installation, ssh setup, creating the initial connection and finally how to use the client. Give it a quick look!

    - + \ No newline at end of file diff --git a/blogs/tags.html b/blogs/tags.html index fc0fde71e..333326dea 100644 --- a/blogs/tags.html +++ b/blogs/tags.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/blogs/tags/aardvark-dns.html b/blogs/tags/aardvark-dns.html index c86d5d774..b26c1f2ba 100644 --- a/blogs/tags/aardvark-dns.html +++ b/blogs/tags/aardvark-dns.html @@ -12,13 +12,13 @@ - +

    2 posts tagged with "aardvark-dns"

    View All Tags
    - + \ No newline at end of file diff --git a/blogs/tags/aardvark.html b/blogs/tags/aardvark.html index b3a4fd640..c8b282989 100644 --- a/blogs/tags/aardvark.html +++ b/blogs/tags/aardvark.html @@ -12,13 +12,13 @@ - +

    2 posts tagged with "aardvark"

    View All Tags
    - + \ No newline at end of file diff --git a/blogs/tags/api.html b/blogs/tags/api.html index f958ac7eb..eff17e368 100644 --- a/blogs/tags/api.html +++ b/blogs/tags/api.html @@ -12,7 +12,7 @@ - + @@ -30,7 +30,7 @@ Checkout the Podman Posts of Interest for the links!

    - + \ No newline at end of file diff --git a/blogs/tags/api/page/2.html b/blogs/tags/api/page/2.html index 4b401e070..993390a2c 100644 --- a/blogs/tags/api/page/2.html +++ b/blogs/tags/api/page/2.html @@ -12,7 +12,7 @@ - + @@ -21,7 +21,7 @@ on Apple silicon hardware like the M1s.

    · 3 min read

    podman logo

    Podman on Macs Update

    By Brent Baude GitHub

    The Podman team values the local development experience, and we think containers are a crucial part of that. We’ve been brainstorming, discussing, and testing solutions to bring a great Podman experience to Mac and Windows. We are constantly looking for ways to improve it. In particular, the latest release of Podman has support for Intel(as of Podman v3.4) Macs. We have been hearing good feedback for a few weeks now, but up until this point, we haven’t published a lot of documentation.

    - + \ No newline at end of file diff --git a/blogs/tags/api/page/3.html b/blogs/tags/api/page/3.html index 69fa3a31d..f6ae2f0ad 100644 --- a/blogs/tags/api/page/3.html +++ b/blogs/tags/api/page/3.html @@ -12,7 +12,7 @@ - + @@ -30,7 +30,7 @@ May the Fourth be with you via Podman post, I delve into running an Ascii movie featureing the first Star Wars Movie inside of a container run by Podman.

    Enjoy and May the Fourth be with you!

    - + \ No newline at end of file diff --git a/blogs/tags/api/page/4.html b/blogs/tags/api/page/4.html index 2760b35a7..85f16e9b8 100644 --- a/blogs/tags/api/page/4.html +++ b/blogs/tags/api/page/4.html @@ -12,7 +12,7 @@ - + @@ -26,7 +26,7 @@ to the posts. Checkout the Podman Posts of Interest for the links!

    · One min read

    podman logo

    Podman: Managing pods and containers in a local container runtime

    By Brent Baude GitHub

    Podman has the ability to handle pod deployment which is a differentiator from other container runtimes. Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Podman: Managing pods and containers in a local container runtime. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    · One min read

    Podman has the ability to handle pod deployment which is a differentiator from other container runtimes. Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Podman: Managing pods and containers in a local container runtime. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    · One min read

    One of the questions that the Podman development team has been hearing a lot over the past year or so is "Does Podman support Docker Compose? Up until recently, the answer was "not yet". With the soon to be released Podman v3.0, that answer changes to "NOW!" Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Using Podman and Docker Compose. This functionality is now available in the upstream version of Podman if you want to take a real sneak peak.

    · One min read

    podman logo

    Using Podman and Docker Compose

    By Brent Baude GitHub

    One of the questions that the Podman development team has been hearing a lot over the past year or so is "Does Podman support Docker Compose? Up until recently, the answer was "not yet". With the soon to be released Podman v3.0, that answer changes to "NOW!" Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Using Podman and Docker Compose. This functionality is now available in the upstream version of Podman if you want to take a real sneak peak.

    - + \ No newline at end of file diff --git a/blogs/tags/api/page/5.html b/blogs/tags/api/page/5.html index 82c933d30..771dcb798 100644 --- a/blogs/tags/api/page/5.html +++ b/blogs/tags/api/page/5.html @@ -12,7 +12,7 @@ - + @@ -36,7 +36,7 @@ to the posts. Checkout the Podman Posts of Interest for the links!

    - + \ No newline at end of file diff --git a/blogs/tags/api/page/6.html b/blogs/tags/api/page/6.html index a3a28263f..0cc213812 100644 --- a/blogs/tags/api/page/6.html +++ b/blogs/tags/api/page/6.html @@ -12,7 +12,7 @@ - + @@ -23,7 +23,7 @@ post.

    · One min read

    podman logo

    DevConf US 2020 Containers Technologies Talk

    By Tom Sweeney GitHub

    In case you missed Kedar Kulkarni's excellent talk at DevConf.US 2020, "Docker, Podman, Buildah, Skopeo, and what else?", check out the video on YouTube. There were also a number of other interesting talks at DevConf.US 2020 that you might be interested in, you'll be able to find links to the talks at the DevConf.US site above.

    · One min read

    By Tom Sweeney GitHub

    In case you missed Kedar Kulkarni's excellent talk at DevConf.US 2020, "Docker, Podman, Buildah, Skopeo, and what else?", check out the video on YouTube. There were also a number of other interesting talks at DevConf.US 2020 that you might be interested in, you'll be able to find links to the talks at the DevConf.US site above.

    · One min read

    podman logo

    Podman Posts of Interest

    By Brent Baude GitHub

    · One min read

    I've run across a number of posts over the past few weeks concerning Podman and have been busy getting other work done. So now I have a few moments and thought I'd add some links to the posts. Enjoy!

    - + \ No newline at end of file diff --git a/blogs/tags/api/page/7.html b/blogs/tags/api/page/7.html index c3d09e766..ca2efe0bd 100644 --- a/blogs/tags/api/page/7.html +++ b/blogs/tags/api/page/7.html @@ -12,7 +12,7 @@ - + @@ -23,7 +23,7 @@ direct route to a production ready application. More details from Lokesh Mandvekar and Parker Van Roy in this post.

    - + \ No newline at end of file diff --git a/blogs/tags/api/page/8.html b/blogs/tags/api/page/8.html index 7ee4e34e7..427e2363a 100644 --- a/blogs/tags/api/page/8.html +++ b/blogs/tags/api/page/8.html @@ -12,14 +12,14 @@ - +

    83 posts tagged with "api"

    View All Tags

    · 2 min read

    podman logo

    Podman REST API and Docker compatibility

    By Matthew Heon GitHub

    Versioning the REST API

    Podman v2.0.0 launched recently, and with it the REST API. We’ve seen a great deal of excitement with this new API because of what it will enable - enabling applications and automation to use Podman when the could previously only use Docker. As you may know, Podman’s REST API is split into two halves: one providing a Docker-compatible API, and a Libpod API providing support for Podman’s unique features such as pods. We would love for all projects to eventually grow to support for our native Libpod API, but this will take time (and may be impossible for older, no longer maintained projects). As such, we need to talk about the Compatibility API and how it can be used.

    · One min read

    The local Podman v2 client is complete. It is passing all of its rootful and rootless system and integration tests.

    The CI/CID tests have been re-enabled upstream and are run with each pull request submission. We are now hard at work finishing up some of the core podman-remote functions. Once those functions are complete, we can then begin to run our podman-remote system and integration tests to catch any regressions.

    More details in the announcement post.

    · 2 min read

    podman logo

    Update on Podman v2

    By Brent Baude GitHub

    A few weeks ago, we made an announcement about the development of Podman V2. In the announcement, we mentioned that the state of upstream code would be jumbled for a while and that we would be temporarily disabling many of our CI/CD tests. The upstream development team has been hard at work, and we are starting to see that work pay off.

    Today, we are very excited to announce:

    The local Podman v2 client is complete. It is passing all of its rootful and rootless system and integration tests.

    The CI/CID tests have been re-enabled upstream and are run with each pull request submission. We are now hard at work finishing up some of the core podman-remote functions. Once those functions are complete, we can then begin to run our podman-remote system and integration tests to catch any regressions.

    We have re-enabled the autobuilds for Podman v2 in Fedora rawhide. As mentioned earlier, the Podman remote client is not complete, so that binary is temporarily being removed from the RPM. It will be re-added when the remote client is complete. As a corollary, the Windows and OS/X clients are also not being compiled or tested. This will occur once the remote client for Linux is complete.

    We encourage you to pull the latest upstream Podman code and exercise it with your use cases to help us protect against regressions from Podman v1. We hope to make a full Podman v2.0 release in several weeks, once we are confident it is stable. We look forward to hearing what you think, and please do not hesitate to raise issues and comments on this in our GitHub repository, our Freenode IRC channel #podman, or to the Podman mailing list.

    We’re very excited to bring Podman v2.0 to you as it offers a lot more flexibility through it’s new REST API interface and adds several enhancements to the existing commands. If your project builds on top of Podman, we would especially love to have you test this new version out so we can ensure complete compatibility with Podman v1.0 and address any issues found ASAP.

    Note: This announcement was first released to the Podman mailing list. If you are not yet a member of that community, please join us by sending an email to podman-join@lists.podman.io with the word “subscribe” as the title.

    - + \ No newline at end of file diff --git a/blogs/tags/api/page/9.html b/blogs/tags/api/page/9.html index 3dc74118a..a187da0cd 100644 --- a/blogs/tags/api/page/9.html +++ b/blogs/tags/api/page/9.html @@ -12,7 +12,7 @@ - + @@ -42,7 +42,7 @@ advancements that Podman v2.x will give our users. Subsequent blog posts will be written on those advancements and why they matter to our users.

    · 3 min read

    podman logo

    By Brent Baude GitHub

    If you follow the traffic on IRC (#podman on libera.chat) or GitHub from the developers of libpod, you might have seen us referencing a new API. We often referred to it as apiv2 and for about a month, there has been an 'apiv2' branch for libpod on GitHub. This week, we have begun to merge that branch but have yet to “wire it up.”

    First and foremost, the Golang libpod API remains largely unchanged. What is changing is the API we expose for automation and remote usage. Our previous API was based on the varlink protocol. But we heard from users that varlink was a hurdle for libpod adoption especially for those who were using the Docker API and its bindings. They simply could not or did not want to rewrite their custom applications for libpod’s new, varlink-based API.

    - + \ No newline at end of file diff --git a/blogs/tags/automation.html b/blogs/tags/automation.html index 28b61ea47..f95d7a657 100644 --- a/blogs/tags/automation.html +++ b/blogs/tags/automation.html @@ -12,7 +12,7 @@ - + @@ -23,7 +23,7 @@ is so big, most readers would end up on the floor, sound asleep, in a puddle of their own drool.  Instead, I will keep your fidget-spinner twirling, by jumping around several topics.

    - + \ No newline at end of file diff --git a/blogs/tags/bindings.html b/blogs/tags/bindings.html index d59bb8bb8..ba12f545e 100644 --- a/blogs/tags/bindings.html +++ b/blogs/tags/bindings.html @@ -12,7 +12,7 @@ - + @@ -27,7 +27,7 @@ using a set of Go based bindings is probably a more direct route to a production ready application. Let’s take a look at how easily that can be accomplished.

    - + \ No newline at end of file diff --git a/blogs/tags/bioinformatics.html b/blogs/tags/bioinformatics.html index 673b8deac..06f1ba629 100644 --- a/blogs/tags/bioinformatics.html +++ b/blogs/tags/bioinformatics.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    One post tagged with "bioinformatics"

    View All Tags

    · 10 min read

    podman logo

    Bioinformatics with rootless podman

    By Valentin Rothberg GitHub

    Over the last 10 years I've seen machines and workflows evolve where I work. From the initial dedicated server, to hpc environments and now the latest instance, containers.

    From an admin point of view this is great - The initial servers had to be carefully built and maintained so that everything would work nicely together. Incompatible programs at that time were run through a VM until such time as they could be folded in to the mix.

    The HPC's had versioned software and environment modules and were built to load the relevant dependencies at run time.

    Now we are into a new era, containers - and not just any old containers, but containers that end users can build and run up fairly quickly to perform what-if's, and move on quickly through iterations until they perform the required functions.

    Podman has developed very rapidly and is incredibly easy to use. You can use it in conjunction with quay.io or run it on a local machine.

    I should add that Adrian Reber gave a talk and has also created a Podman article using openhpc; well worth a watch and a read.

    If you don't have a RedHat Developer Subscription now is an ideal time to get one:

    https://developers.redhat.com/articles/getting-red-hat-developer-subscription-what-rhel-users-need-know/

    ..and download RedHat Enterprise 8.1

    - + \ No newline at end of file diff --git a/blogs/tags/boot-2-podman.html b/blogs/tags/boot-2-podman.html index 961bc7a2b..d612d3721 100644 --- a/blogs/tags/boot-2-podman.html +++ b/blogs/tags/boot-2-podman.html @@ -12,13 +12,13 @@ - +

    One post tagged with "boot2podman"

    View All Tags

    · 3 min read

    boot2podman logo

    Podman Machine and Boot2podman

    By Anders F Björklund GitHub

    Update: September 9, 2021 - Tom Sweeney

    This post initially discussed the boot2podman/machine project, which Anders has since deprecated. Starting with Podman v3.3, the podman machine command now does that same function and is part of the Podman project. Please see Brent Baude's update or the podman machine man page on docs.podman.io for more information on how to run Podman machine. The podman-machine command has been deprecated.

    In addition, the Podman team is investigating the possibility of creating Podman Desktop. Please see the issue on GitHub, and please add your comments or thoughts to that issue.

    More updates are coming, and please keep your eye on the Podman Mailing List and podman.io for further information and developments.

    Finally, a very big thank you to Anders for his many contributions to Podman, particularly for his work in getting Podman to work smoothly on macOS.

    Original Post

    By using podman-machine and indirectly boot2podman, it is easy to get started with podman even if your local host does not support it...

    It will start a virtual machine, with everything to run containers. This includes podman and buildah, and remote access over varlink.

    - + \ No newline at end of file diff --git a/blogs/tags/bpf.html b/blogs/tags/bpf.html index 5f93a080a..dca97673b 100644 --- a/blogs/tags/bpf.html +++ b/blogs/tags/bpf.html @@ -12,13 +12,13 @@ - +

    One post tagged with "bpf"

    View All Tags

    · 11 min read

    podman logo

    Generate SECCOMP Profiles for Containers Using Podman and eBPF

    By Valentin Rothberg GitHub

    Containers run everywhere. They run in the cloud, they run on IoT devices, they run in small and in big companies and wherever they run, we want them to run as securely as possible. In this article, I describe the Google Summer of Code project that Divyansh Kamboj, Dan Walsh and I have been working on and how we improved the state of the art in securing containers, and how you can try it out.

    - + \ No newline at end of file diff --git a/blogs/tags/buildah.html b/blogs/tags/buildah.html index 5813d0d3f..c4d7d9aa3 100644 --- a/blogs/tags/buildah.html +++ b/blogs/tags/buildah.html @@ -12,7 +12,7 @@ - + @@ -36,7 +36,7 @@ to produce an image that supports multiple architectures under a single "name". Working with container image manifest lists post!

    · One min read

    podman logo

    Pulling podman images from a container repository

    By Tom Sweeney GitHub

    Tom Sweeney has another blog post on the Red Hat Enable Sysadmin site this time he's writing about Pulling podman images from a container repository. Learn the different varieties of pull that the podman build command can use to speed up or further secure your environment in this post.

    · One min read

    podman logo

    What happens behind the scenes of a rootless Podman container?

    By Dan Walsh GitHub

    Dan Walsh along with Matt Heon have a blog post on the Red Hat Enable Sysadmin site, What happens behind the scenes of a rootless Podman container?. If you ever wanted to know what happens under the covers of a rootless container, this is the article for you!

    - + \ No newline at end of file diff --git a/blogs/tags/buildah/page/2.html b/blogs/tags/buildah/page/2.html index 90e64f941..3c9de8933 100644 --- a/blogs/tags/buildah/page/2.html +++ b/blogs/tags/buildah/page/2.html @@ -12,13 +12,13 @@ - +

    47 posts tagged with "buildah"

    View All Tags

    · One min read

    · One min read

    podman logo

    Running containers with Podman and shareable systemd services

    By Bryan Hepworth GitHub

    Podman version 1.7 is coming out soon and will include new features that will make management of containers with systemd services even easier. Valentin Rothberg has a blog post on the Red Hat Enable Sysadmin site that previews the features: Running containers with Podman and shareable systemd services. In the post Valentin goes over the highlights and then gives a great working example.

    · One min read

    podman logo

    Working with Linux containers on RHEL 8 with Podman, image builder and web console

    By Tom Sweeney GitHub

    Do you want to know how to setup RHEL 8 to run containers using Podman? Xuegang Jin has a blog post on the Red Hat Blog about this very subject, Working with Linux containers on RHEL 8 with Podman, image builder and web console. In the post Xuegang explains how you can use Image Builder to create an OS image, how to run containers with Podman, and how to check the host and containers performance using Web Console.

    · One min read

    podman logo

    Understanding root inside and outside a container

    By Tom Sweeney GitHub

    Do you run containers as root, or as a regular user? Scott McCarty has a blog post on the Red Hat Blog about this very subject, Understanding root inside and outside a container. In the post Scott walks you through what a rootless container does and how it can be a safer alternative to a container run by root.

    · One min read

    podman logo

    Leasing routable IP addresses with Podman containers

    By Brent Baude GitHub

    Brent Baude has another blog post on the Red Hat Enable Sysadmin site this time about Leasing routable IP addresses with Podman containers. In the post Brent talks about using the macvlan and the dhcp plugins that ship with the container-networking project in order to lease ip addresses for your containers.

    · One min read

    podman logo

    Building freely distributed containers with open tools

    By Tom Sweeney GitHub

    Scott McCarty (@fatherlinux) has an amazing video on YouTube about Building freely distributed containers with open tools. As only Scott could say "Although explaining how to ride a Tron-style light cycle is beyond the scope of this tutorial, we will discuss something almost as exhilarating—building containers with #Podman and #RedHat Universal Base Image (UBI). We will cover how to build and run #containers based on #UBI using just your regular user account—no daemon, no root (rootless), no fuss. Finally, we will order the deresolution of all of our containers with a really cool command. You probably won’t be promoted to CEO of ENCOM after this talk, but you will have new tools in your toolbelt for how to find, run, build, and share container images."

    - + \ No newline at end of file diff --git a/blogs/tags/buildah/page/3.html b/blogs/tags/buildah/page/3.html index 0ccf6bb1c..2ca02292a 100644 --- a/blogs/tags/buildah/page/3.html +++ b/blogs/tags/buildah/page/3.html @@ -12,13 +12,13 @@ - +

    47 posts tagged with "buildah"

    View All Tags

    · One min read

    podman logo

    Basic security principles for containers and container runtimes

    By Brent Baude GitHub

    Brent Baude has another blog post on the Red Hat Enable Sysadmin site this time about Basic security principles for containers and container runtimes. In the post Brent talks about the three core security themes concerning containers and why user privileges matter in the space.

    · One min read

    podman logo

    The current adoption status of cgroup v2 in containers

    By Tom Sweeney GitHub

    In case you missed Akihiro Suda's post on Medium.com, The current adoption status of cgroup v2 in containers, here's a quick link to it. In the article Akihiro talks all things cgroup v2 and what changes it promises to bring to the world of containers, and Podman is at the forefront of that change.

    · One min read

    podman logo

    PMM Server + podman: Running a Container Without root Privileges

    By Tom Sweeney GitHub

    Ceri Williams talks about how the Percona Monitoring and Management (PMM) can be run in a container using Podman without root privileges here. In the post Ceri talks about how Percona was able to replace Docker with Podman and Buildah and are able to run containers more securely by doing so.

    · One min read

    podman logo

    Why can’t rootless Podman pull my image?

    By Matthew Heon GitHub

    Matthew Heon has a blog post on the Red Hat Enable Sysadmin site about Why can’t rootless Podman pull my image?. In the blog Matt discusses why restrictions on rootless containers can be inconvenient, but why they're necessary. In the blog Matt covers the use of user namespace and the allocations of uid and gid's that are required to make rootless containers work securely in your environment.

    · One min read

    podman logo

    Best practices for running Buildah in a container

    By Dan Walsh GitHub

    Dan Walsh has recently posted a blog on the Red Hat Developer Blog, Best practices for running Buildah in a container. The post walks you through the balancing act of running a container securely using while keeping an eye on performance. A big boost to the performance side of things is the concept of "Additional Stores". Dan walks you through the use of those in this blog and then wraps it all up with an on-line video at the end.

    - + \ No newline at end of file diff --git a/blogs/tags/buildah/page/4.html b/blogs/tags/buildah/page/4.html index 9783c0c40..14317971a 100644 --- a/blogs/tags/buildah/page/4.html +++ b/blogs/tags/buildah/page/4.html @@ -12,7 +12,7 @@ - + @@ -23,7 +23,7 @@ Ruby on Rails application in new article on mkdev.me blog: Dockerless, part 3: Moving development environment to containers with Podman.

    · One min read

    podman logo

    OnDemand Course: Container pipelines for sys admins—and anyone, really—with Buildah and Podman

    By Tom Sweeney GitHub

    Red Hat has recently posted an OnDemand course: Container pipelines for sys admins—and anyone, really—with Buildah and Podman. The session teaches you how to integrate both Podman and Buildah into your continuous delivery (CI/CD) solutions and also serves as a good introduction to both tools. The cost can't be beat (free!), so if you're looking for a quick introduction into the tools, this is a good way to go.

    · 2 min read

    podman logo

    Podman Mailing List

    By Tom Sweeney GitHub

    We've received a number of requests for a mailing list for Podman and we're happy to announce that one has just been created! We've built a friendly community on IRC and GitHub and plan to continue that growth in this new mailing list. The maintainers of the project are all members of the list and we're happy to take any and all questions there about Podman. You can also just use the list as a way to track what's going on with Podman as release announcements and other important news will be posted there.

    - + \ No newline at end of file diff --git a/blogs/tags/buildah/page/5.html b/blogs/tags/buildah/page/5.html index 6cd749a5a..cdb7a52d2 100644 --- a/blogs/tags/buildah/page/5.html +++ b/blogs/tags/buildah/page/5.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    47 posts tagged with "buildah"

    View All Tags

    · One min read

    podman logo

    Monitoring container vitality and availability with Podman

    By Brent Baude GitHub

    Who doesn't want a healthy container in their environment? Now with Podman you can setup healthchecks so you can check if your container and it's application is up and running as you'd expect. Brent Baude introduces the new functionality in this article on the Red Hat Developer Blog: Monitoring container vitality and availability with Podman.

    · 5 min read

    podman logo buildah logo

    Buildah and Podman Relationship

    By Tom Sweeney GitHub

    Kubernetes installations can be complex with multiple runtime dependencies and runtime engines. CRI-O was created to provide a lightweight runtime for Kubernetes which adds an abstraction layer between the cluster and the runtime that allows for various OCI runtime technologies. However you still have the problem of daemon dependencies in your cluster for builds - I.e. if you are using the cluster for builds you still need a Docker daemon.

    Enter Buildah. Buildah allows you to have a Kubernetes cluster without any Docker daemon for both runtime and builds. Excellent. But what if things go wrong? What if you want to do troubleshooting or debugging of containers in your cluster? Buildah isn’t really built for that, what you need is a client tool for working with containers and the one that comes to mind is Docker CLI - but then you’re back to using the daemon.

    This is where Podman steps in. Podman allows you to do all of the Docker commands without the daemon dependency. With Podman you can run, build (it calls Buildah under the covers for this), modify and troubleshoot containers in your Kubernetes cluster. With the two projects together, you have a well rounded solution for your OCI container image and container needs.

    - + \ No newline at end of file diff --git a/blogs/tags/centos.html b/blogs/tags/centos.html index 3001d787d..7b31e7e5a 100644 --- a/blogs/tags/centos.html +++ b/blogs/tags/centos.html @@ -12,7 +12,7 @@ - + @@ -24,7 +24,7 @@ have made it easier for new users to test the latest-greatest versions of Podman and allow for using it on distributions that do not yet provide it in their main repositories.

    - + \ No newline at end of file diff --git a/blogs/tags/ci.html b/blogs/tags/ci.html index 67adfe215..a787df6f5 100644 --- a/blogs/tags/ci.html +++ b/blogs/tags/ci.html @@ -12,7 +12,7 @@ - + @@ -23,7 +23,7 @@ is so big, most readers would end up on the floor, sound asleep, in a puddle of their own drool.  Instead, I will keep your fidget-spinner twirling, by jumping around several topics.

    - + \ No newline at end of file diff --git a/blogs/tags/cloud.html b/blogs/tags/cloud.html index 993f4d965..0e30d1628 100644 --- a/blogs/tags/cloud.html +++ b/blogs/tags/cloud.html @@ -12,7 +12,7 @@ - + @@ -23,7 +23,7 @@ is so big, most readers would end up on the floor, sound asleep, in a puddle of their own drool.  Instead, I will keep your fidget-spinner twirling, by jumping around several topics.

    - + \ No newline at end of file diff --git a/blogs/tags/community.html b/blogs/tags/community.html index c8b4c9fe8..27a8b757a 100644 --- a/blogs/tags/community.html +++ b/blogs/tags/community.html @@ -12,13 +12,13 @@ - +

    One post tagged with "community"

    View All Tags

    · 3 min read

    podman logo

    By Brent Baude GitHub

    If you follow the traffic on IRC (#podman on libera.chat) or GitHub from the developers of libpod, you might have seen us referencing a new API. We often referred to it as apiv2 and for about a month, there has been an 'apiv2' branch for libpod on GitHub. This week, we have begun to merge that branch but have yet to “wire it up.”

    First and foremost, the Golang libpod API remains largely unchanged. What is changing is the API we expose for automation and remote usage. Our previous API was based on the varlink protocol. But we heard from users that varlink was a hurdle for libpod adoption especially for those who were using the Docker API and its bindings. They simply could not or did not want to rewrite their custom applications for libpod’s new, varlink-based API.

    - + \ No newline at end of file diff --git a/blogs/tags/compose.html b/blogs/tags/compose.html index b9ce12658..b31bcffe7 100644 --- a/blogs/tags/compose.html +++ b/blogs/tags/compose.html @@ -12,13 +12,13 @@ - +

    6 posts tagged with "compose"

    View All Tags

    · One min read

    podman logo

    From Docker Compose to Kubernetes with Podman

    By Brent Baude GitHub

    If you want to know how to use Podman v3.0 to convert Docker Compose YAML to a format that Podman recognizes, Brent Baude explains the "how to" in a recent blog post on the Red Hat Enable Sysadmin site, From Docker Compose to Kubernetes with Podman. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    · One min read

    If you want to know how to use Podman v3.0 to convert Docker Compose YAML to a format that Podman recognizes, Brent Baude explains the "how to" in a recent blog post on the Red Hat Enable Sysadmin site, From Docker Compose to Kubernetes with Podman. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    · One min read

    podman logo

    Podman: Managing pods and containers in a local container runtime

    By Brent Baude GitHub

    Podman has the ability to handle pod deployment which is a differentiator from other container runtimes. Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Podman: Managing pods and containers in a local container runtime. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    · One min read

    Podman has the ability to handle pod deployment which is a differentiator from other container runtimes. Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Podman: Managing pods and containers in a local container runtime. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    · One min read

    One of the questions that the Podman development team has been hearing a lot over the past year or so is "Does Podman support Docker Compose? Up until recently, the answer was "not yet". With the soon to be released Podman v3.0, that answer changes to "NOW!" Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Using Podman and Docker Compose. This functionality is now available in the upstream version of Podman if you want to take a real sneak peak.

    · One min read

    podman logo

    Using Podman and Docker Compose

    By Brent Baude GitHub

    One of the questions that the Podman development team has been hearing a lot over the past year or so is "Does Podman support Docker Compose? Up until recently, the answer was "not yet". With the soon to be released Podman v3.0, that answer changes to "NOW!" Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Using Podman and Docker Compose. This functionality is now available in the upstream version of Podman if you want to take a real sneak peak.

    - + \ No newline at end of file diff --git a/blogs/tags/containers.html b/blogs/tags/containers.html index f3caedf58..1267056da 100644 --- a/blogs/tags/containers.html +++ b/blogs/tags/containers.html @@ -12,7 +12,7 @@ - + @@ -44,7 +44,7 @@ macvlan without a gateway address. New packages for Fedora 36 and the Podman4 COPR are being built and should be available shortly.

    - + \ No newline at end of file diff --git a/blogs/tags/containers/page/10.html b/blogs/tags/containers/page/10.html index 3dfc8d1d9..aef6720bc 100644 --- a/blogs/tags/containers/page/10.html +++ b/blogs/tags/containers/page/10.html @@ -12,13 +12,13 @@ - +

    178 posts tagged with "containers"

    View All Tags

    · 3 min read

    podman logo

    Podman API v1.0 Deprecation and Removal Notice

    By Tom Sweeney GitHub

    The Podman API v1.0 relied on the varlink library to handle the underlying client/server calls from the Podman client to the host where the Podman service was running. About one year ago, the Podman team was notified that the focus on the varlink library was being greatly reduced and there would be no further development and little support for it from the varlink library team. This led the Podman team to investigate the use of other client/server technologies and it was decided to develop a RESTful API for Podman using the native Go libraries.

    - + \ No newline at end of file diff --git a/blogs/tags/containers/page/11.html b/blogs/tags/containers/page/11.html index 28519d5a8..1c285d4ab 100644 --- a/blogs/tags/containers/page/11.html +++ b/blogs/tags/containers/page/11.html @@ -12,7 +12,7 @@ - + @@ -22,7 +22,7 @@ the upstream commands may become unstable for a period of time until the final release is completed. More details in the announcement post.

    - + \ No newline at end of file diff --git a/blogs/tags/containers/page/12.html b/blogs/tags/containers/page/12.html index 5849ae34a..664ee3d9b 100644 --- a/blogs/tags/containers/page/12.html +++ b/blogs/tags/containers/page/12.html @@ -12,7 +12,7 @@ - + @@ -43,7 +43,7 @@ Signing container images is nothing magical and can drastically enhance security to mitigate man-in-the-middle (MITM) attacks. Read all about it here.

    · One min read

    podman logo

    What happens behind the scenes of a rootless Podman container?

    By Dan Walsh GitHub

    Dan Walsh along with Matt Heon have a blog post on the Red Hat Enable Sysadmin site, What happens behind the scenes of a rootless Podman container?. If you ever wanted to know what happens under the covers of a rootless container, this is the article for you!

    - + \ No newline at end of file diff --git a/blogs/tags/containers/page/13.html b/blogs/tags/containers/page/13.html index 350e6c58d..32395524f 100644 --- a/blogs/tags/containers/page/13.html +++ b/blogs/tags/containers/page/13.html @@ -12,13 +12,13 @@ - +

    178 posts tagged with "containers"

    View All Tags

    · One min read

    · One min read

    podman logo

    Running containers with Podman and shareable systemd services

    By Bryan Hepworth GitHub

    Podman version 1.7 is coming out soon and will include new features that will make management of containers with systemd services even easier. Valentin Rothberg has a blog post on the Red Hat Enable Sysadmin site that previews the features: Running containers with Podman and shareable systemd services. In the post Valentin goes over the highlights and then gives a great working example.

    · One min read

    podman logo

    Working with Linux containers on RHEL 8 with Podman, image builder and web console

    By Tom Sweeney GitHub

    Do you want to know how to setup RHEL 8 to run containers using Podman? Xuegang Jin has a blog post on the Red Hat Blog about this very subject, Working with Linux containers on RHEL 8 with Podman, image builder and web console. In the post Xuegang explains how you can use Image Builder to create an OS image, how to run containers with Podman, and how to check the host and containers performance using Web Console.

    · One min read

    podman logo

    Understanding root inside and outside a container

    By Tom Sweeney GitHub

    Do you run containers as root, or as a regular user? Scott McCarty has a blog post on the Red Hat Blog about this very subject, Understanding root inside and outside a container. In the post Scott walks you through what a rootless container does and how it can be a safer alternative to a container run by root.

    - + \ No newline at end of file diff --git a/blogs/tags/containers/page/14.html b/blogs/tags/containers/page/14.html index 890432fb0..90411ed13 100644 --- a/blogs/tags/containers/page/14.html +++ b/blogs/tags/containers/page/14.html @@ -12,7 +12,7 @@ - + @@ -22,7 +22,7 @@ introduced how Podman can be used to run containers under the control of Open MPI. In this article I want to extend my HPC environment to use a shared NFS home directory.

    · One min read

    podman logo

    PMM Server + podman: Running a Container Without root Privileges

    By Tom Sweeney GitHub

    Ceri Williams talks about how the Percona Monitoring and Management (PMM) can be run in a container using Podman without root privileges here. In the post Ceri talks about how Percona was able to replace Docker with Podman and Buildah and are able to run containers more securely by doing so.

    · 11 min read

    podman logo

    Generate SECCOMP Profiles for Containers Using Podman and eBPF

    By Valentin Rothberg GitHub

    Containers run everywhere. They run in the cloud, they run on IoT devices, they run in small and in big companies and wherever they run, we want them to run as securely as possible. In this article, I describe the Google Summer of Code project that Divyansh Kamboj, Dan Walsh and I have been working on and how we improved the state of the art in securing containers, and how you can try it out.

    - + \ No newline at end of file diff --git a/blogs/tags/containers/page/15.html b/blogs/tags/containers/page/15.html index 9ed05a571..09e18f619 100644 --- a/blogs/tags/containers/page/15.html +++ b/blogs/tags/containers/page/15.html @@ -12,7 +12,7 @@ - + @@ -21,7 +21,7 @@ but in this article I want to focus on running Message Passing Interface (MPI) parallelized programs with the help of Podman.

    · One min read

    podman logo

    Why can’t rootless Podman pull my image?

    By Matthew Heon GitHub

    Matthew Heon has a blog post on the Red Hat Enable Sysadmin site about Why can’t rootless Podman pull my image?. In the blog Matt discusses why restrictions on rootless containers can be inconvenient, but why they're necessary. In the blog Matt covers the use of user namespace and the allocations of uid and gid's that are required to make rootless containers work securely in your environment.

    · One min read

    podman logo

    Best practices for running Buildah in a container

    By Dan Walsh GitHub

    Dan Walsh has recently posted a blog on the Red Hat Developer Blog, Best practices for running Buildah in a container. The post walks you through the balancing act of running a container securely using while keeping an eye on performance. A big boost to the performance side of things is the concept of "Additional Stores". Dan walks you through the use of those in this blog and then wraps it all up with an on-line video at the end.

    · One min read

    podman logo

    Using the rootless containers Tech Preview in RHEL 8.0

    By Tom Sweeney GitHub

    Scott McCarty has a blog post on the Red Hat Blog about Using the rootless containers Tech Preview in RHEL 8.0. Podman rootless containers has hit Tech Preview for RHEL 8.0 and Scott walks you through the setup necessary for rootless containers. Small hint, it's a short post because it's just that easy.

    · One min read

    podman logo

    How templating works with Podman, Kubernetes, and Red Hat OpenShift

    By Tom Sweeney GitHub

    Olaph Wagner has put together a nice introduction on How templating works with Podman, Kubernetes, and Red Hat OpenShift on the IBM Developer blog site. If you want to find out how to use Podman to create images that helps Red Hat OpenShift to make templates on the IBM Cloud(TM), then this is the article for you!

    - + \ No newline at end of file diff --git a/blogs/tags/containers/page/16.html b/blogs/tags/containers/page/16.html index 010066122..230856ede 100644 --- a/blogs/tags/containers/page/16.html +++ b/blogs/tags/containers/page/16.html @@ -12,7 +12,7 @@ - + @@ -22,7 +22,7 @@ Ruby on Rails application in new article on mkdev.me blog: Dockerless, part 3: Moving development environment to containers with Podman.

    · One min read

    podman logo

    OnDemand Course: Container pipelines for sys admins—and anyone, really—with Buildah and Podman

    By Tom Sweeney GitHub

    Red Hat has recently posted an OnDemand course: Container pipelines for sys admins—and anyone, really—with Buildah and Podman. The session teaches you how to integrate both Podman and Buildah into your continuous delivery (CI/CD) solutions and also serves as a good introduction to both tools. The cost can't be beat (free!), so if you're looking for a quick introduction into the tools, this is a good way to go.

    · 2 min read

    podman logo

    Podman Mailing List

    By Tom Sweeney GitHub

    We've received a number of requests for a mailing list for Podman and we're happy to announce that one has just been created! We've built a friendly community on IRC and GitHub and plan to continue that growth in this new mailing list. The maintainers of the project are all members of the list and we're happy to take any and all questions there about Podman. You can also just use the list as a way to track what's going on with Podman as release announcements and other important news will be posted there.

    · One min read

    podman logo

    Monitoring container vitality and availability with Podman

    By Brent Baude GitHub

    Who doesn't want a healthy container in their environment? Now with Podman you can setup healthchecks so you can check if your container and it's application is up and running as you'd expect. Brent Baude introduces the new functionality in this article on the Red Hat Developer Blog: Monitoring container vitality and availability with Podman.

    - + \ No newline at end of file diff --git a/blogs/tags/containers/page/17.html b/blogs/tags/containers/page/17.html index a50affb19..fb63fa867 100644 --- a/blogs/tags/containers/page/17.html +++ b/blogs/tags/containers/page/17.html @@ -12,7 +12,7 @@ - + @@ -31,7 +31,7 @@ checkpoint/restore it is now possible to resume a container after a reboot at exactly the same point in time it was checkpointed.

    - + \ No newline at end of file diff --git a/blogs/tags/containers/page/18.html b/blogs/tags/containers/page/18.html index 5dd52fc30..b68666065 100644 --- a/blogs/tags/containers/page/18.html +++ b/blogs/tags/containers/page/18.html @@ -12,7 +12,7 @@ - + @@ -26,7 +26,7 @@ In fact, this job can be done by external tools and this blog post describes how we can use the systemd initialization service to work with Podman containers.

    · 6 min read

    podman logo

    Python3 support for Podman

    By Jhon Honce GitHub

    You’ve learned of Podman and all it’s coolness for running OCI-based containers, but you need a solution that is repeatable and scripted. Rather than just executing Podman commands, you want a stable API to call into and not need to screen scrape the output.

    We heard you and now provide a Python package, python3-podman. This package allows you to access the facilities of a Podman service with #nobigfatdaemons.

    - + \ No newline at end of file diff --git a/blogs/tags/containers/page/2.html b/blogs/tags/containers/page/2.html index d579358b8..40d124fb6 100644 --- a/blogs/tags/containers/page/2.html +++ b/blogs/tags/containers/page/2.html @@ -12,7 +12,7 @@ - + @@ -24,7 +24,7 @@ changes around volume mounts in subsequent Podman releases (i.e. default mounts, technology used to make the mount).

    · 2 min read

    podman logo

    Podman 4 is not in Fedora 35

    Podman 4 will not officially ship in Fedora 35 because it has breaking changes from Podman 3. Fedora has well-founded policies that forbid updating a package in a Fedora release, like 35, that has breaking changes. This is true for most Linux distributions that are dependent on release versions.

    - + \ No newline at end of file diff --git a/blogs/tags/containers/page/3.html b/blogs/tags/containers/page/3.html index 6c79ab9f3..8e1ed4ba2 100644 --- a/blogs/tags/containers/page/3.html +++ b/blogs/tags/containers/page/3.html @@ -12,7 +12,7 @@ - + @@ -36,7 +36,7 @@ Checkout the Podman Posts of Interest for the links!

    - + \ No newline at end of file diff --git a/blogs/tags/containers/page/4.html b/blogs/tags/containers/page/4.html index e9a3456d6..42f345a07 100644 --- a/blogs/tags/containers/page/4.html +++ b/blogs/tags/containers/page/4.html @@ -12,7 +12,7 @@ - + @@ -32,7 +32,7 @@ Checkout the Podman Posts of Interest for the links!

    - + \ No newline at end of file diff --git a/blogs/tags/containers/page/5.html b/blogs/tags/containers/page/5.html index f235c6144..afcd9d92b 100644 --- a/blogs/tags/containers/page/5.html +++ b/blogs/tags/containers/page/5.html @@ -12,7 +12,7 @@ - + @@ -28,7 +28,7 @@ to the posts. Checkout the Podman Posts of Interest for the links!

    · One min read

    podman logo

    Podman: Managing pods and containers in a local container runtime

    By Brent Baude GitHub

    Podman has the ability to handle pod deployment which is a differentiator from other container runtimes. Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Podman: Managing pods and containers in a local container runtime. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    · One min read

    Podman has the ability to handle pod deployment which is a differentiator from other container runtimes. Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Podman: Managing pods and containers in a local container runtime. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    · One min read

    One of the questions that the Podman development team has been hearing a lot over the past year or so is "Does Podman support Docker Compose? Up until recently, the answer was "not yet". With the soon to be released Podman v3.0, that answer changes to "NOW!" Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Using Podman and Docker Compose. This functionality is now available in the upstream version of Podman if you want to take a real sneak peak.

    - + \ No newline at end of file diff --git a/blogs/tags/containers/page/6.html b/blogs/tags/containers/page/6.html index c240aebbd..7eb3a72aa 100644 --- a/blogs/tags/containers/page/6.html +++ b/blogs/tags/containers/page/6.html @@ -12,7 +12,7 @@ - + @@ -34,7 +34,7 @@ job of walking through setting up the demo and running it.

    · 3 min read

    podman logo

    Using Podman and systemd to manage container lifecycle

    By Ed Haynes GitHub

    My background is in industrial automation, and in most cases, the edge devices in the factory are too underpowered to run Kubernetes as a method to manage the lifecycle of containers. The workloads have a very long lifecycle, and generally are "tied" to the edge device. There is a lot of value in containerizing applications on these edge devices, however, as it decouples the application dependencies from the OS and provides a level of isolation between applications. This demo will show how using Podman in conjunction with systemd provides an elegant solution for this sort of use case. In addition, this will be done as a "rootless" user - a key benefit of Podman that helps keep the device secure.

    - + \ No newline at end of file diff --git a/blogs/tags/containers/page/7.html b/blogs/tags/containers/page/7.html index 12c65ba64..2997cc070 100644 --- a/blogs/tags/containers/page/7.html +++ b/blogs/tags/containers/page/7.html @@ -12,7 +12,7 @@ - + @@ -27,7 +27,7 @@ October 6 at 11:00 a.m. Eastern. It will be a video conference using BlueJeans and all of the details are on this post.

    · One min read

    podman logo

    DevConf US 2020 Containers Technologies Talk

    By Tom Sweeney GitHub

    In case you missed Kedar Kulkarni's excellent talk at DevConf.US 2020, "Docker, Podman, Buildah, Skopeo, and what else?", check out the video on YouTube. There were also a number of other interesting talks at DevConf.US 2020 that you might be interested in, you'll be able to find links to the talks at the DevConf.US site above.

    - + \ No newline at end of file diff --git a/blogs/tags/containers/page/8.html b/blogs/tags/containers/page/8.html index 009d0c40d..45fd61034 100644 --- a/blogs/tags/containers/page/8.html +++ b/blogs/tags/containers/page/8.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    178 posts tagged with "containers"

    View All Tags

    · One min read

    By Tom Sweeney GitHub

    In case you missed Kedar Kulkarni's excellent talk at DevConf.US 2020, "Docker, Podman, Buildah, Skopeo, and what else?", check out the video on YouTube. There were also a number of other interesting talks at DevConf.US 2020 that you might be interested in, you'll be able to find links to the talks at the DevConf.US site above.

    · One min read

    podman logo

    Podman Security Issue

    Today, we're releasing updates to fix CVE-2020-14370, a security issue in Podman. This is a medium-severity information disclosure vulnerability that affects containers created using Podman’s Varlink API or the Docker-compatible version of its REST API. If two or more containers are created using these APIs, and the first container had environment variables added to it when it was created, all subsequent containers created using the Varlink or Docker-compatible REST APIs will also have these environment variables added. This effect does not persist after restarting the Podman API service.

    Podman v2.0.5 and higher contain a fix for the CVE. If you use either of these APIs, please update to Podman v2.0.5 or later. We will also be patching the long-term support v1.6.4 release used in RHEL and CentOS.

    · One min read

    podman logo

    Podman Posts of Interest

    By Brent Baude GitHub

    · One min read

    I've run across a number of posts over the past few weeks concerning Podman and have been busy getting other work done. So now I have a few moments and thought I'd add some links to the posts. Enjoy!

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, Podman remote clients for macOS and Windows, Brent Baude and Ashley Cui walk you through setting up a remote client on either Windows or macOS to let you manage your containers and images on your Linux backend. The post covers installation, ssh setup, creating the initial connection and finally how to use the client. Give it a quick look!

    · One min read

    podman logo

    Podman remote clients for macOS and Windows

    By Brent Baude GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, Podman remote clients for macOS and Windows, Brent Baude and Ashley Cui walk you through setting up a remote client on either Windows or macOS to let you manage your containers and images on your Linux backend. The post covers installation, ssh setup, creating the initial connection and finally how to use the client. Give it a quick look!

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, The podman play kube command now supports deployments, you can now learn all about the recent features added to Podman to interact with Kubernetes objects. The podman generate kube command allows you to export your existing containers into Kubernetes Pod YAML. This YAML can then be imported into OpenShift or a Kubernetes cluster. The podman play kube does the opposite, it allows you to take a Kubernetes YAML and run it in Podman. Learn all of the details and more in the blog post!

    · One min read

    podman logo

    The podman play kube command now supports deployments

    By Matthew Heon GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, The podman play kube command now supports deployments, you can now learn all about the recent features added to Podman to interact with Kubernetes objects. The podman generate kube command allows you to export your existing containers into Kubernetes Pod YAML. This YAML can then be imported into OpenShift or a Kubernetes cluster. The podman play kube does the opposite, it allows you to take a Kubernetes YAML and run it in Podman. Learn all of the details and more in the blog post!

    · One min read

    podman logo

    Tick-tock. Does your container know what time it is?

    By Tom Sweeney GitHub

    Ashley Cui recently joined our team at Red Hat and just wrote her first ever blog post that is now on the Red Hat Enable Sysadmin site Tick-tock. Does your container know what time it is?. In this timely post, Ashley walks you through setting the timezone within a container using the --tz option. Just prior to this posting, I had answered a very similar question for someone. This is a really good and quick blog, and I'm sure the first of many for Ashley.

    · One min read

    Ashley Cui recently joined our team at Red Hat and just wrote her first ever blog post that is now on the Red Hat Enable Sysadmin site Tick-tock. Does your container know what time it is?. In this timely post, Ashley walks you through setting the timezone within a container using the --tz option. Just prior to this posting, I had answered a very similar question for someone. This is a really good and quick blog, and I'm sure the first of many for Ashley.

    - + \ No newline at end of file diff --git a/blogs/tags/containers/page/9.html b/blogs/tags/containers/page/9.html index 08b5a5df1..c5c1603c7 100644 --- a/blogs/tags/containers/page/9.html +++ b/blogs/tags/containers/page/9.html @@ -12,7 +12,7 @@ - + @@ -28,7 +28,7 @@ using a set of Go based bindings is probably a more direct route to a production ready application. Let’s take a look at how easily that can be accomplished.

    - + \ No newline at end of file diff --git a/blogs/tags/cri-o.html b/blogs/tags/cri-o.html index 9bf27c737..b84d69e8a 100644 --- a/blogs/tags/cri-o.html +++ b/blogs/tags/cri-o.html @@ -12,7 +12,7 @@ - + @@ -22,7 +22,7 @@ Signing container images is nothing magical and can drastically enhance security to mitigate man-in-the-middle (MITM) attacks. Read all about it here.

    - + \ No newline at end of file diff --git a/blogs/tags/crun.html b/blogs/tags/crun.html index 03f081223..949ce2dee 100644 --- a/blogs/tags/crun.html +++ b/blogs/tags/crun.html @@ -12,13 +12,13 @@ - +

    One post tagged with "crun"

    View All Tags

    · 8 min read

    podman logo

    First Look: Rootless Containers and cgroup v2 on Fedora 31

    By Tom Sweeney GitHub

    I often times stay up too late at night watching late night television and run into these crazy commercials that tell you how easy their product is to use. If you’ve stayed up too, you know them as well. Just put your chicken and veggies in our oven, press 3 buttons and 45 minutes later a perfectly cooked meal! Easy! Got a leak? Slap on this tape and no more leak! Easy! Got a messy floor, just use this sweeper and you’ve the cleanest floor in the neighborhood! Easy!

    Podman runs secure rootless containers and it really is easy! Trust me, I’m not like those other folks! As we’ve had a number of people asking us about what’s needed to set Podman rootless containers up, I decided to run through the process myself and to blog about the steps I took.

    - + \ No newline at end of file diff --git a/blogs/tags/debian.html b/blogs/tags/debian.html index 900a59149..12d582a15 100644 --- a/blogs/tags/debian.html +++ b/blogs/tags/debian.html @@ -12,7 +12,7 @@ - + @@ -24,7 +24,7 @@ have made it easier for new users to test the latest-greatest versions of Podman and allow for using it on distributions that do not yet provide it in their main repositories.

    - + \ No newline at end of file diff --git a/blogs/tags/dependency-management.html b/blogs/tags/dependency-management.html index 2b48899b9..6ac0aba77 100644 --- a/blogs/tags/dependency-management.html +++ b/blogs/tags/dependency-management.html @@ -12,13 +12,13 @@ - +

    2 posts tagged with "dependency-management"

    View All Tags

    · 5 min read

    podman logo

    Easy Development Dependency Management With Podman and Tent

    By Farhan Hasin Chowdhury GitHub

    Installing and managing development dependencies for various project is a chore and one thing that can improve your everyday workflow is the usage of containers.

    Tent is a CLI tool for running development dependencies such as MySQL, Mongo, ElasticSearch etc inside pre-configured containers using simple one-liners.

    · One min read

    Tent is an open-source CLI tool for running development dependencies such as MySQL, Mongo, ElasticSearch etc inside pre-configured containers using simple one-liners. Developed using Go and the official golang bindings, tent is fast, reliable and secure. Checkout Easy Development Dependency Management With Podman and Tent to learn about the project.

    - + \ No newline at end of file diff --git a/blogs/tags/distro.html b/blogs/tags/distro.html index 54d8d137c..4a70487f8 100644 --- a/blogs/tags/distro.html +++ b/blogs/tags/distro.html @@ -12,7 +12,7 @@ - + @@ -24,7 +24,7 @@ have made it easier for new users to test the latest-greatest versions of Podman and allow for using it on distributions that do not yet provide it in their main repositories.

    - + \ No newline at end of file diff --git a/blogs/tags/docker-compose.html b/blogs/tags/docker-compose.html index 6406c126a..96bb3ab46 100644 --- a/blogs/tags/docker-compose.html +++ b/blogs/tags/docker-compose.html @@ -12,14 +12,14 @@ - +

    16 posts tagged with "docker compose"

    View All Tags

    · One min read

    podman logo

    From Docker Compose to Kubernetes with Podman

    By Brent Baude GitHub

    If you want to know how to use Podman v3.0 to convert Docker Compose YAML to a format that Podman recognizes, Brent Baude explains the "how to" in a recent blog post on the Red Hat Enable Sysadmin site, From Docker Compose to Kubernetes with Podman. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    · One min read

    If you want to know how to use Podman v3.0 to convert Docker Compose YAML to a format that Podman recognizes, Brent Baude explains the "how to" in a recent blog post on the Red Hat Enable Sysadmin site, From Docker Compose to Kubernetes with Podman. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    · One min read

    podman logo

    Podman: Managing pods and containers in a local container runtime

    By Brent Baude GitHub

    Podman has the ability to handle pod deployment which is a differentiator from other container runtimes. Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Podman: Managing pods and containers in a local container runtime. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    · One min read

    Podman has the ability to handle pod deployment which is a differentiator from other container runtimes. Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Podman: Managing pods and containers in a local container runtime. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    · One min read

    One of the questions that the Podman development team has been hearing a lot over the past year or so is "Does Podman support Docker Compose? Up until recently, the answer was "not yet". With the soon to be released Podman v3.0, that answer changes to "NOW!" Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Using Podman and Docker Compose. This functionality is now available in the upstream version of Podman if you want to take a real sneak peak.

    · One min read

    podman logo

    Using Podman and Docker Compose

    By Brent Baude GitHub

    One of the questions that the Podman development team has been hearing a lot over the past year or so is "Does Podman support Docker Compose? Up until recently, the answer was "not yet". With the soon to be released Podman v3.0, that answer changes to "NOW!" Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Using Podman and Docker Compose. This functionality is now available in the upstream version of Podman if you want to take a real sneak peak.

    · One min read

    The local Podman v2 client is complete. It is passing all of its rootful and rootless system and integration tests.

    The CI/CID tests have been re-enabled upstream and are run with each pull request submission. We are now hard at work finishing up some of the core podman-remote functions. Once those functions are complete, we can then begin to run our podman-remote system and integration tests to catch any regressions.

    More details in the announcement post.

    · 2 min read

    podman logo

    Update on Podman v2

    By Brent Baude GitHub

    A few weeks ago, we made an announcement about the development of Podman V2. In the announcement, we mentioned that the state of upstream code would be jumbled for a while and that we would be temporarily disabling many of our CI/CD tests. The upstream development team has been hard at work, and we are starting to see that work pay off.

    Today, we are very excited to announce:

    The local Podman v2 client is complete. It is passing all of its rootful and rootless system and integration tests.

    The CI/CID tests have been re-enabled upstream and are run with each pull request submission. We are now hard at work finishing up some of the core podman-remote functions. Once those functions are complete, we can then begin to run our podman-remote system and integration tests to catch any regressions.

    We have re-enabled the autobuilds for Podman v2 in Fedora rawhide. As mentioned earlier, the Podman remote client is not complete, so that binary is temporarily being removed from the RPM. It will be re-added when the remote client is complete. As a corollary, the Windows and OS/X clients are also not being compiled or tested. This will occur once the remote client for Linux is complete.

    We encourage you to pull the latest upstream Podman code and exercise it with your use cases to help us protect against regressions from Podman v1. We hope to make a full Podman v2.0 release in several weeks, once we are confident it is stable. We look forward to hearing what you think, and please do not hesitate to raise issues and comments on this in our GitHub repository, our Freenode IRC channel #podman, or to the Podman mailing list.

    We’re very excited to bring Podman v2.0 to you as it offers a lot more flexibility through it’s new REST API interface and adds several enhancements to the existing commands. If your project builds on top of Podman, we would especially love to have you test this new version out so we can ensure complete compatibility with Podman v1.0 and address any issues found ASAP.

    Note: This announcement was first released to the Podman mailing list. If you are not yet a member of that community, please join us by sending an email to podman-join@lists.podman.io with the word “subscribe” as the title.

    - + \ No newline at end of file diff --git a/blogs/tags/docker-compose/page/2.html b/blogs/tags/docker-compose/page/2.html index a81ea1384..fd95ce739 100644 --- a/blogs/tags/docker-compose/page/2.html +++ b/blogs/tags/docker-compose/page/2.html @@ -12,7 +12,7 @@ - + @@ -42,7 +42,7 @@ advancements that Podman v2.x will give our users. Subsequent blog posts will be written on those advancements and why they matter to our users.

    - + \ No newline at end of file diff --git a/blogs/tags/docker.html b/blogs/tags/docker.html index 279f3b88a..fe974e259 100644 --- a/blogs/tags/docker.html +++ b/blogs/tags/docker.html @@ -12,13 +12,13 @@ - +

    47 posts tagged with "docker"

    View All Tags

    · One min read

    podman logo

    Podman 3 and Docker Compose - How Does the Dockerless Compose Work?

    By Kirill Shirinkin GitHub

    One of the main Podman 3 features is the support of Docker Compose. You can take any of your existing docker-compose.yml and just use it with Podman.

    In this video, Kirill Shirinkin shows how he moved from Docker to Podman in a real docker-composed application.

    Watch now.

    · One min read

    podman logo

    Dockerless: Build and Run Containers with Podman and systemd

    By Kirill Shirinkin GitHub

    In this video, Kirill Shirinkin will show how to use Podman to build container images and run Java applications in containers with systemd.

    We are going to learn why we should at least try alternatives to Docker, how container runtime landscape changed and how Podman is different and in certain ways better than Docker.

    Watch now.

    · One min read

    podman logo

    Pulling podman images from a container repository

    By Tom Sweeney GitHub

    Tom Sweeney has another blog post on the Red Hat Enable Sysadmin site this time he's writing about Pulling podman images from a container repository. Learn the different varieties of pull that the podman build command can use to speed up or further secure your environment in this post.

    · One min read

    podman logo

    What happens behind the scenes of a rootless Podman container?

    By Dan Walsh GitHub

    Dan Walsh along with Matt Heon have a blog post on the Red Hat Enable Sysadmin site, What happens behind the scenes of a rootless Podman container?. If you ever wanted to know what happens under the covers of a rootless container, this is the article for you!

    - + \ No newline at end of file diff --git a/blogs/tags/docker/page/2.html b/blogs/tags/docker/page/2.html index 1c9ce554b..6e59ca746 100644 --- a/blogs/tags/docker/page/2.html +++ b/blogs/tags/docker/page/2.html @@ -12,13 +12,13 @@ - +

    47 posts tagged with "docker"

    View All Tags

    · One min read

    · One min read

    podman logo

    Running containers with Podman and shareable systemd services

    By Bryan Hepworth GitHub

    Podman version 1.7 is coming out soon and will include new features that will make management of containers with systemd services even easier. Valentin Rothberg has a blog post on the Red Hat Enable Sysadmin site that previews the features: Running containers with Podman and shareable systemd services. In the post Valentin goes over the highlights and then gives a great working example.

    · One min read

    podman logo

    Working with Linux containers on RHEL 8 with Podman, image builder and web console

    By Tom Sweeney GitHub

    Do you want to know how to setup RHEL 8 to run containers using Podman? Xuegang Jin has a blog post on the Red Hat Blog about this very subject, Working with Linux containers on RHEL 8 with Podman, image builder and web console. In the post Xuegang explains how you can use Image Builder to create an OS image, how to run containers with Podman, and how to check the host and containers performance using Web Console.

    · One min read

    podman logo

    Understanding root inside and outside a container

    By Tom Sweeney GitHub

    Do you run containers as root, or as a regular user? Scott McCarty has a blog post on the Red Hat Blog about this very subject, Understanding root inside and outside a container. In the post Scott walks you through what a rootless container does and how it can be a safer alternative to a container run by root.

    · One min read

    podman logo

    Leasing routable IP addresses with Podman containers

    By Brent Baude GitHub

    Brent Baude has another blog post on the Red Hat Enable Sysadmin site this time about Leasing routable IP addresses with Podman containers. In the post Brent talks about using the macvlan and the dhcp plugins that ship with the container-networking project in order to lease ip addresses for your containers.

    · One min read

    podman logo

    Building freely distributed containers with open tools

    By Tom Sweeney GitHub

    Scott McCarty (@fatherlinux) has an amazing video on YouTube about Building freely distributed containers with open tools. As only Scott could say "Although explaining how to ride a Tron-style light cycle is beyond the scope of this tutorial, we will discuss something almost as exhilarating—building containers with #Podman and #RedHat Universal Base Image (UBI). We will cover how to build and run #containers based on #UBI using just your regular user account—no daemon, no root (rootless), no fuss. Finally, we will order the deresolution of all of our containers with a really cool command. You probably won’t be promoted to CEO of ENCOM after this talk, but you will have new tools in your toolbelt for how to find, run, build, and share container images."

    - + \ No newline at end of file diff --git a/blogs/tags/docker/page/3.html b/blogs/tags/docker/page/3.html index 153e16e3d..a90c70ca5 100644 --- a/blogs/tags/docker/page/3.html +++ b/blogs/tags/docker/page/3.html @@ -12,13 +12,13 @@ - +

    47 posts tagged with "docker"

    View All Tags

    · One min read

    podman logo

    Basic security principles for containers and container runtimes

    By Brent Baude GitHub

    Brent Baude has another blog post on the Red Hat Enable Sysadmin site this time about Basic security principles for containers and container runtimes. In the post Brent talks about the three core security themes concerning containers and why user privileges matter in the space.

    · One min read

    podman logo

    The current adoption status of cgroup v2 in containers

    By Tom Sweeney GitHub

    In case you missed Akihiro Suda's post on Medium.com, The current adoption status of cgroup v2 in containers, here's a quick link to it. In the article Akihiro talks all things cgroup v2 and what changes it promises to bring to the world of containers, and Podman is at the forefront of that change.

    · One min read

    podman logo

    PMM Server + podman: Running a Container Without root Privileges

    By Tom Sweeney GitHub

    Ceri Williams talks about how the Percona Monitoring and Management (PMM) can be run in a container using Podman without root privileges here. In the post Ceri talks about how Percona was able to replace Docker with Podman and Buildah and are able to run containers more securely by doing so.

    · One min read

    podman logo

    Why can’t rootless Podman pull my image?

    By Matthew Heon GitHub

    Matthew Heon has a blog post on the Red Hat Enable Sysadmin site about Why can’t rootless Podman pull my image?. In the blog Matt discusses why restrictions on rootless containers can be inconvenient, but why they're necessary. In the blog Matt covers the use of user namespace and the allocations of uid and gid's that are required to make rootless containers work securely in your environment.

    · One min read

    podman logo

    Best practices for running Buildah in a container

    By Dan Walsh GitHub

    Dan Walsh has recently posted a blog on the Red Hat Developer Blog, Best practices for running Buildah in a container. The post walks you through the balancing act of running a container securely using while keeping an eye on performance. A big boost to the performance side of things is the concept of "Additional Stores". Dan walks you through the use of those in this blog and then wraps it all up with an on-line video at the end.

    - + \ No newline at end of file diff --git a/blogs/tags/docker/page/4.html b/blogs/tags/docker/page/4.html index da1be481f..63b16ce01 100644 --- a/blogs/tags/docker/page/4.html +++ b/blogs/tags/docker/page/4.html @@ -12,7 +12,7 @@ - + @@ -23,7 +23,7 @@ Ruby on Rails application in new article on mkdev.me blog: Dockerless, part 3: Moving development environment to containers with Podman.

    · One min read

    podman logo

    OnDemand Course: Container pipelines for sys admins—and anyone, really—with Buildah and Podman

    By Tom Sweeney GitHub

    Red Hat has recently posted an OnDemand course: Container pipelines for sys admins—and anyone, really—with Buildah and Podman. The session teaches you how to integrate both Podman and Buildah into your continuous delivery (CI/CD) solutions and also serves as a good introduction to both tools. The cost can't be beat (free!), so if you're looking for a quick introduction into the tools, this is a good way to go.

    · 2 min read

    podman logo

    Podman Mailing List

    By Tom Sweeney GitHub

    We've received a number of requests for a mailing list for Podman and we're happy to announce that one has just been created! We've built a friendly community on IRC and GitHub and plan to continue that growth in this new mailing list. The maintainers of the project are all members of the list and we're happy to take any and all questions there about Podman. You can also just use the list as a way to track what's going on with Podman as release announcements and other important news will be posted there.

    - + \ No newline at end of file diff --git a/blogs/tags/docker/page/5.html b/blogs/tags/docker/page/5.html index 05bedef45..27531c73e 100644 --- a/blogs/tags/docker/page/5.html +++ b/blogs/tags/docker/page/5.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    47 posts tagged with "docker"

    View All Tags

    · One min read

    podman logo

    Monitoring container vitality and availability with Podman

    By Brent Baude GitHub

    Who doesn't want a healthy container in their environment? Now with Podman you can setup healthchecks so you can check if your container and it's application is up and running as you'd expect. Brent Baude introduces the new functionality in this article on the Red Hat Developer Blog: Monitoring container vitality and availability with Podman.

    · 5 min read

    podman logo buildah logo

    Buildah and Podman Relationship

    By Tom Sweeney GitHub

    Kubernetes installations can be complex with multiple runtime dependencies and runtime engines. CRI-O was created to provide a lightweight runtime for Kubernetes which adds an abstraction layer between the cluster and the runtime that allows for various OCI runtime technologies. However you still have the problem of daemon dependencies in your cluster for builds - I.e. if you are using the cluster for builds you still need a Docker daemon.

    Enter Buildah. Buildah allows you to have a Kubernetes cluster without any Docker daemon for both runtime and builds. Excellent. But what if things go wrong? What if you want to do troubleshooting or debugging of containers in your cluster? Buildah isn’t really built for that, what you need is a client tool for working with containers and the one that comes to mind is Docker CLI - but then you’re back to using the daemon.

    This is where Podman steps in. Podman allows you to do all of the Docker commands without the daemon dependency. With Podman you can run, build (it calls Buildah under the covers for this), modify and troubleshoot containers in your Kubernetes cluster. With the two projects together, you have a well rounded solution for your OCI container image and container needs.

    - + \ No newline at end of file diff --git a/blogs/tags/ebpf.html b/blogs/tags/ebpf.html index 2b01a89d6..0d50c0283 100644 --- a/blogs/tags/ebpf.html +++ b/blogs/tags/ebpf.html @@ -12,13 +12,13 @@ - +

    One post tagged with "ebpf"

    View All Tags

    · 11 min read

    podman logo

    Generate SECCOMP Profiles for Containers Using Podman and eBPF

    By Valentin Rothberg GitHub

    Containers run everywhere. They run in the cloud, they run on IoT devices, they run in small and in big companies and wherever they run, we want them to run as securely as possible. In this article, I describe the Google Summer of Code project that Divyansh Kamboj, Dan Walsh and I have been working on and how we improved the state of the art in securing containers, and how you can try it out.

    - + \ No newline at end of file diff --git a/blogs/tags/git-lab.html b/blogs/tags/git-lab.html index 8d258d278..de4b8f578 100644 --- a/blogs/tags/git-lab.html +++ b/blogs/tags/git-lab.html @@ -12,13 +12,13 @@ - +

    2 posts tagged with "GitLab"

    View All Tags

    · One min read

    podman logo

    The history of an API: GitLab Runner and Podman

    By Tom Sweeney GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, The history of an API: GitLab Runner and Podman, Pablo Greco from the CentOS QA team in Buenos Aires, Argentia documented his journey through a Podman and GitLab Runner integration. When Podman v2.2 arrives, GitLab Runner will be able to run with Podman right out of the box. Give the article a read to see how he got there.

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, The history of an API: GitLab Runner and Podman, Pablo Greco from the CentOS QA team in Buenos Aires, Argentia documented his journey through a Podman and GitLab Runner integration. When Podman v2.2 arrives, GitLab Runner will be able to run with Podman right out of the box. Give the article a read to see how he got there.

    - + \ No newline at end of file diff --git a/blogs/tags/github.html b/blogs/tags/github.html index 799831eac..e30003346 100644 --- a/blogs/tags/github.html +++ b/blogs/tags/github.html @@ -12,13 +12,13 @@ - +

    13 posts tagged with "github"

    View All Tags

    · 2 min read

    podman logo

    Podman API v1.0 and libpod.conf Removal Notice

    By Tom Sweeney GitHub

    On August 1, 2020, the Podman team posted a Podman API v1.0 Deprecation and Removal notice. As noted in that document, the Podman API v1.0 relied on the varlink library to handle the underlying client/server calls from the Podman client to the host where the Podman service was running. The support for the varlink library was greatly reduced in the spring of 2020. This led the Podman team to investigate the use of other client/server technologies and it was decided to develop a RESTful API for Podman using the native Go libraries.

    · One min read

    podman logo

    The podman play kube command now supports deployments

    By Matthew Heon GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, The podman play kube command now supports deployments, you can now learn all about the recent features added to Podman to interact with Kubernetes objects. The podman generate kube command allows you to export your existing containers into Kubernetes Pod YAML. This YAML can then be imported into OpenShift or a Kubernetes cluster. The podman play kube does the opposite, it allows you to take a Kubernetes YAML and run it in Podman. Learn all of the details and more in the blog post!

    · One min read

    podman logo

    Tick-tock. Does your container know what time it is?

    By Tom Sweeney GitHub

    Ashley Cui recently joined our team at Red Hat and just wrote her first ever blog post that is now on the Red Hat Enable Sysadmin site Tick-tock. Does your container know what time it is?. In this timely post, Ashley walks you through setting the timezone within a container using the --tz option. Just prior to this posting, I had answered a very similar question for someone. This is a really good and quick blog, and I'm sure the first of many for Ashley.

    · One min read

    podman logo

    Container video series: Rootless containers, process separation, and OpenSCAP

    By Tom Sweeney GitHub

    Do you want to know more about Rootless containers, process separation, and OpenSCAP? If you're like many, a video is a better learning device than a blog post. Well you're in luck, Brian Smith just landed a blog post on the Red Hat Enable Sysadmin site Container video series: Rootless containers, process separation, and OpenSCAP with a number of blog posts on the subject, many featuring Podman.

    · 3 min read

    podman logo

    Podman Troubleshooting Guide

    By Tom Sweeney GitHub

    As a kid, I was fascinated by space flight. If I couldn't be a fireman like my father, I wanted to be an astronaut. Of course I had to have a Major Matt Mason figure so I could fly him around the house and then land him softly in a jury-rigged parachute in my wading pool. Then of course the whole Apollo 13 drama had me riveted, and when the movie came out years later, I fell in love with this line in the movie, "Let's work the problem people. Let's not make things worse by guessing." by Ed Harris who played Gene Kranz the "vested" flight director.

    · 3 min read

    podman logo

    Podman API v1.0 Deprecation and Removal Notice

    By Tom Sweeney GitHub

    The Podman API v1.0 relied on the varlink library to handle the underlying client/server calls from the Podman client to the host where the Podman service was running. About one year ago, the Podman team was notified that the focus on the varlink library was being greatly reduced and there would be no further development and little support for it from the varlink library team. This led the Podman team to investigate the use of other client/server technologies and it was decided to develop a RESTful API for Podman using the native Go libraries.

    - + \ No newline at end of file diff --git a/blogs/tags/github/page/2.html b/blogs/tags/github/page/2.html index c171d2f25..aed13a8a3 100644 --- a/blogs/tags/github/page/2.html +++ b/blogs/tags/github/page/2.html @@ -12,13 +12,13 @@ - +

    13 posts tagged with "github"

    View All Tags
    - + \ No newline at end of file diff --git a/blogs/tags/go.html b/blogs/tags/go.html index 0bb0323a9..be2afb81c 100644 --- a/blogs/tags/go.html +++ b/blogs/tags/go.html @@ -12,7 +12,7 @@ - + @@ -37,7 +37,7 @@ at how easily that can be accomplished.

    · 8 min read

    podman logo

    Programmatic remote access to Podman via the varlink protocol

    By Harald Hoyer GitHub

    This guide shows how to access Podman remotely via the varlink interface with CLI tools and programmatically with python, go and rust.

    This should work on Linux, MacOS and Windows 10.

    The compatibility matrix shows which feature is supported on which OS in which language.

    Note: replace <podman-machine> in this guide with the IP or hostname of your Podman machine

    - + \ No newline at end of file diff --git a/blogs/tags/golang.html b/blogs/tags/golang.html index a042d50cf..2caad1070 100644 --- a/blogs/tags/golang.html +++ b/blogs/tags/golang.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    One post tagged with "golang"

    View All Tags

    · 8 min read

    podman logo

    Programmatic remote access to Podman via the varlink protocol

    By Harald Hoyer GitHub

    This guide shows how to access Podman remotely via the varlink interface with CLI tools and programmatically with python, go and rust.

    This should work on Linux, MacOS and Windows 10.

    The compatibility matrix shows which feature is supported on which OS in which language.

    Note: replace <podman-machine> in this guide with the IP or hostname of your Podman machine

    - + \ No newline at end of file diff --git a/blogs/tags/gpg.html b/blogs/tags/gpg.html index 405bf8920..e04714495 100644 --- a/blogs/tags/gpg.html +++ b/blogs/tags/gpg.html @@ -12,7 +12,7 @@ - + @@ -22,7 +22,7 @@ Signing container images is nothing magical and can drastically enhance security to mitigate man-in-the-middle (MITM) attacks. Read all about it here.

    - + \ No newline at end of file diff --git a/blogs/tags/hpc.html b/blogs/tags/hpc.html index 89a53302d..fdcd69bc2 100644 --- a/blogs/tags/hpc.html +++ b/blogs/tags/hpc.html @@ -12,7 +12,7 @@ - + @@ -30,7 +30,7 @@ Checkout the Podman Posts of Interest for the links!

    - + \ No newline at end of file diff --git a/blogs/tags/hpc/page/10.html b/blogs/tags/hpc/page/10.html index 0941dbb1e..ee4bb0699 100644 --- a/blogs/tags/hpc/page/10.html +++ b/blogs/tags/hpc/page/10.html @@ -12,7 +12,7 @@ - + @@ -24,7 +24,7 @@ home directory.

    · 5 min read

    podman logo

    Podman in HPC environments

    By Adrian Reber GitHub

    A High-Performance Computing (HPC) environment can mean a lot of things, but in this article I want to focus on running Message Passing Interface (MPI) parallelized programs with the help of Podman.

    - + \ No newline at end of file diff --git a/blogs/tags/hpc/page/2.html b/blogs/tags/hpc/page/2.html index 075a47891..236779457 100644 --- a/blogs/tags/hpc/page/2.html +++ b/blogs/tags/hpc/page/2.html @@ -12,7 +12,7 @@ - + @@ -21,7 +21,7 @@ on Apple silicon hardware like the M1s.

    · 3 min read

    podman logo

    Podman on Macs Update

    By Brent Baude GitHub

    The Podman team values the local development experience, and we think containers are a crucial part of that. We’ve been brainstorming, discussing, and testing solutions to bring a great Podman experience to Mac and Windows. We are constantly looking for ways to improve it. In particular, the latest release of Podman has support for Intel(as of Podman v3.4) Macs. We have been hearing good feedback for a few weeks now, but up until this point, we haven’t published a lot of documentation.

    - + \ No newline at end of file diff --git a/blogs/tags/hpc/page/3.html b/blogs/tags/hpc/page/3.html index 543dfe69f..c49f6dc40 100644 --- a/blogs/tags/hpc/page/3.html +++ b/blogs/tags/hpc/page/3.html @@ -12,7 +12,7 @@ - + @@ -30,7 +30,7 @@ May the Fourth be with you via Podman post, I delve into running an Ascii movie featureing the first Star Wars Movie inside of a container run by Podman.

    Enjoy and May the Fourth be with you!

    - + \ No newline at end of file diff --git a/blogs/tags/hpc/page/4.html b/blogs/tags/hpc/page/4.html index 5a3d8655e..f5ffa720a 100644 --- a/blogs/tags/hpc/page/4.html +++ b/blogs/tags/hpc/page/4.html @@ -12,7 +12,7 @@ - + @@ -26,7 +26,7 @@ to the posts. Checkout the Podman Posts of Interest for the links!

    · One min read

    podman logo

    Podman: Managing pods and containers in a local container runtime

    By Brent Baude GitHub

    Podman has the ability to handle pod deployment which is a differentiator from other container runtimes. Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Podman: Managing pods and containers in a local container runtime. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    · One min read

    Podman has the ability to handle pod deployment which is a differentiator from other container runtimes. Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Podman: Managing pods and containers in a local container runtime. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    - + \ No newline at end of file diff --git a/blogs/tags/hpc/page/5.html b/blogs/tags/hpc/page/5.html index 75f9987bf..89d985ff2 100644 --- a/blogs/tags/hpc/page/5.html +++ b/blogs/tags/hpc/page/5.html @@ -12,7 +12,7 @@ - + @@ -36,7 +36,7 @@ to the posts. Checkout the Podman Posts of Interest for the links!

    - + \ No newline at end of file diff --git a/blogs/tags/hpc/page/6.html b/blogs/tags/hpc/page/6.html index 6f645afeb..4079d8ef9 100644 --- a/blogs/tags/hpc/page/6.html +++ b/blogs/tags/hpc/page/6.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    93 posts tagged with "hpc"

    View All Tags

    · One min read

    podman logo

    Container image short names in Podman

    By Tom Sweeney GitHub

    Do you like you container names to be short, sweet and yet secure? Valentin Rothberg shows you how in a recent blog post on the Red Hat Enable Sysadmin site, Container image short names in Podman. This functionality is now available in the upstream version of Podman and is targeted for Podman v3.0.

    · One min read

    podman logo

    The history of an API: GitLab Runner and Podman

    By Tom Sweeney GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, The history of an API: GitLab Runner and Podman, Pablo Greco from the CentOS QA team in Buenos Aires, Argentia documented his journey through a Podman and GitLab Runner integration. When Podman v2.2 arrives, GitLab Runner will be able to run with Podman right out of the box. Give the article a read to see how he got there.

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, The history of an API: GitLab Runner and Podman, Pablo Greco from the CentOS QA team in Buenos Aires, Argentia documented his journey through a Podman and GitLab Runner integration. When Podman v2.2 arrives, GitLab Runner will be able to run with Podman right out of the box. Give the article a read to see how he got there.

    · One min read

    podman logo

    Exploring Podman RESTful API using Python and Bash

    By Jhon Honce GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, Exploring Podman RESTful API using Python and Bash, Jhon Honce nicely demonstrates the new Podman REST API using code examples in Python and shell commands. Additional notes are included in the code comments. The provided code was written to be clear vs. production quality.

    · One min read

    podman logo

    DevConf US 2020 Containers Technologies Talk

    By Tom Sweeney GitHub

    In case you missed Kedar Kulkarni's excellent talk at DevConf.US 2020, "Docker, Podman, Buildah, Skopeo, and what else?", check out the video on YouTube. There were also a number of other interesting talks at DevConf.US 2020 that you might be interested in, you'll be able to find links to the talks at the DevConf.US site above.

    · One min read

    By Tom Sweeney GitHub

    In case you missed Kedar Kulkarni's excellent talk at DevConf.US 2020, "Docker, Podman, Buildah, Skopeo, and what else?", check out the video on YouTube. There were also a number of other interesting talks at DevConf.US 2020 that you might be interested in, you'll be able to find links to the talks at the DevConf.US site above.

    · One min read

    podman logo

    Podman Posts of Interest

    By Brent Baude GitHub

    · One min read

    I've run across a number of posts over the past few weeks concerning Podman and have been busy getting other work done. So now I have a few moments and thought I'd add some links to the posts. Enjoy!

    - + \ No newline at end of file diff --git a/blogs/tags/hpc/page/7.html b/blogs/tags/hpc/page/7.html index f338f64ae..4206fa91f 100644 --- a/blogs/tags/hpc/page/7.html +++ b/blogs/tags/hpc/page/7.html @@ -12,13 +12,13 @@ - +

    93 posts tagged with "hpc"

    View All Tags

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, Podman remote clients for macOS and Windows, Brent Baude and Ashley Cui walk you through setting up a remote client on either Windows or macOS to let you manage your containers and images on your Linux backend. The post covers installation, ssh setup, creating the initial connection and finally how to use the client. Give it a quick look!

    · One min read

    podman logo

    Podman remote clients for macOS and Windows

    By Brent Baude GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, Podman remote clients for macOS and Windows, Brent Baude and Ashley Cui walk you through setting up a remote client on either Windows or macOS to let you manage your containers and images on your Linux backend. The post covers installation, ssh setup, creating the initial connection and finally how to use the client. Give it a quick look!

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, The podman play kube command now supports deployments, you can now learn all about the recent features added to Podman to interact with Kubernetes objects. The podman generate kube command allows you to export your existing containers into Kubernetes Pod YAML. This YAML can then be imported into OpenShift or a Kubernetes cluster. The podman play kube does the opposite, it allows you to take a Kubernetes YAML and run it in Podman. Learn all of the details and more in the blog post!

    · One min read

    Ashley Cui recently joined our team at Red Hat and just wrote her first ever blog post that is now on the Red Hat Enable Sysadmin site Tick-tock. Does your container know what time it is?. In this timely post, Ashley walks you through setting the timezone within a container using the --tz option. Just prior to this posting, I had answered a very similar question for someone. This is a really good and quick blog, and I'm sure the first of many for Ashley.

    · One min read

    Do you want to know more about Rootless containers, process separation, and OpenSCAP? If you're like many, a video is a better learning device than a blog post. Well you're in luck, Brian Smith just landed a blog post on the Red Hat Enable Sysadmin site Container video series: Rootless containers, process separation, and OpenSCAP with a number of blog posts on the subject, many featuring Podman.

    - + \ No newline at end of file diff --git a/blogs/tags/hpc/page/8.html b/blogs/tags/hpc/page/8.html index f5d2120e8..96a7756e4 100644 --- a/blogs/tags/hpc/page/8.html +++ b/blogs/tags/hpc/page/8.html @@ -12,13 +12,13 @@ - +

    93 posts tagged with "hpc"

    View All Tags

    · 2 min read

    podman logo

    Podman REST API and Docker compatibility

    By Matthew Heon GitHub

    Versioning the REST API

    Podman v2.0.0 launched recently, and with it the REST API. We’ve seen a great deal of excitement with this new API because of what it will enable - enabling applications and automation to use Podman when the could previously only use Docker. As you may know, Podman’s REST API is split into two halves: one providing a Docker-compatible API, and a Libpod API providing support for Podman’s unique features such as pods. We would love for all projects to eventually grow to support for our native Libpod API, but this will take time (and may be impossible for older, no longer maintained projects). As such, we need to talk about the Compatibility API and how it can be used.

    · One min read

    podman logo

    Pulling podman images from a container repository

    By Tom Sweeney GitHub

    Tom Sweeney has another blog post on the Red Hat Enable Sysadmin site this time he's writing about Pulling podman images from a container repository. Learn the different varieties of pull that the podman build command can use to speed up or further secure your environment in this post.

    · One min read

    podman logo

    What happens behind the scenes of a rootless Podman container?

    By Dan Walsh GitHub

    Dan Walsh along with Matt Heon have a blog post on the Red Hat Enable Sysadmin site, What happens behind the scenes of a rootless Podman container?. If you ever wanted to know what happens under the covers of a rootless container, this is the article for you!

    - + \ No newline at end of file diff --git a/blogs/tags/hpc/page/9.html b/blogs/tags/hpc/page/9.html index 77d6a7fd9..5e154b405 100644 --- a/blogs/tags/hpc/page/9.html +++ b/blogs/tags/hpc/page/9.html @@ -12,13 +12,13 @@ - +

    93 posts tagged with "hpc"

    View All Tags

    · 3 min read

    podman logo

    By Brent Baude GitHub

    If you follow the traffic on IRC (#podman on libera.chat) or GitHub from the developers of libpod, you might have seen us referencing a new API. We often referred to it as apiv2 and for about a month, there has been an 'apiv2' branch for libpod on GitHub. This week, we have begun to merge that branch but have yet to “wire it up.”

    First and foremost, the Golang libpod API remains largely unchanged. What is changing is the API we expose for automation and remote usage. Our previous API was based on the varlink protocol. But we heard from users that varlink was a hurdle for libpod adoption especially for those who were using the Docker API and its bindings. They simply could not or did not want to rewrite their custom applications for libpod’s new, varlink-based API.

    · One min read

    podman logo

    Running containers with Podman and shareable systemd services

    By Bryan Hepworth GitHub

    Podman version 1.7 is coming out soon and will include new features that will make management of containers with systemd services even easier. Valentin Rothberg has a blog post on the Red Hat Enable Sysadmin site that previews the features: Running containers with Podman and shareable systemd services. In the post Valentin goes over the highlights and then gives a great working example.

    · One min read

    podman logo

    Leasing routable IP addresses with Podman containers

    By Brent Baude GitHub

    Brent Baude has another blog post on the Red Hat Enable Sysadmin site this time about Leasing routable IP addresses with Podman containers. In the post Brent talks about using the macvlan and the dhcp plugins that ship with the container-networking project in order to lease ip addresses for your containers.

    · One min read

    podman logo

    Building freely distributed containers with open tools

    By Tom Sweeney GitHub

    Scott McCarty (@fatherlinux) has an amazing video on YouTube about Building freely distributed containers with open tools. As only Scott could say "Although explaining how to ride a Tron-style light cycle is beyond the scope of this tutorial, we will discuss something almost as exhilarating—building containers with #Podman and #RedHat Universal Base Image (UBI). We will cover how to build and run #containers based on #UBI using just your regular user account—no daemon, no root (rootless), no fuss. Finally, we will order the deresolution of all of our containers with a really cool command. You probably won’t be promoted to CEO of ENCOM after this talk, but you will have new tools in your toolbelt for how to find, run, build, and share container images."

    · One min read

    podman logo

    Basic security principles for containers and container runtimes

    By Brent Baude GitHub

    Brent Baude has another blog post on the Red Hat Enable Sysadmin site this time about Basic security principles for containers and container runtimes. In the post Brent talks about the three core security themes concerning containers and why user privileges matter in the space.

    - + \ No newline at end of file diff --git a/blogs/tags/images.html b/blogs/tags/images.html index 54033d04b..6147dd920 100644 --- a/blogs/tags/images.html +++ b/blogs/tags/images.html @@ -12,7 +12,7 @@ - + @@ -43,7 +43,7 @@ Signing container images is nothing magical and can drastically enhance security to mitigate man-in-the-middle (MITM) attacks. Read all about it here.

    · One min read

    podman logo

    What happens behind the scenes of a rootless Podman container?

    By Dan Walsh GitHub

    Dan Walsh along with Matt Heon have a blog post on the Red Hat Enable Sysadmin site, What happens behind the scenes of a rootless Podman container?. If you ever wanted to know what happens under the covers of a rootless container, this is the article for you!

    - + \ No newline at end of file diff --git a/blogs/tags/images/page/2.html b/blogs/tags/images/page/2.html index 102685927..aba4a4233 100644 --- a/blogs/tags/images/page/2.html +++ b/blogs/tags/images/page/2.html @@ -12,13 +12,13 @@ - +

    47 posts tagged with "images"

    View All Tags

    · One min read

    · One min read

    podman logo

    Running containers with Podman and shareable systemd services

    By Bryan Hepworth GitHub

    Podman version 1.7 is coming out soon and will include new features that will make management of containers with systemd services even easier. Valentin Rothberg has a blog post on the Red Hat Enable Sysadmin site that previews the features: Running containers with Podman and shareable systemd services. In the post Valentin goes over the highlights and then gives a great working example.

    · One min read

    podman logo

    Working with Linux containers on RHEL 8 with Podman, image builder and web console

    By Tom Sweeney GitHub

    Do you want to know how to setup RHEL 8 to run containers using Podman? Xuegang Jin has a blog post on the Red Hat Blog about this very subject, Working with Linux containers on RHEL 8 with Podman, image builder and web console. In the post Xuegang explains how you can use Image Builder to create an OS image, how to run containers with Podman, and how to check the host and containers performance using Web Console.

    · One min read

    podman logo

    Understanding root inside and outside a container

    By Tom Sweeney GitHub

    Do you run containers as root, or as a regular user? Scott McCarty has a blog post on the Red Hat Blog about this very subject, Understanding root inside and outside a container. In the post Scott walks you through what a rootless container does and how it can be a safer alternative to a container run by root.

    · One min read

    podman logo

    Leasing routable IP addresses with Podman containers

    By Brent Baude GitHub

    Brent Baude has another blog post on the Red Hat Enable Sysadmin site this time about Leasing routable IP addresses with Podman containers. In the post Brent talks about using the macvlan and the dhcp plugins that ship with the container-networking project in order to lease ip addresses for your containers.

    · One min read

    podman logo

    Building freely distributed containers with open tools

    By Tom Sweeney GitHub

    Scott McCarty (@fatherlinux) has an amazing video on YouTube about Building freely distributed containers with open tools. As only Scott could say "Although explaining how to ride a Tron-style light cycle is beyond the scope of this tutorial, we will discuss something almost as exhilarating—building containers with #Podman and #RedHat Universal Base Image (UBI). We will cover how to build and run #containers based on #UBI using just your regular user account—no daemon, no root (rootless), no fuss. Finally, we will order the deresolution of all of our containers with a really cool command. You probably won’t be promoted to CEO of ENCOM after this talk, but you will have new tools in your toolbelt for how to find, run, build, and share container images."

    - + \ No newline at end of file diff --git a/blogs/tags/images/page/3.html b/blogs/tags/images/page/3.html index 4287dd164..a153ea02d 100644 --- a/blogs/tags/images/page/3.html +++ b/blogs/tags/images/page/3.html @@ -12,13 +12,13 @@ - +

    47 posts tagged with "images"

    View All Tags

    · One min read

    podman logo

    Basic security principles for containers and container runtimes

    By Brent Baude GitHub

    Brent Baude has another blog post on the Red Hat Enable Sysadmin site this time about Basic security principles for containers and container runtimes. In the post Brent talks about the three core security themes concerning containers and why user privileges matter in the space.

    · One min read

    podman logo

    The current adoption status of cgroup v2 in containers

    By Tom Sweeney GitHub

    In case you missed Akihiro Suda's post on Medium.com, The current adoption status of cgroup v2 in containers, here's a quick link to it. In the article Akihiro talks all things cgroup v2 and what changes it promises to bring to the world of containers, and Podman is at the forefront of that change.

    · One min read

    podman logo

    PMM Server + podman: Running a Container Without root Privileges

    By Tom Sweeney GitHub

    Ceri Williams talks about how the Percona Monitoring and Management (PMM) can be run in a container using Podman without root privileges here. In the post Ceri talks about how Percona was able to replace Docker with Podman and Buildah and are able to run containers more securely by doing so.

    · One min read

    podman logo

    Why can’t rootless Podman pull my image?

    By Matthew Heon GitHub

    Matthew Heon has a blog post on the Red Hat Enable Sysadmin site about Why can’t rootless Podman pull my image?. In the blog Matt discusses why restrictions on rootless containers can be inconvenient, but why they're necessary. In the blog Matt covers the use of user namespace and the allocations of uid and gid's that are required to make rootless containers work securely in your environment.

    · One min read

    podman logo

    Best practices for running Buildah in a container

    By Dan Walsh GitHub

    Dan Walsh has recently posted a blog on the Red Hat Developer Blog, Best practices for running Buildah in a container. The post walks you through the balancing act of running a container securely using while keeping an eye on performance. A big boost to the performance side of things is the concept of "Additional Stores". Dan walks you through the use of those in this blog and then wraps it all up with an on-line video at the end.

    - + \ No newline at end of file diff --git a/blogs/tags/images/page/4.html b/blogs/tags/images/page/4.html index a1819821d..479fc5b37 100644 --- a/blogs/tags/images/page/4.html +++ b/blogs/tags/images/page/4.html @@ -12,7 +12,7 @@ - + @@ -23,7 +23,7 @@ Ruby on Rails application in new article on mkdev.me blog: Dockerless, part 3: Moving development environment to containers with Podman.

    · One min read

    podman logo

    OnDemand Course: Container pipelines for sys admins—and anyone, really—with Buildah and Podman

    By Tom Sweeney GitHub

    Red Hat has recently posted an OnDemand course: Container pipelines for sys admins—and anyone, really—with Buildah and Podman. The session teaches you how to integrate both Podman and Buildah into your continuous delivery (CI/CD) solutions and also serves as a good introduction to both tools. The cost can't be beat (free!), so if you're looking for a quick introduction into the tools, this is a good way to go.

    · 2 min read

    podman logo

    Podman Mailing List

    By Tom Sweeney GitHub

    We've received a number of requests for a mailing list for Podman and we're happy to announce that one has just been created! We've built a friendly community on IRC and GitHub and plan to continue that growth in this new mailing list. The maintainers of the project are all members of the list and we're happy to take any and all questions there about Podman. You can also just use the list as a way to track what's going on with Podman as release announcements and other important news will be posted there.

    - + \ No newline at end of file diff --git a/blogs/tags/images/page/5.html b/blogs/tags/images/page/5.html index 5096bf724..042755894 100644 --- a/blogs/tags/images/page/5.html +++ b/blogs/tags/images/page/5.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    47 posts tagged with "images"

    View All Tags

    · One min read

    podman logo

    Monitoring container vitality and availability with Podman

    By Brent Baude GitHub

    Who doesn't want a healthy container in their environment? Now with Podman you can setup healthchecks so you can check if your container and it's application is up and running as you'd expect. Brent Baude introduces the new functionality in this article on the Red Hat Developer Blog: Monitoring container vitality and availability with Podman.

    · 5 min read

    podman logo buildah logo

    Buildah and Podman Relationship

    By Tom Sweeney GitHub

    Kubernetes installations can be complex with multiple runtime dependencies and runtime engines. CRI-O was created to provide a lightweight runtime for Kubernetes which adds an abstraction layer between the cluster and the runtime that allows for various OCI runtime technologies. However you still have the problem of daemon dependencies in your cluster for builds - I.e. if you are using the cluster for builds you still need a Docker daemon.

    Enter Buildah. Buildah allows you to have a Kubernetes cluster without any Docker daemon for both runtime and builds. Excellent. But what if things go wrong? What if you want to do troubleshooting or debugging of containers in your cluster? Buildah isn’t really built for that, what you need is a client tool for working with containers and the one that comes to mind is Docker CLI - but then you’re back to using the daemon.

    This is where Podman steps in. Podman allows you to do all of the Docker commands without the daemon dependency. With Podman you can run, build (it calls Buildah under the covers for this), modify and troubleshoot containers in your Kubernetes cluster. With the two projects together, you have a well rounded solution for your OCI container image and container needs.

    - + \ No newline at end of file diff --git a/blogs/tags/kube.html b/blogs/tags/kube.html index 6065f2d6b..53cbdc848 100644 --- a/blogs/tags/kube.html +++ b/blogs/tags/kube.html @@ -12,7 +12,7 @@ - + @@ -30,7 +30,7 @@ Checkout the Podman Posts of Interest for the links!

    - + \ No newline at end of file diff --git a/blogs/tags/kube/page/2.html b/blogs/tags/kube/page/2.html index 2dda8ec44..86249ce85 100644 --- a/blogs/tags/kube/page/2.html +++ b/blogs/tags/kube/page/2.html @@ -12,7 +12,7 @@ - + @@ -21,7 +21,7 @@ on Apple silicon hardware like the M1s.

    · 3 min read

    podman logo

    Podman on Macs Update

    By Brent Baude GitHub

    The Podman team values the local development experience, and we think containers are a crucial part of that. We’ve been brainstorming, discussing, and testing solutions to bring a great Podman experience to Mac and Windows. We are constantly looking for ways to improve it. In particular, the latest release of Podman has support for Intel(as of Podman v3.4) Macs. We have been hearing good feedback for a few weeks now, but up until this point, we haven’t published a lot of documentation.

    - + \ No newline at end of file diff --git a/blogs/tags/kube/page/3.html b/blogs/tags/kube/page/3.html index 4c6e5082f..7ab29f2e3 100644 --- a/blogs/tags/kube/page/3.html +++ b/blogs/tags/kube/page/3.html @@ -12,7 +12,7 @@ - + @@ -30,7 +30,7 @@ May the Fourth be with you via Podman post, I delve into running an Ascii movie featureing the first Star Wars Movie inside of a container run by Podman.

    Enjoy and May the Fourth be with you!

    - + \ No newline at end of file diff --git a/blogs/tags/kube/page/4.html b/blogs/tags/kube/page/4.html index 4c2275d29..b13112602 100644 --- a/blogs/tags/kube/page/4.html +++ b/blogs/tags/kube/page/4.html @@ -12,7 +12,7 @@ - + @@ -26,7 +26,7 @@ to the posts. Checkout the Podman Posts of Interest for the links!

    · One min read

    podman logo

    Podman: Managing pods and containers in a local container runtime

    By Brent Baude GitHub

    Podman has the ability to handle pod deployment which is a differentiator from other container runtimes. Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Podman: Managing pods and containers in a local container runtime. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    · One min read

    Podman has the ability to handle pod deployment which is a differentiator from other container runtimes. Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Podman: Managing pods and containers in a local container runtime. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    · One min read

    One of the questions that the Podman development team has been hearing a lot over the past year or so is "Does Podman support Docker Compose? Up until recently, the answer was "not yet". With the soon to be released Podman v3.0, that answer changes to "NOW!" Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Using Podman and Docker Compose. This functionality is now available in the upstream version of Podman if you want to take a real sneak peak.

    · One min read

    podman logo

    Using Podman and Docker Compose

    By Brent Baude GitHub

    One of the questions that the Podman development team has been hearing a lot over the past year or so is "Does Podman support Docker Compose? Up until recently, the answer was "not yet". With the soon to be released Podman v3.0, that answer changes to "NOW!" Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Using Podman and Docker Compose. This functionality is now available in the upstream version of Podman if you want to take a real sneak peak.

    - + \ No newline at end of file diff --git a/blogs/tags/kube/page/5.html b/blogs/tags/kube/page/5.html index d9b2e7370..9655b422f 100644 --- a/blogs/tags/kube/page/5.html +++ b/blogs/tags/kube/page/5.html @@ -12,7 +12,7 @@ - + @@ -36,7 +36,7 @@ to the posts. Checkout the Podman Posts of Interest for the links!

    · One min read

    podman logo

    Container image short names in Podman

    By Tom Sweeney GitHub

    Do you like you container names to be short, sweet and yet secure? Valentin Rothberg shows you how in a recent blog post on the Red Hat Enable Sysadmin site, Container image short names in Podman. This functionality is now available in the upstream version of Podman and is targeted for Podman v3.0.

    · One min read

    podman logo

    The history of an API: GitLab Runner and Podman

    By Tom Sweeney GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, The history of an API: GitLab Runner and Podman, Pablo Greco from the CentOS QA team in Buenos Aires, Argentia documented his journey through a Podman and GitLab Runner integration. When Podman v2.2 arrives, GitLab Runner will be able to run with Podman right out of the box. Give the article a read to see how he got there.

    - + \ No newline at end of file diff --git a/blogs/tags/kube/page/6.html b/blogs/tags/kube/page/6.html index d0b98ecbe..daa040abd 100644 --- a/blogs/tags/kube/page/6.html +++ b/blogs/tags/kube/page/6.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    61 posts tagged with "kube"

    View All Tags

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, The history of an API: GitLab Runner and Podman, Pablo Greco from the CentOS QA team in Buenos Aires, Argentia documented his journey through a Podman and GitLab Runner integration. When Podman v2.2 arrives, GitLab Runner will be able to run with Podman right out of the box. Give the article a read to see how he got there.

    · One min read

    podman logo

    Exploring Podman RESTful API using Python and Bash

    By Jhon Honce GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, Exploring Podman RESTful API using Python and Bash, Jhon Honce nicely demonstrates the new Podman REST API using code examples in Python and shell commands. Additional notes are included in the code comments. The provided code was written to be clear vs. production quality.

    · One min read

    podman logo

    DevConf US 2020 Containers Technologies Talk

    By Tom Sweeney GitHub

    In case you missed Kedar Kulkarni's excellent talk at DevConf.US 2020, "Docker, Podman, Buildah, Skopeo, and what else?", check out the video on YouTube. There were also a number of other interesting talks at DevConf.US 2020 that you might be interested in, you'll be able to find links to the talks at the DevConf.US site above.

    · One min read

    By Tom Sweeney GitHub

    In case you missed Kedar Kulkarni's excellent talk at DevConf.US 2020, "Docker, Podman, Buildah, Skopeo, and what else?", check out the video on YouTube. There were also a number of other interesting talks at DevConf.US 2020 that you might be interested in, you'll be able to find links to the talks at the DevConf.US site above.

    · One min read

    podman logo

    Podman Posts of Interest

    By Brent Baude GitHub

    · One min read

    I've run across a number of posts over the past few weeks concerning Podman and have been busy getting other work done. So now I have a few moments and thought I'd add some links to the posts. Enjoy!

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, Podman remote clients for macOS and Windows, Brent Baude and Ashley Cui walk you through setting up a remote client on either Windows or macOS to let you manage your containers and images on your Linux backend. The post covers installation, ssh setup, creating the initial connection and finally how to use the client. Give it a quick look!

    · One min read

    podman logo

    Podman remote clients for macOS and Windows

    By Brent Baude GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, Podman remote clients for macOS and Windows, Brent Baude and Ashley Cui walk you through setting up a remote client on either Windows or macOS to let you manage your containers and images on your Linux backend. The post covers installation, ssh setup, creating the initial connection and finally how to use the client. Give it a quick look!

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, The podman play kube command now supports deployments, you can now learn all about the recent features added to Podman to interact with Kubernetes objects. The podman generate kube command allows you to export your existing containers into Kubernetes Pod YAML. This YAML can then be imported into OpenShift or a Kubernetes cluster. The podman play kube does the opposite, it allows you to take a Kubernetes YAML and run it in Podman. Learn all of the details and more in the blog post!

    - + \ No newline at end of file diff --git a/blogs/tags/kube/page/7.html b/blogs/tags/kube/page/7.html index df2fb69f0..441ffe715 100644 --- a/blogs/tags/kube/page/7.html +++ b/blogs/tags/kube/page/7.html @@ -12,13 +12,13 @@ - +

    61 posts tagged with "kube"

    View All Tags

    · One min read

    podman logo

    The podman play kube command now supports deployments

    By Matthew Heon GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, The podman play kube command now supports deployments, you can now learn all about the recent features added to Podman to interact with Kubernetes objects. The podman generate kube command allows you to export your existing containers into Kubernetes Pod YAML. This YAML can then be imported into OpenShift or a Kubernetes cluster. The podman play kube does the opposite, it allows you to take a Kubernetes YAML and run it in Podman. Learn all of the details and more in the blog post!

    - + \ No newline at end of file diff --git a/blogs/tags/kubernetes.html b/blogs/tags/kubernetes.html index be9140b11..00e0149a7 100644 --- a/blogs/tags/kubernetes.html +++ b/blogs/tags/kubernetes.html @@ -12,7 +12,7 @@ - + @@ -30,7 +30,7 @@ Checkout the Podman Posts of Interest for the links!

    - + \ No newline at end of file diff --git a/blogs/tags/kubernetes/page/2.html b/blogs/tags/kubernetes/page/2.html index 17dd1484e..90c3dbaf4 100644 --- a/blogs/tags/kubernetes/page/2.html +++ b/blogs/tags/kubernetes/page/2.html @@ -12,7 +12,7 @@ - + @@ -21,7 +21,7 @@ on Apple silicon hardware like the M1s.

    · 3 min read

    podman logo

    Podman on Macs Update

    By Brent Baude GitHub

    The Podman team values the local development experience, and we think containers are a crucial part of that. We’ve been brainstorming, discussing, and testing solutions to bring a great Podman experience to Mac and Windows. We are constantly looking for ways to improve it. In particular, the latest release of Podman has support for Intel(as of Podman v3.4) Macs. We have been hearing good feedback for a few weeks now, but up until this point, we haven’t published a lot of documentation.

    - + \ No newline at end of file diff --git a/blogs/tags/kubernetes/page/3.html b/blogs/tags/kubernetes/page/3.html index 34266d90f..d0ac7cb3b 100644 --- a/blogs/tags/kubernetes/page/3.html +++ b/blogs/tags/kubernetes/page/3.html @@ -12,7 +12,7 @@ - + @@ -30,7 +30,7 @@ May the Fourth be with you via Podman post, I delve into running an Ascii movie featureing the first Star Wars Movie inside of a container run by Podman.

    Enjoy and May the Fourth be with you!

    - + \ No newline at end of file diff --git a/blogs/tags/kubernetes/page/4.html b/blogs/tags/kubernetes/page/4.html index 03c1f2bce..403fcb3a6 100644 --- a/blogs/tags/kubernetes/page/4.html +++ b/blogs/tags/kubernetes/page/4.html @@ -12,7 +12,7 @@ - + @@ -26,7 +26,7 @@ to the posts. Checkout the Podman Posts of Interest for the links!

    · One min read

    podman logo

    Podman: Managing pods and containers in a local container runtime

    By Brent Baude GitHub

    Podman has the ability to handle pod deployment which is a differentiator from other container runtimes. Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Podman: Managing pods and containers in a local container runtime. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    · One min read

    Podman has the ability to handle pod deployment which is a differentiator from other container runtimes. Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Podman: Managing pods and containers in a local container runtime. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    · One min read

    One of the questions that the Podman development team has been hearing a lot over the past year or so is "Does Podman support Docker Compose? Up until recently, the answer was "not yet". With the soon to be released Podman v3.0, that answer changes to "NOW!" Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Using Podman and Docker Compose. This functionality is now available in the upstream version of Podman if you want to take a real sneak peak.

    · One min read

    podman logo

    Using Podman and Docker Compose

    By Brent Baude GitHub

    One of the questions that the Podman development team has been hearing a lot over the past year or so is "Does Podman support Docker Compose? Up until recently, the answer was "not yet". With the soon to be released Podman v3.0, that answer changes to "NOW!" Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Using Podman and Docker Compose. This functionality is now available in the upstream version of Podman if you want to take a real sneak peak.

    - + \ No newline at end of file diff --git a/blogs/tags/kubernetes/page/5.html b/blogs/tags/kubernetes/page/5.html index 947e18033..5f9d1a67f 100644 --- a/blogs/tags/kubernetes/page/5.html +++ b/blogs/tags/kubernetes/page/5.html @@ -12,7 +12,7 @@ - + @@ -36,7 +36,7 @@ to the posts. Checkout the Podman Posts of Interest for the links!

    · One min read

    podman logo

    Container image short names in Podman

    By Tom Sweeney GitHub

    Do you like you container names to be short, sweet and yet secure? Valentin Rothberg shows you how in a recent blog post on the Red Hat Enable Sysadmin site, Container image short names in Podman. This functionality is now available in the upstream version of Podman and is targeted for Podman v3.0.

    - + \ No newline at end of file diff --git a/blogs/tags/kubernetes/page/6.html b/blogs/tags/kubernetes/page/6.html index d71babf98..a3d634dcd 100644 --- a/blogs/tags/kubernetes/page/6.html +++ b/blogs/tags/kubernetes/page/6.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    62 posts tagged with "kubernetes"

    View All Tags

    · One min read

    podman logo

    The history of an API: GitLab Runner and Podman

    By Tom Sweeney GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, The history of an API: GitLab Runner and Podman, Pablo Greco from the CentOS QA team in Buenos Aires, Argentia documented his journey through a Podman and GitLab Runner integration. When Podman v2.2 arrives, GitLab Runner will be able to run with Podman right out of the box. Give the article a read to see how he got there.

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, The history of an API: GitLab Runner and Podman, Pablo Greco from the CentOS QA team in Buenos Aires, Argentia documented his journey through a Podman and GitLab Runner integration. When Podman v2.2 arrives, GitLab Runner will be able to run with Podman right out of the box. Give the article a read to see how he got there.

    · One min read

    podman logo

    Exploring Podman RESTful API using Python and Bash

    By Jhon Honce GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, Exploring Podman RESTful API using Python and Bash, Jhon Honce nicely demonstrates the new Podman REST API using code examples in Python and shell commands. Additional notes are included in the code comments. The provided code was written to be clear vs. production quality.

    · One min read

    podman logo

    DevConf US 2020 Containers Technologies Talk

    By Tom Sweeney GitHub

    In case you missed Kedar Kulkarni's excellent talk at DevConf.US 2020, "Docker, Podman, Buildah, Skopeo, and what else?", check out the video on YouTube. There were also a number of other interesting talks at DevConf.US 2020 that you might be interested in, you'll be able to find links to the talks at the DevConf.US site above.

    · One min read

    By Tom Sweeney GitHub

    In case you missed Kedar Kulkarni's excellent talk at DevConf.US 2020, "Docker, Podman, Buildah, Skopeo, and what else?", check out the video on YouTube. There were also a number of other interesting talks at DevConf.US 2020 that you might be interested in, you'll be able to find links to the talks at the DevConf.US site above.

    · One min read

    podman logo

    Podman Posts of Interest

    By Brent Baude GitHub

    · One min read

    I've run across a number of posts over the past few weeks concerning Podman and have been busy getting other work done. So now I have a few moments and thought I'd add some links to the posts. Enjoy!

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, Podman remote clients for macOS and Windows, Brent Baude and Ashley Cui walk you through setting up a remote client on either Windows or macOS to let you manage your containers and images on your Linux backend. The post covers installation, ssh setup, creating the initial connection and finally how to use the client. Give it a quick look!

    · One min read

    podman logo

    Podman remote clients for macOS and Windows

    By Brent Baude GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, Podman remote clients for macOS and Windows, Brent Baude and Ashley Cui walk you through setting up a remote client on either Windows or macOS to let you manage your containers and images on your Linux backend. The post covers installation, ssh setup, creating the initial connection and finally how to use the client. Give it a quick look!

    - + \ No newline at end of file diff --git a/blogs/tags/kubernetes/page/7.html b/blogs/tags/kubernetes/page/7.html index b1e85062d..342710a23 100644 --- a/blogs/tags/kubernetes/page/7.html +++ b/blogs/tags/kubernetes/page/7.html @@ -12,13 +12,13 @@ - +

    62 posts tagged with "kubernetes"

    View All Tags

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, The podman play kube command now supports deployments, you can now learn all about the recent features added to Podman to interact with Kubernetes objects. The podman generate kube command allows you to export your existing containers into Kubernetes Pod YAML. This YAML can then be imported into OpenShift or a Kubernetes cluster. The podman play kube does the opposite, it allows you to take a Kubernetes YAML and run it in Podman. Learn all of the details and more in the blog post!

    · One min read

    podman logo

    The podman play kube command now supports deployments

    By Matthew Heon GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, The podman play kube command now supports deployments, you can now learn all about the recent features added to Podman to interact with Kubernetes objects. The podman generate kube command allows you to export your existing containers into Kubernetes Pod YAML. This YAML can then be imported into OpenShift or a Kubernetes cluster. The podman play kube does the opposite, it allows you to take a Kubernetes YAML and run it in Podman. Learn all of the details and more in the blog post!

    - + \ No newline at end of file diff --git a/blogs/tags/kubic.html b/blogs/tags/kubic.html index 3f170d930..80b1e91eb 100644 --- a/blogs/tags/kubic.html +++ b/blogs/tags/kubic.html @@ -12,7 +12,7 @@ - + @@ -23,7 +23,7 @@ the default repos, thanks to the amazing work of Reinhard Tartler and team.

    The package versions available currently are: Podman 3.4, Buildah 1.23 and Skopeo 1.4.

    There won't be any further updates to the Kubic repos as far as Podman, Buildah and Skopeo are concerned, so users are recommended to use the default repos on 22.04 LTS.

    If you're currently using packages from the Kubic repos, it’s highly recommended to uninstall the Kubic packages prior to upgrading to 22.04 LTS.

    - + \ No newline at end of file diff --git a/blogs/tags/linux.html b/blogs/tags/linux.html index 76a9caf88..5c6d371be 100644 --- a/blogs/tags/linux.html +++ b/blogs/tags/linux.html @@ -12,7 +12,7 @@ - + @@ -24,7 +24,7 @@ have made it easier for new users to test the latest-greatest versions of Podman and allow for using it on distributions that do not yet provide it in their main repositories.

    · 5 min read

    podman logo

    Easy Development Dependency Management With Podman and Tent

    By Farhan Hasin Chowdhury GitHub

    Installing and managing development dependencies for various project is a chore and one thing that can improve your everyday workflow is the usage of containers.

    Tent is a CLI tool for running development dependencies such as MySQL, Mongo, ElasticSearch etc inside pre-configured containers using simple one-liners.

    · One min read

    Tent is an open-source CLI tool for running development dependencies such as MySQL, Mongo, ElasticSearch etc inside pre-configured containers using simple one-liners. Developed using Go and the official golang bindings, tent is fast, reliable and secure. Checkout Easy Development Dependency Management With Podman and Tent to learn about the project.

    · 3 min read

    podman logo

    Using Podman and systemd to manage container lifecycle

    By Ed Haynes GitHub

    My background is in industrial automation, and in most cases, the edge devices in the factory are too underpowered to run Kubernetes as a method to manage the lifecycle of containers. The workloads have a very long lifecycle, and generally are "tied" to the edge device. There is a lot of value in containerizing applications on these edge devices, however, as it decouples the application dependencies from the OS and provides a level of isolation between applications. This demo will show how using Podman in conjunction with systemd provides an elegant solution for this sort of use case. In addition, this will be done as a "rootless" user - a key benefit of Podman that helps keep the device secure.

    - + \ No newline at end of file diff --git a/blogs/tags/mac-os.html b/blogs/tags/mac-os.html index 76f7b8655..2ed8ff86f 100644 --- a/blogs/tags/mac-os.html +++ b/blogs/tags/mac-os.html @@ -12,7 +12,7 @@ - + @@ -22,7 +22,7 @@ deliver is the ability to mount volumes from MacOS into the virtual machine. We decided to backport some code to make it available to users more quickly. As such, it is possible if not likely that there will be more changes around volume mounts in subsequent Podman releases (i.e. default mounts, technology used to make the mount).

    - + \ No newline at end of file diff --git a/blogs/tags/mac.html b/blogs/tags/mac.html index 0bee02217..ce6ac8b94 100644 --- a/blogs/tags/mac.html +++ b/blogs/tags/mac.html @@ -12,7 +12,7 @@ - + @@ -30,7 +30,7 @@ Checkout the Podman Posts of Interest for the links!

    - + \ No newline at end of file diff --git a/blogs/tags/mac/page/2.html b/blogs/tags/mac/page/2.html index a29e53458..69602795b 100644 --- a/blogs/tags/mac/page/2.html +++ b/blogs/tags/mac/page/2.html @@ -12,7 +12,7 @@ - + @@ -23,7 +23,7 @@ Checkout the Podman Posts of Interest for the links!

    - + \ No newline at end of file diff --git a/blogs/tags/mac/page/3.html b/blogs/tags/mac/page/3.html index fa7203346..6747ec5f3 100644 --- a/blogs/tags/mac/page/3.html +++ b/blogs/tags/mac/page/3.html @@ -12,7 +12,7 @@ - + @@ -32,7 +32,7 @@ Checkout the Podman Posts of Interest for the links!

    · One min read

    podman logo

    From Docker Compose to Kubernetes with Podman

    By Brent Baude GitHub

    If you want to know how to use Podman v3.0 to convert Docker Compose YAML to a format that Podman recognizes, Brent Baude explains the "how to" in a recent blog post on the Red Hat Enable Sysadmin site, From Docker Compose to Kubernetes with Podman. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    - + \ No newline at end of file diff --git a/blogs/tags/mac/page/4.html b/blogs/tags/mac/page/4.html index efa234cd8..3663deb4b 100644 --- a/blogs/tags/mac/page/4.html +++ b/blogs/tags/mac/page/4.html @@ -12,7 +12,7 @@ - + @@ -31,7 +31,7 @@ opensourcers.org which talks about the basics of containers, how digests and manifests come into play, working with and creating multi-architecture images and more! It is a really nice discussion of all the pieces and parts of a container image for someone new to the technology right through people who are a lot more experienced, but might not know every nook and cranny.

    - + \ No newline at end of file diff --git a/blogs/tags/mac/page/5.html b/blogs/tags/mac/page/5.html index c21602026..fddbcabdf 100644 --- a/blogs/tags/mac/page/5.html +++ b/blogs/tags/mac/page/5.html @@ -12,7 +12,7 @@ - + @@ -27,7 +27,7 @@ to the posts. Checkout the Podman Posts of Interest for the links!

    · One min read

    podman logo

    Container image short names in Podman

    By Tom Sweeney GitHub

    Do you like you container names to be short, sweet and yet secure? Valentin Rothberg shows you how in a recent blog post on the Red Hat Enable Sysadmin site, Container image short names in Podman. This functionality is now available in the upstream version of Podman and is targeted for Podman v3.0.

    · One min read

    podman logo

    The history of an API: GitLab Runner and Podman

    By Tom Sweeney GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, The history of an API: GitLab Runner and Podman, Pablo Greco from the CentOS QA team in Buenos Aires, Argentia documented his journey through a Podman and GitLab Runner integration. When Podman v2.2 arrives, GitLab Runner will be able to run with Podman right out of the box. Give the article a read to see how he got there.

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, The history of an API: GitLab Runner and Podman, Pablo Greco from the CentOS QA team in Buenos Aires, Argentia documented his journey through a Podman and GitLab Runner integration. When Podman v2.2 arrives, GitLab Runner will be able to run with Podman right out of the box. Give the article a read to see how he got there.

    · One min read

    podman logo

    Exploring Podman RESTful API using Python and Bash

    By Jhon Honce GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, Exploring Podman RESTful API using Python and Bash, Jhon Honce nicely demonstrates the new Podman REST API using code examples in Python and shell commands. Additional notes are included in the code comments. The provided code was written to be clear vs. production quality.

    - + \ No newline at end of file diff --git a/blogs/tags/mac/page/6.html b/blogs/tags/mac/page/6.html index 9706e2f00..1f154eb2b 100644 --- a/blogs/tags/mac/page/6.html +++ b/blogs/tags/mac/page/6.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    56 posts tagged with "mac"

    View All Tags

    · One min read

    podman logo

    DevConf US 2020 Containers Technologies Talk

    By Tom Sweeney GitHub

    In case you missed Kedar Kulkarni's excellent talk at DevConf.US 2020, "Docker, Podman, Buildah, Skopeo, and what else?", check out the video on YouTube. There were also a number of other interesting talks at DevConf.US 2020 that you might be interested in, you'll be able to find links to the talks at the DevConf.US site above.

    · One min read

    By Tom Sweeney GitHub

    In case you missed Kedar Kulkarni's excellent talk at DevConf.US 2020, "Docker, Podman, Buildah, Skopeo, and what else?", check out the video on YouTube. There were also a number of other interesting talks at DevConf.US 2020 that you might be interested in, you'll be able to find links to the talks at the DevConf.US site above.

    · One min read

    podman logo

    Podman Posts of Interest

    By Brent Baude GitHub

    · One min read

    I've run across a number of posts over the past few weeks concerning Podman and have been busy getting other work done. So now I have a few moments and thought I'd add some links to the posts. Enjoy!

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, Podman remote clients for macOS and Windows, Brent Baude and Ashley Cui walk you through setting up a remote client on either Windows or macOS to let you manage your containers and images on your Linux backend. The post covers installation, ssh setup, creating the initial connection and finally how to use the client. Give it a quick look!

    · One min read

    podman logo

    Podman remote clients for macOS and Windows

    By Brent Baude GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, Podman remote clients for macOS and Windows, Brent Baude and Ashley Cui walk you through setting up a remote client on either Windows or macOS to let you manage your containers and images on your Linux backend. The post covers installation, ssh setup, creating the initial connection and finally how to use the client. Give it a quick look!

    - + \ No newline at end of file diff --git a/blogs/tags/microsoft.html b/blogs/tags/microsoft.html index a1d59d80b..747fe55fe 100644 --- a/blogs/tags/microsoft.html +++ b/blogs/tags/microsoft.html @@ -12,13 +12,13 @@ - +

    6 posts tagged with "microsoft"

    View All Tags

    · One min read

    podman logo

    Pulling podman images from a container repository

    By Tom Sweeney GitHub

    Tom Sweeney has another blog post on the Red Hat Enable Sysadmin site this time he's writing about Pulling podman images from a container repository. Learn the different varieties of pull that the podman build command can use to speed up or further secure your environment in this post.

    · One min read

    podman logo

    What happens behind the scenes of a rootless Podman container?

    By Dan Walsh GitHub

    Dan Walsh along with Matt Heon have a blog post on the Red Hat Enable Sysadmin site, What happens behind the scenes of a rootless Podman container?. If you ever wanted to know what happens under the covers of a rootless container, this is the article for you!

    - + \ No newline at end of file diff --git a/blogs/tags/multiarch.html b/blogs/tags/multiarch.html index 50d0d5eee..b936e323f 100644 --- a/blogs/tags/multiarch.html +++ b/blogs/tags/multiarch.html @@ -12,7 +12,7 @@ - + @@ -31,7 +31,7 @@ to produce an image that supports multiple architectures under a single "name". Working with container image manifest lists post!

    - + \ No newline at end of file diff --git a/blogs/tags/netavark.html b/blogs/tags/netavark.html index e45a470e9..a21234661 100644 --- a/blogs/tags/netavark.html +++ b/blogs/tags/netavark.html @@ -12,13 +12,13 @@ - +

    2 posts tagged with "netavark"

    View All Tags
    - + \ No newline at end of file diff --git a/blogs/tags/network.html b/blogs/tags/network.html index 1c2645a7a..e631bca65 100644 --- a/blogs/tags/network.html +++ b/blogs/tags/network.html @@ -12,13 +12,13 @@ - +

    3 posts tagged with "network"

    View All Tags
    - + \ No newline at end of file diff --git a/blogs/tags/networking.html b/blogs/tags/networking.html index f08147b77..ee69d88b9 100644 --- a/blogs/tags/networking.html +++ b/blogs/tags/networking.html @@ -12,7 +12,7 @@ - + @@ -30,7 +30,7 @@ Checkout the Podman Posts of Interest for the links!

    - + \ No newline at end of file diff --git a/blogs/tags/networking/page/10.html b/blogs/tags/networking/page/10.html index 2c4d959e4..94bc0560c 100644 --- a/blogs/tags/networking/page/10.html +++ b/blogs/tags/networking/page/10.html @@ -12,13 +12,13 @@ - +

    92 posts tagged with "networking"

    View All Tags

    · One min read

    podman logo

    Leasing routable IP addresses with Podman containers

    By Brent Baude GitHub

    Brent Baude has another blog post on the Red Hat Enable Sysadmin site this time about Leasing routable IP addresses with Podman containers. In the post Brent talks about using the macvlan and the dhcp plugins that ship with the container-networking project in order to lease ip addresses for your containers.

    - + \ No newline at end of file diff --git a/blogs/tags/networking/page/2.html b/blogs/tags/networking/page/2.html index 99a0d4cca..4c2e8a437 100644 --- a/blogs/tags/networking/page/2.html +++ b/blogs/tags/networking/page/2.html @@ -12,7 +12,7 @@ - + @@ -21,7 +21,7 @@ on Apple silicon hardware like the M1s.

    · 3 min read

    podman logo

    Podman on Macs Update

    By Brent Baude GitHub

    The Podman team values the local development experience, and we think containers are a crucial part of that. We’ve been brainstorming, discussing, and testing solutions to bring a great Podman experience to Mac and Windows. We are constantly looking for ways to improve it. In particular, the latest release of Podman has support for Intel(as of Podman v3.4) Macs. We have been hearing good feedback for a few weeks now, but up until this point, we haven’t published a lot of documentation.

    - + \ No newline at end of file diff --git a/blogs/tags/networking/page/3.html b/blogs/tags/networking/page/3.html index f4e750c4a..07a62b3d1 100644 --- a/blogs/tags/networking/page/3.html +++ b/blogs/tags/networking/page/3.html @@ -12,7 +12,7 @@ - + @@ -30,7 +30,7 @@ May the Fourth be with you via Podman post, I delve into running an Ascii movie featureing the first Star Wars Movie inside of a container run by Podman.

    Enjoy and May the Fourth be with you!

    - + \ No newline at end of file diff --git a/blogs/tags/networking/page/4.html b/blogs/tags/networking/page/4.html index ee8778d7d..5d82e4294 100644 --- a/blogs/tags/networking/page/4.html +++ b/blogs/tags/networking/page/4.html @@ -12,7 +12,7 @@ - + @@ -26,7 +26,7 @@ to the posts. Checkout the Podman Posts of Interest for the links!

    · One min read

    podman logo

    Podman: Managing pods and containers in a local container runtime

    By Brent Baude GitHub

    Podman has the ability to handle pod deployment which is a differentiator from other container runtimes. Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Podman: Managing pods and containers in a local container runtime. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    · One min read

    Podman has the ability to handle pod deployment which is a differentiator from other container runtimes. Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Podman: Managing pods and containers in a local container runtime. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    · One min read

    One of the questions that the Podman development team has been hearing a lot over the past year or so is "Does Podman support Docker Compose? Up until recently, the answer was "not yet". With the soon to be released Podman v3.0, that answer changes to "NOW!" Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Using Podman and Docker Compose. This functionality is now available in the upstream version of Podman if you want to take a real sneak peak.

    · One min read

    podman logo

    Using Podman and Docker Compose

    By Brent Baude GitHub

    One of the questions that the Podman development team has been hearing a lot over the past year or so is "Does Podman support Docker Compose? Up until recently, the answer was "not yet". With the soon to be released Podman v3.0, that answer changes to "NOW!" Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Using Podman and Docker Compose. This functionality is now available in the upstream version of Podman if you want to take a real sneak peak.

    - + \ No newline at end of file diff --git a/blogs/tags/networking/page/5.html b/blogs/tags/networking/page/5.html index 15dce18a4..95e1a000c 100644 --- a/blogs/tags/networking/page/5.html +++ b/blogs/tags/networking/page/5.html @@ -12,7 +12,7 @@ - + @@ -36,7 +36,7 @@ to the posts. Checkout the Podman Posts of Interest for the links!

    · One min read

    podman logo

    Container image short names in Podman

    By Tom Sweeney GitHub

    Do you like you container names to be short, sweet and yet secure? Valentin Rothberg shows you how in a recent blog post on the Red Hat Enable Sysadmin site, Container image short names in Podman. This functionality is now available in the upstream version of Podman and is targeted for Podman v3.0.

    - + \ No newline at end of file diff --git a/blogs/tags/networking/page/6.html b/blogs/tags/networking/page/6.html index f79e1dc44..fd8071dcf 100644 --- a/blogs/tags/networking/page/6.html +++ b/blogs/tags/networking/page/6.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    92 posts tagged with "networking"

    View All Tags

    · One min read

    podman logo

    The history of an API: GitLab Runner and Podman

    By Tom Sweeney GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, The history of an API: GitLab Runner and Podman, Pablo Greco from the CentOS QA team in Buenos Aires, Argentia documented his journey through a Podman and GitLab Runner integration. When Podman v2.2 arrives, GitLab Runner will be able to run with Podman right out of the box. Give the article a read to see how he got there.

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, The history of an API: GitLab Runner and Podman, Pablo Greco from the CentOS QA team in Buenos Aires, Argentia documented his journey through a Podman and GitLab Runner integration. When Podman v2.2 arrives, GitLab Runner will be able to run with Podman right out of the box. Give the article a read to see how he got there.

    · One min read

    podman logo

    Exploring Podman RESTful API using Python and Bash

    By Jhon Honce GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, Exploring Podman RESTful API using Python and Bash, Jhon Honce nicely demonstrates the new Podman REST API using code examples in Python and shell commands. Additional notes are included in the code comments. The provided code was written to be clear vs. production quality.

    · One min read

    podman logo

    DevConf US 2020 Containers Technologies Talk

    By Tom Sweeney GitHub

    In case you missed Kedar Kulkarni's excellent talk at DevConf.US 2020, "Docker, Podman, Buildah, Skopeo, and what else?", check out the video on YouTube. There were also a number of other interesting talks at DevConf.US 2020 that you might be interested in, you'll be able to find links to the talks at the DevConf.US site above.

    · One min read

    By Tom Sweeney GitHub

    In case you missed Kedar Kulkarni's excellent talk at DevConf.US 2020, "Docker, Podman, Buildah, Skopeo, and what else?", check out the video on YouTube. There were also a number of other interesting talks at DevConf.US 2020 that you might be interested in, you'll be able to find links to the talks at the DevConf.US site above.

    · One min read

    podman logo

    Podman Posts of Interest

    By Brent Baude GitHub

    · One min read

    I've run across a number of posts over the past few weeks concerning Podman and have been busy getting other work done. So now I have a few moments and thought I'd add some links to the posts. Enjoy!

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, Podman remote clients for macOS and Windows, Brent Baude and Ashley Cui walk you through setting up a remote client on either Windows or macOS to let you manage your containers and images on your Linux backend. The post covers installation, ssh setup, creating the initial connection and finally how to use the client. Give it a quick look!

    · One min read

    podman logo

    Podman remote clients for macOS and Windows

    By Brent Baude GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, Podman remote clients for macOS and Windows, Brent Baude and Ashley Cui walk you through setting up a remote client on either Windows or macOS to let you manage your containers and images on your Linux backend. The post covers installation, ssh setup, creating the initial connection and finally how to use the client. Give it a quick look!

    - + \ No newline at end of file diff --git a/blogs/tags/networking/page/7.html b/blogs/tags/networking/page/7.html index 62130041d..79b5dda54 100644 --- a/blogs/tags/networking/page/7.html +++ b/blogs/tags/networking/page/7.html @@ -12,13 +12,13 @@ - +

    92 posts tagged with "networking"

    View All Tags

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, The podman play kube command now supports deployments, you can now learn all about the recent features added to Podman to interact with Kubernetes objects. The podman generate kube command allows you to export your existing containers into Kubernetes Pod YAML. This YAML can then be imported into OpenShift or a Kubernetes cluster. The podman play kube does the opposite, it allows you to take a Kubernetes YAML and run it in Podman. Learn all of the details and more in the blog post!

    · One min read

    Ashley Cui recently joined our team at Red Hat and just wrote her first ever blog post that is now on the Red Hat Enable Sysadmin site Tick-tock. Does your container know what time it is?. In this timely post, Ashley walks you through setting the timezone within a container using the --tz option. Just prior to this posting, I had answered a very similar question for someone. This is a really good and quick blog, and I'm sure the first of many for Ashley.

    · One min read

    Do you want to know more about Rootless containers, process separation, and OpenSCAP? If you're like many, a video is a better learning device than a blog post. Well you're in luck, Brian Smith just landed a blog post on the Red Hat Enable Sysadmin site Container video series: Rootless containers, process separation, and OpenSCAP with a number of blog posts on the subject, many featuring Podman.

    - + \ No newline at end of file diff --git a/blogs/tags/networking/page/8.html b/blogs/tags/networking/page/8.html index bbbfc871e..129079c07 100644 --- a/blogs/tags/networking/page/8.html +++ b/blogs/tags/networking/page/8.html @@ -12,7 +12,7 @@ - + @@ -43,7 +43,7 @@ advancements that Podman v2.x will give our users. Subsequent blog posts will be written on those advancements and why they matter to our users.

    - + \ No newline at end of file diff --git a/blogs/tags/networking/page/9.html b/blogs/tags/networking/page/9.html index 6339e006c..b2a4dcd1a 100644 --- a/blogs/tags/networking/page/9.html +++ b/blogs/tags/networking/page/9.html @@ -12,13 +12,13 @@ - +

    92 posts tagged with "networking"

    View All Tags

    · One min read

    podman logo

    Pulling podman images from a container repository

    By Tom Sweeney GitHub

    Tom Sweeney has another blog post on the Red Hat Enable Sysadmin site this time he's writing about Pulling podman images from a container repository. Learn the different varieties of pull that the podman build command can use to speed up or further secure your environment in this post.

    · One min read

    podman logo

    What happens behind the scenes of a rootless Podman container?

    By Dan Walsh GitHub

    Dan Walsh along with Matt Heon have a blog post on the Red Hat Enable Sysadmin site, What happens behind the scenes of a rootless Podman container?. If you ever wanted to know what happens under the covers of a rootless container, this is the article for you!

    · One min read

    podman logo

    Running containers with Podman and shareable systemd services

    By Bryan Hepworth GitHub

    Podman version 1.7 is coming out soon and will include new features that will make management of containers with systemd services even easier. Valentin Rothberg has a blog post on the Red Hat Enable Sysadmin site that previews the features: Running containers with Podman and shareable systemd services. In the post Valentin goes over the highlights and then gives a great working example.

    - + \ No newline at end of file diff --git a/blogs/tags/nfs.html b/blogs/tags/nfs.html index c236ce92c..a8d6e12e4 100644 --- a/blogs/tags/nfs.html +++ b/blogs/tags/nfs.html @@ -12,7 +12,7 @@ - + @@ -22,7 +22,7 @@ introduced how Podman can be used to run containers under the control of Open MPI. In this article I want to extend my HPC environment to use a shared NFS home directory.

    - + \ No newline at end of file diff --git a/blogs/tags/oci.html b/blogs/tags/oci.html index d555e3663..fdb340246 100644 --- a/blogs/tags/oci.html +++ b/blogs/tags/oci.html @@ -12,7 +12,7 @@ - + @@ -22,7 +22,7 @@ Signing container images is nothing magical and can drastically enhance security to mitigate man-in-the-middle (MITM) attacks. Read all about it here.

    · One min read

    podman logo

    What happens behind the scenes of a rootless Podman container?

    By Dan Walsh GitHub

    Dan Walsh along with Matt Heon have a blog post on the Red Hat Enable Sysadmin site, What happens behind the scenes of a rootless Podman container?. If you ever wanted to know what happens under the covers of a rootless container, this is the article for you!

    - + \ No newline at end of file diff --git a/blogs/tags/oci/page/2.html b/blogs/tags/oci/page/2.html index f3f694972..0e1b94284 100644 --- a/blogs/tags/oci/page/2.html +++ b/blogs/tags/oci/page/2.html @@ -12,13 +12,13 @@ - +

    49 posts tagged with "oci"

    View All Tags

    · One min read

    · One min read

    podman logo

    Running containers with Podman and shareable systemd services

    By Bryan Hepworth GitHub

    Podman version 1.7 is coming out soon and will include new features that will make management of containers with systemd services even easier. Valentin Rothberg has a blog post on the Red Hat Enable Sysadmin site that previews the features: Running containers with Podman and shareable systemd services. In the post Valentin goes over the highlights and then gives a great working example.

    · One min read

    podman logo

    Working with Linux containers on RHEL 8 with Podman, image builder and web console

    By Tom Sweeney GitHub

    Do you want to know how to setup RHEL 8 to run containers using Podman? Xuegang Jin has a blog post on the Red Hat Blog about this very subject, Working with Linux containers on RHEL 8 with Podman, image builder and web console. In the post Xuegang explains how you can use Image Builder to create an OS image, how to run containers with Podman, and how to check the host and containers performance using Web Console.

    · One min read

    podman logo

    Understanding root inside and outside a container

    By Tom Sweeney GitHub

    Do you run containers as root, or as a regular user? Scott McCarty has a blog post on the Red Hat Blog about this very subject, Understanding root inside and outside a container. In the post Scott walks you through what a rootless container does and how it can be a safer alternative to a container run by root.

    · One min read

    podman logo

    Leasing routable IP addresses with Podman containers

    By Brent Baude GitHub

    Brent Baude has another blog post on the Red Hat Enable Sysadmin site this time about Leasing routable IP addresses with Podman containers. In the post Brent talks about using the macvlan and the dhcp plugins that ship with the container-networking project in order to lease ip addresses for your containers.

    - + \ No newline at end of file diff --git a/blogs/tags/oci/page/3.html b/blogs/tags/oci/page/3.html index bdfd9963d..e59bc1eb5 100644 --- a/blogs/tags/oci/page/3.html +++ b/blogs/tags/oci/page/3.html @@ -12,13 +12,13 @@ - +

    49 posts tagged with "oci"

    View All Tags

    · One min read

    podman logo

    Building freely distributed containers with open tools

    By Tom Sweeney GitHub

    Scott McCarty (@fatherlinux) has an amazing video on YouTube about Building freely distributed containers with open tools. As only Scott could say "Although explaining how to ride a Tron-style light cycle is beyond the scope of this tutorial, we will discuss something almost as exhilarating—building containers with #Podman and #RedHat Universal Base Image (UBI). We will cover how to build and run #containers based on #UBI using just your regular user account—no daemon, no root (rootless), no fuss. Finally, we will order the deresolution of all of our containers with a really cool command. You probably won’t be promoted to CEO of ENCOM after this talk, but you will have new tools in your toolbelt for how to find, run, build, and share container images."

    · One min read

    podman logo

    Basic security principles for containers and container runtimes

    By Brent Baude GitHub

    Brent Baude has another blog post on the Red Hat Enable Sysadmin site this time about Basic security principles for containers and container runtimes. In the post Brent talks about the three core security themes concerning containers and why user privileges matter in the space.

    · One min read

    podman logo

    The current adoption status of cgroup v2 in containers

    By Tom Sweeney GitHub

    In case you missed Akihiro Suda's post on Medium.com, The current adoption status of cgroup v2 in containers, here's a quick link to it. In the article Akihiro talks all things cgroup v2 and what changes it promises to bring to the world of containers, and Podman is at the forefront of that change.

    · One min read

    podman logo

    PMM Server + podman: Running a Container Without root Privileges

    By Tom Sweeney GitHub

    Ceri Williams talks about how the Percona Monitoring and Management (PMM) can be run in a container using Podman without root privileges here. In the post Ceri talks about how Percona was able to replace Docker with Podman and Buildah and are able to run containers more securely by doing so.

    · 11 min read

    podman logo

    Generate SECCOMP Profiles for Containers Using Podman and eBPF

    By Valentin Rothberg GitHub

    Containers run everywhere. They run in the cloud, they run on IoT devices, they run in small and in big companies and wherever they run, we want them to run as securely as possible. In this article, I describe the Google Summer of Code project that Divyansh Kamboj, Dan Walsh and I have been working on and how we improved the state of the art in securing containers, and how you can try it out.

    - + \ No newline at end of file diff --git a/blogs/tags/oci/page/4.html b/blogs/tags/oci/page/4.html index ecbeda58c..67fd1921e 100644 --- a/blogs/tags/oci/page/4.html +++ b/blogs/tags/oci/page/4.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    49 posts tagged with "oci"

    View All Tags

    · One min read

    podman logo

    Why can’t rootless Podman pull my image?

    By Matthew Heon GitHub

    Matthew Heon has a blog post on the Red Hat Enable Sysadmin site about Why can’t rootless Podman pull my image?. In the blog Matt discusses why restrictions on rootless containers can be inconvenient, but why they're necessary. In the blog Matt covers the use of user namespace and the allocations of uid and gid's that are required to make rootless containers work securely in your environment.

    · One min read

    podman logo

    Best practices for running Buildah in a container

    By Dan Walsh GitHub

    Dan Walsh has recently posted a blog on the Red Hat Developer Blog, Best practices for running Buildah in a container. The post walks you through the balancing act of running a container securely using while keeping an eye on performance. A big boost to the performance side of things is the concept of "Additional Stores". Dan walks you through the use of those in this blog and then wraps it all up with an on-line video at the end.

    · One min read

    podman logo

    Using the rootless containers Tech Preview in RHEL 8.0

    By Tom Sweeney GitHub

    Scott McCarty has a blog post on the Red Hat Blog about Using the rootless containers Tech Preview in RHEL 8.0. Podman rootless containers has hit Tech Preview for RHEL 8.0 and Scott walks you through the setup necessary for rootless containers. Small hint, it's a short post because it's just that easy.

    · One min read

    podman logo

    How templating works with Podman, Kubernetes, and Red Hat OpenShift

    By Tom Sweeney GitHub

    Olaph Wagner has put together a nice introduction on How templating works with Podman, Kubernetes, and Red Hat OpenShift on the IBM Developer blog site. If you want to find out how to use Podman to create images that helps Red Hat OpenShift to make templates on the IBM Cloud(TM), then this is the article for you!

    · One min read

    podman logo

    OnDemand Course: Container pipelines for sys admins—and anyone, really—with Buildah and Podman

    By Tom Sweeney GitHub

    Red Hat has recently posted an OnDemand course: Container pipelines for sys admins—and anyone, really—with Buildah and Podman. The session teaches you how to integrate both Podman and Buildah into your continuous delivery (CI/CD) solutions and also serves as a good introduction to both tools. The cost can't be beat (free!), so if you're looking for a quick introduction into the tools, this is a good way to go.

    · 2 min read

    podman logo

    Podman Mailing List

    By Tom Sweeney GitHub

    We've received a number of requests for a mailing list for Podman and we're happy to announce that one has just been created! We've built a friendly community on IRC and GitHub and plan to continue that growth in this new mailing list. The maintainers of the project are all members of the list and we're happy to take any and all questions there about Podman. You can also just use the list as a way to track what's going on with Podman as release announcements and other important news will be posted there.

    - + \ No newline at end of file diff --git a/blogs/tags/oci/page/5.html b/blogs/tags/oci/page/5.html index 0d93f78d5..9482f29a9 100644 --- a/blogs/tags/oci/page/5.html +++ b/blogs/tags/oci/page/5.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    49 posts tagged with "oci"

    View All Tags

    · One min read

    podman logo

    Monitoring container vitality and availability with Podman

    By Brent Baude GitHub

    Who doesn't want a healthy container in their environment? Now with Podman you can setup healthchecks so you can check if your container and it's application is up and running as you'd expect. Brent Baude introduces the new functionality in this article on the Red Hat Developer Blog: Monitoring container vitality and availability with Podman.

    · 5 min read

    podman logo buildah logo

    Buildah and Podman Relationship

    By Tom Sweeney GitHub

    Kubernetes installations can be complex with multiple runtime dependencies and runtime engines. CRI-O was created to provide a lightweight runtime for Kubernetes which adds an abstraction layer between the cluster and the runtime that allows for various OCI runtime technologies. However you still have the problem of daemon dependencies in your cluster for builds - I.e. if you are using the cluster for builds you still need a Docker daemon.

    Enter Buildah. Buildah allows you to have a Kubernetes cluster without any Docker daemon for both runtime and builds. Excellent. But what if things go wrong? What if you want to do troubleshooting or debugging of containers in your cluster? Buildah isn’t really built for that, what you need is a client tool for working with containers and the one that comes to mind is Docker CLI - but then you’re back to using the daemon.

    This is where Podman steps in. Podman allows you to do all of the Docker commands without the daemon dependency. With Podman you can run, build (it calls Buildah under the covers for this), modify and troubleshoot containers in your Kubernetes cluster. With the two projects together, you have a well rounded solution for your OCI container image and container needs.

    - + \ No newline at end of file diff --git a/blogs/tags/open-source.html b/blogs/tags/open-source.html index 8dca9df33..84ca06ca9 100644 --- a/blogs/tags/open-source.html +++ b/blogs/tags/open-source.html @@ -12,13 +12,13 @@ - +

    One post tagged with "open source"

    View All Tags

    · 3 min read

    podman logo

    By Brent Baude GitHub

    If you follow the traffic on IRC (#podman on libera.chat) or GitHub from the developers of libpod, you might have seen us referencing a new API. We often referred to it as apiv2 and for about a month, there has been an 'apiv2' branch for libpod on GitHub. This week, we have begun to merge that branch but have yet to “wire it up.”

    First and foremost, the Golang libpod API remains largely unchanged. What is changing is the API we expose for automation and remote usage. Our previous API was based on the varlink protocol. But we heard from users that varlink was a hurdle for libpod adoption especially for those who were using the Docker API and its bindings. They simply could not or did not want to rewrite their custom applications for libpod’s new, varlink-based API.

    - + \ No newline at end of file diff --git a/blogs/tags/openstack.html b/blogs/tags/openstack.html index 1c2989860..848c957af 100644 --- a/blogs/tags/openstack.html +++ b/blogs/tags/openstack.html @@ -12,7 +12,7 @@ - + @@ -21,7 +21,7 @@ from Docker to Podman containers.

    Read More

    - + \ No newline at end of file diff --git a/blogs/tags/pod.html b/blogs/tags/pod.html index d52ead80b..16ef4e11a 100644 --- a/blogs/tags/pod.html +++ b/blogs/tags/pod.html @@ -12,7 +12,7 @@ - + @@ -30,7 +30,7 @@ Checkout the Podman Posts of Interest for the links!

    - + \ No newline at end of file diff --git a/blogs/tags/pod/page/2.html b/blogs/tags/pod/page/2.html index eac256c9d..9c0c3cf12 100644 --- a/blogs/tags/pod/page/2.html +++ b/blogs/tags/pod/page/2.html @@ -12,7 +12,7 @@ - + @@ -21,7 +21,7 @@ on Apple silicon hardware like the M1s.

    · 3 min read

    podman logo

    Podman on Macs Update

    By Brent Baude GitHub

    The Podman team values the local development experience, and we think containers are a crucial part of that. We’ve been brainstorming, discussing, and testing solutions to bring a great Podman experience to Mac and Windows. We are constantly looking for ways to improve it. In particular, the latest release of Podman has support for Intel(as of Podman v3.4) Macs. We have been hearing good feedback for a few weeks now, but up until this point, we haven’t published a lot of documentation.

    - + \ No newline at end of file diff --git a/blogs/tags/pod/page/3.html b/blogs/tags/pod/page/3.html index fe7366330..606348b4c 100644 --- a/blogs/tags/pod/page/3.html +++ b/blogs/tags/pod/page/3.html @@ -12,7 +12,7 @@ - + @@ -30,7 +30,7 @@ May the Fourth be with you via Podman post, I delve into running an Ascii movie featureing the first Star Wars Movie inside of a container run by Podman.

    Enjoy and May the Fourth be with you!

    - + \ No newline at end of file diff --git a/blogs/tags/pod/page/4.html b/blogs/tags/pod/page/4.html index f15109e7c..f57e8ef26 100644 --- a/blogs/tags/pod/page/4.html +++ b/blogs/tags/pod/page/4.html @@ -12,7 +12,7 @@ - + @@ -26,7 +26,7 @@ to the posts. Checkout the Podman Posts of Interest for the links!

    · One min read

    podman logo

    Podman: Managing pods and containers in a local container runtime

    By Brent Baude GitHub

    Podman has the ability to handle pod deployment which is a differentiator from other container runtimes. Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Podman: Managing pods and containers in a local container runtime. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    · One min read

    Podman has the ability to handle pod deployment which is a differentiator from other container runtimes. Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Podman: Managing pods and containers in a local container runtime. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    · One min read

    One of the questions that the Podman development team has been hearing a lot over the past year or so is "Does Podman support Docker Compose? Up until recently, the answer was "not yet". With the soon to be released Podman v3.0, that answer changes to "NOW!" Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Using Podman and Docker Compose. This functionality is now available in the upstream version of Podman if you want to take a real sneak peak.

    · One min read

    podman logo

    Using Podman and Docker Compose

    By Brent Baude GitHub

    One of the questions that the Podman development team has been hearing a lot over the past year or so is "Does Podman support Docker Compose? Up until recently, the answer was "not yet". With the soon to be released Podman v3.0, that answer changes to "NOW!" Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Using Podman and Docker Compose. This functionality is now available in the upstream version of Podman if you want to take a real sneak peak.

    - + \ No newline at end of file diff --git a/blogs/tags/pod/page/5.html b/blogs/tags/pod/page/5.html index 940c4bc6c..09a5fddff 100644 --- a/blogs/tags/pod/page/5.html +++ b/blogs/tags/pod/page/5.html @@ -12,7 +12,7 @@ - + @@ -36,7 +36,7 @@ to the posts. Checkout the Podman Posts of Interest for the links!

    · One min read

    podman logo

    Container image short names in Podman

    By Tom Sweeney GitHub

    Do you like you container names to be short, sweet and yet secure? Valentin Rothberg shows you how in a recent blog post on the Red Hat Enable Sysadmin site, Container image short names in Podman. This functionality is now available in the upstream version of Podman and is targeted for Podman v3.0.

    - + \ No newline at end of file diff --git a/blogs/tags/pod/page/6.html b/blogs/tags/pod/page/6.html index d811b2f8d..4c78e92a7 100644 --- a/blogs/tags/pod/page/6.html +++ b/blogs/tags/pod/page/6.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    82 posts tagged with "pod"

    View All Tags

    · One min read

    podman logo

    The history of an API: GitLab Runner and Podman

    By Tom Sweeney GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, The history of an API: GitLab Runner and Podman, Pablo Greco from the CentOS QA team in Buenos Aires, Argentia documented his journey through a Podman and GitLab Runner integration. When Podman v2.2 arrives, GitLab Runner will be able to run with Podman right out of the box. Give the article a read to see how he got there.

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, The history of an API: GitLab Runner and Podman, Pablo Greco from the CentOS QA team in Buenos Aires, Argentia documented his journey through a Podman and GitLab Runner integration. When Podman v2.2 arrives, GitLab Runner will be able to run with Podman right out of the box. Give the article a read to see how he got there.

    · One min read

    podman logo

    Exploring Podman RESTful API using Python and Bash

    By Jhon Honce GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, Exploring Podman RESTful API using Python and Bash, Jhon Honce nicely demonstrates the new Podman REST API using code examples in Python and shell commands. Additional notes are included in the code comments. The provided code was written to be clear vs. production quality.

    · One min read

    podman logo

    DevConf US 2020 Containers Technologies Talk

    By Tom Sweeney GitHub

    In case you missed Kedar Kulkarni's excellent talk at DevConf.US 2020, "Docker, Podman, Buildah, Skopeo, and what else?", check out the video on YouTube. There were also a number of other interesting talks at DevConf.US 2020 that you might be interested in, you'll be able to find links to the talks at the DevConf.US site above.

    · One min read

    By Tom Sweeney GitHub

    In case you missed Kedar Kulkarni's excellent talk at DevConf.US 2020, "Docker, Podman, Buildah, Skopeo, and what else?", check out the video on YouTube. There were also a number of other interesting talks at DevConf.US 2020 that you might be interested in, you'll be able to find links to the talks at the DevConf.US site above.

    · One min read

    podman logo

    Podman Posts of Interest

    By Brent Baude GitHub

    · One min read

    I've run across a number of posts over the past few weeks concerning Podman and have been busy getting other work done. So now I have a few moments and thought I'd add some links to the posts. Enjoy!

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, Podman remote clients for macOS and Windows, Brent Baude and Ashley Cui walk you through setting up a remote client on either Windows or macOS to let you manage your containers and images on your Linux backend. The post covers installation, ssh setup, creating the initial connection and finally how to use the client. Give it a quick look!

    · One min read

    podman logo

    Podman remote clients for macOS and Windows

    By Brent Baude GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, Podman remote clients for macOS and Windows, Brent Baude and Ashley Cui walk you through setting up a remote client on either Windows or macOS to let you manage your containers and images on your Linux backend. The post covers installation, ssh setup, creating the initial connection and finally how to use the client. Give it a quick look!

    - + \ No newline at end of file diff --git a/blogs/tags/pod/page/7.html b/blogs/tags/pod/page/7.html index 699940675..8f56457a3 100644 --- a/blogs/tags/pod/page/7.html +++ b/blogs/tags/pod/page/7.html @@ -12,13 +12,13 @@ - +

    82 posts tagged with "pod"

    View All Tags

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, The podman play kube command now supports deployments, you can now learn all about the recent features added to Podman to interact with Kubernetes objects. The podman generate kube command allows you to export your existing containers into Kubernetes Pod YAML. This YAML can then be imported into OpenShift or a Kubernetes cluster. The podman play kube does the opposite, it allows you to take a Kubernetes YAML and run it in Podman. Learn all of the details and more in the blog post!

    · One min read

    Ashley Cui recently joined our team at Red Hat and just wrote her first ever blog post that is now on the Red Hat Enable Sysadmin site Tick-tock. Does your container know what time it is?. In this timely post, Ashley walks you through setting the timezone within a container using the --tz option. Just prior to this posting, I had answered a very similar question for someone. This is a really good and quick blog, and I'm sure the first of many for Ashley.

    · One min read

    Do you want to know more about Rootless containers, process separation, and OpenSCAP? If you're like many, a video is a better learning device than a blog post. Well you're in luck, Brian Smith just landed a blog post on the Red Hat Enable Sysadmin site Container video series: Rootless containers, process separation, and OpenSCAP with a number of blog posts on the subject, many featuring Podman.

    - + \ No newline at end of file diff --git a/blogs/tags/pod/page/8.html b/blogs/tags/pod/page/8.html index 995e20b27..541858a01 100644 --- a/blogs/tags/pod/page/8.html +++ b/blogs/tags/pod/page/8.html @@ -12,7 +12,7 @@ - + @@ -43,7 +43,7 @@ advancements that Podman v2.x will give our users. Subsequent blog posts will be written on those advancements and why they matter to our users.

    - + \ No newline at end of file diff --git a/blogs/tags/pod/page/9.html b/blogs/tags/pod/page/9.html index dd1a4a0c9..9a6c54177 100644 --- a/blogs/tags/pod/page/9.html +++ b/blogs/tags/pod/page/9.html @@ -12,13 +12,13 @@ - +

    82 posts tagged with "pod"

    View All Tags
    - + \ No newline at end of file diff --git a/blogs/tags/podman-machine.html b/blogs/tags/podman-machine.html index c3b4de70c..718287b87 100644 --- a/blogs/tags/podman-machine.html +++ b/blogs/tags/podman-machine.html @@ -12,13 +12,13 @@ - +

    One post tagged with "podman+machine"

    View All Tags

    · 3 min read

    boot2podman logo

    Podman Machine and Boot2podman

    By Anders F Björklund GitHub

    Update: September 9, 2021 - Tom Sweeney

    This post initially discussed the boot2podman/machine project, which Anders has since deprecated. Starting with Podman v3.3, the podman machine command now does that same function and is part of the Podman project. Please see Brent Baude's update or the podman machine man page on docs.podman.io for more information on how to run Podman machine. The podman-machine command has been deprecated.

    In addition, the Podman team is investigating the possibility of creating Podman Desktop. Please see the issue on GitHub, and please add your comments or thoughts to that issue.

    More updates are coming, and please keep your eye on the Podman Mailing List and podman.io for further information and developments.

    Finally, a very big thank you to Anders for his many contributions to Podman, particularly for his work in getting Podman to work smoothly on macOS.

    Original Post

    By using podman-machine and indirectly boot2podman, it is easy to get started with podman even if your local host does not support it...

    It will start a virtual machine, with everything to run containers. This includes podman and buildah, and remote access over varlink.

    - + \ No newline at end of file diff --git a/blogs/tags/podman.html b/blogs/tags/podman.html index 1f378d999..78fd43337 100644 --- a/blogs/tags/podman.html +++ b/blogs/tags/podman.html @@ -12,7 +12,7 @@ - + @@ -44,7 +44,7 @@ macvlan without a gateway address. New packages for Fedora 36 and the Podman4 COPR are being built and should be available shortly.

    - + \ No newline at end of file diff --git a/blogs/tags/podman/page/10.html b/blogs/tags/podman/page/10.html index 4f00602ce..837b862b7 100644 --- a/blogs/tags/podman/page/10.html +++ b/blogs/tags/podman/page/10.html @@ -12,13 +12,13 @@ - +

    181 posts tagged with "podman"

    View All Tags

    · 3 min read

    podman logo

    Podman API v1.0 Deprecation and Removal Notice

    By Tom Sweeney GitHub

    The Podman API v1.0 relied on the varlink library to handle the underlying client/server calls from the Podman client to the host where the Podman service was running. About one year ago, the Podman team was notified that the focus on the varlink library was being greatly reduced and there would be no further development and little support for it from the varlink library team. This led the Podman team to investigate the use of other client/server technologies and it was decided to develop a RESTful API for Podman using the native Go libraries.

    - + \ No newline at end of file diff --git a/blogs/tags/podman/page/11.html b/blogs/tags/podman/page/11.html index 890c29d9a..444cf4232 100644 --- a/blogs/tags/podman/page/11.html +++ b/blogs/tags/podman/page/11.html @@ -12,7 +12,7 @@ - + @@ -22,7 +22,7 @@ the upstream commands may become unstable for a period of time until the final release is completed. More details in the announcement post.

    - + \ No newline at end of file diff --git a/blogs/tags/podman/page/12.html b/blogs/tags/podman/page/12.html index 2e7f97ee2..fc2894898 100644 --- a/blogs/tags/podman/page/12.html +++ b/blogs/tags/podman/page/12.html @@ -12,7 +12,7 @@ - + @@ -43,7 +43,7 @@ Signing container images is nothing magical and can drastically enhance security to mitigate man-in-the-middle (MITM) attacks. Read all about it here.

    · One min read

    podman logo

    What happens behind the scenes of a rootless Podman container?

    By Dan Walsh GitHub

    Dan Walsh along with Matt Heon have a blog post on the Red Hat Enable Sysadmin site, What happens behind the scenes of a rootless Podman container?. If you ever wanted to know what happens under the covers of a rootless container, this is the article for you!

    - + \ No newline at end of file diff --git a/blogs/tags/podman/page/13.html b/blogs/tags/podman/page/13.html index 53480ded7..7affad4d2 100644 --- a/blogs/tags/podman/page/13.html +++ b/blogs/tags/podman/page/13.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    181 posts tagged with "podman"

    View All Tags

    · One min read

    · 3 min read

    podman logo

    By Brent Baude GitHub

    If you follow the traffic on IRC (#podman on libera.chat) or GitHub from the developers of libpod, you might have seen us referencing a new API. We often referred to it as apiv2 and for about a month, there has been an 'apiv2' branch for libpod on GitHub. This week, we have begun to merge that branch but have yet to “wire it up.”

    First and foremost, the Golang libpod API remains largely unchanged. What is changing is the API we expose for automation and remote usage. Our previous API was based on the varlink protocol. But we heard from users that varlink was a hurdle for libpod adoption especially for those who were using the Docker API and its bindings. They simply could not or did not want to rewrite their custom applications for libpod’s new, varlink-based API.

    · 10 min read

    podman logo

    Bioinformatics with rootless podman

    By Valentin Rothberg GitHub

    Over the last 10 years I've seen machines and workflows evolve where I work. From the initial dedicated server, to hpc environments and now the latest instance, containers.

    From an admin point of view this is great - The initial servers had to be carefully built and maintained so that everything would work nicely together. Incompatible programs at that time were run through a VM until such time as they could be folded in to the mix.

    The HPC's had versioned software and environment modules and were built to load the relevant dependencies at run time.

    Now we are into a new era, containers - and not just any old containers, but containers that end users can build and run up fairly quickly to perform what-if's, and move on quickly through iterations until they perform the required functions.

    Podman has developed very rapidly and is incredibly easy to use. You can use it in conjunction with quay.io or run it on a local machine.

    I should add that Adrian Reber gave a talk and has also created a Podman article using openhpc; well worth a watch and a read.

    If you don't have a RedHat Developer Subscription now is an ideal time to get one:

    https://developers.redhat.com/articles/getting-red-hat-developer-subscription-what-rhel-users-need-know/

    ..and download RedHat Enterprise 8.1

    · One min read

    podman logo

    Running containers with Podman and shareable systemd services

    By Bryan Hepworth GitHub

    Podman version 1.7 is coming out soon and will include new features that will make management of containers with systemd services even easier. Valentin Rothberg has a blog post on the Red Hat Enable Sysadmin site that previews the features: Running containers with Podman and shareable systemd services. In the post Valentin goes over the highlights and then gives a great working example.

    · One min read

    podman logo

    Working with Linux containers on RHEL 8 with Podman, image builder and web console

    By Tom Sweeney GitHub

    Do you want to know how to setup RHEL 8 to run containers using Podman? Xuegang Jin has a blog post on the Red Hat Blog about this very subject, Working with Linux containers on RHEL 8 with Podman, image builder and web console. In the post Xuegang explains how you can use Image Builder to create an OS image, how to run containers with Podman, and how to check the host and containers performance using Web Console.

    · One min read

    podman logo

    Understanding root inside and outside a container

    By Tom Sweeney GitHub

    Do you run containers as root, or as a regular user? Scott McCarty has a blog post on the Red Hat Blog about this very subject, Understanding root inside and outside a container. In the post Scott walks you through what a rootless container does and how it can be a safer alternative to a container run by root.

    - + \ No newline at end of file diff --git a/blogs/tags/podman/page/14.html b/blogs/tags/podman/page/14.html index 50c2a7e60..a6e51e5d5 100644 --- a/blogs/tags/podman/page/14.html +++ b/blogs/tags/podman/page/14.html @@ -12,7 +12,7 @@ - + @@ -22,7 +22,7 @@ introduced how Podman can be used to run containers under the control of Open MPI. In this article I want to extend my HPC environment to use a shared NFS home directory.

    - + \ No newline at end of file diff --git a/blogs/tags/podman/page/15.html b/blogs/tags/podman/page/15.html index 142005f30..876c42f18 100644 --- a/blogs/tags/podman/page/15.html +++ b/blogs/tags/podman/page/15.html @@ -12,7 +12,7 @@ - + @@ -21,7 +21,7 @@ but in this article I want to focus on running Message Passing Interface (MPI) parallelized programs with the help of Podman.

    · One min read

    podman logo

    Why can’t rootless Podman pull my image?

    By Matthew Heon GitHub

    Matthew Heon has a blog post on the Red Hat Enable Sysadmin site about Why can’t rootless Podman pull my image?. In the blog Matt discusses why restrictions on rootless containers can be inconvenient, but why they're necessary. In the blog Matt covers the use of user namespace and the allocations of uid and gid's that are required to make rootless containers work securely in your environment.

    · One min read

    podman logo

    Best practices for running Buildah in a container

    By Dan Walsh GitHub

    Dan Walsh has recently posted a blog on the Red Hat Developer Blog, Best practices for running Buildah in a container. The post walks you through the balancing act of running a container securely using while keeping an eye on performance. A big boost to the performance side of things is the concept of "Additional Stores". Dan walks you through the use of those in this blog and then wraps it all up with an on-line video at the end.

    · One min read

    podman logo

    Using the rootless containers Tech Preview in RHEL 8.0

    By Tom Sweeney GitHub

    Scott McCarty has a blog post on the Red Hat Blog about Using the rootless containers Tech Preview in RHEL 8.0. Podman rootless containers has hit Tech Preview for RHEL 8.0 and Scott walks you through the setup necessary for rootless containers. Small hint, it's a short post because it's just that easy.

    · One min read

    podman logo

    How templating works with Podman, Kubernetes, and Red Hat OpenShift

    By Tom Sweeney GitHub

    Olaph Wagner has put together a nice introduction on How templating works with Podman, Kubernetes, and Red Hat OpenShift on the IBM Developer blog site. If you want to find out how to use Podman to create images that helps Red Hat OpenShift to make templates on the IBM Cloud(TM), then this is the article for you!

    - + \ No newline at end of file diff --git a/blogs/tags/podman/page/16.html b/blogs/tags/podman/page/16.html index 81408d7b1..c3e5f9fce 100644 --- a/blogs/tags/podman/page/16.html +++ b/blogs/tags/podman/page/16.html @@ -12,7 +12,7 @@ - + @@ -22,7 +22,7 @@ Ruby on Rails application in new article on mkdev.me blog: Dockerless, part 3: Moving development environment to containers with Podman.

    · One min read

    podman logo

    OnDemand Course: Container pipelines for sys admins—and anyone, really—with Buildah and Podman

    By Tom Sweeney GitHub

    Red Hat has recently posted an OnDemand course: Container pipelines for sys admins—and anyone, really—with Buildah and Podman. The session teaches you how to integrate both Podman and Buildah into your continuous delivery (CI/CD) solutions and also serves as a good introduction to both tools. The cost can't be beat (free!), so if you're looking for a quick introduction into the tools, this is a good way to go.

    · 2 min read

    podman logo

    Podman Mailing List

    By Tom Sweeney GitHub

    We've received a number of requests for a mailing list for Podman and we're happy to announce that one has just been created! We've built a friendly community on IRC and GitHub and plan to continue that growth in this new mailing list. The maintainers of the project are all members of the list and we're happy to take any and all questions there about Podman. You can also just use the list as a way to track what's going on with Podman as release announcements and other important news will be posted there.

    · One min read

    podman logo

    Monitoring container vitality and availability with Podman

    By Brent Baude GitHub

    Who doesn't want a healthy container in their environment? Now with Podman you can setup healthchecks so you can check if your container and it's application is up and running as you'd expect. Brent Baude introduces the new functionality in this article on the Red Hat Developer Blog: Monitoring container vitality and availability with Podman.

    - + \ No newline at end of file diff --git a/blogs/tags/podman/page/17.html b/blogs/tags/podman/page/17.html index 0916080cd..424865fcd 100644 --- a/blogs/tags/podman/page/17.html +++ b/blogs/tags/podman/page/17.html @@ -12,7 +12,7 @@ - + @@ -33,7 +33,7 @@ sometimes the user's environment will not allow them to install all the packages needed; or perhaps the user is intimidated by building from source; or perhaps the user would prefer the RPM package because it will make the upgrade process easier down the road.

    To solve this problem, I have created a series of container images for CentOS7, Fedora 28, and Fedora 29 that are capable of building a development Podman RPM and associated packages.

    - + \ No newline at end of file diff --git a/blogs/tags/podman/page/18.html b/blogs/tags/podman/page/18.html index 7150dfe06..ae630e9d2 100644 --- a/blogs/tags/podman/page/18.html +++ b/blogs/tags/podman/page/18.html @@ -12,7 +12,7 @@ - + @@ -31,7 +31,7 @@ In fact, this job can be done by external tools and this blog post describes how we can use the systemd initialization service to work with Podman containers.

    - + \ No newline at end of file diff --git a/blogs/tags/podman/page/19.html b/blogs/tags/podman/page/19.html index 69f48f31b..4d5ef583d 100644 --- a/blogs/tags/podman/page/19.html +++ b/blogs/tags/podman/page/19.html @@ -12,13 +12,13 @@ - +

    181 posts tagged with "podman"

    View All Tags

    · 6 min read

    podman logo

    Python3 support for Podman

    By Jhon Honce GitHub

    You’ve learned of Podman and all it’s coolness for running OCI-based containers, but you need a solution that is repeatable and scripted. Rather than just executing Podman commands, you want a stable API to call into and not need to screen scrape the output.

    We heard you and now provide a Python package, python3-podman. This package allows you to access the facilities of a Podman service with #nobigfatdaemons.

    - + \ No newline at end of file diff --git a/blogs/tags/podman/page/2.html b/blogs/tags/podman/page/2.html index 33fd7ce07..0f2752b4a 100644 --- a/blogs/tags/podman/page/2.html +++ b/blogs/tags/podman/page/2.html @@ -12,7 +12,7 @@ - + @@ -24,7 +24,7 @@ changes around volume mounts in subsequent Podman releases (i.e. default mounts, technology used to make the mount).

    · 2 min read

    podman logo

    Podman 4 is not in Fedora 35

    Podman 4 will not officially ship in Fedora 35 because it has breaking changes from Podman 3. Fedora has well-founded policies that forbid updating a package in a Fedora release, like 35, that has breaking changes. This is true for most Linux distributions that are dependent on release versions.

    - + \ No newline at end of file diff --git a/blogs/tags/podman/page/3.html b/blogs/tags/podman/page/3.html index 3bd03e541..aba6491be 100644 --- a/blogs/tags/podman/page/3.html +++ b/blogs/tags/podman/page/3.html @@ -12,7 +12,7 @@ - + @@ -36,7 +36,7 @@ Checkout the Podman Posts of Interest for the links!

    - + \ No newline at end of file diff --git a/blogs/tags/podman/page/4.html b/blogs/tags/podman/page/4.html index b67703517..19d483572 100644 --- a/blogs/tags/podman/page/4.html +++ b/blogs/tags/podman/page/4.html @@ -12,7 +12,7 @@ - + @@ -32,7 +32,7 @@ Checkout the Podman Posts of Interest for the links!

    - + \ No newline at end of file diff --git a/blogs/tags/podman/page/5.html b/blogs/tags/podman/page/5.html index a7d73b20b..d9d92aa09 100644 --- a/blogs/tags/podman/page/5.html +++ b/blogs/tags/podman/page/5.html @@ -12,7 +12,7 @@ - + @@ -28,7 +28,7 @@ to the posts. Checkout the Podman Posts of Interest for the links!

    · One min read

    podman logo

    Podman: Managing pods and containers in a local container runtime

    By Brent Baude GitHub

    Podman has the ability to handle pod deployment which is a differentiator from other container runtimes. Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Podman: Managing pods and containers in a local container runtime. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    · One min read

    Podman has the ability to handle pod deployment which is a differentiator from other container runtimes. Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Podman: Managing pods and containers in a local container runtime. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    · One min read

    One of the questions that the Podman development team has been hearing a lot over the past year or so is "Does Podman support Docker Compose? Up until recently, the answer was "not yet". With the soon to be released Podman v3.0, that answer changes to "NOW!" Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Using Podman and Docker Compose. This functionality is now available in the upstream version of Podman if you want to take a real sneak peak.

    - + \ No newline at end of file diff --git a/blogs/tags/podman/page/6.html b/blogs/tags/podman/page/6.html index fac24c564..40f2f27d1 100644 --- a/blogs/tags/podman/page/6.html +++ b/blogs/tags/podman/page/6.html @@ -12,7 +12,7 @@ - + @@ -34,7 +34,7 @@ job of walking through setting up the demo and running it.

    · 3 min read

    podman logo

    Using Podman and systemd to manage container lifecycle

    By Ed Haynes GitHub

    My background is in industrial automation, and in most cases, the edge devices in the factory are too underpowered to run Kubernetes as a method to manage the lifecycle of containers. The workloads have a very long lifecycle, and generally are "tied" to the edge device. There is a lot of value in containerizing applications on these edge devices, however, as it decouples the application dependencies from the OS and provides a level of isolation between applications. This demo will show how using Podman in conjunction with systemd provides an elegant solution for this sort of use case. In addition, this will be done as a "rootless" user - a key benefit of Podman that helps keep the device secure.

    - + \ No newline at end of file diff --git a/blogs/tags/podman/page/7.html b/blogs/tags/podman/page/7.html index a7be3c297..b3696e7f3 100644 --- a/blogs/tags/podman/page/7.html +++ b/blogs/tags/podman/page/7.html @@ -12,7 +12,7 @@ - + @@ -27,7 +27,7 @@ October 6 at 11:00 a.m. Eastern. It will be a video conference using BlueJeans and all of the details are on this post.

    · One min read

    podman logo

    DevConf US 2020 Containers Technologies Talk

    By Tom Sweeney GitHub

    In case you missed Kedar Kulkarni's excellent talk at DevConf.US 2020, "Docker, Podman, Buildah, Skopeo, and what else?", check out the video on YouTube. There were also a number of other interesting talks at DevConf.US 2020 that you might be interested in, you'll be able to find links to the talks at the DevConf.US site above.

    - + \ No newline at end of file diff --git a/blogs/tags/podman/page/8.html b/blogs/tags/podman/page/8.html index a393a04d7..ee7f9fb05 100644 --- a/blogs/tags/podman/page/8.html +++ b/blogs/tags/podman/page/8.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    181 posts tagged with "podman"

    View All Tags

    · One min read

    By Tom Sweeney GitHub

    In case you missed Kedar Kulkarni's excellent talk at DevConf.US 2020, "Docker, Podman, Buildah, Skopeo, and what else?", check out the video on YouTube. There were also a number of other interesting talks at DevConf.US 2020 that you might be interested in, you'll be able to find links to the talks at the DevConf.US site above.

    · One min read

    podman logo

    Podman Security Issue

    Today, we're releasing updates to fix CVE-2020-14370, a security issue in Podman. This is a medium-severity information disclosure vulnerability that affects containers created using Podman’s Varlink API or the Docker-compatible version of its REST API. If two or more containers are created using these APIs, and the first container had environment variables added to it when it was created, all subsequent containers created using the Varlink or Docker-compatible REST APIs will also have these environment variables added. This effect does not persist after restarting the Podman API service.

    Podman v2.0.5 and higher contain a fix for the CVE. If you use either of these APIs, please update to Podman v2.0.5 or later. We will also be patching the long-term support v1.6.4 release used in RHEL and CentOS.

    · One min read

    podman logo

    Podman Posts of Interest

    By Brent Baude GitHub

    · One min read

    I've run across a number of posts over the past few weeks concerning Podman and have been busy getting other work done. So now I have a few moments and thought I'd add some links to the posts. Enjoy!

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, Podman remote clients for macOS and Windows, Brent Baude and Ashley Cui walk you through setting up a remote client on either Windows or macOS to let you manage your containers and images on your Linux backend. The post covers installation, ssh setup, creating the initial connection and finally how to use the client. Give it a quick look!

    · One min read

    podman logo

    Podman remote clients for macOS and Windows

    By Brent Baude GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, Podman remote clients for macOS and Windows, Brent Baude and Ashley Cui walk you through setting up a remote client on either Windows or macOS to let you manage your containers and images on your Linux backend. The post covers installation, ssh setup, creating the initial connection and finally how to use the client. Give it a quick look!

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, The podman play kube command now supports deployments, you can now learn all about the recent features added to Podman to interact with Kubernetes objects. The podman generate kube command allows you to export your existing containers into Kubernetes Pod YAML. This YAML can then be imported into OpenShift or a Kubernetes cluster. The podman play kube does the opposite, it allows you to take a Kubernetes YAML and run it in Podman. Learn all of the details and more in the blog post!

    · One min read

    podman logo

    The podman play kube command now supports deployments

    By Matthew Heon GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, The podman play kube command now supports deployments, you can now learn all about the recent features added to Podman to interact with Kubernetes objects. The podman generate kube command allows you to export your existing containers into Kubernetes Pod YAML. This YAML can then be imported into OpenShift or a Kubernetes cluster. The podman play kube does the opposite, it allows you to take a Kubernetes YAML and run it in Podman. Learn all of the details and more in the blog post!

    · One min read

    podman logo

    Tick-tock. Does your container know what time it is?

    By Tom Sweeney GitHub

    Ashley Cui recently joined our team at Red Hat and just wrote her first ever blog post that is now on the Red Hat Enable Sysadmin site Tick-tock. Does your container know what time it is?. In this timely post, Ashley walks you through setting the timezone within a container using the --tz option. Just prior to this posting, I had answered a very similar question for someone. This is a really good and quick blog, and I'm sure the first of many for Ashley.

    · One min read

    Ashley Cui recently joined our team at Red Hat and just wrote her first ever blog post that is now on the Red Hat Enable Sysadmin site Tick-tock. Does your container know what time it is?. In this timely post, Ashley walks you through setting the timezone within a container using the --tz option. Just prior to this posting, I had answered a very similar question for someone. This is a really good and quick blog, and I'm sure the first of many for Ashley.

    - + \ No newline at end of file diff --git a/blogs/tags/podman/page/9.html b/blogs/tags/podman/page/9.html index 9db1c1ef5..013cc9eec 100644 --- a/blogs/tags/podman/page/9.html +++ b/blogs/tags/podman/page/9.html @@ -12,7 +12,7 @@ - + @@ -28,7 +28,7 @@ using a set of Go based bindings is probably a more direct route to a production ready application. Let’s take a look at how easily that can be accomplished.

    - + \ No newline at end of file diff --git a/blogs/tags/python.html b/blogs/tags/python.html index a2b97644f..f2644c0d8 100644 --- a/blogs/tags/python.html +++ b/blogs/tags/python.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    One post tagged with "python"

    View All Tags

    · 8 min read

    podman logo

    Programmatic remote access to Podman via the varlink protocol

    By Harald Hoyer GitHub

    This guide shows how to access Podman remotely via the varlink interface with CLI tools and programmatically with python, go and rust.

    This should work on Linux, MacOS and Windows 10.

    The compatibility matrix shows which feature is supported on which OS in which language.

    Note: replace <podman-machine> in this guide with the IP or hostname of your Podman machine

    - + \ No newline at end of file diff --git a/blogs/tags/rails.html b/blogs/tags/rails.html index 058b629fa..fddbedc80 100644 --- a/blogs/tags/rails.html +++ b/blogs/tags/rails.html @@ -12,7 +12,7 @@ - + @@ -21,7 +21,7 @@ of developer's productivity? Read about how one company did it for Ruby on Rails application in new article on mkdev.me blog: Dockerless, part 3: Moving development environment to containers with Podman.

    - + \ No newline at end of file diff --git a/blogs/tags/rename.html b/blogs/tags/rename.html index f7c563128..43348ec05 100644 --- a/blogs/tags/rename.html +++ b/blogs/tags/rename.html @@ -12,13 +12,13 @@ - +

    9 posts tagged with "rename"

    View All Tags

    · One min read

    podman logo

    Tick-tock. Does your container know what time it is?

    By Tom Sweeney GitHub

    Ashley Cui recently joined our team at Red Hat and just wrote her first ever blog post that is now on the Red Hat Enable Sysadmin site Tick-tock. Does your container know what time it is?. In this timely post, Ashley walks you through setting the timezone within a container using the --tz option. Just prior to this posting, I had answered a very similar question for someone. This is a really good and quick blog, and I'm sure the first of many for Ashley.

    · One min read

    podman logo

    Container video series: Rootless containers, process separation, and OpenSCAP

    By Tom Sweeney GitHub

    Do you want to know more about Rootless containers, process separation, and OpenSCAP? If you're like many, a video is a better learning device than a blog post. Well you're in luck, Brian Smith just landed a blog post on the Red Hat Enable Sysadmin site Container video series: Rootless containers, process separation, and OpenSCAP with a number of blog posts on the subject, many featuring Podman.

    - + \ No newline at end of file diff --git a/blogs/tags/rest-api.html b/blogs/tags/rest-api.html index 42f031901..7a948170c 100644 --- a/blogs/tags/rest-api.html +++ b/blogs/tags/rest-api.html @@ -12,13 +12,13 @@ - +

    22 posts tagged with "rest-api"

    View All Tags

    · 2 min read

    podman logo

    Podman API v1.0 and libpod.conf Removal Notice

    By Tom Sweeney GitHub

    On August 1, 2020, the Podman team posted a Podman API v1.0 Deprecation and Removal notice. As noted in that document, the Podman API v1.0 relied on the varlink library to handle the underlying client/server calls from the Podman client to the host where the Podman service was running. The support for the varlink library was greatly reduced in the spring of 2020. This led the Podman team to investigate the use of other client/server technologies and it was decided to develop a RESTful API for Podman using the native Go libraries.

    · One min read

    Ashley Cui recently joined our team at Red Hat and just wrote her first ever blog post that is now on the Red Hat Enable Sysadmin site Tick-tock. Does your container know what time it is?. In this timely post, Ashley walks you through setting the timezone within a container using the --tz option. Just prior to this posting, I had answered a very similar question for someone. This is a really good and quick blog, and I'm sure the first of many for Ashley.

    · One min read

    Do you want to know more about Rootless containers, process separation, and OpenSCAP? If you're like many, a video is a better learning device than a blog post. Well you're in luck, Brian Smith just landed a blog post on the Red Hat Enable Sysadmin site Container video series: Rootless containers, process separation, and OpenSCAP with a number of blog posts on the subject, many featuring Podman.

    · 3 min read

    podman logo

    Podman Troubleshooting Guide

    By Tom Sweeney GitHub

    As a kid, I was fascinated by space flight. If I couldn't be a fireman like my father, I wanted to be an astronaut. Of course I had to have a Major Matt Mason figure so I could fly him around the house and then land him softly in a jury-rigged parachute in my wading pool. Then of course the whole Apollo 13 drama had me riveted, and when the movie came out years later, I fell in love with this line in the movie, "Let's work the problem people. Let's not make things worse by guessing." by Ed Harris who played Gene Kranz the "vested" flight director.

    · 3 min read

    podman logo

    Podman API v1.0 Deprecation and Removal Notice

    By Tom Sweeney GitHub

    The Podman API v1.0 relied on the varlink library to handle the underlying client/server calls from the Podman client to the host where the Podman service was running. About one year ago, the Podman team was notified that the focus on the varlink library was being greatly reduced and there would be no further development and little support for it from the varlink library team. This led the Podman team to investigate the use of other client/server technologies and it was decided to develop a RESTful API for Podman using the native Go libraries.

    - + \ No newline at end of file diff --git a/blogs/tags/rest-api/page/2.html b/blogs/tags/rest-api/page/2.html index c6994dde0..99af341e1 100644 --- a/blogs/tags/rest-api/page/2.html +++ b/blogs/tags/rest-api/page/2.html @@ -12,14 +12,14 @@ - +

    22 posts tagged with "rest-api"

    View All Tags

    · 2 min read

    podman logo

    Podman REST API and Docker compatibility

    By Matthew Heon GitHub

    Versioning the REST API

    Podman v2.0.0 launched recently, and with it the REST API. We’ve seen a great deal of excitement with this new API because of what it will enable - enabling applications and automation to use Podman when the could previously only use Docker. As you may know, Podman’s REST API is split into two halves: one providing a Docker-compatible API, and a Libpod API providing support for Podman’s unique features such as pods. We would love for all projects to eventually grow to support for our native Libpod API, but this will take time (and may be impossible for older, no longer maintained projects). As such, we need to talk about the Compatibility API and how it can be used.

    · One min read

    The local Podman v2 client is complete. It is passing all of its rootful and rootless system and integration tests.

    The CI/CID tests have been re-enabled upstream and are run with each pull request submission. We are now hard at work finishing up some of the core podman-remote functions. Once those functions are complete, we can then begin to run our podman-remote system and integration tests to catch any regressions.

    More details in the announcement post.

    · 2 min read

    podman logo

    Update on Podman v2

    By Brent Baude GitHub

    A few weeks ago, we made an announcement about the development of Podman V2. In the announcement, we mentioned that the state of upstream code would be jumbled for a while and that we would be temporarily disabling many of our CI/CD tests. The upstream development team has been hard at work, and we are starting to see that work pay off.

    Today, we are very excited to announce:

    The local Podman v2 client is complete. It is passing all of its rootful and rootless system and integration tests.

    The CI/CID tests have been re-enabled upstream and are run with each pull request submission. We are now hard at work finishing up some of the core podman-remote functions. Once those functions are complete, we can then begin to run our podman-remote system and integration tests to catch any regressions.

    We have re-enabled the autobuilds for Podman v2 in Fedora rawhide. As mentioned earlier, the Podman remote client is not complete, so that binary is temporarily being removed from the RPM. It will be re-added when the remote client is complete. As a corollary, the Windows and OS/X clients are also not being compiled or tested. This will occur once the remote client for Linux is complete.

    We encourage you to pull the latest upstream Podman code and exercise it with your use cases to help us protect against regressions from Podman v1. We hope to make a full Podman v2.0 release in several weeks, once we are confident it is stable. We look forward to hearing what you think, and please do not hesitate to raise issues and comments on this in our GitHub repository, our Freenode IRC channel #podman, or to the Podman mailing list.

    We’re very excited to bring Podman v2.0 to you as it offers a lot more flexibility through it’s new REST API interface and adds several enhancements to the existing commands. If your project builds on top of Podman, we would especially love to have you test this new version out so we can ensure complete compatibility with Podman v1.0 and address any issues found ASAP.

    Note: This announcement was first released to the Podman mailing list. If you are not yet a member of that community, please join us by sending an email to podman-join@lists.podman.io with the word “subscribe” as the title.

    - + \ No newline at end of file diff --git a/blogs/tags/rest-api/page/3.html b/blogs/tags/rest-api/page/3.html index b3468886b..84a3a9f8a 100644 --- a/blogs/tags/rest-api/page/3.html +++ b/blogs/tags/rest-api/page/3.html @@ -12,7 +12,7 @@ - + @@ -42,7 +42,7 @@ advancements that Podman v2.x will give our users. Subsequent blog posts will be written on those advancements and why they matter to our users.

    - + \ No newline at end of file diff --git a/blogs/tags/rest.html b/blogs/tags/rest.html index 93761b67f..18f89f398 100644 --- a/blogs/tags/rest.html +++ b/blogs/tags/rest.html @@ -12,13 +12,13 @@ - +

    22 posts tagged with "rest"

    View All Tags

    · One min read

    podman logo

    Exploring Podman RESTful API using Python and Bash

    By Jhon Honce GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, Exploring Podman RESTful API using Python and Bash, Jhon Honce nicely demonstrates the new Podman REST API using code examples in Python and shell commands. Additional notes are included in the code comments. The provided code was written to be clear vs. production quality.

    · One min read

    Ashley Cui recently joined our team at Red Hat and just wrote her first ever blog post that is now on the Red Hat Enable Sysadmin site Tick-tock. Does your container know what time it is?. In this timely post, Ashley walks you through setting the timezone within a container using the --tz option. Just prior to this posting, I had answered a very similar question for someone. This is a really good and quick blog, and I'm sure the first of many for Ashley.

    · One min read

    Do you want to know more about Rootless containers, process separation, and OpenSCAP? If you're like many, a video is a better learning device than a blog post. Well you're in luck, Brian Smith just landed a blog post on the Red Hat Enable Sysadmin site Container video series: Rootless containers, process separation, and OpenSCAP with a number of blog posts on the subject, many featuring Podman.

    - + \ No newline at end of file diff --git a/blogs/tags/rest/page/2.html b/blogs/tags/rest/page/2.html index ac5f041e1..fc764d34b 100644 --- a/blogs/tags/rest/page/2.html +++ b/blogs/tags/rest/page/2.html @@ -12,7 +12,7 @@ - + @@ -22,7 +22,7 @@ the upstream commands may become unstable for a period of time until the final release is completed. More details in the announcement post.

    - + \ No newline at end of file diff --git a/blogs/tags/rest/page/3.html b/blogs/tags/rest/page/3.html index ce7622c5c..0903f1043 100644 --- a/blogs/tags/rest/page/3.html +++ b/blogs/tags/rest/page/3.html @@ -12,7 +12,7 @@ - + @@ -39,7 +39,7 @@ advancements that Podman v2.x will give our users. Subsequent blog posts will be written on those advancements and why they matter to our users.

    · 3 min read

    podman logo

    By Brent Baude GitHub

    If you follow the traffic on IRC (#podman on libera.chat) or GitHub from the developers of libpod, you might have seen us referencing a new API. We often referred to it as apiv2 and for about a month, there has been an 'apiv2' branch for libpod on GitHub. This week, we have begun to merge that branch but have yet to “wire it up.”

    First and foremost, the Golang libpod API remains largely unchanged. What is changing is the API we expose for automation and remote usage. Our previous API was based on the varlink protocol. But we heard from users that varlink was a hurdle for libpod adoption especially for those who were using the Docker API and its bindings. They simply could not or did not want to rewrite their custom applications for libpod’s new, varlink-based API.

    - + \ No newline at end of file diff --git a/blogs/tags/restful.html b/blogs/tags/restful.html index 9b9ddc02b..8ae80d452 100644 --- a/blogs/tags/restful.html +++ b/blogs/tags/restful.html @@ -12,13 +12,13 @@ - +

    2 posts tagged with "restful"

    View All Tags

    · One min read

    podman logo

    Exploring Podman RESTful API using Python and Bash

    By Jhon Honce GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, Exploring Podman RESTful API using Python and Bash, Jhon Honce nicely demonstrates the new Podman REST API using code examples in Python and shell commands. Additional notes are included in the code comments. The provided code was written to be clear vs. production quality.

    - + \ No newline at end of file diff --git a/blogs/tags/rootless.html b/blogs/tags/rootless.html index a32b29714..fb3b35cda 100644 --- a/blogs/tags/rootless.html +++ b/blogs/tags/rootless.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    10 posts tagged with "rootless"

    View All Tags

    · 10 min read

    podman logo

    Bioinformatics with rootless podman

    By Valentin Rothberg GitHub

    Over the last 10 years I've seen machines and workflows evolve where I work. From the initial dedicated server, to hpc environments and now the latest instance, containers.

    From an admin point of view this is great - The initial servers had to be carefully built and maintained so that everything would work nicely together. Incompatible programs at that time were run through a VM until such time as they could be folded in to the mix.

    The HPC's had versioned software and environment modules and were built to load the relevant dependencies at run time.

    Now we are into a new era, containers - and not just any old containers, but containers that end users can build and run up fairly quickly to perform what-if's, and move on quickly through iterations until they perform the required functions.

    Podman has developed very rapidly and is incredibly easy to use. You can use it in conjunction with quay.io or run it on a local machine.

    I should add that Adrian Reber gave a talk and has also created a Podman article using openhpc; well worth a watch and a read.

    If you don't have a RedHat Developer Subscription now is an ideal time to get one:

    https://developers.redhat.com/articles/getting-red-hat-developer-subscription-what-rhel-users-need-know/

    ..and download RedHat Enterprise 8.1

    · 8 min read

    podman logo

    First Look: Rootless Containers and cgroup v2 on Fedora 31

    By Tom Sweeney GitHub

    I often times stay up too late at night watching late night television and run into these crazy commercials that tell you how easy their product is to use. If you’ve stayed up too, you know them as well. Just put your chicken and veggies in our oven, press 3 buttons and 45 minutes later a perfectly cooked meal! Easy! Got a leak? Slap on this tape and no more leak! Easy! Got a messy floor, just use this sweeper and you’ve the cleanest floor in the neighborhood! Easy!

    Podman runs secure rootless containers and it really is easy! Trust me, I’m not like those other folks! As we’ve had a number of people asking us about what’s needed to set Podman rootless containers up, I decided to run through the process myself and to blog about the steps I took.

    - + \ No newline at end of file diff --git a/blogs/tags/ruby.html b/blogs/tags/ruby.html index 90ee8c39b..59a64bf90 100644 --- a/blogs/tags/ruby.html +++ b/blogs/tags/ruby.html @@ -12,7 +12,7 @@ - + @@ -21,7 +21,7 @@ of developer's productivity? Read about how one company did it for Ruby on Rails application in new article on mkdev.me blog: Dockerless, part 3: Moving development environment to containers with Podman.

    - + \ No newline at end of file diff --git a/blogs/tags/runner.html b/blogs/tags/runner.html index 2163c67c0..028e24d27 100644 --- a/blogs/tags/runner.html +++ b/blogs/tags/runner.html @@ -12,13 +12,13 @@ - +

    2 posts tagged with "Runner"

    View All Tags

    · One min read

    podman logo

    The history of an API: GitLab Runner and Podman

    By Tom Sweeney GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, The history of an API: GitLab Runner and Podman, Pablo Greco from the CentOS QA team in Buenos Aires, Argentia documented his journey through a Podman and GitLab Runner integration. When Podman v2.2 arrives, GitLab Runner will be able to run with Podman right out of the box. Give the article a read to see how he got there.

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, The history of an API: GitLab Runner and Podman, Pablo Greco from the CentOS QA team in Buenos Aires, Argentia documented his journey through a Podman and GitLab Runner integration. When Podman v2.2 arrives, GitLab Runner will be able to run with Podman right out of the box. Give the article a read to see how he got there.

    - + \ No newline at end of file diff --git a/blogs/tags/runtime.html b/blogs/tags/runtime.html index 6bfd5b888..f007ccc34 100644 --- a/blogs/tags/runtime.html +++ b/blogs/tags/runtime.html @@ -12,13 +12,13 @@ - +

    13 posts tagged with "runtime"

    View All Tags

    · One min read

    podman logo

    Pulling podman images from a container repository

    By Tom Sweeney GitHub

    Tom Sweeney has another blog post on the Red Hat Enable Sysadmin site this time he's writing about Pulling podman images from a container repository. Learn the different varieties of pull that the podman build command can use to speed up or further secure your environment in this post.

    · One min read

    podman logo

    What happens behind the scenes of a rootless Podman container?

    By Dan Walsh GitHub

    Dan Walsh along with Matt Heon have a blog post on the Red Hat Enable Sysadmin site, What happens behind the scenes of a rootless Podman container?. If you ever wanted to know what happens under the covers of a rootless container, this is the article for you!

    · One min read

    podman logo

    Running containers with Podman and shareable systemd services

    By Bryan Hepworth GitHub

    Podman version 1.7 is coming out soon and will include new features that will make management of containers with systemd services even easier. Valentin Rothberg has a blog post on the Red Hat Enable Sysadmin site that previews the features: Running containers with Podman and shareable systemd services. In the post Valentin goes over the highlights and then gives a great working example.

    · One min read

    podman logo

    Leasing routable IP addresses with Podman containers

    By Brent Baude GitHub

    Brent Baude has another blog post on the Red Hat Enable Sysadmin site this time about Leasing routable IP addresses with Podman containers. In the post Brent talks about using the macvlan and the dhcp plugins that ship with the container-networking project in order to lease ip addresses for your containers.

    - + \ No newline at end of file diff --git a/blogs/tags/runtime/page/2.html b/blogs/tags/runtime/page/2.html index 1e0cc3b45..4daba74b4 100644 --- a/blogs/tags/runtime/page/2.html +++ b/blogs/tags/runtime/page/2.html @@ -12,13 +12,13 @@ - +

    13 posts tagged with "runtime"

    View All Tags

    · One min read

    podman logo

    Building freely distributed containers with open tools

    By Tom Sweeney GitHub

    Scott McCarty (@fatherlinux) has an amazing video on YouTube about Building freely distributed containers with open tools. As only Scott could say "Although explaining how to ride a Tron-style light cycle is beyond the scope of this tutorial, we will discuss something almost as exhilarating—building containers with #Podman and #RedHat Universal Base Image (UBI). We will cover how to build and run #containers based on #UBI using just your regular user account—no daemon, no root (rootless), no fuss. Finally, we will order the deresolution of all of our containers with a really cool command. You probably won’t be promoted to CEO of ENCOM after this talk, but you will have new tools in your toolbelt for how to find, run, build, and share container images."

    · One min read

    podman logo

    Basic security principles for containers and container runtimes

    By Brent Baude GitHub

    Brent Baude has another blog post on the Red Hat Enable Sysadmin site this time about Basic security principles for containers and container runtimes. In the post Brent talks about the three core security themes concerning containers and why user privileges matter in the space.

    - + \ No newline at end of file diff --git a/blogs/tags/rust.html b/blogs/tags/rust.html index 1ff4e7ef8..423e9d049 100644 --- a/blogs/tags/rust.html +++ b/blogs/tags/rust.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    One post tagged with "rust"

    View All Tags

    · 8 min read

    podman logo

    Programmatic remote access to Podman via the varlink protocol

    By Harald Hoyer GitHub

    This guide shows how to access Podman remotely via the varlink interface with CLI tools and programmatically with python, go and rust.

    This should work on Linux, MacOS and Windows 10.

    The compatibility matrix shows which feature is supported on which OS in which language.

    Note: replace <podman-machine> in this guide with the IP or hostname of your Podman machine

    - + \ No newline at end of file diff --git a/blogs/tags/seccomp.html b/blogs/tags/seccomp.html index 2c501e72a..002e90933 100644 --- a/blogs/tags/seccomp.html +++ b/blogs/tags/seccomp.html @@ -12,13 +12,13 @@ - +

    One post tagged with "seccomp"

    View All Tags

    · 11 min read

    podman logo

    Generate SECCOMP Profiles for Containers Using Podman and eBPF

    By Valentin Rothberg GitHub

    Containers run everywhere. They run in the cloud, they run on IoT devices, they run in small and in big companies and wherever they run, we want them to run as securely as possible. In this article, I describe the Google Summer of Code project that Divyansh Kamboj, Dan Walsh and I have been working on and how we improved the state of the art in securing containers, and how you can try it out.

    - + \ No newline at end of file diff --git a/blogs/tags/security.html b/blogs/tags/security.html index a9d633370..47cdb9e3a 100644 --- a/blogs/tags/security.html +++ b/blogs/tags/security.html @@ -12,13 +12,13 @@ - +

    5 posts tagged with "security"

    View All Tags

    · One min read

    podman logo

    Podman Security Issue

    Today, we're releasing updates to fix CVE-2020-14370, a security issue in Podman. This is a medium-severity information disclosure vulnerability that affects containers created using Podman’s Varlink API or the Docker-compatible version of its REST API. If two or more containers are created using these APIs, and the first container had environment variables added to it when it was created, all subsequent containers created using the Varlink or Docker-compatible REST APIs will also have these environment variables added. This effect does not persist after restarting the Podman API service.

    Podman v2.0.5 and higher contain a fix for the CVE. If you use either of these APIs, please update to Podman v2.0.5 or later. We will also be patching the long-term support v1.6.4 release used in RHEL and CentOS.

    · One min read

    podman logo

    Building freely distributed containers with open tools

    By Tom Sweeney GitHub

    Scott McCarty (@fatherlinux) has an amazing video on YouTube about Building freely distributed containers with open tools. As only Scott could say "Although explaining how to ride a Tron-style light cycle is beyond the scope of this tutorial, we will discuss something almost as exhilarating—building containers with #Podman and #RedHat Universal Base Image (UBI). We will cover how to build and run #containers based on #UBI using just your regular user account—no daemon, no root (rootless), no fuss. Finally, we will order the deresolution of all of our containers with a really cool command. You probably won’t be promoted to CEO of ENCOM after this talk, but you will have new tools in your toolbelt for how to find, run, build, and share container images."

    · One min read

    podman logo

    Basic security principles for containers and container runtimes

    By Brent Baude GitHub

    Brent Baude has another blog post on the Red Hat Enable Sysadmin site this time about Basic security principles for containers and container runtimes. In the post Brent talks about the three core security themes concerning containers and why user privileges matter in the space.

    · 11 min read

    podman logo

    Generate SECCOMP Profiles for Containers Using Podman and eBPF

    By Valentin Rothberg GitHub

    Containers run everywhere. They run in the cloud, they run on IoT devices, they run in small and in big companies and wherever they run, we want them to run as securely as possible. In this article, I describe the Google Summer of Code project that Divyansh Kamboj, Dan Walsh and I have been working on and how we improved the state of the art in securing containers, and how you can try it out.

    - + \ No newline at end of file diff --git a/blogs/tags/signing.html b/blogs/tags/signing.html index 78693a3d1..4e49599bf 100644 --- a/blogs/tags/signing.html +++ b/blogs/tags/signing.html @@ -12,7 +12,7 @@ - + @@ -22,7 +22,7 @@ Signing container images is nothing magical and can drastically enhance security to mitigate man-in-the-middle (MITM) attacks. Read all about it here.

    - + \ No newline at end of file diff --git a/blogs/tags/skopeo.html b/blogs/tags/skopeo.html index 85be9d389..0153c12a9 100644 --- a/blogs/tags/skopeo.html +++ b/blogs/tags/skopeo.html @@ -12,7 +12,7 @@ - + @@ -36,7 +36,7 @@ to produce an image that supports multiple architectures under a single "name". Working with container image manifest lists post!

    - + \ No newline at end of file diff --git a/blogs/tags/sudo.html b/blogs/tags/sudo.html index 33c1ee1b4..a41ebd480 100644 --- a/blogs/tags/sudo.html +++ b/blogs/tags/sudo.html @@ -12,13 +12,13 @@ - +

    8 posts tagged with "sudo"

    View All Tags
    - + \ No newline at end of file diff --git a/blogs/tags/syscall.html b/blogs/tags/syscall.html index 8de7a2f3f..6b4f69598 100644 --- a/blogs/tags/syscall.html +++ b/blogs/tags/syscall.html @@ -12,13 +12,13 @@ - +

    One post tagged with "syscall"

    View All Tags

    · 11 min read

    podman logo

    Generate SECCOMP Profiles for Containers Using Podman and eBPF

    By Valentin Rothberg GitHub

    Containers run everywhere. They run in the cloud, they run on IoT devices, they run in small and in big companies and wherever they run, we want them to run as securely as possible. In this article, I describe the Google Summer of Code project that Divyansh Kamboj, Dan Walsh and I have been working on and how we improved the state of the art in securing containers, and how you can try it out.

    - + \ No newline at end of file diff --git a/blogs/tags/systemd.html b/blogs/tags/systemd.html index 3fcafe60c..682cac3ff 100644 --- a/blogs/tags/systemd.html +++ b/blogs/tags/systemd.html @@ -12,7 +12,7 @@ - + @@ -22,7 +22,7 @@ In fact, this job can be done by external tools and this blog post describes how we can use the systemd initialization service to work with Podman containers.

    - + \ No newline at end of file diff --git a/blogs/tags/tent.html b/blogs/tags/tent.html index 306a5c680..993de7ee0 100644 --- a/blogs/tags/tent.html +++ b/blogs/tags/tent.html @@ -12,13 +12,13 @@ - +

    2 posts tagged with "tent"

    View All Tags

    · 5 min read

    podman logo

    Easy Development Dependency Management With Podman and Tent

    By Farhan Hasin Chowdhury GitHub

    Installing and managing development dependencies for various project is a chore and one thing that can improve your everyday workflow is the usage of containers.

    Tent is a CLI tool for running development dependencies such as MySQL, Mongo, ElasticSearch etc inside pre-configured containers using simple one-liners.

    · One min read

    Tent is an open-source CLI tool for running development dependencies such as MySQL, Mongo, ElasticSearch etc inside pre-configured containers using simple one-liners. Developed using Go and the official golang bindings, tent is fast, reliable and secure. Checkout Easy Development Dependency Management With Podman and Tent to learn about the project.

    - + \ No newline at end of file diff --git a/blogs/tags/test.html b/blogs/tags/test.html index 586de284a..3badc60c3 100644 --- a/blogs/tags/test.html +++ b/blogs/tags/test.html @@ -12,7 +12,7 @@ - + @@ -23,7 +23,7 @@ is so big, most readers would end up on the floor, sound asleep, in a puddle of their own drool.  Instead, I will keep your fidget-spinner twirling, by jumping around several topics.

    - + \ No newline at end of file diff --git a/blogs/tags/tracing.html b/blogs/tags/tracing.html index 6efdaae21..f49a155b9 100644 --- a/blogs/tags/tracing.html +++ b/blogs/tags/tracing.html @@ -12,13 +12,13 @@ - +

    One post tagged with "tracing"

    View All Tags

    · 11 min read

    podman logo

    Generate SECCOMP Profiles for Containers Using Podman and eBPF

    By Valentin Rothberg GitHub

    Containers run everywhere. They run in the cloud, they run on IoT devices, they run in small and in big companies and wherever they run, we want them to run as securely as possible. In this article, I describe the Google Summer of Code project that Divyansh Kamboj, Dan Walsh and I have been working on and how we improved the state of the art in securing containers, and how you can try it out.

    - + \ No newline at end of file diff --git a/blogs/tags/ubuntu.html b/blogs/tags/ubuntu.html index 0ea1e30fc..70f0d307d 100644 --- a/blogs/tags/ubuntu.html +++ b/blogs/tags/ubuntu.html @@ -12,7 +12,7 @@ - + @@ -29,7 +29,7 @@ have made it easier for new users to test the latest-greatest versions of Podman and allow for using it on distributions that do not yet provide it in their main repositories.

    - + \ No newline at end of file diff --git a/blogs/tags/v-2.html b/blogs/tags/v-2.html index cc15aa39b..a89c3d4d8 100644 --- a/blogs/tags/v-2.html +++ b/blogs/tags/v-2.html @@ -12,7 +12,7 @@ - + @@ -30,7 +30,7 @@ Checkout the Podman Posts of Interest for the links!

    - + \ No newline at end of file diff --git a/blogs/tags/v-2/page/10.html b/blogs/tags/v-2/page/10.html index 220908df2..3fcc29716 100644 --- a/blogs/tags/v-2/page/10.html +++ b/blogs/tags/v-2/page/10.html @@ -12,7 +12,7 @@ - + @@ -43,7 +43,7 @@ advancements that Podman v2.x will give our users. Subsequent blog posts will be written on those advancements and why they matter to our users.

    - + \ No newline at end of file diff --git a/blogs/tags/v-2/page/2.html b/blogs/tags/v-2/page/2.html index 1a12fe7c0..b63adef3b 100644 --- a/blogs/tags/v-2/page/2.html +++ b/blogs/tags/v-2/page/2.html @@ -12,7 +12,7 @@ - + @@ -21,7 +21,7 @@ on Apple silicon hardware like the M1s.

    · 3 min read

    podman logo

    Podman on Macs Update

    By Brent Baude GitHub

    The Podman team values the local development experience, and we think containers are a crucial part of that. We’ve been brainstorming, discussing, and testing solutions to bring a great Podman experience to Mac and Windows. We are constantly looking for ways to improve it. In particular, the latest release of Podman has support for Intel(as of Podman v3.4) Macs. We have been hearing good feedback for a few weeks now, but up until this point, we haven’t published a lot of documentation.

    - + \ No newline at end of file diff --git a/blogs/tags/v-2/page/3.html b/blogs/tags/v-2/page/3.html index 26920ee89..b3209b182 100644 --- a/blogs/tags/v-2/page/3.html +++ b/blogs/tags/v-2/page/3.html @@ -12,7 +12,7 @@ - + @@ -30,7 +30,7 @@ May the Fourth be with you via Podman post, I delve into running an Ascii movie featureing the first Star Wars Movie inside of a container run by Podman.

    Enjoy and May the Fourth be with you!

    - + \ No newline at end of file diff --git a/blogs/tags/v-2/page/4.html b/blogs/tags/v-2/page/4.html index 98f074a51..801023d2a 100644 --- a/blogs/tags/v-2/page/4.html +++ b/blogs/tags/v-2/page/4.html @@ -12,7 +12,7 @@ - + @@ -26,7 +26,7 @@ to the posts. Checkout the Podman Posts of Interest for the links!

    · One min read

    podman logo

    Podman: Managing pods and containers in a local container runtime

    By Brent Baude GitHub

    Podman has the ability to handle pod deployment which is a differentiator from other container runtimes. Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Podman: Managing pods and containers in a local container runtime. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    · One min read

    Podman has the ability to handle pod deployment which is a differentiator from other container runtimes. Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Podman: Managing pods and containers in a local container runtime. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    · One min read

    One of the questions that the Podman development team has been hearing a lot over the past year or so is "Does Podman support Docker Compose? Up until recently, the answer was "not yet". With the soon to be released Podman v3.0, that answer changes to "NOW!" Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Using Podman and Docker Compose. This functionality is now available in the upstream version of Podman if you want to take a real sneak peak.

    · One min read

    podman logo

    Using Podman and Docker Compose

    By Brent Baude GitHub

    One of the questions that the Podman development team has been hearing a lot over the past year or so is "Does Podman support Docker Compose? Up until recently, the answer was "not yet". With the soon to be released Podman v3.0, that answer changes to "NOW!" Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Using Podman and Docker Compose. This functionality is now available in the upstream version of Podman if you want to take a real sneak peak.

    - + \ No newline at end of file diff --git a/blogs/tags/v-2/page/5.html b/blogs/tags/v-2/page/5.html index c640f9396..e7a8171b7 100644 --- a/blogs/tags/v-2/page/5.html +++ b/blogs/tags/v-2/page/5.html @@ -12,7 +12,7 @@ - + @@ -36,7 +36,7 @@ to the posts. Checkout the Podman Posts of Interest for the links!

    - + \ No newline at end of file diff --git a/blogs/tags/v-2/page/6.html b/blogs/tags/v-2/page/6.html index 5e74cad3e..2282b6225 100644 --- a/blogs/tags/v-2/page/6.html +++ b/blogs/tags/v-2/page/6.html @@ -12,7 +12,7 @@ - + @@ -25,7 +25,7 @@ October 6 at 11:00 a.m. Eastern. It will be a video conference using BlueJeans and all of the details are on this post.

    · One min read

    podman logo

    DevConf US 2020 Containers Technologies Talk

    By Tom Sweeney GitHub

    In case you missed Kedar Kulkarni's excellent talk at DevConf.US 2020, "Docker, Podman, Buildah, Skopeo, and what else?", check out the video on YouTube. There were also a number of other interesting talks at DevConf.US 2020 that you might be interested in, you'll be able to find links to the talks at the DevConf.US site above.

    · One min read

    By Tom Sweeney GitHub

    In case you missed Kedar Kulkarni's excellent talk at DevConf.US 2020, "Docker, Podman, Buildah, Skopeo, and what else?", check out the video on YouTube. There were also a number of other interesting talks at DevConf.US 2020 that you might be interested in, you'll be able to find links to the talks at the DevConf.US site above.

    · One min read

    podman logo

    Podman Posts of Interest

    By Brent Baude GitHub

    - + \ No newline at end of file diff --git a/blogs/tags/v-2/page/7.html b/blogs/tags/v-2/page/7.html index 9d83b2b0a..d405e4534 100644 --- a/blogs/tags/v-2/page/7.html +++ b/blogs/tags/v-2/page/7.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    96 posts tagged with "v2"

    View All Tags

    · One min read

    I've run across a number of posts over the past few weeks concerning Podman and have been busy getting other work done. So now I have a few moments and thought I'd add some links to the posts. Enjoy!

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, Podman remote clients for macOS and Windows, Brent Baude and Ashley Cui walk you through setting up a remote client on either Windows or macOS to let you manage your containers and images on your Linux backend. The post covers installation, ssh setup, creating the initial connection and finally how to use the client. Give it a quick look!

    · One min read

    podman logo

    Podman remote clients for macOS and Windows

    By Brent Baude GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, Podman remote clients for macOS and Windows, Brent Baude and Ashley Cui walk you through setting up a remote client on either Windows or macOS to let you manage your containers and images on your Linux backend. The post covers installation, ssh setup, creating the initial connection and finally how to use the client. Give it a quick look!

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, The podman play kube command now supports deployments, you can now learn all about the recent features added to Podman to interact with Kubernetes objects. The podman generate kube command allows you to export your existing containers into Kubernetes Pod YAML. This YAML can then be imported into OpenShift or a Kubernetes cluster. The podman play kube does the opposite, it allows you to take a Kubernetes YAML and run it in Podman. Learn all of the details and more in the blog post!

    · One min read

    podman logo

    The podman play kube command now supports deployments

    By Matthew Heon GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, The podman play kube command now supports deployments, you can now learn all about the recent features added to Podman to interact with Kubernetes objects. The podman generate kube command allows you to export your existing containers into Kubernetes Pod YAML. This YAML can then be imported into OpenShift or a Kubernetes cluster. The podman play kube does the opposite, it allows you to take a Kubernetes YAML and run it in Podman. Learn all of the details and more in the blog post!

    · One min read

    podman logo

    Tick-tock. Does your container know what time it is?

    By Tom Sweeney GitHub

    Ashley Cui recently joined our team at Red Hat and just wrote her first ever blog post that is now on the Red Hat Enable Sysadmin site Tick-tock. Does your container know what time it is?. In this timely post, Ashley walks you through setting the timezone within a container using the --tz option. Just prior to this posting, I had answered a very similar question for someone. This is a really good and quick blog, and I'm sure the first of many for Ashley.

    · One min read

    Ashley Cui recently joined our team at Red Hat and just wrote her first ever blog post that is now on the Red Hat Enable Sysadmin site Tick-tock. Does your container know what time it is?. In this timely post, Ashley walks you through setting the timezone within a container using the --tz option. Just prior to this posting, I had answered a very similar question for someone. This is a really good and quick blog, and I'm sure the first of many for Ashley.

    · One min read

    Do you want to know more about Rootless containers, process separation, and OpenSCAP? If you're like many, a video is a better learning device than a blog post. Well you're in luck, Brian Smith just landed a blog post on the Red Hat Enable Sysadmin site Container video series: Rootless containers, process separation, and OpenSCAP with a number of blog posts on the subject, many featuring Podman.

    · One min read

    podman logo

    Container video series: Rootless containers, process separation, and OpenSCAP

    By Tom Sweeney GitHub

    Do you want to know more about Rootless containers, process separation, and OpenSCAP? If you're like many, a video is a better learning device than a blog post. Well you're in luck, Brian Smith just landed a blog post on the Red Hat Enable Sysadmin site Container video series: Rootless containers, process separation, and OpenSCAP with a number of blog posts on the subject, many featuring Podman.

    · 3 min read

    podman logo

    Podman Troubleshooting Guide

    By Tom Sweeney GitHub

    As a kid, I was fascinated by space flight. If I couldn't be a fireman like my father, I wanted to be an astronaut. Of course I had to have a Major Matt Mason figure so I could fly him around the house and then land him softly in a jury-rigged parachute in my wading pool. Then of course the whole Apollo 13 drama had me riveted, and when the movie came out years later, I fell in love with this line in the movie, "Let's work the problem people. Let's not make things worse by guessing." by Ed Harris who played Gene Kranz the "vested" flight director.

    - + \ No newline at end of file diff --git a/blogs/tags/v-2/page/8.html b/blogs/tags/v-2/page/8.html index 75e9a693b..9239c8739 100644 --- a/blogs/tags/v-2/page/8.html +++ b/blogs/tags/v-2/page/8.html @@ -12,7 +12,7 @@ - + @@ -28,7 +28,7 @@ using a set of Go based bindings is probably a more direct route to a production ready application. Let’s take a look at how easily that can be accomplished.

    · 3 min read

    podman logo

    Podman API v1.0 Deprecation and Removal Notice

    By Tom Sweeney GitHub

    The Podman API v1.0 relied on the varlink library to handle the underlying client/server calls from the Podman client to the host where the Podman service was running. About one year ago, the Podman team was notified that the focus on the varlink library was being greatly reduced and there would be no further development and little support for it from the varlink library team. This led the Podman team to investigate the use of other client/server technologies and it was decided to develop a RESTful API for Podman using the native Go libraries.

    - + \ No newline at end of file diff --git a/blogs/tags/v-2/page/9.html b/blogs/tags/v-2/page/9.html index 03a84ef40..e4eca9940 100644 --- a/blogs/tags/v-2/page/9.html +++ b/blogs/tags/v-2/page/9.html @@ -12,13 +12,13 @@ - +

    96 posts tagged with "v2"

    View All Tags

    · 2 min read

    podman logo

    Podman REST API and Docker compatibility

    By Matthew Heon GitHub

    Versioning the REST API

    Podman v2.0.0 launched recently, and with it the REST API. We’ve seen a great deal of excitement with this new API because of what it will enable - enabling applications and automation to use Podman when the could previously only use Docker. As you may know, Podman’s REST API is split into two halves: one providing a Docker-compatible API, and a Libpod API providing support for Podman’s unique features such as pods. We would love for all projects to eventually grow to support for our native Libpod API, but this will take time (and may be impossible for older, no longer maintained projects). As such, we need to talk about the Compatibility API and how it can be used.

    - + \ No newline at end of file diff --git a/blogs/tags/varlink.html b/blogs/tags/varlink.html index f332a4bb5..863e5e23f 100644 --- a/blogs/tags/varlink.html +++ b/blogs/tags/varlink.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    6 posts tagged with "varlink"

    View All Tags

    · 2 min read

    podman logo

    Podman API v1.0 and libpod.conf Removal Notice

    By Tom Sweeney GitHub

    On August 1, 2020, the Podman team posted a Podman API v1.0 Deprecation and Removal notice. As noted in that document, the Podman API v1.0 relied on the varlink library to handle the underlying client/server calls from the Podman client to the host where the Podman service was running. The support for the varlink library was greatly reduced in the spring of 2020. This led the Podman team to investigate the use of other client/server technologies and it was decided to develop a RESTful API for Podman using the native Go libraries.

    · 3 min read

    podman logo

    Podman Troubleshooting Guide

    By Tom Sweeney GitHub

    As a kid, I was fascinated by space flight. If I couldn't be a fireman like my father, I wanted to be an astronaut. Of course I had to have a Major Matt Mason figure so I could fly him around the house and then land him softly in a jury-rigged parachute in my wading pool. Then of course the whole Apollo 13 drama had me riveted, and when the movie came out years later, I fell in love with this line in the movie, "Let's work the problem people. Let's not make things worse by guessing." by Ed Harris who played Gene Kranz the "vested" flight director.

    · 3 min read

    podman logo

    Podman API v1.0 Deprecation and Removal Notice

    By Tom Sweeney GitHub

    The Podman API v1.0 relied on the varlink library to handle the underlying client/server calls from the Podman client to the host where the Podman service was running. About one year ago, the Podman team was notified that the focus on the varlink library was being greatly reduced and there would be no further development and little support for it from the varlink library team. This led the Podman team to investigate the use of other client/server technologies and it was decided to develop a RESTful API for Podman using the native Go libraries.

    · 8 min read

    podman logo

    Programmatic remote access to Podman via the varlink protocol

    By Harald Hoyer GitHub

    This guide shows how to access Podman remotely via the varlink interface with CLI tools and programmatically with python, go and rust.

    This should work on Linux, MacOS and Windows 10.

    The compatibility matrix shows which feature is supported on which OS in which language.

    Note: replace <podman-machine> in this guide with the IP or hostname of your Podman machine

    - + \ No newline at end of file diff --git a/blogs/tags/video.html b/blogs/tags/video.html index 96c19726e..634af7096 100644 --- a/blogs/tags/video.html +++ b/blogs/tags/video.html @@ -12,13 +12,13 @@ - +

    5 posts tagged with "video"

    View All Tags

    · One min read

    podman logo

    Podman 3 and Docker Compose - How Does the Dockerless Compose Work?

    By Kirill Shirinkin GitHub

    One of the main Podman 3 features is the support of Docker Compose. You can take any of your existing docker-compose.yml and just use it with Podman.

    In this video, Kirill Shirinkin shows how he moved from Docker to Podman in a real docker-composed application.

    Watch now.

    · One min read

    podman logo

    Dockerless: Build and Run Containers with Podman and systemd

    By Kirill Shirinkin GitHub

    In this video, Kirill Shirinkin will show how to use Podman to build container images and run Java applications in containers with systemd.

    We are going to learn why we should at least try alternatives to Docker, how container runtime landscape changed and how Podman is different and in certain ways better than Docker.

    Watch now.

    - + \ No newline at end of file diff --git a/blogs/tags/windows.html b/blogs/tags/windows.html index 95b48b6e1..65b5abc56 100644 --- a/blogs/tags/windows.html +++ b/blogs/tags/windows.html @@ -12,7 +12,7 @@ - + @@ -30,7 +30,7 @@ Checkout the Podman Posts of Interest for the links!

    - + \ No newline at end of file diff --git a/blogs/tags/windows/page/2.html b/blogs/tags/windows/page/2.html index b48b3da75..ad8535257 100644 --- a/blogs/tags/windows/page/2.html +++ b/blogs/tags/windows/page/2.html @@ -12,7 +12,7 @@ - + @@ -21,7 +21,7 @@ on Apple silicon hardware like the M1s.

    · 3 min read

    podman logo

    Podman on Macs Update

    By Brent Baude GitHub

    The Podman team values the local development experience, and we think containers are a crucial part of that. We’ve been brainstorming, discussing, and testing solutions to bring a great Podman experience to Mac and Windows. We are constantly looking for ways to improve it. In particular, the latest release of Podman has support for Intel(as of Podman v3.4) Macs. We have been hearing good feedback for a few weeks now, but up until this point, we haven’t published a lot of documentation.

    - + \ No newline at end of file diff --git a/blogs/tags/windows/page/3.html b/blogs/tags/windows/page/3.html index 48175ddb0..da2cde915 100644 --- a/blogs/tags/windows/page/3.html +++ b/blogs/tags/windows/page/3.html @@ -12,7 +12,7 @@ - + @@ -30,7 +30,7 @@ May the Fourth be with you via Podman post, I delve into running an Ascii movie featureing the first Star Wars Movie inside of a container run by Podman.

    Enjoy and May the Fourth be with you!

    - + \ No newline at end of file diff --git a/blogs/tags/windows/page/4.html b/blogs/tags/windows/page/4.html index 71533d2fa..bc4456a19 100644 --- a/blogs/tags/windows/page/4.html +++ b/blogs/tags/windows/page/4.html @@ -12,7 +12,7 @@ - + @@ -26,7 +26,7 @@ to the posts. Checkout the Podman Posts of Interest for the links!

    · One min read

    podman logo

    Podman: Managing pods and containers in a local container runtime

    By Brent Baude GitHub

    Podman has the ability to handle pod deployment which is a differentiator from other container runtimes. Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Podman: Managing pods and containers in a local container runtime. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    · One min read

    Podman has the ability to handle pod deployment which is a differentiator from other container runtimes. Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Podman: Managing pods and containers in a local container runtime. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    · One min read

    One of the questions that the Podman development team has been hearing a lot over the past year or so is "Does Podman support Docker Compose? Up until recently, the answer was "not yet". With the soon to be released Podman v3.0, that answer changes to "NOW!" Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Using Podman and Docker Compose. This functionality is now available in the upstream version of Podman if you want to take a real sneak peak.

    · One min read

    podman logo

    Using Podman and Docker Compose

    By Brent Baude GitHub

    One of the questions that the Podman development team has been hearing a lot over the past year or so is "Does Podman support Docker Compose? Up until recently, the answer was "not yet". With the soon to be released Podman v3.0, that answer changes to "NOW!" Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Using Podman and Docker Compose. This functionality is now available in the upstream version of Podman if you want to take a real sneak peak.

    - + \ No newline at end of file diff --git a/blogs/tags/windows/page/5.html b/blogs/tags/windows/page/5.html index 5cc6934ce..79107bc1c 100644 --- a/blogs/tags/windows/page/5.html +++ b/blogs/tags/windows/page/5.html @@ -12,7 +12,7 @@ - + @@ -36,7 +36,7 @@ to the posts. Checkout the Podman Posts of Interest for the links!

    · One min read

    podman logo

    Container image short names in Podman

    By Tom Sweeney GitHub

    Do you like you container names to be short, sweet and yet secure? Valentin Rothberg shows you how in a recent blog post on the Red Hat Enable Sysadmin site, Container image short names in Podman. This functionality is now available in the upstream version of Podman and is targeted for Podman v3.0.

    · One min read

    podman logo

    The history of an API: GitLab Runner and Podman

    By Tom Sweeney GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, The history of an API: GitLab Runner and Podman, Pablo Greco from the CentOS QA team in Buenos Aires, Argentia documented his journey through a Podman and GitLab Runner integration. When Podman v2.2 arrives, GitLab Runner will be able to run with Podman right out of the box. Give the article a read to see how he got there.

    - + \ No newline at end of file diff --git a/blogs/tags/windows/page/6.html b/blogs/tags/windows/page/6.html index a7ef5d6bf..314629cd0 100644 --- a/blogs/tags/windows/page/6.html +++ b/blogs/tags/windows/page/6.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    65 posts tagged with "windows"

    View All Tags

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, The history of an API: GitLab Runner and Podman, Pablo Greco from the CentOS QA team in Buenos Aires, Argentia documented his journey through a Podman and GitLab Runner integration. When Podman v2.2 arrives, GitLab Runner will be able to run with Podman right out of the box. Give the article a read to see how he got there.

    · One min read

    podman logo

    Exploring Podman RESTful API using Python and Bash

    By Jhon Honce GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, Exploring Podman RESTful API using Python and Bash, Jhon Honce nicely demonstrates the new Podman REST API using code examples in Python and shell commands. Additional notes are included in the code comments. The provided code was written to be clear vs. production quality.

    · One min read

    podman logo

    DevConf US 2020 Containers Technologies Talk

    By Tom Sweeney GitHub

    In case you missed Kedar Kulkarni's excellent talk at DevConf.US 2020, "Docker, Podman, Buildah, Skopeo, and what else?", check out the video on YouTube. There were also a number of other interesting talks at DevConf.US 2020 that you might be interested in, you'll be able to find links to the talks at the DevConf.US site above.

    · One min read

    By Tom Sweeney GitHub

    In case you missed Kedar Kulkarni's excellent talk at DevConf.US 2020, "Docker, Podman, Buildah, Skopeo, and what else?", check out the video on YouTube. There were also a number of other interesting talks at DevConf.US 2020 that you might be interested in, you'll be able to find links to the talks at the DevConf.US site above.

    · One min read

    podman logo

    Podman Posts of Interest

    By Brent Baude GitHub

    · One min read

    I've run across a number of posts over the past few weeks concerning Podman and have been busy getting other work done. So now I have a few moments and thought I'd add some links to the posts. Enjoy!

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, Podman remote clients for macOS and Windows, Brent Baude and Ashley Cui walk you through setting up a remote client on either Windows or macOS to let you manage your containers and images on your Linux backend. The post covers installation, ssh setup, creating the initial connection and finally how to use the client. Give it a quick look!

    · One min read

    podman logo

    Podman remote clients for macOS and Windows

    By Brent Baude GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, Podman remote clients for macOS and Windows, Brent Baude and Ashley Cui walk you through setting up a remote client on either Windows or macOS to let you manage your containers and images on your Linux backend. The post covers installation, ssh setup, creating the initial connection and finally how to use the client. Give it a quick look!

    · One min read

    podman logo

    Pulling podman images from a container repository

    By Tom Sweeney GitHub

    Tom Sweeney has another blog post on the Red Hat Enable Sysadmin site this time he's writing about Pulling podman images from a container repository. Learn the different varieties of pull that the podman build command can use to speed up or further secure your environment in this post.

    - + \ No newline at end of file diff --git a/blogs/tags/windows/page/7.html b/blogs/tags/windows/page/7.html index b14d71e55..790bb9cc1 100644 --- a/blogs/tags/windows/page/7.html +++ b/blogs/tags/windows/page/7.html @@ -12,13 +12,13 @@ - +

    65 posts tagged with "windows"

    View All Tags

    · One min read

    podman logo

    What happens behind the scenes of a rootless Podman container?

    By Dan Walsh GitHub

    Dan Walsh along with Matt Heon have a blog post on the Red Hat Enable Sysadmin site, What happens behind the scenes of a rootless Podman container?. If you ever wanted to know what happens under the covers of a rootless container, this is the article for you!

    - + \ No newline at end of file diff --git a/community.html b/community.html index b8022d669..83be9820f 100644 --- a/community.html +++ b/community.html @@ -12,13 +12,13 @@ - +
    -

    Community

    Podman Logo

    Chat with the Podman community

    The Podman developers are generally around during CEST and Eastern Time business hours, so please be patient if you’re in another time zone!

    Current Time

    17:24

    Central European Summer Time

    11:24

    Eastern Daylight Time

    Podman Community Meetings

    An image of podman team members in a virtual meeting

    Older meeting details

    Attendees: Ralph Bean, Sumantro Mukherjee, Chris Evich, Dan Walsh, Ashley Cui, Neil Smith, Paul Holzinger, Lokesh Mandvekar, Ashley Cui, and others not noted.

    Older meeting details

    Mailing List

    Browse the mailing list

    Simply visit [the Podman mailing list website](https://lists.podman.io/) to browse or search previous postings to the Podman mailing list.

    Subscribe or post to the mailing list

    A screenshot of the Podman mailing list home screen.

    Submitting Issues & Pull Requests

    Submitting Issues

    Don't include private / sensitive info in issues!

    • Feel free to add your scenario, or additional information, to the discussion.
    • Subscribe to the issue to be notified when it is updated.
    • Include as much detail as possible
    • Try to remove any extra stuff that doesn't really relate to the issue itself

    Submitting Pull Requets

    While bug fixes can first be identified via an "issue", that is not required. It's ok to just open up a PR with the fix, but make sure you include the same information you would have included in an issue - like how to reproduce it.

    PRs for new features should include some background on what use cases the new code is trying to address. When possible and when it makes sense, try to break-up larger PRs into smaller ones - it's easier to review smaller code changes. But only if those smaller ones make sense as stand-alone PRs. Regardless of the type of PR, all PRs should include:

    • Well-documented code changes.
    • Additional testcases. Ideally m they should fail w/o your code change applied.
    • Documentation changes.
    More PR Submission Details

    Special thanks to our contributors

    The Podman community has contributors from many different organizations, including:

    Red Hat LogoAmadeus LogoSuse LogoMotorola Solutions LogoNTT LogoIBM LogoDebian Logo
    - +

    Community

    Podman Logo

    Chat with the Podman community

    The Podman developers are generally around during CEST and Eastern Time business hours, so please be patient if you’re in another time zone!

    Current Time

    24:20

    Central European Summer Time

    18:20

    Eastern Daylight Time

    Podman Community Meetings

    An image of podman team members in a virtual meeting

    Older meeting details

    Attendees: Ralph Bean, Sumantro Mukherjee, Chris Evich, Dan Walsh, Ashley Cui, Neil Smith, Paul Holzinger, Lokesh Mandvekar, Ashley Cui, and others not noted.

    Older meeting details

    Mailing List

    Browse the mailing list

    Simply visit [the Podman mailing list website](https://lists.podman.io/) to browse or search previous postings to the Podman mailing list.

    Subscribe or post to the mailing list

    A screenshot of the Podman mailing list home screen.

    Submitting Issues & Pull Requests

    Submitting Issues

    Don't include private / sensitive info in issues!

    • Feel free to add your scenario, or additional information, to the discussion.
    • Subscribe to the issue to be notified when it is updated.
    • Include as much detail as possible
    • Try to remove any extra stuff that doesn't really relate to the issue itself

    Submitting Pull Requets

    While bug fixes can first be identified via an "issue", that is not required. It's ok to just open up a PR with the fix, but make sure you include the same information you would have included in an issue - like how to reproduce it.

    PRs for new features should include some background on what use cases the new code is trying to address. When possible and when it makes sense, try to break-up larger PRs into smaller ones - it's easier to review smaller code changes. But only if those smaller ones make sense as stand-alone PRs. Regardless of the type of PR, all PRs should include:

    • Well-documented code changes.
    • Additional testcases. Ideally m they should fail w/o your code change applied.
    • Documentation changes.
    More PR Submission Details

    Special thanks to our contributors

    The Podman community has contributors from many different organizations, including:

    Red Hat LogoAmadeus LogoSuse LogoMotorola Solutions LogoNTT LogoIBM LogoDebian Logo
    + \ No newline at end of file diff --git a/docs.html b/docs.html index 509b4584b..b862b8109 100644 --- a/docs.html +++ b/docs.html @@ -12,7 +12,7 @@ - + @@ -52,7 +52,7 @@ here.

    More information

    For more information on Podman and its subcommands, checkout the asciiart demos on the README.md page.

    - + \ No newline at end of file diff --git a/docs/checkpoint.html b/docs/checkpoint.html index 7250d0efd..ca9169405 100644 --- a/docs/checkpoint.html +++ b/docs/checkpoint.html @@ -12,7 +12,7 @@ - + @@ -32,7 +32,7 @@ transferring the checkpoint, it is possible to specify an output-file.

    On the source system:

    $ sudo podman container checkpoint <container_id> -e /tmp/checkpoint.tar.gz
    $ scp /tmp/checkpoint.tar.gz <destination_system>:/tmp

    On the destination system:

    $ sudo podman container restore -i /tmp/checkpoint.tar.gz

    After being restored, the container will answer requests again as it did before checkpointing. This time the container will continue to run on the destination system.

    $ curl http://<IP_address>:8080
    - + \ No newline at end of file diff --git a/docs/documentation.html b/docs/documentation.html index e571d4995..285c9828f 100644 --- a/docs/documentation.html +++ b/docs/documentation.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/docs/installation.html b/docs/installation.html index 4d6d1ab5b..df60b939e 100644 --- a/docs/installation.html +++ b/docs/installation.html @@ -12,7 +12,7 @@ - + @@ -33,7 +33,7 @@ directly from your Windows PowerShell (or CMD) prompt, where it remotely communicates with the podman service running in the WSL environment. Alternatively, you can access Podman directly from the WSL instance if you -prefer a Linux prompt and Linux tooling.

    See the Podman for Windows guide for setup and usage instructions.

    Installing on Linux

    Linux Distributions

    Arch Linux & Manjaro Linux

    sudo pacman -S podman

    If you have problems when running Podman in rootless mode follow the instructions here

    For more information on Podman on ArchLinux click here

    Alpine Linux

    sudo apk add podman

    For further details, please refer to the instructions on the Alpine Linux wiki.

    CentOS

    Podman is available in the default in the AppStream repo for CentOS Stream 9+.

    sudo dnf -y install podman

    Debian

    The podman package is available in the Debian 11 (Bullseye) repositories and later.

    sudo apt-get -y install podman

    Fedora

    sudo dnf -y install podman

    Fedora CoreOS, Fedora Silverblue

    Built-in, no need to install

    Gentoo

    sudo emerge app-containers/podman

    OpenEmbedded

    Bitbake recipes for Podman and its dependencies are available in the +prefer a Linux prompt and Linux tooling.

    See the Podman for Windows guide for setup and usage instructions.

    Installing on Linux

    Linux Distributions

    Arch Linux & Manjaro Linux

    sudo pacman -S podman

    If you have problems when running Podman in rootless mode follow the instructions here

    For more information on Podman on ArchLinux click here

    Alpine Linux

    sudo apk add podman

    For further details, please refer to the instructions on the Alpine Linux wiki.

    CentOS Stream

    Podman is available in the default in the AppStream repo for CentOS Stream 9+.

    sudo dnf -y install podman

    Debian

    The podman package is available in the Debian 11 (Bullseye) repositories and later.

    sudo apt-get -y install podman

    Fedora

    sudo dnf -y install podman

    Fedora CoreOS, Fedora Silverblue

    Built-in, no need to install

    Gentoo

    sudo emerge app-containers/podman

    OpenEmbedded

    Bitbake recipes for Podman and its dependencies are available in the meta-virtualization layer. Add the layer to your OpenEmbedded build environment and build Podman using:

    bitbake podman

    openSUSE

    sudo zypper install podman

    openSUSE Kubic

    Built-in, no need to install

    Raspberry Pi OS arm64 (beta)

    Raspberry Pi OS use the standard Debian repositories, so it is fully compatible with Debian's arm64 repository. @@ -61,7 +61,7 @@ also available to automate the installation of the above statically linked binary on its supported OS:

    sudo su -
    mkdir -p ~/.ansible/roles
    cd ~/.ansible/roles
    git clone https://github.com/alvistack/ansible-role-podman.git podman
    cd ~/.ansible/roles/podman
    pip3 install --upgrade --ignore-installed --requirement requirements.txt
    molecule converge
    molecule verify

    Configuration files

    registries.conf

    Man Page: registries.conf.5

    /etc/containers/registries.conf

    registries.conf is the configuration file which specifies which container registries should be consulted when completing image names which do not include a registry or domain portion.

    Example from the Fedora containers-common package

    $ cat /etc/containers/registries.conf
    # For more information on this configuration file, see containers-registries.conf(5).
    #
    # NOTE: RISK OF USING UNQUALIFIED IMAGE NAMES
    # We recommend always using fully qualified image names including the registry
    # server (full dns name), namespace, image name, and tag
    # (e.g., registry.redhat.io/ubi8/ubi:latest). Pulling by digest (i.e.,
    # quay.io/repository/name@digest) further eliminates the ambiguity of tags.
    # When using short names, there is always an inherent risk that the image being
    # pulled could be spoofed. For example, a user wants to pull an image named
    # `foobar` from a registry and expects it to come from myregistry.com. If
    # myregistry.com is not first in the search list, an attacker could place a
    # different `foobar` image at a registry earlier in the search list. The user
    # would accidentally pull and run the attacker's image and code rather than the
    # intended content. We recommend only adding registries which are completely
    # trusted (i.e., registries which don't allow unknown or anonymous users to
    # create accounts with arbitrary names). This will prevent an image from being
    # spoofed, squatted or otherwise made insecure. If it is necessary to use one
    # of these registries, it should be added at the end of the list.
    #
    # # An array of host[:port] registries to try when pulling an unqualified image, in order.
    unqualified-search-registries = ["registry.fedoraproject.org", "registry.access.redhat.com", "docker.io"]
    #
    # [[registry]]
    # # The "prefix" field is used to choose the relevant [[registry]] TOML table;
    # # (only) the TOML table with the longest match for the input image name
    # # (taking into account namespace/repo/tag/digest separators) is used.
    # #
    # # If the prefix field is missing, it defaults to be the same as the "location" field.
    # prefix = "example.com/foo"
    #
    # # If true, unencrypted HTTP as well as TLS connections with untrusted
    # # certificates are allowed.
    # insecure = false
    #
    # # If true, pulling images with matching names is forbidden.
    # blocked = false
    #
    # # The physical location of the "prefix"-rooted namespace.
    # #
    # # By default, this equal to "prefix" (in which case "prefix" can be omitted
    # # and the [[registry]] TOML table can only specify "location").
    # #
    # # Example: Given
    # # prefix = "example.com/foo"
    # # location = "internal-registry-for-example.net/bar"
    # # requests for the image example.com/foo/myimage:latest will actually work with the
    # # internal-registry-for-example.net/bar/myimage:latest image.
    # location = "internal-registry-for-example.com/bar"
    #
    # # (Possibly-partial) mirrors for the "prefix"-rooted namespace.
    # #
    # # The mirrors are attempted in the specified order; the first one that can be
    # # contacted and contains the image will be used (and if none of the mirrors contains the image,
    # # the primary location specified by the "registry.location" field, or using the unmodified
    # # user-specified reference, is tried last).
    # #
    # # Each TOML table in the "mirror" array can contain the following fields, with the same semantics
    # # as if specified in the [[registry]] TOML table directly:
    # # - location
    # # - insecure
    # [[registry.mirror]]
    # location = "example-mirror-0.local/mirror-for-foo"
    # [[registry.mirror]]
    # location = "example-mirror-1.local/mirrors/foo"
    # insecure = true
    # # Given the above, a pull of example.com/foo/image:latest will try:
    # # 1. example-mirror-0.local/mirror-for-foo/image:latest
    # # 2. example-mirror-1.local/mirrors/foo/image:latest
    # # 3. internal-registry-for-example.net/bar/image:latest
    # # in order, and use the first one that exists.
    #
    # short-name-mode="enforcing"

    [[registry]]
    location="localhost:5000"
    insecure=true

    mounts.conf

    /usr/share/containers/mounts.conf and optionally /etc/containers/mounts.conf

    The mounts.conf files specify volume mount directories that are automatically mounted inside containers when executing the podman run or podman build commands. Container process can then use this content. The volume mount content does not get committed to the final image.

    Usually these directories are used for passing secrets or credentials required by the package software to access remote package repositories.

    For example, a mounts.conf with the line "/usr/share/rhel/secrets:/run/secrets", the content of /usr/share/rhel/secrets directory is mounted on /run/secrets inside the container. This mountpoint allows Red Hat Enterprise Linux subscriptions from the host to be used within the container.

    Note this is not a volume mount. The content of the volumes is copied into container storage, not bind mounted directly from the host.

    Example from the Fedora containers-common package:

    cat /usr/share/containers/mounts.conf
    /usr/share/rhel/secrets:/run/secrets

    seccomp.json

    /usr/share/containers/seccomp.json

    seccomp.json contains the whitelist of seccomp rules to be allowed inside of containers. This file is usually provided by the containers-common package.

    The link above takes you to the seccomp.json

    policy.json

    /etc/containers/policy.json

    Man Page: policy.json.5

    Example from the Fedora containers-common package:

    cat /etc/containers/policy.json
    {
    "default": [
    {
    "type": "insecureAcceptAnything"
    }
    ],
    "transports":
    {
    "docker-daemon":
    {
    "": [{"type":"insecureAcceptAnything"}]
    }
    }
    }
    - + \ No newline at end of file diff --git a/features.html b/features.html index 813ba54fa..024cd75b2 100644 --- a/features.html +++ b/features.html @@ -12,13 +12,13 @@ - +

    Podman Features

    Podman Logo

    Getting to know Podman

    Quick dive into Podman

    A seal diving into the water

    Join Podman's Community

    A group of seals swimming.

    Need some help?

    A confused seal.

    Podman Desktop is Podman's graphical application that makes it easy to install and work with Podman (and other container engines) on Windows, MacOS, and Linux.

    Manage containers (not just Podman.)

    Podman Desktop allows you to list, view, and manage containers from multiple supported container engines* in a single unified view.

    Gain easy access to a shell inside the container, logs, and basic controls.

    * Supported engines and orchestrators include Podman, Docker, Lima, kind, Red Hat OpenShift, Red Hat OpenShift Developer Sandbox.

    Build, pull, and push images.

    Build containers from a Dockerfile / Containerfile, or pull images from remote repositories to run.

    Manage accounts for and push your images to multiple container registries.

    Podify containers into pods.

    Create pods by selecting containers to run together. View unified logs for your pods and inspect the containers inside each.

    Play Kubernetes YAML locally, without Kubernetes, and generate Kubernetes YAML from Pods.

    Deploy to Kubernetes.

    Deploy pods from Podman Desktop to local or remote Kubernetes contexts using automatically-generated YAML config.

    Podman Command-Line

    Podman's command-line interface allows you to find, run, build, and share containers.

    Find and pull down containers no matter where they are.

    • podman search
    • podman pull

    Find and pull down containers whether they are on dockerhub.io or quay.io, an internal registry server, or direct from a vendor.

    example of podman commands

    Want to learn more?

    Recent Podman Blog Posts

    Check out more posts about Podman on our Blog!

    Have fun coloring and learn about Podman!

    A decentralized team of open source container tool superheroes comes to the rescue when an asteroid storm threatens the planet. Learn about each tool—Podman, CRI-O, Buildah, Skopeo, and OpenShift—as they redesign the planet's protective shields' container deployment to protect Earth.

    Download
    A collection of pages from the Podman coloring book.
    - + \ No newline at end of file diff --git a/get-started.html b/get-started.html index 0e02e17f2..8888ec7f3 100644 --- a/get-started.html +++ b/get-started.html @@ -12,13 +12,13 @@ - +

    Get Started with Podman

    First Things First: Installing Podman

    For installing or building Podman, please see the installation instructions:

    Getting Help

    Help & manpages

    For more details, you can review the manpages:

    $ man podman 
    $ man podman subcommand

    To get some help and find out how Podman is working, you can use the help.

    $ podman --help # get a list of all commands 
    $ podman subcommand --help # get info on a command

    Please also reference the Podman Troubleshooting Guide to find known issues and tips on how to solve common configuration mistakes.

    Searching, pulling, and listing images

    $ podman search httpd 
    INDEX NAME DESCRIPTION STARS OFFICIAL AUTOMATED
    docker.io docker.io/library/httpd The Apache HTTP Server Project 3762 [OK]
    docker.io docker.io/centos/httpd-24-centos7 Platform for running Apache h... 40
    quay.io quay.io/centos7/httpd-24-centos-7 Platform for running Apache h... 0 [OK]
    docker.io docker.io/centos/httpd 34 [OK]
    redhat.com registry.access.redhat.com/ubi8/httpd 0
    quay.io quay.io/redhattraining/httpd-parent 0 [OK]



    $ podman search httpd --filter=is-official
    INDEX NAME DESCRIPTION STARS OFFICIAL AUTOMATED
    docker.io docker.io/library/httpd The Apache HTTP Server Project 3762 [OK]
    $ podman pull docker.io/library/httpd
    Trying to pull docker.io/library/httpd:latest...
    Getting image source signatures
    Copying blob ab86dc02235d done
    Copying blob ba1caf8ba86c done
    Copying blob eff15d958d66 done
    Copying blob 635a49ba2501 done
    Copying blob 600feb748d3c done
    Copying config d294bb32c2 done
    Writing manifest to image destination
    Storing signatures
    d294bb32c2073ecb5fb27e7802a1e5bec334af69cac361c27e6cb8546fdd14e7



    $ podman images
    REPOSITORY TAG IMAGE ID CREATED SIZE
    docker.io/library/httpd latest d294bb32c207 12 hours ago 148 MB

    Running a container & listing running containers

    This sample container will run a very basic httpd server that serves only its index page.

    Running a container

    $ podman run -dt -p 8080:80/tcp docker.io/library/httpd 
    Note:

    Because the container is being run in detached mode, represented by the -d in the podman run command, Podman will run the container in the background and print the container ID after it has executed the command. The -t also adds a pseudo-tty to run arbitrary commands in an interactive shell.

    Also, we use port forwarding to be able to access the HTTP server. For successful running at least slirp4netns v0.3.0 is needed.

    Listing running containers

    The podman ps command is used to list created and running containers.

    $ podman ps
    CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
    01c44968199f docker.io/library/httpd:latest httpd-foreground 1 minute ago Up 1 minute 0.0.0.0:8080->80/tcp laughing_bob
    Note:

    If you add -a to the podman ps command, Podman will show all containers (created, exited, running, etc.).

    Testing the httpd container

    As you are able to see, the container does not have an IP Address assigned. The container is reachable via its published port on your local machine.

    $ curl http://localhost:8080

    From another machine, you need to use the IP Address of the host, running the container.

    $ curl http://<IP_Address>:8080
    Note:

    Instead of using curl, you can also point a browser to http://localhost:8080.

    - + \ No newline at end of file diff --git a/getting-started/installation.html b/getting-started/installation.html index 3b58c72a4..283f8c152 100644 --- a/getting-started/installation.html +++ b/getting-started/installation.html @@ -12,13 +12,13 @@ - +
    - + \ No newline at end of file diff --git a/index.html b/index.html index c3c0d4926..28126544b 100644 --- a/index.html +++ b/index.html @@ -12,13 +12,13 @@ - +

    The best free & open source container tools

    Manage containers, pods, and images with Podman. Seamlessly work with containers and Kubernetes from your local environment.

    Latest stable Podman 5.2.3-Latest stable Podman Desktop 1.12.0-Apache License 2.0

    Supported Platforms

    • Fast and light.

    • Secure.

    • Open.

    • Compatible.

    Kubernetes Logo

    Kubernetes Ready

    A growing set of compatible tools

    Visual Studio code includes Podman support

    VS Code Logo

    Cirrus CLI allows you to reproducibly run containerized tasks with Podman

    Cirrus Logo

    GitHub Actions include support for Podman, as well as friends buildah and skopeo

    Github Logo

    Kind's ability to run local Kubernetes clusters via container nodes includes support for Podman

    Kind Logo

    What people are saying about Podman

    Ananth Iyer

    @mrananthiyer
    user avatar

    I am using @Podman_io for Magento 2 and it is super fast than other container tools. You must try it. #Podman #Magento #magento2

    Latest Podman News

    Have fun coloring and learn about Podman!

    A decentralized team of open source container tool superheroes comes to the rescue when an asteroid storm threatens the planet. Learn about each tool—Podman, CRI-O, Buildah, Skopeo, and OpenShift—as they redesign the planet's protective shields' container deployment to protect Earth.

    Download
    A collection of pages from the Podman coloring book.
    - + \ No newline at end of file diff --git a/release.html b/release.html index 177351c40..25c8b6da9 100644 --- a/release.html +++ b/release.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    · 3 min read

    podman logo

    Podman 4.3.0 is now available! There’s a lot to be excited about, including numerous new features, over 30 bug fixes, and many other improvements. A major focus of 4.3 has been on improving Docker compatibility, including the addition of many missing options and aliases to Podman’s command line to further our efforts to make transitioning to Podman a seamless change. Podman’s integration with Kubernetes has also seen many improvements, including improved integration with systemd and support for automatic updates. Read on for more details and these changes and more!

    The Podman team made improved compatibility with Docker a priority for Podman 4.3. We audited Podman’s commands against the Docker command line tool to identify missing and unsupported options and then set to work adding and fixing differences. As part of these, we added a dozen new options to various Podman commands, with many of these being missing aliases for existing options. A new set of commands, podman context, have been added for compatibility with docker context. These are also aliases (for podman system connection commands), and will usually be hidden as they are only required for scripts originally written to use Docker. We have also removed a known incompatibility with Docker in Podman’s volume handling. Docker compatibility remains a focus for Podman, and we will continue our efforts to make migrating to Podman effortless.

    Podman’s Kubernetes integration also saw numerous changes, the biggest of which is the creation of the podman kube command. Previously, Kubernetes YAML was generated with podman generate kube and ran with podman play kube, but users found this confusing - it wasn’t immediately obvious from podman help that the commands existed. By moving the commands to podman kube generate and podman kube play and introducing a new command to tear down pods (podman kube down), we consolidated all Kubernetes commands in one easy-to-find place. The podman generate kube, and podman play kube commands will continue to work, but the new podman kube commands will be preferred.

    Of course, we didn’t stop at just renaming commands. We’ve made a number of further additions to podman kube play, most notably improved systemd integration. In Podman 4.2, we added podman-kube@.service to allow pods created with podman kube play to be managed with systemd. With Podman 4.3, we’ve improved this in two significant ways. First, pods using podman-kube@.service can now use sdnotify to verify to systemd that they have started. This laid the groundwork for the following major change: Pods from podman-kube@.service now support Podman’s auto-updated mechanism, enabled using an annotation (io.containers.auto-update). Furthermore, we made several improvements to podman kube play, including support for emptyDir volumes, support for user namespaces via HostUsers, and support for binary data in ConfigMaps.

    These are just a few of the over 30 features and bug fixes included in Podman 4.3.0. Be sure to check out the release notes for more details!

    · 3 min read

    podman logo

    Podman v4.2.0 has been released!

    Podman 4.2.0, our latest release, is now available. Featuring dozens of new features, including support for the GitLab Runner, significant improvements to podman play kube, and pods in general. We’ve also been working on running Podman on Mac and Windows, with a number of major bug fixes and several new features for podman machine landing. We are also happy to announce an early release of Podman Desktop, a GUI tool for Podman. Read on for more details!

    Our new release now supports being used with the GitLab Runner as part of GitLab CI platforms, using the Docker executor. This has been the culmination of months of effort, and required squashing a number of bugs in our REST API. GitLab Runner has been a much-requested feature, and we’re eager to see what users do with it!

    As part of the 4.2.0 release, we have made many changes to both Podman pods and the podman play kube command. Pods now have early support for resource limits, allowing CPU and memory use for a pod to be limited. All containers in the pod will share this limit but can still set their own limits. Pods can also be cloned now via the new podman pod clone command. Support for YAML in play kube has also been improved, with additional support for security context settings and the ability to use BlockDevice and CharDevice volumes.

    systemd integration with podman play kube has been introduced. Pods launched by podman play kube can be managed by systemd, using the new podman-kube@.service service - e.g. systemctl --user start podman-play-kube@$(systemd-escape my.yaml).service will run the my.yaml file managed by systemd.

    Several other features and changes also landed in Podman v4.2.0. Early support for Sigstore signatures is now available in podman push and podman manifest push - expect more in this area in the future as we further integrate Sigstore and Podman. Podman networks can now be isolated (preventing traffic from being sent to other Podman-managed networks) with the --opt isolate= option to podman network create.

    These are just a few of the 40 new features and 50 bug fixes included in Podman 4.2.0. Be sure to check out the release notes for more details!

    Along with the release of Podman 4.2.0, a new version of Podman Desktop is available. If you are not yet aware of Podman Desktop, it’s a new project under the container organization to help developers work with containers in their local environment with a desktop UI. Podman Desktop is still in its early days. Still, it already provides capabilities to list your images, interact with containers (access logs, get a terminal), connect to registries (pull private images, push your images) and configure podman settings (proxies). An early adopter program has also been set up. Feel free to sign up if you are interested in testing Podman Desktop, providing feedback, and speaking about your ideas, experiences, and pain points! If you are interested in contributing to the tool, your help would also be appreciated. Feel free to investigate the project’s Github.

    · 3 min read

    podman logo

    Podman v4.1 has been released!

    The new Podman v4.1.0 release is now available. This release is all about new features, with some of the most exciting being improved support for running on Mac and Windows, and adding support for Docker Compose v2.0. These are just the beginning, though, as this release also includes the ability to clone containers, significant improvements to checkpointing, and over 25 bug fixes. Read on for more details!

    Podman’s support for running on Mac and Windows via podman machine has seen a number of major improvements, chief among them support for mounting the host machine’s home directory into the podman machine VMs by default. Also, on Windows, you can now refer to arbitrary Windows drive paths in your volume mount expressions. This allows containers run by Podman to use mounts from the host, an often-requested feature. Additionally, we’ve added a podman machine inspect command to inspect existing VMs, and support for modifying the CPU, memory, and disk limits of existing VMs using the podman machine set command. Support for non-Linux operating systems continues to be one of our main focuses, and we’re committed to improving our user experience here - stay tuned for more details!

    Podman v4.1 is also our first release to support Docker Compose v2.2.0 and up. Since our v3.0 release over a year ago, Podman has supported Compose v1, but the rewritten Compose v2 required further work in Podman to support. Please note that it may be necessary to disable the use of the BuildKit API by setting the environment variable DOCKER_BUILDKIT=0; we’re looking into improving our Buildkit support in the future, so this is not necessary.

    There are numerous other changes and improvements to all parts of Podman packed into this release. We’ve added several new commands, including podman volume mount and podman volume unmount (to allow easy copying of files to and from volumes without using them in a container) and podman container clone (creates a copy of an existing container, with the ability to change many settings while doing so). Checkpoint and restore have seen a major improvement with the ability to store checkpoints as OCI images, allowing them to be distributed via container registries. Finally, Podman has gone on a diet - we set out to reduce or eliminate many of our dependencies and managed to reduce our binary size by 8MB shaving off 15% of the original binary size. There are many more changes - too many to list all of them here - so be sure to check out the release notes!

    · 2 min read

    podman logo

    Podman v4.0 has been released!

    Podman v4.0.0, a brand-new major release, is now available. Podman 4.0 is one of our most significant releases ever, featuring over 60 new features. Headlining this release is a complete rewrite of the network stack for improved functionality and performance, but there are numerous other changes, including improvements to Podman’s Mac and Windows support, improvements to pods, over 50 bug fixes, and much, much more!

    Podman now features support for a new network stack based on Netavark and Aardvark, in addition to the existing CNI stack. The new stack features improved support for containers in multiple networks, improved IPv6 support, and improved performance. To ensure that we don’t break existing users, the old CNI stack will remain the default on existing installations, while new installs will use Netavark. We’re planning an in-depth dive into the networking changes in a future blog, so look forward to more details there!

    Support for Podman on Windows and OS X has also been a top priority, and we have made several major improvements for Podman 4.0. Chief among them is support for mounting the Podman API socket on the host system, allowing tools like Docker Compose to be used on the host system instead of inside the podman machine VM. Also, podman machine can now use WSL2 as a backend on Windows, greatly improving Podman’s support for Windows. More features, including support for volume mounts from the host, are planned for Podman v4.1, so stay tuned for more updates.

    Podman Pods have seen numerous new features added to allow sharing resources between containers in the pod. The --volume and --device options to the podman pod create command allows volumes and devices to be mounted to every container in the pod, and the --security-opt and --sysctl options allow these configurations to be set for every container in the pod. Again, these changes are just the beginning of what we have planned - eventually, we aim to have almost every option from podman run available to pods to allow easy sharing of configuration options among containers within them.

    These changes are just the tip of the iceberg - there’s far more packed into this release, including major updates to checkpoint and restore, improvements to podman generate systemd and podman play kube, and so much more. Find out more in the release notes.

    · 2 min read

    podman logo

    Podman 3.3 has been released!

    A new Podman release is available, featuring a number of exciting new features, including improved support for running Podman on OS X, support for restarting containers after a system restart, improved support for checkpointing and restoring containers, and 60 bug fixes and stability improvements. Read on for more details!

    Podman’s support for running on non-Linux operating systems via the podman machine command continues to improve in v3.3.0. When containers are run inside a virtual machine created by podman machine, port forwarding from the host to the container is now supported - that is, a container that forwards port 8080 on the host to port 80 in the container will now be accessible not just from port 8080 in the Podman-managed virtual machine, but also from port 8080 on the host system. Stability also continues to improve, with many fixes being made to both podman machine itself and the remote Podman client.

    Podman now supports restarting containers created with the --restart option after the system is rebooted. Containers created with --restart=always can be automatically started when the system boots if the podman-restart.service systemd unit is enabled. Our main focus continues to be on managing containers directly with systemd via podman generate systemd, which has always allowed containers to be automatically started after boot and provides greater flexibility than the --restart option, but the addition of podman-restart.service will be useful for those seeking improved compatibility with Docker. The podman generate systemd command also saw several improvements, and will not default to using SDNotify instead of PID files, producing smaller and easier-to-understand unit files.

    Support for checkpoint and restoring containers has seen several new additions, most notably the ability to checkpoint and restore containers that are part of pods. Additionally, when restoring containers, you can now alter what ports the container publishes via the --publish option. Together, these greatly increase the flexibility of checkpoint and restore.

    This release also includes numerous other changes, features, and fixes. Find out more in the release notes.

    · 2 min read

    podman logo

    Podman 3.1 has been released!

    The new Podman release includes a number of exciting new features, including the podman secret command for managing secrets, support for a volume chown option to fix permissions automatically, improved support for volumes in podman generate kube, and over 60 bug fixes, many to the HTTP API. Read on for more details!

    Secrets support has been a frequent request for Podman, and 3.1.0 features the first step toward fulfilling it. Secrets add a way to easily add confidential data into containers, by having Podman-managed secret files, which can easily be added to containers. We have added a suite of new commands - podman secret create, podman secret ls, podman secret inspect, and podman secret rm - to manage these secrets, and a --secret flag to podman create and podman run to mount secrets into containers. Please note that the initial implementation of secrets does not encrypt secrets at rest - look for this in an upcoming release.

    Podman can now automatically change volume ownership to match the user a container is running as. The new :U mount option for volumes made with the -v flag to podman create and podman run will chown paths mounted into containers to ensure that the user in the container can access the volume. This is very useful with rootless containers, where the rootless user namespace can make it difficult to tell what user on the container will access a directory.

    The podman generate kube command can now generate PersistentVolumeClaim volumes for Podman named volumes attached to containers. These have been supported in podman play kube since v2.2.0, but until now, Podman has not been able to create YAML with these volumes. This important addition restores symmetry between generate kube and play kube.

    This release also includes numerous other changes, features, and fixes. Find out more in the release notes.

    · 3 min read

    podman logo

    Podman 3.0 has been released!

    This new major release features several exciting new features, including support for Docker Compose, improved security around image pulls by short name, improved networking support, and over 100 bug fixes. Podman v3.0 also features numerous improvements to our REST API and the Podman remote client.

    The headlining feature of Podman 3.0 is the addition of support for Docker Compose which can now run against the Podman REST API. There are no changes needed as Compose won’t even realize it’s using Podman. Compose is only supported when running Podman as root; we aim to support it with rootless Podman in a future release.

    Podman 3.0 also enables secure short name aliasing by default, a feature that debuted in experimental form in Podman 2.2. With short name aliasing enabled, every time a user-facing Podman process pulls an image by a short name for the first time (e.g. podman pull fedora), it will prompt to ask the user where they want to pull from. This removes several potential ways an attacker could manipulate where an image was pulled from to cause Podman to pull a malicious image.

    Podman networking has seen numerous fixes as part of Podman 3.0. We have added a new command, podman network reload, which recreates firewall rules for Podman containers. Previously, reloading the system firewall would render all containers running as root unusable until they were restarted; podman network reload fixes this. Networks created by podman network create also now support labels, and the podman network ls command can filter using these labels.

    Podman v3.0 includes the latest version of Buildah along with updates to our other container libraries. Buildah 1.19.2 includes many new features and fixes, including improved support for building multi-platform container images.

    Podman v3.0 also includes a fix for CVE-2021-20199. This is a security issue where rootless Podman would rewrite the source address on traffic from published ports to 127.0.0.1, which could cause an authentication bypass on certain images. We strongly suggest upgrading if you use rootless Podman.

    As part of 3.0, Podman has dropped support for the legacy Varlink API, which we deprecated in Podman 2.0. We recommend all users of the Varlink API upgrade to the new REST API.

    Dozens of other features, changes, and bug fixes are all included to improve stability, performance, and compatibility. These include numerous additional commands and options as well as API changes and fixes. You can read more here.

    · 2 min read

    podman logo

    Podman 2.2 has been released!

    Podman v2.2.0 has been released! Featuring numerous new features and over 80 bugfixes, the new Podman offers a number of often-requested features and improved stability. Read on for more details!

    Some of our most exciting new features include support for network aliases and the network connect and network disconnect commands. Network aliases are additional names that containers can be accessed through when using DNS. The network connect and network disconnect commands allow running containers to be added to and removed from networks. These have been frequent requests from users, and significantly improve our compatibility with Docker in networking.

    Podman 2.2 also comes with initial support for short name aliasing. This feature, explained more fully here, enhances the security of short names in the podman pull and podman run commands (e.g. podman pull ubi8) by ensuring that that the image we pull is actually the image the user wanted. This feature is purely opt-in for now but will be enabled by default in Podman 3.0.

    The podman generate kube and podman play kube commands also saw numerous improvements, most of which were provided by the community. Both generate kube and play kube now support resource limits for containers. We’ve also gained support for Kubernetes’ persistent volume claims and configmaps in podman play kube. We now offer increased control over the containers created by play kube as well, with a --start option (defaulting to true) controlling whether they are started immediately after being created, and the ability to set what log driver they use to improve the ability of podman play kube to integrate with systemd unit files.

    We’ve also added several other improvements. The --mount option to podman create and podman run can now mount a container image into a container using the type=image argument. Additionally, the podman inspect command now works with more objects (networks, pods, and volumes) instead of just containers and images. Finally, more Podman commands (podman mount, podman diff, podman container exists) can now work with Buildah and CRI-O containers, in addition to Podman containers.

    Numerous bug fixes to APIV2 to better support docker-compose and docker-py.

    · 2 min read

    podman logo

    Podman 2.1 has been released!

    Podman v2.1.0 has just been released! This is one of our largest releases ever, and features numerous new features, over 50 bugs fixed, and extensive work on the REST API. Read on for more details!

    Our biggest announcement is that rootless Podman now supports inter-container networking. Previously, it was impossible for rootless Podman containers to communicate directly with each other without using pods. Now, by joining rootless containers to a network, they can communicate with other containers in the same network in the same manner as containers running with full root privileges. This is a major improvement to rootless networking, and addresses one of the largest gaps between running Podman with and without root.

    We’ve also enabled a number of new features for images. Podman can now mount images (read-only) so their contents can be viewed without creating a container based on the image, using the podman image mount command. Additionally, podman save and podman load can now work with archives containing multiple images, instead of only one at a time. Finally, Podman’s pull logic has been reworked to retry pulling images when a pull fails due to network issues.

    The podman play kube command has also been a focus of attention. It now handles many additional options from Kubernetes YAML. These include support for new volume types (mounting sockets into your pods and setting volumes as read-only), setting restart policy for pods, adding entries to /etc/hosts, and many more. These features are available to anyone using podman generate kube as well.

    In addition, there are numerous small improvements. Volume mounts can now use the :O option to be created as overlay mounts - mounts where changes made by the container will not be propagated back to the host. Podman now supports setting the timezone of containers (using the --tz flag). The podman ps command now supports a --storage option which will display all containers on the system, even those not managed by Podman (e.g. Buildah and CRI-O containers).

    - + \ No newline at end of file diff --git a/release/2018/06/04/podman-alpha-v0.6.1.html b/release/2018/06/04/podman-alpha-v0.6.1.html index 53ae546f9..cc01b1566 100644 --- a/release/2018/06/04/podman-alpha-v0.6.1.html +++ b/release/2018/06/04/podman-alpha-v0.6.1.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    Podman Alpha version 0.6.1 Release Announcement

    · 2 min read

    podman logo

    Podman release 0.6.1

    It seems that when we have a short work week here in the US, we have rather large releases. To me, that flies in the face of logic. Speaking of which, one particular milestone was reached this week … We had our 1000th commit in Podman!

    That is particularly special, because prior to this repository, all libpod work was being done within the CRI-O repository. So the 1000 commits is in actuality since we broke apart from CRI-O. I want to recognize all the contributors who have been helping us along way. Great job! ##Other notable items in the release:

    Improvements to podman Remote API

    * Example usage for the Podman python API
    * Correct issue with varlink container inspect where not all information was being parsed
    * varlink build added to the varlink API
    * Python API now can attach to a container

    Improvements to podman build

    * OnBuild support for podman build

    General Improvements

    * Correctly drop security capabilities when running containers with — user
    * Fix edge case of pulling images with shortnames and no registries defined
    * Lots of changes with the hooks command
    * Make some run options exclusive when using an existing container network namespace
    * Podman ps and images now sorts containers and images by their created time.
    - + \ No newline at end of file diff --git a/release/2018/07/02/podman-alpha-v0.6.4.html b/release/2018/07/02/podman-alpha-v0.6.4.html index 4dc40662a..361dc26e5 100644 --- a/release/2018/07/02/podman-alpha-v0.6.4.html +++ b/release/2018/07/02/podman-alpha-v0.6.4.html @@ -12,13 +12,13 @@ - +

    Podman Alpha version 0.6.4 Release Announcement

    · 3 min read

    podman logo

    Podman release 0.6.4

    This afternoon we were able to overcome some last minute bugs and release a new Podman. The packages are building in Fedora and will work their way through Fedora’s bodhi system. For giggles, I looked at the number of individual contributors this week and was glad to see the number at 10.

    Mainly bugfixes this week, one big one was that we do a better job cleaning up containers that run in the back ground.

    podman container cleanup was added to cleanup mountpoint, cgroups and network configuration when containers exit. When a container is run in background mode (-d), the podman command exits, but conmon continues to run and monitor the container, when the container exits, conmon executes podman container cleanup to cleanup the container.

    There were a number of bug fixes and a lot of vendoring new code — Golang speak for updating the code we depend on from other projects. Interesting things are in store for podman in the upcoming weeks. Stay tuned!

    I missed writing this blog the last couple of weeks, and wanted to point out a huge new feature from the buildah project. podman build now supports layering. As you may know podman build by default only adds one layer when processing a Dockerfile. This is different the docker build. Docker defaults to layering each line in the Dockerfile, which makes the creation of an application easier, since docker build jumps to the first line changed in the Dockerfile since the previous build. Podman build on the other hand starts at the beginning, which works better in using a Dockerfile in a build system. With the introducion of the — layers flag, you can now get the same behaviour in podman build that you have in docker build, incremental changes to the Dockerfile will start the build at the change point rather then in the beginning. There is even a environment variable BUILDAH_LAYERS which can be set to default to the layers method.

    Notable features include:

    * Continued work on podman remote client. A mock up of a podman remote client went into the contrib/ section of our repository. This is not ready for anyone but Jhon Honce as the primary contributor to the python library code.
    * Continued work on running podman without requiring you to be root. Giuseppe Scrivano made a bunch of commits related to rootless containers.
    * added podman-image and podman-container man page links
    * fixed a fatal error where when a container disappeared during podman ps.
    * added an authfile option to podman search to deal with private registries.
    * fixed a bug related to container startup and attached mode.
    * building podman with varlink support is now optionional.
    - + \ No newline at end of file diff --git a/release/2018/07/09/podman-alpha-v0.7.1.html b/release/2018/07/09/podman-alpha-v0.7.1.html index d9ddcf230..025728968 100644 --- a/release/2018/07/09/podman-alpha-v0.7.1.html +++ b/release/2018/07/09/podman-alpha-v0.7.1.html @@ -12,13 +12,13 @@ - +

    Podman Alpha version 0.7.1 Release Announcement

    · 2 min read

    podman logo

    Podman release 0.7.1

    Last week was a busy holiday week here in the United States, but we still managed a nice release full of interesting merges.

    Many of the significant merges are going to be less than noticeable to users. A lot of updated vendor code was added as well as the removal of unused functions due to cgroups and platform changes.

    Speaking of platform changes, one thing I have been working on the last few weeks is to cross-compile for Darwin from Linux. This was really our first need to deal with other platforms and was rather invasive at times. It took several merges over the last few weeks to complete but we have are able to build a Darwin binary. I must emphasize build because the binary is known to not run — as there is a lengthy list of things that would need to be fixed or implemented first. Nevertheless, my goal here was to implement a CI test that would always perform the build so we can protect against subsequent regressions for Darwin should someone decide to work on that platform.

    Other significant changes include:

    * several changes to the makefile to make it more efficient
    * fix parsing of short options by vendoring in a new urfave/cli
    * tutorial fixes
    * revert back to a shared cgroup for conmon processes
    * remove buildah requirement for the libpod image library
    * block use of /proc/acpi from inside containers
    * factor pkg/ctime into a separate package
    - + \ No newline at end of file diff --git a/release/2018/07/16/podman-alpha-v0.7.2.html b/release/2018/07/16/podman-alpha-v0.7.2.html index b7f3f6c56..c1b3b4b7e 100644 --- a/release/2018/07/16/podman-alpha-v0.7.2.html +++ b/release/2018/07/16/podman-alpha-v0.7.2.html @@ -12,13 +12,13 @@ - +

    Podman Alpha version 0.7.2 Release Announcement

    · 2 min read

    podman logo

    Podman release 0.7.2

    As most weeks are, this was fast and furious. You will see hand fulls of significant features below that have been added to podman this week. All of it is awesome work from the core team and its contributors. There were also two interesting features that users will be interested in: the ability to create a container with multiple networks and the podman remote client.

    We have heard from users that they wish to be able to create containers with multiple networks. This can now be done with a combination of CNI configurations and podman. The easiest approach is to take the default podman configuration file /etc/cni/net.d/87-podman-bridge.conflist and duplicate it. Within the file, change the:

    * network name
    * bridge device (cni0 -> cni1)
    * subnet

    Then run podman like:

    $ podman run -it --network=podman,podman2 fedora:28 /bin/bash

    Jhon Honce and I have also been working on a remote client for podman, called pypodman. It is written in Python and allows users to have a podman-like front-end that accesses an actual podman backend on another node. It relies heavily on ssh and we recommend the use of ssh keys to simplify things.

    Our vision is this could eventually become useful for those using Macs or Windows as a development environment. Look for more official blogs and write-ups specifically on this.

    This is also the release where we start introducing pod concepts. We now have minimal support for pods. Try podman pod — help for further information.

    Other significant features include but are not limited to:

    * More unit tests for the varlink python client
    * Correction behavior for podman stats
    * Add — volumes-from to podman run and create
    * Fix a small regression in our opt handling
    * Add a default AppArmor profile
    * Fix path for rootless containers
    * Varlink API fixes in how we start start and attach to containers
    * Podman ps now reports containers as ‘dead’ instead of ‘unknown’
    * Correct behavior in podman rmi on how to handle parent image deletions
    * Logged output now goes to syslog as well as STDERR
    * When pulling an image by SHA1, we now set the name and tag correctly.
    * Better recording of exit codes for container exits
    - + \ No newline at end of file diff --git a/release/2018/08/08/podman-alpha-v0.8.1.html b/release/2018/08/08/podman-alpha-v0.8.1.html index f79b9d659..664330a12 100644 --- a/release/2018/08/08/podman-alpha-v0.8.1.html +++ b/release/2018/08/08/podman-alpha-v0.8.1.html @@ -12,13 +12,13 @@ - +

    Podman Alpha version 0.8.1 Release Announcement

    · One min read

    podman logo

    Podman release 0.8.1

    Our latest podman release turned out to be a lot of internal plumbing. We had more than 50 commits but most were tweaks that most users would not notice. So I don’t have a singular, hot feature to point you at.

    That said, if you haven’t tried the python client to for podman, I recommend you do. It allows you to interact with a remote podman instance via SSH.

    Other notable benefits of this release are:

    * Fixes to rootless containers including network support using slirp4netns written by Akihiro Suda
    * Adjustments to how images are pulled and their metadata
    * podman build now supports different isolation mechanims, to better run within a confined container.
    * Changes to our integration tests to speed them up
    * podman load now supports xz compression
    * Tidy up man pages
    - + \ No newline at end of file diff --git a/release/2018/08/20/podman-alpha-v0.8.3.html b/release/2018/08/20/podman-alpha-v0.8.3.html index 338c2b0c0..31ef29ba8 100644 --- a/release/2018/08/20/podman-alpha-v0.8.3.html +++ b/release/2018/08/20/podman-alpha-v0.8.3.html @@ -12,13 +12,13 @@ - +

    Podman Alpha version 0.8.3 Release Announcement

    · 2 min read

    podman logo

    Podman release 0.8.3

    Our release this week was very smooth. It seems like between CI infrastructure stability, last minute pull requests, and sometimes just plain bad luck, something always gives us trouble on Friday’s. The Fedora packages are created and I see that they are getting their karma and working through the process already.

    By the way, we moved! Our new upstream location is https://github.com/containers/podman. It seems to be a more natural fit for our project and more closely associates us with some of our sister projects.

    Some of the more obvious changes in this release are:

    * Updated documentation to mention that systemd is now the default cgroup manager.
    * The create|run switch of — uts-host now works correctly.
    * Add pod stats as a sub-command. Similar to podman stats, it allows you to see statistics about running pods and their containers.
    * Varlink API endpoints for many of the pod subcommands were added.
    * Support format for the varlink API endpoint Commit (OCI or docker)
    * Fix handling of the container’s hostname when using — host=net
    * When searching multiple registries, do not make an error from one registry be fatal.
    * Create and Pull commands were added to the python client.

    Our IRC channel has not moved. Much of the development team can be found on Freenode in #podman. Come by and introduce yourself!

    - + \ No newline at end of file diff --git a/release/2018/12/12/podman-alpha-v0.12.1.1.html b/release/2018/12/12/podman-alpha-v0.12.1.1.html index 585660c07..8a2199d20 100644 --- a/release/2018/12/12/podman-alpha-v0.12.1.1.html +++ b/release/2018/12/12/podman-alpha-v0.12.1.1.html @@ -12,13 +12,13 @@ - +

    Podman v0.12.1.1 Released

    · 2 min read

    podman logo

    Podman Release 0.12.1.1

    We're happy to announce the availability of Podman 0.12.1.1, our latest version. We've been very busy over the last month, and it shows! We've merged over 150 new commits since our 0.11 releases, including major new functionality and several critical bugfixes. Pods, Kubernetes compatibility, and container volumes all saw major improvements.

    We hope everyone enjoys the release, and stays with us in the future as Podman gets closer to 1.0. As always, many thanks to everyone who contributed to this release!

    Changes

    This release comes with many exciting new features. To highlight a few of our biggest changes:

    • The podman generate kube command was added by Brent Baude, which generates Kubernetes pod and service YAML from Podman containers and pods.
    • Initial support for named volumes using the podman volume set of commands was landed by Urvashi Mohnani
    • The podman rm and podman rmi commands can now prune unused containers and images with the --prune flag
    • Ports can now be published to the host from pods

    Numerous bugs were fixed as well, including a breaking change in rootless Podman found in 0.11.x releases.

    To see the full changelog, please visit our release notes on GitHub

    Some of this work, like the podman volume command, is still very early. We'd greatly appreciate feedback! If you have an enhancement request or a bug report, please file them on our issue page.

    - + \ No newline at end of file diff --git a/release/2019/01/16/podman-release-v1.0.0.html b/release/2019/01/16/podman-release-v1.0.0.html index d458469aa..b908f58fe 100644 --- a/release/2019/01/16/podman-release-v1.0.0.html +++ b/release/2019/01/16/podman-release-v1.0.0.html @@ -12,13 +12,13 @@ - +

    Podman v1.0.0 Released

    · 3 min read

    podman logo

    Podman has gone 1.0!

    Our original goal with Podman was to provide a fully-featured debugging experience for CRI-O, but it has become so much more. Podman 1.0.0 is a fully-featured container engine. It provides a Docker-compatible command line to ease the transition from other container engines. Most Podman commands can be run as a regular user, without requiring additional privileges. Furthermore, all of this is accomplished without a daemon!

    Podman made its first public release, v0.2, a little less than a year ago. We've come a long way since then, adding new features like:

    • Rootless containers
    • Support for pods
    • Interacting with Kubernetes pod YAML
    • A Varlink API for interacting with Podman on remote machines

    We've kept our eyes firmly on stability, fixing over 150 bugs. We’ve also worked on performance, making sure all common operations are optimized. While it is an iterative process, we are pleased with where we stand today. With that, we're excited to announce that Podman is ready for prime time, and it is ready for you.

    A key focus of Podman is around security. In addition to support for rootless containers, we’ve added many other security features. Great support for User Namespaces has resulted in better container separation. The podman top command will tell you what security features are enabled for processes within containers. Podman’s daemonless fork/exec model preserves audit information on containers.

    This is just the beginning, and we have plans for much more. For example, numerous improvements are planned for rootless Podman, pod support, the Varlink API, and automatic user namespace separation. If you find a feature missing from Podman, feel free to open an enhancement request on our Github. We love your feedback, and many of our best ideas come from users and contributors.

    Finally, the Podman team would like to thank all our contributors. Everyone who submitted code, improved documentation, or reported bugs has been a great help.

    Changes

    A few of the biggest changes from Podman 1.0.0 include:

    • Added the podman play kube command, which creates Podman pods based on Kubernetes pod YAML.
    • The podman run and podman create commands now support the --init flag, to run a minimal init process in the container.
    • Added the podman image sign command to sign container images.
    • Image pulls are now parallelized for increased speed

    As always, please visit our release notes on GitHub to see the full changelog.

    You can find instructions for installing Podman here

    - + \ No newline at end of file diff --git a/release/2019/02/26/podman-release-v1.1.0.html b/release/2019/02/26/podman-release-v1.1.0.html index ad88f57e5..7919bbf5d 100644 --- a/release/2019/02/26/podman-release-v1.1.0.html +++ b/release/2019/02/26/podman-release-v1.1.0.html @@ -12,7 +12,7 @@ - + @@ -22,7 +22,7 @@ rootless Podman, adding short options to some of the existing command options, added --all-tags to the the pull command, further changes for rootless containers and more. All the details follow!

    Changes

    Features

    • Added --latest and --all flags to podman mount and podman umount
    • Rootless Podman can now forward ports into containers (using the same -p and -P flags as root Podman)
    • Rootless Podman will now pull some configuration options (for example, OCI runtime path) from the default root libpod.conf if they are not explicitly set in the user's own libpod.conf #2174
    • Added an alias -f for the --format flag of the podman info and podman version commands
    • Added an alias -s for the --size flag of the podman inspect command
    • Added the podman system info and podman system prune commands
    • Added the podman cp command to copy files between containers and the host #613
    • Added the --password-stdin flag to podman login
    • Added the --all-tags flag to podman pull
    • The --rm and --detach flags can now be used together with podman run
    • The podman start and podman run commands for containers in pods will now start dependency containers if they are stopped
    • Added the podman system renumber command to handle lock changes
    • The --net=host and --dns flags for podman run and podman create no longer conflict
    • Podman now handles mounting the shared /etc/resolv.conf from network namespaces created by ip netns add when they are passed in via podman run --net=ns:

    Bugfixes

    • Fixed a bug with podman inspect where different information would be returned when the container was running versus when it was stopped
    • Fixed a bug where errors in Go templates passed to podman inspect were silently ignored instead of reported to the user #2159
    • Fixed a bug where rootless Podman with --pid=host containers was incorrectly masking paths in /proc
    • Fixed a bug where full errors starting rootless Podman were not reported when a refresh was requested
    • Fixed a bug where Podman would override the config file-specified storage driver with the driver the backing database was created with without warning users
    • Fixed a bug where podman prune would prune all images not in use by a container, as opposed to only untagged images, by default #2192
    • Fixed a bug where podman create --quiet and podman run --quiet were not properly suppressing output
    • Fixed a bug where the table keyword in Go template output of podman ps was not working #2221
    • Fixed a bug where podman inspect on images pulled by digest would double-print @sha256 in output when printing digests #2086
    • Fixed a bug where podman container runlabel will return a non-0 exit code if the label does not exist
    • Fixed a bug where container state was always reset to Created after a reboot #1703
    • Fixed a bug where /dev/pts was unconditionally overridden in rootless Podman, which was unnecessary except in very specific cases
    • Fixed a bug where Podman run as root was ignoring some options in /etc/containers/storage.conf #2217
    • Fixed a bug where Podman cleanup processes were not being given the proper OCI runtime path if a custom one was specified
    • Fixed a bug where podman images --filter dangling=true would crash if no dangling images were present #2246
    • Fixed a bug where podman ps --format {% raw %}"{{.Mounts}}"{% endraw %} would not display a container's mounts #2238
    • Fixed a bug where podman pod stats was ignoring Go templates specified by --format #2258
    • Fixed a bug where podman generate kube would fail on containers with --user specified #2304
    • Fixed a bug where podman images displayed incorrect output for images pulled by digest #2175
    • Fixed a bug where podman port and podman ps did not properly display ports if the container joined a network namespace from a pod or another container #846
    • Fixed a bug where detaching from a container using the detach keys would cause Podman to hang until the container exited
    • Fixed a bug where podman create --rm did not work with podman start --attach
    • Fixed a bug where invalid named volumes specified in podman create and podman run could cause segfaults #2301
    • Fixed a bug where the runtime field in libpod.conf was being ignored. runtime is legacy and deprecated, but will continue to be respected for the foreseeable future
    • Fixed a bug where podman login would sometimes report it logged in successfully when it did not
    • Fixed a bug where podman pod create would not error on receiving unused CLI argument
    • Fixed a bug where rootless podman run with the --pod argument would fail if the pod was stopped
    • Fixed a bug where podman images did not print a trailing newline when not invoked on a TTY #2388
    • Fixed a bug where the --runtime option was sometimes not overriding libpod.conf
    • Fixed a bug where podman pull and podman runlabel would sometimes exit with 0 when they should have exited with an error #2405
    • Fixed a bug where rootless podman export -o would fail #2381
    • Fixed a bug where read-only volumes would fail in rootless Podman when the volume originated on a filesystem mounted nosuid, nodev, or noexec #2312
    • Fixed a bug where some files used by checkpoint and restore received improper SELinux labels #2334
    • Fixed a bug where Podman's volume path was not properly changed when containers/storage changed location #2395

    Misc

    • Podman migrated to a new, shared memory locking model in this release. As part of this, if you are running Podman with pods or dependency containers (e.g. --net=container:), you should run the podman system renumber command to migrate your containers to the new model - please reference the podman-system-renumber(1) man page for further details
    • Podman migrated to a new command-line parsing library, and the output format of help and usage text has somewhat changed as a result
    • Updated Buildah to v1.7, picking up a number of bugfixes
    • Updated containers/image library to v1.5, picking up a number of bugfixes and performance improvements to pushing images
    • Updated containers/storage library to v1.10, picking up a number of bugfixes
    • Work on the remote Podman client for interacting with Podman remotely over Varlink is progressing steadily, and many image and pod commands are supported
    • Added path masking to mounts with the :z and :Z options, preventing users from accidentally performing an SELinux relabel of their entire home directory
    • The podman container runlabel command will not pull an image if it does not contain the requested label
    • Many commands' usage information now includes examples
    • podman rm can now delete containers in containers/storage, which can be used to resolve some situations where Podman fails to remove a container
    • The podman search command now searches multiple registries in parallel for improved performance
    • The podman build command now defaults --pull-always to true
    • Containers which share a network namespace (for example, when in a pod) will now share /etc/hosts and /etc/resolv.conf between all containers in the pod, causing changes in one container to propagate to all containers sharing their networks
    • The podman rm and podman rmi commands now return 1 (instead of 127) when all specified container or images are missing

    As always, please visit our release notes on GitHub to see the full changelog.

    You can find instructions for installing Podman here

    - + \ No newline at end of file diff --git a/release/2019/03/01/podman-release-v1.1.1.html b/release/2019/03/01/podman-release-v1.1.1.html index b1af65cba..a7c9723f1 100644 --- a/release/2019/03/01/podman-release-v1.1.1.html +++ b/release/2019/03/01/podman-release-v1.1.1.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    Podman v1.1.1 Released

    · 3 min read

    podman logo

    Podman has gone 1.1.1!

    After releasing Podman v1.1.0 a number of miscellaneous changes and several bug fixes focusing on command line options and parsing were added.
    All the details follow!

    Changes

    Bugfixes

    • Fixed a bug where podman container restore was erroneously available as podman restore #2191
    • Fixed a bug where the volume_path option in libpod.conf was not being respected
    • Fixed a bug where Podman failed to build when the varlink tag was not present #2459
    • Fixed a bug where the podman image load command was listed twice in help text
    • Fixed a bug where the podman image sign command was also listed as podman sign
    • Fixed a bug where the podman image list command incorrectly had an image alias
    • Fixed a bug where the podman images command incorrectly had ls and list aliases
    • Fixed a bug where the podman image rm command was being displayed as podman image rmi
    • Fixed a bug where the podman create command would attempt to parse arguments meant for the container
    • Fixed a bug where the combination of FIPS mode and user namespaces resulted in permissions errors
    • Fixed a bug where the --time alias for --timeout for the podman restart and podman stop commands did not function
    • Fixed a bug where the default stop timeout for newly-created containers was being set to 0 seconds (resulting in an immediate SIGKILL on running podman stop)
    • Fixed a bug where the output format of podman port was incorrect, printing full container ID instead of truncated ID
    • Fixed a bug where the podman container list command did not exist
    • Fixed a bug where podman build could not build a container from images tagged locally that did not exist in a registry #2469
    • Fixed a bug where some Podman commands that accept no arguments would not error when provided arguments
    • Fixed a bug where podman play kube could not handle cases where a pod and a container shared a name

    Misc

    • Usage text for many commands was greatly improved
    • Major cleanups were made to Podman manpages, ensuring that command lists are accurate
    • Greatly improved debugging output when the newuidmap and newgidmap binaries fail when using rootless Podman
    • The -s alias for the global --storage-driver option has been removed
    • The podman container refresh command has been deprecated, as its intended use case is no longer relevant. The command has been hidden and manpages deleted. It will be removed in a future release
    • The podman container runlabel command will now pull images not available locally even without the --pull option. The --pull option has been deprecated
    • The podman container checkpoint and podman container restore commands are now only available on OCI runtimes where they are supported (e.g. runc)

    As always, please visit our release notes on GitHub to see the full changelog.

    You can find instructions for installing Podman here

    - + \ No newline at end of file diff --git a/release/2019/03/05/podman-release-v1.1.2.html b/release/2019/03/05/podman-release-v1.1.2.html index 3c20e3de8..689fa194a 100644 --- a/release/2019/03/05/podman-release-v1.1.2.html +++ b/release/2019/03/05/podman-release-v1.1.2.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    Podman v1.1.2 Released

    · One min read

    podman logo

    Podman has gone 1.1.2!

    After releasing Podman v1.1.1 a number of bug fixes focusing on command line options and parsing were added. All the details follow!

    Changes

    Bugfixes

    • Fixed a bug where the podman image list, podman image rm, and podman container list had broken global storage options
    • Fixed a bug where the --label option to podman create and podman run was missing the -l alias
    • Fixed a bug where running Podman with the --config flag would not set an appropriate default value for tmp_dir #2408
    • Fixed a bug where the podman logs command with the --timestamps flag produced unreadable output #2500
    • Fixed a bug where the podman cp command would automatically extract .tar files copied into the container #2509

    Misc

    • The podman container stop command is now usable with the Podman remote client

    As always, please visit our release notes on GitHub to see the full changelog.

    You can find instructions for installing Podman here

    - + \ No newline at end of file diff --git a/release/2019/04/10/podman-release-v1.2.0.html b/release/2019/04/10/podman-release-v1.2.0.html index 7bf1e8d17..4fb362c93 100644 --- a/release/2019/04/10/podman-release-v1.2.0.html +++ b/release/2019/04/10/podman-release-v1.2.0.html @@ -12,13 +12,13 @@ - +

    Podman v1.2.0 Released

    · 2 min read

    podman logo

    Welcome to Podman 1.2.0!

    Podman 1.2.0 has been released, featuring many exciting new features and fixes for numerous bugs. With 1.2.0, Podman added support for container healthchecks, an events system, and a way to view image layers as a tree. Over 30 bugs were fixed in this new release, including numerous issues with rootless Podman. We also upgraded the version of Buildah driving podman build from v1.7 to v1.7.2, picking up numerous fixes.

    Our new Podman release includes support for container healthchecks. Healthchecks provide additional information on container status, running checks defined by the image or user to verify that the application in a container is working properly. Any containers with healthchecks defined will run them automatically, and their status can be checked with podman inspect. The podman healthcheck run command can also be used to manually trigger a healthcheck.

    Podman also added a new command, podman events, that can be used to view major lifecycle events for containers, pods, and images as they occur. This command and its corresponding Varlink API can be used by tools which wish to check the overall status of the system, or check when a specific container starts or exits. A few example events are shown below:

    2019-04-11 15:49:45.490227772 -0400 EDT container attach 0765d56e25939f66aed5817dd10c5cbc69f177b2b4ef94ec302b8b67475e0a1a (image=quay.io/crio/alpine:latest, name=optimistic_franklin)
    2019-04-11 15:49:45.58978211 -0400 EDT container start 0765d56e25939f66aed5817dd10c5cbc69f177b2b4ef94ec302b8b67475e0a1a (image=quay.io/crio/alpine:latest, name=optimistic_franklin)
    2019-04-11 15:49:45.590526456 -0400 EDT container died 0765d56e25939f66aed5817dd10c5cbc69f177b2b4ef94ec302b8b67475e0a1a (image=quay.io/crio/alpine:latest, name=optimistic_franklin)
    2019-04-11 15:49:46.363842802 -0400 EDT container remove 0765d56e25939f66aed5817dd10c5cbc69f177b2b4ef94ec302b8b67475e0a1a (image=quay.io/crio/alpine:latest, name=optimistic_franklin)

    The podman image tree command was also added. This command will print a tree representation of an image's layers. This can be used to easily identify an image's dependencies. An example with a simple multilayer image is shown below:

    Image ID: 4a3e4f2db0ac
    Tags: [localhost/buildah-ctr:latest localhost/myimage:latest]
    Size: 598.1MB
    Image Layers
    ├── ID: a13f3c019d29 Size: 274.9MB
    ├── ID: 6ae7c90cc44a Size: 323.2MB
    └── ID: 610298fe2990 Size: 1.024kB Top Layer of: [localhost/buildah-ctr:latest localhost/myimage:latest]

    As always, please visit our release notes on GitHub to see the full changelog.

    You can find instructions for installing Podman here

    - + \ No newline at end of file diff --git a/release/2019/05/10/podman-release-v1.3.0.html b/release/2019/05/10/podman-release-v1.3.0.html index 4c3a95a6f..20d3077c2 100644 --- a/release/2019/05/10/podman-release-v1.3.0.html +++ b/release/2019/05/10/podman-release-v1.3.0.html @@ -12,13 +12,13 @@ - +

    Podman v1.3.0 Released

    · 2 min read

    podman logo

    Welcome to Podman 1.3.0!

    Podman 1.3.0 has been released! We've focused firmly on stability with 1.3.0, fixing over 25 bugs and making major changes to improve the stability of rootless Podman and Podman volumes. This release also includes a number of new features, including the podman generate systemd command to generate unit files to manage Podman containers, and the --restart flag for podman run and podman create to restart containers on error. We also picked up a fresh version of Buildah, 1.8.2, including numerous fixes and improvements for podman build.

    The biggest new features in Podman 1.3.0 are for managing container restart. The --restart flag allows Podman to restart containers when they exit, and the podman generate systemd command makes unit files so you can leverage systemd to manage container lifecycle. These commands seem very similar, but are very different in practice. The --restart flag is much simpler, but more limited - it restarts containers when they exit, but cannot deal with a system restart or dependencies between containers. If you need access to these more advanced features, podman generate systemd will allow you to manage your containers via systemd, leveraging all of its service management capabilities.

    As always, please visit our release notes on GitHub to see the full changelog.

    You can find instructions for installing Podman here

    - + \ No newline at end of file diff --git a/release/2019/08/14/podman-release-v1.5.0.html b/release/2019/08/14/podman-release-v1.5.0.html index 92d3acc0d..177a43544 100644 --- a/release/2019/08/14/podman-release-v1.5.0.html +++ b/release/2019/08/14/podman-release-v1.5.0.html @@ -12,13 +12,13 @@ - +

    Podman v1.5.0 Released

    · 2 min read

    podman logo

    Podman has gone 1.5!

    Podman 1.5.0 has been released! We’ve made major improvements to podman exec, podman generate kube, and rootless containers in this release. Stability has also been a focus, and we’ve fixed over 30 bugs and several performance issues. The new 1.5.0 release is available for Fedora and Ubuntu right now!

    With this new release, Podman has picked up a number of improvements to core container functionality. The podman exec command has been completely reworked, including improved handling for attaching to containers. Expect to see more work on exec in future releases. CGroups have also seen major work, with support for CGroup namespaces via the --cgroupns flag to podman create and podman run, and support for CGroups v2 when using the crun OCI runtime - more details here. The podman generate kube command has also been improved and now includes volumes mounted into containers. Finally, we’ve addressed several memory leaks and other performance issues, and Podman should be much more responsive on systems under high load.

    Rootless containers have also been improved, featuring improved handling for privileged containers and the ability to use container health checks. Podman now has experimental support for running rootless containers with a single UID and GID using the new ignore_chown_errors storage option. This allows Podman to be run without the newuidmap and newgidmap binaries, and removes the need for any elevated privileges to start rootless containers. This approach is more limited (but more secure) than normal rootless containers.

    As always, please visit our release notes on GitHub to see the full changelog.

    You can find instructions for installing Podman here.

    - + \ No newline at end of file diff --git a/release/2020/01/08/podman-release-v1.7.0.html b/release/2020/01/08/podman-release-v1.7.0.html index 2b46e05c2..3cf21fddb 100644 --- a/release/2020/01/08/podman-release-v1.7.0.html +++ b/release/2020/01/08/podman-release-v1.7.0.html @@ -12,13 +12,13 @@ - +

    Podman v1.7.0 Released

    · 2 min read

    podman logo

    Podman 1.7 has been released!

    Podman v1.7.0 has been released, including many new features and numerous bugfixes. It features improvements to networking, podman play kube, and systemd unit file integration. We’ve also added the podman system reset command, to remove all existing containers, pods, images, and volumes and reset the system to its initial state. Stability has not been neglected, and this release features almost 60 bugfixes, including major fixes for podman rm, podman exec, and volumes.

    This new release features improved support for host networking via the CNI macvlan plugin which allows containers to connect directly to networks the host is connected to. The podman network create command can now create macvlan configs via the --macvlan flag. Containers can also set static MAC addresses. The podman play kube command has also been updated to respect security settings, including user/group, SELinux configuration, and Seccomp profiles. Podman now creates a cgroup namespace by default on systems using cgroups v2, improving container isolation. We’ve made major improvements for running Podman in a systemd service. These changes (and how to use them) are detailed elsewhere in a blog.

    As always, please visit our page on GitHub to see the full changelog.

    You can find instructions for installing Podman here.

    - + \ No newline at end of file diff --git a/release/2020/04/17/podman-release-v1.9.0.html b/release/2020/04/17/podman-release-v1.9.0.html index c93a31ee6..f28c88f04 100644 --- a/release/2020/04/17/podman-release-v1.9.0.html +++ b/release/2020/04/17/podman-release-v1.9.0.html @@ -12,13 +12,13 @@ - +

    Podman v1.9.0 Released

    · 2 min read

    podman logo

    Podman 1.9 has been released!

    Podman 1.9.0 has been released, featuring initial support for the new containers.conf configuration file, the ability to dynamically allocate user namespaces, and many improvements to the HTTP API.

    The containers.conf configuration file (documentation here) is the eventual replacement for our old configuration file, libpod.conf. It contains everything that file had, but also a large number of container-specific configuration settings, including the ability to add volume mounts, environment variables, DNS servers, and much more by default in new containers. As support is still in the early stages, we do not presently provide a default containers.conf, but expect to find one in future releases! The containers.conf file is also shared between Podman and Buildah, and sets defaults for both.

    Podman continues to push the boundaries of containers and security. Podman has a new experimental feature to dynamically allocate user namespaces for containers run as root with the --userns=auto flag. This option causes Podman to allocate unique user namespaces for each container it creates, dynamically sized based on the number of UIDs in the image. With this option, it is trivial to run containers in separate user namespaces, greatly improving isolation.

    We expect that Podman 1.9.0 will be the last minor release before Podman 2.0. Podman 2.0 will feature a number of major architectural changes to better support the new HTTP API, and will allow Podman to be used locally, as it is today, or remotely, against a Podman HTTP service, with the same executable. More details here.

    - + \ No newline at end of file diff --git a/release/2020/10/05/podman-release-v2.1.0.html b/release/2020/10/05/podman-release-v2.1.0.html index f250b40a8..4c153c1fa 100644 --- a/release/2020/10/05/podman-release-v2.1.0.html +++ b/release/2020/10/05/podman-release-v2.1.0.html @@ -12,13 +12,13 @@ - +

    Podman v2.1.0 Released

    · 2 min read

    podman logo

    Podman 2.1 has been released!

    Podman v2.1.0 has just been released! This is one of our largest releases ever, and features numerous new features, over 50 bugs fixed, and extensive work on the REST API. Read on for more details!

    Our biggest announcement is that rootless Podman now supports inter-container networking. Previously, it was impossible for rootless Podman containers to communicate directly with each other without using pods. Now, by joining rootless containers to a network, they can communicate with other containers in the same network in the same manner as containers running with full root privileges. This is a major improvement to rootless networking, and addresses one of the largest gaps between running Podman with and without root.

    We’ve also enabled a number of new features for images. Podman can now mount images (read-only) so their contents can be viewed without creating a container based on the image, using the podman image mount command. Additionally, podman save and podman load can now work with archives containing multiple images, instead of only one at a time. Finally, Podman’s pull logic has been reworked to retry pulling images when a pull fails due to network issues.

    The podman play kube command has also been a focus of attention. It now handles many additional options from Kubernetes YAML. These include support for new volume types (mounting sockets into your pods and setting volumes as read-only), setting restart policy for pods, adding entries to /etc/hosts, and many more. These features are available to anyone using podman generate kube as well.

    In addition, there are numerous small improvements. Volume mounts can now use the :O option to be created as overlay mounts - mounts where changes made by the container will not be propagated back to the host. Podman now supports setting the timezone of containers (using the --tz flag). The podman ps command now supports a --storage option which will display all containers on the system, even those not managed by Podman (e.g. Buildah and CRI-O containers).

    - + \ No newline at end of file diff --git a/release/2020/12/14/podman-release-v2.2.0.html b/release/2020/12/14/podman-release-v2.2.0.html index 130be7ca5..4200a4abb 100644 --- a/release/2020/12/14/podman-release-v2.2.0.html +++ b/release/2020/12/14/podman-release-v2.2.0.html @@ -12,13 +12,13 @@ - +

    Podman v2.2.0 Released

    · 2 min read

    podman logo

    Podman 2.2 has been released!

    Podman v2.2.0 has been released! Featuring numerous new features and over 80 bugfixes, the new Podman offers a number of often-requested features and improved stability. Read on for more details!

    Some of our most exciting new features include support for network aliases and the network connect and network disconnect commands. Network aliases are additional names that containers can be accessed through when using DNS. The network connect and network disconnect commands allow running containers to be added to and removed from networks. These have been frequent requests from users, and significantly improve our compatibility with Docker in networking.

    Podman 2.2 also comes with initial support for short name aliasing. This feature, explained more fully here, enhances the security of short names in the podman pull and podman run commands (e.g. podman pull ubi8) by ensuring that that the image we pull is actually the image the user wanted. This feature is purely opt-in for now but will be enabled by default in Podman 3.0.

    The podman generate kube and podman play kube commands also saw numerous improvements, most of which were provided by the community. Both generate kube and play kube now support resource limits for containers. We’ve also gained support for Kubernetes’ persistent volume claims and configmaps in podman play kube. We now offer increased control over the containers created by play kube as well, with a --start option (defaulting to true) controlling whether they are started immediately after being created, and the ability to set what log driver they use to improve the ability of podman play kube to integrate with systemd unit files.

    We’ve also added several other improvements. The --mount option to podman create and podman run can now mount a container image into a container using the type=image argument. Additionally, the podman inspect command now works with more objects (networks, pods, and volumes) instead of just containers and images. Finally, more Podman commands (podman mount, podman diff, podman container exists) can now work with Buildah and CRI-O containers, in addition to Podman containers.

    Numerous bug fixes to APIV2 to better support docker-compose and docker-py.

    - + \ No newline at end of file diff --git a/release/2021/02/11/podman-release-v3.0.0.html b/release/2021/02/11/podman-release-v3.0.0.html index 805841dff..09b2606f8 100644 --- a/release/2021/02/11/podman-release-v3.0.0.html +++ b/release/2021/02/11/podman-release-v3.0.0.html @@ -12,13 +12,13 @@ - +

    Podman v3.0.0 Released

    · 3 min read

    podman logo

    Podman 3.0 has been released!

    This new major release features several exciting new features, including support for Docker Compose, improved security around image pulls by short name, improved networking support, and over 100 bug fixes. Podman v3.0 also features numerous improvements to our REST API and the Podman remote client.

    The headlining feature of Podman 3.0 is the addition of support for Docker Compose which can now run against the Podman REST API. There are no changes needed as Compose won’t even realize it’s using Podman. Compose is only supported when running Podman as root; we aim to support it with rootless Podman in a future release.

    Podman 3.0 also enables secure short name aliasing by default, a feature that debuted in experimental form in Podman 2.2. With short name aliasing enabled, every time a user-facing Podman process pulls an image by a short name for the first time (e.g. podman pull fedora), it will prompt to ask the user where they want to pull from. This removes several potential ways an attacker could manipulate where an image was pulled from to cause Podman to pull a malicious image.

    Podman networking has seen numerous fixes as part of Podman 3.0. We have added a new command, podman network reload, which recreates firewall rules for Podman containers. Previously, reloading the system firewall would render all containers running as root unusable until they were restarted; podman network reload fixes this. Networks created by podman network create also now support labels, and the podman network ls command can filter using these labels.

    Podman v3.0 includes the latest version of Buildah along with updates to our other container libraries. Buildah 1.19.2 includes many new features and fixes, including improved support for building multi-platform container images.

    Podman v3.0 also includes a fix for CVE-2021-20199. This is a security issue where rootless Podman would rewrite the source address on traffic from published ports to 127.0.0.1, which could cause an authentication bypass on certain images. We strongly suggest upgrading if you use rootless Podman.

    As part of 3.0, Podman has dropped support for the legacy Varlink API, which we deprecated in Podman 2.0. We recommend all users of the Varlink API upgrade to the new REST API.

    Dozens of other features, changes, and bug fixes are all included to improve stability, performance, and compatibility. These include numerous additional commands and options as well as API changes and fixes. You can read more here.

    - + \ No newline at end of file diff --git a/release/2021/04/02/podman-release-v3.1.0.html b/release/2021/04/02/podman-release-v3.1.0.html index 5f179213b..e28cbf6e2 100644 --- a/release/2021/04/02/podman-release-v3.1.0.html +++ b/release/2021/04/02/podman-release-v3.1.0.html @@ -12,13 +12,13 @@ - +

    Podman v3.1.0 Released

    · 2 min read

    podman logo

    Podman 3.1 has been released!

    The new Podman release includes a number of exciting new features, including the podman secret command for managing secrets, support for a volume chown option to fix permissions automatically, improved support for volumes in podman generate kube, and over 60 bug fixes, many to the HTTP API. Read on for more details!

    Secrets support has been a frequent request for Podman, and 3.1.0 features the first step toward fulfilling it. Secrets add a way to easily add confidential data into containers, by having Podman-managed secret files, which can easily be added to containers. We have added a suite of new commands - podman secret create, podman secret ls, podman secret inspect, and podman secret rm - to manage these secrets, and a --secret flag to podman create and podman run to mount secrets into containers. Please note that the initial implementation of secrets does not encrypt secrets at rest - look for this in an upcoming release.

    Podman can now automatically change volume ownership to match the user a container is running as. The new :U mount option for volumes made with the -v flag to podman create and podman run will chown paths mounted into containers to ensure that the user in the container can access the volume. This is very useful with rootless containers, where the rootless user namespace can make it difficult to tell what user on the container will access a directory.

    The podman generate kube command can now generate PersistentVolumeClaim volumes for Podman named volumes attached to containers. These have been supported in podman play kube since v2.2.0, but until now, Podman has not been able to create YAML with these volumes. This important addition restores symmetry between generate kube and play kube.

    This release also includes numerous other changes, features, and fixes. Find out more in the release notes.

    - + \ No newline at end of file diff --git a/release/2021/08/31/podman-release-v3.3.0.html b/release/2021/08/31/podman-release-v3.3.0.html index a00275678..3bfaff51d 100644 --- a/release/2021/08/31/podman-release-v3.3.0.html +++ b/release/2021/08/31/podman-release-v3.3.0.html @@ -12,13 +12,13 @@ - +

    Podman v3.3.0 Released

    · 2 min read

    podman logo

    Podman 3.3 has been released!

    A new Podman release is available, featuring a number of exciting new features, including improved support for running Podman on OS X, support for restarting containers after a system restart, improved support for checkpointing and restoring containers, and 60 bug fixes and stability improvements. Read on for more details!

    Podman’s support for running on non-Linux operating systems via the podman machine command continues to improve in v3.3.0. When containers are run inside a virtual machine created by podman machine, port forwarding from the host to the container is now supported - that is, a container that forwards port 8080 on the host to port 80 in the container will now be accessible not just from port 8080 in the Podman-managed virtual machine, but also from port 8080 on the host system. Stability also continues to improve, with many fixes being made to both podman machine itself and the remote Podman client.

    Podman now supports restarting containers created with the --restart option after the system is rebooted. Containers created with --restart=always can be automatically started when the system boots if the podman-restart.service systemd unit is enabled. Our main focus continues to be on managing containers directly with systemd via podman generate systemd, which has always allowed containers to be automatically started after boot and provides greater flexibility than the --restart option, but the addition of podman-restart.service will be useful for those seeking improved compatibility with Docker. The podman generate systemd command also saw several improvements, and will not default to using SDNotify instead of PID files, producing smaller and easier-to-understand unit files.

    Support for checkpoint and restoring containers has seen several new additions, most notably the ability to checkpoint and restore containers that are part of pods. Additionally, when restoring containers, you can now alter what ports the container publishes via the --publish option. Together, these greatly increase the flexibility of checkpoint and restore.

    This release also includes numerous other changes, features, and fixes. Find out more in the release notes.

    - + \ No newline at end of file diff --git a/release/2022/02/22/podman-release-v4.0.0.html b/release/2022/02/22/podman-release-v4.0.0.html index 569e5e1c0..ea0d51ab5 100644 --- a/release/2022/02/22/podman-release-v4.0.0.html +++ b/release/2022/02/22/podman-release-v4.0.0.html @@ -12,13 +12,13 @@ - +

    Podman v4.0.0 Released

    · 2 min read

    podman logo

    Podman v4.0 has been released!

    Podman v4.0.0, a brand-new major release, is now available. Podman 4.0 is one of our most significant releases ever, featuring over 60 new features. Headlining this release is a complete rewrite of the network stack for improved functionality and performance, but there are numerous other changes, including improvements to Podman’s Mac and Windows support, improvements to pods, over 50 bug fixes, and much, much more!

    Podman now features support for a new network stack based on Netavark and Aardvark, in addition to the existing CNI stack. The new stack features improved support for containers in multiple networks, improved IPv6 support, and improved performance. To ensure that we don’t break existing users, the old CNI stack will remain the default on existing installations, while new installs will use Netavark. We’re planning an in-depth dive into the networking changes in a future blog, so look forward to more details there!

    Support for Podman on Windows and OS X has also been a top priority, and we have made several major improvements for Podman 4.0. Chief among them is support for mounting the Podman API socket on the host system, allowing tools like Docker Compose to be used on the host system instead of inside the podman machine VM. Also, podman machine can now use WSL2 as a backend on Windows, greatly improving Podman’s support for Windows. More features, including support for volume mounts from the host, are planned for Podman v4.1, so stay tuned for more updates.

    Podman Pods have seen numerous new features added to allow sharing resources between containers in the pod. The --volume and --device options to the podman pod create command allows volumes and devices to be mounted to every container in the pod, and the --security-opt and --sysctl options allow these configurations to be set for every container in the pod. Again, these changes are just the beginning of what we have planned - eventually, we aim to have almost every option from podman run available to pods to allow easy sharing of configuration options among containers within them.

    These changes are just the tip of the iceberg - there’s far more packed into this release, including major updates to checkpoint and restore, improvements to podman generate systemd and podman play kube, and so much more. Find out more in the release notes.

    - + \ No newline at end of file diff --git a/release/2022/05/09/podman-release-v4.1.0.html b/release/2022/05/09/podman-release-v4.1.0.html index 6b017f370..e406c6f2c 100644 --- a/release/2022/05/09/podman-release-v4.1.0.html +++ b/release/2022/05/09/podman-release-v4.1.0.html @@ -12,13 +12,13 @@ - +

    Podman v4.1.0 Released

    · 3 min read

    podman logo

    Podman v4.1 has been released!

    The new Podman v4.1.0 release is now available. This release is all about new features, with some of the most exciting being improved support for running on Mac and Windows, and adding support for Docker Compose v2.0. These are just the beginning, though, as this release also includes the ability to clone containers, significant improvements to checkpointing, and over 25 bug fixes. Read on for more details!

    Podman’s support for running on Mac and Windows via podman machine has seen a number of major improvements, chief among them support for mounting the host machine’s home directory into the podman machine VMs by default. Also, on Windows, you can now refer to arbitrary Windows drive paths in your volume mount expressions. This allows containers run by Podman to use mounts from the host, an often-requested feature. Additionally, we’ve added a podman machine inspect command to inspect existing VMs, and support for modifying the CPU, memory, and disk limits of existing VMs using the podman machine set command. Support for non-Linux operating systems continues to be one of our main focuses, and we’re committed to improving our user experience here - stay tuned for more details!

    Podman v4.1 is also our first release to support Docker Compose v2.2.0 and up. Since our v3.0 release over a year ago, Podman has supported Compose v1, but the rewritten Compose v2 required further work in Podman to support. Please note that it may be necessary to disable the use of the BuildKit API by setting the environment variable DOCKER_BUILDKIT=0; we’re looking into improving our Buildkit support in the future, so this is not necessary.

    There are numerous other changes and improvements to all parts of Podman packed into this release. We’ve added several new commands, including podman volume mount and podman volume unmount (to allow easy copying of files to and from volumes without using them in a container) and podman container clone (creates a copy of an existing container, with the ability to change many settings while doing so). Checkpoint and restore have seen a major improvement with the ability to store checkpoints as OCI images, allowing them to be distributed via container registries. Finally, Podman has gone on a diet - we set out to reduce or eliminate many of our dependencies and managed to reduce our binary size by 8MB shaving off 15% of the original binary size. There are many more changes - too many to list all of them here - so be sure to check out the release notes!

    - + \ No newline at end of file diff --git a/release/2022/08/17/podman-release-v4.2.0.html b/release/2022/08/17/podman-release-v4.2.0.html index d21505c90..19ff170af 100644 --- a/release/2022/08/17/podman-release-v4.2.0.html +++ b/release/2022/08/17/podman-release-v4.2.0.html @@ -12,14 +12,14 @@ - +

    Podman v4.2.0 Released

    · 3 min read

    podman logo

    Podman v4.2.0 has been released!

    Podman 4.2.0, our latest release, is now available. Featuring dozens of new features, including support for the GitLab Runner, significant improvements to podman play kube, and pods in general. We’ve also been working on running Podman on Mac and Windows, with a number of major bug fixes and several new features for podman machine landing. We are also happy to announce an early release of Podman Desktop, a GUI tool for Podman. Read on for more details!

    Our new release now supports being used with the GitLab Runner as part of GitLab CI platforms, using the Docker executor. This has been the culmination of months of effort, and required squashing a number of bugs in our REST API. GitLab Runner has been a much-requested feature, and we’re eager to see what users do with it!

    As part of the 4.2.0 release, we have made many changes to both Podman pods and the podman play kube command. Pods now have early support for resource limits, allowing CPU and memory use for a pod to be limited. All containers in the pod will share this limit but can still set their own limits. Pods can also be cloned now via the new podman pod clone command. Support for YAML in play kube has also been improved, with additional support for security context settings and the ability to use BlockDevice and CharDevice volumes.

    systemd integration with podman play kube has been introduced. Pods launched by podman play kube can be managed by systemd, using the new podman-kube@.service service - e.g. systemctl --user start podman-play-kube@$(systemd-escape my.yaml).service will run the my.yaml file managed by systemd.

    Several other features and changes also landed in Podman v4.2.0. Early support for Sigstore signatures is now available in podman push and podman manifest push - expect more in this area in the future as we further integrate Sigstore and Podman. Podman networks can now be isolated (preventing traffic from being sent to other Podman-managed networks) with the --opt isolate= option to podman network create.

    These are just a few of the 40 new features and 50 bug fixes included in Podman 4.2.0. Be sure to check out the release notes for more details!

    Along with the release of Podman 4.2.0, a new version of Podman Desktop is available. If you are not yet aware of Podman Desktop, it’s a new project under the container organization to help developers work with containers in their local environment with a desktop UI. Podman Desktop is still in its early days. Still, it already provides capabilities to list your images, interact with containers (access logs, get a terminal), connect to registries (pull private images, push your images) and configure podman settings (proxies). An early adopter program has also been set up. Feel free to sign up if you are interested in testing Podman Desktop, providing feedback, and speaking about your ideas, experiences, and pain points! If you are interested in contributing to the tool, your help would also be appreciated. Feel free to investigate the project’s Github.

    - + \ No newline at end of file diff --git a/release/2022/09/28/updated-1.2.0.html b/release/2022/09/28/updated-1.2.0.html index 5afebbb24..a79a32f30 100644 --- a/release/2022/09/28/updated-1.2.0.html +++ b/release/2022/09/28/updated-1.2.0.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    Netavark and Aardvark-dns 1.2.0 released

    · One min read

    Netavark and Aardvark-dns v1.2.0 has been released!

    The underlying network components for Podman have been updated. This consists of two projects:

    • Netavark - network configuration tool for Podman
    • Aardvark-dns - container domain name resolution server for Podman containers

    Release v1.2.0 resolves a handful of edge case bugs that were found and reported. In addition, many of the libraries used by the projects were updated.

    - + \ No newline at end of file diff --git a/release/2022/10/22/podman-release-v4.3.0.html b/release/2022/10/22/podman-release-v4.3.0.html index 99560f633..cd2e82b25 100644 --- a/release/2022/10/22/podman-release-v4.3.0.html +++ b/release/2022/10/22/podman-release-v4.3.0.html @@ -12,13 +12,13 @@ - +

    Podman v4.3.0 Released

    · 3 min read

    podman logo

    Podman 4.3.0 is now available! There’s a lot to be excited about, including numerous new features, over 30 bug fixes, and many other improvements. A major focus of 4.3 has been on improving Docker compatibility, including the addition of many missing options and aliases to Podman’s command line to further our efforts to make transitioning to Podman a seamless change. Podman’s integration with Kubernetes has also seen many improvements, including improved integration with systemd and support for automatic updates. Read on for more details and these changes and more!

    The Podman team made improved compatibility with Docker a priority for Podman 4.3. We audited Podman’s commands against the Docker command line tool to identify missing and unsupported options and then set to work adding and fixing differences. As part of these, we added a dozen new options to various Podman commands, with many of these being missing aliases for existing options. A new set of commands, podman context, have been added for compatibility with docker context. These are also aliases (for podman system connection commands), and will usually be hidden as they are only required for scripts originally written to use Docker. We have also removed a known incompatibility with Docker in Podman’s volume handling. Docker compatibility remains a focus for Podman, and we will continue our efforts to make migrating to Podman effortless.

    Podman’s Kubernetes integration also saw numerous changes, the biggest of which is the creation of the podman kube command. Previously, Kubernetes YAML was generated with podman generate kube and ran with podman play kube, but users found this confusing - it wasn’t immediately obvious from podman help that the commands existed. By moving the commands to podman kube generate and podman kube play and introducing a new command to tear down pods (podman kube down), we consolidated all Kubernetes commands in one easy-to-find place. The podman generate kube, and podman play kube commands will continue to work, but the new podman kube commands will be preferred.

    Of course, we didn’t stop at just renaming commands. We’ve made a number of further additions to podman kube play, most notably improved systemd integration. In Podman 4.2, we added podman-kube@.service to allow pods created with podman kube play to be managed with systemd. With Podman 4.3, we’ve improved this in two significant ways. First, pods using podman-kube@.service can now use sdnotify to verify to systemd that they have started. This laid the groundwork for the following major change: Pods from podman-kube@.service now support Podman’s auto-updated mechanism, enabled using an annotation (io.containers.auto-update). Furthermore, we made several improvements to podman kube play, including support for emptyDir volumes, support for user namespaces via HostUsers, and support for binary data in ConfigMaps.

    These are just a few of the over 30 features and bug fixes included in Podman 4.3.0. Be sure to check out the release notes for more details!

    - + \ No newline at end of file diff --git a/release/archive.html b/release/archive.html index 1d58482cc..057a0e2d7 100644 --- a/release/archive.html +++ b/release/archive.html @@ -12,13 +12,13 @@ - +
    - + \ No newline at end of file diff --git a/release/page/2.html b/release/page/2.html index 88de2d061..6a41206d3 100644 --- a/release/page/2.html +++ b/release/page/2.html @@ -12,7 +12,7 @@ - + @@ -26,7 +26,7 @@ rootless Podman, adding short options to some of the existing command options, added --all-tags to the the pull command, further changes for rootless containers and more. All the details follow!

    Changes

    Features

    • Added --latest and --all flags to podman mount and podman umount
    • Rootless Podman can now forward ports into containers (using the same -p and -P flags as root Podman)
    • Rootless Podman will now pull some configuration options (for example, OCI runtime path) from the default root libpod.conf if they are not explicitly set in the user's own libpod.conf #2174
    • Added an alias -f for the --format flag of the podman info and podman version commands
    • Added an alias -s for the --size flag of the podman inspect command
    • Added the podman system info and podman system prune commands
    • Added the podman cp command to copy files between containers and the host #613
    • Added the --password-stdin flag to podman login
    • Added the --all-tags flag to podman pull
    • The --rm and --detach flags can now be used together with podman run
    • The podman start and podman run commands for containers in pods will now start dependency containers if they are stopped
    • Added the podman system renumber command to handle lock changes
    • The --net=host and --dns flags for podman run and podman create no longer conflict
    • Podman now handles mounting the shared /etc/resolv.conf from network namespaces created by ip netns add when they are passed in via podman run --net=ns:

    Bugfixes

    • Fixed a bug with podman inspect where different information would be returned when the container was running versus when it was stopped
    • Fixed a bug where errors in Go templates passed to podman inspect were silently ignored instead of reported to the user #2159
    • Fixed a bug where rootless Podman with --pid=host containers was incorrectly masking paths in /proc
    • Fixed a bug where full errors starting rootless Podman were not reported when a refresh was requested
    • Fixed a bug where Podman would override the config file-specified storage driver with the driver the backing database was created with without warning users
    • Fixed a bug where podman prune would prune all images not in use by a container, as opposed to only untagged images, by default #2192
    • Fixed a bug where podman create --quiet and podman run --quiet were not properly suppressing output
    • Fixed a bug where the table keyword in Go template output of podman ps was not working #2221
    • Fixed a bug where podman inspect on images pulled by digest would double-print @sha256 in output when printing digests #2086
    • Fixed a bug where podman container runlabel will return a non-0 exit code if the label does not exist
    • Fixed a bug where container state was always reset to Created after a reboot #1703
    • Fixed a bug where /dev/pts was unconditionally overridden in rootless Podman, which was unnecessary except in very specific cases
    • Fixed a bug where Podman run as root was ignoring some options in /etc/containers/storage.conf #2217
    • Fixed a bug where Podman cleanup processes were not being given the proper OCI runtime path if a custom one was specified
    • Fixed a bug where podman images --filter dangling=true would crash if no dangling images were present #2246
    • Fixed a bug where podman ps --format {% raw %}"{{.Mounts}}"{% endraw %} would not display a container's mounts #2238
    • Fixed a bug where podman pod stats was ignoring Go templates specified by --format #2258
    • Fixed a bug where podman generate kube would fail on containers with --user specified #2304
    • Fixed a bug where podman images displayed incorrect output for images pulled by digest #2175
    • Fixed a bug where podman port and podman ps did not properly display ports if the container joined a network namespace from a pod or another container #846
    • Fixed a bug where detaching from a container using the detach keys would cause Podman to hang until the container exited
    • Fixed a bug where podman create --rm did not work with podman start --attach
    • Fixed a bug where invalid named volumes specified in podman create and podman run could cause segfaults #2301
    • Fixed a bug where the runtime field in libpod.conf was being ignored. runtime is legacy and deprecated, but will continue to be respected for the foreseeable future
    • Fixed a bug where podman login would sometimes report it logged in successfully when it did not
    • Fixed a bug where podman pod create would not error on receiving unused CLI argument
    • Fixed a bug where rootless podman run with the --pod argument would fail if the pod was stopped
    • Fixed a bug where podman images did not print a trailing newline when not invoked on a TTY #2388
    • Fixed a bug where the --runtime option was sometimes not overriding libpod.conf
    • Fixed a bug where podman pull and podman runlabel would sometimes exit with 0 when they should have exited with an error #2405
    • Fixed a bug where rootless podman export -o would fail #2381
    • Fixed a bug where read-only volumes would fail in rootless Podman when the volume originated on a filesystem mounted nosuid, nodev, or noexec #2312
    • Fixed a bug where some files used by checkpoint and restore received improper SELinux labels #2334
    • Fixed a bug where Podman's volume path was not properly changed when containers/storage changed location #2395

    Misc

    • Podman migrated to a new, shared memory locking model in this release. As part of this, if you are running Podman with pods or dependency containers (e.g. --net=container:), you should run the podman system renumber command to migrate your containers to the new model - please reference the podman-system-renumber(1) man page for further details
    • Podman migrated to a new command-line parsing library, and the output format of help and usage text has somewhat changed as a result
    • Updated Buildah to v1.7, picking up a number of bugfixes
    • Updated containers/image library to v1.5, picking up a number of bugfixes and performance improvements to pushing images
    • Updated containers/storage library to v1.10, picking up a number of bugfixes
    • Work on the remote Podman client for interacting with Podman remotely over Varlink is progressing steadily, and many image and pod commands are supported
    • Added path masking to mounts with the :z and :Z options, preventing users from accidentally performing an SELinux relabel of their entire home directory
    • The podman container runlabel command will not pull an image if it does not contain the requested label
    • Many commands' usage information now includes examples
    • podman rm can now delete containers in containers/storage, which can be used to resolve some situations where Podman fails to remove a container
    • The podman search command now searches multiple registries in parallel for improved performance
    • The podman build command now defaults --pull-always to true
    • Containers which share a network namespace (for example, when in a pod) will now share /etc/hosts and /etc/resolv.conf between all containers in the pod, causing changes in one container to propagate to all containers sharing their networks
    • The podman rm and podman rmi commands now return 1 (instead of 127) when all specified container or images are missing

    As always, please visit our release notes on GitHub to see the full changelog.

    You can find instructions for installing Podman here

    · 3 min read

    podman logo

    Podman has gone 1.0!

    Our original goal with Podman was to provide a fully-featured debugging experience for CRI-O, but it has become so much more. Podman 1.0.0 is a fully-featured container engine. It provides a Docker-compatible command line to ease the transition from other container engines. Most Podman commands can be run as a regular user, without requiring additional privileges. Furthermore, all of this is accomplished without a daemon!

    · 2 min read

    podman logo

    Podman Release 0.12.1.1

    We're happy to announce the availability of Podman 0.12.1.1, our latest version. We've been very busy over the last month, and it shows! We've merged over 150 new commits since our 0.11 releases, including major new functionality and several critical bugfixes. Pods, Kubernetes compatibility, and container volumes all saw major improvements.

    We hope everyone enjoys the release, and stays with us in the future as Podman gets closer to 1.0. As always, many thanks to everyone who contributed to this release!

    - + \ No newline at end of file diff --git a/release/page/3.html b/release/page/3.html index d1afd0385..27b467f6c 100644 --- a/release/page/3.html +++ b/release/page/3.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    · 2 min read

    podman logo

    Podman release 0.8.3

    Our release this week was very smooth. It seems like between CI infrastructure stability, last minute pull requests, and sometimes just plain bad luck, something always gives us trouble on Friday’s. The Fedora packages are created and I see that they are getting their karma and working through the process already.

    By the way, we moved! Our new upstream location is https://github.com/containers/podman. It seems to be a more natural fit for our project and more closely associates us with some of our sister projects.

    · 2 min read

    podman logo

    Podman release 0.7.2

    As most weeks are, this was fast and furious. You will see hand fulls of significant features below that have been added to podman this week. All of it is awesome work from the core team and its contributors. There were also two interesting features that users will be interested in: the ability to create a container with multiple networks and the podman remote client.

    · 2 min read

    podman logo

    Podman release 0.7.1

    Last week was a busy holiday week here in the United States, but we still managed a nice release full of interesting merges.

    Many of the significant merges are going to be less than noticeable to users. A lot of updated vendor code was added as well as the removal of unused functions due to cgroups and platform changes.

    · 3 min read

    podman logo

    Podman release 0.6.4

    This afternoon we were able to overcome some last minute bugs and release a new Podman. The packages are building in Fedora and will work their way through Fedora’s bodhi system. For giggles, I looked at the number of individual contributors this week and was glad to see the number at 10.

    Mainly bugfixes this week, one big one was that we do a better job cleaning up containers that run in the back ground.

    · 2 min read

    podman logo

    Podman release 0.6.1

    It seems that when we have a short work week here in the US, we have rather large releases. To me, that flies in the face of logic. Speaking of which, one particular milestone was reached this week … We had our 1000th commit in Podman!

    That is particularly special, because prior to this repository, all libpod work was being done within the CRI-O repository. So the 1000 commits is in actuality since we broke apart from CRI-O. I want to recognize all the contributors who have been helping us along way. Great job! ##Other notable items in the release:

    - + \ No newline at end of file diff --git a/release/tags.html b/release/tags.html index 87cf5c848..750f1d971 100644 --- a/release/tags.html +++ b/release/tags.html @@ -12,13 +12,13 @@ - + - + \ No newline at end of file diff --git a/release/tags/community.html b/release/tags/community.html index d9156fc0b..e434b4aef 100644 --- a/release/tags/community.html +++ b/release/tags/community.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    26 posts tagged with "community"

    View All Tags

    · 3 min read

    podman logo

    Podman 4.3.0 is now available! There’s a lot to be excited about, including numerous new features, over 30 bug fixes, and many other improvements. A major focus of 4.3 has been on improving Docker compatibility, including the addition of many missing options and aliases to Podman’s command line to further our efforts to make transitioning to Podman a seamless change. Podman’s integration with Kubernetes has also seen many improvements, including improved integration with systemd and support for automatic updates. Read on for more details and these changes and more!

    The Podman team made improved compatibility with Docker a priority for Podman 4.3. We audited Podman’s commands against the Docker command line tool to identify missing and unsupported options and then set to work adding and fixing differences. As part of these, we added a dozen new options to various Podman commands, with many of these being missing aliases for existing options. A new set of commands, podman context, have been added for compatibility with docker context. These are also aliases (for podman system connection commands), and will usually be hidden as they are only required for scripts originally written to use Docker. We have also removed a known incompatibility with Docker in Podman’s volume handling. Docker compatibility remains a focus for Podman, and we will continue our efforts to make migrating to Podman effortless.

    Podman’s Kubernetes integration also saw numerous changes, the biggest of which is the creation of the podman kube command. Previously, Kubernetes YAML was generated with podman generate kube and ran with podman play kube, but users found this confusing - it wasn’t immediately obvious from podman help that the commands existed. By moving the commands to podman kube generate and podman kube play and introducing a new command to tear down pods (podman kube down), we consolidated all Kubernetes commands in one easy-to-find place. The podman generate kube, and podman play kube commands will continue to work, but the new podman kube commands will be preferred.

    Of course, we didn’t stop at just renaming commands. We’ve made a number of further additions to podman kube play, most notably improved systemd integration. In Podman 4.2, we added podman-kube@.service to allow pods created with podman kube play to be managed with systemd. With Podman 4.3, we’ve improved this in two significant ways. First, pods using podman-kube@.service can now use sdnotify to verify to systemd that they have started. This laid the groundwork for the following major change: Pods from podman-kube@.service now support Podman’s auto-updated mechanism, enabled using an annotation (io.containers.auto-update). Furthermore, we made several improvements to podman kube play, including support for emptyDir volumes, support for user namespaces via HostUsers, and support for binary data in ConfigMaps.

    These are just a few of the over 30 features and bug fixes included in Podman 4.3.0. Be sure to check out the release notes for more details!

    · 3 min read

    podman logo

    Podman v4.2.0 has been released!

    Podman 4.2.0, our latest release, is now available. Featuring dozens of new features, including support for the GitLab Runner, significant improvements to podman play kube, and pods in general. We’ve also been working on running Podman on Mac and Windows, with a number of major bug fixes and several new features for podman machine landing. We are also happy to announce an early release of Podman Desktop, a GUI tool for Podman. Read on for more details!

    Our new release now supports being used with the GitLab Runner as part of GitLab CI platforms, using the Docker executor. This has been the culmination of months of effort, and required squashing a number of bugs in our REST API. GitLab Runner has been a much-requested feature, and we’re eager to see what users do with it!

    As part of the 4.2.0 release, we have made many changes to both Podman pods and the podman play kube command. Pods now have early support for resource limits, allowing CPU and memory use for a pod to be limited. All containers in the pod will share this limit but can still set their own limits. Pods can also be cloned now via the new podman pod clone command. Support for YAML in play kube has also been improved, with additional support for security context settings and the ability to use BlockDevice and CharDevice volumes.

    systemd integration with podman play kube has been introduced. Pods launched by podman play kube can be managed by systemd, using the new podman-kube@.service service - e.g. systemctl --user start podman-play-kube@$(systemd-escape my.yaml).service will run the my.yaml file managed by systemd.

    Several other features and changes also landed in Podman v4.2.0. Early support for Sigstore signatures is now available in podman push and podman manifest push - expect more in this area in the future as we further integrate Sigstore and Podman. Podman networks can now be isolated (preventing traffic from being sent to other Podman-managed networks) with the --opt isolate= option to podman network create.

    These are just a few of the 40 new features and 50 bug fixes included in Podman 4.2.0. Be sure to check out the release notes for more details!

    Along with the release of Podman 4.2.0, a new version of Podman Desktop is available. If you are not yet aware of Podman Desktop, it’s a new project under the container organization to help developers work with containers in their local environment with a desktop UI. Podman Desktop is still in its early days. Still, it already provides capabilities to list your images, interact with containers (access logs, get a terminal), connect to registries (pull private images, push your images) and configure podman settings (proxies). An early adopter program has also been set up. Feel free to sign up if you are interested in testing Podman Desktop, providing feedback, and speaking about your ideas, experiences, and pain points! If you are interested in contributing to the tool, your help would also be appreciated. Feel free to investigate the project’s Github.

    · 3 min read

    podman logo

    Podman v4.1 has been released!

    The new Podman v4.1.0 release is now available. This release is all about new features, with some of the most exciting being improved support for running on Mac and Windows, and adding support for Docker Compose v2.0. These are just the beginning, though, as this release also includes the ability to clone containers, significant improvements to checkpointing, and over 25 bug fixes. Read on for more details!

    Podman’s support for running on Mac and Windows via podman machine has seen a number of major improvements, chief among them support for mounting the host machine’s home directory into the podman machine VMs by default. Also, on Windows, you can now refer to arbitrary Windows drive paths in your volume mount expressions. This allows containers run by Podman to use mounts from the host, an often-requested feature. Additionally, we’ve added a podman machine inspect command to inspect existing VMs, and support for modifying the CPU, memory, and disk limits of existing VMs using the podman machine set command. Support for non-Linux operating systems continues to be one of our main focuses, and we’re committed to improving our user experience here - stay tuned for more details!

    Podman v4.1 is also our first release to support Docker Compose v2.2.0 and up. Since our v3.0 release over a year ago, Podman has supported Compose v1, but the rewritten Compose v2 required further work in Podman to support. Please note that it may be necessary to disable the use of the BuildKit API by setting the environment variable DOCKER_BUILDKIT=0; we’re looking into improving our Buildkit support in the future, so this is not necessary.

    There are numerous other changes and improvements to all parts of Podman packed into this release. We’ve added several new commands, including podman volume mount and podman volume unmount (to allow easy copying of files to and from volumes without using them in a container) and podman container clone (creates a copy of an existing container, with the ability to change many settings while doing so). Checkpoint and restore have seen a major improvement with the ability to store checkpoints as OCI images, allowing them to be distributed via container registries. Finally, Podman has gone on a diet - we set out to reduce or eliminate many of our dependencies and managed to reduce our binary size by 8MB shaving off 15% of the original binary size. There are many more changes - too many to list all of them here - so be sure to check out the release notes!

    · 2 min read

    podman logo

    Podman v4.0 has been released!

    Podman v4.0.0, a brand-new major release, is now available. Podman 4.0 is one of our most significant releases ever, featuring over 60 new features. Headlining this release is a complete rewrite of the network stack for improved functionality and performance, but there are numerous other changes, including improvements to Podman’s Mac and Windows support, improvements to pods, over 50 bug fixes, and much, much more!

    Podman now features support for a new network stack based on Netavark and Aardvark, in addition to the existing CNI stack. The new stack features improved support for containers in multiple networks, improved IPv6 support, and improved performance. To ensure that we don’t break existing users, the old CNI stack will remain the default on existing installations, while new installs will use Netavark. We’re planning an in-depth dive into the networking changes in a future blog, so look forward to more details there!

    Support for Podman on Windows and OS X has also been a top priority, and we have made several major improvements for Podman 4.0. Chief among them is support for mounting the Podman API socket on the host system, allowing tools like Docker Compose to be used on the host system instead of inside the podman machine VM. Also, podman machine can now use WSL2 as a backend on Windows, greatly improving Podman’s support for Windows. More features, including support for volume mounts from the host, are planned for Podman v4.1, so stay tuned for more updates.

    Podman Pods have seen numerous new features added to allow sharing resources between containers in the pod. The --volume and --device options to the podman pod create command allows volumes and devices to be mounted to every container in the pod, and the --security-opt and --sysctl options allow these configurations to be set for every container in the pod. Again, these changes are just the beginning of what we have planned - eventually, we aim to have almost every option from podman run available to pods to allow easy sharing of configuration options among containers within them.

    These changes are just the tip of the iceberg - there’s far more packed into this release, including major updates to checkpoint and restore, improvements to podman generate systemd and podman play kube, and so much more. Find out more in the release notes.

    · 2 min read

    podman logo

    Podman 3.3 has been released!

    A new Podman release is available, featuring a number of exciting new features, including improved support for running Podman on OS X, support for restarting containers after a system restart, improved support for checkpointing and restoring containers, and 60 bug fixes and stability improvements. Read on for more details!

    Podman’s support for running on non-Linux operating systems via the podman machine command continues to improve in v3.3.0. When containers are run inside a virtual machine created by podman machine, port forwarding from the host to the container is now supported - that is, a container that forwards port 8080 on the host to port 80 in the container will now be accessible not just from port 8080 in the Podman-managed virtual machine, but also from port 8080 on the host system. Stability also continues to improve, with many fixes being made to both podman machine itself and the remote Podman client.

    Podman now supports restarting containers created with the --restart option after the system is rebooted. Containers created with --restart=always can be automatically started when the system boots if the podman-restart.service systemd unit is enabled. Our main focus continues to be on managing containers directly with systemd via podman generate systemd, which has always allowed containers to be automatically started after boot and provides greater flexibility than the --restart option, but the addition of podman-restart.service will be useful for those seeking improved compatibility with Docker. The podman generate systemd command also saw several improvements, and will not default to using SDNotify instead of PID files, producing smaller and easier-to-understand unit files.

    Support for checkpoint and restoring containers has seen several new additions, most notably the ability to checkpoint and restore containers that are part of pods. Additionally, when restoring containers, you can now alter what ports the container publishes via the --publish option. Together, these greatly increase the flexibility of checkpoint and restore.

    This release also includes numerous other changes, features, and fixes. Find out more in the release notes.

    · 2 min read

    podman logo

    Podman 3.1 has been released!

    The new Podman release includes a number of exciting new features, including the podman secret command for managing secrets, support for a volume chown option to fix permissions automatically, improved support for volumes in podman generate kube, and over 60 bug fixes, many to the HTTP API. Read on for more details!

    Secrets support has been a frequent request for Podman, and 3.1.0 features the first step toward fulfilling it. Secrets add a way to easily add confidential data into containers, by having Podman-managed secret files, which can easily be added to containers. We have added a suite of new commands - podman secret create, podman secret ls, podman secret inspect, and podman secret rm - to manage these secrets, and a --secret flag to podman create and podman run to mount secrets into containers. Please note that the initial implementation of secrets does not encrypt secrets at rest - look for this in an upcoming release.

    Podman can now automatically change volume ownership to match the user a container is running as. The new :U mount option for volumes made with the -v flag to podman create and podman run will chown paths mounted into containers to ensure that the user in the container can access the volume. This is very useful with rootless containers, where the rootless user namespace can make it difficult to tell what user on the container will access a directory.

    The podman generate kube command can now generate PersistentVolumeClaim volumes for Podman named volumes attached to containers. These have been supported in podman play kube since v2.2.0, but until now, Podman has not been able to create YAML with these volumes. This important addition restores symmetry between generate kube and play kube.

    This release also includes numerous other changes, features, and fixes. Find out more in the release notes.

    · 3 min read

    podman logo

    Podman 3.0 has been released!

    This new major release features several exciting new features, including support for Docker Compose, improved security around image pulls by short name, improved networking support, and over 100 bug fixes. Podman v3.0 also features numerous improvements to our REST API and the Podman remote client.

    The headlining feature of Podman 3.0 is the addition of support for Docker Compose which can now run against the Podman REST API. There are no changes needed as Compose won’t even realize it’s using Podman. Compose is only supported when running Podman as root; we aim to support it with rootless Podman in a future release.

    Podman 3.0 also enables secure short name aliasing by default, a feature that debuted in experimental form in Podman 2.2. With short name aliasing enabled, every time a user-facing Podman process pulls an image by a short name for the first time (e.g. podman pull fedora), it will prompt to ask the user where they want to pull from. This removes several potential ways an attacker could manipulate where an image was pulled from to cause Podman to pull a malicious image.

    Podman networking has seen numerous fixes as part of Podman 3.0. We have added a new command, podman network reload, which recreates firewall rules for Podman containers. Previously, reloading the system firewall would render all containers running as root unusable until they were restarted; podman network reload fixes this. Networks created by podman network create also now support labels, and the podman network ls command can filter using these labels.

    Podman v3.0 includes the latest version of Buildah along with updates to our other container libraries. Buildah 1.19.2 includes many new features and fixes, including improved support for building multi-platform container images.

    Podman v3.0 also includes a fix for CVE-2021-20199. This is a security issue where rootless Podman would rewrite the source address on traffic from published ports to 127.0.0.1, which could cause an authentication bypass on certain images. We strongly suggest upgrading if you use rootless Podman.

    As part of 3.0, Podman has dropped support for the legacy Varlink API, which we deprecated in Podman 2.0. We recommend all users of the Varlink API upgrade to the new REST API.

    Dozens of other features, changes, and bug fixes are all included to improve stability, performance, and compatibility. These include numerous additional commands and options as well as API changes and fixes. You can read more here.

    · 2 min read

    podman logo

    Podman 2.2 has been released!

    Podman v2.2.0 has been released! Featuring numerous new features and over 80 bugfixes, the new Podman offers a number of often-requested features and improved stability. Read on for more details!

    Some of our most exciting new features include support for network aliases and the network connect and network disconnect commands. Network aliases are additional names that containers can be accessed through when using DNS. The network connect and network disconnect commands allow running containers to be added to and removed from networks. These have been frequent requests from users, and significantly improve our compatibility with Docker in networking.

    Podman 2.2 also comes with initial support for short name aliasing. This feature, explained more fully here, enhances the security of short names in the podman pull and podman run commands (e.g. podman pull ubi8) by ensuring that that the image we pull is actually the image the user wanted. This feature is purely opt-in for now but will be enabled by default in Podman 3.0.

    The podman generate kube and podman play kube commands also saw numerous improvements, most of which were provided by the community. Both generate kube and play kube now support resource limits for containers. We’ve also gained support for Kubernetes’ persistent volume claims and configmaps in podman play kube. We now offer increased control over the containers created by play kube as well, with a --start option (defaulting to true) controlling whether they are started immediately after being created, and the ability to set what log driver they use to improve the ability of podman play kube to integrate with systemd unit files.

    We’ve also added several other improvements. The --mount option to podman create and podman run can now mount a container image into a container using the type=image argument. Additionally, the podman inspect command now works with more objects (networks, pods, and volumes) instead of just containers and images. Finally, more Podman commands (podman mount, podman diff, podman container exists) can now work with Buildah and CRI-O containers, in addition to Podman containers.

    Numerous bug fixes to APIV2 to better support docker-compose and docker-py.

    · 2 min read

    podman logo

    Podman 2.1 has been released!

    Podman v2.1.0 has just been released! This is one of our largest releases ever, and features numerous new features, over 50 bugs fixed, and extensive work on the REST API. Read on for more details!

    Our biggest announcement is that rootless Podman now supports inter-container networking. Previously, it was impossible for rootless Podman containers to communicate directly with each other without using pods. Now, by joining rootless containers to a network, they can communicate with other containers in the same network in the same manner as containers running with full root privileges. This is a major improvement to rootless networking, and addresses one of the largest gaps between running Podman with and without root.

    We’ve also enabled a number of new features for images. Podman can now mount images (read-only) so their contents can be viewed without creating a container based on the image, using the podman image mount command. Additionally, podman save and podman load can now work with archives containing multiple images, instead of only one at a time. Finally, Podman’s pull logic has been reworked to retry pulling images when a pull fails due to network issues.

    The podman play kube command has also been a focus of attention. It now handles many additional options from Kubernetes YAML. These include support for new volume types (mounting sockets into your pods and setting volumes as read-only), setting restart policy for pods, adding entries to /etc/hosts, and many more. These features are available to anyone using podman generate kube as well.

    In addition, there are numerous small improvements. Volume mounts can now use the :O option to be created as overlay mounts - mounts where changes made by the container will not be propagated back to the host. Podman now supports setting the timezone of containers (using the --tz flag). The podman ps command now supports a --storage option which will display all containers on the system, even those not managed by Podman (e.g. Buildah and CRI-O containers).

    - + \ No newline at end of file diff --git a/release/tags/community/page/2.html b/release/tags/community/page/2.html index 0e9af5fbb..c2f42c56f 100644 --- a/release/tags/community/page/2.html +++ b/release/tags/community/page/2.html @@ -12,7 +12,7 @@ - + @@ -26,7 +26,7 @@ rootless Podman, adding short options to some of the existing command options, added --all-tags to the the pull command, further changes for rootless containers and more. All the details follow!

    Changes

    Features

    • Added --latest and --all flags to podman mount and podman umount
    • Rootless Podman can now forward ports into containers (using the same -p and -P flags as root Podman)
    • Rootless Podman will now pull some configuration options (for example, OCI runtime path) from the default root libpod.conf if they are not explicitly set in the user's own libpod.conf #2174
    • Added an alias -f for the --format flag of the podman info and podman version commands
    • Added an alias -s for the --size flag of the podman inspect command
    • Added the podman system info and podman system prune commands
    • Added the podman cp command to copy files between containers and the host #613
    • Added the --password-stdin flag to podman login
    • Added the --all-tags flag to podman pull
    • The --rm and --detach flags can now be used together with podman run
    • The podman start and podman run commands for containers in pods will now start dependency containers if they are stopped
    • Added the podman system renumber command to handle lock changes
    • The --net=host and --dns flags for podman run and podman create no longer conflict
    • Podman now handles mounting the shared /etc/resolv.conf from network namespaces created by ip netns add when they are passed in via podman run --net=ns:

    Bugfixes

    • Fixed a bug with podman inspect where different information would be returned when the container was running versus when it was stopped
    • Fixed a bug where errors in Go templates passed to podman inspect were silently ignored instead of reported to the user #2159
    • Fixed a bug where rootless Podman with --pid=host containers was incorrectly masking paths in /proc
    • Fixed a bug where full errors starting rootless Podman were not reported when a refresh was requested
    • Fixed a bug where Podman would override the config file-specified storage driver with the driver the backing database was created with without warning users
    • Fixed a bug where podman prune would prune all images not in use by a container, as opposed to only untagged images, by default #2192
    • Fixed a bug where podman create --quiet and podman run --quiet were not properly suppressing output
    • Fixed a bug where the table keyword in Go template output of podman ps was not working #2221
    • Fixed a bug where podman inspect on images pulled by digest would double-print @sha256 in output when printing digests #2086
    • Fixed a bug where podman container runlabel will return a non-0 exit code if the label does not exist
    • Fixed a bug where container state was always reset to Created after a reboot #1703
    • Fixed a bug where /dev/pts was unconditionally overridden in rootless Podman, which was unnecessary except in very specific cases
    • Fixed a bug where Podman run as root was ignoring some options in /etc/containers/storage.conf #2217
    • Fixed a bug where Podman cleanup processes were not being given the proper OCI runtime path if a custom one was specified
    • Fixed a bug where podman images --filter dangling=true would crash if no dangling images were present #2246
    • Fixed a bug where podman ps --format {% raw %}"{{.Mounts}}"{% endraw %} would not display a container's mounts #2238
    • Fixed a bug where podman pod stats was ignoring Go templates specified by --format #2258
    • Fixed a bug where podman generate kube would fail on containers with --user specified #2304
    • Fixed a bug where podman images displayed incorrect output for images pulled by digest #2175
    • Fixed a bug where podman port and podman ps did not properly display ports if the container joined a network namespace from a pod or another container #846
    • Fixed a bug where detaching from a container using the detach keys would cause Podman to hang until the container exited
    • Fixed a bug where podman create --rm did not work with podman start --attach
    • Fixed a bug where invalid named volumes specified in podman create and podman run could cause segfaults #2301
    • Fixed a bug where the runtime field in libpod.conf was being ignored. runtime is legacy and deprecated, but will continue to be respected for the foreseeable future
    • Fixed a bug where podman login would sometimes report it logged in successfully when it did not
    • Fixed a bug where podman pod create would not error on receiving unused CLI argument
    • Fixed a bug where rootless podman run with the --pod argument would fail if the pod was stopped
    • Fixed a bug where podman images did not print a trailing newline when not invoked on a TTY #2388
    • Fixed a bug where the --runtime option was sometimes not overriding libpod.conf
    • Fixed a bug where podman pull and podman runlabel would sometimes exit with 0 when they should have exited with an error #2405
    • Fixed a bug where rootless podman export -o would fail #2381
    • Fixed a bug where read-only volumes would fail in rootless Podman when the volume originated on a filesystem mounted nosuid, nodev, or noexec #2312
    • Fixed a bug where some files used by checkpoint and restore received improper SELinux labels #2334
    • Fixed a bug where Podman's volume path was not properly changed when containers/storage changed location #2395

    Misc

    • Podman migrated to a new, shared memory locking model in this release. As part of this, if you are running Podman with pods or dependency containers (e.g. --net=container:), you should run the podman system renumber command to migrate your containers to the new model - please reference the podman-system-renumber(1) man page for further details
    • Podman migrated to a new command-line parsing library, and the output format of help and usage text has somewhat changed as a result
    • Updated Buildah to v1.7, picking up a number of bugfixes
    • Updated containers/image library to v1.5, picking up a number of bugfixes and performance improvements to pushing images
    • Updated containers/storage library to v1.10, picking up a number of bugfixes
    • Work on the remote Podman client for interacting with Podman remotely over Varlink is progressing steadily, and many image and pod commands are supported
    • Added path masking to mounts with the :z and :Z options, preventing users from accidentally performing an SELinux relabel of their entire home directory
    • The podman container runlabel command will not pull an image if it does not contain the requested label
    • Many commands' usage information now includes examples
    • podman rm can now delete containers in containers/storage, which can be used to resolve some situations where Podman fails to remove a container
    • The podman search command now searches multiple registries in parallel for improved performance
    • The podman build command now defaults --pull-always to true
    • Containers which share a network namespace (for example, when in a pod) will now share /etc/hosts and /etc/resolv.conf between all containers in the pod, causing changes in one container to propagate to all containers sharing their networks
    • The podman rm and podman rmi commands now return 1 (instead of 127) when all specified container or images are missing

    As always, please visit our release notes on GitHub to see the full changelog.

    You can find instructions for installing Podman here

    · 3 min read

    podman logo

    Podman has gone 1.0!

    Our original goal with Podman was to provide a fully-featured debugging experience for CRI-O, but it has become so much more. Podman 1.0.0 is a fully-featured container engine. It provides a Docker-compatible command line to ease the transition from other container engines. Most Podman commands can be run as a regular user, without requiring additional privileges. Furthermore, all of this is accomplished without a daemon!

    · 2 min read

    podman logo

    Podman Release 0.12.1.1

    We're happy to announce the availability of Podman 0.12.1.1, our latest version. We've been very busy over the last month, and it shows! We've merged over 150 new commits since our 0.11 releases, including major new functionality and several critical bugfixes. Pods, Kubernetes compatibility, and container volumes all saw major improvements.

    We hope everyone enjoys the release, and stays with us in the future as Podman gets closer to 1.0. As always, many thanks to everyone who contributed to this release!

    - + \ No newline at end of file diff --git a/release/tags/community/page/3.html b/release/tags/community/page/3.html index fff9d98be..dcc031f77 100644 --- a/release/tags/community/page/3.html +++ b/release/tags/community/page/3.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    26 posts tagged with "community"

    View All Tags

    · 2 min read

    podman logo

    Podman release 0.8.3

    Our release this week was very smooth. It seems like between CI infrastructure stability, last minute pull requests, and sometimes just plain bad luck, something always gives us trouble on Friday’s. The Fedora packages are created and I see that they are getting their karma and working through the process already.

    By the way, we moved! Our new upstream location is https://github.com/containers/podman. It seems to be a more natural fit for our project and more closely associates us with some of our sister projects.

    · 2 min read

    podman logo

    Podman release 0.7.2

    As most weeks are, this was fast and furious. You will see hand fulls of significant features below that have been added to podman this week. All of it is awesome work from the core team and its contributors. There were also two interesting features that users will be interested in: the ability to create a container with multiple networks and the podman remote client.

    · 2 min read

    podman logo

    Podman release 0.7.1

    Last week was a busy holiday week here in the United States, but we still managed a nice release full of interesting merges.

    Many of the significant merges are going to be less than noticeable to users. A lot of updated vendor code was added as well as the removal of unused functions due to cgroups and platform changes.

    · 3 min read

    podman logo

    Podman release 0.6.4

    This afternoon we were able to overcome some last minute bugs and release a new Podman. The packages are building in Fedora and will work their way through Fedora’s bodhi system. For giggles, I looked at the number of individual contributors this week and was glad to see the number at 10.

    Mainly bugfixes this week, one big one was that we do a better job cleaning up containers that run in the back ground.

    · 2 min read

    podman logo

    Podman release 0.6.1

    It seems that when we have a short work week here in the US, we have rather large releases. To me, that flies in the face of logic. Speaking of which, one particular milestone was reached this week … We had our 1000th commit in Podman!

    That is particularly special, because prior to this repository, all libpod work was being done within the CRI-O repository. So the 1000 commits is in actuality since we broke apart from CRI-O. I want to recognize all the contributors who have been helping us along way. Great job! ##Other notable items in the release:

    - + \ No newline at end of file diff --git a/release/tags/hpc.html b/release/tags/hpc.html index 13b8ed801..0511eadb6 100644 --- a/release/tags/hpc.html +++ b/release/tags/hpc.html @@ -12,14 +12,14 @@ - +

    8 posts tagged with "hpc"

    View All Tags

    · 3 min read

    podman logo

    Podman 4.3.0 is now available! There’s a lot to be excited about, including numerous new features, over 30 bug fixes, and many other improvements. A major focus of 4.3 has been on improving Docker compatibility, including the addition of many missing options and aliases to Podman’s command line to further our efforts to make transitioning to Podman a seamless change. Podman’s integration with Kubernetes has also seen many improvements, including improved integration with systemd and support for automatic updates. Read on for more details and these changes and more!

    The Podman team made improved compatibility with Docker a priority for Podman 4.3. We audited Podman’s commands against the Docker command line tool to identify missing and unsupported options and then set to work adding and fixing differences. As part of these, we added a dozen new options to various Podman commands, with many of these being missing aliases for existing options. A new set of commands, podman context, have been added for compatibility with docker context. These are also aliases (for podman system connection commands), and will usually be hidden as they are only required for scripts originally written to use Docker. We have also removed a known incompatibility with Docker in Podman’s volume handling. Docker compatibility remains a focus for Podman, and we will continue our efforts to make migrating to Podman effortless.

    Podman’s Kubernetes integration also saw numerous changes, the biggest of which is the creation of the podman kube command. Previously, Kubernetes YAML was generated with podman generate kube and ran with podman play kube, but users found this confusing - it wasn’t immediately obvious from podman help that the commands existed. By moving the commands to podman kube generate and podman kube play and introducing a new command to tear down pods (podman kube down), we consolidated all Kubernetes commands in one easy-to-find place. The podman generate kube, and podman play kube commands will continue to work, but the new podman kube commands will be preferred.

    Of course, we didn’t stop at just renaming commands. We’ve made a number of further additions to podman kube play, most notably improved systemd integration. In Podman 4.2, we added podman-kube@.service to allow pods created with podman kube play to be managed with systemd. With Podman 4.3, we’ve improved this in two significant ways. First, pods using podman-kube@.service can now use sdnotify to verify to systemd that they have started. This laid the groundwork for the following major change: Pods from podman-kube@.service now support Podman’s auto-updated mechanism, enabled using an annotation (io.containers.auto-update). Furthermore, we made several improvements to podman kube play, including support for emptyDir volumes, support for user namespaces via HostUsers, and support for binary data in ConfigMaps.

    These are just a few of the over 30 features and bug fixes included in Podman 4.3.0. Be sure to check out the release notes for more details!

    · 3 min read

    podman logo

    Podman v4.2.0 has been released!

    Podman 4.2.0, our latest release, is now available. Featuring dozens of new features, including support for the GitLab Runner, significant improvements to podman play kube, and pods in general. We’ve also been working on running Podman on Mac and Windows, with a number of major bug fixes and several new features for podman machine landing. We are also happy to announce an early release of Podman Desktop, a GUI tool for Podman. Read on for more details!

    Our new release now supports being used with the GitLab Runner as part of GitLab CI platforms, using the Docker executor. This has been the culmination of months of effort, and required squashing a number of bugs in our REST API. GitLab Runner has been a much-requested feature, and we’re eager to see what users do with it!

    As part of the 4.2.0 release, we have made many changes to both Podman pods and the podman play kube command. Pods now have early support for resource limits, allowing CPU and memory use for a pod to be limited. All containers in the pod will share this limit but can still set their own limits. Pods can also be cloned now via the new podman pod clone command. Support for YAML in play kube has also been improved, with additional support for security context settings and the ability to use BlockDevice and CharDevice volumes.

    systemd integration with podman play kube has been introduced. Pods launched by podman play kube can be managed by systemd, using the new podman-kube@.service service - e.g. systemctl --user start podman-play-kube@$(systemd-escape my.yaml).service will run the my.yaml file managed by systemd.

    Several other features and changes also landed in Podman v4.2.0. Early support for Sigstore signatures is now available in podman push and podman manifest push - expect more in this area in the future as we further integrate Sigstore and Podman. Podman networks can now be isolated (preventing traffic from being sent to other Podman-managed networks) with the --opt isolate= option to podman network create.

    These are just a few of the 40 new features and 50 bug fixes included in Podman 4.2.0. Be sure to check out the release notes for more details!

    Along with the release of Podman 4.2.0, a new version of Podman Desktop is available. If you are not yet aware of Podman Desktop, it’s a new project under the container organization to help developers work with containers in their local environment with a desktop UI. Podman Desktop is still in its early days. Still, it already provides capabilities to list your images, interact with containers (access logs, get a terminal), connect to registries (pull private images, push your images) and configure podman settings (proxies). An early adopter program has also been set up. Feel free to sign up if you are interested in testing Podman Desktop, providing feedback, and speaking about your ideas, experiences, and pain points! If you are interested in contributing to the tool, your help would also be appreciated. Feel free to investigate the project’s Github.

    · 3 min read

    podman logo

    Podman v4.1 has been released!

    The new Podman v4.1.0 release is now available. This release is all about new features, with some of the most exciting being improved support for running on Mac and Windows, and adding support for Docker Compose v2.0. These are just the beginning, though, as this release also includes the ability to clone containers, significant improvements to checkpointing, and over 25 bug fixes. Read on for more details!

    Podman’s support for running on Mac and Windows via podman machine has seen a number of major improvements, chief among them support for mounting the host machine’s home directory into the podman machine VMs by default. Also, on Windows, you can now refer to arbitrary Windows drive paths in your volume mount expressions. This allows containers run by Podman to use mounts from the host, an often-requested feature. Additionally, we’ve added a podman machine inspect command to inspect existing VMs, and support for modifying the CPU, memory, and disk limits of existing VMs using the podman machine set command. Support for non-Linux operating systems continues to be one of our main focuses, and we’re committed to improving our user experience here - stay tuned for more details!

    Podman v4.1 is also our first release to support Docker Compose v2.2.0 and up. Since our v3.0 release over a year ago, Podman has supported Compose v1, but the rewritten Compose v2 required further work in Podman to support. Please note that it may be necessary to disable the use of the BuildKit API by setting the environment variable DOCKER_BUILDKIT=0; we’re looking into improving our Buildkit support in the future, so this is not necessary.

    There are numerous other changes and improvements to all parts of Podman packed into this release. We’ve added several new commands, including podman volume mount and podman volume unmount (to allow easy copying of files to and from volumes without using them in a container) and podman container clone (creates a copy of an existing container, with the ability to change many settings while doing so). Checkpoint and restore have seen a major improvement with the ability to store checkpoints as OCI images, allowing them to be distributed via container registries. Finally, Podman has gone on a diet - we set out to reduce or eliminate many of our dependencies and managed to reduce our binary size by 8MB shaving off 15% of the original binary size. There are many more changes - too many to list all of them here - so be sure to check out the release notes!

    · 2 min read

    podman logo

    Podman v4.0 has been released!

    Podman v4.0.0, a brand-new major release, is now available. Podman 4.0 is one of our most significant releases ever, featuring over 60 new features. Headlining this release is a complete rewrite of the network stack for improved functionality and performance, but there are numerous other changes, including improvements to Podman’s Mac and Windows support, improvements to pods, over 50 bug fixes, and much, much more!

    Podman now features support for a new network stack based on Netavark and Aardvark, in addition to the existing CNI stack. The new stack features improved support for containers in multiple networks, improved IPv6 support, and improved performance. To ensure that we don’t break existing users, the old CNI stack will remain the default on existing installations, while new installs will use Netavark. We’re planning an in-depth dive into the networking changes in a future blog, so look forward to more details there!

    Support for Podman on Windows and OS X has also been a top priority, and we have made several major improvements for Podman 4.0. Chief among them is support for mounting the Podman API socket on the host system, allowing tools like Docker Compose to be used on the host system instead of inside the podman machine VM. Also, podman machine can now use WSL2 as a backend on Windows, greatly improving Podman’s support for Windows. More features, including support for volume mounts from the host, are planned for Podman v4.1, so stay tuned for more updates.

    Podman Pods have seen numerous new features added to allow sharing resources between containers in the pod. The --volume and --device options to the podman pod create command allows volumes and devices to be mounted to every container in the pod, and the --security-opt and --sysctl options allow these configurations to be set for every container in the pod. Again, these changes are just the beginning of what we have planned - eventually, we aim to have almost every option from podman run available to pods to allow easy sharing of configuration options among containers within them.

    These changes are just the tip of the iceberg - there’s far more packed into this release, including major updates to checkpoint and restore, improvements to podman generate systemd and podman play kube, and so much more. Find out more in the release notes.

    · 2 min read

    podman logo

    Podman 3.3 has been released!

    A new Podman release is available, featuring a number of exciting new features, including improved support for running Podman on OS X, support for restarting containers after a system restart, improved support for checkpointing and restoring containers, and 60 bug fixes and stability improvements. Read on for more details!

    Podman’s support for running on non-Linux operating systems via the podman machine command continues to improve in v3.3.0. When containers are run inside a virtual machine created by podman machine, port forwarding from the host to the container is now supported - that is, a container that forwards port 8080 on the host to port 80 in the container will now be accessible not just from port 8080 in the Podman-managed virtual machine, but also from port 8080 on the host system. Stability also continues to improve, with many fixes being made to both podman machine itself and the remote Podman client.

    Podman now supports restarting containers created with the --restart option after the system is rebooted. Containers created with --restart=always can be automatically started when the system boots if the podman-restart.service systemd unit is enabled. Our main focus continues to be on managing containers directly with systemd via podman generate systemd, which has always allowed containers to be automatically started after boot and provides greater flexibility than the --restart option, but the addition of podman-restart.service will be useful for those seeking improved compatibility with Docker. The podman generate systemd command also saw several improvements, and will not default to using SDNotify instead of PID files, producing smaller and easier-to-understand unit files.

    Support for checkpoint and restoring containers has seen several new additions, most notably the ability to checkpoint and restore containers that are part of pods. Additionally, when restoring containers, you can now alter what ports the container publishes via the --publish option. Together, these greatly increase the flexibility of checkpoint and restore.

    This release also includes numerous other changes, features, and fixes. Find out more in the release notes.

    · 2 min read

    podman logo

    Podman 3.1 has been released!

    The new Podman release includes a number of exciting new features, including the podman secret command for managing secrets, support for a volume chown option to fix permissions automatically, improved support for volumes in podman generate kube, and over 60 bug fixes, many to the HTTP API. Read on for more details!

    Secrets support has been a frequent request for Podman, and 3.1.0 features the first step toward fulfilling it. Secrets add a way to easily add confidential data into containers, by having Podman-managed secret files, which can easily be added to containers. We have added a suite of new commands - podman secret create, podman secret ls, podman secret inspect, and podman secret rm - to manage these secrets, and a --secret flag to podman create and podman run to mount secrets into containers. Please note that the initial implementation of secrets does not encrypt secrets at rest - look for this in an upcoming release.

    Podman can now automatically change volume ownership to match the user a container is running as. The new :U mount option for volumes made with the -v flag to podman create and podman run will chown paths mounted into containers to ensure that the user in the container can access the volume. This is very useful with rootless containers, where the rootless user namespace can make it difficult to tell what user on the container will access a directory.

    The podman generate kube command can now generate PersistentVolumeClaim volumes for Podman named volumes attached to containers. These have been supported in podman play kube since v2.2.0, but until now, Podman has not been able to create YAML with these volumes. This important addition restores symmetry between generate kube and play kube.

    This release also includes numerous other changes, features, and fixes. Find out more in the release notes.

    · 3 min read

    podman logo

    Podman 3.0 has been released!

    This new major release features several exciting new features, including support for Docker Compose, improved security around image pulls by short name, improved networking support, and over 100 bug fixes. Podman v3.0 also features numerous improvements to our REST API and the Podman remote client.

    The headlining feature of Podman 3.0 is the addition of support for Docker Compose which can now run against the Podman REST API. There are no changes needed as Compose won’t even realize it’s using Podman. Compose is only supported when running Podman as root; we aim to support it with rootless Podman in a future release.

    Podman 3.0 also enables secure short name aliasing by default, a feature that debuted in experimental form in Podman 2.2. With short name aliasing enabled, every time a user-facing Podman process pulls an image by a short name for the first time (e.g. podman pull fedora), it will prompt to ask the user where they want to pull from. This removes several potential ways an attacker could manipulate where an image was pulled from to cause Podman to pull a malicious image.

    Podman networking has seen numerous fixes as part of Podman 3.0. We have added a new command, podman network reload, which recreates firewall rules for Podman containers. Previously, reloading the system firewall would render all containers running as root unusable until they were restarted; podman network reload fixes this. Networks created by podman network create also now support labels, and the podman network ls command can filter using these labels.

    Podman v3.0 includes the latest version of Buildah along with updates to our other container libraries. Buildah 1.19.2 includes many new features and fixes, including improved support for building multi-platform container images.

    Podman v3.0 also includes a fix for CVE-2021-20199. This is a security issue where rootless Podman would rewrite the source address on traffic from published ports to 127.0.0.1, which could cause an authentication bypass on certain images. We strongly suggest upgrading if you use rootless Podman.

    As part of 3.0, Podman has dropped support for the legacy Varlink API, which we deprecated in Podman 2.0. We recommend all users of the Varlink API upgrade to the new REST API.

    Dozens of other features, changes, and bug fixes are all included to improve stability, performance, and compatibility. These include numerous additional commands and options as well as API changes and fixes. You can read more here.

    · 2 min read

    podman logo

    Podman 2.2 has been released!

    Podman v2.2.0 has been released! Featuring numerous new features and over 80 bugfixes, the new Podman offers a number of often-requested features and improved stability. Read on for more details!

    Some of our most exciting new features include support for network aliases and the network connect and network disconnect commands. Network aliases are additional names that containers can be accessed through when using DNS. The network connect and network disconnect commands allow running containers to be added to and removed from networks. These have been frequent requests from users, and significantly improve our compatibility with Docker in networking.

    Podman 2.2 also comes with initial support for short name aliasing. This feature, explained more fully here, enhances the security of short names in the podman pull and podman run commands (e.g. podman pull ubi8) by ensuring that that the image we pull is actually the image the user wanted. This feature is purely opt-in for now but will be enabled by default in Podman 3.0.

    The podman generate kube and podman play kube commands also saw numerous improvements, most of which were provided by the community. Both generate kube and play kube now support resource limits for containers. We’ve also gained support for Kubernetes’ persistent volume claims and configmaps in podman play kube. We now offer increased control over the containers created by play kube as well, with a --start option (defaulting to true) controlling whether they are started immediately after being created, and the ability to set what log driver they use to improve the ability of podman play kube to integrate with systemd unit files.

    We’ve also added several other improvements. The --mount option to podman create and podman run can now mount a container image into a container using the type=image argument. Additionally, the podman inspect command now works with more objects (networks, pods, and volumes) instead of just containers and images. Finally, more Podman commands (podman mount, podman diff, podman container exists) can now work with Buildah and CRI-O containers, in addition to Podman containers.

    Numerous bug fixes to APIV2 to better support docker-compose and docker-py.

    - + \ No newline at end of file diff --git a/release/tags/kubernetes.html b/release/tags/kubernetes.html index b37b2f6c1..6a0681257 100644 --- a/release/tags/kubernetes.html +++ b/release/tags/kubernetes.html @@ -12,14 +12,14 @@ - +

    8 posts tagged with "kubernetes"

    View All Tags

    · 3 min read

    podman logo

    Podman 4.3.0 is now available! There’s a lot to be excited about, including numerous new features, over 30 bug fixes, and many other improvements. A major focus of 4.3 has been on improving Docker compatibility, including the addition of many missing options and aliases to Podman’s command line to further our efforts to make transitioning to Podman a seamless change. Podman’s integration with Kubernetes has also seen many improvements, including improved integration with systemd and support for automatic updates. Read on for more details and these changes and more!

    The Podman team made improved compatibility with Docker a priority for Podman 4.3. We audited Podman’s commands against the Docker command line tool to identify missing and unsupported options and then set to work adding and fixing differences. As part of these, we added a dozen new options to various Podman commands, with many of these being missing aliases for existing options. A new set of commands, podman context, have been added for compatibility with docker context. These are also aliases (for podman system connection commands), and will usually be hidden as they are only required for scripts originally written to use Docker. We have also removed a known incompatibility with Docker in Podman’s volume handling. Docker compatibility remains a focus for Podman, and we will continue our efforts to make migrating to Podman effortless.

    Podman’s Kubernetes integration also saw numerous changes, the biggest of which is the creation of the podman kube command. Previously, Kubernetes YAML was generated with podman generate kube and ran with podman play kube, but users found this confusing - it wasn’t immediately obvious from podman help that the commands existed. By moving the commands to podman kube generate and podman kube play and introducing a new command to tear down pods (podman kube down), we consolidated all Kubernetes commands in one easy-to-find place. The podman generate kube, and podman play kube commands will continue to work, but the new podman kube commands will be preferred.

    Of course, we didn’t stop at just renaming commands. We’ve made a number of further additions to podman kube play, most notably improved systemd integration. In Podman 4.2, we added podman-kube@.service to allow pods created with podman kube play to be managed with systemd. With Podman 4.3, we’ve improved this in two significant ways. First, pods using podman-kube@.service can now use sdnotify to verify to systemd that they have started. This laid the groundwork for the following major change: Pods from podman-kube@.service now support Podman’s auto-updated mechanism, enabled using an annotation (io.containers.auto-update). Furthermore, we made several improvements to podman kube play, including support for emptyDir volumes, support for user namespaces via HostUsers, and support for binary data in ConfigMaps.

    These are just a few of the over 30 features and bug fixes included in Podman 4.3.0. Be sure to check out the release notes for more details!

    · 3 min read

    podman logo

    Podman v4.2.0 has been released!

    Podman 4.2.0, our latest release, is now available. Featuring dozens of new features, including support for the GitLab Runner, significant improvements to podman play kube, and pods in general. We’ve also been working on running Podman on Mac and Windows, with a number of major bug fixes and several new features for podman machine landing. We are also happy to announce an early release of Podman Desktop, a GUI tool for Podman. Read on for more details!

    Our new release now supports being used with the GitLab Runner as part of GitLab CI platforms, using the Docker executor. This has been the culmination of months of effort, and required squashing a number of bugs in our REST API. GitLab Runner has been a much-requested feature, and we’re eager to see what users do with it!

    As part of the 4.2.0 release, we have made many changes to both Podman pods and the podman play kube command. Pods now have early support for resource limits, allowing CPU and memory use for a pod to be limited. All containers in the pod will share this limit but can still set their own limits. Pods can also be cloned now via the new podman pod clone command. Support for YAML in play kube has also been improved, with additional support for security context settings and the ability to use BlockDevice and CharDevice volumes.

    systemd integration with podman play kube has been introduced. Pods launched by podman play kube can be managed by systemd, using the new podman-kube@.service service - e.g. systemctl --user start podman-play-kube@$(systemd-escape my.yaml).service will run the my.yaml file managed by systemd.

    Several other features and changes also landed in Podman v4.2.0. Early support for Sigstore signatures is now available in podman push and podman manifest push - expect more in this area in the future as we further integrate Sigstore and Podman. Podman networks can now be isolated (preventing traffic from being sent to other Podman-managed networks) with the --opt isolate= option to podman network create.

    These are just a few of the 40 new features and 50 bug fixes included in Podman 4.2.0. Be sure to check out the release notes for more details!

    Along with the release of Podman 4.2.0, a new version of Podman Desktop is available. If you are not yet aware of Podman Desktop, it’s a new project under the container organization to help developers work with containers in their local environment with a desktop UI. Podman Desktop is still in its early days. Still, it already provides capabilities to list your images, interact with containers (access logs, get a terminal), connect to registries (pull private images, push your images) and configure podman settings (proxies). An early adopter program has also been set up. Feel free to sign up if you are interested in testing Podman Desktop, providing feedback, and speaking about your ideas, experiences, and pain points! If you are interested in contributing to the tool, your help would also be appreciated. Feel free to investigate the project’s Github.

    · 3 min read

    podman logo

    Podman v4.1 has been released!

    The new Podman v4.1.0 release is now available. This release is all about new features, with some of the most exciting being improved support for running on Mac and Windows, and adding support for Docker Compose v2.0. These are just the beginning, though, as this release also includes the ability to clone containers, significant improvements to checkpointing, and over 25 bug fixes. Read on for more details!

    Podman’s support for running on Mac and Windows via podman machine has seen a number of major improvements, chief among them support for mounting the host machine’s home directory into the podman machine VMs by default. Also, on Windows, you can now refer to arbitrary Windows drive paths in your volume mount expressions. This allows containers run by Podman to use mounts from the host, an often-requested feature. Additionally, we’ve added a podman machine inspect command to inspect existing VMs, and support for modifying the CPU, memory, and disk limits of existing VMs using the podman machine set command. Support for non-Linux operating systems continues to be one of our main focuses, and we’re committed to improving our user experience here - stay tuned for more details!

    Podman v4.1 is also our first release to support Docker Compose v2.2.0 and up. Since our v3.0 release over a year ago, Podman has supported Compose v1, but the rewritten Compose v2 required further work in Podman to support. Please note that it may be necessary to disable the use of the BuildKit API by setting the environment variable DOCKER_BUILDKIT=0; we’re looking into improving our Buildkit support in the future, so this is not necessary.

    There are numerous other changes and improvements to all parts of Podman packed into this release. We’ve added several new commands, including podman volume mount and podman volume unmount (to allow easy copying of files to and from volumes without using them in a container) and podman container clone (creates a copy of an existing container, with the ability to change many settings while doing so). Checkpoint and restore have seen a major improvement with the ability to store checkpoints as OCI images, allowing them to be distributed via container registries. Finally, Podman has gone on a diet - we set out to reduce or eliminate many of our dependencies and managed to reduce our binary size by 8MB shaving off 15% of the original binary size. There are many more changes - too many to list all of them here - so be sure to check out the release notes!

    · 2 min read

    podman logo

    Podman v4.0 has been released!

    Podman v4.0.0, a brand-new major release, is now available. Podman 4.0 is one of our most significant releases ever, featuring over 60 new features. Headlining this release is a complete rewrite of the network stack for improved functionality and performance, but there are numerous other changes, including improvements to Podman’s Mac and Windows support, improvements to pods, over 50 bug fixes, and much, much more!

    Podman now features support for a new network stack based on Netavark and Aardvark, in addition to the existing CNI stack. The new stack features improved support for containers in multiple networks, improved IPv6 support, and improved performance. To ensure that we don’t break existing users, the old CNI stack will remain the default on existing installations, while new installs will use Netavark. We’re planning an in-depth dive into the networking changes in a future blog, so look forward to more details there!

    Support for Podman on Windows and OS X has also been a top priority, and we have made several major improvements for Podman 4.0. Chief among them is support for mounting the Podman API socket on the host system, allowing tools like Docker Compose to be used on the host system instead of inside the podman machine VM. Also, podman machine can now use WSL2 as a backend on Windows, greatly improving Podman’s support for Windows. More features, including support for volume mounts from the host, are planned for Podman v4.1, so stay tuned for more updates.

    Podman Pods have seen numerous new features added to allow sharing resources between containers in the pod. The --volume and --device options to the podman pod create command allows volumes and devices to be mounted to every container in the pod, and the --security-opt and --sysctl options allow these configurations to be set for every container in the pod. Again, these changes are just the beginning of what we have planned - eventually, we aim to have almost every option from podman run available to pods to allow easy sharing of configuration options among containers within them.

    These changes are just the tip of the iceberg - there’s far more packed into this release, including major updates to checkpoint and restore, improvements to podman generate systemd and podman play kube, and so much more. Find out more in the release notes.

    · 2 min read

    podman logo

    Podman 3.3 has been released!

    A new Podman release is available, featuring a number of exciting new features, including improved support for running Podman on OS X, support for restarting containers after a system restart, improved support for checkpointing and restoring containers, and 60 bug fixes and stability improvements. Read on for more details!

    Podman’s support for running on non-Linux operating systems via the podman machine command continues to improve in v3.3.0. When containers are run inside a virtual machine created by podman machine, port forwarding from the host to the container is now supported - that is, a container that forwards port 8080 on the host to port 80 in the container will now be accessible not just from port 8080 in the Podman-managed virtual machine, but also from port 8080 on the host system. Stability also continues to improve, with many fixes being made to both podman machine itself and the remote Podman client.

    Podman now supports restarting containers created with the --restart option after the system is rebooted. Containers created with --restart=always can be automatically started when the system boots if the podman-restart.service systemd unit is enabled. Our main focus continues to be on managing containers directly with systemd via podman generate systemd, which has always allowed containers to be automatically started after boot and provides greater flexibility than the --restart option, but the addition of podman-restart.service will be useful for those seeking improved compatibility with Docker. The podman generate systemd command also saw several improvements, and will not default to using SDNotify instead of PID files, producing smaller and easier-to-understand unit files.

    Support for checkpoint and restoring containers has seen several new additions, most notably the ability to checkpoint and restore containers that are part of pods. Additionally, when restoring containers, you can now alter what ports the container publishes via the --publish option. Together, these greatly increase the flexibility of checkpoint and restore.

    This release also includes numerous other changes, features, and fixes. Find out more in the release notes.

    · 2 min read

    podman logo

    Podman 3.1 has been released!

    The new Podman release includes a number of exciting new features, including the podman secret command for managing secrets, support for a volume chown option to fix permissions automatically, improved support for volumes in podman generate kube, and over 60 bug fixes, many to the HTTP API. Read on for more details!

    Secrets support has been a frequent request for Podman, and 3.1.0 features the first step toward fulfilling it. Secrets add a way to easily add confidential data into containers, by having Podman-managed secret files, which can easily be added to containers. We have added a suite of new commands - podman secret create, podman secret ls, podman secret inspect, and podman secret rm - to manage these secrets, and a --secret flag to podman create and podman run to mount secrets into containers. Please note that the initial implementation of secrets does not encrypt secrets at rest - look for this in an upcoming release.

    Podman can now automatically change volume ownership to match the user a container is running as. The new :U mount option for volumes made with the -v flag to podman create and podman run will chown paths mounted into containers to ensure that the user in the container can access the volume. This is very useful with rootless containers, where the rootless user namespace can make it difficult to tell what user on the container will access a directory.

    The podman generate kube command can now generate PersistentVolumeClaim volumes for Podman named volumes attached to containers. These have been supported in podman play kube since v2.2.0, but until now, Podman has not been able to create YAML with these volumes. This important addition restores symmetry between generate kube and play kube.

    This release also includes numerous other changes, features, and fixes. Find out more in the release notes.

    · 3 min read

    podman logo

    Podman 3.0 has been released!

    This new major release features several exciting new features, including support for Docker Compose, improved security around image pulls by short name, improved networking support, and over 100 bug fixes. Podman v3.0 also features numerous improvements to our REST API and the Podman remote client.

    The headlining feature of Podman 3.0 is the addition of support for Docker Compose which can now run against the Podman REST API. There are no changes needed as Compose won’t even realize it’s using Podman. Compose is only supported when running Podman as root; we aim to support it with rootless Podman in a future release.

    Podman 3.0 also enables secure short name aliasing by default, a feature that debuted in experimental form in Podman 2.2. With short name aliasing enabled, every time a user-facing Podman process pulls an image by a short name for the first time (e.g. podman pull fedora), it will prompt to ask the user where they want to pull from. This removes several potential ways an attacker could manipulate where an image was pulled from to cause Podman to pull a malicious image.

    Podman networking has seen numerous fixes as part of Podman 3.0. We have added a new command, podman network reload, which recreates firewall rules for Podman containers. Previously, reloading the system firewall would render all containers running as root unusable until they were restarted; podman network reload fixes this. Networks created by podman network create also now support labels, and the podman network ls command can filter using these labels.

    Podman v3.0 includes the latest version of Buildah along with updates to our other container libraries. Buildah 1.19.2 includes many new features and fixes, including improved support for building multi-platform container images.

    Podman v3.0 also includes a fix for CVE-2021-20199. This is a security issue where rootless Podman would rewrite the source address on traffic from published ports to 127.0.0.1, which could cause an authentication bypass on certain images. We strongly suggest upgrading if you use rootless Podman.

    As part of 3.0, Podman has dropped support for the legacy Varlink API, which we deprecated in Podman 2.0. We recommend all users of the Varlink API upgrade to the new REST API.

    Dozens of other features, changes, and bug fixes are all included to improve stability, performance, and compatibility. These include numerous additional commands and options as well as API changes and fixes. You can read more here.

    · 2 min read

    podman logo

    Podman 2.2 has been released!

    Podman v2.2.0 has been released! Featuring numerous new features and over 80 bugfixes, the new Podman offers a number of often-requested features and improved stability. Read on for more details!

    Some of our most exciting new features include support for network aliases and the network connect and network disconnect commands. Network aliases are additional names that containers can be accessed through when using DNS. The network connect and network disconnect commands allow running containers to be added to and removed from networks. These have been frequent requests from users, and significantly improve our compatibility with Docker in networking.

    Podman 2.2 also comes with initial support for short name aliasing. This feature, explained more fully here, enhances the security of short names in the podman pull and podman run commands (e.g. podman pull ubi8) by ensuring that that the image we pull is actually the image the user wanted. This feature is purely opt-in for now but will be enabled by default in Podman 3.0.

    The podman generate kube and podman play kube commands also saw numerous improvements, most of which were provided by the community. Both generate kube and play kube now support resource limits for containers. We’ve also gained support for Kubernetes’ persistent volume claims and configmaps in podman play kube. We now offer increased control over the containers created by play kube as well, with a --start option (defaulting to true) controlling whether they are started immediately after being created, and the ability to set what log driver they use to improve the ability of podman play kube to integrate with systemd unit files.

    We’ve also added several other improvements. The --mount option to podman create and podman run can now mount a container image into a container using the type=image argument. Additionally, the podman inspect command now works with more objects (networks, pods, and volumes) instead of just containers and images. Finally, more Podman commands (podman mount, podman diff, podman container exists) can now work with Buildah and CRI-O containers, in addition to Podman containers.

    Numerous bug fixes to APIV2 to better support docker-compose and docker-py.

    - + \ No newline at end of file diff --git a/release/tags/open-source.html b/release/tags/open-source.html index f5916eeaf..888d8f887 100644 --- a/release/tags/open-source.html +++ b/release/tags/open-source.html @@ -12,14 +12,14 @@ - +

    25 posts tagged with "open source"

    View All Tags

    · 3 min read

    podman logo

    Podman 4.3.0 is now available! There’s a lot to be excited about, including numerous new features, over 30 bug fixes, and many other improvements. A major focus of 4.3 has been on improving Docker compatibility, including the addition of many missing options and aliases to Podman’s command line to further our efforts to make transitioning to Podman a seamless change. Podman’s integration with Kubernetes has also seen many improvements, including improved integration with systemd and support for automatic updates. Read on for more details and these changes and more!

    The Podman team made improved compatibility with Docker a priority for Podman 4.3. We audited Podman’s commands against the Docker command line tool to identify missing and unsupported options and then set to work adding and fixing differences. As part of these, we added a dozen new options to various Podman commands, with many of these being missing aliases for existing options. A new set of commands, podman context, have been added for compatibility with docker context. These are also aliases (for podman system connection commands), and will usually be hidden as they are only required for scripts originally written to use Docker. We have also removed a known incompatibility with Docker in Podman’s volume handling. Docker compatibility remains a focus for Podman, and we will continue our efforts to make migrating to Podman effortless.

    Podman’s Kubernetes integration also saw numerous changes, the biggest of which is the creation of the podman kube command. Previously, Kubernetes YAML was generated with podman generate kube and ran with podman play kube, but users found this confusing - it wasn’t immediately obvious from podman help that the commands existed. By moving the commands to podman kube generate and podman kube play and introducing a new command to tear down pods (podman kube down), we consolidated all Kubernetes commands in one easy-to-find place. The podman generate kube, and podman play kube commands will continue to work, but the new podman kube commands will be preferred.

    Of course, we didn’t stop at just renaming commands. We’ve made a number of further additions to podman kube play, most notably improved systemd integration. In Podman 4.2, we added podman-kube@.service to allow pods created with podman kube play to be managed with systemd. With Podman 4.3, we’ve improved this in two significant ways. First, pods using podman-kube@.service can now use sdnotify to verify to systemd that they have started. This laid the groundwork for the following major change: Pods from podman-kube@.service now support Podman’s auto-updated mechanism, enabled using an annotation (io.containers.auto-update). Furthermore, we made several improvements to podman kube play, including support for emptyDir volumes, support for user namespaces via HostUsers, and support for binary data in ConfigMaps.

    These are just a few of the over 30 features and bug fixes included in Podman 4.3.0. Be sure to check out the release notes for more details!

    · 3 min read

    podman logo

    Podman v4.2.0 has been released!

    Podman 4.2.0, our latest release, is now available. Featuring dozens of new features, including support for the GitLab Runner, significant improvements to podman play kube, and pods in general. We’ve also been working on running Podman on Mac and Windows, with a number of major bug fixes and several new features for podman machine landing. We are also happy to announce an early release of Podman Desktop, a GUI tool for Podman. Read on for more details!

    Our new release now supports being used with the GitLab Runner as part of GitLab CI platforms, using the Docker executor. This has been the culmination of months of effort, and required squashing a number of bugs in our REST API. GitLab Runner has been a much-requested feature, and we’re eager to see what users do with it!

    As part of the 4.2.0 release, we have made many changes to both Podman pods and the podman play kube command. Pods now have early support for resource limits, allowing CPU and memory use for a pod to be limited. All containers in the pod will share this limit but can still set their own limits. Pods can also be cloned now via the new podman pod clone command. Support for YAML in play kube has also been improved, with additional support for security context settings and the ability to use BlockDevice and CharDevice volumes.

    systemd integration with podman play kube has been introduced. Pods launched by podman play kube can be managed by systemd, using the new podman-kube@.service service - e.g. systemctl --user start podman-play-kube@$(systemd-escape my.yaml).service will run the my.yaml file managed by systemd.

    Several other features and changes also landed in Podman v4.2.0. Early support for Sigstore signatures is now available in podman push and podman manifest push - expect more in this area in the future as we further integrate Sigstore and Podman. Podman networks can now be isolated (preventing traffic from being sent to other Podman-managed networks) with the --opt isolate= option to podman network create.

    These are just a few of the 40 new features and 50 bug fixes included in Podman 4.2.0. Be sure to check out the release notes for more details!

    Along with the release of Podman 4.2.0, a new version of Podman Desktop is available. If you are not yet aware of Podman Desktop, it’s a new project under the container organization to help developers work with containers in their local environment with a desktop UI. Podman Desktop is still in its early days. Still, it already provides capabilities to list your images, interact with containers (access logs, get a terminal), connect to registries (pull private images, push your images) and configure podman settings (proxies). An early adopter program has also been set up. Feel free to sign up if you are interested in testing Podman Desktop, providing feedback, and speaking about your ideas, experiences, and pain points! If you are interested in contributing to the tool, your help would also be appreciated. Feel free to investigate the project’s Github.

    · 3 min read

    podman logo

    Podman v4.1 has been released!

    The new Podman v4.1.0 release is now available. This release is all about new features, with some of the most exciting being improved support for running on Mac and Windows, and adding support for Docker Compose v2.0. These are just the beginning, though, as this release also includes the ability to clone containers, significant improvements to checkpointing, and over 25 bug fixes. Read on for more details!

    Podman’s support for running on Mac and Windows via podman machine has seen a number of major improvements, chief among them support for mounting the host machine’s home directory into the podman machine VMs by default. Also, on Windows, you can now refer to arbitrary Windows drive paths in your volume mount expressions. This allows containers run by Podman to use mounts from the host, an often-requested feature. Additionally, we’ve added a podman machine inspect command to inspect existing VMs, and support for modifying the CPU, memory, and disk limits of existing VMs using the podman machine set command. Support for non-Linux operating systems continues to be one of our main focuses, and we’re committed to improving our user experience here - stay tuned for more details!

    Podman v4.1 is also our first release to support Docker Compose v2.2.0 and up. Since our v3.0 release over a year ago, Podman has supported Compose v1, but the rewritten Compose v2 required further work in Podman to support. Please note that it may be necessary to disable the use of the BuildKit API by setting the environment variable DOCKER_BUILDKIT=0; we’re looking into improving our Buildkit support in the future, so this is not necessary.

    There are numerous other changes and improvements to all parts of Podman packed into this release. We’ve added several new commands, including podman volume mount and podman volume unmount (to allow easy copying of files to and from volumes without using them in a container) and podman container clone (creates a copy of an existing container, with the ability to change many settings while doing so). Checkpoint and restore have seen a major improvement with the ability to store checkpoints as OCI images, allowing them to be distributed via container registries. Finally, Podman has gone on a diet - we set out to reduce or eliminate many of our dependencies and managed to reduce our binary size by 8MB shaving off 15% of the original binary size. There are many more changes - too many to list all of them here - so be sure to check out the release notes!

    · 2 min read

    podman logo

    Podman v4.0 has been released!

    Podman v4.0.0, a brand-new major release, is now available. Podman 4.0 is one of our most significant releases ever, featuring over 60 new features. Headlining this release is a complete rewrite of the network stack for improved functionality and performance, but there are numerous other changes, including improvements to Podman’s Mac and Windows support, improvements to pods, over 50 bug fixes, and much, much more!

    Podman now features support for a new network stack based on Netavark and Aardvark, in addition to the existing CNI stack. The new stack features improved support for containers in multiple networks, improved IPv6 support, and improved performance. To ensure that we don’t break existing users, the old CNI stack will remain the default on existing installations, while new installs will use Netavark. We’re planning an in-depth dive into the networking changes in a future blog, so look forward to more details there!

    Support for Podman on Windows and OS X has also been a top priority, and we have made several major improvements for Podman 4.0. Chief among them is support for mounting the Podman API socket on the host system, allowing tools like Docker Compose to be used on the host system instead of inside the podman machine VM. Also, podman machine can now use WSL2 as a backend on Windows, greatly improving Podman’s support for Windows. More features, including support for volume mounts from the host, are planned for Podman v4.1, so stay tuned for more updates.

    Podman Pods have seen numerous new features added to allow sharing resources between containers in the pod. The --volume and --device options to the podman pod create command allows volumes and devices to be mounted to every container in the pod, and the --security-opt and --sysctl options allow these configurations to be set for every container in the pod. Again, these changes are just the beginning of what we have planned - eventually, we aim to have almost every option from podman run available to pods to allow easy sharing of configuration options among containers within them.

    These changes are just the tip of the iceberg - there’s far more packed into this release, including major updates to checkpoint and restore, improvements to podman generate systemd and podman play kube, and so much more. Find out more in the release notes.

    · 2 min read

    podman logo

    Podman 3.3 has been released!

    A new Podman release is available, featuring a number of exciting new features, including improved support for running Podman on OS X, support for restarting containers after a system restart, improved support for checkpointing and restoring containers, and 60 bug fixes and stability improvements. Read on for more details!

    Podman’s support for running on non-Linux operating systems via the podman machine command continues to improve in v3.3.0. When containers are run inside a virtual machine created by podman machine, port forwarding from the host to the container is now supported - that is, a container that forwards port 8080 on the host to port 80 in the container will now be accessible not just from port 8080 in the Podman-managed virtual machine, but also from port 8080 on the host system. Stability also continues to improve, with many fixes being made to both podman machine itself and the remote Podman client.

    Podman now supports restarting containers created with the --restart option after the system is rebooted. Containers created with --restart=always can be automatically started when the system boots if the podman-restart.service systemd unit is enabled. Our main focus continues to be on managing containers directly with systemd via podman generate systemd, which has always allowed containers to be automatically started after boot and provides greater flexibility than the --restart option, but the addition of podman-restart.service will be useful for those seeking improved compatibility with Docker. The podman generate systemd command also saw several improvements, and will not default to using SDNotify instead of PID files, producing smaller and easier-to-understand unit files.

    Support for checkpoint and restoring containers has seen several new additions, most notably the ability to checkpoint and restore containers that are part of pods. Additionally, when restoring containers, you can now alter what ports the container publishes via the --publish option. Together, these greatly increase the flexibility of checkpoint and restore.

    This release also includes numerous other changes, features, and fixes. Find out more in the release notes.

    · 2 min read

    podman logo

    Podman 3.1 has been released!

    The new Podman release includes a number of exciting new features, including the podman secret command for managing secrets, support for a volume chown option to fix permissions automatically, improved support for volumes in podman generate kube, and over 60 bug fixes, many to the HTTP API. Read on for more details!

    Secrets support has been a frequent request for Podman, and 3.1.0 features the first step toward fulfilling it. Secrets add a way to easily add confidential data into containers, by having Podman-managed secret files, which can easily be added to containers. We have added a suite of new commands - podman secret create, podman secret ls, podman secret inspect, and podman secret rm - to manage these secrets, and a --secret flag to podman create and podman run to mount secrets into containers. Please note that the initial implementation of secrets does not encrypt secrets at rest - look for this in an upcoming release.

    Podman can now automatically change volume ownership to match the user a container is running as. The new :U mount option for volumes made with the -v flag to podman create and podman run will chown paths mounted into containers to ensure that the user in the container can access the volume. This is very useful with rootless containers, where the rootless user namespace can make it difficult to tell what user on the container will access a directory.

    The podman generate kube command can now generate PersistentVolumeClaim volumes for Podman named volumes attached to containers. These have been supported in podman play kube since v2.2.0, but until now, Podman has not been able to create YAML with these volumes. This important addition restores symmetry between generate kube and play kube.

    This release also includes numerous other changes, features, and fixes. Find out more in the release notes.

    · 3 min read

    podman logo

    Podman 3.0 has been released!

    This new major release features several exciting new features, including support for Docker Compose, improved security around image pulls by short name, improved networking support, and over 100 bug fixes. Podman v3.0 also features numerous improvements to our REST API and the Podman remote client.

    The headlining feature of Podman 3.0 is the addition of support for Docker Compose which can now run against the Podman REST API. There are no changes needed as Compose won’t even realize it’s using Podman. Compose is only supported when running Podman as root; we aim to support it with rootless Podman in a future release.

    Podman 3.0 also enables secure short name aliasing by default, a feature that debuted in experimental form in Podman 2.2. With short name aliasing enabled, every time a user-facing Podman process pulls an image by a short name for the first time (e.g. podman pull fedora), it will prompt to ask the user where they want to pull from. This removes several potential ways an attacker could manipulate where an image was pulled from to cause Podman to pull a malicious image.

    Podman networking has seen numerous fixes as part of Podman 3.0. We have added a new command, podman network reload, which recreates firewall rules for Podman containers. Previously, reloading the system firewall would render all containers running as root unusable until they were restarted; podman network reload fixes this. Networks created by podman network create also now support labels, and the podman network ls command can filter using these labels.

    Podman v3.0 includes the latest version of Buildah along with updates to our other container libraries. Buildah 1.19.2 includes many new features and fixes, including improved support for building multi-platform container images.

    Podman v3.0 also includes a fix for CVE-2021-20199. This is a security issue where rootless Podman would rewrite the source address on traffic from published ports to 127.0.0.1, which could cause an authentication bypass on certain images. We strongly suggest upgrading if you use rootless Podman.

    As part of 3.0, Podman has dropped support for the legacy Varlink API, which we deprecated in Podman 2.0. We recommend all users of the Varlink API upgrade to the new REST API.

    Dozens of other features, changes, and bug fixes are all included to improve stability, performance, and compatibility. These include numerous additional commands and options as well as API changes and fixes. You can read more here.

    · 2 min read

    podman logo

    Podman 2.2 has been released!

    Podman v2.2.0 has been released! Featuring numerous new features and over 80 bugfixes, the new Podman offers a number of often-requested features and improved stability. Read on for more details!

    Some of our most exciting new features include support for network aliases and the network connect and network disconnect commands. Network aliases are additional names that containers can be accessed through when using DNS. The network connect and network disconnect commands allow running containers to be added to and removed from networks. These have been frequent requests from users, and significantly improve our compatibility with Docker in networking.

    Podman 2.2 also comes with initial support for short name aliasing. This feature, explained more fully here, enhances the security of short names in the podman pull and podman run commands (e.g. podman pull ubi8) by ensuring that that the image we pull is actually the image the user wanted. This feature is purely opt-in for now but will be enabled by default in Podman 3.0.

    The podman generate kube and podman play kube commands also saw numerous improvements, most of which were provided by the community. Both generate kube and play kube now support resource limits for containers. We’ve also gained support for Kubernetes’ persistent volume claims and configmaps in podman play kube. We now offer increased control over the containers created by play kube as well, with a --start option (defaulting to true) controlling whether they are started immediately after being created, and the ability to set what log driver they use to improve the ability of podman play kube to integrate with systemd unit files.

    We’ve also added several other improvements. The --mount option to podman create and podman run can now mount a container image into a container using the type=image argument. Additionally, the podman inspect command now works with more objects (networks, pods, and volumes) instead of just containers and images. Finally, more Podman commands (podman mount, podman diff, podman container exists) can now work with Buildah and CRI-O containers, in addition to Podman containers.

    Numerous bug fixes to APIV2 to better support docker-compose and docker-py.

    · 2 min read

    podman logo

    Podman 2.1 has been released!

    Podman v2.1.0 has just been released! This is one of our largest releases ever, and features numerous new features, over 50 bugs fixed, and extensive work on the REST API. Read on for more details!

    Our biggest announcement is that rootless Podman now supports inter-container networking. Previously, it was impossible for rootless Podman containers to communicate directly with each other without using pods. Now, by joining rootless containers to a network, they can communicate with other containers in the same network in the same manner as containers running with full root privileges. This is a major improvement to rootless networking, and addresses one of the largest gaps between running Podman with and without root.

    We’ve also enabled a number of new features for images. Podman can now mount images (read-only) so their contents can be viewed without creating a container based on the image, using the podman image mount command. Additionally, podman save and podman load can now work with archives containing multiple images, instead of only one at a time. Finally, Podman’s pull logic has been reworked to retry pulling images when a pull fails due to network issues.

    The podman play kube command has also been a focus of attention. It now handles many additional options from Kubernetes YAML. These include support for new volume types (mounting sockets into your pods and setting volumes as read-only), setting restart policy for pods, adding entries to /etc/hosts, and many more. These features are available to anyone using podman generate kube as well.

    In addition, there are numerous small improvements. Volume mounts can now use the :O option to be created as overlay mounts - mounts where changes made by the container will not be propagated back to the host. Podman now supports setting the timezone of containers (using the --tz flag). The podman ps command now supports a --storage option which will display all containers on the system, even those not managed by Podman (e.g. Buildah and CRI-O containers).

    · 2 min read

    podman logo

    Podman 1.9 has been released!

    Podman 1.9.0 has been released, featuring initial support for the new containers.conf configuration file, the ability to dynamically allocate user namespaces, and many improvements to the HTTP API.

    The containers.conf configuration file (documentation here) is the eventual replacement for our old configuration file, libpod.conf. It contains everything that file had, but also a large number of container-specific configuration settings, including the ability to add volume mounts, environment variables, DNS servers, and much more by default in new containers. As support is still in the early stages, we do not presently provide a default containers.conf, but expect to find one in future releases! The containers.conf file is also shared between Podman and Buildah, and sets defaults for both.

    Podman continues to push the boundaries of containers and security. Podman has a new experimental feature to dynamically allocate user namespaces for containers run as root with the --userns=auto flag. This option causes Podman to allocate unique user namespaces for each container it creates, dynamically sized based on the number of UIDs in the image. With this option, it is trivial to run containers in separate user namespaces, greatly improving isolation.

    We expect that Podman 1.9.0 will be the last minor release before Podman 2.0. Podman 2.0 will feature a number of major architectural changes to better support the new HTTP API, and will allow Podman to be used locally, as it is today, or remotely, against a Podman HTTP service, with the same executable. More details here.

    - + \ No newline at end of file diff --git a/release/tags/open-source/page/2.html b/release/tags/open-source/page/2.html index 06bd16794..f36c03dd3 100644 --- a/release/tags/open-source/page/2.html +++ b/release/tags/open-source/page/2.html @@ -12,7 +12,7 @@ - + @@ -26,7 +26,7 @@ rootless Podman, adding short options to some of the existing command options, added --all-tags to the the pull command, further changes for rootless containers and more. All the details follow!

    Changes

    Features

    • Added --latest and --all flags to podman mount and podman umount
    • Rootless Podman can now forward ports into containers (using the same -p and -P flags as root Podman)
    • Rootless Podman will now pull some configuration options (for example, OCI runtime path) from the default root libpod.conf if they are not explicitly set in the user's own libpod.conf #2174
    • Added an alias -f for the --format flag of the podman info and podman version commands
    • Added an alias -s for the --size flag of the podman inspect command
    • Added the podman system info and podman system prune commands
    • Added the podman cp command to copy files between containers and the host #613
    • Added the --password-stdin flag to podman login
    • Added the --all-tags flag to podman pull
    • The --rm and --detach flags can now be used together with podman run
    • The podman start and podman run commands for containers in pods will now start dependency containers if they are stopped
    • Added the podman system renumber command to handle lock changes
    • The --net=host and --dns flags for podman run and podman create no longer conflict
    • Podman now handles mounting the shared /etc/resolv.conf from network namespaces created by ip netns add when they are passed in via podman run --net=ns:

    Bugfixes

    • Fixed a bug with podman inspect where different information would be returned when the container was running versus when it was stopped
    • Fixed a bug where errors in Go templates passed to podman inspect were silently ignored instead of reported to the user #2159
    • Fixed a bug where rootless Podman with --pid=host containers was incorrectly masking paths in /proc
    • Fixed a bug where full errors starting rootless Podman were not reported when a refresh was requested
    • Fixed a bug where Podman would override the config file-specified storage driver with the driver the backing database was created with without warning users
    • Fixed a bug where podman prune would prune all images not in use by a container, as opposed to only untagged images, by default #2192
    • Fixed a bug where podman create --quiet and podman run --quiet were not properly suppressing output
    • Fixed a bug where the table keyword in Go template output of podman ps was not working #2221
    • Fixed a bug where podman inspect on images pulled by digest would double-print @sha256 in output when printing digests #2086
    • Fixed a bug where podman container runlabel will return a non-0 exit code if the label does not exist
    • Fixed a bug where container state was always reset to Created after a reboot #1703
    • Fixed a bug where /dev/pts was unconditionally overridden in rootless Podman, which was unnecessary except in very specific cases
    • Fixed a bug where Podman run as root was ignoring some options in /etc/containers/storage.conf #2217
    • Fixed a bug where Podman cleanup processes were not being given the proper OCI runtime path if a custom one was specified
    • Fixed a bug where podman images --filter dangling=true would crash if no dangling images were present #2246
    • Fixed a bug where podman ps --format {% raw %}"{{.Mounts}}"{% endraw %} would not display a container's mounts #2238
    • Fixed a bug where podman pod stats was ignoring Go templates specified by --format #2258
    • Fixed a bug where podman generate kube would fail on containers with --user specified #2304
    • Fixed a bug where podman images displayed incorrect output for images pulled by digest #2175
    • Fixed a bug where podman port and podman ps did not properly display ports if the container joined a network namespace from a pod or another container #846
    • Fixed a bug where detaching from a container using the detach keys would cause Podman to hang until the container exited
    • Fixed a bug where podman create --rm did not work with podman start --attach
    • Fixed a bug where invalid named volumes specified in podman create and podman run could cause segfaults #2301
    • Fixed a bug where the runtime field in libpod.conf was being ignored. runtime is legacy and deprecated, but will continue to be respected for the foreseeable future
    • Fixed a bug where podman login would sometimes report it logged in successfully when it did not
    • Fixed a bug where podman pod create would not error on receiving unused CLI argument
    • Fixed a bug where rootless podman run with the --pod argument would fail if the pod was stopped
    • Fixed a bug where podman images did not print a trailing newline when not invoked on a TTY #2388
    • Fixed a bug where the --runtime option was sometimes not overriding libpod.conf
    • Fixed a bug where podman pull and podman runlabel would sometimes exit with 0 when they should have exited with an error #2405
    • Fixed a bug where rootless podman export -o would fail #2381
    • Fixed a bug where read-only volumes would fail in rootless Podman when the volume originated on a filesystem mounted nosuid, nodev, or noexec #2312
    • Fixed a bug where some files used by checkpoint and restore received improper SELinux labels #2334
    • Fixed a bug where Podman's volume path was not properly changed when containers/storage changed location #2395

    Misc

    • Podman migrated to a new, shared memory locking model in this release. As part of this, if you are running Podman with pods or dependency containers (e.g. --net=container:), you should run the podman system renumber command to migrate your containers to the new model - please reference the podman-system-renumber(1) man page for further details
    • Podman migrated to a new command-line parsing library, and the output format of help and usage text has somewhat changed as a result
    • Updated Buildah to v1.7, picking up a number of bugfixes
    • Updated containers/image library to v1.5, picking up a number of bugfixes and performance improvements to pushing images
    • Updated containers/storage library to v1.10, picking up a number of bugfixes
    • Work on the remote Podman client for interacting with Podman remotely over Varlink is progressing steadily, and many image and pod commands are supported
    • Added path masking to mounts with the :z and :Z options, preventing users from accidentally performing an SELinux relabel of their entire home directory
    • The podman container runlabel command will not pull an image if it does not contain the requested label
    • Many commands' usage information now includes examples
    • podman rm can now delete containers in containers/storage, which can be used to resolve some situations where Podman fails to remove a container
    • The podman search command now searches multiple registries in parallel for improved performance
    • The podman build command now defaults --pull-always to true
    • Containers which share a network namespace (for example, when in a pod) will now share /etc/hosts and /etc/resolv.conf between all containers in the pod, causing changes in one container to propagate to all containers sharing their networks
    • The podman rm and podman rmi commands now return 1 (instead of 127) when all specified container or images are missing

    As always, please visit our release notes on GitHub to see the full changelog.

    You can find instructions for installing Podman here

    · 3 min read

    podman logo

    Podman has gone 1.0!

    Our original goal with Podman was to provide a fully-featured debugging experience for CRI-O, but it has become so much more. Podman 1.0.0 is a fully-featured container engine. It provides a Docker-compatible command line to ease the transition from other container engines. Most Podman commands can be run as a regular user, without requiring additional privileges. Furthermore, all of this is accomplished without a daemon!

    · 2 min read

    podman logo

    Podman Release 0.12.1.1

    We're happy to announce the availability of Podman 0.12.1.1, our latest version. We've been very busy over the last month, and it shows! We've merged over 150 new commits since our 0.11 releases, including major new functionality and several critical bugfixes. Pods, Kubernetes compatibility, and container volumes all saw major improvements.

    We hope everyone enjoys the release, and stays with us in the future as Podman gets closer to 1.0. As always, many thanks to everyone who contributed to this release!

    · 2 min read

    podman logo

    Podman release 0.8.3

    Our release this week was very smooth. It seems like between CI infrastructure stability, last minute pull requests, and sometimes just plain bad luck, something always gives us trouble on Friday’s. The Fedora packages are created and I see that they are getting their karma and working through the process already.

    By the way, we moved! Our new upstream location is https://github.com/containers/podman. It seems to be a more natural fit for our project and more closely associates us with some of our sister projects.

    - + \ No newline at end of file diff --git a/release/tags/open-source/page/3.html b/release/tags/open-source/page/3.html index 62f4a231b..b1e5dec3a 100644 --- a/release/tags/open-source/page/3.html +++ b/release/tags/open-source/page/3.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    25 posts tagged with "open source"

    View All Tags

    · 2 min read

    podman logo

    Podman release 0.7.2

    As most weeks are, this was fast and furious. You will see hand fulls of significant features below that have been added to podman this week. All of it is awesome work from the core team and its contributors. There were also two interesting features that users will be interested in: the ability to create a container with multiple networks and the podman remote client.

    · 2 min read

    podman logo

    Podman release 0.7.1

    Last week was a busy holiday week here in the United States, but we still managed a nice release full of interesting merges.

    Many of the significant merges are going to be less than noticeable to users. A lot of updated vendor code was added as well as the removal of unused functions due to cgroups and platform changes.

    · 3 min read

    podman logo

    Podman release 0.6.4

    This afternoon we were able to overcome some last minute bugs and release a new Podman. The packages are building in Fedora and will work their way through Fedora’s bodhi system. For giggles, I looked at the number of individual contributors this week and was glad to see the number at 10.

    Mainly bugfixes this week, one big one was that we do a better job cleaning up containers that run in the back ground.

    · 2 min read

    podman logo

    Podman release 0.6.1

    It seems that when we have a short work week here in the US, we have rather large releases. To me, that flies in the face of logic. Speaking of which, one particular milestone was reached this week … We had our 1000th commit in Podman!

    That is particularly special, because prior to this repository, all libpod work was being done within the CRI-O repository. So the 1000 commits is in actuality since we broke apart from CRI-O. I want to recognize all the contributors who have been helping us along way. Great job! ##Other notable items in the release:

    - + \ No newline at end of file diff --git a/release/tags/podman.html b/release/tags/podman.html index 42a1a4dfc..685323b12 100644 --- a/release/tags/podman.html +++ b/release/tags/podman.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    26 posts tagged with "podman"

    View All Tags

    · 3 min read

    podman logo

    Podman 4.3.0 is now available! There’s a lot to be excited about, including numerous new features, over 30 bug fixes, and many other improvements. A major focus of 4.3 has been on improving Docker compatibility, including the addition of many missing options and aliases to Podman’s command line to further our efforts to make transitioning to Podman a seamless change. Podman’s integration with Kubernetes has also seen many improvements, including improved integration with systemd and support for automatic updates. Read on for more details and these changes and more!

    The Podman team made improved compatibility with Docker a priority for Podman 4.3. We audited Podman’s commands against the Docker command line tool to identify missing and unsupported options and then set to work adding and fixing differences. As part of these, we added a dozen new options to various Podman commands, with many of these being missing aliases for existing options. A new set of commands, podman context, have been added for compatibility with docker context. These are also aliases (for podman system connection commands), and will usually be hidden as they are only required for scripts originally written to use Docker. We have also removed a known incompatibility with Docker in Podman’s volume handling. Docker compatibility remains a focus for Podman, and we will continue our efforts to make migrating to Podman effortless.

    Podman’s Kubernetes integration also saw numerous changes, the biggest of which is the creation of the podman kube command. Previously, Kubernetes YAML was generated with podman generate kube and ran with podman play kube, but users found this confusing - it wasn’t immediately obvious from podman help that the commands existed. By moving the commands to podman kube generate and podman kube play and introducing a new command to tear down pods (podman kube down), we consolidated all Kubernetes commands in one easy-to-find place. The podman generate kube, and podman play kube commands will continue to work, but the new podman kube commands will be preferred.

    Of course, we didn’t stop at just renaming commands. We’ve made a number of further additions to podman kube play, most notably improved systemd integration. In Podman 4.2, we added podman-kube@.service to allow pods created with podman kube play to be managed with systemd. With Podman 4.3, we’ve improved this in two significant ways. First, pods using podman-kube@.service can now use sdnotify to verify to systemd that they have started. This laid the groundwork for the following major change: Pods from podman-kube@.service now support Podman’s auto-updated mechanism, enabled using an annotation (io.containers.auto-update). Furthermore, we made several improvements to podman kube play, including support for emptyDir volumes, support for user namespaces via HostUsers, and support for binary data in ConfigMaps.

    These are just a few of the over 30 features and bug fixes included in Podman 4.3.0. Be sure to check out the release notes for more details!

    · 3 min read

    podman logo

    Podman v4.2.0 has been released!

    Podman 4.2.0, our latest release, is now available. Featuring dozens of new features, including support for the GitLab Runner, significant improvements to podman play kube, and pods in general. We’ve also been working on running Podman on Mac and Windows, with a number of major bug fixes and several new features for podman machine landing. We are also happy to announce an early release of Podman Desktop, a GUI tool for Podman. Read on for more details!

    Our new release now supports being used with the GitLab Runner as part of GitLab CI platforms, using the Docker executor. This has been the culmination of months of effort, and required squashing a number of bugs in our REST API. GitLab Runner has been a much-requested feature, and we’re eager to see what users do with it!

    As part of the 4.2.0 release, we have made many changes to both Podman pods and the podman play kube command. Pods now have early support for resource limits, allowing CPU and memory use for a pod to be limited. All containers in the pod will share this limit but can still set their own limits. Pods can also be cloned now via the new podman pod clone command. Support for YAML in play kube has also been improved, with additional support for security context settings and the ability to use BlockDevice and CharDevice volumes.

    systemd integration with podman play kube has been introduced. Pods launched by podman play kube can be managed by systemd, using the new podman-kube@.service service - e.g. systemctl --user start podman-play-kube@$(systemd-escape my.yaml).service will run the my.yaml file managed by systemd.

    Several other features and changes also landed in Podman v4.2.0. Early support for Sigstore signatures is now available in podman push and podman manifest push - expect more in this area in the future as we further integrate Sigstore and Podman. Podman networks can now be isolated (preventing traffic from being sent to other Podman-managed networks) with the --opt isolate= option to podman network create.

    These are just a few of the 40 new features and 50 bug fixes included in Podman 4.2.0. Be sure to check out the release notes for more details!

    Along with the release of Podman 4.2.0, a new version of Podman Desktop is available. If you are not yet aware of Podman Desktop, it’s a new project under the container organization to help developers work with containers in their local environment with a desktop UI. Podman Desktop is still in its early days. Still, it already provides capabilities to list your images, interact with containers (access logs, get a terminal), connect to registries (pull private images, push your images) and configure podman settings (proxies). An early adopter program has also been set up. Feel free to sign up if you are interested in testing Podman Desktop, providing feedback, and speaking about your ideas, experiences, and pain points! If you are interested in contributing to the tool, your help would also be appreciated. Feel free to investigate the project’s Github.

    · 3 min read

    podman logo

    Podman v4.1 has been released!

    The new Podman v4.1.0 release is now available. This release is all about new features, with some of the most exciting being improved support for running on Mac and Windows, and adding support for Docker Compose v2.0. These are just the beginning, though, as this release also includes the ability to clone containers, significant improvements to checkpointing, and over 25 bug fixes. Read on for more details!

    Podman’s support for running on Mac and Windows via podman machine has seen a number of major improvements, chief among them support for mounting the host machine’s home directory into the podman machine VMs by default. Also, on Windows, you can now refer to arbitrary Windows drive paths in your volume mount expressions. This allows containers run by Podman to use mounts from the host, an often-requested feature. Additionally, we’ve added a podman machine inspect command to inspect existing VMs, and support for modifying the CPU, memory, and disk limits of existing VMs using the podman machine set command. Support for non-Linux operating systems continues to be one of our main focuses, and we’re committed to improving our user experience here - stay tuned for more details!

    Podman v4.1 is also our first release to support Docker Compose v2.2.0 and up. Since our v3.0 release over a year ago, Podman has supported Compose v1, but the rewritten Compose v2 required further work in Podman to support. Please note that it may be necessary to disable the use of the BuildKit API by setting the environment variable DOCKER_BUILDKIT=0; we’re looking into improving our Buildkit support in the future, so this is not necessary.

    There are numerous other changes and improvements to all parts of Podman packed into this release. We’ve added several new commands, including podman volume mount and podman volume unmount (to allow easy copying of files to and from volumes without using them in a container) and podman container clone (creates a copy of an existing container, with the ability to change many settings while doing so). Checkpoint and restore have seen a major improvement with the ability to store checkpoints as OCI images, allowing them to be distributed via container registries. Finally, Podman has gone on a diet - we set out to reduce or eliminate many of our dependencies and managed to reduce our binary size by 8MB shaving off 15% of the original binary size. There are many more changes - too many to list all of them here - so be sure to check out the release notes!

    · 2 min read

    podman logo

    Podman v4.0 has been released!

    Podman v4.0.0, a brand-new major release, is now available. Podman 4.0 is one of our most significant releases ever, featuring over 60 new features. Headlining this release is a complete rewrite of the network stack for improved functionality and performance, but there are numerous other changes, including improvements to Podman’s Mac and Windows support, improvements to pods, over 50 bug fixes, and much, much more!

    Podman now features support for a new network stack based on Netavark and Aardvark, in addition to the existing CNI stack. The new stack features improved support for containers in multiple networks, improved IPv6 support, and improved performance. To ensure that we don’t break existing users, the old CNI stack will remain the default on existing installations, while new installs will use Netavark. We’re planning an in-depth dive into the networking changes in a future blog, so look forward to more details there!

    Support for Podman on Windows and OS X has also been a top priority, and we have made several major improvements for Podman 4.0. Chief among them is support for mounting the Podman API socket on the host system, allowing tools like Docker Compose to be used on the host system instead of inside the podman machine VM. Also, podman machine can now use WSL2 as a backend on Windows, greatly improving Podman’s support for Windows. More features, including support for volume mounts from the host, are planned for Podman v4.1, so stay tuned for more updates.

    Podman Pods have seen numerous new features added to allow sharing resources between containers in the pod. The --volume and --device options to the podman pod create command allows volumes and devices to be mounted to every container in the pod, and the --security-opt and --sysctl options allow these configurations to be set for every container in the pod. Again, these changes are just the beginning of what we have planned - eventually, we aim to have almost every option from podman run available to pods to allow easy sharing of configuration options among containers within them.

    These changes are just the tip of the iceberg - there’s far more packed into this release, including major updates to checkpoint and restore, improvements to podman generate systemd and podman play kube, and so much more. Find out more in the release notes.

    · 2 min read

    podman logo

    Podman 3.3 has been released!

    A new Podman release is available, featuring a number of exciting new features, including improved support for running Podman on OS X, support for restarting containers after a system restart, improved support for checkpointing and restoring containers, and 60 bug fixes and stability improvements. Read on for more details!

    Podman’s support for running on non-Linux operating systems via the podman machine command continues to improve in v3.3.0. When containers are run inside a virtual machine created by podman machine, port forwarding from the host to the container is now supported - that is, a container that forwards port 8080 on the host to port 80 in the container will now be accessible not just from port 8080 in the Podman-managed virtual machine, but also from port 8080 on the host system. Stability also continues to improve, with many fixes being made to both podman machine itself and the remote Podman client.

    Podman now supports restarting containers created with the --restart option after the system is rebooted. Containers created with --restart=always can be automatically started when the system boots if the podman-restart.service systemd unit is enabled. Our main focus continues to be on managing containers directly with systemd via podman generate systemd, which has always allowed containers to be automatically started after boot and provides greater flexibility than the --restart option, but the addition of podman-restart.service will be useful for those seeking improved compatibility with Docker. The podman generate systemd command also saw several improvements, and will not default to using SDNotify instead of PID files, producing smaller and easier-to-understand unit files.

    Support for checkpoint and restoring containers has seen several new additions, most notably the ability to checkpoint and restore containers that are part of pods. Additionally, when restoring containers, you can now alter what ports the container publishes via the --publish option. Together, these greatly increase the flexibility of checkpoint and restore.

    This release also includes numerous other changes, features, and fixes. Find out more in the release notes.

    · 2 min read

    podman logo

    Podman 3.1 has been released!

    The new Podman release includes a number of exciting new features, including the podman secret command for managing secrets, support for a volume chown option to fix permissions automatically, improved support for volumes in podman generate kube, and over 60 bug fixes, many to the HTTP API. Read on for more details!

    Secrets support has been a frequent request for Podman, and 3.1.0 features the first step toward fulfilling it. Secrets add a way to easily add confidential data into containers, by having Podman-managed secret files, which can easily be added to containers. We have added a suite of new commands - podman secret create, podman secret ls, podman secret inspect, and podman secret rm - to manage these secrets, and a --secret flag to podman create and podman run to mount secrets into containers. Please note that the initial implementation of secrets does not encrypt secrets at rest - look for this in an upcoming release.

    Podman can now automatically change volume ownership to match the user a container is running as. The new :U mount option for volumes made with the -v flag to podman create and podman run will chown paths mounted into containers to ensure that the user in the container can access the volume. This is very useful with rootless containers, where the rootless user namespace can make it difficult to tell what user on the container will access a directory.

    The podman generate kube command can now generate PersistentVolumeClaim volumes for Podman named volumes attached to containers. These have been supported in podman play kube since v2.2.0, but until now, Podman has not been able to create YAML with these volumes. This important addition restores symmetry between generate kube and play kube.

    This release also includes numerous other changes, features, and fixes. Find out more in the release notes.

    · 3 min read

    podman logo

    Podman 3.0 has been released!

    This new major release features several exciting new features, including support for Docker Compose, improved security around image pulls by short name, improved networking support, and over 100 bug fixes. Podman v3.0 also features numerous improvements to our REST API and the Podman remote client.

    The headlining feature of Podman 3.0 is the addition of support for Docker Compose which can now run against the Podman REST API. There are no changes needed as Compose won’t even realize it’s using Podman. Compose is only supported when running Podman as root; we aim to support it with rootless Podman in a future release.

    Podman 3.0 also enables secure short name aliasing by default, a feature that debuted in experimental form in Podman 2.2. With short name aliasing enabled, every time a user-facing Podman process pulls an image by a short name for the first time (e.g. podman pull fedora), it will prompt to ask the user where they want to pull from. This removes several potential ways an attacker could manipulate where an image was pulled from to cause Podman to pull a malicious image.

    Podman networking has seen numerous fixes as part of Podman 3.0. We have added a new command, podman network reload, which recreates firewall rules for Podman containers. Previously, reloading the system firewall would render all containers running as root unusable until they were restarted; podman network reload fixes this. Networks created by podman network create also now support labels, and the podman network ls command can filter using these labels.

    Podman v3.0 includes the latest version of Buildah along with updates to our other container libraries. Buildah 1.19.2 includes many new features and fixes, including improved support for building multi-platform container images.

    Podman v3.0 also includes a fix for CVE-2021-20199. This is a security issue where rootless Podman would rewrite the source address on traffic from published ports to 127.0.0.1, which could cause an authentication bypass on certain images. We strongly suggest upgrading if you use rootless Podman.

    As part of 3.0, Podman has dropped support for the legacy Varlink API, which we deprecated in Podman 2.0. We recommend all users of the Varlink API upgrade to the new REST API.

    Dozens of other features, changes, and bug fixes are all included to improve stability, performance, and compatibility. These include numerous additional commands and options as well as API changes and fixes. You can read more here.

    · 2 min read

    podman logo

    Podman 2.2 has been released!

    Podman v2.2.0 has been released! Featuring numerous new features and over 80 bugfixes, the new Podman offers a number of often-requested features and improved stability. Read on for more details!

    Some of our most exciting new features include support for network aliases and the network connect and network disconnect commands. Network aliases are additional names that containers can be accessed through when using DNS. The network connect and network disconnect commands allow running containers to be added to and removed from networks. These have been frequent requests from users, and significantly improve our compatibility with Docker in networking.

    Podman 2.2 also comes with initial support for short name aliasing. This feature, explained more fully here, enhances the security of short names in the podman pull and podman run commands (e.g. podman pull ubi8) by ensuring that that the image we pull is actually the image the user wanted. This feature is purely opt-in for now but will be enabled by default in Podman 3.0.

    The podman generate kube and podman play kube commands also saw numerous improvements, most of which were provided by the community. Both generate kube and play kube now support resource limits for containers. We’ve also gained support for Kubernetes’ persistent volume claims and configmaps in podman play kube. We now offer increased control over the containers created by play kube as well, with a --start option (defaulting to true) controlling whether they are started immediately after being created, and the ability to set what log driver they use to improve the ability of podman play kube to integrate with systemd unit files.

    We’ve also added several other improvements. The --mount option to podman create and podman run can now mount a container image into a container using the type=image argument. Additionally, the podman inspect command now works with more objects (networks, pods, and volumes) instead of just containers and images. Finally, more Podman commands (podman mount, podman diff, podman container exists) can now work with Buildah and CRI-O containers, in addition to Podman containers.

    Numerous bug fixes to APIV2 to better support docker-compose and docker-py.

    · 2 min read

    podman logo

    Podman 2.1 has been released!

    Podman v2.1.0 has just been released! This is one of our largest releases ever, and features numerous new features, over 50 bugs fixed, and extensive work on the REST API. Read on for more details!

    Our biggest announcement is that rootless Podman now supports inter-container networking. Previously, it was impossible for rootless Podman containers to communicate directly with each other without using pods. Now, by joining rootless containers to a network, they can communicate with other containers in the same network in the same manner as containers running with full root privileges. This is a major improvement to rootless networking, and addresses one of the largest gaps between running Podman with and without root.

    We’ve also enabled a number of new features for images. Podman can now mount images (read-only) so their contents can be viewed without creating a container based on the image, using the podman image mount command. Additionally, podman save and podman load can now work with archives containing multiple images, instead of only one at a time. Finally, Podman’s pull logic has been reworked to retry pulling images when a pull fails due to network issues.

    The podman play kube command has also been a focus of attention. It now handles many additional options from Kubernetes YAML. These include support for new volume types (mounting sockets into your pods and setting volumes as read-only), setting restart policy for pods, adding entries to /etc/hosts, and many more. These features are available to anyone using podman generate kube as well.

    In addition, there are numerous small improvements. Volume mounts can now use the :O option to be created as overlay mounts - mounts where changes made by the container will not be propagated back to the host. Podman now supports setting the timezone of containers (using the --tz flag). The podman ps command now supports a --storage option which will display all containers on the system, even those not managed by Podman (e.g. Buildah and CRI-O containers).

    - + \ No newline at end of file diff --git a/release/tags/podman/page/2.html b/release/tags/podman/page/2.html index 27953f534..49456a000 100644 --- a/release/tags/podman/page/2.html +++ b/release/tags/podman/page/2.html @@ -12,7 +12,7 @@ - + @@ -26,7 +26,7 @@ rootless Podman, adding short options to some of the existing command options, added --all-tags to the the pull command, further changes for rootless containers and more. All the details follow!

    Changes

    Features

    • Added --latest and --all flags to podman mount and podman umount
    • Rootless Podman can now forward ports into containers (using the same -p and -P flags as root Podman)
    • Rootless Podman will now pull some configuration options (for example, OCI runtime path) from the default root libpod.conf if they are not explicitly set in the user's own libpod.conf #2174
    • Added an alias -f for the --format flag of the podman info and podman version commands
    • Added an alias -s for the --size flag of the podman inspect command
    • Added the podman system info and podman system prune commands
    • Added the podman cp command to copy files between containers and the host #613
    • Added the --password-stdin flag to podman login
    • Added the --all-tags flag to podman pull
    • The --rm and --detach flags can now be used together with podman run
    • The podman start and podman run commands for containers in pods will now start dependency containers if they are stopped
    • Added the podman system renumber command to handle lock changes
    • The --net=host and --dns flags for podman run and podman create no longer conflict
    • Podman now handles mounting the shared /etc/resolv.conf from network namespaces created by ip netns add when they are passed in via podman run --net=ns:

    Bugfixes

    • Fixed a bug with podman inspect where different information would be returned when the container was running versus when it was stopped
    • Fixed a bug where errors in Go templates passed to podman inspect were silently ignored instead of reported to the user #2159
    • Fixed a bug where rootless Podman with --pid=host containers was incorrectly masking paths in /proc
    • Fixed a bug where full errors starting rootless Podman were not reported when a refresh was requested
    • Fixed a bug where Podman would override the config file-specified storage driver with the driver the backing database was created with without warning users
    • Fixed a bug where podman prune would prune all images not in use by a container, as opposed to only untagged images, by default #2192
    • Fixed a bug where podman create --quiet and podman run --quiet were not properly suppressing output
    • Fixed a bug where the table keyword in Go template output of podman ps was not working #2221
    • Fixed a bug where podman inspect on images pulled by digest would double-print @sha256 in output when printing digests #2086
    • Fixed a bug where podman container runlabel will return a non-0 exit code if the label does not exist
    • Fixed a bug where container state was always reset to Created after a reboot #1703
    • Fixed a bug where /dev/pts was unconditionally overridden in rootless Podman, which was unnecessary except in very specific cases
    • Fixed a bug where Podman run as root was ignoring some options in /etc/containers/storage.conf #2217
    • Fixed a bug where Podman cleanup processes were not being given the proper OCI runtime path if a custom one was specified
    • Fixed a bug where podman images --filter dangling=true would crash if no dangling images were present #2246
    • Fixed a bug where podman ps --format {% raw %}"{{.Mounts}}"{% endraw %} would not display a container's mounts #2238
    • Fixed a bug where podman pod stats was ignoring Go templates specified by --format #2258
    • Fixed a bug where podman generate kube would fail on containers with --user specified #2304
    • Fixed a bug where podman images displayed incorrect output for images pulled by digest #2175
    • Fixed a bug where podman port and podman ps did not properly display ports if the container joined a network namespace from a pod or another container #846
    • Fixed a bug where detaching from a container using the detach keys would cause Podman to hang until the container exited
    • Fixed a bug where podman create --rm did not work with podman start --attach
    • Fixed a bug where invalid named volumes specified in podman create and podman run could cause segfaults #2301
    • Fixed a bug where the runtime field in libpod.conf was being ignored. runtime is legacy and deprecated, but will continue to be respected for the foreseeable future
    • Fixed a bug where podman login would sometimes report it logged in successfully when it did not
    • Fixed a bug where podman pod create would not error on receiving unused CLI argument
    • Fixed a bug where rootless podman run with the --pod argument would fail if the pod was stopped
    • Fixed a bug where podman images did not print a trailing newline when not invoked on a TTY #2388
    • Fixed a bug where the --runtime option was sometimes not overriding libpod.conf
    • Fixed a bug where podman pull and podman runlabel would sometimes exit with 0 when they should have exited with an error #2405
    • Fixed a bug where rootless podman export -o would fail #2381
    • Fixed a bug where read-only volumes would fail in rootless Podman when the volume originated on a filesystem mounted nosuid, nodev, or noexec #2312
    • Fixed a bug where some files used by checkpoint and restore received improper SELinux labels #2334
    • Fixed a bug where Podman's volume path was not properly changed when containers/storage changed location #2395

    Misc

    • Podman migrated to a new, shared memory locking model in this release. As part of this, if you are running Podman with pods or dependency containers (e.g. --net=container:), you should run the podman system renumber command to migrate your containers to the new model - please reference the podman-system-renumber(1) man page for further details
    • Podman migrated to a new command-line parsing library, and the output format of help and usage text has somewhat changed as a result
    • Updated Buildah to v1.7, picking up a number of bugfixes
    • Updated containers/image library to v1.5, picking up a number of bugfixes and performance improvements to pushing images
    • Updated containers/storage library to v1.10, picking up a number of bugfixes
    • Work on the remote Podman client for interacting with Podman remotely over Varlink is progressing steadily, and many image and pod commands are supported
    • Added path masking to mounts with the :z and :Z options, preventing users from accidentally performing an SELinux relabel of their entire home directory
    • The podman container runlabel command will not pull an image if it does not contain the requested label
    • Many commands' usage information now includes examples
    • podman rm can now delete containers in containers/storage, which can be used to resolve some situations where Podman fails to remove a container
    • The podman search command now searches multiple registries in parallel for improved performance
    • The podman build command now defaults --pull-always to true
    • Containers which share a network namespace (for example, when in a pod) will now share /etc/hosts and /etc/resolv.conf between all containers in the pod, causing changes in one container to propagate to all containers sharing their networks
    • The podman rm and podman rmi commands now return 1 (instead of 127) when all specified container or images are missing

    As always, please visit our release notes on GitHub to see the full changelog.

    You can find instructions for installing Podman here

    · 3 min read

    podman logo

    Podman has gone 1.0!

    Our original goal with Podman was to provide a fully-featured debugging experience for CRI-O, but it has become so much more. Podman 1.0.0 is a fully-featured container engine. It provides a Docker-compatible command line to ease the transition from other container engines. Most Podman commands can be run as a regular user, without requiring additional privileges. Furthermore, all of this is accomplished without a daemon!

    · 2 min read

    podman logo

    Podman Release 0.12.1.1

    We're happy to announce the availability of Podman 0.12.1.1, our latest version. We've been very busy over the last month, and it shows! We've merged over 150 new commits since our 0.11 releases, including major new functionality and several critical bugfixes. Pods, Kubernetes compatibility, and container volumes all saw major improvements.

    We hope everyone enjoys the release, and stays with us in the future as Podman gets closer to 1.0. As always, many thanks to everyone who contributed to this release!

    - + \ No newline at end of file diff --git a/release/tags/podman/page/3.html b/release/tags/podman/page/3.html index d6109b1ec..2f2968d18 100644 --- a/release/tags/podman/page/3.html +++ b/release/tags/podman/page/3.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    26 posts tagged with "podman"

    View All Tags

    · 2 min read

    podman logo

    Podman release 0.8.3

    Our release this week was very smooth. It seems like between CI infrastructure stability, last minute pull requests, and sometimes just plain bad luck, something always gives us trouble on Friday’s. The Fedora packages are created and I see that they are getting their karma and working through the process already.

    By the way, we moved! Our new upstream location is https://github.com/containers/podman. It seems to be a more natural fit for our project and more closely associates us with some of our sister projects.

    · 2 min read

    podman logo

    Podman release 0.7.2

    As most weeks are, this was fast and furious. You will see hand fulls of significant features below that have been added to podman this week. All of it is awesome work from the core team and its contributors. There were also two interesting features that users will be interested in: the ability to create a container with multiple networks and the podman remote client.

    · 2 min read

    podman logo

    Podman release 0.7.1

    Last week was a busy holiday week here in the United States, but we still managed a nice release full of interesting merges.

    Many of the significant merges are going to be less than noticeable to users. A lot of updated vendor code was added as well as the removal of unused functions due to cgroups and platform changes.

    · 3 min read

    podman logo

    Podman release 0.6.4

    This afternoon we were able to overcome some last minute bugs and release a new Podman. The packages are building in Fedora and will work their way through Fedora’s bodhi system. For giggles, I looked at the number of individual contributors this week and was glad to see the number at 10.

    Mainly bugfixes this week, one big one was that we do a better job cleaning up containers that run in the back ground.

    · 2 min read

    podman logo

    Podman release 0.6.1

    It seems that when we have a short work week here in the US, we have rather large releases. To me, that flies in the face of logic. Speaking of which, one particular milestone was reached this week … We had our 1000th commit in Podman!

    That is particularly special, because prior to this repository, all libpod work was being done within the CRI-O repository. So the 1000 commits is in actuality since we broke apart from CRI-O. I want to recognize all the contributors who have been helping us along way. Great job! ##Other notable items in the release:

    - + \ No newline at end of file