tlog와 Elasticsearch의 연동을 위해 Centos8에 컨테이너를 올리려고 하던 중, podman이라는 솔루션이 문득 생각나서 docker와 비교하면서 설치를 해봤다.
Podman의 기본적인 컨셉은 https://podman.io/ 여기에서도 설명을하고 있는데 daemonless 컨테이너 엔진이라는 거다. Docker는 dockerd가 죽으면 밑에 있는 containerd 하위 컨테이너들도 다 같이 죽어버린다는 의존성의 단점이 있다고 한다.
그래서 OOM 같은 Hell상황이 와서 dockerd가 죽어버린다면? 컨테이너들도 싹 다 죽는 현상이 벌어지는 그런 거와 비슷한 거라고 할까? 그리고 도커 설정을 바꾸고 restart를 해줘야 할 때 컨테이너들도 다 재시작을 해줘야 하는데 이때가 제일 빡치는 부분이다.
그런데, daemonless는 이런 걱정을 할 필요가 없다. (생각해보니 이게 좋네..)
CRI-O를 컨테이너 런타임으로 사용하는 게 좋다는데, Cent8 기본으로는 설치가 없는 거 같고 지금은 Openshift에 쿠버네티스 런타임으로 적용시켜놓은 것 같다. (CRI-O는 아직 잘 모르니 조금 더 공부해봐야겠다.)
음 Podman 얘기만 써놓은 것 같은데 docker를 cent8에 설치할 때도 약간의 이슈가 있으니, 둘 다 병행해서 설치하고 테스트한 것을 써보겠다.
## docker-ce 버전 설치하기
- cent8부터는 dnf가 기본 패키지 관리자로 올라온 것 같다.
- yum이란 명령어는 dnf-3이라는 python-script로 심볼릭 링크가 걸려있다. dnf명령어도 마찬가지다. (Cent8을 이제야 써보니 배울게 많다.)
- docker-ce repo를 추가로 등록하고, 최신 버전으로 install 하면 containerd.io와 의존성에 걸려있다면서 설치가 되지 않는다.
그래서, ---nobest 옵션을 주고 설치를 하면 containerd.io의존성에 맞게 낮은 버전의 docker-ce가 설치된다.
- 꼭 최신의 버전을 쓰고 싶다? 그러면 containerd.io를 수동으로 버전을 올려주고 진행하면 된다고 한다. 하지만 난 그런 귀찮고 OS 표준의 벗어나는 짓을 잘하지 않는다.
- systemctl로 docker enable과 start 후 hello-world컨테이너를 실행시켜서 정상적으로 설치되었는지 확인한다.
[root@localhost ~]# dnf config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo
Adding repo from: https://download.docker.com/linux/centos/docker-ce.repo
[root@localhost ~]# yum config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo
Adding repo from: https://download.docker.com/linux/centos/docker-ce.repo
[root@localhost ~]# ll `which yum`
lrwxrwxrwx. 1 root root 5 Apr 24 15:57 /usr/bin/yum -> dnf-3
[root@localhost ~]# ll `which dnf`
lrwxrwxrwx. 1 root root 5 Apr 24 15:57 /usr/bin/dnf -> dnf-3
[root@localhost ~]# ll `which dnf-3`
-rwxr-xr-x. 1 root root 1954 Apr 24 15:57 /usr/bin/dnf-3
[root@localhost ~]# yum repolist docker-ce-stable
repo id repo name status
docker-ce-stable Docker CE Stable - x86_64 enabled
[root@localhost ~]# dnf install docker-ce
Last metadata expiration check: 0:02:59 ago on Thu Aug 20 11:19:51 2020.
Error:
Problem: package docker-ce-3:19.03.12-3.el7.x86_64 requires containerd.io >= 1.2.2-3, but none of the providers can be installed
- cannot install the best candidate for the job
- package containerd.io-1.2.10-3.2.el7.x86_64 is filtered out by modular filtering
- package containerd.io-1.2.13-3.1.el7.x86_64 is filtered out by modular filtering
- package containerd.io-1.2.13-3.2.el7.x86_64 is filtered out by modular filtering
- package containerd.io-1.2.2-3.3.el7.x86_64 is filtered out by modular filtering
- package containerd.io-1.2.2-3.el7.x86_64 is filtered out by modular filtering
- package containerd.io-1.2.4-3.1.el7.x86_64 is filtered out by modular filtering
- package containerd.io-1.2.5-3.1.el7.x86_64 is filtered out by modular filtering
- package containerd.io-1.2.6-3.3.el7.x86_64 is filtered out by modular filtering
(try to add '--skip-broken' to skip uninstallable packages or '--nobest' to use not only best candidate packages)
[root@localhost ~]# dnf list docker-ce --showduplicates | sort -r
docker-ce.x86_64 3:19.03.9-3.el7 docker-ce-stable
docker-ce.x86_64 3:19.03.8-3.el7 docker-ce-stable
docker-ce.x86_64 3:19.03.7-3.el7 docker-ce-stable
docker-ce.x86_64 3:19.03.6-3.el7 docker-ce-stable
...
[root@localhost ~]# dnf install --nobest docker-ce
Last metadata expiration check: 0:06:06 ago on Thu Aug 20 11:19:51 2020.
Dependencies resolved.
Problem: package docker-ce-3:19.03.12-3.el7.x86_64 requires containerd.io >= 1.2.2-3, but none of the providers can be installed
- cannot install the best candidate for the job
- package containerd.io-1.2.10-3.2.el7.x86_64 is filtered out by modular filtering
- package containerd.io-1.2.13-3.1.el7.x86_64 is filtered out by modular filtering
- package containerd.io-1.2.13-3.2.el7.x86_64 is filtered out by modular filtering
- package containerd.io-1.2.2-3.3.el7.x86_64 is filtered out by modular filtering
- package containerd.io-1.2.2-3.el7.x86_64 is filtered out by modular filtering
- package containerd.io-1.2.4-3.1.el7.x86_64 is filtered out by modular filtering
- package containerd.io-1.2.5-3.1.el7.x86_64 is filtered out by modular filtering
- package containerd.io-1.2.6-3.3.el7.x86_64 is filtered out by modular filtering
========================================================================================================================
Package Arch Version Repository Size
========================================================================================================================
Installing:
docker-ce x86_64 3:18.09.1-3.el7 docker-ce-stable 19 M
Installing dependencies:
checkpolicy x86_64 2.9-1.el8 BaseOS 348 k
container-selinux noarch 2:2.124.0-1.module_el8.2.0+305+5e198a41 AppStream 47 k
containerd.io x86_64 1.2.0-3.el7 docker-ce-stable 22 M
docker-ce-cli x86_64 1:19.03.12-3.el7 docker-ce-stable 38 M
libcgroup x86_64 0.41-19.el8 BaseOS 70 k
policycoreutils-python-utils noarch 2.9-9.el8 BaseOS 251 k
python3-audit x86_64 3.0-0.17.20191104git1c2f876.el8 BaseOS 86 k
python3-libsemanage x86_64 2.9-2.el8 BaseOS 127 k
python3-policycoreutils noarch 2.9-9.el8 BaseOS 2.2 M
python3-setools x86_64 4.2.2-2.el8 BaseOS 601 k
Enabling module streams:
container-tools rhel8
Skipping packages with broken dependencies:
docker-ce x86_64 3:19.03.12-3.el7 docker-ce-stable 24 M
Transaction Summary
========================================================================================================================
Install 11 Packages
Skip 1 Package
Total download size: 83 M
Installed size: 341 M
Is this ok [y/N]: y
Downloading Packages:
(1/11): libcgroup-0.41-19.el8.x86_64.rpm 913 kB/s | 70 kB 00:00
...
[root@localhost ~]# systemctl status docker-ce
Unit docker-ce.service could not be found.
[root@localhost ~]# systemctl enable docker
Created symlink /etc/systemd/system/multi-user.target.wants/docker.service → /usr/lib/systemd/system/docker.service.
[root@localhost ~]# systemctl status docker
● docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled)
Active: inactive (dead)
Docs: https://docs.docker.com
[root@localhost ~]# systemctl start docker
[root@localhost ~]# systemctl status docker
● docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled)
Active: active (running) since Thu 2020-08-20 11:29:17 EDT; 1s ago
Docs: https://docs.docker.com
Main PID: 3832 (dockerd)
Tasks: 18
Memory: 49.4M
CGroup: /system.slice/docker.service
├─3832 /usr/bin/dockerd -H fd://
└─3846 containerd --config /var/run/docker/containerd/containerd.toml --log-level info
Aug 20 11:29:17 localhost.localdomain dockerd[3832]: time="2020-08-20T11:29:17.102312194-04:00" level=info msg="Graph m>
Aug 20 11:29:17 localhost.localdomain dockerd[3832]: time="2020-08-20T11:29:17.102834647-04:00" level=warning msg="Your>
Aug 20 11:29:17 localhost.localdomain dockerd[3832]: time="2020-08-20T11:29:17.102868576-04:00" level=warning msg="Your>
Aug 20 11:29:17 localhost.localdomain dockerd[3832]: time="2020-08-20T11:29:17.103370368-04:00" level=info msg="Loading>
[root@localhost ~]# docker run hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
0e03bdcc26d7: Pull complete
Digest: sha256:7f0a9f93b4aa3022c3a4c147a449bf11e0941a1fd0bf4a8e6c9408b2600777c5
Status: Downloaded newer image for hello-world:latest
Hello from Docker!
This message shows that your installation appears to be working correctly.
To generate this message, Docker took the following steps:
1. The Docker client contacted the Docker daemon.
2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
(amd64)
3. The Docker daemon created a new container from that image which runs the
executable that produces the output you are currently reading.
4. The Docker daemon streamed that output to the Docker client, which sent it
to your terminal.
To try something more ambitious, you can run an Ubuntu container with:
$ docker run -it ubuntu bash
Share images, automate workflows, and more with a free Docker ID:
https://hub.docker.com/
For more examples and ideas, visit:
https://docs.docker.com/get-started/
[root@localhost ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
4bc31e8beba7 hello-world "/hello" About a minute ago Exited (0) About a minute ago
loving_pare
## Podman 설치
- podman 설치는 매우 쉽다. dnf install podman 하면 설치가 된다.
- 혹시나 충돌을 일으킬까해서 docker를 죽인 상태에서 podman으로 작업을 해본다.
- 설치 후 hello-world를 실행시켜보면, 조금 불편하게도 레드햇 레지스트리부터 뒤지다가 없으면 도커 리포지에서 hello-world 컨테이너를 가져온다.
- nginx 컨테이너를 띄우고 80 포트에 잘 맵핑되는지 확인해봐도 아주 잘된다. 사실상 docker 명령어와 거의 같다. (aka. "alias docker=podman")
[root@localhost ~]# dnf install podman
Last metadata expiration check: 0:15:55 ago on Thu Aug 20 11:19:51 2020.
Dependencies resolved.
========================================================================================================================
Package Arch Version Repository Size
========================================================================================================================
Installing:
podman x86_64 1.6.4-10.module_el8.2.0+305+5e198a41 AppStream 12 M
Installing dependencies:
conmon x86_64 2:2.0.6-1.module_el8.2.0+305+5e198a41 AppStream 37 k
...
[root@localhost ~]# systemctl stop docker-ce
Failed to stop docker-ce.service: Unit docker-ce.service not loaded.
[root@localhost ~]# systemctl stop docker
[root@localhost ~]# docker ps
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
[root@localhost ~]# podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@localhost ~]# podman run hello-world
Trying to pull registry.access.redhat.com/hello-world...
name unknown: Repo not found
Trying to pull registry.redhat.io/hello-world...
unable to retrieve auth token: invalid username/password: unauthorized: Please login to the Red Hat Registry using your Customer Portal credentials. Further instructions can be found here: https://access.redhat.com/RegistryAuthentication
Trying to pull docker.io/library/hello-world...
Getting image source signatures
Copying blob 0e03bdcc26d7 done
Copying config bf756fb1ae done
Writing manifest to image destination
Storing signatures
Hello from Docker!
This message shows that your installation appears to be working correctly.
To generate this message, Docker took the following steps:
1. The Docker client contacted the Docker daemon.
2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
(amd64)
3. The Docker daemon created a new container from that image which runs the
executable that produces the output you are currently reading.
4. The Docker daemon streamed that output to the Docker client, which sent it
to your terminal.
To try something more ambitious, you can run an Ubuntu container with:
$ docker run -it ubuntu bash
Share images, automate workflows, and more with a free Docker ID:
https://hub.docker.com/
For more examples and ideas, visit:
https://docs.docker.com/get-started/
[root@localhost ~]# podman ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
3961d348804f docker.io/library/hello-world:latest /hello 12 seconds ago Exited (0) 11 seconds ago relaxed_taussig
[root@localhost ~]# podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d8d16cd0617f docker.io/library/nginx:latest nginx -g daemon o... About a minute ago Up 59 seconds ago test
[root@localhost ~]# podman run -d -it --name test-port -p 80:80 nginx
4517989dd1226d094ac83cdbe84bd0204178c6f0a08cfbb9dd5652d25dc21f7c
[root@localhost ~]# podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
4517989dd122 docker.io/library/nginx:latest nginx -g daemon o... 3 seconds ago Up 3 seconds ago 0.0.0.0:80->80/tcp test-port
d8d16cd0617f docker.io/library/nginx:latest nginx -g daemon o... About a minute ago Up About a minute ago
test
[root@localhost ~]# curl http://localhost
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
## Docker와 Podman을 동시에 띄워보기
- 제일 궁금했던 부분인데, Podman과 Docker는 같은 컨테이너들을 중복 관리하는 것인가? 였는데 결론적으로는 둘은 다른 개체고 따로 다른 컨테이너들을 관리한다였다.
- 예시를 보면 Docker와 Podman은 동시에 띄워지고 컨테이너를 따로 관리하는 형태로 뜰 수 있다. 포트 충돌 테스트를 한번 해봤는데 너무 상식적으로 잘 충돌이 난다.
다른 포트(8080)로 띄워서 테스트해보면, 따로따로 잘 뜨는 것을 확인할 수 있다.
- docker컨테이너는 containerd하위에서 관리가 되고, podman컨테이너는 conmon하위에서 관리가 된다. 조금 더 다른 부분은 docker는 dockerd와 containerd를 둘 다 사용하는데 podman은 daemonless 컨테이너 엔진답게 conmon 외에 다른 데몬은 없다.
[root@localhost ~]# systemctl start docker
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS
NAMES
[root@localhost ~]# podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS
NAMES
4517989dd122 docker.io/library/nginx:latest nginx -g daemon o... 59 seconds ago Up 59 seconds ago 0.0.0.0:80->80/tcp test-port
d8d16cd0617f docker.io/library/nginx:latest nginx -g daemon o... 2 minutes ago Up 2 minutes ago
test
[root@localhost ~]# pstree
systemd─┬─NetworkManager───2*[{NetworkManager}]
├─agetty
├─atd
├─auditd───{auditd}
├─chronyd
├─2*[conmon─┬─nginx───nginx]
│ └─{conmon}]
├─containerd───8*[{containerd}]
├─crond
├─dbus-daemon───{dbus-daemon}
├─dockerd───7*[{dockerd}]
├─firewalld───{firewalld}
├─lsmd
├─mcelog
├─polkitd───5*[{polkitd}]
├─rngd───{rngd}
├─smartd
├─sshd───sshd───sshd───bash───pstree
├─sssd─┬─sssd_be
│ └─sssd_nss
├─systemd───(sd-pam)
├─systemd-journal
├─systemd-logind
├─systemd-resolve
├─systemd-udevd
└─tuned───3*[{tuned}]
[root@localhost ~]# docker run -d -it --name test-port -p 80:80 nginx
Unable to find image 'nginx:latest' locally
latest: Pulling from library/nginx
bf5952930446: Pull complete
cb9a6de05e5a: Pull complete
9513ea0afb93: Pull complete
b49ea07d2e93: Pull complete
a5e4a503d449: Pull complete
Digest: sha256:b0ad43f7ee5edbc0effbc14645ae7055e21bc1973aee5150745632a24a752661
Status: Downloaded newer image for nginx:latest
efda8c96c2daf2fff34d819df2a3be3e9d5f6fa713dcded1025a42cf1cf903bc
docker: Error response from daemon: driver failed programming external connectivity on endpoint test-port (67d821c6e5ee0c0bc713415b92427e225c0e354e45a488fc47b70a231de532e6): Error starting userland proxy: listen tcp 0.0.0.0:80: bind: address already in use.
[root@localhost ~]# docker stop test-port
test-port
[root@localhost ~]# docker rmf test-port
docker: 'rmf' is not a docker command.
See 'docker --help'
[root@localhost ~]# docker rm test-port
test-port
[root@localhost ~]# docker run -d -it --name test-port -p 8080:80 nginx
6d6f5ff6977da81bbf4ce8a3d716d0969537d81615bdfe9af50a295705548413
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS
NAMES
6d6f5ff6977d nginx "/docker-entrypoint.…" 3 seconds ago Up 2 seconds 0.0.0.0:8080->80/tcp test-port
[root@localhost ~]# curl http://localhost:8080
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
[root@localhost ~]# pstree
systemd─┬─NetworkManager───2*[{NetworkManager}]
├─agetty
├─atd
├─auditd───{auditd}
├─chronyd
├─2*[conmon─┬─nginx───nginx]
│ └─{conmon}]
├─containerd─┬─containerd-shim─┬─nginx───nginx
│ │ └─9*[{containerd-shim}]
│ └─8*[{containerd}]
├─crond
├─dbus-daemon───{dbus-daemon}
├─dockerd─┬─docker-proxy───4*[{docker-proxy}]
│ └─9*[{dockerd}]
├─firewalld───{firewalld}
├─lsmd
├─mcelog
├─polkitd───5*[{polkitd}]
├─rngd───{rngd}
├─smartd
├─sshd───sshd───sshd───bash───pstree
├─sssd─┬─sssd_be
│ └─sssd_nss
├─systemd───(sd-pam)
├─systemd-journal
├─systemd-logind
├─systemd-resolve
├─systemd-udevd
└─tuned───3*[{tuned}]
[root@localhost ~]# podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS
NAMES
4517989dd122 docker.io/library/nginx:latest nginx -g daemon o... 4 minutes ago Up 4 minutes ago 0.0.0.0:80->80/tcp test-port
d8d16cd0617f docker.io/library/nginx:latest nginx -g daemon o... 6 minutes ago Up 6 minutes ago
test
[root@localhost ~]# podman stop test-port
4517989dd1226d094ac83cdbe84bd0204178c6f0a08cfbb9dd5652d25dc21f7c
[root@localhost ~]# podman stop test
d8d16cd0617f9fe3ac4ddc032de702b1cb638e33a4f7dc7bff0c1ec7af0d148a
[root@localhost ~]# pstree
systemd─┬─NetworkManager───2*[{NetworkManager}]
├─agetty
├─atd
├─auditd───{auditd}
├─chronyd
├─containerd─┬─containerd-shim─┬─nginx───nginx
│ │ └─9*[{containerd-shim}]
│ └─8*[{containerd}]
├─crond
├─dbus-daemon───{dbus-daemon}
├─dockerd─┬─docker-proxy───4*[{docker-proxy}]
│ └─9*[{dockerd}]
├─firewalld───{firewalld}
├─lsmd
├─mcelog
├─polkitd───5*[{polkitd}]
├─rngd───{rngd}
├─smartd
├─sshd───sshd───sshd───bash───pstree
├─sssd─┬─sssd_be
│ └─sssd_nss
├─systemd───(sd-pam)
├─systemd-journal
├─systemd-logind
├─systemd-resolve
├─systemd-udevd
└─tuned───3*[{tuned}]
[root@localhost ~]# podman start test-port
test-port
[root@localhost ~]# pstree
systemd─┬─NetworkManager───2*[{NetworkManager}]
├─agetty
├─atd
├─auditd───{auditd}
├─chronyd
├─conmon─┬─nginx───nginx
│ └─{conmon}
├─containerd─┬─containerd-shim─┬─nginx───nginx
│ │ └─9*[{containerd-shim}]
│ └─8*[{containerd}]
├─crond
├─dbus-daemon───{dbus-daemon}
├─dockerd─┬─docker-proxy───4*[{docker-proxy}]
│ └─9*[{dockerd}]
├─firewalld───{firewalld}
├─lsmd
├─mcelog
├─polkitd───5*[{polkitd}]
├─rngd───{rngd}
├─smartd
├─sshd───sshd───sshd───bash───pstree
├─sssd─┬─sssd_be
│ └─sssd_nss
├─systemd───(sd-pam)
├─systemd-journal
├─systemd-logind
├─systemd-resolve
├─systemd-udevd
└─tuned───3*[{tuned}]
## podman이 공격하는 도커의 약점
- dockerd 데몬을 죽여봤다. 역시나 별도의 프로세스인 containerd 하위에 있는 nginx 컨테이너도 죽었다.
OOM발생 시에 dockerd가 사망한다면 모든 컨테이너도 사망하게 된다.
- docker를 재시작해봤다. 역시나 재시작에 따른 사이드 이펙트로 컨테이너가 죽었다.
이 부분은 daemonless가 확실히 유리하다고 느껴진 게, 도커 private 저장소를 바꾸거나 설정을 바꿔도 재시작을 할 수밖에 없는데 단순히 도커 설정 업데이트를 위해 하위에 있는 모든 컨테이너를 죽여야 한다는 위험은 상당하게 느껴진다.
그렇다고 graceful restart나 reload 기능이 있지도 않기 때문에, 이 부분 때문이라도 운영상 podman이 상당히 유리하게 느껴진다.
[root@localhost ~]# pstree
systemd─┬─NetworkManager───2*[{NetworkManager}]
├─agetty
├─atd
├─auditd───{auditd}
├─chronyd
├─conmon─┬─nginx───nginx
│ └─{conmon}
├─containerd─┬─containerd-shim─┬─nginx───nginx
│ │ └─9*[{containerd-shim}]
│ └─8*[{containerd}]
├─crond
├─dbus-daemon───{dbus-daemon}
├─dockerd─┬─docker-proxy───4*[{docker-proxy}]
│ └─9*[{dockerd}]
├─firewalld───{firewalld}
├─lsmd
├─mcelog
├─polkitd───5*[{polkitd}]
├─rngd───{rngd}
├─smartd
├─sshd───sshd───sshd───bash───pstree
├─sssd─┬─sssd_be
│ └─sssd_nss
├─systemd───(sd-pam)
├─systemd-journal
├─systemd-logind
├─systemd-resolve
├─systemd-udevd
└─tuned───3*[{tuned}]
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS
NAMES
6d6f5ff6977d nginx "/docker-entrypoint.…" 9 minutes ago Up 9 minutes 0.0.0.0:8080->80/tcp test-port
[root@localhost ~]# killall -9 dockerd
[root@localhost ~]# docker ps
fCONTAINER ID IMAGE COMMAND CREATED STATUS PORTS
NAMES
[root@localhost ~]# pstree
systemd─┬─NetworkManager───2*[{NetworkManager}]
├─agetty
├─atd
├─auditd───{auditd}
├─chronyd
├─conmon─┬─nginx───nginx
│ └─{conmon}
├─containerd───8*[{containerd}]
├─crond
├─dbus-daemon───{dbus-daemon}
├─dockerd───8*[{dockerd}]
├─firewalld───{firewalld}
├─lsmd
├─mcelog
├─polkitd───5*[{polkitd}]
├─rngd───{rngd}
├─smartd
├─sshd───sshd───sshd───bash───pstree
├─sssd─┬─sssd_be
│ └─sssd_nss
├─systemd───(sd-pam)
├─systemd-journal
├─systemd-logind
├─systemd-resolve
├─systemd-udevd
└─tuned───3*[{tuned}]
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS
NAMES
6d6f5ff6977d nginx "/docker-entrypoint.…" 17 minutes ago Up 3 seconds 0.0.0.0:8080->80/tcp test-port
[root@localhost ~]# systemctl restart docker
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS
NAMES
## 참조
Podman
Podman is a daemonless container engine for developing, managing, and running OCI Containers on your Linux System. Containers can either be run as root or in rootless mode.
podman.io
linuxconfig.org/how-to-install-docker-in-rhel-8
How to install Docker CE on RHEL 8 / CentOS 8 - LinuxConfig.org
Details Egidio Docile Redhat / CentOS 08 May 2020 The latest release of the RHEL 8 / CentOS 8. Red Hat has built its own tools, buildah and podman, which aim to be compatible with existing docker images and work without relying on a daemon, allowing the cr
linuxconfig.org
https://developers.redhat.com/blog/2019/02/21/podman-and-buildah-for-docker-users/
Podman and Buildah for Docker users - Red Hat Developer
What docker users need to know to move from Docker to Podman and Buildah and the advantages of doing so. Developers/operators can easily move to Podman, do all the fun tasks that they are familiar with from using Docker, and do much more.
developers.redhat.com
https://chhanz.github.io/container/2020/03/02/podman/
[Container] Podman 설치 및 사용법
Podman 이란? Red Hat Enterprise Linux 8 / CentOS 8 부터는 Docker 대신 Podman 이라는 도구를 제공합니다. Podman 은 Docker 와 동일하게 단일 노드에서 pod, 컨테이너 이미지 및 컨테이너를 관리합니다. Pod 라고 하�
chhanz.github.io
cri-o
Try Now Minikube: Use CRI-O as the container runtime kubeadm: Checkout this kubeadm guide to setup kubeadm to use CRI-O Kubic: Configured to use CRI-O out of the box in both its kubeadm and microOS system roles Join #cri-o on IRC (freenode) Distribution Pa
cri-o.io
https://www.redhat.com/en/blog/why-red-hat-investing-cri-o-and-podman
Why Red Hat is investing in CRI-O and Podman
As an engineering organization, Red Hat is investing in CRI-O and Podman, participating in the Open Containers Initiative standards body, testing performance and security, as well as driving architectural changes in a number of container projects because t
www.redhat.com
Chapter 2. Managing software packages Red Hat Enterprise Linux 8 | Red Hat Customer Portal
The Red Hat Customer Portal delivers the knowledge, expertise, and guidance available through your Red Hat subscription.
access.redhat.com
