Podman 的运行依赖于容器运行时和 conmon。
runc
直接在 releases 页面下载即可:
https://github.com/opencontainers/runc
conmon
在 Alpine 中构建无依赖的 conmon:
# apk add alpine-sdk
# apk add git bash glib-dev glib-static
# git clone https://github.com/containers/conmon.git
# cd conmon/
# make static
make git-vars bin/conmon PKG_CONFIG='pkg-config --static' CFLAGS='-static' LDFLAGS=' -s -w -static' LIBS='-lglib-2.0 -lintl '
make[1]: Entering directory '/conmon'
make[1]: Nothing to be done for 'git-vars'.
cc -static -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include -DVERSION=\"2.0.2-dev\" -DGIT_COMMIT=\""422ce21f1527f7624982748a36601401887aa181"\" -o src/conmon.o -c src/conmon.c
cc -static -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include -DVERSION=\"2.0.2-dev\" -DGIT_COMMIT=\""422ce21f1527f7624982748a36601401887aa181"\" -o src/cmsg.o -c src/cmsg.c
cc -static -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include -DVERSION=\"2.0.2-dev\" -DGIT_COMMIT=\""422ce21f1527f7624982748a36601401887aa181"\" -o src/ctr_logging.o -c src/ctr_logging.c
cc -static -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include -DVERSION=\"2.0.2-dev\" -DGIT_COMMIT=\""422ce21f1527f7624982748a36601401887aa181"\" -o src/utils.o -c src/utils.c
mkdir -p bin
cc -s -w -static -o bin/conmon src/conmon.o src/cmsg.o src/ctr_logging.o src/utils.o -lglib-2.0 -lintl -lglib-2.0 -lintl -pthread -lpcre
make[1]: Leaving directory '/conmon'
# ldd bin/conmon
/lib/ld-musl-x86_64.so.1 (0x7fcaf7dbc000)
构建 podman
$ git clone https://github.com/containers/libpod.git
$ cd libpod/
$ make binaries
mkdir -p "/home/runsisi/working/src/libpod/_output/src/github.com/containers"
ln -sfn "/home/runsisi/working/src/libpod" "/home/runsisi/working/src/libpod/_output/src/github.com/containers/libpod"
ln -sfn "/home/runsisi/working/src/libpod/vendor/github.com/varlink" "/home/runsisi/working/src/libpod/_output/src/github.com/varlink"
touch .gopathok
GO111MODULE=on go build -mod=vendor -gcflags 'all=-trimpath=/home/runsisi/working/src/libpod' -asmflags 'all=-trimpath=/home/runsisi/working/src/libpod' -ldflags ' -X github.com/containers/libpod/libpod.gitCommit=3ed265c520eb4cea1e9157125dbff0e6a1b0b5f8-dirty -X github.com/containers/libpod/libpod.buildInfo=1569478865 -X github.com/containers/libpod/libpod.installPrefix=/usr/local -X github.com/containers/libpod/libpod.etcDir=/etc' -tags " containers_image_ostree_stub selinux systemd exclude_graphdriver_devicemapper seccomp varlink" -o bin/podman github.com/containers/libpod/cmd/podman
GO111MODULE=on go build -mod=vendor -gcflags 'all=-trimpath=/home/runsisi/working/src/libpod' -asmflags 'all=-trimpath=/home/runsisi/working/src/libpod' -ldflags ' -X github.com/containers/libpod/libpod.gitCommit=3ed265c520eb4cea1e9157125dbff0e6a1b0b5f8-dirty -X github.com/containers/libpod/libpod.buildInfo=1569478871 -X github.com/containers/libpod/libpod.installPrefix=/usr/local -X github.com/containers/libpod/libpod.etcDir=/etc' -tags " containers_image_ostree_stub selinux systemd exclude_graphdriver_devicemapper seccomp varlink remoteclient" -o bin/podman-remote github.com/containers/libpod/cmd/podman
$ ls bin/
podman podman-remote
运行
将 runc, conmon 拷贝到 podman 所在的目录,然后运行即可:
$ ./podman --runtime $PWD/runc.amd64 --conmon $PWD/conmon version
WARN[0000] the current user namespace doesn't match the configuration in /etc/subuid or /etc/subgid
WARN[0000] you can use `./podman system migrate` to recreate the user namespace and restart the containers
Version: 1.6.0-dev
RemoteAPI Version: 1
Go Version: go1.13
OS/Arch: linux/amd64
$ ./podman --runtime $PWD/runc.amd64 --conmon $PWD/conmon system migrate
$ ./podman --runtime $PWD/runc.amd64 --conmon $PWD/conmon version
Version: 1.6.0-dev
RemoteAPI Version: 1
Go Version: go1.13
OS/Arch: linux/amd64
参考资料
Dockerless, part 1: Which tools to replace Docker with and why
https://mkdev.me/en/posts/dockerless-part-1-which-tools-to-replace-docker-with-and-why
Dockerless, part 2: How to build container image for Rails application without Docker and Dockerfile
Dockerless, part 3: Moving development environment to containers with Podman
https://mkdev.me/en/posts/dockerless-part-3-moving-development-environment-to-containers-with-podman
rootless setup user: invalid argument
subuid - the subordinate uid file
http://man7.org/linux/man-pages/man5/subuid.5.html
How does rootless Podman work?
https://opensource.com/article/19/2/how-does-rootless-podman-work
Podman and user namespaces: A marriage made in heaven
https://opensource.com/article/18/12/podman-and-user-namespaces
cmd/go: build: add -static flag
https://github.com/golang/go/issues/26492
最后修改于 2019-09-26