Containerization is a powerful technology for isolating applications, and while Docker popularized this concept, Podman has emerged as a modern alternative that emphasizes security and simplicity. This guide is designed to help both experienced and new sysadmins understand the differences between Docker and Podman, configure and manage containers with Podman, and even use a WebUI for container management.
1. Architectural Differences and Rationale
Before diving into commands, it’s crucial to understand why Podman exists and how it differs from Docker:
- Daemonless Operation:
- Docker: Runs a background daemon (
dockerd) that manages all containers. This daemon requires root privileges and can become a single point of failure. - Podman: Does not require a central daemon. Each container is launched as an independent process. This means:
- Improved security: Since Podman can run in rootless mode, it limits the potential damage in case of a breach.
- Better resource isolation: There is no central daemon process that can be targeted or become a bottleneck.
- Docker: Runs a background daemon (
- Rootless Containers:
Podman is designed to run containers without requiring root privileges by default. This is especially beneficial for environments where security is paramount. In contrast, Docker typically runs as root, and although rootless mode is available, it requires additional setup. - Pod Concept:
Podman natively supports the concept of “pods” (groups of containers that share networking and resources) similar to Kubernetes. This allows for more natural migration of applications from development to a Kubernetes environment. - CLI Compatibility:
Podman strives for command-line compatibility with Docker. This means most commands are similar, allowing admins familiar with Docker to quickly adapt.
2. Installing Podman on Various Linux Distributions
Podman is available on many Linux distributions. Below are installation commands for popular distributions:
RHEL / Rocky Linux / AlmaLinux
sudo dnf install -y podmanUbuntu / Debian
sudo apt update
sudo apt install -y podmanArch Linux
sudo pacman -S podmanAfter installation, verify by checking the version:
podman --version3. Detailed Container Management with Podman
Podman’s CLI is designed to be similar to Docker’s, but with some nuances that new administrators should understand.
A. Running Containers
- Start a Container:
To launch a container, Podman uses theruncommand.
Example: Run an Nginx container in detached mode:podman run -d --name my-nginx -p 8080:80 nginx
Explanation:-druns the container in detached mode (in the background).--name my-nginxassigns a friendly name for easier reference.-p 8080:80maps host port 8080 to the container’s port 80.
- Run with Specific User Settings:
Running in rootless mode is automatic if you’re logged in as a non-root user. If you need to run as root, simply usesudo(though it is recommended to use rootless mode for improved security).
B. Listing Containers
- Active Containers:
List running containers:podman ps - All Containers:
List all containers, including those that are stopped:podman ps -a
C. Inspecting and Logging
- Inspect a Container:
To see detailed configuration, resource limits, networking details, and more:podman inspect my-nginx - View Container Logs:
Retrieve logs to debug issues:podman logs my-nginx
D. Managing Container Lifecycle
- Stopping a Container:
Gracefully stop a container:podman stop my-nginx - Restarting a Container:
Restart a container after stopping:podman restart my-nginx - Removing a Container:
Once a container is stopped, remove it to free resources:podman rm my-nginx - Force Removing:
If a container is misbehaving or you need to remove it regardless of state:podman rm -f my-nginx
E. Creating and Managing Pods
Pods group containers that share the same network namespace and can be managed together. This is particularly useful when you need to run multiple containers that work closely together (e.g., a web server and a logging agent).
- Create a Pod:
Create a pod with a custom name and port mapping:podman pod create --name mypod -p 8080:80 - Run a Container in a Pod:
Launch a container inside the created pod:podman run -dt --pod mypod nginx - List Pods:
Check the status and details of your pods:podman pod ps - Inspect a Pod:
View detailed configuration and container associations:podman pod inspect mypod - Remove a Pod:
Once all containers inside a pod have been stopped, remove the pod:podman pod rm mypod
4. Managing Images in Podman
Images are the building blocks for containers. Managing them effectively is key for system administration.
- Pull an Image:
Download an image from a registry (like Docker Hub):podman pull ubuntu:latest - List Images:
View all locally stored images:podman images - Inspect an Image:
Get metadata about an image:podman inspect ubuntu:latest - Remove an Image:
Clean up unused images:podman rmi ubuntu:latest
Note: Podman stores images in /var/lib/containers/ rather than Docker’s default directory.
5. Advanced Container Management: systemd Integration
Since Podman does not rely on a continuously running daemon, you might want your containers to persist across system reboots. Using systemd can help manage container lifecycles automatically.
- Generate a systemd Unit File:
Create a service file for a running container:podman generate systemd --name my-nginx --files --new > /etc/systemd/system/my-nginx.service - Enable and Start the Service:
Integrate with systemd so the container starts on boot:systemctl enable my-nginx.service systemctl start my-nginx.service - Check the Service Status:
Monitor the container’s status:systemctl status my-nginx.service
6. Managing Podman via a WebUI
For administrators who prefer a graphical interface, Podman can be managed using Cockpit—a web-based server management tool that now includes a Podman module.
A. Installing Cockpit with Podman Support
- Install Cockpit:
Most distributions include Cockpit in their repositories.On RHEL/CentOS/AlmaLinux:
sudo dnf install -y cockpit <br>sudo systemctl enable --now cockpit.socket
On Ubuntu:
sudo apt update <br>sudo apt install -y cockpit <br>sudo systemctl enable --now cockpit - Install the Podman Module for Cockpit:
On many distributions, the Podman integration is provided as part of the Cockpit package or available via an additional package:sudo dnf install -y cockpit-podman
or for Ubuntu:
sudo apt install -y cockpit-podman
B. Accessing and Using the Cockpit WebUI
- Access the WebUI:
Open a web browser and navigate to:https://<your-server-ip>:9090You may receive a certificate warning; you can proceed if you trust your local environment. - Logging In:
Log in with your system user credentials.
The interface provides an overview of system resources, and a dedicated Podman Containers section will allow you to manage images, containers, and pods graphically. - Using the Podman Module:
- View Containers: See a list of running and stopped containers.
- Start/Stop Containers: Click on containers to start, stop, or restart them.
- Create Containers: Use the guided forms to configure container options (ports, volumes, environment variables).
- View Logs and Inspect: Easily access logs and configuration details without needing to run command-line tools.
Cockpit’s user-friendly interface can be especially useful for new system administrators or for environments where quick visual monitoring is beneficial.
7. Summary
In this guide, we explored:
- Why Podman?
Its daemonless, rootless design improves security and simplifies container management. - Installation and Basic Commands:
How to install Podman, run and manage containers, and understand the similarities and differences with Docker. - Advanced Management:
Using pods, integrating with systemd, and managing container lifecycles. - WebUI Management with Cockpit:
Setting up Cockpit for a graphical approach to managing Podman containers.
Podman is a robust alternative to Docker with many built-in advantages. By understanding its architecture and management tools—including a WebUI—you can confidently deploy and manage containerized applications in production environments.
