In this article will discuss the top podman command that every developer uses in their day-to-day activities. We will also explain a brief overview of the podman. To follow along, I assume you have a basic idea about how the container works. So let’s get started.
What is podman
Podman is an open-source, Linux-based tool designed to build, run and deploy containers and container images. Podman containers are OCI(Open Containers Initiative) based. Similar to Docker,podman also provides a command-line interface(CLI). Podman containers can run as root or rootless.
Now that you have a basic idea about podman, let’s explore some commonly used commands.
Podman commands
CoreOs team developed Podman while keeping Docker in mind so that people familiar with Docker can quickly adopt podman. So all the docker commands which you are familiar with also exist in podman. As per podman creators, if you have existing scripts that run Docker, you can create a docker alias for podman, and all your scripts should work (alias docker=podman).
Before getting started with podman commands, make sure podman is installed on your machine. If not, follow this link to install podman.
Check podman version
You can check the podman version by simply running the –version.
$ podman --version podman version 0.3.2-dev
Podman help
help print the podman usage. You can also run help by simply passing -h instead of –help
$ podman --help NAME: podman - manage pods and images USAGE: podman [global options] command [command options] [arguments...] VERSION: 0.3.2-dev COMMANDS: attach Attach to a running container commit Create new image based on the changed container build Build an image using instructions in a Dockerfile create create but do not start a container diff Inspect changes on container's file systems exec Run a process in a running container export Export container's filesystem contents as a tar archive history Show history of a specified image images list images in local storage import Import a tarball to create a filesystem image info display system information inspect Displays the configuration of a container or image kill Kill one or more running containers with a specific signal load load an image from docker archive login login to a container registry logout logout of a container registry logs Fetch the logs of a container mount Mount a working container's root filesystem pause Pauses all the processes in one or more containers ps List containers port List port mappings or a specific mapping for the container pull pull an image from a registry push push an image to a specified destination rm podman rm will remove one or more containers from the host. The container name or ID can be used. This does not remove images. Running containers will not be removed without the -f option. rmi removes one or more images from local storage run run a command in a new container save Save image to an archive search search registry for image start Start one or more containers stats Display percentage of CPU, memory, network I/O, block I/O and PIDs for one or more containers stop Stop one or more containers tag Add an additional name to a local image top Display the running processes of a container umount, unmount Unmount a working container's root filesystem unpause Unpause the processes in one or more containers version Display the PODMAN Version Information wait Block on one or more containers help, h Shows a list of commands or help for one command GLOBAL OPTIONS: --cni-config-dir value path of the configuration directory for CNI networks --config value, -c value path of a config file detailing container server configuration options --conmon value path of the conmon binary --cpu-profile value path for the cpu profiling results --log-level value log messages above specified level: debug, info, warn, error (default), fatal or panic (default: "error") --root value path to the root directory in which data, including images, is stored --runroot value path to the 'run directory' where all state information is stored --runtime value path to the OCI-compatible binary used to run containers, default is /usr/bin/runc --storage-driver value, -s value select which storage driver is used to manage storage of images and containers (default is overlay) --storage-opt value used to pass an option to the storage driver --help, -h show help --version, -v print the version
Podman search
The podman search command searches a registry for a matching image. The user can also specify the registry to search by prefixing the registry in the search term. More details about the podman search command can be found here.
podman search nginx INDEX NAME DESCRIPTION STARS OFFICIAL AUTOMATED docker.io docker.io/library/nginx Official build of Nginx. 14865 [OK] docker.io docker.io/jwilder/nginx-proxy Automated Nginx reverse proxy for docker con... 2029 [OK] docker.io docker.io/bitnami/nginx Bitnami nginx Docker Image 95 [OK] docker.io docker.io/nginxinc/nginx-unprivileged Unprivileged NGINX Dockerfiles 33 docker.io docker.io/nginx/nginx-ingress NGINX and NGINX Plus Ingress Controllers fo... 51 docker.io docker.io/richarvey/nginx-php-fpm Container running Nginx + PHP-FPM capable of... 814 [OK] .....................<suppressed o/p>................................ .....................<suppressed o/p>................................ redhat.com redhat.com/rhmap45/wildcard-proxy RHMAP image that provides mapping and proxy ... 0 redhat.com redhat.com/rhmap46/wildcard-proxy RHMAP image that provides mapping and proxy ... 0 redhat.com redhat.com/rhmap47/wildcard-proxy RHMAP image that provides mapping and proxy ... 0 redhat.com redhat.com/rhmap44/wildcard-proxy RHMAP Docker image that provides mapping and... 0 redhat.com redhat.com/rhmap43/wildcard-proxy RHMAP Docker image that provides mapping and... 0 redhat.com redhat.com/3scale-amp22/apicast-gateway APIcast API gateway needs connection to the ... 0
Pull command
The pull command pulls an image. It copies an image from a registry onto the local machine. Now let’s pull an Nginx image using the pull command.
$ podman pull nginx Trying to pull docker.io/library/nginx:latest... Getting image source signatures Copying blob sha256:69692152171afee1fd341febc390747cfca2ff302f2881d8b394e786af605696 25.89 MB / 25.89 MB [======================================================] 2s Copying blob sha256:49f7d34d62c18a321b727d5c05120130f72d1e6b8cd0f1cec9a4cca3eee0815c 25.35 MB / 25.35 MB [======================================================] 2s Copying blob sha256:5f97dc5d71ab2675126dba76dbe161c839043fb3e3ccaaf58ba78b394cdd37b0 602 B / 602 B [============================================================] 0s Copying blob sha256:cfcd0711b93a41eb07234fa93b0c2ce39be93a71a743dd76766e67a0133163e8 894 B / 894 B [============================================================] 0s Copying blob sha256:be6172d7651be2625df008a2bb6cbaf2139cbf1e50ae16256791e54e8dde8449 666 B / 666 B [============================================================] 0s Copying blob sha256:de981387034241b38875f3151654b3bd9ef4afe396eec23dce7cb73134d2867b 1.36 KB / 1.36 KB [========================================================] 0s Copying config sha256:f0b8a9a541369db503ff3b9d4fa6de561b300f7363920c2bff4577c6c24c5cf6 7.55 KB / 7.55 KB [========================================================] 0s Writing manifest to image destination Storing signatures f0b8a9a541369db503ff3b9d4fa6de561b300f7363920c2bff4577c6c24c5cf
Podman images command
The podman-images command lists all images present in local storage. Let’s run the image command and see all the available images.
$ podman images REPOSITORY TAG IMAGE ID CREATED SIZE docker.io/library/nginx latest f0b8a9a54136 3 days ago 137MB
Podman History
history command shows the history of an image. It also prints out the information about each layer present in the image.
Now let’s run the history command for the Nginx image and see the output.
$ podman history docker.io/library/nginx ID CREATED CREATED BY SIZE COMMENT f0b8a9a54136 6 days ago /bin/sh -c #(nop) CMD ["nginx" "-g" "daemo... 0B <missing> 6 days ago /bin/sh -c #(nop) STOPSIGNAL SIGQUIT 0B <missing> 6 days ago /bin/sh -c #(nop) EXPOSE 80 0B <missing> 6 days ago /bin/sh -c #(nop) ENTRYPOINT ["/docker-ent... 0B <missing> 6 days ago /bin/sh -c #(nop) COPY file:09a214a3e07c91... 1.393kB <missing> 6 days ago /bin/sh -c #(nop) COPY file:0fd5fca330dcd6... 666B <missing> 6 days ago /bin/sh -c #(nop) COPY file:0b866ff3fc1ef5... 894B <missing> 6 days ago /bin/sh -c #(nop) COPY file:65504f71f5855c... 602B <missing> 6 days ago /bin/sh -c set -x && addgroup --system --g... 26.58MB <missing> 6 days ago /bin/sh -c #(nop) ENV PKG_RELEASE=1~buster 0B <missing> 6 days ago /bin/sh -c #(nop) ENV NJS_VERSION=0.5.3 0B <missing> 6 days ago /bin/sh -c #(nop) ENV NGINX_VERSION=1.19.10 0B <missing> 6 days ago /bin/sh -c #(nop) LABEL maintainer=NGINX D... 0B <missing> 6 days ago /bin/sh -c #(nop) CMD ["bash"] 0B <missing> 6 days ago /bin/sh -c #(nop) ADD file:7362e0e50f30ff4... 27.15MB
Podman run command
The Podman Run command runs a process in a new container. podman run starts a process with its file system, networking, and an isolated process tree.
Let’s run an Nginx image that we pulled above. We are specifying the -d flag to run the container in the background.
–name option is used to give the container a unique name.
$ podman run -d --name=nginx-latest docker.io/library/nginx 0abe83f3df354ec6198be93f93678c0e8ae2c4582fc8b0f4fc50609fc33d101a
Podman ps command
ps command lists all the running containers. Let’s run this command and verify the output.
$ podman ps CONTAINER ID IMAGE COMMAND CREATED AT STATUS PORTS NAMES 0abe83f3df35 docker.io/library/nginx /docker-entrypoint.sh nginx -g daemon off; 2021-05-15 16:41:54 +0000 UTC Up 5 seconds ago nginx-latest
Podman inspect command
Inspect command displays all the configurations of a running container. It will display a container, image, volume, network, etc.
Now let’s inspect our Nginx container, which we ran above.
podman inspect nginx-latest [ { "ID": "0abe83f3df354ec6198be93f93678c0e8ae2c4582fc8b0f4fc50609fc33d101a", "Created": "2021-05-15T16:41:54.518393745Z", "Path": "/docker-entrypoint.sh", "Args": [ "nginx", "-g", "daemon off;" ], "State": { "OciVersion": "1.0.0", "Status": "running", "Running": true, "Paused": false, "Restarting": false, "OOMKilled": false, "Dead": false, "Pid": 1417, "ExitCode": 0, "Error": "", "StartedAt": "2021-05-15T16:41:54.819867998Z", "FinishedAt": "0001-01-01T00:00:00Z" ..................................................... .......................<supressed output>.............................. "io.kubernetes.cri-o.Name": "", "io.kubernetes.cri-o.PrivilegedRuntime": "", "io.kubernetes.cri-o.ResolvPath": "", "io.kubernetes.cri-o.SandboxID": "", "io.kubernetes.cri-o.SandboxName": "", "io.kubernetes.cri-o.ShmPath": "", "io.kubernetes.cri-o.Stdin": "", "io.kubernetes.cri-o.StdinOnce": "", "io.kubernetes.cri-o.TTY": "false", "io.kubernetes.cri-o.TrustedSandbox": "", "io.kubernetes.cri-o.Volumes": "" }, "StopSignal": 3 } } ]
Podman check logs
The podman log command will fetch the log from a running container. Let’s try to see the logs for the Nginx container.
$ podman logs nginx-latest /docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration /docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/ /docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh 10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf 10-listen-on-ipv6-by-default.sh: info: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf /docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh /docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh /docker-entrypoint.sh: Configuration complete; ready for start up
Podman -l command
-l command in podman signifies the last running container. Instead of passing the container name, you can use -l to check the container logs as well
$ podman logs -l /docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration /docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/ /docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh 10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf 10-listen-on-ipv6-by-default.sh: info: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf /docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh /docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh /docker-entrypoint.sh: Configuration complete; ready for start up
Podman exec command
exec command; execute a command in a running container. The syntax for exec command is
podman exec [options] container [command [arg …]]
Now let’s use the exec command and find the content of /etc/pswd fie in the Nginx container.
$ podman exec -t 0abe83f3df35 cat /etc/passwd | head root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin bin:x:2:2:bin:/bin:/usr/sbin/nologin sys:x:3:3:sys:/dev:/usr/sbin/nologin sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/usr/sbin/nologin man:x:6:12:man:/var/cache/man:/usr/sbin/nologin lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin mail:x:8:8:mail:/var/mail:/usr/sbin/nologin news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
Podman kill container
Kill Command, Kill the main process in one or more containers. Let’s kill the Nginx container, which we have stated above.
$ podman kill 0abe83f3df35 d50cdb028cb98a4d9870077cc05ca80e0e33b22d20898278d12c1bbf2d791049
Podman stop command
The stop command will stop one or more running containers. Let’s run the stop command to stop the Nginx container
$ podman stop nginx-latest 0abe83f3df354ec6198be93f93678c0e8ae2c4582fc8b0f4fc50609fc33d101a
Check if the container is stopped by running the ps command
$ podman ps $ $
Podman restart command
podman restart command restarts a container. The restart command can restart the container using its ID or name. Containers will be stopped if they are running and then restarted.
podman restart nginx-latest
Podman ps -a command
podman ps -a command shows all the stopped containers. Let’s run this command and verify the output.
$ podman ps -a CONTAINER ID IMAGE COMMAND CREATED AT STATUS PORTS NAMES 0abe83f3df35 docker.io/library/nginx /docker-entrypoint.sh nginx -g daemon off; 2021-05-15 16:41:54 +0000 UTC Exited (0) 7 minutes ago nginx-latest
Podman rmi command
The podman rmi command removes the images present in the local file system. Let’s use this command to remove the Nginx image.
check available images
$ podman images REPOSITORY TAG IMAGE ID CREATED SIZE docker.io/library/nginx latest f0b8a9a54136 3 days ago 137MB
Remove the Nginx image image
$ podman rmi -f docker.io/library/nginx f0b8a9a541369db503ff3b9d4fa6de561b300f7363920c2bff4577c6c24c5cf6
Podman Networking
The network is set up automatically when using Podman as a rootless user. The container itself does not have an IP Address because, without root privileges, network association is not allowed. You will also see some other limitations.
Podman push command
The podman push command pushes an image or a repository to a registry. The syntax for the push command is
podman push [options] image [destination]
Before pushing the image to a private repo, makes sure to tag the image properly. Please follow this document to get detailed information about the push command.
Podman tag command
The podman tag command adds a name to a local image name. Let’s tag our Nginx image, which we pulled earlier.
$ podman ps CONTAINER ID IMAGE COMMAND CREATED AT STATUS PORTS NAMES d490a58083e2 docker.io/nginx:latest /docker-entrypoint.sh nginx -g daemon off; 2021-05-18 16:08:36 +0000 UTC Up 5 minutes ago cranky_liskov $ $ $ podman tag docker.io/nginx:latest nginx:new $ $ podman images REPOSITORY TAG IMAGE ID CREATED SIZE docker.io/library/nginx latest f0b8a9a54136 6 days ago 137MB nginx new f0b8a9a54136 6 days ago 137MB
Run an httpd container using podman.
Using the above learning, let’s pull an httpd image and verify if the container is running fine.
$ podman pull docker.io/library/httpd Trying to pull docker.io/library/httpd:latest... Getting image source signatures Copying blob sha256:69692152171afee1fd341febc390747cfca2ff302f2881d8b394e786af605696 25.89 MB / 25.89 MB [======================================================] 3s Copying blob sha256:7284b4e0cc7b197edc206f815c5b24e67b9ed29abd9bbd8ae4bfdd5540bec6ec 176 B / 176 B [============================================================] 0s Copying blob sha256:3678b2d55ccdc6dcbe11cf1ea518ab7426ab37656d94213f637bd843dc6b6ca4 2.67 MB / 2.67 MB [========================================================] 0s Copying blob sha256:ab492cf0b2a4f47ba02a478521476bf00c2740f444fc658148b7dc919ed64a7f 23.34 MB / 23.34 MB [======================================================] 2s Copying blob sha256:991f7f97a9d859baba12204fea641d5644a2f988246e4554836825b44fcc2bcb 298 B / 298 B [============================================================] 0s Copying config sha256:f3cffeea581b3306a13d80b25a437f73f767b8f27afdb29393b3764b9dfaea69 8.50 KB / 8.50 KB [========================================================] 0s Writing manifest to image destination Storing signatures f3cffeea581b3306a13d80b25a437f73f767b8f27afdb29393b3764b9dfaea69 $ $ $ podman ps $ $ $ podman images REPOSITORY TAG IMAGE ID CREATED SIZE docker.io/library/httpd latest f3cffeea581b 3 days ago 142MB $ $ podman run -dt -p 8080:80/tcp docker.io/library/httpd e0dd97f9ef2fe4fd76c458cac33dfd1183da28225a6e019a0ea21f5f97aed13e
Verify the port on which the httpd container is running
$ podman ps CONTAINER ID IMAGE COMMAND CREATED AT STATUS PORTS NAMES e0dd97f9ef2f docker.io/library/httpd httpd-foreground 2021-05-15 17:00:08 +0000 UTC Up 6 seconds ago 0.0.0.0:8080->80/udp, 0.0.0.0:8080->80/tcp jolly_sammet
podman port
$ podman port e0dd97f9ef2f 80/udp -> 0.0.0.0:8080 80/tcp -> 0.0.0.0:8080
Let’s check if the container is running fine
$ curl localhost:8080 <html><body><h1>It works!</h1></body></html>
Open the browser and connect to localhost:8080
Congrats, If you get the above message, your podman container is running as expected.
Conclusion
I hope you found this article useful. We started with the basic podman command, and finally, we pulled an httpd container and verified its behavior. If you face any issues with the command, do let me know in the comment box and share this blog with your colleagues.
Happy learning:)