Installing and Configuring Podman
Introduction
Podman is a powerful, daemonless container engine for developing, managing, and running OCI Containers on your Linux system. It provides a simple CLI interface and can run rootless containers. In this tutorial, we will guide you through the process of installing and configuring Podman on a Raspberry Pi.
Prerequisites
- A Raspberry Pi with Raspbian (Raspberry Pi OS) installed.
- Internet connection.
- Basic knowledge of using the terminal.
Step 1: Update Your System
Before installing Podman, ensure your system is up-to-date.
sudo apt update
sudo apt upgrade -y
Step 2: Install Dependencies
Podman requires certain dependencies to be installed. Use the following command to install them:
sudo apt install -y software-properties-common uidmap
Step 3: Add the Podman Repository
Add the Podman repository to your system to ensure you get the latest version.
. /etc/os-release
echo "deb https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/Debian_$VERSION_CODENAME/ /" | sudo tee /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list
curl -L "https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/Debian_$VERSION_CODENAME/Release.key" | sudo apt-key add -
sudo apt update
Step 4: Install Podman
With the repository added, you can now install Podman.
sudo apt install -y podman
Step 5: Verify Installation
To verify that Podman has been installed correctly, run the following command:
podman --version
You should see the version of Podman that was installed.
Step 6: Basic Configuration
1. Creating a User Namespace
Podman can run containers in rootless mode, which improves security. To enable this, create a user namespace for your user.
sudo usermod --add-subuids 100000-165535 --add-subgids 100000-165535 $(whoami)
2. Setting Up Podman Configuration
Create the necessary directories and configuration files for rootless operation.
mkdir -p ~/.config/containers
cat <<EOF > ~/.config/containers/containers.conf
[containers]
log_size_max = -1
EOF
Step 7: Running Your First Container
Now that Podman is installed and configured, let's run a simple container to ensure everything is working correctly.
podman run --rm -it alpine sh
This command pulls the Alpine Linux image from the default registry and starts a shell session in the container. The --rm flag ensures the container is removed after it exits, and -it provides an interactive terminal.
Step 8: Managing Containers with Podman
Podman provides many commands similar to Docker for managing containers. Here are a few examples:
1. List Running Containers
podman ps
2. List All Containers (Running and Stopped)
podman ps -a
3. Stop a Running Container
podman stop <container_id>
4. Remove a Container
podman rm <container_id>
Step 9: Podman Compose
To manage multi-container applications, you can use podman-compose, which is similar to Docker Compose.
1. Install Podman Compose
sudo apt install -y python3-pip
pip3 install podman-compose
2. Create a Compose File
Create a docker-compose.yml file for your multi-container application. For example:
version: '3'
services:
web:
image: nginx
ports:
- "80:80"
db:
image: postgres
environment:
POSTGRES_PASSWORD: example
3. Run the Compose File
Use podman-compose to start your multi-container application:
podman-compose up
Configuring Fail2Ban
Fail2Ban helps protect your server from brute-force attacks by banning IP addresses that show malicious signs.
-
Install Fail2Ban:
sudo apt-get install fail2ban -
Create a local configuration file to override the default settings:
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local -
Open the local configuration file:
sudo nano /etc/fail2ban/jail.local -
Find the
[sshd]section and configure it as follows:[sshd]
enabled = true
port = 2222
filter = sshd
logpath = /var/log/auth.log
maxretry = 3 -
Restart Fail2Ban to apply the changes:
sudo systemctl restart fail2ban
Conclusion
You have successfully installed and configured Podman on your Raspberry Pi. Podman provides a secure and efficient way to manage containers on your device. With the basics covered, you can explore more advanced features and capabilities of Podman to suit your container management needs.