Tell Me More About Podman
You've probably at least heard of and likely worked with Docker already. You may have event seen my earlier post, Automate Docker Setup on Your OCI Compute Instance, that walks you through why you should be using containers and provides sample code to get you started. You may have recently heard that developers prefer Podman but you may not have worked with Podman before, so let's get started. Find the sample code here: orm-podman-compute-stack
Podman is an open-source, Linux-native tool developed by Red Hat that runs containers under Open Container Initiative (OCI) standards and is the default container engine in RedHat 8 and CentOS 8. Podman has a number of features that make it a compelling choice for cloud native developers.
Pods
Podman approaches containers as "pods" that can work together, which resembles how Kubernetes pods also work. Podman allows you to organize separate containers under a common name and manage them as single units. Developers benefit by easily sharing resources and assemble full applications with their pods. Pod definitions can be exported to a Kubernetes-compatible YAML file and be applied to a Kubernetes cluster, allowing containers to advance faster into production.
Container Compatibility
In addition, Podman containers work with any OCI-compatible container engine like Docker, which makes it easy to switch to Podman or use to use Podman with an existing Docker installation.
More Secure
Another important feature of Podman is that it is daemon-less. A daemon is a program running in the background to handle services, processes, and requests with no user interface. Typically the daemon runs as root, which exposes a potential entry point for attackers. To develop securely you need to address Docker security issues. Podman doesn’t depend on a daemon, but instead launches containers and pods as child processes. You can restrict your containers privileges by running what's called a rootless container.
Implementing Infrastructure as Code
Containers are nice and all but... It’s the workload running in a container that’s actually valuable. We will create an always-free compute instance from an OCI platform image, install Podman, setup Docker Compose with Podman, and run a simple echo server that replicates the request sent by the client and sends it back. For more information on Infrastructure as Code see my earlier post, Why Infrastructure as Code Matters.
The sample code uses Oracle Resource Manager, which is an OCI managed service that supports Terraform. Our Terraform stack creates OCI both networking and compute resources. In addition, the sample code includes a cloud-init script that sets up the instance automatically using the provided metadata. This metadata describes how your server should look, for example which packages should be installed and which commands are executed on init.
Podman plus Docker Compose
The sample code installs Podman plus Docker Compose so that you can develop, test and deliver a single YAML file for your application that follows the popular Docker Compose syntax. The included code is based on the tutorial Using Compose Files with Podman.
After running, the sample code will enable you to use both podman-compose and docker-compose commands with Podman, and verify they both work with a simple docker-compose.yaml file.
Here are the steps that are included:
- Install Podman, see Installing Podman and Related Utilities for more info.
- Install the Podman Docker Package, which enables Podman to work natively with Docker commands.
- Install Docker Compose
- Start the Podman socket
- Install Podman Compose , a Python 3 library that implements the Compose Specification to run with Podman.
- Create a Docker Compose file
Once complete, you can start the echoserver application.
podman-compose up -d
The test the echoserver application is up and running.
curl -X POST -d "foobar" http://localhost:8080/; echo
You can also review the Podman logs.
podman-compose logs
Stop the application by calling:
podman-compose down
You can also use the Docker Compose commands by replacing podman-compose with docker-compose. See Using Compose Files with Podman for more information.
Getting Started
When you sign up for an Oracle Cloud Infrastructure account, you’re assigned a secure and isolated partition within the cloud infrastructure called a tenancy. The tenancy is a logical concept and you can think of it as a root container where you create, organize, and administer your cloud resources.
The second logical concept used for organizing and controlling access to cloud resources is compartments. A compartment is a collection of related cloud resources. Every time you create a cloud resource, you must specify the compartment that you want the resource to belong to.
Ensure you have access to a compartment in your tenancy as well as Resource Manager. First create your stack by following the instructions to create a stack from a zip file or use the oci resource-manager stack create command and required parameters to create a stack from a local zip file.
Next apply the stack so that Terraform provisions the resources and executes the actions defined in your Terraform configuration, applying the execution plan to the associated stack to create your Oracle Cloud Infrastructure resources. We recommend running a plan job (generating an execution plan) before running an apply job.
Don't forget to check out the sample code here: orm-podman-compute-stack
Happy hunting!
Shea Nolan
Previous Post