How to Install Podman on Debian 11

Developed by RedHat, Podman is a free and open-source daemonless container engine designed to be a drop-in replacement for the popular Docker runtime engine. Just like Docker, it makes it easy to build, run, deploy and share applications using container images and OCI containers ( Open Container Initiative ). Podman uses user and network namespaces and In comparison to Docker, Podman is considered more isolated and secure. Most commands in Docker will work in Podman. and so if you are familiar with running Docker commands, using podman will be such a breeze.

In this guide, we learn how to install podman on Debian 11 Bullseye.

Install Podman on Debian 11

The podman packages, libraries, and dependencies are already hosted on the official Debian repositories. Therefore you can easily install podman using the APT package manager.

First, update the package lists:

$ sudo apt update

Next, install the podman container engine as follows:

$ sudo apt install podman

When prompted to continue, type 'Y' and hit ENTER.

To verify the version of Podman installed, run:

$ podman --version

To gather more details about the podman container engine, run the command:

$ sudo podman info

You should see a flurry of output displaying intricate details such as what we have below.

Configure the Podman registries

The registry file registry.conf is a configuration file that specifies the container registries to be used whenever you want to push or pull an image. The full path to the file is /etc/containers/registries.conf. There are various container registries out there including Docker hub, Quay.io, RedHat, and many more.

You can view the file using your text editor as shown

# sudo /etc/containers/registries.conf

In Docker, the only container registry is Docker Hub. Podman offers users more freedom to search and pull images from any registry. You can define the list of container registries by adding the following line.

unqualified-search-registries = [ 'registry.access.redhat.com', 'registry.redhat.io', 'docker.io']

When running the podman search or podman pull command, podman will contact these registries beginning with the first one in that order. Save the changes and exit the file.

Searching images

Before pulling container images, its prudent to search for their availability across various registries.

For example

$ sudo podman search nginx

The output presents you with a wealth of information including The registry name, Image name, and a brief description.

Logging into a registry

Before you start pulling or pushing images, you need to log in to a registry. In the example below, I am logging into my Redhat account which, in effect, gives me access to the registry.

$ sudo podman login registry.access.redhat.com

To logout of the registry, run the command:

$ sudo podman logout registry.access.redhat.com

Pulling an image

To pull an image, use the syntax:

$ sudo podman pull image_name

For example, to pull the Official build images of Nginx, run the command:

$ sudo podman pull docker.io/library/nginx

Let's try to pull another image. We will pull the Offical MongoDB image as follows.

$ sudo podman pull docker.io/library/mongo

Listing an image

To list all the images, issue the command.

$ sudo podman images

Create a container from an image

Now that we have our images residing on the Debian system, we can launch a container using the syntax shown. The -d option runs the container in the background and the --name option specifies a custom name for the container

$ sudo podman run -d  --name container_name  image

For example, to launch a container in the background called webserv1 from the Nginx image, run the command:

$ sudo podman run  -d --name webserv1 docker.io/library/nginx

You can launch multiple containers from the same image. Let us launch another container called webserv2 from the same Nginx image.

$ sudo podman run -d --name webserv2  docker.io/library/nginx

Listing containers

In this section, we will look at various commands that you can use with containers.

To check the containers that are currently running issue the command:

$ sudo podman ps

The output is presented in columns that provide information such as Container ID, IMAGE name, the command running the container, date of creation, and status.

To list all the containers including the ones that have exited run:

$ sudo podman ps -a

Stopping a container

To stop a container, use the syntax

$ sudo podman stop CONTAINER_ID

OR

$ sudo podman stop container_name

In the example, below, I have stopped the first container listed using its container ID

$ sudo podman stop 9daeaabdfdfc

You can verify that the container has been stopped using the podman ps command. We can clearly see that after stopping the image, we only have 1 image running.

The podman ps -a command will list both containers which comprise the container that was just stopped.

$ sudo podman ps -a

Starting a container

To start a container use the syntax:

$ sudo podman start CONTAINER_ID

OR

$ sudo podman start container_name

For example, to start webserv1, run:

$ sudo podman start webserv1

Access the shell of a container

Accessing the shell of a container is best demonstrated with a container of an Operating system.

Here, we are going to download or pull an Ubuntu image:

$ sudo podman pull docker.io/library/ubuntu

From the image, we will create or launch a container and gain access to the shell using the -it option.

$ sudo podman run --name ubuntu -it docker.io/library/ubuntu  /bin/bash

• -i, –interactive Keep STDIN open even if not attached
• -t, –tty Allocate a pseudo-TTY. The default is false

Check the logs of a container

To check the logs of a container use the syntax:

$ sudo podman logs container_name

For example:

$ sudo podman logs webserv2

Show container statistics

To display the statistics of all the running containers, run:

$ sudo podman stats

Inspect a container

To print out intricate details about a container, use the inspect option:

$ sudo podman inspect webserv2

This prints out a long output in JSON format.

Use the --format option to filter the output. For example to print out the IP address of the webserv2 container run

$ sudo podman inspect webserv2 --format '{{.NetworkSettings.IPAddress}}'

You can then perform additional information the IP, for example using curl to retrieve HTTP headers.

$ curl -I ip-address

Deleting a container

To remove or delete a container completely, first stop the container, in case it is running, and finally remove it. In this example, we have stopped and removed the websev1 container.

$ sudo podman stop webserv1

Then remove the stopped container.

$ sudo podman rm webserv1

Removing an image

To remove an image, first, ensure that you have stopped and removed all the containers that were launched from the image. Next, use the rmi option as shown.

$ sudo podman rmi image_name

For example, to remove the ubuntu Image, run the command:

$ sudo podman rmi  docker.io/library/ubuntu

Install latest Podman - Compile from source

You can test the latest version of Podman by installing the development version from the source.

01. Build and Run Dependencies

sudo apt-get install \
   btrfs-progs \
   git \
   golang-go \
   go-md2man \
   iptables \
   libassuan-dev \
   libbtrfs-dev \
   libc6-dev \
   libdevmapper-dev \
   libglib2.0-dev \
   libgpgme-dev \
   libgpg-error-dev \
   libprotobuf-dev \
   libprotobuf-c-dev \
   libseccomp-dev \
   libselinux1-dev \
   libsystemd-dev \
   pkg-config \
   runc \
   make \
   libapparmor-dev \
   gcc \
   cmake \
   uidmap \
   libostree-dev 

02. Install Conmon

The conmon is the container monitor which is a small C Program that’s job is to watch the primary process of the container.

git clone https://github.com/containers/conmon
cd conmon
make
sudo make podman
sudo cp /usr/local/libexec/podman/conmon  /usr/local/bin/

03. Install runc

To install the latest version of runc

git clone https://github.com/opencontainers/runc.git $GOPATH/src/github.com/opencontainers/runc
cd $GOPATH/src/github.com/opencontainers/runc
make BUILDTAGS="selinux seccomp"
sudo cp runc /usr/bin/runc

03. Install Container Network Interface (CNI)

The CNI plugin is used to insert a network interface into the container network namespace.

git clone https://github.com/containernetworking/plugins.git $GOPATH/src/github.com/containernetworking/plugins
cd $GOPATH/src/github.com/containernetworking/plugins
./build_linux.sh
sudo mkdir -p /usr/libexec/cni
sudo cp bin/* /usr/libexec/cni

Setup the network

sudo mkdir -p /etc/cni/net.d
curl -qsSL https://raw.githubusercontent.com/containers/libpod/master/cni/87-podman-bridge.conflist | sudo tee /etc/cni/net.d/99-loopback.conf

Add the configuration

sudo mkdir -p /etc/containers
sudo curl -L -o /etc/containers/registries.conf https://src.fedoraproject.org/rpms/containers-common/raw/main/f/registries.conf
sudo curl -L -o /etc/containers/policy.json https://src.fedoraproject.org/rpms/containers-common/raw/main/f/default-policy.json

04. Install Podman from Source

git clone https://github.com/containers/podman/ $GOPATH/src/github.com/containers/podman
cd $GOPATH/src/github.com/containers/podman
make
sudo make install

$ podman --version
podman version 4.0.0-dev

Conclusion

We hope that we have provided a solid foundation on your journey towards becoming better a pro in using podman to create and manage containers. This guide walked you through the installation of podman on Debian 11 Buster.