podman
podman ist das neue docker. Vorteile:
- läuft nicht als root
- Großartiger Sicherheitsgewinn zur Laufzeit
- Großartiger Sicherheitsgewinn zur Entwicklungszeit
- einfacherer Umgang mit Volumes durch UID-Mapping
- Handhabung sehr ähnlich zu docker
- bloß besserer Unterbau ;)
- funktioniert mit systemd, auch innerhalb des Containers
- docker baut lieber "Parallelwelt" für Fehlerbehandlung auf
- docker kann kein systemd in Containern
- Antrieb kommt von Red Hat
- vernünftige Projektführung
- docker geht lieber eigenen Weg
- docker lehnte einige gute PullRequest ab (was zu podman führte)
podman run -it fedora /bin/bash podman run fedora /usr/bin/cat /etc/hosts podman cp fedora /etc/hosts . podman build -t hello-world .
1 privoxy
- Containerfile
FROM fedora:31 RUN dnf -y update \ && dnf -y install privoxy \ && sed -ie 's/listen-address 127.0.0.1:8118/listen-address :8118/' /etc/privoxy/config \ && sed -ie 's/keep-alive-timeout 5/keep-alive-timeout 300/' /etc/privoxy/config EXPOSE 8118 CMD ["privoxy", "--no-daemon", "/etc/privoxy/config"]
2 inadyn-mt
- Containerfile
FROM fedora:31 RUN dnf -y install inadyn-mt ADD inadyn-mt.conf /etc/inadyn-mt.conf CMD /usr/sbin/inadyn
3 TODO gitolite
- Containerfile
FROM fedora:31 RUN dnf -y install gitolite3 openssh-server hostname findutils glibc-locale-source RUN localedef -v -c -i de_DE -f UTF-8 de_DE.UTF-8 || true RUN ssh-keygen -A RUN useradd git ADD admin.pub /tmp/admin.pub USER git ENV USER=git RUN gitolite setup -pk /tmp/admin.pub USER root EXPOSE 22/tcp CMD ["/usr/sbin/sshd", "-D"]
- podman-compose.yml
version: '2.0' services: git: build: . image: gitolite:latest ports: - "7999:22" volumes: - ./gitolite:/home/git
- list repositories
ssh git@ip -p 7999 info
4 TODO murmur
- Containerfile
FROM fedora:31 RUN dnf -y install murmur RUN sed -ie 's/#autoban/autoban/' /etc/murmur/murmur.ini RUN sed -ie 's/welcometext=.*/welcometext="You made it!"/' /etc/murmur/murmur.ini RUN sed -ie 's/serverpassword=.*/serverpassword=complicated/' /etc/murmur/murmur.ini RUN sed -ie 's/#registerName=.*/registerName=myOwnMurmur/' /etc/murmur/murmur.ini ADD murmur.sqlite /var/lib/mumble-server/murmur.sqlite RUN chown mumble-server:mumble-server /var/lib/mumble-server/murmur.sqlite EXPOSE 64738 CMD murmurd -fg -ini /etc/murmur/murmur.ini
- podman-compose
version: '2.0' services: murmur: build: . image: murmur:latest restart: always ports: - "64738:64738" volumes: - ./murmur:/var/lib/mumble-server
5 TODO ttrss
- Containerfile
FROM fedora:31 RUN dnf -y update \ && dnf -y install httpd mod_ssl \ && dnf clean all COPY server.crt /etc/pki/tls/certs/localhost.crt COPY server.key /etc/pki/tls/private/localhost.key COPY https.conf /etc/httpd/conf.d/https.conf CMD ["httpd", "-DFOREGROUND"]
- https.conf
ServerName ttrss <VirtualHost *:443> SSLEngine on SSLCertificateFile /etc/pki/tls/certs/localhost.crt SSLCertificateKeyFile /etc/pki/tls/private/localhost.key ProxyPass / http://ttrss:80/ ProxyPassReverse / http://ttrss:80/ </VirtualHost>
- podman-compose.yml
version: '3.3' services: https: build: . image: httpstinyrss:0.5 restart: always ports: - "443:443" networks: - net ttrss: image: linuxserver/tt-rss restart: always volumes: - /etc/localtime:/etc/localtime:ro - ./ttrss:/config networks: - net postgres: image: postgres:11.0 restart: always environment: - POSTGRES_PASSWORD:complicated volumes: - ./ttrss_pgdata:/var/lib/postgresql/data networks: - net networks: net:
6 TODO onedrive
- Containerfile
FROM fedora:31 RUN dnf -y update \ && dnf -y install onedrive \ && dnf clean all RUN useradd onedrive USER onedrive CMD ["/usr/bin/onedrive", "--monitor", "--resync"]
- once: token-building
podman run -it \ -v ./onedrive:/home/onedrive/OneDrive \ -v ./onedrive_cfg:/home/onedrive/.config/onedrive \ onedrive:latest
- podman-compose.yml
version: '3.3' services: onedrive: build: . image: onedrive:latest restart: always volumes: - ./onedrive:/home/onedrive/OneDrive - ./onedrive_cfg:/home/onedrive/.config/onedrive