How To Install Podman 4 on Debian 11 / Debian 10

Posted on 173 views

Due to the increasing complexity of applications in infrastructure, many system admins and developers find it hard to manage the environments which may require a lot of resources and hence expensive. One solution to this challenge was the introduction of a virtualization technique known as containerization. This technology has been highly adopted in the past decade with tools such as Kubernetes, Podman, and Docker playing a significant part.

Containerization is the packaging of a portable computing environment that contains everything an application needs to run, from binaries to dependencies. With this technology, virtualization occurs at the host level. This requires no virtual hardware, operating system, or virtual kernel.

Podman is a containerization tool developed by RedHat to act as a drop-in replacement for Docker. This daemon-less container engine can be used to develop, manage and run OCI(Open Container Initiative) containers. It can also be used to pull container images and configure containers to run automatically on boot just like Docker.

Podman is highly preferred due to the following:

  • No daemon required: this allows for a faster startup and fewer resource requirements
  • Compatibility with Docker, it is possible to pull images from Docker Hub or Quay.io
  • Native systemd integration: you can create systemd unit files and run containers as system services
  • Run containers in rootless mode: this makes it easy to run containers securely without any additional privileges

Podman closely works with other tools in container management. These tools include:

  • Skopeo: for sharing/finding container images on Docker registries, the Atomic registry, private registries, local directories, and local OCI-layout directories.
  • Buildah: is used to facilitate the building of OCI images either from scratch or using an image as a starting point.

In this guide, we will install Podman 4 on Debian 11 / Debian 10 and also use it to pull images and run containers.

Step 1. Install the Required Tools

Podman can be installed from the Podman repositories but the available version is Podman 3. To install Podman 4, we need to build it from a source code.

Before we begin, ensure your system and the available packages are updated to the latest versions.

sudo apt update && sudo apt upgrade -y

You also need to install the required tools to build Podman from the source code:

sudo apt install btrfs-progs git iptables libassuan-dev libbtrfs-dev libc6-dev libdevmapper-dev libglib2.0-dev libgpgme-dev libgpg-error-dev libprotobuf-dev libprotobuf-c-dev  libseccomp-dev libselinux1-dev libsystemd-dev pkg-config runc uidmap make curl vim gcc -y

Step 2. Install Golang

To build Podman from the source code, you need Golang 1.16 and higher. This version can be installed by downloading the latest binary from the Golang release page. Alternatively, pull the file with the command:

sudo -i
wget https://storage.googleapis.com/golang/getgo/installer_linux

Make the script executabled

chmod +x ./installer_linux

Now run the installer to download the latest release of Golang:

./installer_linux

Persist the new environment variables to your current session:

source ~/.bash_profile

Verify the installation.

# go version
go version go1.19.1 linux/amd64

Step 3. Install runc and Conmon

The Conmon module is used to monitor OCI Runtimes. It can be installed with the commands:

cd ~
git clone https://github.com/containers/conmon
cd conmon
export GOCACHE="$(mktemp -d)"
make
sudo make podman
cd ..

Once installed, proceed and install runc which is picked as the default runtime by Podman.

git clone https://github.com/opencontainers/runc.git $GOPATH/src/github.com/opencontainers/runc
cd $GOPATH/src/github.com/opencontainers/runc
make BUILDTAGS="selinux seccomp"
cp runc /usr/bin/runc
cd ~/

Verify your installation:

# runc --version 
runc version 1.1.0+dev
commit: v1.1.0-272-g4a51b047
spec: 1.0.2-dev
go: go1.19
libseccomp: 2.5.1

Step 4 – Configure CNI networking plugins

Create a directory to store the CNI networking plugins at /etc/containers

sudo mkdir -p /etc/containers

Download the config file into the directory.

sudo curl -L -o /etc/containers/registries.conf https://src.fedoraproject.org/rpms/containers-common/raw/main/f/registries.conf
sudo curl -L -o /etc/containers/policy.json https://src.fedoraproject.org/rpms/containers-common/raw/main/f/default-policy.json

Install additional packages on Debian 11 / Debian 10

sudo apt install -y libapparmor-dev libsystemd-dev

Step 5 – Install Podman 4 on Debian 11 / Debian 10

Once all the above configurations have been made, download the latest Podman source code. This can be accomplished by visiting the GitHub release page

It is also possible to download the file with the commands:

sudo apt install curl wget -y
TAG=$(curl -s https://api.github.com/repos/containers/podman/releases/latest|grep tag_name|cut -d '"' -f 4)
rm -rf podman*
wget https://github.com/containers/podman/archive/refs/tags/$TAG.tar.gz

Extract the downloaded file:

tar xvf $TAG.tar.gz

Now build and install Podman 4 from the source code using the commands:

cd podman*/
make BUILDTAGS="selinux seccomp"
make install PREFIX=/usr

Once complete, verify the installation:

$ podman  version
Client:       Podman Engine
Version:      4.2.1
API Version:  4.2.1
Go Version:   go1.19.1
Built:        Fri Sep 23 13:38:07 2022
OS/Arch:      linux/amd64

To be able to configure network namespaces, you need to install the slirp4netns package. Download the latest release file from the GitHub Release.

Alternatively, use cURL as shown

cd ~/
TAG=$( curl -s https://api.github.com/repos/rootless-containers/slirp4netns/releases/latest|grep tag_name|cut -d '"' -f 4)
curl -o slirp4netns --fail -L https://github.com/rootless-containers/slirp4netns/releases/download/$TAG/slirp4netns-$(uname -m)

Make the file executable:

chmod +x slirp4netns

Copy the binary file to your $PATH:

sudo cp slirp4netns /usr/local/bin

Step 6 – Use Podman 4 on Debian 11 / Debian 10

Now you can use Podman to build and pull images, spin containers and manage them easily.

Manage Container Images

To pull an image, use the command with the syntax:

 podman pull <registry/image:tag>

For example, to pull an Nginx image from docker hub, the command will be:

$ podman pull docker.io/library/nginx:latest
Trying to pull docker.io/library/nginx:latest...
Getting image source signatures
Copying blob 7247f6e5c182 done  
Copying blob 7247f6e5c182 done  
Copying blob 7a6db449b51b done  
Copying blob ca1981974b58 done  
Copying blob d4019c921e20 done  
Copying blob 7cb804d746d4 done  
Copying blob e7a561826262 done  
Copying config 2b7d6430f7 done  
Writing manifest to image destination
Storing signatures
2b7d6430f78d432f89109b29d88d4c36c868cdbf15dc31d2132ceaa02b993763

Once pulled, you can view the images with the command:

$ podman images
REPOSITORY                TAG         IMAGE ID      CREATED      SIZE
docker.io/library/nginx   latest      2b7d6430f78d  8 days ago   146 MB
docker.io/library/alpine  latest      9c6f07244728  3 weeks ago  5.83 MB
docker.io/library/ubuntu  latest      df5de72bdb3b  4 weeks ago  80.4 MB

You can delete a container image, say ubuntu:latest from docker hub with the command:

$ podman rmi docker.io/library/ubuntu:latest
Untagged: docker.io/library/ubuntu:latest
Deleted: df5de72bdb3b711aba4eca685b1f42c722cc8a1837ed3fbd548a9282af2d836d

Before you delete an image, you need to ensure the container using it is stopped and deleted.

Build Container Images

It is also possible to build your win container images. The images can be used locally or uploaded to a registry.

To create a container image on Podman, you need to create a Dockerfile.

vim Dockerfile

In the file, you need to add the commands to be executed. For example:

FROM ubuntu:20.04
RUN apt-get up date -y
ENV DEBIAN_FRONTEND=noninteractive 
RUN apt-get install -y gnupg apt-transport-https apt-utils wget
RUN echo "deb https://notesalexp.org/tesseract-ocr5/focal/ focal main" \
|tee /etc/apt/sources.list.d/notesalexp.list > /dev/null
RUN wget -O - https://notesalexp.org/debian/alexp_key.asc | apt-key add -
RUN apt-get update -y
RUN apt-get install tesseract-ocr -y
RUN apt install imagemagick -y
ENTRYPOINT ["tesseract"]
RUN tesseract -v

Now build a container image with the command:

podman build . -t tesseract:latest

The build image will have the name tesseract and tagged as latest. Once complete, check if the image is available:

$ podman images
REPOSITORY                TAG         IMAGE ID      CREATED             SIZE
localhost/tesseract       latest      a98239ee7925  About a minute ago  313 MB
docker.io/library/nginx   latest      2b7d6430f78d  8 days ago          146 MB
docker.io/library/alpine  latest      9c6f07244728  3 weeks ago         5.83 MB
docker.io/library/ubuntu  20.04       3bc6e9f30f51  4 weeks ago         75.2 MB

Manage Containers

Containers can be run from existing images or by downloading images from the preferred registry.

For example, to run a container from the created Tesseract images, issue the command:

$ podman run tesseract:latest -v
tesseract 5.2.0
 leptonica-1.79.0
  libgif 5.1.4 : libjpeg 8d (libjpeg-turbo 2.0.3) : libpng 1.6.37 : libtiff 4.1.0 : zlib 1.2.11 : libwebp 0.6.1 : libopenjp2 2.3.1
 Found OpenMP 201511
 Found libarchive 3.4.0 zlib/1.2.11 liblzma/5.2.4 bz2lib/1.0.8 liblz4/1.9.2 libzstd/1.4.4
 Found libcurl/7.68.0 OpenSSL/1.1.1f zlib/1.2.11 brotli/1.0.7 libidn2/2.2.0 libpsl/0.21.0 (+libidn2/2.2.0) libssh/0.9.3/openssl/zlib nghttp2/1.40.0 librtmp/2.3

You can also run a container using an image available in the registry.

podman run docker.io/library/hello-world

Sample output:

Install-Podman-4-on-Debian

To check if the container is running, use the command:

podman ps

To list all the containers including the ones not running, issue the command:

$ podman ps -a
CONTAINER ID  IMAGE                                 COMMAND               CREATED         STATUS                         PORTS               NAMES
bff200dbe9b8  localhost/tesseract:latest            -v                    5 minutes ago   Exited (0) 5 minutes ago                           gallant_mahavira
34c490d56716  docker.io/library/nginx:latest        nginx -g daemon o...  5 minutes ago   Created                        0.0.0.0:80->80/tcp  mynginx1
26f64c70d1df  docker.io/library/nginx:latest        nginx -g daemon o...  3 minutes ago   Exited (0) About a minute ago                      mynginx
a51d55a7d880  docker.io/library/hello-world:latest  /hello                52 seconds ago  Exited (0) 52 seconds ago                          romantic_jang

To stop a container, run the command:

podman stop container_name/container_ID

To remove a container, first, stop it, then execute the command:

podman rm container_name/container_ID

That marks the end of this guide on how to install Podman 4 on Debian 11 / Debian 10. Now you are set to pull images and run containers as desired.

coffee

Gravatar Image
A systems engineer with excellent skills in systems administration, cloud computing, systems deployment, virtualization, containers, and a certified ethical hacker.