How To Install Podman 4.x on CentOS 7 / RHEL 7

Posted on 63 views

Podman (short name for Pod Manager Tool) is a daemonless container engine created to help you develop, manage, and run Open Container Initiative (OCI) containers on most Linux systems. Podman is an ultimate drop-in alternative for Docker. Podman is the default container runtime in openSUSE Kubic and Fedora CoreOS (certified Kubernetes distributions).

You can use Podman to create OCI-compliant container images using a Dockerfile and a range of commands identical to Docker Open Source Engine. An example is podman build command which performs the same task as docker build command. In other words, Podman provides a drop-in replacement for Docker Open Source Engine.

Some of the key advantages of Podman are:

  • It run containers in rootless mode – Ability to run rootless containers which are more secure, as they run without any added privileges
  • Native systemd integration – With Podman you can create systemd unit files and run containers as system services
  • No daemon required – Podman have much lower resource requirements at idle since Podman is daemonless.

Install Podman 4.x on CentOS 7 / RHEL 7

If you perform an installation of Podman on CentOS 7 / RHEL 7 from OS default repositories, an older version of the software is installed. Below is an output from a CentOS 7 Virtual Machine.

$ podman version
Version:            1.6.4
RemoteAPI Version:  1
Go Version:         go1.12.12
OS/Arch:            linux/amd64

In this article we are covering the installation of Podman 4.x on CentOS 7 / RHEL 7. The route to getting Podman 4.x on CentOS 7 / RHEL 7 system is by building the application from source code.

Before we can proceed, uninstall any older version of Podman in the system.

sudo yum -y remove podman

Step 1 – Install Podman 4.x build tools

Since we’re building the software from source, all the tools required must be installed. Ensure EPEL repository has been installed and is enabled in your system.

sudo yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm

Update all packages on the system and perform a reboot.

sudo yum -y update
sudo reboot

Install Development tools on your CentOS 7 / RHEL 7:

sudo yum -y install "@Development Tools"

Install other dependencies by running the commands below:

sudo yum install -y curl \
  gcc \
  make \
  device-mapper-devel \
  git \
  btrfs-progs-devel \
  conmon \
  containernetworking-plugins \
  containers-common \
  git \
  glib2-devel \
  glibc-devel \
  glibc-static \
  golang-github-cpuguy83-md2man \
  gpgme-devel \
  iptables \
  libassuan-devel \
  libgpg-error-devel \
  libseccomp-devel \
  libselinux-devel \
  pkgconfig \
  systemd-devel \
  autoconf \
  python3 \
  python3-devel \
  python3-pip \
  yajl-devel \
  libcap-devel

Wait for the installation of these dependencies to complete then proceed to step 2.

Step 2 – Install Golang on CentOS 7 / RHEL 7

Use the link shared to install Go on CentOS 7 / RHEL 7:

Checking version of Go after a successful installation:

$ go version
go version go1.19 linux/amd64

Step 3 – Install runc and conmon

Conmon is used to monitor OCI Runtimes and the package is expected installed on the system. The installation can be done using commands shared below.

cd ~
git clone https://github.com/containers/conmon
cd conmon
export GOCACHE="$(mktemp -d)"
make
sudo make podman
cd ..

Check the version after the installation.

$ conmon --version
conmon version 2.0.8
commit: f85c8b1ce77b73bcd48b2d802396321217008762

Perform the same build for runc package.

git clone https://github.com/opencontainers/runc.git $GOPATH/src/github.com/opencontainers/runc
cd $GOPATH/src/github.com/opencontainers/runc
make BUILDTAGS="selinux seccomp"
sudo cp runc /usr/bin/runc
cd ~/

Use –version command option to check the version.

$ runc --version
runc version 1.1.0+dev
commit: v1.1.0-276-gbc13e33
spec: 1.0.2-dev
go: go1.19
libseccomp: 2.3.1

Step 4 – Setup CNI networking for Podman

Create /etc/containers directory used to store CNI network configuration files.

sudo mkdir -p /etc/containers

Download configuration samples and place created directory:

sudo curl -L -o /etc/containers/registries.conf https://src.fedoraproject.org/rpms/containers-common/raw/main/f/registries.conf
sudo curl -L -o /etc/containers/policy.json https://src.fedoraproject.org/rpms/containers-common/raw/main/f/default-policy.json

Step 5 – Install Podman 4.x on CentOS 7 / RHEL 7

Install wget command line utility package.

sudo yum -y install wget

Download latest release of Podman source code from Github repository.

TAG=4.1.1
rm -rf podman*
wget https://github.com/containers/podman/archive/refs/tags/v$TAG.tar.gz

Extract downloaded file using tar command:

tar xvf v$TAG.tar.gz

Navigate to podman directory and begin the build process.

cd podman*/
make BUILDTAGS="selinux seccomp"
sudo make install PREFIX=/usr

If you encounter an error below during build:

gcc errors for preamble:
In file included from vendor/github.com/proglottis/gpgme/data.go:6:0:
./go_gpgme.h:15:1: error: unknown type name 'gpgme_off_t'
 extern gpgme_off_t gogpgme_data_seek(gpgme_data_t dh, gpgme_off_t offset, int whence);
 ^
./go_gpgme.h:15:55: error: unknown type name 'gpgme_off_t'
 extern gpgme_off_t gogpgme_data_seek(gpgme_data_t dh, gpgme_off_t offset, int whence);
                                                       ^

make: *** [bin/podman] Error 2

The issue is captured in Podman 4 bug issues page. Recommended quick fix is to update pgpme package.

sudo yum remove  gpgme-devel -y
sudo yum -y install https://cbs.centos.org/kojifiles/packages/gpgme/1.7.1/0.el7.centos.1/x86_64/gpgme-1.7.1-0.el7.centos.1.x86_64.rpm
sudo yum -y install https://cbs.centos.org/kojifiles/packages/gpgme/1.7.1/0.el7.centos.1/x86_64/gpgme-devel-1.7.1-0.el7.centos.1.x86_64.rpm

After update retry your build.

make BUILDTAGS="selinux seccomp"
sudo make install PREFIX=/usr

List of available build tags, feature and dependency:

Build Tag Feature Dependency
apparmor apparmor support libapparmor
exclude_graphdriver_btrfs exclude btrfs libbtrfs
exclude_graphdriver_devicemapper exclude device-mapper libdm
libdm_no_deferred_remove exclude deferred removal in libdm libdm
seccomp syscall filtering libseccomp
selinux selinux process and mount labeling
systemd journald logging libsystemd

Add comment to override_kernel_checkconfiguration line.

sudo sed -ie 's/override_kernel_check/#override_kernel_check/g' /etc/containers/storage.conf

You can check the version of Podman 3 installed on CentOS 7 / RHEL 7 after the build.

$ podman  version
Client:       Podman Engine
Version:      4.1.1
API Version:  4.1.1
Go Version:   go1.19
Built:        Mon Jul 11 11:30:09 2022
OS/Arch:      linux/amd64

Let’s test image download using podman pull command:

$ podman pull docker.io/library/alpine:latest
Trying to pull docker.io/library/alpine:latest...
Getting image source signatures
Copying blob 2408cc74d12b done
Copying config e66264b987 done
Writing manifest to image destination
Storing signatures
e66264b98777e12192600bf9b4d663655c98a090072e1bab49e233d7531d1294

You can also run Docker Hello World container to confirm this works:

$ podman run docker.io/library/hello-world
Trying to pull docker.io/library/hello-world:latest...
Getting image source signatures
Copying blob 2db29710123e done
Copying config feb5d9fea6 done
Writing manifest to image destination
Storing signatures

Hello from Docker!
This message shows that your installation appears to be working correctly.

To generate this message, Docker took the following steps:
 1. The Docker client contacted the Docker daemon.
 2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
    (amd64)
 3. The Docker daemon created a new container from that image which runs the
    executable that produces the output you are currently reading.
 4. The Docker daemon streamed that output to the Docker client, which sent it
    to your terminal.

To try something more ambitious, you can run an Ubuntu container with:
 $ docker run -it ubuntu bash

Share images, automate workflows, and more with a free Docker ID:
 https://hub.docker.com/

For more examples and ideas, visit:
 https://docs.docker.com/get-started/

This is a reference guide on using Podman:

coffee

Gravatar Image
A systems engineer with excellent skills in systems administration, cloud computing, systems deployment, virtualization, containers, and a certified ethical hacker.