CentOS8 安装和使用podman

2020-12-012020-12-01 10:58:45阅读 3340

使用rootless用户pull ubuntu镜像，竟然报这种错误。 发现错误：

[javadm@instance-2 ~]$ docker pull ubuntu
ERRO[0000] cannot find mappings for user javadm: No subuid ranges found for user "javadm" in /etc/subuid
ERRO[0000] cannot find mappings for user javadm: No subuid ranges found for user "javadm" in /etc/subuid
Trying to pull registry.access.redhat.com/ubuntu...
  name unknown: Repo not found
Trying to pull registry.fedoraproject.org/ubuntu...
  manifest unknown: manifest unknown
Trying to pull registry.centos.org/ubuntu...
  manifest unknown: manifest unknown
Trying to pull docker.io/library/ubuntu...
Getting image source signatures
Copying blob 6154df8ff988 done
Copying blob d51af753c3d3 done
Copying blob fee5db0ff82f done
Copying blob fc878cd0a91c done
Copying config 1d622ef86b done
Writing manifest to image destination
Storing signatures
  Error processing tar file(exit status 1): there might not be enough IDs available in the namespace (requested 0:42 for /etc/gshadow): lchown /etc/gshadow: invalid argument
Error: error pulling image "ubuntu": unable to pull ubuntu: 4 errors occurred:
        * Error initializing source docker://registry.access.redhat.com/ubuntu:latest: Error reading manifest latest in registry.access.redhat.com/ubuntu: name unknown: Repo not found
        * Error initializing source docker://registry.fedoraproject.org/ubuntu:latest: Error reading manifest latest in registry.fedoraproject.org/ubuntu: manifest unknown: manifest unknown
        * Error initializing source docker://registry.centos.org/ubuntu:latest: Error reading manifest latest in registry.centos.org/ubuntu: manifest unknown: manifest unknown
        * Error committing the finished image: error adding layer with blob "sha256:d51af753c3d3a984351448ec0f85ddafc580680fd6dfce9f4b09fdb367ee1e3e": Error processing tar file(exit status 1): there might not be enough IDs available in the namespace (requested 0:42 for /etc/gshadow): lchown /etc/gshadow: invalid argument

如何解决： 1./etc/subuid和/etc/subgid 增加子用户映射

[root@instance-2 ~]# echo javadm:200000:300006666 >> /etc/subuid
[root@instance-2 ~]# echo javadm:300000:400006666 >> /etc/subgid
[root@instance-2 ~]# cat /etc/subuid
robin:100000:65536
javadm:200000:300006666
[root@instance-2 ~]# cat /etc/subgid
robin:100000:65536
javadm:300000:400006666

验证发现还报错：

[root@instance-2 ~]# su - javadm
Last login: Fri Apr 24 13:15:11 UTC 2020 on pts/0
[javadm@instance-2 ~]$ docker pull ubuntu
Trying to pull registry.access.redhat.com/ubuntu...
  name unknown: Repo not found
Trying to pull registry.fedoraproject.org/ubuntu...
  manifest unknown: manifest unknown
Trying to pull registry.centos.org/ubuntu...
  manifest unknown: manifest unknown
Trying to pull docker.io/library/ubuntu...
Getting image source signatures
Copying blob fee5db0ff82f done
Copying blob fc878cd0a91c done
Copying blob 6154df8ff988 done
Copying blob d51af753c3d3 done
Copying config 1d622ef86b done
Writing manifest to image destination
Storing signatures
  Error processing tar file(exit status 1): there might not be enough IDs available in the namespace (requested 0:42 for /etc/gshadow): lchown /etc/gshadow: invalid argument
Error: error pulling image "ubuntu": unable to pull ubuntu: 4 errors occurred:
        * Error initializing source docker://registry.access.redhat.com/ubuntu:latest: Error reading manifest latest in registry.access.redhat.com/ubuntu: name unknown: Repo not found
        * Error initializing source docker://registry.fedoraproject.org/ubuntu:latest: Error reading manifest latest in registry.fedoraproject.org/ubuntu: manifest unknown: manifest unknown
        * Error initializing source docker://registry.centos.org/ubuntu:latest: Error reading manifest latest in registry.centos.org/ubuntu: manifest unknown: manifest unknown
        * Error committing the finished image: error adding layer with blob "sha256:d51af753c3d3a984351448ec0f85ddafc580680fd6dfce9f4b09fdb367ee1e3e": Error processing tar file(exit status 1): there might not be enough IDs available in the namespace (requested 0:42 for /etc/gshadow): lchown /etc/gshadow: invalid argument

2.再次修改

[javadm@instance-2 ~]$ cat /etc/subuid
robin:100000:65536
javadm:200000:300006666

[javadm@instance-2 ~]$ cat /etc/subgid
robin:100000:65536
javadm:400000000:400006666

错误依旧：

[javadm@instance-2 ~]$ docker pull ubuntu
Trying to pull registry.access.redhat.com/ubuntu...
  name unknown: Repo not found
Trying to pull registry.fedoraproject.org/ubuntu...
  manifest unknown: manifest unknown
Trying to pull registry.centos.org/ubuntu...
  manifest unknown: manifest unknown
Trying to pull docker.io/library/ubuntu...
Getting image source signatures
Copying blob 6154df8ff988 done
Copying blob fc878cd0a91c done
Copying blob fee5db0ff82f done
Copying blob d51af753c3d3 done
Copying config 1d622ef86b done
Writing manifest to image destination
Storing signatures
  Error processing tar file(exit status 1): there might not be enough IDs available in the namespace (requested 0:42 for /etc/gshadow): lchown /etc/gshadow: invalid argument
Error: error pulling image "ubuntu": unable to pull ubuntu: 4 errors occurred:
        * Error initializing source docker://registry.access.redhat.com/ubuntu:latest: Error reading manifest latest in registry.access.redhat.com/ubuntu: name unknown: Repo not found
        * Error initializing source docker://registry.fedoraproject.org/ubuntu:latest: Error reading manifest latest in registry.fedoraproject.org/ubuntu: manifest unknown: manifest unknown
        * Error initializing source docker://registry.centos.org/ubuntu:latest: Error reading manifest latest in registry.centos.org/ubuntu: manifest unknown: manifest unknown
        * Error committing the finished image: error adding layer with blob "sha256:d51af753c3d3a984351448ec0f85ddafc580680fd6dfce9f4b09fdb367ee1e3e": Error processing tar file(exit status 1): there might not be enough IDs available in the namespace (requested 0:42 for /etc/gshadow): lchown /etc/gshadow: invalid argument

3.再想办法。

  121  cd /etc/sysctl.d/
  122  ll
  123  touch podman.conf
  124  echo user.max_user_namespaces = 900000000 >>podman.conf
  125  cat podman.conf
  126  reboot

错误依旧：

[javadm@instance-2 ~]$ docker pull ubuntu
Trying to pull registry.access.redhat.com/ubuntu...
  name unknown: Repo not found
Trying to pull registry.fedoraproject.org/ubuntu...
  manifest unknown: manifest unknown
Trying to pull registry.centos.org/ubuntu...
  manifest unknown: manifest unknown
Trying to pull docker.io/library/ubuntu...
Getting image source signatures
Copying blob fee5db0ff82f done
Copying blob fc878cd0a91c done
Copying blob d51af753c3d3 done
Copying blob 6154df8ff988 done
Copying config 1d622ef86b done
Writing manifest to image destination
Storing signatures
  Error processing tar file(exit status 1): there might not be enough IDs available in the namespace (requested 0:42 for /etc/gshadow): lchown /etc/gshadow: invalid argument
Error: error pulling image "ubuntu": unable to pull ubuntu: 4 errors occurred:
        * Error initializing source docker://registry.access.redhat.com/ubuntu:latest: Error reading manifest latest in registry.access.redhat.com/ubuntu: name unknown: Repo not found
        * Error initializing source docker://registry.fedoraproject.org/ubuntu:latest: Error reading manifest latest in registry.fedoraproject.org/ubuntu: manifest unknown: manifest unknown
        * Error initializing source docker://registry.centos.org/ubuntu:latest: Error reading manifest latest in registry.centos.org/ubuntu: manifest unknown: manifest unknown
        * Error committing the finished image: error adding layer with blob "sha256:d51af753c3d3a984351448ec0f85ddafc580680fd6dfce9f4b09fdb367ee1e3e": Error processing tar file(exit status 1): there might not be enough IDs available in the namespace (requested 0:42 for /etc/gshadow): lchown /etc/gshadow: invalid argument

4.再想办法。

[javadm@instance-2 ~]$ getcap /usr/bin/newuidmap
/usr/bin/newuidmap = cap_setuid+ep
podman system migrate

5.再想办法。

[root@instance-2 ~]# setenforce 0
[root@instance-2 ~]# su - javadm
Last login: Fri Apr 24 14:21:15 UTC 2020 on pts/0
[javadm@instance-2 ~]$ getenforce
Permissive

6.回退

[javadm@instance-2 ~]$ cat /etc/subuid
robin:100000:65536
javadm:200000:300006666
[javadm@instance-2 ~]$ cat /etc/subgid
robin:100000:65536
javadm:400000000:400006666
[javadm@instance-2 ~]$

7.做一些更改，最重要的！

echo user.max_user_namespaces=900000000  >> /etc/sysctl.d/userns.conf

**[javadm@instance-2 ~]$ cat /etc/subuid
robin:100000:65536
javadm:165536:65536
[javadm@instance-2 ~]$ cat /etc/subgid
robin:100000:65536
javadm:165536:65536**
[javadm@instance-2 ~]$

podman system migrate

[javadm@instance-2 ~]$ docker pull ubuntu
Trying to pull registry.access.redhat.com/ubuntu...
  name unknown: Repo not found
Trying to pull registry.fedoraproject.org/ubuntu...
  manifest unknown: manifest unknown
Trying to pull registry.centos.org/ubuntu...
  manifest unknown: manifest unknown
Trying to pull docker.io/library/ubuntu...
Getting image source signatures
Copying blob 6154df8ff988 done
Copying blob d51af753c3d3 done
Copying blob fc878cd0a91c done
Copying blob fee5db0ff82f done
Copying config 1d622ef86b done
Writing manifest to image destination
Storing signatures
1d622ef86b138c7e96d4f797bf5e4baca3249f030c575b9337638594f2b63f01
[javadm@instance-2 ~]$

FAQ:

[javadm@instance-2 proc]$ podman image list
ERRO[0000] open /proc/2364/ns/user: no such file or directory
[javadm@instance-2 proc]$ cd /tmp/
[javadm@instance-2 tmp]$ docker image list
ERRO[0000] open /proc/2364/ns/user: no such file or directory
[javadm@instance-2 tmp]$ history

podman system migrate

本文参与腾讯云自媒体分享计划，欢迎正在阅读的你也加入，一起分享。

展开阅读全文

我来说两句

0 条评论

登录后参与评论

CentOS8容器管理工具Podman
新年新装的 CentOS8 系统，装完发现没有 Docker 了，后来发现 CentOS8 使用 Podman 作为默认的容器管理工具了，大概看了一下帮助，其实...
kongxx
Podman 简介
Podman 是一个开源的容器运行时项目，可在大多数 Linux 平台上使用。Podman 提供与 Docker 非常相似的功能。正如前面提到的那样，它不需要在...
院长技术
Podman 会取代 Docker 吗?
Linux容器是与系统其他部分隔离开的一系列进程。运行这些进程所需的所有文件都由另一个镜像提供，这意味着从开发到测试再到生产的整个过程中，Linux 容器都具...
YP小站
使用cephadm安装ceph octopus
Cephadm使用容器和systemd安装和管理Ceph集群，并与CLI和仪表板GUI紧密集成。
没有故事的陈师傅
Podman 简介
Podman 是一个开源的容器运行时项目，可在大多数 Linux 平台上使用。Podman 提供与 Docker 非常相似的功能。正如前面提到的那样，它不需要在...
红芽
centos8安装图解(超详细教程)
CentOS 8官方正式发布了！CentOS 完全遵守 Red Hat 的再发行政策，并且致力与上游产品在功能上完全兼容。CentOS 对组件的修改主要是去除 ...
砸漏
macOS 终于可以完美使用 Podman 了！
Podman 是一个无守护程序与 Docker 命令兼容的下一代 Linux 容器工具，该项目由 RedHat 主导，其他的细节可以参考 Podman 使用指南...
Jintao Zhang
1.Podman容器管理工具基础学习
Q:什么是Podman? 官网描述: Podman是一个无守护进程的容器引擎,用于在Linux系统上开发、管理和运行OCI容器(开源的容器管理工具)。容器可以作...
WeiyiGeek
放弃手中Docker拥抱下一代容器管理工具Podman
官网描述: Podman是一个无守护进程的容器引擎,用于在Linux系统上开发、管理和运行OCI容器(开源的容器管理工具)。容器可以作为根运行，也可以以无根模式...
WeiyiGeek

作者介绍

双面人

专栏

精选专题

腾讯云原生专题
云原生技术干货，业务实践落地。

活动推荐

运营活动

广告关闭

腾讯云·社区

云+社区

双面人

CentOS8 安装和使用podman

CentOS8 安装和使用podman

我来说两句

相关文章

CentOS8容器管理工具Podman

Podman 简介

Podman 会取代 Docker 吗?

使用cephadm安装ceph octopus

Podman 简介

centos8安装图解(超详细教程)

macOS 终于可以完美使用 Podman 了！

1.Podman容器管理工具基础学习

放弃手中Docker拥抱下一代容器管理工具Podman

作者介绍

双面人

精选专题

腾讯云原生专题

活动推荐

腾讯极客挑战赛-寻找地表最强极客

腾讯云自媒体分享计划

运营活动

社区

活动

资源

关于

归档

云+社区

腾讯云·社区

双面人

CentOS8 安装和使用podman

CentOS8 安装和使用podman

CentOS8容器管理工具Podman

Podman 简介

Podman 会取代 Docker 吗?

使用cephadm安装ceph octopus

Podman 简介

centos8安装图解(超详细教程)

macOS 终于可以完美使用 Podman 了！

1.Podman容器管理工具基础学习

放弃手中Docker拥抱下一代容器管理工具Podman

双面人

腾讯云原生专题

腾讯极客挑战赛-寻找地表最强极客

腾讯云自媒体分享计划

社区

活动

资源

关于

归档

云+社区

热门产品

热门推荐

更多推荐