Migrate from Docker to Podman
YOU’LL NEED THIS
PODMAN You can install this natively in Linux or through WSL in Windows. For a beginner’s guide to Podman, see the
February 2024 issue.
A COUPLE OF ISSUES AGO, we introduced you to a new, more secure way of running containerized apps on your PC: Podman. However, while Podman is designed to work with Docker containers, the way it functions means they’re not 100 percent compatible—at least in their native form. That’s down to two primary reasons: the first is that Podman runs under your own user account to provide containers with ‘rootless’ access to your system, and the second is that containers are set up to run independently instead of through an additional Docker daemon process.
Rootless access prevents containers from being given the keys to your system, but can cause problems for those that need elevated access in certain areas. The lack of a parent daemon also requires a different approach to configuring containers to auto-start with your system. In this tutorial, we’ll examine these key differences and explain ways in which you can circumvent them to get a selection of popular containers. You’ll also equip yourself with the know-how to get other containers working. We’ve focused on the Linux implementation of Podman, but you can easily tweak these instructions to work with Podman in Windows, too. –NICK PEERS
1
PREPARATORY STEPS
Whether installing Podman alongside an existing installation of Docker, or setting it up for the first time on a new machine, the first thing you need to do is migrate your existing container data across to Podman. We recommend storing everything inside a parent container data folder (container-data or podman-container-data, if Docker is already present) in an accessible location. This might be inside C:\Users\ Username in Windows, or your home (~) folder in Linux. You then create individual subfolders for each container inside this.
» Because Podman runs rootless by default under your own username, you’ll need to ensure that all your container folders are accessible. Permission issues don’t exist for Windows users because of the way both Docker and Podman run within the Windows Subsystem for Linux, but if you’re running a native Linux install like Debian or Ubuntu Server, you’ll need to take ownership of the entire container-data folder. Input the following command, substituting username:username with your own Linux username, such as nick:nick): sudo chown -R username:username ~/container-data
» Now, verify that the permissions have been updated: cd ~/container-data && ls -l
» If all is as it should be, your username should be listed as the owner of all the sub-folders, as shown in [ Image A].
2
YOUR FIRST MIGRATION
If you’ve not already done so, consult our beginners’ Podman feature in the February 2024 issue. This introduced you to Podman, and revealed how to set it up in a Windows instance and install your first containers: Vaultwarden (a self-hosted instance of the Bitwarden password manager), and Nginx Proxy Manager (a reverse proxy). If you check the screenshot on page 45 of that issue, you’ll see the commands required to create both instances in Windows. The steps are identical for Linux machines, except you don’t use the character as an escape to indicate line breaks; instead, use the backslash (\) character, as shown in [ Image B].
» If you compare this to the command required to run Vaultwarden in Docker (see https://github.com/danigarcia/vaultwarden), there are two differences. First, we’ve referenced the bridge-for-podman network. We need to create this dedicated bridge network, which is required should you want to use Vaultwarden in conjunction with Nginx Proxy Manager (see step 4) to allow you to access it remotely. Thankfully, you can set this up with a single command: podman network create bridge-for-podman
» The second difference can be found in the final line: we’ve added ‘docker.io/’. This is because Podman needs to know which container repository you’re pulling the container from.
1. FILTER CONTAINERS
Cockpit’s podman plugin displays all running containers regardless of which account launched them by default. Use the drop-down menu and keyword filter to create customized views.
2. IMAGES
Click ‘Show images’ to view all downloaded images—including those not currently being used. Click ‘Create container’ next to one to set up a container from it.
3. CONTAINER DETAILS
Click > next to a container to reveal more information, plus gain access to both system logs (for troubleshooting) and a console for directly interacting with the container.
4. SYSTEM RESOURCES
Each container reveals which user account is running it, as well as its CPU and RAM usage. This updates in real time to help you identify resource hogs.
5. CONTAINER ACTIONS
Click the tricolon to reveal a menu from which you can start, stop, restart, and pause the container. You can also rename it, commit a new image, perform a health check, and delete it.
6. POD DETAILS
You’ll see a summary of the pod’s current system resource usage—if the pod has set up port forwarding, click the blue link next to the memory usage to view a pop-up summary.