CentOS 7 버전에서 Podman을 설치시 낮은 버전의 1.6.x이 설치 된다.
해당 버전에서는 Container에 sysctl을 사용할 수 없으므로, v4.x 버전으로 업그레이드를 진행 한다.

결과적으로는 이짓을 할 바에는 상위 버전으로 업그레이드를 고려하는 것이 정신 건강상 좋다.

1. Podman 버전 확인
$ podman version
Version: 1.6.4
RemoteAPI Version: 1
Go Version: go1.12.12
OS/Arch: linux/amd64

2. Podman 삭제
기존의 RPM으로 설치 된 Podman을 삭제 한다.
$ yum remove -y podman

3. EPEL 저장소 추가
Development tools을 설치를 위한 EPEL(Extra Packages for Enterprise Linux) 저장소를 추가한다.
$ yum install -y epel-release
or
$ yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm

4. 필요 패키지 설치
$ yum install -y "@Development Tools"
$ yum install -y curl gcc make device-mapper-devel git btrfs-progs-devel \
conmon containernetworking-plugins containers-common glib2-devel glibc-devel \
glibc-static golang-github-cpuguy83-md2man iptables libselinux-devel pkgconfig \
systemd-devel autoconf python3 python3-devel python3-pip yajl-devel libcap-devel

5. GoLang 구성
$ cd /usr/local/src
$ curl -LO "https://go.dev/dl/go1.20.3.linux-amd64.tar.gz"
$ tar xzvf go1.20.3.linux-amd64.tar.gz -C /usr/local/
$ mkdir /usr/local/gopath

5.1. Profile 변수 설정
$ vi /etc/profile
# GoLang
export GO_HOME=/usr/local/go
export GOPATH=/usr/local/gopath
export PATH=$PATH:$GO_HOME/bin
$ source /etc/profile

6. conmon & runc 설치
6.1. conmon 설치
$ git clone https://github.com/containers/conmon.git /usr/local/src/conmon
$ cd /usr/local/src/conmon
$ export GOCACHE="$(mktemp -d)"
$ make -j $(nproc)
$ make install

6.2. conmon 설치
$ git clone https://github.com/opencontainers/runc.git $GOPATH/src/github.com/opencontainers/runc
$ cd $GOPATH/src/github.com/opencontainers/runc
$ make -j $(nproc) BUILDTAGS="selinux seccomp"
$ cp runc /usr/bin/runc

7. 라이브러리 컴파일
Podman을 컴파일하기 위해서는 아래 나열 된 라이브러리가 필요하다.
Libgpg-error, Libassuan, nPth, Libgcrypt, Libksba, ntbTLS, GnuPG, GPGME
https://gnupg.org/download/index.html

다만, CentOS에서는 해당 라이브러리 패키지를 지원하지만, 버전이 낮아 최신 버전의 Podman을 컴파일 할 수 없다.
따라서, 라이브러리를 소스 컴파일하여 별도 지정한다.

7.1. Libgpg-error 설치
$ cd /usr/local/src
$ curl -LO "https://gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.47.tar.bz2"
$ tar xjvf libgpg-error-1.47.tar.bz2
$ cd libgpg-error-1.47
$ ./configure --prefix=/usr/local/libgpg-error
$ make -j $(nproc)
$ make install

7.2. Libassuan 설치
configure의 gpg-error-config를 gpgrt-config로 변경해야 함.
$ cd /usr/local/src
$ curl -LO "https://gnupg.org/ftp/gcrypt/libassuan/libassuan-2.5.5.tar.bz2"
$ tar xjvf libassuan-2.5.5.tar.bz2
$ cd libassuan-2.5.5
$ sed -i 's/gpg-error-config/gpgrt-config/g' configure
$ ./configure --prefix=/usr/local/libassuan \
--with-libgpg-error-prefix=/usr/local/libgpg-error
$ make -j $(nproc)
$ make install

7.3. nPth 설치
$ cd /usr/local/src
$ curl -LO "https://gnupg.org/ftp/gcrypt/npth/npth-1.6.tar.bz2"
$ tar xjvf npth-1.6.tar.bz2
$ cd npth-1.6
$ ./configure --prefix=/usr/local/npth
$ make -j $(nproc)
$ make install

7.4. Libgcrypt 설치
$ cd /usr/local/src
$ curl -LO "https://gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.10.2.tar.bz2"
$ tar xjvf libgcrypt-1.10.2.tar.bz2
$ cd libgcrypt-1.10.2
$ ./configure --prefix=/usr/local/libgcrypt \
--with-libgpg-error-prefix=/usr/local/libgpg-error
$ make -j $(nproc)
$ make install

7.5. Libksba 설치
$ cd /usr/local/src
$ curl -LO "https://gnupg.org/ftp/gcrypt/libksba/libksba-1.6.3.tar.bz2"
$ tar xjvf libksba-1.6.3.tar.bz2
$ cd libksba-1.6.3
$ ./configure --prefix=/usr/local/libksba \
--with-libgpg-error-prefix=/usr/local/libgpg-error
$ make -j $(nproc)
$ make install

7.6. ntbTLS 설치
configure의 –with-libksba-prefix를 –with-ksba-prefix로 변경해야 함.
$ cd /usr/local/src
$ curl -LO "https://gnupg.org/ftp/gcrypt/ntbtls/ntbtls-0.3.1.tar.bz2"
$ tar xjvf ntbtls-0.3.1.tar.bz2
$ cd ntbtls-0.3.1
$ ./configure --prefix=/usr/local/ntbtls \
--with-ksba-prefix=/usr/local/libksba \
--with-libgcrypt-prefix=/usr/local/libgcrypt \
--with-libgpg-error-prefix=/usr/local/libgpg-error
$ make -j $(nproc)
$ make install

7.7. GnuPG 설치
configure의 –with-libksba-prefix를 –with-ksba-prefix로 변경해야 함.
$ cd /usr/local/src
$ curl -LO "https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.4.0.tar.bz2"
$ tar xjvf gnupg-2.4.0.tar.bz2
$ cd gnupg-2.4.0
$ ./configure --prefix=/usr/local/gnupg \
--without-libintl-prefix \
--without-libiconv-prefix \
--with-npth-prefix=/usr/local/npth \
--with-ntbtls-prefix=/usr/local/ntbtls \
--with-ksba-prefix=/usr/local/libksba \
--with-libgcrypt-prefix=/usr/local/libgcrypt \
--with-libassuan-prefix=/usr/local/libassuan \
--with-libgpg-error-prefix=/usr/local/libgpg-error
$ make -j $(nproc)
$ make install

7.8. GPGME 설치
$ cd /usr/local/src
$ curl -LO "https://gnupg.org/ftp/gcrypt/gpgme/gpgme-1.20.0.tar.bz2"
$ tar xjvf gpgme-1.20.0.tar.bz2
$ cd gpgme-1.20.0
$ ./configure --prefix=/usr/local/gpgme \
--with-libassuan-prefix=/usr/local/libassuan \
--with-libgpg-error-prefix=/usr/local/libgpg-error
$ make -j $(nproc)
$ make install

7.9. PKGCONFIG 설정
$ mkdir /usr/local/pkgconfig
$ cd /usr/local/pkgconfig
$ ln -s /usr/local/gpgme/lib/pkgconfig/* ./
$ ln -s /usr/local/ntbtls/lib/pkgconfig/* ./
$ ln -s /usr/local/libksba/lib/pkgconfig/* ./
$ ln -s /usr/local/libgcrypt/lib/pkgconfig/* ./
$ ln -s /usr/local/libassuan/lib/pkgconfig/* ./
$ ln -s /usr/local/libgpg-error/lib/pkgconfig/* ./

7.10. Profile 변수 설정
$ vi /etc/profile
# PKGCONFIG
export PKG_CONFIG_PATH=/usr/local/pkgconfig

# Libgpg-error
export LIBGPG_ERROR_HOME=/usr/local/libgpg-error
export PATH=$PATH:$LIBGPG_ERROR_HOME/bin

# Libassuan
export LIBASSUAN_HOME=/usr/local/libassuan
export PATH=$PATH:$LIBASSUAN_HOME/bin

# nPth
export NPTH_HOME=/usr/local/npth
export PATH=$PATH:$NPTH_HOME/bin

# Libgcrypt
export LIBGCRYPT_HOME=/usr/local/libgcrypt
export PATH=$PATH:$LIBGCRYPT_HOME/bin

# Libksba
export LIBKSBA_HOME=/usr/local/libksba
export PATH=$PATH:$LIBKSBA_HOME/bin

# ntbTLS
export NTBTLS_HOME=/usr/local/ntbtls
export PATH=$PATH:$NTBTLS_HOME/bin

# GnuPG
export GNUPG_HOME=/usr/local/gnupg
export PATH=$PATH:$GNUPG_HOME/bin

# GPGME
export GPGME_HOME=/usr/local/gpgme
export PATH=$PATH:$GPGME_HOME/bin

$ source /etc/profile

8. Podman 설치
$ cd /usr/local/src
$ PODMAN_VER_TAG="v4.5.0"
$ wget https://github.com/containers/podman/archive/refs/tags/${PODMAN_VER_TAG}.tar.gz
$ tar xzvf ${PODMAN_VER_TAG}.tar.gz
$ cd ${PODMAN_VER_TAG}
$ make -j $(nproc) BUILDTAGS="selinux seccomp"
$ make install PREFIX=/usr

9. Podman 설정
9.1. 설정 파일 디렉토리 생성
$ mkdir -p /etc/containers

9.2. 커널 버전 체크 비활성화
$ sed -ie 's/override_kernel_check/#override_kernel_check/g' /etc/containers/storage.conf

9.3. CNI(Container Network Interface) 구성
$ curl -L -o /etc/containers/registries.conf \
https://src.fedoraproject.org/rpms/containers-common/raw/main/f/registries.conf
$ curl -L -o /etc/containers/policy.json \
https://src.fedoraproject.org/rpms/containers-common/raw/main/f/default-policy.json

10. Podman 테스트
10.1. 버전 확인
$ podman version
Client: Podman Engine
Version: 4.5.0
API Version: 4.5.0
Go Version: go1.20.3
Built: Sun Apr 23 15:18:21 2023
OS/Arch: linux/amd64

10.2. 컨테이너 이미지 다운로드
$ podman pull docker.io/nginx:stable
Trying to pull docker.io/library/nginx:stable…
Getting image source signatures
Copying blob 7e385399569d done
Copying blob 8459642afffc done
Copying blob 38454a0c2b53 done
Copying blob 70163c4a088e done
Copying blob 283e8681fce8 done
Copying blob 26c5c85e47da done
Copying config 2a06ffcd98 done
Writing manifest to image destination
Storing signatures
2a06ffcd98fb669a2b4bd4dd764a41c630ba23d5ade111fbf79688f46147cfec

10.3. 컨테이너 이미지 실행
$ podman run -d --name 'nginx-test' -h 'nginx-test' -p 8081:80 docker.io/nginx:stable
b0dad7f9d5c84379146e1f11cf8397c2d9a7f8b59f5f477d1558101d4b8f1750

10.4. 컨테이너 접속 확인
$ curl -I http://localhost:8081/
HTTP/1.1 200 OK
Server: nginx/1.24.0
Date: Sun, 23 Apr 2023 16:10:55 GMT
Content-Type: text/html
Content-Length: 615
Last-Modified: Tue, 11 Apr 2023 01:45:34 GMT
Connection: keep-alive
ETag: "6434bbbe-267"
Accept-Ranges: bytes

11. RefURL
https://computingforgeeks.com/install-podman-4-centos-7-rhel-7/