Skip to main content

Podman remote clients for macOS and Windows

Podman manages your containers on a Linux host. Manage your containers from macOS or Windows by using the Podman remote client.
Image
Two green peas and a peapod

Image by Ruslana Babenko from Pixabay

The core Podman runtime environment only runs on Linux operating systems. Other operating systems can use remote client software to manage containers on a Linux backend. The remote client is nearly identical to the standard Podman program. Certain functions that do not make sense for remote clients have been removed. For example, the --latest switch for container commands is not present.

Brief architecture

The remote client uses a client-server model. You need Podman installed on a Linux machine or VM that also has the SSH daemon running. On the local operating system, when you execute a Podman command, Podman connects to the server via SSH. It then connects to the Podman service by using systemd socket activation. The Podman commands are executed on the server. From the client's point of view, it seems like Podman runs locally.

Image
Podman SSH tunnel between client and server

Podman is capable of exposing its service directly to TCP sockets, but using the SSH tunnel is recommended for security reasons.

Obtaining and installing Podman

Windows

Begin the Windows Podman client installation by downloading the Podman Windows installer. The Windows installer is built with each Podman release and is downloadable from the release description page. You can also build the installer from source using the podman.msi makefile endpoint.

Image
Podman client installation on Windows

Once you have downloaded the installer, simply double-click it, and Podman client is installed. The installer puts podman in the default user path.

Podman must be run at a command prompt using the Windows cmd.exe or PowerShell applications.

macOS

The Mac client is available through Homebrew. You can download Homebrew via the instructions on their site. Install Podman using this command:

$ brew install podman

Create the first connection

Enable the Podman service on the server

Before performing any Podman client commands, you must enable the podman.sock systemd service on the Linux server. In these examples, we run Podman as a normal, unprivileged user (also known as a rootless user). By default, the rootless socket listens at /run/user/${UID}/podman/podman.sock. You enable this socket permanently using the following command:

$ systemctl --user enable podman.socket

You need to enable linger for this user for the socket to work when the user is not logged in.

$ sudo loginctl enable-linger $USER

Verify that the socket is listening with the following simple Podman command:

$ podman --remote info
host:
  arch: amd64
  buildahVersion: 1.16.0-dev
  cgroupVersion: v2
  conmon:
    package: conmon-2.0.19-1.fc32.x86_64

Enable sshd

For the client to communicate with the server, you need to enable and start the SSH daemon on your Linux machine. If it is not currently enabled, use the following command:

$ sudo systemctl enable -s sshd

Set up SSH

Remote Podman uses SSH to communicate between the client and the server. The remote client works considerably smoother with SSH keys. To set up your SSH connection, you need to generate an SSH key pair by using the ssh-keygen command:

$ ssh-keygen

By default, the public key is in your home directory under .ssh\id_rsa.pub. You need to copy the contents of id_rsa.pub and append it to ~/.ssh/authorized_keys on the Linux server. On a Mac, you can automate this using ssh-copy-id.

If you do not use SSH keys, you are prompted with each Podman command for your login password.

Use the client

The first step in using the Podman remote client is to configure a connection.

You can add a connection by using the podman system connection add command, as seen here:

C:\Users\baude> podman system connection add baude --identity c:\Users\baude\.ssh\id_rsa ssh://192.168.122.1/run/user/1000/podman/podman.sock

This command adds a remote connection to Podman. If this is the first connection, it marks it as the default. You can display your connections with the podman system connection list command, like this:

C:\Users\baude> podman system connection list
Name    Identity     URI
baude*    id_rsa           ssh://baude@192.168.122.1/run/user/1000/podman/podman.sock

Now you can test the connection with podman info.

C:\Users\baude> podman info
host:
  arch: amd64
  buildahVersion: 1.16.0-dev
  cgroupVersion: v2
  conmon:
    package: conmon-2.0.19-1.fc32.x86_64

Podman has also introduced a --connection flag to select other connections you have defined. If no connection is provided, the default connection is used.

The --help flag shows all the commands for manipulating the connections list. Here is the full command:

C:\Users\baude> podman system connection --help

Wrap up

You can use the Podman remote clients on macOS and Windows to manage your containers running on a Linux server. The communication between client and server relies heavily on SSH connections, and the use of SSH keys is encouraged. Once you have Podman installed on your remote client, you should set up a connection using podman system connection add which is then used by subsequent Podman commands.

[ Getting started with containers? Check out this free course. Deploying containerized applications: A technical overview. ]

What to read next

Topics:   Containers   Podman  
Author’s photo

Brent Baude

Brent is a Principle Software Engineer at Red Hat and leads the Container Runtimes team which includes things like Podman and Buildah. He is a maintainer of Podman upstream and a major contributor as well. More about me

Author’s photo

Ashley Cui

Ashley Cui is a software engineer at Red Hat, working on Podman, Buildah, and other container tools. More about me

On Demand: Red Hat Summit 2021 Virtual Experience

Relive our April event with demos, keynotes, and technical sessions from
experts, all available on demand.

Related Content

OUR BEST CONTENT, DELIVERED TO YOUR INBOX