Users of the Docker engine might find that their container runtime isn’t featured prominently in Oracle Linux 8. In fact, unless you change the default confifguration a dnf search does not reveal the engine at all. For better or for worse, it appears the industry, or at least parts of it, are switching from Docker to Podman and its related ecosystem.
Whilst most Docker commands can be translated 1:1 to the Podman world, some differences exist. Instead of highlighting all the changes here please have a look at the Podman User Guide.
Update 250121: Update for Oracle Linux 9.5 and newer container images
Networking is slightly different in Podman compared to Docker. This is the topic of this post.
Overview
This article explains how to enable networking between 2 containers:
These containers are going to be run “rootless”, which has a few implications. By default Podman will allocate storage for containers in ~/.local/share/containers/ on Linux so please ensure you have sufficient space in your home directory.
Setup and Configuration for Oracle Linux 9
Before looking at the different ways to link containers, let’s begin with an overview of the installation.
Install Podman Engine
Referring to the manual you can use the following command to install Podman engine:
[opc@demohost ~]$ sudo dnf install container-tools -y
Last metadata expiration check: 0:50:37 ago on Mon 20 Jan 2025 09:26:15 PM CET.
Dependencies resolved.
========================================================================================================================
Package Architecture Version Repository Size
========================================================================================================================
Installing:
container-tools noarch 1-14.0.1.el9 ol9_appstream 7.3 k
Installing dependencies:
podman-docker noarch 4:5.2.2-11.0.2.el9_5 ol9_appstream 273 k
podman-remote aarch64 4:5.2.2-11.0.2.el9_5 ol9_appstream 9.5 M
python3-podman noarch 3:5.2.0-1.el9 ol9_appstream 280 k
python3-tomli noarch 2.0.1-5.el9 ol9_appstream 52 k
skopeo aarch64 2:1.16.1-2.el9_5 ol9_appstream 8.0 M
udica noarch 0.2.8-2.el9 ol9_appstream 98 k
Transaction Summary
========================================================================================================================
Install 7 Packages
...
Complete!
Your output is most likely similar, but not identical to the excerpt from my installation shown above. As you can see from the output, podman 5.2.2 has been installed. This is the version used throughout this post; output for older Podman releases might differ.
The above mentioned manual details the necessary steps for Oracle Linux 8 should you be using that version.
Virtual Network Configuration
Before containers can communicate with one another, they need to be told which network to use. The easiest way to do so is by creating a new, custom network. You can do that with the help of a compose file, or manually, as shown in this example:
[opc@demohost ~]$ podman network create oranet
oranet
[opc@demohost ~]$ podman network ls
NETWORK ID NAME DRIVER
487f1252d6b1 oranet bridge
2f259bab93aa podman bridge
As you can see a new network – oranet – has been created. DNS is enabled by default on my Oracle Linux 9 system. You can see for yourself:
[opc@demohost ~]$ podman network inspect oranet | \
jq '.[] | select (.name | contains("oranet")) | .dns_enabled '
Note that earlier Podman releases returned different data when calling podman network inspect. The jq filter might fail in that case.
If for some reason DNS isn’t enabled, please enable it as it makes your life a lot easier. It is also required for the next steps.
Storage Volumes
Containers are transient by nature, things you store in them are ephemeral by design. Since that’s not ideal for databases, a persistence layer should be used instead. The industry’s best known method to do so is by employing (Podman) volumes. Volumes are crated using the podman volume create command, for example:
[opc@demohost ~]$ podman volume create oradata
oradata
As it is the case with the Container images, by default alll the volume’s data will reside in ~/.local/share/containers.
Database Secrets
The final step while preparing for running a database in Podman is to create a secret. Secrets are a relatively new feature in Podman and relieve you from having to consider workarounds passing sensitive data to containers. The Oracle database containers to be used need to be initialised with a DBA password and it is prudent not to pass this in clear text on the command line.
For this example the necessary database password has been created as a secret and stored as oracle-password using podman secret create as shown here:
[opc@podman ~]$ echo -n "${someSecretInAVariable}" | podman secret create oracle-password -
0c5d6d9eff16c4d30d36c6133
[opc@demohost ~]$ podman secret ls
ID NAME DRIVER CREATED UPDATED
0c5d6d9eff16c4d30d36c6133 oracle-password file 2 minutes ago 2 minutes ago
This concludes the necessary preparations.
Let there be Containers
With all the setup completed the next step is to start an Oracle 23 Free instance and connect the SQLcl container to it.
Oracle Database Free
Using the instructions from Oracle’s Container registry you may start Oracle Database 23ai Free as follows:
[opc@demohost ~]$ podman run --detach --name some-oracle \
--publish 1521:1521 \
--volume oradata:/opt/oracle/oradata \
--net oranet \
--secret oracle-password,type=env,target=ORACLE_PWD \
container-registry.oracle.com/database/free:23.5.0.0
The necessary flags are as follows:
--nameassigns a name to the container so you can reference it later--secretpasses a named secret to the container and makes it available as ORACLE_PWD--detachtells the container to run in the background--netdefines the network the container should be attached to--volumemaps the newly created volume to a directory in the container- –publish makes the listener port available to the outside world
You can check whether the container is up an running by executing podman ps:
[opc@demohost ~]$ podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b54f1c656b4d container-registry.oracle.com/database/free:23.5.0.0 /bin/bash -c $ORA... 23 seconds ago Up 18 seconds ago (starting) 0.0.0.0:1521->1521/tcp some-oracle
Connecting the SQLcl container instance to the Database
Rather than building the SQLcl container as shown in a previous version of this post you can simply grab the latest and greatest version from Oracle’s container registry. This way you don’t need to worry about Java Versions, Java distributions and other SQLcl dependencies. Here is the command to start SQLcl and link it to the database:
[oracle@demohost]$ podman run --rm -it \
--name some-sqlcl \
--net oranet \
container-registry.oracle.com/database/sqlcl:latest
The above command starts SQLcl. Next, you connect to the database, like so:
SQL> connect system@some-oracle/freepdb1
Thanks to the DNS-enabled network oranet you can resolve some-oracle as the database container instance.
If you want to run scripts against the database you need to map a directory from your file system into the container. Assuming your DBA scripts are in ${HOME}/scripts, you mount the scripts into the container as follows:
[oracle@demohost]$ podman run --rm -it \
--name some-sqlcl \
--net oranet \
--volume ${HOME}/scripts:/opt/oracle/sql_scripts:Z \
container-registry.oracle.com/database/sqlcl:latest
SQLcl: Release 24.3 Production on Tue Jan 21 11:26:09 2025
Copyright (c) 1982, 2025, Oracle. All rights reserved.
SQL> connect system@some-oracle/freepdb1
Password? (**********?) ***********
Connected.
SQL> @whoami
USER
_________
SYSTEM
VERSION_FULL
_______________
23.5.0.24.07
It is of course possible to pass connection information to the container, for example:
[oracle@demohost]$ podman run --rm -it \
--name some-sqlcl \
--net oranet \
--volume ${HOME}/scripts:/opt/oracle/sql_scripts:Z \
container-registry.oracle.com/database/sqlcl:latest system@some-oracle/freepdb1 @whoami
This command launches SQLcl, and starts myscript.sql found in /home/opc/scripts/ once connected.
Summary
Podman aims to be very compatible with Docker, easing the transition. As you can see it’s pretty easy to link containers in Podman. If you don’t want to create resources like volumes, network, and secrets yourself, you can use compose files (as demonstrated in this post) instead. These are probably much easier to use.
Martins Blog 