Introduction Container Tools
Container Management Tools
- podman manages containers and container images.
- skopeo inspects, copies, deletes, and signs images.
- buildah creates container images.
Red Hat Official Container Repos:
- registry.redhat.io for containers that are based on official Red Hat products.
- registry.connect.redhat.com for containers that are based on third-party products.
The default configuration file for container registries is the /etc/containers/registries.conf file.
Red Hat recommends to use a non-privileged user to manage and run containers.
Getting Started with Container Tools
You need to login as an interactive user
$ ssh student@192.168.122.33
$ sudo dnf install container-tools
$ man 5 containers-registries.conf
...
Container engines will use the $HOME/.config/containers/registries.conf if it exists, otherwise they will use /etc/containers/registries.conf
...
$ podman info
...
registries:
search:
- registry.fedoraproject.org
- registry.access.redhat.com
- registry.centos.org
- quay.io
- docker.io
...
$ mkdir ~/.config/containers/
$ cp /etc/containers/registries.conf ~/.config/containers/registries.conf
$ vim ~/.config/containers/registries.conf
$ diff ~/.config/containers/registries.conf /etc/containers/registries.conf
22c22
< unqualified-search-registries = ["registry.access.redhat.com"]
---
> unqualified-search-registries = ["registry.fedoraproject.org", "registry.access.redhat.com", "registry.centos.org", "quay.io", "docker.io"]
$ podman search httpd
NAME DESCRIPTION
registry.access.redhat.com/ubi9/httpd-24 rhcc_registry.access.redhat.com_ubi9/httpd-24
registry.access.redhat.com/rhscl/httpd-24-rhel7 Apache HTTP 2.4 Server
registry.access.redhat.com/ubi8/httpd-24 Platform for running Apache httpd 2.4 or building httpd-based applicatio
$ skopeo inspect docker://registry.access.redhat.com/ubi8/httpd-24
$ podman pull registry.access.redhat.com/ubi8/python-38:latest
$ podman images
$ podman search ubi8
Building Custom Images
$ vim Dockerfile
FROM registry.access.redhat.com/ubi8/ubi
RUN dnf install -y python36 procps-ng
CMD ["/bin/bash", "-c", "sleep infinity"]
$ podman build --help
...
Examples:
podman build .
podman build --creds=username:password -t imageName -f Containerfile.simple .
...
$ podman build -t python36:0.1 -f Dockerfile .
$ podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
localhost/python36 0.1 99d353d9a60e About a minute ago 443 MB
registry.access.redhat.com/ubi8/ubi latest 2fd9e1478809 4 weeks ago 225 MB
$ podman inspect localhost/python36:0.1
...
"History": [
...
{
"created": "2022-07-20T13:07:44.802532647Z",
"created_by": "/bin/sh -c dnf install -y python36 procps-ng",
"comment": "FROM registry.access.redhat.com/ubi8/ubi:latest"
},
{
"created": "2022-07-20T13:07:50.558640619Z",
"created_by": "/bin/sh -c #(nop) CMD [\"/bin/bash\", \"-c\", \"sleep infinity\"]",
"empty_layer": true
}
],
...
$ podman run -d --name python36 localhost/python36:0.1
$ podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
914c01e88482 localhost/python36:0.1 /bin/bash -c slee... 2 minutes ago Up 2 minutes ago python36
$ podman logs python36
$ podman exec --help
Run a process in a running container
Description:
Execute the specified command inside a running container.
Usage:
podman exec [options] CONTAINER [COMMAND [ARG...]]
Examples:
podman exec -it ctrID ls
...
$ podman exec -it python36 ps -aux
Running MariaDB with Persistent Volume and Modified User Namespace
$ podman search mariadb
NAME DESCRIPTION
registry.access.redhat.com/rhscl/mariadb-101-rhel7 MariaDB server 10.1 for OpenShift and general usage
registry.access.redhat.com/rhscl/mariadb-100-rhel7 MariaDB 10.0 SQL database server
registry.access.redhat.com/openshift3/mariadb-apb Ansible Playbook Bundle application definition for
registry.access.redhat.com/rhscl/mariadb-102-rhel7 MariaDB is a multi-user, multi-threaded SQL database server. The container image provides a containerized packaging of the MariaDB mysqld daemon and client application. The mysqld server daemon accepts connections from clients and provides access to content from MariaDB databases on behalf of the clients.
registry.access.redhat.com/rhosp12/openstack-mariadb Red Hat OpenStack Container image for openstack-mariadb
$ skopeo inspect docker://registry.access.redhat.com/rhscl/mariadb-102-rhel7
...
"usage": "docker run -d -e MYSQL_USER=user -e MYSQL_PASSWORD=pass -e MYSQL_DATABASE=db -p 3306:3306 rhscl/mariadb-102-rhel7",
...
"HOME=/var/lib/mysql",
...
$ podman run -d --name mariadb-102-rhel7 \
-p 3306:3306 \
--env MYSQL_ROOT_PASSWORD=redhat123 \
--env MYSQL_DATABASE=mydb \
--env MYSQL_USER=myuser \
--env MYSQL_PASSWORD=redhat123 \
registry.access.redhat.com/rhscl/mariadb-102-rhel7
$ podman ps
$ podman logs mariadb-102-rhel7
$ sudo dnf provides mysql
...
mysql-8.0.28-1.el9.x86_64 : MySQL client programs and shared libraries
$ sudo dnf install -y mysql
$ mysql --host=127.0.0.1 --port=3306 --user=myuser --password=redhat123 --execute='show databases;' mydb
$ podman exec -it mariadb-102-rhel7 ps -aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
mysql 1 0.1 5.2 1544128 67856 ? Ssl 13:31 0:00 /opt/rh/rh-mariadb102/root/usr/libexec/mysqld --defaults-fil
mysql 237 0.0 0.2 51748 3320 pts/0 Rs+ 13:35 0:00 ps -aux
$ podman exec -it mariadb-102-rhel7 id mysql
uid=27(mysql) gid=27(mysql) groups=27(mysql),0(root)
$ podman unshare --help
Run a command in a modified user namespace
Description:
Runs a command in a modified user namespace.
Usage:
podman unshare [options] [COMMAND [ARG...]]
Examples:
podman unshare id
podman unshare cat /proc/self/uid_map,
podman unshare podman-script.sh
$ mkdir /home/student/mariadb-102-rhel7-data
$ podman unshare chown -R 27:27 /home/student/mariadb-102-rhel7-data
$ podman stop mariadb-102-rhel7
$ podman rm mariadb-102-rhel7
$ podman run -d --name mariadb-102-rhel7 \
-p 3306:3306 \
--env MYSQL_ROOT_PASSWORD=redhat123 \
--env MYSQL_DATABASE=mydb \
--env MYSQL_USER=myuser \
--env MYSQL_PASSWORD=redhat123 \
-v /home/student/mariadb-102-rhel7-data:/var/lib/mysql:Z \
registry.access.redhat.com/rhscl/mariadb-102-rhel7
$ podman logs mariadb-102-rhel7
$ mysql --host=127.0.0.1 --port=3306 --user=myuser --password=redhat123 --execute='show databases;' mydb
Running Apache with Persistent Volume and as User Systemd Service
$ podman search httpd
NAME DESCRIPTION
registry.access.redhat.com/rhscl/httpd-24-rhel7 Apache HTTP 2.4 Server
registry.access.redhat.com/ubi9/httpd-24 rhcc_registry.access.redhat.com_ubi9/httpd-24
registry.access.redhat.com/ubi8/httpd-24 Platform for running Apache httpd 2.4 or building httpd-
...
$ mkdir /home/student/httpd-24-data
$ echo "HELLO WORLD" > /home/student/httpd-24-data/index.html
$ podman run -d --name httpd-24 \
-p 8080:8080 \
-v /home/student/httpd-24-data:/var/www/html:Z \
registry.access.redhat.com/ubi8/httpd-24
$ podman ps
$ podman logs httpd-24
$ curl http://127.0.0.1:8080/
HELLO WORLD
$ man podman-generate-systemd
...
$ sudo podman generate systemd --new --files --name bb310a0780ae
...
To run the user services placed in $HOME/.config/systemd/user on first login of that user, enable the service with
--user flag.
$ systemctl --user enable <.service>
The systemd user instance is killed after the last session for the user is closed. The systemd user instance can be
kept running ever after the user logs out by enabling lingering using
$ loginctl enable-linger <username>
...
$ podman generate systemd --new --files --name httpd-24
$ mkdir -p /home/student/.config/systemd/user
$ mv /home/student/container-httpd-24.service /home/student/.config/systemd/user
$ podman stop httpd-24
$ podman rm httpd-24
$ systemctl --user daemon-reload
$ systemctl --user enable --now container-httpd-24.service
$ systemctl --user status container-httpd-24.service
$ podman ps
$ podman logs httpd-24
$ curl http://127.0.0.1:8080/
$ sudo loginctl enable-linger student
$ sudo loginctl show-user student
...
Linger=yes
No comments:
Post a Comment