TIPS & TRICKS
To search the contents of the man pages
# man -k searchterm |
Container tasks examples
To keep in mind:
Example for the generate, folder and linger:
# man podman-generate-systemd |
Build a container 1
| Use the URL http://classroom.example.com/Containerfile to build the container image with the name “web”
| Build it in ~/mycontainer as harry user.
| Do not modify the container file.
Connect to Harry user and create the /mycontainer directory:
$ mkdir ~/mycontainer |
Download the Containerfile in the directory just created:
$ cd ~/mycontainer |
$ cat Containerfile |
Build the container DON’T FORGET THE “.” at the end of the command if you are already in the directory:
$ podman build -t web . |
Note: use the -f flag to specify a directory other than the current directory:
$ podman build -t NAME:TAG -f /Path/To/directory // Directory, NOT a file ! |
Check
$ podman images |
Build a container 2
| Create a container using an image created in localhost-repot/
| - Create a container with the user named harry, the container name should be “containerweb”
| - Map ~/web directory to /usr/local/apache2/htdocs in the container
| - Map port 8080 to port 80 in the container
| - When you curl localhost:8080 it should read “This is my web page!”
| - Container should run as a systemd service, so configure it as a service named “container-web.service”
| - Container should run at boot time
As harry user, create a directory and a file taht contain some text:
$ mkdir web/ |
Here, we need to create a container as a systemd service, so we create it (and systemd will run it):
$ podman create --name containerweb -p 8080:80 -v /home/harry/web:/usr/local/apache2/htdocs:Z registry.io/web |
Create the systemd files (IMPORTANT):
$ podman generate systemd --name containerweb [--new] --files |
File created, move them in a new directory:
$ mkdir -p /home/harry/.config/systemd/user |
OR directly:
$ podman generate systemd --name containerweb [--new] --files > ~/.config/systemd/user/containerweb.service |
You need to put your service persitent even if harry is deconected:
$ loginctl show-user harry |
Then with the –user parameter, reload, enable, start, abd see status of your new service:
$ systemctl --user daemon-reload |
Maybe you need to configure firewalld:
# firewall-cmd --add-port=8080/tcp --permanent |
$ curl localhost:8080 |
# reboot |
Build a container 3
| As the harry user, create a detached apache HTTP web server container with the name mysite and with the tag that has the lowest version(1-112) from rhel8/httpd-24 image.
| Use the registry.redhat.io registry.
| Create and mount the ~/storage/html/ directory as a persistent storage to the container as /var/www/.
| Create a sample index.html with contents as: <h1>My Container Apache HTTP Web Server</h1>
| Port 8080 on the container should be mapped to port 8080 on the host.
| Declare the environment variables, HTTPD_USER and HTTPD_PASSWORD and use admin as their values.
| Configure the container as a service using systemd and make the web server/container persistent across reboot.
| It should accessbile from node2 as http://172.24.9.10:8080/
First:
# yum module install container-tools |
Connect as harry:
$ podman login registry.redhat.io |
Search for the image:
$ skopeo inspect docker://registry.redhat.io/rhel8/httpd-24 |
OR
$ podman search rhel8/httpd-24 --registry=registry.redhat.io |
And pull it:
$ podman pull registry.redhat.io/rhel8/httpd-24:1-112 |
Create the file with the specified content:
$ echo "<h1>My Container Apache HTTP Web Server</h1>" > ~/storage/html/index.html |
Then run the container with the parameter (-e):
$ podman run -d --name mysite -p 8080:80 -v /home/harry/storage:/var/www:Z -e HTTPD_USER=admin -e HTTPD_PASSWORD=admin registry.redhat.io/rhel8/httpd-24:1-112 |
$ podman ps |
Create the systemd files (IMPORTANT):
$ podman generate systemd --name mysite [--new] --files |
File created, move them in a new directory:
$ mkdir -p /home/harry/.config/systemd/user |
OR directly:
$ podman generate systemd --name container-mysite [--new] --files > ~/.config/systemd/user/container-mysite.service |
You need to put your service persitent even if harry is deconected:
$ loginctl show-user harry |
Then with the –user parameter, reload, enable, start, abd see status of your new service:
$ systemctl --user daemon-reload |
Maybe you need to configure firewalld:
# firewall-cmd --add-port=8080/tcp --permanent |
Now reboot system and verify
# reboot |
From other host:
# curl http:172.24.9.10:8080 |
Build a container 4
| Question: Run a root container for MariaDB, following conditions should be met:
| - Container name should be mariadb
| - Container must be accessible at port 3206
| - root password is set to password
| - DB USER should be: muser and password: mpassword
| - Database name should be mydb
| - The directory /opt/mariadb on host should be mapped to /var/lib/mariadb in the container
| - It should be configured such that it automatically starts when the system is rebooted.
# yum module install container-tools |
Check image is downloaded:
# podman images |
Run the container with the specified parameters:
# podman run -d --name mariadb -e MYSQL_USER=muser -e MYSQL_PASSWORD=mpassword -e MYSQL_DATABASE=mydb -e MYSQL_ROOT_PASSWORD=password -p 3306:3306 -v /opt/mariadb:/var/lib/mariadb:Z rhel8/mariadb-103 |
Verify it is running:
# podman ps |
Enable linger (FOR ROOT ?!? Sure ???):#########################
# loginctl show-user root |
Verify:
# loginctl show-user root |
Reboot to verify
# reboot |
Build a container 5
| Run a non root NGINX container with name nginx
| - map host port 8081 to 8080 of container
| - Create a sample index.html under /home/harry/html having content as: <h1>My RHEL NGINX Container</h1>
| - map /home/harry/html to /opt/app-root/src of container
| - Make sure it is running even after system reboot
$ yum module install container-tools |
Verify: image is downloaded
$ podman images |
Inspect image for usage (????????????????????? LOOK MORE)
$ podman inspect registry.access.redhat.com/ubi8/nginx-120 |
$ mkdir ~/html |
Reboot to verify
$ reboot |
on node2
$ curl 172.24.9.10:8080 |
Build a container 6
| Download root less container image rsyslog for user adam.
| - Mount volume: /home/harry/log to /var/log in container.
| - Also make use that container comes up automatically when system is rebooted.
# yum module install container-tools |
Verify: that image is downloaded
$ podman images |
Inspect to see its usage
$ podman inspect registry.redhat.io/rhel8/rsyslog |
make directory
$ mkdir -p /home/harry/log |
run conatiner
$ podman run -d --privileged --name rsyslog --net=host --pid=host -v /home/harry/log:/var/log:Z --restart=always registry.redhat.io/rhel8/rsyslog:latest /bin/rsyslog.sh |
Verify: it is running
$ podman ps |
Check the linger state
$ loginctl show-user harry |
Enable linger for user
$ loginctl enable-linger harry |
Verify: Linger=yes for harry
$ loginctl show-user harry |
Create user systemd directory
$ mkdir -p .config/systemd/user |
Generate service file
$ podman generate systemd --name rsyslog --files |
enable user container service
$ systemctl --user enable container-rsyslog.service |
Reload daemon
$ systemctl --user daemon-reload |
Reboot to verify that container is still up after rebooting
# reboot |
If it is not started then check Restart under [Service] if it is set to on-failure
$ systemctl --user cat container-rsyslog.service |
Overwrite Restart to always and RestartSec to 1 in nano editor
$ systemctl --user edit container-rsyslog.service |
reload daemon
$ systemctl --user daemon-reload |
reboot to verify that container is indeed up after rebooting
# reboot |
Build a container 7
| Create a container with the name, “logserver” from rhel8/rsyslog image from registry.lab.example.com registry.
| - Configure the container with systemd services as the harry user using the service name “container-logserver” so that it can be persistent across reboot.
| - Configure your host journal to store all journal across reboot copy all journal form /var/log/journal and all subdirectories to /home/harry/container-logserver.
| - Create and mount /home/harry/container-logserver as a persistent storage to the container as /var/log/journal when container start
| - Use “administrator” as the username and “admin123” as the credentials for the image registry.
| - Use harry as harry’s password. No root password is needed because wallah is a sudo user.
Check if needed module is installed
# yum module list --installed | grep container |
Make directory and copy files
$ mkdir -p /home/harry/container-logserver |
Check if systemd-journald is running properly
$ su - |
copy files
$ cd /home/harry/container-logserver |
Change ownership
$ chown -R harry:harry /home/harry/container-logserver |
Download image
$ podman login registry.redhat.io |
run container
$ podman run -d --name logserver -v /home/harry/container-logserver:/var/log/journal:Z registry.redhat.io/rhel8/rsyslog |
Verify: it is running
$ podman ps |
Check the linger state
$ loginctl show-user harry |
Enable linger for user
$ loginctl enable-linger harry |
Verify: Linger=yes for harry
$ loginctl show-user harry |
Create user systemd directory
$ mkdir -p .config/systemd/user |
Generate service file
$ podman generate systemd --name logserver --files |
enable user container service
$ systemctl --user enable container-logserver.service |
reload daemon
$ systemctl --user daemon-reload |
reboot to verify that container is still up after rebooting
# reboot |
Build a container 8
| Login to the registry.
| Download image of a web server.
| Run the web server in a container as a user-service on port 8080, sharing files from /home/user/webfiles.
| Ensure the web server is available across reboots.
Switch to the account of user that will be running the container.
It is assumed that user named user exists on the system
# su - user |
Authenticate if you have a private registry with images to work with.
To let anyone do the exercise public repository is used through the rest of steps
$ podman login |
Create the container (-d for daemon-background, -v for ???)
$ podman create -d -v /home/user/webfiles:/usr/local/apache2/htdocs -p 8080:80 --name user_httpd docker.io/library/httpd |
Generate service configuration
$ sudo podman generate systemd user_httpd > ~/.config/systemd/user/user_httpd.service |
Enable and start the service. You need to be logged in as the user, switching to it is not enough
$ systemctl --user enable --now user_httpd.service |
Enable linger, otherwise start of the container would happen when the user logs in
$ loginctl enable-linger |
Add SELinux permissions to the catalog
# semanage fcontext -at container_file_t "/home/user/webfiles(/.*)?" |
Alternatively, while creating the container you could configure volume and let podman take care of setting the context up for you.
Syntax looks as follows:
$ podman run -v <src>:<dst>:z <image> |
Add port to the firewall
# firewall-cmd --add-port=8080/tcp --permanent |
Build a container 9
| Download the Apache web server container image (httpd 2.4) and inspect the container image.
| Check the exposed ports in the container image configuration
# podman login registry.redhat.io |
UBI images “stands for universal base image” and it is used as the foundation for all of the redhat product : registry.redhat.io/ubi8/httpd-24
vim - : this is vim func that reads the STDIN
The puprose of skopeo: you can inspect the image without the need of pulling the image from the registry
Build a container 10
| Run the httpd container in the background.
| Assign the name myweb to the container, verify that the container is running, stop the container and verify that it has stopped, and delete the container and the container image
# podman run -d --name myweb httpd-24 |
Build a container 11
| Pull the Apache web server container image (httpd 2.4) and run the container with the name webserver.
| Configure webserver to display content “Welcome to container-based web server”.
| Use port 3333 on the host machine to receive http requests.
| Start a bash shell in the container to verify the configuration
There are different methods to configure the web server
- using the bind-mount : mount a dir (~/hostfiles/) that host the files to /var/www/html
- create a containerfile to build a container image
- create a new image based on the changed container
# podman pull registry.redhat.io/rhel8/httpd-24 |
using the containerfile —
# echo "Welcome to container-based web server " > index.html |
Build a container 12
| Configure the system to start the webserver container at boot as a systemd service.
| Start/enable the systemd service to make sure the container will start at boot, and reboot the system to verify if the container is running as expected
With root priv :
# podman generate systemd webserver > httpd-server.service |
With rootless container :
# mkdir -p ~/.config/systemd/user && cd $_ |
if you face this error: Failed to connect to bus check this link
Build a container 13
| Create a container logserver from an image rsyslog in server1 from registry.redhat.io
| - Configure the container with systemd services by an existing user user10.
| - Service name should be container-logserver, and configure it to start automatically across reboot.
| - Configure your host journal to store all journal across reboot
| — copy all *.journal from /var/log/journal and all subdirectories to /home/user10/container_logserver
| - Configure automount /var/log/journal from logserver (container) to /home/user10/container_logserver when container starts.
# podman search registry.redhat.io/rsyslog |
root priv —
# vim /etc/systemd/journal.conf |
Documentations
Internet
Git
ChatGPT