[ URL      ] : https://notes.fr/2024/11/17/Snippet-Linux-Redhat-Manage-Container/
[ CATEGORY ] : /Snippet/Linux
[ TAGS     ] : , ,
[ AUTHOR   ] : undefined

Manage Container

TIPS & TRICKS

To search the contents of the man pages

# man -k searchterm 
# man -K searchterm

Container tasks examples

To keep in mind:
Example for the generate, folder and linger:

# man podman-generate-systemd

Build a container 1

| Use the URL http://classroom.example.com/Containerfile to build the container image with the name “web”
| Build it in ~/mycontainer as harry user.
| Do not modify the container file.

Connect to Harry user and create the /mycontainer directory:

$ mkdir ~/mycontainer

Download the Containerfile in the directory just created:

$ cd ~/mycontainer
$ wget http://classroom.example.com/Containerfile
$ cat Containerfile
FROM docker.io/library/httpd
LABEL maintainer="Linux2Cloud"

Build the container DON’T FORGET THE “.” at the end of the command if you are already in the directory:

$ podman build -t web .

Note: use the -f flag to specify a directory other than the current directory:

$ podman build -t NAME:TAG -f /Path/To/directory			// Directory, NOT a file !

Check

$ podman images

Build a container 2

| Create a container using an image created in localhost-repot/
| - Create a container with the user named harry, the container name should be “containerweb”
| - Container should run as a systemd service, so configure it as a service named “container-web.service”
| - Container should run at boot time
| - Map ~/web directory to /usr/local/apache2/htdocs in the container
| - Map port 8080 to port 80 in the container
| - When you curl localhost:8080 it should read “This is my web page!”

As harry user, create a directory and a file taht contain some text:

$ mkdir web/
$ vi web/index.html
This is my web page!

Here, we need to create a container as a systemd service, so we create it (and systemd will run it):

$ podman create --name containerweb -p 8080:80 -v /home/harry/web:/usr/local/apache2/htdocs:Z registry.io/web
$ podman ps -a

Create the systemd files (IMPORTANT):

$ podman generate systemd --name containerweb [--new] --files

File created, move them in a new directory:

$ mkdir -p /home/harry/.config/systemd/user
$ mv containerweb.service ~/.config/systemd/user/

OR directly:

$ podman generate systemd --name containerweb [--new] --files > ~/.config/systemd/user/containerweb.service

You need to put your service persitent even if harry is deconected:

$ loginctl show-user harry
$ loginctl enable-linger harry

Then with the –user parameter, reload, enable, start, abd see status of your new service:

$ systemctl --user daemon-reload
$ systemctl --user enable containerweb.service [--now]
$ systemctl --user start containerweb.service
$ systemctl --user status containerweb.service

Maybe you need to configure firewalld:

# firewall-cmd --add-port=8080/tcp --permanent
# firewall-cmd --reload
# firewall-cmd --list-ports
$ curl localhost:8080
This is my web page!
# reboot
# curl localhost:8080     // to check if the containerweb.service is running

Build a container 3

| As the harry user, create a detached apache HTTP web server container with the name mysite and with the tag that has the lowest version(1-112) from rhel8/httpd-24 image.
| Use the registry.redhat.io registry.
| Create and mount the ~/storage/html/ directory as a persistent storage to the container as /var/www/.
| Create a sample index.html with contents as: <h1>My Container Apache HTTP Web Server</h1>
| Port 8080 on the container should be mapped to port 8080 on the host.
| Declare the environment variables, HTTPD_USER and HTTPD_PASSWORD and use admin as their values.
| Configure the container as a service using systemd and make the web server/container persistent across reboot.
| It should accessbile from node2 as http://172.24.9.10:8080/

First: 

# yum module install container-tools

Connect as harry:

$ podman login registry.redhat.io

Search for the image:

$ skopeo inspect docker://registry.redhat.io/rhel8/httpd-24

OR

$ podman search rhel8/httpd-24 --registry=registry.redhat.io

And pull it:

$ podman pull registry.redhat.io/rhel8/httpd-24:1-112
$ podman images

Create the file with the specified content:

$ echo "<h1>My Container Apache HTTP Web Server</h1>" > ~/storage/html/index.html

Then run the container with the parameter (-e):

$ podman run -d --name mysite -p 8080:8080 -v /home/harry/storage:/var/www:Z -e HTTPD_USER=admin -e HTTPD_PASSWORD=admin registry.redhat.io/rhel8/httpd-24:1-112
$ podman ps

Create the systemd files (IMPORTANT):

$ podman generate systemd --name mysite [--new] --files

File created, move them in a new directory:

$ mkdir -p /home/harry/.config/systemd/user
$ mv container-mysite.service ~/.config/systemd/user/

OR directly:

$ podman generate systemd --name container-mysite [--new] --files > ~/.config/systemd/user/container-mysite.service

You need to put your service persitent even if harry is deconected:

$ loginctl show-user harry
$ loginctl enable-linger harry

Then with the –user parameter, reload, enable, start, abd see status of your new service:

$ systemctl --user daemon-reload
$ systemctl --user enable container-mysite.service [--now]
$ systemctl --user start container-mysite.service
$ systemctl --user status container-mysite.service

Maybe you need to configure firewalld:

# firewall-cmd --add-port=8080/tcp --permanent
# firewall-cmd --reload
# firewall-cmd --list-ports

Now reboot system and verify

# reboot
# podman ps

From other host:

# curl http:172.24.9.10:8080

Build a container 4

| Question: Run a root container for MariaDB, following conditions should be met:
| - Container name should be mariadb
| - Container must be accessible at port 3206
| - root password is set to password
| - DB USER should be: muser and password: mpassword
| - Database name should be mydb
| - The directory /opt/mariadb on host should be mapped to /var/lib/mariadb in the container
| - It should be configured such that it automatically starts when the system is rebooted.

Credit: Sander van Vugt, question from Red Hat Certified System Administrator (RHCSA), 3/e

Solution:

yum module install container-tools
podman login registry.redhat.io
podman pull registry.redhat.io/rhel8/mariadb-103

Check image is downloaded

podman images
podman inspect registry.redhat.io/rhel8/mariadb-103
mkdir -p /opt/mariadb
podman run -d --name mariadb -e MYSQL_USER=muser -e MYSQL_PASSWORD=mpassword -e MYSQL_DATABASE=mydb \
-e MYSQL_ROOT_PASSWORD=password -p 3306:3306 -v /opt/mariadb:/var/lib/mariadb:Z rhel8/mariadb-103

verify it is running

podman ps
loginctl show-user root
loginctl enable-linger root

Verify:

loginctl show-user root
cd /etc/systemd/system/
podman generate systemd --name mariadb --files 
systemctl enable container-mariadb.service
systemctl daemon-reload

Reboot to verify

reboot
podman ps

Build a container 5

| Run a non root NGINX container with name nginx
| - map host port 8081 to 8080 of container
| - Create a sample index.html under /home/harry/html having content as:

My RHEL NGINX Container


| - map /home/harry/html to /opt/app-root/src of container
| - Make sure it is running even after system reboot 

yum module install container-tools
podman login registry.access.redhat.com
podman pull registry.access.redhat.com/ubi8/nginx-120

Verify: image is downloaded

podman images

Inspect image for usage

podman inspect registry.access.redhat.com/ubi8/nginx-120
mkdir ~/html
vim ~/html/index.html
   <h1>My RHEL NGINX Container</h1>
podman run -d --name nginx -p 8081:8080 -v /home/harry/html:/opt/app-root/src:Z registry.access.redhat.com/ubi8/nginx-120 nginx -g "daemon off;"
podman ps
mkdir -p /home/harry/.config/systemd/user
cd /home/harry/.config/systemd/user
loginctl enable-user harry
loginctl show-user harry
podman generate systemd --name nginx --files
systemctl --user enable container-nginx.service 
systemctl --user daemon-reload 
su -
firewall-cmd --add-port=8081/tcp --permanent
firewall-cmd --add-port=8081/tcp
firewall-cmd --reload

Reboot to verify

reboot
podman ps

on node2

curl 172.24.9.10:8080

Build a container 6

| Download root less container image rsyslog for user adam.
| - Mount volume: /home/harry/log to /var/log in container.
| - Also make use that container comes up automatically when system is rebooted.

yum module install container-tools
podman login registry.redhat.io
podman pull registry.redhat.io/rhel8/rsyslog

Verify: that image is downloaded

podman images

Inspect to see its usage

podman inspect registry.redhat.io/rhel8/rsyslog

make directory

mkdir -p /home/harry/log

run conatiner

podman run -d --privileged --name rsyslog --net=host --pid=host -v /home/harry/log:/var/log:Z --restart=always registry.redhat.io/rhel8/rsyslog:latest /bin/rsyslog.sh

Verify: it is running

podman ps

Check the linger state

loginctl show-user harry

Enable linger for user

loginctl enable-linger harry

Verify: Linger=yes for harry

loginctl show-user harry

Create user systemd directory

mkdir -p .config/systemd/user
cd .config/systemd/user

Generate service file

podman generate systemd --name rsyslog --files

enable user container service

systemctl --user enable container-rsyslog.service

reload daemon

systemctl --user daemon-reload

reboot to verify that container is still up after rebooting

reboot
podman ps

If it is not started then check Restart under [Service] if it is set to on-failure

systemctl --user cat container-rsyslog.service

Overwrite Restart to always and RestartSec to 1 in nano editor

systemctl --user edit container-rsyslog.service
          [Service]
          Restart=always
          RestartSec=1
```          
reload daemon

systemctl –user daemon-reload

reboot to verify that container is indeed up after rebooting

reboot
podman ps


### Build a container 7

| Create a container with the name, "logserver" from rhel8/rsyslog image from registry.lab.example.com registry.
| - Configure the container with systemd services as the harry user using the service name "container-logserver" so that it can be persistent across reboot.
| - Configure your host journal to store all journal across reboot copy all journal form /var/log/journal and all subdirectories to /home/harry/container-logserver.
| - Create and mount /home/harry/container-logserver as a persistent storage to the container as /var/log/journal when container start
| - Use "administrator" as the username and "admin123" as the credentials for the image registry. 
| - Use harry as harry's password. No root password is needed because wallah is a sudo user.
          
          
Check if needed module is installed

yum module list –installed | grep container

yum module install container-tools

Make directory and copy files

mkdir -p /home/harry/container-logserver

Check if systemd-journald is running properly

su -
mkdir -p /var/log/journal
systemctl restart systemd-journald
systemctl status systemd-journald
exit

copy files

cd /home/harry/container-logserver
cp -r /var/log/journal .

Change ownership

chown -R harry:harry /home/harry/container-logserver

Download image

podman login registry.redhat.io
podman pull registry.redhat.io/rhel8/rsyslog

run container

podman run -d –name logserver -v /home/harry/container-logserver:/var/log/journal:Z registry.redhat.io/rhel8/rsyslog

Verify: it is running

podman ps

Check the linger state

loginctl show-user harry

Enable linger for user

loginctl enable-linger harry

Verify: Linger=yes for harry

loginctl show-user harry

Create user systemd directory

mkdir -p .config/systemd/user
cd .config/systemd/user

Generate service file

podman generate systemd –name logserver –files

enable user container service

systemctl –user enable container-logserver.service

reload daemon

systemctl –user daemon-reload

reboot to verify that container is still up after rebooting

reboot
podman ps


### Build a container 8

| Login to the registry.
| Download image of a web server. 
| Run the web server in a container as a user-service on port 8080, sharing files from /home/user/webfiles.
| Ensure the web server is available across reboots.


Switch to the account of user that will be running the container.
It is assumed that user named `user` exists on the system

su - user

Authenticate if you have a private registry with images to work with. 
To let anyone do the exercise public repository is used through the rest of steps

$ podman login 

Create the container (-d for daemon-background, -v for ???)

$ podman create -d -v /home/user/webfiles:/usr/local/apache2/htdocs -p 8080:80 –name user_httpd docker.io/library/httpd

Generate service configuration

$ sudo podman generate systemd user_httpd > ~/.config/systemd/user/user_httpd.service

Enable and start the service. You need to be logged in as the user, switching to it is not enough

$ systemctl –user enable –now user_httpd.service

Enable linger, otherwise start of the container would happen when the user logs in

$ loginctl enable-linger


Add SELinux permissions to the catalog

semanage fcontext -at container_file_t “/home/user/webfiles(/.*)?”

restorecon -vR /home/user/webfiles

Alternatively, while creating the container you could configure volume and let podman take care of setting the context up for you.
Syntax looks as follows:

$ podman run -v ::z 

Add port to the firewall

firewall-cmd –add-port=8080/tcp –permanent

firewall-cmd –reload







### Build a container 9
| Download the Apache web server container image (httpd 2.4) and inspect the container image. 
| Check the exposed ports in the container image configuration

podman login registry.redhat.io

podman search registry.redhat.io/httpd-24 => you can use docker registry

podman pull registry.redhat.io/rhel8/httpd-24

podman inspect httpd-24 | vim - => search the exposed port: ExposedPorts - 8080,8443/tcp ..

UBI images "stands for universal base image" and it is used as the foundation for all of the redhat product : registry.redhat.io/ubi8/httpd-24
vim - : this is vim func that reads the STDIN 
The puprose of skopeo: you can inspect the image without the need of pulling the image from the registry

### Build a container 10
| Run the httpd container in the background. 
| Assign the name myweb to the container, verify that the container is running, stop the container and verify that it has stopped, and delete the container and the container image

podman run -d –name myweb httpd-24

podman ps

podman stop myweb

podman ps -a => Check the status of the container

podman rm -f myweb => as the container in paused state we can use -f option

podman rmi httpd-24


### Build a container 11
| Pull the Apache web server container image (httpd 2.4) and run the container with the name webserver. 
| Configure webserver to display content "Welcome to container-based web server". 
| Use port 3333 on the host machine to receive http requests. 
| Start a bash shell in the container to verify the configuration

There are different methods to configure the web server 
- using the bind-mount : mount a dir (~/hostfiles/) that host the files to /var/www/html
- create a containerfile to build a container image 
- create a new image based on the changed container

podman pull registry.redhat.io/rhel8/httpd-24

using the containerfile ---

echo “Welcome to container-based web server “ > index.html

vim Dockerfile

    FROM httpd-24
    MAINTAINER    First_name 
    COPY index.html /var/www/html/

podman build . -t httpd:v1

podman run -dit –name webserver -p 3333:8080 httpd:v1

firewall-cmd –add-port=3333/tcp –permanent

firewall-cmd –reload

curl localhost:3333 => Welcome to container-based web serve

podman exec -it webserver bash

cat /var/www/html/index.html

exit


### Build a container 12
| Configure the system to start the webserver container at boot as a systemd service. 
| Start/enable the systemd service to make sure the container will start at boot, and reboot the system to verify if the container is running as expected

With root priv :

podman generate systemd webserver > httpd-server.service

systemctl daemon-reload

systemctl enable –now cont-httpd-server.service

reboot

systemctl status httpd-container.service

curl localhost:3333

With rootless container :

mkdir -p ~/.config/systemd/user && cd $_

podman generate systemd webserver > httpd-srv.service

loginctl enable-ligner user-name

systemctl –user daemon-reload

vim httpd-srv.service

Change WantedBy to default.target

WantedBy=default.target

systemctl –user status httpd-srv.service

systemctl –user enable –now httpd-srv.service

By default this service will start when the user login and stop when user logged out, to change this behaviour you’ve to enable user linger like we done above

reboot

podman ps

&nbsp;&nbsp;if you face this error: Failed to connect to bus [check this link](https://access.redhat.com/discussions/6029491) 


### Build a container 13
| Create a container logserver from an image rsyslog in server1 from registry.redhat.io<br>
| - Configure the container with systemd services by an existing user user10.<br>
| - Service name should be container-logserver, and configure it to start automatically across reboot.<br>
| - Configure your host journal to store all journal across reboot, copy all *.journal from /var/log/journal and all subdirectories to /home/user10/container_logserver <br>
| - Configure automount /var/log/journal from  logserver (container) to /home/user10/container_logserver when container starts.

podman search registry.redhat.io/rsyslog

podman login registry.redhat.io

Username:
Password:

podman pull registry.redhat.io/rhel8/rsyslog

root priv ---

vim /etc/systemd/journal.conf

Storage=persistent

systemctl restart systemd-journald

ls /var/log/journal

mkdir /home/user10/container_logserver

cp -R /var/log/journal/ /home/user10/container_logserver

chown -R user10:user10 ~/container_logserver

su - user10

podman run -d –name logserver -v ~/container_logserver/:/var/log/:Z rsyslog

podman ps

mkdir -p ~/.config/systemd/user/

cd $_

podman generate systemd –name logserver –files –new

podman exec -it logserverlogserver

vim container-logserver.service

WantedBy=default.target

loginctl enable-linger $USER

systemctl –user daemon-reload

systemctl –user enable container-logserver.service

systemctl –user status container-logserver

reboot => to make sure that the container is up and running

```

Documentations

Internet
Git
ChatGPT

> Partager <