This is part of the independent and unofficial RHCSA Exam Study Guide series providing free 🤑 resources to prepare for the exam.
This post covers the objectives under the section:
“MANAGE CONTAINERS”
It contains two main parts:
- Resources: with links to learn and practice for each objective.
- Cheatsheet: containing some examples of commands and actions performed in each objective (when applied).
📚 Resources:
FIND AND RETRIEVE CONTAINER IMAGES FROM A REMOTE REGISTRY
- 📌 Chapter 3. Working with container images (items 3.1. to 3.5.)
INSPECT CONTAINER IMAGES
PERFORM CONTAINER MANAGEMENT USING COMMANDS SUCH AS PODMAN AND SKOPEO
(Covered in previous and next items)
PERFORM BASIC CONTAINER MANAGEMENT SUCH AS RUNNING, STARTING, STOPPING, AND LISTING RUNNING CONTAINERS
RUN A SERVICE INSIDE A CONTAINER
CONFIGURE A CONTAINER TO START AUTOMATICALLY AS A SYSTEMD SERVICE
ATTACH PERSISTENT STORAGE TO A CONTAINER
📑 Cheatsheet:
(Requires RHEL 8.3 or above, and container-tools module)
FIND AND RETRIEVE CONTAINER IMAGES FROM A REMOTE REGISTRY
Configure (user-level) container registries
- create
$HOME/.config/containers/registries.conf➡ file to override the system-wide settings, and configure user level container regisitries.
[registries.search] registries = ['registry.access.redhat.com', 'registry.redhat.io', 'docker.io'] [registries.insecure] registries = [] [registries.block] registries = []- create
podman search caddy➡ searches the predefined container registries for container images containing the word ‘caddy’.podman login quay.io➡ authenticates to ‘quay.io’ container registry.podman search quay.io/postgresql-10➡ searches for the particular image on the specified registry.podman search -f is-official --limit 3 --no-trunc alpine➡ searches for a particular image on all repositories, and displays only official images, maximum of 3, and full description.podman pull registry.redhat.io/ubi8/ubi➡ pull specified image from specified registry.
INSPECT CONTAINER IMAGES
podman images➡ lists images downloaded to the system or created on the system.podman inspect caddy➡ inspect local image named ‘caddy’.skopeo inspect docker://registry.redhat.io/ubi8/ubi-init | less➡ inspect remote image, usinglesspager.
PERFORM CONTAINER MANAGEMENT USING COMMANDS SUCH AS PODMAN AND SKOPEO
podman tag docker.io/library/mariadb localstable➡ addlocalstabletag to local image.
PERFORM BASIC CONTAINER MANAGEMENT SUCH AS RUNNING, STARTING, STOPPING, AND LISTING RUNNING CONTAINERS
podman exec myubi ls -la➡ executels -lacommand inside themyubirunning container, and detach.podman attach myubi➡ attach tomyubirunning container.podman stop myubi && podman rm myubi➡ stop and removemyubicontainer.podman run --rm alpine ls /etc➡ start container fromalpineimage, run the commandls /etc, exit and remove the container.podman run --name=myalpine -it alpine /bin/sh➡ start container fromalpineimage, in interactive mode providing the/bin/shshell, applymyalpinename to the container.podman run -d mysql➡ start container frommysqlimage and detach the session, container keeps running.podman ps -a➡ show running and stopped containers.podman start myubi➡ start container namedmyubidetached.podman start -a -i myubi➡ start container namedmyubiattached and interactive mode.
RUN A SERVICE INSIDE A CONTAINER
item➡ description.
CONFIGURE A CONTAINER TO START AUTOMATICALLY AS A SYSTEMD SERVICE
podman create --name myhttpd docker.io/library/httpd➡ create a container (do not start/run it).podman generate systemd --name myhttpd > ~/.config/systemd/user/container-myhttpd.service➡ generate the container’s systemd unit file (create directory if needed). Inside the unit file,ExecStartrunpodman startcommand so, the container must exist in the host system.Auto-generate a systemd unit file that auto-generate a container:
Create a new user (i.e.:
containeruser) and open a terminal session with it.podman create --name myhttpd2 httpd➡ create a container (do not start/run it).podman generate systemd --new --files --name myhttp2➡ generate the container’s systemd unit file. Inside the unit file,ExecStartrunpodman runcommand so, the container will be created on start.cp container-myhttpd2.service ~/.config/systemd/user/➡ install it as user service.
Auto-starting containers using systemd
systemctl --user daemon-reloadsystemctl --user --now enable container-myhttpd.serviceloginctl enable-linger && loginctl show-user containeruser➡ make the service autostart without the need forcontaineruserto log in.- verify with:
systemctl --user status container-myhttpd.servicesystemctl --user | grep containerpodman ps -a
ATTACH PERSISTENT STORAGE TO A CONTAINER
podman run --name="log_test" -v /dev/log:/dev/log --rm ubi logger "LOG THIS"➡ create containerlog_test, mount the host/dev/logdirectory inside the container, create log message from the container.
MORE EXAMPLES
podman info➡ display podman system information.podman inspect --format='{{.Config.ExposedPorts}}' myalpine➡ inspect local container namedmyalpinedisplaying only the selected item from the JSON object.podman run -dp 8080:80 --name http-serv docker.io/library/httpd➡ create a container from the image, name it ashttp-servand expose it’s port n. 80 to port 8080 in the host system.podman run -it -e HISTSIZE -e SECRET="Mysecret" --name ubi8-vars ubi8➡ create containerubi8-varsfromubi8image, in interactive mode, setting up the specified environment variables.podman port http-serv➡ check thehttp-servcontainer port mapping status.podman unshare ls -la myshares➡ showsmysharesdirectory properties, UID, GID, etc, as it is viewed by a rootless container.podman unshare chown 1000:1000 -R myshares➡ change user and group owner inside the ‘user namespace’ formysharesdirectory recursively.podman run -u 1000 -it -v /home/user1/myshares:/mnt/persistent:Z myubi /bin/bash➡ start container frommyubiimage, in interactive mode (bashshell), as user1000, mountmysharesdirectory at/mnt/persistentwith a private unshared label (SELinux).<Ctrl>+p,<Ctrl>+q➡ detach from the container’s interactive mode and go back to the host shell (container keeps running).
podman volume create hostvolume➡ create new volume.podmand volume inspect hostvolume➡ display information about the volume.mntPoint=$(podman volume inspect hostvolume --format {{.Mountpoint}})➡ save the volume mountpoint tomntPointvarable for easier manipulation.podman run -it -v hostvolume:/mnt/sharedvol myubi /bin/bash➡ start container formmyubiimage, interactive mode in abashshell, mount thehostvolumecreated at/mnt/sharedvoldirectory.
🎉 Congratulations!
You achieved the end of the learning for the RHCSA Exam!
(practice, reinforce, excercise, etc, check notes at:)
Red Hat Certified System Administrator (RHCSA) Exam Study Guide
Useful links & references:
Enable Sysadmin (a blog from Red Hat)
Footnotes:
- Follow me on Twitter to get more posts like this and other quick tips in your feed.
- If you have any doubts or tips about this article, I’d appreciate knowing and discussing it via email.
- Do you have any other Linux tips? Would you like to publish that in this blog? Please send an email to all drops.
- As English is not my native language, I apologize for the errors. Corrections are welcome.
- Contact: contact [@] alldrops [.] info.
