(RHCSA) Manage Containers

This is part of the RHCSA Exam Study Guide series

avatar Jonas B. Rossi

Sep 15, 2021 ā€¢ edited Oct 30, 2021 ā€¢ 6 minutes to read

image

This is part of the independent and unofficial RHCSA Exam Study Guide series providing free šŸ¤‘ resources to prepare for the exam.

This post covers the objectives under the section:

“MANAGE CONTAINERS”

It contains two main parts:

  • Resources: with links to learn and practice for each objective.
  • Cheatsheet: containing some examples of commands and actions performed in each objective (when applied).

šŸ“š Resources:

FIND AND RETRIEVE CONTAINER IMAGES FROM A REMOTE REGISTRY
INSPECT CONTAINER IMAGES
PERFORM CONTAINER MANAGEMENT USING COMMANDS SUCH AS PODMAN AND SKOPEO

(Covered in previous and next items)

PERFORM BASIC CONTAINER MANAGEMENT SUCH AS RUNNING, STARTING, STOPPING, AND LISTING RUNNING CONTAINERS
RUN A SERVICE INSIDE A CONTAINER
CONFIGURE A CONTAINER TO START AUTOMATICALLY AS A SYSTEMD SERVICE
ATTACH PERSISTENT STORAGE TO A CONTAINER

šŸ“‘ Cheatsheet:

(Requires RHEL 8.3 or above, and container-tools module)

FIND AND RETRIEVE CONTAINER IMAGES FROM A REMOTE REGISTRY

  • Configure (user-level) container registries

    • create $HOME/.config/containers/registries.conf āž” file to override the system-wide settings, and configure user level container regisitries.
    [registries.search]
registries = ['registry.access.redhat.com', 'registry.redhat.io', 'docker.io']
  
[registries.insecure]
registries = []
  
[registries.block]
registries = []

  • podman search caddy āž” searches the predefined container registries for container images containing the word ‘caddy’.

  • podman login quay.io āž” authenticates to ‘quay.io’ container registry.

  • podman search quay.io/postgresql-10 āž” searches for the particular image on the specified registry.

  • podman search -f is-official --limit 3 --no-trunc alpine āž” searches for a particular image on all repositories, and displays only official images, maximum of 3, and full description.

  • podman pull registry.redhat.io/ubi8/ubi āž” pull specified image from specified registry.

INSPECT CONTAINER IMAGES

  • podman images āž” lists images downloaded to the system or created on the system.

  • podman inspect caddy āž” inspect local image named ‘caddy’.

  • skopeo inspect docker://registry.redhat.io/ubi8/ubi-init | less āž” inspect remote image, using less pager.

PERFORM CONTAINER MANAGEMENT USING COMMANDS SUCH AS PODMAN AND SKOPEO
  • podman tag docker.io/library/mariadb localstable āž” add localstable tag to local image.
PERFORM BASIC CONTAINER MANAGEMENT SUCH AS RUNNING, STARTING, STOPPING, AND LISTING RUNNING CONTAINERS

  • podman exec myubi ls -la āž” execute ls -la command inside the myubi running container, and detach.

  • podman attach myubi āž” attach to myubi running container.

  • podman stop myubi && podman rm myubi āž” stop and remove myubi container.

  • podman run --rm alpine ls /etc āž” start container from alpine image, run the command ls /etc, exit and remove the container.

  • podman run --name=myalpine -it alpine /bin/sh āž” start container from alpine image, in interactive mode providing the /bin/sh shell, apply myalpine name to the container.

  • podman run -d mysql āž” start container from mysql image and detach the session, container keeps running.

  • podman ps -a āž” show running and stopped containers.

  • podman start myubi āž” start container named myubi detached.

  • podman start -a -i myubi āž” start container named myubi attached and interactive mode.

RUN A SERVICE INSIDE A CONTAINER
  • item āž” description.
CONFIGURE A CONTAINER TO START AUTOMATICALLY AS A SYSTEMD SERVICE

  • podman create --name myhttpd docker.io/library/httpd āž” create a container (do not start/run it).

  • podman generate systemd --name myhttpd > ~/.config/systemd/user/container-myhttpd.service āž” generate the container’s systemd unit file (create directory if needed). Inside the unit file, ExecStart run podman start command so, the container must exist in the host system.

  • Auto-generate a systemd unit file that auto-generate a container:

    • Create a new user (i.e.: containeruser) and open a terminal session with it.

    • podman create --name myhttpd2 httpd āž” create a container (do not start/run it).

    • podman generate systemd --new --files --name myhttp2 āž” generate the container’s systemd unit file. Inside the unit file, ExecStart run podman run command so, the container will be created on start.

    • cp container-myhttpd2.service ~/.config/systemd/user/ āž” install it as user service.

  • Auto-starting containers using systemd

    • systemctl --user daemon-reload
    • systemctl --user --now enable container-myhttpd.service
    • loginctl enable-linger && loginctl show-user containeruser āž” make the service autostart without the need for containeruser to log in.
    • verify with:
      • systemctl --user status container-myhttpd.service
      • systemctl --user | grep container
      • podman ps -a
ATTACH PERSISTENT STORAGE TO A CONTAINER
  • podman run --name="log_test" -v /dev/log:/dev/log --rm ubi logger "LOG THIS" āž” create container log_test, mount the host /dev/log directory inside the container, create log message from the container.
MORE EXAMPLES

  • podman info āž” display podman system information.

  • podman inspect --format='{{.Config.ExposedPorts}}' myalpine āž” inspect local container named myalpine displaying only the selected item from the JSON object.

  • podman run -dp 8080:80 --name http-serv docker.io/library/httpd āž” create a container from the image, name it as http-serv and expose it’s port n. 80 to port 8080 in the host system.

  • podman run -it -e HISTSIZE -e SECRET="Mysecret" --name ubi8-vars ubi8 āž” create container ubi8-vars from ubi8 image, in interactive mode, setting up the specified environment variables.

  • podman port http-serv āž” check the http-serv container port mapping status.

  • podman unshare ls -la myshares āž” shows myshares directory properties, UID, GID, etc, as it is viewed by a rootless container.

  • podman unshare chown 1000:1000 -R myshares āž” change user and group owner inside the ‘user namespace’ for myshares directory recursively.

  • podman run -u 1000 -it -v /home/user1/myshares:/mnt/persistent:Z myubi /bin/bash āž” start container from myubi image, in interactive mode (bash shell), as user 1000, mount myshares directory at /mnt/persistent with a private unshared label (SELinux).

    • <Ctrl> + p, <Ctrl> + q āž” detach from the container’s interactive mode and go back to the host shell (container keeps running).

  • podman volume create hostvolume āž” create new volume.

  • podmand volume inspect hostvolume āž” display information about the volume.

  • mntPoint=$(podman volume inspect hostvolume --format {{.Mountpoint}}) āž” save the volume mountpoint to mntPoint varable for easier manipulation.

  • podman run -it -v hostvolume:/mnt/sharedvol myubi /bin/bash āž” start container form myubi image, interactive mode in a bash shell, mount the hostvolume created at /mnt/sharedvol directory.

šŸŽ‰ Congratulations!

You achieved the end of the learning for the RHCSA Exam!

(practice, reinforce, excercise, etc, check notes at:)

Red Hat Certified System Administrator (RHCSA) Exam Study Guide

Useful links & references:

Footnotes:

  • Follow me on Twitter to get more posts like this and other quick tips in your feed.
  • If you have any doubts or tips about this article, Iā€™d appreciate knowing and discussing it via email.
  • Do you have any other Linux tips? Would you like to publish that in this blog? Please send an email to all drops.
  • As English is not my native language, I apologize for the errors. Corrections are welcome.
  • Contact: contact [@] alldrops [.] info.

categories: linux

tags: linuxred hatRHELRHCSA

Read more on linux drops: