Run a Container As Service
SystemD
podman generate systemd web5 > /etc/systemd/system/we5-container.service
systemctl daemon-reload
systemctl start we5-container
systemctl status we5-container
systemctl enable we5-containerUser
ssh test@localhost
podman pull docker.io/library/httpd
podman images
podman ps
podman run -d --name New -p 8085:80 dabbtbe0c57b
mkdir -p ~/.config/systemd/user
podman generate systemd New > ~/.config/systemd/user/New-container.service
vim ~/. config/systend/user/New-conteiner.service
#make wantedBy=default
systemctl --user daemon-reload
systemctl --user start New-container
systemctl --user enable New-container
systemctl --user status New-container- delete the wanted by line
- make
wantedBy=default
Theory
Dependencies
- Containers rely on features provided by the Linux operating system
- Control groups set limits to the amount of resources that can be used
- Namespaces provide isolation to ensure the container only has access to its own data and configuration
- SELinux enforces security
- Containers need a user ID to be started on the host computer
Root Containers
- Root containers are started by the root user
Rootless Containers
- Rootless containers are started as a non-root user
- rootless containers can generate a UID dynamically, or be preconfigured to use a specific UID
- Rootless containers have a few limitations
- No unlimited access to the filesystem
- Can’t bind to privileged network ports
Applications inside Containers
- Complex applications are typically composed of multiple containers
- Normally one container runs one application
- This offers the benefit of better manageability
- To manage microservices, orchestration platforms like
- Kubernetes
- Red Hat OpenShift
Manage Images
buildahis an advanced tool to create container imagesskopeois an advanced tool to manage, copy, delete and sign imagespodmanmanages containers and container images
Managing Container Images
Using Images and Registries
info
- Container images are used to package container applications with all of their dependencies
- Images are built according to the Open Containers Initiative (OCI) specification
- The OCI standard guarantees compatibility so that images can be used in different environments, like podman on RHEL or docker
- upto RHEL 7 Redhat used docker as thier default container engine. From RHEL 8 they dropped support for docker and change it with podman. because of OCI they can do it without much issue.
- all the containers work on docker environment also work in podman without any modifications.
- Container images are offered through registries
Using Registries
info
- there are different types of registries
- Public registries such as hub.docker.com provide access to community-provided container images
- Private registries can be created to host container images internally
- Images optimized for use in Red Hat environments are provided through quay.io
- Red Hat distributes certified images that are accessible only with Red Hat credentials
- registry.redhat.io is for official Red Hat products
- registry.connect.redhat.com is for third-party products
- Red Hat container catalog (https://catalog.redhat.com) is a web interface to the Red Hat images
Accessing Red Hat Registries
info
- Red Hat registries can be accessed with a Red Hat account
- Developer accounts (https://developers.redhat.com) do qualify
- Use
podman login registry.redhat.ioto login to a registry- Use
podman login registry.redhat.io --get-loginto get your current login credentials
Configuring Registry Access
Note
- Registry access is configured in /etc/containers/registries.conf
- Default registries are in the [registries.search] section
- Registries that don’t have an SSL certificate are in [registries.insecure]
- A user specific registries.conf file can be created as
~/.config/containers/registries.conf
Using Containerfile
Note
- A
Containerfile(previously known asDockerfile) is a text file with instructions to build a container imageContainerfiles have instructions to build a custom container based on a base image such as theUBIimage- UBI is the Universal Base Image, an image that Red Hat uses for all of its products
Building an image from a Containerfile
dnf install container-tools
git clone https://github.com/sandervanvugt/rhcsa
podman info
cd rhcsa
podman images
podman login registry.access.redhat.com
podman build -t mymap .
podman images
- make sure you add
-yflag at the end of the install command. - all these commands can be used with docker also
Importnat
For RHCSA you don’t need to expect to create containerfiles yourself
Running Containers
Note
- Use
podman runto run a container image
- It will search for the image in the configured registries
- If found, it will pull the image and run the container
- Use
podman psto verify that the image currently is running- If not seen, use
podman ps -ato also show containers that have stopped- Use
podman inspectto see what is inside an image or a container
Understanding Container Commands
- When started with podman run, the container runs its default command
- To run an alternative command, it can often (not always) be specified as a command line argument
podman run ubi8 sleep- To run an image from a specific registry, specify the complete image name
- Command line options for the specific podman command need to be specified before the name of the image
Common Podman Commands
Commands
podman searchsearches the registries for imagespodman runruns a containerpodman stopstops a currently running containerpodman psshows information about containerspodman buildbuilds an image from a Containerfilepodman imageslists imagespodman inspectshows container or image detailspodman pullpulls an image from the registrypodman execexecutes a command in a running containerpodman rmremoves a container
podman search ubi
podman run --name sleepy docker.io/redhat/ubi9 sleep 3600
from another terminal: podman ps
podman stop sleepy
podman images
podman run -d --name sleepy docker.io/redhat/ubi9 sleep 3600
podman rm sleepy
podman ps -a
- you can use the full path to get the image from the exact repo
