Purpose – To build, run and manage Linux containers in RHEL8 Server OS
Pre-requisites –
RHEL8 Server OS
What are Containers –
In layman terms containers are used to package applications and all its dependencies in the form of containers which can be shipped and deployed to be run on any platform independently without any modifications.
In rhel Linux containers use the core technologies such as
Control Groups (CGroups) – For resource management
Namespaces – For process isolation
SELinux – For enabling security
RHEL Linux container provide the below tools which can operate without a container engine (eg. docker container engine)
Here are the list of tools
podman – Client tool for managing container (similar to docker CLI for managing images and containers)
buildah – Client tool for building OCI compliant container images
skopeo – Client tool sigining, authenticating and copying container images to and from container registries
runc – Its a lightweight Container runtime
Redhat provides container images and related software for most of the architecture.
Make sure to register and attach rhel subscription before proceeding with the below steps for building, running and managing Linux containers
Step1: Install container-tools package
[root@rhelser8 ~]# yum module install container-tools
…
Installed:
runc-1.0.0-52.rc5.dev.git2abd837.el8+1884+9fee228c.x86_64
container-storage-setup-0.11.0-2.git5eaf76c.el8+1431+1e5d561c.noarch
slirp4netns-0.1-1.dev.gitc4e1bc5.el8+1463+3d8a3dce.x86_64
buildah-1.4-2.git608fa84.el8+2005+c789302b.x86_64
container-selinux-2:2.73-3.el8+1838+91f7e486.noarch
fuse-overlayfs-0.1-7.dev.git50c7a50.el8+2117+8020c482.x86_64
skopeo-1:0.1.31-11.gitb0b750d.el8+1853+ae0bb178.x86_64
podman-0.10.1.3-5.gitdb08685.el8+2131+7e3e9e07.x86_64
oci-systemd-hook-1:0.1.15-2.git2d0b8a3.el8+1431+1e5d561c.x86_64
oci-umount-2:2.3.4-2.git87f9237.el8+1431+1e5d561c.x86_64
containernetworking-plugins-0.7.3-6.git19f2f28.el8+1742+b7ea820a.x86_64
containers-common-1:0.1.31-11.gitb0b750d.el8+1853+ae0bb178.x86_64
protobuf-c-1.3.0-4.el8.x86_64
yajl-2.1.0-10.el8.x86_64
criu-3.10-4.el8.x86_64
libnet-1.1.6-15.el8.x86_64
ostree-libs-2018.8-2.el8.x86_64
python3-policycoreutils-2.8-9.el8.noarch
fuse3-libs-3.2.1-11.el8.x86_64
python3-setools-4.1.1-11.el8.x86_64
policycoreutils-python-utils-2.8-9.el8.noarch
python3-IPy-0.81-22.el8.noarch
python3-libsemanage-2.8-3.1.el8.x86_64
python3-audit-3.0-0.5.20180831git0047a6c.el8.x86_64
checkpolicy-2.8-1.el8.x86_64
Complete!
By default, the below configuration file defines access to container registries when we work with container tools such as podman
[root@rhelser8 containers]# grep -v ^# /etc/containers/registries.conf
…
[registries.search]
registries = [‘registry.redhat.io’, ‘quay.io’, ‘docker.io’]
…
[registries.insecure]
registries = []
…
[registries.block]
registries = []
Step2: Pull image from registry
First, we need to connect to the redhat registry from where we want to pull the container images
[root@rhelser8 ~]# podman login registry.redhat.io
Username: <username>
Password:
Login Succeeded!
Now, lets pull two images from the above connected registry
[root@rhelser8 ~]# podman pull registry.redhat.io/rhel8-beta/rhel
Trying to pull registry.redhat.io/rhel8-beta/rhel…Getting image source signatures
Copying blob sha256:619051b1fc41546ce2c2d6911145f66472d72caf7a4aaf8ffcad782f27227e9c
66.48 MB / 66.48 MB [====================================================] 6m2s
Copying blob sha256:386105ae8b6231e5c25160d9a40bec1da1fdb822455f6e3094bef2b6e877d865
1.33 KB / 1.33 KB [========================================================] 0s
Copying config sha256:a80dad1c19537b0961e485dfa0a43fbe3c0a71cec2cca32d3264e087e396a211
6.33 KB / 6.33 KB [========================================================] 0s
Writing manifest to image destination
Storing signatures
a80dad1c19537b0961e485dfa0a43fbe3c0a71cec2cca32d3264e087e396a211
[root@rhelser8 ~]# podman pull registry.redhat.io/rhel8-beta/rsyslog
Trying to pull registry.redhat.io/rhel8-beta/rsyslog…Getting image source signatures
Skipping fetch of repeat blob sha256:619051b1fc41546ce2c2d6911145f66472d72caf7a4aaf8ffcad782f27227e9c
Skipping fetch of repeat blob sha256:386105ae8b6231e5c25160d9a40bec1da1fdb822455f6e3094bef2b6e877d865
Copying blob sha256:4cab29f2fdd7fb9008909ba7ad648ce200e5a57ae9849b43981297ae9fe26e46
5.23 MB / 5.23 MB [=======================================================] 18s
Copying config sha256:7d913cca82b9d9bbe19530e7c16168267c13513aacf08aae862a9411f694dbfe
5.44 KB / 5.44 KB [========================================================] 0s
Writing manifest to image destination
Storing signatures
7d913cca82b9d9bbe19530e7c16168267c13513aacf08aae862a9411f694dbfe
[root@rhelser8 ~]# podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
registry.redhat.io/rhel8-beta/rsyslog latest 7d913cca82b9 5 months ago 228MB
registry.redhat.io/rhel8-beta/rhel latest a80dad1c1953 5 months ago 210MB
Step3: Run the downloaded image
[root@rhelser8 ~]# hostname
rhelser8.stack.com
[root@rhelser8 ~]# podman run -it registry.redhat.io/rhel8-beta/rhel /bin/bash
bash-4.4# echo $HOSTNAME
4b30bfbf9046
Lets list out the containers that are currently running on another host terminal and stop the running container
[root@rhelser8 ~]# podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
4b30bfbf9046 registry.redhat.io/rhel8-beta/rhel:latest /bin/bash 46 seconds ago Up 46 seconds ago wonderful_haibt
[root@rhelser8 ~]#
Step4: Stop and Remove the container and downloaded images
[root@rhelser8 ~]# podman stop 4b30bfbf9046
4b30bfbf9046a450e7860f6023591c53db4a1cd97434a4c90e49b33aa5158b84
[root@rhelser8 ~]# podman ps
[root@rhelser8 ~]#
Once the container is stopped we can remove that inactive container using below. I have used ‘-a’ all active and exited container but we can pass the specific container id also to remove that specific container id.
[root@rhelser8 ~]# podman rm -a
Now, we will remove the images once all the containers are stopped and removed as below
[root@rhelser8 ~]# podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
registry.redhat.io/rhel8-beta/rsyslog latest 7d913cca82b9 5 months ago 228MB
registry.redhat.io/rhel8-beta/rhel latest a80dad1c1953 5 months ago 210MB
[root@rhelser8 ~]# podman rmi 7d913cca82b9 a80dad1c1953
7d913cca82b9d9bbe19530e7c16168267c13513aacf08aae862a9411f694dbfe
a80dad1c19537b0961e485dfa0a43fbe3c0a71cec2cca32d3264e087e396a211
Here, let us look at another example on Tomcat container from docker registry
Step1: Search for Tomcat image in docker.io registry
[root@rhelser8 ~]# podman search docker.io/library/tomcat
INDEX NAME DESCRIPTION STARS OFFICIAL AUTOMATED
docker.io docker.io/library/tomcat Apache Tomcat is an open source implementati… 2365 [OK]
Step2: Pull the Tomcat image from registry
[root@rhelser8 ~]# podman pull docker.io/library/tomcat
Trying to pull docker.io/library/tomcat…Getting image source signatures
Copying blob sha256:e79bb959ec00faf01da52437df4fad4537ec669f60455a38ad583ec2b8f00498
43.24 MB / 43.24 MB [===================================================] 1m13s
…
Writing manifest to image destination
Storing signatures
5a069ba3df4d4221755d76d905ce8a0d2eedf3edbd87dca05a6259114c7b93d4
Step3: Run the default tomcat instance
[root@rhelser8 ~]# podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/library/tomcat latest 5a069ba3df4d 2 weeks ago 480MB
[root@rhelser8 ~]# podman run -it -d -p 8888:8080 5a069ba3df4d
6786c6ac79331c63ef8d5178f9b7d18441b0c197956eded1c883eff279657dd9
[root@rhelser8 ~]# podman ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES IS INFRA
6786c6ac7933 docker.io/library/tomcat:latest catalina.sh run 15 seconds ago Up 15 seconds ago 0.0.0.0:8888->8080/tcp gifted_galileo false
Now, we should be able to access the tomcat at the following URL
http://192.168.91.139:8888/
In the next article we will look at other tools like buildah and skopeo.
Click here for the next related article.
Hope you enjoyed reading this article. Thank you.
Leave a Reply
You must be logged in to post a comment.