How to build, run and manage Linux containers in RHEL8 Server OS

How to build, run and manage Linux containers in RHEL8 Server OS

Purpose – To build, run and manage Linux containers in RHEL8 Server OS

Pre-requisites

RHEL8 Server OS

What are Containers

In layman terms containers are used to package applications and all its dependencies in the form of containers which can be shipped and deployed to be run on any platform independently without any modifications.

In rhel Linux containers use the core technologies such as

Control Groups (CGroups) – For resource management
Namespaces – For process isolation
SELinux – For enabling security

RHEL Linux container provide the below tools which can operate without a container engine (eg. docker container engine)
Here are the list of tools

podman – Client tool for managing container (similar to docker CLI for managing images and containers)
buildah – Client tool for building OCI compliant container images
skopeo – Client tool sigining, authenticating and copying container images to and from container registries
runc – Its a lightweight Container runtime

Redhat provides container images and related software for most of the architecture.

Make sure to register and attach rhel subscription before proceeding with the below steps for building, running and managing Linux containers

Step1: Install container-tools package

[root@rhelser8 ~]# yum module install container-tools

Installed:
  runc-1.0.0-52.rc5.dev.git2abd837.el8+1884+9fee228c.x86_64
  container-storage-setup-0.11.0-2.git5eaf76c.el8+1431+1e5d561c.noarch
  slirp4netns-0.1-1.dev.gitc4e1bc5.el8+1463+3d8a3dce.x86_64
  buildah-1.4-2.git608fa84.el8+2005+c789302b.x86_64
  container-selinux-2:2.73-3.el8+1838+91f7e486.noarch
  fuse-overlayfs-0.1-7.dev.git50c7a50.el8+2117+8020c482.x86_64
  skopeo-1:0.1.31-11.gitb0b750d.el8+1853+ae0bb178.x86_64
  podman-0.10.1.3-5.gitdb08685.el8+2131+7e3e9e07.x86_64
  oci-systemd-hook-1:0.1.15-2.git2d0b8a3.el8+1431+1e5d561c.x86_64
  oci-umount-2:2.3.4-2.git87f9237.el8+1431+1e5d561c.x86_64
  containernetworking-plugins-0.7.3-6.git19f2f28.el8+1742+b7ea820a.x86_64
  containers-common-1:0.1.31-11.gitb0b750d.el8+1853+ae0bb178.x86_64
  protobuf-c-1.3.0-4.el8.x86_64
  yajl-2.1.0-10.el8.x86_64
  criu-3.10-4.el8.x86_64
  libnet-1.1.6-15.el8.x86_64
  ostree-libs-2018.8-2.el8.x86_64
  python3-policycoreutils-2.8-9.el8.noarch
  fuse3-libs-3.2.1-11.el8.x86_64
  python3-setools-4.1.1-11.el8.x86_64
  policycoreutils-python-utils-2.8-9.el8.noarch
  python3-IPy-0.81-22.el8.noarch
  python3-libsemanage-2.8-3.1.el8.x86_64
  python3-audit-3.0-0.5.20180831git0047a6c.el8.x86_64
  checkpolicy-2.8-1.el8.x86_64
Complete!

By default, the below configuration file defines access to container registries when we work with container tools such as podman
[root@rhelser8 containers]# grep -v ^# /etc/containers/registries.conf
[registries.search]
registries = [‘registry.redhat.io’, ‘quay.io’, ‘docker.io’]
[registries.insecure]
registries = []
[registries.block]
registries = []

Step2: Pull image from registry

First, we need to connect to the redhat registry from where we want to pull the container images

[root@rhelser8 ~]# podman login registry.redhat.io
Username: <username>
Password:
Login Succeeded!

Now, lets pull two images from the above connected registry
[root@rhelser8 ~]# podman pull registry.redhat.io/rhel8-beta/rhel
Trying to pull registry.redhat.io/rhel8-beta/rhel…Getting image source signatures
Copying blob sha256:619051b1fc41546ce2c2d6911145f66472d72caf7a4aaf8ffcad782f27227e9c
 66.48 MB / 66.48 MB [====================================================] 6m2s
Copying blob sha256:386105ae8b6231e5c25160d9a40bec1da1fdb822455f6e3094bef2b6e877d865
 1.33 KB / 1.33 KB [========================================================] 0s
Copying config sha256:a80dad1c19537b0961e485dfa0a43fbe3c0a71cec2cca32d3264e087e396a211
 6.33 KB / 6.33 KB [========================================================] 0s
Writing manifest to image destination
Storing signatures
a80dad1c19537b0961e485dfa0a43fbe3c0a71cec2cca32d3264e087e396a211
[root@rhelser8 ~]# podman pull registry.redhat.io/rhel8-beta/rsyslog
Trying to pull registry.redhat.io/rhel8-beta/rsyslog…Getting image source signatures
Skipping fetch of repeat blob sha256:619051b1fc41546ce2c2d6911145f66472d72caf7a4aaf8ffcad782f27227e9c
Skipping fetch of repeat blob sha256:386105ae8b6231e5c25160d9a40bec1da1fdb822455f6e3094bef2b6e877d865
Copying blob sha256:4cab29f2fdd7fb9008909ba7ad648ce200e5a57ae9849b43981297ae9fe26e46
 5.23 MB / 5.23 MB [=======================================================] 18s
Copying config sha256:7d913cca82b9d9bbe19530e7c16168267c13513aacf08aae862a9411f694dbfe
 5.44 KB / 5.44 KB [========================================================] 0s
Writing manifest to image destination
Storing signatures
7d913cca82b9d9bbe19530e7c16168267c13513aacf08aae862a9411f694dbfe
[root@rhelser8 ~]# podman images
REPOSITORY                              TAG      IMAGE ID       CREATED        SIZE
registry.redhat.io/rhel8-beta/rsyslog   latest   7d913cca82b9   5 months ago   228MB
registry.redhat.io/rhel8-beta/rhel      latest   a80dad1c1953   5 months ago   210MB
Step3: Run the downloaded image
[root@rhelser8 ~]# hostname
rhelser8.stack.com
[root@rhelser8 ~]# podman run -it registry.redhat.io/rhel8-beta/rhel /bin/bash
bash-4.4# echo $HOSTNAME
4b30bfbf9046
Lets list out the containers that are currently running on another host terminal and stop the running container
[root@rhelser8 ~]# podman ps
CONTAINER ID   IMAGE                                       COMMAND     CREATED          STATUS              PORTS   NAMES
4b30bfbf9046   registry.redhat.io/rhel8-beta/rhel:latest   /bin/bash   46 seconds ago   Up 46 seconds ago           wonderful_haibt
[root@rhelser8 ~]#
Step4: Stop and Remove the container and downloaded images
[root@rhelser8 ~]# podman stop 4b30bfbf9046
4b30bfbf9046a450e7860f6023591c53db4a1cd97434a4c90e49b33aa5158b84
[root@rhelser8 ~]# podman ps
[root@rhelser8 ~]#
Once the container is stopped we can remove that inactive container using below. I have used ‘-a’ all active and exited container but we can pass the specific container id also to remove that specific container id.
[root@rhelser8 ~]# podman rm -a 
Now, we will remove the images once all the containers are stopped and removed as below
[root@rhelser8 ~]# podman images
REPOSITORY                              TAG      IMAGE ID       CREATED        SIZE
registry.redhat.io/rhel8-beta/rsyslog   latest   7d913cca82b9   5 months ago   228MB
registry.redhat.io/rhel8-beta/rhel      latest   a80dad1c1953   5 months ago   210MB
[root@rhelser8 ~]# podman rmi 7d913cca82b9 a80dad1c1953
7d913cca82b9d9bbe19530e7c16168267c13513aacf08aae862a9411f694dbfe
a80dad1c19537b0961e485dfa0a43fbe3c0a71cec2cca32d3264e087e396a211
Here, let us look at another example on Tomcat container from docker registry
Step1: Search for Tomcat image in docker.io registry
[root@rhelser8 ~]# podman search docker.io/library/tomcat
INDEX       NAME                          DESCRIPTION                                       STARS   OFFICIAL   AUTOMATED
docker.io   docker.io/library/tomcat      Apache Tomcat is an open source implementati…   2365    [OK]
Step2: Pull the Tomcat image from registry
[root@rhelser8 ~]# podman pull docker.io/library/tomcat
Trying to pull docker.io/library/tomcat…Getting image source signatures
Copying blob sha256:e79bb959ec00faf01da52437df4fad4537ec669f60455a38ad583ec2b8f00498
 43.24 MB / 43.24 MB [===================================================] 1m13s
Writing manifest to image destination
Storing signatures
5a069ba3df4d4221755d76d905ce8a0d2eedf3edbd87dca05a6259114c7b93d4
Step3: Run the default tomcat instance
[root@rhelser8 ~]# podman images
REPOSITORY                 TAG      IMAGE ID       CREATED       SIZE
docker.io/library/tomcat   latest   5a069ba3df4d   2 weeks ago   480MB
[root@rhelser8 ~]# podman run -it -d -p 8888:8080 5a069ba3df4d
6786c6ac79331c63ef8d5178f9b7d18441b0c197956eded1c883eff279657dd9
[root@rhelser8 ~]# podman ps -a
CONTAINER ID   IMAGE                             COMMAND           CREATED          STATUS              PORTS                    NAMES            IS INFRA
6786c6ac7933   docker.io/library/tomcat:latest   catalina.sh run   15 seconds ago   Up 15 seconds ago   0.0.0.0:8888->8080/tcp   gifted_galileo   false
Now, we should be able to access the tomcat at the following URL
http://192.168.91.139:8888/
In the next article we will look at other tools like buildah and skopeo. Click here for the next related article.
Hope you enjoyed reading this article. Thank you.