Containers

Question 1

Explain what a container is and how to use one

Answer 1

A container is a set of one or more processes that are isolated from the rest of the system.

Question 2

What 3 core technologies make up a container?

Answer 2

‣ Control Groups (cgroups) for resource management
‣ Namespaces for process isolation
‣ SELinux and Seccomp (Secure Computing mode) to enforce security boundaries

Question 3

What are the 3 primary container tools used to manage, inspect and create containers?

Answer 3

‣ podman - directly manages containers and container images
‣ skopeo - inspects, copy, deletes and signs images
‣ buildah - creates new container images

Question 4

Install container management tools and run a simple rootless container

Answer 4

yum module install container-tools

Question 5

Start a rootless container

Answer 5

$ podman login registry.lab.example.com
$ podman pull registry.access.redhat.com/ubi8:latest
$ podman images
$ podman run -it registry.access.redhat.com/ubi8/ubi:latest
(-t is for –tty meaning pseudo-terminal)
(-i is for –interactive which means it accepts input)
(-d is for –detach which runs in the background)

Question 6

Start a container named rhel8 with a bash terminal inside

Answer 6

$ podman run -it –name=rhel8 registry.access.redhat.com/ubi8/ubi /bin/bash

Question 7

Run a container that removes itself once the command is completed

Answer 7

$ podman run –rm registry.access.redhat.com/ubi8/ubi cat /etc/os-release

Question 8

Display container registry configuration

Answer 8

$ cat /etc/containers/registries.conf
or rootless is:
$ cat $HOME/.config/containers
(rootless settings override system)

Question 9

Display podman configuration info

Answer 9

$ podman info

Question 10

Find container images that start with “ubi” within a container registry

Answer 10

$ podman search registry.redhat.io/rhel8/ubi
or for longer descriptions:
$ podman search –notruc registry.access.redhat.com/rhel8/ubi

Question 11

What is the offical Red Hat container catalog

Answer 11

https://access.redhat.com/containers

Question 12

Inspect a remote container image

Answer 12

$ skopeo inspect docker://registry.redhat.io/rhel8/python-36

Question 13

List locally stored container images

Answer 13

$ podman images

Question 14

Inspect a locally stored container image

Answer 14

$ podman inspect registry.redhat.io/rhel8/python-38

Question 15

Remove a locally stored container image

Answer 15

$ podman rmi registry.redhat.io/rhel8/python-36:latest

Question 16

Create a detached container named mydb, publish port 3306, & declare file variables.

Answer 16

$ podman run -d –name mydb -e MYSQL_USER=user1 -e MYSQL_PASSWORD=redhat -e MYSQL_DATABASE=items -e MYSQL_ROOT_PASSWORD=redhat -p 3306:3306 registry.lab.example.com/rhel8/mariadb-103:1-102

Question 17

Confirm which containers are running

Answer 17

$ podman ps

Question 18

Connect to a premade mysql container & confirm the running databases

Answer 18

$ mysql -u user1 -p –port=3306 –host=127.0.0.1

mariadb[]> show databases;

Question 19

Stop a container

Answer 19

$ podman stop mydb

Question 20

Create a container running an Apache HTTP Server that starts an interactive bash shell

Answer 20

$ podman run –name myweb -it registry.lab.example.com/rhel8/httpd-24:1-105 /bin/bash

Question 21

Connect to a container and display the linux kernel release version

Answer 21

$ podman exec mysecondweb uname -sr

Question 22

Connect to a container using a previously used container ID & display the system load average

Answer 22

$ podman exec -l uptime

Question 23

Create a container named myquickweb that lists the contents of /etc/redhat-release & then auto- exits/deletes the container

Answer 23

$ podman run –name myquickweb –rm registry.lab.example.com/rhel8/httpd-24:1-105 cat /etc/redhat-release

Question 24

Stop & delete ALL containers

Answer 24

$ podman stop -a
$ podman rm -a
$ podman ps -a

Question 25

Create a detached container named myweb.
‣ Map port 8080 to 8080
‣ Mount ~/webcontent from host to /var/www
‣ Add Z as volume mount option (relabels directory and content to be SELINUX context container_file_t)

Answer 25

$ podman run -d –name myweb -p 8080:8080 -v ~/webcontent:/var/www:Z registry.lab.example.com/rhel8/httpd-24:1-98

Question 26

Change container behavior to allow systemd services to continue

Answer 26

$ loginctl enable-linger

$ loginctl show-user user

Question 27

Where are container systemd user services stored

Answer 27

$ ls ~/.config/systemd/user
myapp.service
$ systemctl --user daemon-reload
$ systemctl --user enable myapp.service
$ systemctl --user start myapp.service

Question 28

Create a systemd unit file for a container

Answer 28

$ cd ~/.config/systemd/user

$ podman generate systemd –name web –files –new

Question 29

Configure a container to start when the host machine starts

Answer 29

$ loginctl enable-linger

$ systemctl –user enable container-web

Question 30

Disable the start of a container when a host machine starts

Answer 30

$ systemctl –user disable container-web