Enterprise 8 package management

Question 1

What’s the difference between binary and source packages?

Answer 1

Binary are install ready. They have .rpm extension and contain install scripts. This has everything you need to install something.

Source come with original unmodified version of software that may be unpackaged, modified as desired, and repackaged in binary format. End with .src

Question 2

Name the different fields:
openssl-1.1.1-8.el8.x86_64

Answer 2

openssl : name
1.1.1 : version
8 : release
el8 : Enterprise Linux 8 (not all packages have this)
x86-64 : processor

Question 3

Where is package metadata stored? This will include dependencies

Answer 3

/var/lib/rpm

Question 4

What command would you use if your trying to pull a package from a repo and it’s giving you meta data back. Also, if you turn off the gpg check it works.

Rename an image that only has an image id

Answer 4

Import all GPG keys to keyring
rpm –import /etc/pki/rpm-gpg/RPM-GPG-KEY*

Show GPG keys on keyring
rpm -qa gpg-pubkey*

Shows info on a certain gpg key
gpg-pubkey-db42a60e-37ea5438

podman image tag 12tg9824ht2t new_name

Question 5

If you wanted to make changes to all repos, what file would you modify?

Answer 5

/etc/yum.conf

Question 6

We’re making a repo that links to a server that requires authentication, how would you do this?

Answer 6

baseurl=http://user:password@www.example.com/repo/

baseurl=joshc:password@www.example.com/repo/

Question 7

What is a container
What is an image?

Answer 7

Process has it’s own namespace and is separate from other processes. The container is sandboxed.

Image - binary, code. Empty file system which is a parent of bare bones of an OS which is a parent of sshd which is a parent of an application. Like multiple snapshots.

Question 8

Copy a container image from one registry to another

Answer 8

Registry - repo or collection of repos.

First part is from, last part is to:

skopeo copy docker://quay.io/skopeo/stable:latest docker://registry.example.com/skopeo:latest

Question 9

Diff between container and vm

Answer 9

VM is the whole os

Container is the library and the app.

These are ran in an isolated environment created by Kernel namespaces

Question 10

Difference between podman and docker

Answer 10

podman is daemonless and open source.
Podman containers can be ran by root or by a non-privileged user

Question 11

What are linux namespaces?

Answer 11

Partition of kernel resources

Question 12

execute a command on a machine via podman

Answer 12

podman exec test2 ifconfig eth0

Question 13

What is IPC?

Answer 13

Interprocess communication (IPC) comm channel between two aps

Question 14

What is UTS?

Answer 14

Unix time-sharing namespace
allows single system to appear to have diff host and domain names to a diff process.

Question 15

Create a container with the name test 3 and a hostname of test3.example.com out of docker.io/alpine

Answer 15

podman run -it –name test –hostname=test3.example.com docker.io/alpine sh

uname -a (to double check)

Question 16

If you log into your container and run the ps -ef command, you’ll see the shell is ran as root/1. Make this run as user 12345 instead, will this show up this way on your regular machine?

Answer 16

podman run -it –name=test4 –user 12345 docker.io/alpine sh

yes

ps -ef | grep 12345

Question 17

Normally your container has access to all resources your host does.
Show it’s resources.
Create a container that can only use 50 Megs of mem and make it run in the background

Answer 17

CGropu limits app to set of resources so control groups allow us to share avail hardware to containers

podman stats test1

podman run -it –name=test6 –memory=50M -d alpine sh

Question 18

What is UnionFS?

Answer 18

Union file system
file system that operate by creating layers

Question 19

What is a registry?
Where can you see what registries podman will automatically search?

Answer 19

Stores images
podman info
grep *registries /etc/containers/registries.conf

Question 20

Sometimes you will see the below errors:
Error relocating /lib/ld-mus1-x86_64.so.1: RELRO protection failed: permission denied
Error relocating /bin/echo: RELRO protection failed: Permission denied

What should you do?

Answer 20

sudo restorcon -R ~/.local/share/containers/storage/overlay*

Question 21

search podman for ubuntu, only show the top 3 results

Answer 21

podman search ubuntu –limit 3

Question 22

shutdown a container gracefully and then force

Answer 22

podman stop test1
podman kill test1 (this won’t be clean)

Question 23

Look at an images network config
of httpd specifically the port
Make that port correspond to a port on your host
Confirm
Copy index.html from httd to your machine, make changes, and send back

Answer 23

podman inspect image_one
“config”:

podman run -d -p 8080:80 docker.io/library/httpd:latest

curl http://localhost;8080

podman exec -it container_name bash

ctrl ^pq

podman cp help

podman cp container_name:/usr/local/apache2/htdocs/index.html index.html

vi index.html

podman cp index.html container_name:/usr/local/apache2/htdocs/index.html

Question 24

What’s the difference between podman run -p
and
podman run -P

Answer 24

podman run -p - publish container port or range of ports to host

podman run -P publich all exposed ports to random ports on the host interface

Question 25

Rootless vs Rootfull containers

Answer 25

Rootless containers cannot create network interfaces on host, so the default net mode is slirp4netns. This lack features like it can’t give a container a routable IP.

Rootfull containers use netavark which allows container to have routable IP.

Question 26

Create a sql database that an apache server uses

apache you will need:
docker.io/swapnillinux/apache-php

Answer 26

podman pull mysql-57
podman inspect mysql-57
podman run mysql-57
podman run –name=friends-db -p 3306:3306 -e MYSQL_USER=user1
-e MYSQL_PASSWORD=pass1234 -e MYSQL_DATABASE=friends -e MYSQL_ROOT_PASSWORD=rootpass -d mysql-57

(-e create environment variable)

podman inspect friends-db
(get the ip address)

podman pull docker.io/swapnillinux/apache-php
podman inspect apache-php (check ports)

podman run –name=friends-app -p 8080:80 - e -e MYSQL_USER=user1
-e MYSQL_PASSWORD=pass1234 -e MYSQL_DATABASE=friends -e MYSQL_ROOT_PASSWORD=rootpass -e DBHOST=mysql –add-host=mysql:10.88.0.3 -d apache-php

(DBHOST adds an ip to your /etc/host file)

(we’ll pull the application)
yum install git -y

git clone https://github.com/swapnil-linux/php-app

cd php-app
vi index.php

podman cp index.php friends-app:/var/www/html/index.php

podman ps

curl http://localhost:8080/index.php

podman exec -it friends-db bash
mysql -u user1 -ppass1234 friends

Insert whatever
quit

curl http://localhost:8080/index.php

cur http:/10.88.0.4 (if you’re looking via ip you don’t need to specify the port)

Question 27

Show sizes of containers
Jump into a container and add a file
then delete a directory
Now show all changes to the container
Show all the tags/versions for alpine
Download a different version of alpine than latest

Answer 27

podman ps -s
podman exec -it container_name bash
podman diff test_1
C- Change
D - Delete
A - Add
podman search docker.io/library/alpine –list-tags | more
podman pull docker.io/library/alpine:20221110

Question 28

Show how registries are searched

Answer 28

grep search /etc/containers/registries.conf

Question 29

Show how much storage your images and containers are taking up

Delete
all stopped containers
all nets not used by containers
all dangling images (images without a name or tag)
all dangling build cache

Then remove everything

Answer 29

podman system df

podman system prune
podman system prune –all

Question 30

Commit your changes to your container by making it into an image

Show images history

Answer 30

podman run –name=alpinebash -it docker.io/alpine sh
add some files, do whatever
exit
podman commit alpinebash swanil/alpinebash
podman history localhost/swapnil/alpinebash (shows what we did)
podman rm alpinebash
podman run -it –name=newalpine swapnil/alpinebash bash (if you downloaded bash)

Question 31

Create a centos image from a dockerfile and add some commands
Add a description that will go in the metadata
Look at the metadata

Answer 31

This is my first Dockerfile

mkdir myhttpd
cd myhttpd
vi Dockerfile
FROM docker.io/centos:8
RUN yum update -y
RUN yum clean all -y
RUN yum install httpd php -y
RUN yum clean all -y
LABEL Description this is Apache
(you can also separate commands by && or semicolon, semicolon = will skip and continue if something doesn’t work)
podman build . -t myhttpd
podman images
podman history myhttpd
podman inspect myhttp (look for labels to find that metadata)

Question 32

Create a temp container out of myhttpd that will erase itself to see if you’re running the right command to start httpd in the foreground

Run that command in your dockerfile for myhttpd but make it the FIRST command

Now change that to be a kernel exec function rather than shell (this runs faster)

Answer 32

podman run -it –rm (two hyphens!) myhttpd bash
ls /sbin/httpd -DFOREGROUND
^C

vi Dockerfile
FROM docker.io/centos:8
RUN yum update && yum install httpd php -y && yum clean all -y
LABEL author me
LABEL description: cool container
CMD /sbin/httpd -DFOREGROUND
podman build -t myhttpd
you can find this by
podman inspect myhttp
(look for cmd)

CMD [“/sbin/httpd”,”-DFOREGORUND”]

Question 33

Create an index page for myhttpd and copy it over to the container via dockerfile

Then create multiple files that are archived

Answer 33

vi index.html

<h1>Wlecome to Podman</h2>
(put in same dir as docker file)

vi Dockerfile

From docker.io/centos:8
RUN yum update && yum install httpd php -y && yum clean all -y
LABEL author Me
COPY index.html /var/www/html/index.html
CMD ["/sbin/httpd","-DFOREGROUND"]
podman build . -t myhttpd

vi test.html
vi abc.html
tar czvf scs.tar.gz *.html
vi Dockerfile
COPY src.tar.gz /tmp
RUN tar xzvf /var/www/html/ (to untar)
OR
ADD src.tar.gz /var/www/html/ (this will untar automatically and if you have a file on a url)

podman build -t myhttpd .
curl http://localhost:8080/abc.html
</h1>

Question 34

We will need to let everyone know what ports are exposed on our myhttpd

When you run your image, tell it to map the exposed port to a random port on your host so you don’t have to type out the extra info

Answer 34

vi Dockerfile
EXPOSE 80
EXPOSE 443

podman run -P -d myhttpd
podman port -l
curl http://localhost:34603

Question 35

In your dockerfile, create a read/write layer - this saves over some changes making the container persistent

Add to the docker file at the end that you’d like to change the directory to /var/www/html/

Answer 35

vi Dockerfile
FROM docker.io/centos:8
RUN yum update && yum install httpd php -y && yum clean all -y
LABEL author ME
ADD scs.tar.gz /var/ww/html
EXPOSE 80 443
VOLUME /data
WORKDIR /var/www/html
CMD [“/sbin/tar.gz”,”-DFOREGROUND”]

Question 36

Add some Environment variables to your Dockerfile

Answer 36

vi Dockerfile
FROM docker.io/centos:8
RUN yum update && yum install httpd php -y && yum clean all -y
LABEL author ME
ADD scs.tar.gz /var/ww/html
EXPOSE 80 443
VOLUME /data
WORKDIR /var/www/html
ENV APIKEY abcd12345
CMD [“/sbin/tar.gz”,”-DFOREGROUND”]

podman inspect myhttpd

Question 37

Create a Centos Dockerfile named Dockerfile.app2 and build a container out of it called myapp version 1
create opt/src and go into that dir
unzip and untar src.tar.gz in that dir
have it run the command python -m SimpleHTTPServer 80
Make sure port 80 can be used for this

This will be running on your host as root user with a diff PID, not safe, what can you do to change that?

Answer 37

FROM docker.io/centos:7
WORKDIR /opt/src
ADD src.tar.gz /opt/src/
EXPOSE 80
CMD python -m SimpleHTTPServer 80
RUN chown -R 1500 /opt/src
podman build -f Dockerfile.app2 -t myapp:v1 .
USER 1500
podman run -d -P myapp:v1
curl http://localhost:32873/test.html
podman top container_name
ps -ef | grep SimpleHTTPServer
(see what ports being used)
podman port -l

Question 38

Create a dockerfile that uses alpine to ping the localhost 3 times and call it test

Run this as a temporary container and add the ping -c5 google.com command to the end of it (this will overwrite your Dockerfile command.

Replace this with a Dockerfile command that prevents another command from being ran

Now make it to where the ping -c3 command is static and the hostname is editable

Since you’ve used build several times with the same tagged name you have some “dangling images” delete them.

Answer 38

mkdir myping
cp myping
vi Dockerfile
FROM docker.io/alpine:latest
CMD [“ping”,”-c3”,”localhost”]
podman build -t test .
podman run –rm test ping -c5 www.google.com

vi Dockerfile
FROM docker.io/alpine:latest
ENTRYPOINT [“ping”,”-c3”,”localhost”]
podman build -t test .
podman run –rm test ping -c5 www.google.com

vi Dockerfile
FROM docker.io/alpine:latest
ENTRYPOINT [“ping”,”-c3”]
CMD [“hostfile”]
podman build -t test .

podman system prune
podman run –rm test www.google.com

Question 39

What option do you use on your build that doesn’t use existing cached images for the container build

Answer 39

–no-cache

Do not use existing cached images for the container build. Build from the start with a new set of cached layers.

This means it is freshly running the build and not using the previous image to start off with

Question 40

Section 6 part 15… will revisit later.

Multi stage build the first part will show you how to make a Dockerfile that uses an app. Show how you would save space by making one part of the file a build and the next the image itself

Answer 40

mkdir mygoapp
cd mygoapp
vi app.go
package main

import fat

func main() {
fmt.println(“helllo world”)
}

vi Dockerfile
FROM golang:1.7.3
COPY app.go .
RUN go build -o app app.go
CMD [”./app”]

podman build -t mygoapp:v1 .

podman run mygoapp:v1
podman images (look at the sizes)
podman history

vi Dockerfile
FROM golang:1.7.3 AS build
COPY app.go
RUN go build -o app app.go .
CMD [”./app*”]
podman build -t mygoapp:v2

Question 40

Run container on outside as danny, then inside

Answer 40

useradd danny
passwd danny
su -l danny (NEED TO USE -l OPTION OR YOU WILL GET AN ERROR)
podman run -it –name=this ubuntu

podman run -it –name=this ubuntu
useradd danny
^pq
podman commit this ub1
podman run -it –name=danny ub1

Question 41

You’ve create an image called myhttpd, how would you send this to quay.io named flash

Answer 41

podman tag myhttpd quay.io/joshcahoe/flash:latest

podman login quay.io

login name and pass
podman push quay.io/joshcahoe/flash:latest

Might need to try twice if you receive an error.

Question 42

Share an image without sending it to a registry

Answer 42

podman save myhttpd -o /tmp/myapps/myhttpd.tar

exit
login as other user
podman load -i /tmp/myapps/myhttpd.tar

Question 43

Containers have their own ips, hostname and network, containers can’t communicate with host unless rootful and at that point they can only communicate with same network

Define different types of networking

Answer 43

Bridge network - virtual bridge connected to host. Like a switch between the two.

Overlay Network - Virtual network that spans multiple hosts

MACVLAN Network - Container connected to the host via its own MAC address. Looks like a separate device.

Question 44

Show network drivers

show active network drivers

show a container’s network information

Create your own bridged network (these are like swiches on different networks)

You have a container that’s on the podman1 network you created, allow that container to now access and communicate with the “podman” network

Create a container from alpine and put it on the host network

Answer 44

sudo podman info | grep -A3 network

sudo podman network ls

podman run -it alpine sh
ifconfig (show net info)

if we create another alpine it will be on the same network and can communicate with alpine

podman network create –help

podman network create podman1
podman network ls
podman run –net=podman1 -it alpine sh
ifconfig

podman network connect podman container_name
podman inspect container_name | grep IPA
podman exec -it container_name sh
ifconfig (it will have two NICs)

podman run –net=host -it alpine sh

Question 45

create a network with MACVLAN driver running off of your eth0 NIC and name it mynet give it a subnet and gateway that you’re using

Answer 45

podman network create –driver macvlan –subnet=172.31.10.0/16 –gateway=172.31.0.1 -o parent=eth0 mynet

podman network ls
podman network inspect mynet

podman run -it –net=mynet alpine sh
ifconfig eth0

Question 46

Does a rootless container create a bridged network?

Show network information using grep to see what the default type network is.

Look at the info on the “podman” network, compare it to the ip of a rootless container you make to see their ips are on a diff network

Create a rootless container and put it on the bridged network, this won’t allow you to communicate with it, just put you on the network. And if you use that same command on another container it can communicate with it :)

Answer 46

No, this will give it a diff ip on a diff network called something different like tap0

podman info | grep -A3 -i network

podman network inspect podman

Remember your rootless container won’t be able to communicate with your host or other containers. We can see this by:

podman inspect container_image
this will show no ip

podman run -it -d –name=web –network=podman container_image

podman inspect container_image | grep IPA

Question 47

Create a volume
Look at it’s info
run an image using the volume you created under /opt/data in the container.
Look at the container’s mounted objects and create a file in /opt/data
exit and remove the container
open a new container and mount the volume, see what happens

Remove the container along with it’s associated volume

Answer 47

podman volume –help

podman volume create mydata

podman volume inspect mydata

podman run -it -v mydata:/opt/data alpine sh

podman exec -it containeri_name bash
df -h
cd /opt/data
echo “hello” > test.txt
exit

podman volume inspect mydata (go to mountpoint)

cd /home/swapnil/.local/share/containers/storage/volumes/mydata/
cd _data
cat test.txt

podman rm container_name

podman run –name=test -it -v mydata:/opt/data alpine sh

cat /opt/data/test.txt

podman rm -v test2

Question 48

What is a pod?

Answer 48

group of containers sharing namespaces and shred filesystem volumes

Have same network and pod ip.

Pods contain an infra container which just sleeps and holds the namespace. This allows podman to connect other containers to the pod.

So you can start and stop containers in the pod but the pod keeps running.

Question 49

Create a pod
show the paused pod
show all running pods
show the infra container
add a container to the pod
show everything that’s in that pod
Confirm that they’re sharing the same network namespace
Run a podman ps command that will let you compare network namespaces
Kill the pod

Answer 49

podman pod –help

podman pod create –name=mypod
podman images (this will show “/pause” that’s the sleeping we talked about)
podman pod ps
podman ps -a –pod
podman run -d –pod mypod quay.io/alpine_nginx
podman ps -a –pod
podman run -itd –pod mypod docker.io/alpine sh

podman pod ps

podman ps
podman exec -it container_name
ps -ef
ifconfig
podman inspect container_name | grep IPA (namespace doesn’t exist)
podman inspect infra | grep IPA
(this will show the ip from the container)

podman ps –ns
(look at “NET” to check the network namespace)
podman pod kill mypod

podman system prune –all -f –volumes

Question 50

Deploy a wordpress application

create pod wp with portforwarding, port 80 goes to host 38080

Run a sql database where it will restart the container if app gets killed
MYSQL_ROOT_PASSWORD=”myrootpass”
MYSQL_DATABASE=”wp”
MYSQL_USER=”wordpress”
MYSQL_PASSWORD=”w0rdpr3ss”
name=wptest-db docker.io/mariadb

Show everything in pod

Run your application pod
Use all the same environment variables but also add
WORDPRESS_DB_HOST=”127.0.0.1”

Answer 50

podman pod create –name=wp -p 38080:80

podman run -d –restart=always –pod=wp -e MYSQL_ROOT_PASSWORD=”myrootpass” -e MYSQL_DATABASE=”wp” -e MYSQL_USER=”wordpress” -e MYSQL_PASSWORD=”w0rdpr3ss” –name=wptest-db docker.io/mariadb

podman run -d –restart=always –pod=wp -e MYSQL_ROOT_PASSWORD=”myrootpass” -e MYSQL_DATABASE=”wp” -e MYSQL_USER=”wordpress” -e MYSQL_PASSWORD=”w0rdpr3ss -e WORDPRESS_DB_HOST=”127.0.0.1” –name=wptest-db docker.io/wordpress

podman pod ps -a –pod

podman pod ps
podman ps

Go to servera.cloud.mask365.com:38080

Question 51

What is a quick way of creating a podman backup? This will create what you had but more quickly.

Create kubernetes file
Then run it

This will make it easy for someone that doesn’t know how to configure all this so they can simply use your container.

Answer 51

podman generate kube wp > wp.yml
(wp being the container name from earlier)
podman play kube wp.yml
podman pod ps
podman ps
podman ps -a