EX188 Flashcards
See if DNS enabled on container
podman network inspect <NETWORK_NAME> - look for "dns_enabled": false,
Create podman network linked to eth0 interface
sudo podman network create -d macvlan -o parent=eth0 webnetwork
Access another container in slirp4netns
must use full host address and mapped host port
Inspect Mounts[0].Source
podman inspect --format="{{ (index .Mounts 0).Source}}" custom-advanced
Run container, bind to localhost, set environment variable, connect to multiple networks
podman run -p 127.0.0.1:8075:80 -e NAME='Red Hat' --net postgres-net,redis-net
Stop all containers, kill after 10 seconds
podman stop --all --time=10
Connect container to a network
podman network connect example-net my-container
See port mapping of a container
podman port my-app
Podman stores the credentials in the
${XDG_RUNTIME_DIR}/containers/auth.json
Login to OpenShift repo
oc login -u admin -p admin REPO_ADDRpodman login -u $(oc whoami) -p $(oc whoami -t) REPO_ADDR
Look for nginx in repositories
podman search nginx
Build image with single layer
podman build --squash-all -t localhost/squashed-all .
Podman repository config file
/etc/containers/registries.conf
Get information on remote docker image
skopeo inspect docker://registry.access.redhat.com/ubi9/nodejs-18
Copy image from remote repo to local file,ignore tls errors
skopeo copy --dest-tls-verify=false docker://registry.access.redhat.com/ubi9/nodejs-18 dir:/var/lib/images/nodejs-18
Containerfile: add multiple labels
LABEL name=”my-namespace/my-image-name” \
vendor=”My Company, Inc.” \
version=”1.2.3” \
Containerfile: Set env var according to argument during build
ARG VERSION=”1.16.8”
ENV VERSION=${VERSION}
Containerfile: Copy file from URL to container
ADD http://someserver.com/filename.pdf /var/www/html
Containerfile: Different container runtime commands, explain difference
ENTRYPOINT [“/usr/sbin/httpd”]
CMD [“-D”, “FOREGROUND”]
Pass argument during image build
podman build --build-arg VERSION=2.0.0
Containerfile: Create user for rootless container run (inside a container)
RUN adduser --no-create-home --system --shell /usr/sbin/nologin python-server
Setup build stage, copy file from it later (and change permissions) on
FROM nodejs-14:1 as builder
COPY --from=builder --chown=default /app/numbers.txt materials/numbers.txt
Podman defines the allowed user and group ID ranges in
/etc/subuid and /etc/subgid files
Add user and group ID ranges
sudo usermod --add-subuids 100000-165535 --add-subgids 100000-165535 studentpodman system migrate
See user / group ID mappings inside a container
sudo podman exec root-gitea cat /proc/self/uid_map /proc/self/gid_map
Allow bind to port 80 and higher.
sudo sysctl -w “net.ipv4.ip_unprivileged_port_start=79”
Set group IDs that are allowed to use the ping utility
sudo sysctl -w "net.ipv4.ping_group_range=0 2000000"
See image layers
podman image tree ubi-httpd
mount read only directory to container
podman run –volume /www:/var/www/html:ro httpd-24
mount directory with selinux errors (explain flags)
podman run -v ./SQL_FILE:/tmp/SQL_FILE:Z
- Lower case
zlets different containers share access to a bind mount. - Upper case
Zprovides the container with exclusive access to the bind mount.
Backup, restore backup of a volume
podman volume export http_data --output web_data.tar.gzpodman volume import http_data web_data.tar.gz
Run container with temporary volume
podman run --mount type=tmpfs,tmpfs-size=512M,destination=/var/lib/pgsql/data httpd-24
Get owner/group IDs of a folder inside of container.
podman unshare ls -ln --directory ~/www
See SElinux label on localfile system
ls -Zd /www
See ports used inside of container, explain flags
podman exec -it CONTAINER ss -pant
-p # display the process using the socket
-a # display listening and established connections
-n # display numeric ports instead of mapped service names
-t # display TCP sockets
See ports inside of container when the image does not include diagnostic tools
sudo nsenter -n -t CONTAINER_PID ss -pant
Compose: top level keywords
version
services
networks
volumes
Compose: Empty network and external network
networks:
app-net: {}
db-net:
external: true
Compose: Empty volume and external volume
volumes:
db-vol: {}
my-volume:
external: true
Compose: Container depending on another container (database)
services:
database-admin:
depends_on:
- database # start after the database container.
database service with postgress image, custom name, port mapping, environment variables, custom runtime command, attached to few networks and volume
services:
database: # database container
image: "registry.redhat.io/rhel9/postgresql-13"
container_name: "appdev-postgresql"
ports:
- 3030:8080
environment:
ACCOUNTS_SERVICE: http://accounts
command: sh -c "COMMAND"
networks:
- app-net
- db-net
volumes:
- db-vol:/var/lib/postgresql/data #Re-create compose containers on start and anonymous volumes.
podman-compose up --force-recreate -V
Get podman events from 5 minutes ago, dont follow logs
podman events --since 5m --stream=false --filter 'event=stop'
Start podman container with secret stored in a file
echo "Gr8P@ssword!" | podman secret create my-password -
podman run --secret=my-password ubi9
Path where podman secret is available
/run/secrets/my_secret
COMPOSE: Define file secret
secrets:
my_secret:
file: ./my_secret.txt Install podman compose
pip3 install podman-compose
