EX188

Question 1

See if DNS enabled on container

Answer 1

podman network inspect <NETWORK_NAME> - look for "dns_enabled": false,

Question 2

Create podman network linked to eth0 interface

Answer 2

sudo podman network create -d macvlan -o parent=eth0 webnetwork

Question 3

Access another container in slirp4netns

Answer 3

must use full host address and mapped host port

Question 4

Inspect Mounts[0].Source

Answer 4

podman inspect --format="{{ (index .Mounts 0).Source}}" custom-advanced

Question 5

Run container, bind to localhost, set environment variable, connect to multiple networks

Answer 5

podman run -p 127.0.0.1:8075:80 -e NAME='Red Hat' --net postgres-net,redis-net

Question 6

Stop all containers, kill after 10 seconds

Answer 6

podman stop --all --time=10

Question 7

Connect container to a network

Answer 7

podman network connect example-net my-container

Question 8

See port mapping of a container

Answer 8

podman port my-app

Question 9

Podman stores the credentials in the

Answer 9

${XDG_RUNTIME_DIR}/containers/auth.json

Question 10

Login to OpenShift repo

Answer 10

oc login -u admin -p admin REPO_ADDR
podman login -u $(oc whoami) -p $(oc whoami -t) REPO_ADDR

Question 11

Look for nginx in repositories

Answer 11

podman search nginx

Question 12

Build image with single layer

Answer 12

podman build --squash-all -t localhost/squashed-all .

Question 13

Podman repository config file

Answer 13

/etc/containers/registries.conf

Question 14

Get information on remote docker image

Answer 14

skopeo inspect docker://registry.access.redhat.com/ubi9/nodejs-18

Question 15

Copy image from remote repo to local file,ignore tls errors

Answer 15

skopeo copy --dest-tls-verify=false docker://registry.access.redhat.com/ubi9/nodejs-18 dir:/var/lib/images/nodejs-18

Question 16

Containerfile: add multiple labels

Answer 16

LABEL name=”my-namespace/my-image-name” \
vendor=”My Company, Inc.” \
version=”1.2.3” \

Question 17

Containerfile: Set env var according to argument during build

Answer 17

ARG VERSION=”1.16.8”
ENV VERSION=${VERSION}

Question 18

Containerfile: Copy file from URL to container

Answer 18

ADD http://someserver.com/filename.pdf /var/www/html

Question 19

Containerfile: Different container runtime commands, explain difference

Answer 19

ENTRYPOINT [“/usr/sbin/httpd”]
CMD [“-D”, “FOREGROUND”]

Question 20

Pass argument during image build

Answer 20

podman build --build-arg VERSION=2.0.0

Question 21

Containerfile: Create user for rootless container run (inside a container)

Answer 21

RUN adduser --no-create-home --system --shell /usr/sbin/nologin python-server

Question 22

Setup build stage, copy file from it later (and change permissions) on

Answer 22

FROM nodejs-14:1 as builder

COPY --from=builder --chown=default /app/numbers.txt materials/numbers.txt

Question 23

Podman defines the allowed user and group ID ranges in

Answer 23

/etc/subuid and /etc/subgid files

Question 24

Add user and group ID ranges

Answer 24

sudo usermod --add-subuids 100000-165535 --add-subgids 100000-165535 student
podman system migrate

Question 25

See user / group ID mappings inside a container

Answer 25

sudo podman exec root-gitea cat /proc/self/uid_map /proc/self/gid_map

Question 26

Allow bind to port 80 and higher.

Answer 26

sudo sysctl -w “net.ipv4.ip_unprivileged_port_start=79”

Question 27

Set group IDs that are allowed to use the ping utility

Answer 27

sudo sysctl -w "net.ipv4.ping_group_range=0 2000000"

Question 28

See image layers

Answer 28

podman image tree ubi-httpd

Question 29

mount read only directory to container

Answer 29

podman run –volume /www:/var/www/html:ro httpd-24

Question 30

mount directory with selinux errors (explain flags)

Answer 30

podman run -v ./SQL_FILE:/tmp/SQL_FILE:Z

• Lower case z lets different containers share access to a bind mount.
• Upper case Z provides the container with exclusive access to the bind mount.

Question 31

Backup, restore backup of a volume

Answer 31

podman volume export http_data --output web_data.tar.gz
podman volume import http_data web_data.tar.gz

Question 32

Run container with temporary volume

Answer 32

podman run --mount type=tmpfs,tmpfs-size=512M,destination=/var/lib/pgsql/data httpd-24

Question 33

Get owner/group IDs of a folder inside of container.

Answer 33

podman unshare ls -ln --directory ~/www

Question 34

See SElinux label on localfile system

Answer 34

ls -Zd /www

Question 35

See ports used inside of container, explain flags

Answer 35

podman exec -it CONTAINER ss -pant

-p # display the process using the socket
-a # display listening and established connections
-n # display numeric ports instead of mapped service names
-t # display TCP sockets

Question 36

See ports inside of container when the image does not include diagnostic tools

Answer 36

sudo nsenter -n -t CONTAINER_PID ss -pant

Question 37

Compose: top level keywords

Answer 37

version
services
networks
volumes

Question 38

Compose: Empty network and external network

Answer 38

networks:
app-net: {}
db-net:
external: true

Question 39

Compose: Empty volume and external volume

Answer 39

volumes:
db-vol: {}
my-volume:
external: true

Question 40

Compose: Container depending on another container (database)

Answer 40

services:
database-admin:
depends_on:
- database # start after the database container.

Question 41

database service with postgress image, custom name, port mapping, environment variables, custom runtime command, attached to few networks and volume

Answer 41

services:
  database: # database container
    image: "registry.redhat.io/rhel9/postgresql-13"
    container_name: "appdev-postgresql"
    ports:
      - 3030:8080
    environment:
      ACCOUNTS_SERVICE: http://accounts
    command: sh -c "COMMAND"
    networks:
      - app-net
      - db-net
    volumes:
      - db-vol:/var/lib/postgresql/data #

Question 42

Re-create compose containers on start and anonymous volumes.

Answer 42

podman-compose up --force-recreate -V

Question 43

Get podman events from 5 minutes ago, dont follow logs

Answer 43

podman events --since 5m --stream=false --filter 'event=stop'

Question 44

Start podman container with secret stored in a file

Answer 44

echo "Gr8P@ssword!" | podman secret create my-password -

podman run --secret=my-password ubi9

Question 45

Path where podman secret is available

Answer 45

/run/secrets/my_secret

Question 46

COMPOSE: Define file secret

Answer 46

secrets:
  my_secret:
    file: ./my_secret.txt 

Question 47

Install podman compose

Answer 47

pip3 install podman-compose