What Are Containers? | Container Vs Virtual machine | Manage Containers in RHEL 8

# dnf install -y @container-tools

# podman version

To search a registry for a container image using the syntax:

# podman search registry/container_image

For example, to search for a Redis image in the registry.redhat.io registry, invoke the command:

# podman search registry.redhat.io/redis

To search for a MariaDB container image run.

# podman search registry.redhat.io/mariadb

To obtain an elaborate description of a container image, use the –no-trunc option before the name of the container image from the results that you get. For instance, we will try to obtain a detailed description of the MariaDB container image as shown:

# podman search –no-trunc registry.redhat.io/rhel8/mariadb-103

Pulling Container Images

Pulling or retrieving container images from a remote registry requires that you first authenticate before anything else. For example, to retrieve the MariaDB container image, first log in to the Redhat registry:

# podman login

Provide your username and password and hit ‘ENTER‘ on your keyboard. If all goes well, you should get a confirmation message that the login to the registry was successful.

# podman pull <registry>[:<port>]/[<namespace>/]<name>:<tag>

The <registry> refers to the remote host or registry that provides a repository of container images on the TCP <port>. The <namespace> and the <name> collectively specify a container image based on the <namespace> at the registry. Finally, the <tag> option specifies the version of the container image. If none is specified, the default tag – latest – is used.

It’s always recommended to add trusted registries, that is those that provide encryption and don’t allow anonymous users to spawn accounts with random names.

To pull the MariaDB image, run the command:

# podman pull registry.redhat.io/rhel8/mariadb-103

For subsequent container images pull, no further logging in is required since you are already authenticated. To pull a Redis container image, simply run:

# podman pull registry.redhat.io/rhscl/redis-5-rhel7

Once you are done pulling the images, you can view the images currently existing on your host by running the podman images command.

# podman images

Before running a container, it’s always a good idea to probe the image and get to understand what it does. The podman inspect command prints out a sea of metadata about the container such as the OS and Architecture.

To inspect an image, run the podman inspect command followed by the image ID or repository.

# podman inspect IMAGE ID

OR

# podman inspect REPOSITORY

In the example below, we’re inspecting the MariaDB container.

# podman inspect registry.redhat.io/rhel8/mariadb-103

To pull specific metadata for a container pass the –format option followed by the metadata and the container identity ( Image ID or name ).

In the example below, we’re retrieving information about the architecture and description of the RHEL 8 base container which falls under the ‘Labels’ section.

# podman inspect –format=’{{.Labels.architecture}}’ image ID

# podman inspect –format=’{{.Labels.description}}’ image ID

To inspect a remote image from another registry, use the skopeo inspect command. In the example below, we are inspecting an RHEL 8 init image hosted on Docker.

# skopeo inspect docker://registry.redhat.io/rhel8-beta/rhel-init

Tagging Container Images

As you might have noted, image names are usually generic in nature. For example, the redis image is labeled:

registry.redhat.io/rhscl/redis-5-rhel7

Tagging images gives them a more intuitive name to better understand what they contain. Using the podman tag command, you can create an image tag which is essentially an alias to an image name that comprises different parts.

These are:

registry/username/NAME:tag

For example, to change the generic name of the Redis image which has an ID of 646f2730318c , we will execute the command:

# podman tag 646f2730318c myredis

To add a tag at the end append a full colon followed by the tag number:

# podman tag 646f2730318c myredis:5.0

Without adding the tag number, it will just be assigned the attribute latest.

Running Container Images

To run a container, use the podman run command. For example:

# podman run image_id

To run a container silently in the background as a daemon service use the -d option as shown.

# podman run -d image_id

For example, to run the redis image with ID 646f2730318c, we will invoke the command:

# podman run -d 646f2730318c

If you are running a container based on an operating system such as RHEL 8 base image, you can gain access to the shell using the -it directive. The -i option creates an interactive session while the -t spawns a terminal session. The –name option sets the container name to mybash while is the ecbc6f53bba0 image id of the base image.

# podman run -it –name=mybash ecbc6f53bba0

Thereafter, you can run any shell commands. In the example below, we are verifying the OS version of the container image.

# cat /etc/os-release

To exit the container, simply invoke the exit command.

# exit

Once the container is exited, it automatically stops. To start the container again, use the podman start command with the -ai flag as shown.

# podman start -ai mybash

Once again, this gives you access to the shell.

Listing Running Container Images

To list currently running containers, use the podman ps command as shown.

# podman ps

To view all containers including those ones that have exited after running, use the command:

# podman ps -a

Configure Container Images to Auto Start Under Systemd Service

In this section, we focus on how a container can be configured to run directly on an RHEL system as a systemd service.

First, get your preferred image. In this case, we have pulled the Redis image from docker hub:

# podman pull docker.io/redis

If you have SELinux running on your system, you need to activate the container_manage_cgroup boolean to run containers with systemd.

# setsebool -P container_manage_cgroup on

Thereafter, run the container image in the background and assign it to your preferred image name. In this example, we have named our image redis_server and mapped the port 6379 from the container to our RHEL 8 host

# podman run -d –name redis_server -p 6379:6379 redis

Next, we are going to create a systemd unit configuration file for redis in the /etc/systemd/system/ directory.

# vim /etc/systemd/system/redis-container.service

Paste the content below to the file.

[Unit]

Description=Redis container

[Service]

Restart=always

ExecStart=/usr/bin/podman start -a redis_server

ExecStop=/usr/bin/podman stop -t 2 redis_server

[Install]

WantedBy=local.target

Save and exit the file.

Next, configure the container to start automatically on bootup.

# systemctl enable redis-container.service

Next, start the container and verify its running status.

# systemctl start redis-container.service

# systemctl status redis-container.service

Configure Persistent Storage for Container Images

When running containers, it’s prudent to configure persistent external storage on the host. This provides a backup in case the container crashes or gets removed accidentally.

To persist the data, we are going to map a directory located in the host to a directory inside the container.

$ podman run –privileged -it -v /var/lib/containers/backup_storage:/mnt registry.redhat.io/ubi8/ubi /bin/bash

The –privileged option is passed when SELinux is set to enforcing. The -v option specifies the external volume which is located on the host. The container volume here is the /mnt directory.

Once we have accessed the shell, we are going to create a sample file testing.txt in the /mnt directory as shown.

$ echo "This tests persistent external storage" > /mnt/testing.txt

We will then exit the container and check whether the file exists in the external storage residing on the host

# exit

# cat /var/lib/containers/backup_storage/testing.txt

Output ⇒ This tests persistent external storage.

Stopping and Removing Containers

Once you are done with running your container, you can stop it using the podman stop command followed by the container-id which you can obtain from the podman ps command.

# podman stop container-id

To remove the containers that you no longer need, first, ensure that you stop it and then invoke the podman rm command followed by the container id or name as an option.

# podman rm container-id

To remove multiple containers at a go in one command, specify the container ids separated by a space.

# podman rm container-id-1 container-id-2 container-id-3

To clear all your containers, run the command:

# podman rm -a

Removing an Image

To remove an image, first, ensure that all containers spawned from the images are stopped and removed as discussed in the previous sub-topic.

Next, proceed and run the podman -rmi command followed by the ID of the image as shown:

# podman -rmi image-id

12 thoughts on “What Are Containers? | Container Vs Virtual machine | Manage Containers in RHEL 8 | Nehra Classes”

@NehraClasses

June 17, 2024 at 11:18 am

# dnf install -y @container-tools

# podman version

To search a registry for a container image using the syntax:

# podman search registry/container_image

For example, to search for a Redis image in the registry.redhat.io registry, invoke the command:

# podman search registry.redhat.io/redis

To search for a MariaDB container image run.

# podman search registry.redhat.io/mariadb

To obtain an elaborate description of a container image, use the –no-trunc option before the name of the container image from the results that you get. For instance, we will try to obtain a detailed description of the MariaDB container image as shown:

# podman search –no-trunc registry.redhat.io/rhel8/mariadb-103

Pulling Container Images

Pulling or retrieving container images from a remote registry requires that you first authenticate before anything else. For example, to retrieve the MariaDB container image, first log in to the Redhat registry:

# podman login

Provide your username and password and hit ‘ENTER‘ on your keyboard. If all goes well, you should get a confirmation message that the login to the registry was successful.

Login Succeeded!

Now, you can pull the image using the syntax shown:

# podman pull <registry>[:<port>]/[<namespace>/]<name>:<tag>

The <registry> refers to the remote host or registry that provides a repository of container images on the TCP <port>. The <namespace> and the <name> collectively specify a container image based on the <namespace> at the registry. Finally, the <tag> option specifies the version of the container image. If none is specified, the default tag – latest – is used.

It’s always recommended to add trusted registries, that is those that provide encryption and don’t allow anonymous users to spawn accounts with random names.

To pull the MariaDB image, run the command:

# podman pull registry.redhat.io/rhel8/mariadb-103

For subsequent container images pull, no further logging in is required since you are already authenticated. To pull a Redis container image, simply run:

# podman pull registry.redhat.io/rhscl/redis-5-rhel7

Once you are done pulling the images, you can view the images currently existing on your host by running the podman images command.

# podman images

Before running a container, it’s always a good idea to probe the image and get to understand what it does. The podman inspect command prints out a sea of metadata about the container such as the OS and Architecture.

To inspect an image, run the podman inspect command followed by the image ID or repository.

# podman inspect IMAGE ID

OR

# podman inspect REPOSITORY

In the example below, we’re inspecting the MariaDB container.

# podman inspect registry.redhat.io/rhel8/mariadb-103

To pull specific metadata for a container pass the –format option followed by the metadata and the container identity ( Image ID or name ).

In the example below, we’re retrieving information about the architecture and description of the RHEL 8 base container which falls under the ‘Labels’ section.

# podman inspect –format=’{{.Labels.architecture}}’ image ID

# podman inspect –format=’{{.Labels.description}}’ image ID

To inspect a remote image from another registry, use the skopeo inspect command. In the example below, we are inspecting an RHEL 8 init image hosted on Docker.

# skopeo inspect docker://registry.redhat.io/rhel8-beta/rhel-init

Tagging Container Images

As you might have noted, image names are usually generic in nature. For example, the redis image is labeled:

registry.redhat.io/rhscl/redis-5-rhel7

Tagging images gives them a more intuitive name to better understand what they contain. Using the podman tag command, you can create an image tag which is essentially an alias to an image name that comprises different parts.

These are:

registry/username/NAME:tag

For example, to change the generic name of the Redis image which has an ID of 646f2730318c , we will execute the command:

# podman tag 646f2730318c myredis

To add a tag at the end append a full colon followed by the tag number:

# podman tag 646f2730318c myredis:5.0

Without adding the tag number, it will just be assigned the attribute latest.

Running Container Images

To run a container, use the podman run command. For example:

# podman run image_id

To run a container silently in the background as a daemon service use the -d option as shown.

# podman run -d image_id

For example, to run the redis image with ID 646f2730318c, we will invoke the command:

# podman run -d 646f2730318c

If you are running a container based on an operating system such as RHEL 8 base image, you can gain access to the shell using the -it directive. The -i option creates an interactive session while the -t spawns a terminal session. The –name option sets the container name to mybash while is the ecbc6f53bba0 image id of the base image.

# podman run -it –name=mybash ecbc6f53bba0

Thereafter, you can run any shell commands. In the example below, we are verifying the OS version of the container image.

# cat /etc/os-release

To exit the container, simply invoke the exit command.

# exit

Once the container is exited, it automatically stops. To start the container again, use the podman start command with the -ai flag as shown.

# podman start -ai mybash

Once again, this gives you access to the shell.

Listing Running Container Images

To list currently running containers, use the podman ps command as shown.

# podman ps

To view all containers including those ones that have exited after running, use the command:

# podman ps -a

Configure Container Images to Auto Start Under Systemd Service

In this section, we focus on how a container can be configured to run directly on an RHEL system as a systemd service.

First, get your preferred image. In this case, we have pulled the Redis image from docker hub:

# podman pull docker.io/redis

If you have SELinux running on your system, you need to activate the container_manage_cgroup boolean to run containers with systemd.

# setsebool -P container_manage_cgroup on

Thereafter, run the container image in the background and assign it to your preferred image name. In this example, we have named our image redis_server and mapped the port 6379 from the container to our RHEL 8 host

# podman run -d –name redis_server -p 6379:6379 redis

Next, we are going to create a systemd unit configuration file for redis in the /etc/systemd/system/ directory.

# vim /etc/systemd/system/redis-container.service

Paste the content below to the file.

[Unit]

Description=Redis container

[Service]

Restart=always

ExecStart=/usr/bin/podman start -a redis_server

ExecStop=/usr/bin/podman stop -t 2 redis_server

[Install]

WantedBy=local.target

Save and exit the file.

Next, configure the container to start automatically on bootup.

# systemctl enable redis-container.service

Next, start the container and verify its running status.

# systemctl start redis-container.service

# systemctl status redis-container.service

Configure Persistent Storage for Container Images

When running containers, it’s prudent to configure persistent external storage on the host. This provides a backup in case the container crashes or gets removed accidentally.

To persist the data, we are going to map a directory located in the host to a directory inside the container.

$ podman run –privileged -it -v /var/lib/containers/backup_storage:/mnt registry.redhat.io/ubi8/ubi /bin/bash

The –privileged option is passed when SELinux is set to enforcing. The -v option specifies the external volume which is located on the host. The container volume here is the /mnt directory.

Once we have accessed the shell, we are going to create a sample file testing.txt in the /mnt directory as shown.

$ echo "This tests persistent external storage" > /mnt/testing.txt

We will then exit the container and check whether the file exists in the external storage residing on the host

# exit

# cat /var/lib/containers/backup_storage/testing.txt

Output ⇒ This tests persistent external storage.

Stopping and Removing Containers

Once you are done with running your container, you can stop it using the podman stop command followed by the container-id which you can obtain from the podman ps command.

# podman stop container-id

To remove the containers that you no longer need, first, ensure that you stop it and then invoke the podman rm command followed by the container id or name as an option.

# podman rm container-id

To remove multiple containers at a go in one command, specify the container ids separated by a space.

# podman rm container-id-1 container-id-2 container-id-3

To clear all your containers, run the command:

# podman rm -a

Removing an Image

To remove an image, first, ensure that all containers spawned from the images are stopped and removed as discussed in the previous sub-topic.

Next, proceed and run the podman -rmi command followed by the ID of the image as shown:

# podman -rmi image-id
@karthickram3804

June 17, 2024 at 11:18 am

Nejra ji.. please put the videos on vmware esxi…
@karthik-yx6by

June 17, 2024 at 11:18 am

Hello Sir, Please help to select the course to start career in DevOps. which certification exam ex188 or ex294 ansible or ex280. which exam is easy to pass and kindly guide me. Thanks!
@Gamma_Wale

June 17, 2024 at 11:18 am

Hi Sir i am able to create service of container and enabling it as normol user, but while rebooting server its not running showing inactive what could be the reason
@ankitnegi163

June 17, 2024 at 11:18 am

Informative 😍
@monalibaviskar8973

June 17, 2024 at 11:18 am

very well understood. thank u
@marthasouth5044

June 17, 2024 at 11:18 am

THANK YOU SIR!!! I AM PRACTICING FOR EXAM SO REAL HELP FUL!!
@thelearner761

June 17, 2024 at 11:18 am

before watching the video just a question, can we install container using GUI ?
@numanmaavia8575

June 17, 2024 at 11:18 am

is it helpful for RHCSA Exam??
@sachintandon554

June 17, 2024 at 11:18 am

Good Explanation
@sachintandon6058

June 17, 2024 at 11:18 am

Interesting 👌
@VikasKeBol

June 17, 2024 at 11:18 am

Full of Knowledge…