Chapter 23. Using Toolbx for development and troubleshooting
Installing software on a system presents certain risks: it can change a system’s behavior, and can leave unwanted files and directories behind after they are no longer needed. You can prevent these risks by installing your favorite development and debugging tools, editors, and software development kits (SDKs) into the Toolbx fully mutable container without affecting the base operating system. You can perform changes on the host system with commands such as less
, lsof
, rsync
, ssh
, sudo
, and unzip
.
The Toolbx utility performs the following actions:
-
Pulling the
registry.access.redhat.com/ubi8/toolbox:latest
image to your local system - Starting up a container from the image
- Running a shell inside the container from which you can access the host system
Toolbx can run a root container or a rootless container, depending on the rights of the user who creates the Toolbx container. Utilities that would require root rights on the host system also should be run in root containers.
The default container name is rhel-toolbox
.
23.1. Starting a Toolbx container
You can create a Toolbx container by using the toolbox create
command. You can then enter the container with the toolbox enter
command.
Procedure
Create a Toolbx container:
As a rootless user:
$ toolbox create <mytoolbox>
As a root user:
$ sudo toolbox create <mytoolbox> Created container: <mytoolbox> Enter with: toolbox enter
Verify that you pulled the correct image:
[user@toolbox ~]$ toolbox list IMAGE ID IMAGE NAME CREATED fe0ae375f149 registry.access.redhat.com/ubi{ProductVersion}/toolbox 5 weeks ago CONTAINER ID CONTAINER NAME CREATED STATUS IMAGE NAME 5245b924c2cb <mytoolbox> 7 minutes ago created registry.access.redhat.com/ubi{ProductVersion}/toolbox:8.9-6
Enter the Toolbx container:
[user@toolbox ~]$ toolbox enter <mytoolbox>
Verification
Enter a command inside the
<mytoolbox>
container and display the name of the container and the image:⬢ [user@toolbox ~]$ cat /run/.containerenv engine="podman-4.8.2" name="<mytoolbox>" id="5245b924c2cb..." image="registry.access.redhat.com/ubi{ProductVersion}/toolbox" imageid="fe0ae375f14919cbc0596142e3aff22a70973a36e5a165c75a86ea7ec5d8d65c"
23.2. Using Toolbx for development
You can use a Toolbx container as a rootless user for installation of development tools, such as editors, compilers, and software development kits (SDKs). After installation, you can continue using those tools as a rootless user.
Prerequisites
- The Toolbx container is created and is running. You entered the Toolbx container. You do not need to create the Toolbx container with root privileges. See Starting a Toolbox container.
Procedure
Install the tools of your choice, for example, the Emacs text editor, GCC compiler and GNU Debugger (GDB):
⬢[user@toolbox ~]$ sudo yum install emacs gcc gdb
Verification
Verify that the tools are installed:
⬢[user@toolbox ~]$ yum repoquery --info --installed <package_name>
23.3. Using Toolbx for troubleshooting a host system
You can use a Toolbx container with root privileges to find the root cause of various problems with the host system by using tools such as systemd
, journalctl
, and nmap
, without installing them on the host system. Inside the Toolbx container you can, for example, perform the following actions.
Prerequisites
- The Toolbx container is created and is running. You entered the Toolbx container. You need to create the Toolbx container with root privileges. See Starting a Toolbox container.
Procedure
Install the
systemd
suite to be able to run thejournalctl
command:⬢[root@toolbox ~]# yum install systemd
Display log messages for all processes running on the host:
⬢[root@toolbox ~]# j journalctl --boot -0 Jan 02 09:06:48 user-thinkpadp1gen4i.brq.csb kernel: microcode: updated ear> Jan 02 09:06:48 user-thinkpadp1gen4i.brq.csb kernel: Linux version 6.6.8-10> Jan 02 09:06:48 user-thinkpadp1gen4i.brq.csb kernel: Command line: BOOT_IMA> Jan 02 09:06:48 user-thinkpadp1gen4i.brq.csb kernel: x86/split lock detecti> Jan 02 09:06:48 user-thinkpadp1gen4i.brq.csb kernel: BIOS-provided physical>
Display log messages for the kernel:
⬢[root@toolbox ~]# journalctl --boot -0 --dmesg Jan 02 09:06:48 user-thinkpadp1gen4i.brq.csb kernel: microcode: updated ear> Jan 02 09:06:48 user-thinkpadp1gen4i.brq.csb kernel: Linux version 6.6.8-10> Jan 02 09:06:48 user-thinkpadp1gen4i.brq.csb kernel: Command line: BOOT_IMA> Jan 02 09:06:48 user-thinkpadp1gen4i.brq.csb kernel: x86/split lock detecti> Jan 02 09:06:48 user-thinkpadp1gen4i.brq.csb kernel: BIOS-provided physical> Jan 02 09:06:48 user-thinkpadp1gen4i.brq.csb kernel: BIOS-e820: [mem 0x0000>
Install the
nmap
network scanning tool:⬢[root@toolbox ~]# yum install nmap
Scan IP addresses and ports in a network:
⬢[root@toolbox ~]# nmap -sS scanme.nmap.org Starting Nmap 7.93 ( https://nmap.org ) at 2024-01-02 10:39 CET Stats: 0:01:01 elapsed; 0 hosts completed (0 up), 256 undergoing Ping Scan Ping Scan Timing: About 29.79% done; ETC: 10:43 (0:02:24 remaining) Nmap done: 256 IP addresses (0 hosts up) scanned in 206.45 seconds
-
The
-sS
option performs a TCP SYN scan. Most of Nmap’s scan types are only available to privileged users, because they send and receive raw packets, which requires root access on UNIX systems.
-
The
23.4. Stopping the Toolbx container
Use the exit
command to leave the Toolbox container and the podman stop
commmand to stop the container.
Procedure
Leave the container and return to the host:
⬢ [user@toolbox ~]$ exit
Stop the toolbox container:
⬢ [user@toolbox ~]$ podman stop <mytoolbox>
Optional: Remove the toolbox container:
⬢ [user@toolbox ~]$ toolbox rm <mytoolbox>
Alternatively, you can also use the
podman rm
command to remove the container.