Chapter 12. Provisioning Containers
Containerization is a virtualization method that uses the kernel of an operating system to provide multiple isolated user-space instances. Docker is an open source project that automates the deployment of applications inside Linux containers, and provides the capability to package an application with its runtime dependencies into a container. Linux containers enable rapid application deployment, simpler testing, maintenance, and troubleshooting while improving security.
Red Hat Enterprise Linux Atomic Host is a secure, lightweight, and minimal-footprint operating system optimized to run Linux containers. Red Hat Satellite 6 provides the ability to connect to Red Hat Enterprise Linux Atomic Host and other Docker-based servers. This includes creating new containers from images. In this chapter, the aim is to add a connection to ACME’s Red Hat Enterprise Linux Atomic Host and provision a container.
12.1. Defining Requirements for Container Provisioning
The requirements for provisioning on Red Hat Enterprise Linux Atomic Host include:
A source for images, such as a Docker registry. Red Hat Satellite 6 uses three sources of container images:
- Synchronized Docker images that are a part of the Satellite Server’s application life cycle.
- Public images from Docker Hub.
- Other External registries, including Red Hat’s container image registry. This is explored in Section 12.4, “Adding External Registries to the Satellite Server”.
12.2. Configuring the Red Hat Enterprise Linux Atomic Host
The Atomic Host requires some configuration before adding it to Satellite. This includes exposing the Docker API to the Satellite Server.
Log into the Atomic Host and edit the /etc/sysconfig/docker
file:
$ vi /etc/sysconfig/docker
Find the OPTIONS
parameter and modify it to expose the API:
OPTIONS='--selinux-enabled -H unix:///var/run/docker.sock -H tcp://0.0.0.0:2375'
Use either port 2375 or 2376 for the connection. This is because the Satellite Server contains special SELinux rules to allow access to these ports. Using an alternative port results in authentication failure.
Import the Satellite Server certificate:
$ curl http://satellite.example.com/pub/katello-server-ca.crt \ -o /etc/pki/ca-trust/source/anchors/katello-server-ca.crt $ update-ca-trust
Restart the docker
service:
$ systemctl restart docker
Check the port is exposed:
$ netstat -tulnp | grep 2375
12.3. Adding an Atomic Host Connection to the Satellite Server
This process adds the Red Hat Enterprise Linux Atomic connection in the Satellite Server’s compute resources.
For Web UI Users
Navigate to Infrastructure > Compute resource and click New Compute Resource. The UI provides a set of fields for the compute resource:
-
Name - A plain text name for the resource. For example,
ACME's Atomic
. -
Provider - A field for selecting the compute resource provider. Select
Docker
and a new set of fields appear. -
Description - A plain text description for the resource. For example,
ACME's Atomic Host at atomic.example.com
. -
URL - A URL pointing to the Docker API on the Atomic Host. For example:
http://atomic.example.com:2375
- Username, Password, Email - The authentication details for the Docker hub. The Satellite Server uses these details to make the Atomic host download images from the Docker hub. These details are not required if using public images or images managed on the Satellite Server.
The Locations and Organizations tabs are automatically set to your current context. Add additional contexts to these tabs.
Click Submit to save the Red Hat OpenStack Platform connection.
For CLI Users
Create the connection with the hammer compute-resource create
command:
# hammer compute-resource create --provider docker \ --name "ACME's Atomic" --url "http://atomic.example.com:2375" \ --organizations 'Default Organization' --locations 'Default Location'
12.4. Adding External Registries to the Satellite Server
The Red Hat Satellite 6 Content Management Guide discusses how Red Hat Satellite 6 can synchronize Docker images and manage them through Content Views. However, in others circumstances, you might only require access to an external registry without needing to synchronize the content. Red Hat Satellite 6 provides the ability to add an external Docker registry.
For Web UI Users
Navigate to Containers > Registries and click New Registry. The UI displays a set of fields for the new registry:
-
Name - A plain text name for the registry. For example:
Red Hat
. -
URL - The location of the registry. For example:
https://registry.access.redhat.com
. -
Description - A plain text description of the registry. For example:
Red Hat Docker Image Registry
. - Username and Password - Authentication details for private registries.
The Locations and Organizations tabs are automatically set to your current context. Add additional contexts to these tabs.
Click Submit to save the external registry.
For CLI Users
Create the registry with the hammer docker registry create
command:
# hammer docker registry create --name "Red Hat" \ --url "https://registry.access.redhat.com" \ --description "Red Hat Docker Image Registry"
12.5. Creating Containers with the Satellite Server
The container provisioning process differs from the standard host creation process. Instead of creating containers through the Hosts > New host menu, you use the Containers > New container option.
For Web UI Users
Navigate to Containers > New container. The UI provides a wizard to create the container:
- Preliminary
This section defines the Atomic host to use and the provisioning context.
- Select the Docker compute resource. For our example: "ACME’s Atomic"
-
The provisioning context (Organization and Location) should automatically set to the current context. For this example:
ACME
andNew York
.
- Image
This section provides the image selection methods, which includes three different methods:
- Content View - Select an image from the Satellite Server’s application life cycle. Select the Lifecycle Environment, the Content View, the Repository, the Docker Tag, and the Capsule Server containing the docker content.
- Docker Hub - Provides a search feature for Docker images on the Docker hub. Type a Search keyword, click the magnifying glass icon, and a list of images displays. Select an image, then select a Tag for that image.
- External registry - Provides a search feature for Docker images on external Docker registries. Type a Search keyword, click the magnifying glass icon, and a list of images displays. Select an image, then select a Tag for that image.
- Configuration
This section provides some initial configuration for the container:
In the Basic options:
- Enter a Name for the container.
- Enter a Command to run on the container.
-
Enter an Entry point. The default is
/bin/sh -c
.
In the Compute options:
- Enter the CPU sets, which assigns individual CPUs.
- Enter the CPU share, which set the share of CPU time available to containerized tasks.
- Enter an amount for Memory, which allocates memory usage for the container.
- Environment
This section provides some configuration to the Atomic host for when the container runs:
-
Environment variables - Allows you to define a set of environment variables. For example:
LANG=en_US.UTF-8
. - Exposed Ports - Opens ports in the container. For example, you can open SSH communication to the container on port 22.
- DNS - Enter DNS servers for the container.
- Run? - Choose whether to run the container after creation.
-
Shell - Provides shell options, including a TTY console and standard streams (
STDIN
,STDOUT
, andSTDERR
).
-
Environment variables - Allows you to define a set of environment variables. For example:
After completing all options in the wizard, click Submit.
For CLI Users
The following are three examples of the hammer docker container create
command. First, creating a container from a Content View:
# hammer docker container create --compute-resource "ACME's Atomic" \ --repository-name "rhel7" --tag "latest" --name "docker-test1" \ --command "bash" --organizations "ACME" --locations "New York"
Next, provisioning from the Docker hub:
# hammer docker container create --compute-resource "ACME's Atomic" \ --repository-name "docker.io/fedora" --tag latest \ --name "docker-test2" --command bash --organizations "ACME" \ --locations "New York"
And finally, provisioning from an external registry:
# hammer docker container create --compute-resource "ACME's Atomic" \ --registry-id 1 --repository-name "rhel" --tag latest \ --name "docker-test3 --command bash --organizations "ACME" \ --locations "New York"
This creates a new container from the chosen image and runs it on the chosen Red Hat Enterprise Linux Atomic Host.
12.6. Chapter Summary
This chapter showed how to configure Red Hat Satellite 6 to add and manage a Red Hat Enterprise Linux Atomic Host and how to provision containers on the Atomic host.
This guide has no further provisioning scenarios. See Chapter 13, Finalizing Provisioning for some final notes on provisioning.